Scribd Logo
Upload

Welcome to Scribd!

  • Enterasys G Seris Cli

    Uploaded by

    stunche
    66 views679 pages
    Enterasys NETWORKS reserves the right to make changes in specifications and other information contained in this document and its WEB SITE without prior notice. In NO EVENT SHALL Enterasys be LIABLE FOR any INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER. All other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies.

    Original Description:

    Original Title

    Enterasys g Seris Cli

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Enterasys NETWORKS reserves the right to make changes in specifications and other information contained in this document and its WEB SITE without prior notice. In NO EVENT SHALL Enterasys be LIABLE FOR any INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER. All other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    66 views679 pages

    Enterasys G Seris Cli

    Uploaded by

    stunche
    Enterasys NETWORKS reserves the right to make changes in specifications and other information contained in this document and its WEB SITE without prior notice. In NO EVENT SHALL Enterasys be LIABLE FOR any INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER. All other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 679

    Enterasys G-Series

    Ethernet Switch

    CLI Reference
    Firmware Version 1.00.xx

    P/N 9034358-01

    Notice
    EnterasysNetworksreservestherighttomakechangesinspecificationsandotherinformationcontainedinthisdocumentand itswebsitewithoutpriornotice.ThereadershouldinallcasesconsultEnterasysNetworkstodeterminewhetheranysuch changeshavebeenmade. Thehardware,firmware,orsoftwaredescribedinthisdocumentissubjecttochangewithoutnotice. INNOEVENTSHALLENTERASYSNETWORKSBELIABLEFORANYINCIDENTAL,INDIRECT,SPECIAL,OR CONSEQUENTIALDAMAGESWHATSOEVER(INCLUDINGBUTNOTLIMITEDTOLOSTPROFITS)ARISINGOUTOF ORRELATEDTOTHISDOCUMENT,WEBSITE,ORTHEINFORMATIONCONTAINEDINTHEM,EVENIFENTERASYS NETWORKSHASBEENADVISEDOF,KNEWOF,ORSHOULDHAVEKNOWNOF,THEPOSSIBILITYOFSUCH DAMAGES. EnterasysNetworks,Inc. 50MinutemanRoad Andover,MA01810 2008EnterasysNetworks,Inc.Allrightsreserved. PartNumber: 903435801 March2008 ENTERASYS,ENTERASYSNETWORKS,ENTERASYSNETSIGHT,WEBVIEW,andanylogosassociatedtherewith,are trademarksorregisteredtrademarksofEnterasysNetworks,Inc.intheUnitedStatesandothercountries. Allotherproductnamesmentionedinthismanualmaybetrademarksorregisteredtrademarksoftheirrespectivecompanies. DocumentationURL:http://www.enterasys.com/support/manuals DocumentacionURL:http://www.enterasys.com/support/manuals DokumentationimInternet:http://www.enterasys.com/support/manuals

    Version:

    Information in this guide refers to G-Series firmware version 1.00.xx

    ENTERASYS NETWORKS, INC. FIRMWARE LICENSE AGREEMENT


    BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT.
    Thisdocumentisanagreement(Agreement)betweentheenduser(You)andEnterasysNetworks,Inc.,onbehalf ofitselfanditsAffiliates(ashereinafterdefined)(Enterasys)thatsetsforthYourrightsandobligationswithrespect totheEnterasyssoftwareprogram/firmware(includinganyaccompanyingdocumentation,hardwareormedia) (Program)inthepackageandprevailsoveranyadditional,conflictingorinconsistenttermsandconditions appearingonanypurchaseorderorotherdocumentsubmittedbyYou.Affiliatemeansanyperson,partnership, corporation,limitedliabilitycompany,otherformofenterprisethatdirectlyorindirectlythroughoneormore intermediaries,controls,oriscontrolledby,orisundercommoncontrolwiththepartyspecified.ThisAgreement constitutestheentireunderstandingbetweentheparties,withrespecttothesubjectmatterofthisAgreement.The Programmaybecontainedinfirmware,chipsorothermedia. BYINSTALLINGOROTHERWISEUSINGTHEPROGRAM,YOUREPRESENTTHATYOUAREAUTHORIZEDTO ACCEPTTHESETERMSONBEHALFOFTHEENDUSER(IFTHEENDUSERISANENTITYONWHOSEBEHALF YOUAREAUTHORIZEDTOACT,YOUANDYOURSHALLBEDEEMEDTOREFERTOSUCHENTITY)AND THATYOUAGREETHATYOUAREBOUNDBYTHETERMSOFTHISAGREEMENT,WHICHINCLUDES, AMONGOTHERPROVISIONS,THELICENSE,THEDISCLAIMEROFWARRANTYANDTHELIMITATIONOF LIABILITY.IFYOUDONOTAGREETOTHETERMSOFTHISAGREEMENTORARENOTAUTHORIZEDTO ENTERINTOTHISAGREEMENT,ENTERASYSISUNWILLINGTOLICENSETHEPROGRAMTOYOUANDYOU AGREETORETURNTHEUNOPENEDPRODUCTTOENTERASYSORYOURDEALER,IFANY,WITHINTEN (10)DAYSFOLLOWINGTHEDATEOFRECEIPTFORAFULLREFUND. IFYOUHAVEANYQUESTIONSABOUTTHISAGREEMENT,CONTACTENTERASYSNETWORKS,LEGAL DEPARTMENTAT(978)6841000. YouandEnterasysagreeasfollows: 1. LICENSE. Youhavethenonexclusiveandnontransferablerighttouseonlytheone(1)copyoftheProgram providedinthispackagesubjecttothetermsandconditionsofthisAgreement. 2. RESTRICTIONS. ExceptasotherwiseauthorizedinwritingbyEnterasys,Youmaynot,normayYoupermitany thirdpartyto: (a) Reverseengineer,decompile,disassembleormodifytheProgram,inwholeorinpart,includingforreasons oferrorcorrectionorinteroperability,excepttotheextentexpresslypermittedbyapplicablelawandtothe extentthepartiesshallnotbepermittedbythatapplicablelaw,suchrightsareexpresslyexcluded. InformationnecessarytoachieveinteroperabilityorcorrecterrorsisavailablefromEnterasysuponrequest anduponpaymentofEnterasysapplicablefee. (b) IncorporatethePrograminwholeorinpart,inanyotherproductorcreatederivativeworksbasedonthe Program,inwholeorinpart. (c) Publish,disclose,copyreproduceortransmittheProgram,inwholeorinpart. (d) Assign,sell,license,sublicense,rent,lease,encumberbywayofsecurityinterest,pledgeorotherwisetransfer theProgram,inwholeorinpart. (e) Removeanycopyright,trademark,proprietaryrights,disclaimerorwarningnoticeincludedonorembedded inanypartoftheProgram. 3. APPLICABLELAW. ThisAgreementshallbeinterpretedandgovernedunderthelawsandinthestateand federalcourtsoftheCommonwealthofMassachusettswithoutregardtoitsconflictsoflawsprovisions.Youacceptthe personaljurisdictionandvenueoftheCommonwealthofMassachusettscourts.Noneofthe1980UnitedNations ConventionontheLimitationPeriodintheInternationalSaleofGoods,andtheUniformComputerInformation TransactionsActshallapplytothisAgreement. 4. EXPORTRESTRICTIONS. YouunderstandthatEnterasysanditsAffiliatesaresubjecttoregulationbyagencies oftheU.S.Government,includingtheU.S.DepartmentofCommerce,whichprohibitexportordiversionofcertain technicalproductstocertaincountries,unlessalicensetoexporttheproductisobtainedfromtheU.S.Governmentor anexceptionfromobtainingsuchlicensemayberelieduponbytheexportingparty. IftheProgramisexportedfromtheUnitedStatespursuanttotheLicenseExceptionCIVundertheU.S.Export AdministrationRegulations,YouagreethatYouareacivilenduseroftheProgramandagreethatYouwillusethe Programforcivilendusesonlyandnotformilitarypurposes.

    IftheProgramisexportedfromtheUnitedStatespursuanttotheLicenseExceptionTSRundertheU.S.Export AdministrationRegulations,inadditiontotherestrictionontransfersetforthinSection1or2ofthisAgreement,You agreenotto(i)reexportorreleasetheProgram,thesourcecodefortheProgramortechnologytoanationalofa countryinCountryGroupsD:1orE:2(Albania,Armenia,Azerbaijan,Belarus,Cambodia,Cuba,Georgia,Iraq, Kazakhstan,Laos,Libya,Macau,Moldova,Mongolia,NorthKorea,thePeoplesRepublicofChina,Russia,Tajikistan, Turkmenistan,Ukraine,Uzbekistan,Vietnam,orsuchothercountriesasmaybedesignatedbytheUnitedStates Government),(ii)exporttoCountryGroupsD:1orE:2(asdefinedherein)thedirectproductoftheProgramorthe technology,ifsuchforeignproduceddirectproductissubjecttonationalsecuritycontrolsasidentifiedontheU.S. CommerceControlList,or(iii)ifthedirectproductofthetechnologyisacompleteplantoranymajorcomponentofa plant,exporttoCountryGroupsD:1orE:2thedirectproductoftheplantoramajorcomponentthereof,ifsuch foreignproduceddirectproductissubjecttonationalsecuritycontrolsasidentifiedontheU.S.CommerceControl ListorissubjecttoStateDepartmentcontrolsundertheU.S.MunitionsList. 5. UNITEDSTATESGOVERNMENTRESTRICTEDRIGHTS. TheenclosedProgram(i)wasdevelopedsolelyat privateexpense;(ii)containsrestrictedcomputersoftwaresubmittedwithrestrictedrightsinaccordancewithsection 52.22719(a)through(d)oftheCommercialComputerSoftwareRestrictedRightsClauseanditssuccessors,and(iii)in allrespectsisproprietarydatabelongingtoEnterasysand/oritssuppliers.ForDepartmentofDefenseunits,the ProgramisconsideredcommercialcomputersoftwareinaccordancewithDFARSsection227.72023anditssuccessors, anduse,duplication,ordisclosurebytheU.S.Governmentissubjecttorestrictionssetforthherein. 6. DISCLAIMEROFWARRANTY. EXCEPTFORTHOSEWARRANTIESEXPRESSLYPROVIDEDTOYOUIN WRITINGBYENTERASYS,ENTERASYSDISCLAIMSALLWARRANTIES,EITHEREXPRESSORIMPLIED, INCLUDINGBUTNOTLIMITEDTOIMPLIEDWARRANTIESOFMERCHANTABILITY,SATISFACTORY QUALITY,FITNESSFORAPARTICULARPURPOSE,TITLEANDNONINFRINGEMENTWITHRESPECTTOTHE PROGRAM.IFIMPLIEDWARRANTIESMAYNOTBEDISCLAIMEDBYAPPLICABLELAW,THENANYIMPLIED WARRANTIESARELIMITEDINDURATIONTOTHIRTY(30)DAYSAFTERDELIVERYOFTHEPROGRAMTO YOU. 7. LIMITATIONOFLIABILITY. INNOEVENTSHALLENTERASYSORITSSUPPLIERSBELIABLEFORANY DAMAGESWHATSOEVER(INCLUDING,WITHOUTLIMITATION,DAMAGESFORLOSSOFBUSINESS, PROFITS,BUSINESSINTERRUPTION,LOSSOFBUSINESSINFORMATION,SPECIAL,INCIDENTAL, CONSEQUENTIAL,ORRELIANCEDAMAGES,OROTHERLOSS)ARISINGOUTOFTHEUSEORINABILITYTO USETHEPROGRAM,EVENIFENTERASYSHASBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES. THISFOREGOINGLIMITATIONSHALLAPPLYREGARDLESSOFTHECAUSEOFACTIONUNDERWHICH DAMAGESARESOUGHT. THECUMULATIVELIABILITYOFENTERASYSTOYOUFORALLCLAIMSRELATINGTOTHEPROGRAM, INCONTRACT,TORTOROTHERWISE,SHALLNOTEXCEEDTHETOTALAMOUNTOFFEESPAIDTO ENTERASYSBYYOUFORTHERIGHTSGRANTEDHEREIN. 8. AUDITRIGHTS. YouherebyacknowledgethattheintellectualpropertyrightsassociatedwiththeProgramare ofcriticalvaluetoEnterasys,and,accordingly,Youherebyagreetomaintaincompletebooks,recordsandaccounts showing(i)licensefeesdueandpaid,and(ii)theuse,copyinganddeploymentoftheProgram.Youalsograntto Enterasysanditsauthorizedrepresentatives,uponreasonablenotice,therighttoauditandexamineduringYour normalbusinesshours,Yourbooks,records,accountsandhardwaredevicesuponwhichtheProgrammaybedeployed toverifycompliancewiththisAgreement,includingtheverificationofthelicensefeesdueandpaidEnterasysandthe use,copyinganddeploymentoftheProgram.Enterasysrightofexaminationshallbeexercisedreasonably,ingood faithandinamannercalculatedtonotunreasonablyinterferewithYourbusiness.Intheeventsuchauditdiscovers noncompliancewiththisAgreement,includingcopiesoftheProgrammade,usedordeployedinbreachofthis Agreement,YoushallpromptlypaytoEnterasystheappropriatelicensefees.Enterasysreservestheright,tobe exercisedinitssolediscretionandwithoutpriornotice,toterminatethislicense,effectiveimmediately,forfailureto complywiththisAgreement.Uponanysuchtermination,YoushallimmediatelyceasealluseoftheProgramandshall returntoEnterasystheProgramandallcopiesoftheProgram. 9. OWNERSHIP. Thisisalicenseagreementandnotanagreementforsale.Youacknowledgeandagreethatthe Programconstitutestradesecretsand/orcopyrightedmaterialofEnterasysand/oritssuppliers.Youagreeto implementreasonablesecuritymeasurestoprotectsuchtradesecretsandcopyrightedmaterial.Allright,titleand interestinandtotheProgramshallremainwithEnterasysand/oritssuppliers.Allrightsnotspecificallygrantedto YoushallbereservedtoEnterasys.

    10. ENFORCEMENT. YouacknowledgeandagreethatanybreachofSections2,4,or9ofthisAgreementbyYoumay causeEnterasysirreparabledamageforwhichrecoveryofmoneydamageswouldbeinadequate,andthatEnterasys maybeentitledtoseektimelyinjunctiverelieftoprotectEnterasysrightsunderthisAgreementinadditiontoanyand allremediesavailableatlaw. 11. ASSIGNMENT. Youmaynotassign,transferorsublicensethisAgreementoranyofYourrightsorobligations underthisAgreement,exceptthatYoumayassignthisAgreementtoanypersonorentitywhichacquiressubstantially allofYourstockassets.EnterasysmayassignthisAgreementinitssolediscretion.ThisAgreementshallbebinding uponandinuretothebenefitoftheparties,theirlegalrepresentatives,permittedtransferees,successorsandassignsas permittedbythisAgreement.Anyattemptedassignment,transferorsublicenseinviolationofthetermsofthis AgreementshallbevoidandabreachofthisAgreement. 12. WAIVER. AwaiverbyEnterasysofabreachofanyofthetermsandconditionsofthisAgreementmustbein writingandwillnotbeconstruedasawaiverofanysubsequentbreachofsuchtermorcondition.Enterasysfailureto enforceatermuponYourbreachofsuchtermshallnotbeconstruedasawaiverofYourbreachorpreventenforcement onanyotheroccasion. 13. SEVERABILITY. IntheeventanyprovisionofthisAgreementisfoundtobeinvalid,illegalorunenforceable,the validity,legalityandenforceabilityofanyoftheremainingprovisionsshallnotinanywaybeaffectedorimpaired thereby,andthatprovisionshallbereformed,construedandenforcedtothemaximumextentpermissible.Anysuch invalidity,illegality,orunenforceabilityinanyjurisdictionshallnotinvalidateorrenderillegalorunenforceablesuch provisioninanyotherjurisdiction. 14. TERMINATION. EnterasysmayterminatethisAgreementimmediatelyuponYourbreachofanyoftheterms andconditionsofthisAgreement.Uponanysuchtermination,YoushallimmediatelyceasealluseoftheProgramand shallreturntoEnterasystheProgramandallcopiesoftheProgram.

    Contents
    About This Guide
    Using This Guide ........................................................................................................................................... xxix Structure of This Guide .................................................................................................................................. xxix Related Documents ....................................................................................................................................... xxxi Conventions Used in This Guide ................................................................................................................... xxxi Getting Help .................................................................................................................................................. xxxii

    Chapter 1: Introduction
    G-Series CLI Overview ................................................................................................................................... 1-1 Switch Management Methods ........................................................................................................................ 1-1 Factory Default Settings ................................................................................................................................. 1-2 Using the Command Line Interface ................................................................................................................ 1-6 Starting a CLI Session ............................................................................................................................. 1-6 Logging In ................................................................................................................................................ 1-7 Navigating the Command Line Interface .................................................................................................. 1-8

    Chapter 2: Basic Configuration


    Quick Start Setup Commands ........................................................................................................................ 2-1 Setting User Accounts and Passwords .......................................................................................................... 2-2 Purpose .................................................................................................................................................... 2-2 Commands ............................................................................................................................................... 2-2 show system login .............................................................................................................................. 2-3 set system login .................................................................................................................................. 2-3 clear system login ............................................................................................................................... 2-4 set password ...................................................................................................................................... 2-5 set system password length ............................................................................................................... 2-6 set system password aging ................................................................................................................2-6 set system password history .............................................................................................................. 2-7 show system lockout .......................................................................................................................... 2-7 Setting Basic Switch Properties ...................................................................................................................... 2-8 Purpose .................................................................................................................................................... 2-8 Commands ............................................................................................................................................... 2-8 show ip address.................................................................................................................................. 2-9 set ip address ..................................................................................................................................... 2-9 clear ip address ................................................................................................................................ 2-10 show ip protocol................................................................................................................................ 2-10 set ip protocol ................................................................................................................................... 2-11 show system..................................................................................................................................... 2-11 show system hardware..................................................................................................................... 2-13 show system utilization..................................................................................................................... 2-14 show time ......................................................................................................................................... 2-15 set time ............................................................................................................................................. 2-16 show summertime ............................................................................................................................ 2-16 set summertime ................................................................................................................................ 2-17 set summertime date ........................................................................................................................ 2-17 set summertime recurring ................................................................................................................. 2-18 clear summertime ............................................................................................................................. 2-19 set prompt......................................................................................................................................... 2-19 show banner motd ............................................................................................................................ 2-20 set banner motd................................................................................................................................ 2-20 clear banner motd............................................................................................................................. 2-21
    v

    show version..................................................................................................................................... 2-21 set system name .............................................................................................................................. 2-22 set system location ........................................................................................................................... 2-23 set system contact............................................................................................................................ 2-23 set width ........................................................................................................................................... 2-24 set length .......................................................................................................................................... 2-24 show logout ...................................................................................................................................... 2-25 set logout ......................................................................................................................................... 2-25 show console .................................................................................................................................... 2-26 set console baud .............................................................................................................................. 2-27 Activating Licensed Features ....................................................................................................................... 2-27 License Key Field Descriptions .............................................................................................................. 2-27 Clearing, Showing, and Moving Licenses .............................................................................................. 2-28 Commands ............................................................................................................................................. 2-28 set license......................................................................................................................................... 2-28 show license ..................................................................................................................................... 2-29 clear license...................................................................................................................................... 2-29 Configuring System Power and Power over Ethernet (PoE) ........................................................................ 2-30 Purpose .................................................................................................................................................. 2-30 Commands ............................................................................................................................................. 2-30 set system power.............................................................................................................................. 2-30 show inlinepower .............................................................................................................................. 2-31 set inlinepower threshold.................................................................................................................. 2-32 set inlinepower trap .......................................................................................................................... 2-33 show port inlinepower ....................................................................................................................... 2-33 set port inlinepower .......................................................................................................................... 2-34 Downloading a Firmware Image ................................................................................................................... 2-35 Downloading from a TFTP Server .......................................................................................................... 2-35 Downloading via the Serial Port ............................................................................................................. 2-35 Reverting to a Previous Image ............................................................................................................... 2-37 Reviewing and Selecting a Boot Firmware Image ........................................................................................ 2-37 Purpose .................................................................................................................................................. 2-37 Commands ............................................................................................................................................. 2-37 show boot system ............................................................................................................................. 2-37 set boot system ................................................................................................................................ 2-38 Starting and Configuring Telnet .................................................................................................................... 2-39 Purpose .................................................................................................................................................. 2-39 Commands ............................................................................................................................................. 2-39 show telnet ....................................................................................................................................... 2-39 set telnet ........................................................................................................................................... 2-39 telnet................................................................................................................................................. 2-40 Managing Switch Configuration and Files .................................................................................................... 2-41 Configuration Persistence Mode ............................................................................................................ 2-41 Purpose .................................................................................................................................................. 2-41 Commands ............................................................................................................................................. 2-41 show snmp persistmode ................................................................................................................... 2-42 set snmp persistmode ...................................................................................................................... 2-42 save config ....................................................................................................................................... 2-43 dir...................................................................................................................................................... 2-43 show file............................................................................................................................................ 2-44 show config....................................................................................................................................... 2-45 configure ........................................................................................................................................... 2-46 copy .................................................................................................................................................. 2-47 delete................................................................................................................................................ 2-47 show tftp settings.............................................................................................................................. 2-48 set tftp timeout .................................................................................................................................. 2-48
    vi

    clear tftp timeout ............................................................................................................................... 2-49 set tftp retry....................................................................................................................................... 2-49 clear tftp retry.................................................................................................................................... 2-50 Clearing and Closing the CLI ........................................................................................................................ 2-50 Purpose .................................................................................................................................................. 2-50 Commands ............................................................................................................................................. 2-50 cls (clear screen) .............................................................................................................................. 2-51 exit .................................................................................................................................................... 2-51 Resetting the Switch ..................................................................................................................................... 2-52 Purpose .................................................................................................................................................. 2-52 Commands ............................................................................................................................................. 2-52 reset.................................................................................................................................................. 2-52 clear config ....................................................................................................................................... 2-52 Using and Configuring WebView .................................................................................................................. 2-53 Purpose .................................................................................................................................................. 2-53 Commands ............................................................................................................................................. 2-53 show webview .................................................................................................................................. 2-53 set webview ...................................................................................................................................... 2-54 show ssl............................................................................................................................................ 2-54 set ssl ............................................................................................................................................... 2-55

    Chapter 3: Discovery Protocol Configuration


    Configuring CDP ............................................................................................................................................. 3-1 Purpose .................................................................................................................................................... 3-1 Commands ............................................................................................................................................... 3-1 show cdp ............................................................................................................................................ 3-1 set cdp state ....................................................................................................................................... 3-3 set cdp auth ........................................................................................................................................ 3-3 set cdp interval ................................................................................................................................... 3-4 set cdp hold-time ................................................................................................................................ 3-5 clear cdp ............................................................................................................................................. 3-5 show neighbors .................................................................................................................................. 3-6 Configuring Cisco Discovery Protocol ............................................................................................................ 3-6 Purpose .................................................................................................................................................... 3-6 Commands ............................................................................................................................................... 3-7 show ciscodp ...................................................................................................................................... 3-7 show ciscodp port info ........................................................................................................................ 3-8 set ciscodp status ............................................................................................................................... 3-9 set ciscodp timer................................................................................................................................. 3-9 set ciscodp holdtime ......................................................................................................................... 3-10 set ciscodp port ................................................................................................................................ 3-10 clear ciscodp..................................................................................................................................... 3-12 Configuring Link Layer Discovery Protocol and LLDP-MED ........................................................................ 3-13 Overview ................................................................................................................................................ 3-13 Purpose .................................................................................................................................................. 3-13 Commands ............................................................................................................................................. 3-13 Configuration Tasks ............................................................................................................................... 3-14 show lldp........................................................................................................................................... 3-14 show lldp port status......................................................................................................................... 3-15 show lldp port trap ............................................................................................................................ 3-16 show lldp port tx-tlv........................................................................................................................... 3-16 show lldp port location-info ............................................................................................................... 3-17 show lldp port local-info .................................................................................................................... 3-17 show lldp port remote-info ................................................................................................................ 3-20 set lldp tx-interval.............................................................................................................................. 3-22

    vii

    set lldp hold-multiplier ....................................................................................................................... 3-22 set lldp trap-interval .......................................................................................................................... 3-23 set lldp med-fast-repeat .................................................................................................................... 3-23 set lldp port status ............................................................................................................................ 3-24 set lldp port trap................................................................................................................................ 3-24 set lldp port med-trap........................................................................................................................ 3-25 set lldp port location-info................................................................................................................... 3-25 set lldp port tx-tlv .............................................................................................................................. 3-26 clear lldp ........................................................................................................................................... 3-28 clear lldp port status ......................................................................................................................... 3-28 clear lldp port trap ............................................................................................................................. 3-29 clear lldp port med-trap..................................................................................................................... 3-29 clear lldp port location-info................................................................................................................ 3-30 clear lldp port tx-tlv ........................................................................................................................... 3-30

    Chapter 4: Port Configuration


    Port Configuration Summary .......................................................................................................................... 4-1 Port String Syntax Used in the CLI .......................................................................................................... 4-1 Configuring SFP Ports for 100BASE-FX .................................................................................................. 4-2 Reviewing Port Status .................................................................................................................................... 4-3 Purpose .................................................................................................................................................... 4-3 Commands ............................................................................................................................................... 4-4 show port ............................................................................................................................................ 4-4 show port status ................................................................................................................................. 4-4 show port counters ............................................................................................................................. 4-5 Disabling / Enabling and Naming Ports .......................................................................................................... 4-7 Purpose .................................................................................................................................................... 4-7 Commands ............................................................................................................................................... 4-7 set port disable ................................................................................................................................... 4-7 set port enable.................................................................................................................................... 4-8 show port alias.................................................................................................................................... 4-8 set port alias ....................................................................................................................................... 4-9 Setting Speed and Duplex Mode .................................................................................................................... 4-9 Purpose .................................................................................................................................................... 4-9 Commands ............................................................................................................................................. 4-10 show port speed ............................................................................................................................... 4-10 set port speed................................................................................................................................... 4-10 show port duplex .............................................................................................................................. 4-11 set port duplex .................................................................................................................................. 4-11 Enabling / Disabling Jumbo Frame Support ................................................................................................. 4-12 Purpose .................................................................................................................................................. 4-12 Commands ............................................................................................................................................. 4-12 show port jumbo ............................................................................................................................... 4-12 set port jumbo................................................................................................................................... 4-13 clear port jumbo ................................................................................................................................ 4-13 Setting Auto-Negotiation and Advertised Ability ........................................................................................... 4-14 Purpose .................................................................................................................................................. 4-14 Commands ............................................................................................................................................. 4-14 show port negotiation ....................................................................................................................... 4-15 set port negotiation ........................................................................................................................... 4-15 show port advertise .......................................................................................................................... 4-16 set port advertise .............................................................................................................................. 4-16 clear port advertise ........................................................................................................................... 4-17 Setting Flow Control ..................................................................................................................................... 4-18 Purpose .................................................................................................................................................. 4-18

    viii

    Commands ............................................................................................................................................. 4-18 show flowcontrol ............................................................................................................................... 4-18 set flowcontrol................................................................................................................................... 4-19 Setting Port Link Traps and Link Flap Detection .......................................................................................... 4-19 Purpose .................................................................................................................................................. 4-19 Commands ............................................................................................................................................. 4-19 show port trap................................................................................................................................... 4-20 set port trap ...................................................................................................................................... 4-20 show linkflap ..................................................................................................................................... 4-21 set linkflap globalstate ...................................................................................................................... 4-23 set linkflap portstate.......................................................................................................................... 4-24 set linkflap interval ............................................................................................................................ 4-24 set linkflap action .............................................................................................................................. 4-25 clear linkflap action ........................................................................................................................... 4-25 set linkflap threshold......................................................................................................................... 4-26 set linkflap downtime ........................................................................................................................ 4-26 clear linkflap down ............................................................................................................................ 4-27 clear linkflap...................................................................................................................................... 4-27 Configuring Broadcast Suppression ............................................................................................................. 4-28 Purpose .................................................................................................................................................. 4-28 Commands ............................................................................................................................................. 4-28 show port broadcast ......................................................................................................................... 4-28 set port broadcast............................................................................................................................. 4-29 clear port broadcast.......................................................................................................................... 4-30 Port Mirroring ................................................................................................................................................ 4-30 Mirroring Features .................................................................................................................................. 4-31 Purpose .................................................................................................................................................. 4-31 Commands ............................................................................................................................................. 4-31 show port mirroring........................................................................................................................... 4-31 set port mirroring .............................................................................................................................. 4-32 clear port mirroring ........................................................................................................................... 4-33 Link Aggregation Control Protocol (LACP) ................................................................................................... 4-33 LACP Operation ..................................................................................................................................... 4-34 LACP Terminology ................................................................................................................................. 4-34 G-Series Usage Considerations ............................................................................................................. 4-35 Commands ............................................................................................................................................. 4-36 show lacp.......................................................................................................................................... 4-36 set lacp ............................................................................................................................................. 4-38 set lacp asyspri................................................................................................................................. 4-38 set lacp aadminkey........................................................................................................................... 4-39 clear lacp .......................................................................................................................................... 4-39 set lacp static.................................................................................................................................... 4-40 clear lacp static ................................................................................................................................. 4-41 set lacp singleportlag........................................................................................................................ 4-41 clear lacp singleportlag..................................................................................................................... 4-42 show port lacp .................................................................................................................................. 4-42 set port lacp ...................................................................................................................................... 4-44 clear port lacp ................................................................................................................................... 4-45 Configuring Protected Ports ......................................................................................................................... 4-47 Protected Port Operation ....................................................................................................................... 4-47 Commands ............................................................................................................................................. 4-47 set port protected.............................................................................................................................. 4-47 show port protected .......................................................................................................................... 4-48 clear port protected........................................................................................................................... 4-48 set port protected name.................................................................................................................... 4-49 show port protected name ................................................................................................................ 4-49
    ix

    clear port protected name................................................................................................................. 4-50

    Chapter 5: SNMP Configuration


    SNMP Configuration Summary ...................................................................................................................... 5-1 SNMPv1 and SNMPv2c ........................................................................................................................... 5-1 SNMPv3 ................................................................................................................................................... 5-2 About SNMP Security Models and Levels ............................................................................................... 5-2 Using SNMP Contexts to Access Specific MIBs ...................................................................................... 5-3 Configuration Considerations ................................................................................................................... 5-3 Reviewing SNMP Statistics ............................................................................................................................ 5-3 Purpose .................................................................................................................................................... 5-3 Commands ............................................................................................................................................... 5-4 show snmp engineid........................................................................................................................... 5-4 show snmp counters........................................................................................................................... 5-5 Configuring SNMP Users, Groups, and Communities .................................................................................... 5-7 Purpose .................................................................................................................................................... 5-7 Commands ............................................................................................................................................... 5-8 show snmp user ................................................................................................................................. 5-8 set snmp user ..................................................................................................................................... 5-9 clear snmp user ................................................................................................................................ 5-10 show snmp group ............................................................................................................................. 5-10 set snmp group ................................................................................................................................. 5-12 clear snmp group .............................................................................................................................. 5-12 show snmp community ..................................................................................................................... 5-13 set snmp community......................................................................................................................... 5-13 clear snmp community...................................................................................................................... 5-14 Configuring SNMP Access Rights ................................................................................................................ 5-15 Purpose .................................................................................................................................................. 5-15 Commands ............................................................................................................................................. 5-15 show snmp access ........................................................................................................................... 5-15 set snmp access............................................................................................................................... 5-16 clear snmp access............................................................................................................................ 5-18 Configuring SNMP MIB Views ...................................................................................................................... 5-18 Purpose .................................................................................................................................................. 5-18 Commands ............................................................................................................................................. 5-18 show snmp view ............................................................................................................................... 5-19 show snmp context........................................................................................................................... 5-20 set snmp view................................................................................................................................... 5-20 clear snmp view................................................................................................................................ 5-21 Configuring SNMP Target Parameters ......................................................................................................... 5-22 Purpose .................................................................................................................................................. 5-22 Commands ............................................................................................................................................. 5-22 show snmp targetparams ................................................................................................................. 5-22 set snmp targetparams..................................................................................................................... 5-23 clear snmp targetparams.................................................................................................................. 5-24 Configuring SNMP Target Addresses .......................................................................................................... 5-25 Purpose .................................................................................................................................................. 5-25 Commands ............................................................................................................................................. 5-25 show snmp targetaddr ...................................................................................................................... 5-25 set snmp targetaddr.......................................................................................................................... 5-26 clear snmp targetaddr....................................................................................................................... 5-27 Configuring SNMP Notification Parameters ................................................................................................. 5-28 About SNMP Notify Filters ..................................................................................................................... 5-28 Purpose .................................................................................................................................................. 5-28 Commands ............................................................................................................................................. 5-28

    show newaddrtrap ............................................................................................................................ 5-29 set newaddrtrap................................................................................................................................ 5-29 show snmp notify .............................................................................................................................. 5-30 set snmp notify ................................................................................................................................. 5-31 clear snmp notify .............................................................................................................................. 5-32 show snmp notifyfilter ....................................................................................................................... 5-32 set snmp notifyfilter........................................................................................................................... 5-33 clear snmp notifyfilter........................................................................................................................ 5-34 show snmp notifyprofile .................................................................................................................... 5-34 set snmp notifyprofile........................................................................................................................ 5-35 clear snmp notifyprofile..................................................................................................................... 5-36 Creating a Basic SNMP Trap Configuration ................................................................................................. 5-36 Example ................................................................................................................................................. 5-37

    Chapter 6: Spanning Tree Configuration


    Spanning Tree Configuration Summary ......................................................................................................... 6-1 Overview: Single, Rapid, and Multiple Spanning Tree Protocols ............................................................. 6-1 Spanning Tree Features .......................................................................................................................... 6-2 Loop Protect ............................................................................................................................................. 6-2 Configuring Spanning Tree Bridge Parameters .............................................................................................. 6-3 Purpose .................................................................................................................................................... 6-3 Commands ............................................................................................................................................... 6-4 show spantree stats............................................................................................................................ 6-5 set spantree........................................................................................................................................ 6-7 show spantree version........................................................................................................................ 6-7 set spantree version ........................................................................................................................... 6-8 clear spantree version ........................................................................................................................ 6-8 show spantree bpdu-forwarding ......................................................................................................... 6-9 set spantree bpdu-forwarding............................................................................................................. 6-9 show spantree bridgeprioritymode ................................................................................................... 6-10 set spantree bridgeprioritymode ....................................................................................................... 6-10 clear spantree bridgeprioritymode .................................................................................................... 6-11 show spantree mstilist ...................................................................................................................... 6-11 set spantree msti .............................................................................................................................. 6-12 clear spantree msti ........................................................................................................................... 6-12 show spantree mstmap .................................................................................................................... 6-13 set spantree mstmap ........................................................................................................................ 6-13 clear spantree mstmap ..................................................................................................................... 6-14 show spantree vlanlist ...................................................................................................................... 6-15 show spantree mstcfgid .................................................................................................................... 6-15 set spantree mstcfgid ....................................................................................................................... 6-16 clear spantree mstcfgid .................................................................................................................... 6-16 set spantree priority .......................................................................................................................... 6-17 clear spantree priority ....................................................................................................................... 6-17 set spantree hello ............................................................................................................................. 6-18 clear spantree hello .......................................................................................................................... 6-18 set spantree maxage ........................................................................................................................ 6-19 clear spantree maxage ..................................................................................................................... 6-19 set spantree fwddelay....................................................................................................................... 6-20 clear spantree fwddelay.................................................................................................................... 6-20 show spantree backuproot ............................................................................................................... 6-21 set spantree backuproot ................................................................................................................... 6-21 clear spantree backuproot ................................................................................................................ 6-22 show spantree tctrapsuppress.......................................................................................................... 6-22 set spantree tctrapsuppress ............................................................................................................. 6-23

    xi

    clear spantree tctrapsuppress .......................................................................................................... 6-23 set spantree protomigration .............................................................................................................. 6-24 show spantree spanguard ................................................................................................................ 6-24 set spantree spanguard .................................................................................................................... 6-25 clear spantree spanguard ................................................................................................................. 6-26 show spantree spanguardtimeout .................................................................................................... 6-26 set spantree spanguardtimeout ........................................................................................................ 6-26 clear spantree spanguardtimeout ..................................................................................................... 6-27 show spantree spanguardlock .......................................................................................................... 6-27 clear / set spantree spanguardlock................................................................................................... 6-28 show spantree spanguardtrapenable ............................................................................................... 6-28 set spantree spanguardtrapenable ................................................................................................... 6-29 clear spantree spanguardtrapenable ................................................................................................ 6-29 show spantree legacypathcost ......................................................................................................... 6-30 set spantree legacypathcost............................................................................................................. 6-30 clear spantree legacypathcost .......................................................................................................... 6-31 Configuring Spanning Tree Port Parameters ............................................................................................... 6-31 Purpose .................................................................................................................................................. 6-31 Commands ............................................................................................................................................. 6-31 set spantree portadmin..................................................................................................................... 6-32 clear spantree portadmin.................................................................................................................. 6-32 show spantree portadmin ................................................................................................................. 6-33 show spantree portpri ....................................................................................................................... 6-33 set spantree portpri........................................................................................................................... 6-34 clear spantree portpri........................................................................................................................ 6-35 show spantree adminpathcost .......................................................................................................... 6-35 set spantree adminpathcost ............................................................................................................. 6-36 clear spantree adminpathcost .......................................................................................................... 6-36 show spantree adminedge ............................................................................................................... 6-37 set spantree adminedge ................................................................................................................... 6-37 clear spantree adminedge ................................................................................................................ 6-38 Configuring Spanning Tree Loop Protect Parameters .................................................................................. 6-38 Purpose .................................................................................................................................................. 6-38 Commands ............................................................................................................................................. 6-39 set spantree lp .................................................................................................................................. 6-39 show spantree lp .............................................................................................................................. 6-40 clear spantree lp ............................................................................................................................... 6-41 show spantree lplock ........................................................................................................................ 6-41 clear spantree lplock......................................................................................................................... 6-42 set spantree lpcapablepartner .......................................................................................................... 6-42 show spantree lpcapablepartner ...................................................................................................... 6-43 clear spantree lpcapablepartner ....................................................................................................... 6-44 set spantree lpthreshold ................................................................................................................... 6-44 show spantree lpthreshold................................................................................................................ 6-45 clear spantree lpthreshold ................................................................................................................ 6-45 set spantree lpwindow ...................................................................................................................... 6-46 show spantree lpwindow .................................................................................................................. 6-46 clear spantree lpwindow ................................................................................................................... 6-47 set spantree lptrapenable ................................................................................................................. 6-47 show spantree lptrapenable ............................................................................................................. 6-48 clear spantree lptrapenable .............................................................................................................. 6-48 set spantree disputedbpduthreshold ................................................................................................ 6-48 show spantree disputedbpduthreshold ............................................................................................. 6-49 clear spantree disputedbpduthreshold ............................................................................................. 6-50 show spantree nonforwardingreason ............................................................................................... 6-50

    xii

    Chapter 7: 802.1Q VLAN Configuration


    VLAN Configuration Summary ....................................................................................................................... 7-1 Port String Syntax Used in the CLI .......................................................................................................... 7-1 Creating a Secure Management VLAN .................................................................................................... 7-1 Viewing VLANs ............................................................................................................................................... 7-2 Purpose .................................................................................................................................................... 7-2 Command ................................................................................................................................................. 7-3 show vlan............................................................................................................................................ 7-3 Creating and Naming Static VLANs ............................................................................................................... 7-4 Purpose .................................................................................................................................................... 7-4 Commands ............................................................................................................................................... 7-4 set vlan ............................................................................................................................................... 7-4 set vlan name ..................................................................................................................................... 7-5 clear vlan ............................................................................................................................................ 7-5 clear vlan name .................................................................................................................................. 7-6 Assigning Port VLAN IDs (PVIDs) and Ingress Filtering ................................................................................ 7-6 Purpose .................................................................................................................................................... 7-6 Commands ............................................................................................................................................... 7-6 show port vlan .................................................................................................................................... 7-7 set port vlan ........................................................................................................................................ 7-7 clear port vlan ..................................................................................................................................... 7-8 show port ingress filter........................................................................................................................ 7-9 set port ingress filter ........................................................................................................................... 7-9 show port discard ............................................................................................................................. 7-10 set port discard ................................................................................................................................. 7-11 Configuring the VLAN Egress List ................................................................................................................ 7-11 Purpose .................................................................................................................................................. 7-11 Commands ............................................................................................................................................. 7-12 show port egress .............................................................................................................................. 7-12 set vlan forbidden ............................................................................................................................. 7-13 set vlan egress ................................................................................................................................. 7-13 clear vlan egress .............................................................................................................................. 7-14 show vlan dynamicegress ................................................................................................................ 7-15 set vlan dynamicegress .................................................................................................................... 7-16 Setting the Host VLAN .................................................................................................................................. 7-16 Purpose .................................................................................................................................................. 7-16 Commands ............................................................................................................................................. 7-17 show host vlan.................................................................................................................................. 7-17 set host vlan ..................................................................................................................................... 7-17 clear host vlan .................................................................................................................................. 7-18 Enabling/Disabling GVRP (GARP VLAN Registration Protocol) .................................................................. 7-18 About GARP VLAN Registration Protocol (GVRP) ................................................................................ 7-18 Purpose .................................................................................................................................................. 7-19 Commands ............................................................................................................................................. 7-20 show gvrp ......................................................................................................................................... 7-20 show garp timer ................................................................................................................................ 7-20 set gvrp............................................................................................................................................. 7-22 clear gvrp .......................................................................................................................................... 7-22 set garp timer.................................................................................................................................... 7-23

    Chapter 8: Policy Classification Configuration


    Policy Classification Configuration Summary ................................................................................................. 8-1 Configuring Policy Profiles .............................................................................................................................. 8-1 Purpose .................................................................................................................................................... 8-1 Commands ............................................................................................................................................... 8-2

    xiii

    show policy profile .............................................................................................................................. 8-2 set policy profile .................................................................................................................................. 8-4 clear policy profile ............................................................................................................................... 8-5 Configuring Classification Rules ..................................................................................................................... 8-5 Purpose .................................................................................................................................................... 8-5 Commands ............................................................................................................................................... 8-5 show policy rule .................................................................................................................................. 8-5 show policy capability ......................................................................................................................... 8-8 set policy rule.................................................................................................................................... 8-10 clear policy rule................................................................................................................................. 8-12 clear policy all-rules .......................................................................................................................... 8-13 Assigning Ports to Policy Profiles ................................................................................................................. 8-13 Purpose .................................................................................................................................................. 8-13 Commands ............................................................................................................................................. 8-13 set policy port ................................................................................................................................... 8-13 clear policy port ................................................................................................................................ 8-14 Configuring Policy Class of Service (CoS) ................................................................................................... 8-15 About Policy-Based CoS Configurations ................................................................................................ 8-15 Commands ............................................................................................................................................. 8-17 set cos state ..................................................................................................................................... 8-17 show cos state.................................................................................................................................. 8-18 clear cos state .................................................................................................................................. 8-18 set cos settings................................................................................................................................. 8-19 clear cos settings .............................................................................................................................. 8-20 show cos settings ............................................................................................................................. 8-21 set cos port-config ............................................................................................................................ 8-21 show cos port-config......................................................................................................................... 8-22 clear cos port-config ......................................................................................................................... 8-23 set cos port-resource........................................................................................................................ 8-24 show cos port-resource .................................................................................................................... 8-25 clear cos port-resource..................................................................................................................... 8-26 set cos reference .............................................................................................................................. 8-26 show cos reference .......................................................................................................................... 8-27 clear cos reference ........................................................................................................................... 8-28 show cos unit.................................................................................................................................... 8-29 clear cos all-entries........................................................................................................................... 8-29 show cos port-type ........................................................................................................................... 8-30

    Chapter 9: Port Priority Configuration


    Port Priority Configuration Summary .............................................................................................................. 9-1 Configuring Port Priority ................................................................................................................................. 9-1 Purpose .................................................................................................................................................... 9-1 Commands ............................................................................................................................................... 9-2 show port priority ................................................................................................................................ 9-2 set port priority.................................................................................................................................... 9-2 clear port priority................................................................................................................................. 9-3 Configuring Priority to Transmit Queue Mapping ........................................................................................... 9-4 Purpose .................................................................................................................................................... 9-4 Commands ............................................................................................................................................... 9-4 show port priority-queue ..................................................................................................................... 9-4 set port priority-queue......................................................................................................................... 9-5 clear port priority-queue...................................................................................................................... 9-6 Configuring Quality of Service (QoS) ............................................................................................................. 9-6 Purpose .................................................................................................................................................... 9-6 Commands ............................................................................................................................................... 9-6 show port txq ...................................................................................................................................... 9-6
    xiv

    set port txq.......................................................................................................................................... 9-7 clear port txq....................................................................................................................................... 9-8

    Chapter 10: IGMP Configuration


    IGMP Overview ............................................................................................................................................ 10-1 About IP Multicast Group Management ................................................................................................. 10-1 About Multicasting .................................................................................................................................. 10-2 Configuring IGMP at Layer 2 ........................................................................................................................ 10-2 Purpose .................................................................................................................................................. 10-2 Commands ............................................................................................................................................. 10-2 show igmpsnooping .......................................................................................................................... 10-2 set igmpsnooping adminmode.......................................................................................................... 10-3 set igmpsnooping interfacemode...................................................................................................... 10-4 set igmpsnooping groupmembershipinterval .................................................................................... 10-4 set igmpsnooping maxresponse ....................................................................................................... 10-5 set igmpsnooping mcrtrexpiretime.................................................................................................... 10-6 set igmpsnooping add-static ............................................................................................................. 10-6 set igmpsnooping remove-static ....................................................................................................... 10-7 show igmpsnooping static ................................................................................................................ 10-7 show igmpsnooping mfdb ................................................................................................................. 10-8 clear igmpsnooping .......................................................................................................................... 10-9 Configuring IGMP on Routing Interfaces ...................................................................................................... 10-9 Purpose .................................................................................................................................................. 10-9 Commands ............................................................................................................................................. 10-9 ip igmp ............................................................................................................................................ 10-10 ip igmp enable ................................................................................................................................ 10-10 ip igmp version ............................................................................................................................... 10-11 show ip igmp interface .................................................................................................................... 10-11 show ip igmp groups....................................................................................................................... 10-12 ip igmp query-interval ..................................................................................................................... 10-13 ip igmp query-max-response-time .................................................................................................. 10-13 ip igmp startup-query-interval ......................................................................................................... 10-14 ip igmp startup-query-count ............................................................................................................10-14 ip igmp last-member-query-interval ................................................................................................ 10-15 ip igmp last-member-query-count ................................................................................................... 10-15 ip igmp robustness ......................................................................................................................... 10-16

    Chapter 11: Logging and Network Management


    Configuring System Logging ........................................................................................................................ 11-1 Purpose .................................................................................................................................................. 11-1 Commands ............................................................................................................................................. 11-1 show logging server.......................................................................................................................... 11-2 set logging server ............................................................................................................................. 11-3 clear logging server .......................................................................................................................... 11-4 show logging default......................................................................................................................... 11-4 set logging default ............................................................................................................................ 11-5 clear logging default ......................................................................................................................... 11-5 show logging application .................................................................................................................. 11-6 set logging application ...................................................................................................................... 11-7 clear logging application ................................................................................................................... 11-8 show logging local ............................................................................................................................ 11-9 set logging local................................................................................................................................ 11-9 clear logging local........................................................................................................................... 11-10 show logging buffer ........................................................................................................................ 11-10

    xv

    Monitoring Network Events and Status ...................................................................................................... 11-11 Purpose ................................................................................................................................................ 11-11 Commands ........................................................................................................................................... 11-11 history ............................................................................................................................................. 11-11 show history.................................................................................................................................... 11-12 set history ....................................................................................................................................... 11-12 ping................................................................................................................................................. 11-13 show users ..................................................................................................................................... 11-13 disconnect ...................................................................................................................................... 11-14 Managing Switch Network Addresses and Routes ..................................................................................... 11-15 Purpose ................................................................................................................................................ 11-15 Commands ........................................................................................................................................... 11-15 show arp ......................................................................................................................................... 11-15 set arp............................................................................................................................................. 11-16 clear arp.......................................................................................................................................... 11-17 traceroute ....................................................................................................................................... 11-17 show mac ....................................................................................................................................... 11-18 show mac agetime.......................................................................................................................... 11-19 set mac agetime ............................................................................................................................. 11-20 clear mac agetime .......................................................................................................................... 11-20 set mac algorithm ........................................................................................................................... 11-21 show mac algorithm........................................................................................................................ 11-21 clear mac algorithm ........................................................................................................................ 11-22 set mac multicast ............................................................................................................................ 11-22 clear mac address .......................................................................................................................... 11-23 show mac unreserved-flood ........................................................................................................... 11-23 set mac unreserved-flood ............................................................................................................... 11-24 Configuring Simple Network Time Protocol (SNTP) ................................................................................... 11-25 Purpose ................................................................................................................................................ 11-25 Commands ........................................................................................................................................... 11-25 show sntp ....................................................................................................................................... 11-25 set sntp client.................................................................................................................................. 11-27 clear sntp client............................................................................................................................... 11-27 set sntp server ................................................................................................................................ 11-28 clear sntp server ............................................................................................................................. 11-28 set sntp poll-interval........................................................................................................................ 11-29 clear sntp poll-interval..................................................................................................................... 11-29 set sntp poll-retry ............................................................................................................................ 11-29 clear sntp poll-retry ......................................................................................................................... 11-30 set sntp poll-timeout ....................................................................................................................... 11-30 clear sntp poll-timeout .................................................................................................................... 11-31 Configuring Node Aliases ........................................................................................................................... 11-31 Purpose ................................................................................................................................................ 11-31 Commands ........................................................................................................................................... 11-31 show nodealias config .................................................................................................................... 11-32 set nodealias .................................................................................................................................. 11-32 clear nodealias config ..................................................................................................................... 11-33

    Chapter 12: RMON Configuration


    RMON Monitoring Group Functions ............................................................................................................. 12-1 Statistics Group Commands ......................................................................................................................... 12-3 Purpose .................................................................................................................................................. 12-3 Commands ............................................................................................................................................. 12-3 show rmon stats ............................................................................................................................... 12-3 set rmon stats ................................................................................................................................... 12-4

    xvi

    clear rmon stats ................................................................................................................................ 12-5 History Group Commands ............................................................................................................................ 12-5 Purpose .................................................................................................................................................. 12-5 Commands ............................................................................................................................................. 12-5 show rmon history ............................................................................................................................ 12-5 set rmon history ................................................................................................................................ 12-6 clear rmon history ............................................................................................................................. 12-7 Alarm Group Commands .............................................................................................................................. 12-7 Purpose .................................................................................................................................................. 12-7 Commands ............................................................................................................................................. 12-8 show rmon alarm .............................................................................................................................. 12-8 set rmon alarm properties................................................................................................................. 12-9 set rmon alarm status ..................................................................................................................... 12-10 clear rmon alarm............................................................................................................................. 12-11 Event Group Commands ............................................................................................................................ 12-12 Purpose ................................................................................................................................................ 12-12 Commands ........................................................................................................................................... 12-12 show rmon event ............................................................................................................................ 12-12 set rmon event properties ............................................................................................................... 12-13 set rmon event status ..................................................................................................................... 12-14 clear rmon event............................................................................................................................. 12-14 Filter Group Commands ............................................................................................................................. 12-15 Commands ........................................................................................................................................... 12-15 show rmon channel ........................................................................................................................ 12-16 set rmon channel ............................................................................................................................ 12-16 clear rmon channel ......................................................................................................................... 12-17 show rmon filter .............................................................................................................................. 12-17 set rmon filter .................................................................................................................................. 12-18 clear rmon filter ............................................................................................................................... 12-19 Packet Capture Commands ....................................................................................................................... 12-20 Purpose ................................................................................................................................................ 12-20 Commands ........................................................................................................................................... 12-20 show rmon capture ......................................................................................................................... 12-20 set rmon capture............................................................................................................................. 12-21 clear rmon capture.......................................................................................................................... 12-22

    Chapter 13: DHCP Server Configuration


    DHCP Overview ........................................................................................................................................... 13-1 DHCP Server ......................................................................................................................................... 13-1 Configuring a DHCP Server ................................................................................................................... 13-2 Configuring General DHCP Server Parameters ........................................................................................... 13-3 Purpose .................................................................................................................................................. 13-3 Commands ............................................................................................................................................. 13-3 set dhcp ............................................................................................................................................ 13-3 set dhcp bootp .................................................................................................................................. 13-4 set dhcp conflict logging ................................................................................................................... 13-4 show dhcp conflict ............................................................................................................................ 13-5 clear dhcp conflict............................................................................................................................. 13-5 set dhcp exclude............................................................................................................................... 13-6 clear dhcp exclude............................................................................................................................ 13-6 set dhcp ping .................................................................................................................................... 13-7 clear dhcp ping ................................................................................................................................. 13-7 show dhcp binding............................................................................................................................ 13-8 clear dhcp binding ............................................................................................................................ 13-8 show dhcp server statistics............................................................................................................... 13-9 clear dhcp server statistics ............................................................................................................. 13-10
    xvii

    Configuring IP Address Pools ..................................................................................................................... 13-10 Manual Pool Configuration Considerations .......................................................................................... 13-10 Purpose ................................................................................................................................................ 13-10 Commands ........................................................................................................................................... 13-11 set dhcp pool .................................................................................................................................. 13-12 clear dhcp pool ............................................................................................................................... 13-12 set dhcp pool network..................................................................................................................... 13-13 clear dhcp pool network.................................................................................................................. 13-13 set dhcp pool hardware-address .................................................................................................... 13-14 clear dhcp pool hardware-address ................................................................................................. 13-14 set dhcp pool host .......................................................................................................................... 13-15 clear dhcp pool host ....................................................................................................................... 13-16 set dhcp pool client-identifier .......................................................................................................... 13-16 clear dhcp pool client-identifier ....................................................................................................... 13-17 set dhcp pool client-name............................................................................................................... 13-17 clear dhcp pool client-name............................................................................................................13-18 set dhcp pool bootfile...................................................................................................................... 13-18 clear dhcp pool bootfile................................................................................................................... 13-19 set dhcp pool next-server ............................................................................................................... 13-19 clear dhcp pool next-server ............................................................................................................13-20 set dhcp pool lease......................................................................................................................... 13-20 clear dhcp pool lease...................................................................................................................... 13-21 set dhcp pool default-router ............................................................................................................13-21 clear dhcp pool default-router......................................................................................................... 13-22 set dhcp pool dns-server ................................................................................................................ 13-22 clear dhcp pool dns-server ............................................................................................................. 13-23 set dhcp pool domain-name ........................................................................................................... 13-23 clear dhcp pool domain-name ........................................................................................................ 13-24 set dhcp pool netbios-name-server ................................................................................................ 13-24 clear dhcp pool netbios-name-server ............................................................................................. 13-25 set dhcp pool netbios-node-type .................................................................................................... 13-25 clear dhcp pool netbios-node-type ................................................................................................. 13-26 set dhcp pool option ....................................................................................................................... 13-26 clear dhcp pool option .................................................................................................................... 13-27 show dhcp pool configuration ......................................................................................................... 13-28

    Chapter 14: Preparing for Router Mode


    Pre-Routing Configuration Tasks ................................................................................................................. 14-1 Example ................................................................................................................................................. 14-2 Enabling Router Configuration Modes .......................................................................................................... 14-2

    Chapter 15: IP Configuration


    Configuring Routing Interface Settings ......................................................................................................... 15-1 Purpose .................................................................................................................................................. 15-1 Commands ............................................................................................................................................. 15-1 show interface .................................................................................................................................. 15-2 interface............................................................................................................................................ 15-3 show ip interface............................................................................................................................... 15-4 ip address ......................................................................................................................................... 15-5 show running-config ......................................................................................................................... 15-6 no shutdown ..................................................................................................................................... 15-6 no ip routing...................................................................................................................................... 15-7 Configuring Tunnel Interfaces ...................................................................................................................... 15-7 Purpose .................................................................................................................................................. 15-7 Commands ............................................................................................................................................. 15-8 interface tunnel ................................................................................................................................. 15-8
    xviii

    tunnel source .................................................................................................................................... 15-8 tunnel destination ............................................................................................................................. 15-9 tunnel mode.................................................................................................................................... 15-10 show interface tunnel...................................................................................................................... 15-10 Reviewing and Configuring the ARP Table ................................................................................................ 15-11 Purpose ................................................................................................................................................ 15-11 Commands ........................................................................................................................................... 15-11 show ip arp ..................................................................................................................................... 15-11 arp .................................................................................................................................................. 15-12 ip proxy-arp..................................................................................................................................... 15-13 arp timeout...................................................................................................................................... 15-14 clear arp-cache ............................................................................................................................... 15-14 Configuring Broadcast Settings .................................................................................................................. 15-15 Purpose ................................................................................................................................................ 15-15 Commands ........................................................................................................................................... 15-15 ip directed-broadcast ...................................................................................................................... 15-15 ip helper-address ............................................................................................................................ 15-16 Reviewing IP Traffic and Configuring Routes ............................................................................................. 15-17 Purpose ................................................................................................................................................ 15-17 Commands ........................................................................................................................................... 15-17 show ip route .................................................................................................................................. 15-17 ip route............................................................................................................................................ 15-19 ping................................................................................................................................................. 15-19 traceroute ....................................................................................................................................... 15-20

    Chapter 16: IPv4 Routing Protocol Configuration


    Activating Advanced Routing Features ........................................................................................................ 16-1 Configuring RIP ............................................................................................................................................ 16-1 Purpose .................................................................................................................................................. 16-1 RIP Configuration Task List and Commands ......................................................................................... 16-2 router rip ........................................................................................................................................... 16-2 ip rip enable ...................................................................................................................................... 16-3 distance ............................................................................................................................................ 16-3 ip rip send version ............................................................................................................................ 16-4 ip rip receive version......................................................................................................................... 16-5 ip rip authentication-key.................................................................................................................... 16-5 ip rip message-digest-key................................................................................................................. 16-6 no auto-summary.............................................................................................................................. 16-6 split-horizon poison........................................................................................................................... 16-7 passive-interface .............................................................................................................................. 16-8 receive-interface ............................................................................................................................... 16-8 redistribute........................................................................................................................................ 16-9 Configuring OSPF ...................................................................................................................................... 16-10 Purpose ................................................................................................................................................ 16-10 OSPF Configuration Task List and Commands ................................................................................... 16-10 router id .......................................................................................................................................... 16-11 router ospf ...................................................................................................................................... 16-12 1583compatibility ............................................................................................................................ 16-12 ip ospf enable ................................................................................................................................. 16-13 ip ospf areaid .................................................................................................................................. 16-13 ip ospf cost ..................................................................................................................................... 16-14 ip ospf priority ................................................................................................................................. 16-14 timers spf ........................................................................................................................................ 16-15 ip ospf retransmit-interval ............................................................................................................... 16-16 ip ospf transmit-delay ..................................................................................................................... 16-16 ip ospf hello-interval........................................................................................................................ 16-17
    xix

    ip ospf dead-interval ....................................................................................................................... 16-17 ip ospf authentication-key ............................................................................................................... 16-18 ip ospf message digest key md5 .................................................................................................... 16-18 distance ospf .................................................................................................................................. 16-19 area range ...................................................................................................................................... 16-20 area stub......................................................................................................................................... 16-21 area default cost ............................................................................................................................. 16-21 area nssa........................................................................................................................................ 16-22 area virtual-link ............................................................................................................................... 16-23 redistribute...................................................................................................................................... 16-24 show ip ospf.................................................................................................................................... 16-25 show ip ospf database.................................................................................................................... 16-25 show ip ospf interface ..................................................................................................................... 16-27 show ip ospf neighbor..................................................................................................................... 16-28 show ip ospf virtual-links................................................................................................................. 16-29 clear ip ospf process....................................................................................................................... 16-30 Configuring DVMRP ................................................................................................................................... 16-31 Purpose ................................................................................................................................................ 16-31 Commands ........................................................................................................................................... 16-31 Enabling DVMRP on an Interface ........................................................................................................ 16-31 ip dvmrp.......................................................................................................................................... 16-32 ip dvmrp enable .............................................................................................................................. 16-32 ip dvmrp metric ............................................................................................................................... 16-33 show ip dvmrp ................................................................................................................................ 16-33 Configuring IRDP ........................................................................................................................................ 16-34 Purpose ................................................................................................................................................ 16-34 Commands ........................................................................................................................................... 16-34 ip irdp enable .................................................................................................................................. 16-34 ip irdp maxadvertinterval ................................................................................................................ 16-35 ip irdp minadvertinterval ................................................................................................................. 16-35 ip irdp holdtime ............................................................................................................................... 16-36 ip irdp preference............................................................................................................................ 16-36 ip irdp broadcast ............................................................................................................................. 16-37 show ip irdp .................................................................................................................................... 16-38 Configuring VRRP ...................................................................................................................................... 16-38 Purpose ................................................................................................................................................ 16-38 Commands ........................................................................................................................................... 16-39 router vrrp ....................................................................................................................................... 16-39 create.............................................................................................................................................. 16-40 address........................................................................................................................................... 16-40 priority............................................................................................................................................. 16-41 advertise-interval ............................................................................................................................ 16-42 preempt .......................................................................................................................................... 16-43 enable............................................................................................................................................. 16-43 ip vrrp authentication-key ............................................................................................................... 16-44 show ip vrrp .................................................................................................................................... 16-45 Configuring PIM-SM ................................................................................................................................... 16-45 Purpose ................................................................................................................................................ 16-45 Commands ........................................................................................................................................... 16-46 ip pimsm ......................................................................................................................................... 16-46 ip pimsm staticrp............................................................................................................................. 16-47 ip pimsm enable ............................................................................................................................. 16-47 ip pimsm query-interval .................................................................................................................. 16-48 show ip pimsm................................................................................................................................ 16-48 show ip pimsm componenttable ..................................................................................................... 16-49 show ip pimsm interface ................................................................................................................. 16-50
    xx

    show ip pimsm neighbor ................................................................................................................. 16-52 show ip pimsm rp............................................................................................................................ 16-52 show ip pimsm rphash .................................................................................................................... 16-54 show ip pimsm staticrp ................................................................................................................... 16-54

    Chapter 17: IPv6 Management


    Purpose .................................................................................................................................................. 17-1 Commands ............................................................................................................................................. 17-1 show ipv6 status ............................................................................................................................... 17-1 set ipv6 ............................................................................................................................................. 17-2 set ipv6 address ............................................................................................................................... 17-3 show ipv6 address............................................................................................................................ 17-4 clear ipv6 address ............................................................................................................................ 17-4 set ipv6 gateway............................................................................................................................... 17-5 clear ipv6 gateway............................................................................................................................ 17-6 show ipv6 neighbors......................................................................................................................... 17-6 show ipv6 netstat.............................................................................................................................. 17-7 ping ipv6 ........................................................................................................................................... 17-8 traceroute ipv6.................................................................................................................................. 17-9

    Chapter 18: IPv6 Configuration


    Overview ....................................................................................................................................................... 18-1 Default Conditions .................................................................................................................................. 18-2 General Configuration Commands ............................................................................................................... 18-3 ipv6 forwarding ................................................................................................................................. 18-3 ipv6 hop-limit .................................................................................................................................... 18-3 ipv6 route.......................................................................................................................................... 18-4 ipv6 route distance ........................................................................................................................... 18-5 ipv6 unicast-routing .......................................................................................................................... 18-6 ping ipv6 ........................................................................................................................................... 18-6 ping ipv6 interface ............................................................................................................................ 18-7 traceroute ipv6.................................................................................................................................. 18-8 Interface Configuration Commands .............................................................................................................. 18-9 ipv6 address ..................................................................................................................................... 18-9 ipv6 enable ..................................................................................................................................... 18-10 ipv6 mtu .......................................................................................................................................... 18-11 Neighbor Cache and Neighbor Discovery Commands ............................................................................... 18-12 clear ipv6 neighbors ....................................................................................................................... 18-12 ipv6 nd dad attempts ...................................................................................................................... 18-13 ipv6 nd ns-interval .......................................................................................................................... 18-14 ipv6 nd reachable-time ................................................................................................................... 18-14 ipv6 nd other-config-flag ................................................................................................................. 18-15 ipv6 nd ra-interval ........................................................................................................................... 18-16 ipv6 nd ra-lifetime ........................................................................................................................... 18-16 ipv6 nd suppress-ra ........................................................................................................................ 18-17 ipv6 nd prefix .................................................................................................................................. 18-18 Query Commands ...................................................................................................................................... 18-19 show ipv6........................................................................................................................................ 18-19 show ipv6 interface......................................................................................................................... 18-20 show ipv6 neighbors....................................................................................................................... 18-21 show ipv6 route .............................................................................................................................. 18-22 show ipv6 route preferences .......................................................................................................... 18-24 show ipv6 route summary............................................................................................................... 18-26 show ipv6 traffic.............................................................................................................................. 18-27 clear ipv6 statistics ......................................................................................................................... 18-32
    xxi

    Chapter 19: OSPFv3 Configuration


    Overview ....................................................................................................................................................... 19-1 Default Conditions .................................................................................................................................. 19-2 Global OSPFv3 Configuration Commands ................................................................................................... 19-3 Purpose .................................................................................................................................................. 19-3 Command ............................................................................................................................................... 19-3 ipv6 router id..................................................................................................................................... 19-3 ipv6 router ospf................................................................................................................................. 19-4 default-information originate ............................................................................................................. 19-4 default-metric.................................................................................................................................... 19-5 distance ospf .................................................................................................................................... 19-5 exit-overflow-interval......................................................................................................................... 19-6 external-lsdb-limit ............................................................................................................................. 19-7 maximum-paths ................................................................................................................................ 19-8 redistribute........................................................................................................................................ 19-8 Area Configuration Commands .................................................................................................................... 19-9 Purpose .................................................................................................................................................. 19-9 Commands ............................................................................................................................................. 19-9 area default-cost............................................................................................................................. 19-10 area nssa........................................................................................................................................ 19-10 area nssa default-info-originate ...................................................................................................... 19-11 area nssa no-redistribute................................................................................................................ 19-12 area nssa no-summary................................................................................................................... 19-12 area nssa translator role ................................................................................................................. 19-13 area nssa translator-stab-intv ......................................................................................................... 19-14 area range ...................................................................................................................................... 19-14 area stub......................................................................................................................................... 19-15 area stub no-summary.................................................................................................................... 19-16 area virtual-link ............................................................................................................................... 19-16 area virtual-link dead-interval ......................................................................................................... 19-17 area virtual-link hello-interval.......................................................................................................... 19-18 area virtual-link retransmit-interval ................................................................................................. 19-18 area virtual-link transmit-delay........................................................................................................ 19-19 Interface Configuration Commands ............................................................................................................ 19-20 Purpose ................................................................................................................................................ 19-20 Commands ........................................................................................................................................... 19-20 ipv6 ospf enable ............................................................................................................................. 19-20 ipv6 ospf areaid .............................................................................................................................. 19-21 ipv6 ospf cost.................................................................................................................................. 19-22 ipv6 ospf dead-interval ................................................................................................................... 19-22 ipv6 ospf hello-interval.................................................................................................................... 19-23 ipv6 ospf mtu-ignore ....................................................................................................................... 19-24 ipv6 ospf network............................................................................................................................ 19-24 ipv6 ospf priority ............................................................................................................................. 19-25 ipv6 ospf retransmit-interval ........................................................................................................... 19-26 ipv6 ospf transmit-delay.................................................................................................................. 19-26 OSPFv3 Show Commands ......................................................................................................................... 19-27 Purpose ................................................................................................................................................ 19-27 Commands ........................................................................................................................................... 19-27 show ipv6 ospf................................................................................................................................ 19-27 show ipv6 ospf area........................................................................................................................ 19-29 show ipv6 ospf abr.......................................................................................................................... 19-30 show ipv6 ospf asbr ........................................................................................................................ 19-31 show ipv6 ospf database ................................................................................................................ 19-32 show ipv6 ospf interface ................................................................................................................. 19-36

    xxii

    show ipv6 ospf interface stats ........................................................................................................ 19-38 show ipv6 ospf neighbor................................................................................................................. 19-40 show ipv6 ospf range...................................................................................................................... 19-42 show ipv6 ospf stub table ............................................................................................................... 19-43 show ipv6 ospf virtual-link............................................................................................................... 19-44

    Chapter 20: Security Configuration


    Overview of Security Methods ...................................................................................................................... 20-1 RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment ...................................................... 20-2 Configuring RADIUS ..................................................................................................................................... 20-3 Purpose .................................................................................................................................................. 20-3 Commands ............................................................................................................................................. 20-3 show radius ...................................................................................................................................... 20-4 set radius .......................................................................................................................................... 20-5 clear radius ....................................................................................................................................... 20-6 show radius accounting .................................................................................................................... 20-7 set radius accounting........................................................................................................................ 20-8 clear radius accounting..................................................................................................................... 20-9 Configuring 802.1X Authentication ............................................................................................................. 20-10 Purpose ................................................................................................................................................ 20-10 Commands ........................................................................................................................................... 20-10 show dot1x ..................................................................................................................................... 20-10 show dot1x auth-config................................................................................................................... 20-12 set dot1x ......................................................................................................................................... 20-13 set dot1x auth-config ...................................................................................................................... 20-14 clear dot1x auth-config ................................................................................................................... 20-15 show eapol ..................................................................................................................................... 20-16 set eapol ......................................................................................................................................... 20-17 clear eapol ...................................................................................................................................... 20-18 Configuring MAC Authentication ................................................................................................................ 20-19 Purpose ................................................................................................................................................ 20-19 Commands ........................................................................................................................................... 20-19 show macauthentication ................................................................................................................. 20-20 show macauthentication session .................................................................................................... 20-21 set macauthentication..................................................................................................................... 20-22 set macauthentication password .................................................................................................... 20-23 clear macauthentication password ................................................................................................. 20-23 set macauthentication port ............................................................................................................. 20-23 set macauthentication portinitialize................................................................................................. 20-24 set macauthentication portquietperiod............................................................................................ 20-25 clear macauthentication portquietperiod......................................................................................... 20-25 set macauthentication macinitialize ................................................................................................ 20-26 set macauthentication reauthentication .......................................................................................... 20-26 set macauthentication portreauthenticate.......................................................................................20-27 set macauthentication macreauthenticate ...................................................................................... 20-27 set macauthentication reauthperiod ...............................................................................................20-28 clear macauthentication reauthperiod ............................................................................................ 20-28 set macauthentication significant-bits ............................................................................................. 20-29 clear macauthentication significant-bits .......................................................................................... 20-29 Configuring Multiple Authentication Methods ............................................................................................. 20-30 About Multiple Authentication Types .................................................................................................... 20-30 Commands ........................................................................................................................................... 20-30 show multiauth................................................................................................................................ 20-31 set multiauth mode ......................................................................................................................... 20-31 clear multiauth mode ...................................................................................................................... 20-32

    xxiii

    set multiauth precedence ............................................................................................................... 20-32 clear multiauth precedence ............................................................................................................20-33 show multiauth port ........................................................................................................................ 20-34 set multiauth port ............................................................................................................................ 20-34 clear multiauth port ......................................................................................................................... 20-35 show multiauth station .................................................................................................................... 20-36 show multiauth session .................................................................................................................. 20-36 show multiauth idle-timeout ............................................................................................................20-37 set multiauth idle-timeout................................................................................................................ 20-38 clear multiauth idle-timeout............................................................................................................. 20-38 show multiauth session-timeout ..................................................................................................... 20-39 set multiauth session-timeout ......................................................................................................... 20-40 clear multiauth session-timeout ...................................................................................................... 20-40 Configuring VLAN Authorization (RFC 3580) ............................................................................................. 20-41 Purpose ................................................................................................................................................ 20-41 Commands ........................................................................................................................................... 20-42 show policy maptable response ..................................................................................................... 20-42 set policy maptable response ......................................................................................................... 20-42 set vlanauthorization....................................................................................................................... 20-43 set vlanauthorization egress ........................................................................................................... 20-44 clear vlanauthorization.................................................................................................................... 20-44 show vlanauthorization ................................................................................................................... 20-45 Configuring MAC Locking ........................................................................................................................... 20-46 Purpose ................................................................................................................................................ 20-46 Commands ........................................................................................................................................... 20-46 show maclock ................................................................................................................................. 20-47 show maclock stations.................................................................................................................... 20-48 set maclock enable......................................................................................................................... 20-49 set maclock disable ........................................................................................................................ 20-50 set maclock..................................................................................................................................... 20-50 clear maclock.................................................................................................................................. 20-51 set maclock static ........................................................................................................................... 20-52 clear maclock static ........................................................................................................................ 20-52 set maclock firstarrival .................................................................................................................... 20-53 clear maclock firstarrival ................................................................................................................. 20-54 set maclock agefirstarrival .............................................................................................................. 20-54 clear maclock agefirstarrival ........................................................................................................... 20-55 set maclock move ........................................................................................................................... 20-55 set maclock trap ............................................................................................................................. 20-56 Configuring Port Web Authentication (PWA) .............................................................................................. 20-57 About PWA ........................................................................................................................................... 20-57 Purpose ................................................................................................................................................ 20-57 Commands ........................................................................................................................................... 20-57 show pwa........................................................................................................................................ 20-58 set pwa ........................................................................................................................................... 20-59 show pwa banner ........................................................................................................................... 20-60 set pwa banner ............................................................................................................................... 20-60 clear pwa banner ............................................................................................................................ 20-61 set pwa displaylogo ........................................................................................................................ 20-61 set pwa ipaddress........................................................................................................................... 20-62 set pwa protocol ............................................................................................................................. 20-62 set pwa guestname ........................................................................................................................ 20-63 clear pwa guestname ..................................................................................................................... 20-63 set pwa guestpassword .................................................................................................................. 20-64 set pwa gueststatus........................................................................................................................ 20-64 set pwa initialize ............................................................................................................................. 20-65
    xxiv

    set pwa quietperiod ........................................................................................................................ 20-65 set pwa maxrequest ....................................................................................................................... 20-66 set pwa portcontrol ......................................................................................................................... 20-66 show pwa session .......................................................................................................................... 20-67 set pwa enhancedmode ................................................................................................................. 20-68 Configuring Secure Shell (SSH) ................................................................................................................. 20-68 Purpose ................................................................................................................................................ 20-68 Commands ........................................................................................................................................... 20-68 show ssh status .............................................................................................................................. 20-68 set ssh ............................................................................................................................................ 20-69 set ssh hostkey............................................................................................................................... 20-69 Configuring Access Lists ............................................................................................................................ 20-70 Purpose ................................................................................................................................................ 20-70 Commands ........................................................................................................................................... 20-70 show access-lists............................................................................................................................ 20-70 access-list (standard) ..................................................................................................................... 20-71 access-list (extended)..................................................................................................................... 20-72 ip access-group .............................................................................................................................. 20-74

    Index Figures
    1-1 1-2 1-3 1-4 1-5 1-6 7-1 G-Series Startup Screen .................................................................................................................... 1-6 Sample CLI Defaults Description........................................................................................................ 1-8 Performing a Keyword Lookup ........................................................................................................... 1-8 Performing a Partial Keyword Lookup ................................................................................................ 1-9 Scrolling Screen Output...................................................................................................................... 1-9 Abbreviating a Command ................................................................................................................. 1-10 Example of VLAN Propagation via GVRP ........................................................................................ 7-20

    Tables
    1-1 1-2 2-1 2-2 2-3 3-1 3-2 3-3 3-4 3-5 4-1 4-2 4-3 4-4 4-5 4-6 5-1 5-2 5-3 5-4 5-5 Default Settings for Basic Switch and Router Operation .................................................................... 1-2 Basic Line Editing Commands.......................................................................................................... 1-10 show system lockout Output Details................................................................................................... 2-7 show system Output Details ............................................................................................................. 2-12 show version Output Details ............................................................................................................. 2-21 show cdp Output Details..................................................................................................................... 3-2 show ciscodp Output Details .............................................................................................................. 3-7 show ciscodp port info Output Details ................................................................................................ 3-8 show lldp port local-info Output Details ............................................................................................ 3-19 show lldp port remote-info Output Display........................................................................................ 3-21 show port status Output Details.......................................................................................................... 4-5 show port counters Output Details ..................................................................................................... 4-7 show linkflap parameters Output Details .......................................................................................... 4-23 show linkflap metrics Output Details................................................................................................. 4-23 LACP Terms and Definitions ............................................................................................................ 4-34 show lacp Output Details.................................................................................................................. 4-37 SNMP Security Levels........................................................................................................................ 5-2 show snmp engineid Output Details ................................................................................................... 5-4 show snmp counters Output Details ................................................................................................... 5-6 show snmp user Output Details.......................................................................................................... 5-9 show snmp group Output Details ..................................................................................................... 5-11

    xxv

    5-6 5-7 5-8 5-9 5-10 5-11 6-1 7-1 7-2 7-3 8-1 8-2 8-3 11-1 11-2 11-3 11-4 11-5 11-6 11-7 12-1 12-2 12-3 14-1 14-2 15-1 15-2 16-1 16-2 16-3 16-4 16-5 16-6 16-7 16-8 16-9 16-10 16-11 16-12 16-13 18-1 18-2 18-3 18-4 18-5 19-1 19-2 19-3 19-4 19-5 19-6 19-7 19-8

    show snmp access Output Details ................................................................................................... 5-16 show snmp view Output Details ....................................................................................................... 5-20 show snmp targetparams Output Details ......................................................................................... 5-23 show snmp targetaddr Output Details .............................................................................................. 5-26 show snmp notify Output Details ...................................................................................................... 5-31 Basic SNMP Trap Configuration....................................................................................................... 5-36 show spantree Output Details ............................................................................................................ 6-6 Command Set for Creating a Secure Management VLAN ................................................................. 7-2 show vlan Output Details.................................................................................................................... 7-4 show gvrp configuration Output Details ............................................................................................ 7-22 show policy profile Output Details ...................................................................................................... 8-3 show policy rule Output Details .......................................................................................................... 8-7 Valid Values for Policy Classification Rules ..................................................................................... 8-10 show logging server Output Details.................................................................................................. 11-2 show logging application Output Details........................................................................................... 11-7 Mnemonic Values for Logging Applications...................................................................................... 11-8 show arp Output Details ................................................................................................................. 11-16 show mac Output Details................................................................................................................ 11-19 show sntp Output Details................................................................................................................ 11-26 show nodealias config Output Details ............................................................................................ 11-32 RMON Monitoring Group Functions and Commands ....................................................................... 12-1 show rmon alarm Output Details ...................................................................................................... 12-8 show rmon event Output Details .................................................................................................... 12-12 Enabling the Switch for Routing ....................................................................................................... 14-2 Router CLI Configuration Modes ...................................................................................................... 14-2 show ip interface Output Details ....................................................................................................... 15-5 show ip arp Output Details ............................................................................................................. 15-12 RIP Configuration Task List and Commands ................................................................................... 16-2 OSPF Configuration Task List and Commands.............................................................................. 16-10 show ip ospf database Output Details ............................................................................................ 16-27 show ip ospf interface Output Details ............................................................................................. 16-28 show ip ospf neighbor Output Details............................................................................................. 16-29 show ip ospf virtual links Output Details ......................................................................................... 16-30 show ip pimsm Output Details ........................................................................................................ 16-49 show ip pimsm componenettable Output Detail ............................................................................. 16-50 show ip pimsm interface vlan Output Details.................................................................................. 16-51 show ip pimsm interface stats Output Detail .................................................................................. 16-51 show ip pimsm neighbor Output Detail ........................................................................................... 16-52 show ip pimsm rp Output Detail...................................................................................................... 16-53 show ip pimsm staticrp Output Details ........................................................................................... 16-55 show ipv6 neighbor Output Details ................................................................................................. 18-22 show ipv6 route Output Details....................................................................................................... 18-23 show ipv6 route preferences Output Details................................................................................... 18-25 show ipv6 summary Output Details ................................................................................................ 18-26 show ipv6 traffic Output Details ..................................................................................................... 18-28 show ipv6 ospf Output Details ........................................................................................................ 19-28 show ipv6 ospf area Output Details................................................................................................ 19-30 show ipv6 ospf abr Output Details .................................................................................................. 19-31 show ipv6 ospf asbr Output Details ................................................................................................ 19-31 show ipv6 ospf database Output Details ....................................................................................... 19-34 show ipv6 ospf database database-summary Output Details ........................................................ 19-35 show ipv6 ospf interface Command Output Details........................................................................ 19-37 show ipv6 ospf interface stats Output Details................................................................................. 19-39

    xxvi

    19-9 19-10 19-11 19-12 19-13 20-1 20-2 20-3 20-4 20-5 20-6 20-7 20-8

    show ipv6 ospf neighbor Output Details ........................................................................................ 19-41 show ipv6 ospf neighbor routerid Output Details............................................................................ 19-42 show ipv6 ospf range Output Details .............................................................................................. 19-43 show ipv6 ospf stub table Output Details ....................................................................................... 19-43 show ipv6 ospf virtual-link Output Details ....................................................................................... 19-44 show radius Output Details............................................................................................................... 20-4 show eapol Output Details.............................................................................................................. 20-16 show macauthentication Output Details ......................................................................................... 20-20 show macauthentication session Output Details ............................................................................ 20-21 show vlanauthorization Output Details ........................................................................................... 20-45 show maclock Output Details ......................................................................................................... 20-47 show maclock stations Output Details............................................................................................ 20-48 show pwa Output Details................................................................................................................ 20-57

    xxvii

    xxviii

    About This Guide


    WelcometotheEnterasysNetworksGSeriesCLIReference.Thismanualexplainshowtoaccessthe devicesCommandLineInterface(CLI)andhowtouseittoconfigureGSeriesswitchdevices.

    Important Notice
    Depending on the firmware version used in your G3 device, some features described in this document may not be supported. Refer to the Release Notes shipped with your device to determine which features are supported.

    Using This Guide


    AgeneralworkingknowledgeofbasicnetworkoperationsandanunderstandingofCLI managementapplicationsishelpfulbeforeconfiguringtheswitchdevice. Thismanualdescribeshowtodothefollowing: AccesstheCLI. UseCLIcommandstoperformnetworkmanagementanddeviceconfigurationoperations. EstablishandmanageVirtualLocalAreaNetworks(VLANs). Establishandmanagestaticanddynamicallyassignedpolicyclassifications. Establishandmanagepriorityclassification. ConfigureIProutingandroutingprotocols,includingRIPversions1and2,OSPF,DVMRP, IRDP,andVRRP. ConfigureIPv6routing,includingOSPFv3. Configuresecurityprotocols,including802.1XandRADIUS,SSHv2,PWA,MAClocking,and MACauthentication. Configureaccesscontrollists(ACLs).

    Structure of This Guide


    Theguideisorganizedasfollows: Chapter 1,Introduction,providesanoverviewofthetasksthatcanbeaccomplishedusingthe CLIinterface,anoverviewoflocalmanagementrequirements,anoverviewofthedevicesfactory defaultsettings,andinformationaboutusingtheCommandLineInterface(CLI). Chapter 2,BasicConfiguration,provideshowtosetbasicsystemproperties,howtodownloada firmwareimage,howtoconfigureWebViewandTelnet,howtomanageconfigurationfiles,how tosettheloginpassword,andhowtoexittheCLI. Chapter 3,DiscoveryProtocolConfigurationprovideshowtoconfigurediscoveryprotocols supportedbythedevice. Chapter 4,PortConfiguration,describeshowtoreviewandconfigureconsoleportsettings,and howtoenableordisableswitchportsandconfigureswitchportsettings,includingportspeed,

    Enterasys G-Series CLI Reference

    xxix

    Structure of This Guide

    duplexmode,autonegotiation,flowcontrol,portmirroring,linkaggegationandbroadcast suppression. Chapter 5,SNMPConfiguration,describeshowtoconfigureSNMPusersandusergroups,access rights,targetaddresses,andnotificationparameters. Chapter 6,SpanningTreeConfiguration,describeshowtoreviewandsetSpanningTreebridge parametersforthedevice,includingbridgepriority,hellotime,maximumagingtimeandforward delay;andhowtoreviewandsetSpanningTreeportparameters,includingportpriorityandpath costs.ConfiguringtheSpanGuardandLoopProtectfunctionsisalsodescribed. Chapter 7,802.1QVLANConfiguration,describeshowtocreatestaticVLANs,selectthemodeof operationforeachport,establishVLANforwarding(egress)lists,routeframesaccordingto VLANID,displaythecurrentportsandporttypesassociatedwithaVLANandprotocol,createa securemanagementVLAN,andconfigureportsonthedeviceasGVRPawareports. Chapter 8,PolicyClassificationConfiguration,describeshowtocreate,changeorremoveuser rolesorprofilesbasedonbusinessspecificuseofnetworkservices;howtopermitordenyaccess tospecificservicesbycreatingandassigningclassificationruleswhichmapuserprofilestoframe filteringpolicies;howtoclassifyframestoaVLANorClassofService(CoS);andhowtoassignor unassignportstopolicyprofilessothatonlyportsactivatedforaprofilewillbeallowedto transmitframesaccordingly. Chapter 9,PortPriorityConfiguration,describeshowtosetthetransmitpriorityofeachport andconfigurearatelimitforagivenportandlistofpriorities. Chapter 10,IGMPConfiguration,describeshowtoconfigureInternetGroupManagement Protocol(IGMP)settingsformulticastfiltering. Chapter 11,LoggingandNetworkManagement,describeshowtoconfigureSyslog,howto managegeneralswitchsettings,howtomonitornetworkeventsandstatus,andhowtoconfigure SNTPandnodealiases. Chapter 12,RMONConfiguration,describeshowtouseRMON(RemoteNetworkMonitoring), whichprovidescomprehensivenetworkfaultdiagnosis,planning,andperformancetuning informationandallowsforinteroperabilitybetweenSNMPmanagementstationsandmonitoring agents. Chapter 13,DHCPServerConfiguration,describeshowtoreviewandconfigureDHCPserver parameters,howtoreviewandconfigureDHCPaddresspools,andhowtodisplayDHCPserver information. Chapter 14,PreparingforRouterMode,providesinformationaboutroutermodesandhowto activatealicense. Chapter 15,IPConfiguration,describeshowtoenableIProutingforroutermodeoperation,how toconfigureIPinterfacesettings,howtoreviewandconfiguretheroutingARPtable,howto reviewandconfigureroutingbroadcasts,howtoconfigurePIM,andhowtoconfigureIProutes. Chapter 16,IPv4RoutingProtocolConfiguration,describeshowtoconfigureIPv4routingand routingprotocols,includingRIP,OSPF,DVMRP,IRDP,andVRRP. Chapter 17,IPv6Management,describesthecommandsusedtoconfigureIPv6attheswitch level. Chapter 18,IPv6Configuration,describesthecommandsusedtoconfigureIPv6attherouting level. Chapter 19,OSPFv3Configuration,describesthecommandsusedtoconfiguretheOpenShortest PathFirstroutingprotocolforIPv6. Chapter 20,SecurityConfiguration,describeshowtoconfigure802.1Xauthenticationusing EAPOL,howtoconfigureRADIUSserver,SecureShellserver,MACauthentication,MAC locking,MulipleAuthentication,PortWebAuthentication,andIPaccesscontrollists(ACLs).
    xxx About This Guide

    Related Documents

    Related Documents
    ThefollowingEnterasysNetworksdocumentsmayhelpyoutosetup,control,andmanagethe switchdevice: EthernetTechnologyGuide CablingGuide GSeriesInstallationGuide(s)

    Documentslistedabove,canbeobtainedfromtheWorldWideWebinAdobeAcrobatPortable DocumentFormat(PDF)atthefollowingwebsite: http://www.enterasys.com/support/manuals/

    Conventions Used in This Guide


    Thefollowingconventionsareusedinthetextofthisdocument:
    Convention Bold font italic font Courier font Courier font in italics [] {} | [x | y | z] {x | y | z} [x {y | z} ] Description Indicates mandatory keywords, parameters or keyboard keys. Indicates complete document titles. Used for examples of information displayed on the screen. Indicates a user-supplied value, either required or optional. Square brackets indicate an optional value. Braces indicate required values. One or more values may be required. A vertical bar indicates a choice in values. Square brackets with a vertical bar indicate a choice of a value. Braces with a vertical bar indicate a choice of a required value. A combination of square brackets with braces and vertical bars indicates a required choice of an optional value.

    Thefollowingiconsareusedinthisguide:
    Note: Calls the readers attention to any item of information that may be of special importance.

    Router: Calls the readers attention to router-specific commands and information.

    Caution: Contains information essential to avoid damage to the equipment.

    Enterasys G-Series CLI Reference

    xxxi

    Getting Help

    Getting Help
    Foradditionalsupportrelatedtothisswitchordocument,contactEnterasysNetworksusingone ofthefollowingmethods:
    World Wide Web www.enterasys.com/support 1-800-872-8440 (toll-free in U.S. and Canada) or 1-978-684-1000 Phone Internet mail To find the Enterasys Networks Support toll-free number in your country: www.enterasys.com/support/contact/ support@enterasys.com To expedite your message, type [SWITCHING] in the subject line. To send comments or suggestions concerning this document to the Technical Publications Department: techpubs@enterasys.com Make sure to include the document Part Number in the email message.

    BeforecallingEnterasysNetworks,havethefollowinginformationready: YourEnterasysNetworksservicecontractnumber Adescriptionofthefailure Adescriptionofanyaction(s)alreadytakentoresolvetheproblem(forexample,changing modeswitchesorrebootingtheunit) TheserialandrevisionnumbersofallinvolvedEnterasysNetworksproductsinthenetwork Adescriptionofyournetworkenvironment(forexample,layout,cabletype) Networkloadandframesizeatthetimeoftrouble(ifknown) Theswitchhistory(forexample,haveyoureturnedtheswitchbefore,isthisarecurring problem?) AnypreviousReturnMaterialAuthorization(RMA)numbers

    xxxii

    About This Guide

    1
    Introduction
    ThischapterprovidesanoverviewoftheGSeriessuniquefeaturesandfunctionality,an overviewofthetasksthatmaybeaccomplishedusingtheCLIinterface,anoverviewofwaysto managetheswitch,factorydefaultsettings,andinformationabouthowtousetheCommandLine Interfacetoconfiguretheswitch.
    For information about... G-Series CLI Overview Switch Management Methods Factory Default Settings Using the Command Line Interface Refer to page... 1-1 1-1 1-2 1-6

    G-Series CLI Overview


    EnterasysNetworksGSeriesCLIinterfaceallowsyoutoperformavarietyofnetwork managementtasks,includingthefollowing: UseCLIcommandstoperformnetworkmanagementandswitchconfigurationoperations. Downloadanewfirmwareimage. AssignIPaddressandsubnetmask. Selectadefaultgateway. EstablishandmanageVirtualLocalAreaNetworks(VLANs). Establishandmanagepolicyprofilesandclassifications. Establishandmanagepriorityclassification. ConfigureIPv4routingandroutingprotocols,includingRIPversions1and2,OSPF,DVMRP, IRDPandVRRP. ConfigureIPv6routingandroutingprotocols,includingOSPFv3. Configuresecurityprotocols,including802.1XandRADIUS,SSHv2,PWA,MAClocking,and MACauthentication. Configureaccesscontrollists(ACLs).

    Switch Management Methods


    TheGSeriesswitchcanbemanagedusingthefollowingmethods: LocallyusingaVTtypeterminalconnectedtotheconsoleport.
    Enterasys G-Series CLI Reference 1-1

    Factory Default Settings

    RemotelyusingaVTtypeterminalconnectedthroughamodem. RemotelyusinganSNMPmanagementstation. InbandthroughaTelnetconnection. InbandusingtheEnterasysNetSightmanagementapplication. RemotelyusingWebView,EnterasysNetworksembeddedwebserverapplication.

    TheInstallationGuideforyourGSeriesdeviceprovidessetupinstructionsforconnectinga terminalormodemtotheswitch.

    Factory Default Settings


    ThefollowingtableslistfactorydefaultsettingsavailableontheGSeriesswitch. Table 1-1
    Feature Switch Mode Defaults CDP discovery protocol CDP authentication code CDP hold time CDP interval Cisco discovery protocol Cisco DP hold time Cisco DP interval timer Community name Console (serial) port required settings Auto enabled on all ports. Set to 00-00-00-00-00-00-00-00 Set to 180 seconds. Transmit frequency of CDP messages set to 60 seconds. Auto enabled on all ports. Set to 180 seconds. Set to 60 seconds. Public. Baud rate: 9600 Data bits: 8 Flow control: disabled Stop bits: 1 Parity: none DHCP server EAPOL EAPOL authentication mode GARP timer GVRP History buffer size IEEE 802.1 authentication IGMP snooping IP mask and gateway IP routes Disabled. Disabled. When enabled, set to auto for all ports. Join timer set to 20 centiseconds; leave timer set to 60 centiseconds; leaveall timer set to 1000 centiseconds. Globally enabled. 20 lines. Disabled. Disabled. When enabled, query interval is set to 260 seconds and response time is set to 10 seconds. Subnet mask set to 0.0.0.0; default gateway set to 0.0.0.0. No static routes configured.

    Default Settings for Basic Switch and Router Operation


    Default Setting

    1-2

    Introduction

    Factory Default Settings

    Table 1-1
    Feature

    Default Settings for Basic Switch and Router Operation (Continued)


    Default Setting Enabled on all ports. Enabled. Set to 32768 for all ports. Disabled. Set to 32768 for all ports. Set to DIP-SIP. Set to disable Read-Write and Read-Only users, and to lockout the default admin (Super User) account for 15 minutes, after 3 failed login attempts. Syslog port set to UDP port number 514. Logging severity level set to 6 (significant conditions) for all applications. Set to 300 seconds. Disabled (globally and on all ports). Set to an empty string for all default user accounts. User must press ENTER at the password prompt to access CLI. Disabled. No passwords are checked for duplication. Classification rules are automatically enabled when created. Enabled on all ports. Maximum ability advertised on all ports.

    Jumbo frame support Link aggregation control protocol (LACP) Link aggregation admin key Link aggregation flow regeneration Link aggregation system priority Link aggregation outport algorithm Lockout Logging MAC aging time MAC locking Passwords Password aging Password history Policy classification Port auto-negotiation Port advertised ability

    Port broadcast suppression Enabled and set to limit broadcast packets to 14,881 per second on all switch ports. Port duplex mode Port enable/disable Port priority Port speed Port trap Power over Ethernet port admin state Priority classification RADIUS client RADIUS last resort action RADIUS retries RADIUS timeout Set to half duplex, except for 100BASE-FX and 1000BASE-X, which is set to full duplex. Enabled. Set to 0. Set to 10 Mbps, except for 1000BASE-X, which is set to 1000 Mbps, and 100BASE-FX, which is set to 100 Mbps. All ports are enabled to send link traps. Administrative state is on (auto). Classification rules are automatically enabled when created. Disabled. When the client is enabled, set to Challenge. When the client is enabled, set to 3. When the client is enabled, set to 20 seconds.

    Enterasys G-Series CLI Reference

    1-3

    Factory Default Settings

    Table 1-1
    Feature

    Default Settings for Basic Switch and Router Operation (Continued)


    Default Setting Disabled (globally and on all ports). Enabled. Disabled. Globally enabled and enabled on all ports. Edge port administrative status begins with the value set to false initially after the device is powered up. If a Spanning Tree BDPU is not received on the port within a few seconds, the status setting changes to true. Enabled. Set to 15 seconds. Set to 2 seconds. Set to 0. Set to 20 seconds. All ports with bridge priority are set to 128 (medium priority). Bridge priority is set to 32768. Enabled. Set to mstp (Multiple Spanning Tree Protocol). Disabled. Set to 9600 baud. Set to empty string. Set to empty string. Set to empty string. CLI display set to 80 columns and 24 rows. Set to 5 minutes. Login accounts set to ro for Read-Only access; rw for Read-Write access; and admin for Super User access. Disabled on all VLANs. All ports use a VLAN identifier of 1. Default host VLAN is 1.

    Rate limiting SNMP SNTP Spanning Tree Spanning Tree edge port administrative status Spanning Tree edge port delay Spanning Tree forward delay Spanning Tree hello interval Spanning Tree ID (SID) Spanning Tree maximum aging time Spanning Tree port priority Spanning Tree priority Spanning Tree topology change trap suppression Spanning Tree version SSH System baud rate System contact System location System name Terminal Timeout User names VLAN dynamic egress VLAN ID Host VLAN Router Mode Defaults

    Access groups (IP security) None configured. Access lists (IP security) Area authentication (OSPF) Area default cost (OSPF) None configured. Disabled. Set to 1.

    1-4

    Introduction

    Factory Default Settings

    Table 1-1
    Feature

    Default Settings for Basic Switch and Router Operation (Continued)


    Default Setting None configured. None configured. No permanent entries configured. Set to 14,400 seconds. None configured. None configured. Set to 40 seconds. Triggered updates allowed. No filters applied. Disabled. Metric set to 1. Set to 10 seconds for broadcast and point-to-point networks. Set to 30 seconds for non-broadcast and point-to-multipoint networks. Enabled for echo-reply and mask-reply modes. Disabled. Enabled with no port specified. Disabled with no IP addresses specified. Disabled on all interfaces. When enabled, maximum advertisement interval is set to 600 seconds, minimum advertisement interval is set to 450 seconds, holdtime is set to 1800 seconds, and address preference is set to 0. Disabled with no password set. Set to 1500 bytes on all interfaces. Disabled. Set to 10 for all interfaces. None configured. Set to 1. None configured. Enabled on all interfaces. Enabled on all interfaces. Set to 1 second. Set to 5 seconds. Set to accept both version 1 and version 2. Set to version 1. No value applied. Enabled.

    Area NSSA (OSPF) Area range (OSPF) ARP table ARP timeout Authentication key (RIP and OSPF) Authentication mode (RIP and OSPF) Dead interval (OSPF) Disable triggered updates (RIP) Distribute list (RIP) DVMRP Hello interval (OSPF) ICMP IP-directed broadcasts IP forward-protocol IP interfaces IRDP

    MD5 authentication (OSPF) MTU size OSPF OSPF cost OSPF network OSPF priority Passive interfaces (RIP) Proxy ARP Receive interfaces (RIP) Retransmit delay (OSPF) Retransmit interval (OSPF) RIP receive version RIP send version RIP offset SNMP

    Enterasys G-Series CLI Reference

    1-5

    Using the Command Line Interface

    Table 1-1
    Feature

    Default Settings for Basic Switch and Router Operation (Continued)


    Default Setting Enabled for RIP packets without poison reverse. None configured. Enabled. Set to port number 23. SPF delay set to 5 seconds. SPF holdtime set to 10 seconds. Set to 1 second. Disabled.

    Split horizon Stub area (OSPF) Telnet Telnet port (IP) Timers (OSPF) Transmit delay (OSPF) VRRP

    Using the Command Line Interface


    Starting a CLI Session
    Connecting Using the Console Port
    ConnectaterminaltothelocalconsoleportasdescribedinyourGSeriesInstallationGuide.The startupscreen,Figure 11,willdisplayontheterminal.YoucannowstarttheCommandLine Interface(CLI)by usingadefaultuseraccount,asdescribedinUsingaDefaultUserAccountonpage 17,or usinganadministrativelyassigneduseraccountasdescribedinUsinganAdministratively ConfiguredUserAccountonpage 17. G-Series Startup Screen

    Figure 1-1

    Username:admin Password: Enterasys G-Series Command Line Interface Enterasys Networks, Inc. 50 Minuteman Rd. Andover, MA 01810-1008 U.S.A. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2006 Chassis Serial Number: Chassis Firmware Revision: 041800249041 1.00.xx

    G3(su)->

    1-6

    Introduction

    Using the Command Line Interface

    Connecting Using Telnet


    OncetheGSeriesdevicehasavalidIPaddress,youcanestablishaTelnetsessionfromanyTCP/ IPbasednodeonthenetwork.ForinformationaboutsettingtheswitchsIPaddress,refertoset ipaddressonpage 29. ToestablishaTelnetsession: 1. 2. TelnettotheswitchsIPaddress. Enterlogin(username)andpasswordinformationinoneofthefollowingways: Iftheswitchsdefaultloginandpasswordsettingshavenotbeenchanged,followthe stepslistedinUsingaDefaultUserAccountonpage 17,or Enteranadministrativelyconfiguredusernameandpassword.

    ThenoticeofauthorizationandthepromptdisplaysasshowninFigure 11. ForinformationaboutconfiguringTelnetsettings,refertoStartingandConfiguringTelneton page 239. RefertotheinstructionsincludedwiththeTelnetapplicationforinformationaboutestablishinga Telnetsession.

    Logging In
    Bydefault,theGSeriesswitchisconfiguredwiththreeuserloginaccountsroforReadOnly access,rwforReadWriteaccess,andadminforsuperuseraccesstoallmodifiableparameters. Thedefaultpasswordissettoablankstring.Forinformationonchangingthesedefaultsettings, refertoSettingUserAccountsandPasswordsonpage 22.

    Using a Default User Account


    IfthisisthefirsttimeyouareloggingintotheGSeriesswitch,orifthedefaultuseraccountshave notbeenadministrativelychanged,proceedasfollows: 1. Attheloginprompt,enteroneofthefollowingdefaultusernames: 2. 3. roforReadOnlyaccess. rwforReadWriteaccess. adminforSuperUseraccess.

    PressENTER.ThePasswordpromptdisplays. LeavethisstringblankandpressENTER.Theswitchinformationandpromptdisplaysas showninFigure 11.

    Using an Administratively Configured User Account


    Iftheswitchsdefaultuseraccountsettingshavebeenchanged,proceedasfollows: 1. 2. Attheloginprompt,enteryouradministrativelyassignedusernameandpressENTER. AtthePasswordprompt,enteryourpasswordandpressENTER.

    ThenoticeofauthorizationandthepromptdisplaysasshowninFigure 11.
    Note: Users with Read-Write (rw) and Read-Only access can use the set password command (page 2-5) to change their own passwords. Administrators with Super User (su) access can use the set system login command (page 2-3) to create and change user accounts, and the set password command to change any local account password.

    Enterasys G-Series CLI Reference

    1-7

    Using the Command Line Interface

    Navigating the Command Line Interface


    Getting Help with CLI Syntax
    TheGSeriesswitchallowsyoutodisplayusageandsyntaxinformationforindividualcommands bytypinghelpor?afterthecommand.

    CLI Command Defaults Descriptions


    EachcommanddescriptioninthisguideincludesasectionentitledDefaultswhichcontains differentinformationfromthefactorydefaultsettingsontheswitchdescribedinTable 11.The sectiondefinesCLIbehavioriftheuserentersacommandwithouttypingoptionalparameters (indicatedbysquarebrackets[]).Forcommandswithoutoptionalparameters,thedefaults sectionlistsNone.Forcommandswithoptionalparameters,thissectiondescribeshowtheCLI respondsiftheuseroptstoenteronlythekeywordsofthecommandsyntax.Figure 12provides anexample. Figure 1-2 Sample CLI Defaults Description

    Syntax
    show port status [port-string]

    Defaults
    Ifportstringisnotspecified,statusinformationforallportswillbedisplayed.

    CLI Command Modes


    EachcommanddescriptioninthisguideincludesasectionentitledModewhichstateswhether thecommandisexecutableinAdmin(SuperUser),ReadWrite,orReadOnlymode.Userswith ReadOnlyaccesswillonlybepermittedtoviewReadOnly(show)commands.UserswithRead Writeaccesswillbeabletomodifyallmodifiableparametersinsetandshowcommands,aswell asviewReadOnlycommands.AdministratorsorSuperUserswillbeallowedallReadWriteand ReadOnlyprivileges,andwillbeabletomodifylocaluseraccounts.TheGSeriesswitch indicateswhichmodeauserisloggedinasbydisplayingoneofthefollowingprompts: Admin:G3(su)> ReadWrite:G3(rw)> ReadOnly:G3(ro)>

    Performing Keyword Lookups


    Enteringaspaceandaquestionmark(?)afterakeywordwilldisplayallcommandsbeginning withthekeyword.Figure 13showshowtoperformakeywordlookupfortheshowsnmp command.Inthiscase,fouradditionalkeywordsareusedbytheshowsnmpcommand.Entering aspaceandaquestionmark(?)afteranyoftheseparameters(suchasshowsnmpcommunity) willdisplayadditionalparametersnestedwithinthesyntax. Figure 1-3 Performing a Keyword Lookup

    G3(su)->show snmp ? community notify targetaddr targetparams


    1-8 Introduction

    SNMP SNMP SNMP SNMP

    v1/v2c notify target target

    community name configuration configuration address configuration parameters configuration

    Using the Command Line Interface

    Enteringaquestionmark(?)withoutaspaceafterapartialkeywordwilldisplayalistof commandsthatbeginwiththepartialkeyword.Figure 14showshowtousethisfunctionforall commandsbeginningwithco: Figure 1-4 Performing a Partial Keyword Lookup
    copy

    G3(rw)->co? configure G3(su)->co

    Note: At the end of the lookup display, the system will repeat the command you entered without the ?.

    Displaying Scrolling Screens


    IftheCLIscreenlengthhasbeensetusingthesetlengthcommandasdescribedonpage224,CLI outputrequiringmorethanonescreenwilldisplay--More-- toindicatecontinuingscreens.To displayadditionalscreenoutput: PressanykeyotherthanENTERtoadvancetheoutputonescreenatatime. PressENTERtoadvancetheoutputonelineatatime.

    TheexampleinFigure 15showshowtheshowmaccommandindicatesthatoutputcontinueson morethanonescreen. Figure 1-5 Scrolling Screen Output

    G3(su)->show mac MAC Address FID Port Type ---------------------------------------------------------00-00-1d-67-68-69 1 host Management 00-00-02-00-00-00 1 ge.1.2 Learned 00-00-02-00-00-01 1 ge.1.3 Learned 00-00-02-00-00-02 1 ge.1.4 Learned 00-00-02-00-00-03 1 ge.1.5 Learned 00-00-02-00-00-04 1 ge.1.6 Learned 00-00-02-00-00-05 1 ge.1.7 Learned 00-00-02-00-00-06 1 ge.1.8 Learned 00-00-02-00-00-07 1 ge.1.9 Learned 00-00-02-00-00-08 1 ge.1.10 Learned --More--

    Abbreviating and Completing Commands


    TheGSeriesswitchallowsyoutoabbreviateCLIcommandsandkeywordsdowntothenumber ofcharactersthatwillallowforauniqueabbreviation.Figure 16showshowtoabbreviatethe shownetstatcommandtoshnet.

    Enterasys G-Series CLI Reference

    1-9

    Using the Command Line Interface

    Figure 1-6

    Abbreviating a Command

    G3(su)->sh net Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address ----- ------ ------ --------------------- --------------------TCP 0 0 10.21.73.13.23 134.141.190.94.51246 TCP 0 275 10.21.73.13.23 134.141.192.119.4724 TCP 0 0 *.80 *.* TCP 0 0 *.23 *.* UDP 0 0 10.21.73.13.1030 134.141.89.113.514 UDP 0 0 *.161 *.* UDP 0 0 *.1025 *.* UDP 0 0 *.123 *.*

    State ------ESTABLISHED ESTABLISHED LISTEN LISTEN

    Basic Line Editing Commands


    TheCLIsupportsEMACslikelineeditingcommands.Table 12listssomecommonlyused commands. Table 1-2 Basic Line Editing Commands
    Command Move cursor to beginning of line. Move cursor back one character. Delete a character. Move cursor to end of line. Move cursor forward one character. Delete character to left of cursor. Complete word. Delete all characters after cursor. Scroll to next command in command history (use the CLI history command to display the history). Scroll to previous command in command history. Resume the CLI process. Pause the CLI process (for scrolling). Transpose characters. Delete all characters before cursor. Delete word to the left of cursor. Restore the most recently deleted item.

    Key Sequence Ctrl+A Ctrl+B Ctrl+D Ctrl+E Ctrl+F Ctrl+H Ctrl+I or TAB Ctrl+K Ctrl+N Ctrl+P Ctr1+Q Ctr1+S Ctrl+T Ctrl+U or Ctrl+X Ctrl+W Ctrl+Y

    1-10

    Introduction

    2
    Basic Configuration
    Atstartup,theGSeriesswitchisconfiguredwithmanydefaultsandstandardfeatures.This chapterdescribeshowtocustomizebasicsystemsettingstoadapttoyourworkenvironment.
    For information about... Quick Start Setup Commands Setting User Accounts and Passwords Setting Basic Switch Properties Activating Licensed Features Configuring System Power and Power over Ethernet (PoE) Downloading a Firmware Image Reviewing and Selecting a Boot Firmware Image Starting and Configuring Telnet Managing Switch Configuration and Files Clearing and Closing the CLI Resetting the Switch Using and Configuring WebView Refer to page... 2-1 2-2 2-8 2-27 2-30 2-35 2-37 2-39 2-41 2-50 2-52 2-53

    Quick Start Setup Commands


    ThetablesinthissectionprovideaquickreferencefortheCLIcommandsneededtobeginbasic G3switchoperation.Table 21liststasksandtheirassociatedCLIcommandsrequiredforsetting uptheswitchwiththelatestfirmware.Table 22listsoptionalCLIcommandsthatwillhelpyou performadditionalbasicconfigurationontheswitch.Refertothepageslistedformore informationabouteachcommand. Table 2-1
    Step Task 1 2 3 Set a new password. Set the switch IP address. Download, activate, and verify new firmware on the switch using TFTP copy.

    Required CLI Setup Commands


    CLI commands set password [username] set ip address ip-address [mask ip-mask] [gateway ip-gateway] copy tftp://tftp_server_ip_address/ filename system:image set boot system filename show version Refer to page... 2-5 2-9 2-47 2-38 2-21

    Enterasys G-Series CLI Reference

    2-1

    Setting User Accounts and Passwords

    Table 2-2
    Task

    Optional CLI Setup Commands


    CLI commands save config set ssh enable | disable set telnet {enable | disable} [inbound | outbound | all] set webview {enable | disable} set port trap port-string {enable | disable} set port broadcast port-string threshold-value set vlan create vlan-id set port vlan port-string vlan-id modify-egress set logging server index ip-addr ip-addr severity severity state enable set radius server index ip-addr port [secret-value]{realm {management-access | any | network-access} set radius enable set maclock firstarrival port-string value set maclock enable port-string Refer to page... 2-43 20-69 2-39 2-54 4-20 4-29 7-4 7-7 7-7 20-5

    Save the active configuration. Enable or disable SSH. Enable or disable Telnet. Enable or disable HTTP management (WebView). Enable or disable SNMP port link traps. Set the per port broadcast limit Configure a VLAN. Set a Syslog server IP and severity Configure and enable a RADIUS server.

    20-5 20-54 20-49

    Configure and enable first arrival MAC locking on user ports.

    Setting User Accounts and Passwords


    Purpose
    Tochangetheswitchsdefaultuserloginandpasswordsettings,andtoaddnewuseraccounts andpasswords.

    Commands
    Thecommandsusedtoconfigureuseraccountsandpasswordsarelistedbelow.
    For information about... show system login set system login clear system login set password set system password length set system password aging set system password history show system lockout Refer to page... 2-3 2-3 2-4 2-5 2-6 2-6 2-7 2-7

    2-2

    Basic Configuration

    show system login

    show system login


    Usethiscommandtodisplayuserloginaccountinformation.

    Syntax
    show system login

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,superuser.

    Example
    Thisexampleshowshowtodisplayloginaccountinformation.Inthiscase,switchdefaultshave notbeenchanged:
    G3(su)->show system login Password history size: 0 Password aging : disabled Username admin ro rw Access super-user read-only read-write State enabled enabled enabled

    Table 21providesanexplanationofthecommandoutput. Table 2-1 show system login Output Details


    What It Displays... Number of previously used user login passwords that will be checked for duplication when the set password command is executed. Configured with set system password history (page 2-7). Number of days user passwords will remain valid before aging out. Configured with set system password aging (page 2-6). Login user names. Access assigned to this user account: super-user, read-write or read-only. Whether this user account is enabled or disabled.

    Output Field Password history size

    Password aging Username Access State

    set system login


    Usethiscommandtocreateanewuserloginaccount,ortodisableorenableanexistingaccount. TheGSeriesswitchsupportsupto16useraccounts,includingtheadminaccount,whichcannot bedeleted.

    Enterasys G-Series CLI Reference

    2-3

    clear system login

    Syntax
    set system login username {super-user | read-write | read-only} {enable | disable}

    Parameters
    username Specifiesaloginnameforaneworexistinguser.Thisstringcanbea maximumof80characters,althoughamaximumof16charactersis recommendedforproperviewingintheshowsystemlogindisplay. Specifiestheaccessprivilegesforthisuser.

    superuser| readwrite| readonly enable|disable

    Enablesordisablestheuseraccount.

    Defaults
    None.

    Mode
    Switchcommand,superuser.

    Example
    Thisexampleshowshowtoenableanewuseraccountwiththeloginnamenetopswithsuper useraccessprivileges:
    G3(su)->set system login netops super-user enable

    clear system login


    Usethiscommandtoremovealocalloginuseraccount.

    Syntax
    clear system login username

    Parameters
    username Specifiestheloginnameoftheaccounttobecleared.
    Note: The default admin (su) account cannot be deleted.

    Defaults
    None.

    Mode
    Switchcommand,superuser.

    Example
    Thisexampleshowshowtoremovethenetopsuseraccount:
    G3(su)->clear system login netops

    2-4

    Basic Configuration

    set password

    set password
    UsethiscommandtochangesystemdefaultpasswordsortosetanewloginpasswordontheCLI.

    Syntax
    set password [username]

    Parameters
    username (Onlyavailabletouserswithsuperuseraccess.)Specifiesasystem defaultorauserconfiguredloginaccountname.Bydefault,theGSeries switchprovidesthefollowingaccountnames: roforReadOnlyaccess. rwforReadWriteaccess. adminforSuperUseraccess.(ThisaccesslevelallowsReadWriteaccess toallmodifiableparameters,includinguseraccounts.)

    Defaults
    None.

    Mode
    Switchcommand,readwrite. Switchcommand,superuser.

    Usage
    ReadWriteuserscanchangetheirownpasswords. SuperUsers(Admin)canchangeanypasswordonthesystem.

    Examples
    ThisexampleshowshowasuperuserwouldchangetheReadWritepasswordfromthesystem default(blankstring):
    G3(su)->set password rw Please enter new password: ******** Please re-enter new password: ******** Password changed. G3(su)->

    ThisexampleshowshowauserwithReadWriteaccesswouldchangehispassword:
    G3(su)->set password Please enter old password: ******** Please enter new password: ******** Please re-enter new password: ******** Password changed. G3(su)->

    Enterasys G-Series CLI Reference

    2-5

    set system password length

    set system password length


    Usethiscommandtosettheminimumuserloginpasswordlength.

    Syntax
    set system password length characters

    Parameters
    characters Specifiestheminimumnumberofcharactersforauseraccountpassword. Validvaluesare0to40.

    Defaults
    None.

    Mode
    Switchcommand,superuser.

    Example
    Thisexampleshowshowtosettheminimumsystempasswordlengthto8characters:
    G3(su)->set system password length 8

    set system password aging


    Usethiscommandtosetthenumberofdaysuserpasswordswillremainvalidbeforeagingout,or todisableuseraccountpasswordaging.

    Syntax
    set system password aging {days | disable}

    Parameters
    days disable Specifiesthenumberofdaysuserpasswordswillremainvalidbefore agingout.Validvaluesare1to365. Disablespasswordaging.

    Defaults
    None.

    Mode
    Switchcommand,superuser.

    Example
    Thisexampleshowshowtosetthesystempasswordagetimeto45days:
    G3(su)->set system password aging 45

    2-6

    Basic Configuration

    set system password history

    set system password history


    Usethiscommandtosetthenumberofpreviouslyuseduserloginpasswordsthatwillbechecked forpasswordduplication.Thispreventsduplicatepasswordsfrombeingenteredintothesystem withthesetpasswordcommand.

    Syntax
    set system password history size

    Parameters
    size Specifiesthenumberofpasswordscheckedforduplication.Validvalues are0to10.

    Defaults
    None.

    Mode
    Switchcommand,superuser.

    Example
    Thisexampleshowshowtoconfigurethesystemtocheckthelast10passwordsforduplication
    G3(su)->set system password history 10

    show system lockout


    Usethiscommandtodisplaysettingsforlockingoutusersafterfailedattemptstologintothe system.

    Syntax
    show system lockout

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,superuser.

    Example
    Thisexampleshowshowtodisplayuserlockoutsettings.Inthiscase,switchdefaultshavenot beenchanged:
    G3(su)->show system lockout Lockout attempts: 3 Lockout time: 15 minutes.

    Table 23providesanexplanationofthecommandoutput..
    Enterasys G-Series CLI Reference 2-7

    Setting Basic Switch Properties

    Table 2-3

    show system lockout Output Details


    What It Displays... Number of failed login attempts allowed before a read-write or read-only users account will be disabled. Number of minutes the default admin user account will be locked out after the maximum login attempts.

    Output Field Lockout attempts Lockout time

    Setting Basic Switch Properties


    Purpose
    TodisplayandsetthesystemIPaddressandotherbasicsystem(switch)properties.

    Commands
    Thecommandsusedtosetbasicsysteminformationarelistedbelow.
    For information about... show ip address set ip address clear ip address show ip protocol set ip protocol show system show system hardware show system utilization show time set time show summertime set summertime set summertime date set summertime recurring clear summertime set prompt show banner motd set banner motd clear banner motd show version set system name set system location Refer to page... 2-9 2-9 2-10 2-10 2-11 2-11 2-12 2-14 2-15 2-16 2-16 2-17 2-17 2-18 2-19 2-19 2-20 2-20 2-21 2-21 2-22 2-23

    2-8

    Basic Configuration

    show ip address

    For information about... set system contact set width set length show logout set logout show console set console baud

    Refer to page... 2-23 2-24 2-24 2-25 2-25 2-26 2-27

    show ip address
    UsethiscommandtodisplaythesystemIPaddressandsubnetmask.

    Syntax
    show ip address

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaythesystemIPaddressandsubnetmask:
    G3(su)->show ip address Name ---------------host Address ---------------10.42.13.20 Mask ---------------255.255.0.0

    set ip address
    UsethiscommandtosetthesystemIPaddress,subnetmaskanddefaultgateway.
    Note: The G3 does not support the ability for a user to configure the host's gateway to be a local routed interface IP. The host's gateway must exist on a different device in the network if one is configured.

    Syntax
    set ip address ip-address [mask ip-mask] [gateway ip-gateway]

    Parameters
    ipaddress SetstheIPaddressforthesystem..

    Enterasys G-Series CLI Reference

    2-9

    clear ip address

    maskipmask gatewayipgateway

    (Optional)Setsthesystemssubnetmask. (Optional)Setsthesystemsdefaultgateway(nexthopdevice).

    Defaults
    Ifnotspecified,ipmaskwillbesettothenaturalmaskoftheipaddressandipgatewaywillbesetto theipaddress.

    Mode
    Switchcommand,readwrite.

    Usage
    Paramtersmustbeenteredintheordershown(hostIP,thenmask,thengateway)forthe commandtobeaccepted.

    Example
    ThisexampleshowshowtosetthesystemIPaddressto10.1.10.1withamaskof255.255.128.0:
    G3(su)->set ip address 10.1.10.1 mask 255.255.128.0

    clear ip address
    UsethiscommandtoclearthesystemIPaddress.

    Syntax
    clear ip address

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoclearthesystemIPaddress:
    G3(rw)->clear ip address

    show ip protocol
    UsethiscommandtodisplaythemethodusedtoacquireanetworkIPaddressforswitch management.

    Syntax
    show ip protocol

    2-10

    Basic Configuration

    set ip protocol

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaythemethodusedtoacquireanetworkIPaddress:
    G3(su)->show ip protocol System IP address acquisition method: dhcp

    set ip protocol
    UsethiscommandtospecifytheprotocolusedtoacquireanetworkIPaddressforswitch management.

    Syntax
    set ip protocol {bootp | dhcp | none}

    Parameters
    bootp dhcp none SelectsBOOTPastheprotocoltousetoacquirethesystemIPaddress. SelectsDHCPastheprotocoltousetoacquirethesystemIPaddress. NoprotocolwillbeusedtoacquirethesystemIPaddress.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetthemethodusedtoacquireanetworkIPaddresstoDHCP.
    G3(su)->set ip protocol dhcp

    show system
    Usethiscommandtodisplaysysteminformation,includingcontactinformation,powerandfan traystatusanduptime.

    Syntax
    show system

    Enterasys G-Series CLI Reference

    2-11

    show system

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaysysteminformation:
    G3(su)->show system System contact: System location: System name: Power Supply 1 Status --------------------Ok Fan Group 1-Status -----------------Ok Fan Group 3-Status -----------------Ok Thermal Sensor -------------Fixed Slot Power Supply Redundancy ----------------------Enabled Uptime d,h:m:s -------------4,22:9:13 Logout ------0 min

    Power Supply 2 Status --------------------Not Installed Fan Group 2-Status -----------------Ok

    Thermal Threshold ----------------37%

    Table providesanexplanationofthecommandoutput.RefertotheGSeriesInstallationGuidefor informationonthelocationofsystemhardwarecomponents. Table 2-4 show system Output Details


    What It Displays... Contact person for the system. Default of a blank string can be changed with the set system contact command (set system contact on page 2-23). Where the system is located. Default of a blank string can be changed with the set system location command (set system location on page 2-23). Name identifying the system. Default of a blank string can be changed with the set system name command (set system name on page 2-22). Operational status for the power supply in the PWR1 slot. Operational status for the power supply in the PWR2 slot.

    Output Field System contact System location System name Power Supply 1 Status Power Supply 2 Status

    2-12

    Basic Configuration

    show system hardware

    Table 2-4

    show system Output Details (Continued)


    What It Displays... Operational status of fan groups 1,2, and 3. Fan groupings are as follows: Group 1 (fans 1, 2, and 3) is located in the front left of the switch to cool the Ethernet subsystem and optional 1OM module slots. Group 2 (fans 8 and 9) is located in the back left of the switch behind Group 1 to cool the CPU subsystem. Group 3 (fans 4, 5, 6, and 7) are located on either side of the power slots to cool the power supplies

    Output Field Fan Group x-Status

    Thermal Sensor Thermal Threshold Power Supply Redundancy Uptime d,h:m:s Logout

    Location of thermal sensor(s). Percentage of thermal threshold reached. Whether or not power redundancy is enabled or disabled. Default mode of enabled can be changed with the set system power command (set system power on page 2-30). System uptime. Time an idle console or Telnet CLI session will remain connected before timing out. Default of 5 minutes can be changed with the set logout command (set logout on page 2-25).

    show system hardware


    Usethiscommandtodisplaythesystemshardwareconfiguration.

    Syntax
    show system hardware

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Enterasys G-Series CLI Reference

    2-13

    show system utilization

    Example
    Thisexampleshowshowtodisplaythesystemshardwareconfiguration.Pleasenotethatthe informationyouseedisplayedmaydifferfromthisexample.
    G3(su)->show system hardware SLOT 1 HARDWARE INFORMATION --------------------------Model: Serial Number: Vendor ID: Base MAC Address: Hardware Version: FirmWare Version: Boot Code Version: SLOT 2 HARDWARE INFORMATION --------------------------Slot is not present. SLOT 3 HARDWARE INFORMATION --------------------------Slot is not present. SLOT 4 HARDWARE INFORMATION --------------------------Model: Serial Number: Vendor ID: Base MAC Address: Hardware Version: FirmWare Version: Boot Code Version:

    G3G124-24 777777777777 0xbc00 00:11:88:B1:76:C0 BCM56514 REV 1 01.00.00.0052 01.00.42

    G3G-24SFP -----------0xbc00 00:11:88:B1:76:C0 BCM56512 REV 1 01.00.00.0052 01.00.42

    POWER SUPPLY 1 HARDWARE INFORMATION ----------------------------------Model: Serial Number: Wattage: 400 Software Version: Revision: -

    show system utilization


    Usethiscommandtodisplaydetailedinformationabouttheprocessorrunningontheswitch,or theoverallmemoryusageoftheFlashandSDRAMstoragedevicesontheunit,ortheprocesses runningontheswitch.

    Syntax
    show system utilization {cpu | storage | process}

    Parameters
    cpu storage process Displayinformationabouttheprocessorrunningontheswitch. Displayinformationabouttheoverallmemoryusageontheswitch. Displayinformationabouttheprocessesrunningontheswitch.

    2-14

    Basic Configuration

    show time

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Examples
    ThisexampleshowshowtodisplaythesystemsCPUutilization:
    G3(ro)->show system utilization cpu Total CPU Utilization: Switch CPU 5 sec 1 min 5 min ----------------------------------------------1 1 3% 1% 1%

    Thisexampleshowshowtodisplaythesystemsoverallmemoryusage:
    G3(ro)->show system utilization storage Storage Utilization: Type Description Size(Kb) Available (Kb) --------------------------------------------------------------RAM RAM device 262144 97173 Flash Images, Config, Other 31095 8094

    Thisexampleshowshowtodisplayinformationabouttheprocessesrunningonthesystem.Only partialoutputisshown.
    G3(ro)->show system utilization process TID Name 5Sec 8d45148 captureTask 0.00% 8e264f8 poe_monitor 0.00% 8ea6d38 poe_read 0.80% 8eb7140 vlanDynEg 0.00% 8f0be10 tcdpSendTask 0.00% 8f1c0e8 tcdpTask 0.00% 1Min 0.00% 0.01% 0.22% 0.00% 0.00% 0.00% 5Min 0.00% 0.05% 0.20% 0.00% 0.00% 0.00%

    show time
    Usethiscommandtodisplaythecurrenttimeofdayinthesystemclock.

    Syntax
    show time

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Enterasys G-Series CLI Reference

    2-15

    set time

    Example
    Thisexampleshowshowtodisplaythecurrenttime.Theoutputshowsthedayoftheweek, month,day,andthetimeofdayinhours,minutes,andsecondsandtheyear:
    G3(su)->show time THU SEP 05 09:21:57 2002

    set time
    Usethiscommandtochangethetimeofdayonthesystemclock.

    Syntax
    set time [mm/dd/yyyy] [hh:mm:ss]

    Parameters
    [mm/dd/yyyy] [hh:mm:ss] Setsthetimein: month,day,yearand/or 24hourformat Atleastonesetoftimeparametersmustbeentered.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosetthesystemclockto7:50a.m:
    G3(su)->set time 7:50:00

    show summertime
    Usethiscommandtodisplaydaylightsavingstimesettings.

    Syntax
    show summertime

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    2-16

    Basic Configuration

    set summertime

    Example
    Thisexampleshowshowtodisplaydaylightsavingstimesettings:
    G3(su)->show summertime Summertime is disabled and set to '' Start : SUN APR 04 02:00:00 2004 End : SUN OCT 31 02:00:00 2004 Offset: 60 minutes (1 hours 0 minutes) Recurring: yes, starting at 2:00 of the first Sunday of April and ending at 2:00 of the last Sunday of October

    set summertime
    Usethiscommandtoenableordisablethedaylightsavingstimefunction.

    Syntax
    set summertime {enable | disable} [zone]

    Parameters
    enable|disable zone Enablesordisablesthedaylightsavingstimefunction. (Optional)Appliesanametothedaylightsavingstimesettings.

    Defaults
    Ifazonenameisnotspecified,nonewillbeapplied.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtoenabledaylightsavingstimefunction:
    G3(su)->set summertime enable

    set summertime date


    Usethiscommandtoconfigurespecificdatestostartandstopdaylightsavingstime.These settingswillbenonrecurringandwillhavetoberesetannually.

    Syntax
    set summertime date start_month start_date start_year start_hr_min end_month end_date end_year end_hr_min [offset_minutes]

    Parameters
    start_month start_date start_year start_hr_min end_month Specifiesthemonthoftheyeartostartdaylightsavingstime. Specifiesthedayofthemonthtostartdaylightsavingstime. Specifiestheyeartostartdaylightsavingstime. Specifiesthetimeofdaytostartdaylightsavingstime.Formatishh:mm. Specifiesthemonthoftheyeartoenddaylightsavingstime.
    Enterasys G-Series CLI Reference 2-17

    set summertime recurring

    end_date end_year end_hr_min offset_minutes

    Specifiesthedayofthemonthtoenddaylightsavingstime. Specifiestheyeartoenddaylightsavingstime. Specifiesthetimeofdaytoenddaylightsavingstime.Formatishh:mm. (Optional)Specifiestheamountoftimeinminutestooffsetdaylight savingstimefromthenondaylightsavingstimesystemsetting.Valid valuesare11440.

    Defaults
    Ifanoffsetisnotspecified,nonewillbeapplied.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetadaylightsavingstimestartdateofApril4,2004at2a.m.andan endingdateofOctober31,2004at2a.m.withanoffsettimeofonehour:
    G3(su)->set summertime date April 4 2004 02:00 October 31 2004 02:00 60

    set summertime recurring


    Usethiscommandtoconfigurerecurringdaylightsavingstimesettings.Thesesettingswillstart andstopdaylightsavingstimeatthespecifieddayofthemonthandhoureachyearandwillnot havetoberesetannually.

    Syntax
    set summertime recurring start_week start_day start_month start_hr_min end_week end_day end_month end_hr_min [offset_minutes]

    Parameters
    start_week start_day start_hr_min end_week end_day end_hr_min offset_minutes Specifiestheweekofthemonthtorestartdaylightsavingstime.Valid valuesare:first,second,third,fourth,andlast. Specifiesthedayoftheweektorestartdaylightsavingstime. Specifiesthetimeofdaytorestartdaylightsavingstime.Formatis hh:mm. Specifiestheweekofthemonthtoenddaylightsavingstime. Specifiesthedayoftheweektoenddaylightsavingstime. Specifiesthetimeofdaytoenddaylightsavingstime.Formatishh:mm. (Optional)Specifiestheamountoftimeinminutestooffsetdaylight savingstimefromthenondaylightsavingstimesystemsetting.Valid valuesare11440.

    Defaults
    Ifanoffsetisnotspecified,nonewillbeapplied.

    2-18

    Basic Configuration

    clear summertime

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowsetdaylightsavingstimetorecurstartingonthefirstSundayofAprilat 2a.m.andendingthelastSundayofOctoberat2a.m.withanoffsettimeofonehour:
    G3(su)->set summertime recurring first Sunday April 02:00 last Sunday October 02:00 60

    clear summertime
    Usethiscommandtoclearthedaylightsavingstimeconfiguration.

    Syntax
    clear summertime

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoclearthedaylightsavingstimeconfiguration:
    G3(su)->clear summertime

    set prompt
    Usethiscommandtomodifythecommandprompt.

    Syntax
    set prompt prompt_string

    Parameters
    prompt_string Specifiesatextstringforthecommandprompt.
    Note: A prompt string containing a space in the text must be enclosed in quotes as shown in the example below.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    2-19

    show banner motd

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetthecommandprompttoSwitch1:
    G3(su)->set prompt Switch 1 Switch 1(su)->

    show banner motd


    Usethiscommandtoshowthebannermessageofthedaythatwilldisplayatsessionlogin.

    Syntax
    show banner motd

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaythebannermessageoftheday:
    G3(rw)->show banner motd O Knights of Ni, you are just and fair, and we will return with a shrubbery -King Arthur

    set banner motd


    Usethiscommandtosetthebannermessageofthedaydisplayedatsessionlogin.
    Note: Banner message text must be enclosed in beginning and ending double quotation marks. The message itself cannot contain any additional double quotation marks.

    Syntax
    set banner motd message

    Parameters
    message Specifiesamessageoftheday.Thisisatextstringthatneedstobein doublequotesifanyspacesareused.Usea\nforanewlineand\tfora tab(eightspaces).

    2-20

    Basic Configuration

    clear banner motd

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosetthemessageofthedaybannertoread:O Knights of Ni, you are just and fair, and we will return with a shrubbery - King Arthur:
    G3(rw)->set banner motd "O Knights of Ni, you are just and \n fair, and we will return with a shrubbery \n \t -King Arthur"

    clear banner motd


    Usethiscommandtoclearthebannermessageofthedaydisplayedatsessionlogintoablank string.

    Syntax
    clear banner motd

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoclearthemessageofthedaybannertoablankstring:
    G3(rw)->clear banner motd

    show version
    Usethiscommandtodisplayhardwareandfirmwareinformation.RefertoDownloadinga FirmwareImageonpage235forinstructionsonhowtodownloadafirmwareimage.

    Syntax
    show version

    Parameters
    None.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    2-21

    set system name

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplayversioninformation.Pleasenotethatyoumayseedifferent informationdisplayed,dependingonthetypeofhardware.
    G3(su)->show version Copyright (c) 2007 by Enterasys Networks, Inc. Boot promt:01.00.38 Slot Port Model Serial Number Hw Version ---- ------ ----------------------0 24 G3G170-24

    FW Version BuFw Version ---------- --------------

    000011223301 BCM56514 REV 101.00.00.0012T 01.00.00.0011T

    Table 25providesanexplanationofthecommandoutput. Table 2-5 show version Output Details


    What It Displays... Module slot number (if applicable) Number of ports supported. Switchs model number. Serial number of the switch. Hw: Hardware version number. Bp: BootPROM version. Fw: Current firmware version number. BuFw: Backup firmware version number. PoE: Power over Ethernet driver version. (Displays only for PoE switches.)

    Output Field Slot Port Model Serial # Versions

    set system name


    Usethiscommandtoconfigureanameforthesystem.

    Syntax
    set system name [string]

    Parameters
    string (Optional)Specifiesatextstringthatidentifiesthesystem.
    Note: A name string containing a space in the text must be enclosed in quotes as shown in the example below.

    Defaults
    Ifstringisnotspecified,thesystemnamewillbecleared.

    Mode
    Switchcommand,readwrite.

    2-22

    Basic Configuration

    set system location

    Example
    ThisexampleshowshowtosetthesystemnametoInformationSystems:
    G3(su)->set system name Information Systems

    set system location


    Usethiscommandtoidentifythelocationofthesystem.

    Syntax
    set system location [string]

    Parameters
    string (Optional)Specifiesatextstringthatindicateswherethesystemis located.
    Note: A location string containing a space in the text must be enclosed in quotes as shown in the example below.

    Defaults
    Ifstringisnotspecified,thelocationnamewillbecleared.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosetthesystemlocationstring:
    G3(su)->set system location Bldg N32-04 Closet 9

    set system contact


    Usethiscommandtoidentifyacontactpersonforthesystem.

    Syntax
    set system contact [string]

    Parameters
    string (Optional)Specifiesatextstringthatcontainsthenameofthepersonto contactforsystemadministration.
    Note: A contact string containing a space in the text must be enclosed in quotes as shown in the example below.

    Defaults
    Ifstringisnotspecified,thecontactnamewillbecleared.

    Enterasys G-Series CLI Reference

    2-23

    set width

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosetthesystemcontactstring:
    G3(su)->set system contact Joe Smith

    set width
    Usethiscommandtosetthenumberofcolumnsfortheterminalconnectedtotheswitchsconsole port.

    Syntax
    set width screenwidth [default]

    Parameters
    screenwidth default Setsthenumberofterminalcolumns.Validvaluesare50to150. (Optional)Makesthissettingpersistentforallfuturesessions(writtento NVRAM).

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    ThenumberofrowsofCLIoutputdisplayedissetusingthesetlengthcommandasdescribedin setlengthonpage224.

    Example
    Thisexampleshowshowtosettheterminalcolumnsto50:
    G3(su)->set width 50

    set length
    UsethiscommandtosetthenumberoflinestheCLIwilldisplay.Thiscommandispersistent (writtentoNVRAM).

    Syntax
    set length screenlength

    2-24

    Basic Configuration

    show logout

    Parameters
    screenlength SetsthenumberoflinesintheCLIdisplay.Validvaluesare0,which disablesthescrollingscreenfeaturedescribedinDisplayingScrolling Screensonpage19,andfrom5to512.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosettheterminallengthto50:
    G3(su)->set length 50

    show logout
    Usethiscommandtodisplaythetime(inseconds)anidleconsoleorTelnetCLIsessionwill remainconnectedbeforetimingout.

    Syntax
    show logout

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaytheCLIlogoutsetting:
    G3(su)->show logout Logout currently set to: 10 minutes.

    set logout
    Usethiscommandtosetthetime(inminutes)anidleconsoleorTelnetCLIsessionwillremain connectedbeforetimingout.

    Syntax
    set logout timeout

    Enterasys G-Series CLI Reference

    2-25

    show console

    Parameters
    timeout Setsthenumberofminutesthesystemwillremainidlebeforetimingout.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosetthesystemtimeoutto10minutes:
    G3(su)->set logout 10

    show console
    Usethiscommandtodisplayconsolesettings.

    Syntax
    show console [baud] [bits] [flowcontrol] [parity] [stopbits]

    Parameters
    baud bits flowcontrol parity stopbits (Optional)Displaystheinput/outputbaudrate. (Optional)Displaysthenumberofbitspercharacter. (Optional)Displaysthetypeofflowcontrol. (Optional)Displaysthetypeofparity. (Optional)Displaysthenumberofstopbits.

    Defaults
    Ifnoparametersarespecified,allsettingswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplayallconsolesettings:
    G3(su)->show console Baud Flow Bits ------ ------- ---9600 Disable 8 StopBits ---------1 Parity -----none

    2-26

    Basic Configuration

    set console baud

    set console baud


    Usethiscommandtosettheconsoleportbaudrate.

    Syntax
    set console baud rate

    Parameters
    rate Setstheconsolebaudrate.Validvaluesare:300,600,1200,2400,4800,5760, 9600,14400,19200,38400,and115200.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosettheconsoleportbaudrateto19200:
    G3(su)->set console baud 19200

    Activating Licensed Features


    InordertoenabletheG3advancedfeatures,suchasAdvancedRouting,youmustpurchaseand activatealicensekey.Ifyouhavepurchasedalicense,youcanproceedtoactivateyourlicenseas describedinthissection.Ifyouwishtoobtainapermanentorevaluationlicense,usethe EnterasysCustomerPortalorcontacttheEnterasysNetworksSalesDepartment.

    License Key Field Descriptions


    WhenEnterasyssuppliesalicense,itwillbesenttoyouasacharacterstringsimilartothe following:
    INCREMENT g3advrouter 2006.0127 27-jan-2011 0123456789AB 0123456789AB

    Thecontentsofthesixfields,fromtheleft,indicate: Typethetypeoflicense.FortheGSeries,thevalueinthisfieldisalwaysINCREMENT. Featuredescriptionofthefeaturebeinglicensed.Forexample,g3advrouterasshownin thecharacterstringabove. Datebasedversion(DBV)adaterelatedstring.FortheGSeries,thevalueinthisfieldisnot significant. Expirationtypeindicateswhetherthelicenseisapermanentoranevaluationlicense.Ifthe licenseisanevaluationlicense,thisfieldwillcontaintheexpirationdateofthelicense.Ifthe licenseisapermanentlicense,thisfieldwillcontainthewordpermanent. Keythelicensekey. HostIDtheserialnumberoftheswitchtowhichthislicenseapplies.

    Enterasys G-Series CLI Reference

    2-27

    set license

    Clearing, Showing, and Moving Licenses


    Licensescanbedisplayed,applied,andclearedonlywiththelicensecommandsdescribedinthis chapter.Generalconfigurationcommandssuchasshowconfigorclearconfigdonotapplyto licenses. Everylicenseisassociatedwithaspecifichardwareplatform,basedontheserialnumberofthe hardwareplatform.Ifyouneedtomovealicensefromonehardwareplatformtoanother,you mustcontactEnterasysCustomerSupporttoarrangeforrehostingofthelicense.

    Commands
    Thecommandsusedtoactivateandverifylicensedfeaturesarelistedbelow.
    For information about... set license show license clear license Refer to page... 2-28 2-29 2-29

    set license
    UsethiscommandtoactivatetheGSerieslicensedfeatures.

    Syntax
    set license type feature DBV expiration key hostid

    Parameters
    type feature DBV expiration Specifiesthetypeoflicense.FortheGSeries,thevalueinthisfieldis alwaysINCREMENT. Thenameofthefeaturebeinglicensed. Adaterelatedstringgeneratedaspartofthelicense. Indicateswhetherthelicenseisapermanentoranevaluationlicense.If thelicenseisanevaluationlicense,thisfieldwillcontaintheexpiration dateofthelicense.Ifthelicenseisapermanentlicense,thisfieldwill containthewordpermanent. Thelicensekey. Theserialnumberoftheswitchtowhichthislicenseapplies.

    key hostid

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Whenactivatinglicenseswiththiscommand,EnterasysNetworksrecommendsthatyoucopyand pastetheentirelicensecharacterstring,ratherthanenterthetextmanually.Ifyouenterthe
    2-28 Basic Configuration

    show license

    characterstringmanually,ensurethatyouexactlymatchthecapitalizationofthecharacterstring senttoyou. Everylicenseisassociatedwithaspecifichardwareplatform,basedontheserialnumberofthe hardwareplatform.Ifyouneedtomovealicensefromonehardwareplatformtoanother,you mustcontactEnterasysCustomerSupporttoarrangeforrehostingofthelicense.

    Example
    Thisexampleshowshowtoactivateapermanentlicensekeyontheswitchwithserialnumber 075103099041.
    G3(rw)->set license INCREMENT G3ipv6router 2008.0212 permanent DF6A8558E5AB 075103099041 Validating license License successfully validated and set G3(rw)->

    show license
    Usethiscommandtodisplaylicensekeyinformationforswitcheswithactivatedlicenses.

    Syntax
    show license

    Parameters

    Defaults

    Mode
    Switchcommand,readonly.

    Usage
    Licensescanbedisplayed,applied,andclearedonlywiththelicensecommandsdescribedinthis chapter.Generalconfigurationcommandssuchasshowconfigorclearconfigdonotaffect licenses.

    Example
    Thisexampleshowshowtodisplaylicensekeyinformation.
    G3(ro)->show license key: INCREMENT 2006.0728 permanent 31173CAC6495 045100039001 status: Active

    clear license
    Usethiscommandtoclearthelicensekeysettings.

    Syntax
    clear license featureId feature

    Enterasys G-Series CLI Reference

    2-29

    Configuring System Power and Power over Ethernet (PoE)

    Parameters
    featureIDfeature Thenameofthefeaturebeingcleared.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocleartheAdvancedRoutinglicensedfeature:
    G3(rw)->clear license featureId g3advrouter

    Configuring System Power and Power over Ethernet (PoE)


    Important Notice
    Some commands in this section apply only to PoE-equipped G-Series devices. Consult the Installation Guide shipped with your product to determine if it is PoE-equipped.

    Purpose
    ToreviewandsetsystempowerandPoEparameters,includingthepoweravailabletothesystem, theusagethresholdforeachmodule,whetherornotSNMPtrapmessageswillbesentwhen powerstatuschanges,andperportPoEsettings.

    Commands
    Thecommandsusedtoreviewandsetsystempowerparametersarelistedbelow.
    For information about... set system power show inlinepower set inlinepower threshold set inlinepower trap show port inlinepower set port inlinepower Refer to page... 2-30 2-30 2-30 2-33 2-33 2-34

    set system power


    Usethiscommandtosetthestatusofpowerredundancyonthesystem.Bydefault,whentwo powersuppliesareinstalled,theG3issettooperateinredundantmode. Syntax
    set system power {redundant | non-redundant}

    2-30

    Basic Configuration

    show inlinepower

    Parameters
    redundant nonredundant Setsthesystemtooperateinredundantpowermode.Thisisthedefault settingwhentwopowersuppliesareinstalled. Setsthesystemtooperateinnonredundantpowermodewhentwo powersuppliesareinstalled.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosetthesystempowerredundancymodetononredundant:
    G3(su)->set system power non-redundant

    show inlinepower
    Usethiscommandtodisplaysystempowerproperties.

    Syntax
    show inlinepower

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Enterasys G-Series CLI Reference

    2-31

    set inlinepower threshold

    Examples
    Thisexampleshowshowtodisplaysystempowerproperties.Inthiscase,powerredundancyis settoredundantmode:
    G3(su)->show inlinepower Detection Mode : Total Power Detected : Total Power Available : Total Power Assigned : Power Allocation Mode : Power Trap Status : Power Redundancy Status: Power Supply 1 Status : Power Supply 2 Status : Slot ---1 2 3 4 Status -----auto auto Power(W) -------480 480 auto 1200 Watts 1000 Watts 0 Watts auto enable redundant Ok Ok Consumption(W) -------------0.00 0.00 Usage(%) -------0.00 0.00 Threshold(%) -----------80 80 Trap ---enable enable

    Thisexampleshowssystempowerpropertieswhenpowerredundancyissettononredundant mode:
    G3(su)->show inlinepower Detection Mode : Total Power Detected : Total Power Available : Total Power Assigned : Power Allocation Mode : Power Trap Status : Power Redundancy Status: Power Supply 1 Status : Power Supply 2 Status : Slot ---1 2 3 4 Status -----auto auto Power(W) -------480 480 auto 2400 Watts 2200 Watts 0 Watts auto enable not redundant Ok Ok Consumption(W) -------------0.00 0.00 Usage(%) -------0.00 0.00 Threshold(%) -----------80 80 Trap ---enable enable

    set inlinepower threshold


    Usethiscommandtosetthepowerusagethresholdonaspecifiedunitormodule.

    Syntax
    set inlinepower threshold usage-threshold unit-number

    Parameters
    thresholdvalue modulenumber Specifiesapowerthresholdasapercentageoftotalsystempowerusage. Validvaluesare11to100. Specifiesthemoduleonwhichtosetthepowerthreshold.

    2-32

    Basic Configuration

    set inlinepower trap

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosetthepowerthresholdto50onmodule/unit1:
    G3(su)->set inlinepower threshold 50 1

    set inlinepower trap


    UsethiscommandtoenableordisablethesendingofanSNMPtrapmessageforaunitormodule wheneverthestatusofitsportschanges,orwhenevertheunitspowerusagethresholdiscrossed. Theunitspowerusagethresholdmustbesetusingthesetinlinepowerthresholdcommandas describedonpage230.

    Syntax
    set inlinepower trap {disable | enable} module-number

    Parameters
    disable|enable modulenumber Disablesorenablesinlinepowertrapmessaging. Specifiesthemoduleonwhichtodisableorenabletrapmessaging.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoenableinlinepowertrapmessagingonmodule1:
    G3(su)->set inlinepower trap enable 1

    show port inlinepower


    UsethiscommandtodisplayallportssupportingPoE.

    Syntax
    show port inlinepower [port-string]

    Parameters
    portstring (Optional)DisplaysinformationforspecificPoEport(s).

    Defaults
    Ifnotspecified,informationforallPoEportswillbedisplayed.

    Enterasys G-Series CLI Reference

    2-33

    set port inlinepower

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayPoEinformationforportge.2.1.Inthiscase,theports administrativestate,PoEpriorityandclasshavenotbeenchangedfromdefaultvalues:
    G3(su)->show port inlinepower ge.2.1 Port Type Admin Oper -------------ge.2.1 wireless auto searching Priority -------low Class ----0 Power(W) -------15.4

    set port inlinepower


    UsethiscommandtoconfigurePoEparametersononeormoreports.

    Syntax
    set port inlinepower port-string {[admin {off | auto}] [priority {critical | high | low}] [type type]}

    Parameters
    portstring adminoff|auto prioritycritical| high|low typetype Specifiestheport(s)onwhichtoconfigurePoE. SetsthePoEadministrativestatetooff(disabled)orauto(on). Setstheport(s)priorityforthePoEallocationalgorithmtocritical (highest),highorlow. Specifiesastringdescribingthetypeofdeviceconnectedtoaport.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoenablePoEonportge.3.1withcriticalpriority:
    G3(su)->set port inlinepower ge.3.1 admin auto priority critical

    2-34

    Basic Configuration

    Downloading a Firmware Image

    Downloading a Firmware Image


    YoucanupgradetheoperationalfirmwareintheGSeriesswitchwithoutphysicallyopeningthe switchorbeinginthesamelocation.Therearetwowaystodownloadfirmwaretotheswitch: ViaTFTPdownload.ThisprocedureusesaTFTPserverconnectedtothenetworkand downloadsthefirmwareusingtheTFTPprotocol.FordetailsonhowtoperformaTFTP downloadusingthecopycommand,refertocopyonpage247.Forinformationonsetting TFTPtimeoutandretryparameters,refertosettftptimeoutonpage248andsettftp retryonpage249. Viatheserial(console)port.Thisprocedureisanoutofbandoperationthatcopiesthe firmwarethroughtheserialporttotheswitch.Itshouldbeusedincaseswhenyoucannot connecttheswitchtoperformtheinbandcopydownloadprocedureviaTFTP.Serialconsole downloadhasbeensuccessfullytestedwiththefollowingapplications: HyperTerminalCopyright1999 TeraTermProVersion2.3

    Anyotherterminalapplicationsmayworkbutarenotexplicitlysupported. TheG3switchallowsyoutodownloadandstoredualimages.Thebackupimagecanbe downloadedandselectedasthestartupimagebyusingthecommandsdescribedinthissection.

    Downloading from a TFTP Server


    ToperformaTFTPdownload,proceedasfollows: 1. 2. Ifyouhavenotalreadydoneso,settheswitchsIPaddressusingthesetipaddresscommand asdetailedinsetipaddressonpage29. Downloadanewimagefileusingthecopycommandasdetailedincopyonpage247.

    Downloading via the Serial Port


    Todownloadswitchfirmwareviatheserial(console)port,proceedasfollows: 1. Withtheconsoleportconnected,poweruptheswitch.Thefollowingmessagedisplays:
    Version 01.00.29 05-09-2005 Computing MD5 Checksum of operational code... Select an option. If no selection in 2 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu. Select (1, 2):2 Password: *************

    2.

    Beforethebootupcompletes,type2toselectStartBootMenu.Useadministratorforthe Password.
    Note: The Boot Menu password administrator can be changed using boot menu option 11.

    Enterasys G-Series CLI Reference

    2-35

    Downloading a Firmware Image

    Boot Menu Version 01.00.29 05-09-2005

    Options available 1 - Start operational code 2 - Change baud rate 3 - Retrieve event log using XMODEM (64KB). 4 - Load new operational code using XMODEM 5 - Display operational code vital product data 6 - Run Flash Diagnostics 7 - Update Boot Code 8 - Delete operational code 9 - Reset the system 10 - Restore Configuration to factory defaults (delete config files) 11 - Set new Boot Code password [Boot Menu] 2

    3.

    Type2.Thefollowingbaudrateselectionscreendisplays:
    1 2 3 4 5 6 7 8 0 1200 2400 4800 9600 19200 38400 57600 115200 no change

    4.

    Type8tosettheswitchbaudrateto115200.Thefollowingmessagedisplays:
    Setting baud rate to 115200, you must change your terminal baud rate.

    5. 6.

    Settheterminalbaudrateto115200andpressENTER. Fromthebootmenuoptionsscreen,type4toloadnewoperationalcodeusingXMODEM. WhentheXMODEMtransferiscomplete,thefollowingmessageandheaderinformationwill display:


    [Boot Menu] 4 Ready to receive the file with XMODEM/CRC.... Ready to RECEIVE File xcode.bin in binary mode Send several Control-X characters to cCKCKCKCKCKCKCK XMODEM transfer complete, checking CRC.... Verified operational code CRC. The following Enterasys Header is in the image: MD5 Checksum....................fe967970996c4c8c43a10cd1cd7be99a Boot File Identifier............0x0517 Header Version..................0x0100 Image Type......................0x82 Image Offset....................0x004d Image length....................0x006053b3 Ident Strings Length............0x0028 Ident Strings................... G3G124-24 Image Version Length............0x7 Image Version Bytes.............0x30 0x2e 0x35 0x2e 0x30 0x2e 0x34 (0.5.0.4)

    2-36

    Basic Configuration

    Reviewing and Selecting a Boot Firmware Image

    7. 8.

    Fromthebootmenuoptionsscreen,type2todisplaythebaudrateselectionscreenagain. Type4settheswitchbaudrateto9600.Thefollowingmessagedisplays:
    Setting baud rate to 9600, you must change your terminal baud rate.

    9.

    Settheterminalbaudrateto9600andpressENTER.

    10. Fromthebootmenuoptionsscreen,type1tostartthenewoperationalcode.Thefollowing messagedisplays:


    Operational Code Date: Tue Jun 29 08:34:05 2004 Uncompressing.....

    Reverting to a Previous Image


    Intheeventthatyouneedtodowngradetoapreviousversionofcode,youcandosoby completingthefollowingstepsdescribedinthischapter.
    Note: You will not be able to peform these steps remotely unless you have remote console support.

    1. 2. 3. 4.

    Saveyourconfiguration,asdescribedinsaveconfig(page 243). Loadyourpreviousversionofcodeonthedevice,asdescribedinDownloadingaFirmware Image(page 235). Setthisolderversionofcodetobethebootcode,asdescribedinReviewingandSelectinga BootFirmwareImage(page 237). Reloadthesavedconfigurationontothedeviceasdescribedinconfigure(page 246).

    Reviewing and Selecting a Boot Firmware Image


    Purpose
    Todisplayandsettheimagefiletheswitchloadsatstartup.TheG3switchallowsyouto downloadandstoreabackupimage,whichcanbeselectedasthestartupimagebyusingthe commandsdescribedinthissection.

    Commands
    Thecommandsusedtoreviewandselecttheswitchsbootimagefilearelistedbelow.
    For information about... show boot system set boot system Refer to page... 2-37 2-38

    show boot system


    Usethiscommandtodisplaythefirmwareimagetheswitchloadsatstartup.

    Enterasys G-Series CLI Reference

    2-37

    set boot system

    Syntax
    show boot system

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaytheswitchsbootfirmwareimage:
    G3(su)->show boot system Current system image to boot: bootfile

    set boot system


    Usethiscommandtosetthefirmwareimagetheswitchloadsatstartup.

    Syntax
    set boot system filename

    Parameters
    filename Specifiesthenameofthefirmwareimagefile.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosetthebootfirmwareimagefiletonewimage:
    G3(su)->set boot system newimage

    2-38

    Basic Configuration

    Starting and Configuring Telnet

    Starting and Configuring Telnet


    Purpose
    ToenableordisableTelnet,andtostartaTelnetsessiontoaremotehost.TheGSeriesswitch allowsatotaloffourinboundand/oroutboundTelnetsessiontorunsimultaneously.

    Commands
    Thecommandsusedtoenable,startandconfigureTelnetarelistedbelow.
    For information about... show telnet set telnet telnet Refer to page... 2-39 2-39 2-40

    show telnet
    UsethiscommandtodisplaythestatusofTelnetontheswitch.

    Syntax
    show telnet

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayTelnetstatus:
    G3(su)->show telnet Telnet inbound is currently: ENABLED Telnet outbound is currently: ENABLED

    set telnet
    UsethiscommandtoenableordisableTelnetontheswitch.

    Syntax
    set telnet {enable | disable} [inbound | outbound | all]

    Enterasys G-Series CLI Reference

    2-39

    telnet

    Parameters
    enable|disable inbound| outbound|all EnablesordisablesTelnetservices. (Optional)Specifiesinboundservice(theabilitytoTelnettothisswitch), outboundservice(theabilitytoTelnettootherdevices),orall(both inboundandoutbound).

    Defaults
    Ifnotspecified,bothinboundandoutboundTelnetservicewillbeenabled.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodisableinboundandoutboundTelnetservices:
    G3(su)->set telnet disable all Disconnect all telnet sessions and disable now (y/n)? [n]: y All telnet sessions have been terminated, telnet is now disabled.

    telnet
    UsethiscommandtostartaTelnetconnectiontoaremotehost.TheGSeriesswitchallowsatotal offourinboundand/oroutboundTelnetsessiontorunsimultaneously.

    Syntax
    telnet host [port]

    Parameters
    host port SpecifiesthenameorIPaddressoftheremotehost. (Optional)Specifiestheserverportnumber.

    Defaults
    Ifnotspecified,thedefaultportnumber23willbeused.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtostartaTelnetsessiontoahostat10.21.42.13:
    G3(su)->telnet 10.21.42.13

    2-40

    Basic Configuration

    Managing Switch Configuration and Files

    Managing Switch Configuration and Files


    Configuration Persistence Mode
    Thedefaultstateofconfigurationpersistencemodeisauto,whichmeansthatwhenCLI configurationcommandsareentered,orwhenaconfigurationfilestoredontheswitchis executed,theconfigurationissavedtoNVRAMautomaticallyatthefollowingintervals: Onastandaloneunit,theconfigurationischeckedeverytwominutesandsavediftherehas beenachange. Onastack,theconfigurationissavedacrossthestackevery30minutesiftherehasbeena change.

    IfyouwanttosavearunningconfigurationtoNVRAMmoreoftenthantheautomaticintervals, executethesaveconfigcommandandwaitforthesystemprompttoreturn.Aftertheprompt returns,theconfigurationwillbepersistent. Youcanchangethepersistencemodefromautotomanualwiththesetsnmppersistmode command.Ifthepersistencemodeissettomanual,configurationcommandswillnotbe automaticallywrittentoNVRAM.Althoughtheconfigurationcommandswillactivelymodifythe runningconfiguration,theywillnotpersistacrossaresetunlessthesaveconfigcommandhas beenexecuted.


    Note: When your device is configured for manual SNMP persistence mode, and you attempt to change the boot system image, the device will not prompt you to save changes or warn you that changes will be lost.

    Purpose
    TosetandviewthepersistencemodeforCLIconfigurationcommands,manuallysavethe runningconfiguration,view,manage,andexecuteconfigurationfilesandimagefiles,andsetand viewTFTPparameters.

    Commands
    For information about... show snmp persistmode set snmp persistmode save config dir show file show config configure copy delete show tftp settings set tftp timeout Refer to page... 2-42 2-42 2-43 2-43 2-44 2-45 2-46 2-47 2-47 2-48 2-48

    Enterasys G-Series CLI Reference

    2-41

    show snmp persistmode

    For information about... clear tftp timeout set tftp retry clear tftp retry

    Refer to page... 2-49 2-49 2-50

    show snmp persistmode


    Usethiscommandtodisplaytheconfigurationpersistencemodesetting.

    Syntax
    show snmp persistmode

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Usage
    Bydefault,themodeissettoautosave,whichautomaticallysavesconfigurationchangesat specificintervals.Ifthemodeissettomanual,configurationcommandsareneverautomatically saved.Inordertomakeconfigurationchangespersistentwhenthemodeismanual,thesave configcommandmustbeissuedasdescribedinConfigurationPersistenceModeonpage241.

    Example
    Thisexampleshowshowtodisplaytheconfigurationpersistencemodesetting.Inthiscase, persistencemodeissettomanual,whichmeansconfigurationchangesarenotbeing automaticallysaved.
    G3(su)->show snmp persistmode persistmode is manual

    set snmp persistmode


    Usethiscommandtosettheconfigurationpersistencemode,whichdetermineswhetheruser definedconfigurationchangesaresavedautomatically,orrequireissuingthesaveconfig command.SeeConfigurationPersistenceModeonpage241formoreinformation.

    Syntax
    set snmp persistmode {auto | manual}

    2-42

    Basic Configuration

    save config

    Parameters
    auto manual Setstheconfigurationpersistencemodetoautomatic.Thisisthedefault state. Setstheconfigurationpersistencemodetomanual.Inordertomake configurationchangespersistent,thesaveconfigcommandmustbe issuedasdescribedinsaveconfigonpage243.Thismodeisusefulfor revertingbacktooldconfigurations.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosettheconfigurationpersistencemodetomanual:
    G3(su)->set snmp persistmode manual

    save config
    Usethiscommandtosavetherunningconfiguration. Syntax
    save config

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosavetherunningconfiguration:
    G3(su)->save config

    dir
    Usethiscommandtolistconfigurationandimagefilesstoredinthefilesystem.

    Syntax
    dir [filename]

    Enterasys G-Series CLI Reference

    2-43

    show file

    Parameters
    filename (Optional)Specifiesthefilenameordirectorytolist.

    Defaults
    Iffilenameisnotspecified,allfilesinthesystemwillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtolistalltheconfigurationandimagefilesinthesystem:
    G3(su)->dir Images: ================================================================== Filename: G3-series_02.01.30 Version: 1.00.xx Size: 6873088 (bytes) Date: Fri Apr 1 15:23:24 2005 CheckSum: 7eb3dd1118a8ef60cf2c7bb162ac07ee Compatibility: G3G124-24, G3G124-24P Filename: Version: Size: Date: CheckSum: Compatibility: G3-image_02.61.30 (Active) (Boot) 1.00.xx 6883328 (bytes) Tue Apr 5 16:41:50 2005 37cb8761e1761a7a0e24c33e88138d5a G3G124-24, G3G124-24P Size ======== 17509 3173 162833

    Files: ================================ configs: Monday.cfg admin1.cfg logs: current.log

    show file
    Usethiscommandtodisplaythecontentsofafile.

    Syntax
    show file filename

    Parameters
    filename Specifiesthenameofthefiletodisplay.

    Defaults
    None.

    2-44

    Basic Configuration

    show config

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplayatextfilenamedmypolicyintheconfigs/directory.Note thatonlyaportionofthefileisshowninthisexample.
    G3(rw)->show file configs/mypolicy 1 : 2 : 3 : #policy 4 : 5 : set policy profile 1 name "Check GUEST" pvid-status enable pvid 4095 untaggedvlans 1 6 : 7 : set policy profile 2 name "User LABORATORIES" pvid-status enable pvid 680 cosstatus enable cos 4 untagged-vlans 680 8 : 9 : set policy profile 3 name "Administrator" pvid-status enable pvid 4095 10 : 11 : set policy profile 4 name "Guest" pvid-status enable pvid 999 cos-status enable cos 3 untagged-vlans 999 12 : 13 : set policy port ge.1.1 4 14 : 15 : set policy port ge.1.2 4

    show config
    Usethiscommandtodisplaythesystemconfigurationorwritetheconfigurationtoafile.

    Syntax
    show config [all | facility] [outfile {configs/filename}]

    Parameters
    all facility (Optional)Displaysdefaultandnondefaultconfigurationsettings. (Optional)Specifiestheexactnameofonefacilityforwhichtoshow configuration.Forexample,enterroutertoshowonlyrouter configuration. (Optional)Specifiesthatthecurrentconfigurationwillbewrittentoatext fileintheconfigs/directory. Specifiesafilenameintheconfigs/directorytodisplay.

    outfile configs/filename

    Defaults
    Bydefault,showconfigwilldisplayallnondefaultconfigurationinformationforallfacilities.

    Mode
    Switchcommand,readonly.

    Enterasys G-Series CLI Reference

    2-45

    configure

    Usage
    Theseparatefacilitiesthatcanbedisplayedbythiscommandareidentifiedinthedisplayofthe currentconfigurationbya#precedingthefacilityname.Forexample,#portindicatesthefacility nameport.

    Examples
    Thisexampleshowshowtowritethecurrentconfigurationtoafilenamedsave_config2:
    G3(rw)->show config all outfile configs/save_config2

    Thisexampleshowshowtodisplayconfigurationforthefacilityport.
    G3(rw)->show config port This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. begin ! #***** NON-DEFAULT CONFIGURATION ***** ! ! #port set port jumbo disable ge.1.1 ! end

    configure
    Usethiscommandtoexecuteapreviouslydownloadedconfigurationfilestoredontheswitch.

    Syntax
    configure filename [append]

    Parameters
    filename append Specifiesthepathandfilenameoftheconfigurationfiletoexecute. (Optional)Appendstheconfigurationfilecontentstothecurrent configuration.Thisisequivalenttotypingthecontentsoftheconfigfile directlyintotheCLIandcanbeused,forexample,tomakeincremental adjustmentstothecurrentconfiguration.

    Defaults
    Ifappendisnotspecified,thecurrentrunningconfigurationwillbereplacedwiththecontentsof theconfigurationfile,whichwillrequireanautomatedresetofthechassis.

    Mode
    Switchcommand,readwrite.

    2-46

    Basic Configuration

    copy

    Example
    ThisexampleshowshowtoexecutetheJan1_2004.cfgconfigurationfile:
    G3(su)->configure configs/Jan1_2004.cfg

    copy
    UsethiscommandtouploadordownloadanimageoraCLIconfigurationfile.

    Syntax
    copy source destination

    Parameters
    source destination Specifieslocationandnameofthesourcefiletocopy.Optionsarealocalfile pathintheconfigsdirectory,ortheURLofaTFTPserver. Specifieslocationandnameofthedestinationwherethefilewillbecopied. Optionsareaslotlocationandfilename,ortheURLofaTFTPserver.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Examples
    ThisexampleshowshowtodownloadanimageviaTFTP:
    G3(su)->copy tftp://10.1.192.34/version01000 system:image

    Thisexampleshowshowtodownloadaconfigurationfiletotheconfigsdirectory:
    G3(su)->copy tftp://10.1.192.1/Jan1_2004.cfg configs/Jan1_2004.cfg

    delete
    UsethiscommandtoremoveanimageoraCLIconfigurationfilefromtheswitch.

    Syntax
    delete filename

    Parameters
    filename Specifiesthelocalpathnametothefile.Validdirectoriesare/imagesand /configs.44.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    2-47

    show tftp settings

    Mode
    Switchcommand,readwrite.

    Usage
    Usethedircommand(page243)todisplaycurrentimageandconfigurationfilenames.

    Example
    ThisexampleshowshowtodeletetheJan1_2004.cfgconfigurationfile:
    G3(su)->delete configs/Jan1_2004.cfg

    show tftp settings


    UsethiscommandtodisplayTFTPsettingsusedbytheswitchduringdatatransfersusingTFTP.

    Syntax
    show tftp settings

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Usage
    TheTFTPtimeoutvaluecanbesetwiththesettftptimeoutcommand.TheTFTPretryvaluecan besetwiththesettftpretrycommand.

    Example
    Thisexampleshowstheoutputofthiscommand.
    G3(ro)->show tftp settings TFTP packet timeout (seconds): 2 TFTP max retry: 5

    set tftp timeout


    UsethiscommandtoconfigurehowlongTFTPwillwaitforareplyofeitheranacknowledgement packetoradatapacketduringadatatransfer.

    Syntax
    set tftp timeout seconds

    2-48

    Basic Configuration

    clear tftp timeout

    Parameters
    seconds Specifiesthenumberofsecondstowaitforareply.Thevalidrangeis from1to30seconds.Defaultvalueis2seconds.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplesetsthetimeoutperiodto4seconds.
    G3(rw)->set tftp timeout 4

    clear tftp timeout


    UsethiscommandtoresettheTFTPtimeoutvaluetothedefaultvalueof2seconds.

    Syntax
    clear tftp timeout

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoclearthetimeoutvaluetothedefaultof2seconds.
    G3(rw)-> clear tftp timeout

    set tftp retry


    UsethiscommandtoconfigurehowmanytimesTFTPwillresendapacket,eitheran acknowledgementpacketoradatapacket.

    Syntax
    set tftp retry retry

    Parameters
    retry Specifiesthenumberoftimesapacketwillberesent.Thevalidrangeis from1to1000.Defaultvalueis5retries.

    Enterasys G-Series CLI Reference

    2-49

    clear tftp retry

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplesetstheretrycountto3.
    G3(rw)->set tftp retry 3

    clear tftp retry


    UsethiscommandtoresettheTFTPretryvaluetothedefaultvalueof5retries.

    Syntax
    clear tftp retry

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtocleartheretryvaluetothedefaultof5retries.
    G3(rw)-> clear tftp retry

    Clearing and Closing the CLI


    Purpose
    TocleartheCLIscreenortocloseyourCLIsession.

    Commands
    ThecommandsusedtoclearandclosetheCLIsessionarelistedbelow.
    For information about... cls exit Refer to page... 2-51 2-51

    2-50

    Basic Configuration

    cls (clear screen)

    cls (clear screen)


    UsethiscommandtoclearthescreenforthecurrentCLIsession.

    Syntax
    cls

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtocleartheCLIscreen:
    G3(su)->cls

    exit
    UseeitherofthesecommandstoleaveaCLIsession.

    Syntax
    exit

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Usage
    Bydefault,switchtimeoutoccursafter15minutesofuserinactivity,automaticallyclosingyour CLIsession.Usethesetlogoutcommand(page225)tochangethisdefault.

    Example
    ThisexampleshowshowtoexitaCLIsession:
    G3(su)->exit

    Enterasys G-Series CLI Reference

    2-51

    Resetting the Switch

    Resetting the Switch


    Purpose
    Toresetoneormoreswitches,andtocleartheuserdefinedconfigurationparameters.

    Commands
    For information about... reset clear config Refer to page... 2-52 2-52

    reset
    Usethiscommandtoresettheswitchwithoutlosinganyuserdefinedconfigurationsettings.

    Syntax
    reset

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Examples
    Thisexampleshowshowtoresetthesystem:
    G3(su)->reset This command will reset all modules and may disconnect your telnet session. Do you want to continue (y/n) [n]?

    clear config
    Usethiscommandtocleartheuserdefinedconfigurationparameters.

    Syntax
    clear config

    Parameters
    None.

    2-52

    Basic Configuration

    Using and Configuring WebView

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoclearconfigurationparameters:
    G3(su)->clear config

    Using and Configuring WebView


    Purpose
    Bydefault,WebView(TheEnterasysNetworksembeddedwebserverforswitchconfiguration andmanagementtasks)isenabledonTCPportnumber80ontheGSeriesswitch.Youcanverify WebViewstatus,andenableordisableWebViewusingthecommandsdescribedinthissection. WebViewcanalsobesecurelyusedoverSSLport443,ifSSLisenabledontheswitch.Bydefault, SSLisdisabled. TouseWebView,typetheIPaddressoftheswitchinyourbrowser.TouseWebViewoverSSL, typeinhttps://thentheIPaddressoftheswitch.Forexample,https://172.16.2.10.

    Commands
    For information about... show webview set webview show ssl set ssl Refer to page... 2-53 2-54 2-54 2-55

    show webview
    UsethiscommandtodisplayWebViewstatus.

    Syntax
    show webview

    Parameters
    None.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    2-53

    set webview

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayWebViewstatus:
    G3(rw)->show webview WebView is Enabled.

    set webview
    UsethiscommandtoenableordisableWebViewontheswitch.

    Syntax
    set webview {enable | disable}

    Parameters
    enable|disable EnableordisableWebViewontheswitch.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    ItisgoodpracticeforsecurityreasonstodisableHTTPaccessontheswitchwhenfinished configuringwithWebView,andthentoonlyenableWebViewontheswitchwhenchangesneed tobemade.

    Example
    ThisexampleshowshowtodisableWebViewontheswitch:
    G3(rw)->set webview disable

    show ssl
    UsethiscommandtodisplaySSLstatus.

    Syntax
    show ssl

    Parameters
    None.

    Defaults
    None.

    2-54

    Basic Configuration

    set ssl

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaySSLstatus:
    G3(rw)->show ssl SSL status: Enabled

    set ssl
    UsethiscommandtoenableordisabletheuseofWebViewoverSSLport443.Bydefault,SSLis disabledontheswitch.Thiscommandcanalsobeusedtoreinitializethehostkeythatisusedfor encryption.

    Syntax
    set ssl {enabled | disabled | reinitialize | hostkey reinitialize}

    Parameters
    enabled|disabled reinitialize hostkeyreinitialize EnableordisabletheabilitytouseWebViewoverSSL. StopsandthenrestartstheSSLprocess. StopsSSL,regeneratesnewkeys,andthenrestartsSSL.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoenableSSL:
    G3(rw)->set ssl enabled

    Enterasys G-Series CLI Reference

    2-55

    set ssl

    2-56

    Basic Configuration

    3
    Discovery Protocol Configuration
    Thischapterdescribeshowtoconfigurediscoveryprotocols.
    For information about... Configuring CDP Configuring Cisco Discovery Protocol Configuring Link Layer Discovery Protocol and LLDP-MED Refer to page... 3-1 3-6 3-13

    Configuring CDP
    Purpose
    ToreviewandconfiguretheEnterasysCDPdiscoveryprotocol.Thisprotocolisusedtodiscover networktopology.Whenenabled,thisprotocolallowsEnterasysdevicestosendperiodicPDUs aboutthemselvestoneighboringdevices.

    Commands
    ThecommandsusedtoreviewandconfiguretheCDPdiscoveryprotocolarelistedbelow.
    For information about... show cdp set cdp state set cdp auth set cdp interval set cdp hold-time clear cdp show neighbors Refer to page... 3-1 3-3 3-3 3-4 3-5 3-5 3-6

    show cdp
    UsethiscommandtodisplaythestatusoftheCDPdiscoveryprotocolandmessageintervalon oneormoreports.

    Enterasys G-Series CLI Reference

    3-1

    show cdp

    Syntax
    show cdp [port-string]

    Parameters
    portstring (Optional)DisplaysCDPstatusforaspecificport.Foradetaileddescription ofpossibleportstringvalues,refertoPortStringSyntaxUsedintheCLI onpage41.

    Defaults
    Ifportstringisnotspecified,allCDPinformationwillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayCDPinformationforportsge.1.1throughge.1.9:
    G3(su)->show cdp ge.1.1-9 CDP Global Status CDP Version Supported CDP Hold Time CDP Authentication Code CDP Transmit Frequency Port Status ----------------ge.1.1 auto-enable ge.1.2 auto-enable ge.1.3 auto-enable ge.1.4 auto-enable ge.1.5 auto-enable ge.1.6 auto-enable ge.1.7 auto-enable ge.1.8 auto-enable ge.1.9 auto-enable :auto-enable :30 hex :180 :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 hex :60

    Table 31providesanexplanationofthecommandoutput. Table 3-1 show cdp Output Details


    What It Displays... Whether CDP is globally auto-enabled, enabled or disabled. The default state of auto-enabled can be reset with the set cdp state command. For details, refer to set cdp state on page 3-3. CDP version number(s) supported by the switch. Minimum time interval (in seconds) at which CDP configuration messages can be set. The default of 180 seconds can be reset with the set cdp hold-time command. For details, refer to set cdp hold-time on page 3-5. Authentication code for CDP discovery protocol. The default of 00-00-00-00-00-0000-00 can be reset using the set cdp auth command. For details, refer to set cdp auth on page 3-3.

    Output Field CDP Global Status

    CDP Versions Supported CDP Hold Time

    CDP Authentication Code

    3-2

    Discovery Protocol Configuration

    set cdp state

    Table 3-1

    show cdp Output Details (Continued)


    What It Displays... Frequency (in seconds) at which CDP messages can be transmitted. The default of 60 seconds can be reset with the set cdp interval command. For details, refer to set cdp interval on page 3-4. Port designation. For a detailed description of possible port-string values, refer to Port String Syntax Used in the CLI on page 4-1. Whether CDP is enabled, disabled or auto-enabled on the port.

    Output Field CDP Transmit Frequency Port Status

    set cdp state


    UsethiscommandtoenableordisabletheCDPdiscoveryprotocolononeormoreports.

    Syntax
    set cdp state {auto | disable | enable} [port-string]

    Parameters
    auto|disable| enable portstring Autoenables,disablesorenablestheCDPprotocolonthespecifiedport(s). Inautoenablemode,whichisthedefaultmodeforallports,aport automaticallybecomesCDPenableduponreceivingitsfirstCDPmessage. (Optional)EnablesordisablesCDPonspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage41.

    Defaults
    Ifportstringisnotspecified,theCDPstatewillbegloballyset.

    Mode
    Switchcommand,readwrite.

    Examples
    ThisexampleshowshowtogloballyenableCDP:
    G3(su)->set cdp state enable

    ThisexampleshowshowtoenabletheCDPforportge.1.2:
    G3(su)->set cdp state enable ge.1.2

    ThisexampleshowshowtodisabletheCDPforportge.1.2:
    G3(su)->set cdp state disable ge.1.2

    set cdp auth


    UsethiscommandtosetaglobalCDPauthenticationcode.

    Syntax
    set cdp auth auth-code

    Enterasys G-Series CLI Reference

    3-3

    set cdp interval

    Parameters
    authcode SpecifiesanauthenticationcodefortheCDPprotocol.Thiscanbeupto16 hexadecimalvaluesseparatedbycommas.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    TheauthenticationcodevaluedeterminesaswitchsCDPdomain.Iftwoormoreswitcheshave thesameCDPauthenticationcode,theywillbeenteredintoeachothersCDPneighbortables.If theyhavedifferentauthenticationcodes,theyareindifferentdomainsandwillnotbeentered intoeachothersCDPneighbortables. Aswitchwiththedefaultauthenticationcode(16nullcharacters)willrecognizeallswitches,no matterwhattheirauthenticationcode,andenterthemintoitsCDPneighbortable.

    Example
    ThisexampleshowshowtosettheCDPauthenticationcodeto1,2,3,4,5,6,7,8:
    G3(su)->set cdp auth 1,2,3,4,5,6,7,8:

    set cdp interval


    Usethiscommandtosetthemessageintervalfrequency(inseconds)oftheCDPdiscovery protocol.

    Syntax
    set cdp interval frequency

    Parameters
    frequency SpecifiesthetransmitfrequencyofCDPmessagesinseconds.Validvalues arefrom5to900seconds.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosettheCDPintervalfrequencyto15seconds:
    G3(su)->set cdp interval 15

    3-4

    Discovery Protocol Configuration

    set cdp hold-time

    set cdp hold-time


    UsethiscommandtosettheholdtimevalueforCDPdiscoveryprotocolconfigurationmessages.

    Syntax
    set cdp hold-time hold-time

    Parameters
    holdtime SpecifiestheholdtimevalueforCDPmessagesinseconds.Validvaluesare from15to600.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetCDPholdtimeto60seconds:
    G3(su)->set cdp hold-time 60

    clear cdp
    UsethiscommandtoresetCDPdiscoveryprotocolsettingstodefaults.

    Syntax
    clear cdp {[state] [port-state port-string] [interval] [hold-time] [auth-code]}

    Parameters
    state portstateportstring interval holdtime authcode (Optional)ResetstheglobalCDPstatetoautoenabled. (Optional)Resetstheportstateonspecificport(s)toautoenabled. (Optional)Resetsthemessagefrequencyintervalto60seconds. (Optional)Resetstheholdtimevalueto180seconds. (Optional)Resetstheauthenticationcodeto16bytesof00(000000 0000000000).

    Defaults
    Atleastoneoptionalparametermustbeentered.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresettheCDPstatetoautoenabled:
    G3(su)->clear cdp state
    Enterasys G-Series CLI Reference 3-5

    show neighbors

    show neighbors
    ThiscommanddisplaysNeighborDiscoveryinformationforeithertheCDPorCiscoDP protocols.

    Syntax
    show neighbors [port-string]

    Parameters
    portstring (Optional)SpecifiestheportorportsforwhichtodisplayNeighbor Discoveryinformation.

    Defaults
    Ifnoportisspecified,allNeighborDiscoveryinformationisdisplayed.

    Mode
    Switchcommand,readonly.

    Usage
    ThiscommanddisplaysinformationdiscoveredbyboththeCDPandtheCiscoDPprotocols.

    Example
    ThisexampledisplaysNeighborDiscoveryinformationforallports.
    G3(su)->show neighbors Port Device ID Port ID Type Network Address -----------------------------------------------------------------------------ge.1.1 00036b8b1587 12.227.1.176 ciscodp 12.227.1.176 ge.1.6 0001f496126f 140.2.3.1 ciscodp 140.2.3.1 ge.1.6 00-01-f4-00-72-fe 140.2.4.102 cdp 140.2.4.102 ge.1.6 00-01-f4-00-70-8a 140.2.4.104 cdp 140.2.4.104 ge.1.6 00-01-f4-c5-f7-20 140.2.4.101 cdp 140.2.4.101 ge.1.6 00-01-f4-89-4f-ae 140.2.4.105 cdp 140.2.4.105 ge.1.6 00-01-f4-5f-1f-c0 140.2.1.11 cdp 140.2.1.11 ge.1.19 0001f400732e 165.32.100.10 ciscodp 165.32.100.10

    Configuring Cisco Discovery Protocol


    Purpose
    ToreviewandconfiguretheCiscodiscoveryprotocol.Discoveryprotocolsareusedtodiscover networktopology.Whenenabled,theyallowCiscodevicestosendperiodicPDUsabout themselvestoneighboringdevices.Specifically,thisfeatureenablesrecognizingPDUsfromCisco phones.Atableofinformationaboutdetectedphonesiskeptbytheswitchandcanbequeriedby thenetworkadministrator.

    3-6

    Discovery Protocol Configuration

    show ciscodp

    Commands
    ThecommandsusedtoreviewandconfiguretheCiscodiscoveryprotocolarelistedbelow.Refer alsotoshowneighborsonpage36.
    For information about... show ciscodp show ciscodp port info set ciscodp status set ciscodp timer set ciscodp holdtime set ciscodp port clear ciscodp Refer to page... 3-7 3-8 3-9 3-9 3-10 3-10 3-12

    show ciscodp
    UsethiscommandtodisplayglobalCiscodiscoveryprotocolinformation.

    Syntax
    show ciscodp

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayglobalCiscoDPinformation.
    G3(su)->show ciscodp CiscoDP :Enabled Timer :5 Holdtime (TTl): 180 Device ID : 001188554A60 Last Change : WED NOV 08 13:19:56 2006

    Table 32providesanexplanationofthecommandoutput. Table 3-2 show ciscodp Output Details


    What It Displays... Whether Cisco DP is globally enabled or disabled. Auto indicates that Cisco DP will be globally enabled only if Cisco DP PDUs are received. Default setting of auto-enabled can be reset with the set ciscodp status command.

    Output Field CiscoDP

    Enterasys G-Series CLI Reference

    3-7

    show ciscodp port info

    Table 3-2

    show ciscodp Output Details (Continued)


    What It Displays... The number of seconds between Cisco discovery protocol PDU transmissions. The default of 60 seconds can be reset with the set ciscodp timer command. Number of seconds neighboring devices will hold PDU transmissions from the sending device. Default value of 180 can be changed with the set ciscodp holdtime command. The MAC address of the switch. The time that the last Cisco DP neighbor was discovered.

    Output Field Timer Holdtime

    Device ID Last Change

    show ciscodp port info


    UsethiscommandtodisplaysummaryinformationabouttheCiscodiscoveryprotocolononeor moreports.

    Syntax
    show ciscodp port info [port-string]

    Parameters
    portstring (Optional)DisplaysCiscoDPinformationforaspecificport.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage41.

    Defaults
    Ifportstringisnotspecified,CiscoDPinformationforallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayCiscoDPinformationforGigabitEthernetport1inslot1.
    G3(su)->show ciscodp port info ge.1.1 port state vvid trusted cos ---------------------------------------------ge.1.1 enable none yes 0

    Table 33providesanexplanationofthecommandoutput. Table 3-3 show ciscodp port info Output Details
    What It Displays... Port designation. For a detailed description of possible port-string values, refer to Port String Syntax Used in the CLI on page 4-1. Whether Cisco DP is enabled, disabled or auto-enabled on the port. Default state of enabled can be changed using the set ciscodp port command. Whether a voice VLAN ID has been set on this port. Default of none can be changed using the set ciscodp port command.

    Output Field Port State vvid

    3-8

    Discovery Protocol Configuration

    set ciscodp status

    Table 3-3

    show ciscodp port info Output Details (Continued)


    What It Displays... The trust mode of the port. Default of trusted can be changed using the set ciscodp port command. The Class of Service priority value for untrusted traffic. The default of 0 can be changed using the set ciscodp port command.

    Output Field trusted cos

    set ciscodp status


    UsethiscommandtoenableordisabletheCiscodiscoveryprotocolgloballyontheswitch.

    Syntax
    set ciscodp state {auto | disable | enable}

    Parameters
    auto disable enable GloballyenableonlyifCiscoDPPDUsarereceived. GloballydisableCiscodiscoveryprotocol. GloballyenableCiscodiscoveryprotocol.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtogloballyenableCiscoDP:
    G3(su)->set ciscodp state enable

    set ciscodp timer


    UsethiscommandtosetthenumberofsecondsbetweenCiscodiscoveryprotocolPDU transmissions.

    Syntax
    set ciscodp timer seconds

    Parameters
    seconds SpecifiesthenumberofsecondsbetweenCiscoDPPDUtransmissions. Validvaluesarefrom5to254seconds.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    3-9

    set ciscodp holdtime

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosettheCiscoDPtimerto120seconds.
    G3(su)->set ciscodp timer 120

    set ciscodp holdtime


    Usethiscommandtosetthetimetolive(TTL)forCiscodiscoveryprotocolPDUs.Thisisthe amountoftime,inseconds,neighboringdeviceswillholdPDUtransmissionsfromthesending device.

    Syntax
    set ciscodp holdtime hold-time

    Parameters
    holdtime SpecifiesthetimetoliveforCiscoDPPDUs.Validvaluesarefrom10to255 seconds.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetCiscoDPholdtimeto180seconds:
    G3(su)->set ciscodp hold-time 180

    set ciscodp port


    Usethiscommandtosetthestatus,voiceVLAN,extendedtrustmode,andCoSpriorityfor untrustedtrafficfortheCiscoDiscoveryProtocolononeormoreports.

    Syntax
    set ciscodp port {[status {disable | enable}] [vvid {vlan-id | none | dot1p | untagged}] [trusted {yes | no}] [cos value]} port-string

    Parameters
    status disable enable vvid vlanid SetstheCiscoDPportoperationalstatus. DoesnottransmitorprocessCiscoDPPDUs. TransmitsandprocessesCiscoDPPDUs. SetstheportvoiceVLANforCiscoDPPDUtransmission. SpecifiestheVLANID,range14094.

    3-10

    Discovery Protocol Configuration

    set ciscodp port

    none dot1p untagged trusted yes

    NovoiceVLANwillbeusedinCiscoDPPDUs.Thisisthedefault. Instructsattachedphonetosend802.1ptaggedframes. Instructsattachedphonetosenduntaggedframes. Setstheextendedtrustmodeontheport. Instructsattachedphonetoallowthedeviceconnectedtoittotransmit trafficcontaininganyCoSorLayer2802.1pmarking.Thisisthedefault value. Instructsattachedphonetooverwritethe802.1ptagoftraffic transmittedbythedeviceconnectedtoitto0,bydefault,ortothevalue configuredwiththecosparameter. Instructsattachedphonetooverwritethe802.1ptagoftraffic transmittedbythedeviceconnectedtoitwiththespecifiedvalue,when thetrustmodeoftheportissettountrusted.Valuecanrangefrom0to 7,with0indicatingthelowestpriority. Specifiestheport(s)onwhichstatuswillbeset.

    no

    cosvalue

    portstring

    Defaults
    Status:enabled VoiceVLAN:none Trustmode:trusted CoSvalue:0

    Mode
    Switchmode,readwrite.

    Usage
    ThefollowingpointsdescribehowtheCiscoDPextendedtrustsettingsworkontheswitch. ACiscoDPporttruststatusoftrustedoruntrustedisonlymeaningfulwhenaCiscoIPphone isconnectedtoaswitchportandaPCorotherdeviceisconnectedtothebackoftheCiscoIP phone. ACiscoDPportstateoftrustedoruntrustedonlyaffectstaggedtraffictransmittedbythe deviceconnectedtotheCiscoIPphone.Untaggedtraffictransmittedbythedeviceconnected totheCiscoIPphoneisunaffectedbythissetting. IftheswitchportisconfiguredtoaCiscoDPtruststateoftrusted(withthetrustedyes parameterofthiscommand),thissettingiscommunicatedtotheCiscoIPphoneinstructingit toallowthedeviceconnectedtoittotransmittrafficcontaininganyCoSorLayer2802.1p marking. IftheswitchportisconfiguredtoaCiscoDPtruststateofuntrusted(trustedno),thissetting iscommunicatedtotheCiscoIPphoneinstructingittooverwritethe802.1ptagoftraffic transmittedbythedeviceconnectedtoitto0,bydefault,ortothevaluespecifiedbythecos parameterofthiscommand. Thereisaonetoonecorrelationbetweenthevaluesetwiththecosparameterandthe802.1p valueassignedtoingressedtrafficbytheCiscoIPphone.Avalueof0equatestoan802.1p priorityof0.Therefore,avalueof7isgiventhehighestpriority.

    Enterasys G-Series CLI Reference

    3-11

    clear ciscodp

    Note: The Cisco Discovery Protocol must be globally enabled using the set ciscodp status command before operational status can be set on individual ports.

    Examples
    ThisexampleshowshowtosettheCiscoDPportvoiceVLANIDto3onportge.1.6andenable theportoperationalstate.
    G3(rw)->set ciscodp port status enable vvid 3 ge.1.6

    ThisexampleshowshowtosettheCiscoDPextendedtrustmodetountrustedonportge.1.5and settheCoSpriorityto1.
    G3(rw)->set ciscodp port trusted no cos 1 ge.1.5

    clear ciscodp
    UsethiscommandtocleartheCiscodiscoveryprotocolbacktothedefaultvalues.

    Syntax
    clear ciscodp [status | timer | holdtime | {port {status | vvid | trust | cos} [port-string]}]

    Parameters
    status timer holdtime port status vvid trust cos portstring ClearsglobalCiscoDPenablestatustodefaultofauto. ClearsthetimebetweenCiscoDPPDUtransmissionstodefaultof60 seconds. ClearsthetimetoliveforCiscoDPPDUdatatodefaultof180seconds. ClearstheCiscoDPportconfiguration. Clearstheindividualportoperationalstatustothedefaultofenabled. ClearstheindividualportvoiceVLANforCiscoDPPDUtransmission to0. Clearsthetrustmodeconfigurationoftheporttotrusted. ClearstheCoSpriorityforuntrustedtrafficoftheportto0. (Optional)Specifiestheport(s)onwhichstatuswillbeset.

    Defaults
    Ifnoparametersareentered,allCiscoDPparametersareresettothedefaultsgloballyandforall ports.

    Mode
    Switchmode,readwrite.

    Examples
    ThisexampleshowshowtoclearalltheCiscoDPparametersbacktothedefaultsettings.
    G3(rw)->clear ciscodp

    ThisexampleshowshowtocleartheCiscoDPstatusonportge.1.5.
    G3(rw)->clear ciscodp port status ge.1.5
    3-12 Discovery Protocol Configuration

    Configuring Link Layer Discovery Protocol and LLDP-MED

    Configuring Link Layer Discovery Protocol and LLDP-MED


    Overview
    TheLinkLayerDiscoveryProtocol(LLPD)issimilartotheEnterasysDiscoveryProtocolandthe CiscoDiscoveryProtocolinthatitprovidesanindustrystandard,vendorneutralwaytoallow networkdevicestoadvertisetheiridentitiesandcapabilitiesonalocalareanetwork,andto discoverthatinformationabouttheirneighbors. LLDPMEDisanenhancementtoLLDPthatprovidesthefollowingbenefits: ExtendedandautomatedpowermanagementofPoweroverEthernetendpoints Inventorymanagement,allowingnetworkadministratorstotracktheirnetworkdevicesand todeterminetheircharacteristics,suchasmanufacturer,softwareandhardwareversions,and serialorassetnumbers

    TheinformationsentbyanLLDPenableddeviceisextractedandtabulatedbyitspeers.The communicationcanbedonewheninformationchangesoronaperiodicbasis.Theinformation tabulatedisagedtoensurethatitiskeptuptodate.Portscanbeconfiguredtosendthis information,receivethisinformation,orbothsendandreceive. EitherLLDPorLLDPMED,butnotboth,canbeusedonaninterfacebetweentwodevices.A switchportusesLLDPMEDwhenitdetectsthatanLLDPMEDcapabledeviceisconnectedtoit. LLDPinformationiscontainedwithinaLinkLayerDiscoveryProtocolDataUnit(LLDPDU)sent inasingle802.3Ethernetframe.TheinformationfieldsinLLDPDUareasequenceofshort, variablelength,informationelementsknownasTLVstype,length,andvaluefieldswhere: Typeidentifieswhatkindofinformationisbeingsent Lengthindicatesthelengthoftheinformationstringinoctets Valueistheactualinformationthatneedstobesent

    TheLLDPstandardspecifiesthatcertainTLVsaremandatoryintransmittedLLDPDUs,while othersareoptional.YoucanconfigureonaportspecificbasiswhichoptionalLLDPandLLDP MEDTLVsshouldbesentinLLDPDUs.

    Purpose
    ToreviewandconfigureLLPDandLLPDMED.

    Commands
    ThecommandsusedtoreviewandconfiguretheCDPdiscoveryprotocolarelistedbelow.
    For information about... show lldp show lldp port status show lldp port trap show lldp port tx-tlv show lldp port location-info show lldp port local-info Refer to page... 3-14 3-15 3-16 3-16 3-17 3-17

    Enterasys G-Series CLI Reference

    3-13

    show lldp

    For information about... show lldp port remote-info set lldp tx-interval set lldp hold-multiplier set lldp trap-interval set lldp med-fast-repeat set lldp port status set lldp port trap set lldp port med-trap set lldp port location-info set lldp port tx-tlv clear lldp clear lldp port status clear lldp port trap clear lldp port med-trap clear lldp port location-info clear lldp port tx-tlv clear lldp port tx-tlv

    Refer to page... 3-20 3-22 3-22 3-23 3-23 3-24 3-24 3-25 3-25 3-26 3-28 3-28 3-29 3-29 3-30 3-30 3-30

    Configuration Tasks
    Thecommandsincludedinthisimplementationallowyoutoperformthefollowingconfiguration tasks:
    Step 1. Task Configure global system LLDP parameters Command(s) set lldp tx-interval set lldp hold-multiplier set lldp trap-interval set lldp med-fast-repeat clear lldp 2. Enable/disable specific ports to: Transmit and process received LLDPDUs Send LLDP traps Send LLDP-MED traps set/clear lldp port status set/clear lldp port trap set/clear lldp port med-trap

    show lldp
    UsethiscommandtodisplayLLDPconfigurationinformation.

    Syntax
    show lldp

    3-14

    Discovery Protocol Configuration

    show lldp port status

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayLLDPconfigurationinformation.
    G3(ro)->show lldp Message Tx Interval Message Tx Hold Multiplier Notification Tx Interval MED Fast Start Count Tx-Enabled Ports Rx-Enabled Ports Trap-Enabled Ports MED Trap-Enabled Ports : : : : 30 4 5 3

    : ge.1.1-60; ge.2.1-24; ge.3.1-30; ge.4.1-12; : ge.1.1-60; ge.2.1-24; ge.3.1-30; ge.4.1-12; : ge.1.1-60; ge.2.1-24; ge.3.1-30; ge.4.1-12; : ge.1.1-60; ge.2.1-24; ge.3.1-30; ge.4.1-12;

    show lldp port status


    UsethiscommandtodisplaytheLLDPstatusofoneormoreports.Thecommandliststheports thatareenabledtosendandreceiveLLDPPDUs.Portsareenabledordisabledwiththesetlldp portstatuscommand.

    Syntax
    show lldp port status [port-string]

    Parameters
    portstring (Optional)DisplaysLLDPstatusforoneorarangeofports.

    Defaults
    Ifportstringisnotspecified,LLDPstatusinformationwillbedisplayedforallports.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayLLDPportstatusinformationforallports.
    G3(ro)->show lldp port status Tx-Enabled Ports Rx-Enabled Ports : ge.1.1-60; ge.2.1-24; ge.3.1-30; ge.4.1-12 : ge.1.1-60; ge.2.1-24; ge.3.1-30; ge.4.1-12

    Enterasys G-Series CLI Reference

    3-15

    show lldp port trap

    show lldp port trap


    UsethiscommandtodisplaytheportsthatareenabledtosendanLLDPnotificationwhena remotesystemchangehasbeendetectedoranLLDPMEDnotificationwhenachangeinthe topologyhasbeensensed.PortsareenabledtosendLLDPnotificationswiththesetlldpporttrap commandandtosendLLDPMEDnotificationswiththesetlldpportmedtrapcommand.

    Syntax
    show lldp port trap [port-string]

    Parameters
    portstring (Optional)Displaystheportorrangeofportsthathavebeenenabled tosendLLDPand/orLLDPMEDnotifications.

    Defaults
    Ifportstringisnotspecified,LLDPporttrapinformationwillbedisplayedforallports.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayLLDPporttrapinformationforallports.
    G3(ro)->show lldp port trap Trap-Enabled Ports : MED Trap-Enabled Ports:

    show lldp port tx-tlv


    UsethiscommandtodisplayinformationaboutwhichoptionalTLVshavebeenconfiguredtobe transmittedonports.PortsareconfiguredtosendoptionalTLVswiththesetlldpporttxtlv command.

    Syntax
    showlldpporttxtlv[portstring]

    Parameters
    portstring (Optional)DisplaysinformationaboutTLVconfigurationforoneora rangeofports.

    Defaults
    Ifportstringisnotspecified,TLVconfigurationinformationwillbedisplayedforallports.

    Mode
    Switchcommand,readonly.

    3-16

    Discovery Protocol Configuration

    show lldp port location-info

    Example
    ThisexampleshowshowtodisplaytransmitTLVinformationforthreeports.
    G3(ro)->show lldp port tx-tlv ge.1.1-3 * Means TLV is supported and enabled on this port o Means TLV is supported on this port Means TLV is not supported on this port Column Pro Id uses letter notation for enable: s-stp, l-lacp, g-gvrp Ports ------ge.1.1 ge.1.2 ge.1.3 Port Desc ---* * * Sys Name ---* * * Sys Desc ---* * * Sys Cap --* * * Mgmt Addr ---* * * Vlan Id ---* * * Pro Id ---slg slg slg MAC PoE Link Max PHY Aggr Frame --- --- ---- ---* * * * * * * * * MED MED MED MED Cap Pol Loc PoE --- --- --- --* * * *

    show lldp port location-info


    Usethiscommandtodisplayconfiguredlocationinformationforoneormoreports.Portsare configuredwithalocationvalueusingthesetlldpportlocationinfocommand.

    Syntax
    show lldp port location-info [port-string]

    Parameters
    portstring (Optional)Displaysportlocationinformationforoneorarangeof ports.

    Defaults
    Ifportstringisnotspecified,portlocationconfigurationinformationwillbedisplayedforall ports.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplayportlocationinformationforthreeports.
    G3(ro)->show lldp port location-info ge.1.1-3 Ports -------ge.1.1 ge.1.2 ge.1.3 Type ------------ELIN ELIN ELIN Location ------------------------1234567890 1234567890 1234567890

    show lldp port local-info


    Usethiscommandtodisplaythelocalsysteminformationstoredforoneormoreports.Youcan usethisinformationtodetectmisconfigurationsorincompatibilitiesbetweenthelocalportand theattachedendpointdevice(remoteport).

    Enterasys G-Series CLI Reference

    3-17

    show lldp port local-info

    Syntax
    show lldp port local-info [port-string]

    Parameters
    portstring (Optional)Displayslocalsysteminformationforoneorarangeof ports.

    Defaults
    Ifportstringisnotspecified,localsysteminformationwillbedisplayedforallports.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaythelocalsysteminformationstoredforportge.4.1.Table 34 describestheoutputfieldsofthiscommand.
    G3(rw)->show lldp port local-info ge.4.1 Local Port : ge.4.1 Local Port Id: ge.4.1 -------------------Port Desc : ... 1000BASE-TX RJ45 Gigabit Ethernet Frontpanel Port Mgmt Addr : 10.21.64.100 Chassis ID : 00-E0-63-93-74-A5 Sys Name : LLDP PoE test Chassis Sys Desc : Enterasys Networks, Inc. Sys Cap Supported/Enabled : bridge,router/bridge Auto-Neg Supported/Enabled Auto-Neg Advertised : yes/yes : 10BASE-T, 10BASE-TFD, 100BASE-TX, 100BASE-TXFD, 1000BASE-TFD, Bpause Operational Speed/Duplex/Type : 100 full tx Max Frame Size (bytes) : 1522 Vlan Id : 1 LAG Supported/Enabled/Id : no/no/0 Protocol Id : Spanning Tree v-3 (IEEE802.1s) LACP v-1 GVRP PoE PoE PoE PoE PoE PoE PoE Device Power Source MDI Supported/Enabled Pair Controllable/Used Power Class Power Limit (mW) Power Priority : : : : : : : PSE device primary yes/yes false/spare 2 15400 high

    Table 34describestheinformationdisplayedbytheshowlldpportlocalinfocommand.

    3-18

    Discovery Protocol Configuration

    show lldp port local-info

    Table 3-4

    show lldp port local-info Output Details


    What it Displays... Identifies the port for which local system information is displayed. Mandatory basic LLDP TLV that identifies the port transmitting the LLDPDU. Value is ifName object defined in RFC 2863. Optional basic LLDP TLV. Value is ifDescr object defined in RFC 2863. Optional basic LLDP TLV. IPv4 address of host interface. Mandatory basic LLDP TLV that identifies the chassis transmitting the LLDPDU. Value is MAC address of chassis. Optional basic LLDP TLV. Value is the administratively assigned name for the system. Optional basic LLDP TLV. Value is sysDescr object defined in RFC 3418. Optional basic LLDP TLV. System capabilities, value can be bridge and/or router. IEEE 802.3 Extensions MAC-PHY Configuration/Status TLV. Autonegotiation supported and enabled settings should be the same on the two systems attached to the same link. IEEE 802.3 Extensions MAC-PHY Configuration/Status TLV. Lists the configured advertised values on the port. IEEE 802.3 Extensions MAC-PHY Configuration/Status TLV. Lists the operational MAU type, duplex, and speed of the port. If the received TLV indicates that auto-negotiation is supported but not enabled, these values will be used by the port. IEEE 802.3 Extensions Maximum Frame Size TLV. Value indicates maximum frame size capability of the devices MAC and PHY. In normal mode, max frame size is 1522 bytes. In jumbo mode, max frame size is 10239 bytes. IEEE 802.1 Extensions Port VLAN ID TLV. Value is port VLAN ID (pvid). IEEE 802.3 Extensions Link Aggregation TLV. Values indicate whether the link associated with this port can be aggregated, whether it is currently aggregated, and if aggregated, the aggregated port identifier. IEEE 802.1 Extensions Protocol Identity TLV. Values can include Spanning tree, LACP, and GARP protocols and versions. Only those protocols enabled on the port are displayed. LLDP-MED Extensions Location Identification TLV. Emergency Call Services (ECS) Emergency Location Identification Number (ELIN) is currently the only type supported. Value is the ELIN configured on this port. LLDP-MED Extensions Extended Power via MDI TLV. Displayed only when a port has PoE capabilities. Value is the Power Type of the device. On a switch port, the value is Power Sourcing Entity (PSE). LLDP-MED Extensions Extended Power via MDI TLV. Displayed only when a port has PoE capabilities. Value can be primary or backup, indicating whether the PSE is using its primary or backup power source. IEEE 802.3 Extensions Power via MDI TLV. Displayed only when a port has PoE capabilities. Indicates whether sending the Power via MDI TLV is supported/enabled. Value can be yes or no.

    Output Field Local Port Local Port Id Port Desc Mgmt Addr Chassis ID Sys Name Sys Desc Sys Cap Supported/Enabled Auto-Neg Supported/Enabled

    Auto-Neg Advertised Operational Speed/Duplex/ Type

    Max Frame Size (bytes)

    Vlan Id LAG Supported/Enabled/Id

    Protocol Id

    ECS ELIN

    PoE Device

    PoE Power Source

    PoE MDI Supported/Enabled

    Enterasys G-Series CLI Reference

    3-19

    show lldp port remote-info

    Table 3-4

    show lldp port local-info Output Details (Continued)


    What it Displays... IEEE 802.3 Extensions Power via MDI TLV. Displayed only when a port has PoE capabilities. Indicates whether pair selection can be controlled on the given port (refer to RFC 3621). Value for Controllable can be true or false. Value of Used can be signal (signal pairs only are in use) or spare (spare pairs only are in use). IEEE 802.3 Extensions Power via MDI TLV. Displayed only when a port has PoE capabilities. Indicates the power class supplied by the port. Value can range from 0 to 4. LLDP-MED Extensions Extended Power via MDI TLV. Displayed only when a port has PoE capabilities. Indicates the total power the port is capable of sourcing over a maximum length cable, based on its current configuration, in milli-Watts. LLDP-MED Extensions Extended Power via MDI TLV. Displayed only when a port has PoE capabilities. Indicates the power priority configured on the port. Value can be critical, high, or low.

    Output Field PoE Pair Controllable/Used

    PoE Power Class

    PoE Power Limit (mW)

    PoE Power Priority

    show lldp port remote-info


    Usethiscommandtodisplaytheremotesysteminformationstoredforaremotedeviceconnected toalocalport.Youcanusethisinformationtodetectmisconfigurationsorincompatibilities betweenthelocalportandtheattachedendpointdevice(remoteport).

    Syntax
    show lldp port remote-info [port-string]

    Parameters
    portstring (Optional)Displaysremotesysteminformationforoneorarangeof ports.

    Defaults
    Ifportstringisnotspecified,remotesysteminformationwillbedisplayedforallports.

    Mode
    Switchcommand,readonly.

    3-20

    Discovery Protocol Configuration

    show lldp port remote-info

    Example
    Thisexampleshowshowtodisplaytheremotesysteminformationstoredforportge.3.1.The remotesysteminformationwasreceivedfromanIPphone,whichisanLLDPMEDenabled device.Table 35describestheoutputfieldsthatareuniquetotheremotesysteminformation displayedforaMEDenableddevice.
    G3(ro)->show lldp port remote-info ge.3.1 Local Port : ge.3.1 Remote Port Id : 00-09-6e-0e-14-3d --------------------Mgmt Addr : 0.0.0.0 Chassis ID : 0.0.0.0 Device Type : Communication Device Endpoint (class III) Sys Name : AVE0E143D Sys Cap Supported/Enabled : bridge,telephone/bridge Auto-Neg Supported/Enabled Auto-Neg Advertised : : : : : : : : : : yes/yes 10BASE-T, 10BASE-TFD 100BASE-TX, 100BASE-TXFD pause, Spause 4610D01A b10d01b2_7.bin a10d01b2_7.bin 05GM42004348 Avaya 4610

    Operational Speed/Duplex/Type : 100/full/TX Hardware Revision Firmware Revision Software Revision Serial Number Manufacturer Model Number

    Notethattheinformationfieldsdisplayedbytheshowlldpportremoteinfocommandwillvary, dependingonthetypeofremotedevicethatisconnectedtotheport. Table 35describestheoutputfieldsthatareuniquetotheremotesysteminformationdatabase. RefertoTable 34onpage 19fordescriptionsoftheinformationfieldsthatarecommontoboth thelocalandtheremotesysteminformationdatabases. Table 3-5 show lldp port remote-info Output Display
    What it Displays... Displays whatever port Id information received in the LLDPDU from the remote device. In this case, the port Id is MAC address of remote device. Mandatory LLDP-MED Capabilities TLV. Displayed only when the port is connected to an LLDP-MED-capable endpoint device. LLDP-MED Extensions Inventory Management TLV component. LLDP-MED Extensions Inventory Management TLV component. LLDP-MED Extensions Inventory Management TLV component. LLDP-MED Extensions Inventory Management TLV component. LLDP-MED Extensions Inventory Management TLV component. LLDP-MED Extensions Inventory Management TLV component. LLDP-MED Extensions Inventory Management TLV component. In the above example, no asset ID was received from the remote device so the field is not displayed.

    Output Field Remote Port Id Device Type Hardware Revision Firmware Revision Software Revision Serial Number Manufacturer Model Number Asset ID

    Enterasys G-Series CLI Reference

    3-21

    set lldp tx-interval

    set lldp tx-interval


    Usethiscommandtosetthetime,inseconds,betweensuccessiveLLDPframetransmissions initiatedbychangesintheLLDPlocalsysteminformation.

    Syntax
    set lldp tx-interval frequency

    Parameters
    frequency SpecifiesthenumberofsecondsbetweentransmissionsofLLDP frames.Valuecanrangefrom5to32,768seconds.Thedefaultis30 seconds.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplesetsthetransmitintervalto20seconds.
    G3(rw)->set lldp tx-interval 20

    set lldp hold-multiplier


    UsethiscommandtosetthetimetolivevalueusedinLLDPframessentbythisdevice.Thetime toliveforLLDPDUdataiscalculatedbymultiplyingthetransmitintervalbytheholdmultiplier value.

    Syntax
    set lldp hold-multiplier multiplier-val

    Parameters
    multiplierval Specifiesthemultipliertoapplytothetransmitintervaltodetermine thetimetolivevalue.Valuecanrangefrom2to10.Defaultvalueis 4.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplesetsthetransmitintervalto20secondsandtheholdmultiplierto5,whichwill configureatimetoliveof100tobeusedintheTTLfieldintheLLDPDUheader.
    G3(rw)->set lldp tx-interval 20 G3(rw)->set lldp hold-multiplier 5
    3-22 Discovery Protocol Configuration

    set lldp trap-interval

    set lldp trap-interval


    UsethiscommandtosettheminimumintervalbetweenLLDPnotificationssentbythisdevice. LLDPnotificationsaresentwhenaremotesystemchangehasbeendetected.

    Syntax
    set lldp trap-interval frequency

    Parameters
    frequency SpecifiestheminimumtimebetweenLLDPtraptransmissions,in seconds.Thevaluecanrangefrom5to3600seconds.Thedefault valueis5seconds.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexamplesetstheminimumintervalbetweenLLDPtrapsto10seconds.
    G3(rw)->set lldp trap-interval 10

    set lldp med-fast-repeat


    NetworkconnectivitydevicestransmitonlyLLDPTLVsinLLDPDUsuntiltheydetectthatan LLDPMEDendpointdevicehasconnectedtoaport.Atthatpoint,thenetworkconnectivity devicestartssendingLLDPMEDTLVsatafaststartrateonthatport.Usethiscommandtoset thenumberofsuccessiveLLDPDUs(withLLDPMEDTLVs)tobesentforonecompletefaststart interval.

    Syntax
    set lldp med-fast-repeat count

    Parameters
    count SpecifiesthenumberoffaststartLLDPDUstobesentwhenan LLDPMEDendpointdeviceisdetected.Valuecanrangefrom1to 10.Defaultis3.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Enterasys G-Series CLI Reference

    3-23

    set lldp port status

    Example
    ThisexamplesetsthenumberoffaststartLLDPDUstobesentto4.
    G3(rw)->set lldp med-fast-repeat 4

    set lldp port status


    UsethiscommandtoenableordisabletransmittingandprocessingreceivedLLDPDUsonaport orrangeofports.

    Syntax
    set lldp port status {tx-enable | rx-enable | both | disable} port-string

    Parameters
    txenable rxenable both disable portstring EnablestransmittingLLDPDUsonthespecifiedports. EnablesreceivingandprocessingLLDPDUsfromremotesystemson thespecifiedports. EnablesbothtransmittingandprocessingreceivedLLDPDUsonthe specifiedports. DisablesbothtransmittingandprocessingreceivedLLDPDUsonthe specifiedports. Specifiestheportorrangeofportstobeaffected.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleenablesbothtransmittingLLDPDUsandreceivingandprocessingLLDPDUsfrom remotesystemsonportsge.1.1throughge.1.6.
    G3(rw)->set lldp port status both ge.1.1-6

    set lldp port trap


    UsethiscommandtoenableordisablesendingLLDPnotifications(traps)whenaremotesystem changeisdetected.

    Syntax
    set lldp port trap {enable | disable} port-string

    Parameters
    enable disable portstring
    3-24 Discovery Protocol Configuration

    EnabletransmittingLLDPtrapsonthespecifiedports. DisabletransmittingLLDPtrapsonthespecifiedports. Specifiestheportorrangeofportstobeaffected.

    set lldp port med-trap

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleenablestransmittingLLDPtrapsonportsge.1.1throughge.1.6.
    G3(rw)->set lldp port trap enable ge.1.1-6

    set lldp port med-trap


    UsethiscommandtoenableordisablesendinganLLDPMEDnotificationwhenachangeinthe topologyhasbeensensedontheport(thatis,aremoteendpointdevicehasbeenattachedor removedfromtheport).

    Syntax
    set lldp port med-trap {enable | disable} port-string

    Parameters
    enable disable portstring EnablestransmittingLLDPMEDtrapsonthespecifiedports. DisablestransmittingLLDPMEDtrapsonthespecifiedports. Specifiestheportorrangeofportstobeaffected.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleenablestransmittingLLDPMEDtrapsonportsge.1.1throughge.1.6.
    G3(rw)->set lldp port med-trap enable ge.1.1-6

    set lldp port location-info


    UsethiscommandtoconfigureLLDPMEDlocationinformationonaportorrangeofports. Currently,onlyEmergencyCallServices(ECS)EmergencyLocationIdentificationNumber (ELIN)issupported.

    Syntax
    set lldp port location-info elin elin-string port-string

    Enterasys G-Series CLI Reference

    3-25

    set lldp port tx-tlv

    Parameters
    elin elinstring portstring SpecifiesthattheECSELINdataformatistobeused. Specifiesthelocationidentifier.Valuecanbefrom10to25numerical characters. Specifiestheportorrangeofportstobeaffected.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Afteryouconfigurealocationinformationvalue,youmustalsoconfiguretheporttosendthe LocationInformationTLVwiththesetlldpporttxtlvcommand.Thisexampleconfiguresthe ELINidentifier5551234567onportsge.1.1throughge.1.6andthenconfigurestheportstosend theLocationInformationTLV.
    G3(rw)->set lldp port location-info 5551234567 ge.1.1-6 G3(rw)->set lldp port tx-tlv med-loc ge.1.1-6

    set lldp port tx-tlv


    UsethiscommandtoselecttheoptionalLLDPandLLDPMEDTLVstobetransmittedin LLDPDUsbythespecifiedportorports.Usetheshowlldpportlocalinfocommandtodisplay thevaluesoftheseTLVsfortheport.

    Syntax
    set lldp port tx-tlv {[all] | [port-desc] [sys-name] [sys-desc] [sys-cap] [mgmtaddr] [vlan-id] [stp] [lacp] [gvrp] [mac-phy] [poe] [link-aggr] [max-frame] [medcap] [med-loc] [med-poe]} port-string

    Parameters
    all portdesc sysname sysdesc syscap mgmtaddr vlanid AddsalloptionalTLVstotransmittedLLDPDUs. PortDescriptionoptionalbasicLLDPTLV.ValuesentisifDescr objectdefinedinRFC2863. SystemNameoptionalbasicLLDPTLV.Valuesentisthe administrativelyassignednameforthesystem. SystemDescriptionoptionalbasicLLDPTLV.ValuesentissysDescr objectdefinedinRFC3418. SystemCapabilitiesoptionalbasicLLDPTLV.Foranetwork connectivitydevice,valuesentcanbebridgeand/orrouter. ManagementAddressoptionalbasicLLDPTLV.ValuesentisIPv4 addressofhostinterface. PortVLANIDIEEE802.1ExtensionsTLV.ValuesentisportVLAN ID(PVID).

    3-26

    Discovery Protocol Configuration

    set lldp port tx-tlv

    stp

    SpanningTreeinformationdefinedbyProtocolIdentityIEEE802.1 ExtensionsTLV.IfSTPisenabledontheport,valuesentincludes versionofprotocolbeingused. LACPinformationdefinedbyProtocolIdentityIEEE802.1 ExtensionsTLV.IfLACPisenabledontheport,valuesentincludes versionofprotocolbeingused. GVRPinformationdefinedbyProtocolIdentityIEEE802.1 ExtensionsTLV.IfLACPisenabledontheport,valuesentincludes versionofprotocolbeingused. MACPHYConfiguration/StatusIEEE802.3ExtensionsTLV.Value sentincludestheoperationalMAUtype,duplex,andspeedofthe port. PowerviaMDIIEEE802.3ExtensionsTLV.Valuessentinclude whetherpairselectioncanbecontrolledonport,andthepowerclass suppliedbytheport.OnlyvalidforPoEenabledports. LinkAggregationIEEE802.3ExtensionsTLV.Valuessentindicate whetherthelinkassociatedwiththisportcanbeaggregated, whetheritiscurrentlyaggregated,andifaggregated,theaggregated portidentifier. MaximumFrameSizeIEEE802.3ExtensionsTLV.Valuesent indicatesmaximumframesizeoftheportsMACandPHY. LLDPMEDCapabilitiesTLV.Valuesentindicatesthecapabilities (whetherthedevicesupportslocationinformation,extendedpower viaMDI)andDeviceType(networkconnectivitydevice)ofthe sendingdevice. LLDPMEDLocationIdentificationTLV.ValuesentistheECSELIN valueconfiguredontheport.Seethesetlldpportlocationinfo commandformoreinformation. LLDPMEDExtendedPowerviaMDITLV.Valuessentincludethe PowerLimit(totalpowertheportiscapableofsourcingovera maximumlengthcable)andthepowerpriorityconfiguredonthe port.OnlyvalidforPoEenabledports. Specifiestheportorrangeofportstobeaffected.

    lacp

    gvrp

    macphy

    poe

    linkaggr

    maxframe medcap

    medloc

    medpoe

    portstring

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleconfiguresthemanagementaddress,MEDcapability,andMEDlocation identificationTLVstobesentinLLDPDUsbyportge.1.1.
    G3(rw)->set lldp port tx-tlv mgmt-addr med-cap med-loc ge.1.1

    Enterasys G-Series CLI Reference

    3-27

    clear lldp

    clear lldp
    UsethiscommandtoreturnLLDPparameterstotheirdefaultvalues.

    Syntax
    clear lldp {all | tx-interval | hold-multiplier | trap-interval | med-fast-repeat}

    Parameters
    all txinterval holdmultiplier trapinterval medfastrepeat ReturnsallLLDPconfigurationparameterstotheirdefaultvalues, includingportLLDPconfigurationparameters. ReturnsthenumberofsecondsbetweentransmissionsofLLDP frames.tothedefaultof30seconds. Returnsthemultipliertoapplytothetransmitintervaltodetermine thetimetolivevaluetothedefaultvalueof4. ReturnstheminimumtimebetweenLLSPtraptransmissionstothe defaultvalueof5seconds. ReturnsthenumberoffaststartLLDPDUstobesentwhenanLLDP MEDendpointdeviceisdetectedtothedefaultof3.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplereturnsthetransmitintervaltothedefaultvalueof30seconds.
    G3(rw)->clear lldp tx-interval

    clear lldp port status


    Usethiscommandtoreturntheportstatustothedefaultvalueofboth(bothtransmittingand processingreceivedLLDPDUsareenabled).

    Syntax
    clear lldp port status port-string

    Parameters
    portstring Specifiestheportorrangeofportstobeaffected.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    3-28

    Discovery Protocol Configuration

    clear lldp port trap

    Example
    Thisexamplereturnsportge.1.1tothedefaultstateofenabledforbothtransmittingand processingreceivedLLDPDUs.
    G3(rw)->clear lldp port status ge.1.1

    clear lldp port trap


    UsethiscommandtoreturntheportLLDPtrapsettingtothedefaultvalueofdisabled.

    Syntax
    clear lldp port trap port-string

    Parameters
    portstring Specifiestheportorrangeofportstobeaffected.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplereturnsportge.1.1tothedefaultLLDPtrapstateofdisabled.
    G3(rw)->clear lldp port trap ge.1.1

    clear lldp port med-trap


    UsethiscommandtoreturntheportLLDPMEDtrapsettingtothedefaultvalueofdisabled.

    Syntax
    clear lldp port med-trap port-string

    Parameters
    portstring Specifiestheportorrangeofportstobeaffected.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplereturnsportge.1.1tothedefaultLLDPMEDtrapstateofdisabled.
    G3(rw)->clear lldp port med-trap ge.1.1

    Enterasys G-Series CLI Reference

    3-29

    clear lldp port location-info

    clear lldp port location-info


    UsethiscommandtoreturntheportECSELINlocationsettingtothedefaultvalueofnull.

    Syntax
    clear lldp port location-info elin port-string

    Parameters
    elin portstring SpecifiesthattheECSELINlocationinformationvalueshouldbe cleared. Specifiestheportorrangeofportstobeaffected.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexamplereturnsthelocationinformationELINvalueonportge.1.1tothedefaultvalueof null.
    G3(rw)->clear lldp port location-info elin ge.1.1

    clear lldp port tx-tlv


    UsethiscommandtocleartheoptionalLLDPandLLDPMEDTLVstobetransmittedin LLDPDUsbythespecifiedportorportstothedefaultvalueofdisabled.

    Syntax
    clear lldp port tx-tlv {[all] | [port-desc] [sys-name] [sys-desc] [sys-cap] [mgmtaddr] [vlan-id] [stp] [lacp] [gvrp] [mac-phy] [poe] [link-aggr] [max-frame] [medcap] [med-loc] [med-poe]} port-string

    Parameters
    all portdesc sysname sysdesc syscap mgmtaddr DisablesalloptionalTLVsfrombeingtransmittedinLLDPDUs. DisablesthePortDescriptionoptionalbasicLLDPTLVfrombeing transmittedinLLDPDUs. DisablestheSystemNameoptionalbasicLLDPTLVfrombeing transmittedinLLDPDUs. DisablestheSystemDescriptionoptionalbasicLLDPTLVfrom beingtransmittedinLLDPDUs. DisablestheSystemCapabilitiesoptionalbasicLLDPTLVfrom beingtransmittedinLLDPDUs. DisablestheManagementAddressoptionalbasicLLDPTLVfrom beingtransmittedinLLDPDUs.

    3-30

    Discovery Protocol Configuration

    clear lldp port tx-tlv

    vlanid stp lacp gvrp macphy poe linkaggr maxframe medcap medloc medpoe portstring

    DisablesthePortVLANIDIEEE802.1ExtensionsTLVfrombeing transmittedinLLDPDUs. DisablestheSpanningTreeinformationdefinedbyProtocolIdentity IEEE802.1ExtensionsTLVfrombeingtransmittedinLLDPDUs. DisablestheLACPinformationdefinedbyProtocolIdentityIEEE 802.1ExtensionsTLVfrombeingtransmittedinLLDPDUs. DisablestheGVRPinformationdefinedbyProtocolIdentityIEEE 802.1ExtensionsTLVfrombeingtransmittedinLLDPDUs. DisablestheMACPHYConfiguration/StatusIEEE802.3Extensions TLVfrombeingtransmittedinLLDPDUs. DisablesthePowerviaMDIIEEE802.3ExtensionsTLVfrombeing transmittedinLLDPDUs.OnlyvalidforPoEenabledports. DisablestheLinkAggregationIEEE802.3ExtensionsTLVfrombeing transmittedinLLDPDUs. DisablestheMaximumFrameSizeIEEE802.3ExtensionsTLVfrom beingtransmittedinLLDPDUs. DisablestheLLDPMEDCapabilitiesTLVfrombeingtransmittedin LLDPDUs. DisablestheLLDPMEDLocationIdentificationTLVfrombeing transmittedinLLDPDUs. DisablestheLLDPMEDExtendedPowerviaMDITLVfrombeing transmittedinLLDPDUs.OnlyvalidforPoEenabledports. Specifiestheportorrangeofportstobeaffected.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampledisablesthemanagementaddress,MEDcapability,andMEDlocationidentification TLVsfrombeingsentinLLDPDUsbyportge.1.1.
    G3(rw)->clear lldp port tx-tlv mgmt-addr med-cap med-loc ge.1.1

    Enterasys G-Series CLI Reference

    3-31

    clear lldp port tx-tlv

    3-32

    Discovery Protocol Configuration

    Port Configuration
    ThischapterdescribesthePortConfigurationsetofcommandsandhowtousethem.
    For information about... Port Configuration Summary Reviewing Port Status Disabling / Enabling and Naming Ports Setting Speed and Duplex Mode Enabling / Disabling Jumbo Frame Support Setting Auto-Negotiation and Advertised Ability Setting Flow Control Setting Port Link Traps and Link Flap Detection Configuring Broadcast Suppression Port Mirroring Link Aggregation Control Protocol (LACP) Configuring Protected Ports Refer to page... 4-1 4-3 4-7 4-9 4-12 4-14 4-18 4-19 4-28 4-30 4-33 4-47

    Port Configuration Summary


    Port String Syntax Used in the CLI
    Commandsrequiringaportstringparameterusethefollowingsyntaxtodesignateporttype,slot location,andportnumber: porttype.slotnumber.portnumber Whereporttypecanbe: gefor1GbpsEthernet tgfor10GbpsEthernet hostforthehostport vlanforvlaninterfaces lagforIEEE802.3linkaggregationports Slotnumber(alsoreferedtoasunitormodulenumberintheCLI)canbe: 14 Portnumbercanbe: 124

    Enterasys G-Series CLI Reference

    4-1

    Port Configuration Summary

    Thehighestvalidportnumberisdependentonthenumberofportsinthedeviceandtheport type.

    Port Slot/Unit Parameters Used in the CLI


    TheunitparameterisoftenusedinterchangeablywithmoduleinthestandaloneswitchCLI toindicateamoduleslotlocation.

    Examples
    Note: You can use a wildcard (*) to indicate all of an item. For example, ge.3.* would represent all 1-Gigabit Ethernet (ge) ports in slot 3.

    Thisexampleshowstheportstringsyntaxforspecifyingthe1GigabitEthernetport14inslot3.
    ge.3.14

    Thisexampleshowstheportstringsyntaxforspecifyingall1GigabitEthernetportsinslot3inthe system.
    ge.3.*

    Thisexampleshowstheportstringsyntaxforspecifyingallports(ofanyinterfacetype)inthe system.
    *.*.*

    Configuring SFP Ports for 100BASE-FX


    Bydefault,SFPportsintheG3G12424,G3G12424P,andG3G17024baseunits,andtheG3G 24TXandG3G24SFPoptionalIOMmodulessupport1Gigabittranceivers(MiniGBICs)for 1000BASELX/SXfiberopticconnectionsand1000BASETcopperconnections.Optionally,these portscansupportaFastEthernettranceiverfor100BASEFXconnectionswhenthattranceiveris installedandProcedure 41iscompletedoneachapplicableport: Procedure 4-1
    Step 1. Disable the ports auto-negotiation. 2. 3. 4. 5. Set the ports advertised ability to 100BASE-TX full duplex mode. Set the port speed to 100 Mbps. Set the port duplex mode to full. (Optional) Verify the new settings. Task

    Configuring SFP Ports for 100BASE-FX


    Command(s) set port negotiation port-string disable set port advertise port-string 100txfd set port speed port-string 100 set port duplex port-string full show port status port-string

    4-2

    Port Configuration

    Reviewing Port Status

    Example
    Thisexampleshowshowtoconfigureportge.2.1intheG3G24SFPmoduletooperatewitha 100BASEFXtransceiverinstalled.First,themoduleisverifiedaspresentinSlot2,andtheport statusisshownasoperatingasa1000BASESXport.Afterthe1Gigabittransceiverisreplaced withthea100Mbpstransceiver,theportisconfiguredappropriatelyandthenewsettingsare verified.
    G3(su)->show version Slot Status Ports Model Serial Number ---- -------- ----- ---------- ------------1 Present 24 G3G170-24 0011223302 2 Present 24 G3G-24SFP H03611239 3 4 G3(su)->show port advertise ge.2.1 ge.2.1 capability advertised remote ------------------------------------------------10BASE-T no no no 10BASE-TFD no no no 100BASE-TX no no no 100BASE-TXFD yes no no 1000BASE-T no no no 1000BASE-TFD yes yes no pause yes yes no G3(su)->show port status ge.2.1 Alias Oper Admin Port (truncated) Status Status --------- ------------ ------- ------ge.2.1 Down Up G3(su)->set G3(su)->set G3(su)->set G3(su)->set port port port port Hw Version -------------BCM56514 REV 1 BCM56512 REV 1

    Speed (bps) Duplex Type --------- ------- -----------N/A N/A 1000BASE-SX

    negotiation ge.2.1 disable advertise ge.2.1 100txfd speed ge.2.1 100 duplex ge.2.1 full

    G3(su)->show port status ge.2.1 Alias Oper Admin Port (truncated) Status Status --------- ------------ ------- ------ge.2.1 Down Up

    Speed (bps) Duplex Type --------- ------- -----------100.0M full 100BASE-FX

    Formoreinformation,refertothecommandsinthischapterandtoyourGSerieshardware installationdocumentation.

    Reviewing Port Status


    Purpose
    Todisplayoperatingstatus,duplexmode,speed,porttype,andstatisticalinformationabout trafficreceivedandtransmittedthroughoneorallswitchportsonthedevice.

    Enterasys G-Series CLI Reference

    4-3

    show port

    Commands
    Thecommandsusedtoreviewportstatusarelistedbelow.
    For information about... show port show port status show port counters Refer to page... 4-4 4-4 4-5

    show port
    Usethiscommandtodisplaywhetherornotoneormoreportsareenabledforswitching.

    Syntax
    show port [port-string]

    Parameters
    portstring (Optional)Displaysoperationalstatusforspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage41.

    Defaults
    Ifportstringisnotspecified,operationalstatusinformationforallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplayoperationalstatusinformationforge.3.14:
    G3(su)->show port ge.3.14 Port ge.3.14 enabled

    show port status


    Usethiscommandtodisplayoperatingandadminstatus,speed,duplexmodeandporttypefor oneormoreportsonthedevice.

    Syntax
    show port status [port-string]

    Parameters
    portstring (Optional)Displaysstatusforspecificport(s).Foradetaileddescriptionof possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon page41.

    4-4

    Port Configuration

    show port counters

    Defaults
    Ifportstringisnotspecified,statusinformationforallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaystatusinformationforge.3.14:
    G3(su)->show port status ge.3.14 Port Alias (truncated) ------------ -------------ge.3.14 Oper Status ------up Admin Status ------up Speed -------N/A Duplex Type

    ------- ------------N/A BaseT RJ45

    Table 41providesanexplanationofthecommandoutput. Table 4-1 show port status Output Details


    What It Displays... Port designation. For a detailed description of possible port-string values, refer to Port String Syntax Used in the CLI on page 4-1. Alias configured for the port. For details on using the set port alias command, refer to set port alias on page 4-9. Operating status (up or down). Whether the specified port is enabled (up) or disabled (down). For details on using the set port disable command to change the default port status of enabled, refer to set port disable on page 4-7. For details on using the set port enable command to re-enable ports, refer to set port enable on page 4-8. Operational speed in Mbps or Kbps of the specified port. For details on using the set port speed command to change defaults, refer to set port speed on page 4-10. Duplex mode (half or full) of the specified port. For details on using the set port duplex command to change defaults, refer to Setting Auto-Negotiation and Advertised Ability on page 4-14. Physical port and interface type.

    Output Field Port Alias (truncated) Oper Status Admin Status

    Speed Duplex

    Type

    show port counters


    Usethiscommandtodisplayportcounterstatisticsdetailingtrafficthroughthedeviceand throughallMIB2networkdevices.

    Syntax
    show port counters [port-string] [switch | mib2]

    Parameters
    portstring (Optional)Displayscounterstatisticsforspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage41.

    Enterasys G-Series CLI Reference

    4-5

    show port counters

    switch|mib2

    (Optional)DisplaysswitchorMIB2statistics.Switchstatisticsdetail performanceoftheGSeriesdevice.MIB2interfacestatisticsdetail performanceofallnetworkdevices.

    Defaults
    Ifportstringisnotspecified,counterstatisticswillbedisplayedforallports. Ifmib2orswitcharenotspecified,allcounterstatisticswillbedisplayedforthespecifiedport(s).

    Mode
    Switchcommand,readonly.

    Examples
    Thisexampleshowshowtodisplayallcounterstatistics,includingMIB2networktrafficand trafficthroughthedeviceforge.3.1:
    G3(su)->show port counters ge.3.1 Port: ge.3.1 MIB2 Interface: 1 No counter discontinuity time ----------------------------------------------------------------MIB2 Interface Counters ----------------------In Octets In Unicast Pkts In Multicast Pkts In Broadcast Pkts In Discards In Errors Out Octets Out Unicasts Pkts Out Multicast Pkts Out Broadcast Pkts Out Errors 802.1Q Switch Counters ---------------------Frames Received Frames Transmitted

    0 0 0 0 0 0 0 0 0 0 0

    0 0

    Thisexampleshowshowtodisplayallge.3.1portcounterstatisticsrelatedtotrafficthroughthe device.
    G3(su)->show port counters ge.3.1 switch Port: ge.3.1 Bridge Port: 2

    802.1Q Switch Counters ----------------------Frames Received Frames Transmitted

    0 0

    Table 42providesanexplanationofthecommandoutput.

    4-6

    Port Configuration

    Disabling / Enabling and Naming Ports

    Table 4-2

    show port counters Output Details


    What It Displays... Port designation. For a detailed description of possible port-string values, refer to Port String Syntax Used in the CLI on page 4-1. MIB2 interface designation. IEEE 802.1D bridge port designation. MIB2 network traffic counts Counts of frames received, transmitted, and filtered.

    Output Field Port MIB2 Interface Bridge Port MIB2 Interface Counters 802.1Q Switch Counters

    Disabling / Enabling and Naming Ports


    Purpose
    Todisableandreenableoneormoreports,andtoassignanaliastoaport.Bydefault,allportsare enabledatdevicestartup.Youmaywanttodisableportsforsecurityortotroubleshootnetwork issues.Portsmayalsobeassignedanaliasforconvenience.

    Commands
    For information about... set port disable set port enable show port alias set port alias Refer to page... 4-7 4-8 4-8 4-9

    set port disable


    Usethiscommandtoadministrativelydisableoneormoreports.Whenthiscommandis executed,inadditiontodisablingthephysicalEthernetlink,theportwillnolongerlearnentries intheforwardingdatabase.

    Syntax
    set port disable port-string

    Parameters
    portstring Specifiestheport(s)todisable.Foradetaileddescriptionofpossibleport stringvalues,refertoPortStringSyntaxUsedintheCLIonpage41.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    4-7

    set port enable

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtodisablege.1.1:
    G3(su)->set port disable ge.1.1

    set port enable


    Usethiscommandtoadministrativelyenableoneormoreports.

    Syntax
    set port enable port-string

    Parameters
    portstring Specifiestheport(s)toenable.Foradetaileddescriptionofpossibleport stringvalues,refertoPortStringSyntaxUsedintheCLIonpage41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoenablege.1.3:
    G3(su)->set port enable ge.1.3

    show port alias


    Usethiscommandtodisplaythealiasnameforoneormoreports.

    Syntax
    show port alias [port-string]

    Parameters
    portstring (Optional)Displaysaliasname(s)forspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntax UsedintheCLIonpage41.

    Defaults
    Ifportstringisnotspecified,aliasesforallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    4-8

    Port Configuration

    set port alias

    Example
    Thisexampleshowshowtodisplayaliasinformationforports13onslot3:
    G3(rw)->show Port ge.3.1 Port ge.3.2 Port ge.3.3 port alias ge.3.1-3 user user Admin

    set port alias


    Usethiscommandtoassignanaliasnametoaport.

    Syntax
    set port alias port-string [name]

    Parameters
    portstring Specifiestheporttowhichanaliaswillbeassigned.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntax UsedintheCLIonpage41. (Optional)Assignsanaliasnametotheport.Ifthealiasnamecontains spaces,thetextstringmustbesurroundedbydoublequotes.Maximum lengthis60characters.

    name

    Defaults
    Ifnameisnotspecified,thealiasassignedtotheportwillbecleared.

    Mode
    Switchcommand,readwrite.

    Examples
    ThisexampleshowshowtoassignthealiasAdmintoge.3.3:
    G3(rw)->set port alias ge.3.3 Admin

    Thisexampleshowshowtoclearthealiasforge.3.3:
    G3(rw)->set port alias ge.3.3

    Setting Speed and Duplex Mode


    Purpose
    ToreviewandsettheoperationalspeedinMbpsandthedefaultduplexmode:Half,forhalf duplex,orFull,forfullduplexforoneormoreports.
    Note: These settings only take effect on ports that have auto-negotiation disabled.

    Enterasys G-Series CLI Reference

    4-9

    show port speed

    Commands
    For information about... show port speed set port speed show port duplex set port duplex Refer to page... 4-10 4-10 4-11 4-14

    show port speed


    Usethiscommandtodisplaythedefaultspeedsettingononeormoreports.

    Syntax
    show port speed [port-string]

    Parameters
    portstring (Optional)Displaysdefaultspeedsetting(s)forspecificport(s).Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage41.

    Defaults
    Ifportstringisnotspecified,defaultspeedsettingsforallportswilldisplay.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaythedefaultspeedsettingfor1GigabitEthernetport14in slot 3:
    G3(su)->show port speed ge.3.14 default speed is 10 on port ge.3.14.

    set port speed


    Usethiscommandtosetthedefaultspeedofoneormoreports.Thissettingonlytakeseffecton portsthathaveautonegotiationdisabled.

    Syntax
    set port speed port-string {10 | 100 | 1000}

    Parameters
    portstring Specifiestheport(s)forwhichtoaspeedvaluewillbeset.Fora detaileddescriptionofpossibleportstringvalues,refertoPort StringSyntaxUsedintheCLIonpage41.

    4-10

    Port Configuration

    show port duplex

    10|100|1000

    Specifiestheportspeed.Validvaluesare:10 Mbps,100 Mbps,or 1000 Mbps.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosetge.3.3toaportspeedof10 Mbps:
    G3(su)->set port speed ge.3.3 10

    show port duplex


    Usethiscommandtodisplaythedefaultduplexsetting(halforfull)foroneormoreports.

    Syntax
    show port duplex [port-string]

    Parameters
    portstring (Optional)Displaysdefaultduplexsetting(s)forspecificport(s). Foradetaileddescriptionofpossibleportstringvalues,referto PortStringSyntaxUsedintheCLIonpage41.

    Defaults
    Ifportstringisnotspecified,defaultduplexsettingsforallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaythedefaultduplexsettingforGigabitEthernetport14in slot 3:
    G3(su)->show port duplex ge.3.14 default duplex mode is full on port ge.3.14.

    set port duplex


    Usethiscommandtosetthedefaultduplextypeforoneormoreports.Thiscommandwillonly takeeffectonportsthathaveautonegotiationdisabled.

    Syntax
    set port duplex port-string {full | half}

    Enterasys G-Series CLI Reference

    4-11

    Enabling / Disabling Jumbo Frame Support

    Parameters
    portstring Specifiestheport(s)forwhichduplextypewillbeset.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntax UsedintheCLIonpage41. Setstheport(s)tofullduplexorhalfduplexoperation.

    full|half

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosetge.1.17tofullduplex:
    G3(su)->set port duplex ge.1.17 full

    Enabling / Disabling Jumbo Frame Support


    Purpose
    Toreview,enable,anddisablejumboframesupportononeormoreports.ThisallowsGigabit Ethernetportstotransmitframesupto10KBinsize.

    Commands
    For information about... show port jumbo set port jumbo clear port jumbo Refer to page... 4-12 4-13 4-13

    show port jumbo


    Usethiscommandtodisplaythestatusofjumboframesupportandmaximumtransmissionunits (MTU)ononeormoreports.

    Syntax
    show port jumbo [port-string]

    Parameters
    portstring (Optional)Displaysthestatusofjumboframesupportforspecific port(s).Foradetaileddescriptionofpossibleportstringvalues,referto PortStringSyntaxUsedintheCLIonpage41.

    4-12

    Port Configuration

    set port jumbo

    Defaults
    Ifportstringisnotspecified,jumboframesupportstatusforallportswilldisplay.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaythestatusofjumboframesupportforge.1.1:
    G3(su)->show port jumbo ge.1.1 Port Number Jumbo Status Max Frame Size ------------- --------------- -----------------ge.1.1 Enable 9216

    set port jumbo


    Usethiscommandtoenableordisablejumboframesupportononeormoreports.

    Syntax
    set port jumbo {enable | disable}[port-string]

    Parameters
    enable|disable portstring Enablesordisablesjumboframesupport. (Optional)Specifiestheport(s)onwhichtodisableorenablejumbo framesupport.Foradetaileddescriptionofpossibleportstringvalues, refertoPortStringSyntaxUsedintheCLIonpage41.

    Defaults
    Ifportstringisnotspecified,jumboframesupportwillbeenabledordisabledonallports.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoenablejumboframesupportforGigabitEthernetport14inslot3:
    G3(su)->set port jumbo enable ge.3.14

    clear port jumbo


    Usethiscommandtoresetjumboframesupportstatustoenabledononeormoreports.

    Syntax
    clear port jumbo [port-string]

    Enterasys G-Series CLI Reference

    4-13

    Setting Auto-Negotiation and Advertised Ability

    Parameters
    portstring (Optional)Specifiestheport(s)onwhichtoresetjumboframe supportstatustoenabled.Foradetaileddescriptionofpossible portstringvalues,refertoPortStringSyntaxUsedintheCLIon page41.

    Defaults
    Ifportstringisnotspecified,jumboframesupportstatuswillberesetonallports.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresetjumboframesupportstatusforGigabitEthernetport14inslot 3:
    G3(su)->clear port jumbo ge.3.14

    Setting Auto-Negotiation and Advertised Ability


    Purpose
    Toreview,disableorenableautonegotiation,andtoconfigureportadvertisementforspeedand duplex. Duringautonegotiation,theporttellsthedeviceattheotherendofthesegmentwhatits capabilitiesandmodeofoperationare.Ifautonegotiationisdisabled,theportrevertstothe valuesspecifiedbydefaultspeed,defaultduplex,andtheportflowcontrolcommands. Innormaloperation,withallcapabilitiesenabled,advertisedabilityenablesaporttoadvertise thatithastheabilitytooperateinanymode.Theusermaychoosetoconfigureaportsothatonly aportionofitscapabilitiesareadvertisedandtheothersaredisabled. RefertoConfiguringSFPPortsfor100BASEFXonpage 42forinformationonconfiguring settingsfor100MbSFPports.
    Note: Advertised ability can be activated only on ports that have auto-negotiation enabled.

    Commands
    For information about... show port negotiation set port negotiation show port advertise set port advertise clear port advertise Refer to page... 4-15 4-15 4-16 4-16 4-17

    4-14

    Port Configuration

    show port negotiation

    show port negotiation


    Usethiscommandtodisplaythestatusofautonegotiationforoneormoreports.

    Syntax
    show port negotiation [port-string]

    Parameters
    portstring (Optional)Displaysautonegotiationstatusforspecificport(s).Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage41.

    Defaults
    Ifportstringisnotspecified,autonegotiationstatusforallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplayautonegotiationstatusfor1GigabitEthernetport14inslot 3:
    G3(su)->show port negotiation ge.3.14 auto-negotiation is enabled on port ge.3.14.

    set port negotiation


    Usethiscommandtoenableordisableautonegotiationononeormoreports.

    Syntax
    set port negotiation port-string {enable | disable}

    Parameters
    portstring Specifiestheport(s)forwhichtoenableordisableautonegotiation.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage41. Enablesordisablesautonegotiation.

    enable|disable

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtodisableautonegotiationon1GigabitEthernetport3inslot14:
    G3(su)->set port negotiation ge.3.14 disable

    Enterasys G-Series CLI Reference

    4-15

    show port advertise

    show port advertise


    Usethiscommandtodisplayportcapabilityandadvertisementasfarasspeedandduplexfor autonegotiation.

    Syntax
    show port advertise [port-string]

    Parameters
    portstring (Optional)Displaysadvertisedabilityforspecificport(s).Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage41.

    Defaults
    Ifportstringisnotspecified,advertisementforallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayadvertisementstatusforGigabitports13and14:
    G3(su)->show port advertise ge.1.13-14 ge.1.13 capability advertised remote ------------------------------------------------10BASE-T yes yes yes 10BASE-TFD yes yes yes 100BASE-TX yes yes yes 100BASE-TXFD yes yes yes 1000BASE-T no no no 1000BASE-TFD yes yes yes pause yes yes no ge.1.14 capability advertised remote ------------------------------------------------10BASE-T yes yes yes 10BASE-TFD yes yes yes 100BASE-TX yes yes yes 100BASE-TXFD yes yes yes 1000BASE-T no no no 1000BASE-TFD yes yes yes pause yes yes no

    set port advertise


    Usethiscommandtoconfigurewhataportwilladvertiseforspeed/duplexcapabilitiesinauto negotiation.

    Syntax
    set port advertise {port-string}{10t | 10tfd | 100tx | 100txfd | 1000t | 1000tfd | pause}

    4-16

    Port Configuration

    clear port advertise

    Parameters
    portstring Selecttheportsforwhichtoconfigureadvertisements.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage41. Advertise10BASEThalfduplexmode. Advertise10BASETfullduplexmode. Advertise100BASETXhalfduplexmode. Advertise100BASETXfullduplexmode.RefertoConfiguringSFPPorts for100BASEFXonpage 42formoreinformationonsettingadvertised abilityfor100MbSFPtranceivers. Advertise1000BASEThalfduplexmode. Advertise1000BASETfullduplexmode. AdvertisePAUSEforfullduplexlinks.

    10t 10tfd 100tx 100txfd

    1000t 1000tfd pause

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoconfigureport1toadvertise1000BASETfullduplex:
    G3(su)->set port advertise ge.1.1 1000tfd

    clear port advertise


    Usethiscommandtoconfigureaporttonotadvertiseaspecificspeed/duplexcapabilitywhen autonegotiatingwithanotherport.

    Syntax
    clear port advertise {port-string}{10t | 10tfd | 100tx | 100txfd | 1000t | 1000tfd | pause}

    Parameters
    portstring Clearadvertisementsforspecificport(s).Foradetaileddescriptionof possibleportstringvalues,refertoPortStringSyntaxUsedinthe CLIonpage41. Donotadvertise10BASEThalfduplexmode. Donotadvertise10BASETfullduplexmode. Donotadvertise100BASETXhalfduplexmode. Donotadvertise100BASETXfullduplexmode. Donotadvertise1000BASEThalfduplexmode. Donotadvertise1000BASETfullduplexmode. DonotadvertisePAUSEforfullduplexlinks.
    Enterasys G-Series CLI Reference 4-17

    10t 10tfd 100tx 100txfd 1000t 1000tfd pause

    Setting Flow Control

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoconfigureport1tonotadvertise10MBcapabilityforauto negotiation:
    G3(su)->clear port advertise ge.1.1 10t 10tfd

    Setting Flow Control


    Purpose
    Toreview,enableordisableportflowcontrol.Flowcontrolisusedtomanagethetransmission betweentwodevicesasspecifiedbyIEEE 802.3xtopreventreceivingportsfrombeing overwhelmedbyframesfromtransmittingdevices.

    Commands
    For information about... show flowcontrol set flowcontrol Refer to page... 4-18 4-19

    show flowcontrol
    Usethiscommandtodisplaytheflowcontrolstate.

    Syntax
    show flowcontrol

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaytheportflowcontrolstate:
    G3(su)->show flowcontrol Flow control status: enabled
    4-18 Port Configuration

    set flowcontrol

    set flowcontrol
    Usethiscommandtoenableordisableflowcontrol.

    Syntax
    set flowcontrol {enable | disable}

    Parameters
    enable|disable Enablesordisablesflowcontrolsettings.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoenableflowcontrol:
    G3(su)->set flowcontrol enable

    Setting Port Link Traps and Link Flap Detection


    Purpose
    Todisableorreenablelinktraps,displaylinktrapstatus,andtoconfigurethelinkflapping detectionfunction.Bydefault,allportsareenabledtosendSNMPtrapmessagesindicating changestotheirlinkstatus(upordown). Thelinkflapfunctiondetectswhenalinkisgoingupanddownrapidly(alsocalledlink flapping)onaphysicalport,andtakestherequiredactions(disableport,andeventuallysend notificationtrap)tostopsuchacondition.Ifleftunresolved,thelinkflappingconditioncanbe detrimentaltonetworkstabilitybecauseitcantriggerSpanningTreeandroutingtable recalculation.

    Commands
    For information about... show port trap set port trap show linkflap set linkflap globalstate set linkflap portstate set linkflap interval set linkflap action Refer to page... 4-20 4-20 4-21 4-23 4-24 4-24 4-25

    Enterasys G-Series CLI Reference

    4-19

    show port trap

    For information about... clear linkflap action set linkflap threshold set linkflap downtime clear linkflap down clear linkflap

    Refer to page... 4-25 4-26 4-26 4-27 4-27

    show port trap


    UsethiscommandtodisplaywhethertheportisenabledforgeneratinganSNMPtrapmessageif itslinkstatechanges.

    Syntax
    show port trap [port-string]

    Parameters
    portstring (Optional)Displayslinktrapstatusforspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage41.

    Defaults
    Ifportstringisnotspecified,thetrapstatusforallportswillbedisplayed.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtodisplaylinktrapstatusforge.3.1through4:
    G3(su)->show port trap ge.3.1-4 Link traps enabled on port ge.3.1. Link traps enabled on port ge.3.2. Link traps enabled on port ge.3.3. Link traps enabled on port ge.3.4.

    set port trap


    UsethiscommandtoenableofdisableportsforsendingSNMPtrapmessageswhentheirlink statuschanges.

    Syntax
    set port trap port-string {enable | disable}

    4-20

    Port Configuration

    show linkflap

    Parameters
    portstring Specifiestheport(s)forwhichtoenableordisableporttraps.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage41. Enablesordisablessendingtrapmessageswhenlinkstatuschanges.

    enable|disable

    Defaults
    Sendingtrapswhenlinkstatuschangesisenabledbydefault.

    Mode
    Switchcommand,readwrite.

    Example
    Thefollowingexampledisablessendingtraponge.3.1.
    G3(su)->set port trap ge.3.1 disable

    show linkflap
    Usethiscommandtodisplaylinkflapdetectionstateandconfigurationinformation.

    Syntax
    show linkflap {globalstate | portstate | parameters | metrics | portsupported | actsupported | maximum | downports | action | operstatus | threshold | interval] | downtime | currentcount | totalcount | timelapsed | violations [port-string]}

    Parameters
    globalstate portstate parameters metrics portsupported actsupported maximum downports action operstatus threshold interval downtime currentcount Displaystheglobalenablestateoflinkflapdetection. Displaystheportenablestateoflinkflapdetection. Displaysthecurrentvalueofsettablelinkflapdetectionparameters. Displayslinkflapdetectionmetrics. Displaysportswhichcansupportthelinkflapdetectionfunction. Displayslinkflapdetectionactionssupportedbysystemhardware. Displaysthemaximumallowedlinkdownsper10secondssupported bysystemhardware. Displaysportsdisabledbylinkflapdetectionduetoaviolation. Displayslinkflapactionstakenonviolatingport(s). Displayswhetherlinkflaphasdeactivatedport(s). Displaysthenumberofallowedlinkdowntransitionsbeforeactionis taken. Displaysthetimeperiodforcountinglinkdowntransitions. Displayshowlongviolatingport(s)aredeactivated. Displayshowmanylinkdowntransitionsareinthecurrentinterval.

    Enterasys G-Series CLI Reference

    4-21

    show linkflap

    totalcount timelapsed violations portstring

    Displayshowmanylinkdowntransitionshaveoccurredsincethelast reset. Displaysthetimeperiodsincethelastlinkdowneventorreset. Displaysthenumberoflinkflapviolationssincethelastreset. (Optional)Displaysinformationforspecificport(s).

    Defaults
    Ifnotspecified,informationaboutalllinkflapdetectionsettingswillbedisplayed. Ifportstringisnotspecified,informationforallportswillbedisplayed.

    Mode
    Switchmode,readonly.

    Usage
    Thelinkflapdefaultconditionsareshowninthefollowingtable.
    Linkflap Parameter Linkflap global state Linkflap port state Linkflap action Linkflap interval Linkflap maximum allowed link downs per 10 seconds Linkflap threshold (number of allowed link down transitions before action is taken) Default Condition Disabled Disabled None 5 20 10

    Examples
    Thisexampleshowshowtodisplaytheglobalstatusofthelinktrapdetectionfunction:
    G3(rw)->show linkflap globalstate Linkflap feature globally disabled

    Thisexampleshowshowtodisplayportsdisabledbylinkflapdetectionduetoaviolation:
    G3(rw)->show linkflap downports Ports currently held DOWN for Linkflap violations: None.

    Thisexampleshowshowtodisplaythelinkflapparameterstable:
    G3(rw)->show linkflap parameters Linkflap Port Settable Parameter Table (X Port LF Status Actions Threshold -------- --------- ------- ---------ge.1.1 disabled ....... 10 ge.1.2 enabled D..S..T 3 ge.1.3 disabled ...S..T 10 means error Interval ---------5 5 5 occurred) Downtime ---------300 300 300

    Table 43providesanexplanationoftheshowlinkflapparameterscommandoutput.

    4-22

    Port Configuration

    set linkflap globalstate

    Table 4-3

    show linkflap parameters Output Details


    What it displays... Port designation. Link flap enabled state. Actions to be taken if the port violates allowed link flap behavior. D = disabled, S = Syslog entry will be generated, T= SNMP trap will be generated.

    Output Field Port LF Status Actions

    Threshold Interval Downtime

    Number of link down transitions necessary to trigger the link flap action. Time interval (in seconds) for accumulating link down transitions. Interval (in seconds) port(s) will be held down after a link flap violation.

    Thisexampleshowshowtodisplaythelinkflapmetricstable:
    G3(rw)->show linkflap metrics Port LinkStatus CurrentCount -------- ----------- -----------ge.1.1 operational 0 ge.1.2 disabled 4 ge.1.3 operational 3 TotalCount ---------0 15 3 TimeElapsed Violations ----------- ------------241437 0 147 5 241402 0

    Table 44providesanexplanationoftheshowlinkflapmetricscommandoutput. Table 4-4 show linkflap metrics Output Details


    What it displays... Port designation. Link status according to the link flap function. Link down count accruing toward the link flap threshold. Number of link downs since system start, Time (in seconds) since the last link down event. Number of link flap violations on listed ports since system start.

    Output Field Port LinkStatus CurrentCount TotalCount TimeElapsed Violations

    set linkflap globalstate


    Usethiscommandtogloballyenableordisablethelinkflapdetectionfunction.

    Syntax
    set linkflap globalstate {disable | enable}

    Parameters
    disable|enable Globallydisablesorenablesthelinkflapdetectionfunction.

    Defaults
    Bydefault,thefunctionisdisabledgloballyandonallports.

    Enterasys G-Series CLI Reference

    4-23

    set linkflap portstate

    Mode
    Switchmode,readwrite.

    Usage
    Bydefault,thefunctionisdisabledgloballyandonallports.Ifdisabledgloballyafterperport settingshavebeenconfiguredusingthelinkflapcommands,perportsettingswillberetained.

    Example
    Thisexampleshowshowtogloballyenablethelinktrapdetectionfunction.
    G3(rw)->set linkflap globalstate enable

    set linkflap portstate


    Usethiscommandtoenableordisablelinkflapmonitoringononeormoreports.

    Syntax
    set linkflap portstate {disable | enable} [port-string]

    Parameters
    disable|enable portstring Disablesorenablesthelinkflapdetectionfunction. (Optional)Specifiestheportorportsonwhichtodisableorenable monitoring.

    Defaults
    Ifportstringisnotspecified,allportsareenabledordisabled.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoenablethelinktrapmonitoringonallports.
    G3(rw)->set linkflap portstate enable

    set linkflap interval


    Usethiscommandtosetthetimeinterval(inseconds)foraccumulatinglinkdowntransitions.

    Syntax
    set linkflap interval port-string interval-value

    Parameters
    portstring intervalvalue Specifiestheport(s)onwhichtosetthelinkflapinterval. Specifiesanintervalinseconds.Avalueof0willsettheintervalto forever.

    4-24

    Port Configuration

    set linkflap action

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosetthelinkflapintervalonportge.1.4to1000seconds.
    G3(rw)->set linkflap interval ge.1.4 1000

    set linkflap action


    Usethiscommandtosetreactionstoalinkflapviolation.

    Syntax
    set linkflap action port-string {disableInterface | gensyslogentry | gentrap | all}

    Parameters
    portstring disableInterface gensyslogentry gentrap all Specifiestheport(s)onwhichtosetthelinkflapaction. Setsthereactionasdisablingtheinterface. Setsthereactionasgeneratingasyslogentry. SetsthereactionasgeneratinganSNMPtrap. Setsthereactionasalloftheabove.

    Defaults
    None.

    Mode
    Switchmode,readwrite.

    Example
    Thisexampleshowshowtosetthelinkflapviolationactiononportge.1.4togeneratingaSyslog entry.
    G3(rw)->set linkflap action ge.1.4 gensyslogentry

    clear linkflap action


    Usethiscommandtoclearreactionstoalinkflapviolation.

    Syntax
    clear linkflap action [port-string] {disableInterface | gensyslogentry | gentrap | all}

    Enterasys G-Series CLI Reference

    4-25

    set linkflap threshold

    Parameters
    portstring disableInterface gensyslogentry gentrap all (Optional)Specifiestheport(s)onwhichtoclearthelinkflapaction. Clearsthereactionasdisablingtheinterface. Clearsthereactionasgeneratingasyslogentry. ClearsthereactionasgeneratinganSNMPtrap. Clearsthereactionasalloftheabove.

    Defaults
    Ifportstringisnotspecified,actionswillbeclearedonallports.

    Mode
    Switchmode,readwrite.

    Example
    Thisexampleshowshowtoclearthelinkflapviolationactiononportge.1.4togeneratinga Syslogentry.
    G3(rw)->clear linkflap action ge.1.4 gensyslogentry

    set linkflap threshold


    Usethiscommandtosetthelinkflapactiontriggercount.

    Syntax
    set linkflap threshold port-string threshold-value

    Parameters
    portstring thresholdvalue Specifiestheport(s)onwhichtosetthelinkflapactiontriggercount. Specifiesthenumberoflinkdowntransitionsnecessarytotriggerthe linkflapaction.Aminimumof1mustbeconfigured.

    Defaults
    None.

    Mode
    Switchmode,readwrite.

    Example
    Thisexampleshowshowtosetthelinkflapthresholdonportge.1.4to5.
    G3(rw)->set linkflap threshold ge.1.4 5

    set linkflap downtime


    Usethiscommandtosetthetimeinterval(inseconds)oneormoreportswillbehelddownaftera linkflapviolation.

    4-26

    Port Configuration

    clear linkflap down

    Syntax
    set linkflap downtime port-string downtime-value

    Parameters
    portstring downtimevalue Specifiestheport(s)onwhichtosetthelinkflapdowntime. Specifiesadowntimeinseconds.Avalueof0willsetthedowntimeto forever.

    Defaults
    None.

    Mode
    Switchmode,readwrite.

    Example
    Thisexampleshowshowtosetthelinkflapdowntimeonportge.1.4to5000seconds.
    G3(rw)->set linkflap downtime ge.1.4 5000

    clear linkflap down


    Usethiscommandtotogglelinkflapdisabledportstooperational.

    Syntax
    clear linkflap down [port-string]

    Parameters
    portstring (Optional)Specifiestheportstomakeoperational.

    Defaults
    Ifportstringisnotspecified,allportsdisabledbyalinkflapviolationwillbemadeoperational.

    Mode
    Switchmode,readwrite.

    Example
    Thisexampleshowshowtomakedisabledportge.1.4operational.
    G3(rw)->clear linkflap down ge.1.4

    clear linkflap
    Usethiscommandtoclearalllinkflapoptionsand/orstatisticsononeormoreports.

    Syntax
    clear linkflap {all | stats [port-string] | parameter port-string {threshold | interval | downtime | all}

    Enterasys G-Series CLI Reference

    4-27

    Configuring Broadcast Suppression

    Parameters
    all|stats parameter Clearsalloptionsandstatistics,orclearsonlystatistics. Clearslinkflapparameters.

    threshold|interval| Clearslinkflapthreshold,interval,downtimeorallparameters. downtime|all portstring (Optionalunlessparameterisspecified)Specifiestheport(s)onwhich toclearsettings.

    Defaults
    Ifportstringisnotspecified,settingsand/orstatisticswillbeclearedonallports.

    Mode
    Switchmode,readwrite.

    Example
    Thisexampleshowshowtoclearalllinkflapoptionsonportge.1.4.
    G3(rw)->clear linkflap all ge.1.4

    Configuring Broadcast Suppression


    Purpose
    Toreviewandsetthebroadcastsuppressionthresholdforoneormoreports.Thisfeaturelimits thenumberofreceivedbroadcastframestheswitchwillacceptperport.Broadcastsuppression thresholdsapplyonlytobroadcasttrafficmulticasttrafficisnotaffected.Bydefault,abroadcast suppressionthresholdof14881packetspersecond(pps)willbeused,regardlessofactualport speed.BroadcastsuppressionprotectsagainstbroadcaststormsandARPsweeps.

    Commands
    For information about... show port broadcast set port broadcast clear port broadcast Refer to page... 4-28 4-29 4-30

    show port broadcast


    Usethiscommandtodisplayportbroadcastsuppressionthresholds.

    Syntax
    show port broadcast [port-string]

    4-28

    Port Configuration

    set port broadcast

    Parameters
    portstring (Optional)Selecttheportsforwhichtoshowbroadcastsuppression thresholds.Foradetaileddescriptionofpossibleportstringvalues,refer toPortStringSyntaxUsedintheCLIonpage41.

    Defaults
    Ifportstringisnotspecified,broadcaststatusofallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaythebroadcastsuppressionthresholdsforports1through4:
    G3(su)->show port broadcast ge.1.1-4 Port Total BC Threshold Packets (pkts/s) ---------------------------------------ge.1.1 0 50 ge.1.2 0 50 ge.1.3 0 40 ge.1.4 0 14881

    set port broadcast


    Usethiscommandtosetthebroadcastsuppressionthreshold,inpacketspersecond,ononeor moreports.Thissetsathresholdonthebroadcasttrafficthatisreceivedandswitchedouttoother ports.

    Syntax
    set port broadcast port-string threshold-val

    Parameters
    portstring Selecttheportsforwhichtoconfigurebroadcastsuppressionthresholds. Foradetaileddescriptionofpossibleportstringvalues,refertoPort StringSyntaxUsedintheCLIonpage41. Setsthepacketspersecondthresholdonbroadcasttraffic.Maximum valueis 148810forFastEthernetports 1488100for1Gigabitports. 14881000for10Gigabitports

    thresholdval

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Enterasys G-Series CLI Reference

    4-29

    clear port broadcast

    Usage
    PerportbroadcastsuppressionishardsettobegloballyenabledontheG3.Ifyouwouldliketo disablebroadcastsuppression,youcangetthesameresultbysettingthethresholdlimitforeach porttothemaximumnumberofpacketswhichcanbereceivedpersecondaslistedinthe parameterssection,above.Thedefaultbroadcastsuppressionthresholdforallportsissetto 14881.

    Example
    Thisexampleconfiguresports1through5withabroadcastlimitof50pps:
    G3(su)->set port broadcast ge.1.1-5 50

    clear port broadcast


    Usethiscommandtoclearthebroadcastthresholdlimittothedefaultvalueof14881forthe selectedport.

    Syntax
    clear port broadcast port-string threshold

    Parameters
    portstring Selecttheportsforwhichtoclearbroadcastsuppressionthresholds.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleclearsthebroadcastthresholdlimitto14881ppsforports1through5:
    G3(su)->clear port broadcast ge.1.1-5 threshold

    Port Mirroring
    Caution: Port mirroring configuration should be performed only by personnel who are knowledgeable about the effects of port mirroring and its impact on network operation.

    TheGSeriesdeviceallowsyoutomirror(orredirect)thetrafficbeingswitchedonaportforthe purposesofnetworktrafficanalysisandconnectionassurance.Whenportmirroringisenabled, oneportbecomesamonitorportforanotherportwithinthedevice.

    4-30

    Port Configuration

    show port mirroring

    Mirroring Features
    TheGSeriesdevicesupportsthefollowingmirroringfeatures: Mirroringcanbeconfiguredinamanytooneconfigurationsothatonetarget(destination) portcanmonitortrafficonupto8sourceports. Bothtransmitandreceivetrafficwillbemirrored. Adestinationportwillonlyactasamirroringportwhenthesessionisoperationallyactive. Whenaportmirroriscreated,themirrordestinationportisremovedfromtheegresslistof VLAN1afterareboot. MACaddresseswillbelearnedforpacketstaggedwiththemirrorVLANID.Thiswill preventtheabilitytosnooptrafficacrossmultiplehops.
    Caution: Traffic mirrored to a VLAN may contain control traffic. This may be interpreted by the downstream neighbor as legal control frames. It is recommended that you disable any protocols (such as Spanning Tree) on inter-switch connections that might be affected .

    Purpose
    Toreviewandconfigureportmirroringonthedevice.

    Commands
    For information about... show port mirroring set port mirroring clear port mirroring Refer to page... 4-31 4-32 4-33

    show port mirroring


    Usethiscommandtodisplaythesourceandtargetportsformirroring,andwhethermirroringis currentlyenabledordisabledforthoseports.

    Syntax
    show port mirroring

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Enterasys G-Series CLI Reference

    4-31

    set port mirroring

    Example
    Thisexampleshowshowtodisplayportmirroringinformation.Inthiscase,ge.1.4isconfigured asasourceportandge.1.11isatargetandmirroringhasbeenenabledbetweentheseports:
    G3(su)->show port mirroring Port Mirroring ============== Source Port = ge.1.4 Target Port = ge.1.11 Frames Mirrored = Rx and Tx Port Mirroring status enabled.

    set port mirroring


    Usethiscommandtocreateanewmirroringrelationshiportoenableordisableanexisting mirroringrelationshipbetweentwoports.
    Notes: When a port mirror is created, the mirror destination port is removed from VLAN 1s egress list after a reboot. "MAC addresses will be learned for packets tagged with the mirror VLAN ID. This will prevent the ability to snoop traffic across multiple hops.

    Syntax
    set port mirroring {create | disable | enable} source destination}

    Parameters
    create|disable| enable source Creates,disablesorenablesmirroringsettingsonthespecifiedports. Specifiesthesourceportdesignation.Thisistheportonwhichthetraffic willbemonitored.Foradetaileddescriptionofpossibleportstringvalues, refertoPortStringSyntaxUsedintheCLIonpage41. Specifiesthetargetportdesignation.Thisistheportthatwillduplicateor mirrorallthetrafficonthemonitoredport. Foradetaileddescriptionofpossibleportstringvalues,refertoPort StringSyntaxUsedintheCLIonpage41.

    destination

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    NotethatLAGportsandtheirunderlyingphysicalports,asdescribedinLinkAggregation ControlProtocol(LACP)onpage433,cannotbemirrored.

    Example
    Thisexampleshowshowtocreateandenableportmirroringwithge.1.4asthesourceport,and ge.1.11asthetargetport:
    4-32 Port Configuration

    clear port mirroring

    G3(su)->set port mirroring create ge.1.4 ge.1.11 G3(su)->set port mirroring enable ge.1.4 ge.1.11

    clear port mirroring


    Usethiscommandtoclearaportmirroringrelationship.

    Syntax
    clear port mirroring source destination

    Parameters
    source Specifiesthesourceportofthemirroringconfigurationtobecleared.For adetaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage41. Specifiesthetargetportofthemirroringconfigurationtobecleared.

    destination

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoclearportmirroringbetweensourceportge.1.4andtargetport ge.1.11:
    G3(su)->clear port mirroring ge.1.4 ge.1.11

    Link Aggregation Control Protocol (LACP)


    Caution: Link aggregation configuration should only be performed by personnel who are knowledgeable about Spanning Tree and Link Aggregation, and fully understand the ramifications of modifications beyond device defaults. Otherwise, the proper operation of the network could be at risk.

    Usingmultiplelinkssimultaneouslytoincreasebandwidthisadesirableswitchfeature,which canbeaccomplishedifbothsidesagreeonasetofportsthatarebeingusedasaLinkAggregation Group(LAG).OnceaLAGisformedfromselectedports,problemswithloopingcanbeavoided sincetheSpanningTreecantreatthisLAGasasingleport. Enabledbydefault,theLinkAggregationControlProtocol(LACP)logicallygroupsinterfaces togethertocreateagreaterbandwidthuplink,orlinkaggregation,accordingtotheIEEE802.3ad standard.ThisstandardallowstheswitchtodeterminewhichportsareinLAGsandconfigure themdynamically.SincetheprotocolisbasedontheIEEE802.3adspecification,anyswitchfrom anyvendorthatsupportsthisstandardcanaggregatelinksautomatically. 802.3adLACPaggregationscanalsoberuntoendusers(thatis,aserver)ortoarouter.
    Note: Earlier (proprietary) implementations of port aggregation referred to groups of aggregated ports as trunks.

    Enterasys G-Series CLI Reference

    4-33

    Link Aggregation Control Protocol (LACP)

    LACP Operation
    Foreachaggregatableportinthedevice,LACP: Maintainsconfigurationinformation(reflectingtheinherentpropertiesoftheindividuallinks aswellasthoseestablishedbymanagement)tocontrolaggregation. ExchangesconfigurationinformationwithotherdevicestoallocatethelinktoaLink AggregationGroup(LAG).
    Note: A given link is allocated to, at most, one Link Aggregation Group (LAG) at a time. The allocation mechanism attempts to maximize aggregation, subject to management controls.

    AttachestheporttotheaggregatorusedbytheLAG,anddetachestheportfromthe aggregatorwhenitisnolongerusedbytheLAG. Usesinformationfromthepartnerdeviceslinkaggregationcontrolentitytodecidewhether toaggregateports.

    TheoperationofLACPinvolvesthefollowingactivities: Checkingthatcandidatelinkscanactuallybeaggregated. ControllingtheadditionofalinktoaLAG,andthecreationofthegroupifnecessary. Monitoringthestatusofaggregatedlinkstoensurethattheaggregationisstillvalid. RemovingalinkfromaLAGifitsmembershipisnolongervalid,andremovingthegroupifit nolongerhasanymemberlinks.

    InordertoallowLACPtodeterminewhetherasetoflinksconnecttothesamedevice,andto determinewhetherthoselinksarecompatiblefromthepointofviewofaggregation,itis necessarytobeabletoestablish Agloballyuniqueidentifierforeachdevicethatparticipatesinlinkaggregation. Ameansofidentifyingthesetofcapabilitiesassociatedwitheachportandwitheach aggregator,asunderstoodbyagivendevice. AmeansofidentifyingaLAGanditsassociatedaggregator.


    Note: The path cost of a LAG port will be displayed as zero when it is not an active link.

    LACP Terminology
    Table 45defineskeyterminologyusedinLACPconfiguration. Table 4-5
    Term Aggregator

    LACP Terms and Definitions


    Definition Virtual port that controls link aggregation for underlying physical ports. Each G-Series module provides 6 aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.6. Link Aggregation Group. Once underlying physical ports (for example, ge.x.x) are associated with an aggregator port, the resulting aggregation will be represented as one LAG with a lag.x.x port designation. G-Series LAGs can have up to associated physical ports.

    LAG

    4-34

    Port Configuration

    Link Aggregation Control Protocol (LACP)

    Table 4-5
    Term LACPDU

    LACP Terms and Definitions (Continued)


    Definition Link Aggregation Control Protocol Data Unit. The protocol exchanges aggregation state/mode information by way of a ports actor and partner operational states. LACPDUs sent by the first party (the actor) convey to the second party (the actors protocol partner) what the actor knows, both about its own state and that of its partner. An actor is the local device sending LACPDUs. Its protocol partner is the device on the other end of the link aggregation. Each maintains current status of the other via LACPDUs containing information about their ports LACP status and operational state. Value assigned to aggregator ports and physical ports that are candidates for joining a LAG. The LACP implementation on G-Series devices will use this value to form an oper key and will determine which underlying physical ports are capable of aggregating by comparing oper keys. Aggregator ports allow only underlying ports with oper keys matching theirs to join their LAG. On GSeries devices, the default admin key value is 32768. Value used to build a LAG ID, which determines aggregation precedence. If there are two partner devices competing for the same aggregator, LACP compares the LAG IDs for each grouping of ports. The LAG with the lower LAG ID is given precedence and will be allowed to use the aggregator. Note: Only one LACP system priority can be set on a G-Series device, using either the set lacp asyspri command (page 4-38), or the set port lacp command (page 4-44).

    Actor and Partner

    Admin Key

    System Priority

    G-Series Usage Considerations


    Innormalusage(andtypicalimplementations)thereisnoneedtomodifyanyofthedefault LACPparametersontheswitch.Thedefaultvalueswillresultinthemaximumnumberof aggregationspossible.Iftheswitchisplacedinaconfigurationwithitspeersnotrunningthe protocol,nodynamiclinkaggregationswillbeformedandtheswitchwillfunctionnormally(that is,willblockredundantpaths).Forinformationaboutbuildingstaticaggregations,refertoset lacpstatic(page 440). EachGSeriesmoduleprovidessixvirtuallinkaggregatorports,whicharedesignatedintheCLI aslag.0.1throughlag.0.6.EachLAGcanhaveuptoassociatedphysicalports.Onceunderlying physicalports(forexample,ge.x.x,orge.x.x)areassociatedwithanaggregatorport,theresulting aggregationwillberepresentedasoneLAGwithalag.x.xportdesignation.LACPdetermines whichunderlyingphysicalportsarecapableofaggregatingbycomparingoperationalkeys. AggregatorportsallowonlyunderlyingportswithkeysmatchingtheirstojointheirLAG. LACPusesasystempriorityvaluetobuildaLAGID,whichdeterminesaggregationprecedence. Iftherearetwopartnerdevicescompetingforthesameaggregator,LACPcomparestheLAGIDs foreachgroupingofports.TheLAGwiththelowerLAGIDisgivenprecedenceandwillbe allowedtousetheaggregator. Thereareafewcasesinwhichportswillnotaggregate: Anunderlyingphysicalportisattachedtoanotherportonthissameswitch(loopback). ThereisnoavailableaggregatorfortwoormoreportswiththesameLAGID.Thiscan happeniftherearesimplynoavailableaggregators,orifnoneoftheaggregatorshavea matchingadminkeyandsystempriority.

    Enterasys G-Series CLI Reference

    4-35

    show lacp

    802.1xauthenticationisenabledusingtheseteapolcommand(page 2017)andportsthat wouldotherwiseaggregatearenot802.1Xauthorized.

    TheLACPimplementationontheGSeriesdevicewillallowuptophysicalportsintoaLAG.The devicewiththelowestLAGIDdetermineswhichunderlyingphysicalportsareallowedintoa LAGbasedontheportsLAGportpriority.PortswiththelowestLAGportpriorityvaluesare allowedintotheLAGandallotherspeedgroupingsgointoastandbystate. WhenanexistingdynamicallycreatedLAGisreducedtooneport,theGSeriesremovestheLAG fromitsVLANandaddstheremainingunderlyingporttotheVLAN.Forthisreason,youshould ensurethattheLAGandalltheportsintheLAGareassignedtotheegresslistofthedesired VLAN.Otherwise,whentheLAGisremoved,theremainingportmaybeassignedtothewrong VLAN.Theotheroptionistoenablethesingleportlagfeatureasdescribedinsetlacp singleportlagonpage441.
    Note: To aggregate, underlying physical ports must be running in full duplex mode and must be of the same operating speed.

    Commands
    For information about... show lacp set lacp set lacp asyspri set lacp aadminkey clear lacp set lacp static clear lacp static set lacp singleportlag clear lacp singleportlag show port lacp set port lacp clear port lacp Refer to page... 4-36 4-38 4-38 4-39 4-39 4-40 4-41 4-41 4-41 4-42 4-44 4-45

    show lacp
    Usethiscommandtodisplayinformationaboutoneormoreaggregatorports.

    Syntax
    show lacp [port-string]

    Parameters
    portstring (Optional)DisplaysLACPinformationforspecificLAGport(s).Valid portdesignationsarelag.0.16.

    4-36

    Port Configuration

    show lacp

    Defaults
    Ifportstringisnotspecified,linkaggregationinformationforallLAGswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Usage
    EachGSeriesmoduleprovides6virtuallinkaggregatorports,whicharedesignatedintheCLIas lag.0.1throughlag.0.6.Onceunderlyingphysicalports(thatis,ge.x.x)areassociatedwithan aggregatorport,theresultingaggregationwillberepresentedasoneLinkAggregationGroup (LAG)withalag.x.xportdesignation.

    Example
    Thisexampleshowshowtodisplaylacpinformationforlag.0.1.Thefollowingtabledescribesthe outputfields.
    G3(su)->show lacp lag.0.1 Global Link Aggregation state: enabled Single Port LAGs: disabled Aggregator: lag.0.1 System Identifier: System Priority: Admin Key: Oper Key: Attached Ports: Actor 00:01:F4:5F:1E:20 32768 32768 32768 ge.1.1 ge.1.3 Partner 00:11:88:11:74:F9 32768 0

    Table 46providesanexplanationofthecommandoutput. Table 4-6 show lacp Output Details


    What It Displays... Shows if LACP is enabled or disabled on the switch. Displays if the single port LAG feature has been enabled on the switch. See set lacp singleportlag on page 4-41 for more about single port LAG. LAG port designation. Each G-Series module provides 6 virtual link aggregator ports, which are designated in the CLI as lag.0.1 through lag.0.6. Once underlying physical ports (for example, ge.x.x) are associated with an aggregator port, the resulting Link Aggregation Group (LAG) is represented with a lag.x.x port designation. Local device participating in LACP negotiation. Remote device participating in LACP negotiation. MAC addresses for actor and partner. System priority value which determines aggregation precedence. Only one LACP system priority can be set on a G-Series device, using either the set lacp asyspri command (page 4-38), or the set port lacp command (page 4-44). Ports assigned key. G-Series devices provide a default admin key value of 32768 for all LAG ports (lag.0.1 though lag.0.6).

    Output Field Global Link Aggregation state Single Port LAGs Aggregator

    Actor Partner System Identifier System Priority

    Admin Key

    Enterasys G-Series CLI Reference

    4-37

    set lacp

    Table 4-6

    show lacp Output Details (Continued)


    What It Displays... Ports operational key, derived from the admin key. Only underlying physical ports with oper keys matching the aggregators will be allowed to aggregate. Underlying physical ports associated with this aggregator.

    Output Field Oper Key Attached Ports

    set lacp
    UsethiscommandtodisableorenabletheLinkAggregationControlProtocol(LACP)onthe device.

    Syntax
    set lacp {disable | enable}

    Parameters
    disable|enable DisablesorenablesLACP.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodisableLACP:
    G3(su)->set lacp disable

    set lacp asyspri


    UsethiscommandtosettheLACPsystempriority.

    Syntax
    set lacp asyspri value

    Parameters
    asyspri value SetsthesystemprioritytobeusedincreatingaLAG(LinkAggregation Group)ID.Validvaluesare0to65535. Specifiesasystempriorityvalue.Validvaluesare0to65535,with precedencegiventolowervalues.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    4-38

    Port Configuration

    set lacp aadminkey

    Usage
    LACPusesthisvaluetodetermineaggregationprecedence.Iftherearetwopartnerdevices competingforthesameaggregator,LACPcomparestheLAGIDsforeachgroupingofports.The LAGwiththelowerLAGIDisgivenprecedenceandwillbeallowedtousetheaggregator.

    Example
    ThisexampleshowshowtosettheLACPsystempriorityto1000:
    G3(su)->set lacp asyspri 1000

    set lacp aadminkey


    Usethiscommandtosettheadministrativelyassignedkeyforoneormoreaggregatorports.

    Syntax
    set lacp aadminkey port-string value

    Parameters
    portstring value SpecifiestheLAGport(s)onwhichtoassignanadminkey. Specifiesanadminkeyvaluetoset.Validvaluesare0to65535.The defaultadminkeyvalueis32768.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    LACPwillusethisvaluetoformanoperkey.Onlyunderlyingphysicalportswithoperkeys matchingthoseoftheiraggregatorswillbeallowedtoaggregate.Thedefaultadminkeyvaluefor allLAGportsis32768.

    Example
    ThisexampleshowshowtosettheLACPadminkeyto2000forLAGport6:
    G3(su)->set lacp aadminkey lag.0.6 2000

    clear lacp
    UsethiscommandtoclearLACPsystempriorityoradminkeysettings.

    Syntax
    clear lacp {[asyspri] [aadminkey port-string]}

    Parameters
    asyspri Clearssystempriority.

    Enterasys G-Series CLI Reference

    4-39

    set lacp static

    aadminkeyportstring

    Resetsadminkeysforoneormoreportstothedefaultvalueof32768.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocleartheactoradminkeyforLAGport6:
    G3(su)->clear lacp aadminkey lag.0.6

    set lacp static


    Usethiscommandtodisableorenablestaticlinkaggregation,ortoassignoneormoreunderlying physicalportstoaLinkAggregationGroup(LAG).

    Syntax
    set lacp static {disable | enable} | lagportstring [key] port-string

    Parameters
    disable|enable lagportstring key Disablesorenablesstaticlinkaggregation. SpecifiestheLAGaggregatorporttowhichnewportswillbeassigned. (Optional)SpecifiesthenewmemberportandLAGportaggregator adminkeyvalue.Onlyportswithmatchingkeysareallowedto aggregate.Validvaluesare065535.
    Note: This key value must be unique. If ports other than the desired underlying physical ports share the same admin key value, aggregation will fail or undesired aggregations will form.

    portstring

    Specifiesthememberport(s)toaddtotheLAG.Foradetaileddescription ofpossibleportstringvalues,refertoPortStringSyntaxUsedintheCLI onpage41.

    Defaults
    Ifnotspecified,akeywillbeassignedaccordingtothespecifiedaggregator.Forexampleakeyof4 wouldbeassignedtolag.0.4.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoaddportge.1.6totheLAGofaggregatorport6:
    G3(su)->set lacp static lag.0.6 ge.1.6

    4-40

    Port Configuration

    clear lacp static

    clear lacp static


    UsethiscommandtoremovespecificportsfromaLinkAggregationGroup.

    Syntax
    clear lacp static lagportstring port-string

    Parameters
    lagportstring portstring SpecifiestheLAGaggregatorportfromwhichportswillberemoved. Specifiestheport(s)toremovefromtheLAG.Foradetaileddescriptionof possibleportstringvalues,refertoPortStringSyntaxUsedintheCLI onpage41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoremovege.1.6fromtheLAGofaggregatorport6:
    G3(su)->clear lacp static lag.0.6 ge.1.6

    set lacp singleportlag


    UsethiscommandtoenableordisabletheformationofsingleportLAGs.

    Syntax
    set lacp singleportlag {enable | disable}

    Parameters
    disable|enable EnablesordisablestheformationofsingleportLAGs.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    WhensingleportLAGsareenabled,LinkAggregrationGroupscanbeformedwhenonlyone portisreceivingprotocoltransmissionsfromapartner.Whenthissettingisdisabled,twoormore portsarerequiredtoformaLAG. ThissettinghasnoeffectonexistingLAGscreatedwithmultiplememberports.Italsodoesnot preventpreviouslyformedLAGsfromcomingupaftertheyhavegonedown,aslongasany

    Enterasys G-Series CLI Reference

    4-41

    clear lacp singleportlag

    previousLAGmemberportscomesupconnectedtothesameswitchasbeforetheLAGwent down.

    Example
    ThisexampleenablestheformationofsingleportLAGs:
    G3(su)->set lacp singleportlag enable

    clear lacp singleportlag


    UsethiscommandtoresetthesingleportLAGfunctionbacktothedefaultstateofdisabled.

    Syntax
    clear lacp singleportlag

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresetthesingleportLAGfunctionbacktodisabled:
    G3(su)->clear lacp singleportlag

    show port lacp


    Usethiscommandtodisplaylinkaggregationinformationforoneormoreunderlyingphysical ports.

    Syntax
    show port lacp port port-string {[status {detail | summary}] | [counters]}

    Parameters
    portportstring DisplaysLACPinformationforspecificport(s).Foradetaileddescription ofpossibleportstringvalues,refertoPortStringSyntaxUsedintheCLI onpage41. DisplaysLACPstatusindetailedorsummaryinformation. DisplaysLACPcounterinformation.

    statusdetail| summary counters

    Defaults
    None.

    4-42

    Port Configuration

    show port lacp

    Mode
    Switchcommand,readonly.

    Usage
    Statedefinitions,suchasActorAdminStateandPartnerAdminState,areindicatedwithletter abbreviations.Iftheshowportlacpcommanddisplaysoneormoreofthefollowingletters,it meansthestateistruefortheassociatedactororpartnerports: E=Expired F=Defaulted D=Distributing(txenabled) C=Collecting(rxenabled) S=Synchronized(actorandpartneragree) G=Aggregationallowed S/l=Short/LongLACPtimeout A/p=Active/PassiveLACP

    Formoreinformationaboutthesestates,refertosetportlacp(page 444)andtheIEEE802.32002 specification.

    Examples
    ThisexampleshowshowtodisplaydetailedLACPstatusinformationforportge.1.12:
    G3(su)-> show port lacp port ge.1.12 status detail Port Instance: ge.1.12 ActorPort: 1411 PartnerAdminPort: 1411 ActorSystemPriority: 32768 PartnerOperPort: 1411 ActorPortPriority: 32768 PartnerAdminSystemPriority: 32768 ActorAdminKey: 32768 PartnerOperSystemPriority: 32768 ActorOperKey: 32768 PartnerAdminPortPriority: 32768 ActorAdminState: -----GlA PartnerOperPortPriority: 32768 ActorOperState: -F----lA PartnerAdminKey: 1411 ActorSystemID: 00-e0-63-9d-b5-87 PartnerOperKey: 1411 SelectedAggID: none PartnerAdminState: --DCSGlp AttachedAggID: none PartnerOperState: --DC-Glp MuxState: Detached PartnerAdminSystemID: 00-00-00-00-00-00 DebugRxState: port Disabled PartnerOperSystemID: 00-00-00-00-00-00

    ThisexampleshowshowtodisplaysummarizedLACPstatusinformationforportge.1.12:
    G3(su)->show port lacp port ge.1.12 status summary Port Aggr Actor System Partner System Pri: System ID: Key: Pri: System ID: Key: ge.1.12 none [(32768,00e0639db587,32768),(32768,000000000000, 1411)]

    ThisexampleshowshowtodisplayLACPcountersforportge.1.12:
    G3(su)->show port lacp port ge.1.12 counters Port Instance: ge.1.12 LACPDUsRx: 11067 LACPDUsTx: 0 IllegalRx: 0 UnknownRx: 0 MarkerPDUsRx: 0
    Enterasys G-Series CLI Reference 4-43

    set port lacp

    MarkerPDUsTx: MarkerResponsePDUsRx: MarkerResponsePDUsTx:

    0 0 374

    set port lacp


    Usethiscommandtosetlinkaggregationparametersforoneormoreports.Thesesettingswill determinethespecifiedunderlyingphysicalportsabilitytojoinaLAG,andtheiradministrative stateonceaggregated.

    Syntax
    set port lacp port port-string {[aadminkey aadminkey] [aadminstate {lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire}] [aportpri aportpri] [asyspri asyspri] [enable | [disable] [padminkey padminkey] [padminport padminport] [padminportpri padminportpri] [padminstate {lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire}] [padminsysid padminsysid] [padminsyspri padminsyspri]

    Parameters
    portportstring Specifiesthephysicalport(s)onwhichtoconfigureLACP.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage41. Setstheportsactoradminkey.LACPwillusethisvaluetoformanoper keyandwilldeterminewhichunderlyingphysicalportsarecapableof aggregatingbycomparingoperkeys.Aggregatorportsallowonly underlyingportswithoperkeysmatchingtheirstojointheirLAG.Valid valuesare165535.Thedefaultkeyvalueis32768. SetstheportsactorLACPadministrativestatetoallowfor: lacpactiveTransmittingLACPPDUs. lacptimeoutTransmittingLACPPDUsevery1sec.vs30sec.(default). lacpaggAggregationonthisport. lacpsyncTransitiontosynchronizationstate. lacpcollectTransitiontocollectionstate. lacpdistTransitiontodistributionstate. lacpdefTransitiontodefaultedstate. lacpexpireTransitiontoexpiredstate. aportpriaportpri asyspriasyspri Setstheportsactorportpriority.Validvaluesare065535,withlower valuesdesignatinghigherpriority. Setstheportsactorsystempriority.TheLACPimplementationontheG Seriesdeviceusesthisvaluetodetermineaggregationprecedencewhen therearetwodevicescompetingforthesameaggregator.Validvaluesare 065535,withhigherprecedencegiventolowervalues.
    Note: Only one LACP system priority can be set on a G-Series device, using either this command, or the set lacp asyspri command (set lacp asyspri on page 4-38).

    aadminkey aadminkey

    aadminstate lacpactive| lacptimeout| lacpagg|lacpsync |lacpcollect| lacpdist|lacpdef| lacpexpire

    enable

    (Optional)EnablesLACPDUprocessingonthisport.

    4-44

    Port Configuration

    clear port lacp

    disable padminkey padminkey padminport padminport padminportpri padminportpri

    (Optional)DisablesLACPDUprocessingonthisport. Setsadefaultvaluetouseastheportspartneradminkey.Onlyportswith matchingadminkeysareallowedtoaggregate.Validvaluesare165535. Setsadefaultvaluetouseastheportspartneradminvalue.Validvalues are165535. Setsadefaultvaluetouseastheportspartnerportpriority.Validvalues are065535,withlowervaluesgivenhigherpriority.

    SetsaportspartnerLACPadministrativestate.Seeaadminstateforvalid padminstate lacpactive| options. lacptimeout| lacpagg|lacpsync |lacpcollect| lacpdist|lacpdef| lacpexpire padminsysid padminsysid padminsyspri padminsyspri SetsadefaultvaluetouseastheportspartnersystemID.ThisisaMAC address. Setsadefaultvaluetouseastheportspartnerpriority.Validvaluesare0 65535,withlowervaluesgivenhigherpriority.

    Defaults
    Atleastoneparametermustbeenteredperportstring. Ifenableordisablearenotspecified,port(s)willbeenabledwiththeLACPparametersentered.

    Mode
    Switchcommand,readwrite.

    Usage
    LACPcommandsandparametersbeginningwithana(suchasaadminkey)setactorvalues. Correspondingcommandsandparametersbeginningwithap(suchaspadminkey)set correspondingpartnervalues.ActorreferstothelocaldeviceparticipatinginLACPnegotiation, whilepartnerreferstoitsremotedevicepartnerattheotherendofthenegotiation.Actorsand partnersmaintaincurrentstatusoftheotherviaLACPDUscontaininginformationabouttheir portsLACPstatusandoperationalstate.

    Example
    Thisexampleshowshowtosettheactoradminkeyto3555forportge.3.16:
    G3(su)->set port lacp ge.3.16 aadminkey 3555

    clear port lacp


    Usethiscommandtoclearlinkaggregationsettingsforoneormoreports.

    Syntax
    clear port lacp port port-string {[aadminkey] [aportpri] [asyspri] [aadminstate {lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire | all}] [padminsyspri] [padminsysid] [padminkey] [padminportpri] [padminport] [padminstate {lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire | all}]}

    Enterasys G-Series CLI Reference

    4-45

    clear port lacp

    Parameters
    portportstring Specifiesthephysicalport(s)onwhichLACPsettingswillbecleared.For adetaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage41. Clearsaportsactoradminkey. Clearsaportsactorportpriority. Clearstheportsactorsystempriority.

    aadminkey aportpri asyspri

    Clearsaportsspecificactoradminstate,orallactoradminstate(s).For aadminstate descriptionsofspecificstates,refertothesetportlacpcommand(set lacpactive| portlacponpage444). lacptimeout| lacpagg|lacpsync |lacpcollect| lacpdist|lacpdef| lacpexpire|all padminsyspri padminsysid padminkey padminportpri padminport Clearstheportsdefaultpartnerpriorityvalue. ClearstheportsdefaultpartnersystemID. Clearstheportsdefaultpartneradminkey. Clearstheportsdefaultpartnerportpriority. DeletesapartnerportfromtheLACPconfiguration.

    padminstate Clearstheportsspecificpartneradminstate,orallpartneradminstate(s). lacpactive| lacptimeout| lacpagg|lacpsync |lacpcollect| lacpdist|lacpdef| lacpexpire|all

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    IfyousetaporttoLACPpassiveusingthecommandclearportlacpport<portstring> aadminstatelacpactive,thecommandclearportlacpport<portstring>aadminstatelacptimeout willalsobeaddedtotheconfiguration.Ifyouunsetthefirstcommand,itwillremovethesecond commandautomaticallyfromtheconfigurationfile.

    Example
    Thisexampleshowshowtoclearalllinkaggregationparametersforportge.3.16:
    G3(su)->clear port lacp port ge.3.16

    4-46

    Port Configuration

    Configuring Protected Ports

    Configuring Protected Ports


    TheProtectedPortfeatureisusedtopreventportsfromforwardingtraffictoeachother,even whentheyareonthesameVLAN.Portsmaybedesignatedaseitherprotectedorunprotected. Portsareunprotectedbydefault.Multiplegroupsofprotectedportsaresupported.

    Protected Port Operation


    Portsthatareconfiguredtobeprotectedcannotforwardtraffictootherprotectedportsinthe samegroup,regardlessofhavingthesameVLANmembership.However,protectedportscan forwardtraffictoportswhichareunprotected(notlistedinanygroup).Protectedportscanalso forwardtraffictoprotectedportsinadifferentgroup,iftheyareinthesameVLAN.Unprotected portscanforwardtraffictobothprotectedandunprotectedports.Aportmaybelongtoonlyone groupofprotectedports. Thisfeatureonlyappliestoportswithinaswitch.Itdoesnotapplyacrossmultipleswitchesina network.

    Commands
    For information about... set port protected show port protected clear port protected set port protected name show port protected name clear port protected name Refer to page... 4-47 4-48 4-48 4-49 4-49 4-50

    set port protected


    Usethiscommandtospecifyaporttobeprotectedandassigntheporttoagroupofprotected ports.Aportcanbeassignedtoonlyonegroup.

    Syntax
    set port protected port-string group-id

    Parameters
    portstring groupid Specifiestheportorportstobeprotected. Specifiestheidofthegrouptowhichtheportsshouldbeassigned.Idcan rangefrom0to2.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Enterasys G-Series CLI Reference

    4-47

    show port protected

    Example
    Thisexampleshowshowtoassignportsge.1.1throughge.1.3toprotectedportgroup1:
    G3(rw)->set port protected ge.1.1-3 1

    show port protected


    Usethiscommandtodisplayinformationabouttheportsconfiguredforprotectedmode.

    Syntax
    show port protected [port-string] | [group-id]

    Parameters
    portstring groupid (Optional)Specifiestheportorportsforwhichtodisplayinformation. (Optional)Specifiestheidofthegroupforwhichtodisplayinformation. Idcanrangefrom0to2.

    Defaults
    Ifnoparametersareentered,informationaboutallprotectedportsisdisplayed.

    Mode
    Readonly.

    Example
    Thisexampleshowshowtodisplayinformationaboutallprotectedports:
    G3(ro)->show port protected Group id Port ---------------------1 ge.1.1 1 ge.1.2 1 ge.1.3

    clear port protected


    Usethiscommandtoremoveaportorgroupfromprotectedmode.

    Syntax
    clear port protected [port-string] | [group-id]

    Parameters
    portstring groupid (Optional)Specifiestheportorportstoremovefromprotectedmode. (Optional)Specifiestheidofthegrouptoremovefromprotectedmode. Idcanrangefrom0to2.

    Defaults
    Ifnoparametersareentered,allprotectedportsandgroupsarecleared.

    4-48

    Port Configuration

    set port protected name

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoclearprotectedportsge.1.1throughge.1.3:
    G3(rw)->clear port protected ge.1.1-3

    set port protected name


    Usethiscommandtoassignanametoaprotectedportgroupid.

    Syntax
    set port protected name group-id name

    Parameters
    groupid name Specifiestheidofthisgroup.Idcanrangefrom0to2. Specifiesanameforthegroup.Thenamecanbeupto32charactersin length.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoassignthenamegroup1toprotectedportgroup1:
    G3(rw)->set port protected name 1 group1

    show port protected name


    Usethiscommandtodisplaythenameforthegroupidsspecified.

    Syntax
    show port protected name group-id

    Parameters
    groupid Specifiestheidofthegrouptodisplay.Idcanrangefrom0to2.

    Defaults
    None.

    Mode
    Readonly.
    Enterasys G-Series CLI Reference 4-49

    clear port protected name

    Example
    Thisexampleshowshowtoshowthenameofprotectedportgroup1:
    G3(ro)->show port protected name 1 Group ID Group Name ----------------------------1 group1

    clear port protected name


    Usethiscommandtoclearthenameofaprotectedgroup.

    Syntax
    clear port protected name group-id

    Parameters
    groupid Specifiestheidofthegroupforwhichtoclearthename.Idcanrange from0to2.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoclearthenameofprotectedportgroup1:
    G3(rw)->clear port protected name 1

    4-50

    Port Configuration

    5
    SNMP Configuration
    ThischapterdescribestheSimpleNetworkManagementProtocol(SNMP)setofcommandsand howtousethem.
    For information about... SNMP Configuration Summary Reviewing SNMP Statistics Configuring SNMP Users, Groups, and Communities Configuring SNMP Access Rights Configuring SNMP MIB Views Configuring SNMP Target Parameters Configuring SNMP Target Addresses Configuring SNMP Notification Parameters Creating a Basic SNMP Trap Configuration Refer to page... 5-1 5-3 5-7 5-15 5-18 5-22 5-25 5-28 5-36

    SNMP Configuration Summary


    SNMPisanapplicationlayerprotocolthatfacilitatestheexchangeofmanagementinformation betweennetworkdevices.SNMPenablesnetworkadministratorstomanagenetwork performance,findandsolvenetworkproblems,andplanfornetworkgrowth. GSeriesdevicessupportthreeversionsofSNMP: Version1(SNMPv1)ThisistheinitialimplementationofSNMP.RefertoRFC1157fora fulldescriptionoffunctionality. Version2(SNMPv2c)ThesecondreleaseofSNMP,describedinRFC1907,hasadditions andenhancementstodatatypes,countersize,andprotocoloperations. Version3(SNMPv3)ThisisthemostrecentversionofSNMP,andincludessignificant enhancementstoadministrationandsecurity.SNMPv3isfullydescribedinRFC2571, RFC 2572,RFC2573,RFC2574,andRFC2575.

    SNMPv1 and SNMPv2c


    ThecomponentsofSNMPv1andSNMPv2cnetworkmanagementfallintothreecategories: Manageddevices(suchasaswitch). SNMPagentsandMIBs,includingSNMPtraps,communitystrings,andRemoteMonitoring (RMON)MIBs,whichrunonmanageddevices.
    Enterasys G-Series CLI Reference 5-1

    SNMP Configuration Summary

    SNMPnetworkmanagementapplications,suchastheEnterasysNetSightapplication,which communicatewithagentstogetstatisticsandalertsfromthemanageddevices.

    SNMPv3
    SNMPv3isaninteroperablestandardsbasedprotocolthatprovidessecureaccesstodevicesby authenticatingandencryptingframesoverthenetwork.Theadvancedsecurityfeaturesprovided inSNMPv3areasfollows: MessageintegrityCollectsdatasecurelywithoutbeingtamperedwithorcorrupted. AuthenticationDeterminesthemessageisfromavalidsource. EncryptionScramblesthecontentsofaframetopreventitfrombeingseenbyan unauthorizedsource.

    UnlikeSNMPv1andSNMPv2c,inSNMPv3,theconceptofSNMPagentsandSNMPmanagersno longerapply.TheseconceptshavebeencombinedintoanSNMPentity.AnSNMPentityconsists ofanSNMPengineandSNMPapplications.AnSNMPengineconsistsofthefollowingfour components: DispatcherThiscomponentsendsandreceivesmessages. MessageprocessingsubsystemThiscomponentacceptsoutgoingPDUsfromthe dispatcherandpreparesthemfortransmissionbywrappingtheminamessageheaderand returningthemtothedispatcher.Themessageprocessingsubsystemalsoacceptsincoming messagesfromthedispatcher,processeseachmessageheader,andreturnstheenclosedPDU tothedispatcher. SecuritysubsystemThiscomponentauthenticatesandencryptsmessages. AccesscontrolsubsystemThiscomponentdetermineswhichusersandwhichoperations areallowedaccesstomanagedobjects.

    About SNMP Security Models and Levels


    AnSNMPsecuritymodelisanauthenticationstrategythatissetupforauserandthegroupin whichtheuserresides.Asecuritylevelisthepermittedlevelofsecuritywithinasecuritymodel. ThethreelevelsofSNMPsecurityare:Noauthenticationrequired(NoAuthNoPriv); authenticationrequired(AuthNoPriv);andprivacy(authPriv).Acombinationofasecuritymodel andasecurityleveldetermineswhichsecuritymechanismisemployedwhenhandlinganSNMP frame.Table 51identifiesthelevelsofSNMPsecurityavailableonGSeriesdevicesand authenticationrequiredwithineachmodel. Table 5-1
    Model v1 v2c

    SNMP Security Levels


    Security Level NoAuthNoPriv NoAuthNoPriv Authentication Community string Community string Encryption None None How It Works Uses a community string match for authentication. Uses a community string match for authentication.

    5-2

    SNMP Configuration

    Reviewing SNMP Statistics

    Table 5-1
    Model v3

    SNMP Security Levels (Continued)


    Security Level NoAuthNoPriv AuthNoPriv Authentication User name MD5 or SHA Encryption None None How It Works Uses a user name match for authentication. Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides DES 56-bit encryption in addition to authentication based on the CBCDES (DES-56) standard.

    authPriv

    MD5 or SHA

    DES

    Using SNMP Contexts to Access Specific MIBs


    Bydefault,whenoperatingfromtheswitchCLI,GSeriesdevicesallowaccesstoallSNMPMIBs orcontexts.AcontextisacollectionofMIBobjects,oftenassociatedwithaparticularphysicalor logicaldevice. Ifnooptionalcontextparametersareconfiguredforv1andv2communitynamesandv3user groups,thesegroupsareabletoaccessallSNMPMIBobjectswheninswitchmode. SpecifyingacontextparameterwhensettingupSNMPusergroupwouldpermitorrestrictthe groupsswitchmanagementaccesstotheMIB(s)specifiedbythecontext(MIBobjectID)value. AllSNMPcontextsknowntothedevicecanbedisplayedusingtheshowsnmpcontextcommand asdescribedinshowsnmpcontextonpage 520.

    Example
    ThisexamplepermitsthepowergrouptomanageallMIBsviaSNMPv3:
    G3(su)->set snmp access powergroup security-model usm

    Configuration Considerations
    CommandsforconfiguringSNMPontheGSeriesdeviceareindependentduringtheSNMP setupprocess.Forinstance,targetparameterscanbespecifiedwhensettingupoptional notificationfilterseventhoughtheseparametershavenotyetbeencreatedwiththesetsnmp targetparamscommand.

    Reviewing SNMP Statistics


    Purpose
    ToreviewSNMPstatistics.

    Enterasys G-Series CLI Reference

    5-3

    show snmp engineid

    Commands
    For information about... show snmp engineid show snmp counters Refer to page... 5-4 5-5

    show snmp engineid


    UsethiscommandtodisplaytheSNMPlocalengineID.ThisistheSNMPv3engines administrativelyuniqueidentifier.

    Syntax
    show snmp engineid

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaySNMPengineproperties:
    G3(su)->show snmp engineid EngineId: 80:00:15:f8:03:00:e0:63:9d:b5:87 Engine Boots = 12 Engine Time = 162181 Max Msg Size = 2048

    Table 52providesanexplanationofthecommandoutput. Table 5-2 show snmp engineid Output Details


    What It Displays... String identifying the SNMP agent on the device. Number of times the SNMP engine has been started or reinitialized. Time in seconds since last reboot. Maximum accepted length, in bytes, of SNMP frame.

    Output Field EngineId Engine Boots Engine Time Max Msg Size

    5-4

    SNMP Configuration

    show snmp counters

    show snmp counters


    UsethiscommandtodisplaySNMPtrafficcountervalues.

    Syntax
    show snmp counters

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaySNMPcountervalues
    G3(su)->show snmp counters --- mib2 SNMP group counters: snmpInPkts = 396601 snmpOutPkts = 396601 snmpInBadVersions = 0 snmpInBadCommunityNames = 0 snmpInBadCommunityUses = 0 snmpInASNParseErrs = 0 snmpInTooBigs = 0 snmpInNoSuchNames = 0 snmpInBadValues = 0 snmpInReadOnlys = 0 snmpInGenErrs = 0 snmpInTotalReqVars = 403661 snmpInTotalSetVars = 534 snmpInGetRequests = 290 snmpInGetNexts = 396279 snmpInSetRequests = 32 snmpInGetResponses = 0 snmpInTraps = 0 snmpOutTooBigs = 0 snmpOutNoSuchNames = 11 snmpOutBadValues = 0 snmpOutGenErrs = 0 snmpOutGetRequests = 0 snmpOutGetNexts = 0 snmpOutSetRequests = 0 snmpOutGetResponses = 396601 snmpOutTraps = 0 snmpSilentDrops = 0 snmpProxyDrops = 0 --- USM Stats counters: usmStatsUnsupportedSecLevels = 0 usmStatsNotInTimeWindows = 0 usmStatsUnknownUserNames = 0

    Enterasys G-Series CLI Reference

    5-5

    show snmp counters

    usmStatsUnknownEngineIDs usmStatsWrongDigests usmStatsDecryptionErrors

    = 0 = 0 = 0

    Table 53providesanexplanationofthecommandoutput. Table 5-3 show snmp counters Output Details


    What It Displays... Number of messages delivered to the SNMP entity from the transport service. Number of SNMP messages passed from the SNMP protocol entity to the transport service. Number of SNMP messages delivered to the SNMP entity for an unsupported SNMP version. Number of SNMP messages delivered to the SNMP entity that used an SNMP community name not known to the entity. Number of SNMP messages delivered to the SNMP entity that represented an SNMP operation not allowed by the SNMP community named in the message. Number of ASN.1 (Abstract Syntax Notation) or BER (Basic Encoding Rules) errors encountered by the SNMP entity when decoding received SNMP messages. Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as tooBig. Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as noSuchName. Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as badValue. Number of valid SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as "readOnly." Number of SNMP PDUs delivered to the SNMP protocol entity with the value of the error-status field as "genErr." Number of MIB objects retrieved successfully by the SNMP protocol entity as the result of receiving valid SNMP Get-Request and Get-Next PDUs. Number of MIB objects altered successfully by the SNMP protocol entity as the result of receiving valid SNMP Set-Request PDUs. Number of SNMP Get-Request PDUs accepted and processed by the SNMP protocol entity. Number of SNMP Get-Next PDUs accepted and processed by the SNMP protocol entity. Number of SNMP Set-Request PDUs accepted and processed by the SNMP protocol entity. Number of SNMP Get-Response PDUs accepted and processed by the SNMP protocol entity. Number of SNMP Trap PDUs accepted and processed by the SNMP protocol entity. Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error-status field as "tooBig." Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error-status as "noSuchName."

    Output Field snmpInPkts snmpOutPkts snmpInBadVersions snmpInBadCommunityNames snmpInBadCommunityUses

    snmpInASNParseErrs

    snmpInTooBigs snmpInNoSuchNames snmpInBadValues snmpInReadOnlys snmpInGenErrs snmpInTotalReqVars

    snmpInTotalSetVars snmpInGetRequests snmpInGetNexts snmpInSetRequests snmpInGetResponses snmpInTraps snmpOutTooBigs snmpOutNoSuchNames

    5-6

    SNMP Configuration

    Configuring SNMP Users, Groups, and Communities

    Table 5-3

    show snmp counters Output Details (Continued)


    What It Displays... Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error-status field as "badValue." Number of SNMP PDUs generated by the SNMP protocol entity with the value of the error-status field as "genErr." Number of SNMP Get-Request PDUs generated by the SNMP protocol entity. Number of SNMP Get-Next PDUs generated by the SNMP protocol entity. Number of SNMP Set-Request PDUs generated by the SNMP protocol entity. Number of SNMP Get-Response PDUs generated by the SNMP protocol entity. Number of SNMP Trap PDUs generated by the SNMP protocol entity. Number of SNMP Get, Set, or Inform request error messages that were dropped because the reply was larger than the requestors maximum message size. Number of SNMP Get, Set, or Inform request error messages that were dropped because the reply was larger than the proxy targets maximum message size. Number of packets received by the SNMP engine that were dropped because they requested a security level that was unknown to the SNMP engine or otherwise unavailable. Number of packets received by the SNMP engine that were dropped because they appeared outside of the authoritative SNMP engine's window. Number of packets received by the SNMP engine that were dropped because they referenced a user that was not known to the SNMP engine. Number of packets received by the SNMP engine that were dropped because they referenced an snmpEngineID that was not known to the SNMP engine. Number of packets received by the SNMP engine that were dropped because they did not contain the expected digest value. Number of packets received by the SNMP engine that were dropped because they could not be decrypted.

    Output Field snmpOutBadValues snmpOutGenErrs snmpOutGetRequests snmpOutGetNexts snmpOutSetRequests snmpOutGetResponses snmpOutTraps snmpSilentDrops

    snmpProxyDrops

    usmStatsUnsupportedSec Levels usmStatsNotInTimeWindows

    usmStatsUnknownUserNames

    usmStatsUnknownEngineIDs

    usmStatsWrongDigests usmStatsDecriptionErrors

    Configuring SNMP Users, Groups, and Communities


    Purpose
    ToreviewandconfigureSNMPusers,groups,andv1andv2communities.Thesearedefinedas follows: UserApersonregisteredinSNMPv3toaccessSNMPmanagement. GroupAcollectionofuserswhosharethesameSNMPaccessprivileges. CommunityAnameusedtoauthenticateSNMPv1andv2users.

    Enterasys G-Series CLI Reference

    5-7

    show snmp user

    Commands
    For information about... show snmp user set snmp user clear snmp user show snmp group set snmp group clear snmp group show snmp community set snmp community clear snmp community Refer to page... 5-8 5-9 5-10 5-10 5-12 5-12 5-13 5-13 5-14

    show snmp user


    UsethiscommandtodisplayinformationaboutSNMPusers.Thesearepeopleregisteredto accessSNMPmanagement.

    Syntax
    show snmp user [list] | [user] | [remote remote] [volatile | nonvolatile | readonly]

    Parameters
    list user remoteremote (Optional)DisplaysalistofregisteredSNMPusernames. (Optional)Displaysinformationaboutaspecificuser. (Optional)DisplaysinformationaboutusersonaspecificremoteSNMP engine.

    volatile|nonvolatile (Optional)Displaysuserinformationforaspecifiedstoragetype. |readonly

    Defaults
    Iflistisnotspecified,detailedSNMPinformationwillbedisplayed. Ifuserisnotspecified,informationaboutallSNMPuserswillbedisplayed. Ifremoteisnotspecified,userinformationaboutthelocalSNMPenginewillbedisplayed. Ifnotspecified,userinformationforallstoragetypeswillbedisplayed.

    Mode
    Switchcommand,readonly.

    5-8

    SNMP Configuration

    set snmp user

    Examples
    ThisexampleshowshowtodisplayanSNMPuserlist:
    G3(su)->show snmp user list --- SNMP user information ----- List of registered users: Guest admin1 admin2 netops

    ThisexampleshowshowtodisplayinformationfortheSNMPguestuser:
    (su)->show snmp user guest --- SNMP user information --EngineId: 00:00:00:63:00:00:00:a1:00:00:00:00 Username = Guest Auth protocol = usmNoAuthProtocol Privacy protocol = usmNoPrivProtocol Storage type = nonVolatile Row status = active

    Table 54providesanexplanationofthecommandoutput. Table 5-4 show snmp user Output Details


    Output Field EngineId Username Auth protocol Privacy protocol Storage type Row status What It Displays... SNMP local engine identifier. SNMPv1 or v2 community name or SNMPv3 user name. Type of authentication protocol applied to this user. Whether a privacy protocol is applied when authentication protocol is in use. Whether entry is stored in volatile, nonvolatile or read-only memory. Status of this entry: active, notInService, or notReady.

    set snmp user


    UsethiscommandtocreateanewSNMPv3user.

    Syntax
    set snmp user user [remote remoteid] [authentication {md5 | sha}] [authpassword] [privacy privpassword] [volatile | nonvolatile]

    Parameters
    user remoteremoteid SpecifiesanamefortheSNMPv3user. (Optional)RegisterstheuseronaspecificremoteSNMPengine.

    authenticationmd5 (Optional)SpecifiestheauthenticationtyperequiredforthisuserasMD5 |sha orSHA. authpassword (Optional)Specifiesapasswordforthisuserwhenauthenticationis required.Minimumof8characters.

    privacyprivpassword (Optional)Appliesencryptionandspecifiesanencryptionpassword. Minimumof8characters.


    Enterasys G-Series CLI Reference 5-9

    clear snmp user

    volatile| nonvolatile

    (Optional)Specifiesastoragetypeforthisuserentry.

    Defaults
    Ifremoteisnotspecified,theuserwillberegisteredforthelocalSNMPengine. Ifauthenticationisnotspecified,noauthenticationwillbeapplied. Ifprivacyisnotspecified,noencryptionwillbeapplied. Ifstoragetypeisnotspecified,nonvolatilewillbeapplied.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocreateanewSNMPusernamednetops.Bydefault,thisuserwillbe registeredonthelocalSNMPenginewithoutauthenticationandencryption.Entriesrelatedtothis userwillbestoredinpermanent(nonvolatile)memory:
    G3(su)->set snmp user netops

    clear snmp user


    UsethiscommandtoremoveauserfromtheSNMPv3securitymodellist.

    Syntax
    clear snmp user user [remote remote]

    Parameters
    user remoteremote SpecifiesanSNMPv3usertoremove. (Optional)RemovestheuserfromaspecificremoteSNMPengine.

    Defaults
    Ifremoteisnotspecified,theuserwillberemovedfromthelocalSNMPengine.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoremovetheSNMPusernamedbill:
    G3(su)->clear snmp user bill

    show snmp group


    UsethiscommandtodisplayanSNMPgroupconfiguration.AnSNMPgroupisacollectionof SNMPv3userswhosharethesameaccessprivileges.

    5-10

    SNMP Configuration

    show snmp group

    Syntax
    show snmp group [groupname groupname] [user user] [security-model {v1 | v2c | usm}] [volatile | nonvolatile | read-only]

    Parameters
    groupname groupname useruser (Optional)DisplaysinformationforaspecificSNMPgroup. (Optional)Displaysinformationaboutuserswithinthespecifiedgroup.

    securitymodelv1| (Optional)Displaysinformationaboutgroupsassignedtoaspecific v2c|usm securitySNMPmodel. volatile| nonvolatile|read only (Optional)DisplaysSNMPgroupinformationforaspecifiedstoragetype.

    Defaults
    Ifgroupnameisnotspecified,informationaboutallSNMPgroupswillbedisplayed. Ifuserisnotspecified,informationaboutallSNMPuserswillbedisplayed. Ifsecuritymodelisnotspecified,userinformationaboutallSNMPversionswillbedisplayed. Ifnotspecified,informationforallstoragetypeswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaySNMPgroupinformation:
    G3(su)->show snmp group --- SNMP group information --Security model = SNMPv1 Security/user name = public Group name = Anyone Storage type = nonVolatile Row status = active Security model Security/user name Group name Storage type Row status = = = = = SNMPv1 public.router1 Anyone nonVolatile active

    Table 55providesanexplanationofthecommandoutput. Table 5-5 show snmp group Output Details


    Output Field Security model Security/user name Group name Storage type Row status What It Displays... SNMP version associated with this group. User belonging to the SNMP group. Name of SNMP group. Whether entry is stored in volatile, nonvolatile or read-only memory. Status of this entry: active, notInService, or notReady.

    Enterasys G-Series CLI Reference

    5-11

    set snmp group

    set snmp group


    UsethiscommandtocreateanSNMPgroup.ThisassociatesSNMPv3userstoagroupthatshares commonaccessprivileges.

    Syntax
    set snmp group groupname user user security-model {v1 | v2c | usm} [volatile | nonvolatile]

    Parameters
    groupname useruser SpecifiesanSNMPgroupnametocreate. SpecifiesanSNMPv3usernametoassigntothegroup.

    securitymodelv1| SpecifiesanSNMPsecuritymodeltoassigntothegroup. v2c|usm volatile| nonvolatile (Optional)SpecifiesastoragetypeforSNMPentriesassociatedwiththe group.

    Defaults
    Ifstoragetypeisnotspecified,nonvolatilestoragewillbeapplied.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocreateanSNMPgroupcalledanyone,assignausernamedpublic andassignSNMPv3securitytothegroup:
    G3(su)->set snmp group anyone user public security-model usm

    clear snmp group


    UsethiscommandtoclearSNMPgroupsettingsgloballyorforaspecificSNMPgroupanduser.

    Syntax
    clear snmp group groupname user [security-model {v1 | v2c | usm}]

    Parameters
    groupname user SpecifiestheSNMPgrouptobecleared. SpecifiestheSNMPusertobecleared.

    securitymodelv1| (Optional)Clearsthesettingsassociatedwithaspecificsecuritymodel. v2c|usm

    Defaults
    If not specified, settings related to all security models will be cleared.

    Mode
    Switchcommand,readwrite.
    5-12 SNMP Configuration

    show snmp community

    Example
    ThisexampleshowshowtoclearallsettingsassignedtothepublicuserwithintheSNMPgroup anyone:
    G3(su)->clear snmp group anyone public

    show snmp community


    UsethiscommandtodisplaySNMPcommunitynamesandstatus.InSNMPv1andv2, communitynamesactaspasswordstoremotemanagement.

    Syntax
    show snmp community [name]

    Parameters
    name (Optional)DisplaysSNMPinformationforaspecificcommunityname.

    Defaults
    Ifnameisnotspecified,informationwillbedisplayedforallSNMPcommunities.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayinformationabouttheSNMPpubliccommunityname.For adescriptionofthisoutput,refertosetsnmpcommunity(page513).
    G3(su)->show snmp community public --- Configured community strings --Name Security name Context Transport tag Storage type Status = = = = = = ********* public

    nonVolatile active

    set snmp community


    UsethiscommandtoconfigureanSNMPcommunitygroup.

    Syntax
    set snmp community community [securityname securityname] [context context] [transport transport] [volatile | nonvolatile]

    Parameters
    community securityname securityname Specifiesacommunitygroupname. (Optional)SpecifiesanSNMPsecuritynametoassociatewiththis community.
    Enterasys G-Series CLI Reference 5-13

    clear snmp community

    contextcontext

    (Optional)Specifiesasubsetofmanagementinformationthiscommunity willbeallowedtoaccess.Validvaluesarefullorpartialcontextnames.To reviewallcontextsconfiguredforthedevice,usetheshowsnmpcontext commandasdescribedinshowsnmpcontextonpage 520. (Optional)SpecifiesthesetoftransportendpointsfromwhichSNMP requestwiththiscommunitynamewillbeaccepted.Makesalinktoa targetaddresstable. (Optional)Specifiesthestoragetypefortheseentries.

    transporttransport

    volatile| nonvolatile

    Defaults
    Ifsecuritynameisnotspecified,thecommunitynamewillbeused. Ifcontextisnotspecified,accesswillbegrantedforthedefaultcontext. Iftransporttagisnotspecified,nonewillbeapplied. Ifstoragetypeisnotspecified,nonvolatilewillbeapplied.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetanSNMPcommunitynamecalledvip
    G3(su)->set snmp community vip

    clear snmp community


    UsethiscommandtodeleteanSNMPcommunityname.

    Syntax
    clear snmp community name

    Parameters
    name SpecifiestheSNMPcommunitynametoclear.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtodeletethecommunitynamevip.
    G3(su)->clear snmp community vip

    5-14

    SNMP Configuration

    Configuring SNMP Access Rights

    Configuring SNMP Access Rights


    Purpose
    ToreviewandconfigureSNMPaccessrights,assigningviewingprivilegesandsecuritylevelsto SNMPusergroups.

    Commands
    For information about... show snmp access set snmp access clear snmp access Refer to page... 5-15 5-16 5-18

    show snmp access


    UsethiscommandtodisplayaccessrightsandsecuritylevelsconfiguredforSNMPoneormore groups.

    Syntax
    show snmp access [groupname] [security-model {v1 | v2c | usm}] [noauthentication | authentication | privacy] [context context] [volatile | nonvolatile | read-only]

    Parameters
    groupname (Optional)DisplaysaccessinformationforaspecificSNMPv3group. securitymodelv1| (Optional)DisplaysaccessinformationforSNMPsecuritymodelversion v2c|usm 1,2cor3(usm). noauthentication| authentication| privacy contextcontext (Optional)Displaysaccessinformationforaspecificsecuritylevel.

    (Optional)Displaysaccessinformationforaspecificcontext.Fora descriptionofhowtospecifySNMPcontexts,refertoUsingSNMP ContextstoAccessSpecificMIBsonpage 53. (Optional)Displaysaccessentriesforaspecificstoragetype.

    volatile| nonvolatile|read only

    Defaults
    Ifgroupnameisnotspecified,accessinformationforallSNMPgroupswillbedisplayed. Ifsecuritymodelisnotspecified,accessinformationforallSNMPversionswillbedisplayed. Ifnoauthentication,authenticationorprivacyarenotspecified,accessinformationforall securitylevelswillbedisplayed. Ifcontextisnotspecified,allcontextswillbedisplayed. Ifvolatile,nonvolatileorreadonlyarenotspecified,allentriesofallstoragetypeswillbe displayed.
    Enterasys G-Series CLI Reference 5-15

    set snmp access

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaySNMPaccessinformation:
    G3(su)->show snmp Group = Security model = Security level = Read View = Write View = Notify View = Context match = Storage type = Row status = Group Security model Security level Read View Write View Notify View Context match Storage type Row status = = = = = = = = = access SystemAdmin USM noAuthNoPriv All All exact match nonVolatile active NightOperator USM noAuthNoPriv All All exact match nonVolatile active

    Table 56providesanexplanationofthecommandoutput. Table 5-6 show snmp access Output Details


    Output Field Group Security model Security level What It Displays... SNMP group name. Security model applied to this group. Valid types are: SNMPv1, SNMPv2c, and SNMPv3 (User based - USM). Security level applied to this group. Valid levels are: noAuthNoPrivacy (no authentication required) AuthNoPrivacy (authentication required) authPriv (privacy -- most secure level) Read View Write View Notify View Context match Storage type Row status Name of the view that allows this group to view SNMP MIB objects. Name of the view that allows this group to configure the contents of the SNMP agent. Name of the view that allows this group to send an SNMP trap message. Whether or not SNMP context match must be exact (full context name match) or a partial match with a given prefix. Whether access entries for this group are stored in volatile, nonvolatile or read-only memory. Status of this entry: active, notInService, or notReady.

    set snmp access


    UsethiscommandtosetanSNMPaccessconfiguration.

    5-16

    SNMP Configuration

    set snmp access

    Syntax
    set snmp access groupname security-model {v1 | v2c | usm} [noauthentication | authentication | privacy] [context context] [exact | prefix] [read read] [write write] [notify notify] [volatile | nonvolatile]

    Parameters
    groupname SpecifiesanameforanSNMPv3group. securitymodelv1| SpecifiesSNMPversion1,2cor3(usm). v2c|usm noauthentication| authentication| privacy (Optional)AppliesSNMPsecuritylevelasnoauthentication, authentication(withoutprivacy)orprivacy.Privacyspecifiesthat messagessentonbehalfoftheuserareprotectedfromdisclosure.

    contextcontextexact (Optional)Setsthecontextforthisaccessconfigurationandspecifiesthat |prefix thematchmustbeexact(matchingthewholecontextstring)oraprefix matchonly.ContextisasubsetofmanagementinformationthisSNMP groupwillbeallowedtoaccess.Validvaluesarefullorpartialcontext names.Toreviewallcontextsconfiguredforthedevice,usetheshow snmpcontextcommandasdescribedinshowsnmpcontexton page 520. readread writewrite notifynotify volatile| nonvolatile|read only (Optional)Specifiesareadaccessview. (Optional)Specifiesawriteaccessview. (Optional)Specifiesanotifyaccessview. (Optional)StoresassociatedSNMPentriesastemporaryorpermanent,or readonly.

    Defaults
    Ifsecuritylevelisnotspecified,noauthenticationwillbeapplied. Ifcontextisnotspecified,accesswillbeenabledforthedefaultcontext.Ifcontextisspecified withoutacontextmatch,exactmatchwillbeapplied. Ifreadviewisnotspecifiednonewillbeapplied. Ifwriteviewisnotspecified,nonewillbeapplied. Ifnotifyviewisnotspecified,nonewillbeapplied. Ifstoragetypeisnotspecified,entrieswillbestoredaspermanentandwillbeheldthroughdevice reboot.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexamplepermitsthepowergrouptomanageallMIBsviaSNMPv3:
    G3(su)->set snmp access powergroup security-model usm

    Enterasys G-Series CLI Reference

    5-17

    clear snmp access

    clear snmp access


    UsethiscommandtocleartheSNMPaccessentryofaspecificgroup,includingitssetSNMP securitymodel,andlevelofsecurity.

    Syntax
    clear snmp access groupname security-model {v1 | v2c | usm} [noauthentication | authentication | privacy] [context context]

    Parameters
    groupname SpecifiesthenameoftheSNMPgroupforwhichtoclearaccess. securitymodelv1| SpecifiesthesecuritymodeltobeclearedfortheSNMPaccessgroup. v2c|usm noauthentication| authentication| privacy contextcontext (Optional)ClearsaspecificsecuritylevelfortheSNMPaccessgroup.

    (Optional)ClearsaspecificcontextfortheSNMPaccessgroup.Enter// toclearthedefaultcontext.

    Defaults
    Ifsecuritylevelisnotspecified,alllevelswillbecleared. Ifcontextisnotspecified,nonewillbeapplied.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoclearSNMPversion3accessforthemisgroupviathe authenticationprotocol:
    G3(su)->clear snmp access mis-group security-model usm authentication

    Configuring SNMP MIB Views


    Purpose
    ToreviewandconfigureSNMPMIBviews.SNMPviewsmapSNMPobjectstoaccessrights.

    Commands
    For information about... show snmp view show snmp context set snmp view clear snmp view Refer to page... 5-19 5-20 5-20 5-21

    5-18

    SNMP Configuration

    show snmp view

    show snmp view


    UsethiscommandtodisplaytheMIBconfigurationforSNMPv3viewbasedaccess(VACM).

    Syntax
    show snmp view [viewname] [subtree oid-or-mibobject] [volatile | nonvolatile | read-only]

    Parameters
    viewname subtreeoidormibobject volatile|nonvolatile| readonly (Optional)DisplaysinformationforaspecificMIBview. (Optional)DisplaysinformationforaspecificMIBsubtreewhen viewnameisspecified. (Optional)Displaysentriesforaspecificstoragetype.

    Defaults
    Ifnoparametersarespecified,allSNMPMIBviewconfigurationinformationwillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaySNMPMIBviewconfigurationinformation:
    G3(su)->show snmp view --- SNMP MIB View information --View Name = All Subtree OID = 1 Subtree mask = View Type = included Storage type = nonVolatile Row status = active View Name Subtree OID Subtree mask View Type Storage type Row status View Name Subtree OID Subtree mask View Type Storage type Row status = = = = = = = = = = = = All 0.0 included nonVolatile active Network 1.3.6.1.2.1 included nonVolatile active

    Table 57providesanexplanationofthecommandoutput.Fordetailsonusingthesetsnmpview commandtoassignvariables,refertosetsnmpviewonpage 520.

    Enterasys G-Series CLI Reference

    5-19

    show snmp context

    Table 5-7

    show snmp view Output Details


    Output Field View Name Subtree OID Subtree mask View Type Storage type Row status What It Displays... Name assigned to a MIB view. Name identifying a MIB subtree. Bitmask applied to a MIB subtree. Whether or not subtree use must be included or excluded for this view. Whether storage is in nonVolatile or Volatile memory Status of this entry: active, notInService, or notReady.

    show snmp context


    UsethiscommandtodisplaythecontextlistconfigurationforSNMPsviewbasedaccesscontrol.

    Syntax
    show snmp context

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Usage
    AnSNMPcontextisacollectionofmanagementinformationthatcanbeaccessedbyanSNMP agentorentity.ThedefaultcontextallowsallSNMPagentstoaccessallmanagementinformation (MIBs).Whencreatedusingthesetsnmpaccesscommand(setsnmpaccessonpage 516),other contextscanbeappliedtolimitaccesstoasubsetofmanagementinformation.

    Example
    ThisexampleshowshowtodisplayalistofallSNMPcontextsknowntothedevice:
    G3(su)->show snmp context --- Configured contexts: default context (all mibs)

    set snmp view


    UsethiscommandtosetaMIBconfigurationforSNMPv3viewbasedaccess(VACM).

    Syntax
    set snmp view viewname viewname subtree subtree [mask mask] [included | excluded] [volatile | nonvolatile]

    5-20

    SNMP Configuration

    clear snmp view

    Parameters
    viewnameviewname SpecifiesanameforaMIBview. subtreesubtree maskmask included| excluded volatile| nonvolatile SpecifiesaMIBsubtreename. (Optional)Specifiesabitmaskforasubtree. (Optional)Specifiessubtreeuse(default)ornosubtreeuse. (Optional)Specifiestheuseoftemporaryorpermanent(default)storage.

    Defaults
    Ifnotspecified,maskwillbesetto255.255.255.255 Ifnotspecified,subtreeusewillbeincluded. Ifstoragetypeisnotspecified,nonvolatile(permanent)willbeapplied.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetanSNMPMIBviewtopublicwithasubtreenameof1.3.6.1 included:
    G3(su)->set snmp view viewname public subtree 1.3.6.1 included

    clear snmp view


    UsethiscommandtodeleteanSNMPv3MIBview.

    Syntax
    clear snmp view viewname subtree

    Parameters
    viewname subtree SpecifiestheMIBviewnametobedeleted. SpecifiesthesubtreenameoftheMIBviewtobedeleted.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodeleteSNMPMIBviewpublic:
    G3(su)->clear snmp view public 1.3.6.1

    Enterasys G-Series CLI Reference

    5-21

    Configuring SNMP Target Parameters

    Configuring SNMP Target Parameters


    Purpose
    ToreviewandconfigureSNMPtargetparameters.Thiscontrolswhereandunderwhat circumstancesSNMPnotificationswillbesent.Atargetparameterentrycanbeboundtoatarget IPaddressallowedtoreceiveSNMPnotificationmessageswiththesetsnmptargetaddr command(setsnmptargetaddronpage 526).

    Commands
    For information about... show snmp targetparams set snmp targetparams clear snmp targetparams Refer to page... 5-22 5-23 5-24

    show snmp targetparams


    UsethiscommandtodisplaySNMPparametersusedtogenerateamessagetoatarget.

    Syntax
    show snmp targetparams [targetParams] [volatile | nonvolatile | read-only]

    Parameters
    targetParams volatile|nonvolatile| readonly (Optional)Displaysentriesforaspecifictargetparameter. (Optional)Displaystargetparameterentriesforaspecificstorage type.

    Defaults
    IftargetParamsisnotspecified,entriesassociatedwithalltargetparameterswillbedisplayed. Ifnotspecified,entriesofallstoragetypeswillbedisplayed.

    Mode
    Switchcommand,readonly.

    5-22

    SNMP Configuration

    set snmp targetparams

    Example
    ThisexampleshowshowtodisplaySNMPtargetparametersinformation:
    G3(su)->show snmp targetparams --- SNMP TargetParams information --Target Parameter Name = v1ExampleParams Security Name = public Message Proc. Model = SNMPv1 Security Level = noAuthNoPriv Storage type = nonVolatile Row status = active Target Parameter Name = v2cExampleParams Security Name = public Message Proc. Model = SNMPv2c Security Level = noAuthNoPriv Storage type = nonVolatile Row status = active Target Parameter Name Security Name Message Proc. Model Security Level Storage type Row status = = = = = = v3ExampleParams CharlieDChief USM authNoPriv nonVolatile active

    Table 58providesanexplanationofthecommandoutput. Table 5-8 show snmp targetparams Output Details


    Output Field Target Parameter Name Security Name Message Proc. Model Security Level What It Displays... Unique identifier for the parameter in the SNMP target parameters table. Maximum length is 32 bytes. Security string definition. SNMP version. Type of security level (auth: security level is set to use authentication protocol, noauth: security level is not set to use authentication protocol, or privacy). Whether entry is stored in volatile, nonvolatile or read-only memory. Status of this entry: active, notInService, or notReady.

    Storage type Row status

    set snmp targetparams


    UsethiscommandtosetSNMPtargetparameters,anamedsetofsecurity/authorizationcriteria usedtogenerateamessagetoatarget.

    Syntax
    set snmp targetparams paramsname user user security-model {v1 | v2c | usm} messageprocessing {v1 | v2c | v3} [noauthentication | authentication | privacy] [volatile | nonvolatile]

    Parameters
    paramsname SpecifiesanameidentifyingparametersusedtogenerateSNMPmessages toaparticulartarget.

    Enterasys G-Series CLI Reference

    5-23

    clear snmp targetparams

    useruser

    SpecifiesanSNMPv1orv2communitynameoranSNMPv3username. Maximumlengthis32bytes.

    securitymodelv1| SpecifiestheSNMPsecuritymodelappliedtothistargetparameteras v2c|usm version1,2cor3(usm). message SpecifiestheSNMPmessageprocessingmodelappliedtothistarget processingv1|v2c parameterasversion1,2cor3. |v3 noauthentication| authentication| privacy volatile| nonvolatile (Optional)SpecifiestheSNMPsecuritylevelappliedtothistarget parameterasnoauthentication,authentication(withoutprivacy)or privacy.Privacyspecifiesthatmessagessentonbehalfoftheuserare protectedfromdisclosure. (Optional)Specifiesthestoragetypeappliedtothistargetparameter.

    Defaults
    None. Ifnotspecified,securitylevelwillbesettonoauthentication. Ifnotspecified,storagetypewillbesettononvolatile.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetSNMPtargetparametersnamedv1ExampleParamsforauser namedfredusingversion3securitymodelandmessageprocessing,andauthentication:
    G3(su)->set snmp targetparams v1ExampleParams user fred security-model usm message-processing v3 authentication

    clear snmp targetparams


    UsethiscommandtocleartheSNMPtargetparameterconfiguration.

    Syntax
    clear snmp targetparams targetParams

    Parameters
    targetParams SpecifiesthenameoftheparameterintheSNMPtargetparameterstable tobecleared.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    5-24

    SNMP Configuration

    Configuring SNMP Target Addresses

    Example
    ThisexampleshowshowtoclearSNMPtargetparametersnamedv1ExampleParams:
    G3(su)->clear snmp targetparams v1ExampleParams

    Configuring SNMP Target Addresses


    Purpose
    ToreviewandconfigureSNMPtargetaddresseswhichwillreceiveSNMPnotificationmessages. AnaddressconfigurationcanbelinkedtooptionalSNMPtransmit,ortarget,parameters(suchas timeout,retrycount,andUDPport)setwiththesetsnmptargetparamscommand((page523)).

    Commands
    For information about... show snmp targetaddr set snmp targetaddr clear snmp targetaddr Refer to page... 5-25 5-26 5-27

    show snmp targetaddr


    UsethiscommandtodisplaySNMPtargetaddressinformation.

    Syntax
    show snmp targetaddr [targetAddr] [volatile | nonvolatile | read-only]

    Parameters
    targetAddr (Optional)Displaysinformationforaspecifictargetaddressname. volatile|nonvolatile (Optional)Whentargetaddressisspecified,displaystargetaddress |readonly informationforaspecificstoragetype.

    Defaults
    IftargetAddrisnotspecified,entriesforalltargetaddressnameswillbedisplayed. Ifnotspecified,entriesofallstoragetypeswillbedisplayedforatargetaddress.

    Mode
    Switchcommand,readonly.

    Enterasys G-Series CLI Reference

    5-25

    set snmp targetaddr

    Example
    ThisexampleshowshowtodisplaySNMPtargetaddressinformation:
    G3(su)->show snmp targetaddr Target Address Name = labmachine Tag List = v2cTrap IP Address = 10.2.3.116 UDP Port# = 162 Target Mask = 255.255.255.255 Timeout = 1500 Retry count = 4 Parameters = v2cParams Storage type = nonVolatile Row status = active

    Table 59providesanexplanationofthecommandoutput. Table 5-9 show snmp targetaddr Output Details


    Output Field Target Address Name Tag List IP Address UDP Port# Target Mask Timeout Retry count Parameters Storage type Row status What It Displays... Unique identifier in the snmpTargetAddressTable. Tags a location to the target address as a place to send notifications. Target IP address. Number of the UDP port of the target host to use. Target IP address mask. Timeout setting for the target address. Retry setting for the target address. Entry in the snmpTargetParamsTable. Whether entry is stored in volatile, nonvolatile or read-only memory. Status of this entry: active, notInService, or notReady.

    set snmp targetaddr


    UsethiscommandtoconfigureanSNMPtargetaddress.Thetargetaddressisauniqueidentifier andaspecificIPaddressthatwillreceiveSNMPnotificationmessagesanddeterminewhich communitystringswillbeaccepted.ThisaddressconfigurationcanbelinkedtooptionalSNMP transmitparameters(suchastimeout,retrycount,andUDPport).

    Syntax
    set snmp targetaddr targetaddr ipaddr param param [udpport udpport] [mask mask] [timeout timeout] [retries retries] [taglist taglist] [volatile | nonvolatile]

    Parameters
    targetaddr ipaddr paramparam udpportudpport maskmask
    5-26 SNMP Configuration

    SpecifiesauniqueidentifiertoindexthesnmpTargetAddrTable. Maximumlengthis32bytes. SpecifiestheIPaddressofthetarget. SpecifiesanentryintheSNMPtargetparameterstable,whichisused whengeneratingamessagetothetarget.Maximumlengthis32bytes. (Optional)SpecifieswhichUDPportofthetargethosttouse. (Optional)SpecifiestheIPmaskofthetarget.

    clear snmp targetaddr

    timeouttimeout

    (Optional)Specifiesthemaximumroundtriptimeallowedto communicatetothistargetaddress.Thisvalueisin.01secondsandthe defaultis1500(15seconds.) (Optional)Specifiesthenumberofmessageretriesallowedifaresponseis notreceived.Defaultis3. (Optional)SpecifiesalistofSNMPnotifytagvalues.Thistagsalocation tothetargetaddressasaplacetosendnotifications.Listmustbeenclosed inquotesandtagvaluesmustbeseparatedbyaspace(forexample, tag1tag2). (Optional)Specifiestemporary(default),orpermanentstorageforSNMP entries.

    retriesretries taglisttaglist

    volatile| nonvolatile

    Defaults
    Ifnotspecified,udpportwillbesetto162. Ifnotspecified,maskwillbesetto255.255.255.255 Ifnotspecified,timeoutwillbesetto1500. Ifnotspecified,numberofretrieswillbesetto3. Iftaglistisnotspecified,nonewillbeset. Ifnotspecified,storagetypewillbenonvolatile.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoconfigureatrapnotificationcalledTrapSink.Thistrapnotification willbesenttotheworkstation192.168.190.80(whichistargetaddresstr).Itwillusesecurityand authorizationcriteriacontainedinatargetparametersentrycalledv2cExampleParams.For moreinformationonconfiguringabasicSNMPtrap,refertoCreatingaBasicSNMPTrap Configurationonpage 536:
    G3(su)->set snmp targetaddr tr 192.168.190.80 param v2cExampleParams taglist TrapSink

    clear snmp targetaddr


    UsethiscommandtodeleteanSNMPtargetaddressentry.

    Syntax
    clear snmp targetaddr targetAddr

    Parameters
    targetAddr Specifiesthetargetaddressentrytodelete.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    5-27

    Configuring SNMP Notification Parameters

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoclearSNMPtargetaddressentrytr:
    G3(su)->clear snmp targetaddr tr

    Configuring SNMP Notification Parameters


    About SNMP Notify Filters
    ProfilesindicatingwhichtargetsshouldnotreceiveSNMPnotificationmessagesarekeptinthe NotifyFiltertable.Ifthistableisempty,meaningthatnofilteringisassociatedwithanySNMP target,thennofilteringwilltakeplace.Trapsorinformsnotificationswillbesenttoall destinationsintheSNMPtargetAddrTablethathavetagsmatchingthosefoundinthe NotifyTable. WhentheNotifyFiltertablecontainsprofileentries,theSNMPagentwillfindanyfilterprofile namethatcorrespondstothetargetparameternamecontainedinanoutgoingnotification message.Itwillthenapplytheappropriatesubtreespecificfilterwhengeneratingnotification messages.

    Purpose
    ToconfigureSNMPnotificationparametersandoptionalfilters.Notificationsareentitieswhich handlethegenerationofSNMPv1andv2trapsorSNMPv3informsmessagestoselect managementtargets.Optionalnotificationfiltersidentifywhichtargetsshouldnotreceive notifications.ForasampleSNMPtrapconfigurationshowinghowSNMPnotificationparameters areassociatedwithsecurityandauthorizationcriteria(targetparameters)andmappedtoa managementtargetaddress,refertoCreatingaBasicSNMPTrapConfigurationonpage 536.

    Commands
    For information about... show newaddrtrap set newaddrtrap show snmp notify set snmp notify clear snmp notify show snmp notifyfilter set snmp notifyfilter clear snmp notifyfilter show snmp notifyprofile set snmp notifyprofile clear snmp notifyprofile Refer to page... 5-29 5-29 5-30 5-31 5-32 5-32 5-33 5-34 5-34 5-35 5-36

    5-28

    SNMP Configuration

    show newaddrtrap

    show newaddrtrap
    UsethiscommandtodisplaytheglobalandportspecificstatusoftheSNMPnewMACaddresses trapfunction.

    Syntax
    show newaddrtrap [port-string]

    Parameters
    portstring (Optional)DisplaysthestatusofthenewMACaddressestrapfunction onspecificports.

    Defaults
    Ifportstringisnotspecified,thestatusofthenewMACaddressestrapfunctionwillbedisplayed forallports.

    Mode
    Switchcommand,readonly.

    Usage
    Bydefault,thisfunctionisdisabledgloballyandperport.

    Example
    ThisexampledisplaysthestatusforGigabitEthernetports1through5inslot1.
    G3(ro)->show newaddrtrap ge.1.1-5 New Address Traps Globally disabled Port --------ge.1.1 ge.1.2 ge.1.3 ge.1.4 ge.1.5 Enable State -----------disabled disabled disabled disabled disabled

    set newaddrtrap
    UsethiscommandtoenableordisableSNMPtrapmessaging,globallyorononeormoreports, whennewsourceMACaddressesaredetected.

    Syntax
    set newaddrtrap [port-string] {enable | disable}

    Parameters
    portstring (Optional)EnableordisablethenewMACaddressestrapfunctionon specificports.

    Enterasys G-Series CLI Reference

    5-29

    show snmp notify

    enable|disable

    EnableordisablethenewMACaddressestrapfunction.Ifentered withouttheportstringparameter,enablesordisablesthefunction globally.Whenenteredwiththeportstringparameter,enablesor disablesthefunctiononspecificports.

    Defaults
    Ifportstringisnotspecified,thetrapfunctionissetglobally.

    Mode
    Switchmode,readwrite.

    Usage
    ThiscommandenablesanddisablessendingSNMPtrapmessageswhenanewsourceMAC addressisdetectedbyaport.IftheportisaCDPport,however,trapsfornewsourceMAC addresseswillnotbesent. Thedefaultmodeisdisabledgloballyandperport.

    Example=
    ThisexampleenablesthetrapfunctiongloballyandthenonGigabitEthernetports1through5in slot1.
    G3(rw)->set newaddrtrap enable G3(rw)->set newaddrtrap ge.1.1-5 enable

    show snmp notify


    UsethiscommandtodisplaytheSNMPnotifyconfiguration,whichdeterminesthemanagement targetsthatwillreceiveSNMPnotifications.

    Syntax
    show snmp notify [notify] [volatile | nonvolatile | read-only]

    Parameters
    notify volatile| nonvolatile|read only (Optional)Displaysnotifyentriesforaspecificnotifyname. (Optional)Displaysnotifyentriesforaspecificstoragetype.

    Defaults
    Ifanotifynameisnotspecified,allentrieswillbedisplayed. Ifvolatile,nonvolatile,orreadonlyarenotspecified,allstoragetypeentrieswillbedisplayed.

    Mode
    Switchcommand,readonly.

    5-30

    SNMP Configuration

    set snmp notify

    Example
    ThisexampleshowshowtodisplaytheSNMPnotifyinformation:
    G3(su)->show snmp notify --- SNMP notifyTable information --Notify name = 1 Notify Tag = Console Notify Type = trap Storage type = nonVolatile Row status = active Notify name Notify Tag Notify Type Storage type Row status = = = = = 2 TrapSink trap nonVolatile active

    Table 510providesanexplanationofthecommandoutput. Table 5-10


    Output Field Notify name Notify Tag Notify Type Storage type Row status

    show snmp notify Output Details


    What It Displays... A unique identifier used to index the SNMP notify table. Name of the entry in the SNMP notify table. Type of notification: SNMPv1 or v2 trap or SNMPv3 InformRequest message. Whether access entry is stored in volatile, nonvolatile, or read-only memory. Status of this entry: active, notInService, or notReady.

    set snmp notify


    UsethiscommandtosettheSNMPnotifyconfiguration.ThiscreatesanentryintheSNMPnotify table,whichisusedtoselectmanagementtargetswhoshouldreceivenotificationmessages.This commandstagparametercanbeusedtobindeachentrytoatargetaddressusingthesetsnmp targetaddrcommand(setsnmptargetaddronpage 526).

    Syntax
    set snmp notify notify tag tag [trap | inform] [volatile | nonvolatile]

    Parameters
    notify tagtag trap|inform volatile| nonvolatile SpecifiesanSNMPnotifyname. SpecifiesanSNMPnotifytag.ThisbindsthenotifynametotheSNMP targetaddresstable. (Optional)SpecifiesSNMPv1orv2Trapmessages(default)orSNMPv3 InformRequestmessages. (Optional)Specifiestemporary(default),orpermanentstorageforSNMP entries.

    Defaults
    Ifnotspecified,messagetypewillbesettotrap.
    Enterasys G-Series CLI Reference 5-31

    clear snmp notify

    Ifnotspecified,storagetypewillbesettononvolatile.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetanSNMPnotifyconfigurationwithanotifynameofhelloanda notifytagofworld.Notificationswillbesentastrapmessagesandstoragetypewill automaticallydefaulttopermanent:
    G3(su)->set snmp notify hello tag world trap

    clear snmp notify


    UsethiscommandtoclearanSNMPnotifyconfiguration.

    Syntax
    clear snmp notify notify

    Parameters
    notify SpecifiesanSNMPnotifynametoclear.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocleartheSNMPnotifyconfigurationforhello:
    G3(su)->clear snmp notify hello

    show snmp notifyfilter


    UsethiscommandtodisplaySNMPnotifyfilterinformation,identifyingwhichprofileswillnot receiveSNMPnotifications.

    Syntax
    show snmp notifyfilter [profile] [subtree oid-or-mibobject] [volatile | nonvolatile | read-only]

    Parameters
    profile subtreeoidor mibobject (Optional)Displaysaspecificnotifyfilter. (Optional)Displaysanotifyfilterwithinaspecificsubtree.

    5-32

    SNMP Configuration

    set snmp notifyfilter

    volatile| nonvolatile|read only

    (Optional)Displaysnotifyfilterentriesofaspecificstoragetype.

    Defaults
    Ifnoparametersarespecified,allnotifyfilterinformationwillbedisplayed.

    Mode
    Switchcommand,readonly.

    Usage
    SeeAboutSNMPNotifyFiltersonpage 528formoreinformationaboutnotifyfilters.

    Example
    ThisexampleshowshowtodisplaySNMPnotifyfilterinformation.Inthiscase,thenotifyprofile pilot1insubtree1.3.6willnotreceiveSNMPnotificationmessages:
    G3(su)->show snmp notifyfilter --- SNMP notifyFilter information --Profile = pilot1 Subtree = 1.3.6 Filter type = included Storage type = nonVolatile Row status = active

    set snmp notifyfilter


    UsethiscommandtocreateanSNMPnotifyfilterconfiguration.Thisidentifieswhich managementtargetsshouldNOTreceivenotificationmessages,whichisusefulforfinetuningthe amountofSNMPtrafficgenerated.

    Syntax
    set snmp notifyfilter profile subtree oid-or-mibobject [mask mask] [included | excluded] [volatile | nonvolatile]

    Parameters
    profile subtreeoidor mibobject maskmask included| excluded volatile| nonvolatile SpecifiesanSNMPfilternotifyname. SpecifiesaMIBsubtreeIDtargetforthefilter. (Optional)Appliesasubtreemask. (Optional)Specifiesthatsubtreeisincludedorexcluded. (Optional)Specifiesastoragetype.

    Enterasys G-Series CLI Reference

    5-33

    clear snmp notifyfilter

    Defaults
    Ifnotspecified,maskisnotset. Ifnotspecified,subtreewillbeincluded. Ifstoragetypeisnotspecified,nonvolatile(permanent)willbeapplied.

    Mode
    Switchcommand,readwrite.

    Usage
    SeeAboutSNMPNotifyFiltersonpage 528formoreinformationaboutnotifyfilters.

    Example
    ThisexampleshowshowtocreateanSNMPnotifyfiltercalledpilot1withaMIBsubtreeIDof 1.3.6:
    G3(su)->set snmp notifyfilter pilot1 subtree 1.3.6

    clear snmp notifyfilter


    UsethiscommandtodeleteanSNMPnotifyfilterconfiguration.

    Syntax
    clear snmp notifyfilter profile subtree oid-or-mibobject

    Parameters
    profile subtreeoidor mibobject SpecifiesanSNMPfilternotifynametodelete. SpecifiesaMIBsubtreeIDcontainingthefiltertobedeleted.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodeletetheSNMPnotifyfilterpilot1:
    G3(su)->clear snmp notifyfilter pilot1 subtree 1.3.6

    show snmp notifyprofile


    UsethiscommandtodisplaySNMPnotifyprofileinformation.Thisassociatestargetparameters toanSNMPnotifyfiltertodeterminewhoshouldnotreceiveSNMPnotifications.

    5-34

    SNMP Configuration

    set snmp notifyprofile

    Syntax
    show snmp notifyprofile [profile] [targetparam targetparam] [volatile | nonvolatile | read-only]

    Parameters
    profile targetparam targetparam volatile| nonvolatile|read only (Optional)Displaysaspecificnotifyprofile. (Optional)Displaysentriesforaspecifictargetparameter. (Optional)Displaysnotifyfilterentriesofaspecificstoragetype.

    Defaults
    Ifnoparametersarespecified,allnotifyprofileinformationwillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaySNMPnotifyinformationfortheprofilenamedarea51:
    G3(su)->show snmp notifyprofile area51 --- SNMP notifyProfile information --Notify Profile = area51 TargetParam = v3ExampleParams Storage type = nonVolatile Row status = active

    set snmp notifyprofile


    UsethiscommandtocreateanSNMPnotifyfilterprofileconfiguration.Thisassociatesa notificationfilter,createdwiththesetsnmpnotifyfiltercommand(setsnmpnotifyfilteron page 533),toasetofSNMPtargetparameterstodeterminewhichmanagementtargetsshould notreceiveSNMPnotifications.

    Syntax
    set snmp notifyprofile profile targetparam targetparam [volatile | nonvolatile]

    Parameters
    profile targetparam targetparam volatile| nonvolatile SpecifiesanSNMPfilternotifyname. SpecifiesanassociatedentryintheSNMPTargetParamsTable. (Optional)Specifiesastoragetype.

    Defaults
    Ifstoragetypeisnotspecified,nonvolatile(permanent)willbeapplied.

    Enterasys G-Series CLI Reference

    5-35

    clear snmp notifyprofile

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocreateanSNMPnotifyprofilenamedarea51andassociateatarget parametersentry.
    G3(su)->set snmp notifyprofile area51 targetparam v3ExampleParams

    clear snmp notifyprofile


    UsethiscommandtodeleteanSNMPnotifyprofileconfiguration.

    Syntax
    clear snmp notifyprofile profile targetparam targetparam

    Parameters
    profile targetparam targetparam SpecifiesanSNMPfilternotifynametodelete. SpecifiesanassociatedentryinthesnmpTargetParamsTable.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodeleteSNMPnotifyprofilearea51:
    G3(su)->clear snmp notifyprofile area51 targetparam v3ExampleParams

    Creating a Basic SNMP Trap Configuration


    TrapsarenotificationmessagessentbyanSNMPv1orv2agenttoanetworkmanagementstation, aconsole,oraterminaltoindicatetheoccurrenceofasignificantevent,suchaswhenaportor devicegoesupordown,whenthereareauthenticationfailures,andwhenpowersupplyerrors occur.ThefollowingconfigurationexampleshowshowtouseCLIcommandstoassociateSNMP notificationparameterswithsecurityandauthorizationcriteria(targetparameters),andmapthe parameterstoamanagementtargetaddress.
    Note: This example illustrates how to configure an SNMPv2 trap notification. Creating an SNMPv1 or v3 Trap, or an SNMPv3 Inform notification would require using the same commands with different parameters, where appropriate. Always ensure that v1/v2 communities or v3 users used for generating traps or informs are pre-configured with enough privileges to access corresponding MIBs.

    5-36

    SNMP Configuration

    Creating a Basic SNMP Trap Configuration

    CompleteanSNMPv2trapconfigurationonaGSeriesdeviceasfollows: 1. 2. 3. CreateacommunitynamethatwillactasanSNMPuserpassword. CreateanSNMPtargetparametersentrytoassociatesecurityandauthorizationcriteriatothe usersinthecommunitycreatedinStep1. VerifyifanyapplicableSNMPnotificationentriesexist,orcreateanewone.Youwillusethis entrytosendSNMPnotificationmessagestotheappropriatemanagementtargetscreatedin Step 2. CreateatargetaddressentrytobindamanagementIPaddressto: ThenotificationentryandtagnamecreatedinStep3and ThetargetparametersentrycreatedinStep2.

    4.

    Table 511showsthecommandsusedtocompleteanSNMPv2trapconfigurationonaGSeries device. Table 5-11


    To do this... Create a community name. Create an SNMP target parameters entry. Verify if any applicable SNMP notification entries exist. Create a new notification entry. Create a target address entry.

    Basic SNMP Trap Configuration


    Use these commands... set snmp community set snmp targetparams show snmp notify set snmp notify set snmp targetaddr

    Example
    Thisexampleshowshowto: CreateanSNMPcommunitycalledmgmt. ConfigureatrapnotificationcalledTrapSink.

    Thistrapnotificationwillbesentwiththecommunitynamemgmttotheworkstation 192.168.190.80(whichistargetaddresstr).Itwillusesecurityandauthorizationcriteriacontained inatargetparametersentrycalledv2cExampleParams.


    G3(su)->set snmp community mgmt G3(su)->set snmp targetparams v2cExampleParams user mgmt security-model v2c message-processing v2c G3(su)->set snmp notify entry1 tag TrapSink G3(su)->set snmp targetaddr tr 192.168.190.80 param v2cExampleParams taglist TrapSink

    How SNMP Will Use This Configuration


    Inordertosendatrap/notificationrequestedbyaMIBcode,theSNMPagentrequiresthe equivalentofatrapdoor,akeytounlockthedoor,andaprocedureforcrossingthe doorstep.Todetermineifalltheseelementsareinplace,theSNMPagentproceedsasfollows: 1. Determinesifthekeysfortrapdoorsdoexist.Intheexampleconfigurationabove,the keythatSNMPislookingforisthenotificationentrycreatedwiththesetsnmpnotify commandwhich,inthiscase,isakeylabeledentry1.

    Enterasys G-Series CLI Reference

    5-37

    Creating a Basic SNMP Trap Configuration

    2. 3.

    Searchesforthedoorsmatchingsuchakey.Forexample,theparameterssetfortheentry1key showsthatitopensonlythedoorTrapSink. VerifiesthatthespecifieddoorTrapSinkis,infact,available.Inthiscaseitwasbuiltusingthe setsnmptargetaddrcommand.Thiscommandalsospecifiesthatthisdoorleadstothe managementstation192.168.190.80,andtheprocedure(targetparams)tocrossthedoorstep iscalledv2ExampleParams. Verifiesthatthev2ExampleParamsdescriptionofhowtostepthroughthedooris,infact, there.Theagentcheckstargetparamsentriesanddeterminesthisdescriptionwasmadewith thesetsnmptargetparamscommand,whichtellsexactlywhichSNMPprotocoltouseand whatcommunitynametoprovide.Inthiscase,thecommunitynameismgmt. Verifiesthatthemgmtcommunitynameisavailable.Inthiscase,ithasbeenconfiguredusing thesetsnmpcommunitycommand. Sendsthetrapnotificationmessage.

    4.

    5. 6.

    5-38

    SNMP Configuration

    6
    Spanning Tree Configuration
    ThischapterdescribestheSpanningTreeConfigurationsetofcommandsandhowtousethem.
    For information about... Spanning Tree Configuration Summary Configuring Spanning Tree Bridge Parameters Configuring Spanning Tree Port Parameters Configuring Spanning Tree Loop Protect Parameters Refer to page... 6-1 6-3 6-31 6-38

    Caution: Spanning Tree configuration should be performed only by personnel who are very knowledgeable about Spanning Trees and the configuration of the Spanning Tree Algorithm. Otherwise, the proper operation of the network could be at risk.

    Spanning Tree Configuration Summary


    Overview: Single, Rapid, and Multiple Spanning Tree Protocols
    TheIEEE802.1DSpanningTreeProtocol(STP)resolvestheproblemsofphysicalloopsina networkbyestablishingoneprimarypathbetweenanytwodevicesinanetwork.Anyduplicate pathsarebarredfromuseandbecomestandbyorblockedpathsuntiltheoriginalpathfails,at whichpointtheycanbebroughtintoservice.

    RSTP
    TheIEEE802.1wRapidSpanningProtocol(RSTP),anevolutionof802.1D,canachievemuch fasterconvergencethanlegacySTPinaproperlyconfigurednetwork.RSTPsignificantlyreduces thetimetoreconfigurethenetworksactivetopologywhenphysicaltopologyorconfiguration parameterchangesoccur.ItselectsoneswitchastherootofaSpanningTreeconnectedactive topologyandassignsportrolestoindividualportsontheswitch,dependingonwhetherthatport ispartoftheactivetopology. RSTPprovidesrapidconnectivityfollowingthefailureofaswitch,switchport,oraLAN.Anew rootportandthedesignatedportontheothersideofthebridgetransitiontoforwardingthrough anexplicithandshakebetweenthem.Bydefault,userportsareconfiguredtorapidlytransitionto forwardinginRSTP.

    MSTP
    TheIEEE802.1sMultipleSpanningTreeProtocol(MSTP)buildsupon802.1DandRSTPby optimizingutilizationofredundantlinksbetweenswitchesinanetwork.Whenredundantlinks existbetweenapairofswitchesrunningsingleSTP,onelinkisforwardingwhiletheothersare

    Enterasys G-Series CLI Reference

    6-1

    Spanning Tree Configuration Summary

    blockingforalltrafficflowingbetweenthetwoswitches.Theblockinglinksareeffectivelyused onlyiftheforwardinglinkgoesdown.MSTPassignseachVLANpresentonthenetworktoa particularSpanningTreeinstance,allowingeachswitchporttobeinadistinctstateforeachsuch instance:blockingforoneSpanningTreewhileforwardingforanother.Thus,trafficassociated withonesetofVLANscantraverseaparticularinterswitchlink,whiletrafficassociatedwith anothersetofVLANscanbeblockedonthatlink.IfVLANsareassignedtoSpanningTrees wisely,nointerswitchlinkwillbecompletelyidle,maximizingnetworkutilization. FordetailsoncreatingSpanningTreeinstances,refertosetspantreemstionpage 612. FordetailsonmappingSpanningTreeinstancestoVLANs,refertosetspantreemstmapon page 613.
    Note: MSTP and RSTP are fully compatible and interoperable with each other and with legacy STP 802.1D.

    Spanning Tree Features


    TheGSeriesdevicemeetstherequirementsoftheSpanningTreeProtocolsbyperformingthe followingfunctions: CreatingasingleSpanningTreefromanyarrangementofswitchingorbridgingelements. Compensatingautomaticallyforthefailure,removal,oradditionofanydeviceinanactive datapath. Achievingportchangesinshorttimeintervals,whichestablishesastableactivetopology quicklywithminimalnetworkdisturbance. Usingaminimumamountofcommunicationsbandwidthtoaccomplishtheoperationofthe SpanningTreeProtocol. Reconfiguringtheactivetopologyinamannerthatistransparenttostationstransmittingand receivingdatapackets. ManagingthetopologyinaconsistentandreproduciblemannerthroughtheuseofSpanning TreeProtocolparameters.
    Note: The term bridge is used as an equivalent to the term switch or device in this document.

    Loop Protect
    TheLoopProtectfeaturepreventsorshortcircuitsloopformationinanetworkwithredundant pathsbyrequiringportstoreceivetype2BPDUs(RSTP/MSTP)onpointtopointinterswitch links(ISLs)beforetheirstatesareallowedtobecomeforwarding.Further,ifaBPDUtimeout occursonaport,itsstatebecomeslisteninguntilaBPDUisreceived. Bothupstreamanddownstreamfacingportsareprotected.Whenarootoralternateportlosesits pathtotherootbridgeduetoamessageageexpirationittakesontheroleofdesignatedport.It willnotforwardtrafficuntilaBPDUisreceived.Whenaportisintendedtobethedesignatedport inanISLitconstantlyproposesandwillnotforwarduntilaBPDUisreceived,andwillrevertto listeningifitfailstogetaresponse.Thisprotectsagainstmisconfigurationandprotocolfailureby theconnectedbridge. TheDisputedBPDUmechanismprotectsagainstloopinginsituationswherethereisoneway communication.AdisputedBPDUisoneinwhichtheflagsfieldindicatesadesignatedroleand

    6-2

    Spanning Tree Configuration

    Configuring Spanning Tree Bridge Parameters

    learningandthepriorityvectorisworsethanthatalreadyheldbytheport.IfadisputedBPDUis received,theportisforcedtothelisteningstate.WhenaninferiordesignatedBPDUwiththe learningbitsetisreceivedonadesignatedport,itsstateissettodiscardingtopreventloop formation.NotethattheDisputemechanismisalwaysactiveregardlessoftheconfiguration settingofLoopProtection. LoopProtectoperatesasaperport,perMSTinstancefeature.Itshouldbesetoninterswitch links.Itiscomprisedofseveralrelatedfunctions: ControlofportforwardingstatebasedonreceptionofagreementBPDUs ControlofportforwardingstatebasedonreceptionofdisputedBPDUs Communicatingportnonforwardingstatusthroughtrapsandsyslogmessages Disablingaportbasedonfrequencyoffailureevents

    PortforwardingstateinthedesignatedportisgatedbyatimerthatissetuponBPDUreception.It isanalogoustothercvdInfoWhiletimertheportuseswhenreceivingrootinformationintheroot/ alternate/backuprole. TherearetwooperationalmodesforLoopProtectonaport.Iftheportisconnectedtoadevice knowntoimplementLoopProtect,itusesfullfunctionalmode.Otherwisetheportoperatesin limitedfunctionalmode. ConnectiontoaLoopProtectswitchguaranteesthatthealternateagreementmechanismis implemented.Thismeansthedesignatedportcanrelyonreceivingaresponsetoitsproposal regardlessoftheroleoftheconnectedport,whichhastwoimportantimplications.First,the designatedportconnectedtoanonrootportmaytransitiontoforwarding.Second,thereisno ambiguitywhenatimeouthappens;aLoopProtecteventhasoccurred. Infullfunctionalmode,whenatype2BPDUisreceivedandtheportisdesignatedandpointto point,thetimerissetto3timeshelloTime.Inlimitedfunctionalmodethereistheadditional requirementthattheflagsfieldindicatearootrole.IftheportisaboundaryporttheMSTIsfor thatportfollowtheCIST,thatis,theMSTIporttimersaresetaccordingtotheCISTporttimer.If theportisinternaltotheregionthentheMSTIporttimersaresetindependentlyusingthe particularMSTImessage. MessageageexpirationandtheexpirationoftheLoopProtecttimerarebothLoopProtectevents. Anoticelevelsyslogmessageisproducedforeachsuchevent.Trapsmaybeconfiguredtoreport theseeventsaswell.AsyslogmessageandtrapmaybeconfiguredfordisputedBPDUs. ItisalsoconfigurabletoforcethelockingofaSID/portfortheoccurrenceofoneormoreevents. Whentheconfigurednumberofeventshappenwithinagivenwindowoftime,theportisforced intoblockingandheldthereuntilitismanuallyunlockedviamanagement.

    Configuring Spanning Tree Bridge Parameters


    Purpose
    TodisplayandsetSpanningTreebridgeparameters,includingdevicepriorities,hellotime, maximumwaittime,forwarddelay,pathcost,andtopologychangetrapsuppression.

    Enterasys G-Series CLI Reference

    6-3

    Configuring Spanning Tree Bridge Parameters

    Commands
    For information about... show spantree stats set spantree show spantree version set spantree version clear spantree version show spantree bpdu-forwarding set spantree bpdu-forwarding show spantree bridgeprioritymode set spantree bridgeprioritymode clear spantree bridgeprioritymode show spantree mstilist set spantree msti clear spantree msti show spantree mstmap set spantree mstmap clear spantree mstmap show spantree vlanlist show spantree mstcfgid set spantree mstcfgid clear spantree mstcfgid set spantree priority clear spantree priority set spantree hello clear spantree hello set spantree maxage clear spantree maxage set spantree fwddelay clear spantree fwddelay show spantree backuproot set spantree backuproot clear spantree backuproot show spantree tctrapsuppress set spantree tctrapsuppress clear spantree tctrapsuppress Refer to page... 6-5 6-7 6-7 6-8 6-8 6-9 6-9 6-10 6-10 6-11 6-11 6-12 6-12 6-13 6-13 6-14 6-15 6-15 6-16 6-16 6-17 6-17 6-18 6-18 6-19 6-19 6-20 6-20 6-21 6-21 6-22 6-22 6-23 6-23

    6-4

    Spanning Tree Configuration

    show spantree stats

    For information about... set spantree protomigration show spantree spanguard set spantree spanguard clear spantree spanguard show spantree spanguardtimeout set spantree spanguardtimeout clear spantree spanguardtimeout show spantree spanguardlock clear/set spantree spanguardlock show spantree spanguardtrapenable set spanstree spanguardtrapenable clear spanstree spanguardtrapenable show spantree legacypathcost set spantree legacypathcost clear spantree legacypathcost

    Refer to page... 6-24 6-24 6-25 6-26 6-26 6-26 6-27 6-27 6-28 6-28 6-29 6-29 6-30 6-30 6-31

    show spantree stats


    UsethiscommandtodisplaySpanningTreeinformationforoneormoreports.

    Syntax
    show spantree stats [port port-string] [sid sid] [active]

    Parameters
    portportstring (Optional)Displaysinformationforthespecifiedport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41. (Optional)DisplaysinformationforaspecificSpanningTreeidentifier.If notspecified,SID0isassumed. (Optional)DisplaysinformationforportsthathavereceivedSTPBPDUs sinceboot.

    sidsid active

    Defaults
    Ifportstringisnotspecified,SpanningTreeinformationforallportswillbedisplayed. Ifsidisnotspecified,informationforSpanningTree0willbedisplayed. Ifactiveisnotspecifiedinformationforallportswillbedisplayedregardlessofwhetherornot theyhavereceivedBPDUs.

    Mode
    Switchcommand,readonly.

    Enterasys G-Series CLI Reference

    6-5

    show spantree stats

    Example
    ThisexampleshowshowtodisplaythedevicesSpanningTreeconfiguration:
    G3(su)->show spantree stats Spanning tree status Spanning tree instance Designated Root MacAddr Designated Root Priority Designated Root Cost Designated Root Port Root Max Age Root Hello Time Root Forward Delay Bridge ID MAC Address Bridge ID Priority Bridge Max Age Bridge Hello Time Bridge Forward Delay Topology Change Count Time Since Top Change Max Hops enabled 0 00-e0-63-9d-c1-c8 0 10000 lag.0.1 20 sec 2 sec 15 sec 00-01-f4-da-5e-3d 32768 20 sec 2 sec 15 sec 7 00 days 03:19:15 20

    Table 61showsadetailedexplanationofcommandoutput. Table 6-1


    Output Spanning tree instance Spanning tree status Designated Root MacAddr Designated Root Port Designated Root Priority Designated Root Cost Root Max Age Root Hello Time Root Forward Delay Bridge ID MAC Address Bridge ID Priority

    show spantree Output Details


    What It Displays... Spanning Tree ID. Whether Spanning Tree is enabled or disabled. MAC address of the designated Spanning Tree root bridge. Port through which the root bridge can be reached. Priority of the designated root bridge. Total path cost to reach the root. Amount of time (in seconds) a BPDU packet should be considered valid. Interval (in seconds) at which the root device sends BPDU (Bridge Protocol Data Unit) packets. Amount of time (in seconds) the root device spends in listening or learning mode. Unique bridge MAC address, recognized by all bridges in the network. Bridge priority, which is a default value, or is assigned using the set spantree priority command. For details, refer to set spantree priority on page 6-17. Maximum time (in seconds) the bridge can wait without receiving a configuration message (bridge hello) before attempting to reconfigure. This is a default value, or is assigned using the set spantree maxage command. For details, refer to set spantree maxage on page 6-19. Amount of time (in seconds) the bridge sends BPDUs. This is a default value, or is assigned using the set spantree hello command. For details, refer to set spantree hello on page 6-18.

    Bridge Max Age

    Bridge Hello Time

    6-6

    Spanning Tree Configuration

    set spantree

    Table 6-1
    Output

    show spantree Output Details (Continued)


    What It Displays... Amount of time (in seconds) the bridge spends in listening or learning mode. This is a default value, or is assigned using the set spantree fwddelay command. For details, refer to set spantree fwddelay on page 6-20. Number of times topology has changed on the bridge. Amount of time (in days, hours, minutes and seconds) since the last topology change. Maximum number of hops information for a particular Spanning Tree instance may traverse (via relay of BPDUs within the applicable MST region) before being discarded.

    Bridge Forward Delay

    Topology Change Count Time Since Top Change Max Hops

    set spantree
    UsethiscommandtogloballyenableordisabletheSpanningTreeprotocolontheswitch.

    Syntax
    set spantree {disable | enable}

    Parameters
    disable|enable GloballydisablesorenablesSpanningTree.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodisableSpanningTreeonthedevice:
    G3(su)->set spantree disable

    show spantree version


    UsethiscommandtodisplaythecurrentversionoftheSpanningTreeprotocolrunningonthe device.

    Syntax
    show spantree version

    Parameters
    None.

    Defaults
    None.
    Enterasys G-Series CLI Reference 6-7

    set spantree version

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaySpanningTreeversioninformationforthedevice:
    G3(su)->show spantree version Force Version is mstp

    set spantree version


    UsethiscommandtosettheversionoftheSpanningTreeprotocoltoMSTP(MultipleSpanning TreeProtocol),RSTP(RapidSpanningTreeProtocol)ortoSTP802.1Dcompatible.

    Syntax
    set spantree version {mstp | stpcompatible | rstp}

    Parameters
    mstp stpcompatible rstp SetstheversiontoSTP802.1scompatible. SetstheversiontoSTP802.1Dcompatible. Setstheversionto802.1wcompatible.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Inmostnetworks,SpanningTreeversionshouldnotbechangedfromitsdefaultsettingofmstp (MultipleSpanningTreeProtocol)mode.MSTPmodeisfullycompatibleandinteroperablewith legacySTP802.1DandRapidSpanningTree(RSTP)bridges.Settingtheversiontostpcompatible modewillcausethebridgetotransmitonly802.1DBPDUs,andwillpreventnonedgeportsfrom rapidlytransitioningtoforwardingstate.

    Example
    ThisexampleshowshowtogloballychangetheSpanningTreeversionfromthedefaultofMSTP toRSTP:
    G3(su)->set spantree version rstp

    clear spantree version


    UsethiscommandtoresettheSpanningTreeversiontoMSTPmode.

    Syntax
    clear spantree version

    6-8

    Spanning Tree Configuration

    show spantree bpdu-forwarding

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresettheSpanningTreeversion:
    G3(su)->clear spantree version

    show spantree bpdu-forwarding


    Use this command to display the Spanning Tree BPDU forwarding mode.

    Syntax
    show spantree bpdu-forwarding

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaytheSpanningTreeBPDUforwardingmode:
    G3(su)->show spantree bpdu-forwarding BPDU forwarding is disabled.

    set spantree bpdu-forwarding


    UsethiscommandtoenableordisableSpanningTreeBPDUforwarding.BydefaultBPDU forwardingisdisabled.

    Syntax
    set spantree bpdu-forwarding {disable | enable}

    Parameters
    disable|enable DisablesorenablesBPDUforwarding;.

    Enterasys G-Series CLI Reference

    6-9

    show spantree bridgeprioritymode

    Defaults
    BydefaultBPDUforwardingisdisabled.

    Mode
    Switchcommand,readwrite.

    Usage
    TheSpanningTreeprotocolmustbedisabled(setspantreedisable)forthisfeaturetotakeeffect.

    Example
    ThisexampleshowshowtoenableBPDUforwarding:
    G3(rw)-> set spantree bpdu-forwarding enable

    show spantree bridgeprioritymode


    UsethiscommandtodisplaytheSpanningTreebridgeprioritymodesetting.

    Syntax
    show spantree bridgeprioritymode

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaytheSpanningTreebridgeprioritymodesetting:
    G3(rw)->show spantree bridgeprioritymode Bridge Priority Mode is set to IEEE802.1t mode.

    set spantree bridgeprioritymode


    UsethiscommandtosettheSpanningTreebridgeprioritymodeto802.1D(legacy)or802.1t.

    Syntax
    set spantree bridgeprioritymode {8021d | 8021t}

    Parameters
    8021d Setsthebridgeprioritymodetouse802.1D(legacy)values,whichare0 65535.

    6-10

    Spanning Tree Configuration

    clear spantree bridgeprioritymode

    8021t

    Setsthebridgeprioritymodetouse802.1tvalues,whichare0to61440,in incrementsof4096.Valueswillautomaticallyberoundedupordown, dependingonthe802.1tvaluetowhichtheenteredvalueisclosest. Thisisthedefaultbridgeprioritymode.

    Defaults
    None

    Mode
    Switchcommand,readwrite.

    Usage
    Themodeaffectstherangeofpriorityvaluesusedtodeterminewhichdeviceisselectedasthe SpanningTreerootasdescribedinsetspantreepriority(setspantreepriorityonpage 617). Thedefaultfortheswitchistouse802.1tbridgeprioritymode.

    Example
    Thisexampleshowshowtosetthebridgeprioritymodeto802.1D:
    G3(rw)->set spantree bridgeprioritymode 8021d

    clear spantree bridgeprioritymode


    UsethiscommandtoresettheSpanningTreebridgeprioritymodetothedefaultsettingof802.1t.

    Syntax
    clear spantree bridgeprioritymode

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoresetthebridgeprioritymodeto802.1t:
    G3(rw)->clear spantree bridgeprioritymode

    show spantree mstilist


    UsethiscommandtodisplayalistofMultipleSpanningTree(MST)instancesconfiguredonthe device.

    Enterasys G-Series CLI Reference

    6-11

    set spantree msti

    Syntax
    show spantree mstilist

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayalistofMSTinstances.Inthiscase,SID2hasbeenconfigured:
    G3(su)->show spantree mstilist Configured Multiple Spanning Tree instances: 2

    set spantree msti


    UsethiscommandtocreateordeleteaMultipleSpanningTreeinstance.

    Syntax
    set spantree msti sid sid {create | delete}

    Parameters
    sidsid create|delete SetstheMultipleSpanningTreeID.Validvaluesare14094. GSeriesdeviceswillsupportupto4MSTinstances. CreatesordeletesanMSTinstance.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocreateanMSTinstance2:
    G3(su)->set spantree msti sid 2 create

    clear spantree msti


    UsethiscommandtodeleteoneormoreMultipleSpanningTreeinstances.

    6-12

    Spanning Tree Configuration

    show spantree mstmap

    Syntax
    clear spantree msti [sid sid]

    Parameters
    sidsid (Optional)DeletesaspecificmultipleSpanningTreeID.

    Defaults
    Ifsidisnotspecified,allMSTinstanceswillbecleared.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodeleteallMSTinstances:
    G3(su)->clear spantree msti

    show spantree mstmap


    UsethiscommandtodisplaythemappingofafilteringdatabaseID(FID)toaSpanningTrees. SinceVLANsaremappedtoFIDs,thisshowstowhichSIDaVLANismapped.

    Syntax
    show spantree mstmap [fid fid]

    Parameters
    fidfid (Optional)DisplaysinformationforspecificFIDs.

    Defaults
    Iffidisnotspecified,informationforallassignedFIDswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaySIDtoFIDmappinginformationforFID1.Inthiscase,no newmappingshavebeenconfigured:
    G3(su)->show spantree mstmap fid 1 FID: SID: 1 0

    set spantree mstmap


    UsethiscommandtomaponeormorefilteringdatabaseIDs(FIDs)toaSID.SinceVLANsare mappedtoFIDs,thisessentiallymapsoneormoreVLANIDstoaSpanningTree(SID).

    Enterasys G-Series CLI Reference

    6-13

    clear spantree mstmap

    Note: Since any MST maps that are associated with GVRP-generated VLANs will be removed from the configuration if GVRP communication is lost, it is recommended that you only create MST maps on statically-created VLANs.

    Syntax
    set spantree mstmap fid [sid sid]

    Parameters
    fid sidsid SpecifiesoneormoreFIDstoassigntotheMST.Validvaluesare14093, andmustcorrespondtoaVLANIDcreatedusingthesetvlancommand. (Optional)SpecifiesaMultipleSpanningTreeID.Validvaluesare14094, andmustcorrespondtoaSIDcreatedusingthesetmsticommand.

    Defaults
    Ifsidisnotspecified,FID(s)willbemappedtoSpanningTree0.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtomapFID3toSID2:
    G3(su)->set spantree mstmap 3 sid 2

    clear spantree mstmap


    UsethiscommandtomapaFIDbacktoSID0.

    Syntax
    clear spantree mstmap fid

    Parameters
    fid SpecifiesoneormoreFIDstoresetto0.

    Defaults
    Iffidisnotspecified,allSIDtoFIDmappingswillbereset.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtomapFID2backtoSID0:
    G3(su)->clear spantree mstmap 2

    6-14

    Spanning Tree Configuration

    show spantree vlanlist

    show spantree vlanlist


    UsethiscommandtodisplaytheSpanningTreeID(s)assignedtooneormoreVLANs.

    Syntax
    show spantree vlanlist [vlan-list]

    Parameters
    vlanlist (Optional)DisplaysSIDsassignedtospecificVLAN(s).

    Defaults
    Ifnotspecified,SIDassignmentwillbedisplayedforallVLANs.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaytheSIDsmappedtoVLAN1.Inthiscase,SIDs2,16and42 aremappedtoVLAN1.Forthisinformationtodisplay,theSIDinstancemustbecreatedusing thesetspantreemsticommandasdescribedinsetspantreemstionpage 612,andtheFIDs mustbemappedtoSID 1usingthesetspantreemstmapcommandasdescribedinsetspantree mstmaponpage 613:
    G3(su)->show spantree vlanlist 1 The following SIDS are assigned to VLAN 1: 2 16 42

    show spantree mstcfgid


    UsethiscommandtodisplaytheMSTconfigurationidentifierelements,includingformatselector, configurationname,revisionlevel,andconfigurationdigest.

    Syntax
    show spantree mstcfgid

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaytheMSTconfigurationidentifierelements.Inthiscase,the defaultrevisionlevelof0,andthedefaultconfigurationname(astringrepresentingthebridge MACaddress)havenotbeenchanged.Forinformationonusingthesetspantreemstcfgid commandtochangethesesettings,refertosetspantreemstcfgidonpage 616:

    Enterasys G-Series CLI Reference

    6-15

    set spantree mstcfgid

    G3(su)->show spantree mstcfgid MST Configuration Identifier: Format Selector: 0 Configuration Name: 00:01:f4:89:51:94 Revision Level: 0 Configuration Digest: ac:36:17:7f:50:28:3c:d4:b8:38:21:d8:ab:26:de:62

    set spantree mstcfgid


    UsethiscommandtosettheMSTconfigurationnameand/orrevisionlevel.

    Syntax
    set spantree mstcfgid {cfgname name | rev level}

    Parameters
    cfgnamename revlevel SpecifiesanMSTconfigurationname. SpecifiesanMSTrevisionlevel.Validvaluesare065535.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosettheMSTconfigurationnametomstconfig:
    G3(su)->set spantree mstconfigid cfgname mstconfig

    clear spantree mstcfgid


    UsethiscommandtoresettheMSTrevisionleveltoadefaultvalueof0,andtheconfiguration nametoadefaultstringrepresentingthebridgeMACaddress.

    Syntax
    clear spantree mstcfgid

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresettheMSTconfigurationidentifierelementstodefaultvalues:
    G3(su)->clear spantree mstcfgid
    6-16 Spanning Tree Configuration

    set spantree priority

    set spantree priority


    UsethiscommandtosetthedevicesSpanningTreepriority.

    Syntax
    set spantree priority priority [sid]

    Parameters
    priority Specifiesthepriorityofthebridge.Validvaluesarefrom0to61440(in incrementsof4096),with0indicatinghighestpriorityand61440 lowestpriority. (Optional)SetsthepriorityonaspecificSpanningTree.Validvalues are04094.Ifnotspecified,SID 0isassumed.

    sid

    Defaults
    Ifsidisnotspecified,prioritywillbesetonSpanningTree0.

    Mode
    Switchcommand,readwrite.

    Usage
    Thedevicewiththehighestpriority(lowestnumericalvalue)becomestheSpanningTreeroot device.Ifalldeviceshavethesamepriority,thedevicewiththelowestMACaddresswillthen becometherootdevice.Dependingonthebridgeprioritymode(setwiththesetspantree bridgeprioritymodecommanddescribedinsetspantreebridgeprioritymodeonpage 610, somepriorityvaluesmayberoundedupordown.

    Example
    Thisexampleshowshowtosetthebridgepriorityto4096onSID1:
    G3(su)->set spantree priority 4096 1

    clear spantree priority


    UsethiscommandtoresettheSpanningTreeprioritytothedefaultvalueof32768.

    Syntax
    clear spantree priority [sid]

    Parameters
    sid (Optional)ResetsthepriorityonaspecificSpanningTree.Valid valuesare04094.Ifnotspecified,SID 0isassumed.

    Defaults
    Ifsidisnotspecified,prioritywillberesetonSpanningTree0.

    Mode
    Switchcommand,readwrite.
    Enterasys G-Series CLI Reference 6-17

    set spantree hello

    Example
    ThisexampleshowshowtoresetthebridgepriorityonSID1:
    G3(su)->clear spantree priority 1

    set spantree hello


    UsethiscommandtosetthedevicesSpanningTreehellotime,Thisisthetimeinterval(in seconds)thedevicewilltransmitBPDUsindicatingitisactive.

    Syntax
    set spantree hello interval

    Parameters
    interval Specifiesthenumberofsecondsthesystemwaitsbeforebroadcastinga bridgehellomessage(amulticastmessageindicatingthatthesystemis active).Validvaluesare110.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtogloballysettheSpanningTreehellotimeto10seconds:
    G3(su)->set spantree hello 10

    clear spantree hello


    UsethiscommandtoresettheSpanningTreehellotimetothedefaultvalueof2seconds.

    Syntax
    clear spantree hello

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtogloballyresettheSpanningTreehellotime:
    G3(su)->clear spantree hello
    6-18 Spanning Tree Configuration

    set spantree maxage

    set spantree maxage


    Usethiscommandtosetthebridgemaximumagingtime.

    Syntax
    set spantree maxage agingtime

    Parameters
    agingtime Specifiesthemaximumnumberofsecondsthatthesystemretainsthe informationreceivedfromotherbridgesthroughSTP.Validvaluesare6 40.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Thebridgemaximumagingtimeisthemaximumtime(inseconds)adevicecanwaitwithout receivingaconfigurationmessage(bridgehello)beforeattemptingtoreconfigure.Alldevice ports(exceptfordesignatedports)shouldreceiveconfigurationmessagesatregularintervals. AnyportthatagesoutSTPinformationprovidedinthelastconfigurationmessagebecomesthe designatedportfortheattachedLAN.Ifitisarootport,anewrootportisselectedfromamong thedeviceportsattachedtothenetwork.

    Example
    Thisexampleshowshowtosetthemaximumagingtimeto25seconds:
    G3(su)->set spantree maxage 25

    clear spantree maxage


    UsethiscommandtoresetthemaximumagingtimeforaSpanningTreetothedefaultvalueof20 seconds.

    Syntax
    clear spantree maxage

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Enterasys G-Series CLI Reference

    6-19

    set spantree fwddelay

    Example
    Thisexampleshowshowtogloballyresetthemaximumagingtime:
    G3(su)->clear spantree maxage

    set spantree fwddelay


    UsethiscommandtosettheSpanningTreeforwarddelay.

    Syntax
    set spantree fwddelay delay

    Parameters
    delay Specifiesthenumberofsecondsforthebridgeforwarddelay.Validvalues are430.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Theforwarddelayisthemaximumtime(inseconds)therootdevicewillwaitbeforechanging states(i.e.,listeningtolearningtoforwarding).Thisdelayisrequiredbecauseeverydevicemust receiveinformationabouttopologychangesbeforeitstartstoforwardframes.Inaddition,each portneedstimetolistenforconflictinginformationthatwouldmakeitreturntoablockingstate; otherwise,temporarydataloopsmightresult.

    Example
    Thisexampleshowshowtogloballysetthebridgeforwarddelayto16seconds:
    G3(su)->set spantree fwddelay 16

    clear spantree fwddelay


    UsethiscommandtoresettheSpanningTreeforwarddelaytothedefaultsettingof15seconds.

    Syntax
    clear spantree fwddelay

    Parameters
    None.

    Defaults
    None.

    6-20

    Spanning Tree Configuration

    show spantree backuproot

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtogloballyresetthebridgeforwarddelay:
    G3(su)->clear spantree fwddelay

    show spantree backuproot


    UsethiscommandtodisplaythebackuprootstatusforanMSTinstance.

    Syntax
    show spantree backuproot [sid]

    Parameters
    sid (Optional)DisplaybackuprootstatusforaspecificSpanningTree identifier.Validvaluesare04094.Ifnotspecified,SID0isassumed.

    Defaults
    IfaSIDisnotspecified,thenstatuswillbeshownforSpanningTreeinstance0.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaythestatusofthebackuprootfunctiononSID0:
    G3(rw)->show spantree backuproot Backup root is set to disable on sid 0

    set spantree backuproot


    UsethiscommandtoenableordisabletheSpanningTreebackuprootfunctionontheswitch.

    Syntax
    set spantree backuproot sid {disable | enable}

    Parameters
    sid disable|enable SpecifiestheSpanningTreeinstanceonwhichtoenableordisablethe backuprootfunction.Validvaluesare04094. Enablesordisablesthebackuprootfunction.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.
    Enterasys G-Series CLI Reference 6-21

    clear spantree backuproot

    Usage
    TheSpanningTreebackuprootfunctionisdisabledbydefaultontheGSeries.Whenthisfeature isenabledandtheswitchisdirectlyconnectedtotherootbridge,staleSpanningTreeinformation ispreventedfromcirculatingiftherootbridgeislost.Iftherootbridgeislost,thebackuprootwill dynamicallyloweritsbridgeprioritysothatitwillbeselectedasthenewrootoverthelostroot bridge.

    Example
    ThisexampleshowshowtoenablethebackuprootfunctiononSID2:
    G3(rw)->set spantree backuproot 2 enable

    clear spantree backuproot


    UsethiscommandtoresettheSpanningTreebackuprootfunctiontothedefaultstateofdisabled.

    Syntax
    clear spantree backuproot sid

    Parameters
    sid SpecifiestheSpanningTreeonwhichtoclearthebackuproot function.Validvaluesare04094.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresetthebackuprootfunctiontodisabledonSID2:
    G3(rw)->clear spantree backuproot 2

    show spantree tctrapsuppress


    UsethiscommandtodisplaythestatusoftopologychangetrapsuppressiononRapidSpanning Treeedgeports.

    Syntax
    show spantree tctrapsuppress

    Parameters
    None.

    Defaults
    None.

    6-22

    Spanning Tree Configuration

    set spantree tctrapsuppress

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaythestatusoftopologychangetrapsuppression:
    G3(rw)->show spantree tctrapsuppress Topology change Trap Suppression is set to enabled

    set spantree tctrapsuppress


    UsethiscommandtodisableorenabletopologychangetrapsuppressiononRapidSpanningTree edgeports.

    Syntax
    set spantree tctrapsuppress {disable | enable}

    Parameters
    disable|enable Disablesorenablestopologychangetrapsuppression.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Bydefault,RSTPnonedge(bridge)portsthattransitiontoforwardingorblockingcausethe switchtoissueatopologychangetrap.Whentopologychangetrapsuppressionisenabled,which isthedevicedefault,edgeports(suchasendstationPCs)arepreventedfromsendingtopology changetraps.Thisisbecausethereisusuallynoneedfornetworkmanagementtomonitoredge portSTPtransitionstates,suchaswhenPCsarepoweredon.Whentopologychangetrap suppressionisdisabled,allports,includingedgeandbridgeports,willtransmittopologychange traps.

    Example
    ThisexampleshowshowtoallowRapidSpanningTreeedgeportstotransmittopologychange traps:
    G3(rw)->set spantree tctrapsuppress disable

    clear spantree tctrapsuppress


    UsethiscommandtoclearthestatusoftopologychangetrapsuppressiononRapidSpanning Treeedgeportstothedefaultstateofenabled(edgeporttopologychangesdonotgeneratetraps).

    Syntax
    clear spantree tctrapsuppress

    Enterasys G-Series CLI Reference

    6-23

    set spantree protomigration

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtocleartopologychangetrapsuppressionsetting:
    G3(rw)->clear spantree tctrapsuppress

    set spantree protomigration


    UsethiscommandtoresettheprotocolstatemigrationmachineforoneormoreSpanningTree ports.WhenoperatinginRSTPmode,thisforcesaporttotransmitMSTPBPDUs.

    Syntax
    set spantree protomigration <port-string>

    Parameters
    portstring Resettheprotocolstatemigrationmachineforspecificport(s).Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoresettheprotocolstatemigrationmachineonport20:
    G3(su)->set spantree protomigration ge.1.20

    show spantree spanguard


    UsethiscommandtodisplaythestatusoftheSpanningTreeSpanGuardfunction.

    Syntax
    show spantree spanguard

    Parameters
    None.

    6-24

    Spanning Tree Configuration

    set spantree spanguard

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaytheSpanGuardfunctionstatus:
    G3(su)->show spantree spanguard Spanguard is disabled

    set spantree spanguard


    UsethiscommandtoenableordisabletheSpanningTreeSpanGuardfunction.

    Syntax
    set spantree spanguard {enable | disable}

    Parameters
    enable|disable EnablesordisablestheSpanGuardfunction.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    SpanGuardisdesignedtodisable,orlockoutanedgeportwhenanunexpectedBPDUis received.Theportcanbeconfiguredtobereenabledafterasettimeperiod,oronlyaftermanual intervention. Aportcanbedefinedasanedge(user)portusingthesetspantreeadminedgecommand, describedinsetspantreeadminedgeonpage 637.Aportdesignatedasanedgeportis expectedtobeconnectedtoaworkstationorotherendusertypeofdevice,andnottoanother switchinthenetwork.WhenSpanguardisenabled,ifanonloopbackBPDUisreceivedonan edgeport,theSpanningTreestateofthatportwillbechangedtoblockingandwillnolonger forwardtraffic.Theportwillremaindisableduntiltheamountoftimedefinedbysetspantree spanguardtimeout(setspantreespanguardtimeoutonpage 626)haspassedsincethelastseen BPDU,theportismanuallyunlocked(setorclearspantreespanguardlock,clear/setspantree spanguardlockonpage 628),theconfigurationoftheportischangedsoitisnotlongeranedge port,ortheSpanGuardfunctionisdisabled. SpanGuardisenabledanddisabledonlyonaglobalbasis.Bydefault,SpanGuardisdisabledand SpanGuardtrapsareenabled.

    Example
    ThisexampleshowshowtoenabletheSpanGuardfunction:
    G3(rw)->set spantree spanguard enable
    Enterasys G-Series CLI Reference 6-25

    clear spantree spanguard

    clear spantree spanguard


    UsethiscommandtoresetthestatusoftheSpanningTreeSpanGuardfunctiontodisabled.

    Syntax
    clear spantree spanguard

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresetthestatusoftheSpanGuardfunctiontodisabled:
    G3(rw)->clear spantree spanguard

    show spantree spanguardtimeout


    UsethiscommandtodisplaytheSpanningTreeSpanGuardtimeoutsetting.

    Syntax
    show spantree spanguardtimeout

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaytheSpanGuardtimeoutsetting:
    G3(su)->show spantree spanguardtimeout Spanguard timeout: 300

    set spantree spanguardtimeout


    Usethiscommandtosettheamountoftime(inseconds)anedgeportwillremainlockedbythe SpanGuardfunction.

    6-26

    Spanning Tree Configuration

    clear spantree spanguardtimeout

    Syntax
    set spantree spanguardtimeout timeout

    Parameters
    timeout Specifiesatimeoutvalueinseconds.Validvaluesare0to65535. Avalueof0willkeeptheportlockeduntilmanuallyunlocked.Thedefault valueis300seconds.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosettheSpanGuardtimeoutto600seconds:
    G3(su)->set spantree spanguardtimeout 600

    clear spantree spanguardtimeout


    UsethiscommandtoresettheSpanningTreeSpanGuardtimeouttothedefaultvalueof300 seconds.

    Syntax
    clear spantree spanguardtimeout

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresettheSpanGuardtimeoutto300seconds:
    G3(rw)->clear spantree spanguardtimeout

    show spantree spanguardlock


    UsethiscommandtodisplaytheSpanGuardlockstatusofoneormoreports.

    Syntax
    show spantree spanguardlock [port-string]

    Enterasys G-Series CLI Reference

    6-27

    clear / set spantree spanguardlock

    Parameters
    portstring (Optional)Specifiestheport(s)forwhichtoshowSpanGuardlockstatus. Foradetaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    Ifnoportstringisspecified,theSpanGuardlockstatusforallportsisdisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaytheSpanGuardlockstatusforge.1.1:
    G3(su)->show spantree spanguardlock ge.1.1 Port ge.1.1 is Unlocked

    clear / set spantree spanguardlock


    UseeitherofthesecommandstounlockoneormoreportslockedbytheSpanningTree SpanGuardfunction.WhenSpanGuardisenabled,itlocksportsthatreceiveBPDUswhenthose portshavebeendefinedasedge(user)ports(asdescribedinsetspantreeadminedgeon page 637).

    Syntax
    clear spantree spanguardlock port-string set spantree spanguardlock port-string

    Parameters
    portstring Specifiesport(s)tounlock.Foradetaileddescriptionofpossibleportstring values,refertoPortStringSyntaxUsedintheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtounlockportge.1.16:
    G3(rw)->clear spantree spanguardlock ge.1.16

    show spantree spanguardtrapenable


    UsethiscommandtodisplaythestateoftheSpanningTreeSpanGuardtrapfunction.

    6-28

    Spanning Tree Configuration

    set spantree spanguardtrapenable

    Syntax
    show spantree spanguardtrapenable

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaythestateoftheSpanGuardtrapfunction:
    G3(ro)->show spantree spanguardtrapenable Spanguard SNMP traps are enabled

    set spantree spanguardtrapenable


    UsethiscommandtoenableordisablethesendingofanSNMPtrapmessagewhenSpanGuard haslockedaport.

    Syntax
    set spantree spanguardtrapenable {disable | enable}

    Parameters
    disable|enable DisablesorenablessendingSpanGuardtraps.Bydefault,sendingtraps isenabled.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodisabletheSpanGuardtrapfunction:
    G3(su)->set spantree spanguardtrapenable disable

    clear spantree spanguardtrapenable


    UsethiscommandtoresettheSpanningTreeSpanGuardtrapfunctionbacktothedefaultstateof enabled.

    Syntax
    clear spantree spanguardtrapenable

    Enterasys G-Series CLI Reference

    6-29

    show spantree legacypathcost

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresettheSpanGuardtrapfunctiontoenabled:
    G3(rw)->clear spantree spanguardtrapenable

    show spantree legacypathcost


    UsethiscommandtodisplaythedefaultSpanningTreepathcostsetting.

    Syntax
    show spantree legacypathcost

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaythedefaultSpanningTreepathcostsetting.
    G3(su)->show spantree legacypathcost Legacy Path Cost is disabled.

    set spantree legacypathcost


    Usethiscommandtoenableordisablelegacy(802.1D)pathcostvalues.

    Syntax
    set spantree legacypathcost {disable | enable}

    Parameters
    disable enable Use802.1t2001valuestocalculatepathcost. Use802.1d1998valuestocalculatepathcost.

    6-30

    Spanning Tree Configuration

    clear spantree legacypathcost

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Bydefault,legacypathcostisdisabled.Enablingthedevicetocalculatelegacypathcostsaffects therangeofvalidvaluesthatcanbeenteredinthesetspantreeadminpathcostcommand.

    Example
    Thisexampleshowshowtosetthedefaultpathcostvaluesto802.1D.
    G3(rw)->set spantree legacypathcost enable

    clear spantree legacypathcost


    UsethiscommandtosettheSpanningTreedefaultvalueforlegacypathcostto802.1tvalues.

    Syntax
    clear spantree legacypathcost

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleclearsthelegacypathcostto802.1tvalues.
    G3(rw)->clear spantree legacypathcost

    Configuring Spanning Tree Port Parameters


    Purpose
    TodisplayandsetSpanningTreeportparameters.

    Commands
    For information about... set spantree portadmin clear spantree portadmin show spantree portadmin Refer to page... 6-32 6-32 6-33

    Enterasys G-Series CLI Reference

    6-31

    set spantree portadmin

    For information about... show spantree portpri set spantree portpri clear spantree portpri show spantree adminpathcost set spantree adminpathcost clear spantree adminpathcost show spantree adminedge set spantree adminedge clear spantree adminedge

    Refer to page... 6-33 6-34 6-35 6-35 6-36 6-36 6-37 6-37 6-38

    set spantree portadmin


    UsethiscommandtodisableorenabletheSpanningTreealgorithmononeormoreports.

    Syntax
    set spantree portadmin port-string {disable | enable}

    Parameters
    portstring Specifiestheport(s)forwhichtoenableordisableSpanningTree.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41. DisablesorenablesSpanningTree.

    disable|enable

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodisableSpanningTreeonge.1.5:
    G3(rw)->set spantree portadmin ge.1.5 disable

    clear spantree portadmin


    UsethiscommandtoresetthedefaultSpanningTreeadminstatustoenableononeormoreports.

    Syntax
    clear spantree portadmin port-string

    6-32

    Spanning Tree Configuration

    show spantree portadmin

    Parameters
    portstring Resetsthedefaultadminstatusonspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresetthedefaultSpanningTreeadminstatetoenableonge.1.12:
    G3(rw)->clear spantree portadmin ge.1.12

    show spantree portadmin


    UsethiscommandtodisplaythestatusoftheSpanningTreealgorithmononeormoreports.

    Syntax
    show spantree portadmin [port port-string]

    Parameters
    portportstring (Optional)Displaysstatusforspecificport(s).Foradetaileddescriptionof possibleportstringvalues,refertoPortStringSyntaxUsedintheCLI onpage 41.

    Defaults
    Ifportstringisnotspecified,statuswillbedisplayedforallports.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplayportadminstatusforge.1.1:
    G3(ro)->show spantree portadmin port ge.1.1 Port ge.1.1 has portadmin set to enabled

    show spantree portpri


    UsethiscommandtoshowtheSpanningTreepriorityforoneormoreports.Portpriorityisa componentoftheportID,whichisoneelementusedindeterminingSpanningTreeportroles.

    Syntax
    show spantree portpri [port port-string] [sid sid]

    Enterasys G-Series CLI Reference

    6-33

    set spantree portpri

    Parameters
    portportstring (Optional)Specifiestheport(s)forwhichtodisplaySpanningTreepriority. Foradetaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41. (Optional)DisplaysportpriorityforaspecificSpanningTreeidentifier. Validvaluesare04094.Ifnotspecified,SID0isassumed.

    sidsid

    Defaults
    Ifportstringisnotspecified,portprioritywillbedisplayedforallSpanningTreeports. Ifsidisnotspecified,portprioritywillbedisplayedforSpanningTree0.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaytheportpriorityforge.2.7:
    G3(su)->show spantree portpri port ge.2.7 Port ge.2.7 has a Port Priority of 128 on SID 0

    set spantree portpri


    UsethiscommandtosetaportsSpanningTreepriority.

    Syntax
    set spantree portpri port-string priority [sid sid]

    Parameters
    portstring Specifiestheport(s)forwhichtosetSpanningTreeportpriority.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41. SpecifiesanumberthatrepresentsthepriorityofalinkinaSpanningTree bridge.Validvaluesarefrom0to240(inincrementsof16)with0 indicatinghighpriority. (Optional)SetsportpriorityforaspecificSpanningTreeidentifier.Valid valuesare04094.Ifnotspecified,SID0isassumed.

    priority

    sidsid

    Defaults
    Ifsidisnotspecified,portprioritywillbesetforSpanningTree0.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosetthepriorityofge.1.3to240onSID1
    G3(su)->set spantree portpri ge.1.3 240 sid 1

    6-34

    Spanning Tree Configuration

    clear spantree portpri

    clear spantree portpri


    UsethiscommandtoresetthebridgepriorityofaSpanningTreeporttoadefaultvalueof128.

    Syntax
    clear spantree portpri port-string [sid sid]

    Parameters
    portstring Specifiestheport(s)forwhichtosetSpanningTreeportpriority.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41. (Optional)ResetstheportpriorityforaspecificSpanningTreeidentifier. Validvaluesare04094.Ifnotspecified,SID0willbeassumed.

    sidsid

    Defaults
    Ifsidisnotspecified,portprioritywillbesetforSpanningTree0.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoresetthepriorityofge.1.3to128onSID1
    G3(su)->clear spantree portpri ge.1.3 sid 1

    show spantree adminpathcost


    UsethiscommandtodisplaytheadminpathcostforaportononeormoreSpanningTrees.

    Syntax
    show spantree adminpathcost [port port-string] [sid sid]

    Parameters
    portportstring (Optional)Displaystheadminpathcostvalueforspecificport(s).Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41. (Optional)DisplaystheadminpathcostforaspecificSpanningTree identifier.Validvaluesare04094.Ifnotspecified,SID0willbeassumed.

    sidsid

    Defaults
    Ifportstringisnotspecified,adminpathcostforallSpanningTreeportswillbedisplayed. Ifsidisnotspecified,adminpathcostforSpanningTree0willbedisplayed.

    Mode
    Switchcommand,readonly.

    Enterasys G-Series CLI Reference

    6-35

    set spantree adminpathcost

    Example
    Thisexampleshowshowtodisplaytheadminpathcostforge.3.4onSID1:
    G3(su)->show spantree adminpathcost port ge.3.4 sid 1 Port ge.3.4 has a Port Admin Path Cost of 0 on SID 1

    set spantree adminpathcost


    UsethiscommandtosettheadministrativepathcostonaportandoneormoreSpanningTrees.

    Syntax
    set spantree adminpathcost port-string cost [sid sid]

    Parameters
    portstring Specifiestheport(s)onwhichtosetanadminpathcost.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41. Specifiestheportpathcost.Va1idvaluesare0200000000. (Optional)SetstheadminpathcostforaspecificSpanningTreeidentifier. Validvaluesare04094.Ifnotspecified,SID0willbeassumed.

    cost sidsid

    Defaults
    Ifsidisnotspecified,adminpathcostwillbesetforSpanningTree0.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosettheadminpathcostto200forge.3.2onSID1:
    G3(su)->set spantree adminpathcost ge.3.2 200 sid 1

    clear spantree adminpathcost


    UsethiscommandtoresettheSpanningTreedefaultvalueforportadminpathcostto0.

    Syntax
    clear spantree adminpathcost port-string [sid sid]

    Parameters
    portstring Specifiestheport(s)forwhichtoresetadminpathcost.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntax UsedintheCLIonpage 41. (Optional)ResetstheadminpathcostforspecificSpanningTree(s). Validvaluesare04094.Ifnotspecified,SID0isassumed.

    sidsid

    6-36

    Spanning Tree Configuration

    show spantree adminedge

    Defaults
    Ifsidisnotspecified,adminpathcostwillberesetforSpanningTree0.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoresettheadminpathcostto0forge.3.2onSID1:
    G3(su)->clear spantree adminpathcost ge.3.2 sid 1

    show spantree adminedge


    Usethiscommandtodisplaytheedgeportadministrativestatusforaport.

    Syntax
    show spantree adminedge [port port-string]

    Parameters
    portstring (Optional)Displaysedgeportadministrativestatusforspecific port(s).Foradetaileddescriptionofpossibleportstringvalues, refertoPortStringSyntaxUsedintheCLIonpage 41.

    Defaults
    IfportstringisnotspecifiededgeportadministrativestatuswillbedisplayedforallSpanning Treeports.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaytheedgeportstatusforge.3.2:
    G3(su)->show spantree adminedge port ge.3.2 Port ge.3.2 has a Port Admin Edge of Edge-Port

    set spantree adminedge


    UsethiscommandtosettheedgeportadministrativestatusonaSpanningTreeport.

    Syntax
    set spantree adminedge port-string {true | false}

    Parameters
    portstring true|false Specifiestheedgeport.Foradetaileddescriptionofpossibleportstring values,refertoPortStringSyntaxUsedintheCLIonpage 41. Enables(true)ordisables(false)thespecifiedportasaSpanningTreeedge port.
    Enterasys G-Series CLI Reference 6-37

    clear spantree adminedge

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Thedefaultbehavioroftheedgeportadministrativestatusbeginswiththevaluesettofalse initiallyafterthedeviceispoweredup.IfaSpanningTreeBDPUisnotreceivedontheportwithin afewseconds,thestatussettingchangestotrue.

    Example
    Thisexampleshowshowtosetge.1.11asanedgeport:
    G3(su)->set spantree adminedge ge.1.11 true

    clear spantree adminedge


    UsethiscommandtoresetaSpanningTreeporttononedgestatus.

    Syntax
    clear spantree adminedge port-string

    Parameters
    portstring Specifiesport(s)onwhichtoresetedgeportstatus.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoresetge.1.11asanonedgeport:
    G3(su)->clear spantree adminedge ge.1.11

    Configuring Spanning Tree Loop Protect Parameters


    Purpose
    TodisplayandsetSpanningTreeLoopProtectparameters,includingtheglobalparametersof LoopProtectthreshold,window,enablingtraps,anddisputedBPDUthreshold,aswellasper portandport/SIDparameters.SeeLoopProtectonpage 62formoreinformationaboutthe LoopProtectfeature.

    6-38

    Spanning Tree Configuration

    set spantree lp

    Commands
    For information about... set spantree lp show spantree lp clear spantree lp show spantree lplock clear spantree lplock set spantree lpcapablepartner show spantree lpcapablepartner clear spantree lpcapablepartner set spantree lpthreshold show spantree lpthreshold clear spantree lpthreshold set spantree lpwindow show spantree lpwindow clear spantree lpwindow set spantree lptrapenable show spantree lptrapenable clear spantree lptrapenable set spantree disputedbpduthreshold show spantree disputedbpduthreshold clear spantree disputedbpduthreshold show spantree nonforwardingreason Refer to page... 6-39 6-40 6-41 6-41 6-42 6-42 6-43 6-44 6-44 6-45 6-45 6-46 6-46 6-47 6-47 6-48 6-48 6-48 6-49 6-50 6-50

    set spantree lp
    UsethiscommandtoenableordisabletheLoopProtectfeatureperportandoptionally,perSID. TheLoopProtectfeatureisdisabledbydefault.SeeLoopProtectonpage 2.formore information.

    Syntax
    set spantree lp port-string {enable | disable} [sid sid]

    Parameters
    portstring enable|disable sidsid Specifiesport(s)onwhichtoenableordisabletheLoopProtectfeature. Enablesordisablesthefeatureonthespecifiedport. (Optional)EnablesordisablesthefeatureforspecificSpanningTree(s). Validvaluesare04094.Ifnotspecified,SID0isassumed.

    Enterasys G-Series CLI Reference

    6-39

    show spantree lp

    Defaults
    IfnoSIDisspecified,SID0isassumed.

    Mode
    Switchcommand,readwrite.

    Usage
    LoopProtecttakesprecedenceoverperportSTPenable/disable(portAdmin).Normally portAdmindisabledwouldcauseaporttogoimmediatelytoforwarding.IfLoopProtectis enabled,thatportshouldgotolisteningandremainthere.
    Note: The Loop Protect enable/disable settings for an MSTI port should match those for the CIST port.

    Example
    ThisexampleshowshowtoenableLoopProtectonge.2.3:
    G3(su)->set spantree lp ge.1.11 enable

    show spantree lp
    UsethiscommandtodisplaytheLoopProtectstatusperportand/orperSID.

    Syntax
    show spantree lp [port port-string] [sid sid]

    Parameters
    portstring sidsid (Optional)Specifiesport(s)forwhichtodisplaytheLoopProtect featurestatus. (Optional)SpecifiesthespecificSpanningTree(s)forwhichtodisplay theLoopProtectfeaturestatus.Validvaluesare04094.Ifnot specified,SID0isassumed.

    Defaults
    Ifnoportstringisspecified,statusisdisplayedforallports. IfnoSIDisspecified,SID0isassumed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayLoopProtectstatusonge.2.3:
    G3(su)->show spantree lp port ge.2.3 LoopProtect is disabled on port ge.2.3 , SI

    6-40

    Spanning Tree Configuration

    clear spantree lp

    clear spantree lp
    UsethiscommandtoreturntheLoopProtectstatusperportandoptionally,perSID,toitsdefault stateofdisabled.

    Syntax
    clear spantree lp port-string [sid sid]

    Parameters
    portstring sidsid Specifiesport(s)forwhichtocleartheLoopProtectfeaturestatus. (Optional)SpecifiesthespecificSpanningTree(s)forwhichtoclearthe LoopProtectfeaturestatus.Validvaluesare04094.Ifnotspecified, SID0isassumed.

    Defaults
    IfnoSIDisspecified,SID0isassumed.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoreturntheLoopProtectstateonge.2.3todisabled:
    G3(rw)->clear spantree lp port ge.2.3

    show spantree lplock


    UsethiscommandtodisplaytheLoopProtectlockstatusperportand/orperSID.Aportcan becomelockedifaconfigurednumberofLoopProtecteventsoccurduringtheconfigured windowoftime.Seethesetspantreelpthresholdandsetspantreelpwindowcommands.Oncea portisforcedintoblocking(locked),itremainslockeduntilmanuallyunlockedwiththeclear spantreelplockcommand.

    Syntax
    show spantree lplock [port port-string] [sid sid]

    Parameters
    portstring sidsid (Optional)Specifiesport(s)forwhichtodisplaytheLoopProtectlock status. (Optional)SpecifiesthespecificSpanningTree(s)forwhichtodisplay theLoopProtectlockstatus.Validvaluesare04094.Ifnotspecified, SID0isassumed.

    Defaults
    Ifnoportstringisspecified,statusisdisplayedforallports. IfnoSIDisspecified,SID0isassumed.

    Enterasys G-Series CLI Reference

    6-41

    clear spantree lplock

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayLoopProtectlockstatusonge.1.1:
    G3(rw)->show spantree lplock port ge.1.1 The LoopProtect lock status for port ge.1.1 , SID 0 is UNLOCKED

    clear spantree lplock


    Usethiscommandtomanuallyunlockablockedportandoptionally,perSID.Thedefaultstateis unlocked.

    Syntax
    clear spantree lplock port-string [sid sid]

    Parameters
    portstring sidsid Specifiesport(s)forwhichtocleartheLoopProtectlock. (Optional)SpecifiesthespecificSpanningTree(s)forwhichtoclearthe LoopProtectlock.Validvaluesare04094.Ifnotspecified,SID0is assumed.

    Defaults
    IfnoSIDisspecified,SID0isassumed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtoclearLoopProtectlockfromge.1.1:
    G3(rw)->show spantree lplock port ge.1.1 The LoopProtect lock status for port ge.1.1 G3(rw)->clear spantree lplock ge.1.1 G3(rw)->show spantree lplock port ge.1.1 The LoopProtect lock status for port ge.1.1 , SID 0 is LOCKED

    , SID 0 is UNLOCKED

    set spantree lpcapablepartner


    UsethiscommandtospecifyperportwhetherthelinkpartnerisLoopProtectcapable.SeeLoop Protectonpage 2.formoreinformation.

    Syntax
    set spantree lpcapablepartner port-string {true | false}

    Parameters
    portstring Specifiesport(s)forwhichtoconfigureaLoopProtectcapablelink partner.

    6-42

    Spanning Tree Configuration

    show spantree lpcapablepartner

    true|false

    Specifieswhetherthelinkpartneriscapable(true)ornot(false).

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    ThedefaultvalueforLoopProtectcapablepartnerisfalse.IftheportisconfiguredwithaLoop Protectcapablepartner(true),thenthefullfunctionalityoftheLoopProtectfeatureisused.Ifthe valueisfalse,thenthereissomeambiguityastowhetheranActivePartnertimeoutisduetoa loopprotectioneventorisanormalsituationduetothefactthatthepartnerportdoesnot transmitAlternateAgreementBPDUs.Therefore,aconservativeapproachistakeninthat designatedportswillnotbeallowedtoforwardunlessreceivingagreementsfromaportwithroot role. Thistypeoftimeoutwillnotbeconsideredaloopprotectionevent.Loopprotectionismaintained bykeepingtheportfromforwardingbutsincethisisnotconsideredaloopeventitwillnotbe factoredintolockingtheport.

    Example
    ThisexampleshowshowtosettheLoopProtectcapablepartnertotrueforge.1.1:
    G3(rw)->set spantree lpcapablepartner ge.1.1 true

    show spantree lpcapablepartner


    UsethiscommandtotheLoopProtectcapabilityofalinkpartnerforoneormoreports.

    Syntax
    show spantree lpcapablepartner [port port-string]

    Parameters
    portstring (Optional)Specifiesport(s)forwhichtodisplayLoopProtectcapability foritslinkpartner.

    Defaults
    Ifnoportstringisspecified,LoopProtectcapabilityforlinkpartnersisdisplayedforallports.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaytheLoopProtectpartnercapabilityforge.1.1:
    G3(rw)->show spantree lpcapablepartner port ge.1.1 Link partner of port ge.1.1 is not LoopProtect-capable

    Enterasys G-Series CLI Reference

    6-43

    clear spantree lpcapablepartner

    clear spantree lpcapablepartner


    UsethiscommandtoresettheLoopProtectcapabilityofportlinkpartnerstothedefaultstateof false.

    Syntax
    clear spantree lpcapablepartner port-string

    Parameters
    portstring Specifiesport(s)forwhichtocleartheirlinkpartnersLoopProtect capability(resettofalse).

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresettheLoopProtectpartnercapabilityforge.1.1:
    G3(rw)->clear spantree lpcapablepartner ge.1.1

    set spantree lpthreshold


    UsethiscommandtosettheLoopProtecteventthreshold.

    Syntax
    set spantree lpthreshold value

    Parameters
    value Specifiesthenumberofeventsthatmustoccurduringtheevent windowinordertolockaport/SID.Thedefaultvalueis3events.A thresholdof0specifiesthatportswillneverbelocked.

    Defaults
    None.Thedefaulteventthresholdis3.

    Mode
    Switchcommand,readwrite.

    Usage
    TheLoopProtecteventthresholdisaglobalintegervariablethatprovidesprotectioninthecaseof intermittentfailures.Thedefaultvalueis3.Iftheeventcounterreachesthethresholdwithina givenperiod(theeventwindow),thentheport,forthegivenSID,becomeslocked(thatis,held indefinitelyintheblockingstate).Ifthethresholdis0,theportsareneverlocked.

    6-44

    Spanning Tree Configuration

    show spantree lpthreshold

    Example
    ThisexampleshowshowtosettheLoopProtectthresholdvalueto4:
    G3(rw)->set spantree lpthreshold 4

    show spantree lpthreshold


    UsethiscommandtodisplaythecurrentvalueoftheLoopProtecteventthreshold.

    Syntax
    show spantree lpthreshold

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaythecurrentLoopProtectthresholdvalue:
    G3(rw)->show spantree lpthreshold The Loop Protect event threshold value is 4

    clear spantree lpthreshold


    UsethiscommandtoreturntheLoopProtecteventthresholdtoitsdefaultvalueof3.

    Syntax
    clear spantree lpthreshold

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresettheLoopProtecteventthresholdtothedefaultof3:
    G3(rw)->clear spantree lpthreshold

    Enterasys G-Series CLI Reference

    6-45

    set spantree lpwindow

    set spantree lpwindow


    UsethiscommandtosettheLoopProtecteventwindowvalueinseconds.

    Syntax
    set spantree lpwindow value

    Parameters
    value Specifiesthenumberofsecondsthatcomprisetheperiodduringwhich LoopProtecteventsarecounted.Thedefaulteventwindowis180 seconds.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    TheLoopProtectWindowisatimervalue,inseconds,thatdefinesaperiodduringwhichLoop Protecteventsarecounted.Thedefaultvalueis180seconds.Ifthetimerissetto0,theevent counterisnotresetuntiltheLoopProtecteventthresholdisreached.Ifthethresholdisreached, thatconstitutesaloopprotectionevent.

    Example
    ThisexampleshowshowtosettheLoopProtecteventwindowto120seconds:
    G3(rw)->set spantree lpwindow 120

    show spantree lpwindow


    UsethiscommandtodisplaythecurrentLoopProtecteventwindowvalue.

    Syntax
    show spantree lpwindow

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaythecurrentLoopProtectwindowvalue:
    G3(rw)->show spantree lpwindow The Loop Protect event window is set to 120 seconds
    6-46 Spanning Tree Configuration

    clear spantree lpwindow

    clear spantree lpwindow


    UsethiscommandtoresettheLoopProtecteventwindowtothedefaultvalueof180seconds.

    Syntax
    clear spantree lpwindow

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresettheLoopProtecteventwindowtothedefaultof180seconds:
    G3(rw)->clear spantree lpwindow

    set spantree lptrapenable


    UsethiscommandtoenableordisableLoopProtecteventnotification.

    Syntax
    set spantree lptrapenable {enable | disable}

    Parameters
    enable|disable EnablesordisablesthesendingofLoopProtecttraps.Defaultis disabled.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    LoopProtecttrapsaresentwhenaLoopProtecteventoccurs,thatis,whenaportgoestolistening duetonotreceivingBPDUs.Thetrapindicatesport,SIDandloopprotectionstatus.

    Example
    ThisexampleshowshowtoenablesendingofLoopProtecttraps:
    G3(rw)->set spantree lptrapenable enable

    Enterasys G-Series CLI Reference

    6-47

    show spantree lptrapenable

    show spantree lptrapenable


    UsethiscommandtodisplaythecurrentstatusofLoopProtecteventnotification.

    Syntax
    show spantree lptrapenable

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaythecurrentLoopProtecteventnotificationstatus:
    G3(rw)->show spantree lptrapenable The Loop Protect event notification status is enable

    clear spantree lptrapenable


    UsethiscommandtoreturntheLoopProtecteventnotificationstatetoitsdefaultstateof disabled.

    Syntax
    clear spantree lptrapenable

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresettheLoopProtecteventnotificationstatetothedefaultof disabled.
    G3(rw)->clear spantree lptrapenable

    set spantree disputedbpduthreshold


    UsethiscommandtosetthedisputedBPDUthreshold,whichisthenumberofdisputedBPDUs thatmustbereceivedonagivenport/SIDuntiladisputedBPDUtrapissent.
    6-48 Spanning Tree Configuration

    show spantree disputedbpduthreshold

    Syntax
    set spantree disputedbpduthreshold value

    Parameters
    value SpecifiesthenumberofdisputedBPDUsthatmustbereceivedona givenport/SIDtocauseadisputedBPDUtraptobesent. Athresholdof0indicatesthattrapsshouldnotbesent.Thedefault valueis0.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    AdisputedBPDUisoneinwhichtheflagsfieldindicatesadesignatedroleandlearning,andthe priorityvectorisworsethanthatalreadyheldbytheport.IfadisputedBPDUisreceivedtheport isforcedtothelisteningstate.Refertothe802.1Q2005standard,IEEEStandardforLocaland MetropolitanAreaNetworksVirtualBridgedLocalAreaNetworks,forafulldescriptionofthe disputemechanism,whichpreventsloopingincasesofonewaycommunication. ThedisputedBPDUthresholdisanintegervariablethatrepresentsthenumberofdisputed BPDUsthatmustbereceivedonagivenport/SIDuntiladisputedBPDUtrapissentandasyslog messageisissued.Forexample,ifthethresholdis10,thenatrapisissuedwhen10,20,30,andso on,disputedBPDUshavebeenreceived. Ifthevalueis0,trapsarenotsent.Thetrapindicatesport,SIDandtotalDisputedBPDUcount. Thedefaultis0.

    Example
    ThisexampleshowshowtosetthedisputedBPDUthresholdvalueto5:
    G3(rw)->set spantree disputedbpduthreshold 5

    show spantree disputedbpduthreshold


    UsethiscommandtodisplaythecurrentvalueofthedisputedBPDUthreshold.

    Syntax
    show spantree disputedbpduthreshold

    Parameters
    None.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    6-49

    clear spantree disputedbpduthreshold

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaythecurrentdisputedBPDUthreshold:
    G3(rw)->show spantree disputedbpduthreshold The disputed BPDU threshold value is 0

    clear spantree disputedbpduthreshold


    UsethiscommandtoreturnthedisputedBPDUthresholdtoitsdefaultvalueof0,meaningthat disputedBPDUtrapsshouldnotbesent.

    Syntax
    clear spantree disputedbpduthreshold

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresetthedisputedBPDUthresholdtothedefaultof0:
    G3(rw)->clear spantree disputedbpduthreshold

    show spantree nonforwardingreason


    Usethiscommandtodisplaythereasonforplacingaportinanonforwardingstateduetoan exceptionalcondition.

    Syntax
    show spantree nonforwardingreason port-string [sid sid]

    Parameters
    portstring sidsid Specifiesport(s)forwhichtodisplaythenonforwardingreason. (Optional)SpecifiesthespecificSpanningTree(s)forwhichtodisplay thenonforwardingreason.Validvaluesare04094.Ifnotspecified, SID0isassumed.

    Defaults
    Ifnoportstringisspecified,nonforwardingreasonisdisplayedforallports. IfnoSIDisspecified,SID0isassumed.
    6-50 Spanning Tree Configuration

    show spantree nonforwardingreason

    Mode
    Switchcommand,readonly.

    Usage
    ExceptionalconditionscausingaporttobeplacedinlisteningorblockingstateincludeaLoop Protectevent,receiptofdisputedBPDUs,andloopbackdetection.

    Example
    Thisexampleshowshowtodisplaythenonforwardingreasononge.1.1:
    G3(rw)->show spantree nonforwardingreason port ge.1.1 The non-forwarding reason for port ge.1.1 on SID 0 is None

    Enterasys G-Series CLI Reference

    6-51

    show spantree nonforwardingreason

    6-52

    Spanning Tree Configuration

    7
    802.1Q VLAN Configuration
    ThischapterdescribestheGSeriessystemscapabilitiestoimplement802.1QvirtualLANs (VLANs).
    For information about... VLAN Configuration Summary Viewing VLANs Creating and Naming Static VLANs Assigning Port VLAN IDs (PVIDs) and Ingress Filtering Configuring the VLAN Egress List Setting the Host VLAN Enabling/Disabling GVRP (GARP VLAN Registration Protocol) Refer to page... 7-1 7-2 7-4 7-6 7-11 7-16 7-18

    VLAN Configuration Summary


    VirtualLANsallowthenetworkadministratortopartitionnetworktrafficintologicalgroupsand controltheflowofthattrafficthroughthenetwork.Oncethetrafficand,ineffect,theusers creatingthetraffic,areassignedtoaVLAN,thenbroadcastandmulticasttrafficiscontained withintheVLANanduserscanbeallowedordeniedaccesstoanyofthenetworksresources. Also,someoralloftheportsonthedevicecanbeconfiguredasGVRPports,whichenableframes receivedwithaparticularVLANIDandprotocoltobetransmittedonalimitednumberofports. ThiskeepsthetrafficassociatedwithaparticularVLANandprotocolisolatedfromtheotherparts ofthenetwork.
    Note: The device can support up to 1024 802.1Q VLANs. The allowable range for VLAN IDs is 1 to 4093. As a default, all ports on the device are assigned to VLAN ID 1, untagged.

    Port String Syntax Used in the CLI


    ForinformationonhowtodesignateVLANsandportnumbersintheCLIsyntax,refertoPort StringSyntaxUsedintheCLIonpage 41.

    Creating a Secure Management VLAN


    Bydefaultatstartup,thereisoneVLANconfiguredontheGSeriesdevice.ItisVLANID1,the DEFAULTVLAN.Thedefaultcommunityname,whichdeterminesremoteaccessforSNMP management,issettopublicwithreadwriteaccess.

    Enterasys G-Series CLI Reference

    7-1

    Viewing VLANs

    IftheGSeriesdeviceistobeconfiguredformultipleVLANs,itmaybedesirabletoconfigurea managementonlyVLAN.ThisallowsastationconnectedtothemanagementVLANtomanage thedevice.Italsomakesmanagementsecurebypreventingconfigurationviaportsassignedto otherVLANs. TocreateasecuremanagementVLAN,youmust:


    Step 1. 2. 3. 4. 5. Task Create a new VLAN. Set the PVID for the desired switch port to the VLAN created in Step 1. Add the desired switch port to the egress list for the VLAN created in Step 1. Assign host status to the VLAN. Set a private community name and access policy. Refer to page... 7-4 7-7 7-13 7-17 5-13

    ThecommandsusedtocreateasecuremanagementVLANarelistedinTable 71.Thisexample assumesthemanagementstationisattachedtoge.1.1andwantsuntaggedframes. Theprocessdescribedherewouldberepeatedoneverydevicethatisconnectedinthenetworkto ensurethateachdevicehasasecuremanagementVLAN. Table 7-1 Command Set for Creating a Secure Management VLAN
    Use these commands... set vlan create 2 (set vlan on page 7-4) (Optional) show vlan 2 (show vlan on page 7-3) Set the PVID to the new VLAN. Add the port to the new VLANs egress list. Remove the port from the default VLANs egress list. Assign host status to the VLAN. Set a private community name and access policy and confirm settings. set port vlan ge.1.1 2 (set port vlan on page 7-7) set vlan egress 2 ge.1.1 untagged (set vlan egress on page 7-13) clear vlan egress 1 ge.1.1 (clear vlan egress on page 7-14) set host vlan 2 (set host vlan on page 7-17) set snmp community private (set snmp community on page 5-13) (Optional) show snmp community (show snmp community on page 5-13)

    To do this... Create a new VLAN and confirm settings.

    Viewing VLANs
    Purpose
    TodisplayalistofVLANscurrentlyconfiguredonthedevice,todeterminehowoneormore VLANswerecreated,theportsallowedanddisallowedtotransmittrafficbelongingtoVLAN(s), andifthoseportswilltransmitthetrafficwithaVLANtagincluded.

    7-2

    802.1Q VLAN Configuration

    show vlan

    Command
    For information about... show vlan Refer to page... 7-3

    show vlan
    UsethiscommandtodisplayallinformationrelatedtooneormoreVLANs.

    Syntax
    show vlan [static] [vlan-list] [portinfo [vlan vlan-list | vlan-name] [port portstring]]

    Parameters
    static (Optional)DisplaysinformationrelatedtostaticVLANs.StaticVLANsare manuallycreatedusingthesetvlancommand(setvlanonpage 74), SNMPMIBs,ortheWebViewmanagementapplication.ThedefaultVLAN, VLAN1,isalwaysstaticallyconfiguredandcantbedeleted.Onlyports thatuseaspecifiedVLANastheirdefaultVLAN(PVID)willbedisplayed. (Optional)DisplaysinformationforaspecificVLANorrangeofVLANs. (Optional)DisplaysVLANattributesrelatedtooneormoreports. (Optional)DisplaysportinformationforoneormoreVLANs. (Optional)Displaysportinformationforoneormoreports.

    vlanlist portinfo vlanvlanlist| vlanname portportstring

    Defaults
    Ifnooptionsarespecified,allinformationrelatedtostaticanddynamicVLANswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayinformationforVLAN1.Inthiscase,VLAN1isnamed DEFAULTVLAN.PortsallowedtotransmitframesbelongingtoVLAN1arelistedasegress ports.PortsthatwontincludeaVLANtagintheirtransmittedframesarelistedasuntagged ports.Therearenoforbiddenports(preventedfromtransmittedframes)onVLAN1:
    G3(su)->show vlan 1 VLAN: 1 NAME: DEFAULT VLAN VLAN Type: Default Egress Ports ge.1.1-10, ge.2.1-4, ge.3.1-7, Forbidden Egress Ports None. Untagged Ports ge.1.1-10, ge.2.1-4, ge.3.1-7,

    Table 72providesanexplanationofthecommandoutput.

    Enterasys G-Series CLI Reference

    7-3

    Creating and Naming Static VLANs

    Table 7-2

    show vlan Output Details


    What It Displays... VLAN ID. Name assigned to the VLAN. Whether it is enabled or disabled. Whether it is permanent (static) or dynamic. Ports configured to transmit frames for this VLAN. Ports prevented from transmitted frames for this VLAN. Ports configured to transmit untagged frames for this VLAN.

    Output Field VLAN NAME Status VLAN Type Egress Ports Forbidden Egress Ports Untagged Ports

    Creating and Naming Static VLANs


    Purpose
    TocreateanewstaticVLAN,ortoenableordisableexistingVLAN(s).

    Commands
    For information about... set vlan set vlan name clear vlan clear vlan name Refer to page... 7-4 7-5 7-5 7-6

    set vlan
    UsethiscommandtocreateanewstaticIEEE802.1QVLAN,ortoenableordisableanexisting VLAN.

    Syntax
    set vlan {create | enable | disable} vlan-list

    Parameters
    create|enable| disable vlanlist Creates,enablesordisablesVLAN(s). SpecifiesoneormoreVLANIDstobecreated,enabledordisabled.

    Defaults
    None.

    7-4

    802.1Q VLAN Configuration

    set vlan name

    Mode
    Switchcommand,readwrite.

    Usage
    OnceaVLANiscreated,youcanassignitanameusingthesetvlannamecommanddescribedin setvlannameonpage 75. EachVLANIDmustbeunique.IfaduplicateVLANIDisentered,thedeviceassumesthatthe AdministratorintendstomodifytheexistingVLAN. EntertheVLANIDusingauniquenumberbetween1and4093.TheVLANIDsof0and4094and highermaynotbeusedforuserdefinedVLANs.

    Examples
    ThisexampleshowshowtocreateVLAN3:
    G3(su)->set vlan create 3

    set vlan name


    UsethiscommandtosetorchangetheASCIInameforaneworexistingVLAN.

    Syntax
    set vlan name vlan-list vlan-name

    Parameters
    vlanlist vlanname SpecifiestheVLANIDoftheVLAN(s)tobenamed. SpecifiesthestringusedasthenameoftheVLAN(1to32characters).

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetthenameforVLAN7togreen:
    G3(su)->set vlan name 7 green

    clear vlan
    UsethiscommandtoremoveastaticVLANfromthelistofVLANsrecognizedbythedevice.

    Syntax
    clear vlan vlan-list

    Parameters
    vlanlist SpecifiestheVLANIDoftheVLAN(s)toberemoved.
    Enterasys G-Series CLI Reference 7-5

    clear vlan name

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoremoveastaticVLAN9fromthedevicesVLANlist:
    G3(su)->clear vlan 9

    clear vlan name


    UsethiscommandtoremovethenameofaVLANfromtheVLANlist.

    Syntax
    clear vlan name vlan-list

    Parameters
    vlanlist SpecifiestheVLANIDoftheVLAN(s)forwhichthenamewillbecleared.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoclearthenameforVLAN9:
    G3(su)->clear vlan name 9

    Assigning Port VLAN IDs (PVIDs) and Ingress Filtering


    Purpose
    ToassigndefaultVLANIDstountaggedframesononeormoreports,toconfigureVLANingress filteringandconstraints,andtosettheframediscardmode.

    Commands
    For information about... show port vlan set port vlan clear port vlan Refer to page... 7-7 7-7 7-8

    7-6

    802.1Q VLAN Configuration

    show port vlan

    For information about... show port ingress filter set port ingress filter show port discard set port discard

    Refer to page... 7-9 7-9 7-10 7-11

    show port vlan


    UsethiscommandtodisplayportVLANidentifier(PVID)information.PVIDdeterminesthe VLANtowhichalluntaggedframesreceivedononeormoreportswillbeclassified.

    Syntax
    show port vlan [port-string]

    Parameters
    portstring (Optional)DisplaysPVIDinformationforspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,portVLANinformationforallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayPVIDsassignedtoge.2.1through6.Inthiscase,untagged framesreceivedontheseportswillbeclassifiedtoVLAN1:
    G3(su)->show port vlan ge.2.1-6 ge.2.1 is set to 1 ge.2.2 is set to 1 ge.2.3 is set to 1 ge.2.4 is set to 1 ge.2.5 is set to 1 ge.2.6 is set to 1

    set port vlan


    UsethiscommandtoconfigurethePVID(portVLANidentifier)foroneormoreports.

    Syntax
    set port vlan port-string pvid [modify-egress | no-modify-egress]

    Enterasys G-Series CLI Reference

    7-7

    clear port vlan

    Parameters
    portstring Specifiestheport(s)forwhichtoconfigureaVLANidentifier.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41. SpecifiestheVLANIDoftheVLANtowhichport(s)willbeadded. (Optional)Addsport(s)toVLANsuntaggedegresslistandremovesthem fromotheruntaggedegresslists. (Optional)Doesnotpromptforormakeegresslistchanges.

    pvid modifyegress nomodifyegress

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    ThePVIDisusedtoclassifyuntaggedframesastheyingressintoagivenport.

    Example
    Thisexampleshowshowtoaddge.1.10totheportVLANlistofVLAN4(PVID4).
    G3(su)->set vlan create 4 G3(su)->set port vlan ge.1.10 4 modify-egress

    clear port vlan


    Usethiscommandtoresetaports802.1QportVLANID(PVID)tothehostVLANID1.

    Syntax
    clear port vlan port-string

    Parameters
    portstring Specifiestheport(s)toberesettothehostVLANID1.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoresetportsge.1.3through11toaVLAN IDof1(HostVLAN):
    G3(su)->clear port vlan ge.1.3-11

    7-8

    802.1Q VLAN Configuration

    show port ingress filter

    show port ingress filter


    Usethiscommandtoshowallportsthatareenabledforportingressfiltering,whichlimits incomingVLANIDframesaccordingtoaportVLANegresslist.IftheVLANIDspecifiedinthe receivedframeisnotontheportsVLANegresslist,thenthatframeisdroppedandnot forwarded.

    Syntax
    show port ingress-filter [port-string]

    Parameters
    portstring (Optional)Specifiestheport(s)forwhichtodisplayingressfilteringstatus. Foradetaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,ingressfilteringstatusforallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaytheportingressfilterstatusforports10through15inslot1. Inthiscase,theportsaredisabledforingressfiltering:
    G3(su)->show port ingress-filter ge.1.10-15 Port State -------- --------ge.1.10 disabled ge.1.11 disabled ge.1.12 disabled ge.1.13 disabled ge.1.14 disabled ge.1.15 disabled

    set port ingress filter


    UsethiscommandtodiscardallframesreceivedwithaVLANIDthatdontmatchtheports VLANegresslist.

    Syntax
    set port ingress-filter port-string {disable | enable}

    Parameters
    portstring Specifiestheport(s)onwhichtoenableofdisableingressfiltering.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41. Disablesorenablesingressfiltering.

    disable|enable

    Enterasys G-Series CLI Reference

    7-9

    show port discard

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Wheningressfilteringisenabledonaport,theVLANIDsofincomingframesarecomparedtothe portsegresslist.IfthereceivedVLANIDdoesnotmatchaVLANIDontheportsegresslist,then theframeisdropped. IngressfilteringisimplementedaccordingtotheIEEE802.1Qstandard.

    Example
    Thisexampleshowshowtoenableportingressfilteringonge.1.3:
    G3(su)->set port ingress-filter ge.1.3 enable

    show port discard


    Usethiscommandtodisplaytheframediscardmodeforoneormoreports.Portscanbesetto discardframesbasedonwhetherornottheframecontainsaVLANtag.Theycanalsobesetto discardbothtaggedanduntaggedframes,orneither.

    Syntax
    show port discard [port-string]

    Parameters
    portstring (Optional)Displaystheframediscardmodeforspecificport(s).Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    If port-string is not specified, frame discard mode will be displayed for all ports.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaytheframediscardmodeforge.2.7.Inthiscase,theporthas beensettodiscardalltaggedframes:
    G3(su)->show port discard ge.2.7 Port Discard Mode ------------ ------------ge.2.7 tagged

    7-10

    802.1Q VLAN Configuration

    set port discard

    set port discard


    Usethiscommandtosettheframediscardmodeononeormoreports.

    Syntax
    set port discard port-string {tagged | untagged | both | none}

    Parameters
    portstring Specifiestheport(s)forwhichtosetframediscardmode.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41. TaggedDiscardallincoming(received)taggedpacketsonthedefined port(s). UntaggedDiscardallincominguntaggedpackets. BothAlltrafficwillbediscarded(taggedanduntagged). NoneNopacketswillbediscarded.

    tagged| untagged|both| none

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Theoptionsaretodiscardallincomingtaggedframes,allincominguntaggedframes,neither (essentiallyallowalltraffic),orboth(essentiallydiscardingalltraffic). Acommonpracticeistodiscardalltaggedpacketonuserports.TypicallyanAdministratordoes notwanttheendusersdefiningwhatVLANtheyuseforcommunication.

    Example
    Thisexampleshowshowtodiscardalltaggedframesreceivedonportge.3.3:
    G3(su)->set port discard ge.3.3 tagged

    Configuring the VLAN Egress List


    Purpose
    ToassignorremoveportsontheegresslistofaparticularVLAN.Thisdetermineswhichportson theswitchwillbeeligibletotransmitframesforaparticularVLAN.Forexample,ports1,5,7,8 couldbeallowedtotransmitframesbelongingtoVLAN20andports7,8,9,10couldbeallowedto transmitframestaggedwithVLAN30(aportcanbelongtomultipleVLANEgresslists).Note thatthePortEgresslistforports7and8wouldcontainbothVLAN20and30. Theportegresstypeforallportscanbesettotagged,forbidden,oruntagged.Ingeneral,VLANs havenoegress(exceptforVLAN1)untiltheyareconfiguredbystaticadministration,orthrough dynamicmechanismssuchasGVRP.

    Enterasys G-Series CLI Reference

    7-11

    show port egress

    SettingaporttoforbiddenpreventsitfromparticipatinginthespecifiedVLANandensuresthat anydynamicrequests(eitherthroughGVRPordynamicegress)fortheporttojointheVLANwill beignored.Settingaporttountaggedallowsittotransmitframeswithoutatagheader.This settingisusuallyusedtoconfigureaportconnectedtoanenduserdevice.Framessentbetween VLANawareswitchesaretypicallytagged. ThedefaultVLANdefaultsitsegresstountaggedforallports.

    Commands
    For information about... show port egress set vlan forbidden set vlan egress clear vlan egress show vlan dynamicegress set vlan dynamicegress Refer to page... 7-12 7-13 7-13 7-14 7-15 7-16

    show port egress


    UsethiscommandtodisplaytheVLANmembershipforoneormoreports.

    Syntax
    show port egress [port-string]

    Parameters
    portstring (Optional)DisplaysVLANmembershipforspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,VLANmembershipwillbedisplayedforallports.

    Mode
    Switchcommand,readwrite.

    7-12

    802.1Q VLAN Configuration

    set vlan forbidden

    Example
    ThisexampleshowsyouhowtoshowVLANegressinformationforge.1.1through3.Inthiscase, allthreeportsareallowedtotransmitVLAN1framesastaggedandVLAN10framesas untagged.BotharestaticVLANs:
    G3(su)->show port egress ge.1.1-3 Port Vlan Egress Registration Number Id Status Status ------------------------------------------------------ge.1.1 1 tagged static ge.1.1 10 untagged static ge.1.2 1 tagged static ge.1.2 10 untagged static ge.1.3 1 tagged static ge.1.3 10 untagged static

    set vlan forbidden


    UsethiscommandtopreventoneormoreportsfromparticipatinginaVLAN.Thissetting instructsthedevicetoignoredynamicrequests(eitherthroughGVRPordynamicegress)forthe porttojointheVLAN.

    Syntax
    set vlan forbidden vlan-id port-string

    Parameters
    vlanid portstring SpecifiestheVLANforwhichtosetforbiddenport(s). Specifiestheport(s)tosetasforbiddenforthespecifiedvlanid.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowsyouhowtosetge.1.3toforbiddenforVLAN6:
    G3(su)->set vlan forbidden 6 ge.1.3

    set vlan egress


    UsethiscommandtoaddportstotheVLANegresslistforthedevice,ortopreventoneormore portsfromparticipatinginaVLAN.Thisdetermineswhichportswilltransmitframesfora particularVLAN.

    Syntax
    set vlan egress vlan-list port-string [untagged | forbidden | tagged]

    Enterasys G-Series CLI Reference

    7-13

    clear vlan egress

    Parameters
    vlanlist portstring
    Specifies the VLAN where a port(s) will be added to the egress list.

    SpecifiesoneormoreportstoaddtotheVLANegresslistofthespecified vlanlist.Foradetaileddescriptionofpossibleportstringvalues,referto PortStringSyntaxUsedintheCLIonpage 41. (Optional)Addsthespecifiedportsas: untaggedCausestheport(s)totransmitframeswithoutanIEEE 802.1Qheadertag. forbiddenInstructsthedevicetoignoredynamicrequests(either throughGVRPordynamicegress)fromtheport(s)tojointheVLAN anddisallowsegressonthatport. taggedCausestheport(s)totransmit802.1Qtaggedframes.

    untagged| forbidden| tagged

    Defaults
    Ifuntagged,forbiddenortaggedisnotspecified,theportwillbeaddedtotheVLANegresslist astagged.

    Mode
    Switchcommand,readwrite.

    Examples
    Thisexampleshowshowtoaddge.1.5through10totheegresslistofVLAN7.Thismeansthat theseportswilltransmitVLAN7framesastagged:
    G3(su)->set vlan egress 7 ge.1.5-10 untagged

    Thisexampleshowshowtoforbidports13through15inslot1fromjoiningVLAN7anddisallow egressonthoseports:
    G3(su)->set vlan egress 7 ge.1.13-15 forbidden

    Thisexampleshowshowtoallowport2inslot1totransmitVLAN7framesasuntagged:
    G3(su)->set vlan egress 7 ge.1.2 untagged

    clear vlan egress


    UsethiscommandtoremoveportsfromaVLANsegresslist.

    Syntax
    clear vlan egress vlan-list port-string [forbidden]

    Parameters
    vlanlist portstring SpecifiesthenumberoftheVLANfromwhichaport(s)willberemoved fromtheegresslist. SpecifiesoneormoreportstoberemovedfromtheVLANegresslistofthe specifiedvlanlist.Foradetaileddescriptionofpossibleportstringvalues, refertoPortStringSyntaxUsedintheCLIonpage 41.

    7-14

    802.1Q VLAN Configuration

    show vlan dynamicegress

    forbidden

    (Optional)Clearstheforbiddensettingfromthespecifiedport(s)andresets theport(s)asabletoegressframesifsoconfiguredbyeitherstaticor dynamicmeans.

    Defaults
    Ifforbiddenisnotspecified,taggedanduntaggedsettingswillbecleared.

    Mode
    Switchcommand,readwrite.

    Examples
    Thisexampleshowshowtoremovege.3.14fromtheegresslistofVLAN 9:
    G3(su)->clear vlan egress 9 ge.3.14

    ThisexampleshowshowtoremoveallGigabitEthernetportsinslot2fromtheegresslistof VLAN4:
    G3(su)->clear vlan egress 4 ge.2.*

    show vlan dynamicegress


    Usethiscommandtodisplaythestatusofdynamicegress(enabledordisabled)foroneormore VLANs.

    Syntax
    show vlan dynamicegress [vlan-list]

    Parameters
    vlanlist (Optional)DisplaysdynamicegressstatusforspecificVLAN(s).

    Defaults
    Ifvlanlistisnotspecified,thedynamicegressstatusforallVLANswillbedisplayed.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodisplaythedynamicegressstatusforVLANs5055:
    G3(rw)->show vlan dynamicegress 50-55 VLAN 50 is disabled VLAN 51 is disabled VLAN 52 is disabled VLAN 53 is enabled VLAN 54 is enabled VLAN 55 is enabled

    Enterasys G-Series CLI Reference

    7-15

    set vlan dynamicegress

    set vlan dynamicegress


    UsethiscommandtoadministrativelysetthedynamicegressstatusforoneormoreVLANs.

    Syntax
    set vlan dynamicegress vlan-list {enable | disable}

    Parameters
    vlanlist enable|disable SpecifiestheVLANsbyIDtoenableordisabledynamicegress. Enablesordisablesdynamicegress.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    IfdynamicegressisenabledforaparticularVLAN,whenaportreceivesaframetaggedwiththat VLANsID,theswitchwilladdthereceivingporttothatVLANsegresslist.Dynamicegressis disabledontheGSeriesbydefault. Forexample,assumeyouhave20AppleTalkusersonyournetworkwhoaremobileusers(thatis, usedifferentportseveryday),butyouwanttokeeptheAppleTalktrafficisolatedinitsown VLAN.YoucancreateanAppleTalkVLANwithaVLANIDof55withaclassificationrulethatall AppleTalktrafficgetstaggedwithVLANID55.Then,youenabledynamicegressforVLAN55. Now,whenanAppleTalkuserplugsintoportge.3.5andsendsanAppleTalkpacket,theswitch willtagthepackettoVLAN55andalsoaddportge.3.5toVLAN55segresslist,whichallowsthe AppleTalkusertoreceiveAppleTalktraffic.

    Example
    ThisexampleshowshowtoenabledynamicegressonVLAN55:
    G3(rw)->set vlan dynamicegress 55 enable

    Setting the Host VLAN


    Purpose
    ToconfigureahostVLANthatonlyselectdevicesareallowedtoaccess.Thissecuresthehostport formanagementonlytasks.
    Note: The host port is the management entity of the device. Refer to Creating a Secure Management VLAN on page 7-1 for more information.

    7-16

    802.1Q VLAN Configuration

    show host vlan

    Commands
    For information about... show host vlan set host vlan clear host vlan Refer to page... 7-17 7-17 7-18

    show host vlan


    UsethiscommandtodisplaythecurrenthostVLAN.

    Syntax
    show host vlan

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaythehostVLAN:
    G3(su)->show host vlan Host vlan is 7.

    set host vlan


    UsethiscommandtoassignhoststatustoaVLAN.

    Syntax
    set host vlan vlan-id

    Parameters
    vlanid SpecifiesthenumberoftheVLANtosetasthehostVLAN.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Enterasys G-Series CLI Reference

    7-17

    clear host vlan

    Usage
    ThehostVLANshouldbeasecureVLANwhereonlydesignatedusersareallowedaccess.For example,ahostVLANcouldbespecificallycreatedfordevicemanagement.Thiswouldallowa managementstationconnectedtothemanagementVLANtomanageallportsonthedeviceand makemanagementsecurebypreventingmanagementviaportsassignedtootherVLANs.
    Note: Before you can designate a VLAN as the host VLAN, you must create a VLAN using the set of commands described in Creating and Naming Static VLANs on page 7-4.

    Example
    ThisexampleshowshowtosetVLAN7asthehostVLAN:
    G3(su)->set host vlan 7

    clear host vlan


    UsethiscommandtoresetthehostVLANtothedefaultsettingof1.

    Syntax
    clear host vlan

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetthehostVLANtothedefaultsetting:
    G3(su)->clear host vlan

    Enabling/Disabling GVRP (GARP VLAN Registration Protocol)


    About GARP VLAN Registration Protocol (GVRP)
    Thefollowingsectionsdescribethedeviceoperationwhenitsportsareoperatingunderthe GenericAttributeRegistrationProtocol(GARP)applicationGARPVLANRegistrationProtocol (GVRP).

    Overview
    ThepurposeofGVRPistodynamicallycreateVLANsacrossaswitchednetwork.WhenaVLAN isdeclared,theinformationistransmittedoutGVRPconfiguredportsonthedeviceinaGARP formattedframeusingtheGVRPmulticastMACaddress.Aswitchthatreceivesthisframe, examinestheframe,andextractstheVLANIDs.GVRPthencreatestheVLANsandaddsthe
    7-18 802.1Q VLAN Configuration

    Enabling/Disabling GVRP (GARP VLAN Registration Protocol)

    receivingporttoitstaggedmemberlistfortheextractedVLANID(s).Theinformationisthen transmittedouttheotherGVRPconfiguredportsofthedevice.Figure 71showsanexampleof howVLANbluefromendstationAwouldbepropagatedacrossaswitchnetwork.

    How It Works
    InFigure 71onpage 719,Switch4,port1isregisteredasbeingamemberofVLANBlueand thendeclaresthisfactoutallitsports(2and3)toSwitch1andSwitch 2.Thesetwodevices registerthisintheportegresslistsoftheports(Switch1,port1andSwitch2,port1)thatreceived theframeswiththeinformation.Switch2,whichisconnectedtoSwitch3andSwitch5declares thesameinformationtothosetwodevicesandtheportegresslistofeachportisupdatedwiththe newinformation,accordingly. ConfiguringaVLANonan802.1QswitchcreatesastaticVLANentry.Theentrywillalways remainregisteredandwillnottimeout.However,dynamicentrieswilltimeoutandtheir registrationswillberemovedfromthememberlistiftheendstationAisremoved.Thisensures that,ifswitchesaredisconnectedorifendstationsareremoved,theregisteredinformation remainsaccurate. TheendresultisthattheportegresslistofaportisupdatedwithinformationaboutVLANsthat resideonthatport,eveniftheactualstationontheVLANisseveralhopsaway. Figure 7-1 Example of VLAN Propagation via GVRP
    Switch 2 Switch 3

    1 Switch 1

    R 2D

    2 End Station A

    D 3 D

    Switch 4

    R Switch 5

    R D

    = Port registered as a member of VLAN Blue = Port declaring VLAN Blue

    Purpose
    TodynamicallycreateVLANsacrossaswitchednetwork.TheGVRPcommandsetisusedto displayGVRPconfigurationinformation,thecurrentglobalGVRPstatesetting,individualport

    Enterasys G-Series CLI Reference

    7-19

    show gvrp

    settings(enableordisable)andtimersettings.Bydefault,GVRPisenabledgloballyonthedevice, butdisabledonallports.

    Commands
    For information about... show gvrp show garp timer set gvrp clear gvrp set garp timer Refer to page... 7-20 7-20 7-22 7-22 7-23

    show gvrp
    UsethiscommandtodisplayGVRPconfigurationinformation.

    Syntax
    show gvrp [port-string]

    Parameters
    portstring (Optional)DisplaysGVRPconfigurationinformationforspecificport(s).For adetaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,GVRPconfigurationinformationwillbedisplayedforallportsand thedevice.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayGVRPstatusforthedeviceandforfw.2.1:
    G3(su)->show gvrp ge.2.1 Global GVRP status is enabled. Port Number ----------ge.2.1 GVRP status ----------disabled

    show garp timer


    UsethiscommandtodisplayGARPtimervaluesforoneormoreports.

    Syntax
    show garp timer [port-string]
    7-20 802.1Q VLAN Configuration

    show garp timer

    Parameters
    portstring (Optional)DisplaysGARPtimerinformationforspecificport(s).Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,GARPtimerinformationwillbedisplayedforallports.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayGARPtimerinformationonports1through10inslot1:
    Note: For a functional description of the terms join, leave, and leaveall timers, refer to the standard IEEE 802.1Q documentation, which is not supplied with this device. G3(su)->show garp timer ge.1.1-10 Port based GARP Configuration: (Timer units are centiseconds) Port Number Join Leave Leaveall ----------- ---------- ---------- ---------ge.1.1 20 60 1000 ge.1.2 20 60 1000 ge.1.3 20 60 1000 ge.1.4 20 60 1000 ge.1.5 20 60 1000 ge.1.6 20 60 1000 ge.1.7 20 60 1000 ge.1.8 20 60 1000 ge.1.9 20 60 1000 ge.1.10 20 60 1000

    Table 73providesanexplanationofthecommandoutput.Fordetailsonusingthesetgvrp commandtoenableordisableGVRP,refertosetgvrponpage 722.Fordetailsonusingtheset garptimercommandtochangedefaulttimervalues,refertosetgarptimeronpage 723. Table 7-3 show gvrp configuration Output Details
    What It Displays... Port designation. For a detailed description of possible port-string values, refer to Port String Syntax Used in the CLI on page 4-1. Join timer setting. Leave timer setting. Leavall timer setting.

    Output Field Port Number Join Leave Leaveall

    Enterasys G-Series CLI Reference

    7-21

    set gvrp

    set gvrp
    UsethiscommandtoenableordisableGVRPgloballyonthedeviceorononeormoreports.

    Syntax
    set gvrp {enable | disable} [port-string]

    Parameters
    disable| enable portstring DisablesorenablesGVRPonthedevice. (Optional)DisablesorenablesGVRPonspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsedin theCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,GVRPwillbedisabledorenabledforallports.

    Mode
    Switchcommand,readwrite.

    Examples
    ThisexampleshowshowtoenableGVRPgloballyonthedevice:
    G3(su)->set gvrp enable

    ThisexampleshowshowtodisableGVRPgloballyonthedevice:
    G3(su)->set gvrp disable

    ThisexampleshowshowtoenableGVRPonge.1.3:
    G3(su)->set gvrp enable ge.1.3

    clear gvrp
    UsethiscommandtoclearGVRPstatusorononeormoreports.

    Syntax
    clear gvrp [port-string]

    Parameters
    portstring (Optional)ClearsGVRPstatusonspecificport(s).Foradetaileddescriptionof possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon page 41.

    Defaults
    Ifportstringisnotspecified,GVRPstatuswillbeclearedforallports.

    Mode
    Switchcommand,readwrite.

    7-22

    802.1Q VLAN Configuration

    set garp timer

    Example
    ThisexampleshowshowtoclearGVRPstatusgloballyonthedevice:
    G3(su)->clear gvrp

    set garp timer


    Usethiscommandtoadjustthevaluesofthejoin,leave,andleavealltimers.

    Syntax
    set garp timer {[join timer-value] [leave timer-value] [leaveall timer-value]} port-string

    Parameters
    jointimervalue leavetimervalue leavealltimer value portstring SetstheGARPjointimerincentiseconds(Referto802.1Qstandard.) SetstheGARPleavetimerincentiseconds(Referto802.1Qstandard.) SetstheGARPleavealltimerincentiseconds(Referto802.1Qstandard.) Specifiestheport(s)onwhichtoconfigureGARPtimersettings.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Thesettingofthesetimersiscriticalandshouldonlybechangedbypersonnelfamiliarwiththe 802.1Qstandardsdocumentation,whichisnotsuppliedwiththisdevice.

    Examples
    ThisexampleshowshowtosettheGARPjointimervalueto100centisecondsforallports:
    G3(su)->set garp timer join 100 *.*.*

    Thisexampleshowshowtosettheleavetimervalueto300centisecondsforallports:
    G3(su)->set garp timer leave 300 *.*.*

    Thisexampleshowshowtosettheleavealltimervalueto20000centisecondsforallports:
    G3(su)->set garp timer leaveall 20000 *.*.*

    Enterasys G-Series CLI Reference

    7-23

    set garp timer

    7-24

    802.1Q VLAN Configuration

    8
    Policy Classification Configuration
    ThischapterdescribesthePolicyClassificationsetofcommandsandhowtousethem.
    For information about... Policy Classification Configuration Summary Configuring Policy Profiles Configuring Classification Rules Assigning Ports to Policy Profiles Configuring Policy Class of Service (CoS) Refer to page... 8-1 8-1 8-5 8-13 8-15

    Policy Classification Configuration Summary


    GSeriesdevicessupportpolicyprofilebasedprovisioningofnetworkresourcesbyallowingIT administratorsto: Create,changeorremovepolicyprofilesbasedonbusinessspecificuseofnetworkservices. Permitordenyaccesstospecificservicesbycreatingandassigningclassificationruleswhich mapuserprofilestoprotocolbasedframefilteringpoliciesconfiguredforaparticularClassof Service(CoS). Assignorunassignportstopolicyprofilessothatonlyportsactivatedforaprofilewillbe allowedtotransmitframesaccordingly.
    Note: It is recommended that you use Enterasys Networks NetSight Policy Manager as an alternative to CLI for configuring policy classification on the G-Series devices.

    Configuring Policy Profiles


    Purpose
    Toreview,create,changeandremoveuserprofilesthatrelatetobusinessdrivenpoliciesfor managingnetworkresources.
    Note: B3, C3, and G3 devices support profile-based CoS traffic rate limiting only. Policy rules specifying CoS will only rate limit on C2 and B2 devices, including when they are configured on mixed stacks containing B3 and C3 devices.

    Enterasys G-Series CLI Reference

    8-1

    show policy profile

    Commands
    For information about... show policy profile set policy profile clear policy profile Refer to page... 8-2 8-4 8-5

    show policy profile


    Usethiscommandtodisplaypolicyprofileinformation.

    Syntax
    show policy profile {all | profile-index [consecutive-pids] [-verbose]}

    Parameters
    all|profileindex consecutivepids verbose Displayspolicyinformationforallprofileindexesoraspecificprofileindex. (Optional)Displaysinformationforspecifiedconsecutiveprofileindexes. (Optional)Displaysdetailedinformation.

    Defaults
    Ifoptionalparametersarenotspecified,summaryinformationwillbedisplayedforthespecified indexorallindices.

    Mode
    Switchcommand,readonly.

    8-2

    Policy Classification Configuration

    show policy profile

    Example
    Thisexampleshowshowtodisplaypolicyinformationforprofile11:
    G3(su)->show policy profile 11 Profile Index : 11 Profile Name : MacAuth1 Row Status : active Port VID Status : Enable Port VID Override : 11 CoS : 0 CoS Status : Disable Egress Vlans : none Forbidden Vlans : none Untagged Vlans : none Rule Precedence : 1-31 :MACSource(1),MACDest(2),Unknown(3), :Unknown(4),Unknown(5),Unknown(6), :Unknown(7),Unknown(8),Unknown(9), :Unknown(10),Unknown(11),IPSource(12), :IPDest(13),IPFrag(14),UDPSrcPort(15), :UDPDestPort(16),TCPSrcPort(17),TCPDestPort(18), :ICMPType(19),Unknown(20),IPTOS(21), :IPProto(22),Unknown(23),Unknown(24), :Ether(25),Unknown(26),VLANTag(27), :Unknown(28),Unknown(29),Unknown(30), :port(31) Admin Profile Usage : none Oper Profile Usage : none Dynamic Profile Usage : none

    Table 81providesanexplanationofthecommandoutput. Table 8-1 show policy profile Output Details


    What It Displays... Number of the profile. User-supplied name assigned to this policy profile. Whether or not the policy profile is enabled (active) or disabled. Whether or not PVID override is enabled or disabled for this profile. If all classification rules associated with this profile are missed, then this parameter, if specified, determines default behavior. The PVID assigned to packets, if PVID override is enabled. CoS priority value to assign to packets, if CoS override is enabled. Whether or not Class of Service override is enabled or disabled for this profile. If all classification rules associated with this profile are missed, then this parameter, if specified, determines default behavior. VLAN(s) that ports to which the policy profile is assigned can use for tagged egress. VLAN(s) forbidden to ports to which the policy profile is assigned. VLAN(s) that ports to which the policy profile is assigned can use for untagged egress. Displays the precedence of types of rules.

    Output Field Profile Index Profile Name Row Status Port VID Status

    Port VID Override CoS CoS Status

    Egress VLANs Forbidden VLANs Untagged VLANs Rule Precedence

    Admin Profile Usage Ports administratively assigned to use this policy profile.

    Enterasys G-Series CLI Reference

    8-3

    set policy profile

    Table 8-1

    show policy profile Output Details (Continued)


    What It Displays... Ports currently assigned to use this policy profile. Port dynamically assigned to use this policy profile.

    Output Field Oper Profile Usage Dynamic Profile Usage

    set policy profile


    Usethiscommandtocreateapolicyprofileentry.

    Syntax
    set policy profile profile-index [name name] [pvid-status {enable | disable}] [pvid pvid] [cos-status {enable | disable}] [cos cos] [precedence precedence-list]

    Parameters
    profileindex namename pvidstatus enable|disable pvidpvid cosstatusenable |disable Specifiesanindexnumberforthepolicyprofile.Validvaluesare1255. (Optional)Specifiesanameforthepolicyprofile.Thisisastringfrom1to 64characters. (Optional)EnablesordisablesPVIDoverrideforthisprofile.Ifall classificationrulesassociatedwiththisprofilearemissed,thenthis parameter,ifspecified,determinesdefaultbehavior. (Optional)SpecifiesthePVIDtopackets,ifPVIDoverrideisenabledand invokedasdefaultbehavior. (Optional)EnablesordisablesClassofServiceoverrideforthisprofile.Ifall classificationrulesassociatedwiththisprofilearemissed,thenthis parameter,ifspecified,determinesdefaultbehavior.
    Note: A maximum of 99 rules can be supported per policy profile for policy profiles that have cos-status enabled..

    coscos precedence precedencelist

    (Optional)SpecifiesaCoSvaluetoassigntopackets,ifCoSoverrideis enabledandinvokedasdefaultbehavior.Validvaluesare0to7. (Optional)Assignsaruleprecedencetothisprofile.Lowervalueswillbe givenhigherprecedence.Foralistofvalues,refertotheshowpolicy profilecommandoutput.

    Ifoptionalparametersarenotspecified,nonewillbeapplied.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtocreateapolicyprofile1namednetadminwithPVIDoverride enabledforPVID10,andClassofServiceoverrideenabledforCoS5:
    G3(su)->set policy profile 1 name netadmin pvid-status enable pvid 10 cos-status enable cos 5

    8-4

    Policy Classification Configuration

    clear policy profile

    clear policy profile


    Usethiscommandtodeleteapolicyprofileentry.

    Syntax
    clear policy profile profile-index

    Parameters
    profileindex Specifiestheindexnumberoftheprofileentrytobedeleted.Validvalues are1to255.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtodeletepolicyprofile8:
    G3(su)->clear policy profile 8

    Configuring Classification Rules


    Purpose
    Toreview,create,assign,andunassignclassificationrulestopolicyprofiles.Thismapsuser profilestoprotocolbasedframefilteringpolicies.
    Note: B3, C3, and G3 devices support profile-based CoS traffic rate limiting only. Policy rules specifying CoS will not rate limit on these devices, or on mixed stacks including B3 or C3 devices.

    Commands
    For information about... show policy rule show policy capability set policy rule clear policy rule clear policy all-rules Refer to page... 8-5 8-8 8-10 8-12 8-13

    show policy rule


    Usethiscommandtodisplaypolicyclassificationruleinformation.

    Enterasys G-Series CLI Reference

    8-5

    show policy rule

    Syntax
    show policy rule [all | admin-profile | profile-index] [ether | ipproto | ipdestsocket | ipsourcesocket | iptos | macdest | macsource | tcpdestport | tcpsourceport | udpdestport | udpsourceport] [data] [mask mask] [port-string portstring] [rule-status {active | not-in-service | not-ready}] [storage-type {nonvolatile | volatile}] | [drop | forward] [dynamic-pid dynamic-pid] [cos cos] [admin-pid admin-pid] [-verbose] [usage-list] [display-if-used]

    Parameters
    all|admin profile|profile index ether ipproto ipdestsocket ipsourcesocket iptos macdest macsource tcpdestport tcpsourceport udpdestport udpsourceport data Displayspolicyclassificationrulesforallprofiles,profileID0(admin profile),orforaspecificprofileindexnumber.Validvaluesare11023. DisplaysEthernettypeIIrules. DisplaysIPprotocolfieldinIPpacketrules. DisplaysIPdestinationaddressrules. DisplaysIPsourceaddressrules. DisplaysTypeofServicerules. DisplaysMACdestinationaddressrules. DisplaysMACsourceaddressrules. DisplaysTCPdestinationportrules. DisplaysTCPsourceportrules. DisplaysUDPdestinationportrules. DisplaysUDPsourceportrules. Displaysrulesforapredefinedclassifier.Thisvalueisdependentonthe classificationtypeentered.RefertoTable 83forvalidvaluesforeach classificationtype. (Optional)Displaysrulesforaspecificdatamask.RefertoTable 83for validvaluesforeachclassificationtypeanddatavalue. (Optional)Displaysrulesrelatedtoaspecificingressport.

    maskmask portstringport string

    rulestatusactive (Optional)Displaysrulesrelatedtoaspecificrulesstatus. |notinservice| notready storagetypenon volatile|volatile drop|forward dynamicpid dynamicpid coscos adminpid adminpid verbose usagelist (Optional)Displaysrulesconfiguredforeithernonvolatileorvolatile storage. Displaysrulesbasedonwhethermatchingpacketswillbedroppedor forwarded. DisplaysrulesassociatedwithaspecificdynamicpolicyID. (Optional)DisplaysrulesforaClassofServicevalue. DisplaysrulesassociatedwithaspecificadministrativepolicyID[1..1023]. (Optional)Displaysdetailedinformation. (Optional)Ifselected,eachrulesusagelistshallbecheckedandshall displayonlythoseportswhichhaveappliedthisrule.

    8-6

    Policy Classification Configuration

    show policy rule

    displayifused

    (Optional)Displaysrule(s)onlyiftheyareappliedtoatleastoneport.

    Defaults
    Ifverboseisnotspecified,summaryinformationwillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaypolicyclassificationinformationforEthernettype2rules
    G3(su)->show policy rule ether |PID |Rule Type |Rule Data |02 |Ether |2048 (0x0800) |02 |Ether |2049 (0x0801) |02 |Ether |2989 (0x0bad) |02 |Ether |33079 (0x8137) |Mk|PortStr |16|All |16|All |16|All |16|All |RS|ST|VLAN|CoS | A|NV|fwrd| | A|NV|drop| | A|NV|drop| | A|NV|drop| |U| |?| |?| |?| |?|

    Thisexampleshowshowtodisplaypolicyclassificationinformationforadministrativerule1
    G3(su)->show policy rule admin-pid 1 |Admin|Rule Type |Rule Data |admin|Port |ge.1.1 |admin|Port |ge.1.2 |admin|Port |ge.1.3 |admin|Port |ge.1.4 |admin|Port |ge.1.5 |admin|Port |ge.1.6 |admin|Port |ge.1.7 |admin|Port |ge.1.8 |admin|Port |ge.1.9 |admin|Port |ge.1.10 |admin|Port |ge.1.11 |admin|Port |ge.1.12 |Mk|PortStr |16|ge.1.1 |16|ge.1.2 |16|ge.1.3 |16|ge.1.4 |16|ge.1.5 |16|ge.1.6 |16|ge.1.7 |16|ge.1.8 |16|ge.1.9 |16|ge.1.10 |16|ge.1.11 |16|ge.1.12 |RS|ST|dPID|aPID|U| | A|NV| | 1|?| | A|NV| | 1|?| | A|NV| | 1|?| | A|NV| | 1|?| | A|NV| | 1|?| | A|NV| | 1|?| | A|NV| | 1|?| | A|NV| | 1|?| | A|NV| | 1|?| | A|NV| | 1|?| | A|NV| | 1|?| | A|NV| | 1|?|

    Table 82providesanexplanationofthecommandoutput. Table 8-2 show policy rule Output Details


    What It Displays... Profile index number. Assigned to this classification rule with the set policy profile command (set policy profile on page 8-4). Type of classification rule. Refer to Table 8-3 for valid types. Rule data value. Refer to Table 8-3 for valid values for each classification type. Rule data mask. Refer to Table 8-3 for valid values for each classification data value. Ingress port(s) to which this rule applies. Whether or not the status of this rule is active (A), not in service or not ready. Whether or not this rules storage type is non-volatile (NV) or volatile (V). VLAN ID to which this rule applies and whether or not matching packets will be dropped or forwarded. If applicable, Class of Service value to which this rule applies. Whether or not this rule has been used.

    Output Field PID Rule Type Rule Data Mk PortStr RS ST VLAN CoS U

    Enterasys G-Series CLI Reference

    8-7

    show policy capability

    Table 8-2

    show policy rule Output Details (Continued)


    What It Displays... Whether or not this is a dynamic profile ID. Whether or not this is an administrative profile ID.

    Output Field dPID aPID

    show policy capability


    UsethiscommandtodisplaydetailedpolicyclassificationcapabilitiessupportedbyyourGSeries device.

    Syntax
    show policy capability

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Usage
    UsethiscommandtodisplaydetailedpolicyclassificationcapabilitiessupportedbyyourGSeries device.Theoutputofthiscommandshowsatablelistingclassifiabletrafficattributesandthetype ofactions,byruletype,thatcanbeexecutedrelativetoeachattribute.Abovethetableisalistof alltheactionspossibleonthisdevice. Theleftmostcolumnofthetablelistsallpossibleclassifiabletrafficattributes.Thenexttwo columnsfromtheleftindicatehowpolicyprofilesmaybeassigned,eitheradministrativelyor dynamically.Thenextfourcolumnsfromtheleftindicatetheactionsthatmaybeperformed.The lastthreecolumnsindicateauditingoptions. Anxinanactioncolumnforatrafficattributerowindicatesthatyoursystemhasthecapabilityto performthatactionfortrafficclassifiedbythatattribute.

    8-8

    Policy Classification Configuration

    show policy capability

    Example
    Thisexampleshowshowtodisplaythedevicespolicyclassificationcapabilities.Refertoset policyruleonpage 810foradescriptionoftheparametersdisplayed:
    G3(su)->show policy capability The following supports related to policy are supported in this device: VLAN Forwarding Priority Permit Deny Precedence Reordering Rules Table Rule-Use Notification Longest Prefix Rules ============================================================= | | D | | | | | F | | | D | | | Y | | | | | O | S | | I | | | N | A | | | | R | Y | | S | | | A | D | V | | D | W | S | T | A | | | M | M | L | C | R | A | L | R | B | | | I | I | A | O | O | R | O | A | L | | SUPPORTED RULE TYPES | C | N | N | S | P | D | G | P | E | ============================================================= |MAC source address | | | | X | X | X | | | | |MAC destination address | | | | X | X | X | | | | |IPX source address | | | | | | | | | | |IPX destination address | | | | | | | | | | |IPX source socket | | | | | | | | | | |IPX destination socket | | | | | | | | | | |IPX transmission control | | | | | | | | | | |IPX type field | | | | | | | | | | |IPv6 source address | | | | | | | | | | |IPv6 destination address | | | | | | | | | | |IPv6 flow label | | | | | | | | | | |IP source address | | | | X | X | X | | | | |IP destination address | | | | X | X | X | | | | |IP fragmentation | | | | | | | | | | |UDP port source | | | | X | X | X | | | | |UDP port destination | | | | X | X | X | | | | |TCP port source | | | | X | X | X | | | | |TCP port destination | | | | X | X | X | | | | |ICMP packet type | | | | || | | | | |TTL | | | | | | | | | | |IP type of service | | | | X | X | X | | | | |IP proto | | | | X | X | X | | | | |Ether II packet type | | | X | X | X | X | | | | |LLC DSAP/SSAP/CTRL | | | | | | | | | | |VLAN tag | | | | | | | | | | |Replace tci | | | | | | | | | | |Port string | X | X | X | X | X | X | | | | =============================================================

    Enterasys G-Series CLI Reference

    8-9

    set policy rule

    set policy rule


    UsethiscommandtoassignincominguntaggedframestoaspecificpolicyprofileandtoVLAN rules.
    Note: C3, B3, and G3 devices support the following numbers of unique rules per system. 128 L2 DA/SA MAC rules 128 L2 Ethertype rules 511 L3/L4 rules These rules can be shared on different ports with different users, but are not shared between profiles.

    Syntax
    set policy rule profile-index {ether | ipproto | ipdestsocket | ipsourcesocket | iptos | macdest | macsource |tcpdestport | tcpsourceport | udpdestport | udpsourceport} data [mask mask] [cos cos] | [drop | forward]

    Note: Classification rules are automatically enabled when created.

    Parameters
    Thefollowingparametersapplytocreatingaclassificationrule. profileindex Specifiesapolicyprofilenumbertowhichthisrulewillbeassigned. Policyprofilesareconfiguredwiththesetpolicyprofilecommandas describedinsetpolicyprofileonpage 84.Validprofileindexvaluesare 1255. ClassifiesbasedontypefieldinEthernetIIpacket. ClassifiesbasedonProtocolfieldinIPpacket. ClassifiesbasedondestinationIPaddresswithoptionalpostfixedport. ClassifiesbasedonsourceIPaddress,withoptionalpostfixedport. ClassifiesbasedonTypeofServicefieldinIPpacket. ClassifiesbasedonMACdestinationaddress. ClassifiesbasedonMACsourceaddress. ClassifiesbasedonTCPdestinationport. ClassifiesbasedonTCPsourceport. ClassifiesbasedonUDPdestinationport. ClassifiesbasedonUDPsourceport. Specifiesthecodeforapredefinedclassifier.Thisvalueisdependenton theclassificationtypeentered.RefertoTable 83forvalidvaluesforeach classificationtype. (Optional)Specifiesthenumberofsignificantbitstomatch,dependenton thedatavalueentered.RefertoTable 83forvalidvaluesforeach classificationtypeanddatavalue.

    ether ipproto ipdestsocket ipsourcesocket iptos macdest macsource tcpdestport tcpsourceport udpdestport udpsourceport data

    maskmask

    8-10

    Policy Classification Configuration

    set policy rule

    coscos

    SpecifiesthatthisrulewillclassifytoaClassofServiceID.Validvalues are04095.Avalueof1indicatesthatnoCoSforwardingbehavior modificationisdesired.(NotsupportedonB3,C3,andG3.) Specifiesthatpacketswithinthisclassificationwillbedroppedor forwarded.

    drop|forward

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Table 83providesthesetpolicyruledatavaluesthatcanbeenteredforaparticularclassification type,andthemaskbitsthatcanbeenteredforeachclassifierassociatedwiththatparameter. Table 8-3 Valid Values for Policy Classification Rules
    data value Type field in Ethernet II packet: 1536 - 65535 or 0x600 - 0xFFFF Protocol field in IP packet: 0 - 255 or 0 - 0xFF IP Address in dotted decimal format: 000.000.000.000 and (Optional) post-fixed port: 0 65535 Type of Service field in IP packet: 0 - 252 or 0 - 0xFC MAC Address: 00-00-00-00-0000 TCP Port Number: 0 - 65535 or 0 - 0xFFFF UDP Port Number: 0 - 65535 or 0 - 0xFFFF mask bits 1- 16 1- 8 1 - 48

    Classification Rule Parameter ether ipproto Destination or Source IP Address: ipdestsocket ipsourcesocket iptos Destination or Source MAC: macdest macsource Destination or Source TCP port: tcpdestport tcpsourceport Destination or Source UDP port: udpsourceport udpdestport

    1- 8 1 - 48

    1 - 16

    1 - 16

    Examples
    ThisexampleshowshowtouseTable 83toassignaruletopolicyprofile3thatwillfilterEthernet IIType1526framestoVLAN7:
    G3(su)->set policy rule 3 ether 1526 vlan 7

    ThisexampleshowshowtouseTable 83toassignaruletopolicyprofile5thatwillforwardUDP framesfromsourceport45:


    G3(su)->set policy rule 5 udpportsource 45 forward

    Enterasys G-Series CLI Reference

    8-11

    clear policy rule

    ThisexampleshowshowtouseTable 83toassignaruletopolicyprofile1thatwilldropIP sourcetrafficfromIPaddress1.2.3.4.Ifmask32isnotspecifiedasshown,adefaultmaskof48bits (IPaddress+port)wouldbeapplied:


    G3(su)->set policy rule 1 ipsourcesocket 1.2.3.4 mask 32 drop

    clear policy rule


    Usethiscommandtodeletepolicyclassificationruleentries.

    Syntax
    clear policy rule profile-index {all-pid-entries | {ether | ipproto| ipdestsocket| ipsourcesocket | iptos | macdest | macsource | tcpdestport | tcpsourceport | udpdestport | udpsourceport}}

    Parameters
    Thefollowingparametersapplytodeletingaclassificationrule. profileindex allpidentries ether icmptype ipproto ipdestsocket ipsourcesocket iptos macdest macsource tcpdestport tcpsourceport udpdestport udpsourceport Specifiesapolicyprofileforwhichtodeleteclassificationrules.Valid profileindexvaluesare1255. Deletesallentriesassociatedwiththespecifiedpolicyprofile. DeletesassociatedEthernetIIclassificationrule. DeletesassociatedICMPclassificationrule. DeletesassociatedIPprotocolclassificationrule. DeletesassociatedIPdestinationclassificationrule. DeletesassociatedIPsourceclassificationrule. DeletesassociatedIPTypeofServiceclassificationrule. DeletesassociatedMACdestinationaddressclassificationrule. DeletesassociatedMACsourceaddressclassificationrule. DeletesassociatedTCPdestinationportclassificationrule. DeletesassociatedTCPsourceportclassificationrule. DeletesassociatedUDPdestinationportclassificationrule. DeletesassociatedUDPsourceportclassificationrule.

    Defaults
    Whenapplicable,dataandmaskmustbespecifiedforindividualrulestobecleared.

    Mode
    Switchcommand,readwrite.

    Examples
    ThisexampleshowshowtodeleteEthernetIIType1526classificationruleentriesassociatedwith policyprofile1fromallports
    G3(su)->clear policy rule 1 ether 1526

    8-12

    Policy Classification Configuration

    clear policy all-rules

    Thisexampleshowshowtoremovearulefrompolicyprofile5thatwillforwardUDPframes fromsourceport45:
    G3(su)->clear policy rule 5 udpportsource 45 forward

    clear policy all-rules


    Usethiscommandtoremoveallpolicyclassificationrules.

    Syntax
    clear policy all-rules

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoremovealladministrativeandpolicyindexrules:
    G3(su)->clear policy all-rules

    Assigning Ports to Policy Profiles


    Purpose
    Toassignandunassignportstopolicyprofiles.

    Commands
    For information about... set policy port clear policy port Refer to page... 8-13 8-14

    set policy port


    Usethiscommandtoassignportstoapolicyprofile.

    Syntax
    set policy port port-string profile-index

    Enterasys G-Series CLI Reference

    8-13

    clear policy port

    Parameters
    portstring Specifiestheport(s)toaddtothepolicyprofile.Foradetaileddescription ofpossibleportstringvalues,refertoPortStringSyntaxUsedintheCLI onpage 41. SpecifiestheIDofthepolicyprofile(role)towhichtheport(s)willbe added.Thisvaluemustmatchtheprofileindexvalueassignedusingthe setpolicyprofilecommand(setpolicyprofileonpage 84)inorderfor apolicyprofiletobeactiveonthespecifiedport.

    profileindex

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoallowGigabitEthernetports5through15inslot1totransmitframes accordingtopolicyprofile1:
    G3(su)->set policy port ge.1.5-15 1

    clear policy port


    Usethiscommandtoremoveapolicyprofilefromoneormoreports.

    Syntax
    clear policy port port-string profile-index

    Parameters
    portstring Specifiestheport(s)fromwhichtoremovethepolicyprofile.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41. SpecifiestheIDofthepolicyprofile(role)towhichtheport(s)willbe added.Thisvaluemustmatchtheprofileindexvalueassignedusingthe setpolicyprofilecommand(setpolicyprofileonpage 84)inorderfor apolicyprofiletobeactiveonthespecifiedport.

    profileindex

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoremovepolicyprofile10fromport21inslot1:
    G3(rw)->clear policy port ge.1.21 10

    8-14

    Policy Classification Configuration

    Configuring Policy Class of Service (CoS)

    Configuring Policy Class of Service (CoS)


    Note: It is recommended that you use Enterasys Networks NetSight Policy Manager as an alternative to CLI for configuring policy-based CoS on the switches.

    TheGSeriessupportsClassofService(CoS),whichallowsyoutoassignmissioncriticaldatatoa higherprioritythroughthedevicebydelayinglesscriticaltrafficduringperiodsofcongestion. Thehigherprioritytrafficgoingthroughthedeviceisservicedfirst(beforelowerprioritytraffic). TheClassofServicecapabilityofthedeviceisimplementedbyapriorityqueueingmechanism. ClassofServiceisbasedontheIEEE802.1D(802.1p)standardspecification,andallowsyouto defineeightpriorities(07,with7grantedhighestpriority)andupto8transmitqueues(07)for eachport. Bydefault,policybasedCoSisdisabledonthedevice,anddefaultoruserassignedportbased 802.1D(802.1p)settingsareusedtodeterminetrafficratelimiting.WhenpolicybasedCoSis enabled,thedefaultanduserassignedpolicybasedsettingswilloverrideportbasedsettings describedinChapter 9.

    About Policy-Based CoS Configurations


    Onceenabledusingthesetcosstatecommandasdescribedinsetcosstateonpage 817,you canaddtothepolicybasedCoSfunctionbydefiningnewportgroupings,andassigninginbound ratelimiters.TheprocessforuserdefinedCoSconfigurationinvolvesthefollowingstepsand associatedcommandslistedinProcedure 81.Anexamplefollowstheprocedure. Procedure 8-1
    Step 1. 2. 3. 4. 5. Task Enable CoS Create CoS port groups Define physical rate limiters for groups Create virtual reference for the IRL resource (physical reference) for each port group Add IRL reference to CoS settings table

    User-Defined CoS Configuration


    Command(s) set cos state set cos port-config set cos port-resource set cos reference set cos settings

    Example
    Thisexamplecreatesdifferentinboundratelimitersfortwoportgroupsandthenassignsthemto trafficwithaCoSsettingof0. 1. Configuretwoportgroups,oneforuserportsandoneforuplinkportsandassignportstothe groups.Portgroup1.0willrepresentuserports,group2.0willrepresentuplinkports.
    G3(su)->set cos port-config irl 1.0 name Users ports ge.1.1-46 G3(su)->set cos port-config irl 2.0 name Uplink ports ge.1.47-48 G3(su)->show cos port-config Inbound Rate Limiting Port Configuration Entries ---------------------------------------------------------------------Port Group Name :Default Port Group :0 Port Type :0 Assigned Ports :none

    Enterasys G-Series CLI Reference

    8-15

    Configuring Policy Class of Service (CoS)

    ---------------------------------------------------------------------Port Group Name :Users Port Group :1 Port Type :0 Assigned Ports :ge.1.1-46 ---------------------------------------------------------------------Port Group Name :Uplink Port Group :2 Port Type :0 Assigned Ports :ge.1.47-48 ----------------------------------------------------------------------

    2.

    Configurephysicalinboundratelimitersforeachportgroup.Fortheuserportgroup(1.0), createanIRL(irlindexof1)for512kbps.Fortheuplinkportgroup(2.0),createanIRL(irl indexof1)for10megabitspersecond(10,000kbps).


    G3(su)->set cos port-resource irl 1.0 1 unit kbps rate 512 G3(su)->set cos port-resource irl 2.0 1 unit kbps rate 10000 G3(su)->show cos port-resource irl 1.0 1 Group Index Resource Type Unit Rate ----------- -------- ---- ---- ---------1.0 1 irl kbps 512 G3(su)->show cos port-resource irl 2.0 1 Group Index Resource Type Unit Rate ----------- -------- ---- ---- ---------2.0 1 irl kbps 10000

    Rate Limit Type Action --------------- -----drop none

    Rate Limit Type Action --------------- -----drop none

    3.

    IntheCoSIRLreferencemappingtableforeachportgroup,createareferenceforeachIRL resourcecreatedinthepreviousstep.Wewillusereferencenumber1.
    G3(su)->set cos reference irl 1.0 1 rate-limit 1 G3(su)->set cos reference irl 2.0 1 rate-limit 1 G3(su)->show cos reference irl 1.0 Group Index ----------1.0 1.0 1.0 1.0 ... 1.0 1.0 1.0 Reference --------0 1 2 3 97 98 99 Type ---irl irl irl irl irl irl irl Rate Limiter -----------none 1 none none none none none

    G3(su)->show cos reference irl 2.0 Group Index ----------2.0 2.0 2.0 2.0 ... 2.0 2.0 2.0 Reference --------0 1 2 3 97 98 99 Type ---irl irl irl irl irl irl irl Rate Limiter -----------none 1 none none none none none

    8-16

    Policy Classification Configuration

    set cos state

    4.

    IntheCoSsettingstable,configureaCoSsettingforCoSindex1,whichhasapriorityof0.We entertheIRLreference,createdinthepreviousstep.
    G3(su)->set cos settings 0 irl-reference 1 G3(su)->show cos settings CoS Index Priority ToS IRL --------- ---------- ------- ----0 0 * 1 1 1 * * 2 2 * * 3 3 * * 4 4 * * 5 5 * * 6 6 * * 7 7 * *

    Commands
    For information about... set cos state show cos state clear cos state set cos settings clear cos settings show cos settings set cos port-config show cos port-config clear cos port-config set cos port-resource show cos port-resource clear cos port-resource set cos reference show cos reference clear cos reference show cos unit clear cos all-entries show cos port-type Refer to page... 8-17 8-18 8-18 8-19 8-20 8-21 8-21 8-22 8-23 8-24 8-25 8-26 8-26 8-27 8-28 8-29 8-29 8-30

    set cos state


    UsethiscommandtoenableordisableClassofService.

    Syntax
    set cos state {enable | disable}

    Enterasys G-Series CLI Reference

    8-17

    show cos state

    Parameters
    enable|disable EnablesordisablesClassofServiceontheswitch.Defaultstateis disabled.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoenableClassofService:
    G3(rw)->set cos state enable

    show cos state


    UsethiscommandtodisplaytheClassofServiceenablestate.

    Syntax
    show cos state

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtoshowtheClassofServiceenablestate:
    G3(rw)->show cos state Class-of-Service application is enabled

    clear cos state


    UsethiscommandtosetCoSstatebacktoitsdefaultsettingofdisabled.

    Syntax
    clear cos state

    Parameters
    None.

    8-18

    Policy Classification Configuration

    set cos settings

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocleartheCoSstatebacktoitsdefaultsettingofdisabled:
    G3(su)->clear cos state

    set cos settings


    UsethiscommandtoconfigureaClassofServiceentryintheCoSsettingstable.

    Syntax
    set cos settings cos-index priority priority [tos-value tos-value] [irl-reference irl-reference]

    Parameters
    cosindex prioritypriority tosvaluetosvalue irlreference irlreference SpecifiesaClassofServiceentry.Validvaluesare0to255. Specifiesan802.1dpriorityvalue.Validvaluesare0to7,with0beingthe lowestpriority.SeeUsagesectionbelowformoreinformation. (Optional)SpecifiesaTypeofServicevalue. (Optional)Settheinboundratelimiterassociatedwiththisentry.Valid valuesare0to99.SeeUsagesectionbelowformoreinformation.

    Defaults
    Ifnooptionalparametersarespecified,nonewillbeapplied.

    Mode
    Switchcommand,readwrite.

    Usage
    TheCoSsettingstabletakesindividualclassofservicefeaturesanddisplaysthemasbelongingto aCoSentry.Essentially,itisusedforCoSfeatureassignment.Eachclassofserviceentryconsists ofanindex,802.1ppriority,anoptionalToSvalue,andanIRLreference. CoSIndex IndexesareuniqueidentifiersforeachCoSsetting.CoSindexes0through7arecreatedby defaultandmappeddirectlyto802.1ppriorityforbackwardscompatibility.Theseentries cannotberemoved,and802.1ppriorityvaluescannotbechanged.WhenCoSisenabled, indexesareassigned.Upto256CoSindexesorentriescanbeconfigured.

    Enterasys G-Series CLI Reference

    8-19

    clear cos settings

    Priority 802.1pprioritycanbeappliedperCoSindex.ForeachnewCoSindexcreated,theuserhasthe optiontoassignan802.1ppriorityvalue0to7fortheclassofservice.CoSindexes0through7 mapdirectlyto802.1pprioritiesandcannotbechangedastheyexistforbackward compatibility.

    ToS Thisvaluecanbesetperclassofservice,butisnotrequired.Whenaframeisassignedtoa classofserviceforwhichthisvalueisconfigured,theToSfieldoftheincomingIPpacketwill beoverwrittentotheuserdefinedvalue.AllbutthelasttwobitsoftheToSfieldare rewritable.ToScanbesetforCoSindexes0through7.

    IRLReference TheCoSIRLreferencefieldisoptional,asratelimitsarenotrequired.TheIRLreferencedoes notassignaninboundratelimitbutpointstotheCoSIRLReferenceMappingTable.This referencemaybethoughtofasthevirtualratelimiterthatwillassignthephysicalratelimiter definedbytheIRLReferenceMappingTable,describedinsetcosreferenceonpage 826.

    Example
    ThisexampleshowshowtocreateCoSentry8withapriorityvalueof3:
    G3(rw)->set cos settings 8 priority 3

    clear cos settings


    UsethiscommandtoclearClassofServiceentrysettings.

    Syntax
    clear cos settings cos-list {[all] | [priority] [tos-value] [irl-reference]}

    Parameters
    coslist all priority tosvalue irlreference SpecifiesaClassofServiceentrytoclear. Clearsallsettingsassociatedwiththisentry. Clearsthepriorityvalueassociatedwiththisentry. ClearstheTypeofServicevalueassociatedwiththisentry. CleartheIRLreferenceassociatedwiththisentry.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoclearthepriorityforCoSentry8:
    G3(rw)->clear cos settings 8 priority

    8-20

    Policy Classification Configuration

    show cos settings

    show cos settings


    UsethiscommandtodisplayClassofServiceparameters.

    Syntax
    show cos settings [cos-list]

    Parameters
    coslist (Optional)SpecifiesaClassofServiceentrytodisplay.

    Defaults
    Ifnotspecified,allCoSentrieswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtoshowallCoSsettings:
    G3(su)->show cos settings CoS Index Priority ToS IRL --------- ---------- ------- ----0 0 * * 1 1 * * 2 2 * * 3 3 * * 4 4 * * 5 5 * * 6 6 * * 7 7 * *

    set cos port-config


    Usethiscommandtocreateaportgroupforinboundratelimitingandaddorremoveportsfrom thegroup.

    Syntax
    set cos port-config irl group-type-index [name name] [ports port-list] [append] | [clear]

    Parameters
    irl grouptypeindex Specifiesthatthisisaninboundratelimiting(IRL)portgroup. Specifiesaninboundratelimitingportgroup/typeindex.Validentries areintheformofgroup#.porttype. Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype canrangefrom0to1,althoughonlyporttype0iscurrentlysupported. Forexample,portgroup3wouldbespecifiedas3.0. namename (Optional)Userdefinednameforthegroup.

    Enterasys G-Series CLI Reference

    8-21

    show cos port-config

    portsportlist append clear

    (Optional)Portsassignedtothegroup.Allportsmustbeofthesameport type(FastEthernet,GigabitEthernet). (Optional)Append(add)theportstotheportsthatarealreadyinthe group. (Optional)Clearthegivenportsfromthoseassignedtothegroup.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    CoSIRLportgroupsareidentifiedbygroupnumberandthetypeofportsinthegroup,inthe formofgroup#.porttype.TheIRLportgroup0.0existsbydefault.Thisdefaultportgroupcannot beremovedandallphysicalportsinthesystemareassignedtoit.Uptosevenadditionalport groups(1through7)canbeconfigured.Currently,onlyoneporttype(type0)issupported.This porttypesupports100limiters. Additionalportgroupsmaybecreatedforflexibility.Portsassignedtoanewportgroupmustbe mutuallyexclusivefromtheotherportgroupentriesportsareautomaticallyremovedfromthe defaultportgroupandmustbecomprisedofthesameporttypeasdefinedbytheportgroup. Thecreationofadditionalportgroupscouldbeusedtocombinesimilarportsbytheirfunctionfor flexibility.Forinstance,portsassociatedtouserscanbeaddedtoaportgroupcalledUsersand portsassociatedtouplinkportscanbeaddedtoaportgroupcalledUplink.Usingtheseport groups,asingleclassofservicecanassigndifferentratelimitstoeachportgroup.Userports canbeassignedoneratelimit,whileUplinkportscanbeassignedanother.DFEsupportsa maximumof8portgroupsperCoSfunction(IRL). ThecommandshowcosportconfigdisplayseachIRLportgroupconfiguredbygroupandtype, withthegroupnameandassociated(assigned)ports.Thecommandshowcosporttypedisplays theavailableinboundratelimitingresourcesfortheporttype.

    Example
    Thisexampleconfigurestwoportgroups,oneforuserportsandoneforuplinkportsandassign portstothegroups.Portgroup1.0willrepresentuserports,group2.0willrepresentuplinkports.
    G3(su)->set cos port-config irl 1.0 name Users ports ge.1.1-46 G3(su)->set cos port-config irl 2.0 name Uplink ports ge.1.47-48

    show cos port-config


    Usethiscommandtoshowinboundratelimitinggroupsandtheassignedports.

    Syntax
    show cos port-config [irl group-type-index]

    Parameters
    irl (Optional)Specifiesthatinboundratelimitingconfigurationinformation shouldbedisplayed.

    8-22

    Policy Classification Configuration

    clear cos port-config

    grouptypeindex

    (Optional)Showassignedportsforaspecificportgroup.Validentriesare intheformofgroup#.porttype. Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype canrangefrom0to1,althoughonlyporttype0iscurrentlysupported. Forexample,portgroup3wouldbespecifiedas3.0.

    Defaults
    TheshowcosportconfigcommandbyitselfwillshowallPortGroups.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowsallinboundratelimitingportgroups.Notethatportsge.1.1throughge.1.48 wereremovedfromthedefaultportgroup0.0whentheywereaddedtoportgroups1.0and2.0.
    G3(su)->show cos port-config Inbound Rate Limiting Port Configuration Entries ---------------------------------------------------------------------Port Group Name :Default Port Group :0 Port Type :0 Assigned Ports :none ---------------------------------------------------------------------Port Group Name :Users Port Group :1 Port Type :0 Assigned Ports :ge.1.1-46 ---------------------------------------------------------------------Port Group Name :Uplink Port Group :2 Port Type :0 Assigned Ports :ge.1.47-48 ----------------------------------------------------------------------

    clear cos port-config


    Usethiscommandtoclearinboundratelimitinggroupsorassignedports.

    Syntax
    clear cos port-config irl {all | group-type-index {[entry] | [name] [ports]}}

    Parameters
    irl all grouptypeindex ClearanIRLportgroupconfiguration. Clearallinboundratelimitingportconfignondefaultentries. Deleteaspecificportgrouporgroupname,orcleartheportsfromthat group.Validentriesareintheformofgroup#.porttype. Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype canrangefrom0to1,althoughonlyporttype0iscurrentlysupported. Forexample,portgroup3wouldbespecifiedas3.0.

    Enterasys G-Series CLI Reference

    8-23

    set cos port-resource

    entry name ports

    Deletethisnondefaultinboundratelimiterentry. Cleartheadministrativelyassignedtextualdescriptionofthisportgroup entrytoitsdefault. Cleartheportsassignedtothisgrouptoitsdefault.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Thedefaultportgroup0.0cannotbedeleted.

    Example
    ThisexampledeletesallPortGroupsexceptfortheDefaultgroup0.0:
    G3(su)->clear cos port-config irl all

    set cos port-resource


    UsethiscommandtosettheinboundratelimitparametersforaspecificIRLresourceforaspecific portgroup.

    Syntax
    set cos port-resource irl group-type-index irl-index {[unit {kbps}] [rate rate] [type {drop}]}

    Parameters
    irl grouptypeindex SetanIRLportresource. Specifiesaninboundratelimitingportgroup/typeindex.Validentriesare intheformofgroup#.porttype. Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype canrangefrom0to1,althoughonlyporttype0iscurrentlysupported. Forexample,portgroup3wouldbespecifiedas3.0. irlindex unit kbps raterate typedrop Indexnumberoftheinboundratelimiterresourceassociatedwiththis entry.Validvaluesrangefrom0to99. Unitofmeasurefortheinboundratelimiter(onlyoptionisKbps). Kilobitspersecond. Datarateforthisinboundratelimiter.Thisistheactualratelimit.Valid valuesrangefrom512to1,000,000KbpsforaGigabitport. Actionfortheratelimiter.Theonlyactionoptionisdroptheframeifall limitersareexceeded.

    Defaults
    None.

    8-24

    Policy Classification Configuration

    show cos port-resource

    Mode
    Switchcommand,readwrite.

    Usage
    CoSportresourcesarewhereactualphysicalratelimitersareconfigured.Resourcesmapdirectly tothenumberofratelimiterssupportedbytheporttype.(Porttype0supports100IRLresources.) Resourcesexistforeachportgroupandareindexedasgroup#.porttype.irlindex.Portresources arenotinitiallyconfiguredasratelimiting. Inboundratelimiting,orratepolicing,simplydropsorclipstrafficinboundifaconfiguredrateis exceeded.CoSinboundratelimitingallowstheusertoconfigureratelimitsbasedonkilobitsper second. Theshowcosportresourcecommanddisplaystheresourcesavailableforeachportgroup.By default,noIRLresourcesareconfigured.ThedefaultRateLimitingalgorithmisdropandcannot beconfiguredotherwise.

    Example
    Thisexamplesetstheinboundratelimitresourceindexnumber1forportgroup2.0to10000Kbps or1MB:
    G3(su)->set cos port-resource irl 2.0 1 unit kbps rate 10000 type drop

    show cos port-resource


    UsethiscommandtodisplaytheIRLportresources.

    Syntax
    show cos port-resource [irl [group-type-index [irl-index]]]

    Parameters
    irl grouptypeindex (Optional)Specifiesthatinboundratelimitingportresourcesshouldbe displayed. (Optional)Specifiesaninboundratelimitingportgroup/typeindex.Valid entriesareintheformofgroup#.porttype. Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype canrangefrom0to1,althoughonlyporttype0iscurrentlysupported. Forexample,portgroup3wouldbespecifiedas3.0. irlindex (Optional)Inboundratelimiterresourceindexconfiguredforthe specifiedportgroup.Validvaluesrangefrom0to99.

    Defaults
    IfaportgroupandIRLindexarenotspecified,theIRLconfigurationforallresources(099)forall configuredportgroupswillbeshown.

    Mode
    Switchcommand,readonly.

    Enterasys G-Series CLI Reference

    8-25

    clear cos port-resource

    Example
    ThisexampledisplaystheIRLresourceindexnumber1configurationforgroup2.0.
    G3(su)->show cos port-resource irl 2.0 1 '?' after the rate value indicates an invalid rate value Group Index Resource Type Unit Rate ----------- -------- ---- ---- ---------2.0 1 irl kbps 10000 Rate Limit Type Action --------------- -----drop none

    clear cos port-resource


    UsethiscommandtosettheinboundratelimitinKbps.

    Syntax
    clear cos port-resource irl {all | group-type-index [irl-index [unit] [rate] [type]]}

    Parameters
    irl all grouptypeindex SpecifiesthatanIRLresourceistobecleared. ClearallIRLresourcesforallportgroups. Specifiesaninboundratelimitingportgroup/typeindex.Validentriesare intheformofgroup#.porttype. Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype canrangefrom0to1,althoughonlyporttype0iscurrentlysupported. Forexample,portgroup3wouldbespecifiedas3.0. irlindex unit rate type (Optional)Inboundratelimiterresourceindexassociatedwiththe specifiedportgroup.Validvaluesrangefrom0to99. Cleartheunitofmeasurefortheinboundratelimiter. Clearthedatarateforthisinboundratelimiter. Cleartheactionfortheratelimiter.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleclearsthedatarateto0forIRLresourceindex1forgroup2.0.
    G3(su)->clear cos port-resource irl 2.0 1 rate

    set cos reference


    UsethiscommandtosettheClassofServiceinboundratelimitingreferenceconfiguration.

    8-26

    Policy Classification Configuration

    show cos reference

    Syntax
    set cos reference irl group-type-index reference rate-limit irl-index

    Parameters
    irl grouptypeindex SpecifiesthatanIRLreferenceisbeingconfigured. Specifiesaninboundratelimitingportgroup/typeindex.Validentriesare intheformofgroup#.porttype. Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype canrangefrom0to1,althoughonlyporttype0iscurrentlysupported. Forexample,portgroup3wouldbespecifiedas3.0. reference ratelimitirlindex IRLreferencenumberassociatedwiththisentry. Ratelimiter(IRLresourceindex)tobindthisreferenceto.Validvalues rangefrom0to99.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    TheCoSreferencetablemapstheuserdefinedIRLreferencesfoundintheCoSsettingstable(see setcossettingsonpage 819)toratelimiterscreatedintheportresourcetable(seesetcosport resourceonpage 824).TheCoSreferencetableindexescanbethoughtofasvirtualratelimiters. Thetableaccountsforthemaximumnumberofratelimiterssupportedbythedevice.Thevirtual limitersthenmaptothephysicalratelimiters.TheCoSIRLReferenceTableisnotconfiguredby default. TheCoSIRLreferencetableuses100indexesorvirtualratelimiters,andmapseachvirtuallimiter toaphysicallimiterorresource.AnIRLreferencetableexistsforeachportgroupconfigured,and isindexedsimilarlytoportresources,asportgroup#,porttype,reference.IRLreferencesarenot populatedwithlimiters(resources),butcanbeconfiguredbytheuser.TheIRLreferencetablecan bedisplayedusingtheshowcosreferencecommand.

    Example
    IntheCoSIRLreferencemappingtableforportgroups1.0and2.0,createareferencefortheIRL resourcenumber1createdforeachgroup.Thereferencenumber1isused.
    G3(su)->set cos reference irl 1.0 1 rate-limit 1 G3(su)->set cos reference irl 2.0 1 rate-limit 1

    show cos reference


    UsethiscommandtoshowtheClassofServiceinboundratelimitingreferenceconfiguration.

    Syntax
    show cos reference [irl [group-type-index]]

    Enterasys G-Series CLI Reference

    8-27

    clear cos reference

    Parameters
    irl grouptypeindex (Optional)Specifiesthatinboundratelimitingreferenceinformation shouldbedisplayed. (Optional)Specifiesaninboundratelimitingportgroup/typeindex. Validentriesareintheformofgroup#.porttype. Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype canrangefrom0to1,althoughonlyporttype0iscurrentlysupported. Forexample,portgroup3wouldbespecifiedas3.0.

    Defaults
    Ifirlisnotspecified,allCoSreferenceinformationisdisplayed. Ifaspecificportgroupisnotspecified,informationforallportgroupsisdisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowstheClassofServiceIRLreferencesforportgroup1.0.Notethatnotallofthe 100possiblereferencesaredisplayedinthisoutputexample.
    G3(su)->show cos reference irl 1.0 Group Index ----------1.0 1.0 1.0 1.0 ... 1.0 1.0 1.0 Reference --------0 1 2 3 97 98 99 Type ---irl irl irl irl irl irl irl Rate Limiter -----------none 1 none none none none none

    clear cos reference


    UsethiscommandtocleartheClassofServiceinboundratelimitingreferenceconfiguration.

    Syntax
    clear cos reference irl {all | group-type-index reference}

    Parameters
    irl all grouptypeindex SpecifiesthatIRLreferencesarebeingcleared. Clearallgroupsindexesandreferences. Specifiesaninboundratelimitingportgroup/typeindex.Validentries areintheformofgroup#.porttype. Validvaluesforgroup#canrangefrom0to7.Validvaluesforporttype canrangefrom0to1,althoughonlyporttype0iscurrentlysupported. Forexample,portgroup3wouldbespecifiedas3.0.

    8-28

    Policy Classification Configuration

    show cos unit

    reference

    Clearaspecificreferenceforthespecifiedportgroup.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocleartheCoSinboundratelimitingreferenceconfigurationforall groups:
    G3(su)->clear cos reference irl all

    show cos unit


    UsethiscommandtoshowpossibleCoSunitentries.

    Syntax
    show cos unit

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowspossibleunitentriesforinboundratelimiting:
    G3(su)->show cos unit Type: irl = inbound rate limiting Port Type --------0 Type ---irl Unit ---Kbps Unit: Kbps = Kilobits per second Minimum Rate -----------512 Granularity ----------1

    Maximum Rate -----------1000000

    clear cos all-entries


    UsethiscommandtoclearallClassofServiceentriesexceptentries07.

    Syntax
    clear cos all-entries

    Enterasys G-Series CLI Reference

    8-29

    show cos port-type

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocleartheCoSconfigurationforallentriesexceptentries07:
    G3(su)->clear cos all-entries

    show cos port-type


    UsethiscommandtodisplayClassofServiceporttypeconfigurations.

    Syntax
    show cos port-type [irl [port-type]]

    Parameters
    irl porttype (Optional)Displaysinboundratelimitinginformation. (Optional)Displaysinformationforaspecificporttype.

    Defaults
    Ifnoparametersarespecified,inboundratelimitinginformationforallporttypesisdisplayed.

    Mode
    Switchcommand,readonly.

    Usage
    TheG3implementationprovidesonedefaultporttype(0)fordesignatingavailableinboundrate limitingresources.Porttype0includesallports. Theporttype0descriptionisG3100IRL,whichindicatesthatthisporttypeprovidesa maximumof100inboundratelimitingresourcesperportgroup.

    Example
    Thisexampleshowsinboundratelimitinginformationforporttype0.
    G3(su)->show cos port-type irl 0 Number of resources: irl = inbound rate limiter(s) Port type description -----------G3 100 IRL Number of limiters --------100 Supported rate types: Kbps = kilobits per second Supported rate type --------kbps Eligible ports ----------------ge.1.1-48 Unselected ports ----------------ge.1.1-4

    Index ----0
    8-30

    Policy Classification Configuration

    9
    Port Priority Configuration
    ThischapterdescribesthePortPrioritysetofcommandsandhowtousethem.
    For information about... Port Priority Configuration Summary Configuring Port Priority Configuring Priority to Transmit Queue Mapping Configuring Quality of Service (QoS) Refer to page... 9-1 9-1 9-4 9-6

    Port Priority Configuration Summary


    TheGSeriesdevicesupportsClassofService(CoS),whichallowsyoutoassignmissioncritical datatohigherprioritythroughthedevicebydelayinglesscriticaltrafficduringperiodsof congestion.Thehigherprioritytrafficthroughthedeviceisservicedfirstbeforelowerpriority traffic.TheClassofServicecapabilityofthedeviceisimplementedbyapriorityqueueing mechanism.ClassofServiceisbasedontheIEEE802.1D(802.1p)standardspecification,and allowsyoutodefineeightpriorities(0 through 7)andassignthemtotransmitqueuesforeach port. Apriority0 through 7canbesetoneachport,with0beingthelowestpriority.Aportreceivinga framewithoutpriorityinformationinitstagheaderisassignedapriorityaccordingtothedefault prioritysettingontheport.Forexample,ifthepriorityofaportissetto4,theframesreceived throughthatportwithoutapriorityindicatedintheirtagheaderareclassifiedasapriority4and transmittedaccordingtothatpriority.
    Note: When CoS override is enabled using the set policy profile command as described in set policy profile on page 8-4, CoS-based classification rules will take precedence over priority settings configured with the set port priority command described in this section.

    Configuring Port Priority


    Purpose
    Tovieworconfigureportprioritycharacteristicsasfollows: DisplayorchangetheportdefaultClassofService(CoS)transmitpriority(0through7)of eachportforframesthatarereceived(ingress)withoutpriorityinformationintheirtag header. Displaythecurrenttrafficclassmappingtopriorityofeachport. Seteachporttotransmitframesaccordingto802.1D(802.1p)prioritysetintheframeheader.
    Enterasys G-Series CLI Reference 9-1

    show port priority

    Commands
    For information about... show port priority set port priority clear port priority Refer to page... 9-4 9-2 9-3

    show port priority


    Usethiscommandtodisplaythe802.1Dpriorityforoneormoreports.

    Syntax
    show port priority [port-string]

    Parameters
    portstring (Optional)Displayspriorityinformationforaspecificport.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    If port-string is not specified, priority for all ports will be displayed.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaytheportpriorityforthege.2.1through5.
    G3(su)->show port priority ge.2.1-5 ge.2.1 is set to 0 ge.2.2 is set to 0 ge.2.3 is set to 0 ge.2.4 is set to 0 ge.2.5 is set to 0

    set port priority


    Usethiscommandtosetthe802.1D(802.1p)ClassofServicetransmitpriority(0 through 7)on eachport.Aportreceivingaframewithoutpriorityinformationinitstagheaderisassigneda priorityaccordingtotheprioritysettingontheport.Forexample,ifthepriorityofaportissetto 5,theframesreceivedthroughthatportwithoutapriorityindicatedintheirtagheaderare classifiedasapriority5. Aframewithpriorityinformationinitstagheaderistransmittedaccordingtothatpriority.

    Syntax
    set port priority port-string priority

    9-2

    Port Priority Configuration

    clear port priority

    Parameters
    portstring Specifiestheportforwhichtosetpriority.Foradetaileddescriptionof possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon page 41. Specifiesavalueof0to7tosettheCoSpriorityfortheportenteredinthe portstring.Priorityvalueof0isthelowestpriority.

    priority

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Thesetportprioritycommandwillnotchangethe802.1pprioritytagontaggedtrafficwitha defaultprioritytag.Thecommandonlyhasaneffectonhowuntaggedtrafficwillbeprioritized asitpassesinternallythroughthedevice.

    Example
    Thisexampleshowshowtosetadefaultpriorityof6onge.1.3.Framesreceivedbythisport withoutpriorityinformationintheirframeheaderaresettothedefaultsettingof6:
    G3(su)->set port priority ge.1.3 6

    clear port priority


    UsethiscommandtoresetthecurrentCoSportprioritysettingto0.Thiswillcauseallframes receivedwithoutapriorityvalueinitsheadertobesettopriority0.

    Syntax
    clear port priority port-string

    Parameters
    portstring Specifiestheportforwhichtoclearpriority.Foradetaileddescriptionof possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon page 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoresetge.1.11tothedefaultpriority:
    G3(rw)->clear port priority ge.1.11

    Enterasys G-Series CLI Reference

    9-3

    Configuring Priority to Transmit Queue Mapping

    Configuring Priority to Transmit Queue Mapping


    Purpose
    Toperformthefollowing: Viewthecurrentprioritytotransmitqueuemappingofeachphysicalport. Configureeachporttoeithertransmitframesaccordingtotheportpriority,setusingtheset portprioritycommanddescribedinsetportpriorityonpage 92,oraccordingtoapriority basedonapercentageofporttransmissioncapacity,assignedtotransmitqueuesusingtheset porttxqcommanddescribedinsetporttxqonpage 97. Clearcurrentportpriorityqueuesettingsforoneormoreports.

    Commands
    For information about... show port priority-queue set port priority-queue clear port priority-queue Refer to page... 9-4 9-5 9-6

    show port priority-queue


    Usethiscommandtodisplaytheportprioritylevels(0through7,with0asthelowestlevel) associatedwiththecurrenttransmitqueues(0beingthelowestpriority)foreachselectedport.A framewithacertainportpriorityistransmittedaccordingtothesettingsenteredusingtheset portpriorityqueuecommanddescribedinsetportpriorityqueueonpage 95.

    Syntax
    show port priority-queue [port-string]

    Parameters
    portstring (Optional)Displaysthemappingofprioritiestotransmitqueuesforone ormoreports.

    Defaults
    If port-string is not specified, priority queue information for all ports will be displayed.

    Mode
    Switchcommand,readonly.

    9-4

    Port Priority Configuration

    set port priority-queue

    Example
    Thisexampleshowshowtodisplaypriorityqueueinformationforge.1.1.Inthiscase,frameswith apriorityof0areassociatedwithtransmitqueue1;frameswith1or2priority,areassociatedwith transmitqueue0;andsoforth:
    G3(su)->show Port P0 --------- -ge.1.1 1 port priority-queue ge.1.1 P1 P2 P3 P4 P5 P6 P7 -- -- -- -- -- -- -0 0 2 3 4 5 5

    set port priority-queue


    Usethiscommandtomap802.1D(802.1p)prioritiestotransmitqueues.Thisenablesyouto changethetransmitqueue(0to7,with0beingthelowestpriorityqueue)foreachportpriorityof theselectedport.Youcanapplythenewsettingstooneormoreports.

    Syntax
    set port priority-queue port-string priority queue

    Parameters
    portstring Specifiestheport(s)forwhichtosetprioritytoqueuemappings.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41. Specifiesavalueof0through7(0isthelowestlevel)thatdetermines whatpriorityframeswillbetransmittedonthetransmitqueueenteredin thiscommand. Specifiesavalueof0through5(0isthelowestlevel)thatdeterminesthe queueonwhichtotransmittheframeswiththeportpriorityenteredin thiscommand.

    priority

    queue

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    PrioritytotransmitqueuemappingonanindividualportbasiscanonlybeconfiguredonGigabit Ethernetports(ge.x.x).WhenyouusethesetportpriorityqueuecommandtoconfigureaFast Ethernetport(fe.x.x),themappingvaluesareappliedgloballytoallFastEthernetportsonthe system.

    Example
    Thisexampleshowshowtosetpriority5framesreceivedonge.2.12totransmitonqueue0.
    G3(su)->set port priority-queue ge.2.12 5 0

    Enterasys G-Series CLI Reference

    9-5

    clear port priority-queue

    clear port priority-queue


    Usethiscommandtoresetportpriorityqueuesettingsbacktodefaultsforoneormoreports.

    Syntax
    clear port priority-queue port-string

    Parameters
    portstring Specifiestheportforwhichtoclearprioritytoqueuemappings.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoclearthepriorityqueuesettingsonge.2.12:
    G3(su)->clear port priority-queue ge.2.12

    Configuring Quality of Service (QoS)


    Purpose
    Eighttransmitqueuesareimplementedintheswitchhardwareforeachport.Thecommandsin thissectionallowyoutosettheprioritymodeandweightforeachoftheavailablequeues(0 through7)foreachphysicalportontheswitch.Prioritymodeandweightcannotbeconfiguredon LAGs,onlyonthephysicalportsthatmakeuptheLAG.

    Commands
    For information about... show port txq set port txq clear port txq Refer to page... 9-6 9-7 9-8

    show port txq


    UsethiscommandtodisplayQoStransmitqueueinformationforoneormorephysicalports.

    Syntax
    show port txq [port-string]

    9-6

    Port Priority Configuration

    set port txq

    Parameters
    portstring (Optional)Specifiesport(s)forwhichtodisplayQoSsettings.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41. Onlyphysicalportswillbedisplayed.LAGportshavenotransmitqueue information.

    Defaults
    Iftheportstringisnotspecified,theQoSsettingofallphysicalportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaythecurrentalgorithmandtransmitqueueweightsconfigured onportge.1.10:
    G3(su)->show port txq ge.1.10 Port Alg Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7 ------- --- --- --- --- --- --- --- --ge.1.10 WRR 10 10 15 20 25 20 0 0

    set port txq


    UsethiscommandtosetQoStransmitqueuearbitrationvaluesforphysicalports.

    Syntax
    set port txq port-string value0 value1 value2 value3 value4 value5 value6 value7

    Parameters
    portstring Specifiesport(s)onwhichtosetqueuearbitrationvalues.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41. Onlyphysicalportscanbeconfiguredwiththiscommand.LAGports cannotbeconfigured. value0value7 Specifiespercentagetoallocatetoaspecifictransmitqueue.Thevalues musttotal100percent.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Enterasys G-Series CLI Reference

    9-7

    clear port txq

    Usage
    Queuescanbesetforstrictpriority(SP)orweightedroundrobin(WRR).IfsetforWRRmode, weightsmaybeassignedtothosequeueswiththiscommand.Weightsarespecifiedintherange of0to100percent.Weightsspecifiedforqueues0through7onanyportmusttotal100percent.

    Examples
    Thisexampleshowshowtochangethearbitrationvaluesfortheeighttransmitqueuesbelonging toge.1.1:
    G3(su)->set port txq ge.1.1 10 10 10 10 10 10 10 30

    Thisexampleshowshowtochangethealgorithmtostrictpriorityfortheeighttransmitqueues belongingtoge.1.1:
    G3(su)->set port txq ge.1.1 0 0 0 0 0 O O 100 G3(su)->show port txq ge.1.1 Port Alg Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7 ------- --- --- --- --- --- --- --- --ge.1.1 STR SP SP SP SP SP SP SP SP

    clear port txq


    Usethiscommandtoclearporttransmitqueuevaluesbacktotheirdefaultvalues.

    Syntax
    clear port txq port-string

    Parameters
    portstring Clearstransmitqueuevaluesonspecificport(s)backtotheirdefault values.Foradetaileddescriptionofpossibleportstringvalues,referto PortStringSyntaxUsedintheCLIonpage 41. Onlyphysicalportscanbeconfiguredwiththiscommand.LAGports cannotbeconfigured.

    Defaults
    Bydefault,transmitqueuesaredefinedasfollows:
    Queue 0 1 2 3 Mode WRR WRR WRR WRR Weight 1 2 3 4 Queue 4 5 6 7 Mode WRR WRR WRR WRR Weight 5 6 7 8

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtocleartransmitqueuevaluesonge.1.1:
    G3(su)->clear port txq ge.1.1
    9-8 Port Priority Configuration

    10
    IGMP Configuration
    ThischapterdescribestheIGMPConfigurationsetofcommandsandhowtousethem.
    For information about... IGMP Overview Configuring IGMP at Layer 2 Configuring IGMP on Routing Interfaces Refer to page... 10-1 10-2 10-9

    IGMP Overview
    About IP Multicast Group Management
    TheInternetGroupManagementProtocol(IGMP)runsbetweenhostsandtheirimmediately neighboringmulticastdevice.Theprotocolsmechanismsallowahosttoinformitslocaldevice thatitwantstoreceivetransmissionsaddressedtoaspecificmulticastgroup. Amulticastenableddevicecanperiodicallyaskitshostsiftheywanttoreceivemulticasttraffic.If thereismorethanonedeviceontheLANperformingIPmulticasting,oneofthesedevicesis electedquerierandassumestheresponsibilityofqueryingtheLANforgroupmembers. BasedonthegroupmembershipinformationlearnedfromIGMP,adevicecandeterminewhich (ifany)multicasttrafficneedstobeforwardedtoeachofitsports.AtLayer3,multicastdevices usethisinformation,alongwithamulticastroutingprotocol,tosupportIPmulticastingacrossan IPnetwork. IGMPprovidesthefinalstepinanIPmulticastpacketdeliveryservice,sinceitisonlyconcerned withforwardingmulticasttrafficfromthelocaldevicetogroupmembersonadirectlyattached subnetworkorLANsegment. ThisdevicesupportsIPmulticastgroupmanagementbypassivelysnoopingontheIGMPquery andIGMPreportpacketstransferredbetweenIPmulticastdevicesandIPmulticasthostgroupsto learnIPmulticastgroupmembers. ThepurposeofIPmulticastgroupmanagementistooptimizeaswitchednetworksperformance somulticastpacketswillonlybeforwardedtothoseportscontainingmulticastgrouphostsor multicastdevicesinsteadoffloodingtoallportsinthesubnet(VLAN). InadditiontopassivelymonitoringIGMPqueryandreportmessages,theGSeriescanalso activelysendIGMPquerymessagestolearnlocationsofmulticastdevicesandmemberhostsin multicastgroupswithineachVLAN. However,notethatIGMPneitheraltersnorroutesanyIPmulticastpackets.SinceIGMPisnot concernedwiththedeliveryofIPmulticastpacketsacrosssubnetworks,anexternalIPmulticast deviceisneededifIPmulticastpacketshavetoberoutedacrossdifferentsubnetworks.
    Enterasys G-Series CLI Reference 10-1

    Configuring IGMP at Layer 2

    About Multicasting
    Multicastingisusedtosupportrealtimeapplicationssuchasvideoconferencesorstreaming audio.Amulticastserverdoesnothavetoestablishaseparateconnectionwitheachclient.It merelybroadcastsitsservicetothenetwork,andanyhoststhatwanttoreceivethemulticast registerwiththeirlocalmulticastswitch/router.Althoughthisapproachreducesthenetwork overheadrequiredbyamulticastserver,thebroadcasttrafficmustbecarefullyprunedatevery multicastswitch/routeritpassesthroughtoensurethattrafficisonlypassedtothehoststhat subscribedtothisservice. TheGSeriesswitchdeviceusesIGMP(InternetGroupManagementProtocol)toqueryforany attachedhostswhowanttoreceiveaspecificmulticastservice.ThedevicelooksuptheIP MulticastGroupusedforthisserviceandaddsittotheegresslistoftheLevel3interface.Itthen propagatestheservicerequestontoanyneighboringmulticastswitch/routertoensurethatitwill continuetoreceivethemulticastservice.

    Configuring IGMP at Layer 2


    Purpose
    ToconfigureIGMPsnoopingfromtheswitchCLI.

    Commands
    For information about... show igmpsnooping set igmpsnooping adminmode set igmpsnooping interfacemode set igmpsnooping groupmembershipinterval set igmpsnooping maxresponse set igmpsnooping mcrtrexpiretime set igmpsnooping add-static set igmpsnooping remove-static show igmpsnooping static show igmpsnooping mfdb clear igmpsnooping Refer to page... 10-2 10-3 10-4 10-4 10-5 10-6 10-6 10-7 10-7 10-8 10-9

    show igmpsnooping
    UsethiscommandtodisplayIGMPsnoopinginformation.

    Syntax
    show igmpsnooping

    Parameters
    None.
    10-2 IGMP Configuration

    set igmpsnooping adminmode

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Usage
    ConfiguredinformationisdisplayedwhetherornotIGMPsnoopingisenabled.Status informationisdisplayedonlywhenthefunctionisenabled.ForinformationonenablingIGMPon thesystem,refertosetigmpsnoopingadminmodeonpage 103.Forinformationonenabling IGMPononeormoreports,refertosetigmpsnoopinginterfacemodeonpage 104.

    Example
    ThisexampleshowshowtodisplayIGMPsnoopinginformation:
    G3(su)->show igmpsnooping Admin Mode..................................... Enable Group Membership Interval...................... 260 Max Response Time.............................. 100 Multicast Router Present Expiration Time....... 0 Interfaces Enabled for IGMP Snooping........... ge.1.1,ge.1.2,ge.1.3 Multicast Control Frame Count..................0 Data Frames Forwarded by the CPU...............0

    set igmpsnooping adminmode


    UsethiscommandtoenableordisableIGMPonthesystem.

    Syntax
    set igmpsnooping adminmode {enable | disable}

    Parameters
    enable|disable EnablesordisablesIGMPsnoopingonthesystem.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    InorderforIGMPsnoopingtobeenabledononeorallports,itmustbegloballyenabledonthe devicewiththiscommand,andthenenabledonaport(s)usingthesetigmpsnoopinginterface modecommandasdescribedinsetigmpsnoopinginterfacemodeonpage 104.
    Note: IGMP snooping cannot be controlled via WebView.

    Enterasys G-Series CLI Reference

    10-3

    set igmpsnooping interfacemode

    Example
    ThisexampleshowshowtoenableIGMPonthesystem:
    G3(su)->set igmpsnooping adminmode enable

    set igmpsnooping interfacemode


    UsethiscommandtoenableordisableIGMPononeorallports.

    Syntax
    set igmpsnooping interfacemode port-string {enable | disable}

    Parameters
    portstring enable|disable SpecifiesoneormoreportsonwhichtoenableordisableIGMP. EnablesordisablesIGMP.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    InorderforIGMPsnoopingtobeenabledononeorallports,itmustbegloballyenabledonthe deviceusingthesetigmpsnoopingadminmodecommandasdescribedinsetigmpsnooping adminmodeonpage 103,andthenenabledonaport(s)usingthiscommand.

    Example
    ThisexampleshowshowtoenableIGMPonportge.1.10:
    G3(su)->set igmpsnooping interfacemode ge.1.10 enable

    set igmpsnooping groupmembershipinterval


    UsethiscommandtoconfiguretheIGMPgroupmembershipintervaltimeforthesystem.

    Syntax
    set igmpsnooping groupmembershipinterval time

    Parameters
    time SpecifiestheIGMPgroupmembershipinterval.Validvaluesare23600 seconds. Thisvalueworkstogetherwiththesetigmpsnoopingmaxresponsetime commandtoremoveportsfromanIGMPgroupandmustbegreaterthan themaxresponsetimevalue.

    10-4

    IGMP Configuration

    set igmpsnooping maxresponse

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    TheIGMPgroupmembershipintervaltimesetsthefrequencyofhostqueryframetransmissions andmustbegreaterthantheIGMPmaximumresponsetimeasdescribedinsetigmpsnooping maxresponseonpage 105.

    Example
    ThisexampleshowshowtosettheIGMPgroupmembershipintervalto250seconds:
    G3(su)->set igmpsnooping groupmembershipinterval 250

    set igmpsnooping maxresponse


    UsethiscommandtoconfiguretheIGMPquerymaximumresponsetimeforthesystem.

    Syntax
    set igmpsnooping maxresponse time

    Parameters
    time SpecifiestheIGMPmaximumqueryresponsetime.Validvaluesare100 255seconds.Thedefaultvalueis100seconds. Thisvalueworkstogetherwiththesetigmpsnooping groupmembershipintervalcommandtoremoveportsfromanIGMPgroup andmustbelesserthanthegroupmembershipintervalvalue.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    ThisvaluemustbelessthantheIGMPmaximumresponsetimedescribedinsetigmpsnooping groupmembershipintervalonpage 104.

    Example
    ThisexampleshowshowtosettheIGMPmaximumresponsetimeto100seconds:
    G3(su)->set igmpsnooping maxresponse 100

    Enterasys G-Series CLI Reference

    10-5

    set igmpsnooping mcrtrexpiretime

    set igmpsnooping mcrtrexpiretime


    UsethiscommandtoconfiguretheIGMPmulticastrouterexpirationtimeforthesystem.

    Syntax
    set igmpsnooping mcrtrexpire time

    Parameters
    time SpecifiestheIGMPmulticastrouterexpirationtime.Validvaluesare0 3600seconds.Avalueof0willconfigurethesystemwithaninfinite expirationtime.Thedefaultvalueis0.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Thistimerisforexpiringtheswitchfromthemulticastdatabase.Ifthetimerexpires,andtheonly addressleftisthemulticastswitch,thentheentrywillberemoved.

    Example
    ThisexampleshowshowtosettheIGMPmulticastrouterexpirationtimetoinfinity:
    G3(su)->set igmpsnooping mcrtrexpiretime 0

    set igmpsnooping add-static


    ThiscommandcreatesanewstaticIGMPentryoraddsoneormorenewportstoanexisting entry.

    Syntax
    set igmpsnooping add-static group vlan-list [modify] [port-string]

    Parameters
    group vlanlist modify portstring SpecifiesthemulticastgroupIPaddressfortheentry. SpecifiestheVLANsonwhichtoconfiguretheentry. (Optional)Addsthespecifiedportorportstoanexistingentry. (Optional)Specifiestheportorportstoaddtotheentry.

    Defaults
    Ifnoportsarespecified,allportsareaddedtotheentry. Ifmodifyisnotspecified,anewentryiscreated.

    10-6

    IGMP Configuration

    set igmpsnooping remove-static

    Mode
    Switchcommand,readwrite.

    Usage
    UsethiscommandtocreateandconfigureLayer2IGMPentries.

    Example
    ThisexamplecreatesanIGMPentryforthemulticastgroupwithIPaddressof233.11.22.33 configuredonVLAN20configuredwiththeportge.1.1.
    G3(su)->set igmpsnooping add-static 233.11.22.33 20 ge.1.1

    set igmpsnooping remove-static


    ThiscommanddeletesastaticIGMPentryorremovesoneormorenewportsfromanexisting entry.

    Syntax
    set igmpsnooping remove-static group vlan-list [modify] [port-string]

    Parameters
    group vlanlist modify portstring SpecifiesthemulticastgroupIPaddressoftheentry. SpecifiestheVLANsonwhichtheentryisconfigured. (Optional)Removesthespecifiedportorportsfromanexistingentry. (Optional)Specifiestheportorportstoremovefromtheentry.

    Defaults
    Ifnoportsarespecified,allportsareremovedfromtheentry.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleremovesportge.1.1fromtheentryforthemulticastgroupwithIPaddressof 233.11.22.33configuredonVLAN20.
    G3(su)->set igmpsnooping remove-static 233.11.22.33 20 ge.1.1

    show igmpsnooping static


    ThiscommanddisplaysstaticIGMPportsforoneormoreVLANsorIGMPgroups.

    Syntax
    show igmpsnooping static vlan-list [group group]

    Parameters
    vlanlist SpecifiestheVLANforwhichtodisplaystaticIGMPports.
    Enterasys G-Series CLI Reference 10-7

    show igmpsnooping mfdb

    groupgroup

    (Optional)SpecifiestheIGMPgroupforwhichtodisplaystaticIGMP ports.

    Defaults
    Ifnogroupisspecified,informationforallgroupsisdisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampledisplaysthestaticIGMPportsforVLAN20.
    G3(su)->show igmpsnooping static 20 -------------------------------------------------------------------------------Vlan Id = 20 Static Multicast Group Address = 233.11.22.33 Type = IGMP IGMP Port List = ge.1.1

    show igmpsnooping mfdb


    Usethiscommandtodisplaymulticastforwardingdatabase(MFDB)information.

    Syntax
    show igmpsnooping mfdb [stats]

    Parameters
    stats (Optional)DisplaysMFDBstatistics.

    Defaults
    Ifstatsisnotspecified,allMFDBtableentrieswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Examples
    Thisexampleshowshowtodisplaymulticastforwardingdatabaseentries:
    G3(su)->show igmpsnooping mfdb MAC Address Type Description ----------------------- ------- ---------------00:14:01:00:5E:02:CD:B0 Dynamic Network Assist 00:32:01:00:5E:37:96:D0 Dynamic Network Assist 00:32:01:00:5E:7F:FF:FA Dynamic Network Assist Interfaces ------------------------Fwd: ge.1.1,ge.3.1,ge.4.1 Fwd: ge.4.7 Fwd: ge.4.7

    Thisexampleshowshowtodisplaymulticastforwardingdatabasestatistics:
    G3(su)->show igmpsnooping mfdb stats Max MFDB Table Entries......................... 256 Most MFDB Entries Since Last Reset............. 1 Current Entries................................ 0

    10-8

    IGMP Configuration

    clear igmpsnooping

    clear igmpsnooping
    UsethiscommandtoclearallIGMPsnoopingentries.

    Syntax
    clear igmpsnooping

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoclearallIGMPsnoopingentries:
    G3(su)->clear igmpsnooping Are you sure you want to clear all IGMP snooping entries? (y/n) y IGMP Snooping Entries Cleared.

    Configuring IGMP on Routing Interfaces


    Router: The commands covered in this section can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to Enabling Router Configuration Modes on page 14-2.

    Purpose
    ToconfigureIGMPonroutinginterfaces.

    Commands
    For information about... ip igmp ip igmp enable ip igmp version show ip igmp interface show ip igmp groups ip igmp query-interval ip igmp query-max-response-time ip igmp startup-query-interval Refer to page... 10-10 10-10 10-11 10-11 10-12 10-13 10-13 10-14

    Enterasys G-Series CLI Reference

    10-9

    ip igmp

    For information about... ip igmp startup-query-count ip igmp last-member-query-interval ip igmp last-member-query-count ip igmp robustness

    Refer to page... 10-14 10-15 10-15 10-16

    ip igmp
    UsethiscommandtoenableIGMPontherouter.ThenoformofthiscommanddisablesIGMPon therouter.

    Syntax
    ip igmp no ip igmp

    Parameters
    None.

    Defaults
    None.

    Mode
    Globalconfiguration:G3(su)>router(Config)#

    Usage
    EnablingIGMPonaroutinginterfacerequiresboththeipigmpcommand(page1010),which enablesitontherouter,andtheipigmpenablecommand(page1010),whichenablesitonan interface.Oncethesecommandsareexecuted,thedevicewillstartsendingandprocessingIGMP multicasttraffic.IGMPisdisabledbydefault,bothgloballyandonaperinterfacebasis.

    Example
    ThisexampleshowshowtoenableIGMPontherouter:
    G3(su)->router(Config)#ip igmp

    ip igmp enable
    UsethiscommandtoenableIGMPonaninterface.ThenoformofthiscommanddisablesIGMP onaninterface.

    Syntax
    ip igmp enable no ip igmp enable

    Parameters
    None.

    10-10

    IGMP Configuration

    ip igmp version

    Defaults
    None.

    Usage
    EnablingIGMPonaroutinginterfacerequiresboththeipigmpcommand(page1010),which enablesitontherouter,andtheipigmpenablecommand(page1010),whichenablesitonan interface.Oncethesecommandsareexecuted,thedevicewillstartsendingandprocessingIGMP multicasttraffic.IGMPisdisabledbydefault,bothgloballyandonaperinterfacebasis.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtoenableIGMPontheVLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip igmp enable

    ip igmp version
    UsethiscommandtosettheversionofIGMPrunningontherouter.Thenoformofthiscommand resetsIGMPtothedefaultversionof2(IGMPv2).

    Syntax
    ip igmp version version no ip igmp

    Parameters
    version SpecifiestheIGMPversionnumbertorunontherouter.Validvaluesare 1,2,or3.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtosettheIGMPversiontoversion1onVLAN1:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip igmp version 1

    show ip igmp interface


    UsethiscommandtodisplayinformationaboutoneormoreIGMProutinginterfaces.

    Syntax
    show ip igmp interface [vlan vlan-id]
    Enterasys G-Series CLI Reference 10-11

    show ip igmp groups

    Parameters
    vlanvlanid (Optional)DisplaysinformationforoneormoreVLANs.

    Defaults
    Ifnotspecified,informationwillbedisplayedforallVLANsconfiguredforIGMProuting.

    Mode
    Anyroutermode.

    Example
    ThisexampleshowshowtodisplayIGMProutinginformationforVLAN1:
    G3(su)->router#show ip igmp interface vlan 1 Vlan 1 is Admin UP Vlan 1 is Oper UP IGMP is configured via the Switch IGMP ACL currently not supported Multicast TTL currently defaults to 1 IGMP Version is 2 Query Interval is 125 (secs) Query Max Response Time is 100 (1/10 of a second) Robustness is 2 Startup Query Interval is 31 (secs) Startup Query Count is 2 Last Member Query Interval is 10 (1/10 of a second) Last Member Query Count is 2

    show ip igmp groups


    UsethiscommandtodisplayalistofIGMPstreamsandclientconnectionports.

    Syntax
    show ip igmp groups

    Parameters
    None.

    Defaults
    None.

    Mode
    Anyroutermode.

    Example
    ThisexampleshowshowtodisplayinformationaboutIGMPgroups:
    G3(su)->router#show ip igmp groups REGISTERED MULTICAST GROUP DETAILS Multicast IP Address Last Reporter Up Time Expiry Time Host Timer --------------- --------------- ------- ------------ -----------228.1.1.1 12.12.12.2 27
    10-12 IGMP Configuration

    Version1 ----------

    ip igmp query-interval

    ip igmp query-interval
    UsethiscommandtosettheIGMPqueryintervalonaroutinginterface.Thenoformofthis commandresetstheIGMPqueryintervaltothedefaultvalueof125seconds.

    Syntax
    ip igmp query-interval time no ip igmp query-interval

    Parameters
    time SpecifiestheIGMPqueryinterval.Validvaluesarefrom1to3600 seconds.Defaultis125seconds.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtosettheIGMPqueryintervalto1800secondsonVLAN1:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip igmp query-interval 1800

    ip igmp query-max-response-time
    UsethiscommandtosetthemaximumresponsetimeintervaladvertisedinIGMPv2queries.The

    no form of this command resets the IGMP maximum response time to the default value of 100 (one tenth of a second).

    Syntax
    ip igmp query-max-response-time time no ip igmp query-max-response-time

    Parameters
    time SpecifiestheIGMPmaximumresponsetimeinterval.Validvaluesare from0to255tenthsofasecond.The default value is 100 (one tenth of a

    second).

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Enterasys G-Series CLI Reference

    10-13

    ip igmp startup-query-interval

    Example
    ThisexampleshowshowtosettheIGMPquerymaximumresponsetimeintervalto200(2tenths ofasecond)onVLAN1:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip igmp query-max-response-time 200

    ip igmp startup-query-interval
    UsethiscommandtosettheintervalbetweengeneralIGMPqueriessentonstartup.Thenoform ofthiscommandresetstheIGMPstartupqueryintervaltothedefaultvalueof31seconds.

    Syntax
    ip igmp startup-query-interval time no ip igmp startup-query-interval

    Parameters
    time SpecifiestheIGMPstartupqueryinterval.Validvaluesarefrom1to300 seconds.Thedefaultvalueis31seconds.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtosettheIGMPstartupqueryintervalto100secondsonVLAN1:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip igmp startup-query-interval 100

    ip igmp startup-query-count
    UsethiscommandtosetthenumberofIGMPqueriessentoutonstartup,separatedbythe startupqueryinterval(asdescribedinipigmpstartupqueryintervalonpage 1014).Theno formofthiscommandresetstheIGMPstartupquerycounttothedefaultvalueof2.

    Syntax
    ip igmp startup-query-count count no ip igmp startup-query-count

    Parameters
    count SpecifiesthenumberofIGMPstartupqueries.Validvaluesarefrom1to 20.Thedefaultvalueis2.

    Defaults
    None.

    10-14

    IGMP Configuration

    ip igmp last-member-query-interval

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtosettheIGMPstartupquerycountto10onVLAN1:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip igmp startup-query-count 10

    ip igmp last-member-query-interval
    Usethiscommandtosetthemaximumresponsetimebeinginsertedintogroupspecificqueries sentinresponsetoleavegroupmessages.ThenoformofthiscommandresetstheIGMPlast memberqueryintervaltothedefaultvalueof1second.

    Syntax
    ip igmp last-member-query-interval time no ip igmp last-member-query-interval

    Parameters
    time SpecifiestheIGMPlastmemberqueryinterval.Validvaluesarefrom0to 255seconds.Thedefaultvalueis1second.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtosettheIGMPlastmemberqueryintervalto10secondsonVLAN1:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip igmp last-member-query-interval 10

    ip igmp last-member-query-count
    Usethiscommandtosetthenumberofgroupspecificqueriessentbeforeassumingthereareno localmembers.ThenoformofthiscommandresetstheIGMPlastmemberquerycounttothe defaultvalueof2.

    Syntax
    ip igmp last-member-query-count count no ip igmp last-member-query-count

    Parameters
    count SpecifiesthenumberofIGMPstartupqueries.Validvaluesarefrom1to 20.Thedefaultvalueis2.

    Enterasys G-Series CLI Reference

    10-15

    ip igmp robustness

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtosettheIGMPlastmemberquerycountto10onVLAN1:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip igmp last-member-query-count 10

    ip igmp robustness
    UsethiscommandtoconfiguretherobustnesstuningforexpectedpacketlossonanIGMP routinginterface.ThenoformofthiscommandresetstheIGMProbustnessvaluetothedefaultof 2.

    Syntax
    ip igmp robustness robustness no ip igmp robustness

    Parameters
    robustness SpecifiestheIGMProbustnessvalue.Validvaluesarefrom1to255.The defaultvalueis2.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    ThisvaluedetermineshowmanytimesIGMPmessageswillbesent.Ahighernumberwillmean thatendstationswillbemorelikelytoseethepacket.Aftertherobustnessvalueisreached,IGMP willassumethereisnoresponsetoqueries.

    Example
    ThisexampleshowshowtosettheIGMProbustnessvalueto5onVLAN1:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip igmp robustness 5

    10-16

    IGMP Configuration

    11
    Logging and Network Management
    Thischapterdescribesswitchrelatedloggingandnetworkmanagementcommandsandhowto usethem.
    Note: The commands in this chapter pertain to network management of the G-Series device from the switch CLI only. For information on router-related network management tasks, including reviewing router ARP tables and IP traffic, refer to Chapter 15. For information about... Configuring System Logging Monitoring Network Events and Status Managing Switch Network Addresses and Routes Configuring Simple Network Time Protocol (SNTP) Configuring Node Aliases Refer to page... 11-1 11-11 11-15 11-25 11-31

    Configuring System Logging


    Purpose
    Todisplayandconfiguresystemlogging,includingSyslogserversettings,Syslogdefaultsettings, andtheloggingbuffer.

    Commands
    For information about... show logging server set logging server clear logging server show logging default set logging default clear logging default show logging application set logging application Refer to page... 11-2 11-3 11-4 11-4 11-5 11-5 11-6 11-7

    Enterasys G-Series CLI Reference

    11-1

    show logging server

    For information about... clear logging application show logging local set logging local clear logging local show logging buffer

    Refer to page... 11-8 11-9 11-9 11-10 11-10

    show logging server


    UsethiscommandtodisplaytheSyslogconfigurationforaparticularserver.

    Syntax
    show logging server [index]

    Parameters
    index (Optional)DisplaysSysloginformationpertainingtoaspecificserver tableentry.Validvaluesare18.

    Defaults
    Ifindexisnotspecified,allSyslogserverinformationwillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaySyslogserverconfigurationinformation:
    G3(ro)->show logging server IP Address Facility Severity Description Port Status ------------------------------------------------------------------------1 132.140.82.111 local4 warning(5) default 514 enabled 2 132.140.90.84 local4 warning(5) default 514 enabled

    Table 111providesanexplanationofthecommandoutput. Table 11-1


    Output Field IP Address Facility Severity Description Port Status

    show logging server Output Details


    What It Displays... Syslog servers IP address. For details on setting this using the set logging server command, refer to set logging server on page 11-3. Syslog facility that will be encoded in messages sent to this server. Valid values are: local0 to local7. Severity level at which the server is logging messages. Text string description of this facility/server. UDP port the client uses to send to the server. Whether or not this Syslog configuration is currently enabled or disabled.

    11-2

    Logging and Network Management

    set logging server

    set logging server


    UsethiscommandtoconfigureaSyslogserver.

    Syntax
    set logging server index [ip-addr ip-addr] [facility facility] [severity severity] [descr descr] [port port] [state {enable | disable}]

    Parameters
    index ipaddripaddr facilityfacility severityseverity Specifiestheservertableindexnumberforthisserver.Validvaluesare1 8. (Optional)SpecifiestheSyslogmessageserversIPaddress. (Optional)Specifiestheserversfacilityname.Validvaluesare:local0to local7. (Optional)Specifiestheseveritylevelatwhichtheserverwilllog messages.Validvaluesandcorrespondinglevelsare: 1emergencies(systemisunusable) 2alerts(immediateactionrequired) 3criticalconditions 4errorconditions 5warningconditions 6notifications(significantconditions) 7informationalmessages 8debuggingmessages descrdescr portport stateenable| disable (Optional)Specifiesatextualstringdescriptionofthisfacility/server. (Optional)SpecifiesthedefaultUDPporttheclientusestosendtothe server. (Optional)Enablesordisablesthisfacility/serverconfiguration.

    Defaults
    Ifipaddrisnotspecified,anentryintheSyslogservertablewillbecreatedwiththespecified indexnumberandamessagewilldisplayindicatingthatnoIPaddresshasbeenassigned. Ifnotspecified,facility,severityandportwillbesettodefaultsconfiguredwiththesetlogging defaultcommand(setloggingdefaultonpage 115). Ifstateisnotspecified,theserverwillnotbeenabledordisabled.

    Mode
    Switchcommand,readwrite.

    Example
    ThiscommandshowshowtoenableaSyslogserverconfigurationforindex1,IPaddress 134.141.89.113,facilitylocal4,severitylevel3onport514:
    G3(su)->set logging server 1 ip-addr 134.141.89.113 facility local4 severity 3 port 514 state enable
    Enterasys G-Series CLI Reference 11-3

    clear logging server

    clear logging server


    UsethiscommandtoremoveaserverfromtheSyslogservertable.

    Syntax
    clear logging server index

    Parameters
    index Specifiestheservertableindexnumberfortheservertoberemoved. Validvaluesare18.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThiscommandshowshowtoremovetheSyslogserverwithindex1fromtheservertable:
    G3(su)->clear logging server 1

    show logging default


    UsethiscommandtodisplaytheSyslogserverdefaultvalues.

    Syntax
    show logging default

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThiscommandshowshowtodisplaytheSyslogserverdefaultvalues.Foranexplanationofthe commandoutput,referbacktoTable 111onpage 112.
    G3(su)->show logging default Facility Severity Port ----------------------------------------local4 warning(5) 514

    Defaults:

    11-4

    Logging and Network Management

    set logging default

    set logging default


    Usethiscommandtosetloggingdefaultvalues.

    Syntax
    set logging default {[facility facility] [severity severity] port port]}

    Parameters
    facilityfacility severityseverity Specifiesthedefaultfacilityname.Validvaluesare:local0tolocal7. Specifiesthedefaultloggingseveritylevel.Validvaluesand correspondinglevelsare: 1emergencies(systemisunusable) 2alerts(immediateactionrequired) 3criticalconditions 4errorconditions 5warningconditions 6notifications(significantconditions) 7informationalmessages 8debuggingmessages portport SpecifiesthedefaultUDPporttheclientusestosendtotheserver.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosettheSyslogdefaultfacilitynametolocal2andtheseveritylevelto4 (errorlogging):
    G3(su)->set logging default facility local2 severity 4

    clear logging default


    Usethiscommandtoresetloggingdefaultvalues.

    Syntax
    clear logging default {[facility] [severity] [port]}

    Parameters
    facility severity (Optional)Resetsthedefaultfacilitynametolocal4. (Optional)Resetsthedefaultloggingseveritylevelto6(notificationsof significantconditions).

    Enterasys G-Series CLI Reference

    11-5

    show logging application

    port

    (Optional)ResetsthedefaultUDPporttheclientusestosendtotheserver to514.

    Defaults
    Atleastoneoptionalparametermustbeentered. Allthreeoptionalkeywordsmustbeenteredtoresetallloggingvaluestodefaults.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresettheSyslogdefaultseveritylevelto6:
    G3(su)->clear logging default severity

    show logging application


    UsethiscommandtodisplaytheseveritylevelofSyslogmessagesforoneorallapplications configuredforloggingonyoursystem.

    Syntax
    show logging application [mnemonic | all]

    Parameters
    mnemonic (Optional)Displaysseveritylevelforoneapplicationconfiguredfor logging.Mnemonicswillvarydependingonthenumberandtypesof applicationsrunningonyoursystem.Samplemnemonicsandtheir correspondingapplicationsarelistedinTable 113onpage 118.
    Note: Mnemonic values are case sensitive and must be typed as they appear in Table 11-3.

    all

    (Optional)Displaysseveritylevelforallapplicationsconfiguredfor logging.

    Defaults
    Ifnoparameterisspecified,informationforallapplicationswillbedisplayed.

    Mode
    Switchcommand,readonly.

    11-6

    Logging and Network Management

    set logging application

    Example
    ThisexampleshowshowtodisplaysystemlogginginformationpertainingtotheSNMP application.
    G3(ro)->show logging application SNMP Application Current Severity Level --------------------------------------------90 SNMP 6 1(emergencies) 4(errors) 7(information) 2(alerts) 5(warnings) 8(debugging) 3(critical) 6(notifications)

    Table 112providesanexplanationofthecommandoutput. Table 11-2


    Output Field Application Current Severity Level

    show logging application Output Details


    What it displays... A mnemonic abbreviation of the textual description for applications being logged. Severity level at which the server is logging messages for the listed application. This range (from 1 to 8) and its associated severity list is shown in the CLI output. For a description of these entries, which are set using the set logging application command, refer to set logging application on page 11-7.

    set logging application


    Usethiscommandtosettheseverityleveloflogmessagesforoneorallapplications.

    Syntax
    set logging application {[mnemonic | all]} [level level]

    Parameters
    mnemonic Specifiesacasesensitivemnemonicabbreviationofanapplicationtobe logged.Thisparameterwillvarydependingonthenumberandtypesof applicationsrunningonyoursystem.Todisplayacompletelist,usethe showloggingapplicationcommandasdescribedinshowlogging applicationonpage 116.Samplemnemonicsandtheircorresponding applicationsarelistedinTable 113onpage 118.
    Note: Mnemonic values are case sensitive and must be typed as they appear in Table 11-3.

    all

    Setstheloggingseveritylevelforallapplications.

    Enterasys G-Series CLI Reference

    11-7

    clear logging application

    levellevel

    (Optional)Specifiestheseveritylevelatwhichtheserverwilllog messagesforapplications.Validvaluesandcorrespondinglevelsare: 1emergencies(systemisunusable) 2alerts(immediateactionrequired) 3criticalconditions 4errorconditions 5warningconditions 6notifications(significantconditions) 7informationalmessages 8debuggingmessages

    Table 11-3
    Mnemonic CLIWEB SNMP STP Driver System Stacking UPN Router

    Mnemonic Values for Logging Applications


    Application Command Line Interface and Webview management Simple Network Management Protocol Spanning Tree Protocol Hardware drivers Non-application items such as general chassis management Stacking management (if applicable) User Personalized Networking Router

    Defaults
    Iflevelisnotspecified,nonewillbeapplied.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosettheseveritylevelforSNMPto4sothaterrorconditionswillbe loggedforthatapplication.
    G3(rw)->set logging application SNMP level 4

    clear logging application


    Usethiscommandtoresettheloggingseveritylevelforoneorallapplicationstothedefaultvalue of6(notificationsofsignificantconditions).

    Syntax
    clear logging application {mnemonic | all}

    11-8

    Logging and Network Management

    show logging local

    Parameters
    mnemonic Resetstheseveritylevelforaspecificapplicationto6.Validmnemonic valuesandtheircorrespondingapplicationsarelistedinTable 113on page 118. Resetstheseveritylevelforallapplicationsto6.

    all

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoresettheloggingseveritylevelto6forSNMP.
    G3(rw)->clear logging application SNMP

    show logging local


    Usethiscommandtodisplaythestateofmessageloggingtotheconsoleandapersistentfile.

    Syntax
    show logging local

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaythestateofmessagelogging.Inthiscase,loggingtothe consoleisenabledandloggingtoapersistentfileisdisabled.
    G3(su)->show logging local Syslog Console Logging enabled Syslog File Logging disabled

    set logging local


    Usethiscommandtoconfigurelogmessagestotheconsoleandapersistentfile.

    Syntax
    set logging local console {enable | disable} file {enable | disable}

    Enterasys G-Series CLI Reference

    11-9

    clear logging local

    Parameters
    consoleenable|disable fileenable|disable Enablesordisablesloggingtotheconsole. Enablesordisablesloggingtoapersistentfile.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thiscommandshowshowtoenableloggingtotheconsoleanddisableloggingtoapersistentfile:
    G3(su)->set logging local console enable file disable

    clear logging local


    Usethiscommandtocleartheconsoleandpersistentstoreloggingforthelocalsession.

    Syntax
    clear logging local

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoclearlocallogging:
    G3(su)->clear logging local

    show logging buffer


    Usethiscommandtodisplaythelast256messageslogged.Bydefault,criticalfailuresanduser loginandlogouttimestampsaredisplayed.

    Syntax
    show logging buffer

    Parameters
    None.

    11-10

    Logging and Network Management

    Monitoring Network Events and Status

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowsaportionoftheinformationdisplayedwiththeshowloggingbuffer command:
    G3(su)->show logging buffer <165>Sep 4 07:43:09 10.42.71.13 CLI[5]User:rw logged in from 10.2.1.122 (telnet) <165>Sep 4 07:43:24 10.42.71.13 CLI[5]User: debug failed login from 10.4.1.100 (telnet)

    Monitoring Network Events and Status


    Purpose
    Todisplayswitcheventsandcommandhistory,tosetthesizeofthehistorybuffer,andtodisplay anddisconnectcurrentusersessions.

    Commands
    For information about... history show history set history ping show users disconnect Refer to page... 11-11 11-12 11-12 11-13 11-13 11-14

    history
    Usethiscommandtodisplaythecontentsofthecommandhistorybuffer.Thecommandhistory bufferincludesalltheswitchcommandsentereduptoamaximumof100,asspecifiedintheset historycommand(sethistoryonpage 1112).

    Syntax
    history

    Parameters
    None.

    Defaults
    None.
    Enterasys G-Series CLI Reference 11-11

    show history

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaythecontentsofthecommandhistorybuffer.Itshowsthereare fivecommandsinthebuffer:
    G3(su)->history 1 hist 2 show gvrp 3 show vlan 4 show igmp 5 show ip address

    show history
    Usethiscommandtodisplaythesize(inlines)ofthehistorybuffer.

    Syntax
    show history

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaythesizeofthehistorybuffer:
    G3(su)->show history History buffer size: 20

    set history
    Usethiscommandtosetthesizeofthehistorybuffer.

    Syntax
    set history size [default]

    Parameters
    size default Specifiesthesizeofthehistorybufferinlines.Validvaluesare1to100. (Optional)Makesthissettingpersistentforallfuturesessions.

    Defaults
    None.
    11-12 Logging and Network Management

    ping

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtosetthesizeofthecommandhistorybufferto30lines:
    G3(su)->set history 30

    ping
    UsethiscommandtosendICMPechorequestpacketstoanothernodeonthenetworkfromthe switchCLI.

    Syntax
    ping host

    Parameters
    host SpecifiestheIPaddressofthedevicetowhichthepingwillbesent.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Examples
    ThisexampleshowshowtopingIPaddress134.141.89.29.Inthiscase,thishostisalive:
    G3(su)->ping 134.141.89.29 134.141.89.29 is alive

    Inthisexample,thehostatIPaddressisnotresponding:
    G3(su)->ping 134.141.89.255 no answer from 134.141.89.255

    show users
    UsethiscommandtodisplayinformationabouttheactiveconsoleportorTelnetsession(s)logged intotheswitch.

    Syntax
    show users

    Parameters
    None.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    11-13

    disconnect

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtousetheshowuserscommand.Inthisoutput,therearetwoTelnet usersloggedinwithReadWriteaccessprivilegesfromIPaddresses134.141.192.119and 134.141.192.18:
    G3(su)->show users Session User Location -------- ----- -------------------------* telnet rw 134.141.192.119 telnet rw 134.141.192.18

    disconnect
    UsethiscommandtocloseanactiveconsoleportorTelnetsessionfromtheswitchCLI.

    Syntax
    disconnect {ip-addr | console}

    Parameters
    ipaddr console SpecifiestheIPaddressoftheTelnetsessiontobedisconnected.This addressisdisplayedintheoutputshowninshowusersonpage 1215. Closesanactiveconsoleport.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Examples
    ThisexampleshowshowtocloseaTelnetsessiontohost134.141.192.119:
    G3(su)->disconnect 134.141.192.119

    Thisexampleshowshowtoclosethecurrentconsolesession:
    G3(su)->disconnect console

    11-14

    Logging and Network Management

    Managing Switch Network Addresses and Routes

    Managing Switch Network Addresses and Routes


    Purpose
    TodisplayordeleteswitchARPtableentries,andtodisplayMACaddressinformation.

    Commands
    For information about... show arp set arp clear arp traceroute show mac show mac agetime set mac agetime clear mac agetime set mac algorithm show mac algorithm clear mac algorithm set mac multicast clear mac address show mac unreserved-flood set mac unreserved-flood Refer to page... 11-15 11-16 11-17 11-17 11-18 11-19 11-20 11-20 11-21 11-21 11-22 11-22 11-23 11-23 11-24

    show arp
    UsethiscommandtodisplaytheswitchsARPtable.

    Syntax
    show arp

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Enterasys G-Series CLI Reference

    11-15

    set arp

    Example
    ThisexampleshowshowtodisplaytheARPtable:
    G3(su)->show arp LINK LEVEL ARP TABLE IP Address Phys Address Flags Interface ----------------------------------------------------10.20.1.1 00-00-5e-00-01-1 S host 134.142.21.194 00-00-5e-00-01-1 S host 134.142.191.192 00-00-5e-00-01-1 S host 134.142.192.18 00-00-5e-00-01-1 S host 134.142.192.119 00-00-5e-00-01-1 S host -----------------------------------------------------

    Table 114providesanexplanationofthecommandoutput. Table 11-4


    Output Field IP Address Phys Address Flags

    show arp Output Details


    What It Displays... IP address mapped to MAC address. MAC address mapped to IP address. Route status. Possible values and their definitions include: S - manually configured entry (static) P - respond to ARP requests for this entry

    set arp
    UsethiscommandtoaddmappingentriestotheswitchsARPtable.

    Syntax
    set arp ip-address mac-address

    Parameters
    ipaddress macaddress SpecifiestheIPaddresstomaptotheMACaddressandaddtotheARP table. SpecifiestheMACaddresstomaptotheIPaddressandaddtotheARP table.TheMACaddresscanbeformattedasxx:xx:xx:xx:xx:xxorxxxx xxxxxxxx.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtomapIPaddress192.168.219.232toMACaddress00000c400fbc:
    G3(su)->set arp 192.168.219.232 00-00-0c-40-0f-bc

    11-16

    Logging and Network Management

    clear arp

    clear arp
    UsethiscommandtodeleteaspecificentryorallentriesfromtheswitchsARPtable.

    Syntax
    clear arp {ip-address | all}

    Parameters
    ipaddress|all SpecifiestheIPaddressintheARPtabletobecleared,orclearsallARP entries.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtodeleteentry10.1.10.10fromtheARPtable:
    G3(su)->clear arp 10.1.10.10

    traceroute
    UsethiscommandtodisplayahopbyhoppaththroughanIPnetworkfromthedevicetoa specificdestinationhost.ThreeUDPorICMPprobeswillbetransmittedforeachhopbetweenthe sourceandthetraceroutedestination.

    Syntax
    traceroute [-w waittime] [-f first-ttl] [-m max-ttl] [-p port] [-q nqueries] [-r] [-d] [-n] [-v] host

    Parameters
    wwaittime ffirstttl mmaxttl pport qnqueries r d n v host (Optional)Specifiestimeinsecondstowaitforaresponsetoaprobe. (Optional)Specifiesthetimetolive(TTL)ofthefirstoutgoingprobe packet. (Optional)Specifiesthemaximumtimetolive(TTL)usedinoutgoing probepackets. (Optional)SpecifiesthebaseUDPportnumberusedinprobes. (Optional)Specifiesthenumberofprobeinquiries. (Optional)Bypassesthenormalhostroutingtables. (Optional)Setsthedebugsocketoption. (Optional)Displayshopaddressesnumerically.(Supportedinafuture release.) (Optional)Displaysverboseoutput,includingthesizeanddestinationof eachresponse. SpecifiesthehosttowhichtherouteofanIPpacketwillbetraced.
    Enterasys G-Series CLI Reference 11-17

    show mac

    Defaults
    Ifnotspecified,waittimewillbesetto5seconds. Ifnotspecified,firstttlwillbesetto1second. Ifnotspecified,maxttlwillbesetto30seconds. Ifnotspecified,portwillbesetto33434. Ifnotspecified,nquerieswillbesetto3. Ifrisnotspecified,normalhostroutingtableswillbeused. Ifdisnotspecified,thedebugsocketoptionwillnotbeused. Ifvisnotspecified,summaryoutputwillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtousetraceroutetodisplayaroundtrippathtohost192.167.252.17.In thiscase,hop1istheGSeriesswitch,hop2is14.1.0.45,andhop3isbacktothehostIPaddress. RoundtriptimesforeachofthethreeUDPprobesaredisplayednexttoeachhop:
    G3(su)->traceroute 192.167.252.17 traceroute to 192.167.252.17 (192.167.252.17), 30 hops max, 40 byte packets 1 matrix.enterasys.com (192.167.201.40) 20.000 ms 20.000 ms 20.000 ms 2 14.1.0.45 (14.1.0.45) 40.000 ms 10.000 ms 20.000 ms 3 192.167.252.17 (192.167.252.17) 50.000 ms 0.000 ms 20.000 ms

    show mac
    UsethiscommandtodisplayMACaddressesintheswitchsfilteringdatabase.Theseare addresseslearnedonaportthroughtheswitchingprocess.

    Syntax
    show mac [address mac-address] [fid fid] [port port-string] [type {other | learned | self | mgmt}]

    Parameters
    addressmacaddress fidfid portportstring typeother|learned| self|mgmt (Optional)DisplaysaspecificMACaddress(ifitisknownbythe device). (Optional)DisplaysMACaddressesforaspecificfilterdatabase identifier. (Optional)DisplaysMACaddressesforspecificport(s). (Optional)Displaysinformationrelatedtoother,learned,selfor mgmt(management)addresstype.

    Defaults
    Ifnoparametersarespecified,allMACaddressesforthedevicewillbedisplayed.

    11-18

    Logging and Network Management

    show mac agetime

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayMACaddressinformationforge.3.1:
    G3(su)->show mac port ge.3.1 MAC Address FID Port Type ----------------- ---- ------------- -------00-09-6B-0F-13-E6 15 ge.3.1 Learned MAC Address VLAN Port Type Status Egress Ports ----------------- ---- ------------- ------- ------- --------------------------01-01-23-34-45-56 20 any mcast perm ge.3.1

    Table 115providesanexplanationofthecommandoutput. Table 11-5


    Output Field MAC Address FID Port Type

    show mac Output Details


    What It Displays... MAC addresses mapped to the port(s) shown. Filter database identifier. Port designation. Address type. Valid types are: Learned Self Management Other (this will include any static MAC locked addresses as described in Configuring MAC Locking on page 20-46). mcast (multicast)

    VLAN Status Egress Ports

    The VLAN ID configured for the multicast MAC address. The status of the multicast address. The ports which have been added to the egress ports list.

    show mac agetime


    UsethiscommandtodisplaythetimeoutperiodforaginglearnedMACentries.

    Syntax
    show mac agetime

    Parameters
    None.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    11-19

    set mac agetime

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaytheMACtimeoutperiod:
    G3(su)->show mac agetime Aging time: 300 seconds

    set mac agetime


    UseThiscommandtosetthetimeoutperiodforaginglearnedMACentries.

    Syntax
    set mac agetime time

    Parameters
    time SpecifiesthetimeoutperiodinsecondsforaginglearnedMAC addresses.Validvaluesare10to1,000,000seconds.Defaultvalueis300 seconds.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtosettheMACtimeoutperiod:
    G3(su)->set mac agetime 250

    clear mac agetime


    UsethiscommandtoresetthetimeoutperiodforaginglearnedMACentriestothedefaultvalue of300seconds.

    Syntax
    clear mac agetime

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.
    11-20 Logging and Network Management

    set mac algorithm

    Example
    ThisexampleshowshowtoresettheMACtimeoutperiodtothedefaultvalueof300seconds.
    G3(su)->clear mac agetime

    set mac algorithm


    UsethiscommandtosettheMACalgorithmmode,whichdeterminesthehasmechanismusedby thedevicewhenperformingLayer2lookupsonreceivedframes.

    Syntax
    set mac algorithm {mac-crc16-lowerbits | mac-crc16-upperbits | mac-crc32-lowerbits | mac-crc32-upperbits}

    Parameters
    maccrc16lowerbits maccrc16upperbits maccrc32lowerbits maccrc32upperbits SelecttheMACCRC16lowerbitsalgorithmforhashing. SelecttheMACCRC16upperbitsalgorithmforhashing. SelecttheMACCRC32lowerbitsalgorithmforhashing. SelecttheMACCRC32upperbitsalgorithmforhashing.

    Defaults
    ThedefaultMACalgorithmismaccrc16upperbits.

    Mode
    Switchcommand,readwrite.

    Usage
    EachalgorithmisoptimizedforadifferentspreadofMACaddresses.Whenchangingthismode, theswitchwilldisplayawarningmessageandpromptyoutorestartthedevice. ThedefaultMACalgorithmismaccrc16upperbits.

    Example
    Thisexamplesetsthehashingalgorithmtomaccrc32upperbits.
    G3(rw)->set mac algorithm mac-crc32-upperbits

    show mac algorithm


    ThiscommanddisplaysthecurrentlyselectedMACalgorithmmode.

    Syntax
    show mac algorithm

    Parameters
    None.

    Enterasys G-Series CLI Reference

    11-21

    clear mac algorithm

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowstheoutputofthiscommand.
    G3(su)->show mac algorithm Mac hashing algorithm is mac-crc16-upperbits.

    clear mac algorithm


    UsethiscommandtoreturntheMAChashingalgorithmtothedefaultvalueofmaccrc16 upperbits.

    Syntax
    clear mac algorithm

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleresetstheMAChashingalgorithmtothedefaultvalue.
    G3(su)->clear mac algorithm

    set mac multicast


    UsethiscommandtodefineonwhatportswithinaVLANamulticastaddresscanbedynamically learnedon,oronwhatportsaframewiththespecifiedMACaddresscanbeflooded.Also,use thiscommandtoappendportstoorclearportsfromtheegressportslist.

    Syntax
    set mac multicast mac-address vlan-id [port-string] [{append | clear} port-string]

    Parameters
    macaddress vlanid SpecifiesthemulticastMACaddress.TheMACaddresscanbe formattedasxx:xx:xx:xx:xx:xxorxxxxxxxxxxxx. SpecifiestheVLANIDcontainingtheports.

    11-22

    Logging and Network Management

    clear mac address

    portstring append|clear

    SpecifiestheportorrangeofportsthemulticastMACaddresscanbe learnedonorfloodedto. Appendsorclearstheportorrangeofportsfromtheegressportlist.

    Defaults
    Ifnoportstringisdefined,thecommandwillapplytoallports.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleconfiguresmulticastMACaddress010122334455forVLAN24.
    G3(su)->set mac multicast 01-01-22-33-44-55 24

    clear mac address


    UsethiscommandtoremoveamulticastMACaddress.

    Syntax
    clear mac address mac-address [vlan-id]

    Parameters
    macaddress vlanid SpecifiesthemulticastMACaddresstobecleared.TheMACaddress canbeformattedasxx:xx:xx:xx:xx:xxorxxxxxxxxxxxx. (Optional)SpecifiestheVLANIDfromwhichtoclearthestatic multicastMACaddress.

    Defaults
    Ifnovlanidisspecified,themulticastMACaddressisclearedfromallVLANs.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleclearsmulticastMACaddress010122334455fromVLAN24.
    G3(su)->clear mac multicast 01-01-22-33-44-55 24

    show mac unreserved-flood


    Usethiscommandtodisplaythestateofmulticastfloodprotection.

    Syntax
    show mac unreserved-flood

    Enterasys G-Series CLI Reference

    11-23

    set mac unreserved-flood

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampledisplaysthestatusofmulticastfloodprotection.
    G3(su)->show mac unreserved-flood mac unreserved flood is disabled.

    set mac unreserved-flood


    Usethiscommandtoenableordisablemulticastfloodprotection.Whenenabled,thisprevents policyprofilesrequiringafull10masksfrombeingloaded.

    Syntax
    set mac unreserved-flood {disable | enable}

    Parameters
    disable|enable Disablesorenablesmulticastfloodprotection.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Thefollowingaddresseswillbeforwardedwhenthisfunctionisenabled: 01:80:C2:00:00:11 01:80:C2:00:00:14 01:80:C2:00:00:15 Thedefaultstateisdisabled,andtheseaddresseswillnotbeforwarded.

    Example
    Thisexampleenablesmulticastfloodprotection.
    G3(su)->set mac unreserved-flood enable

    11-24

    Logging and Network Management

    Configuring Simple Network Time Protocol (SNTP)

    Configuring Simple Network Time Protocol (SNTP)


    Purpose
    ToconfiguretheSimpleNetworkTimeProtocol(SNTP),whichsynchronizesdeviceclocksina network.
    Note: A host IP address must be configured on the G3 to support SNTP.

    Commands
    For information about... show sntp set sntp client clear sntp client set sntp server clear sntp server set sntp poll-interval clear sntp poll-interval set sntp poll-retry clear sntp poll-retry set sntp poll-timeout clear sntp poll-timeout Refer to page... 11-25 11-27 11-27 11-28 11-28 11-29 11-29 11-29 11-30 11-30 11-31

    show sntp
    UsethiscommandtodisplaySNTPclientsettings.

    Syntax
    show sntp

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Enterasys G-Series CLI Reference

    11-25

    show sntp

    Example
    ThisexampleshowshowtodisplaySNTPclientsettings:
    G3(su)->show sntp SNTP Version: 3 Current Time: TUE SEP 09 16:13:33 2003 Timezone: 'EST', offset from UTC is -4 hours and 0 minutes Client Mode: unicast Broadcast Count: 0 Poll Interval: 512 seconds Poll Retry: 1 Poll Timeout: 5 seconds SNTP Poll Requests: 1175 Last SNTP Update: TUE SEP 09 16:05:24 2003 Last SNTP Request: TUE SEP 09 16:05:24 2003 Last SNTP Status: Success SNTP-Server Precedence Status ------------------------------------------10.2.8.6 2 Active 144.111.29.19 1 Active

    Table 116providesanexplanationofthecommandoutput. Table 11-6


    Output Field SNTP Version Current Time Timezone Client Mode Broadcast Count Poll Interval Poll Retry Poll Timeout

    show sntp Output Details


    What It Displays... SNTP version number. Current time on the system clock. Time zone name and amount it is offset from UTC (Universal Time). Whether SNTP client is operating in unicast or broadcast mode. Set using set sntp client command (set sntp client on page 11-27). Number of SNTP broadcast frames received. Interval between SNTP unicast requests. Default of 512 seconds can be reset using the set sntp poll-interval command (set sntp poll-interval on page 11-29). Number of poll retries to a unicast SNTP server. Default of 1 can be reset using the set sntp poll-retry command (set sntp poll-retry on page 11-29). Timeout for a response to a unicast SNTP request. Default of 5 seconds can be reset using set sntp poll-timeout command (set sntp poll-timeout on page 11-30).

    SNTP Poll Requests Total number of SNTP poll requests. Last SNTP Update Last SNTP Request Last SNTP Status SNTP-Server Precedence Date and time of most recent SNTP update. Date and time of most recent SNTP request. Whether or not broadcast reception or unicast transmission and reception was successful. IP address(es) of SNTP server(s). Precedence level of SNTP server in relation to its peers. Highest precedence is 1 and lowest is 10. Default of 1 can be reset using the set sntp server command (set sntp server on page 11-28). Whether or not the SNTP server is active.

    Status

    11-26

    Logging and Network Management

    set sntp client

    set sntp client


    UsethiscommandtosettheSNTPoperationmode.

    Syntax
    set sntp client {broadcast | unicast | disable}

    Parameters
    broadcast unicast disable EnablesSNTPinbroadcastclientmode. EnablesSNTPinunicast(pointtopoint)clientmode.Inthismode,the clientmustsupplytheIPaddressfromwhichtoretrievethecurrenttime. DisablesSNTP.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoenableSNTPinbroadcastmode:
    G3(su)->set sntp client broadcast

    clear sntp client


    UsethiscommandtocleartheSNTPclientsoperationalmode.

    Syntax
    clear sntp client

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocleartheSNTPclientsoperationalmode:
    G3(su)->clear sntp client

    Enterasys G-Series CLI Reference

    11-27

    set sntp server

    set sntp server


    UsethiscommandtoaddaserverfromwhichtheSNTPclientwillretrievethecurrenttimewhen operatinginunicastmode.Upto10serverscanbesetasSNTPservers.

    Syntax
    set sntp server ip-address [precedence]

    Parameters
    ipaddress precedence SpecifiestheSNTPserversIPaddress. (Optional)SpecifiesthisSNTPserversprecedenceinrelationtoitspeers. Validvaluesare1(highest)to10(lowest).

    Defaults
    Ifprecedenceisnotspecified,1willbeapplied.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosettheserveratIPaddress10.21.1.100 asan SNTPserver:
    G3(su)->set sntp server 10.21.1.100

    clear sntp server


    UsethiscommandtoremoveoneorallserversfromtheSNTPserverlist.

    Syntax
    clear sntp server {ip-address | all}

    Parameters
    ipaddress all SpecifiestheIPaddressofaservertoremovefromtheSNTPserverlist. RemovesallserversfromtheSNTPserverlist.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoremovetheserveratIPaddress10.21.1.100 fromtheSNTPserverlist:
    G3(su)->clear sntp server 10.21.1.100

    11-28

    Logging and Network Management

    set sntp poll-interval

    set sntp poll-interval


    UsethiscommandtosetthepollintervalbetweenSNTPunicastrequests.

    Syntax
    set sntp poll-interval interval

    Parameters
    interval Specifiesthepollintervalinseconds.Validvaluesare16to16284.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosettheSNTPpollintervalto30seconds:
    G3(su)->set sntp poll-interval 30

    clear sntp poll-interval


    UsethiscommandtoclearthepollintervalbetweenunicastSNTPrequests.

    Syntax
    clear sntp poll-interval

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocleartheSNTPpollinterval:
    G3(su)->clear sntp poll-interval

    set sntp poll-retry


    UsethiscommandtosetthenumberofpollretriestoaunicastSNTPserver.

    Syntax
    set sntp poll-retry retry

    Enterasys G-Series CLI Reference

    11-29

    clear sntp poll-retry

    Parameters
    retry Specifiesthenumberofretries.Validvaluesare0to10.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetthenumberofSNTPpollretriesto5:
    G3(su)->set sntp poll-retry 5

    clear sntp poll-retry


    UsethiscommandtoclearthenumberofpollretriestoaunicastSNTPserver.

    Syntax
    clear sntp poll-retry

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoclearthenumberofSNTPpollretries:
    G3(su)->clear sntp poll-retry

    set sntp poll-timeout


    Usethiscommandtosetthepolltimeout(inseconds)foraresponsetoaunicastSNTPrequest.

    Syntax
    set sntp poll-timeout timeout

    Parameters
    timeout Specifiesthepolltimeoutinseconds.Validvaluesare1to30.

    Defaults
    None.
    11-30 Logging and Network Management

    clear sntp poll-timeout

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosettheSNTPpolltimeoutto10seconds:
    G3(su)->set sntp poll-timeout 10

    clear sntp poll-timeout


    UsethiscommandtocleartheSNTPpolltimeout.

    Syntax
    clear sntp poll-timeout

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocleartheSNTPpolltimeout:
    G3(su)->clear sntp poll-timeout

    Configuring Node Aliases


    Purpose
    Toreview,disable,andreenablenode(port)aliasfunctionality,which determineswhatnetwork protocolsarerunningononeormoreports.

    Commands
    For information about... show nodealias config set nodealias clear nodealias config Refer to page... 11-32 11-32 11-33

    Enterasys G-Series CLI Reference

    11-31

    show nodealias config

    show nodealias config


    Usethiscommandtodisplaynodealiasconfigurationsettingsononeormoreports.

    Syntax
    show nodealias config [port-string]

    Parameters
    portstring (Optional)Displaysnodealiasconfigurationsettingsforspecificport(s).

    Defaults
    Ifportstringisnotspecified,nodealiasconfigurationswillbedisplayedforallports.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaynodealiasconfigurationsettingsforportsge.2.1through9:
    G3(rw)->show nodealias config ge.2.1-9 Port Number Max Entries --------------------ge.2.1 16 ge.2.2 47 ge.2.3 47 ge.2.4 47 ge.2.5 47 ge.2.6 47 ge.2.7 47 ge.2.8 47 ge.2.9 4000 Used Entries -----------0 0 2 0 0 2 0 0 1 Status -----Enable Enable Enable Enable Enable Enable Enable Enable Enable

    Table 117providesanexplanationofthecommandoutput. Table 11-7


    Output Field Port Number Max Entries Used Entries Status

    show nodealias config Output Details


    What It Displays... Port designation. Maximum number of alias entries configured for this port. Number of alias entries (out of the maximum amount configured) already used by this port. Whether or not a node alias agent is enabled (default) or disabled on this port.

    set nodealias
    Usethiscommandtoenableordisableanodealiasagentononeormoreports,orsetthe maximumnumberofaliasentriesperport.

    Syntax
    set nodealias {enable | disable | maxentries maxentries} port-string

    11-32

    Logging and Network Management

    clear nodealias config

    Parameters
    enable|disable maxentriesmaxentries portstring Enablesordisablesanodealiasagent. Setthemaximumnumberofaliasentriesperports.Validrangeis0to 4096.Thedefaultvalueis32. Specifiestheport(s)onwhichtoenable/disablenodealiasagentorset amaximumnumberofentries.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Uponpacketreception,nodealiasesaredynamicallyassignedtoportsenabledwithanalias agent,whichisthedefaultsettingonGSeriesdevices.Nodealiasescannotbestaticallycreated, butcanbedeletedusingtheclearnodealiascommandasdescribedinclearnodealiasconfigon page 1133.

    Example
    Thisexampleshowshowtodisablethenodealiasagentonge.1.3:
    G3(su)->set nodealias disable ge.1.3

    clear nodealias config


    Usethiscommandtoresetnodealiasstatetoenabledandclearthemaximumentriesvalue.

    Syntax
    clear nodealias config port-string

    Parameters
    portstring Specifiestheport(s)onwhichtoresetthenodealiasconfiguration.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoresetthenodealiasconfigurationonge.1.3:
    G3(su)->clear nodealias config ge.1.3

    Enterasys G-Series CLI Reference

    11-33

    clear nodealias config

    11-34

    Logging and Network Management

    12
    RMON Configuration
    ThischapterdescribesthecommandsusedtoconfigureRMONonaGSeriesswitch.
    For information about... RMON Monitoring Group Functions Statistics Group Commands History Group Commands Alarm Group Commands Event Group Commands Filter Group Commands Packet Capture Commands Refer to page... 12-1 12-3 12-5 12-7 12-12 12-15 12-20

    RMON Monitoring Group Functions


    RMON(RemoteNetworkMonitoring)providescomprehensivenetworkfaultdiagnosis, planning,andperformancetuninginformationandallowsforinteroperabilitybetweenSNMP managementstationsandmonitoringagents.RMONextendstheSNMPMIBcapabilityby definingadditionalMIBsthatgenerateamuchrichersetofdataaboutnetworkusage.TheseMIB groupseachgatherspecificsetsofdatatomeetcommonnetworkmonitoringrequirements. Table 121liststheRMONmonitoringgroupssupportedonGSeriesdevices,eachgroups functionandtheelementsitmonitors,andtheassociatedconfigurationcommandsneeded. Table 12-1
    RMON Group Statistics

    RMON Monitoring Group Functions and Commands


    What It Does... Records statistics measured by the RMON probe for each monitored interface on the device. What It Monitors... Packets dropped, packets sent, bytes sent (octets), broadcast and multicast packets, CRC errors, oversized and undersized packets, fragments, jabbers, and counters for packets. CLI Command(s) show rmon stats on page 12-3 set rmon stats on page 12-4 clear rmon stats on page 12-5

    Enterasys G-Series CLI Reference

    12-1

    RMON Monitoring Group Functions

    Table 12-1
    RMON Group History

    RMON Monitoring Group Functions and Commands (Continued)


    What It Does... Records periodic statistical samples from a network. What It Monitors... Sample period, number of samples and item(s) sampled. CLI Command(s) show rmon history on page 12-5 set rmon history on page 12-6 clear rmon history on page 12-7

    Alarm

    Periodically gathers statistical samples from variables in the probe and compares them with previously configured thresholds. If the monitored variable crosses a threshold, an event is generated. Controls the generation and notification of events from the device.

    Alarm type, interval, starting threshold, stop threshold.

    show rmon alarm on page 12-8 set rmon alarm properties on page 12-9 set rmon alarm status on page 12-10 clear rmon alarm on page 12-11

    Event

    Event type, description, last time event was sent.

    show rmon event on page 12-12 set rmon event properties on page 12-13 set rmon event status on page 12-14 clear rmon event on page 12-14

    Filter

    Allows packets to be matched by a filter equation. These matched packets form a data stream or channel that may be captured.

    Packets matching the filter configuration.

    show rmon channel on page 12-16 set rmon channel on page 12-16 clear rmon channel on page 12-17 show rmon filter on page 12-17 set rmon filter on page 12-18 clear rmon filter on page 12-19

    Packet Capture

    Allows packets to be captured upon a filter match.

    Packets matching the filter configuration.

    show rmon capture on page 12-20 set rmon capture on page 12-21 clear rmon capture on page 12-22

    12-2

    RMON Configuration

    Statistics Group Commands

    Statistics Group Commands


    Purpose
    Todisplay,configure,andclearRMONstatistics.
    Note: Due to hardware limitations, the only frame error counted is oversized frames.

    Commands
    For information about... show rmon stats set rmon stats clear rmon stats Refer to page... 12-3 12-4 12-5

    show rmon stats


    UsethiscommandtodisplayRMONstatisticsmeasuredforoneormoreports.

    Syntax
    show rmon stats [port-string]

    Parameters
    portstring (Optional)DisplaysRMONstatisticsforspecificport(s).

    Defaults
    Ifportstringisnotspecified,RMONstatswillbedisplayedforallports.

    Mode
    Switchcommand,readonly.

    Enterasys G-Series CLI Reference

    12-3

    set rmon stats

    Example
    ThisexampleshowshowtodisplayRMONstatisticsforGigabitEthernetport1inswitch1.
    G3(su)->show rmon stats ge.1.1
    :

    Port: ge.1.1 ------------------------------------Index = 1 Owner = monitor Data Source = ifIndex.1 Drop Events Collisions Jabbers Broadcast Pkts Multicast Pkts CRC Errors Undersize Pkts Oversize Pkts Fragments = = = = = = = = = 0 0 0 0 0 0 0 0 0 Packets Octets 0 64 65 - 127 128 - 255 256 - 511 512 - 1023 1024 - 1518 = = = = = = = = 0 0 0 0 0 0 0 0

    Octets Octets Octets Octets Octets Octets

    Table 122providesanexplanationofthecommandoutput.

    set rmon stats


    UsethiscommandtoconfigureanRMONstatisticsentry.

    Syntax
    set rmon stats index port-string [owner]

    Parameters
    index portstring owner Specifiesanindexforthisstatisticsentry. Specifiesport(s)towhichthisentrywillbeassigned. (Optional)Assignsanownerforthisentry.

    Defaults
    Ifownerisnotspecified,monitorwillbeapplied.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoconfigureRMONstatisticsentry2forge.1.20:
    G3(rw)->set rmon stats 2 ge.1.20

    12-4

    RMON Configuration

    clear rmon stats

    clear rmon stats


    UsethiscommandtodeleteoneormoreRMONstatisticsentries.

    Syntax
    clear rmon stats {index-list | to-defaults}

    Parameters
    indexlist todefaults Specifiesoneormorestatsentriestobedeleted,causingthemtodisappear fromanyfutureRMONqueries. Resetsallhistoryentriestodefaultvalues.Thiswillcauseentriesto reappearinRMONqueries.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodeleteRMONstatisticsentry2:
    G3(rw)->clear rmon stats 2

    History Group Commands


    Purpose
    Todisplay,configure,andclearRMONhistorypropertiesandstatistics.

    Commands
    For information about... show rmon history set rmon history clear rmon history Refer to page... 12-5 12-6 12-7

    show rmon history


    UsethiscommandtodisplayRMONhistorypropertiesandstatistics.TheRMONhistorygroup recordsperiodicstatisticalsamplesfromanetwork.

    Syntax
    show rmon history [port-string]

    Enterasys G-Series CLI Reference

    12-5

    set rmon history

    Parameters
    portstring (Optional)DisplaysRMONhistoryentriesforspecificport(s).

    Defaults
    Ifportstringisnotspecified,informationaboutallRMONhistoryentrieswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayRMONhistoryentriesforGigabitEthernetport1inswitch1. Acontrolentrydisplaysfirst,followedbyactualentriescorrespondingtothecontrolentry.Inthis case,thedefaultsettingsforentryowner,samplinginterval,andmaximumnumberofentries. (buckets)havenotbeenchangedfromtheirdefaultvalues.Foradescriptionofthetypesof statisticsshown,refertoTable 122.
    G3(su)->show rmon history ge.1.1
    :

    Port: ge.1.1 ------------------------------------Index 1 Owner = monitor Status = valid Data Source = ifIndex.1 Interval = 30 Buckets Requested = 50 Buckets Granted = 10 Sample 2779 Interval Start: 1 days 0 hours 2 minutes 22 seconds Drop Events = 0 Undersize Pkts = 0 Octets = 0 Oversize Pkts = 0 Packets = 0 Fragments = 0 Broadcast Pkts = 0 Jabbers = 0 Multicast Pkts = 0 Collisions = 0 CRC Align Errors = 0 Utilization(%) = 0

    set rmon history


    UsethiscommandtoconfigureanRMONhistoryentry.

    Syntax
    set rmon history index [port-string] [buckets buckets] [interval interval] [owner owner]

    Parameters
    indexlist portstring bucketsbuckets intervalinterval ownerowner Specifiesanindexnumberforthisentry. (Optional)Assignsthisentrytoaspecificport. (Optional)Specifiesthemaximumnumberofentriestomaintain. (Optional)Specifiesthesamplingintervalinseconds. (Optional)Specifiesanownerforthisentry.

    12-6

    RMON Configuration

    clear rmon history

    Defaults
    Ifbucketsisnotspecified,themaximumnumberofentriesmaintainedwillbe50. Ifnotspecified,intervalwillbesetto30seconds. Ifownerisnotspecified,monitorwillbeapplied.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowconfigureRMONhistoryentry1onportge.2.1tosampleevery20 seconds:
    G3(rw)->set rmon history 1 ge.2.1 interval 20

    clear rmon history


    UsethiscommandtodeleteoneormoreRMONhistoryentriesorresetoneormoreentriesto defaultvalues.Forspecificvalues,refertosetrmonhistoryonpage 126.

    Syntax
    clear rmon history {index-list | to-defaults}

    Parameters
    indexlist todefaults Specifiesoneormorehistoryentriestobedeleted,causingthemto disappearfromanyfutureRMONqueries. Resetsallhistoryentriestodefaultvalues.Thiswillcauseentriesto reappearinRMONqueries.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodeleteRMONhistoryentry1:
    G3(rw)->clear rmon history 1

    Alarm Group Commands


    Purpose
    Todisplay,configure,andclearRMONalarmentriesandproperties.

    Enterasys G-Series CLI Reference

    12-7

    show rmon alarm

    Commands
    For information about... show rmon alarm set rmon alarm properties set rmon alarm status clear rmon alarm Refer to page... 12-8 12-9 12-10 12-11

    show rmon alarm


    UsethiscommandtodisplayRMONalarmentries.TheRMONalarmgroupperiodicallytakes statisticalsamplesfromRMONvariablesandcomparesthemwithpreviouslyconfigured thresholds.IfthemonitoredvariablecrossesathresholdanRMONeventisgenerated.

    Syntax
    show rmon alarm [index]

    Parameters
    index (Optional)DisplaysRMONalarmentriesforaspecificentryindexID.

    Defaults
    Ifindexisnotspecified,informationaboutallRMONalarmentrieswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayRMONalarmentry3:
    G3(rw)->show rmon alarm 3 Index 3 --------------------Owner = Status = Variable = Sample Type = Interval = Rising Threshold = Rising Event Index =

    Manager valid 1.3.6.1.4.1.5624.1.2.29.1.2.1.0 delta Startup Alarm 30 Value 1 Falling Threshold 2 Falling Event Index

    = = = =

    rising 0 0 0

    Table 122providesanexplanationofthecommandoutput. Table 12-2


    Output Field Index Owner

    show rmon alarm Output Details


    What It Displays... Index number for this alarm entry. Text string identifying who configured this entry.

    12-8

    RMON Configuration

    set rmon alarm properties

    Table 12-2
    Output Field Status Variable Sample Type

    show rmon alarm Output Details (Continued)


    What It Displays... Whether this event entry is enabled (valid) or disabled. MIB object to be monitored. Whether the monitoring method is an absolute or a delta sampling. Whether alarm generated when this entry is first enabled is rising, falling, or either. Interval in seconds at which RMON will conduct sample monitoring. Minimum threshold for causing a rising alarm. Maximum threshold for causing a falling alarm. Index number of the RMON event to be triggered when the rising threshold is crossed. Index number of the RMON event to be triggered when the falling threshold is crossed.

    Startup Alarm Interval Rising Threshold Falling Threshold Rising Event Index Falling Event Index

    set rmon alarm properties


    UsethiscommandtoconfigureanRMONalarmentry,ortocreateanewalarmentrywithan unusedalarmindexnumber.

    Syntax
    set rmon alarm properties index [interval interval] [object object] [type {absolute | delta}] [startup {rising | falling | either}] [rthresh rthresh] [fthresh fthresh] [revent revent] [fevent fevent] [owner owner]

    Parameters
    index intervalinterval objectobject Specifiesanindexnumberforthisentry.Maximumnumberorentriesis 50.Maximumvalueis65535. (Optional)Specifiesaninterval(inseconds)forRMONtoconductsample monitoring. (Optional)SpecifiesaMIBobjecttobemonitored.
    Note: This parameter is not mandatory for executing the command, but must be specified in order to enable the alarm entry configuration.

    typeabsolute| delta

    (Optional)Specifiesthemonitoringmethodas:samplingtheabsolute valueoftheobject,orthedifference(delta)betweenobjectsamples.

    Enterasys G-Series CLI Reference

    12-9

    set rmon alarm status

    startuprising| falling|either

    (Optional)Specifiesthetypeofalarmgeneratedwhenthiseventisfirst enabledas: RisingSendsalarmwhenanRMONeventreachesamaximum thresholdconditionisreached,forexample,morethan30collisions persecond. FallingSendsalarmwhenRMONeventfallsbelowaminimum thresholdcondition,forexamplewhenthenetworkisbehaving normallyagain. EitherSendsalarmwheneitherarisingorfallingthresholdis reached.

    rthreshrthresh fthreshfthresh reventrevent feventfevent ownerowner

    (Optional)Specifiesaminimumthresholdforcausingarisingalarm. Specifiesamaximumthresholdforcausingafallingalarm. SpecifiestheindexnumberoftheRMONeventtobetriggeredwhenthe risingthresholdiscrossed. SpecifiestheindexnumberoftheRMONeventtobetriggeredwhenthe fallingthresholdiscrossed. (Optional)Specifiesthenameoftheentitythatconfiguredthisalarm entry.

    Defaults
    interval3600seconds typeabsolute startuprising rthresh0 fthresh0 revent0 fevent0 ownermonitor

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoconfigurearisingRMONalarm.Thisentrywillconductmonitoring ofthedeltabetweensamplesevery30seconds:
    G3(rw)->set rmon alarm properties 3 interval 30 object 1.3.6.1.4.1.5624.1.2.29.1.2.1.0 type delta rthresh 1 revent 2 owner Manager

    set rmon alarm status


    UsethiscommandtoenableanRMONalarmentry.Analarmisanotificationthatastatistical sampleofamonitoredvariablehascrossedaconfiguredthreshold.

    Syntax
    set rmon alarm status index enable
    12-10 RMON Configuration

    clear rmon alarm

    Parameters
    index enable Specifiesanindexnumberforthisentry.Maximumnumberorentriesis 50.Maximumvalueis65535. Enablesthisalarmentry.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    AnRMONalarmentrycanbecreatedusingthiscommand,configuredusingthesetrmonalarm propertiescommand(setrmonalarmpropertiesonpage 129),thenenabledusingthis command.AnRMONalarmentrycanbecreatedandconfiguredatthesametimebyspecifying anunusedindexwiththesetrmonalarmpropertiescommand.

    Example
    ThisexampleshowshowtoenableRMONalarmentry3:
    G3(rw)->set rmon alarm status 3 enable

    clear rmon alarm


    UsethiscommandtodeleteanRMONalarmentry.

    Syntax
    clear rmon alarm index

    Parameters
    index Specifiestheindexnumberofentrytobecleared.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoclearRMONalarmentry1:
    G3(rw)->clear rmon alarm 1

    Enterasys G-Series CLI Reference

    12-11

    Event Group Commands

    Event Group Commands


    Purpose
    TodisplayandclearRMONevents,andtoconfigureRMONeventproperties.

    Commands
    For information about... show rmon event set rmon event properties set rmon event status clear rmon event Refer to page... 12-12 12-13 12-14 12-14

    show rmon event


    UsethiscommandtodisplayRMONevententryproperties.

    Syntax
    show rmon event [index]

    Parameters
    index (Optional)DisplaysRMONpropertiesandlogentriesforaspecificentry indexID.

    Defaults
    Ifindexisnotspecified,informationaboutallRMONentrieswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayRMONevententry3:
    G3(rw)->show rmon event 3 Index 3 ---------------Owner = Status = Description = Type = Community = Last Time Sent =

    Manager valid STP Topology change log-and-trap public 0 days 0 hours 0 minutes 37 seconds

    Table 123providesanexplanationofthecommandoutput.

    12-12

    RMON Configuration

    set rmon event properties

    Table 12-3
    Output Field Index Owner Status Description Type Community

    show rmon event Output Details


    What It Displays... Index number for this event entry. Text string identifying who configured this entry. Whether this event entry is enabled (valid) or disabled. Text string description of this event. Whether the event notification will be a log entry, and SNMP trap, both, or none. SNMP community name if message type is set to trap. When an event notification matching this entry was sent.

    Last Time Sent

    set rmon event properties


    UsethiscommandtoconfigureanRMONevententry,ortocreateanewevententrywithan unusedeventindexnumber.

    Syntax
    set rmon event properties index [description description] [type {none | log | trap | both}] [community community] [owner owner]

    Parameters
    index description description typenone|log| trap|both community community Specifiesanindexnumberforthisentry.Maximumnumberofentriesis 100.Maximumvalueis65535. (Optional)Specifiesatextstringdescriptionofthisevent. (Optional)SpecifiesthetypeofRMONeventnotificationas:none,alog tableentry,anSNMPtrap,orbothalogentryandatrapmessage. (Optional)SpecifiesanSNMPcommunitynametouseifthemessage typeissettotrap.FordetailsonsettingSNMPtrapsandcommunity names,refertoCreatingaBasicSNMPTrapConfigurationon page 536. (Optional)Specifiesthenameoftheentitythatconfiguredthisentry.

    ownerowner

    Defaults
    Ifdescriptionisnotspecified,nonewillbeapplied. Ifnotspecified,typenonewillbeapplied. Ifownerisnotspecified,monitorwillbeapplied.

    Mode
    Switchcommand,readwrite.

    Enterasys G-Series CLI Reference

    12-13

    set rmon event status

    Example
    ThisexampleshowshowtocreateandenableanRMONevententrycalledSTPtopology changethatwillsendbothalogentryandanSNMPtrapmessagetothepubliccommunity:
    G3(rw)->set rmon event properties 2 description "STP topology change" type both community public owner Manager

    set rmon event status


    UsethiscommandtoenableanRMONevententry.Anevententrydescribestheparametersofan RMONeventthatcanbetriggered.EventscanbefiredbyRMONalarmsandcanbeconfiguredto createalogentry,generateatrap,orboth.

    Syntax
    set rmon event status index enable

    Parameters
    index enable Specifiesanindexnumberforthisentry.Maximumnumberofentriesis 100.Maximumvalueis65535. Enablesthisevententry.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    AnRMONevententrycanbecreatedusingthiscommand,configuredusingthesetrmonevent propertiescommand(setrmoneventpropertiesonpage 1213),thenenabledusingthis command.AnRMONevententrycanbecreatedandconfiguredatthesametimebyspecifyingan unusedindexwiththesetrmoneventpropertiescommand.

    Example
    ThisexampleshowshowtoenableRMONevententry1:
    G3(rw)->set rmon event status 1 enable

    clear rmon event


    UsethiscommandtodeleteanRMONevententryandanyassociatedlogentries.

    Syntax
    clear rmon event index

    Parameters
    index Specifiestheindexnumberoftheentrytobecleared.

    12-14

    RMON Configuration

    Filter Group Commands

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoclearRMONevent1:
    G3(rw)->clear rmon event 1

    Filter Group Commands


    Thepacketcaptureandfilterfunctionisdisabledbydefault.Onlyoneinterfacecanbeconfigured forcapturingandfilteringatatime. Whenpacketcaptureisenabledonaninterface,theGSeriesswitchwillcapture100framesas closetosequentiallyaspossible.These100frameswillbeplacedintoabufferforinspection.If thereisdatainthebufferwhenthefunctionisstarted,thebufferwillbeoverwritten.Once100 frameshavebeencaptured,thecapturewillstop.Filteringwillbeperformedontheframes capturedinthebuffer.Therefore,onlyasubsetoftheframescapturedwillbeavailablefor display.
    Note: Packet capture is sampling only and does not guarantee receipt of back to back packets.

    Onechannelatatimecanbesupported,withuptothreefilters.Configuredchannel,filter,and buffercontrolinformationwillbesavedacrossresets,butcapturedframeswithinthebufferwill notbesaved. Thisfunctioncannotbeusedconcurrentlywithportmirroring.Thesystemwillchecktoprevent concurrentlyenablingbothfunctions,andawarningwillbegeneratedintheCLIifattempted.

    Commands
    For information about... show rmon channel set rmon channel clear rmon channel show rmon filter set rmon filter clear rmon filter Refer to page... 12-16 12-16 12-17 12-17 12-18 12-19

    Enterasys G-Series CLI Reference

    12-15

    show rmon channel

    show rmon channel


    UsethiscommandtodisplayRMONchannelentriesforoneormoreports.

    Syntax
    show rmon channel [port-string]

    Parameters
    portstring (Optional)DisplaysRMONchannelentriesforaspecificport(s).

    Defaults
    Ifportstringisnotspecified,informationaboutallchannelswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayRMONchannelinformationforge.2.12:
    G3(rw)->show rmon channel ge.2.12 Port ge.2.12 Channel index= 628 EntryStatus= valid ---------------------------------------------------------Control off AcceptType matched OnEventIndex 0 OffEventIndex 0 EventIndex 0 Status ready Matches 4498 Description Thu Dec 16 12:57:32 EST 2004 Owner NetSight smith

    set rmon channel


    UsethiscommandtoconfigureanRMONchannelentry.

    Syntax
    set rmon channel index port-string [accept {matched | failed}] [control {on | off}] [description description] [owner owner]

    Parameters
    index Specifiesanindexnumberforthisentry.Anentrywillautomaticallybe createdifanunusedindexnumberischosen.Maximumnumberof entriesis2.Maximumvalueis65535. Specifiestheportonwhichtrafficwillbemonitored. (Optional)Specifiestheactionofthefiltersonthischannelas: controlon|off matchedPacketswillbeacceptedonfiltermatches failedPacketswillbeacceptediftheyfailamatch

    portstring acceptmatched| failed

    (Optional)Enablesordisablescontroloftheflowofdatathroughthe channel.

    12-16

    RMON Configuration

    clear rmon channel

    description description ownerowner

    (Optional)Specifiesadescriptionforthischannel. (Optional)Specifiesthenameoftheentitythatconfiguredthisentry.

    Defaults
    Ifanactionisnotspecified,packetswillbeacceptedonfiltermatches. Ifnotspecified,controlwillbesettooff. Ifadescriptionisnotspecified,nonewillbeapplied. Ifownerisnotspecified,itwillbesettomonitor.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocreateanRMONchannelentry:
    G3(rw)->set rmon channel 54313 ge.2.12 accept failed control on description "capture all"

    clear rmon channel


    UsethiscommandtoclearanRMONchannelentry.

    Syntax
    clear rmon channel index

    Parameters
    index Specifiesthechannelentrytobecleared.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoclearRMONchannelentry2:
    G3(rw)->clear rmon channel 2

    show rmon filter


    UsethiscommandtodisplayoneormoreRMONfilterentries.

    Syntax
    show rmon filter [index index | channel channel]

    Enterasys G-Series CLI Reference

    12-17

    set rmon filter

    Parameters
    indexindex| channelchannel (Optional)Displaysinformationaboutaspecificfilterentry,oraboutall filterswhichbelongtoaspecificchannel.

    Defaults
    Ifnooptionsarespecified,informationforallfilterentrieswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayallRMONfilterentriesandchannelinformation:
    G3(rw)->show rmon filter Index= 55508 Channel Index= 628 EntryStatus= valid ---------------------------------------------------------Data Offset 0 PktStatus 0 PktStatusMask 0 PktStatusNotMask 0 Owner ETS,NAC-D ----------------------------Data ff ff ff ff ff ff ----------------------------DataMask ff ff ff ff ff ff ----------------------------DataNotMask 00 00 00 00 00 00

    set rmon filter


    UsethiscommandtoconfigureanRMONfilterentry.

    Syntax
    set rmon filter index channel-index [offset offset] [status status] [smask smask] [snotmask snotmask] [data data] [dmask dmask] [dnotmask dnotmask] [owner owner]

    Parameters
    index Specifiesanindexnumberforthisentry.Anentrywillautomaticallybe createdifanunusedindexnumberischosen.Maximumnumberof entriesis10.Maximumvalueis65535. Specifiesthechanneltowhichthisfilterwillbeapplied. (Optional)Specifiesanoffsetfromthebeginningofthepackettolookfor matches. (Optional)Specifiespacketstatusbitsthataretobematched. (Optional)Specifiesthemaskappliedtostatustoindicatewhichbitsare significant. (Optional)Specifiestheinversionmaskthatindicateswhichbitsshould besetornotset (Optional)Specifiesthedatatobematched.

    channelindex offsetoffset statusstatus smasksmask snotmasksnotmask datadata


    12-18 RMON Configuration

    clear rmon filter

    dmaskdmask dnotmaskdnotmask owner

    (Optional)Specifiesthemaskappliedtodatatoindicatewhichbitsare significant. (Optional)Specifiestheinversionmaskthatindicateswhichbitsshould besetornotset. (Optional)Specifiesthenameoftheentitythatconfiguredthisentry.

    Defaults
    Ifownerisnotspecified,itwillbesettomonitor. Ifnootheroptionsarespecified,none(0)willbeapplied.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocreateRMONfilter1andapplyittochannel9:
    G3(rw)->set rmon filter 1 9 offset 30 data 0a154305 dmask ffffffff

    clear rmon filter


    UsethiscommandtoclearanRMONfilterentry.

    Syntax
    clear rmon filter {index index | channel channel}

    Parameters
    indexindex| channelchannel Clearsaspecificfilterentry,orallentriesbelongingtoaspecificchannel.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoclearRMONfilterentry1:
    G3(rw)->clear rmon filter index 1

    Enterasys G-Series CLI Reference

    12-19

    Packet Capture Commands

    Packet Capture Commands


    Notethatpacketcapturefilterissamplingonlyanddoesnotguaranteereceiptofbacktoback packets.

    Purpose
    TodisplayRMONcaptureentries,configure,enable,ordisablecaptureentries,andclearcapture entries.

    Commands
    For information about... show rmon capture set rmon capture clear rmon capture Refer to page... 12-20 12-21 12-22

    show rmon capture


    UsethiscommandtodisplayRMONcaptureentriesandassociatedbuffercontrolentries.

    Syntax
    show rmon capture [index [nodata]]

    Parameters
    index nodata (Optional)Displaysthespecifiedbuffercontrolentryandallcaptured packetsassociatedwiththatentry. (Optional)Displaysonlythebuffercontrolentryspecifiedbyindex.

    Defaults
    Ifnooptionsarespecified,allbuffercontrolentriesandassociatedcapturedpacketswillbe displayed.

    Mode
    Switchcommand,readonly.

    12-20

    RMON Configuration

    set rmon capture

    Example
    ThisexampleshowshowtodisplayRMONcaptureentriesandassociatedbufferentries:
    G3(rw)->show rmon capture Buf.control= 28062 Channel= 38283 EntryStatus= valid ---------------------------------------------------------FullStatus avail FullAction lock Captured packets 251 Capture slice 1518 Download size 100 Download offset 0 Max Octet Requested 50000 Max Octet Granted 50000 Start time 1 days 0 hours 51 minutes 15 seconds Owner monitor

    captureEntry= 1 Buff.control= 28062 -------------------------------------------Pkt ID 9 Pkt time 1 days 0 hours 51 minutes 15 seconds Pkt Length 93 Pkt status 0 Data: 00 00 5e 00 01 01 00 01 f4 00 7d ce 08 00 45 00 00 4b b4 b9 00 00 40 11 32 5c 0a 15 43 05 86 8d bf e5 00 a1 0e 2b 00 37 cf ca 30 2d 02 01 00 04 06 70 75 62 6c 69 63 a2 20 02 02 0c 92 02 01 00 02 01 00 30 14 30 12 06 0d 2b 06 01 02 01 10 07 01 01 0b 81 fd 1c 02 01 01 00 11 0b 00

    set rmon capture


    UsethiscommandtoconfigureanRMONcaptureentry.

    Syntax
    set rmon capture index {channel [action {lock}] [slice slice] [loadsize loadsize] [offset offset] [asksize asksize] [owner owner]}

    Parameters
    index channel actionlock Specifiesabuffercontrolentry. Specifiesthechanneltowhichthiscaptureentrywillbeapplied. (Optional)Specifiestheactionofthebufferwhenitisfullas: sliceslice loadsizeloadsize offsetoffset asksizeasksize lockPacketswillceasetobeaccepted

    (Optional)Specifiesthemaximumoctetsfromeachpackettobesavedin abuffer.Currently,theonlyvalueallowedis1518. (Optional)Specifiesthemaximumoctetsfromeachpackettobe downloadedfromthebuffer.Thedefaultis100. (Optional)Specifiesthefirstoctetfromeachpacketthatwillberetrieved. (Optional)Specifiestherequestedmaximumoctetstobesavedinthis buffer.Currently,theonlyvalueacceptedis1,whichrequestsasmany octetsaspossible. (Optional)Specifiesthenameoftheentitythatconfiguredthisentry.

    owner

    Enterasys G-Series CLI Reference

    12-21

    clear rmon capture

    Defaults
    Ifnotspecified,actiondefaultstolock. Ifnotspecified,offsetdefaultsto0. Ifnotspecified,asksizedefaultsto1(whichwillrequestasmanyoctetsaspossible). Ifsliceisnotspecified,1518willbeapplied. Ifloadsizeisnotspecified,100willbeapplied. Ifownerisnotspecified,itwillbesettomonitor.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocreateRMONcaptureentry1tolistenonchannel628:
    G3(rw)->set rmon capture 1 628

    clear rmon capture


    UsethiscommandtoclearsanRMONcaptureentry.

    Syntax
    clear rmon capture index

    Parameters
    index Specifiesthecaptureentrytobecleared.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoclearRMONcaptureentry1:
    G3(rw)->clear rmon capture 1

    12-22

    RMON Configuration

    13
    DHCP Server Configuration
    ThischapterdescribesthecommandstoconfiguretheIPv4DHCPserverfunctionalityonaG Seriesswitch.
    For information about... DHCP Overview Configuring General DHCP Server Parameters Configuring IP Address Pools Refer to page... 13-1 13-3 13-10

    DHCP Overview
    DynamicHostConfigurationProtocol(DHCP)forIPv4isanetworklayerprotocolthat implementsautomaticormanualassignmentofIPaddressesandotherconfigurationinformation toclientdevicesbyservers.ADHCPservermanagesauserconfiguredpoolofIPaddressesfrom whichitcanmakeassignmentsuponclientrequests.ArelayagentpassesDHCPmessages betweenclientsandserverswhichareondifferentphysicalsubnets.

    DHCP Server
    DHCPserverfunctionalityallowstheGSeriesswitchtoprovidebasicIPconfiguration informationtoaclientonthenetworkwhorequestssuchinformationusingtheDHCPprotocol. DHCPprovidesthefollowingmechanismsforIPaddressallocationbyaDHCPserver: AutomaticDHCPserverassignsanIPaddresstoaclientforalimitedperiodoftime(or untiltheclientexplicitlyrelinquishestheaddress)fromadefinedpoolofIPaddresses configuredontheserver. ManualAclientsIPaddressisassignedbythenetworkadministrator,andDHCPisused simplytoconveytheassignedaddresstotheclient.Thisismanagedbymeansofstatic addresspoolsconfiguredontheserver.

    TheamountoftimethataparticularIPaddressisvalidforasystemiscalledalease.TheGSeries maintainsaleasedatabasewhichcontainsinformationabouteachassignedIPaddress,theMAC addresstowhichitisassigned,theleaseexpiration,andwhethertheaddressassignmentis dynamic(automatic)orstatic(manual).TheDHCPleasedatabaseisstoredinflashmemory. InadditiontoassigningIPaddresses,theDHCPservercanalsobeconfiguredtoassignthe followingtorequestingclients: Defaultrouter(s) DNSserver(s)anddomainname NetBIOSWINSserver(s)andnodename


    Enterasys G-Series CLI Reference 13-1

    DHCP Overview

    Bootfile DHCPoptionsasdefinedbyRFC2132
    Note: A total of 16 address pools, dynamic and/or static, can be configured on the G-Series.

    Configuring a DHCP Server


    ForDHCPtofunctiononGSeriessystems,thesystemhastoknowabouttheIPnetworkfor whichtheDHCPpoolistobecreated.ThisisdonebyassociatingtheDHCPaddresspoolwiththe switchshostportIPaddress. ThefollowingtasksprovidebasicDHCPserverfunctionalitywhentheDHCPpoolisassociated withthesystemshostIPaddress. 1. ConfigurethesystemhostportIPaddresswiththesetipaddresscommand.Oncethe systemsIPaddressisconfigured,thesystemthenknowsabouttheconfiguredsubnet.For example:
    set ip address 192.0.0.50 mask 255.255.255.0

    2. 3.

    EnableDHCPserverfunctionalityonthesystemwiththesetdhcpenablecommand. ConfigureanIPaddresspoolfordynamicIPaddressassignment.Theonlyrequiredstepsare tonamethepoolanddefinethenetworknumberandmaskforthepool.Notethatthepool hastobeinthesamesubnetandusethesamemaskasthesystemhostportIPaddress.For example:


    set dhcp pool auto-pool network 192.0.0.0 255.255.255.0

    AllDHCPclientsservedbythisswitchmustbeinthesameVLANasthesystemshostport. OptionalDHCPservertasksinclude: Youcanlimitthescopeofaddressesassignedtoapoolfordynamicaddressassignmentwith thesetdhcpexcludecommand.Upto128nonoverlappingaddressrangescanbeexcluded ontheGSeries.Forexample:


    set dhcp exclude 192.0.0.1 192.0.0.10 Note: The IP address of the systems host port is automatically excluded.

    Configurestaticaddresspoolsformanualaddressassignment.Theonlyrequiredstepsareto namethepool,configureeitherthehardwareaddressoftheclientortheclientidentifier,and configuretheIPaddressandmaskforthemanualbinding.Forexample:


    set dhcp pool static-pool hardware-address 0011.2233.4455 set dhcp pool static-pool host 192.0.0.200 255.255.255.0

    SetotherDHCPserverparameterssuchasthenumberofpingpacketstobesentbefore assigninganIPaddress,orenablingconflictlogging.

    13-2

    DHCP Server Configuration

    Configuring General DHCP Server Parameters

    Configuring General DHCP Server Parameters


    Purpose
    ToconfigureDHCPserverparameters,andtodisplayandclearaddressbindinginformation, serverstatistics,andconflictinformation.

    Commands
    For information about... set dhcp set dhcp bootp set dhcp conflict logging show dhcp conflict clear dhcp conflict set dhcp exclude clear dhcp exclude set dhcp ping clear dhcp ping show dhcp binding clear dhcp binding show dhcp server statistics clear dhcp server statistics Refer to page... 13-3 13-4 13-4 13-5 13-5 13-6 13-6 13-7 13-7 13-8 13-8 13-9 13-10

    set dhcp
    UsethiscommandtoenableordisabletheDHCPserverfunctionalityontheGSeries.

    Syntax
    set dhcp {enable | disable}

    Parameters
    enable|disable EnablesordisablesDHCPserverfunctionality.Bydefault,DHCPserver isdisabled.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Enterasys G-Series CLI Reference

    13-3

    set dhcp bootp

    Example
    ThisexampleenablesDHCPserverfunctionality.
    G3(rw)->set dhcp enable

    set dhcp bootp


    UsethiscommandtoenableordisableautomaticaddressallocationforBOOTPclients.By default,addressallocationforBOOTPclientsisdisabled.RefertoRFC1534,Interoperation BetweenDHCPandBOOTP,formoreinformation.

    Syntax
    set dhcp bootp {enable | disable}

    Parameters
    enable|disable EnablesordisablesaddressallocationforBOOTPclients.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleenablesaddressallocationforBOOTPclients.
    G3(rw)->set dhcp bootp enable

    set dhcp conflict logging


    Usethiscommandtoenableconflictlogging.Bydefault,conflictloggingisenabled.Usetheclear dhcpconflictloggingcommandtodisableconflictlogging.

    Syntax
    set dhcp conflict logging

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleenablesDHCPconflictlogging.
    G3(rw)->set dhcp conflict logging
    13-4 DHCP Server Configuration

    show dhcp conflict

    show dhcp conflict


    Usethiscommandtodisplayconflictinformation,foroneaddressoralladdresses.

    Syntax
    show dhcp conflict [address]

    Parameters
    address [Optional]Specifiestheaddressforwhichtodisplayconflictinformation.

    Defaults
    Ifnoaddressisspecified,conflictinformationforalladdressesisdisplayed.

    Mode
    Readonly.

    Example
    Thisexampledisplaysconflictinformationforalladdresses.Notethatpingistheonlydetection methodused.
    G3(ro)->show dhcp conflict IP address ----------192.0.0.2 192.0.0.3 192.0.0.4 192.0.0.12 Detection Method ----------------Ping Ping Ping Ping Detection Time --------------0 days 19h:01m:23s 0 days 19h:00m:46s 0 days 19h:01m:25s 0 days 19h:01m:26s

    clear dhcp conflict


    Usethiscommandtoclearconflictinformationforoneoralladdresses,ortodisableconflict logging.

    Syntax
    clear dhcp conflict {logging | ip-address| *}

    Parameters
    logging ipaddress * Disablesconflictlogging. ClearstheconflictinformationforthespecifiedIPaddress. ClearstheconflictinformationforallIPaddresses.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Enterasys G-Series CLI Reference

    13-5

    set dhcp exclude

    Examples
    ThisexampledisablesDHCPconflictlogging.
    G3(rw)->clear dhcp conflict logging

    ThisexampleclearstheconflictinformationfortheIPaddress192.0.0.2.
    G3(rw)->clear dhcp conflict 192.0.0.2

    set dhcp exclude


    UsethiscommandtoconfiguretheIPaddressesthattheDHCPservershouldnotassigntoDHCP clients.Multipleaddressrangescanbeconfiguredbuttherangescannotoverlap.Upto128non overlappingaddressrangescanbeexcluded.

    Syntax
    set dhcp exclude low-ipaddr [high-ipaddr]

    Parameters
    lowipaddr highipaddr SpecifiesthefirstIPaddressintheaddressrangetobeexcludedfrom assignment. (Optional)SpecifiesthelastIPaddressintheaddressrangetobe excluded.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplefirstconfigurestheaddresspoolnamedauto1with255addressesfortheClassC network172,20.28.0,withthesetdhcppoolnetworkcommand.Then,theexamplelimitsthe scopeoftheaddressesthatcanbeassignedbyaDHCPserverbyexcludingaddresses172.20.28.80 100,withthesetdhcpexcludecommand.
    G3(rw)->set dhcp pool auto1 network 172.20.28.0 24 G3(rw)->set dhcp exclude 172.20.28.80 172.20.28.100

    clear dhcp exclude


    UsethiscommandtocleartheconfiguredIPaddressesthattheDHCPservershouldnotassignto DHCPclients.

    Syntax
    clear dhcp exclude low-ipaddr [high-ipaddr]

    Parameters
    lowipaddr SpecifiesthefirstIPaddressintheaddressrangetobecleared.

    13-6

    DHCP Server Configuration

    set dhcp ping

    highipaddr

    (Optional)SpecifiesthelastIPaddressintheaddressrangetobecleared.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleclearsthepreviouslyexcludedrangeofIPaddressesbetween192.168.1.88through 192.168.1.100.
    G3(rw)->clear dhcp exclude 192.168.1.88 192.168.1.100

    set dhcp ping


    UsethiscommandtoconfigurethenumberofpingpacketstheDHCPserversendstoanIP addressbeforeassigningtheaddresstoarequestingclient.

    Syntax
    set dhcp ping packets number

    Parameters
    packetsnumber Specifiesthenumberofpingpacketstobesent.Thevalueofnumbercan be0,orrangefrom2to10.Entering0disablesthisfunction.Thedefault valueis2packets.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplesetsthenumberofpingpacketssentto3.
    G3(rw)->set dhcp ping packets 3

    clear dhcp ping


    UsethiscommandtoresetthenumberofpingpacketssentbytheDHCPserverbacktothe defaultvalueof2.

    Syntax
    clear dhcp ping packets

    Parameters
    None.
    Enterasys G-Series CLI Reference 13-7

    show dhcp binding

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleresetsthenumberofpingpacketssentbacktothedefaultvalue.
    G3(rw)->clear dhcp ping packets

    show dhcp binding


    UsethiscommandtodisplaybindinginformationforoneorallIPaddresses.

    Syntax
    show dhcp binding [ip-address]

    Parameters
    ipaddress (Optional)SpecifiestheIPaddressforwhichtodisplaybinding information.

    Defaults
    IfnoIPaddressisspecified,bindinginformationforalladdressesisdisplayed.

    Mode
    Readonly.

    Example
    Thisexampledisplaysbindinginformationaboutalladdresses.
    G3(rw)->show dhcp binding IP address Hardware Address --------------------------192.0.0.6 00:33:44:56:22:39 192.0.0.8 00:33:44:56:22:33 192.0.0.10 00:33:44:56:22:34 192.0.0.11 00:33:44:56:22:35 192.0.0.12 00:33:44:56:22:36 192.0.0.13 00:33:44:56:22:37 192.0.0.1400:33:44:56:22:38 Lease Expiration ----------------00:11:02 00:10:22 00:09:11 00:10:05 00:10:30 infinite infinite Type ----Automatic Automatic Automatic Automatic Automatic Manual Manual

    clear dhcp binding


    Usethiscommandtoclear(delete)oneorallDHCPaddressbindings.

    Syntax
    clear dhcp binding {ip-addr | *}

    13-8

    DHCP Server Configuration

    show dhcp server statistics

    Parameters
    ipaddr * SpecifiestheIPaddressforwhichtoclear/deletetheDHCPbinding. Deletesalladdressbindings.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampledeletestheDHCPaddressbindingforIPaddress192.168.1.1.
    G3(rw)->clear dhcp binding 192.168.1.1

    show dhcp server statistics


    UsethiscommandtodisplayDHCPserverstatistics.

    Syntax
    show dhcp server statistics

    Parameters
    None.

    Defaults
    None.

    Mode
    Readonly.

    Example
    Thisexampledisplaysserverstatistics.
    G3(ro)->show dhcp server statistics Automatic Bindings Expired Bindings Malformed Bindings Messages ---------DHCP DISCOVER DHCP REQUEST DHCP DECLINE DHCP RELEASE DHCP INFORM Messages ---------DHCP OFFER DHCP ACK DHCP NACK 36 6 0 Received ---------382 3855 0 67 1 Sent -----381 727 2
    Enterasys G-Series CLI Reference 13-9

    clear dhcp server statistics

    clear dhcp server statistics


    UsethiscommandtoclearallDHCPservercounters.

    Syntax
    clear dhcp server statistics

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleclearsallDHCPservercounters.
    G3(rw)->clear dhcp server statistics

    Configuring IP Address Pools


    Manual Pool Configuration Considerations
    ThesubnetoftheIPaddressbeingissuedshouldbeonthesamesubnetastheingress interface(thatis,thesubnetofthehostIPaddressoftheswitch,orifroutinginterfacesare configured,thesubnetoftheroutinginterface). Amanualpoolcanbeconfiguredusingeithertheclientshardwareaddress(setdhcppool hardwareaddress)ortheclientsclientidentifier(setdhcppoolclientidentifier),butusing bothisnotrecommended. IftheincomingDHCPrequestpacketcontainsaclientidentifier,thenamanualpool configuredwiththatclientidentifiermustexistontheswitchinorderfortherequesttobe processed.Thehardwareaddressisnotchecked. Ahardwareaddressandtype(EthernetorIEEE802)configuredinamanualpoolischecked onlywhenaclientidentifierisnotalsoconfiguredforthepoolandtheincomingDHCP requestpacketdoesnotincludeaclientidentifieroption.

    Purpose
    ToconfigureandclearDHCPaddresspoolparameters,andtodisplayaddresspoolconfiguration information.
    Note: A total of 16 address pools, dynamic and/or static, can be configured on the G-Series.

    13-10

    DHCP Server Configuration

    Configuring IP Address Pools

    Commands
    For information about... set dhcp pool clear dhcp pool set dhcp pool network clear dhcp pool network set dhcp pool hardware-address clear dhcp pool hardware-address set dhcp pool host clear dhcp pool host set dhcp pool client-identifier clear dhcp pool client-identifier set dhcp pool client-name clear dhcp pool client-name set dhcp pool bootfile clear dhcp pool bootfile set dhcp pool next-server clear dhcp pool next-server set dhcp pool lease clear dhcp pool lease set dhcp pool default-router clear dhcp pool default-router set dhcp pool dns-server clear dhcp pool dns-server set dhcp pool domain-name clear dhcp pool domain-name set dhcp pool netbios-name-server clear dhcp pool netbios-name-server set dhcp pool netbios-node-type clear dhcp pool netbios-node-type set dhcp pool option clear dhcp pool option show dhcp pool configuration Refer to page... 13-12 13-12 13-13 13-13 13-14 13-14 13-15 13-16 13-16 13-17 13-17 13-18 13-18 13-19 13-19 13-20 13-20 13-21 13-21 13-22 13-22 13-23 13-23 13-24 13-24 13-25 13-25 13-26 13-26 13-27 13-28

    Enterasys G-Series CLI Reference

    13-11

    set dhcp pool

    set dhcp pool


    UsethiscommandtocreateandassignanametoaDHCPserverpoolofaddresses.Upto16 addresspoolsmaybeconfiguredonaGSeries.Notethatenteringthiscommandisnotrequired tocreateanaddresspoolbeforeconfiguringotheraddresspoolparameters.

    Syntax
    set dhcp pool poolname

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplecreatesanaddresspoolnamedauto1.
    G3(rw)->set dhcp pool auto1

    clear dhcp pool


    UsethiscommandtodeleteaDHCPserverpoolofaddresses.

    Syntax
    clear dhcp pool poolname

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampledeletestheaddresspoolnamedauto1.
    G3(rw)->clear dhcp pool auto1

    13-12

    DHCP Server Configuration

    set dhcp pool network

    set dhcp pool network


    UsethiscommandtoconfigurethesubnetnumberandmaskforanautomaticDHCPaddress pool.

    Syntax
    set dhcp pool poolname network number {mask | prefix-length}

    Parameters
    poolname number mask prefixlength Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. SpecifiesanIPsubnetfortheaddresspool. Specifiesthesubnetmaskindottedquadnotation. Specifiesthesubnetmaskasaninteger.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    UsethiscommandtoconfigureasetofIPaddressestobeassignedbytheDHCPserverusingthe specifiedaddresspool.Inordertolimitthescopeoftheaddressesconfiguredwiththiscommand, usethesetdhcpexcludecommandonpage136.

    Examples
    ThisexampleconfigurestheIPsubnet172.20.28.0withaprefixlengthof24fortheautomatic DHCPpoolnamedauto1.Alternatively,themaskcouldhavebeenspecifiedas255.255.255.0.
    G3(rw)->set dhcp pool auto1 network 172.20.28.0 24

    Thisexamplelimitsthescopeof255addressescreatedfortheClassCnetwork172,20.28.0bythe previousexample,byexcludingaddresses172.20.28.80100.
    G3(rw)->set dhcp exclude 172.20.28.80 172.20.28.100

    clear dhcp pool network


    UsethiscommandtoremovethenetworknumberandmaskofaDHCPserverpoolofaddresses.

    Syntax
    clear dhcp pool poolname network

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Enterasys G-Series CLI Reference

    13-13

    set dhcp pool hardware-address

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampledeletesthenetworkandmaskfromtheaddresspoolnamedauto1.
    G3(rw)->clear dhcp pool auto1 network

    set dhcp pool hardware-address


    UsethiscommandtoconfiguretheMACaddressoftheDHCPclientandcreateanaddresspool formanualbinding.Youcanuseeitherthiscommandorthesetdhcppoolclientidentifier commandtocreateamanualbindingpool,butusingbothisnotrecommended.

    Syntax
    set dhcp pool poolname hardware-address hw-addr [type]

    Parameters
    poolname hwaddr type Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. SpecifiestheMACaddressoftheclientshardwareplatform.Thisvalue canbeenteredusingdottedhexadecimalnotationorcolons. (Optional)Specifiestheprotocolofthehardwareplatform.Validvalues are1forEthernetor6forIEEE802.Defaultvalueis1,Ethernet.

    Defaults
    Ifnotypeisspecified,Ethernetisassumed.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplespecifies0001.f401.2710astheEthernetMACaddressforthemanualaddresspool namedmanual1.Alternatively,theMACaddresscouldhavebeenteredas00:01:f4:01:27:10.
    G3(rw)->set dhcp pool manual1 hardware-address 0001.f401.2710

    clear dhcp pool hardware-address


    UsethiscommandtoremovethehardwareaddressofaDHCPclientfromamanualbinding addresspool.

    Syntax
    clear dhcp pool poolname hardware-address

    13-14

    DHCP Server Configuration

    set dhcp pool host

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampledeletestheclienthardwareaddressfromtheaddresspoolnamedmanual1.
    G3(rw)->clear dhcp pool manual1 hardware-address

    set dhcp pool host


    UsethiscommandtoconfigureanIPaddressandnetworkmaskforamanualDHCPbinding.

    Syntax
    set dhcp pool poolname host ip-address [mask | prefix-length]

    Parameters
    poolname ipaddress mask prefixlength Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. SpecifiestheIPaddressformanualbinding. (Optional)Specifiesthesubnetmaskindottedquadnotation. (Optional)Specifiesthesubnetmaskasaninteger.

    Defaults
    Ifamaskorprefixisnotspecified,theclassA,B,orCnaturalmaskwillbeused.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoconfiguretheminimumrequirementsforamanualbindingaddress pool.First,thehardwareaddressoftheclientshardwareplatformisconfigured,followedby configurationoftheaddresstobeassignedtothatclientmanually.
    G3(rw)->set dhcp pool manual1 hardware-address 0001.f401.2710 G3(rw)->set dhcp pool manual1 host 15.12.1.99 255.255.248.0

    Enterasys G-Series CLI Reference

    13-15

    clear dhcp pool host

    clear dhcp pool host


    UsethiscommandtoremovethehostIPaddressfromamanualbindingaddresspool.

    Syntax
    clear dhcp pool poolname host

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampledeletesthehostIPaddressfromtheaddresspoolnamedmanual1.
    G3(rw)->clear dhcp pool manual1 host

    set dhcp pool client-identifier


    UsethiscommandtoconfiguretheclientidentifieroftheDHCPclientandcreateanaddresspool formanualbinding.Youcanuseeitherthiscommandorthesetdhcppoolhardwareaddress commandtocreateamanualbindingpool,butusingbothisnotrecommended.

    Syntax
    set dhcp pool poolname client-identifier id

    Parameters
    poolname id Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. Specifiestheuniqueclientidentifierforthisclient.Thevaluemustbe enteredinxx:xx:xx:xx:xx:xxformat.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    TheclientidentifierisformedbyconcatenatingthemediatypeandtheMACaddress.For example,iftheclienthardwaretypeisEthernetandtheclientMACaddressis00:01:22:33:44:55, thentheclientidentifierconfiguredwiththiscommandmustbe01:00:01:22:33:44:55.

    13-16

    DHCP Server Configuration

    clear dhcp pool client-identifier

    Example
    Thisexampleshowshowtoconfiguretheminimumrequirementsforamanualbindingaddress pool,usingaclientidentifierratherthanthehardwareaddressoftheclientshardwareplatform.
    G3(rw)->set dhcp pool manual2 client-identifier 01:00:01:22:33:44:55 G3(rw)->set dhcp pool manual2 host 10.12.1.10 255.255.255.0

    clear dhcp pool client-identifier


    UsethiscommandtoremovetheuniqueidentifierofaDHCPclientfromamanualbinding addresspool.

    Syntax
    clear dhcp pool poolname client-identifier

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampledeletestheclientidentifierfromtheaddresspoolnamedmanual1.
    G3(rw)->clear dhcp pool manual1 client-identifier

    set dhcp pool client-name


    UsethiscommandtoassignanametoaDHCPclientwhencreatinganaddresspoolformanual binding.

    Syntax
    set dhcp pool poolname client-name name

    Parameters
    poolname name Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. Specifiesthenametobeassignedtothisclient.Clientnamesmaybeupto 31charactersinlength.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    13-17

    clear dhcp pool client-name

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleconfigurestheclientnameappsvr1tothemanualbindingpoolmanual2.
    G3(rw)->set dhcp pool manual2 client-identifier 01:22:33:44:55:66 G3(rw)->set dhcp pool manual2 host 10.12.1.10 255.255.255.0 G3(rw)->set dhcp pool manual2 client-name appsvr1

    clear dhcp pool client-name


    UsethiscommandtodeleteaDHCPclientnamefromanaddresspoolformanualbinding.

    Syntax
    clear dhcp pool poolname client-name

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampledeletestheclientnamefromthemanualbindingpoolmanual2.
    G3(rw)->clear dhcp pool manual2 client-name

    set dhcp pool bootfile


    UsethiscommandtospecifyadefaultbootimagefortheDHCPclientswhowillbeservedbythe addresspoolbeingconfigured.

    Syntax
    set dhcp pool poolname bootfile filename

    Parameters
    poolname filename Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. Specifiesthebootimagefilename.

    Defaults
    None.

    13-18

    DHCP Server Configuration

    clear dhcp pool bootfile

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplesetsthebootimagefilenameforaddresspoolnamedauto1.
    G3(rw)->set dhcp pool auto1 bootfile image1.img

    clear dhcp pool bootfile


    Usethiscommandtoremoveadefaultbootimagefromtheaddresspoolbeingconfigured.

    Syntax
    clear dhcp pool poolname bootfile

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleremovesthebootimagefilenamefromaddresspoolnamedauto1.
    G3(rw)->clear dhcp pool auto1 bootfile

    set dhcp pool next-server


    Usethiscommandtospecifythefileserverfromwhichthedefaultbootimageistobeloadedby theclient.

    Syntax
    set dhcp pool poolname next-server ip-address

    Parameters
    poolname ipaddress Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. SpecifiestheIPaddressofthefileservertheDHCPclientshouldcontact toloadthedefaultbootimage.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    13-19

    clear dhcp pool next-server

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplespecifiesthefileserverfromwhichclientsbeingservedbyaddresspoolauto1 shoulddownloadthebootimagefileimage1.img.
    G3(rw)->set dhcp pool auto1 bootfile image1.img G3(rw)->set dhcp pool auto1 next-server 10.1.1.10

    clear dhcp pool next-server


    Usethiscommandtoremovethebootimagefileserverfromtheaddresspoolbeingconfigured.

    Syntax
    clear dhcp pool poolname next-server

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleremovesthefileserverfromaddresspoolauto1.
    G3(rw)->clear dhcp pool auto1 next-server

    set dhcp pool lease


    UsethiscommandtospecifythedurationoftheleaseforanIPaddressassignedbytheDHCP serverfromtheaddresspoolbeingconfigured.

    Syntax
    set dhcp pool poolname lease {days [hours [minutes]] | infinite}

    Parameters
    poolname days hours Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. Specifiesthenumberofdaysanaddressleasewillremainvalid.Value canrangefrom0to59. (Optional)Whenadaysvaluehasbeenassigned,specifiesthenumberof hoursanaddressleasewillremainvalid.Valuecanrangefrom0to1439.

    13-20

    DHCP Server Configuration

    clear dhcp pool lease

    minutes

    (Optional)Whenadaysvalueandanhoursvaluehavebeenassigned, specifiesthenumberofminuteanaddressleasewillremainvalid.Value canrangefrom0to86399. Specifiesthatthedurationoftheleasewillbeunlimited.

    infinite

    Defaults
    Ifnoleasetimeisspecified,aleasedurationof1dayisconfigured.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleconfiguresaleasedurationof12hoursfortheaddresspoolbeingconfigured.Note thattoconfigurealeasetimelessthanoneday,enter0fordays,thenthenumberofhoursand minutes.
    G3(rw)->set dhcp pool auto1 lease 0 12

    clear dhcp pool lease


    Usethiscommandtorestorethedefaultleasetimevalueofonedayfortheaddresspoolbeing configured.

    Syntax
    clear dhcp pool poolname lease

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    Clearstheleasetimeforthisaddresspooltothedefaultvalueofoneday.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplerestoresthedefaultleasedurationofonedayforaddresspoolauto1.
    G3(rw)->clear dhcp pool auto1 lease

    set dhcp pool default-router


    UsethiscommandtospecifyadefaultrouterlistfortheDHCPclientsservedbytheaddresspool beingconfigured.Upto8defaultrouterscanbeconfigured.

    Syntax
    set dhcp pool poolname default-router address [address2 ... address8]

    Enterasys G-Series CLI Reference

    13-21

    clear dhcp pool default-router

    Parameters
    poolname address address2...address8 Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. SpecifiestheIPaddressofadefaultrouter. (Optional)Specifies,inorderofpreference,upto7additionaldefault routeraddresses.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleassignsadefaultrouterat10.10.10.1totheaddresspoolnamedauto1.
    G3(rw)->set dhcp pool auto1 default-router 10.10.10.1

    clear dhcp pool default-router


    Usethiscommandtodeletethedefaultroutersconfiguredforthisaddresspool.

    Syntax
    clear dhcp pool poolname default-router

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleremovesthedefaultrouterfromtheaddresspoolauto1.
    G3(rw)->clear dhcp pool auto1 default-router

    set dhcp pool dns-server


    UsethiscommandtospecifyoneormoreDNSserversfortheDHCPclientsservedbytheaddress poolbeingconfigured.Upto8DNSserverscanbeconfigured.

    Syntax
    set dhcp pool poolname dns-server address [address2 ... address8]

    13-22

    DHCP Server Configuration

    clear dhcp pool dns-server

    Parameters
    poolname address address2...address8 Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. SpecifiestheIPaddressofaDNSserver. (Optional)Specifies,inorderofpreference,upto7additionalDNS serveraddresses.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleassignsaDNSserverat10.14.10.1totheaddresspoolauto1.
    G3(rw)->set dhcp pool auto1 dns-server 10.14.10.1

    clear dhcp pool dns-server


    UsethiscommandtoremovetheDNSserverlistfromtheaddresspoolbeingconfigured.

    Syntax
    clear dhcp pool poolname dns-server

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleremovestheDNSserverlistfromtheaddresspoolauto1.
    G3(rw)->clear dhcp pool auto1 dns-server

    set dhcp pool domain-name


    UsethiscommandtospecifyadomainnametobeassignedtoDHCPclientsservedbythe addresspoolbeingconfigured.

    Syntax
    set dhcp pool poolname domain-name domain

    Enterasys G-Series CLI Reference

    13-23

    clear dhcp pool domain-name

    Parameters
    poolname domain Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. Specifiesthedomainnamestring.Thedomainnamecanbeupto255 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleassignsthemycompany.comdomainnametotheaddresspoolauto1.
    G3(rw)->set dhcp pool auto1 domain-name mycompany.com

    clear dhcp pool domain-name


    Usethiscommandtoremovethedomainnamefromtheaddresspoolbeingconfigured.

    Syntax
    clear dhcp pool poolname domain-name

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleremovesthedomainnamefromtheaddresspoolauto1.
    G3(rw)->clear dhcp pool auto1 domain-name

    set dhcp pool netbios-name-server


    UsethiscommandtoassignoneormoreNetBIOSnameserversfortheDHCPclientsservedby theaddresspoolbeingconfigured.Upto8NetBIOSnameserverscanbeconfigured.

    Syntax
    set dhcp pool poolname netbios-name-server address [address2 ... address8]

    13-24

    DHCP Server Configuration

    clear dhcp pool netbios-name-server

    Parameters
    poolname address address2...address8 Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. SpecifiestheIPaddressofaNetBIOSnameserver. (Optional)Specifies,inorderofpreference,upto7additionalNetBIOS nameserveraddresses.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleassignsaNetBIOSnameserverat10.15.10.1totheaddresspoolbeingconfigured.
    G3(rw)->set dhcp pool auto1 netbios-name-server 10.15.10.1

    clear dhcp pool netbios-name-server


    UsethiscommandtoremovetheNetBIOSnamerserverlistfromtheaddresspoolbeing configured.
    clear dhcp pool poolname netbios-name-server

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleremovestheNetBIOSnameserverlistfromtheaddresspoolauto1.
    G3(rw)->clear dhcp pool auto1 netbios-name-server

    set dhcp pool netbios-node-type


    UsethiscommandtospecifyaNetBIOSnode(server)typefortheDHCPclientsservedbythe addresspoolbeingconfigured.

    Syntax
    set dhcp pool poolname netbios-node-type {b-node | h-node | p-node | m-node}

    Enterasys G-Series CLI Reference

    13-25

    clear dhcp pool netbios-node-type

    Parameters
    poolname bnode hnode pnode mnode Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. SpecifiestheNetBIOsnodetypetobebroadcast(noWINS). SpecifiestheNetBIOsnodetypetobehybrid(WINS,thenbroadcast). SpecifiestheNetBIOsnodetypetobepeer(WINSonly). SpecifiestheNetBIOsnodetypetobemixed(broadcast,thenWINS).

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexamplespecifieshybridastheNetBIOSnodetypefortheaddresspoolauto1.
    G3(rw)->set dhcp pool auto1 netbios-node-type h-node

    clear dhcp pool netbios-node-type


    UsethiscommandtoremovetheNetBIOSnodetypefromtheaddresspoolbeingconfigured.

    Syntax
    clear dhcp pool poolname netbios-node-type

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleremovestheNetBIOSnodetypefromtheaddresspoolauto1.
    G3(rw)->clear dhcp pool auto1 netbios-node-type

    set dhcp pool option


    UsethiscommandtoconfigureDHCPoptions,describedinRFC2132.

    13-26

    DHCP Server Configuration

    clear dhcp pool option

    Syntax
    set dhcp pool poolname option code {ascii string | hex string-list | ip addresslist}

    Parameters
    poolname code asciistring hexstringlist ipaddresslist Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. SpecifiestheDHCPoptioncode,asdefinedinRFC2132.Valuecanrange from1to254. SpecifiesthedatainASCIIformat.AnASCIIcharacterstringcontaininga spacemustbeenclosedinquotations. SpecifiesthedatainHEXformat.Upto8HEXstringscanbeentered. SpecifiesthedatainIPaddressformat.Upto8IPaddressescanbeentered.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Examples
    ThisexampleconfiguresDHCPoption19,whichspecifieswhethertheclientshouldconfigureits IPlayerforpacketforwarding.Inthiscase,IPforwardingisenabledwiththe01value.
    G3(rw)->set dhcp pool auto1 option 19 hex 01

    ThisexampleconfiguresDHCPoption72,whichassignsoneormoreWebserversforDHCP clients.Inthiscase,twoWebserveraddressesareconfigured.
    G3(rw)->set dhcp pool auto1 option 72 ip 168.24.3.252 168.24.3.253

    clear dhcp pool option


    UsethiscommandtoremoveaDHCPoptionfromtheaddresspoolbeingconfigured.

    Syntax
    clear dhcp pool poolname option code

    Parameters
    poolname code Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength. SpecifiestheDHCPoptioncode,asdefinedinRFC2132.Valuecanrange from1to254.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    13-27

    show dhcp pool configuration

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleremovesoption19fromaddresspoolauto1.
    G3(rw)->clear dhcp pool auto1 option 19

    show dhcp pool configuration


    Usethiscommandtodisplayconfigurationinformationforoneoralladdresspools.

    Syntax
    show dhcp pool configuration {poolname | all}

    Parameters
    poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31 charactersinlength.

    Defaults
    None.

    Mode
    Readonly.

    Example
    Thisexampledisplaysconfigurationinformationforalladdresspools.
    G3(rw)->show dhcp pool configuration all Pool: Atg_Pool Pool Type Network Lease Time Default Routers Pool: static1 Pool Type Client Name Client Identifier Host Lease Time Option Pool: static2 Pool Type Hardware Address Hardware Address Type Host Lease Time

    Dynamic 192.0.0.0 255.255.255.0 1 days 0 hrs 0 mins 192.0.0.1

    Manual appsvr1 01:00:01:f4:01:27:10 10.1.1.1 255.0.0.0 infinite 19 hex 01

    Manual 00:01:f4:01:27:10 ieee802 192.168.10.1 255.255.255.0 infinite

    13-28

    DHCP Server Configuration

    14
    Preparing for Router Mode
    Thischapterdescribeshowtopreparetheswitchforrouting.
    For information about... Pre-Routing Configuration Tasks Enabling Router Configuration Modes Refer to page... 14-1 14-2

    Pre-Routing Configuration Tasks


    StartupandgeneralconfigurationoftheGSeriesswitchmustoccurfromtheswitchCLI.For detailsonhowtostarttheswitchandconfiguregeneralplatformsettings,refertoChapter 1, Introduction,andChapter 2,BasicConfiguration. Oncestartupandgeneralswitchsettingsarecomplete,IPconfigurationandotherrouterspecific commandscanbeexecutedwhentheswitchisinroutermode.Fordetailsonhowtoenablerouter modefromtheswitchCLI,refertoTable 142inEnablingRouterConfigurationModes. ThefollowingpreroutingtasksmustbeperformedfromtheswitchCLI: StartinguptheCLI.(UsingtheCommandLineInterfaceonpage16) Settingthesystempassword.(setpasswordonpage25) Configuringbasicplatformsettings,suchashostname,systemclock,andterminaldisplay settings.(SettingBasicSwitchPropertiesonpage28) SettingthesystemIPaddress.(setipaddressonpage29) CreatingandenablingVLANs.(Chapter 7) Filemanagementtasks,includinguploadingordownloadingflashortextconfigurationfiles, anddisplayingdirectoryandfilecontents.(ManagingSwitchConfigurationandFileson page241) Configuringtheswitchtoruninroutermode.(EnablingRouterConfigurationModeson page142) Enablingadvancedrouterfeatures.(ActivatingAdvancedRoutingFeaturesonpage161)
    Note: The command prompts used as examples in Table 14-1 and throughout this guide show switch operation for a user in admin (su) access mode, and a system where the VLAN 1 interface has been configured for routing. The prompt changes depending on your current configuration mode, your specific switch, and the interface types and numbers configured for routing on your system.

    Enterasys G-Series CLI Reference

    14-1

    Enabling Router Configuration Modes

    Table 14-1
    Step 1 2 3 4

    Enabling the Switch for Routing


    Type this command... router enable configure interface {vlan vlan-id | loopback loop-id} ip address {ip-address ip-mask} At this prompt... Switch: G3(su)-> Router: G3(su)->router> Router: G3(su)->router# Router: G3(su)>router(Config)# Router: G3(su)->router (Config-if (Vlan 1))# Router: G3(su)->router(Config-if (Vlan 1))# interface on page 15-3 interface on page 15-3 no shutdown on page 15-6 For details, see...

    To do this task... From admin (su) mode, enable router mode. Enable router Privileged EXEC mode. Enable global router configuration mode. Enable interface configuration mode using the routing VLAN or loopback id. Assign an IP address to the routing interface. Enable the interface for IP routing.

    no shutdown

    Example
    ThefollowingexampleshowshowtoconfigureVLAN1onIPaddress182.127.63.1255.255.255.0 asaroutinginterface.
    G3(su)->router G3(su)->router>enable G3(su)->router#configure Enter configuration commands: G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip address 182.127.63.1 255.255.255.0 G3(su)->router(Config-if(Vlan 1))#no shutdown

    Enabling Router Configuration Modes


    TheGSeriesCLIprovidesdifferentmodesofrouteroperationforissuingasubsetofcommands fromeachmode.Table 142describesthesemodesofoperation. Table 14-2 Router CLI Configuration Modes
    To... Set system operating parameters Show configuration parameters Save/copy configurations Global Configuration Mode Interface Configuration Mode Set system-wide parameters. Configure router interfaces. Type configure from Privileged EXEC mode. Type interface vlan or loopback and the interfaces id from Global Configuration mode. G3(su)->router (Config)# G3(su)->router(Config-if (Vlan 1))# G3(su)->router(Config-if (Lpbk 1))# Access method... From the switch CLI: Type router, then Type enable. G3(su)->router> G3(su)->router# Resulting Prompt...

    Use this mode... Privileged EXEC Mode

    14-2

    Preparing for Router Mode

    Enabling Router Configuration Modes

    Table 14-2

    Router CLI Configuration Modes (Continued)


    To... Set IP protocol parameters. Access method... Type router and the protocol name (and, for OSPF, the instance ID) from Global or Interface Configuration mode. Resulting Prompt... G3(su)->router(Config-router)#

    Use this mode... Router Configuration Mode

    Note: To jump to a lower configuration mode, type exit at the command prompt. To revert back to switch CLI, type exit from Privileged EXEC router mode.

    Enterasys G-Series CLI Reference

    14-3

    Enabling Router Configuration Modes

    14-4

    Preparing for Router Mode

    15
    IP Configuration
    ThischapterdescribestheInternetProtocol(IP)configurationsetofcommandsandhowtouse them.
    Router: Unless otherwise noted, the commands covered in this chapter can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to Enabling Router Configuration Modes on page 14-2. For information about... Configuring Routing Interface Settings Configuring Tunnel Interfaces Configuring Tunnel Interfaces Configuring Broadcast Settings Reviewing IP Traffic and Configuring Routes Refer to page... 15-1 15-7 15-7 15-15 15-17

    Configuring Routing Interface Settings


    Purpose
    Toenableroutinginterfaceconfigurationmodeonthedevice,tocreateroutinginterfaces,to reviewtheusabilitystatusofinterfacesconfiguredforIP,tosetIPaddressesforinterfaces,to enableinterfacesforIProutingatdevicestartup,andtoreviewtherunningconfiguration.
    Note: For information about configuring tunnel interfaces, see Configuring Tunnel Interfaces on page 15-7.

    Commands
    For information about... show interface interface show ip interface ip address Refer to page... 15-2 15-3 15-4 15-5

    Enterasys G-Series CLI Reference

    15-1

    show interface

    For information about... show running-config no shutdown no ip routing

    Refer to page... 15-6 15-6 15-7

    show interface
    Usethiscommandtodisplayinformationaboutoneormoreinterfaces(VLANsorloopbacks) configuredontherouter.

    Syntax
    show interface [vlan vlan-id] [loopback loop-id]

    Parameters
    vlanvlanid (Optional)DisplaysinterfaceinformationforaspecificVLANinterface. ThisinterfacemustbeconfiguredforIProutingasdescribedinPre RoutingConfigurationTasksonpage 141. (Optional)Displaysinterfaceinformationforaspecificloopbackinterface.

    loopbackloopid

    Defaults
    Ifinterfacetypeisnotspecified,informationforallroutinginterfaceswillbedisplayed.

    Mode
    Anyroutermode.

    Examples
    Thisexampleshowshowtodisplayinformationforallinterfacesconfiguredontherouter.Fora detaileddescriptionofthisoutput,refertoTable 151:
    G3(su)->router#show interface Vlan 1 is Administratively DOWN Vlan 1 is Operationally DOWN Mac Address is: 0001.f4da.2cba The name of this device is Vlan 1 The MTU is 1500 bytes The bandwidth is 10000 Mb/s Encapsulation ARPA, Loopback not set ARP type: ARPA, ARP Timeout: 14400 seconds

    Thisexampleshowshowtodisplayinformationforloopbackinterface1.
    G3(su)->router#show interface loopback 1 Loopback 1 is Administratively UP Loopback 1 is Operationally UP Internet Address is 10.1.192.100, Subnet Mask is 255.255.255.0 The name of this device is Loopback 1 The MTU is 1500 bytes

    15-2

    IP Configuration

    interface

    interface
    UsethiscommandtoconfigureinterfacesforIProuting.

    Syntax
    interface vlan vlan-id | loopback loop-id

    Parameters
    vlanvlanid SpecifiesthenumberoftheVLANinterfacetobeconfiguredforrouting. ThisinterfacemustbeconfiguredforIProutingasdescribedinPre RoutingConfigurationTasksonpage 141. Specifiesthenumberoftheloopbackinterfacetobeconfiguredforrouting. Thevalueofloopidcanrangefrom0to7.

    loopbackloopid

    Defaults
    None.

    Mode
    Routerglobalconfigurationmode:G3(su)>router(Config)#

    Usage
    Thiscommandenablesinterfaceconfigurationmodefromglobalconfigurationmode,and,ifthe interfacehasnotpreviouslybeencreated,thiscommandcreatesanewroutinginterface.For detailsonconfigurationmodessupportedbytheGSeriesdeviceandtheiruses,refertoTable 142 inEnablingRouterConfigurationModesonpage 142. VLANsmustbecreatedfromtheswitchCLIbeforetheycanbeconfiguredforIProuting.For detailsoncreatingVLANsandconfiguringthemforIP,refertoEnablingRouterConfiguration Modesonpage 142. EachVLANinterfacemustbeconfiguredforroutingseparatelyusingtheinterfacecommand.To endconfigurationononeinterfacebeforeconfiguringanother,typeexitatthecommandprompt. Enablinginterfaceconfigurationmodeisrequiredforcompletinginterfacespecificconfiguration tasks.Foranexampleofhowthesecommandsareused,refertoPreRoutingConfiguration Tasksonpage 141. Aloopbackinterfaceisalwaysexpectedtobeup.Thisinterfacecanprovidethesourceaddressfor sentpacketsandcanreceivebothlocalandremotepackets.Theloopbackinterfaceistypically usedbyroutingprotocols.IfRADIUSisconfiguredwithnohostIPaddressonthedevice,itwill usetheloopbackinterface0IPaddress(ifithasbeenconfigured)asitssourcefortheNASIP attribute. EachGSeriessystemcansupportupto24routinginterfaces.Eachinterfacecanbeconfiguredfor theRIPand/orOSPFroutingprotocols.
    Note: For information about configuring tunnel interfaces, see Configuring Tunnel Interfaces on page 15-7.

    Enterasys G-Series CLI Reference

    15-3

    show ip interface

    Examples
    ThisexampleshowshowtoenterconfigurationmodeforVLAN1:
    G3(su)->router#configure G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#

    Thisexampleshowshowtoenterconfigurationmodeforloopback1:
    G3(su)->router#configure G3(su)->router(Config)#interface loopback 1 G3(su)->router(Config-if(Lpbk 1))#

    show ip interface
    Usethiscommandtodisplayinformation,includingadministrativestatus,IPaddress,MTU (MaximumTransmissionUnit)sizeandbandwidth,andACLconfigurations,forinterfaces configuredforIP.

    Syntax
    show ip interface [vlan vlan-id] [loopback loop-id]

    Parameters
    vlanvlanid (Optional)DisplaysinformationforaspecificVLANinterface.This interfacemustbeconfiguredforIProutingasdescribedinPreRouting ConfigurationTasksonpage 141. (Optional)Displaysinterfaceinformationforaspecificloopbackinterface.

    loopbackloopid

    Defaults
    Ifinterfacetypeisnotspecified,statusinformationforallroutinginterfaceswillbedisplayed.

    Mode
    Anyroutermode.

    Example
    ThisexampleshowshowtodisplayconfigurationinformationforVLAN1:
    G3(su)->router#show ip interface vlan 1 Vlan 1 is Admin DOWN Vlan 1 is Oper DOWN Primary IP Address is 192.168.10.1 Frame Type Ethernet MAC-Address 0001.F45C.C993 Incoming Accesslist is not set Outgoing AccessList is not set MTU is 6145 bytes ARP Timeout is 1 seconds Direct Broadcast Disabled Proxy ARP is Disabled

    Mask 255.255.255.0

    Table 151providesanexplanationofthecommandoutput.

    15-4

    IP Configuration

    ip address

    Table 15-1
    Output Field Vlan N

    show ip interface Output Details


    What It Displays... Whether the interface is administratively and operationally up or down. Intefaces primary IP address and mask. Set using the ip address command as described in ip address on page 15-5. Encapsulation type used by this interface. Set using the arp command as described in arp on page 15-12. MAC address mapped to this interface. Whether or not an access control list (ACL) has been configured for ingress on this interface using the commands described in Configuring Access Lists on page 20-70. Not supported. Interfaces Maximum Transmission Unit size. Duration for entries to stay in the ARP table before expiring. Set using the arp timeout command as described in arp timeout on page 15-14. Whether or not IP directed broadcast is enabled. Set using the ip directed-broadcast command described in ip directed-broadcast on page 15-15. Whether or not proxy ARP is enabled or disabled for this interface. Set using the ip proxy arp command as described in ip proxy-arp on page 15-13.

    Primary IP Address Frame Type MAC-Address Incoming Access List Outgoing Access List MTU ARP Timeout Direct Broadcast Proxy Arp

    ip address
    Usethiscommandtoset,remove,ordisableaprimaryorsecondaryIPaddressforaninterface. ThenoformofthiscommandremovesthespecifiedIPaddressanddisablestheinterfaceforIP processing.

    Syntax
    ip address ip-address ip-mask [secondary] no ip address ip-address ip-mask

    Parameters
    ipaddress ipmask secondary SpecifiestheIPaddressoftheinterfacetobeaddedorremoved. SpecifiesthemaskfortheassociatedIPsubnet. (Optional)SpecifiesthattheconfiguredIPaddressisasecondaryaddress.

    Defaults
    Ifsecondaryisnotspecified,theconfiguredaddresswillbetheprimaryaddressfortheinterface.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    EachGSeriessystemsupportsupto24routinginterfaces,withupto8secondaryaddresses allowedforeachprimaryIPaddress.
    Enterasys G-Series CLI Reference 15-5

    show running-config

    Example
    ThisexamplesetstheIPaddressto192.168.1.1andthenetworkmaskto255.255.255.0forVLAN1:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip address 192.168.1.1 255.255.255.0

    show running-config
    Usethiscommandtodisplaythenondefault,usersuppliedcommandsenteredwhileconfiguring thedevice.

    Syntax
    show running-config

    Parameters
    None.

    Defaults
    None.

    Mode
    Anyroutermode.

    Example
    Thisexampleshowshowtodisplaythecurrentrouteroperatingconfiguration:
    G3(su)->router#show running-config ! interface vlan 10 ip address 99.99.2.10 255.255.255.0 no shutdown ! router ospf 1 network 99.99.2.0 0.0.0.255 area 0.0.0.0 network 192.168.100.1 0.0.0.0 area 0.0.0.0

    no shutdown
    UsethiscommandtoenableaninterfaceforIProutingandtoallowtheinterfacetoautomatically beenabledatdevicestartup.

    Syntax
    no shutdown shutdown

    Parameters
    None.

    Defaults
    None.

    15-6

    IP Configuration

    no ip routing

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    TheshutdownformofthiscommanddisablesaninterfaceforIProuting.

    Example
    ThisexampleshowshowtoenableVLAN1forIProuting:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#no shutdown

    no ip routing
    UsethiscommandtodisableIProutingonthedevice.Bydefault,IProutingisenabledwhen interfacesareconfiguredforitasdescribedinConfiguringRoutingInterfaceSettingson page 151.

    Syntax
    no ip routing

    Parameters
    None.

    Mode
    Globalconfiguration:G3(su)>router(Config)#

    Defaults
    None.

    Example
    This example shows how to disable IP routing on the device:
    G3(su)->router(Config)#no ip routing

    Configuring Tunnel Interfaces


    Purpose
    Thecommandsinthissectiondescribehowtocreate,delete,andmanagetunnelinterfaces. SeveraldifferenttypesoftunnelsprovidefunctionalitytofacilitatethetransitionofIPv4networks toIPv6networks.Thesetunnelsaredividedintotwoclasses:configuredandautomatic.The distinctionisthatconfiguredtunnelsareexplicitlyconfiguredwithadestinationorendpointof thetunnel.Automatictunnels,incontrast,infertheendpointofthetunnelfromthedestination addressofpacketsroutedintothetunnel. ForinformationaboutconfiguringIPv6parametersontunnelinterfaces,suchasanIPv6address, seeChapter 18,IPv6Configuration.

    Enterasys G-Series CLI Reference

    15-7

    interface tunnel

    Commands
    For information about... interface tunnel tunnel source tunnel destination tunnel mode show interface tunnel Refer to page... 15-8 15-8 15-9 15-10 15-10

    interface tunnel
    Usethiscommandtoconfigureatunnelinterface.

    Syntax
    interface tunnel tunnel-id no interface tunnel tunnel-id

    Parameters
    tunnelid Specifiesthenumberofthetunnelinterfacetobeconfiguredfor routing.Thevalueoftunnelidcanrangefrom0to7.

    Defaults
    None.

    Mode
    Routerglobalconfigurationmode:G3(su)>router(Config)#

    Usage
    Thiscommandenablestunnelinterfaceconfigurationmodefromglobalconfigurationmode,and, iftheinterfacehasnotpreviouslybeencreated,thiscommandcreatesanewtunnelrouting interface. Thenoformofthiscommandremovesthetunnelinterfaceandassociatedconfiguration parameters.

    Example
    Thisexamplecreatesaconfiguredtunnelinterface1.
    G3(su)->router(Config)# interface tunnel 1 G3(su)->router(Config-if(Tnnl 1))#

    tunnel source
    ThiscommandspecifiestheIPv4sourcetransportaddressofthetunnel.

    Syntax
    tunnel source {ipv4-addr | interface vlan vlan-id} no tunnel source
    15-8 IP Configuration

    tunnel destination

    Parameters
    ipv4addr interfacevlanvlanid TheIPv4sourceaddressofthetunnel. Specifyaninterfacetousealinklocaladdress.TheVLANmustbe configuredinswitchmode.

    Defaults
    None.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Tnnl1))#

    Usage
    ThenoformofthiscommandremovesthesourceIPv4addressforthetunnelinterfacebeing configured.

    Example
    ThefollowingexampleconfiguresthesourceIPv4addressfortunnel1.
    G3(su)->router(Config)# interface tunnel 1 G3(su)->router(Config-if(Tnnl 1))# G3(su)->router(Config-if(Tnnl 1))# tunnel source 192.168.10.10

    tunnel destination
    ThiscommandspecifiestheIPv4destinationtransportaddressofthetunnel.

    Syntax
    tunnel destination ipv4-addr no tunnel destination

    Parameters
    ipv4addr TheIPv4destinationaddressofthetunnel.

    Defaults
    None.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Tnnl1))#

    Usage
    ThenoformofthiscommandremovesthedestinationIPv4addressforthetunnelinterfacebeing configured.

    Example
    ThefollowingexampleconfiguresthedestinationIPv4addressfortunnel1.
    G3(su)->router(Config)# interface tunnel 1 G3(su)->router(Config-if(Tnnl 1))# G3(su)->router(Config-if(Tnnl 1))# tunnel destination 192.168.10.20
    Enterasys G-Series CLI Reference 15-9

    tunnel mode

    tunnel mode
    Thiscommandspecifiesthemodeofthetunnelinterface.

    Syntax
    tunnel mode ipv6ip no tunnel mode ipv6ip

    Parameters
    ipv6ip SpecifiesthatthetunnelmodeisIPv6overIPv4

    Defaults
    None.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Tnnl1))#

    Usage
    Thenoformofthiscommandremovesthemodeofthetunnel.

    Example
    ThisexamplesetsthetunnelmodetoIPv6overIPv4.
    G3(su)->router(Config)# interface tunnel 1 G3(su)->router(Config-if(Tnnl 1))# G3(su)->router(Config-if(Tnnl 1))# tunnel mode ipv6ip

    show interface tunnel


    Thiscommanddisplaysinformationaboutaconfiguredtunnelinterface.

    Syntax
    show interface tunnel tunnel-id

    Parameters
    tunnelid Specifiesthetunnelforwhichtodisplayinformation.

    Defaults
    None.

    Mode
    Routerglobalconfiguration:G3(su)>router(Config)# Routerprivilegedexec:G3(su)>router#

    Usage
    Usethiscommandtodisplaygeneralinterfaceinformation.RefertoinChapter 18,IPv6 Configurationforadescriptionoftheshowipv6interfacetunnelcommand.
    15-10 IP Configuration

    Reviewing and Configuring the ARP Table

    Example
    Thisexampleshowstheoutputofthiscommand.
    G3(su)->router(Config)#show interface tunnel 1 Tunnel 1 is Operationally DOWN The name of this device is Tunnel 1 The MTU is 1480 bytes

    Reviewing and Configuring the ARP Table


    Purpose
    ToreviewandconfiguretheroutingARPtable,toenableproxyARPonaninterface,andtoseta MACaddressonaninterface.

    Commands
    For information about... show ip arp arp ip proxy-arp arp timeout clear arp-cache Refer to page... 15-11 15-12 15-13 15-14 15-14

    show ip arp
    UsethiscommandtodisplayentriesintheARP(AddressResolutionProtocol)table.ARP convertsanIPaddressintoaphysicaladdress.

    Syntax
    show ip arp [ip-address]|[vlan vlan-id]|[output-modifier]

    Parameters
    ipaddress vlanvlanid (Optional)DisplaysARPentriesrelatedtoaspecificIPaddress. (Optional)DisplaysonlyARPentrieslearnedthroughaspecificVLAN interface.ThisVLANmustbeconfiguredforIProutingasdescribedin PreRoutingConfigurationTasksonpage 141. (Optional)DisplaysARPentrieswithinaspecificrange.Optionsare: |beginipaddressDisplaysonlyARPentriesthatbeginwiththe specifiedIPaddress. |excludeipaddressExcludesARPentriesmatchingthespecified IPaddress. |includeipaddressIncludesARPentriesmatchingthespecified IPaddress.

    outputmodifier

    Enterasys G-Series CLI Reference

    15-11

    arp

    Defaults
    Ifnoparametersarespecified,allentriesintheARPcachewillbedisplayed.

    Mode
    Anyroutermode.

    Example
    Thisexampleshowshowtousetheshowiparpcommand:
    G3(su)->router#show ip arp Protocol Internet Internet Internet Address 134.141.235.251 134.141.235.165 134.141.235.167 Age (min) Hardware Addr 0 4 0003.4712.7a99 0002.1664.a5b3 00d0.cf00.4b74 Type ARPA ARPA ARPA Interface Vlan1 Vlan1 Vlan2 ------------------------------------------------------------------------------

    G3(su)->router#show ip arp 134.141.235.165 Protocol Internet Address 134.141.235.165 Age (min) Hardware Addr Type 0002.1664.a5b3 ARPA Interface Vlan2 ------------------------------------------------------------------------------

    G3(su)->router#show ip arp vlan 2 Protocol Internet Address 134.141.235.251 Age (min) Hardware Addr Type 0 0003.4712.7a99 ARPA Interface Vlan2 ------------------------------------------------------------------------------

    Table 152providesanexplanationofthecommandoutput. Table 15-2


    Output Field Protocol Address Age (min) Hardware Addr Type Interface

    show ip arp Output Details


    What It Displays... ARP entrys type of network address. Network address mapped to the entrys MAC address. Interval (in minutes) since the entry was entered in the table. MAC address mapped to the entrys network address. Encapsulation type used for the entrys network address. Interface (VLAN or loopback) through which the entry was learned.

    arp
    Usethiscommandtoaddorremovepermanent(static)ARPtableentries.Upto1,000staticARP entriesaresupportedperGSeriessystem.AmulticastMACaddresscanbeusedinastaticARP entry.ThenoformofthiscommandremovesthespecifiedpermanentARPentry:

    Syntax
    arp ip-address mac-address no arp ip-address

    15-12

    IP Configuration

    ip proxy-arp

    Parameters
    ipaddress macaddress SpecifiestheIPaddressofadeviceonthenetwork.ValidvaluesareIP addressesindotteddecimalnotation. Specifiesthe48bithardwareaddresscorrespondingtotheipaddress expressedinhexadecimalnotation.

    Defaults
    None.

    Mode
    Globalconfiguration:G3(su)>router(Config)#

    Usage
    TheIPaddressspecifiedforthestaticARPentrymustfallwithinoneofthesubnetsornetworks definedontheroutedinterfacesofthesystem.ThesystemcanthenmatchtheIPaddressofthe staticARPentrywiththeappropriateroutedinterfaceandassociateitwiththecorrectVLAN.

    Example
    ThisexampleshowshowtoaddapermanentARPentryfortheIPaddress130.2.3.1andMAC address0003.4712.7a99:
    G3(su)->router(Config)#arp 130.2.3.1 0003.4712.7a99

    ip proxy-arp
    UsethiscommandtoenableproxyARPonaninterface.Thenoformofthiscommanddisables proxyARP.

    Syntax
    ip proxy-arp no ip proxy-arp

    Parameters
    None.

    Defaults
    Disabled.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    ThisvariationoftheARPprotocolallowstheroutertosendanARPresponseonbehalfofanend nodetotherequestinghost.ProxyARPcanbeusedtoresolveroutingissuesonendstationsthat areunabletorouteinthesubnettedenvironment.TheGSerieswillanswertoARPrequestson behalfoftargetedendstationsonneighboringnetworks.Itisdisabledbydefault.

    Enterasys G-Series CLI Reference

    15-13

    arp timeout

    Example
    ThisexampleshowshowtoenableproxyARPonVLAN1:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip proxy-arp

    arp timeout
    Usethiscommandtosettheduration(inseconds)fordynamicallylearnedentriestoremaininthe ARPtablebeforeexpiring.Thenoformofthiscommandrestoresthedefaultvalueof14,400 seconds.
    arp timeout seconds no arp timeout

    Parameters
    seconds SpecifiesthetimeinsecondsthatanentryremainsintheARPcache.Valid valuesare065535.Avalueof0specifiesthatARPentrieswillneverbe agedout.

    Defaults
    14,400seconds.

    Mode
    Globalconfiguration:G3(su)>router(Config)#

    Example
    ThisexampleshowshowtosettheARPtimeoutto7200seconds:
    G3(su)->router(Config)#arp timeout 7200

    clear arp-cache
    Usethiscommandtodeleteallnonstatic(dynamic)entriesfromtheARPtable.
    clear arp-cache

    Parameters
    None.

    Mode
    PrivilegedEXEC:G3(su)>router#

    Defaults
    None.

    Example
    ThisexampleshowshowtodeletealldynamicentriesfromtheARPtable:
    G3(su)->router#clear arp-cache

    15-14

    IP Configuration

    Configuring Broadcast Settings

    Configuring Broadcast Settings


    Purpose
    ToconfigureIPbroadcastsettings.Bydefault,interfacesontheGSeriesdonotforwardbroadcast packets.

    Commands
    For information about... ip directed-broadcast ip helper-address Refer to page... 15-15 15-16

    ip directed-broadcast
    UsethiscommandtoenableordisableIPdirectedbroadcastsonaninterface.Bydefault, interfacesontheGSeriesdonotforwarddirectedbroadcasts.Thenoformofthiscommand disablesIPdirectedbroadcastontheinterface.

    Syntax
    ip directed-broadcast no ip directed-broadcast

    Parameters
    None.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>Router1(Configif(Vlan1))#

    Usage
    Directedbroadcastisanefficientmechanismforcommunicatingwithmultiplehostsonanetwork whileonlytransmittingasingledatagram.Adirectedbroadcastisapacketsenttoallhostsona specificnetworkorsubnet.Thedirectedbroadcastaddressincludesthenetworkorsubnetfields, withthebinarybitsofthehostportionoftheaddresssettoone.Forexample,foranetworkwith theaddress192.168.0.0/16,thedirectedbroadcastaddresswouldbe192.168.255.255.Forasubnet withtheaddress192.168.12.0/24,thedirectedbroadcastaddresswouldbe192.168.12.255. InordertominimizebroadcastDoSattacks,forwardingofdirectedbroadcastsisdisabledby defaultontheGSeries,asrecommendedbyRFC2644. Iftheabilitytosenddirectedbroadcaststoanetworkisrequired,youshouldenabledirected broadcastsonlyontheoneinterfacethatwillbetransmittingthedatagrams.Forexample,ifaG Serieshasfiveroutedinterfacesforthe10,20,30,40,and50networks,enablingdirectedbroadcast onlyonthe30networkinterfacewillallowanyonefromanyothernetworks(10,20,40,50)tosend directedbroadcasttothe30network.

    Enterasys G-Series CLI Reference

    15-15

    ip helper-address

    Example
    ThisexampleshowshowtoenableIPdirectedbroadcastsonVLAN1:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip directed-broadcast

    ip helper-address
    UsethiscommandtoenabletheDHCP/BOOTPrelayagentonaGSeriesroutedinterface. EnablingtherelayagentallowsforwardingofclientDHCP/BOOTPrequeststoaDHCP/BOOTP serverthatdoesnotresideonthesamebroadcastdomainastheclient.Upto6IPhelperaddresses maybeconfiguredperinterface. ThenoformofthiscommanddisablestheforwardingofUDPdatagramstothespecifiedaddress.

    Syntax
    ip helper-address address no ip helper-address address

    Parameters
    address AddressofthehostwhereUDPbroadcastpacketsshouldbeforwarded.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>Router1(Configif(Vlan1))#

    Usage
    WhenahostrequestsanIPaddress,itsendsoutaDHCPbroadcastpacket.Normally,therouter dropsallbroadcastpackets.However,byexecutingthiscommand,youenabletherouted interfacetopassDHCPbroadcastframesthrough,sendingthemdirectlytotheremoteDHCP serversIPaddress. TheDHCP/BOOTPrelayagentwilldetectDHCP/BOOTPrequestsbasedonUDPsourceand destinationports.Itwillthenmakethenecessarychangestothepacketandsendthepackettothe DHCPserver.Thechangesinclude: ReplacingthedestinationIPaddresswiththeaddressoftheDHCPserver, ReplacingthesourceIPaddresswithitsownaddress(thatis,theIPaddressofthelocal routedinterface),and WithintheBOOTPpartofthepacket,changingtheRelayAgentIPaddressfrom0.0.0.0tothe addressofthelocalroutedinterface.

    ThelastchangetotheBootPpackettellstheDHCPserverthatitneedstoassignanIPaddress thatisinthesamesubnetastheRelayAgentIP.Whentheresponsecomesfromtheserver,the DHCP/BOOTPrelayagentsendsittothehost.

    15-16

    IP Configuration

    Reviewing IP Traffic and Configuring Routes

    Example
    ThisexampleshowhowtohaveallclientDHCPrequestsforusersinVLAN1tobeforwardedto theremoteDHCPserverwithIPaddress192.168.1.28.
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip helper-address 192.168.1.28

    Reviewing IP Traffic and Configuring Routes


    Purpose
    ToreviewIPtrafficandconfigureroutes,tosendrouterICMP(ping)messages,andtoexecute traceroute.

    Commands
    For information about... show ip route ip route ping traceroute Refer to page... 15-17 15-19 15-19 15-20

    show ip route
    UsethiscommandtodisplayinformationaboutIProutes.

    Syntax
    show ip route [destination-prefix [destination-prefix-match] | connected | ospf | rip | static | summary]

    Parameters
    destinationprefix destinationprefix match connected ospf rip static summary (Optional)Convertsthespecifiedaddressandmaskintoaprefixand displaysanyroutesthatmatchtheprefix. (Optional)Displaysconnectedroutes. (Optional)DisplaysroutesconfiguredfortheOSPFroutingprotocol.For detailsonconfiguringOSPF,refertoConfiguringOSPFonpage 1610. (Optional)DisplaysroutesconfiguredfortheRIProutingprotocol.For detailsonconfiguringRIP,refertoConfiguringRIPonpage 161. (Optional)Displaysstaticroutes. (Optional)DisplaysasummaryoftheIProutingtable.

    Defaults
    Ifnoparametersarespecified,allIProuteinformationwillbedisplayed.

    Enterasys G-Series CLI Reference

    15-17

    show ip route

    Mode
    Anyroutermode.

    Usage
    Theroutingtablecontainsallactivestaticroutes,alltheRIProutes,anduptothreebestOSPF routeslearnedforeachnetwork.

    Example
    ThisexampleshowshowtousetheshowiproutecommandtodisplayallIProuteinformation.A portionoftheoutputisshown:
    G3(su)->router#show ip route Codes: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF interarea N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 E - EGP, i - IS-IS, L1 - IS-IS level-1, LS - IS-IS level-2 * - candidate default, U - per user static route IA O O C O O O E2 IA IA E2 O C O O E2 E2 IA E2 E2 E2 O E2 O E2 E2 O O IA IA IA O IA E2 E2 C O E2 C O E2
    15-18 IP Configuration

    1.255.255.248/29 [10/30] via 168.0.0.249, Vlan 3205 2.0.0.0/10 [8/30] via 168.1.0.254, Vlan 1200 2.224.0.0/11 [8/30] via 168.1.0.254, Vlan 1200 7.15.0.0/24 [0/0] directly connected, Vlan 715 11.11.12.12/32 [8/30] via 168.0.0.249, Vlan 3205 11.11.13.13/32 [8/10] via 168.1.0.249, Vlan 1300 11.11.16.16/32 [8/20] via 168.0.0.249, Vlan 3205 11.11.17.17/32 [150/20] via 168.0.0.249, Vlan 3205 11.11.21.21/32 [10/30] via 168.0.0.249, Vlan 3205 11.11.22.22/32 [10/30] via 168.0.0.249, Vlan 3205 11.11.24.24/32 [150/20] via 168.0.0.249, Vlan 3205 11.11.25.25/32 [8/20] via 168.0.0.249, Vlan 3205 11.11.26.26/32 [0/0] directly connected, Loopback 0 11.11.27.27/32 [8/10] via 168.1.0.254, Vlan 1200 11.11.28.28/32 [8/20] via 168.1.0.254, Vlan 1200 12.0.0.0/17 [150/20] via 168.0.0.249, Vlan 3205 19.0.0.0/30 [150/20] via 168.0.0.249, Vlan 3205 20.0.0.0/24 [10/40] via 168.0.0.249, Vlan 3205 22.22.0.0/16 [150/20] via 168.0.0.249, Vlan 3205 22.22.10.0/24 [150/20] via 168.0.0.249, Vlan 3205 22.22.12.0/24 [150/20] via 168.0.0.249, Vlan 3205 22.22.13.0/24 [8/30] via 168.1.0.254, Vlan 1200 22.22.14.0/24 [150/20] via 168.0.0.249, Vlan 3205 22.22.15.0/24 [8/20] via 168.1.0.249, Vlan 1300 via 168.1.0.254, Vlan 1200 22.22.16.0/24 [150/20] via 168.0.0.249, Vlan 3205 22.22.17.0/24 [150/20] via 168.0.0.249, Vlan 3205 22.22.18.0/24 [8/30] via 168.1.0.254, Vlan 1200 22.22.19.0/24 [8/20] via 168.1.0.249, Vlan 1300 via 168.1.0.254, Vlan 1200 22.22.20.0/24 [10/40] via 168.0.0.249, Vlan 3205 22.22.21.0/24 [10/50] via 168.0.0.249, Vlan 3205 22.22.22.0/24 [10/30] via 168.0.0.249, Vlan 3205 22.22.23.0/24 [8/30] via 168.0.0.249, Vlan 3205 22.22.24.0/24 [10/40] via 168.0.0.249, Vlan 3205 22.22.25.0/24 [150/20] via 168.0.0.249, Vlan 3205 22.22.26.0/24 [150/20] via 168.0.0.249, Vlan 3205 22.22.27.0/24 [0/0] directly connected, Vlan 4027 22.22.28.0/24 [8/20] via 168.1.0.249, Vlan 1300 via 168.1.0.254, Vlan 1200 22.22.29.0/24 [150/20] via 168.0.0.249, Vlan 3205 26.0.0.0/8 [0/0] directly connected, Vlan 26 33.9.8.0/28 [8/20] via 168.1.0.254, Vlan 1200 33.33.0.0/16 [150/20] via 168.0.0.249, Vlan 3205

    ip route

    ip route
    UsethiscommandtoaddorremoveastaticIProute.Thenoformofthiscommandremovesthe staticIProute.
    ip route prefix mask dest-addr [distance] no ip route prefix mask forward-addr

    Parameters
    prefix mask destaddr distance SpecifiesadestinationIPaddressprefix. Specifiesadestinationprefixmask. Specifiesaforwarding(gateway)IPaddress. (Optional)Specifiesanadministrativedistancemetricforthisroute.Valid valuesare1(default)to255.Routeswithlowervaluesreceivehigher preferenceinrouteselection.

    Defaults
    Ifdistanceisnotspecified,thedefaultvalueof1willbeapplied.

    Mode
    Globalconfiguration:G3(su)>router(Config)#

    Example
    ThisexampleshowshowtosetIPaddress10.1.2.3asthenexthopgatewaytodestinationaddress 10.0.0.0:
    G3(su)->router(Config)#ip route 10.0.0.0 255.0.0.0 10.1.2.3

    ping
    UsethiscommandtotestroutingnetworkconnectivitybysendingIPpingrequests.

    Syntax
    ping ip-address

    Parameters
    ipaddress SpecifiestheIPaddressofthesystemtoping.

    Defaults
    None.

    Mode
    PrivilegedEXEC:G3(su)>router#

    Usage
    Thiscommandisalsoavailableinswitchmode.

    Enterasys G-Series CLI Reference

    15-19

    traceroute

    Examples
    ThisexampleshowsoutputfromasuccessfulpingtoIPaddress182.127.63.23:
    G3(su)->router#ping 182.127.63.23 182.127.63.23 is alive

    ThisexampleshowsoutputfromanunsuccessfulpingtoIPaddress182.127.63.24:
    G3(su)->router#ping 182.127.63.24 no answer from 182.127.63.24

    traceroute
    UsethiscommandtodisplayahopbyhoppaththroughanIPnetworkfromthedevicetoa specificdestinationhost.ThreeICMPprobeswillbetransmittedforeachhopbetweenthesource andthetraceroutedestination.

    Syntax
    traceroute host

    Parameters
    host SpecifiesahosttowhichtherouteofanIPpacketwillbetraced.

    Defaults
    None.

    Mode
    PrivilegedEXEC:G3(su)>router#

    Usage
    Thereisalsoatraceroutecommandavailableinswitchmode.

    Example
    Thisexampleshowshowtousetraceroutetodisplayaroundtrippathtohost192.141.90.183.
    G3(su)->router#traceroute 192.141.90.183 Traceroute to 192.141.90.183, 30 hops max, 40 byte packets 1 10.1.56.1 0.000 ms 0.000 ms 2 10.1.48.254 10.000 ms 0.000 ms 3 10.1.0.2 0.000 ms 0.000 ms 4 192.141.89.17 0.000 ms 0.000 ms 5 192.141.100.13 0.000 ms 10.000 ms 6 192.141.100.6 0.000 ms 0.000 ms 7 192.141.90.183 0.000 ms 0.000 ms

    0.000 0.000 0.000 10.000 0.000 10.000 0.000

    ms ms ms ms ms ms ms

    15-20

    IP Configuration

    16
    IPv4 Routing Protocol Configuration
    ThischapterdescribestheIPv4RoutingProtocolConfigurationsetofcommandsandhowtouse them.
    Router: The commands covered in this chapter can be executed only when the device is in router mode. For details on how to enable router configuration modes, refer to Enabling Router Configuration Modes on page 14-2. For information about... Activating Advanced Routing Features Configuring RIP Configuring OSPF Configuring DVMRP Configuring IRDP Configuring VRRP Configuring PIM-SM Refer to page... 16-1 16-1 16-10 16-31 16-34 16-38 16-45

    Activating Advanced Routing Features


    Inordertoenableadvancedroutingprotocols,suchasOSPF,DVMRP,VRRP,andPIMSM,ona GSeriesdevice,youmustpurchaseandactivatealicensekey.Ifyouhavepurchasedanadvanced routinglicense,andhaveenabledroutingonthedeviceasdescribedinpreviouschapters,youcan activateyourlicenseasdescribedinActivatingLicensedFeaturesonpage227.Ifyouwishto purchaseanadvancedroutinglicense,contactEnterasysNetworksSales.
    Note: The command prompts used in examples throughout this guide show a system where the VLAN 1 interface has been configured for routing. The prompt changes depending on your current configuration mode, your specific device, and the interface types and numbers configured for routing on your system.

    Configuring RIP
    Purpose
    ToenableandconfiguretheRoutingInformationProtocol(RIP).

    Enterasys G-Series CLI Reference

    16-1

    router rip

    RIP Configuration Task List and Commands


    Table 161liststhetasksandcommandsassociatedwithRIPconfiguration.Commandsare describedintheassociatedsectionasshown. Table 16-1
    To do this... Enable RIP configuration mode. Enable RIP on an interface. Configure an administrative distance. Allow reception of a RIP version. Allow transmission of a RIP version. Configure RIP simple authentication. Configure RIP encrypted authentication. Disable automatic route summarization (necessary for enabling CIDR) Activate split horizon or poison-reverse. Suppress sending routing updates. Control reception of routing updates Control advertising non-RIP routes.

    RIP Configuration Task List and Commands


    Use these commands... router rip on page 16-2 ip rip enable on page 16-3 distance on page 16-3 ip rip send version on page 16-4 ip rip receive version on page 16-5 ip rip authentication-key on page 16-5 ip rip message-digest-key on page 16-6 no auto-summary on page 16-6 split-horizon poison on page 16-7 passive-interface on page 16-8 receive-interface on page 16-8 redistribute on page 16-9

    router rip
    UsethiscommandtoenableordisableRIPconfigurationmode.Thenoformofthiscommand disablesRIP.

    Syntax
    router rip no router rip

    Parameters
    None.

    Defaults
    None.

    Mode
    Globalconfiguration:G3(su)>router(Config)#

    Usage
    YoumustexecutetherouterripcommandtoenabletheprotocolbeforecompletingmanyRIP specificconfigurationtasks.Fordetailsonenablingconfigurationmodes,refertoTable 142in EnablingRouterConfigurationModesonpage142.

    16-2

    IPv4 Routing Protocol Configuration

    ip rip enable

    Example
    ThisexampleshowshowtoenableRIP:
    G3(su)->router#configure G3(su)->router(Config)#router rip G3(su)->router(Config-router)#

    ip rip enable
    UsethiscommandtoenableRIPonaninterface.ThenoformofthiscommanddisablesRIPonan interface:Bydefault,RIPisdisabledonallinterfaces.

    Syntax
    ip rip enable no ip rip enable

    Parameters
    None.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtoenableRIPontheVLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip rip enable

    distance
    UsethiscommandtoconfiguretheadministrativedistanceforRIProutes.Thenoformofthis commandresetsRIPadministrativedistancetothedefaultvalueof120.

    Syntax
    distance weight no distance [weight]

    Parameters
    weight SpecifiesanadministrativedistanceforRIProutes.Validvaluesare1255.

    Defaults
    None.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Enterasys G-Series CLI Reference

    16-3

    ip rip send version

    Usage
    Ifseveralroutes(comingfromdifferentprotocols)arepresentedtotheGSeries,theprotocolwith thelowestadministrativedistancewillbechosenforrouteinstallation.Bydefault,RIP administrativedistanceissetto120.Thedistancecommandcanbeusedtochangethisvalue, resettingRIPsroutepreferenceinrelationtootherroutesasshowninthetablebelow.
    Route Source Connected Static OSPF RIP Default Distance 0 1 110 120

    Example
    ThisexampleshowshowtochangethedefaultadministrativedistanceforRIPto1001:
    G3(su)->router(Config)#router rip G3(su)->router(Config-router)#distance 100

    ip rip send version


    UsethiscommandtosettheRIPversionforRIPupdatepacketstransmittedoutaninterface.The noversionofthiscommandsetstheversionoftheRIPupdatepacketstoRIPv1.

    Syntax
    ip rip send version {1 | 2 | r1compatible} no ip rip send version

    Parameters
    1 2 r1compatible SpecifiesRIPversion1.Thisisthedefaultsetting. SpecifiesRIPversion2. Specifiesthatpacketsbesentasversion2packets,buttransmitstheseas broadcastpacketsratherthanmulticastpacketssothatsystemswhichonly understandRIPversion1canreceivethem.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtosettheRIPsendversionto2forpacketstransmittedontheVLAN1 interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip rip send version 2

    16-4

    IPv4 Routing Protocol Configuration

    ip rip receive version

    ip rip receive version


    UsethiscommandtosettheRIPversion(s)forRIPupdatepacketsacceptedonaninterface.The noversionofthiscommandsetstheacceptablereceiveversionoftheRIPupdatepacketstoRIPv1.

    Syntax
    ip rip receive version {1 | 2 | 1 2 | none} no ip rip receive version

    Parameters
    1 2 12 none SpecifiesRIPversion1.Thisisthedefaultsetting. SpecifiesRIPversion2. SpecifiesRIPversions1and2. SpecifiesthatnoRIProuteswillbeprocessedonthisinterface.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Defaults
    None.

    Example
    ThisexampleshowshowtosettheRIPreceiveversionto2forupdatepacketsreceivedonthe VLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip rip receive version 2

    ip rip authentication-key
    UsethiscommandtoenableordisableaRIPauthenticationkey(password)foruseonan interface.ThenoformofthiscommandpreventsRIPfromusingauthentication.

    Syntax
    ip rip authentication-key name no ip rip authentication-key

    Parameters
    name SpecifiesthepasswordtoenableordisableforRIPauthentication.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Enterasys G-Series CLI Reference

    16-5

    ip rip message-digest-key

    Example
    ThisexampleshowshowtosettheRIPauthenticationkeychaintopasswordontheVLAN1 interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip rip authentication-key password

    ip rip message-digest-key
    UsethiscommandtoenableordisableaRIPMD5authenticationkey(password)foruseonan interface.ThenoformofthiscommandpreventsRIPfromusingauthentication.

    Syntax
    ip rip message-digest-key keyid md5 key no ip rip message-digest-key keyid

    Parameters
    keyid md5 key SpecifiesthekeyIDtoenableordisableforRIPauthentication.Validvalues are1to255. SpecifiesuseoftheMD5algorithm. SpecifiestheRIPauthenticationpassword.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Defaults
    None.

    Examples
    ThisexampleshowshowtosettheMD5authenticationIDto5fortheRIPauthenticationkeyset ontheVLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip rip message-digest-key 5 md5 password

    no auto-summary
    Usethiscommandtodisableautomaticroutesummarization.

    Syntax
    no auto-summary auto-summary

    Parameters
    None.

    Defaults
    None.

    16-6

    IPv4 Routing Protocol Configuration

    split-horizon poison

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Usage
    Bydefault,RIPversion2supportsautomaticroutesummarization,whichsummarizes subprefixestotheclassfulnetworkboundarywhencrossingnetworkboundaries.Disabling automaticroutesummarizationenablesCIDR,allowingRIPtoadvertiseallsubnetsandhost routinginformationontheGSeriesdevice.Toverifywhichroutesaresummarizedforan interface,usetheshowiproutecommandasdescribedinshowiprouteonpage1517.The reverseofthecommandreenablesautomaticroutesummarization.Bydefault,RIPauto summarizationaffectsbothRIPv1andRIPv2routes.
    Note: This command is necessary for enabling CIDR for RIP on the G-Series device.

    Example
    ThisexampleshowshowtodisableRIPautomaticroutesummarization:
    G3(su)->router(Config)#router rip G3(su)->router(Config-router)#no auto-summary

    split-horizon poison
    UsethiscommandtoenableordisablesplithorizonpoisonreversemodeforRIPpackets.Theno formofthiscommanddisablessplithorizonpoisonreverse.

    Syntax
    split-horizon poison no split-horizon poison

    Parameters
    None.

    Defaults
    None.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Usage
    Splithorizonpreventsanetworkfrombeingadvertisedoutthesameinterfaceitwasreceivedon. Thisfunctionisdisabledbydefault.

    Example
    ThisexampleshowshowtodisablesplithorizonpoisonreverseforRIPpacketstransmittedon theVLAN1interface:
    G3(su)->router(Config)#router rip G3(su)->Router1(Config-router)#no split-horizon poison

    Enterasys G-Series CLI Reference

    16-7

    passive-interface

    passive-interface
    UsethiscommandtopreventRIPfromtransmittingupdatepacketsonaninterface.Thenoform ofthiscommanddisablespassiveinterface.

    Syntax
    passive-interface vlan vlan-id no passive-interface vlan vlan-id

    Parameters
    vlanvlanid SpecifiesthenumberoftheVLANtomakeapassiveinterface.ThisVLAN mustbeconfiguredforIProutingasdescribedinPreRouting ConfigurationTasksonpage141.

    Defaults
    None.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Usage
    ThiscommanddoesnotpreventRIPfrommonitoringupdatesontheinterface.

    Example
    ThisexampleshowshowtosetVLAN2asapassiveinterface.NoRIPupdateswillbetransmitted onVLAN2:
    G3(su)->router(Config)#router rip G3(su)->router(Config-router)#passive-interface vlan 2

    receive-interface
    UsethiscommandtoallowRIPtoreceiveupdatepacketsonaninterface.Thenoformofthis commanddeniesthereceptionofRIPupdates.Bydefault,receivingisenabledonallrouting interfaces.

    Syntax
    receive-interface vlan vlan-id no receive-interface vlan vlan-id

    Parameters
    vlanvlanid SpecifiesthenumberoftheVLANtomakeareceiveinterface.ThisVLAN mustbeconfiguredforIProutingasdescribedinPreRouting ConfigurationTasksonpage141.

    Defaults
    None.

    16-8

    IPv4 Routing Protocol Configuration

    redistribute

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Usage
    ThiscommanddoesnotaffectthesendingofRIPupdatesonthespecifiedinterface.

    Example
    ThisexampleshowshowtodenythereceptionofRIPupdatesonVLAN2:
    G3(su)->router(Config)#router rip G3(su)->router(Config-router)#no receive-interface vlan 2

    redistribute
    UsethiscommandtoallowroutinginformationdiscoveredthroughnonRIPprotocolstobe distributedinRIPupdatemessages.Thenoformofthiscommandclearsredistribution parameters.

    Syntax
    redistribute {connected | ospf process-id | static} [metric metric value] [subnets] no redistribute {connected | ospf process-id | static}

    Parameters
    connected ospf processid SpecifiesthatnonRIProutinginformationdiscoveredviadirectly connectedinterfaceswillberedistributed. SpecifiesthatOSPFroutinginformationwillberedistributedinRIP. SpecifiestheprocessID,aninternallyusedidentificationnumberforeach instanceoftheOSPFroutingprocessrunonarouter.Validvaluesare1to 65535. SpecifiesthatnonRIProutinginformationdiscoveredviastaticrouteswill beredistributed.Staticroutesarethosecreatedusingtheiproute commanddetailediniprouteonpage1519. (Optional)Specifiesametricfortheconnected,OSPForstatic redistributionroute.Thisvalueshouldbeconsistentwiththedesignation protocol. (Optional)Specifiesthatconnected,OSPForstaticroutesthatare subnettedwillberedistributed.

    static

    metricmetricvalue

    subnets

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Defaults
    Ifmetricvalueisnotspecified,1willbeapplied. Ifsubnetsisnotspecified,onlynonsubnettedrouteswillberedistributed.

    Enterasys G-Series CLI Reference

    16-9

    Configuring OSPF

    Example
    Thisexampleshowshowtoredistributeroutinginformationdiscoveredthroughstaticrouteswill beredistributedintoRIPupdatemessages:
    G3(su)->router(Config)#router rip G3(su)->router(Config-router)#redistribute static

    Configuring OSPF
    * Advanced License Required *
    OSPF is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described in Activating Licensed Features on page 2-27 in order to enable the OSPF command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales.

    Purpose
    ToenableandconfiguretheOpenShortestPathFirst(OSPF)routingprotocol.

    OSPF Configuration Task List and Commands


    Table 162liststhetasksandcommandsassociatedwithOSPFconfiguration.Commandsare describedintheassociatedsectionasshown. Table 16-2
    To do this... If necessary, activate your advanced routing license. Enable OSPF configuration mode.

    OSPF Configuration Task List and Commands


    Use these commands... See Activating Licensed Features on page 2-27. router id on page 16-11 router ospf on page 16-12

    Enable or disable RFC 1583 compatibility. Configure OSPF Interface Parameters. Enable OSPF on the interface. Configure an OSPF area. Set the cost of sending a packet on an OSPF interface. Set a priority to help determine the OSPF designated router for the network. Adjust timers and message intervals.

    1583compatibility on page 16-12

    ip ospf enable on page 16-13 ip ospf areaid on page 16-13 ip ospf cost on page 16-14 ip ospf priority on page 16-14 timers spf on page 16-15 ip ospf retransmit-interval on page 16-16 ip ospf transmit-delay on page 16-16 ip ospf hello-interval on page 16-17 ip ospf dead-interval on page 16-17

    16-10

    IPv4 Routing Protocol Configuration

    router id

    Table 16-2
    To do this...

    OSPF Configuration Task List and Commands (Continued)


    Use these commands... ip ospf authentication-key on page 16-18 ip ospf message digest key md5 on page 16-18

    Configure OSPF authentication.

    Configure OSPF Areas. Configure an administrative distance. Define the range of addresses to be used by Area Boundary Routers (ABRs). Define an area as a stub area. Set the cost value for the default route that is sent into a stub area. Define an area as an NSSA. Create virtual links. Enable redistribution from non-OSPF routes. Monitor and maintain OSPF. distance ospf on page 16-19 area range on page 16-20 area stub on page 16-21 area default cost on page 16-21 area nssa on page 16-22 area virtual-link on page 16-23 redistribute on page 16-24 show ip ospf on page 16-25 show ip ospf neighbor on page 16-28 show ip ospf interface on page 16-27 show ip ospf neighbor on page 16-28 show ip ospf virtual-links on page 16-29 clear ip ospf process on page 16-30

    router id
    UsethiscommandtosettheOSPFrouterIDforthedevice.ThisIPaddressmustbesetmanually inordertorunOSPF.ThenoformofthiscommandremovestherouterIDforthedevice.

    Syntax
    router id ip-address no router id

    Parameters
    ipaddress SpecifiestheIPaddressthatOSPFwilluseastherouterID.

    Defaults
    None.

    Mode
    Globalconfiguration:G3(su)>router(Config)#

    Enterasys G-Series CLI Reference

    16-11

    router ospf

    Example
    ThisexampleshowshowtosettheOSPFrouterIDtoIPaddress182.127.62.1:
    G3(su)->router(Config-router)#router id 182.127.62.1

    router ospf
    UsethiscommandtoenableordisableOpenShortestPathFirst(OSPF)configurationmode.The noformofthiscommanddisablesOSPFconfigurationmode.

    Syntax
    router ospf process-id no router ospf process-id

    Parameters
    processid SpecifiestheprocessID,aninternallyusedidentificationnumberforan OSPFroutingprocessrunonarouter.OnlyoneOSPFprocessisallowed perstackorstandalone.Validvaluesare1to65535.

    Defaults
    None.

    Mode
    Globalconfiguration:G3(su)>router(Config)#

    Usage
    YoumustexecutetherouterospfcommandtoenabletheprotocolbeforecompletingmanyOSPF specificconfigurationtasks.Fordetailsonenablingconfigurationmodes,refertoTable 142in EnablingRouterConfigurationModesonpage142. OnlyoneOSPFprocess(processid)isallowedperGSeriesrouter.

    Example
    ThisexampleshowshowtoenableroutingforOSPFprocess1:
    G3(su)->router#conf terminal G3(su)->router(Config)#router ospf 1 G3(su)->router(Config-router)#

    1583compatibility
    UsethiscommandtoenableRFC1583compatibilityonOSPFinterfaces.Thenoformofthis commanddisablesRFC1583compatibilityonOSPFinterfaces.

    Syntax
    1583compatability no 1583compatability

    Parameters
    None.
    16-12 IPv4 Routing Protocol Configuration

    ip ospf enable

    Defaults
    None.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Example
    ThisexampleshowshowtoenableRFC1583compatibility:
    G3(su)->router(Config)#router ospf 1 G3(su)->router(Config-router)#1583compatability

    ip ospf enable
    UsethiscommandtoenableOSPFonaninterface.ThenoformofthiscommanddisablesOSPFon aninterface.

    Syntax
    ip ospf enable no ip ospf enable

    Parameters
    None.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtoenableOSPFontheVLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip ospf enable

    ip ospf areaid
    UsethiscommandtoconfigureareaIDsforOSPFinterfaces.IfOSPFisenabledonaninterfaceas describedinipospfenableonpage1613,theOSPFareawilldefaultto0.0.0.0.Thenoformof thiscommandremovesOSPFroutingfortheinterfaces.

    Syntax
    ip ospf areaid area-id no ip ospf areaid

    Parameters
    areaid SpecifiestheareaidtobeassociatedwiththeOSPFinterface.Validvalues aredecimalvaluesorIPaddresses.
    Enterasys G-Series CLI Reference 16-13

    ip ospf cost

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtoconfiguretheVLAN1interfaceasarea0.0.0.31:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip ospf areaid 0.0.0.31

    ip ospf cost
    UsethiscommandtosetthecostofsendinganOSPFpacketonaninterface.Thenoformofthis commandresetstheOSPFcosttothedefaultof10.

    Syntax
    ip ospf cost cost no ip ospf cost

    Parameters
    cost Specifiesthecostofsendingapacket.Validvaluesrangefrom1to65535.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    EachrouterinterfacethatparticipatesinOSPFroutingisassignedadefaultcost.Thiscommand overwritesthedefaultof10.

    Example
    ThisexampleshowshowtosettheOSPFcostto20fortheVLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip ospf cost 20

    ip ospf priority
    UsethiscommandtosettheOSPFpriorityvalueforrouterinterfaces.Thenoformofthis commandresetsthevaluetothedefaultof1.

    Syntax
    ip ospf priority number no ip ospf priority

    16-14

    IPv4 Routing Protocol Configuration

    timers spf

    Parameters
    number SpecifiestheroutersOSPFpriorityinarangefrom0to255.Defaultvalueis 1.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    Thepriorityvalueiscommunicatedbetweenroutersbymeansofhellomessagesandinfluences theelectionofadesignatedrouter.

    Example
    ThisexampleshowshowtosettheOSPFpriorityto20fortheVLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip ospf priority 20

    timers spf
    UsethiscommandtochangeOSPFtimervaluestofinetunetheOSPFnetwork.Thenoformof thiscommandrestoresthedefaulttimervalues(5secondsfordelayand10secondsforholdtime).

    Syntax
    timers spf spf-delay spf-hold no timers spf

    Parameters
    spfdelay spfhold Specifiesthedelay,inseconds,betweenthereceiptofanupdateandtheSPF execution.Validvaluesare0to4294967295. Specifiestheminimumamountoftime,inseconds,betweentwo consecutiveOSPFcalculations.Validvaluesare0to4294967295.Avalueof 0meansthattwoconsecutiveOSPFcalculationsareperformedone immediatelyaftertheother.

    Defaults
    None.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Example
    ThisexampleshowshowtosetSPFdelaytimeto7secondsandholdtimeto3:
    G3(su)->router(Config)#router ospf 1 G3(su)->router(Config-router)#timers spf 7 3

    Enterasys G-Series CLI Reference

    16-15

    ip ospf retransmit-interval

    ip ospf retransmit-interval
    Usethiscommandtosettheamountoftimebetweenretransmissionsoflinkstateadvertisements (LSAs)foradjacenciesthatbelongtoaninterface.Thenoformofthiscommandresetsthe retransmitintervalvaluetothedefault,5seconds.

    Syntax
    ip ospf retransmit-interval seconds no ip ospf retransmit-interval

    Parameters
    seconds Specifiestheretransmittimeinseconds.Validvaluesare1to65535.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtosettheOSPFretransmitintervalfortheVLAN1interfaceto20:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip ospf retransmit-interval 20

    ip ospf transmit-delay
    Usethiscommandtosettheamountoftimerequiredtotransmitalinkstateupdatepacketonan interface.Thenoformofthiscommandresetstheretransmitintervalvaluetothedefault,1 second.

    Syntax
    ip ospf transmit-delay seconds no ip ospf transmit-delay

    Parameters
    seconds Specifiesthetransmitdelayinseconds.Validvaluesarefrom1to65535.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    Thisexampleshowshowtosetthetimerequiredtotransmitalinkstateupdatepacketonthe VLAN1interfaceat20seconds:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip ospf transmit-delay 20
    16-16 IPv4 Routing Protocol Configuration

    ip ospf hello-interval

    ip ospf hello-interval
    Usethiscommandtosetthenumberofsecondsaroutermustwaitbeforesendingahellopacket toneighborroutersonaninterface.Thenoformofthiscommandsetsthehellointervalvalueto thedefaultvalueof10seconds.

    Syntax
    ip ospf hello-interval seconds no ip ospf hello-interval

    Parameters
    seconds Specifiesthehellointervalinseconds.Hellointervalmustbethesameon neighboringrouters(onaspecificsubnet),butcanvarybetweensubnets. Thisparameterisanunsignedintegerwithvalidvaluesbetween1and 65535.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    Thisexampleshowshowtosetthehellointervalto5fortheVLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip ospf hello-interval 5

    ip ospf dead-interval
    Usethiscommandtosetthenumberofsecondsaroutermustwaittoreceiveahellopacketfrom itsneighborbeforedeterminingthattheneighborisoutofservice.Thenoformofthiscommand setsthedeadintervalvaluetothedefaultvalueof40seconds.

    Syntax
    ip ospf dead-interval seconds no ip ospf dead-interval

    Parameters
    seconds Specifiesthenumberofsecondsthataroutermustwaittoreceiveahello packetbeforedeclaringtheneighborasdeadandremovingitfromthe OSPFneighborlist.Deadintervalmustbethesameonneighboringrouters (onaspecificsubnet),butcanvarybetweensubnets.Thisparameterisan unsignedintegerrangingfrom1to65535.Defaultvalueis40seconds.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    16-17

    ip ospf authentication-key

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    Thisexampleshowshowtosetthedeadintervalto20fortheVLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip ospf dead-interval 20

    ip ospf authentication-key
    UsethiscommandtoassignapasswordtobeusedbyneighboringroutersusingOSPFssimple passwordauthentication.ThenoformofthiscommandremovesanOSPFauthentication passwordonaninterface.

    Syntax
    ip ospf authentication-key password no ip ospf authentication-key

    Parameters
    password SpecifiesanOSPFauthenticationpassword.Validvaluesarealphanumeric stringsupto8charactersinlength.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    ThispasswordisusedasakeythatisinserteddirectlyintotheOSPFheaderinroutingprotocol packets.AseparatepasswordcanbeassignedtoeachOSPFnetworkonaperinterfacebasis. Allneighboringroutersonthesamenetworkmusthavethesamepasswordconfiguredtobeable toexchangeOSPFinformation.

    Example
    ThisexampleshowshowtoenablesanOSPFauthenticationkeyontheVLAN1interfacewiththe passwordyourpass:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip ospf authentication-key yourpass

    ip ospf message digest key md5


    UsethiscommandtoenableordisableOSPFMD5authenticationonaninterface.Thisvalidates OSPFMD5routingupdatesbetweenneighboringrouters.Thenoformofthiscommanddisables MD5authenticationonaninterface.

    16-18

    IPv4 Routing Protocol Configuration

    distance ospf

    Syntax
    ip ospf message-digest-key keyid md5 key no ip ospf message-digest-key keyid

    Parameters
    keyid key SpecifiesthekeyidentifierontheinterfacewhereMD5authenticationis enabled.Validvaluesareintegersfrom1to255. SpecifiesapasswordforMD5authenticationtobeusedwiththekeyid.Valid valuesarealphanumericstringsofupto16characters.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtoenableOSPFMD5authenticationontheVLAN1interface,setthekey identifierto20,andsetthepasswordtopassone:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip ospf message-digest-key 20 md5 passone

    distance ospf
    UsethiscommandtoconfiguretheadministrativedistanceforOSPFroutes.Thenoformofthis commandresetsOSPFadministrativedistancetothedefaultvalues.

    Syntax
    distance ospf {external | inter-area | intra-area} weight no distance ospf {external | inter-area | intra-area}

    Parameters
    external|inter area|intraarea Appliesthedistancevaluetoexternal(type5andtype7),tointerarea,orto intraarearoutes.
    Note: The value for intra-area distance must be less than the value for inter-area distance, which must be less than the value for external distance.

    weight

    SpecifiesanadministrativedistanceforOSPFroutes.Validvaluesare1 255.

    Defaults
    Ifroutetypeisnotspecified,thedistancevaluewillbeappliedtoallOSPFroutes.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Enterasys G-Series CLI Reference

    16-19

    area range

    Usage
    Ifseveralroutes(comingfromdifferentprotocols)arepresentedtotheGSeries,theprotocolwith thelowestadministrativedistancewillbechosenforrouteinstallation.Bydefault,OSPF administrativedistanceissetto110.Thedistanceospfcommandcanbeusedtochangethisvalue, resettingOSPFsroutepreferenceinrelationtootherroutesasshowninthetablebelow.
    Route Source Connected Static OSPF RIP Default Distance 0 1 Intra-area - 8; Inter-area - 10; External type 1 - 13; External type 2 - 150 15

    Example
    ThisexampleshowshowtochangethedefaultadministrativedistanceforexternalOSPFroutesto 100:
    G3(su)->router(Config)#router ospf 1 G3(su)->router(Config-router)#distance ospf external 100

    area range
    UsethiscommandtodefinetherangeofaddressestobeusedbyAreaBorderRouters(ABRs) whentheycommunicateroutestootherareas.EachGSeriescansupportupto4OSPFareas.The noformofthiscommandstopstheroutesfrombeingsummarized.

    Syntax
    area area-id range ip-address ip-mask [advertise | no-advertise] no area area-id range ip-address ip-mask

    Parameters
    areaid ipaddress ipmask advertise|no advertise Specifiestheareafromwhichroutesaretobesummarized.Thisisa decimalvaluefrom0to429496295. SpecifiestheIPaddressassociatedwiththeareaID. SpecifiesthemaskfortheIPaddress. (Optional)Entersaddressrangeinadvertisemode,ordonotadvertise mode.

    Defaults
    Ifnotspecified,advertisemodewillbeset.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    16-20

    IPv4 Routing Protocol Configuration

    area stub

    Example
    Thisexampleshowshowtodefinetheaddressrangeas172.16.0.0/16forsummarizedroutesfrom area0.0.0.8:
    G3(su)->router(Config)#router ospf 1 G3(su)->router(Config-router)#area 0.0.0.8 range 172.16.0.0 255.255.0.0

    area stub
    UsethiscommandtodefineanOSPFareaasastubarea.ThisisanareaintowhichAutonomous SystemexternalASAswillnotbeflooded.Thenoformofthiscommandchangesthestubbackto aplainarea.

    Syntax
    area area-id stub [no-summary] no area area-id stub [no-summary]

    Parameters
    areaid nosummary Specifiesthestubarea.Validvaluesaredecimalvaluesoripaddresses. (Optional)PreventsanAreaBorderRouter(ABR)fromsendingLinkState Advertisements(LSAs)intothestubarea.Whenthisparameterisused,it meansthatalldestinationsoutsideofthestubareaarerepresentedby meansofadefaultroute.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Defaults
    Ifnosummaryisnotspecified,thestubareawillbeabletoreceiveLSAs.

    Example
    ThefollowingexampleshowshowtodefineOSPFarea10asastubarea:
    G3(su)->router(Config)#router ospf 1 G3(su)->router(Config-router)#area 10 stub

    area default cost


    UsethiscommandtosetthecostvalueforthedefaultroutethatissentintoastubareaandNSSA byanAreaBorderRouter(ABR).Thenoformofthiscommandremovesthecostvaluefromthe summaryroutethatissentintothestubarea.

    Syntax
    area area-id default-cost cost no area area-id default-cost

    Parameters
    areaid Specifiesthestubarea.ValidvaluesaredecimalvaluesorIPaddresses.

    Enterasys G-Series CLI Reference

    16-21

    area nssa

    cost

    Specifiesacostvalueforthesummaryroutethatissentintoastubareaby default.Validvaluesare24bitnumbers,from0to16777215.

    Defaults
    None.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Usage
    TheuseofthiscommandisrestrictedtoABRsattachedtostubandNSSAareas.

    Example
    Thisexampleshowshowtosetthecostvalueforstubarea10to99:
    G3(su)->router(Config)#router ospf 1 G3(su)->router(Config-router)#area 10 default-cost 99

    area nssa
    UsethiscommandtoconfigureanareaasaNotSoStubbyArea(NSSA).Thenoformofthis commandchangestheNSSAbacktoaplainarea.

    Syntax
    area area-id nssa [default-information-originate] no area area-id nssa [default-information-originate]

    Parameters
    areaid default information originate SpecifiestheNSSAarea.ValidvaluesaredecimalvaluesorIPaddresses. (Optional)GeneratesadefaultofType7intotheNSSA.Thisisusedwhen therouterisanNSSAABR.

    Defaults
    Ifdefaultinformationoriginateisnotspecified,nodefaulttypewillbegenerated.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Usage
    AnNSSAallowssomeexternalroutesrepresentedbyexternalLinkStateAdvertisements(LSAs) tobeimportedintoit.Thisisincontrasttoastubareathatdoesnotallowanyexternalroutes. ExternalroutesthatarenotimportedintoanNSSAcanberepresentedbymeansofadefault route.ThisconfigurationisusedwhenanOSPFinternetworkisconnectedtomultiplenonOSPF routingdomains.

    16-22

    IPv4 Routing Protocol Configuration

    area virtual-link

    Example
    Thisexampleshowshowtoconfigurearea10asanNSSAarea:
    G3(su)->router(Config)#router ospf 1 G3(su)->router(Config-router)#area 10 nssa default-information-originate

    area virtual-link
    UsethiscommandtodefineanOSPFvirtuallink,whichrepresentsalogicalconnectionbetween thebackboneandanonbackboneOSPFarea.Thenoformofthiscommandremovesthevirtual linkand/oritsassociatedsettings.

    Syntax
    area area-id virtual-link router-id no area area-id virtual-link router-id

    Inadditiontothesyntaxabove,theoptionsforusingthiscommandare:
    area area-id virtual-link router-id authentication-key key no area area-id virtual-link router-id authentication-key key area area-id virtual-link router-id dead-interval seconds no area area-id virtual-link router-id dead-interval seconds area area-id virtual-link router-id hello-interval seconds no area area-id virtual-link router-id hello-interval seconds area area-id virtual-link router-id retransmit-interval seconds no area area-id virtual-link router-id retransmit-interval seconds area area-id virtual-link router-id transmit-delay seconds no area area-id virtual-link router-id transmit-delay seconds

    Parameters
    areaid Specifiesthetransitareaforthevirtuallink.Validvaluesaredecimalvalues orIPaddresses.Atransitareaisanareathroughwhichavirtuallinkis established. SpecifiestherouterIDofthevirtuallinkneighbor. Specifiesapasswordtobeusedbythevirtuallink.Validvaluesare alphanumericstringsofupto8characters.Neighborvirtuallinkrouterson anetworkmusthavethesamepassword. Specifiesthenumberofsecondsthataroutermustwaittoreceiveahello packetbeforedeclaringtheneighborasdeadandremovingitfromthe OSPFneighborlist.Thisvaluemustbethesameforallvirtuallinksattached toacertainsubnet,anditisavaluerangingfrom1to8192. Specifiesthenumberofsecondsbetweenhellopacketsonthevirtuallink. Thisvaluemustbethesameforallvirtuallinksattachedtoanetworkandit isavaluerangingfrom1to8192. Specifiesthenumberofsecondsbetweensuccessiveretransmissionsofthe sameLSAs.Validvaluesaregreaterthantheexpectedamountoftime requiredfortheupdatepackettoreachandreturnfromtheinterface,and rangefrom1to8192.Defaultis5seconds.

    routerid authentication keykey deadinterval seconds

    hellointerval seconds retransmit intervalseconds

    Enterasys G-Series CLI Reference

    16-23

    redistribute

    transmitdelay seconds

    Specifiestheestimatednumberofsecondsbeforealinkstateupdatepacket ontheinterfacetobetransmitted.Validvaluesrangefrom1to8192.Default is1second.

    Defaults
    None.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Example
    Thisexampleshowshowtoconfigureavirtuallinkovertransitionarea0.0.0.2torouterID 192.168.7.2:
    G3(su)->router(Config)#router ospf 1 G3(su)->router(Config-router)#area 0.0.0.2 virtual-link 192.168.7.2

    redistribute
    UsethiscommandtoallowroutinginformationdiscoveredthroughnonOSPFprotocolstobe distributedinOSPFupdatemessages.Thenoformofthiscommandclearsredistribution parameters.

    Syntax
    redistribute {connected | rip | static} [metric metric value] [metric-type typevalue] [subnets] no redistribute {connected | rip | static}

    Parameters
    connected rip static SpecifiesthatnonOSPFinformationdiscoveredviadirectlyconnected interfaceswillberedistributed. SpecifiesthatRIProutinginformationwillberedistributedinOSPF. SpecifiesthatnonOSPFinformationdiscoveredviastaticrouteswillbe redistributed.Staticroutesarethosecreatedusingtheiproutecommand detailediniprouteonpage1519. (Optional)Specifiesametricfortheconnected,RIPorstaticredistribution route.Thisvalueshouldbeconsistentwiththedesignationprotocol. (Optional)Specifiestheexternallinktypeassociatedwiththedefault connected,RIPorstaticrouteadvertisedintotheOSPFroutingdomain. Validvaluesare1fortype1externalroute,and2fortype2externalroute. (Optional)Specifiesthatconnected,RIP,orstaticroutesthataresubnetted routeswillberedistributed.

    metricmetricvalue metrictypetype value subnets

    Defaults
    Ifmetricvalueisnotspecified,0willbeapplied. Iftypevalueisnotspecified,type2(externalroute)willbeapplied. Ifsubnetsisnotspecified,onlytheshortestprefixmatchingrouteswillberedistributed.

    16-24

    IPv4 Routing Protocol Configuration

    show ip ospf

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Example
    ThisexampleshowshowtoredistributeRIProutinginformationtononsubnettedroutesinOSPF routes:
    G3(su)->router(Config)#router ospf G3(su)->router(Config-router)#redistribute rip

    show ip ospf
    UsethiscommandtodisplayOSPFinformation.

    Syntax
    show ip ospf

    Parameters
    None.

    Defaults
    None.

    Mode
    Anyroutermode.

    Example
    ThisexampleshowshowtodisplayOSPFinformation:
    G3(su)->router#show ip ospf Routing process "ospf 1" with ID 155.155.155.155 Supports only Normal TOS route. It is not an area border router and is an autonomous system boundary router. Redistributing External Routes from static Number of areas in this router is 2 Area 0.0.0.0 SPF algorithm executed 0 times Area ranges are Link State Age Interval is 10 Area 0.0.0.8 SPF algorithm executed 302 times Area ranges are Link State Age Interval is 10

    show ip ospf database


    UsethiscommandtodisplaytheOSPFlinkstatedatabase.

    Syntax
    show ip ospf database

    Enterasys G-Series CLI Reference

    16-25

    show ip ospf database

    Parameters
    None.

    Defaults
    None.

    Mode
    Anyroutermode.

    Example
    ThisexampleshowshowtodisplayallOSPFlinkstatedatabaseinformation.Thisisaportionof thecommandoutput:
    G3(su)->router#show ip ospf database OSPF Router with ID(155.155.155.155) Displaying Ipnet Sum Link States(Area 0.0.0.0) LinkID ADV Router Age Seq# 192.168.16.0 155.155.155.155 1751 0x80000036 Displaying As External Link States(Area 0.0.0.0) ADV Router Age Seq# 155.155.155.155 1306 0x8000003c 155.155.155.155 1306 0x8000003c 155.155.155.155 1306 0x8000003c 155.155.155.155 1306 0x8000003c 155.155.155.155 1307 0x8000003c 155.155.155.155 1307 0x8000003c 155.155.155.155 1307 0x8000003c 155.155.155.155 1307 0x8000003c 155.155.155.155 1307 0x8000003c

    Checksum 0x18a

    LinkID 191.2.2.0 191.3.3.3 191.3.3.4 191.3.3.5 191.3.3.6 191.3.3.7 191.3.3.8 191.3.3.9 191.4.0.0

    Checksum 0x9096 0x5bc6 0x51cf 0x47d8 0x3de1 0x33ea 0x29f3 0x1ffc 0x8e98

    Displaying Router Link States(Area 0.0.0.8) LinkID ADV Router Age Seq# 3.3.3.3 3.3.3.3 986 0x8000008e 155.155.155.155 155.155.155.155 977 0x8000009c Displaying Net Link States(Area 0.0.0.8) LinkID ADV Router Age Seq# 192.168.30.2 155.155.155.155 310 0x8000003b 192.168.31.2 155.155.155.155 997 0x80000002 192.168.32.2 155.155.155.155 997 0x80000002 192.168.33.2 155.155.155.155 998 0x80000002 Displaying Ipnet Sum Link States(Area 0.0.0.8) LinkID ADV Router Age Seq# 0.0.0.0 3.3.3.3 361 0x80000005 8.1.1.0 3.3.3.3 1512 0x80000003 8.1.2.0 3.3.3.3 1512 0x80000003 8.1.3.0 3.3.3.3 1502 0x80000003 8.1.4.0 3.3.3.3 1512 0x80000003

    Checksum 0xb6f9 0x6e96

    Checksum 0x59ab 0xc07c 0xb586 0xaa90 Checksum 0x311d 0x3de1 0x32eb 0x27f5 0x1c00

    Table 163providesanexplanationofthecommandoutput.

    16-26

    IPv4 Routing Protocol Configuration

    show ip ospf interface

    Table 16-3
    Output Field Link ID

    show ip ospf database Output Details


    What It Displays... Link ID, which varies as a function of the link state record type, as follows: Net Link States - Shows the interface IP address of the designated router to the broadcast network. Router Link States - Shows the ID of the router originating the record. Summary Link States - Shows the summary network prefix.

    ADV Router Age Seq# Checksum LinkCount

    Router ID of the router originating the link state record. Age (in seconds) of the link state record. OSPF sequence number assigned to each link state record. Field in the link state record used to verify the contents upon receipt by another router. Link count of router link state records. This number is equal to, or greater than, the number of active OSPF interfaces on the originating router.

    show ip ospf interface


    UsethiscommandtodisplayOSPFinterfacerelatedinformation,includingnetworktype, priority,cost,hellointerval,anddeadinterval.

    Syntax
    show ip ospf interface [vlan vlan-id]

    Parameters
    vlanvlanid (Optional)DisplaysOSPFinformationforaspecificVLAN.ThisVLAN mustbeconfiguredforIProutingasdescribedinPreRouting ConfigurationTasksonpage141.

    Defaults
    Ifvlanidisnotspecified,OSPFstatisticswillbedisplayedforallVLANs.

    Mode
    Anyroutermode.

    Example
    ThisexampleshowshowtodisplayallOSPFrelatedinformationfortheVLAN6interface:
    G3(su)->router#show ip ospf interface vlan 6 Vlan 6 Internet Address 192.168.6.2 Mask 255.255.255.0, Area 0.0.0.0 Router ID 3.3.3.3 , Cost: 10 (computed) Transmit Delay is 1 sec , State designated-router , Priority 1 Designated Router id 3.3.3.3 , Interface Addr 192.168.6.2 Backup Designated Router id 2.2.2.2 , Timer intervals configured , Hello 10 , Dead 40 , Retransmit 5

    Table 164providesanexplanationofthecommandoutput.

    Enterasys G-Series CLI Reference

    16-27

    show ip ospf neighbor

    Table 16-4
    Output Field Vlan

    show ip ospf interface Output Details


    What It Displays... VLAN ID IP address and mask assigned to this interface. Area ID Router ID configured on this router. OSPF interface cost, which is either default, or assigned with the ip ospf cost command. For details, refer to ip ospf cost on page 16-14. The number (in seconds) added to the LSA (Link State Advertisement) age field. The interface state (versus the state between neighbors). Valid values include Backup Designated Router, Designated Router, and Err for error. The interface priority value, which is either default, or assigned with the ip ospf priority command. For details, refer to ip ospf priority on page 16-14. The router ID of the designated router on this subnet, if one exists, in which case Err will be displayed. IP address of the designated router on this interface. IP address of the backup designated router on this interface, if one exists, in which case Err will be displayed. OSPF timer intervals. These are either default, or configured with the ip ospf retransmit-interval (ip ospf retransmit-interval on page 16-16), the ip ospf hellointerval (ip ospf hello-interval on page 16-17), the ip ospf retransmit-delay (ip ospf transmit-delay on page 16-16) and the ip ospf dead interval (ip ospf deadinterval on page 16-17) commands.

    Internet Address Area Router ID Cost Transmit Delay State Priority Designated Router id Interface Addr Backup Designated Router id Timer intervals configured

    show ip ospf neighbor


    UsethiscommandtodisplaythestateofcommunicationbetweenanOSPFrouterandits neighborrouters.

    Syntax
    show ip ospf neighbor [detail] [ip-address] [vlan vlan-id]

    Parameters
    detail (Optional)Displaysdetailedinformationabouttheneighbors,includingthe areainwhichtheyareneighbors,whothedesignatedrouter/backup designatedrouterisonthesubnet,ifapplicable,andthedecimalequivalent oftheEbitvaluefromthehellopacketoptionsfield. (Optional)DisplaysOSPFneighborsforaspecificIPaddress. (Optional)DisplaysOSPFneighborsforaspecificVLAN.ThisVLANmust beconfiguredforIProutingasdescribedinPreRoutingConfiguration Tasksonpage141.

    ipaddress vlanvlanid

    Defaults
    Ifdetailisnotspecified,summaryinformationwillbedisplayed.

    16-28

    IPv4 Routing Protocol Configuration

    show ip ospf virtual-links

    Ifipaddressisnotspecified,OSPFneighborswillbedisplayedforallIPaddressesconfiguredfor routing. Ifvlanidisnotspecified,OSPFneighborswillbedisplayedforallVLANsconfiguredforrouting.

    Mode
    Anyroutermode.

    Example
    Thisexampleshowshowtousetheshowospfneighborcommand:
    G3(su)->router#show ip ospf neighbor ID Pri State Dead-Int 182.127.62.1 1 FULL 40 Address 182.127.63.1 Interface vlan1

    Table 165providesanexplanationofthecommandoutput. Table 16-5


    Output Field ID Pri State Dead-Int Address Interface

    show ip ospf neighbor Output Details


    What It Displays... Neighbors router ID of the OSPF neighbor. Neighbors priority over this interface. Neighbors OSPF communication state. Interval (in seconds) this router will wait without receiving a Hello packet from a neighbor before declaring the neighbor is down. Neighbors IP address. Neighbors interface (VLAN).

    show ip ospf virtual-links


    Usethiscommandtodisplayinformationaboutthevirtuallinksconfiguredonarouter.Avirtual linkrepresentsalogicalconnectionbetweenthebackboneandanonbackboneOSPFarea.

    Syntax
    show ip ospf virtual-links

    Parameters
    None.

    Defaults
    None.

    Mode
    Anyroutermode.

    Enterasys G-Series CLI Reference

    16-29

    clear ip ospf process

    Example
    ThisexampleshowshowtodisplayOSPFvirtuallinksinformation:
    G3(su)->router#show ip ospf virtual-links Neighbor ID 155.155.155.155 Transit area 0.0.0.8 Transmit delay is 1 sec State point-to-point Timer intervals configured: Hello 10, Dead 40, Retransmit 5 Adjacency State Full

    Table 166providesanexplanationofthecommandoutput. Table 16-6


    Output Field Neighbor ID Transit area Transmit delay State Timer intervals configured Adjacency State

    show ip ospf virtual links Output Details


    What It Displays... ID of the virtual link neighbor, and the virtual link status, which is up or down. ID of the transit area through which the virtual link is configured. Amount of time required to transmit a link state update packet on an interface. Whether the state of this interface is down or point-to-point. Timer intervals configured for the virtual link, including Hello, Wait, and Retransmit intervals. State of adjacency between this router and the virtual link neighbor of this router.

    clear ip ospf process


    UsethiscommandtoresettheOSPFprocess.Thiswillrequireadjacenciestobereestablishedand routestobereconverged.

    Syntax
    clear ip ospf process process-id

    Parameters
    processid SpecifiestheprocessID,aninternallyusedidentificationnumberforeach instanceoftheOSPFroutingprocessrunonarouter.Validvaluesare1to 65535.

    Defaults
    None.

    Mode
    PrivilegedEXEC:G3(su)>router#

    Example
    ThisexampleshowshowtoresetOSPFprocess1:
    G3(su)->router#clear ip ospf process 1

    16-30

    IPv4 Routing Protocol Configuration

    Configuring DVMRP

    Configuring DVMRP
    * Advanced License Required *
    DVMRP is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described in Activating Licensed Features on page 2-27.in order to enable the DVMRP command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales.

    Purpose
    ToenableandconfiguretheDistanceVectorMulticastRoutingProtocol(DVMRP)onaninterface. DVMRProutesmulticasttrafficusingatechniqueknownasReversePathForwarding.Whena routerreceivesapacket,itfloodsthepacketoutofallpathsexcepttheonethatleadsbacktothe packetssource.DoingsoallowsadatastreamtoreachallVLANs(possiblymultipletimes).Ifa routerisattachedtoasetofVLANsthatdonotwanttoreceivefromaparticularmulticastgroup, theroutercansendaprunemessagebackupthedistributiontreetostopsubsequentpackets fromtravelingwheretherearenomembers.DVMRPwillperiodicallyrefloodinordertoreach anynewhoststhatwanttoreceivefromaparticulargroup.
    Note: IGMP must be enabled on all VLANs running DVMRP, and must also be globally enabled on the G-Series. For details on enabling IGMP, refer to Chapter 10.

    Commands
    For information about... ip dvmrp ip dvmrp enable ip dvmrp metric show ip dvmrp Refer to page... 16-32 16-32 16-33 16-33

    Enabling DVMRP on an Interface


    DVMRPisdisabledbydefault,bothgloballyandoneachinterface.EnablingDVMRPonarouted interfacerequirescompletingthestepslistedinTable 161. Table 16-1
    To do this... Globally enable IGMP. Globally enable DVMRP. Enable IGMP on each interface. Enable DVMRP on each interface .

    Commands to Enable DVMRP on an Interface


    Use these commands... ip igmp on page 10-10 ip dvmrp on page 16-32. ip igmp enable on page 10-10 ip dvmrp enable on page 16-32

    Enterasys G-Series CLI Reference

    16-31

    ip dvmrp

    ip dvmrp
    UsethiscommandtoenabletheDVMRPprocess.Thenoformofthiscommanddisablesthe DVMRPprocess:

    Syntax
    ip dvmrp no ip dvmrp

    Parameters
    None.

    Defaults
    None.

    Mode
    Globalconfiguration:G3(su)>router(Config)#

    Example
    ThisexampleshowshowtoenabletheDVMRPprocess:
    G3(su)->router(Config)#ip dvmrp

    ip dvmrp enable
    UsethiscommandtoenableDVMRPonaninterface.Thenoformofthiscommanddisables DVMRPonaninterface:

    Syntax
    ip dvmrp enable no ip dvmrp enable

    Parameters
    None.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtoenableDVMRPontheVLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip dvmrp enable

    16-32

    IPv4 Routing Protocol Configuration

    ip dvmrp metric

    ip dvmrp metric
    UsethiscommandtoconfigurethemetricassociatedwithasetofdestinationsforDVMRP reports.

    Syntax
    ip dvmrp metric metric

    Parameters
    metric SpecifiesametricassociatedwithasetofdestinationsforDVMRP reports.Validvaluesarefrom1to31.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    ToresettheDVMRPmetricbacktothedefaultvalueof1,enteripdvmrpmetric1.

    Example
    ThisexampleshowshowtosetaDVMRPof16ontheVLAN1interface:
    G3(su)->router(Config-if(Vlan 1))#ip dvmrp metric 16

    show ip dvmrp
    UsethiscommandtodisplayDVMRProutinginformation.

    Syntax
    show ip dvmrp [route | neighbor | status]

    Parameters
    route|neighbor| status (Optional)Displays,DVMRProutinginformation,neighborinformation, orDVMRPenablestatus.

    Defaults
    Ifnooptionalparametersarespecified,statusinformationwillbedisplayed.

    Mode
    Anyroutermode.

    Enterasys G-Series CLI Reference

    16-33

    Configuring IRDP

    Example
    ThisexampleshowshowtodisplayDVMRPstatusinformation:
    G3(su)->router#show ip dvmrp Vlan Id Metric Admin Status -----------------------10 Enabled 18 Enabled 20 Enabled 25 Enabled 32 Enabled 500 Enabled Oper. Status -----------Enabled Enabled Enabled Enabled Enabled Disabled

    Configuring IRDP
    Purpose
    ToenableandconfiguretheICMPRouterDiscoveryProtocol(IRDP)onaninterface.This protocolenablesahosttodeterminetheaddressofarouteritcanuseasadefaultgateway.Itis disabledbydefault.

    Commands
    For information about... ip irdp enable ip irdp maxadvertinterval ip irdp minadvertinterval ip irdp holdtime ip irdp preference ip irdp broadcast show ip irdp Refer to page... 16-34 16-35 16-35 16-36 16-36 16-37 16-38

    ip irdp enable
    UsethiscommandtoenableIRDPonaninterface.ThenoformofthiscommanddisablesIRDPon aninterface.

    Syntax
    ip irdp enable no ip irdp enable

    Parameters
    None.

    Defaults
    None.

    16-34

    IPv4 Routing Protocol Configuration

    ip irdp maxadvertinterval

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtoenableIRDPontheVLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip irdp enable

    ip irdp maxadvertinterval
    UsethiscommandtosetthemaximumintervalinsecondsbetweenIRDPadvertisements.Theno formofthiscommandresetsthemaximumadvertisementintervaltothedefaultvalueof600 seconds.

    Syntax
    ip irdp maxadvertinterval interval no irdp maxadvertinterval

    Parameters
    interval Specifiesamaximumadvertisementintervalinseconds.Validvaluesare 4to1800.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtosetthemaximumIRDPadvertisementintervalto1000secondsonthe VLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip irdp maxadvertinterval 1000

    ip irdp minadvertinterval
    UsethiscommandtosettheminimumintervalinsecondsbetweenIRDPadvertisements.Theno formofthiscommanddeletesthecustomholdtimesetting,andresetstheminimum advertisementintervaltothedefaultvalueofthreefourthsofthemaxadvertintervalvalue,which isequalto450seconds.

    Syntax
    ip irdp minadvertinterval interval no irdp minadvertinterval

    Enterasys G-Series CLI Reference

    16-35

    ip irdp holdtime

    Parameters
    interval Specifiesaminimumadvertisementintervalinseconds.Validvaluesare 3to1800.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtosettheminimumIRDPadvertisementintervalto500secondsonthe VLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip irdp minadvertinterval 500

    ip irdp holdtime
    UsethiscommandtosetthelengthoftimeinsecondsIRDPadvertisementsareheldvalid.Theno formofthiscommandresetstheholdtimetothedefaultvalueofthreetimesthe maxadvertintervalvalue,whichisequalto1800seconds.

    Syntax
    ip irdp holdtime holdtime no irdp holdtime

    Parameters
    holdtime Specifiestheholdtimeinseconds.Validvaluesare0to 9000.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtosettheIRDPholdtimeto4000secondsontheVLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip irdp holdtime 4000

    ip irdp preference
    UsethiscommandtosettheIRDPpreferencevalueforaninterface.ThisvalueisusedbyIRDPto determinetheinterfacesselectionasadefaultgatewayaddress.Thenoformofthiscommand resetstheinterfacesIRDPpreferencevaluetothedefaultof0.

    16-36

    IPv4 Routing Protocol Configuration

    ip irdp broadcast

    Syntax
    ip irdp preference preference no irdp preference

    Parameters
    preference Specifiesthevaluetoindicatetheinterfacesuseasadefaultrouter address.Validvaluesare2147483648to2147483647. Theminimumvalueindicatesthattheaddress,eventhoughitmaybe advertised,isnottobeusedbyneighboringhostsasadefaultrouter address.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtosetIRDPpreferenceontheVLAN1interfacesothattheinterfaces addressmaystillbeadvertised,butcannotbeusedbyneighboringhostsasadefaultrouter address:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip irdp preference -2147483648

    ip irdp broadcast
    UsethiscommandtoconfigureIRDPtousethelimitedbroadcastaddressof255.255.255.255.The defaultismulticastwithaddress224.0.0.1.ThenoformofthiscommandresetsIRDPtouse multicastonIPaddress224.0.0.1.

    Syntax
    ip irdp broadcast no ip irdp broadcast

    Parameters
    None.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtoenablebroadcastforIRDPontheVLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip irdp broadcast

    Enterasys G-Series CLI Reference

    16-37

    show ip irdp

    show ip irdp
    UsethiscommandtodisplayIRDPinformation.

    Syntax
    show ip irdp [vlan vlan-id]

    Parameters
    vlanvlanid (Optional)DisplaysIRDPinformationforaspecificVLAN.ThisVLAN mustbeconfiguredforIProutingasdescribedinPreRouting ConfigurationTasksonpage141.

    Defaults
    Ifvlanvlanidisnotspecified,IRDPinformationforallinterfaceswillbedisplayed.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtodisplayIRDPinformationfortheVLAN1interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(vlan 1))#show ip irdp vlan 1 Interface vlan 1 has router discovery enabled Advertisements will occur between 450 and 600 seconds Advertisements are sent with broadcasts Advertisements are valid for 1800 seconds Default preference will be 0

    Configuring VRRP
    * Advanced License Required *
    VRRP is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described in Activating Licensed Features on page 2-27.in order to enable the VRRP command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales.

    Purpose
    ToenableandconfiguretheVirtualRouterRedundancyProtocol(VRRP).Thisprotocol eliminatesthesinglepointoffailureinherentinthestaticdefaultroutedenvironmentby transferringtheresponsibilityfromoneroutertoanotheriftheoriginalroutergoesdown.VRRP enabledroutersdecidewhowillbecomemasterandwhowillbecomebackupintheeventthe masterfails.

    16-38

    IPv4 Routing Protocol Configuration

    router vrrp

    Commands
    For information about... router vrrp create address priority advertise-interval preempt enable ip vrrp authentication-key show ip vrrp Refer to page... 16-39 16-40 16-40 16-41 16-42 16-43 16-43 16-44 16-45

    router vrrp
    UsethiscommandtoenableordisableVRRPconfigurationmode.Thenoformofthiscommand removesallVRRPconfigurationsfromtherunningconfiguration.

    Syntax
    router vrrp no router vrrp

    Parameters
    None.

    Defaults
    None.

    Mode
    Globalconfiguration:G3(su)>router(Config)#

    Usage
    Youmustexecutetheroutervrrpcommandtoenabletheprotocolbeforecompletingother VRRPspecificconfigurationtasks.Fordetailsonenablingconfigurationmodes,referto Table 142inEnablingRouterConfigurationModesonpage142.

    Example
    ThisexampleshowshowenableVRRPconfigurationmode:
    G3(su)->router#configure G3(su)->router(Config)#router vrrp G3(su)->router(Config-router)#

    Enterasys G-Series CLI Reference

    16-39

    create

    create
    UsethiscommandtocreateaVRRPsession.EachGSeriessystemsupportsupto20VRRP sessions.ThenoformofthiscommanddisablestheVRRPsession.

    Syntax
    create vlan vlan-id vrid no create vlan vlan-id vrid

    Parameters
    vlanvlanid SpecifiesthenumberoftheVLANonwhichtocreateaVRRPsession.This VLANmustbeconfiguredforIProutingasdescribedinPreRouting ConfigurationTasksonpage141. SpecifiesauniqueVirtualRouterID(VRID)toassociatewiththerouting interface.

    vrid

    Defaults
    None.

    Mode
    Router configuration: G3(su)->router(Config-router)#

    Usage
    ThiscommandmustbeexecutedtocreateaninstanceofVRRPonaroutinginterface(VLAN) beforeanyotherVRRPsettingscanbeconfigured.

    Example
    ThisexampleshowshowtocreateaVRRPsessionontheVLAN1interfacewithaVRIDof1:
    G3(su)->router(Config)#router vrrp G3(su)->router(Config-router)#create vlan 1 1

    address
    UsethiscommandtoconfigureavirtualrouterIPaddress.Thenoformofthiscommandclears theVRRPaddressconfiguration.

    Syntax
    address vlan vlan-id vrid ip-address owner no address vlan vlan-id vrid ip-address owner

    Parameters
    vlanvlanid SpecifiesthenumberoftheVLANonwhichtoconfigureavirtualrouter address.ThisVLANmustbeconfiguredforIProutingasdescribedinPre RoutingConfigurationTasksonpage141. SpecifiesauniqueVirtualRouterID(VRID)associatedwiththerouting interface. SpecifiesthevirtualrouterIPaddresstoassociatewiththerouter.

    vrid ipaddress

    16-40

    IPv4 Routing Protocol Configuration

    priority

    owner

    SpecifiesavaluetoindicateiftherouterownstheIPaddressasoneofits interfaces.Validvaluesare: 1toindicatetherouterownstheaddress. 0toindicatetherouterdoesnotowntheaddress.

    Defaults
    None.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Usage
    IfthevirtualrouterIPaddressisthesameastheinterface(VLAN)addressownedbyaVRRP router,thentherouterowningtheaddressbecomesthemaster.Themastersendsan advertisementtoallotherVRRProutersdeclaringitsstatusandassumesresponsibilityfor forwardingpacketsassociatedwithitsvirtualrouterID(VRID). IfthevirtualrouterIPaddressisnotownedbyanyoftheVRRProuters,thentherouterscompare theirprioritiesandthehigherpriorityownerbecomesthemaster.Ifpriorityvaluesarethesame, thentheVRRProuterwiththehigherIPaddressisselectedmaster.Fordetailsonusingthe prioritycommand,refertopriorityonpage1641.

    Example
    Thisexampleshowshowtoconfigureavirtualrouteraddressof182.127.62.1ontheVLAN1 interface,VRID1,andtosettherouterconnectedtotheVLANviathisinterfaceasthemaster:
    G3(su)->router(Config)#router vrrp G3(su)->router(Config-router)#address vlan 1 1 182.127.62.1 1

    priority
    UsethiscommandtosetapriorityvalueforaVRRProuter.Thenoformofthiscommandclears theVRRPpriorityconfiguration.

    Syntax
    priority vlan vlan-id vrid priority-value no priority vlan vlan-id vrid priority-value

    Parameters
    vlanvlanid SpecifiesthenumberoftheVLANonwhichtoconfigureVRRPpriority. ThisVLANmustbeconfiguredforIProutingasdescribedinPreRouting ConfigurationTasksonpage141. SpecifiesauniqueVirtualRouterID(VRID)associatedwiththerouting interface.Validvaluesarefrom1to255.

    vrid

    Enterasys G-Series CLI Reference

    16-41

    advertise-interval

    priorityvalue

    SpecifiestheVRRPpriorityvaluetoassociatewiththevrid.Validvaluesare from1to254,withthehighestvaluesettingthehighestpriority.Priority valueof255isreservedfortheVRRProuterthatownstheIPaddress associatedwiththevirtualrouter.Priority0isreservedforsignalingthat themasterhasstoppedworkingandthebackuproutermusttransitionto masterstate.

    Defaults
    None.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Example
    ThisexampleshowshowsetaVRRPpriorityof200ontheVLAN1interface,VRID1:
    G3(su)->router(Config)#router vrrp G3(su)->router(Config-router)#priority vlan 1 1 200

    advertise-interval
    UsethiscommandtosettheintervalinsecondsbetweenVRRPadvertisements.Thenoformof thiscommandclearstheVRRPadvertiseintervalvalue.

    Syntax
    advertise-interval vlan vlan-id vrid interval no advertise-interval vlan vlan-id vrid interval

    Parameters
    vlanvlanid SpecifiesthenumberoftheVLANonwhichtoconfiguretheVRRP advertisementinterval.ThisVLANmustbeconfiguredforIProutingas describedinPreRoutingConfigurationTasksonpage141. SpecifiesauniqueVirtualRouterID(VRID)associatedwiththerouting interface.Validvaluesarefrom1to255. SpecifiesaVRRPadvertisementintervaltoassociatewiththevrid.Valid valuesarefrom1to255seconds.

    vrid interval

    Defaults
    None.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Usage
    VRRPadvertisementsaresentbythemasterroutertootherroutersparticipatingintheVRRP masterselectionprocess,informingthemofitsconfiguredvalues.Oncethemasterisselected, thenadvertisementsaresenteveryadvertisingintervaltoletotherVRRProutersinthisVLAN/ VRIDknowtherouterisstillactingasmasteroftheVLAN/VRID.

    16-42

    IPv4 Routing Protocol Configuration

    preempt

    AllrouterswiththesameVRIDshouldbeconfiguredwiththesameadvertisementinterval.

    Example
    Thisexampleshowshowsetanadvertiseintervalof3secondsontheVLAN1interface,VRID1:
    G3(su)->router(Config)#router vrrp G3(su)->router(Config-router)#advertise-interval vlan 1 1 3

    preempt
    UsethiscommandtoenableordisablepreemptmodeonaVRRProuter.Thenoformofthis commanddisablespreemptmode.

    Syntax
    preempt vlan-id vrid no preempt vlan-id vrid

    Parameters
    vlanvlanid SpecifiesthenumberoftheVLANonwhichtosetpreemptmode.This VLANmustbeconfiguredforIProutingasdescribedinPreRouting ConfigurationTasksonpage141. SpecifiesauniqueVirtualRouterID(VRID)associatedwiththerouting interface.Validvaluesarefrom1to255.

    vrid

    Defaults
    None.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Usage
    PreemptisenabledonVRRProutersbydefault,whichallowsahigherprioritybackuprouterto preemptalowerprioritymaster. TherouterthatownsthevirtualrouterIPaddressalwayspreemptsotherrouters,regardlessof thissetting.

    Example
    ThisexampleshowshowtodisablepreemptmodeontheVLAN1interface,VRID1:
    G3(su)->router(Config)#router vrrp G3(su)->router(Config-router)#no preempt vlan 1 1

    enable
    UsethiscommandtoenableVRRPonaninterface.ThenoformofthiscommanddisablesVRRP onaninterface.

    Syntax
    enable vlan vlan-id vrid

    Enterasys G-Series CLI Reference

    16-43

    ip vrrp authentication-key

    no enable vlan vlan-id vrid

    Parameters
    vlanvlanid SpecifiesthenumberoftheVLANonwhichtoenableVRRP.ThisVLAN mustbeconfiguredforIProutingasdescribedinPreRouting ConfigurationTasksonpage141. SpecifiestheVirtualRouterID(VRID)associatedwiththevlanid.Valid valuesarefrom1to255.

    vrid

    Defaults
    None.

    Mode
    Routerconfiguration:G3(su)>router(Configrouter)#

    Example
    ThisexampleshowshowtoenableVRRPontheVLAN1interface,VRID1:
    G3(su)->router(Config)#router vrrp G3(su)->router(Config-router)#enable vlan 1 1

    ip vrrp authentication-key
    UsethiscommandtoenableordisableaVRRPauthenticationkey(password)foruseonan interface.ThenoformofthiscommandpreventsVRRPfromusingauthentication.

    Syntax
    ip vrrp authentication-key name no ip vrrp authentication-key

    Parameters
    name SpecifiesthepasswordtoenableordisableforVRRPauthentication.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtosettheVRRPauthenticationkeychaintopasswordontheVLAN1 interface:
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip vrrp authentication-key password

    16-44

    IPv4 Routing Protocol Configuration

    show ip vrrp

    show ip vrrp
    UsethiscommandtodisplayVRRProutinginformation.

    Syntax
    show ip vrrp

    Parameters
    None.

    Defaults
    None.

    Mode
    Anyroutermode.

    Example
    ThisexampleshowshowtodisplayVRRPinformation
    G3(su)->router(Config)#show ip vrrp -----------VRRP CONFIGURATION----------Vlan Vrid State Owner AssocIpAddr 2 1 Initialize 0 25.25.2.1

    Priority 100

    Configuring PIM-SM
    * Advanced License Required *
    PIM is an advanced routing feature that must be enabled with a license key. If you have purchased an advanced license key, and have enabled routing on the device, you must activate your license as described in Activating Licensed Features on page 2-27.in order to enable the PIM command set. If you wish to purchase an advanced routing license, contact Enterasys Networks Sales.

    Purpose
    ToenableandconfigureProtocolIndependentMulticastinSparseMode(PIMSM).Thisprotocol providesthemeansofdynamicallylearninghowtoforwardmulticasttrafficinanenvironment wheregroupmembersaresparselylocatedthroughoutthenetworkandbandwidthislimited.In situationswheremembersaredenselylocatedandbandwidthisplentiful,DVMRPwouldsuffice (seeConfiguringDVMRPonpage1631.) PIMSMdeterminesthenetworktopologyusingtheunderlyingunicastroutingprotocoltobuild aMulticastRoutingInformationBase(MRIB).
    Note: IGMP must be enabled on all VLANs running PIM-SM, and must also be globally enabled on the G-Series. For details on enabling IGMP, refer to Chapter 10.

    Enterasys G-Series CLI Reference

    16-45

    ip pimsm

    Commands
    For information about... Global configuration commands ip pimsm ip pimsm staticrp Interface configuration commands ip pimsm enable ip pimsm query-interval Display commands show ip pimsm show ip pimsm componenttable show ip pimsm interface show ip pimsm neighbor show ip pimsm rp show ip pimsm rphash show ip pimsm staticrp 16-48 16-49 16-50 16-52 16-52 16-54 16-54 16-47 16-48 16-46 16-47 Refer to page...

    ip pimsm
    ThiscommandsetsadministrativemodeofPIMSMmulticastroutingacrosstherouterto enabled.IGMPmustbeenabledbeforePIMSMcanbeenabled.Bydefault,bothIGMPandPIM aregloballydisabled.ThenoformofthiscommanddisablesPIM.

    Syntax
    ip pimsm no ip pimsm

    Parameters
    None.

    Defaults
    None.

    Mode
    Globalrouterconfiguration:G3(su)>router(Config)#

    Example
    ThisexampleshowshowtogloballyenableanddisablePIM:
    G3(su)->router(Config)# ip pimsm G3(su)->router(Config)# no ip pimsm

    16-46

    IPv4 Routing Protocol Configuration

    ip pimsm staticrp

    ip pimsm staticrp
    ThiscommandisusedtocreateamanualRendezvousPointIPaddressforthePIMSMrouter. ThenoformofthiscommandremovesapreviouslyconfiguredRP.

    Syntax
    ip pimsm staticrp ipaddress groupadress groupmask no ip pimsm staticrp ipaddress groupadress groupmask

    Parameters
    ipaddress groupadress groupmask TheIPaddressoftheRendezvousPoint ThegroupaddresssupportedbytheRendezvousPoint Thegroupmaskforthegroupaddress

    Defaults
    None.

    Mode
    GlobalRouterconfiguration:G3(su)>router(Config)#

    Example
    ThisexampleshowshowtosetanRPforaspecificmulticastgroup.
    G3(su)->router(Config)# ip pimsm staticrp 192.15.18.3 224.0.0.0 240.0.0.0

    ip pimsm enable
    ThiscommandsetstheadministrativemodeofPIMSMmulticastroutingonaroutinginterfaceto enabled.Bydefault,PIMisdisabledonallIPinterfaces.Thenoformofthiscommanddisables PIMonthespecificinterface.

    Syntax
    ip pimsm enable no ip pimsm enable

    Parameters
    None.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    ThisexampleshowshowtoenablePIMonIPinterfaceforVLAN1.
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip pimsm enable
    Enterasys G-Series CLI Reference 16-47

    ip pimsm query-interval

    ip pimsm query-interval
    Thiscommandconfiguresthetransmissionfrequencyofhellomessagesinsecondsbetween PIMenabledneighbors.Thenoformofthiscommandresetsthehellointervaltothedefault,30 seconds.

    Syntax
    ip pimsm query-interval seconds no ip pimsm query-interval

    Parameters
    seconds Thisfieldhasarangeof10to3600seconds.Defaultis30.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Example
    Thisexampleshowshowtosetthehellointervalrateto100seconds.
    G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip pimsm query-interval 100

    show ip pimsm
    UsethiscommandtodisplaysystemwidePIMSMroutinginformation.

    Syntax
    show ip pimsm

    Parameters
    None.

    Defaults
    None.

    Mode
    Anyroutermode.

    16-48

    IPv4 Routing Protocol Configuration

    show ip pimsm componenttable

    Example
    ThisexampleshowshowtodisplayPIMinformation.
    G3(su)->router# show ip pimsm Admin Mode Enable Join/Prune Interval (secs) 60 PIM-SM INTERFACE STATUS VlanId Interface Mode --------- -------------8 Disable 16 Enable 17 Enable 20 Enable 30 Enable 31 Disable 32 Disable 33 Disable

    Protocol State ---------------Non-Operational Operational Operational Operational Operational Non-Operational Non-Operational Non-Operational

    Table 167providesanexplanationofthecommandoutput. Table 16-7


    Output Field Admin Mode Join/Prune Interval (secs) VlanId Interface Mode Protocol State

    show ip pimsm Output Details


    What it displays This field indicates whether PIM-SM is enabled or disabled. This is a configured value. This field shows the interval at which periodic PIM-SM Join/Prune messages are to be sent. VLAN id associated with the PIM IP Interface. This field indicates whether PIM-SM is enabled or disabled on the interface. This is a configured value. This field indicates the current state of the PIM-SM protocol on the interface. Possible values are Operational or Non-Operational.

    show ip pimsm componenttable


    ThiscommanddisplaysthetablecontainingobjectsspecifictoaPIMdomain.Onerowexistsfor eachdomaintowhichtherouterisconnected.

    Syntax
    show ip pimsm componenttable

    Parameters
    None.

    Defaults
    None.

    Mode
    Anyroutermode.

    Enterasys G-Series CLI Reference

    16-49

    show ip pimsm interface

    Example
    ThisexampleshowshowtodisplayPIMrouterinformation:
    G3(su)->router> show ip pimsm componenttable COMPONENT TABLE Component Index ---------1 Component BSR Address Component BSR Expiry Time (hh:mm:ss) --------------- --------------192.168.30.2 00:02:10 Component CRP Hold Time (hh:mm:ss) ------------00:00:00

    Table 168providesanexplanationofthecommandoutput. Table 16-8


    Output Field Component Index Component BSR Address Component BSR Expiry Time Component CRP Hold Time

    show ip pimsm componenettable Output Details


    What it displays This field displays a number which uniquely identifies the component. This field displays the IP address of the bootstrap router (BSR) for the local PIM region. This field displays the minimum time remaining before the BSR in the local domain will be declared down. This field displays the hold time of the component when it is a candidate rendezvous point.

    show ip pimsm interface


    ThiscommanddisplaysPIMSMstatusoftherouterinterfaces.Withthestatsparameter,this commanddisplaysstatisticalinformationforPIMSMonthespecifiedinterface.

    Syntax
    show ip pimsm interface {vlan vlan-id | stats {vlan-id | all}}

    Parameters
    vlanvlanid stats vlanid|all DisplayPIMSMinformationforthespecifiedIPinterfaceenabledfor PIM. DisplayPIMSMinterfacestatistics. DisplaystatisticsforaspecificVLANorallVLANs.

    Defaults
    None.

    Mode
    Anyroutermode.

    16-50

    IPv4 Routing Protocol Configuration

    show ip pimsm interface

    Examples
    ThisexampleshowshowtodisplayPIMinterfaceinformation.
    G3(su)->router> show ip pimsm interface vlan 30
    .

    VLAN ID IP Address Subnet Mask Mode Hello Interval (secs) CBSR Preference CRP Preference CBSR Hash Mask Length

    30 192.168.30.1 255.255.255.0 enable 30 secs -1 -1 30

    Table 169providesanexplanationoftheshowippimsminterfacevlancommandoutput. Table 16-9


    Output Field IP Address Subnet Mask Mode Hello Interval CBSR Preference CRP Preference CBSR Hash Mask Length

    show ip pimsm interface vlan Output Details


    What it displays The IP address of the specified interface. The Subnet Mask for the IP address of the PIM interface. Indicates whether PIM-SM is enabled or disabled on the specified interface. This is a configured value. By default it is disabled. Indicates the frequency at which PIM hello messages are transmitted on this interface. This is a configured value. By default, the value is 30 seconds The preference value for the local interface as a candidate bootstrap router. The preference value as a candidate rendezvous point on this interface. The hash mask length to be advertised in bootstrap messages if this interface is elected as the bootstrap router. The value is used in the hash algorithm for selecting the RP for a particular group.

    ThisexampleshowshowtodisplayPIMinterfacestatistics.
    G3(su)->router> show ip pimsm interface stats all
    .

    Vlan ID --------6 7 8 30

    IP Address --------------192.168.6.2 192.168.7.1 192.168.8.1 192.168.30.1

    Subnet Mask --------------255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0

    Neighbor Designated Router count ----------------- ---------0.0.0.0 0 192.168.7.1 0 0.0.0.0 0 192.168.30.2 1

    Table 1610providesanexplanationoftheshowippimsminterfacestatscommandoutput. Table 16-10


    Output Field IP Address Subnet Mask Designated Router Neighbor Count

    show ip pimsm interface stats Output Details


    What it displays The IP Address that represents the PIM-SM interface. The Subnet Mask of this PIM-SM interface. IP Address of the Designated Router for this interface. The number of neighbors on the PIM-SM interface.

    Enterasys G-Series CLI Reference

    16-51

    show ip pimsm neighbor

    show ip pimsm neighbor


    DisplaytheroutersPIMneighbors.

    Syntax
    show ip pimsm neighbor [vlan-id]

    Parameters
    vlanid (Optional)DisplayallneighborsdiscoveredonaspecificInterface.

    Mode
    Anyroutermode.

    Defaults
    IftheVLANidisomitted,allneighborsoffallinterfaceswillbedisplayed.

    Example
    ThisexampleshowshowtodisplayPIMinformation:
    G3(su)->router> show ip pimsm neighbor NEIGHBOR TABLE IP Address Up Time (hh:mm:ss) ---------------- ---------192.168.30.2 01:36:41 192.168.6.1 01:36:41

    Vlan ID --------30 6

    Expiry Time (hh:mm:ss) -----------00:01:25 00:01:25

    Table 1611providesanexplanationofthecommandoutput. Table 16-11


    Output Field Vlan ID IP Address Up Time Expiry Time

    show ip pimsm neighbor Output Details


    What it displays VLAN id of the interface. The IP Address of the neighbor on an interface The time since this neighbor has become active on this interface. The expiry time of the neighbor on this interface.

    show ip pimsm rp
    ThiscommanddisplaysthePIMinformationforcandidateRendezvousPoints(RPs)forallIP multicastgroupsorforaspecificgroupaddress.Theinformationinthetableisdisplayedforeach IPmulticastgroup.

    Syntax
    show ip pimsm rp {group-address group-mask | all | candidate}

    16-52

    IPv4 Routing Protocol Configuration

    show ip pimsm rp

    Parameters
    groupaddress groupmask all candidate ThemulticastgroupIPaddress. Themulticastgroupaddresssubnetmask. Forallknowngroupaddresses. DisplayPIMSMcandidateRPtableinformation.

    Defaults
    None.

    Mode
    Anyroutermode.

    Examples
    ThisexampleshowshowtodisplaytheRPsetforaspecificgroupaddress.
    G3(su)->router> show ip pimsm rp 224.0.0.0 240.0.0.0 RP SET TABLE Group Address Hold Time Expiry Time Component C-RP Priority (hh:mm:ss) (hh:mm:ss) --------- ---------- ----------- ---------- ----------- --------- ----------224.0.0.0 240.0.0.0 192.168.30.2 00:02:15 00:02:30 1 0 Group Mask Address

    Table 1612providesanexplanationofthecommandoutput. Table 16-12


    Output Field Group Address Group Mask Address Hold Time Expiry Time Component C-RP Priority

    show ip pimsm rp Output Details


    What it displays The address of the group for which the RP set is displayed. The mask of the group address. The IP address of the RP. The hold time of the RP. The minimum time remaining before the RP will be declared down. A number which uniquely identifies the component. Each protocol instance connected to a separate domain should have a different index value. The candidate-RP priority of the RP.

    ThisexampleshowshowtodisplaythecandidateRPsforeachgroupaddress.
    G3(su)->router> show ip pimsm rp candidate CANDIDATE RP TABLE Group Address Group Mask Address --------------- --------------- --------------224.0.0.0 240.0.0.0 192.168.30.2

    Enterasys G-Series CLI Reference

    16-53

    show ip pimsm rphash

    show ip pimsm rphash


    DisplaystheRendezvousPointrouterthatwillbeselectedfromthesetofactiveRProuters.The RProuter,forthegroup,isselectedbyusingthehashalgorithmdefinedinRFC2362.

    Syntax
    show ip pimsm rphash group-address

    Parameters
    groupaddress TheGroupAddressfortheRP.

    Defaults
    None.

    Mode
    Anyroutermode.

    Example
    ThisexampleshowshowtodisplayRPthatwillbeselectedforgroupaddress224.0.0.0:
    G3(su)->router> show ip pimsm rphash 224.0.0.0 192.168.129.223

    show ip pimsm staticrp


    DisplaythePIMSMstaticRendezvousPointinformation.

    Syntax
    show ip pimsm staticrp

    Parameters
    None.

    Mode
    Anyroutermode.

    Defaults
    None.

    Example
    ThisexampleshowshowtodisplayPIMinformation.
    G3(su)->router# show ip pimsm staticrp STATIC RP TABLE Address Group Address Group Mask --------------- --------------- --------------123.231.111.121 234.0.0.0 255.0.0.0 192.168.129.223 224.0.0.0 240.0.0.0

    16-54

    IPv4 Routing Protocol Configuration

    show ip pimsm staticrp

    Table 1613providesanexplanationofthecommandoutput. Table 16-13


    Output Field Address Group Address Group Mask

    show ip pimsm staticrp Output Details


    What it displays The IP address of the RP. The group address supported by the RP. The group mask for the group address.

    Enterasys G-Series CLI Reference

    16-55

    show ip pimsm staticrp

    16-56

    IPv4 Routing Protocol Configuration

    17
    IPv6 Management
    ThischapterdescribestheswitchmodesetofcommandsusedtomanageIPv6.

    Purpose
    ToenableordisabletheIPv6managementfunction,toconfigureanddisplaytheIPv6host addressandIPv6gatewayfortheswitch,andtodisplayIPv6statusinformation.

    Commands
    For information about... show ipv6 status set ipv6 set ipv6 address show ipv6 address clear ipv6 address set ipv6 gateway clear ipv6 gateway show ipv6 neighbors show ipv6 netstat ping ipv6 traceroute ipv6 Refer to page... 17-1 17-2 17-3 17-4 17-4 17-5 17-6 17-6 17-7 17-8 17-9

    show ipv6 status


    UsethiscommandtodisplaythestatusoftheIPv6managementfunction.

    Syntax
    show ipv6 status

    Parameters
    None.

    Enterasys G-Series CLI Reference

    17-1

    set ipv6

    Defaults
    None.

    Mode
    Switchmode,readonly.

    Example
    ThisexampleshowshowtodisplayIPv6managementfunctionstatus.
    G3(ro)->show ipv6 status IPv6 Administrative Mode: Disabled

    set ipv6
    UsethiscommandtogloballyenableordisabletheIPv6managementfunction.

    Syntax
    set ipv6 {enable | disable}

    Parameters
    enable|disable EnableordisabletheIPv6managementfunction.

    Defaults
    Bydefault,IPv6managementisdisabled.

    Mode
    Switchmode,readwrite.

    Usage
    WhenyouenableIPv6managementontheswitch,thesystemautomaticallygeneratesalinklocal hostaddressfortheswitchfromthehostMACaddress.YoucansetadifferenthostIPv6address withthesetipv6addresscommand.

    Example
    ThisexampleshowshowtoenableIPv6management.
    G3(su)-> set ipv6 enable G3(su)->show ipv6 status IPv6 Administrative Mode: Enabled G3(su)->show ipv6 address Name IPv6 Address --------------------------------------------------host FE80::201:F4FF:FE5C:2880/64

    17-2

    IPv6 Management

    set ipv6 address

    set ipv6 address


    UsethiscommandtoconfigureIPv6globaladdressinginformation.

    Syntax
    set ipv6 address ipv6-addr/prefix-length [eui64]

    Parameters
    ipv6addr TheIPv6addressorprefixtobeconfigured.Thisparametermustbeinthe formdocumentedinRFC4291,withtheaddressspecifiedinhexadecimal using16bitvaluesbetweencolons. ThelengthoftheIPv6prefixforthisaddress.Thevalueofprefixlengthisa decimalnumberindicatingthenumberofhighordercontiguousbitsofthe addressthatcomprisethenetworkportionoftheaddress. (Optional)FormulatetheIPv6addressusinganEUI64IDinthelower order64bitsoftheaddress.

    prefixlength

    eui64

    Defaults
    NoglobalunicastIPv6addressisdefinedbydefault.

    Mode
    Switchmode,readwrite.

    Usage
    UsethiscommandtomanuallyconfigureaglobalunicastIPv6addressforIPv6management.You canspecifytheaddresscompletely,oryoucanusetheoptionaleui64parametertoallowthe switchtogeneratethelowerorder64bitsoftheaddress. Whenusingtheeui64parameter,youspecifyonlythenetworkprefixandlength.

    Examples
    ThisexampleshowshowtocompletelyspecifyanIPv6addressbyenteringall128bitsandthe prefix:
    G3(su)->set ipv6 address 2001:0db8:1234:5555::9876:2/64 G3(su)->show ipv6 address Name IPv6 Address --------------------------------------------------host FE80::201:F4FF:FE5C:2880/64 host 2001:DB8:1234:5555::9876:2/64

    Thisexampleshowshowtousetheeui64parametertoconfigurethelowerorder64bits:
    G3(su)->set ipv6 address 2001:0db8:1234:5555::/64 eui64 G3(su)->show ipv6 address Name IPv6 Address --------------------------------------------------host FE80::201:F4FF:FE5C:2880/64 host 2001:DB8:1234:5555:201:F4FF:FE5C:2880/64

    Enterasys G-Series CLI Reference

    17-3

    show ipv6 address

    show ipv6 address


    UsethiscommandtodisplaythesystemIPv6address(es)andIPv6gatewayaddress(default router),ifconfigured.

    Syntax
    show ipv6 address

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Usage
    ThiscommanddisplaystheIPv6addressesconfiguredautomaticallyandwiththesetipv6 addressandsetipv6gatewaycommands.

    Example
    ThisexampledisplaysthreeIPv6managementaddressesconfiguredfortheswitch.
    G3(su)->show ipv6 address Name IPv6 Address --------------------------------------------------host FE80::201:F4FF:FE5C:2880/64 host 2001:DB8:1234:5555:201:F4FF:FE5C:2880/64 gateway FE80::201:F4FF:FE5D:1234

    clear ipv6 address


    UsethiscommandtoclearIPv6globaladdresses.

    Syntax
    clear ipv6 [address {all|ipv6-addr/prefix-length}]

    Parameters
    ipv6addr TheIPv6addresstobecleared.Thisparametermustbeintheform documentedinRFC4291,withtheaddressspecifiedinhexadecimalusing 16bitvaluesbetweencolons. ThelengthoftheIPv6prefixforthisaddress.Thevalueofprefixlengthisa decimalnumberindicatingthenumberofhighordercontiguousbitsofthe addressthatcomprisethenetworkportionoftheaddress. DeletesallIPv6globaladdresses.

    prefixlength

    all

    Defaults
    Ifaddressisnotentered,allmanuallyconfiguredglobalIPv6addressesarecleared.
    17-4 IPv6 Management

    set ipv6 gateway

    Mode
    Switchmode,readwrite.

    Usage
    Thiscommandclearsaddressesmanuallyconfiguredwiththesetipv6addresscommand.Usethe clearipv6gatewaycommandtocleartheIPv6gatewayaddress.

    Example
    ThisexampleillustratesthatthiscommandclearsonlythoseIPv6addressesconfiguredwiththe setipv6addresscommand.Thelinklocaladdressforthehostinterfaceandthegatewayaddress arenotremovedwiththiscommand.
    G3(su)->show ipv6 address Name IPv6 Address --------------------------------------------------host FE80::201:F4FF:FE5C:2880/64 host 2001:DB8:1234:5555:201:F4FF:FE5C:2880/64 host 2001:DB8:1234:5555::9876:2/64 gateway FE80::201:F4FF:FE5D:1234 G3(su)->clear ipv6 address all G3(su)->show ipv6 address Name IPv6 Address --------------------------------------------------host FE80::201:F4FF:FE5C:2880/64 gateway FE80::201:F4FF:FE5D:1234

    set ipv6 gateway


    UsethiscommandtoconfiguretheIPv6gateway(defaultrouter)address.

    Syntax
    set ipv6 gateway ipv6-addr

    Parameters
    ipv6addr TheIPv6addresstobeconfigured.Theaddresscanbeaglobalunicastor linklocalIPv6address,intheformdocumentedinRFC4291,withthe addressspecifiedinhexadecimalusing16bitvaluesbetweencolons.

    Defaults
    None.

    Mode
    Switchmode,readwrite.

    Usage
    ThiscommandconfigurestheIPv6gatewayaddress.OnlyoneIPv6gatewayaddresscanbe configuredfortheswitch,soexecutingthiscommandwhenagatewayaddresshasalreadybeen configuredwilloverwritethepreviouslyconfiguredaddress.

    Enterasys G-Series CLI Reference

    17-5

    clear ipv6 gateway

    Usetheshowipv6addresscommandtodisplayaconfiguredIPv6gatewayaddress.

    Example
    ThisexampleshowshowtoconfigureanIPv6gatewayaddressusingalinklocaladdress.
    G3(su)->set ipv6 gateway fe80::201:f4ff:fe5d:1234 G3(su)->show ipv6 address Name IPv6 Address --------------------------------------------------host FE80::201:F4FF:FE5C:2880/64 gateway FE80::201:F4FF:FE5D:1234

    clear ipv6 gateway


    UsethiscommandtoclearanIPv6gatewayaddress.

    Syntax
    clear ipv6 gateway

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchmode,readwrite.

    Example
    ThisexampleshowshowtoremoveaconfiguredIPv6gatewayaddress.
    G3(su)->show ipv6 address Name IPv6 Address --------------------------------------------------host FE80::201:F4FF:FE5C:2880/64 gateway FE80::201:F4FF:FE5D:1234 G3(su)->clear ipv6 gateway G3(su)->show ipv6 address Name IPv6 Address --------------------------------------------------host FE80::201:F4FF:FE5C:2880/64

    show ipv6 neighbors


    UsethiscommandtodisplaythesystemIPv6NeighborDiscoveryProtocolcache.

    Syntax
    show ipv6 neighbors

    17-6

    IPv6 Management

    show ipv6 netstat

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowsexampleoutputofthiscommand.
    G3(su)->show ipv6 neighbors Last IPv6 Address MAC Address isRtr State Updated --------------------------------------- ----------------- ----- ------- ------2001:db8:1234:6666::2310:3 00:04:76:73:42:31 True Reachable 00:01:16

    show ipv6 netstat


    UsethiscommandtodisplayIPv6netstatinformation.

    Syntax
    show ipv6 netstat

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Enterasys G-Series CLI Reference

    17-7

    ping ipv6

    Example
    Thisexampleshowstheoutputofthiscommand.
    G3(su)->show ipv6 netstat Prot Local Address Foreign Address ---- -------------------------------------------TCP 3333::211:88FF:FE59:4424.22 2020::D480:1384:F58C:B114.1049 TCP 3333::211:88FF:FE59:4424.443 2020::D480:1384:F58C:B114.1056 TCP ::.23 ::.* TCP 3333::211:88FF:FE59:4424.22 2020::D480:1384:F58C:B114.1050 TCP 3333::211:88FF:FE59:4424.22 3333::2117:F1C0:90B:910D.1045 TCP ::.80 ::.* TCP ::.22 ::.* TCP TCP TCP TCP TCP 3333::211:88FF:FE59:4424.80 2020::D480:1384:F58C:B114.1053 3333::211:88FF:FE59:4424.80 2020::D480:1384:F58C:B114.1054 ::.443 ::.* 3333::211:88FF:FE59:4424.22 2020::D480:1384:F58C:B114.1048 3333::211:88FF:FE59:4424.443 2020::D480:1384:F58C:B114.1055 State ----------ESTABLISHED TIME_WAIT LISTEN ESTABLISHED ESTABLISHED LISTEN LISTEN

    ESTABLISHED ESTABLISHED LISTEN ESTABLISHED TIME_WAIT

    ping ipv6
    UsethiscommandtotestroutingnetworkconnectivitybysendingIPpingrequests.

    Syntax
    ping ipv6-addr [size num]

    Parameters
    ipv6addr SpecifiestheIPv6addressofthesystemtoping.Entertheaddressinthe formdocumentedinRFC4291,withtheaddressspecifiedinhexadecimal using16bitvaluesbetweencolons. (Optional)Specifiesthesizeofthedatagrampacket.Thevalueofnumcan rangefrom48to2048bytes.

    sizenum

    Defaults
    None.

    Mode
    Switchmode,readwrite.

    17-8

    IPv6 Management

    traceroute ipv6

    Usage
    Thiscommandisalsoavailableinroutermode.

    Examples
    ThisexampleshowsoutputfromasuccessfulpingtoIPv6address2001:0db8:1234:5555::1234:1.
    G3(su)->ping ipv6 2001:0db8:1234:5555::1234:1 2001:DB8:1234:5555::1234:1 is alive

    ThisexampleshowsoutputfromanunsuccessfulpingtoIPv6address 2001:0db8:1234:5555::1234:1.
    G3(su)->ping ipv6 2001:0db8:1234:5555::1234:1 no answer from 2001:DB8:1234:5555::1234:1

    traceroute ipv6
    Usethiscommandtodiscovertheroutesthatpacketsactuallytakewhentravelingtotheir destinationthroughthenetworkonahopbyhopbasis.

    Syntax
    traceroute ipv6 ipv6-addr

    Parameters
    ipv6addr SpecifiesahosttowhichtherouteofanIPv6packetwillbetraced.Enterthe addressintheformdocumentedinRFC4291,withtheaddressspecifiedin hexadecimalusing16bitvaluesbetweencolons.

    Defaults
    None.

    Mode
    Switchmode,readwrite.

    Usage
    Thiscommandisalsoavailableinroutermode.

    Example
    Thisexampleshowshowtousetraceroutetodisplayaroundtrippathtohost
    2001:0db8:1234:5555 G3(su)->router#traceroute ipv6 2001:0db8:1234:5555::1 Traceroute to 2001:0db8:1234:5555, 30 hops max, 40 byte packets 1 2001:0db8:1234:5555 1.000000e+00 ms 1.000000e+00 ms

    1.000000e+00 ms

    Enterasys G-Series CLI Reference

    17-9

    traceroute ipv6

    17-10

    IPv6 Management

    IPv6 Configuration
    * IPv6 Routing License Required *
    IPv6 routing must be enabled with a license key. If you have purchased an IPv6 routing license key, and have enabled routing on the device, you must activate your license as described in Activating Licensed Features on page 2-27 in order to enable the IPv6 routing configuration command set. If you wish to purchase an IPv6 routing license, contact Enterasys Networks Sales.

    18

    ThecommandsinthischapterperformconfigurationofIPv6parametersontheEnterasysG Series.ForinformationaboutspecificIPv6routingprotocols,suchasOSFPv3,refertothe appropriatechapters.ForinformationaboutmanagingIPv6functionalityattheswitchlevel,refer toChapter 17,IPv6Management.


    For information about... General Configuration Commands Interface Configuration Commands Neighbor Cache and Neighbor Discovery Commands Query Commands Refer to page... 18-3 18-9 18-12 18-19

    Overview
    IPv6andIPv4coexistontheEnterasysGSeries.AswithIPv4,IPv6routingcanbeenabledon VLANinterfaces.EachLayer3routinginterfacecanbeusedforIPv4,IPv6,orboth. TheGSeriessupportsallIPv6addressformats,includingglobalunicastaddresses,linklocal unicast,globalmulticast,scopedmulticast(includinglocalscopedmulticast),IPv4compatible addresses,unspecifiedaddresses,loopbackaddresses,andanycastaddresses. RefertothefollowingRFCsformoreinformationaboutIPv6addressformats: RFC4291,IPVersion6AddressingArchitecture RFC3587,IPv6GlobalUnicastAddressFormat RFC4007,IPv6ScopedAddressArchitecture

    ThebasicIPv6protocolspecifiesPDUoptionsoftwoclasses,bothofwhicharesupported:hop byhopoptionsanddestinationoptions.Whilenewoptionscanbedefinedinthefuture,the followingarecurrentlysupported:routing(forsourcerouting),fragment,routeralertandpad. Jumbogramsarenotsupported.InIPv6,onlysourcenodesfragment.PathMTUdiscoveryis thereforearequirement.Flowlabelsareignored. NeighborDiscoveryistheIPv6replacementforARP.TheGSeriessupportsneighboradvertise andsolicit,duplicateaddressdetection,andunreachabilitydetection.RouterAdvertisementis partoftheNeighborDiscoveryprocessandisrequiredforIPv6.Statelessautoconfigurationis partofRouterAdvertisementandtheGSeriescansupportbothstatelessandstateful


    Enterasys G-Series CLI Reference 18-1

    Overview

    autoconfigurationofendnodes.TheGSeriessupportsbothEUI64interfaceidentifiersand manuallyconfiguredinterfaceIDs. RefertothefollowingRFCsformoreinformationaboutNeighborDiscoveryandstatelessaddress autoconfiguration: RFC2461,NeighborDiscoveryforIPVersion6 RFC2462,IPv6StatelessAddressAutoconfiguration

    ForICMPv6,errorPDUgenerationissupported,asarepathMTU,echo,andredirect. RouterAdvertisementisanintegralpartofIPv6andissupported.Numerousoptionsare availableincludingstateless/statefuladdressconfiguration,routerandaddresslifetimes,and NeighborDiscoverytimercontrol.PingandtracerouteapplicationsforIPv6areprovided. ManagementofIPv6featuresisprovidedbymeansofCLIcommandsandSNMP.SeeChapter 17, IPv6ManagementfordescriptionsoftheCLIcommands.

    Default Conditions
    ThefollowingtableliststhedefaultIPv6conditions.
    Condition IPv6 forwarding IPv6 route distance IPv6 unicast-routing IPv6 enable IPv6 mtu IPv6 nd dad attempts IPv6 nd managed-config-flag IPv6 nd ns-interval IPv6 nd other-config-flag IPv6 nd ra-interval IPv6 nd ra-lifetime IPv6 nd reachable-time IPv6 nd suppress-ra IPv6 nd prefix Default Value Enabled 1 Disabled Disabled 1500 1 False 0 False 600 1800 0 Disabled Valid-lifetime 604800 Preferred-lifetime 2592000 Autoconfig enabled On-link enabled

    18-2

    IPv6 Configuration

    General Configuration Commands

    General Configuration Commands


    For information about... ipv6 forwarding ipv6 hop-limit ipv6 route ipv6 route distance ipv6 unicast-routing ping ipv6 ping ipv6 interface traceroute ipv6 Refer to page... 18-3 18-3 18-4 18-5 18-6 18-6 18-7 18-8

    ipv6 forwarding
    ThiscommandenablesordisablesIPv6forwardingontherouter.

    Syntax
    ipv6 forwarding no ipv6 forwarding

    Parameters
    None.

    Defaults
    IPv6forwardingisenabled.

    Mode
    Routerglobalconfiguration:G3(su)>router(Config)#

    Usage
    ThenoformofthiscommanddisablesIPv6forwardingontherouter.

    Example
    ThisexampledisablesIPv6forwarding.
    G3(su)->router(Config)# no ipv6 forwarding

    ipv6 hop-limit
    ThiscommandsetsthemaximumnumberofIPv6hopsusedinIPv6packetsandrouter advertisementsgeneratedbythisdevice.

    Syntax
    ipv6 hop-limit hops no ipv6 hop-limit

    Enterasys G-Series CLI Reference

    18-3

    ipv6 route

    Parameters
    hops SpecifiesthemaximumnumberofIPv6hopsusedinIPv6packetsand routeradvertisementsgeneratedbythisdevice.Valuecanrangefrom1 to255.Thedefaultvalueis64.

    Defaults
    ThedefaultmaximumnumberofIPv6hopsis64.

    Mode
    Routerglobalconfiguration:G3(su)>router(Config)#

    Usage
    ThiscommandsetsthevalueofthehoplimitfieldinIPv6packetsoriginatedbythisdevice.This valueisalsoplacedintheCurHopLimitfieldofrouteradvertisementsgeneratedbythis router. Usethenoformofthiscommandtoresetthelimittothedefaultvalue.

    Example
    Thisexamplesetsthehoplimitto50.
    G3(su)->router(Config)# ipv6 hop-limit 50

    ipv6 route
    ThiscommandconfiguresstaticIPv6routes.

    Syntax
    ipv6 route ipv6-prefix/prefix-length interface {tunnel tunnel-id | vlan vlan-id} next-hop-addr [pref] no ipv6 route ipv6-prefix/prefix-length interface {tunnel tunnel-id | vlan vlanid} next-hop-addr [pref]

    Parameters
    ipv6prefix/prefixlength TheIPv6networkprefixthatisthedestinationofthestaticroute,and theprefixlength. TheprefixmustbeintheformdocumentedinRFC4291,withthe addressspecifiedinhexadecimalusing16bitvaluesbetweencolons. Theprefixlengthisadecimalnumberindicatingthenumberofhigh ordercontiguousbitsoftheaddressthatcomprisethenetwork portionoftheaddress. interfacetunnel
    tunnel-id | vlan vlan-id

    SpecifiestheinterfacetypeandIDofdirectstaticroutesfrompointto pointandbroadcastinterfaces. Linklocaladdressoftheinterface.

    nexthopaddr

    18-4

    IPv6 Configuration

    ipv6 route distance

    pref

    (Optional)Specifiesthepreferencevaluetherouterusestocompare thisroutewithroutesfromotherroutesourcesthathavethesame destination. Thevalueofprefcanrangefrom1to255.Thedefaultvalueis1,which givesstaticroutesprecedenceoveranyothertypeofrouteexcept connectedroutes. Aroutewithapreferenceof255cannotbeusedtoforwardtraffic.

    Defaults
    Defaultpreferenceoradministrativedistanceis1.

    Mode
    Routerglobalconfiguration:G3(su)>router(Config)#

    Usage
    Usethenoformofthiscommandtoremoveastaticroute.Ifyoudonotspecifyanexthopaddress withthenoform,allstaticroutestothespecifieddestinationwillberemoved.

    Example
    ThiscommandcreatesastaticIPv6routetonetwork2001:0DB8:2222:4455::/64bywayofinterface VLAN6andgivesitapreferenceof5.
    G3(su)->router(Config)# ipv6 route 2001:0DB8:2222:4455::/64 interface vlan 6 fe80::1234:5678:2dd:1 5

    ipv6 route distance


    Thiscommandconfiguresthedefaultdistance,orpreference,forstaticIPv6routes.

    Syntax
    ipv6 route distance pref no ipv6 route distance

    Parameters
    pref Adistancevalueusedwhennodistanceisspecifiedwhenastatic routeisconfigured. Thevaluecanrangefrom1to255.Lowerroutedistancevaluesare preferredwhendeterminingthebestroute.

    Defaults
    Defaultpreferenceoradministrativedistanceis1.

    Mode
    Routerglobalconfiguration:G3(su)>router(Config)#

    Enterasys G-Series CLI Reference

    18-5

    ipv6 unicast-routing

    Usage
    Thedefaultdistanceisusedwhennodistanceisspecifiedintheipv6routecommand.Changing thedefaultdistancedoesnotupdatethedistanceofexistingstaticroutes,eveniftheywere assignedtheoriginaldefaultdistance.Thenewdefaultdistancewillonlybeappliedtostatic routescreatedafterinvokingtheipv6routedistancecommand. Usethenoformofthiscommandtoreturnthedefaultdistanceto1.

    Example
    Thiscommandsetsthedefaultdistancevalueto3.
    G3(su)->router(Config)# ipv6 route distance 3

    ipv6 unicast-routing
    Thiscommandenables/disablesforwardingofIPv6unicastdatagrams.

    Syntax
    ipv6 unicast-routing no ipv6 unicast-routing

    Parameters
    None.

    Defaults
    Disabled.

    Mode
    Routerglobalconfiguration:G3(su)>router(Config)#

    Usage
    UsethiscommandtoenableforwardingofIPv6unicastdatagramsontheEnterasysGSeries.Use thenoformofthecommandtodisableforwardingofIPv6unicastdatagrams.

    Example
    ThiscommandenablesforwardingofIPv6unicastdatagramsontherouter.
    G3(su)->router(Config)# ipv6 unicast-routing

    ping ipv6
    UsethiscommandtotestroutingnetworkconnectivitybysendingIPpingrequests.

    Syntax
    ping ipv6 ipv6-addr [size num]

    Parameters
    ipv6addr SpecifiestheglobalIPv6addressofthesystemtoping.Entertheaddressin theformdocumentedinRFC4291,withtheaddressspecifiedin hexadecimalusing16bitvaluesbetweencolons.

    18-6

    IPv6 Configuration

    ping ipv6 interface

    sizenum

    (Optional)Specifiesthesizeofthedatagrampacket.Thevalueofnumcan rangefrom48to2048bytes.

    Defaults
    None.

    Mode
    Routerprivilegedexec:G3(su)>router# Routeruserexec:G3(su)>router>

    Usage
    Usethiscommandtodeterminewhetheranothercomputerisonthenetwork.Tousethis command,configuretheswitchfornetwork(inband)connection.Thesourceandtargetdevices musthavethepingutilityenabledandrunningontopofTCP/IP. TheswitchcanbepingedfromanyIPworkstationwithwhichtheswitchisconnectedthroughthe defaultVLAN(VLAN1),aslongasthereisaphysicalpathbetweentheswitchandthe workstation.Theterminalinterfacesendsthreepingstothetargetstation.

    Examples
    ThisexampleshowsoutputfromasuccessfulpingtoIPv6address2001:0db8:1234:5555::1234:1.
    G3(su)->router#ping ipv6 2001:0db8:1234:5555::1234:1 Send count=3, Receive count=3 from 2001:DB8:1234:5555::1234:1 Average round trip time = 1.00 ms

    ThisexampleshowsoutputfromanunsuccessfulpingtoIPv6address 2001:0db8:1234:5555::1234:1.
    G3(su)->ping ipv6 2001:0db8:1234:5555::1234:1 no answer from 2001:DB8:1234:5555::1234:1

    ping ipv6 interface


    UsethiscommandtotestroutingnetworkconnectivitybysendingIPpingrequests.

    Syntax
    ping ipv6 interface {vlan vlan-id | tunnel tunnel-id | loopback loop-id} {link-local-address ipv6-lladdr | ipv6-addr} [size num]

    Parameters
    vlanvlanid tunneltunnelid loopbackloopid linklocaladdress ipv6lladdr ipv6addr SpecifiesaVLANinterfaceasthesource. Specifiesatunnelinterfaceasthesource. Specifiesaloopbackinterfaceasthesource. SpecifiesalinklocalIPv6addresstoping. SpecifiestheglobalIPv6addressofthesystemtoping.Entertheaddress intheformdocumentedinRFC4291,withtheaddressspecifiedin hexadecimalusing16bitvaluesbetweencolons.

    Enterasys G-Series CLI Reference

    18-7

    traceroute ipv6

    sizenum

    (Optional)Specifiesthesizeofthedatagrampacket.Thevalueofnumcan rangefrom48to2048bytes.

    Defaults
    None.

    Mode
    Routerprivilegedexec:G3(su)>router#

    Usage
    UsethiscommandtopinganinterfacebyusingthelinklocaladdressortheglobalIPv6address oftheinterface.Youcanusealoopback,tunnel,orlogicalinterfaceasthesource.Thesourceand targetdevicesmusthavethepingutilityenabledandrunningontopofTCP/IP. TheswitchcanbepingedfromanyIPworkstationwithwhichtheswitchisconnectedthroughthe defaultVLAN(VLAN1),aslongasthereisaphysicalpathbetweentheswitchandthe workstation.Theterminalinterfacesendsthreepingstothetargetstation.

    Example
    Thisexampleshowsoutputfromasuccessfulpingtolinklocaladdressfe80::211:88ff:fe55:4a7f.
    G3(su)->router#ping ipv6 interface vlan 6 link-local-address fe80::211:88ff:fe55:4a7f Send count=3, Receive count=3 from fe80::211:88ff:fe55:4a7f Average round trip time = 1.00 ms

    traceroute ipv6
    Usethiscommandtodiscovertheroutesthatpacketsactuallytakewhentravelingtotheir destinationthroughthenetworkonahopbyhopbasis.

    Syntax
    traceroute ipv6 ipv6-addr

    Parameters
    ipv6addr SpecifiesahosttowhichtherouteofanIPv6packetwillbetraced.Enterthe addressintheformdocumentedinRFC4291,withtheaddressspecifiedin hexadecimalusing16bitvaluesbetweencolons.

    Defaults
    None.

    Mode
    Routerprivilegedexec:G3(su)>router#

    18-8

    IPv6 Configuration

    Interface Configuration Commands

    Example
    Thisexampleshowshowtousetraceroutetodisplayaroundtrippathtohost 2001:0db8:1234:5555::1.
    G3(su)->router#traceroute ipv6 2001:0db8:1234:5555::1 Traceroute to 2001:0db8:1234:5555::1, 30 hops max, 40 byte packets 1 2001:0db8:1234:5555::1 1.000000e+00 ms 1.000000e+00 ms 1.000000e+00 ms

    Interface Configuration Commands


    For information about... ipv6 address ipv6 enable ipv6 mtu Refer to page... 18-9 18-10 18-11

    ipv6 address
    ThiscommandconfiguresaglobalIPv6addressonaninterface,includingVLAN,tunnel,and loopbackinterfaces,andenablesIPv6processingontheinterface.

    Syntax
    ipv6 address {ipv6-addr/prefix-length | ipv6-prefix/prefix-length eui64} no ipv6 address [ipv6-addr/prefix-length | ipv6-prefix/prefix-length eui64]

    Parameters
    ipv6addr TheIPv6addresstobeconfiguredontheinterface. ThisparametermustbeintheformdocumentedinRFC4291,withthe addressspecifiedinhexadecimalusing16bitvaluesbetweencolons. prefixlength ThelengthoftheIPv6prefixforthisaddress.Thevalueofprefixlength isadecimalnumberindicatingthenumberofhighordercontiguous bitsoftheaddressthatcomprisethenetworkportionoftheaddress. Iftheeui64parameterisused,thisvaluemustbe64bits. ipv6prefix TheIPv6prefixtobeconfiguredontheinterface. ThisparametermustbeintheformdocumentedinRFC4291,withthe addressspecifiedinhexadecimalusing16bitvaluesbetweencolons. eui64 ConfiguresanIPv6addressforaninterfaceusinganEUI64interfaceID intheloworder64bitsoftheaddressandenablesIPv6processingon theinterface.

    Defaults
    NoIPv6addressesaredefinedforanyinterface.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Enterasys G-Series CLI Reference

    18-9

    ipv6 enable

    Usage
    UsethiscommandtomanuallyconfigureaglobalIPv6addressonaninterface.Youcanenterthe complete128bitaddressandprefix,orusetheeui64parametertoconfigureaglobalIPv6address usinganEUI64identifierintheloworder64bitsoftheaddress.Whenusingtheeui64parameter, youspecifyonlythenetworkprefixandlength,andtheEnterasysGSeriesgeneratesthelow order64bits. ThehexadecimallettersintheIPv6addressesarenotcasesensitive. ThiscommandalsoenablesIPv6processingontheinterfaceandautomaticallygeneratesalink localaddress. Youcanassignmultiplegloballyreachableaddressestoaninterfacewiththiscommand. Usethenoipv6addresscommandwithoutanyparameterstoremoveallmanuallyconfigured IPv6addressesfromtheinterface.

    Example
    ThisexampleconfiguresanIPv6addressbyusingtheeui64parameter.Then,theshowipv6 interfaceisexecutedtodisplaytheconfiguration.Notethatalinklocaladdresshasalso automaticallybeengenerated.
    G3(su)->router(Config-if(Vlan 7))# ipv6 address 3FFE:501:FFFF:101/64 eui64 G3(su)->router>show ipv6 interface vlan 7 Vlan Vlan IPv6 IPv6 Enabled Enabled Enabled FE80::211:88FF:FE55:4A7F/128 3FFE:501:FFFF:101:211:88FF:FE55:4A7F/64 Routing Mode Enabled Interface Maximum Transmit Unit 1500 Router Duplicate Address Detection Transmits 1 Router Advertisement NS Interval 0 Router Lifetime Interval 1800 Router Advertisement Reachable Time 0 Router Advertisement Interval 600 Router Advertisement Managed Config Flag Disabled Router Advertisement Other Config Flag Disabled Router Advertisement Suppress Flag Disabled 7 Administrative Mode 7 IPv6 Routing Operational Mode is Prefix is

    ipv6 enable
    ThiscommandenablesIPv6routingonaninterfacethathasnotbeenconfiguredwithanexplicit IPv6address.

    Syntax
    ipv6 enable no ipv6 enable

    Parameters
    None.

    Defaults
    IPv6isdisabled.

    18-10

    IPv6 Configuration

    ipv6 mtu

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    Whenthiscommandisexecuted,anIPv6linklocalunicastaddressisconfiguredontheinterface andIPv6processingisenabled.YoudonotneedtousethiscommandifyouconfiguredanIPv6 globaladdressonaninterfacewiththeipv6addresscommand. Thenoipv6enablecommanddisablesIPv6routingonaninterfacethathasbeenenabledwiththe ipv6enablecommand,butitdoesnotdisableIPv6processingonaninterfacethatisconfigured withanexplicitIPv6address.

    Example
    ThisexampleenablesIPv6processingonVLAN7.Notethatalinklocaladdresshasbeen automaticallyconfigured.
    G3(su)->router(Config-if(Vlan 7))# ipv6 enable G3(su)->router>show ipv6 interface vlan 7 Vlan 7 Administrative Mode Vlan 7 IPv6 Routing Operational Mode IPv6 is IPv6 Prefix is Routing Mode Interface Maximum Transmit Unit Router Duplicate Address Detection Transmits Router Advertisement NS Interval Router Lifetime Interval Router Advertisement Reachable Time Router Advertisement Interval Router Advertisement Managed Config Flag Router Advertisement Other Config Flag Router Advertisement Suppress Flag Enabled Enabled Enabled FE80::211:88FF:FE55:4A7F/128 Enabled 1500 1 0 1800 0 600 Disabled Disabled Disabled

    ipv6 mtu
    Thiscommandconfiguresthemaximumtransmissionunit(MTU)sizeofIPv6packetsthatcanbe sentonaninterface.

    Syntax
    ipv6 mtu bytes no ipv6 mtu

    Parameters
    bytes SpecifiestheMTUvalueinbytes.Thevaluecanrangefrom1280to1500 bytes.TheMTUcannotbelargerthanthevaluesupportedbythe underlyinginterface.

    Defaults
    1480bytes

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Enterasys G-Series CLI Reference

    18-11

    Neighbor Cache and Neighbor Discovery Commands

    Usage
    Themaximumtransmissionunitisthelargestpossibleunitofdatathatcanbesentonagiven physicalmedium.UsethiscommandtosettheMTUforanIPv6interface.Thenoformofthis commandresetstheMTUtothedefaultvalueof1480bytes. Usetheshowipv6interfacetodisplaythecurrentsettingforthisinterface.
    Note: All interfaces attached to the same physical medium must be configured with the same MTU to operate properly.

    Example
    ThisexamplesetstheMTUvalueto1500bytes.
    G3(su)->router(Config-if(Vlan 1))# ipv6 mtu 1500

    Neighbor Cache and Neighbor Discovery Commands


    TheIPv6NeighborCachefunctionssimilarlytotheIPv4ARPtable.Entriescanbemadetothe NeighborCachebytheNeighborDiscoveryprotocol. TheNeighborDiscoverycommandsallowyoutosetprotocolparametersonaninterfacebasis.
    For information about... clear ipv6 neighbors ipv6 nd dad attempts ipv6 nd ns-interval ipv6 nd reachable-time ipv6 nd other-config-flag ipv6 nd ra-interval ipv6 nd ra-lifetime ipv6 nd suppress-ra ipv6 nd prefix Refer to page... 18-12 18-13 18-14 18-14 18-15 18-16 18-16 18-17 18-18

    clear ipv6 neighbors


    ThiscommandclearsallthedynamicallylearnedentriesintheNeighborCache,oranentryona specificinterface.

    Syntax
    clear ipv6 neighbor [vlan vlan-id]

    Parameters
    vlanvlanid (Optional)Clearonlytheentriesonthespecifiedinterface.

    Defaults
    None.

    18-12

    IPv6 Configuration

    ipv6 nd dad attempts

    Mode
    Routerprivilegedexec:G3(su)>router#

    Usage
    ToclearalldynamicallylearnedNeighborCacheentries,usethiscommandwithoutany parameters.

    Example
    Thisexampleclearsalldynamicallylearnedcacheentries.
    G3(su)->router#clear ipv6 neighbors

    ipv6 nd dad attempts


    Thiscommandconfiguresthenumberofduplicateaddressdetection(DAD)attemptsmadeonthe interfacewhenconfiguringIPv6unicastaddresses.

    Syntax
    ipv6 nd dad attempts number no ipv6 nd dad attempts

    Parameters
    number SpecifiesthenumberofconsecutiveNeighborSolicitationmessage transmittedontheinterface,whenDuplicateAddressDetection(DAD) isperformedonaunicastIPv6addressassignedtotheinterface. Thevaluecanrangefrom0to600.Avalueof0disablesDuplicate AddressDetectionontheinterface.Avalueof1,whichisthedefault, specifiesasingletransmissionwithnofollowuptransmissions.

    Defaults
    Duplicateaddressdetectionenabled,for1attempt.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    IPv6DuplicateAddressDetectionisdescribedinRFC2462.DuplicateAddressDetectionuses NeighborSolicitationandNeighborAdvertisementmessagestoverifytheuniquenessofan address.DuplicateAddressDetectionmustbeperformedonunicastaddressespriortoassigning themtoaninterface.AnaddressremainsinatentativestatewhileDuplicateAddressDetectionis beingperformed.Ifatentativeaddressisfoundtobeaduplicate,anerrormessageisreturned andtheaddressisnotassignedtotheinterface. UsethiscommandtochangethenumberofNeighborSolicitationmessagesthatcanbesentfor DuplicateAddressDetectionfromthedefaultvalueof1.Thenoformofthecommandreturnsthe valuetothedefaultof1.Avalueof0disablesDuplicateAddressDetectionontheinterface. Theshowipv6interfacecommanddisplaysthecurrentDADattemptsetting.

    Enterasys G-Series CLI Reference

    18-13

    ipv6 nd ns-interval

    Example
    ThisexamplechangesthenumberofconsecutiveNeighborSolicitationmessagessentforDADto 3onthisinterface.
    G3(su)->router(Config-if(Vlan 1))# ipv6 nd dad attempts 3

    ipv6 nd ns-interval
    ThiscommandconfigurestheintervalbetweenNeighborSolicitationssentonaninterface.

    Syntax
    ipv6 nd ns-interval {msec | 0} no ipv6 nd ns-interval

    Parameters
    msec SetstheintervalinmillisecondsbetweenretransmissionsofNeighbor Solicitationmessagesontheinterface.Thevaluecanrangefrom1000 (onesecond)to3,600,000(onehour)milliseconds. Anadvertisedvalueof0meanstheintervalisunspecified.

    Defaults
    Bydefault,avalueof0isadvertisedinRAmessages.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    TheNSintervalisusedtodeterminethetimebetweenretransmissionsofneighborsolicitation messagestoaneighborwhenresolvingaunicastaddress(DAD)orwhenprobingthereachability ofaneighbor.ThisvalueisalsoadvertisedinRouterAdvertisement(RA)messagessentonthe interface. Usethenoformofthiscommandtosettheintervaltothedefaultof0.

    Example
    ThisexamplesetstheNSintervalto2seconds.
    G3(su)->router(Config-if(Vlan 1))# ipv6 nd ns-interval 2000

    ipv6 nd reachable-time
    Thiscommandconfiguresthelengthoftimewithinwhichsomereachabilityconfirmationmustbe receivedfromaneighborfortheneighbortobeconsideredreachable.

    Syntax
    ipv6 nd reachable-time msec no ipv6 nd reachable-time

    18-14

    IPv6 Configuration

    ipv6 nd other-config-flag

    Parameters
    msec TheamountoftimeinmillisecondsthataremoteIPv6nodeis consideredreachable.Thevaluecanrangefrom0to4,294,967,295 milliseconds. Thedefaultvalueis0,whichmeansthatthetimeisunspecified.

    Defaults
    Bydefault,avalueof0isadvertisedinRAmessages.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    ThistimerallowstheG3todetectunavailableneighbors.Theshorterthetime,themorequickly unavailableneighborsaredetected.Veryshortconfiguredtimesarenotrecommendedinnormal IPv6operation,however,becauseshortertimesconsumemoreIPv6networkbandwidthand processingresources. ThisvalueisalsoincludedinallRouterAdvertisementsmessagessentoutontheinterface.By default,avalueof0,indicatingthattheconfiguredtimeisunspecifiedbythisrouter,issentoutin RAmessages. Usethenoformofthiscommandtoresetthisvaluetothedefault. Theshowipv6interfacecommanddisplaysthecurrentreachabletimesetting.

    Example
    Thisexamplesetsthereachabletimeto60seconds.
    G3(su)->router(Config-if(Vlan 1))# ipv6 nd reachable-time 60000

    ipv6 nd other-config-flag
    Thiscommandsetstheotherstatefulconfigurationflaginrouteradvertisementssentonthis interfacetotrue.

    Syntax
    ipv6 nd other-config-flag no ipv6 nd other-config-flag

    Parameters
    None.

    Defaults
    Flagissettofalsebydefault.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Enterasys G-Series CLI Reference

    18-15

    ipv6 nd ra-interval

    Usage
    Whenthevalueoftheotherstatefulconfigurationflagistrue,endnodesshouldusestateful autoconfiguration(DHCPv6)toobtainadditionalinformation(excludingaddresses).Whenthe valueisfalse,endnodesdonot.RefertoRFC2462,IPv6StatelessAddressAutoconfiguration, formoreinformation. Usethenoformofthiscommandtoresettheflagtofalse.

    Example
    Thisexamplesetstheotherstatefulconfigurationflagtotrue.
    G3(su)->router(Config-if(Vlan 1))# ipv6 nd other-config-flag

    ipv6 nd ra-interval
    Thiscommandsetsthetransmissionintervalbetweenrouteradvertisements.

    Syntax
    ipv6 nd ra-interval sec no ipv6 nd ra-interval

    Parameters
    sec Specifiesthevalueinsecondsoftherouteradvertisementtransmission interval.Thevaluecanrangefrom4to1800seconds.

    Defaults
    600seconds.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    Thenoformofthiscommandresetstheintervalvaluetothedefaultof600seconds.

    Example
    Thisexamplesetstherouteradvertisementtransmissionintervalto120seconds.
    G3(su)->router(Config-if(Vlan 1))# ipv6 nd ra-interval 120

    ipv6 nd ra-lifetime
    Thiscommandsetsthevalue,inseconds,thatisplacedintheRouterLifetimefieldofrouter advertisementssentfromthisinterface.

    Syntax
    ipv6 nd ra-lifetime sec | 0 no ipv6 nd ra-lifetime

    18-16

    IPv6 Configuration

    ipv6 nd suppress-ra

    Parameters
    sec SpecifiesthevalueoftheRouterLifetimeinseconds.Thevaluemustbe 0,oranintegerbetweenthevalueoftherouteradvertisementinterval and9000seconds. Avalueof0meansthatthisrouterisnottobeusedasthedefault router.

    Defaults
    1800seconds.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    Thenoformofthiscommandresetsthelifetimevaluetothedefaultof1800seconds.

    Example
    Thisexamplesetstherouteradvertisementlifetimevalueto3600seconds.
    G3(su)->router(Config-if(Vlan 1))# ipv6 nd ra-lifetime 3600

    ipv6 nd suppress-ra
    Thiscommandsuppressesrouteradvertisementtransmissiononthisinterface.

    Syntax
    ipv6 nd suppress-ra no ipv6 nd suppress-ra

    Parameters
    None.

    Defaults
    Suppressiondisabled.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    Bydefault,transmissionofrouteradvertisementsisenabled.Thiscommanddisablessuch transmissions.Usethenoformofthiscommandtoreenabletransmission.

    Example
    Thisexampledisablesrouteradvertisementtransmission.
    G3(su)->router(Config-if(Vlan 1))# ipv6 nd suppress-ra

    Enterasys G-Series CLI Reference

    18-17

    ipv6 nd prefix

    ipv6 nd prefix
    ThiscommandconfigurestheIPv6prefixestobeincludedinrouteradvertisementssentbythis interface.

    Syntax
    ipv6 nd prefix {ipv6-prefix/prefix-length} [{valid-lifetime | infinite} {preferred-lifetime | infinite}] [no-autoconfig] [off-link] no ipv6 nd prefix {ipv6-prefix/prefix-length}

    Parameters
    ipv6prefix/prefix length TheIPv6networkprefixandtheprefixlengthbeingconfigured. TheprefixmustbeintheformdocumentedinRFC4291,withthe addressspecifiedinhexadecimalusing16bitvaluesbetweencolons. Theprefixlengthisadecimalnumberindicatingthenumberofhigh ordercontiguousbitsoftheaddressthatcomprisethenetworkportion oftheaddress. validlifetime|infinite (Optional)Specifiesthelengthoftimeinseconds(relativetothetime thepacketissent)thattheprefixisvalidforthepurposeofonlink determination. Thelifetimevaluecanrangefrom0to4,294,967,295. Specifyinginfinitemeansthattheprefixisalwaysvalid. preferredlifetime| infinite (Optional)Specifiesthelengthoftimeinseconds(relativetothetime thepacketissent)thataddressesgeneratedfromtheprefixbymeansof statelessaddressautoconfigurationremainpreferred. Thelifetimevaluecanrangefrom0to4,294,967,295. Specifyinginfinitemeansthattheprefixisalwayspreferred. noautoconfig Unsetstheautonomousaddressconfigurationflag.Whennotset, meansthatthisprefixcannotbeusedforautonomousaddress configuration.Bydefault,theautonomousaddressconfigurationflagis set/enabled. Unsetstheonlinkflag.Whennotset,meansthatthisprefixcannotbe usedforonlinkdetermination.Bydefault,theonlinkflagisset/ enabled.

    offlink

    Defaults
    Validlifetime604800 Preferredlifetime2592000 Autoconfigenabled Onlinkenabled

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    18-18

    IPv6 Configuration

    Query Commands

    Usage
    RefertoRFC2461,NeighborDiscoveryforIPVersion6,formoreinformationaboutrouter advertisements. Routeradvertisementscontainalistofprefixesusedforonlinkdeterminationand/or autonomousaddressconfiguration.Flagsassociatedwiththeprefixesspecifytheintendedusesof aparticularprefix.Hostsusetheadvertisedonlinkprefixestobuildandmaintainalistthatis usedindecidingwhenapacketsdestinationisonlinkorbeyondarouter.Hostscanusethe advertisedautoconfigurationprefixestoperformautonomous(stateless)addressconfiguration,if statelessconfigurationisallowed(seeipv6ndotherconfigflag). Thenoformofthiscommandremovestheprefixfromthelistofprefixesadvertisedinrouter advertisementsbythisinterface.

    Example
    Thisexampleconfiguresaprefixthatcanbeusedforbothonlinkdeterminationand autoconfiguration,usingthedefaultvaluesforvalidlifetimeandpreferredlifetime. G3(su)->router(Config-if(Vlan 1))# ipv6 nd prefix 2001:0db8:4444:5555/64

    Query Commands
    For information about... show ipv6 show ipv6 interface show ipv6 neighbors show ipv6 route show ipv6 route preferences show ipv6 route summary show ipv6 traffic clear ipv6 statistics Refer to page... 18-19 18-20 18-21 18-22 18-24 18-26 18-27 18-32

    show ipv6
    ThiscommanddisplaysthestatusofIPv6forwardingmodeandunicastroutingmode.

    Syntax
    show ipv6

    Parameters
    None.

    Defaults
    None.

    Mode
    Routerprivilegedexecution:G3(su)>router#
    Enterasys G-Series CLI Reference 18-19

    show ipv6 interface

    Usage
    TheoutputofthiscommanddisplayswhetherIPv6forwardingmodeandunicastroutingmode areenabledordisabled.

    Example
    ThisexampledisplaysinformationaboutIPv6modes.
    G3(su)>router# show ipv6 IPv6 Forwarding Mode IPv6 Unicast Routing Mode Enabled Enabled

    show ipv6 interface


    ThiscommanddisplaysinformationaboutoneorallconfiguredIPv6interfaces.

    Syntax
    show ipv6 interface [vlan vlan-id | tunnel tunnel-id | loopback loop-id]

    Parameters
    vlanvlanid
    tunneltunnelid loopbackloopid

    (Optional)Displayinformationonlyaboutthespecifiedinterface.

    Defaults
    Ifnointerfaceisspecified,informationaboutallIPv6interfacesisdisplayed.

    Mode
    Routerprivilegedexecution:G3(su)>router# Routerglobalconfiguration:G3(su)>router(Config)#

    Usage
    UsethiscommandtodisplaytheusabilitystatusofIPv6interfaces. IfanIPv6prefixisconfiguredonaninterface,thefollowinginformationalsodisplays: TheIPv6prefixandlength Theconfiguredpreferredlifetimevalue Theconfiguredvalidlifetimevalue Thestatusoftheonlinkflag,eitherenabledordisabled Thestatusoftheautonomousaddressconfigurationflag(autoconfig),eitherenabledor disabled.

    18-20

    IPv6 Configuration

    show ipv6 neighbors

    Examples
    ThisexampledisplaysinformationaboutIPv6interfaceVLAN7.
    G3(su)->router>show ipv6 interface vlan 7 Vlan Vlan IPv6 IPv6 Enabled Enabled Enabled FE80::211:88FF:FE55:4A7F/128 3FFE:501:FFFF:101:211:88FF:FE55:4A7F/64 3FFD::211:88FF:FE55:4A7F/64 Routing Mode Enabled Interface Maximum Transmit Unit 1500 Router Duplicate Address Detection Transmits 1 Router Advertisement NS Interval 0 Router Lifetime Interval 1800 Router Advertisement Reachable Time 0 Router Advertisement Interval 600 Router Advertisement Managed Config Flag Enabled Router Advertisement Other Config Flag Enabled Router Advertisement Suppress Flag Disabled 7 Administrative Mode 7 IPv6 Routing Operational Mode is Prefix is

    ThisexampledisplaysinformationaboutIPv6interfacetunnel1.
    G3(su)->router>show ipv6 interface tunnel 1 Tunnel 1 Administrative Mode Tunnel 1 IPv6 Routing Operational Mode Mode for IPv6 Tunnel Source Address for IPv6 Tunnel Destination Address for IPv6 Tunnel Routing Mode Interface Maximum Transmit Unit Router Duplicate Address Detection Transmits Router Advertisement NS Interval Router Lifetime Interval Router Advertisement Reachable Time Router Advertisement Interval Router Advertisement Managed Config Flag Router Advertisement Other Config Flag Router Advertisement Suppress Flag Enabled Disabled IPv6OVER4 192.168.1.2 192.168.8.1 Enabled 1480 1 0 1800 0 600 Disabled Disabled Disabled

    show ipv6 neighbors


    ThiscommanddisplaysIPv6NeighborCacheinformation.

    Syntax
    show ipv6 neighbors

    Parameters
    None.

    Defaults
    None.

    Mode
    Routerprivilegedexecution:G3(su)>router#
    Enterasys G-Series CLI Reference 18-21

    show ipv6 route

    Usage
    UsethiscommandtodisplaythecontentsoftheNeighborCache.

    Example
    Thisexampledisplaystheneighborsinthecache.
    G3(su)->router>show ipv6 neighbors IPv6 Address Interface -------------------------------------FE80::200:FF:FE00:A0A0 Vlan 6 FE80::2D0:B7FF:FE2C:7697 Vlan 6 FE80::2D0:B7FF:FE2C:7698 Vlan 6 FE80::2D0:B7FF:FE2C:7699 Vlan 6 FE80::2D0:B7FF:FE2C:769E Vlan 6 FE80::2D0:B7FF:FE2C:76AA Vlan 6 FE80::2D0:B7FF:FE2C:76AB Vlan 6 FE80::2D0:B7FF:FE2C:76AC Vlan 6 FE80::2D0:B7FF:FE2C:76B4 Vlan 6 MAC Address Neighbor Last isRtr State Updated

    ----------------- ----- -------- ------00:00:00:00:a0:a0 False Stale 1155 00:d0:b7:2c:76:97 False Stale 00:d0:b7:2c:76:98 False Stale 00:d0:b7:2c:76:99 False Stale 00:d0:b7:2c:76:9e False Stale 00:d0:b7:2c:76:aa False Stale 00:d0:b7:2c:76:ab False Stale 00:d0:b7:2c:76:ac False Stale 00:d0:b7:2c:76:b4 False Delay 1095 1096 1155 1461 1540 1553 1566 1903

    Table 181providesanexplanationofthecommandoutput. Table 18-1


    Output Field IPv6 Address Interface MAC Address isRtr Neighbor State Last Updated

    show ipv6 neighbor Output Details


    What It Displays... The IPv6 address of the neighbor on the interface. The interface on which this neighbor was discovered. The link layer address of the neighbor. Whether the neighbor is a router. If the value is True, the neighbor is known to be a router. Otherwise, the value is False. State of the cache entry. Possible values are Incomplete, Reachable, Stale, Delay, Probe, and Unknown. The system uptime when the information for the neighbor was last updated.

    show ipv6 route


    ThiscommanddisplaystheIPv6routingtable.

    Syntax
    show ipv6 route [{ipv6-addr [route-type] | {{ipv6-prefix/prefix-length | interface interface} [route-type] | route-type | all]

    18-22

    IPv6 Configuration

    show ipv6 route

    Parameters
    ipv6addr ipv6prefix/prefix length SpecifiesaspecificIPv6addressforwhichthebestmatchingroute shouldbedisplayed. TheIPv6networkprefixoftheroutetodisplay,andtheprefixlength. TheprefixmustbeintheformdocumentedinRFC4291,withthe addressspecifiedinhexadecimalusing16bitvaluesbetweencolons. Theprefixlengthisadecimalnumberindicatingthenumberofhigh ordercontiguousbitsoftheaddressthatcomprisethenetworkportion oftheaddress. interfaceinterface Specifiesthattherouteswithnexthopsonthisinterfaceshouldbe displayed.Interfacecanbeoftheform: vlanvlanid tunneltunnelid loopbackloopid routetype Specifiestheroutetypeasoneofthefollowing: connected static ospf all Specifiesthatallroutesshouldbedisplayed.

    Defaults
    Ifnoparametersareentered,informationaboutallactiveIPv6routesisdisplayed.

    Mode
    Routerprivilegedexecution:G3(su)>router# Routeruserexecution:G3(su)>router>

    Usage
    UsethiscommandtodisplayIPv6routingtableinformationforactiveroutes.

    Enterasys G-Series CLI Reference

    18-23

    show ipv6 route preferences

    Example
    ThisexampledisplaysallactiveIPv6routes.
    G3(su)->router>show ipv6 route IPv6 Routing Table - 5 entries Codes: C - connected, S - static O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF Ext 1, OE2 - OSPF Ext 2 ON1 - OSPF NSSA Ext Type 1, ON2 - OSPF NSSA Ext Type 2 S C C C S ::/0 [1/0] via FE80::2D0:B7FF:FE2C:7694, Vlan 6 3FFE:501:FFFF:100::/64 [0/0] via ::, Vlan 6 3FFE:501:FFFF:101::/64 [0/0] via ::, Vlan 7 3FFE:501:FFFF:108::/64 [0/0] via ::, Vlan 6 3FFE:501:FFFF:109::/64 [1/0] via 3FFE:501:FFFF:100:200:FF:FE00:A1A1, via FE80::200:FF:FE00:A1A1, Vlan 6

    Vlan 6

    Table 182providesanexplanationofthecommandoutput. Table 18-2


    Output Field Codes: Codes column IPv6 prefix/prefix-length [ Preference / Metric ] Tag via Next-hop Interface

    show ipv6 route Output Details


    What It Displays... Key for the routing protocol codes that might appear in the Codes column of the routing table output. The code for the routing protocol that created this routing entry. The IPv6 prefix and prefix length of the destination IPv6 network corresponding to this route. The administrative distance (preference) and cost (metric) associated with this route. The decimal value of the tag associated with a redistributed route, if it is not 0. The outgoing router IPv6 address to use when forwarding traffic to the next router, if any, in the path toward the destination. The outgoing router interface to use when forwarding traffic to the next destination.

    show ipv6 route preferences


    Thiscommandshowsthepreferencevalueassociatedwiththetypeofroute.

    Syntax
    show ipv6 route preference

    Parameters
    None.

    18-24

    IPv6 Configuration

    show ipv6 route preferences

    Defaults
    None.

    Mode
    Routerprivilegedexecution:G3(su)>router# Routeruserexecution:G3(su)>router>

    Usage
    Lowernumbershaveagreaterpreference.Aroutewithapreferenceof255cannotbeusedto forwardtraffic. Thedefaultpreferencevalueforstaticroutescanbesetwiththeipv6routedistancecommand. Thedistanceforaspecificstaticroutecanbesetwiththeipv6routecommand.
    Note: The configuration of NSSA preferences is not supported in this release.

    Example
    Thefollowingexampleshowstheoutputofthiscommand.
    G3(su)->router#show ipv6 route preferences Local Static OSPF Intra OSPF Inter OSPF Ext T1 OSPF Ext T2 OSPF NSSA T1 OSPF NSSA T2 0 1 8 10 13 150 14 151

    Table 183providesanexplanationofthecommandoutput. Table 18-3


    Output Field Local Static OSPF Intra OSPF Inter OSPF Ext T1 OSPF Est T2 OSPF NSSA T1 OSPF NSS! T2

    show ipv6 route preferences Output Details


    What It Displays... Preference of directly-connected routes. Preference of static routes. Preference of routes within the OSPF area. Preference of routes to other OSPF routes that are outside of the area. Preference of OSPF Type-1 external routes. Preference of OSPF Type-2 external routes. Preference of OSPF NSSA Type 1 routes. Preference of OSPF NSSA Type 2 routes.

    Enterasys G-Series CLI Reference

    18-25

    show ipv6 route summary

    show ipv6 route summary


    Thiscommanddisplaysthesummaryoftheroutingtable.

    Syntax
    show ipv6 route summary [all]

    Parameters
    all (Optional)Displaythecountsummaryforallroutes,includingbestand nonbestroutes.

    Defaults
    None.

    Mode
    Routerprivilegedexecution:G3(su)>router# Routeruserexecution:G3(su)>router>

    Usage
    Usethecommandwithoutparameterstodisplaythecountsummaryforonlythebestroutes.Use alltodisplaythecountsummaryforallroutes,includingbestandnonbestroutes.

    Example
    Thisexampleillustratesthesummaryinformationdisplayedbythiscommand.
    G3(su)->router>show ipv6 route summary all IPv6 Routing Table Summary - 6 entries Connected Routes Static Routes OSPF Routes Intra Area Routes Inter Area Routes External Type-1 Routes External Type-2 Routes Total routes Number of Prefixes: /0: 1, /64: 5 3 3 0 0 0 0 0 6

    Table 184providesanexplanationofthecommandoutput. Table 18-4


    Output Field Connected Routes Static Routes OSPF Routes Number of Prefixes Total Routes

    show ipv6 summary Output Details


    What It Displays... Total number of connected routes in the routing table. Total number of static routes in the routing table. Total number of routes installed by OSPFv3 protocol. Summarizes the number of routes with prefixes of different lengths Total number of routes in the routing table.

    18-26

    IPv6 Configuration

    show ipv6 traffic

    show ipv6 traffic


    UsethiscommandtoshowtrafficandstatisticsforIPv6andICMPv6.

    Syntax
    show ipv6 traffic [interface]

    Parameters
    interface (Optional)Specifiestheinterfaceforwhichtrafficinformationshouldbe displayed.Interfacecanbeoftheform: vlanvlanid tunneltunnelid loopbackloopid

    Defaults
    Ifnointerfaceisspecified,informationabouttrafficonallinterfacesisdisplayed.

    Mode
    Routerprivilegedexecution:G3(su)>router#

    Usage
    Specifyalogical,loopback,ortunnelinterfacetoviewinformationabouttrafficonaspecific interface.Ifyoudonotspecifyaninterface,thecommanddisplaysinformationabouttrafficonall interfaces.

    Example
    Thefollowingexampledisplaystheoutputofthiscommand.
    G3(su)->router>show ipv6 traffic IPv6 STATISTICS Total Datagrams Received.................................. Received Datagrams Locally Delivered...................... Received Datagrams Discarded Due To Header Errors......... Received Datagrams Discarded Due To MTU................... Received Datagrams Discarded Due To No Route.............. Received Datagrams With Unknown Protocol.................. Received Datagrams Discarded Due To Invalid Address....... Received Datagrams Discarded Due To Truncated Data........ Received Datagrams Discarded Other........................ Received Datagrams Reassembly Required.................... Datagrams Successfully Reassembled........................ Datagrams Failed To Reassemble............................ Datagrams Forwarded....................................... Datagrams Locally Transmitted............................. Datagrams Transmit Failed................................. Datagrams Successfully Fragmented......................... Datagrams Failed To Fragment.............................. Fragments Created......................................... Multicast Datagrams Received.............................. Multicast Datagrams Transmitted........................... ICMPv6 STATISTICS

    116 116 0 0 0 0 0 0 0 0 0 0 0 876 0 0 0 0 17 547

    Enterasys G-Series CLI Reference

    18-27

    show ipv6 traffic

    Total ICMPv6 Messages Received............................ ICMPv6 Messages With Errors Received...................... ICMPv6 Destination Unreachable Messages Received.......... ICMPv6 Messages Prohibited Administratively Received...... ICMPv6 Time Exceeded Messages Received.................... ICMPv6 Parameter Problem Messages Received................ ICMPv6 Packet Too Big Messages Received................... ICMPv6 Echo Request Messages Received..................... ICMPv6 Echo Reply Messages Received....................... ICMPv6 Router Solicit Messages Received................... ICMPv6 Router Advertisement Messages Received............. ICMPv6 Neighbor Solicit Messages Received................. ICMPv6 Neighbor Advertisement Messages Received........... ICMPv6 Redirect Messages Received......................... ICMPv6 Group Membership Query Messages Received........... ICMPv6 Group Membership Response Messages Received........ ICMPv6 Group Membership Reduction Messages Received....... Total ICMPv6 Messages Transmitted......................... ICMPv6 Messages Not Transmitted Due To Error.............. ICMPv6 Destination Unreachable Messages Transmitted....... ICMPv6 Messages Prohibited Administratively Transmitted... ICMPv6 Time Exceeded Messages Transmitted................. ICMPv6 Parameter Problem Messages Transmitted............. ICMPv6 Packet Too Big Messages Transmitted................ ICMPv6 Echo Request Messages Transmitted.................. ICMPv6 Echo Reply Messages Transmitted.................... ICMPv6 Router Solicit Messages Transmitted................ ICMPv6 Router Advertisement Messages Transmitted.......... ICMPv6 Neighbor Solicit Messages Transmitted.............. ICMPv6 Neighbor Advertisement Messages Transmitted........ ICMPv6 Redirect Messages Transmitted...................... ICMPv6 Group Membership Query Messages Transmitted........ ICMPv6 Group Membership Response Messages Transmitted..... ICMPv6 Group Membership Reduction Messages Transmitted.... ICMPv6 Duplicate Address Detects..........................

    116 4 0 0 0 0 0 52 0 0 5 31 28 0 0 0 0 876 0 0 0 0 0 0 157 52 0 7 625 27 0 0 8 0 0

    Table 185providesanexplanationofthecommandoutput. Table 18-5


    Output Field Total Datagrams Received Received Datagrams Locally Delivered

    show ipv6 traffic Output Details


    What It Displays... Total number of input datagrams received by the interface, including those received in error. Total number of datagrams successfully delivered to IPv6 userprotocols (including ICMP). This counter increments at the interface to which these datagrams were addressed, which might not necessarily be the input interface for some of the datagrams. Number of input datagrams discarded due to errors in their IPv6 headers, including version number mismatch, other format errors, hop count exceeded, errors discovered in processing their IPv6 options, etc. Number of input datagrams that could not be forwarded because their size exceeded the link MTU of outgoing interface. Number of input datagrams discarded because no route could be found to transmit them to their destination.

    Received Datagrams Discarded Due To Header Errors

    Received Datagrams Discarded Due To MTU Received Datagrams Discarded Due To No Route

    18-28

    IPv6 Configuration

    show ipv6 traffic

    Table 18-5
    Output Field

    show ipv6 traffic Output Details (Continued)


    What It Displays... Number of locally-addressed datagrams received successfully but discarded because of an unknown or unsupported protocol. This counter increments at the interface to which these datagrams were addressed, which might not be necessarily the input interface for some of the datagrams. Number of input datagrams discarded because the IPv6 address in their IPv6 header's destination field was not a valid address to be received at this entity. This count includes invalid addresses (for example, ::0) and unsupported addresses (for example, addresses with unallocated prefixes). For entities which are not IPv6 routers and therefore do not forward datagrams, this counter includes datagrams discarded because the destination address was not a local address. Number of input datagrams discarded because datagram frame didn't carry enough data. Number of input IPv6 datagrams for which no problems were encountered to prevent their continue processing, but which were discarded (e.g., for lack of buffer space). Note that this counter does not include datagrams discarded while awaiting reassembly. Number of IPv6 fragments received which needed to be reassembled at this interface. Note that this counter increments at the interface to which these fragments were addressed, which might not be necessarily the input interface for some of the fragments. Number of IPv6 datagrams successfully reassembled. Note that this counter increments at the interface to which these datagrams were addressed, which might not be necessarily the input interface for some of the fragments. Number of failures detected by the IPv6 reassembly algorithm (for whatever reason: timed out, errors, etc.). Note that this is not necessarily a count of discarded IPv6 fragments since some algorithms (notably the algorithm in by combining them as they are received. This counter increments at the interface to which these fragments were addressed, which might not be necessarily the input interface for some of the fragments. Number of output datagrams which this entity received and forwarded to their final destinations. In entities which do not act as IPv6 routers, this counter will include only those packets which were Source-Routed via this entity, and the Source-Route processing was successful. Note that for a successfully forwarded datagram the counter of the outgoing interface increments. Total number of IPv6 datagrams which local IPv6 user protocols (including ICMP) supplied to IPv6 in requests for transmission. Note that this counter does not include any datagrams counted in ipv6IfStatsOutForwDatagrams.

    Received Datagrams With Unknown Protocol

    Received Datagrams Discarded Due To Invalid Address

    Received Datagrams Discarded Due To Truncated Data Received Datagrams Discarded Other

    Received Datagrams Reassembly Required

    Datagrams Successfully Reassembled

    Datagrams Failed To Reassemble

    Datagrams Forwarded

    Datagrams Locally Transmitted

    Enterasys G-Series CLI Reference

    18-29

    show ipv6 traffic

    Table 18-5
    Output Field

    show ipv6 traffic Output Details (Continued)


    What It Displays... Number of output IPv6 datagrams for which no problem was encountered to prevent their transmission to their destination, but which were discarded (e.g., for lack of buffer space). Note that this counter would include datagrams counted in ipv6IfStatsOutForwDatagrams if any such packets met this (discretionary) discard criterion. Number of IPv6 datagrams that have been successfully fragmented at this output interface. Number of IPv6 datagrams that have been discarded because they needed to be fragmented at this output interface but could not be. Number of output datagram fragments that have been generated as a result of fragmentation at this output interface. Number of multicast packets received by the interface. Number of multicast packets transmitted by the interface. Total number of ICMP messages received by the interface which includes all those counted by ipv6IfIcmpInErrors. Note that this interface is the interface to which the ICMP messages were addressed which may not be necessarily the input interface for the messages. Number of ICMP messages which the interface received but determined as having ICMP-specific errors (bad ICMP checksums, bad length, etc.). Number of ICMP Destination Unreachable messages received by the interface. Number of ICMP destination unreachable/communication administratively prohibited messages received by the interface. Number of ICMP Time Exceeded messages received by the interface. Number of ICMP Parameter Problem messages received by the interface. Number of ICMP Packet Too Big messages received by the interface. Number of ICMP Echo (request) messages received by the interface. Number of ICMP Echo Reply messages received by the interface. Number of ICMP Router Solicit messages received by the interface. Number of ICMP Router Advertisement messages received by the interface. Number of ICMP Neighbor Solicit messages received by the interface. Number of ICMP Neighbor Advertisement messages received by the interface.

    Datagrams Transmit Failed

    Datagrams Successfully Fragmented Datagrams Failed To Fragment

    Fragments Created Multicast Datagrams Received Multicast Datagrams Transmitted Total ICMPv6 Messages Received

    ICMPv6 Messages with Errors Received ICMPv6 Destination Unreachable Messages Received ICMPv6 Messages Prohibited Administratively Received ICMPv6 Time Exceeded Messages Received ICMPv6 Parameter Problem Messages Received ICMPv6 Packets Too Big Messages Received ICMPv6 Echo Request Messages Received ICMPv6 Echo Reply Messages Received ICMPv6 Router Solicit Messages Received ICMPv6 Router Advertisement Messages Received ICMPv6 Neighbor Solicit Messages Received ICMPv6 Neighbor Advertisement Messages Received

    18-30

    IPv6 Configuration

    show ipv6 traffic

    Table 18-5
    Output Field

    show ipv6 traffic Output Details (Continued)


    What It Displays... Number of Redirect messages received by the interface. Number of ICMPv6 Group Membership Query messages received. Number of ICMPv6 group Membership Response messages received. Number of ICMPv6 Group Membership Reduction messages received. Total number of ICMP messages which this interface attempted to send. Note that this counter includes all those counted by icmpOutErrors. Number of ICMP messages which this interface did not send due to problems discovered within ICMP such as a lack of buffers. This value should not include errors discovered outside the ICMP layer such as the inability of IPv6 to route the resultant datagram. In some implementations there may be no types of error which contribute to this counter's value. Number of ICMP Destination Unreachable messages sent by the interface. Number of ICMP destination unreachable/communication administratively prohibited messages sent. Number of ICMP Time Exceeded messages sent by the interface. Number of ICMP Parameter Problem messages sent by the interface. Number of ICMP Packet Too Big messages sent by the interface. Number of ICMP Echo (request) messages sent by the interface.ICMP echo messages sent Number of ICMP Echo Reply messages sent by the interface. Number of ICMP Router Solicitation messages sent by the interface. Number of ICMP Router Advertisement messages sent by the interface. Number of ICMP Neighbor Solicitation messages sent by the interface. Number of ICMP Neighbor Advertisement messages sent by the interface. Number of Redirect messages sent. For a host, this object will always be zero, since hosts do not send redirects. Number of ICMPv6 Group Membership Query messages sent. Number of ICMPv6 group Membership Response messages sent.

    ICMPv6 Redirect Messages Received ICMPv6 Group Membership Query Messages Received ICMPv6 Group Membership Response Messages Received ICMPv6 Group Membership Reduction Messages Received Total ICMPv6 Messages Transmitted

    ICMPv6 Messages Not Transmitted Due To Error

    ICMPv6 Destination Unreachable Messages Transmitted ICMPv6 Messages Prohibited Administratively Transmitted ICMPv6 Time Exceeded Messages Transmitted ICMPv6 Parameter Problem Messages Transmitted ICMPv6 Packet Too Big Messages Transmitted ICMPv6 Echo Request Messages Transmitted ICMPv6 Echo Reply Messages Transmitted ICMPv6 Router Solicit Messages Transmitted ICMPv6 Router Advertisement Messages Transmitted ICMPv6 Neighbor Solicit Messages Transmitted ICMPv6 Neighbor Advertisement Messages Transmitted ICMPv6 Redirect Messages Transmitted ICMPv6 Group Membership Query Messages Transmitted ICMPv6 Group Membership Response Messages Transmitted

    Enterasys G-Series CLI Reference

    18-31

    clear ipv6 statistics

    Table 18-5
    Output Field

    show ipv6 traffic Output Details (Continued)


    What It Displays... Number of ICMPv6 Group Membership Reduction messages sent. Number of duplicate addresses detected by the interface

    ICMPv6 Group Membership Reduction Messages Transmitted ICMPv6 Duplicate Address Detects

    clear ipv6 statistics


    ThiscommandclearsIPv6statisticsforallinterfacesoraspecificinterface.

    Syntax
    clear ipv6 statistics [interface]

    Parameters
    interface (Optional)Specifiestheinterfaceforstatisticsshouldbecleared. Interfacecanbeoftheform: vlanvlanid tunneltunnelid loopbackloopid

    Defaults
    Ifnointerfaceisspecified,statisticsarecleared(resetto0)forallinterfaces.

    Mode
    RouterprivilegedexecutionG3(su)>router#

    Usage
    IPv6statisticsaredisplayedwiththeshowipv6trafficcommand.Ifnointerfaceisspecified,the countersforallIPv6trafficstatisticsareresettozerowhenthiscommandisexecuted.

    Example
    ThisexampleclearsthestatisticsforVLAN6.
    G3(su)->router# clear ipv6 statistics vlan 6

    18-32

    IPv6 Configuration

    OSPFv3 Configuration
    * IPv6 Routing License Required *
    IPv6 routing must be enabled with a license key in order to use this feature. If you have purchased an IPv6 routing license key, and have enabled routing on the device, you must activate your license as described in Activating Licensed Features on page 2-27 in order to enable the OSPFv3 protocol configuration command set. If you wish to purchase an IPv6 routing license, contact Enterasys Networks Sales.

    19

    ThecommandsinthischapterperformconfigurationoftheOSPFv3routingprotocolonthe EnterasysGSeries.ForinformationaboutgeneralIPv6configuration,refertoChapter 18,IPv6 Configuration.ForinformationaboutmanagingIPv6hostfunctionalityattheswitchlevel,refer toChapter 17,IPv6Management.


    For information about... Global OSPFv3 Configuration Commands Area Configuration Commands Interface Configuration Commands OSPFv3 Show Commands Refer to page... 19-3 19-9 19-20 19-27

    Overview
    OSPFv3istheOpenShortestPathFirstroutingprotocolforIPv6.ItissimilartoOSPFv2inits conceptofalinkstatedatabase,intra/interareaandASexternalroutesandvirtuallinks.OSPFv3 alsodiffersfromOSPFv2inanumberofrespects: Peeringisdonevialinklocaladdresses. Theprotocolislinkratherthannetworkcentric. AddressingsemanticshavebeenmovedtoleafLSAs,whicheventuallywillallowitsusefor bothIPv4andIPv6. TwonewLSAshavebeenintroduced:thelinkLSAandtheintraareaLSA.

    Pointtopointlinksaresupportedinordertoenableoperationovertunnels.OSPFv3views IPv6overIPv4tunnelsasapointtopointinterfacewithalinklocaladdressandpossibly,a globalunicastaddress.OSPFv3usesthereportedMTUfortunnelinterfaces. OSPFv3supportsECMProutes.OSPFv3includesNSSAandASexternalLSAoverflowlimit support.RFC1583compatibilitydoesnotapplytoOSPFv3.NoOSPFv3authenticationmethods aresupportedatthistime. LSAformatsarechanged,andthetype3and4summaryLSAsarerenamedinterareaprefix andinterarearouterLSAs.AlsonotethatOSPFv3LSAidentifierscontainnoaddressing semantics.LSAscopeisgeneralizedtolink,area,andASscope.OSPFv3specifiestheprocessing

    Enterasys G-Series CLI Reference

    19-1

    Overview

    ofunsupportedLSAs.UnsupportedLSAsaremaintainedinthedatabaseandfloodedaccording toscope.InOSPFv3,routerswith100ormoreinterfacesgeneratemorethanonerouterLSA.A newlinkLSAhasbeencreated.AddressesinLSAsarespecifiedas[prefix,prefixlength]. AreaIDandRouterIDremain32bitidentifiers.OSPFv3identifiesNeighborsbyrouterIDinstead oftheinterfaceaddressusedinOSPFv2. NotethatbothOSPFv3andOSPFv2canbeenabledandrunontheEnterasysGSeries.

    Default Conditions
    ThefollowingtableliststhedefaultOSPFv3conditions.
    Condition IPv6 OSPF IPv6 OSPF cost IPv6 OSPF dead-interval IPv6 OSPF hello-interval IPv6 OSPF mtu-ignore IPv6 OSPF network IPv6 OSPF priority IPv6 OSPF retransmit-interval IPv6 OSPF transmit-delay Area stub no-summary Area virtual-link dead-interval Area virtual-link hello-interval Area virtual-link retransmit-interval Area virtual-link transmit-delay Default-information originate Distance OSPF Default Value Disabled 10 40 seconds 10 seconds Enabled Broadcast 1 4 1 Enabled 40 10 5 1 Metric unspecified Type 2 Intra 8 Inter 10 Type-1 13 Type-2 50 Enabled 0 -1 4 Metric unspecified Type 2 Tag 0 Enabled

    Administrative mode of OSPF Exit-overflow-interval External-lsdb-limit Maximum-paths Redistribute

    Trapflags

    19-2

    OSPFv3 Configuration

    Global OSPFv3 Configuration Commands

    Global OSPFv3 Configuration Commands


    Purpose
    ThesecommandsareusedtoconfigurearouterIDfortheOSPFv3router,toenterrouterOSPFv3 configurationmode,andtoconfigureglobalOSPFv3parameters.

    Command
    For information about... ipv6 router id ipv6 router ospf default-information originate default-metric distance ospf exit-overflow-interval external-lsdb-limit maximum-paths redistribute Refer to page... 19-3 19-4 19-4 19-5 19-5 19-6 19-7 19-8 19-8

    ipv6 router id
    Thiscommandconfiguresa32bitinteger,enteredin32bitdottedquadnotation,usedto uniquelyidentifythisOSPFv3router.

    Syntax
    ipv6 router id ip-address

    Parameters
    ipaddress SpecifiestheIDoftheOSPFv3router,in32bitdottedquadnotation.

    Defaults
    None.

    Mode
    Routerglobalconfiguration:G3(su)>router(Config)#

    Usage
    UsethiscommandtoconfiguretheOSPFv3routerID.

    Example
    ThisexampleillustratesconfiguringtheOSPFv3routerIDas2.2.2.2.
    G3(su)->router(Config)# ipv6 router id 2.2.2.2
    Enterasys G-Series CLI Reference 19-3

    ipv6 router ospf

    ipv6 router ospf


    ThiscommandentersRouterOSPFv3configurationmode.

    Syntax
    ipv6 router ospf

    Parameters
    None.

    Defaults
    None.

    Mode
    Routerglobalconfiguration:G3(su)>router(Config)#

    Usage
    UsethiscommandtoenterOSPFv3configurationmodesoyoucanconfigureglobalOSPFv3 parameters.

    Example
    ThisexampleillustratesenteringrouterOSPFv3configurationmode.
    G3(su)->router(Config)# ipv6 router ospf G3(su)->router(Config-router)#

    default-information originate
    Thiscommandisusedtocontroltheadvertisementofdefaultroutes.

    Syntax
    default-information originate [always] [metric value] [metric-type type] no default-information originate [metric] [metric-type]

    Parameters
    always metricvalue metrictypetype (Optional)Alwaysadvertisesthedefaultrouteinformation. (Optional)Specifiesthemetricofthedefaultroute.Themetricvaluecan rangefrom0to16777214. (Optional)Specifiesthemetrictypeofthedefaultroute.Themetrictype canbe1,whichspecifiestype1externalroute,or2,whichspecifiestype 2externalroute.

    Defaults
    Adefaultexternalrouteisnotgenerated. Thedefaultmetricisunspecified. Thedefaulttypeistype2.

    19-4

    OSPFv3 Configuration

    default-metric

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    UsethiscommandtogenerateadefaultexternalrouteintoanOSPFv3routingdomain.Usetheno formofthiscommandtostopthegenerationofadefaultexternalroute.

    Example
    Thisexamplespecifiesametricof100forthedefaultrouteredistributedintotheOSPFv3routing domain,andanexternalmetrictypeof1.
    G3(su)->router(Config-router)# default-information originate metric 100 metric-type 1

    default-metric
    ThiscommandsetsadefaultmetricforroutesredistributedfromanotherprotocolintoOSPFv3.

    Syntax
    default-metric metric no default-metric

    Parameters
    metric Thevalueofmetriccanrangefrom1to16777214.

    Defaults
    Nodefaultmetricisconfigured.

    Mode
    RouterOSPFv3configuration:G3(su)->router(Config-router)#

    Usage
    Usethiscommandtocausethesamemetricvaluetobeusedforallredistributedroutes. Usethenoformofthiscommandtoremoveaconfigureddefaultmetric.

    Example
    Thisexampleconfiguresametricof100tobeusedforallredistributedroutes.
    G3(su)->router(Config-router)# default-metric 100

    distance ospf
    ThiscommandsetstheroutepreferencevalueofOSPFv3.

    Syntax
    distance ospf {intra | inter | type1 | type2} preference no distance ospf {intra | inter | type1 | type2}

    Enterasys G-Series CLI Reference

    19-5

    exit-overflow-interval

    Parameters
    intra inter type1 type2 preference Specifiesthepreferenceforintraarearoutes(allrouteswithinanarea) Specifiesthepreferenceforinterarearoutes(allroutesbetweenareas) SpecifiesthepreferenceforType1externalroutes(routeslearnedby redistributionfromotherroutingdomains) SpecifiesthepreferenceforType2externalroutes(routeslearnedby redistributionfromotherroutingdomains) Thepreferencerangeisfrom1to255.

    Defaults
    Thedefaultpreferencevaluesare: Intraarea=8 Interarea=10 Type1=13 Type2=50

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    Lowerroutepreferencevaluesarepreferredwhendeterminingthebestroute.TheOSPFv3 specification(RFC2328)requiresthatpreferencesmustbegiventotherouteslearnedviaOSPFv3 inthefollowingorder:intraarea<interarea<Type1<Type2. Aroutewithapreferenceof255cannotbeusedtoforwardtraffic. Usethenoformofthiscommandtoresetthepreferencevaluesbacktothedefaults.

    Example
    Thefollowingexamplesettheintraareapreferenceto5.
    G3(su)->router(Config-router)# distance ospf intra 5

    exit-overflow-interval
    ThiscommandconfigurestheexitoverflowintervalforOSPFv3.

    Syntax
    exit-overflow-interval seconds no exit-overflow-interval

    Parameters
    seconds Specifiestherangeforseconds,whichisfrom0to2147483647.

    Defaults
    Thedefaultintervalvalueis0.

    19-6

    OSPFv3 Configuration

    external-lsdb-limit

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    TheexitoverflowintervalisthenumberofsecondsafterenteringOverflowstatethatarouterwill waitbeforeattemptingtoleavetheOverflowState.Thisallowstheroutertoagainoriginate nondefaultASexternalLSAs.Whensetto0,therouterwillnotleaveOverflowStateuntil restarted. Thenoformofthiscommandresetstheintervaltothedefaultof0.

    Example
    Thisexamplesetstheexitoverflowintervalto10seconds.
    G3(su)->router(Config-router)# exit-overflow-interval 10

    external-lsdb-limit
    ThiscommandconfigurestheexternalLSDBlimitforOSPFv3.

    Syntax
    external-lsdb-limit limit no external-lsdb-limit

    Parameters
    limit Specifiesthelimit,whichcanrangefrom1to2147483647.Avalueof1 meansthatthereisnolimit.

    Defaults
    Thedefaultvalueis1.

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    WhenthenumberofnondefaultASexternalLSAsinarouterslinkstatedatabasereachesthe externalLSDBlimit,therouterentersoverflowstate.Therouterneverholdsmorethanthe externalLSDBlimitnondefaultASexternalLSAsinitdatabase.TheexternalLSDBlimitMUST besetidenticallyinallroutersattachedtotheOSPFv3backboneand/oranyregularOSPFv3area. Thenoformofthiscommandresetsthelimittothedefaultvalueof1,meaningnolimit.

    Example
    ThisexamplesetstheexternalLSDBlimitto1000.
    G3(su)->router(Config-router)# external-lsdb-limit 1000

    Enterasys G-Series CLI Reference

    19-7

    maximum-paths

    maximum-paths
    ThiscommandsetsthenumberofpathsthatOSPFv3canreportforagivendestination.

    Syntax
    maximum-paths maxpaths no maximum-paths

    Parameters
    maxpaths Specifiesthevalueformaxpaths,whichcanrangefrom1to4.

    Defaults
    Thedefaultvalueis4.

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    Usethenoformofthiscommandtoresetthemaximumnumberofpathstothedefaultvalueof4.

    Example
    Thisexamplesetsthemaximumnumberofpathsforagivendestinationto3.
    G3(su)->router(Config-router)# maximum-paths 3

    redistribute
    ThiscommandconfigurestheOSPFv3protocoltoallowredistributionofroutesfromthespecified sourceprotocol/routers.

    Syntax
    redistribute {connected | static} [metric value] [metric-type type] [tag tag] no redistribute {connected | static} [metric] [metric-type] [tag]

    Parameters
    connected|static metricvalue metrictypetype Specifiesthesourceprotocoltoredistribute. (Optional)Specifiestherouteredistributionmetric.Themetricvaluecan rangefrom0to16777214. (Optional)Specifiestherouteredistributionmetrictype.Themetrictype canbe1,whichspecifiestype1externalroute,or2,whichspecifiestype 2externalroute. (Optional)Specifiesarouteredistributiontag.Thevalueoftagcan rangefrom0to4294967295.

    tagtag

    19-8

    OSPFv3 Configuration

    Area Configuration Commands

    Defaults
    Thedefaultvaluesare: Metric=unspecified Metrictype=Type2 Tag=0

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    ThenoformofthiscommandconfigurestheOSPFv3protocoltoprohibitredistributionofroutes fromthespecifiedsourceprotocol/routers.

    Example
    Thisexampleconfiguresrouteredistributionofstaticroutesandappliesametricof10
    G3(su)->router(Config-router)# redistribute static metric 10

    Area Configuration Commands


    Purpose
    Thesecommandsareusedtoconfigureareaparameters.

    Commands
    For information about... area default-cost area nssa area nssa default-info-originate area nssa no-redistribute area nssa no-summary area nssa translator role area nssa translator-stab-intv area range area stub area stub no-summary area virtual-link area virtual-link dead-interval area virtual-link hello-interval area virtual-link retransmit-interval area virtual-link transmit-delay Refer to page... 19-10 19-10 19-11 19-12 19-12 19-13 19-14 19-14 19-15 19-16 19-16 19-17 19-18 19-18 19-19
    Enterasys G-Series CLI Reference 19-9

    area default-cost

    area default-cost
    Thiscommandconfiguresthedefaultcostforthesummarydefaultroutegeneratedbythearea borderrouterintothestuborNSSAarea.

    Syntax
    area areaid default-cost cost no area areaid default-cost

    Parameters
    areaid cost SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value. Specifiesacost,whichcanrangebetween1and16777215.

    Defaults
    None.

    Mode
    RouterOSPFv3configuration:G3(su)->router(Config-router)#

    Usage
    UsethiscommandtosetthecostvalueforthedefaultroutethatissentintoastubareaorNSSA byanAreaBorderRouter(ABR).Thenoformofthiscommandremovesthecostvaluefromthe summaryroutethatissentintothestubarea.

    Example
    Thisexamplesetsthedefaultroutecostto50forarea20.
    G3(su)->router(Config-router)# area 20 default-cost 50

    area nssa
    Thiscommandconfiguresthespecifiedareatofunctionasanotsostubbyarea(NSSA).

    Syntax
    area areaid nssa no area areaid nssa

    Parameters
    areaid SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value.

    Defaults
    None.

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#
    19-10 OSPFv3 Configuration

    area nssa default-info-originate

    Usage
    AnNSSAallowssomeexternalroutesrepresentedbyexternalLinkStateAdvertisements(LSAs) tobeimportedintoit.Thisisincontrasttoastubareathatdoesnotallowanyexternalroutes. ExternalroutesthatarenotimportedintoanNSSAcanberepresentedbymeansofadefault route.ThisconfigurationisusedwhenanOSPFv3internetworkisconnectedtomultiplenon OSPFroutingdomains. ThenoformofthiscommandchangestheNSSAbacktoaplainarea.

    Example
    Thisexampleshowshowtoconfigurearea20asanNSSA.
    G3(su)->router(Config-router)# area 20 nssa

    area nssa default-info-originate


    Thiscommandconfiguresthemetricvalueandtypeforthedefaultrouteadvertisedintothe NSSA.

    Syntax
    area areaid nssa default-info-originate [metric] [comparable | non-comparable] no area areaid nssa default-info-originate

    Parameters
    areaid metric comparable| noncomparable SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value. (Optional)Specifiesthemetricofthedefaultroute,intherangeof1to 16777214. (Optional)Specifiesthemetrictype: comparablenssaexternal1 noncomparablenssaexternal2

    Defaults
    Defaultmetricvalueis10.

    Mode
    RouterOSPFv3configuration:G3(su)->router(Config-router)#

    Usage
    Usethiscommandtoallowadefaultroutetobeadvertisedwithinthearea.Thisoptionshouldbe configuredonlyonareaborderrouters(ABRs). Usethenoformofthiscommandtopreventadefaultroutetobeadvertisedwithinthearea.

    Example
    ThisexampleconfiguresNSSAarea20toadvertiseadefaultroute.
    G3(su)->router(Config-router)# area 20 nssa default-info-originate

    Enterasys G-Series CLI Reference

    19-11

    area nssa no-redistribute

    area nssa no-redistribute


    ThiscommandconfigurestheNSSAareaborderroutertonotredistributelearnedexternalroutes totheNSSA.

    Syntax
    area areaid no-redistribute no area areaid no-redistribute

    Parameters
    areaid SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value.

    Defaults
    None.

    Mode
    RouterOSPFv3configuration:G3(su)->router(Config-router)#

    Usage
    UsethiscommandtopreventredistributionoflearnedexternalroutestotheNSSAbythisarea borderrouter(ABR).Usethenoformofthiscommandtoenableredistributionoflearnedexternal routestotheNSSA.

    Example
    ThisexampleconfigurestheroutertonotredistributelearnedexternalroutesintoNSSA20.
    G3(su)->router(Config-router)# area 20 no-redistribute

    area nssa no-summary


    ThiscommandconfigurestheNSSAareaborderroutertonotadvertisesummaryroutesintothe NSSA.

    Syntax
    area areaid nssa no-summary no area areaid nssa no-summary

    Parameters
    areaid SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value.

    Defaults
    None.

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    19-12

    OSPFv3 Configuration

    area nssa translator role

    Usage
    UsethiscommandtopreventtheadvertisingofsummaryroutesintothespecifiedNSSAbythis router.UsethenoformofthiscommandtoenableadvertisingofsummaryroutesintotheNSSA.

    Example
    ThisexampletheroutertonotadvertisesummaryroutesintoNSSA20.
    G3(su)->router(Config-router)# area 20 nssa no-summary

    area nssa translator role


    Thiscommandconfiguresthetranslatorroleoftherouter.

    Syntax
    area areaid nssa translator-role {always | candidate} no area areaid nssa translator-role

    Parameters
    areaid always candidate SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value. Specifiesthattherouterwillalwaysassumetheroleofthetranslatorthe instantisbecomesaborderrouter. Specifiesthattherouterwillparticipateinthetranslatorelection processwhenitbecomesaborderrouter.

    Defaults
    Bydefault,thetranslatorroleisdisabled.

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    TheNSSATranslatorRolespecifieswhetherornotanNSSArouterwillunconditionallytranslate Type7LSAstoType5LSAswhenactingasanNSSAborderrouter. Whenthealwaysparameterisspecifiedwiththiscommand,therouterwillalwaystranslate Type7LSAs,regardlessofthetranslatorstateofotherNSSAborderrouters.Whenthecandidate parameterisspecified,theNSSArouterwillparticipateinthetranslatorelectionprocess describedinRFC3101,TheOSPFNotSoStubbyArea(NSSA)Option. Usethenoformofthiscommandtoreturntheconfiguredtranslatorroletothedefaultof disabled.

    Example
    Thisexampleconfigurestheroutertoalwaysassumethetranslatorrolewhenitbecomesanarea borderrouterforNSSA20.
    G3(su)->router(Config-router)# area 20 nssa translator-role always

    Enterasys G-Series CLI Reference

    19-13

    area nssa translator-stab-intv

    area nssa translator-stab-intv


    ThiscommandconfiguresthetranslatorstabilityintervaloftheNSSA.

    Syntax
    area areaid translator-stab-intv interval no area areaid translator-stab-intv

    Parameters
    areaid interval SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value. Specifiesthestabilityintervalinseconds.Thevalueofintervalcanrange from0to3600seconds.

    Defaults
    Thedefaultintervalis40seconds.

    Mode
    RouterOSPFv3configuration:G3(su)->router(Config-router)#

    Usage
    Thestabilityintervalistheperiodoftimethatanelectedtranslatorcontinuestoperformitsduties afteritdeterminesthatitstranslatorstatushasbeendeposedbyanotherrouter.

    Example
    Thisexamplesetsthetranslatorstabilityintervalto60secondsforNSSA20.
    G3(su)->router(Config-router)# area 20 nssa translator-stab-intv 60

    area range
    ThiscommandcreatesanaddressrangeforthespecifiedNSSA.

    Syntax
    area areaid range ipv6-prefix/prefix-length {summarylink | nssaexternallink} [advertise | not-advertise] no area areaid range ipv6-prefix/prefix-length

    Parameters
    areaid SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value.

    ipv6prefix/prefixlength SpecifiesIPv6prefixandthelengthoftheIPv6prefixfortheaddress range.Theprefixmustbespecifiedinhexadecimalusing16bitvalues betweencolons. Thevalueofprefixlengthisadecimalnumberindicatingthenumberof highordercontiguousbitsthatcomprisetheprefix. summarylink SpecifiesthatroutesummarizationshouldbebasedonsummaryLSAs.

    19-14

    OSPFv3 Configuration

    area stub

    nssaexternallink advertise| notadvertise

    SpecifiesthatroutesummarizationshouldbebasedonexternalLSAs Type7. (Optional)Specifieswhetherornottheroutesshouldbeadvertised.If neitherparameterisspecifies,thedefaultisadvertise.

    Defaults
    Areaaddressrangesarenotconfiguredbydefault.

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    Addressrangescontroltheadvertisementofroutesacrossareaboundaries.Routinginformation issummarized,oraggregated,atareaboundaries.Externaltothearea,atmostasinglerouteis advertised(viaaninterareaprefixLSA)foreachaddressrange.Arouteisadvertisedifandonly iftheaddressrangesstatusissettoadvertise.Thedefaultconditionistoadvertise. ForABRsconfiguredforNSSA,routesummarization/aggregationcanbeimplementedbasedon LSAtypeeithersummaryLSAs(specifiedwiththesummarylinkparameter),orNSSAexternal LSAsType7(specifiedwiththenssaexternallinkparameter). Youcanconfiguremultipleaddressrangeswiththiscommand. Usethenoformofthiscommandtoremoveaconfiguredaddressrange.

    Example
    Thisexampleconfiguresanaddressrangetobeconsolidatedandadvertisedbasedonsummary LSAs.
    G3(su)->router(Config-router)# area 20 range 3FFe:501::/32 summarylink

    area stub
    ThiscommandcreatesastubareaforthespecifiedareaID.

    Syntax
    area areaid stub no area areaid stub

    Parameters
    areaid SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value.

    Defaults
    None.

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Enterasys G-Series CLI Reference

    19-15

    area stub no-summary

    Usage
    AstubareaischaracterizedbythefactthatASexternalLSAsarenotpropagatedintothearea. RemovingASexternalLSAsandsummaryLSAscansignificantlyreducethelinkstatedatabaseof routerswithinthestubarea. Usethenoformofthecommandtodeleteastubarea.

    Example
    ThisexamplecreatesastubareawiththeIDof30.
    G3(su)->router(Config-router)# area 30 stub

    area stub no-summary


    ThiscommanddisablestheimportofsummaryLSAsintothespecifiedstubarea.

    Syntax
    area areaid stub no-summary no area areaid stub no-summary

    Parameters
    areaid SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value.

    Defaults
    None.

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    UsethenoformofthiscommandtosetthesummaryLSAimportmodetothedefaultforthe specifiedstubarea.

    Example
    TheexampledisablestheimportofsummaryLSAsintostubarea30.
    G3(su)->router(Config-router)# area 30 stub no-summary

    area virtual-link
    ThiscommandcreatestheOSPFv3virtualinterfaceforthespecifiedareaandneighbor.

    Syntax
    area areaid virtual-link neighborid no area areaid virtual-link neighborid

    19-16

    OSPFv3 Configuration

    area virtual-link dead-interval

    Parameters
    areaid neighborid SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value. SpecifiesthevirtuallinkneighborbymeansofitsrouterID.Therouter IDmustbeenteredin32bitdottedquadnotation.

    Defaults
    None.

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    ThevirtuallinkneighborisidentifiedbyitsrouterID.Usethenoformofthiscommandtodelete theconfiguredOSPFv3virtualinterfaceidentifiedbyareaandneighbor.

    Example
    Thisexamplecreatesavirtualinterfaceforarea20andtheneighborwithrouterID2.2.2.2.
    G3(su)->router(Config-router)# area 20 virtual-link 2.2.2.2

    area virtual-link dead-interval


    ThiscommandconfiguresthedeadintervalforthespecifiedOSPFv3virtualinterface.

    Syntax
    area areaid virtual-link neighborid dead-interval seconds no area areaid virtual-link neighborid dead-interval

    Parameters
    areaid neighborid seconds SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value. SpecifiesthevirtuallinkneighborbymeansofitsrouterID.Therouter IDmustbeenteredin32bitdottedquadnotation. Specifiesthevalueofthedeadintervalinseconds.Therangeisfrom1 to65535seconds.

    Defaults
    Thedefaultdeadintervalis40seconds.

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    Usethenoformofthiscommandtoreturnaconfiguredvaluetothedefaultof40seconds.

    Enterasys G-Series CLI Reference

    19-17

    area virtual-link hello-interval

    Example
    Thisexampleconfiguresadeadintervalof60secondsforthespecifiedvirtualinterface.
    G3(su)->router(Config-router)# area 20 virtual-link 2.2.2.2 dead-interval 60

    area virtual-link hello-interval


    ThiscommandconfiguresthehellointervalforthespecifiedOSPFv3virtualinterface.

    Syntax
    area areaid virtual-link neighborid hello-interval seconds no area areaid virtual-link neighborid hello-interval

    Parameters
    areaid neighborid seconds SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value. SpecifiesthevirtuallinkneighborbymeansofitsrouterID.Therouter IDmustbeenteredin32bitdottedquadnotation. Specifiesthevalueofthehellointervalinseconds.Therangeisfrom1 to65535seconds.

    Defaults
    Thedefaulthellointervalis10seconds.

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    Usethenoformofthiscommandtoreturnaconfiguredvaluetothedefaultvalueof10seconds.

    Example
    Thisexampleconfiguresahellointervalof30secondsforthespecifiedOSPFv3virtualinterface.
    G3(su)->router(Config-router)# area 20 virtual-link 2.2.2.2 hello-interval 30

    area virtual-link retransmit-interval


    ThiscommandconfigurestheretransmitintervalforthespecifiedOSPFv3virtualinterface.

    Syntax
    area areaid virtual-link neighborid retransmit-interval seconds no area areaid virtual-link neighborid retransmit-interval

    Parameters
    areaid SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value.

    19-18

    OSPFv3 Configuration

    area virtual-link transmit-delay

    neighborid seconds

    SpecifiesthevirtuallinkneighborbymeansofitsrouterID.Therouter IDmustbeenteredin32bitdottedquadnotation. Specifiesthevalueoftheretransmitintervalinseconds.Therangeis from1to3600seconds.

    Defaults
    Thedefaultretransmitintervalis5seconds.

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    Usethenoformofthiscommandtoreturnaconfiguredvaluetothedefaultvalueof5seconds.

    Example
    Thisexamplesetstheretransmitintervalto10secondsforthespecifiedOSPFv3virtualinterface.
    G3(su)->router(Config-router)# area 20 virtual-link 2.2.2.2 retransmit-interval 10

    area virtual-link transmit-delay


    ThiscommandconfiguresthetransmitdelayforthespecifiedOSPFv3virtualinterface.

    Syntax
    area areaid virtual-link neighborid transmit-delay seconds no area areaid virtual-link neighborid transmit-delay

    Parameters
    areaid neighborid seconds SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value. SpecifiesthevirtuallinkneighborbymeansofitsrouterID.Therouter IDmustbeenteredin32bitdottedquadnotation. Specifiesthevalueofthetransmitdelayinseconds.Therangeisfrom1 to3600seconds.

    Defaults
    Thedefaulttransmitdelayis1second.

    Mode
    RouterOSPFv3configuration:G3(su)>router(Configrouter)#

    Usage
    Usethenoformofthiscommandtoresetthetransmitdelaytothedefaultof1second.

    Enterasys G-Series CLI Reference

    19-19

    Interface Configuration Commands

    Example
    Thisexamplesetsthetransmitdelayto2secondsforthespecifiedOSPFv3virtualinterface.
    G3(su)->router(Config-router)# area 20 virtual-link 2.2.2.2 transmit-delay 2

    Interface Configuration Commands


    Purpose
    ThesecommandscanbeusedtoconfigureOSPFv3routinginterfaceparameters.

    Commands
    For information about... ipv6 ospf enable ipv6 ospf areaid ipv6 ospf cost ipv6 ospf dead-interval ipv6 ospf hello-interval ipv6 ospf mtu-ignore ipv6 ospf network ipv6 ospf priority ipv6 ospf retransmit-interval ipv6 ospf transmit-delay Refer to page... 19-20 19-21 19-22 19-22 19-23 19-24 19-24 19-25 19-26 19-26

    ipv6 ospf enable


    ThiscommandenablesOSPFv3onarouterinterfaceoraloopbackinterface.

    Syntax
    ipv6 ospf enable no ipv6 ospf enable

    Parameters
    None.

    Defaults
    OSPFv3isdisabledbydefault.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    19-20

    OSPFv3 Configuration

    ipv6 ospf areaid

    Usage
    UsethiscommandtoenableOSPFv3onarouterVLANinterfaceoronaloopbackinterface.Use thenoformofthiscommandtodisableOSPFv3onaninterface.
    Note: In order for OSPFv3 to run on an interface, IPv6 must be explicitly enabled on the interface using the ipv6 enable command.

    Example
    ThisexampleentersrouterinterfaceconfigurationmodeforVLAN7andthenenablesOSPFv3on theinterface.
    G3(su)->router(Config)# interface vlan 7 G3(su)->router(Config-if(Vlan 7))# ipv6 ospf enable

    ipv6 ospf areaid


    ThiscommandsetstheOSPFv3areatowhichtherouterinterfacebelongs.

    Syntax
    ipv6 ospf areaid areaid no ipv6 ospf areaid areaid

    Parameters
    areaid SpecifiestheareaIDineither32bitdottedquadformatorasadecimal numberbetween0and4294967295.

    Defaults
    None.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    TheareaIDuniquelyidentifiestheareatowhichtheinterfaceconnects.AssigninganareaID whichdoesnotexistonaninterfacecausestheareatobecreatedwithdefaultvalues. Usethenoformofthiscommandtoremoveanareafromtheinterface.

    Examples
    ThisexampleassignsVLAN7toarea20,expressedindottedquadformat.
    G3(su)->router(Config)# interface vlan 7 G3(su)->router(Config-if(Vlan 7))# ipv6 ospf areaid 0.0.0.20

    ThisexampleassignsVLAN7toarea20,expressedasadecimalnumber.
    G3(su)->router(Config-if(Vlan 7))# ipv6 ospf areaid 20

    Enterasys G-Series CLI Reference

    19-21

    ipv6 ospf cost

    ipv6 ospf cost


    ThiscommandconfiguresthecostofsendingapacketonanOSPFv3interface.

    Syntax
    ipv6 ospf cost cost no ipv6 ospf cost cost

    Parameters
    cost Specifiesthecostofsendingapacketonthisinterface.Thevaluecan rangefrom1to65535.

    Defaults
    Thedefaultcostis10.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    Usethiscommandtoexplicitlyspecifythecostofsendingapacketontheinterfacebeing configuredforOSPFv3.Usethenoformofthiscommandtoreturnthecosttothedefaultvalueof 10.

    Example
    ThisexampleconfiguresthecostforrouterinterfaceVLAN7to100.
    G3(su)->router(Config)# interface vlan 7 G3(su)->router(Config-if(Vlan 7))# ipv6 ospf cost 100

    ipv6 ospf dead-interval


    ThiscommandsetstheOSPFv3deadintervalfortherouterinterface.

    Syntax
    ipv6 ospf dead-interval seconds no ipv6 ospf dead-interval seconds

    Parameters
    seconds SpecifiestheOSPFv3deadintervalinseconds.Thevaluecanrange from1to2147483647seconds.

    Defaults
    Thedefaultdeadintervalvalueis40seconds.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    19-22

    OSPFv3 Configuration

    ipv6 ospf hello-interval

    Usage
    TheOSPFv3deadintervalisthelengthoftimeinsecondsthataroutersHellopacketshavenot beenseenbeforeitsneighborroutersdeclarethattherouterisdown.Thevalueforthedead intervalmustbethesameforallroutersattachedtoacommonnetwork,andshouldbesome multipleofthehellointerval. Usethenoformofthiscommandtoreturnthedeadintervaltothedefaultvalueof40seconds.

    Example
    ThisexamplesetsthedeadintervalforrouterinterfaceVLAN7to60seconds.
    G3(su)->router(Config)# interface vlan 7 G3(su)->router(Config-if(Vlan 7))# ipv6 ospf dead-interval 60

    ipv6 ospf hello-interval


    ThiscommandsetstheOSPFv3hellointervalfortherouterinterface.

    Syntax
    ipv6 ospf hello-interval seconds no ipv6 ospf hello-interval seconds

    Parameters
    seconds SpecifiestheOSPFv3hellointervalinseconds.Thevaluecanrange from1to65535seconds.

    Defaults
    Thedefaulthellointervalis10seconds.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    UsethiscommandtospecifytheintervalbetweenhellopacketsthatOSPFv3sendsonthe interfacebeingconfigured.Theshorterthehellointerval,thefastertopologicalchangeswillbe detected,butmoreroutingtrafficwillensue.Thehellointervalmustbethesameforallrouters attachedtoacommonnetwork. Usethenoformofthiscommandtoreturnthehellointervaltothedefaultvalueof10seconds.

    Example
    ThisexamplesetsthehellointervalforrouterinterfaceVLAN7to20seconds.
    G3(su)->router(Config)# interface vlan 7 G3(su)->router(Config-if(Vlan 7))# ipv6 ospf hello-interval 20

    Enterasys G-Series CLI Reference

    19-23

    ipv6 ospf mtu-ignore

    ipv6 ospf mtu-ignore


    ThiscommanddisablesOSPFv3maximumtransmissionunit(MTU)mismatchdetection.

    Syntax
    ipv6 ospf mtu-ignore no ipv6 ospf mtu-ignore

    Parameters
    None.

    Defaults
    Bydefault,MTUmismatchdetectionisenabled.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    OSPFDatabaseDescriptionpacketsspecifythesizeofthelargestIPpacketthatcanbesent withoutfragmentationontheinterface.WhenarouterreceivesaDatabaseDescriptionpacket,it examinestheMTUadvertisedbytheneighbor.Bydefault,iftheMTUislargerthantheroutercan accept,theDatabaseDescriptionpacketisrejectedandtheOSPFadjacencyisnotestablished. UsethiscommandtopreventtheOSPFv3routerprocessfromcheckingwhetherneighborsare usingthesamemaximumtransmissionunit(MTU)onacommoninterfacewhenexchanging DatabaseDescriptionpackets. UsethenoformofthiscommandtoenableMTUmismatchdetection.

    Example
    ThisexampledisablesMTUmismatchdetectiononrouterinterfaceVLAN7.
    G3(su)->router(Config)# interface vlan 7 G3(su)->router(Config-if(Vlan 7))# ipv6 ospf mtu-ignore

    ipv6 ospf network


    ThiscommandchangesthedefaultOSPFv3networktypefortherouterinterface.

    Syntax
    ipv6 ospf network {broadcast | point-to-point} no ipv6 ospf network {broadcast | point-to-point}

    Parameters
    broadcast pointtopoint Setsthenetworktypetobroadcast. Setsthenetworktypetopointtopoint.

    Defaults
    Defaultnetworktypeisbroadcast.

    19-24

    OSPFv3 Configuration

    ipv6 ospf priority

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    Normally,thenetworktypeisdeterminedfromthephysicalIPnetworktype.Bydefault,all EthernetnetworksareOSPFv3typebroadcast.Similarly,tunnelinterfacesdefaulttopointto point.WhenanEthernetportisusedasasinglelargebandwidthIPnetworkbetweentworouters, thenetworktypecanbepointtopointsincethereareonlytworouters.Usingpointtopointas thenetworktypeeliminatestheoverheadoftheOSPFv3designatedrouterelection.Itisnormally notusefultosetatunneltoOSPFv3networktypebroadcast. Usethenoformofthiscommandtosetthenetworktypetothedefault.

    Example
    ThisexamplesetsthenetworktypetopointtopointforrouterinterfaceVLAN7.
    G3(su)->router(Config)# interface vlan 7 G3(su)->router(Config-if(Vlan 7))# ipv6 ospf network point-to-point

    ipv6 ospf priority


    ThiscommandsetstheOSPFv3priorityfortherouterinterface.Routerpriorityhelpsdetermine thedesignatedrouterforanOSPFv3link.

    Syntax
    ipv6 ospf priority priority no ipv6 ospf priority

    Parameters
    priority Specifiesthepriorityvalue,whichcanrangefrom0to255.

    Defaults
    Defaultpriorityvalueis1.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    Whentworoutersonthesamenetworkattempttobecomethedesignatedrouter,theonewiththe higherrouterprioritytakesprecedence.Ifthereisatie,therouterwiththehigherrouterIDtakes precedence.Arouterwitharouterprioritysettozeroisineligibletobecomethedesignatedrouter orbackupdesignatedrouter. Usethenoformofthiscommandtoreturnpriorityvaluetothedefaultof1.

    Example
    ThisexamplesetsthepriorityforrouterinterfaceVLAN7to5.
    G3(su)->router(Config)# interface vlan 7 G3(su)->router(Config-if(Vlan 7))# ipv6 ospf priority 5

    Enterasys G-Series CLI Reference

    19-25

    ipv6 ospf retransmit-interval

    ipv6 ospf retransmit-interval


    ThiscommandconfigurestheOSPFv3retransmitintervalfortherouterinterface.

    Syntax
    ipv6 ospf retransmit-interval seconds no ipv6 ospf retransmit-interval

    Parameters
    seconds Specifiestheretransmitintervalvalue,whichcanrangefrom0to3600 seconds.

    Defaults
    Defaultvalueis4seconds.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    Usage
    Theretransmitintervalisthenumberofsecondsbetweenlinkstateadvertisement retransmissionsforadjacenciesbelongingtothisrouterinterface.Thisvalueisalsousedwhen retransmittingdatabasedescriptionandlinkstaterequestpackets. Usethenoformofthiscommandtoresettheretransmitintervaltothedefaultvalueof4seconds.

    Example
    Thisexamplesetstheretransmitintervalto10secondsforrouterinterfaceVLAN7.
    G3(su)->router(Config)# interface vlan 7 G3(su)->router(Config-if(Vlan 7))# ipv6 ospf retransmit-interval 10

    ipv6 ospf transmit-delay


    ThiscommandsetstheOSPFv3transmitdelayfortherouterinterface.

    Syntax
    ipv6 ospf transmit-delay seconds no ipv6 ospf transmit-delay

    Parameters
    seconds Specifiesthetransmitdelay,whichcanrangefrom1to3600seconds.

    Defaults
    Defaultvalueis1second.

    Mode
    Routerinterfaceconfiguration:G3(su)>router(Configif(Vlan1))#

    19-26

    OSPFv3 Configuration

    OSPFv3 Show Commands

    Usage
    Thetransmitdelay,specifiedinseconds,setstheestimatednumberofsecondsittakestotransmit alinkstateupdatepacketoverthisinterface. Usethenoformofthiscommandtoreturnthetransmitdelaytothedefaultvalueof1seconds.

    Example
    Thisexamplesetsthetransmitdelayvalueto4secondsforrouterinterfaceVLAN7.
    G3(su)->router(Config)# interface vlan 7 G3(su)->router(Config-if(Vlan 7))# ipv6 ospf transmit-delay 4

    OSPFv3 Show Commands


    Purpose
    ThesecommandsareusedtodisplayOSPFv3informationandstatistics.

    Commands
    For information about... show ipv6 ospf show ipv6 ospf area show ipv6 ospf abr show ipv6 ospf asbr show ipv6 ospf database show ipv6 ospf interface show ipv6 ospf interface stats show ipv6 ospf neighbor show ipv6 ospf range show ipv6 ospf stub table show ipv6 ospf virtual-link Refer to page... 19-27 19-29 19-30 19-31 19-32 19-36 19-38 19-40 19-42 19-43 19-44

    show ipv6 ospf


    ThiscommanddisplaysOSPFv3routerinformation.

    Syntax
    show ipv6 ospf

    Parameters
    None.

    Enterasys G-Series CLI Reference

    19-27

    show ipv6 ospf

    Defaults
    None.

    Mode
    Routerprivilegedexecution:G3(su)>router#

    Example
    ThisexampleshowshowtodisplayOSPFv3routerinformation.
    G3(su)->router# show ipv6 ospf Router ID OSPF Admin Mode ASBR Mode ABR Status Exit Overflow Interval External LSA Count External LSA Checksum New LSAs Originated LSAs Received External LSDB Limit Default Metric Maximum Paths Default Route Advertise Always Metric Metric Type 2.2.2.2 Enable Enable Enable 0 0 0 89 177 No Limit Not Configured 4 Disabled FALSE External Type 2

    Table 191providesanexplanationofthecommandoutput.
    Note: Some of the information in Table 19-1 displays only if you enable OSPFv3 and configure certain features.

    Table 19-1
    Output Field Router ID

    show ipv6 ospf Output Details


    What It Displays... A 32 bit integer in dotted decimal format identifying the router, about which information is displayed. This is a configured value. Whether the administrative mode of OSPF in the router is enabled or disabled. This is a configured value. Whether the ASBR mode is enabled or disabled. Enable implies that the router is an autonomous system border router. Router automatically becomes an ASBR when it is configured to redistribute routes learnt from other protocol. The possible values for the ASBR status is enabled (if the router is configured to redistribute routes learnt by other protocols) or disabled (if the router is not configured for the same). Whether the router is an OSPF Area Border Router. The number of seconds that, after entering Overflow State, a router will attempt to leave Overflow State. The number of external (LS type 5) link-state advertisements in the link-state database. The sum of the LS checksums of external link-state advertisements contained in the link-state database.

    OSPF Admin Mode ASBR Mode

    ABR Status Exit Overflow Interval External LSA Count External LSA Checksum

    19-28

    OSPFv3 Configuration

    show ipv6 ospf area

    Table 19-1
    Output Field

    show ipv6 ospf Output Details


    What It Displays... The number of new link-state advertisements that have been originated. The number of link-state advertisements received determined to be new instantiations. The maximum number of non-default AS-external-LSAs entries that can be stored in the link-state database. Default value for redistributed routes. The maximum number of paths that OSPF can report for a given destination. Whether the default routes received from other source protocols are advertised or not. Whether default routes are always advertised. The metric for the advertised default routes. If the metric is not configured, this field is blank. Whether the routes are External Type 1 or External Type 2.

    New LSAs Originated LSAs Received External LSDB Limit Default Metric Maximum Paths Default Route Advertise Always Metric Metric Type

    show ipv6 ospf area


    ThiscommanddisplaysinformationaboutthespecifiedOSPFv3area.

    Syntax
    show ipv6 ospf area areaid

    Parameters
    areaid SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value.

    Defaults
    None.

    Mode
    Routerprivilegedexecution:G3(su)>router#

    Example
    ThisexampleshowshowtodisplayOSPFv3informationforarea20.
    G3(su)->router>show ipv6 ospf area 20 AreaID External Routing Spf Runs Area Border Router Count Area LSA Count Area LSA Checksum Stub Mode 0.0.0.20 Import NSSAs 7 0 5 188094 Disable

    Table 192 provides an explanation of the command output.

    Enterasys G-Series CLI Reference

    19-29

    show ipv6 ospf abr

    Table 19-2
    Output Field AreaID

    show ipv6 ospf area Output Details


    What It Displays... Area ID of the requested OSPFv3 area. The external routing capabilities for this area. Number of times that the intra-area route table has been calculated using this area's link-state database. Total number of area border routers reachable within this area. Total number of link-state advertisements in this area's link-state database, excluding AS External LSAs. Number representing the Area LSA Checksum for the specified Area ID excluding the external (LS type 5) link-state advertisements. Whether the specified area is a stub area or not. The possible values are enabled and disabled. This is a configured value. Whether to import summary LSAs (enabled or disabled). Metric value of the stub area. This field displays only if the area is a configured as a stub area.

    External Routing Spf Runs Area Border Router Count Area LSA Count Area LSA Checksum

    Stub Mode Import Summary LSAs OSPF Stub Metric Value

    show ipv6 ospf abr


    ThiscommanddisplaysOSPFv3routestoreachareaborderrouters.

    Syntax
    show ipv6 ospf abr

    Parameters
    None.

    Defaults
    None.

    Mode
    Routerprivilegedexecution:G3(su)>router#

    Example
    ThisexampleshowshowtodisplayOSPFv3areaborderrouterinformation.
    G3(su)->router# show ipv6 ospf abr Type Router Id Cost Area ID Next Hop Intf ----- -------------- ---- ------------ -------------------------------- -------INTRA 82.15.0.1 10 0.0.0.10 FE80::200:2DFF:FEE6:FB6B Vlan 48 Next Hop

    Table 193providesanexplanationofthecommandoutput.

    19-30

    OSPFv3 Configuration

    show ipv6 ospf asbr

    Table 19-3
    Output Field Type

    show ipv6 ospf abr Output Details


    What It Displays... The type of the route to the destination, which is one of the following values: INTRA Intra-area route INTER Inter-area route

    Router ID Cost Area ID Next Hop Intf Next Hop Intf

    Router ID of the destination. Cost of using this route. The area ID of the area from which this route is learned. Address of the next hop toward the destination. The outgoing router interface to use when forwarding traffic to the next hop.

    show ipv6 ospf asbr


    ThiscommanddisplaysOSPFv3routestoreachASborderrouters.

    Syntax
    show ipv6 ospf asbr

    Parameters
    None.

    Defaults
    None.

    Mode
    Routerprivilegedexecution:G3(su)>router#

    Example
    ThisexampleshowshowtodisplayOSPFv3ASborderrouterroutes.
    G3(su)->router# show ipv6 ospf asbr Type Next Hop Intf ----- -------------- ---- ------------ -------------------------------- -------INTER 1.11.1.1 5 0.0.0.20 FE80::100:1111:FEE6:FB7A Vlan 35 Router Id Cost Area ID Next Hop

    Table 194providesanexplanationofthecommandoutput. Table 19-4


    Output Field Type

    show ipv6 ospf asbr Output Details


    What It Displays... The type of the route to the destination, which is one of the following values: INTRA Intra-area route INTER Inter-area route

    Enterasys G-Series CLI Reference

    19-31

    show ipv6 ospf database

    Table 19-4
    Output Field Router ID Cost Area ID Next Hop Next Hop Intf

    show ipv6 ospf asbr Output Details (Continued)


    What It Displays... Router ID of the destination. Cost of using this route. The area ID of the area from which this route is learned. Address of the next hop toward the destination. The outgoing router interface to use when forwarding traffic to the next hop.

    show ipv6 ospf database


    ThiscommanddisplaysinformationaboutthelinkstatedatabasewhenOSPFv3isenabled.

    Syntax
    show ipv6 ospf [areaid] database [{external | inter-area {prefix | router} | link | network | nssa-external | prefix | router | unknown {area | as | link}}] [lsid] [{adv-router [rtrid] | self-originate | database-summary}]

    Parameters
    areaid external interarea prefix router link network nssaexternal unknown {area|as|link} lsid advrouter[rtrid] (Optional)Displaydatabaseinformationaboutaspecificarea.Enterthe areaIDinIPaddressformat(dottedquad)orasadecimalvalue. (Optional)DisplayexternalLSAs. (Optional)DisplayinterareaLSAs. (Optional)DisplayintraareaPrefixLSAs. (Optional)DisplayrouterLSAs. (Optional)DisplaylinkLSAs. (Optional)DisplaynetworkLSAs. (Optional)DisplayNSSAexternalLSAs. (Optional)Displayunknownarea,unknownAS,orunknownlink LSAs. (Optional)SpecifiesthelinkstateID. (Optional)DisplaytheLSAsthatarerestrictedbytheadvertising router.Optionally,specifytherouterbyitsrouterID(rtrid),enteredasa 32bitdottedquadvalue. (Optional)DisplayLSAsthatareselforiginated. (Optional)DisplaysthenumberofeachtypeofLSAinthedatabaseand thetotalnumberofLSAsinthedatabase.

    selforiginate databasesummary

    Defaults
    Ifnoparametersareentered,LSAheadersforallareasaredisplayed.

    Mode
    Routerprivilegedexecution:G3(su)>router#

    19-32

    OSPFv3 Configuration

    show ipv6 ospf database

    Usage
    Ifyouexecutethiscommandwithoutanyparameters,LSAheadersforallareasaredisplayed. Usetheareaidparametertodisplaydatabaseinformationforaspecificarea.Theotheroptional parameterscanbeusedtospecifyaparticulartypeoflinkstateadvertisementtodisplay.

    Examples
    ThisexampledisplaystheoutputwhenanareaIDisspecified.
    G3(su)->router#show ipv6 ospf 10 database Inter Network States (Area 0.0.0.10) Adv Router Link Id Age Sequence Csum Options Rtr Opt --------------- --------------- ----- -------- ---- ------- ------2.2.2.2 1 153 80000026 A8F2 Intra Prefix States (Area 0.0.0.10)

    Adv Router Link Id Age Sequence Csum Options Rtr Opt --------------- --------------- ----- -------- ---- ------- ------2.2.2.2 0 506 80000027 DD00 AS External States Adv Router Link Id Age Sequence Csum Options Rtr Opt --------------- --------------- ----- -------- ---- ------- ------2.2.2.2 1 342 8000002C 0C20

    Thisexampleshowspartialoutputofthiscommandwhennoparametersarespecified.
    G3(su)->router>show ipv6 ospf database router links States (Area 0.0.0.0) Adv Router Link Id --------------- --------------2.2.2.2 0 3.3.3.3 0 Age Sequence Csum Options Rtr Opt ----- -------- ---- ------- ------1288 80000273 32A9 V6E--R- ---EB 1098 80000251 7D11 V6E--RD -----

    network links States (Area 0.0.0.0) Adv Router Link Id Age Sequence Csum Options Rtr Opt --------------- --------------- ----- -------- ---- ------- ------3.3.3.3 3 1098 800001DB 8A7F V6E--RD Link States (Area 0.0.0.0) Adv Router Link Id --------------- --------------3.3.3.3 3 2.2.2.2 426 --More-- or (q)uit Age Sequence Csum Options Rtr Opt ----- -------- ---- ------- ------1098 800001DA 0F95 V6E--RD 1288 80000213 DFC0 V6E--R-

    Enterasys G-Series CLI Reference

    19-33

    show ipv6 ospf database

    Thisexampleillustratestheoutputofthiscommandusingtheadvrouterparameter.
    G3(su)->router>show ipv6 ospf database external adv-router AS External States LS Age: 930 LS Type: AS-External-LSA LS Id: 1 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000006 Checksum: 0x3e4c Length: 36 Options:(E-Bit) Metric Type: 2 Metric:20 IPv6 Prefix: 2301::/64 (None)

    Table 195providesanexplanationofthecommandoutput. Table 19-5


    Output Field Link Id Advertising Router LS Age LS Type LS Seq Number Checksum Lenght Options

    show ipv6 ospf database Output Details


    What It Displays... Number that uniquely identifies an LSA that a router originates from all other self originated LSAs of the same LS type. The Advertising Router. Is a 32 bit dotted decimal number representing the LSDB interface. Number representing the age of the link state advertisement in seconds. The format and function of the specified LSA. Number that represents which LSA is more recent. Total number LSA checksum. Size of the LSA in bytes. Option bits in LSA header. Refer to section A.2 in RFC 2740 for more information. Possible values are: V6 indicates status of V6 bit. If this bit is clear, the router/link should be excluded from IPv6 routing calculations. E indicates status of E-bit. This bit describes the way ASexternal-LSAs are flooded. M indicates the status of MC-bit. This bit describes whether IP multicast datagrams are forwarded. N indicates the status of N-bit. This bit describes the handling of Type-7 LSAs. R indicates the status of R-bit. This bit (the `Router' bit) indicates whether the originator is an active router. D indicates the status of DC-bit. This bit describes the router's handling of demand circuits.

    Metric Type Metric IPv6 Prefix

    Whether the route specified is external type 1 or external type 2. The cost of using the specified router link. The IPv6 route with prefix mask being displayed.

    19-34

    OSPFv3 Configuration

    show ipv6 ospf database

    ThisexampleshowshowtodisplayOSPFdatabasesummaryinformation.
    G3(su)->router#show ipv6 ospf database database-summary OSPF Router with ID (2.2.2.2)

    Area 0.0.0.0 Database Summary Router Network Inter-area Prefix Inter-area Router Type-7 Ext Link Intra-area Prefix Link Unknown Area Unknown AS Unknown AS Unknown Self Originated Type-7 Subtotal Area 0.0.0.10 Database Summary Router Network Inter-area Prefix Inter-area Router Type-7 Ext Link Intra-area Prefix Link Unknown Area Unknown AS Unknown AS Unknown Self Originated Type-7 Subtotal

    2 1 1 0 0 2 2 0 0 0 0 0 8

    2 1 51 0 0 2 2 0 0 0 0 0 58

    Router database summary Router Network Inter-area Prefix Inter-area Router Type-7 Ext Link Intra-area Prefix Link Unknown Area Unknown AS Unknown Type-5 Ext Self-Originated Type-5 Ext Total

    4 2 52 0 0 4 4 0 0 0 0 0 66

    Table 196providesanexplanationofthedatabasesummarycommandoutput. Table 19-6


    Output Field Router Network

    show ipv6 ospf database database-summary Output Details


    What It Displays... Total number of router LSAs in the OSPFv3 link state database. Total number of network LSAs in the OSPFv3 link state database.

    Enterasys G-Series CLI Reference

    19-35

    show ipv6 ospf interface

    Table 19-6
    Output Field

    show ipv6 ospf database database-summary Output Details (Continued)


    What It Displays... Total number of inter-area prefix LSAs in the OSPFv3 link state database. Total number of inter-area router LSAs in the OSPFv3 link state database. Total number of NSSA external LSAs in the OSPFv3 link state database. Total number of link LSAs in the OSPFv3 link state database. Total number of intra-area prefix LSAs in the OSPFv3 link state database. Total number of link-source unknown LSAs in the OSPFv3 link state database. Total number of area unknown LSAs in the OSPFv3 link state database. Total number of as unknown LSAs in the OSPFv3 link state database. Total number of self-originated NSSA External Link-State Advertisements in the OSPFv3 link state database. Total number of AS external LSAs in the OSPFv3 link state database. Total number of self originated AS external LSAs in the OSPFv3 link state database. Total number of router LSAs in the OSPFv3 link state database.

    Inter-area Prefix Inter-area Router Type-7 Ext Link Intra-area Prefix Link Unknown Area Unknown AS Unknown Self Originated Type-7 Type-5 Ext Self-Originated Type-5 Total

    show ipv6 ospf interface


    ThiscommanddisplaysinformationaboutOSPFv3interfaces.

    Syntax
    show ipv6 ospf interface {vlan vlanid | tunnel tunnelid | loopback loopid}

    Parameters
    vlanvlanid tunneltunnelid loopbackloopid SpecifiestheVLANinterfacetodisplayinformationabout. Specifiesthetunnelinterfacetodisplayinformationabout. Specifiestheloopbackinterfacetodisplayinformationabout.

    Defaults
    None.

    Mode
    Routerprivilegedexecution:G3(su)>router#

    19-36

    OSPFv3 Configuration

    show ipv6 ospf interface

    Examples
    ThisexampledisplaysinformationaboutOSPFv3routinginterfaceVLAN80.
    G3(su)->router>show ipv6 ospf interface vlan 80 IPv6 Address FE80::211:88FF:FE56:5D8F ifIndex 430 OSPF Admin Mode Enable OSPF Area ID 0.0.0.20 Router Priority 1 Retransmit Interval 5 Hello Interval 10 Dead Interval 40 LSA Ack Interval 1 Iftransit Delay Interval 1 Authentication Type None Metric Cost 10 (computed) OSPF Mtu-ignore Disable OSPF Interface Type broadcast State designated-router Designated Router 2.2.2.2 Backup Designated Router 0.0.0.0 Number of Link Events 2

    Thisexampledisplaysinformationabouttunnelinterface0.Table 197onpage 1937explainsthe contentoftheoutputfields.


    G3(su)->router#show ipv6 ospf interface tunnel 0 IPv6 Address FE80::5000:2 ifIndex 456 OSPF Admin Mode Enable OSPF Area ID 0.0.0.0 Router Priority 1 Retransmit Interval 5 Hello Interval 10 Dead Interval 40 LSA Ack Interval 1 Iftransit Delay Interval 1 Authentication Type None Metric Cost 1 (computed) OSPF Mtu-ignore Disable OSPF Interface Type point-to-point State point-to-point Designated Router 0.0.0.0 Backup Designated Router 0.0.0.0 Number of Link Events 1

    Table 197providesanexplanationofthecommandoutput. Table 19-7


    Output Field IPv6 Address ifIndex OSPF Admin Mode OSPF Area ID Router Priority

    show ipv6 ospf interface Command Output Details


    What It Displays... The IPv6 address of the interface. The interface index number associated with the interface. Whether the admin mode is enabled or disabled. The area ID associated with this interface. The router priority. The router priority determines which router is the designated router.

    Enterasys G-Series CLI Reference

    19-37

    show ipv6 ospf interface stats

    Table 19-7
    Output Field

    show ipv6 ospf interface Command Output Details (Continued)


    What It Displays... The frequency, in seconds, at which the interface sends LSA. The frequency, in seconds, at which the interface sends Hello packets. The amount of time, in seconds, the interface waits before assuming a neighbor is down. The amount of time, in seconds, the interface waits before sending an LSA acknowledgement after receiving an LSA. The number of seconds the interface adds to the age of LSA packets before transmission. The type of authentication the interface performs on LSAs it receives. The priority of the path. Low costs have a higher priority than high costs. Whether to ignore MTU mismatches in database descriptor packets sent from neighboring routers. The following information only displays if OSPF is initialized on the interface: Broadcast LANs, such as Ethernet and IEEE 802.5, take the value broadcast. Tunnel interfaces take the value point-to-point. The OSPF Interface States are: down, loopback, waiting, point-topoint, designated router, and backup designated router. The router ID representing the designated router. The router ID representing the backup designated router. The number of link events.

    Retransmit Interval Hello Interval Dead Interval LSA Ack Interval Iftransit Delay Interval Authentication Type Metric Cost OSPF MTU-ignore

    OSPF Interface Type State Designated Router Backup Designated Router Number of Link Events

    show ipv6 ospf interface stats


    Thiscommanddisplaysstatisticsforaspecificinterface.StatisticsaredisplayedonlyifOSPFv3is enabled.

    Syntax
    show ipv6 ospf interface stats vlan vlanid

    Parameters
    vlanvlanid SpecifiestheVLANinterfaceforwhichtodisplaystatistics.

    Defaults
    None.

    Mode
    Routerprivilegedexecution:G3(su)>router#

    19-38

    OSPFv3 Configuration

    show ipv6 ospf interface stats

    Example
    ThisexampleshowshowtodisplaystatisticsforVLAN80.
    G3(su)->router>show ipv6 ospf interface stats vlan 80 OSPFv3 Area ID 0.0.0.20 Spf Runs 7 Area Border Router Count 0 AS Border Router Count 0 Area LSA Count 5 IPv6 Address FE80::211:88FF:FE56:5D8F/128 OSPF Interface Events 2 Virtual Events 0 Neighbor Events 0 External LSA Count 1 LSAs Received 1903 Originate New LSAs 4198 Sent Packets 1053 Received Packets 0 Discards 0 Bad Version 0 Virtual Link Not Found 0 Area Mismatch 0 Invalid Destination Address 0 No Neighbor at Source Address 0 Invalid OSPF Packet Type 0 Packet Type -------------------Hello Database Description LS Request LS Update LS Acknowledgement Sent ---------1053 0 0 0 0 Received ---------0 0 0 0 0

    Table 198providesanexplanationofthecommandoutput. Table 19-8


    Output Field OSPFv3 Area ID Spf Runs Area Border Router Count AS Border Router Count Area LSA Count IPv6 Address OSPF Interface Events Virtual Events Neighbor Events

    show ipv6 ospf interface stats Output Details


    What It Displays... The area ID of this OSPFv3 interface. Is the number of times that the intra-area route table has been calculated using this area's link-state database. The total number of area border routers reachable within this area. The total number of AS border routers reachable within this area. Total number of link-state advertisements in this areas link-state database, excluding AS External LSAs. The IP address associated with this OSPFv3 interface. The number of times the specified OSPFv3 interface has changed its state, or an error has occurred. The number of state changes or errors that occurred on this virtual link. The number of times this neighbor relationship has changed state, or an error has occurred.

    Enterasys G-Series CLI Reference

    19-39

    show ipv6 ospf neighbor

    Table 19-8
    Output Field

    show ipv6 ospf interface stats Output Details


    What It Displays... Total number of AS External link-state advertisements in this areas link-state database. Number of link-state advertisements received. Number of LSAs originated. The number of OSPFv3 packets sent on the interface. The number of OSPFv3 packets received on the interface. Number of packets discarded. Number of bad version packets received. Number of virtual link not found packets received. Number of area mismatch packets received. Number of invalid destination address packets received. Number of no neighbor at source address packets received. Number of packets received with invalid packet type. Columns listing packet types and number of packets sent and received per type.

    External LSA Count LSAs Received Originate New LSAs Sent Packets Received Packets Discards Bad Version Virtual Link Not Found Area Mismatch Invalid Destination Address No Neighbor at Source Address Invalid OSPF Packet Type Packet Type / Sent / Received

    show ipv6 ospf neighbor


    ThiscommanddisplaysinformationaboutOSPFv3neighbors.

    Syntax
    show ipv6 ospf neighbor [interface {vlan vlanid | tunnel tunnelid}] [neighborid]

    Parameters
    interface vlanvlanid tunneltunnelid neighborid (Optional)Restrictstheoutputdisplaytoaspecificinterface. SpecifytheVLANinterfacetodisplayinformationabout. Specifythetunnelinterfacetodisplay (Optional)SpecifytheneighborbyitsrouterID,specifiedin32bit dottedquadformat.

    Defaults
    Whennoparametersarespecified,informationaboutallneighborsisdisplayed.

    Mode
    Routerprivilegedexecution:G3(su)>router#

    Usage
    IfyoudonotspecifyaneighborrouterID,theoutputdisplayssummaryinformationinatable.If youspecifyaninterfaceortunnel,onlytheinformationforthatinterfaceortunneldisplays. WhenyouspecifyaneighborbyrouterID,detailedinformationabouttheneighbordisplays.

    19-40

    OSPFv3 Configuration

    show ipv6 ospf neighbor

    TheinformationisdisplayedonlyifOSPFv3isenabledandtheinterfacehasaneighbor.

    Examples
    Thisexampleillustratesthesummaryinformationdisplayedwhennoneighborisspecified.
    G3(su)->router#show ipv6 ospf neighbor Router ID ---------------3.3.3.3 6.6.6.6 Priority -------1 1 Intf ID ----3 456 Interface ----------Vlan 36 Tunnel 0 State ---------------Full/DR Full/PtP Dead Time ---32 31

    Table 199providesanexplanationofthecommandoutput. Table 19-9


    Output Field Router ID Priority

    show ipv6 ospf neighbor Output Details


    What It Displays... The 4-digit dotted-decimal number of the neighbor router. OSPFv3 priority for the specified interface. The priority of an interface is a priority integer from 0 to 255. A value of '0' indicates that the router is not eligible to become the designated router on this network. Interface ID of the neighbor. Interface of the local router. State of the neighboring routers. Possible values are: Down- initial state of the neighbor conversation - no recent information has been received from the neighbor. Attempt - no recent information has been received from the neighbor but a more concerted effort should be made to contact the neighbor. Init - a Hello packet has recently been seen from the neighbor, but bidirectional communication has not yet been established. 2 way - communication between the two routers is bidirectional. This is the final state between two routers, both of which are non-designated routers or back-up designated routers. Exchange start - the first step in creating an adjacency between the two neighboring routers, the goal is to decide which router is the master and to decide upon the initial DD sequence number. Exchange - the router is describing its entire link state database by sending Database Description packets to the neighbor. Loading - Link State Request packets are sent to the neighbor asking for the more recent LSAs that have been discovered (but not yet received) in the Exchange state. Full - the neighboring routers are fully adjacent and they will now appear in router-LSAs and network-LSAs.

    Intf ID Interface State

    Dead Time

    Amount of time, in seconds, to wait before the router assumes the neighbor is unreachable.

    Enterasys G-Series CLI Reference

    19-41

    show ipv6 ospf range

    Thisexampledisplaystheoutputofthiscommandwhenaneighborisspecified.
    G3(su)->router#show ipv6 ospf neighbor 8.8.8.8 Interface Area Id Options Router Priority Dead timer due in (secs) State Events Retransmission Queue Length Vlan 45 0.0.0.30 0x2 128 33 Full/DR 6 0

    Table 1910providesanexplanationofthecommandoutput. Table 19-10


    Output Field Interface Area ID Options

    show ipv6 ospf neighbor routerid Output Details


    What It Displays... Interface of the local router. OSPFv3 area ID associated with the interface. An integer value that indicates the optional OSPFv3 capabilities supported by the neighbor. These are listed in its Hello packets. This enables received Hello Packets to be rejected (that is, neighbor relationships will not even start to form) if there is a mismatch in certain crucial OSPFv3 capabilities. Router priority for the specified interface. Amount of time, in seconds, to wait before the router assumes the neighbor is unreachable. State of the neighboring routers. Number of times this neighbor relationship has changed state, or an error has occurred. Integer representing the current length of the retransmission queue of the specified neighbor router Id of the specified interface.

    Router Priority Dead Timer Due State Events Retransmission Queue Length

    show ipv6 ospf range


    Thiscommanddisplaysinformationaboutthearearangesforthespecifiedarea.

    Syntax
    show ipv6 ospf range areaid

    Parameters
    areaid SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value.

    Defaults
    None.

    Mode
    Routerprivilegedexecution:G3(su)>router#

    19-42

    OSPFv3 Configuration

    show ipv6 ospf stub table

    Example
    Thisexampledisplaysrangeinformationforarea20.
    G3(su)->router#show ipv6 ospf range 20 Area ID IPv6 Prefix/Prefix Length Lsdb Type Advertisement --------------- ------------------------- --------------- ------------0.0.0.20 3345:1234::/64 Summary Link Enabled

    Table 1911providesanexplanationofthecommandoutput. Table 19-11


    Output Field Area ID IPv6 Prefix/Prefix Length Lsdb Type Advertisement

    show ipv6 ospf range Output Details


    What It Displays... The area ID of the requested OSPFv3 area. An IPv6 prefix and length which represents a configured area range. The type of link advertisement associated with this area range. The status of the advertisement: enabled or disabled.

    show ipv6 ospf stub table


    ThiscommanddisplaystheOSPFv3stubtable,ifOSPFv3isinitializedontheswitch.

    Syntax
    show ipv6 ospf stub table

    Parameters
    None.

    Defaults
    None.

    Mode
    Routerprivilegedexecution:G3(su)>router#

    Example
    ThisexampledisplaystheOSPFv3stubtableinformation.
    G3(su)->router# show ipv6 ospf stub table AreaId TypeofService Metric Val Import SummaryLSA ---------------- ------------- ---------- ----------------0.0.0.20 Normal 1 Enable

    Table 1912providesanexplanationofthecommandoutput. Table 19-12


    Output Field Area ID Type of Service

    show ipv6 ospf stub table Output Details


    What It Displays... A 32-bit identifier for the created stub area. Type of service associated with the stub metric. For this release, Normal TOS is the only supported type.

    Enterasys G-Series CLI Reference

    19-43

    show ipv6 ospf virtual-link

    Table 19-12
    Output Field Metric Val

    show ipv6 ospf stub table Output Details (Continued)


    What It Displays... The metric value is applied based on the TOS. It defaults to the least metric of the type of service among the interfaces to other areas. The OSPFv3 cost for a route is a function of the metric value. Controls the import of summary LSAs into stub areas.

    Import Summary LSA

    show ipv6 ospf virtual-link


    ThiscommanddisplaystheOSPFv3virtualinterfaceinformationforaspecificareaandneighbor.

    Syntax
    show ipv6 ospf virtual-link areaid neighborid

    Parameters
    areaid neighborid SpecifiestheareaIDinIPaddressformat(dottedquad)orasadecimal value. SpecifiestheneighborbyitsrouterID,specifiedin32bitdottedquad format.

    Defaults
    None.

    Mode
    Routerprivilegedexecution:G3(su)>router#

    Example
    ThisinformationdisplaysvirtuallinkinformationforareaID10andtheneighborwithrouterID of3.3.3.3.
    G3(su)->router(Config)#show ipv6 ospf virtual-link 10 3.3.3.3 Area ID 10 Neighbor IP Address 3.3.3.3 Hello Interval 10 Dead Interval 40 Iftransit Delay Interval 1 Retransmit Interval 5 State DOWN Metric 0 Neighbor State DOWN

    Table 1913providesanexplanationofthecommandoutput. Table 19-13


    Output Field Area ID Neighbor Router ID Hello Interval

    show ipv6 ospf virtual-link Output Details


    What It Displays... The area id of the requested OSPFv3 area. The input neighbor Router ID. The configured hello interval for the OSPFv3 virtual interface.

    19-44

    OSPFv3 Configuration

    show ipv6 ospf virtual-link

    Table 19-13
    Output Field Dead Interval

    show ipv6 ospf virtual-link Output Details (Continued)


    What It Displays... The configured dead interval for the OSPFv3 virtual interface. The configured transit delay for the OSPFv3 virtual interface. The configured retransmit interval for the OSPFv3 virtual interface. The OSPFv3 Interface States are: down, loopback, waiting, pointto-point, designated router, and backup designated router. This is the state of the OSPFv3 interface. The metric of this virtual link. The state of the neighbor. States are: down, loopback, waiting, point-to-point, designated router, and backup designated router.

    Iftransit Delay Interval Retransmit Interval State

    Metric Neighbor State

    Enterasys G-Series CLI Reference

    19-45

    show ipv6 ospf virtual-link

    19-46

    OSPFv3 Configuration

    20
    Security Configuration
    ThischapterdescribestheSecurityConfigurationsetofcommandsandhowtousethem.
    For information about... Overview of Security Methods Configuring RADIUS Configuring 802.1X Authentication Configuring MAC Authentication Configuring Multiple Authentication Methods Configuring VLAN Authorization (RFC 3580) Configuring MAC Locking Configuring Port Web Authentication (PWA) Configuring Secure Shell (SSH) Configuring Access Lists Refer to page... 20-1 20-3 20-10 20-19 20-30 20-41 20-46 20-57 20-68 20-70

    Overview of Security Methods


    Thefollowingsecuritymethodsareavailableforcontrollingwhichusersareallowedtoaccess, monitor,andmanagetheswitch. LoginuseraccountsandpasswordsusedtologintotheCLIviaaTelnetconnectionorlocal COMportconnection.Fordetails,refertoSettingUserAccountsandPasswordson page 22. HostAccessControlAuthentication(HACA)authenticatesuseraccessofTelnet management,consolelocalmanagementandWebViewviaacentralRADIUSClient/Server application.WhenRADIUSisenabled,thisessentiallyoverridesloginuseraccounts.When HACAisactiveperavalidRADIUSconfiguration,theusernamesandpasswordsusedto accesstheswitchviaTelnet,SSH,WebView,andCOMportswillbevalidatedagainstthe configuredRADIUSserver.OnlyinthecaseofaRADIUStimeoutwillthosecredentialsbe comparedagainstcredentialslocallyconfiguredontheswitch.Fordetails,referto ConfiguringRADIUSonpage 203. SNMPuserorcommunitynamesallowsaccesstotheGSeriesswitchviaanetworkSNMP managementapplication.Toaccesstheswitch,youmustenteranSNMPuserorcommunity namestring.Thelevelofmanagementaccessisdependentontheassociatedaccesspolicy.For details,refertoChapter 5. 802.1XPortBasedNetworkAccessControlusingEAPOL(ExtensibleAuthentication Protocol)providesamechanismviaaRADIUSserverforadministratorstosecurely
    Enterasys G-Series CLI Reference 20-1

    Overview of Security Methods

    authenticateandgrantappropriateaccesstoenduserdevicescommunicatingwithGSeries ports.FordetailsonusingCLIcommandstoconfigure802.1X,refertoConfiguring802.1X Authenticationonpage 2010.


    Note: To configure EAP pass-through, which allows client authentication packets to be forwarded through the switch to an upstream device, 802.1X authentication must be globally disabled with the set dot1x command.

    MACAuthenticationprovidesamechanismforadministratorstosecurelyauthenticate sourceMACaddressesandgrantappropriateaccesstoenduserdevicescommunicatingwith GSeriesports.Fordetails,refertoConfiguringMACAuthenticationonpage 2019. MultipleAuthenticationMethodsallowsuserstoauthenticateusingmultiplemethodsof authenticationonthesameport.Fordetails,refertoConfiguringMultipleAuthentication Methodsonpage 2030. RFC3580TunnelAttributesprovideamechanismtocontainan802.1XauthenticatedorMAC authenticatedusertoaVLANregardlessofthePVID.Uptoeightuserscanbeconfiguredper Gigabitport.RefertoConfiguringVLANAuthorization(RFC3580)onpage 2041. MACLockinglocksaporttooneormoreMACaddresses,preventingtheuseof unauthorizeddevicesandMACspoofingontheportFordetails,refertoConfiguringMAC Lockingonpage 2046. PortWebAuthentication(PWA)passesalllogininformationfromtheendstationtoa RADIUSserverforauthenticationbeforeallowingausertoaccessthenetwork.PWAisan alternativeto802.1XandMACauthentication.Fordetails,refertoConfiguringPortWeb Authentication(PWA)onpage 2057. SecureShell(SSH)providessecureTelnet.Fordetails,refertoConfiguringSecureShell (SSH)onpage 2068. IPAccessLists(ACLs)permitsordeniesaccesstoroutinginterfacesbasedonprotocoland inboundand/oroutboundIPaddressrestrictionsconfiguredinaccesslists.Fordetails,referto ConfiguringAccessListsonpage 2070.
    Notes: The G3 supports up to eight authenticated users per port. The G3 cannot simultaneously support Policy and RFC 3580 on the same port. If multiple users are configured to use a port, and the G3 is then switched from "policy" mode to "tunnel" mode (RFC3580 VLAN to port mapping), the total number of users supported to use a port will be reset to one. RFC-3580 VLAN authorization is not supported by PWA authentication.

    RADIUS Filter-ID Attribute and Dynamic Policy Profile Assignment


    IfyouconfigureanauthenticationmethodthatrequirescommunicationwithaRADIUSserver, youcanusetheRADIUSFilterIDattributetodynamicallyassignapolicyprofileand/or managementleveltoauthenticatingusersand/ordevices. TheRADIUSFilterIDattributeissimplyastringthatisformattedintheRADIUSAccessAccept packetsentbackfromtheRADIUSservertotheswitchduringtheauthenticationprocess. EachusercanbeconfiguredintheRADIUSserverdatabasewithaRADIUSFilterIDattribute thatspecifiesthenameofthepolicyprofileand/ormanagementleveltheusershouldbeassigned uponsuccessfulauthentication.Duringtheauthenticationprocess,whentheRADIUSserver returnsaRADIUSAccessAcceptmessagethatincludesaFilterIDmatchingapolicyprofilename configuredontheswitch,theswitchthendynamicallyappliesthepolicyprofiletothephysical porttheuser/deviceisauthenticatingon.

    20-2

    Security Configuration

    Configuring RADIUS

    Filter-ID Attribute Formats


    EnterasysNetworkssupportstwoFilterIDformatsdecoratedandundecorated.The decoratedformathasthreeforms: Tospecifythepolicyprofiletoassigntotheauthenticatinguser(networkaccess authentication): Enterasys:version=1:policy=string wherestringspecifiesthepolicyprofilename.Policyprofilenamesarecasesensitive. Tospecifyamanagementlevel(managementaccessauthentication): Enterasys:version=1:mgmt=level wherelevelindicatesthemanagementlevel,eitherro,rw,orsu. Tospecifybothmanagementlevelandpolicyprofile: Enterasys:version=1:mgmt=level:policy=string Theundecoratedformatissimplyastringthatspecifiesapolicyprofilename.Theundecorated formatcannotbeusedformanagementaccessauthentication. DecoratedFilterIDsareprocessedfirstbytheswitch.IfnodecoratedFilterIDsarefound,then undecoratedFilterIDsareprocessed.IfmultipleFilterIDsarefoundthatcontainconflicting values,aSyslogmessageisgenerated.

    Configuring RADIUS
    Purpose
    Toperformthefollowing: ReviewtheRADIUSclient/serverconfigurationontheswitch. EnableordisabletheRADIUSclient. Setlocalandremoteloginoptions. Setprimaryandsecondaryserverparameters,includingIPaddress,timeoutperiod, authenticationrealm,andnumberofuserloginattemptsallowed. ResetRADIUSserversettingstodefaultvalues. ConfigureaRADIUSaccountingserver.

    Commands
    For information about... show radius set radius clear radius show radius accounting set radius accounting clear radius accounting Refer to page... 20-4 20-5 20-6 20-7 20-8 20-9

    Enterasys G-Series CLI Reference

    20-3

    show radius

    show radius
    UsethiscommandtodisplaythecurrentRADIUSclient/serverconfiguration.

    Syntax
    show radius [status | retries | timeout | server [index | all]]

    Parameters
    status retries timeout server index|all (Optional)DisplaystheRADIUSserversenablestatus. (Optional)DisplaysthenumberofretryattemptsbeforetheRADIUSserver timesout. (Optional)Displaysthemaximumamountoftime(inseconds)toestablish contactwiththeRADIUSserverbeforeretryattemptsbegin. (Optional)DisplaysRADIUSserverconfigurationinformation. Forusewiththeserverparametertoshowserverconfigurationforall serversoraspecificRADIUSserverasdefinedbyanindex.

    Defaults
    Ifnoparametersarespecified,allRADIUSconfigurationinformationwillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayRADIUSconfigurationinformation:
    G3(rw)->show radius RADIUS status: Enabled RADIUS retries: 3 RADIUS timeout: 20 seconds RADIUS Server IP Address ----------------------10 172.16.20.10

    Auth-Port --------1812

    Realm-Type ----------------management-access

    Table 201providesanexplanationofthecommandoutput. Table 20-1


    Output Field RADIUS status RADIUS retries

    show radius Output Details


    What It Displays... Whether RADIUS is enabled or disabled. Number of retry attempts before the RADIUS server times out. The default value of 3 can be reset using the set radius command as described in set radius on page 20-5. Maximum amount of time (in seconds) to establish contact with the RADIUS server before retry attempts begin. The default value of 20 can be reset using the set radius command as described in set radius on page 20-5. RADIUS servers index number, IP address, and UDP authentication port.

    RADIUS timeout

    RADIUS Server

    20-4

    Security Configuration

    set radius

    Table 20-1
    Output Field Realm-Type

    show radius Output Details (Continued)


    What It Displays... Realm defines who has to go through the RADIUS server for authentication. Management-access: This means that anyone trying to access the switch (Telnet, SSH, Local Management) has to authenticate through the RADIUS server. Network-access: This means that all the users have to authenticate to a RADIUS server before they are allowed access to the network. Any-access: Means that both Management-access and Network-access have been enabled.

    set radius
    Usethiscommandtoenable,disable,orconfigureRADIUSauthentication.

    Syntax
    set radius {enable | disable} | {retries number-of-retries} | {timeout timeout} | {server index ip-address port [secret-value] [realm {management-access | any | network-access}} | {realm {management-access | any | network-access} {index| all}}

    Parameters
    enable|disable retriesnumberof retries timeouttimeout EnablesordisablestheRADIUSclient. SpecifiesthenumberofretryattemptsbeforetheRADIUSservertimesout. Validvaluesarefrom0to10.Defaultis3. Specifiesthemaximumamountoftime(inseconds)toestablishcontact withtheRADIUSserverbeforeretryattemptsbegin.Validvaluesarefrom 1to30.Defaultis20seconds. Specifiestheindexnumber,IPaddressandtheUDPauthenticationportfor theRADIUSserver. (Optional)Specifiesanencryptionkeytobeusedforauthentication betweentheRADIUSclientandserver. RealmallowsyoutodefinewhohastogothroughtheRADIUSserverfor authentication. managementaccess:Thismeansthatanyonetryingtoaccesstheswitch (Telnet,SSH,LocalManagement)hastoauthenticatethroughthe RADIUSserver. networkaccess:Thismeansthatalltheusershavetoauthenticatetoa RADIUSserverbeforetheyareallowedaccesstothenetwork. any:Meansthatbothmanagementaccessandnetworkaccesshave beenenabled.

    serverindex ip_addressport secretvalue realm management access|any| networkaccess

    Note: If the management-access or any access realm has been configured, the local admin account is disabled for access to the switch using the console, Telnet, or Local Management. Only the network-access realm allows access to the local admin account.

    index|all

    Appliestherealmsettingtoaspecificserverortoallservers.

    Enterasys G-Series CLI Reference

    20-5

    clear radius

    Defaults
    Ifsecretvalueisnotspecified,nonewillbeapplied. Ifrealmisnotspecified,theanyaccessrealmwillbeused.

    Mode
    Switchcommand,readwrite.

    Usage
    TheGSeriesdeviceallowsupto10RADIUSaccountingserverstobeconfigured,withuptotwo serversactiveatanygiventime. TheRADIUSclientcanonlybeenabledontheswitchonceaRADIUSserverisonline,anditsIP address(es)hasbeenconfiguredwiththesamepasswordtheRADIUSclientwilluse.
    Note: If RADIUS is configured with no host IP address on the device, it will use the loopback interface 0 IP address (if it has been configured) as its source for the NAS-IP attribute. For information about configuring loopback interfaces, refer to interface on page 15-3.

    Examples
    ThisexampleshowshowtoenabletheRADIUSclientforauthenticatingwithRADIUSserver1at IPaddress192.168.6.203,UDPauthenticationport1812,andanauthenticationpasswordof pwsecret.Aspreviouslynoted,theserversecretpasswordenteredheremustmatchthat alreadyconfiguredastheReadWrite(rw)passwordontheRADIUSserver:
    G3(su)->set radius server 1 192.168.6.203 1812 pwsecret

    ThisexampleshowshowtosettheRADIUStimeoutto5seconds:
    G3(su)->set radius timeout 5

    ThisexampleshowshowtosetRADIUSretriesto10:
    G3(su)->set radius retries 10

    Thisexampleshowshowtoforceanymanagementaccesstotheswitch(Telnet,web,SSH)to authenticatethroughaRADIUSserver.Theallparameterattheendofthecommandmeansthat anyofthedefinedRADIUSserverscanbeusedforthisAuthentication.


    G3(rw)->set radius realm management-access all

    clear radius
    UsethiscommandtoclearRADIUSserversettings.

    Syntax
    clear radius [retries] | [timeout] | [server {index | all | realm {index | all}}]

    Parameters
    retries timeout server ResetsthemaximumnumberofattemptsausercancontacttheRADIUS serverbeforetimingoutto3. ResetsthemaximumamountoftimetoestablishcontactwiththeRADIUS serverbeforetimingoutto20seconds. Deletesserversettings.

    20-6

    Security Configuration

    show radius accounting

    index|all realm

    Forusewiththeserverparametertocleartheserverconfigurationforall serversoraspecificRADIUSserverasdefinedbyanindex. ResetstherealmsettingforallserversoraspecificRADIUSserveras definedbyanindex.

    Mode
    Switchcommand,readwrite.

    Defaults
    None.

    Examples
    ThisexampleshowshowtoclearallsettingsonallRADIUSservers:
    G3(su)->clear radius server all

    ThisexampleshowshowtoresettheRADIUStimeouttothedefaultvalueof20seconds:
    G3(su)->clear radius timeout

    show radius accounting


    UsethiscommandtodisplaytheRADIUSaccountingconfiguration.Thistransmitsaccounting informationbetweenanetworkaccessserverandasharedaccountingserver.

    Syntax
    show radius accounting [server] | [counter ip-address] | [retries] | [timeout]

    Parameters
    server counteripaddress retries timeout (Optional)DisplaysoneorallRADIUSaccountingserverconfigurations. (Optional)DisplayscountersforaRADIUSaccountingserver. (Optional)Displaysthemaximumnumberofattemptstocontactthe RADIUSaccountingserverbeforetimingout. (Optional)Displaysthemaximumamountoftimebeforetimingout.

    Mode
    Switchcommand,readonly.

    Defaults
    Ifnoparametersarespecified,allRADIUSaccountingconfigurationinformationwillbe displayed.

    Enterasys G-Series CLI Reference

    20-7

    set radius accounting

    Example
    ThisexampleshowshowtodisplayRADIUSaccountingconfigurationinformation.Inthiscase, RADIUSaccountingisnotcurrentlyenabledandglobaldefaultsettingshavenotbeenchanged. Oneserverhasbeenconfigured. FordetailsonenablingandconfiguringRADIUSaccounting,refertosetradiusaccountingon page 208:
    G3(ro)->show radius accounting RADIUS accounting status: Disabled RADIUS Acct Server IP Address Acct-Port Retries Timeout Status ------------------ ---------- --------- ------- ------- -----1 172.16.2.10 1856 3 20 Disabled

    set radius accounting


    UsethiscommandtoconfigureRADIUSaccounting.

    Syntax
    set radius accounting {[enable | disable] [retries retries] [timeout timeout] [server ip_address port [server-secret]

    Parameters
    enable|disable retriesretries timeouttimeout EnablesordisablestheRADIUSaccountingclient. SetsthemaximumnumberofattemptstocontactaspecifiedRADIUS accountingserverbeforetimingout.Validretryvaluesare010. Setsthemaximumamountoftime(inseconds)toestablishcontactwitha specifiedRADIUSaccountingserverbeforetimingout.Validtimeout valuesare130. Specifiestheaccountingservers: IPaddress UDPauthenticationport(065535) serversecret(ReadWritepasswordtoaccessthisaccountingserver. Devicewillpromptforthisentryuponcreatingaserverinstance,as shownintheexamplebelow.)

    serverip_address portserversecret

    Mode
    Switchcommand,readwrite.

    Defaults
    None.

    20-8

    Security Configuration

    clear radius accounting

    Examples
    ThisexampleshowshowtoenabletheRADIUSaccountingclientforauthenticatingwiththe accountingserveratIPaddress10.2.4.12,UDPauthenticationport1800.Aspreviouslynoted,the serversecretpasswordenteredheremustmatchthatalreadyconfiguredastheReadWrite(rw) passwordontheRADIUSaccountingserver:
    G3(su)->set radius accounting server 10.2.4.12 1800 Enter secret: Re-enter secret:

    ThisexampleshowshowtosettheRADIUSaccountingtimeoutto30seconds:
    G3(su)->set radius accounting timeout 30

    ThisexampleshowshowtosetRADIUSaccountingretriesto10:
    G3(su)->set radius accounting retries 10

    clear radius accounting


    UsethiscommandtoclearRADIUSaccountingconfigurationsettings.

    Syntax
    clear radius accounting {server ip-address | retries | timeout | counter}

    Parameters
    serveripaddress retries timeout counter Clearstheconfigurationononeormoreaccountingservers. Resetstheretriestothedefaultvalueof3. Resetsthetimeoutto5seconds. Clearscounters.

    Mode
    Switchcommand,readwrite.

    Defaults
    None.

    Example
    ThisexampleshowshowtoresettheRADIUSaccountingtimeoutto5seconds.
    G3(su)->clear radius accounting timeout

    Enterasys G-Series CLI Reference

    20-9

    Configuring 802.1X Authentication

    Configuring 802.1X Authentication


    Purpose
    Toreviewandconfigure802.1XauthenticationforoneormoreportsusingEAPOL(Extensible AuthenticationProtocol).802.1Xcontrolsnetworkaccessbyenforcinguserauthorizationon selectedports,whichresultsinallowingordenyingnetworkaccessaccordingtoRADIUSserver configuration.
    Note: To configure EAP pass-through, which allows client authentication packets to be forwarded through the switch to an upstream device, 802.1X authentication must be globally disabled with the set dot1x command (set dot1x on page 20-13).

    Commands
    For information about... show dot1x show dot1x auth-config set dot1x set dot1x auth-config clear dot1x auth-config show eapol set eapol clear eapol Refer to page... 20-10 20-12 20-13 20-14 20-15 20-16 20-17 20-18

    show dot1x
    Usethiscommandtodisplay802.1Xstatus,diagnostics,statistics,andreauthenticationor initializationcontrolinformationforoneormoreports.

    Syntax
    show dot1x [auth-diag] [auth-stats] [port [init | reauth]] [port-string]

    Parameters
    authdiag authstats portinit|reauth portstring (Optional)Displaysauthenticationdiagnosticsinformation. (Optional)Displaysauthenticationstatistics. (Optional)Displaysthestatusofportinitializationandreauthentication controlfortheport. (Optional)Displaysinformationforspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    20-10

    Security Configuration

    show dot1x

    Defaults
    Ifnoparametersarespecified,802.1Xstatuswillbedisplayed. Ifportstringisnotspecified,informationforallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Examples
    Thisexampleshowshowtodisplay802.1Xstatus:
    G3(su)->show dot1x DOT1X is disabled.

    Thisexampleshowshowtodisplayauthenticationdiagnosticsinformationforge.1.1:
    G3(su)->show dot1x auth-diag ge.1.1 Port : 1 Auth-Diag Enter Connecting: EAP Logoffs While Connecting: Enter Authenticating: Success While Authenticating Timeouts While Authenticating: Fails While Authenticating: ReAuths While Authenticating: EAP Starts While Authenticating: EAP logoff While Authenticating: Backend Responses: Backend Access Challenges: Backend Others Requests To Supp: Backend NonNak Responses From: Backend Auth Successes: Backend Auth Fails:

    0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

    Thisexampleshowshowtodisplayauthenticationstatisticsforge.1.1:
    G3(su)->show dot1x auth-stats Port: 1 Auth-Stats EAPOL Frames Rx: EAPOL Frames Tx: EAPOL Start Frames Rx: EAPOL Logoff Frames Rx: EAPOL RespId Frames Rx: EAPOL Resp Frames Rx: EAPOL Req Frames Tx: EAP Length Error Frames Rx: Last EAPOL Frame Version: Last EAPOL Frame Source: ge.1.1 0 0 0 0 0 0 0 0 0 00:00:00:00:00:00

    Thisexampleshowshowtodisplaythestatusofportreauthenticationcontrolforge.1.1through ge.1.6:
    G3(su)->show dot1x port reauth ge.1.1-6 Port 1: Port reauthenticate: FALSE Port 2: Port reauthenticate: FALSE Port 3: Port reauthenticate: FALSE Port 4: Port reauthenticate: FALSE Port 5: Port reauthenticate: FALSE Port 6: Port reauthenticate: FALSE

    Enterasys G-Series CLI Reference

    20-11

    show dot1x auth-config

    show dot1x auth-config


    Usethiscommandtodisplay802.1Xauthenticationconfigurationsettingsforoneormoreports.

    Syntax
    show dot1x auth-config [authcontrolled-portcontrol] [maxreq] [quietperiod] [reauthenabled] [reauthperiod] [servertimeout] [supptimeout] [txperiod] [port-string]

    Parameters
    authcontrolled portcontrol maxreq quietperiod reauthenabled reauthperiod servertimeout supptimeout txperiod portstring (Optional)DisplaysthecurrentvalueofthecontrolledPortcontrol parameterfortheport. (Optional)Displaysthevaluesetformaximumrequestscurrentlyinuseby thebackendauthenticationstatemachine. (Optional)Displaysthevaluesetforquietperiodcurrentlyinusebythe authenticatorPAEstatemachine. (Optional)Displaysthestateofreauthenticationcontrolusedbythe ReauthenticationTimerstatemachine. (Optional)Displaysthevalue,inseconds,setforthereauthentication periodusedbythereauthenticationtimerstatemachine. (Optional)Displaystheservertimeoutvalue,inseconds,currentlyinuse bythebackendauthenticationstatemachine. (Optional)Displaystheauthenticationsupplicanttimeoutvalue,in seconds,currentlyinusebythebackendauthenticationstatemachine. (Optional)Displaysthetransmissionperiodvalue,inseconds,currentlyin usebytheauthenticatorPAEstatemachine. (Optional)Limitsthedisplayofdesiredinformationinformationtospecific port(s).Foradetaileddescriptionofpossibleportstringvalues,referto PortStringSyntaxUsedintheCLIonpage 41.

    Defaults
    Ifnoparametersarespecified,all802.1Xsettingswillbedisplayed. Ifportstringisnotspecified,informationforallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Examples
    ThisexampleshowshowtodisplaytheEAPOLportcontrolmodeforge.1.1:
    G3(su)->show dot1x auth-config authcontrolled-portcontrol ge.1.1 Port 1: Auth controlled port control: Auto

    Thisexampleshowshowtodisplaythe802.1Xquietperiodsettingsforge.1.1:
    G3(su)->show dot1x auth-config quietperiod ge.1.1 Port 1: Quiet period: 30

    20-12

    Security Configuration

    set dot1x

    Thisexampleshowshowtodisplayall802.1Xauthenticationconfigurationsettingsforge.1.1:
    G3(ro)->show dot1x auth-config Port : 1 Auth-Config PAE state: Backend auth state: Admin controlled directions: Oper controlled directions: Auth controlled port status: Auth controlled port control: Quiet period: Transmission period: Supplicant timeout: Server timeout: Maximum requests: Reauthentication period: Reauthentication control: ge.1.1 Initialize Initialize Both Both Authorized Auto 60 30 30 30 2 3600 Disabled

    set dot1x
    Usethiscommandtoenableordisable802.1Xauthentication,toreauthenticateoneormoreaccess entities,ortoreinitializeoneormoresupplicants.

    Syntax
    set dot1x {enable | disable | port {init | reauth} {true | false} [port-string]}

    Parameters
    enable|disable port init|reauth true|false portstring Enablesordisables802.1X. Enableordisable802.1Xreauthenticationorinitializationcontrolononeor moreports. Configureinitializationorreauthenticationcontrol. Enable(true)ordisable(false)reinitialization/reauthentication. (Optional)Specifiestheport(s)toreinitializeorreauthenticate.

    Defaults
    Ifnoportsarespecified,thereinitializationorreauthenticationsettingwillbeappliedtoallports.

    Mode
    Switchcommand,readwrite.

    Usage
    Disabling802.1Xauthenticationglobally,bynotenteringaspecificportstringvalue,willenable theEAPpassthroughfeature.EAPpassthroughallowsclientauthenticationpacketstobe forwardedunmodifiedthroughtheswitchtoanupstreamdevice.

    Examples
    Thisexampleshowshowtoenable802.1X:
    G3(su)->set dot1x enable

    Thisexampleshowshowtoreinitializege.1.2:
    G3(rw)->set dot1x port init true ge.1.2
    Enterasys G-Series CLI Reference 20-13

    set dot1x auth-config

    set dot1x auth-config


    Usethiscommandtoconfigure802.1Xauthentication.

    Syntax
    set dot1x auth-config {[authcontrolled-portcontrol {auto | forced-auth | forced-unauth}] [maxreq value] [quietperiod value] [reauthenabled {false | true}] [reauthperiod value] [servertimeout timeout] [supptimeout timeout] [txperiod value]} [port-string]

    Parameters
    authcontrolled portcontrol auto|forcedauth| forcedunauth Specifiesthe802.1Xportcontrolmode. maxreqvalue autoSetportcontrolmodetoautocontrolledportcontrol.This isthedefaultvalue. forcedauthSetportcontrolmodetoForcedAuthorized controlledportcontrol. forcedunauthSetportcontrolmodetoForcedUnauthorized controlledportcontrol.

    Specifiesthemaximumnumberofauthenticationrequestsallowed bythebackendauthenticationstatemachine.Validvaluesare110. Defaultvalueis2. Specifiesthetime(inseconds)followingafailedauthentication beforeanotherattemptcanbemadebytheauthenticatorPAEstate machine.Validvaluesare065535.Defaultvalueis60seconds. Enables(true)ordisables(false)reauthenticationcontrolofthe reauthenticationtimerstatemachine.Defaultvalueisfalse. Specifiesthetimelapse(inseconds)betweenattemptsbythe reauthenticationtimerstatemachinetoreauthenticateaport.Valid valuesare065535.Defaultvalueis3600seconds. Specifiesatimeoutperiod(inseconds)fortheauthenticationserver, usedbythebackendauthenticationstatemachine.Validvaluesare1 300.Defaultvalueis30seconds. Specifiesatimeoutperiod(inseconds)fortheauthentication supplicantusedbythebackendauthenticationstatemachine.Valid valuesare1300.Defaultvalueis30seconds. Specifiestheperiod(inseconds)whichpassesbetweenauthenticator PAEstatemachineEAPtransmissions.Validvaluesare065535. Defaultvalueis30seconds. (Optional)Limitstheconfigurationofdesiredsettingstospecified port(s).Foradetaileddescriptionofpossibleportstringvalues,refer toPortStringSyntaxUsedintheCLIonpage 41.

    quietperiodvalue

    reauthenabledfalse| true reauthperiodvalue

    servertimeouttimeout

    supptimeouttimeout

    txperiodvalue

    portstring

    Defaults
    Ifportstringisnotspecified,authenticationparameterswillbesetonallports.

    Mode
    Switchcommand,readwrite.

    20-14

    Security Configuration

    clear dot1x auth-config

    Examples
    Thisexampleshowshowtoenablereauthenticationcontrolonportsge.1.13:
    G3(su)->set dot1x auth-config reauthenabled true ge.1.1-3

    Thisexampleshowshowtosetthe802.1Xquietperiodto120secondsonportsge.1.13:
    G3(su)->set dot1x auth-config quietperiod 120 ge.1.1-3

    clear dot1x auth-config


    Usethiscommandtoreset802.1Xauthenticationparameterstodefaultvaluesononeormore ports.

    Syntax
    clear dot1x auth-config [authcontrolled-portcontrol] [maxreq] [quietperiod] [reauthenabled] [reauthperiod] [servertimeout] [supptimeout] [txperiod] [portstring]

    Parameters
    authcontrolled portcontrol maxreq quietperiod reauthenabled reauthperiod servertimeout supptimeout txperiod portstring (Optional)Resetsthe802.1Xportcontrolmodetoauto. (Optional)Resetsthemaximumrequestsvalueto2. (Optional)Resetsthequietperiodvalueto60seconds. (Optional)Resetsthereauthenticationcontrolstatetodisabled(false). (Optional)Resetsthereauthenticationperiodvalueto3600seconds. (Optional)Resetstheservertimeoutvalueto30seconds. (Optional)Resetstheauthenticationsupplicanttimeoutvalueto30 seconds. (Optional)Resetsthetransmissionperiodvalueto30seconds. (Optional)Resetssettingsonspecificport(s).Foradetaileddescriptionof possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon page 41.

    Defaults
    Ifnoparametersarespecified,allauthenticationparameterswillbereset. Ifportstringisnotspecified,parameterswillbesetonallports.

    Mode
    Switchcommand,readwrite.

    Examples
    Thisexampleshowshowtoresetthe802.1Xportcontrolmodetoautoonallports:
    G3(su)->clear dot1x auth-config authcontrolled-portcontrol

    Thisexampleshowshowtoresetreauthenticationcontroltodisabledonportsge.1.13:
    G3(su)->clear dot1x auth-config reauthenabled ge.1.1-3

    Enterasys G-Series CLI Reference

    20-15

    show eapol

    Thisexampleshowshowtoresetthe802.1Xquietperiodto60secondsonportsge.1.13:
    G3(su)->clear dot1x auth-config quietperiod ge.1.1-3

    show eapol
    UsethiscommandtodisplayEAPOLstatusorsettingsforoneormoreports.

    Syntax
    show eapol [port-string]

    Parameters
    portstring (Optional)DisplaysEAPOLstatusforspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,onlyEAPOLenablestatuswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayEAPOLstatusforportsge.1.13:
    G3(su)->show eapol ge.1.1-3 EAPOL is disabled. Port -------ge.1.1 ge.1.2 ge.1.3 Authentication State -------------------Initialize Initialize Initialize Authentication Mode -------------------Auto Auto Auto

    Table 202providesanexplanationofthecommandoutput.Fordetailsonusingtheseteapol commandtoenabletheprotocolandassignanauthenticationmode,refertoseteapolon page 2017. Table 20-2


    Output Field Port

    show eapol Output Details


    What It Displays... Port designation. For a detailed description of possible port-string values, refer to Port String Syntax Used in the CLI on page 4-1.

    20-16

    Security Configuration

    set eapol

    Table 20-2
    Output Field

    show eapol Output Details (Continued)


    What It Displays... Current EAPOL authentication state for each port. Possible internal states for the authenticator (switch) are: initialize: A port is in the initialize state when:

    Authentication State

    authentication is disabled, authentication is enabled and the port is not linked, or authentication is enabled and the port is linked. (In this case very little time is spent in this state, it immediately transitions to the connecting state, via disconnected.

    disconnected: The port passes through this state on its way to connected whenever the port is reinitialized, via link state change, reauthentication failure, or management intervention. connecting: While in this state, the authenticator sends request/ID messages to the end user. authenticating: The port enters this state from connecting after receiving a response/ID from the end user. It remains in this state until the entire authentication exchange between the end user and the authentication server completes. authenticated: The port enters this state from authenticating state after the exchange completes with a favorable result. It remains in this state until linkdown, logoff, or until a reauthentication begins. aborting: The port enters this state from authenticating when any event occurs that interrupts the login exchange. held: After any login failure the port remains in this state for the number of seconds equal to quietPeriod (can be set using MIB). forceAuth: Management is allowing normal, unsecured switching on this port. forceUnauth: Management is preventing any frames from being forwarded to or from this port. Authentication Mode Mode enabling network access for each port. Modes include: Auto: Frames are forwarded according to the authentication state of each port. Forced Authorized Mode: Meant to disable authentication on a port. It is intended for ports that support ISLs and devices that cannot authenticate, such as printers and file servers. If a default policy is applied to the port via the policy profile MIB, then frames are forwarded according to the configuration set by that policy, otherwise frames are forwarded according to the current configuration for that port. Authentication using 802.1X is not possible on a port in this mode. Forced Unauthorized Mode: All frames received on the port are discarded by a filter. Authentication using 802.1X is not possible on a port in this mode.

    set eapol
    UsethiscommandtoenableordisableEAPOLportbaseduserauthenticationwiththeRADIUS serverandtosettheauthenticationmodeforoneormoreports.

    Syntax
    set eapol [enable | disable] [auth-mode {auto | forced-auth | forced-unauth} port-string

    Enterasys G-Series CLI Reference

    20-17

    clear eapol

    Parameters
    enable|disable authmode auto| forcedauth| forcedunauth EnablesordisablesEAPOL. Specifiestheauthenticationmodeas: autoAutoauthorizationmode.Thisisthedefaultmodeandwill forwardframesaccordingtotheauthenticationstateoftheport.For detailsonthismode,refertoTable 202. forcedauthForcedauthorizedmode,whichdisablesauthentication ontheport. forcedunauthForcedunauthorizedmode,whichfiltersanddiscards allframesreceivedontheport.

    portstring

    Specifiestheport(s)onwhichtosetEAPOLparameters.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Examples
    ThisexampleshowshowtoenableEAPOL:
    G3(su)->set eapol enable

    ThisexampleshowshowtoenableEAPOLwithforcedauthorizedmodeonportge.1.1:
    G3(su)->set eapol auth-mode forced-auth ge.1.1

    clear eapol
    UsethiscommandtogloballycleartheEAPOLauthenticationmode,ortoclearsettingsforoneor moreports.

    Syntax
    clear eapol [auth-mode] [port-string]

    Parameters
    authmode portstring (Optional)GloballyclearstheEAPOLauthenticationmode. Specifiestheport(s)onwhichtoclearEAPOLparameters.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    Ifauthmodeisnotspecified,allEAPOLsettingswillbecleared. Ifportstringisnotspecified,settingswillbeclearedforallports.
    20-18 Security Configuration

    Configuring MAC Authentication

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocleartheEAPOLauthenticationmodeforportge.1.3:
    G3(su)->clear eapol auth-mode ge.1.3

    Configuring MAC Authentication


    Purpose
    Toreview,disable,enableandconfigureMACauthentication.Thisauthenticationmethodallows thedevicetoauthenticatesourceMACaddressesinanexchangewithanauthenticationserver. Theauthenticator(switch)selectsasourceMACseenonaMACauthenticationenabledportand submitsittoabackendclientforauthentication.ThebackendclientusestheMACaddressstored password,ifrequired,ascredentialsforanauthenticationattempt.Ifaccepted,astring representinganaccesspolicymaybereturned.Ifpresent,theswitchappliestheassociatedpolicy rules. YoucanspecifyamasktoapplytoMACaddresseswhenauthenticatingusersthroughaRADIUS server(seesetmacauthenticationsignificantbitsonpage 2029).Themostcommonuseof significantbitmasksisforauthenticationofallMACaddressesforaspecificvendor.

    Commands
    For information about... show macauthentication show macauthentication session set macauthentication set macauthentication password clear macauthentication password set macauthentication port set macauthentication portinitialize set macauthentication portquietperiod clear macauthentication portquietperiod set macauthentication macinitialize set macauthentication reauthentication set macauthentication portreauthenticate set macauthentication macreauthenticate set macauthentication reauthperiod clear macauthentication reauthperiod set macauthentication significant-bits Refer to page... 20-20 20-21 20-22 20-23 20-23 20-23 20-24 20-25 20-25 20-26 20-26 20-27 20-27 20-28 20-28 20-29

    Enterasys G-Series CLI Reference

    20-19

    show macauthentication

    For information about... clear macauthentication significant-bits

    Refer to page... 20-29

    show macauthentication
    UsethiscommandtodisplayMACauthenticationinformationforoneormoreports.

    Syntax
    show macauthentication [port-string]

    Parameters
    portstring (Optional)DisplaysMACauthenticationinformationforspecificport(s). Foradetaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,MACauthenticationinformationwillbedisplayedforallports.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayMACauthenticationinformationforge.2.1through8:
    G3(su)->show macauthentication ge.2.1-8 MAC authentication: - enabled MAC user password: - NOPASSWORD Port username significant bits - 48 Port ------ge.2.1 ge.2.2 ge.2.3 ge.2.4 ge.2.5 ge.2.6 ge.2.7 ge.2.8 Port State -------disabled disabled disabled disabled disabled disabled disabled disabled Reauth Period ---------3600 3600 3600 3600 3600 3600 3600 3600 Auth Allowed -------1 1 1 1 1 1 1 1 Auth Allocated --------1 1 1 1 1 1 1 1 Reauthentications ----------------disabled disabled disabled disabled disabled disabled disabled disabled

    Table 203providesanexplanationofthecommandoutput. Table 20-3


    Output Field MAC authentication

    show macauthentication Output Details


    What It Displays... Whether MAC authentication is globally enabled or disabled. Set using the set macauthentication command as described in set macauthentication on page 20-22. User password associated with MAC authentication on the device. Set using the set macauthentication password command as described in set macauthentication password on page 20-23.

    MAC user password

    20-20

    Security Configuration

    show macauthentication session

    Table 20-3
    Output Field

    show macauthentication Output Details (Continued)


    What It Displays... Number of significant bits in the MAC addresses to be used starting with the leftmost bit of the vendor portion of the MAC address. The significant portion of the MAC address is sent as a user-name credential when the primary attempt to authenticate the full MAC address fails. Any other failure to authenticate the full address, (i.e., authentication server timeout) causes the next attempt to start once again with a full MAC authentication. Default value of 48 can be changed with the set macauthentication significant-bits command. Port designation. For a detailed description of possible port-string values, refer to Port String Syntax Used in the CLI on page 4-1. Whether or not MAC authentication is enabled or disabled on this port. Reauthentication period for this port. Default value of 30 can be changed using the set macauthentication reauthperiod command (page 20-28). Number of concurrent authentications supported on this port. Default is 1 and cannot be reset. Maximum number of MAC authentications permitted on this port. Default is 1 and cannot be reset Whether or not reauthentication is enabled or disabled on this port. Set using the set macauthentication reauthentication command (page 20-26).

    Port username significant bits

    Port Port State Reauth Period Auth Allowed Auth Allocated Reauthentications

    show macauthentication session


    UsethiscommandtodisplaytheactiveMACauthenticatedsessions.

    Syntax
    show macauthentication session

    Parameters
    None.

    Defaults
    Ifportstringisnotspecified,MACsessioninformationwillbedisplayedforallMAC authenticationports.

    Mode
    Switchcommand,readonly.

    Usage
    ChangingtheReauthPeriodwiththesetmacauthenticationreauthperiodcommanddoesnot affectcurrentsessions.Newsessionsdisplaythecorrectperiod.

    Enterasys G-Series CLI Reference

    20-21

    set macauthentication

    Example
    ThisexampleshowshowtodisplayMACsessioninformation:
    G3(su)->show macauthentication session Port MAC Address Duration Reauth Period --------------------- ---------- ------------ge.1.2 00:60:97:b5:4c:07 0,00:52:31 3600 Reauthentications ----------------disabled

    Table 204providesanexplanationofthecommandoutput. Table 20-4


    Output Field Port MAC Address Duration Reauth Period

    show macauthentication session Output Details


    What It Displays... Port designation. For a detailed description of possible port-string values, refer to Port String Syntax Used in the CLI on page 4-1. MAC address associated with the session. Time this session has been active. Reauthentication period for this port, set using the set macauthentication reauthperiod command described in set macauthentication reauthperiod on page 20-28. Whether or not reauthentication is enabled or disabled on this port. Set using the set macauthentication reauthentication command described in set macauthentication reauthentication on page 20-26.

    Reauthentications

    set macauthentication
    UsethiscommandtogloballyenableordisableMACauthentication.

    Syntax
    set macauthentication {enable | disable}

    Parameters
    enable|disable GloballyenablesordisablesMACauthentication.

    Mode
    Switchcommand,readwrite.

    Defaults
    None.

    Example
    ThisexampleshowshowtogloballyenableMACauthentication:
    G3(su)->set macauthentication enable

    20-22

    Security Configuration

    set macauthentication password

    set macauthentication password


    UsethiscommandtosetaMACauthenticationpassword.

    Syntax
    set macauthentication password password

    Parameters
    password SpecifiesatextstringMACauthenticationpassword.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosettheMACauthenticationpasswordtomacauth:
    G3(su)->set macauthentication password macauth

    clear macauthentication password


    UsethiscommandtocleartheMACauthenticationpassword.

    Syntax
    clear macauthentication password

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtocleartheMACauthenticationpassword:
    G3(su)->clear macauthentication password

    set macauthentication port


    UsethiscommandtoenableordisableoneormoreportsforMACauthentication.

    Syntax
    set macauthentication port {enable | disable} port-string

    Enterasys G-Series CLI Reference

    20-23

    set macauthentication portinitialize

    Parameters
    enable|disable portstring EnablesordisablesMACauthentication. Specifiesport(s)onwhichtoenableordisableMACauthentication.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Enablingport(s)forMACauthenticationrequiresgloballyenablingMACauthenticationonthe switchasdescribedinsetmacauthenticationonpage 2022,andthenenablingitonaportby portbasis.Bydefault,MACauthenticationisgloballydisabledanddisabledonallports.

    Example
    ThisexampleshowshowtoenableMACauthenticationonge.2.1though5:
    G3(su)->set macauthentication port enable ge.2.1-5

    set macauthentication portinitialize


    UsethiscommandtoforceoneormoreMACauthenticationportstoreinitializeandremoveany currentlyactivesessionsonthoseports.

    Syntax
    set macauthentication portinitialize port-string

    Parameters
    portstring SpecifiestheMACauthenticationport(s)toreinitialize.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoforcege.2.1through5toinitialize:
    G3(su)->set macauthentication portinitialize ge.2.1-5

    20-24

    Security Configuration

    set macauthentication portquietperiod

    set macauthentication portquietperiod


    Thissetsthenumberofsecondsfollowingafailedauthenticationbeforeanotherattemptmaybe madeontheport.

    Syntax
    set macauthentication portquietperiod time port-string

    Parameters
    time portstring Periodinsecondstowaitafterafailedauthentication.Bydefault,thisis30 seconds. Specifiestheportsforwhichthequitperiodistobeapplied.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexamplesetsport1towait5secondsafterafailedauthenticationattemptbeforeanew attemptcanbemade:
    G3(su)->set macauthentication portquietperiod 5 ge.1.1

    clear macauthentication portquietperiod


    Thissetsthequietperiodbacktothedefaultvalueof30seconds.

    Syntax
    clear macauthentication portquietperiod [port-string]

    Parameters
    portstring (Optional)Specifiestheportsforwhichthequietperiodistobereset.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    Ifaportstringisnotspecifiedthenallportswillbesettothedefaultportquietperiod.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleresetsthedefaultquietperiodonport1:
    G3(su)->clear macauthentication portquietperiod ge.1.1
    Enterasys G-Series CLI Reference 20-25

    set macauthentication macinitialize

    set macauthentication macinitialize


    UsethiscommandtoforceacurrentMACauthenticationsessiontoreinitializeandremovethe session.

    Syntax
    set macauthentication macinitialize mac-addr

    Parameters
    macaddr SpecifiestheMACaddressofthesessiontoreinitialize.

    Mode
    Switchcommand,readwrite.

    Defaults
    None.

    Example
    ThisexampleshowshowtoforcetheMACauthenticationsessionforaddress006097b54c07 toreinitialize:
    G3(su)->set macauthentication macinitialize 00-60-97-b5-4c-07

    set macauthentication reauthentication


    UsethiscommandtoenableordisablereauthenticationofallcurrentlyauthenticatedMAC addressesononeormoreports.

    Syntax
    set macauthentication reauthentication {enable | disable} port-string

    Parameters
    enable|disable portstring EnablesordisablesMACreauthentication. Specifiesport(s)onwhichtoenableordisableMACreauthentication.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoenableMACreauthenticationonge.4.1though5:
    G3(su)->set macauthentication reauthentication enable ge.4.1-5

    20-26

    Security Configuration

    set macauthentication portreauthenticate

    set macauthentication portreauthenticate


    Usethiscommandtoforceanimmediatereauthenticationofthecurrentlyactivesessionsonone ormoreMACauthenticationports.

    Syntax
    set macauthentication portreauthenticate port-string

    Parameters
    portstring SpecifiesMACauthenticationport(s)tobereauthenticated.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoforcege.2.1though5toreauthenticate:
    G3(su)->set macauthentication portreauthentication ge.2.1-5

    set macauthentication macreauthenticate


    UsethiscommandtoforceanimmediatereauthenticationofaMACaddress.

    Syntax
    set macauthentication macreauthenticate mac-addr

    Parameters
    macaddr SpecifiestheMACaddressofthesessiontoreauthenticate.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoforcetheMACauthenticationsessionforaddress006097b54c07 toreauthenticate:
    G3(su)->set macauthentication macreauthenticate 00-60-97-b5-4c-07

    Enterasys G-Series CLI Reference

    20-27

    set macauthentication reauthperiod

    set macauthentication reauthperiod


    UsethiscommandtosettheMACreauthenticationperiod(inseconds).Thisisthetimelapse betweenattemptstoreauthenticateanycurrentMACaddressauthenticatedtoaport.

    Syntax
    set macauthentication reauthperiod time port-string

    Parameters
    time portstring Specifiesthenumberofsecondsbetweenreauthenticationattempts.Valid valuesare14294967295. Specifiestheport(s)onwhichtosettheMACreauthenticationperiod.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    ChangingtheReauthPeriodwiththesetmacauthenticationreauthperiodcommanddoesnot affectcurrentsessions.Newsessionswillusethecorrectperiod.

    Example
    ThisexampleshowshowtosettheMACreauthenticationperiodto7200seconds(2hours)on ge.2.1through5:
    G3(su)->set macauthentication reauthperiod 7200 ge.2.1-5

    clear macauthentication reauthperiod


    UsethiscommandtocleartheMACreauthenticationperiodononeormoreports.

    Syntax
    clear macauthentication reauthperiod [port-string]

    Parameters
    portstring (Optional)ClearstheMACreauthenticationperiodonspecificport(s).Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,thereauthenticationperiodwillbeclearedonallports.

    Mode
    Switchcommand,readwrite.
    20-28 Security Configuration

    set macauthentication significant-bits

    Example
    ThisexampleshowshowtogloballycleartheMACreauthenticationperiod:
    G3(su)->clear macauthentication reauthperiod

    set macauthentication significant-bits


    UsethiscommandtosetthenumberofsignificantbitsoftheMACaddresstousefor authentication.

    Syntax
    set macauthentication significant-bits number

    Parameters
    number Specifiesthenumberofsignificantbitstobeusedforauthentication.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    ThiscommandallowsyoutospecifyamasktoapplytoMACaddresseswhenauthenticating usersthroughaRADIUSserver.Themostcommonuseofsignificantbitmasksisfor authenticationofallMACaddressesforaspecificvendor. OnswitchesusingMACauthentication,theMACaddressofauserattemptingtologinissentto theRADIUSserverastheusername.Ifaccessisdenied,andifasignificantbitmaskhasbeen configured(otherthan48)withthiscommand,theswitchwillapplythemaskandresendthe maskedaddresstotheRADIUSserver.Forexample,ifauserwithMACaddressof0016CF12 3456isdeniedaccess,anda32bitmaskhasbeenconfigured,theswitchwillapplythemaskand resendaMACaddressof0016CF120000totheRADIUSserver. Touseasignificantbitsmaskforauthenticationofdevicesbyaparticularvendor,specifya24bit mask,tomaskouteverythingexceptthevendorportionoftheMACaddress.

    Example
    ThisexamplesetstheMACauthenticationsignificantbitsmaskto24.
    G3(su)->set macauthentication significant-bits 24

    clear macauthentication significant-bits


    UsethiscommandtoresetthenumberofsignificantbitsoftheMACaddresstousefor authenticationtothedefaultof48.

    Syntax
    clear macauthentication significant-bits

    Enterasys G-Series CLI Reference

    20-29

    Configuring Multiple Authentication Methods

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleresetstheMACauthenticationsignificantbitsto48.
    G3(su)->clear macauthentication significant-bits

    Configuring Multiple Authentication Methods


    Note: G3 devices support up to eight authenticated users per port.

    About Multiple Authentication Types


    Whenenabled,multipleauthenticationtypesallowuserstoauthenticateusingmorethanone methodonthesameport.Inorderformultipleauthenticationtofunctiononthedevice,each possiblemethodofauthentication(MACauthentication,802.1X,PWA)mustbeenabledglobally andconfiguredappropriatelyonthedesiredportswithitscorrespondingcommandsetdescribed inthischapter. Multipleauthenticationmodemustbegloballyenabledonthedeviceusingthesetmultiauth modecommand.

    Commands
    For information about... show multiauth set multiauth mode clear multiauth mode set multiauth precedence clear multiauth precedence show multiauth port set multiauth port clear multiauth port show multiauth station show multiauth session show multiauth idle-timeout Refer to page... 20-31 20-31 20-32 20-32 20-33 20-34 20-34 20-35 20-36 20-36 20-37

    20-30

    Security Configuration

    show multiauth

    For information about... set multiauth idle-timeout clear multiauth idle-timeout show multiauth session-timeout set multiauth session-timeout clear multiauth session-timeout

    Refer to page... 20-38 20-38 20-39 20-40 20-40

    show multiauth
    Usethiscommandtodisplaymultipleauthenticationsystemconfiguration.

    Syntax
    show multiauth

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaymultipleauthenticationsystemconfiguration:
    G3(rw)->show multiauth Multiple authentication system configuration ------------------------------------------------Supported types : dot1x, pwa, mac Maximum number of users : 768 Current number of users : 2 System mode : multi Default precedence : dot1x, pwa, mac Admin precedence : dot1x, pwa, mac Operational precedence : dot1x, pwa, mac

    set multiauth mode


    Usethiscommandtosetthesystemauthenticationmodetoallowmultipleauthenticators simultaneously(802.1xPWA,andMACAuthentication)onasingleport,ortostrictlyadhereto 802.1xauthentication.

    Syntax
    set multiauth mode {multi | strict}

    Enterasys G-Series CLI Reference

    20-31

    clear multiauth mode

    Parameters
    multi strict Allowsthesystemtousemultipleauthenticatorssimultaneously(802.1x, PWA,andMACAuthentication)onaport.Thisisthedefaultmode. Usermustauthenticateusing802.1xauthenticationbeforenormaltraffic (anythingotherthanauthenticationtraffic)canbeforwarded.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    MultiauthmultimoderequiresthatMAC,PWA,and802.1Xauthenticationbeenabledglobally, andconfiguredappropriatelyonthedesiredportsaccordingtotheircorrespondingcommand setsdescribedinthischapter.RefertoConfiguring802.1XAuthenticationonpage 2010and ConfiguringMACAuthenticationonpage 2019andConfiguringPortWebAuthentication (PWA)onpage 2057.

    Example
    Thisexampleshowshowtoenablesimultaneousmultipleauthentications:
    G3(rw)->set multiauth mode multi

    clear multiauth mode


    Usethiscommandtoclearthesystemauthenticationmode.

    Syntax
    clear multiauth mode

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoclearthesystemauthenticationmode:
    G3(rw)->clear multiauth mode

    set multiauth precedence


    Usethiscommandtosetthesystemsmultipleauthenticationadministrativeprecedence.
    20-32 Security Configuration

    clear multiauth precedence

    Syntax
    set multiauth precedence {[dot1x] [mac] [pwa]}

    Parameters
    dot1x mac pwa Setsprecedencefor802.1Xauthentication. SetsprecedenceforMACauthentication. Setsprecedenceforportwebauthentication

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Whenauserissuccessfullyauthenticatedbymorethanonemethodatthesametime,the precedenceoftheauthenticationmethodswilldeterminewhichRADIUSreturnedfilterIDwillbe processedandresultinanappliedtrafficpolicyprofile.

    Example
    ThisexampleshowshowtosetprecedenceforMACauthentication:
    G3(rw)->set multiauth precedence mac dot1x

    clear multiauth precedence


    Usethiscommandtoclearthesystemsmultipleauthenticationadministrativeprecedence.

    Syntax
    clear multiauth precedence

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoclearthemultipleauthenticationprecedence:
    G3(rw)->clear multiauth precedence

    Enterasys G-Series CLI Reference

    20-33

    show multiauth port

    show multiauth port


    Usethiscommandtodisplaymultipleauthenticationpropertiesforoneormoreports.

    Syntax
    show multiauth port [port-string]

    Parameters
    portstring (Optional)Displaysmultipleauthenticationinformationforspecificport(s).

    Defaults
    Ifportstringisnotspecified,multipleauthenticationinformationwillbedisplayedforallports.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaymultipleauthenticationinformationforportsge.3.14:
    G3(rw)->show multiauth port ge.3.1-4 Port Max Allowed Current users users users ------------ ------------ ---------- ---------- ---------ge.3.1 auth-opt 8 8 0 ge.3.2 auth-opt 8 8 0 ge.3.3 auth-opt 8 8 0 ge.3.4 auth-opt 8 8 0 Mode

    set multiauth port


    Usethiscommandtosetmultipleauthenticationpropertiesforoneormoreports.

    Syntax
    set multiauth port mode {auth-opt | auth-reqd | force-auth | force-unauth} | numusers numusers port-string

    Parameters
    mode authopt| authreqd| forceauth| forceunauth Specifiestheport(s)multipleauthenticationmodeas: authoptAuthenticationoptional(nonstrictbehavior).Ifauser doesnotattempttoauthenticateusing802.1x,orif802.1x authenticationfails,theportwillallowtraffictobeforwarded accordingtothedefineddefaultVLAN. authreqdAuthenticationisrequired. forceauthAuthenticationconsidered. forceunauthAuthenticationdisabled.

    numusers numusers

    Specifiesthenumberofusersallowedauthenticationonport(s).Valid valuesare0to8.

    20-34

    Security Configuration

    clear multiauth port

    portstring

    Specifiestheport(s)onwhichtosetmultipleauthenticationproperties.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Examples
    Thisexampleshowshowtosettheportmultipleauthenticationmodetorequiredonge.3.14:
    G3(rw)->set multiauth port mode auth-reqd ge.3.14

    Thisexampleshowshowtosetthenumberofusersallowedtoauthenticateonportge.3.14to8:
    G3(rw)->set multiauth port numusers 8 ge.3.14

    clear multiauth port


    Usethiscommandtoclearmultipleauthenticationpropertiesforoneormoreports.

    Syntax
    clear multiauth port {mode | numusers} port-string

    Parameters
    mode numusers portstring Clearsthespecifiedportsmultipleauthenticationmode. Clearsthevaluesetforthenumberofusersallowedauthenticationonthe specifiedport. Specifiestheportorportsonwhichtoclearmultipleauthentication properties.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Examples
    Thisexampleshowshowtocleartheportmultipleauthenticationmodeonportge.3.14:
    G3(rw)->clear multiauth port mode ge.3.14

    Thisexampleshowshowtoclearthenumberofusersonportge.3.14:
    G3(rw)->clear multiauth port numusers ge.3.14

    Enterasys G-Series CLI Reference

    20-35

    show multiauth station

    show multiauth station


    Usethiscommandtodisplaymultipleauthenticationstation(enduser)entries.

    Syntax
    show multiauth station [mac address] [port port-string]

    Parameters
    macaddress portportstring (Optional)DisplaysmultipleauthenticationstationentriesforspecificMAC address(es). (Optional)Displaysmultipleauthenticationstationentriesforspecific port(s).

    Mode
    Switchcommand,readonly.

    Defaults
    Ifnooptionsarespecified,multipleauthenticationstationentrieswillbedisplayedforallMAC addressesandports.

    Example
    Thisexampleshowshowtodisplaymultipleauthenticationstationentries.Inthiscase,twoend userMACaddressesareshown:
    G3(rw)->show Port -----------ge.1.20 ge.2.16 multiauth station Address type Address ------------ -----------------------mac 00-10-a4-9e-24-87 mac 00-b0-d0-e5-0c-d0

    show multiauth session


    Usethiscommandtodisplaymultipleauthenticationsessionentries.

    Syntax
    show multiauth session [all] [agent {dot1x | mac | pwa}] [mac address] [port port-string]

    Parameters
    all agentdot1x|mac| pwa macaddress portportstring (Optional)Displaysinformationaboutallsessions,includingthosewith terminatedstatus. (Optional)Displays802.1X,orMAC,orportwebauthenticationsession information. (Optional)Displaysmultipleauthenticationsessionentriesforspecific MACaddress(es). (Optional)Displaysmultipleauthenticationsessionentriesforthe specifiedportorports.

    20-36

    Security Configuration

    show multiauth idle-timeout

    Defaults
    Ifnooptionsarespecified,multipleauthenticationsessionentrieswillbedisplayedforall sessions,authenticationtypes,MACaddresses,andports.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaymultipleauthenticationsessioninformationforportge.1.1.
    G3(su)->show multiauth session port ge.1.1 __________________________________________ Port | ge.1.1 Station address Auth status | success Last attempt Agent type | dot1x Session applied Server type | radius VLAN-Tunnel-Attr Policy index | 0 Policy name Session timeout | 0 Session duration Idle timeout | 5 Idle time Termination time | Not Terminated

    | | | | | | |

    00-01-03-86-0A-87 FRI MAY 18 11:16:36 2007 true none Administrator 0,00:00:25 0,00:00:00

    show multiauth idle-timeout


    Usethiscommandtodisplaythetimeoutvalue,inseconds,foranidlesessionforall authenticationmethods.

    Syntax
    show multiauth idle-timeout

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaytimeoutvaluesforanidlesessionforallauthenticationtypes.
    G3(su)->show multiauth idle-timeout Authentication type Timeout (sec) ------------------- ------------dot1x 0 pwa 0 mac 0

    Enterasys G-Series CLI Reference

    20-37

    set multiauth idle-timeout

    set multiauth idle-timeout


    Usethiscommandtosetthemaximumnumberofconsecutivesecondsanauthenticatedsession maybeidlebeforeterminationofthesession.

    Syntax
    set multiauth idle-timeout [dot1x | mac | pwa] timeout

    Parameters
    dot1x mac pwa timeout (Optional)SpecifiestheIEEE802.1Xportbasednetworkaccesscontrol authenticationmethodforwhichtosetthetimeoutvalue. (Optional)SpecifiestheEnterasysMACauthenticationmethodfor whichtosetthetimeoutvalue. (Optional)SpecifiestheEnterasysPortWebAuthenticationmethodfor whichtosetthetimeoutvalue. Specifiesthetimeoutvalueinseconds.Thevaluecanrangefrom0to 65535.Avalueof0meansthatnoidletimeoutwillbeappliedunlessan idletimeoutvalueisprovidedbytheauthenticatingserver.

    Defaults
    Ifnoauthenticationmethodisspecified,theidletimeoutvalueissetforallauthentication methods.

    Mode
    Switchmode,readwrite.

    Usage
    Ifyousetanidletimeoutvalue,aMACuserwhoseMACaddresshasagedoutoftheforwarding databasewillbeunauthenticatedifnotraffichasbeenseenfromthataddressforthespecifiedidle timeoutperiod. Avalueofzeroindicatesthatnoidletimeoutwillbeappliedunlessanidletimeoutvalueis providedbytheauthenticatingserver.Forexample,ifasessionisauthenticatedbyaRADIUS server,thatservermayencodeaIdleTimeoutAttributeinitsauthenticationresponse.

    Example
    Thisexamplesetstheidletimeoutvalueforallauthenticationmethodsto300seconds.
    G3(su)->set multiauth idle-timeout 300

    clear multiauth idle-timeout


    Usethiscommandtoresetthemaximumnumberofconsecutivesecondsanauthenticatedsession maybeidlebeforeterminationofthesessiontoitsdefaultvalueof0.

    Syntax
    clear multiauth idle-timeout [dot1x | mac | pwa]

    20-38

    Security Configuration

    show multiauth session-timeout

    Parameters
    dot1x (Optional)SpecifiestheIEEE802.1Xportbasednetworkaccesscontrol authenticationmethodforwhichtoresetthetimeoutvaluetoits default. (Optional)SpecifiestheEnterasysMACauthenticationmethodfor whichtoresetthetimeoutvaluetoitsdefault. (Optional)SpecifiestheEnterasysPortWebAuthenticationmethodfor whichtoresetthetimeoutvaluetoitsdefault.

    mac pwa

    Defaults
    Ifnoauthenticationmethodisspecified,theidletimeoutvalueisresettoitsdefaultvalueof0for allauthenticationmethods.

    Mode
    Switchmode,readwrite.

    Example
    Thisexampleresetstheidletimeoutvalueforallauthenticationmethodsto0seconds.
    G3(su)->clear multiauth idle-timeout

    show multiauth session-timeout


    Usethiscommandtodisplaythesessiontimeoutvalue,inseconds,forallauthenticationmethods.

    Syntax
    show multiauth session-timeout

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchmode,readonly.

    Example
    Thisexampledisplaysthesessiontimeoutvaluesforallauthenticationmethods.
    G3(su)->show multiauth session-timeout Authentication type Timeout (sec) ------------------- ------------dot1x 0 pwa 0 mac 0

    Enterasys G-Series CLI Reference

    20-39

    set multiauth session-timeout

    set multiauth session-timeout


    Usethiscommandtosetthemaximumnumberofsecondsanauthenticatedsessionmaylast beforeterminationofthesession.

    Syntax
    set multiauth session-timeout [dot1x | mac | pwa] timeout

    Parameters
    dot1x mac pwa timeout (Optional)SpecifiestheIEEE802.1Xportbasednetworkaccesscontrol authenticationmethodforwhichtosetthesessiontimeoutvalue. (Optional)SpecifiestheEnterasysMACauthenticationmethodfor whichtosetthesessiontimeoutvalue. (Optional)SpecifiestheEnterasysPortWebAuthenticationmethodfor whichtosetthesessiontimeoutvalue. Specifiesthetimeoutvalueinseconds.Thevaluecanrangefrom0to 65535.Avalueof0meansthatnosessiontimeoutwillbeappliedunless asessiontimeoutvalueisprovidedbytheauthenticatingserver.

    Defaults
    Ifnoauthenticationmethodisspecified,thesessiontimeoutvalueissetforallauthentication methods.

    Mode
    Switchmode,readwrite.

    Usage
    Avalueofzeromaybesupersededbyasessiontimeoutvalueprovidedbytheauthenticating server.Forexample,ifasessionisauthenticatedbyaRADIUSserver,thatservermayencodea SessionTimeoutAttributeinitsauthenticationresponse.

    Example
    ThisexamplesetsthesessiontimeoutvaluefortheIEEE802.1Xauthenticationmethodto300 seconds.
    G3(su)->set multiauth session-timeout dot1x 300

    clear multiauth session-timeout


    Usethiscommandtoresetthemaximumnumberofconsecutivesecondsanauthenticatedsession maylastbeforeterminationofthesessiontoitsdefaultvalueof0.

    Syntax
    clear multiauth session-timeout [dot1x | mac | pwa]

    20-40

    Security Configuration

    Configuring VLAN Authorization (RFC 3580)

    Parameters
    dot1x (Optional)SpecifiestheIEEE802.1Xportbasednetworkaccesscontrol authenticationmethodforwhichtoresetthetimeoutvaluetoits default. (Optional)SpecifiestheEnterasysMACauthenticationmethodfor whichtoresetthetimeoutvaluetoitsdefault. (Optional)SpecifiestheEnterasysPortWebAuthenticationmethodfor whichtoresetthetimeoutvaluetoitsdefault.

    mac pwa

    Defaults
    Ifnoauthenticationmethodisspecified,thesessiontimeoutvalueisresettoitsdefaultvalueof0 forallauthenticationmethods.

    Mode
    Switchmode,readwrite.

    Example
    ThisexampleresetsthesessiontimeoutvaluefortheIEEE802.1Xauthenticationmethodto0 seconds.
    G3(su)->clear multiauth session-timeout dot1x

    Configuring VLAN Authorization (RFC 3580)


    Purpose
    RFC3580TunnelAttributesprovideamechanismtocontainan802.1XauthenticatedoraMAC authenticatedusertoaVLANregardlessofthePVID.Uptoeightuserscanbeconfiguredper Gigabitport. Pleaseseesection331ofRFC3580fordetailsonconfiguringaRADIUSservertoreturnthe desiredtunnelattributes.AsstatedinRFC3580,...itmaybedesirabletoallowaporttobeplaced intoaparticularVirtualLAN(VLAN),definedin[IEEE8021Q],basedontheresultofthe authentication. TheRADIUSservertypicallyindicatesthedesiredVLANbyincludingtunnelattributeswithinits AccessAcceptparameters.However,theIEEE802.1XorMACauthenticatorcanalsobe configuredtoinstructtheVLANtobeassignedtothesupplicantbyincludingtunnelattributes withinAccessRequestparameters. ThefollowingtunnelattributesareusedinVLANauthorizationassignment,: TunnelTypeVLAN(13) TunnelMediumType802 TunnelPrivateGroupIDVLANID

    InordertoauthenticatemultipleRFC3580users,policymaptableresponsemustbesettotunnel asdescribedinthissection.
    Note: The G3 cannot simultaneously support Policy and RFC 3580 on the same port. If multiple users are configured to use a port, and the G3 is then switched from "policy" mode to (RFC-3580 "tunnel" mode, the total number of users supported to use a port will be reset to one.

    Enterasys G-Series CLI Reference

    20-41

    show policy maptable response

    Commands
    For information about... show policy maptable response set policy maptable response set vlanauthorization set vlanauthorization egress clear vlanauthorization show vlanauthorization Refer to page... 20-42 20-42 20-43 20-44 20-44 20-45

    show policy maptable response


    Displaysthecurrentpolicymaptableresponsesetting.WhenVLANauthorizationisenabled(as describedinthissection)andthepolicymaptableresponseistunnel,youcanusetheset multiauthportcommand(page2034)tosetthenumberofRFC3580users(numusers)allowed perGigabitport.UptoeightuserscanbeconfiguredperGigabitport.

    Syntax
    show policy maptable response

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    Thisexampleshowshowtodisplaythecurrentpolicymaptableresponsesetting:
    G3(rw)->show policy maptable response

    policy

    set policy maptable response


    Setsthemaptableresponsefromthedefaultofpolicytotunneltoallowupto8VLANauthorized userstobeconfiguredperGigabitport.

    Syntax
    set policy maptable response {policy | tunnel}

    20-42

    Security Configuration

    set vlanauthorization

    Parameters
    policy tunnel Setsthemaptableresponsetopolicy.Thisisthedefaultsetting,which allowsauthenticationofupto8multiauthusersperport. Setsthemaptableresponsetotunnel,whichallowsauthenticationofup to8multiauthusersperport.ThissettingisrequiredtoconfigureVLAN authorizationformultipleusersperGigabitport.

    Defaults
    Settopolicy.

    Mode
    Switchcommand,readwrite.

    Examples
    Thisexampleshowshowtosetthepolicymaptableresponsetotunnel:
    G3(rw)-> set policy maptable response tunnel

    set vlanauthorization
    EnableordisabletheuseoftheRADIUSVLANtunnelattributetoputaportintoaparticular VLANbasedontheresultofauthentication.

    Syntax
    set vlanauthorization {enable | disable} [port-string]

    Parameters
    enable|disable portstring Enablesordisablesvlanauthorization/tunnelattributes. (Optional)SpecifieswhichportstoenableordisabletheuseofVLAN tunnelattributes/authorization.Foradetaileddescriptionofpossibleport stringvalues,refertoPortStringSyntaxUsedintheCLIonpage 41.

    Defaults
    VLANauthenticationisdisabledbydefault.

    Mode
    Switchcommand,readwrite.

    Examples
    ThisexampleshowshowtoenableVLANauthenticationforallGigabitEthernetports:
    G3(rw)-> set vlanauthorization enable ge.*.*

    ThisexampleshowshowtodisableVLANauthenticationforallGigabitEthernetportsonswitch unit/module 3:
    G3(rw)-> set vlanauthorization disable ge.3.*

    Enterasys G-Series CLI Reference

    20-43

    set vlanauthorization egress

    set vlanauthorization egress


    ControlsthemodificationofthecurrentVLANegresslistof802.1xauthenticatedportsforthe VLANsreturnedintheRADIUSauthorizationfilteridstring.

    Syntax
    set vlanauthorization egress {none | tagged | untagged} port-string

    Parameters
    none tagged untagged portstring Specifiesthatnoegressmanipulationwillbemade. Specifiesthattheauthenticatingportwillbeaddedtothecurrenttagged egressfortheVLANIDreturned. Specifiesthattheauthenticatingportwillbeaddedtothecurrent untaggedegressfortheVLANIDreturned(default). Specifiesthattheportorlistofports.towhichthiscommandwillapply. Foradetaileddescriptionofpossibleportstringvalues,refertoPort StringSyntaxUsedintheCLIonpage 41.

    Defaults
    Bydefault,administrativeegressissettountagged.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoenabletheinsertionoftheRADIUSassignedVLANtoan802.1qtag foralloutboundframesforports10through15onunit/modulenumber3.
    G3(rw)->set vlanauthorization egress tagged ge.3.10-15

    clear vlanauthorization
    Usethiscommandtoreturnport(s)tothedefaultconfigurationofVLANauthorizationdisabled, egressuntagged.

    Syntax
    clear vlanauthorization [port-string]

    Parameters
    portstring (Optional)Specifieswhichportsaretoberestoredtodefault configuration.Ifnoportstringisentered,theactionwillbeaglobal setting.Foradetaileddescriptionofpossibleportstringvalues,referto PortStringSyntaxUsedintheCLIonpage 41.

    Defaults
    Ifnoportstringisentered,allportsawillberesettodefaultconfigurationwithVLAN authorizationdisabledandegressframesuntagged.

    20-44

    Security Configuration

    show vlanauthorization

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowhowtoclearVLANauthorizationforallportsonslots3,4,and5:
    G3(rw)->clear vlanauthorization ge.3-5.*

    show vlanauthorization
    DisplaystheVLANauthenticationstatusandconfigurationinformationforthespecifiedports.

    Syntax
    show vlanauthorization [port-string]

    Parameters
    portstring (Optional)DisplaysVLANauthenticationstatusforthespecifiedports.If noportstringisentered,thentheglobalstatusofthesettingisdisplayed. Foradetaileddescriptionofpossibleportstringvalues,refertoPort StringSyntaxUsedintheCLIonpage 41.

    Defaults
    Ifnoportstringisentered,thestatusforallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThiscommandshowshowtodisplayVLANauthorizationstatusforge.1.1: G3(su)>showvlanauthorizationge.1.1 VlanAuthorization:enabled
    port ------ge.1.1 status administrative egress -------- -------------enabled untagged operational egress ----------authenticated vlan id mac address ----------------- -------

    Table 205providesanexplanationofcommandoutput.Fordetailsonenablingandassigning protocolandegressattributes,refertosetvlanauthorizationonpage 2043andset vlanauthorizationegressonpage 2044. Table 20-5


    Output Field port status administrative egress operational egress

    show vlanauthorization Output Details


    What It Displays... Port identification Port status as assigned by set vlanauthorization command Port status as assigned by the set vlanauthorization egress command Port operational status of vlanauthorization egress.

    Enterasys G-Series CLI Reference

    20-45

    Configuring MAC Locking

    Table 20-5
    Output Field

    show vlanauthorization Output Details (Continued)


    What It Displays... If authentication has succeeded, displays the MAC address assigned for egress. If authentication has succeeded, displays the assigned VLAN id for ingress.

    authenticated mac address vlan id

    Configuring MAC Locking


    ThisfeaturelocksaMACaddresstooneormoreports,preventingconnectionofunauthorized devicesthroughtheport(s).WhensourceMACaddressesarereceivedonspecifiedports,the switchdiscardsallsubsequentframesnotcontainingtheconfiguredsourceaddresses.Theonly framesforwardedonalockedportarethosewiththelockedMACaddress(es)forthatport. TherearetwomethodsoflockingaMACtoaport:firstarrivalandstatic.Thefirstarrivalmethod isdefinedtobelockingthefirstnnumberofMACswhicharriveonaportconfiguredwithMAC lockingenabled.Thevaluenisconfiguredwiththesetmaclockfirstarrivalcommand. ThestaticmethodisdefinedtobestaticallyprovisioningaMACportlockusingthesetmaclock command.ThemaximumnumberofstaticMACaddressesallowedforMAClockingonaport canbeconfiguredwiththesetmaclockstaticcommand. YoucanconfiguretheswitchtoissueaviolationtrapifapacketarriveswithasourceMAC addressdifferentfromanyofthecurrentlylockedMACaddressesforthatport. MACsareunlockedasaresultof: Alinkdownevent WhenMAClockingisdisabledonaport WhenaMACisagedoutoftheforwardingdatabasewhenFirstArrivalagingisenabled

    Whenproperlyconfigured,MAClockingisanexcellentsecuritytoolasitpreventsMACspoofing onconfiguredports.AlsoifaMACweretobesecuredbysomethinglikeDragonDynamic IntrusionDetection,MAClockingwouldmakeitmoredifficultforahackertosendpacketsinto thenetworkbecausethehackerwouldhavetochangetheirMACaddressandmovetoanother port.Inthemeantimethesystemadministratorwouldbereceivingamaclocktrapnotification.

    Purpose
    Toreview,disable,enable,andconfigureMAClocking.

    Commands
    For information about... show maclock show maclock stations set maclock enable set maclock disable set maclock clear maclock Refer to page... 20-47 20-48 20-49 20-50 20-50 20-51

    20-46

    Security Configuration

    show maclock

    For information about... set maclock static clear maclock static set maclock firstarrival clear maclock firstarrival set maclock agefirstarrival clear maclock agefirstarrival set maclock move set maclock trap

    Refer to page... 20-52 20-52 20-53 20-54 20-54 20-55 20-55 20-56

    show maclock
    UsethiscommandtodisplaythestatusofMAClockingononeormoreports.

    Syntax
    show maclock [port-string]

    Parameters
    portstring (Optional)DisplaysMAClockingstatusforspecifiedport(s).Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,MAClockingstatuswillbedisplayedforallports.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayMAClockinginformationforge.1.1.
    G3(su)->show maclock ge.1.1 MAC locking is globally enabled Port Number ------ge.1.1 Port Trap Status Status ------- -------enabled disabled Aging Status ------enabled Max Static Max FirstArrival Last Violating Allocated Allocated MAC Address ---------- --------------- --------------20 1 00:a0:c9:39:5c:b4

    Table 206providesanexplanationofthecommandoutput. Table 20-6


    Output Field Port Number

    show maclock Output Details


    What It Displays... Port designation. For a detailed description of possible port-string values, refer to Port String Syntax Used in the CLI on page 4-1.

    Enterasys G-Series CLI Reference

    20-47

    show maclock stations

    Table 20-6
    Output Field Port Status

    show maclock Output Details (Continued)


    What It Displays... Whether MAC locking is enabled or disabled on the port. MAC locking is globally disabled by default. For details on enabling MAC locking on the switch and on one or more ports, refer to set maclock enable on page 20-49 and set maclock on page 20-50. Whether MAC lock trap messaging is enabled or disabled on the port. For details on setting this status, refer to set maclock trap on page 20-56. Whether aging of FirstArrival MAC addresses is enabled or disabled on the port. Refer to set maclock agefirstarrival on page 20-54. The maximum static MAC addresses allowed locked to the port. For details on setting this value, refer to set maclock static on page 20-52. The maximum end station MAC addresses allowed locked to the port. For details on setting this value, refer to set maclock firstarrival on page 20-53. Most recent MAC address(es) violating the maximum static and first arrival value(s) set for the port.

    Trap Status Aging Status Max Static Allocated Max FirstArrival Allocated Last Violating MAC Address

    show maclock stations


    UsethiscommandtodisplayMAClockinginformationaboutendstationsconnectedtothe switch.

    Syntax
    show maclock stations [firstarrival | static] [port-string]

    Parameters
    firstarrival static portstring (Optional)DisplaysMAClockinginformationaboutendstationsfirst connectedtoMAClockedports. (Optional)DisplaysMAClockinginformationaboutstatic(management defined)endstationsconnectedtoMAClockedports. (Optional)Displaysendstationinformationforspecifiedport(s).Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    Ifnoparametersarespecified,MAClockinginformationwillbedisplayedforallendstations.

    Mode
    Switchcommand,readonly.

    20-48

    Security Configuration

    set maclock enable

    Example
    ThisexampleshowshowtodisplayMAClockinginformationfortheendstationsconnectedtoall GigabitEthernetportsinunit/module2:
    G3(su)->show maclock stations ge.2.* Port Number MAC Address Status ------------ -----------------------------ge.2.1 00:a0:c9:39:5c:b4 active ge.2.7 00:a0:c9:39:1f:11 active State -------------first arrival static Aging ----true false

    Table 207providesanexplanationofthecommandoutput. Table 20-7


    Output Field Port Number MAC address Status State Aging

    show maclock stations Output Details


    What It Displays... Port designation. For a detailed description of possible port-string values, refer to Port String Syntax Used in the CLI on page 4-1. MAC address of the end station(s) locked to the port. Whether the end stations are active or inactive. Whether the end station locked to the port is a first arrival or static connection. When true, FirstArrival MACs that have aged out of the forwarding database will be removed for the associated port lock.

    set maclock enable


    UsethiscommandtoenableMAClockinggloballyorononeormoreports.
    Note: MAC locking needs to be enabled globally and on appropriate ports for it to function.

    Syntax
    setmaclockenable[portstring]

    Parameters
    portstring (Optional)EnablesMAClockingonspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,MAClockingwillbeenabledglobally.

    Mode
    Switchcommand,readwrite.

    Usage
    Whenenabledandconfigured,MAClockingdefineswhichMACaddresses,aswellashowmany MACaddressesarepermittedtousespecificport(s).
    Enterasys G-Series CLI Reference 20-49

    set maclock disable

    MAClockingisdisabledbydefaultatdevicestartup.ConfiguringoneormoreportsforMAC lockingrequiresgloballyenablingitonthedeviceandthenenablingitonthedesiredports.

    Example
    ThisexampleshowshowtoenableMAClockingonge.2.3:
    G3(su)->set maclock enable ge.2.3

    set maclock disable


    UsethiscommandtodisableMAClockinggloballyorononeormoreports.

    Syntax
    set maclock disable [port-string]

    Parameters
    portstring (Optional)DisablesMAClockingonspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,MAClockingwillbedisabledgloballyonthestackorstandalone device.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodisableMAClockingonge.2.3:
    G3(su)->set maclock disable ge.2.3

    set maclock
    UsethiscommandtocreateastaticMACaddresstoportlocking,andtoenableordisableMAC lockingforthespecifiedMACaddressandport.

    Syntax
    set maclock mac-address port-string {create | enable | disable}

    Parameters
    macaddress portstring SpecifiestheMACaddressforwhichMAClockingwillbecreated, enabledordisabled. Specifiestheportonwhichtocreate,enableordisableMAClockingfor thespecifiedMAC.Foradetaileddescriptionofpossibleportstring values,refertoPortStringSyntaxUsedintheCLIonpage 41.

    20-50

    Security Configuration

    clear maclock

    create

    EstablishesaMAClockingassociationbetweenthespecifiedMAC addressandport.CreateautomaticallyenablesMAClockingbetweenthe specifiedMACaddressandport. EnablesordisablesMAClockingbetweenthespecifiedMACaddressand port.

    enable|disable

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    ConfiguringaportforMAClockingrequiresgloballyenablingitontheswitchfirstusingtheset maclockenablecommandasdescribedinsetmaclockenableonpage 2049. StaticMAClockingauseronmultipleportsisnotsupported. StaticallyMAClockedaddresseswilldisplayintheshowmacoutput(asdescribedonpage1118) asaddresstypeotherandwillnotremovethemonlinkdown.

    Example
    ThisexampleshowshowtocreateaMAClockingassociationbetweenMACaddress0e03efd8 4455andportge.3.2:
    G3(rw)->set maclock 0e-03-ef-d8-44-55 ge.3.2 create

    clear maclock
    UsethiscommandtoremoveastaticMACaddresstoportlockingentry.

    Syntax
    clear maclock mac-address port-string

    Parameters
    macaddress portstring SpecifiestheMACaddressthatwillberemovedfromthelistofstatic MACsallowedtocommunicateontheport. SpecifiestheportonwhichtocleartheMACaddress.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Enterasys G-Series CLI Reference

    20-51

    set maclock static

    Usage
    TheMACaddressthatisclearedwillnolongerbeabletocommunicateontheportunlessthefirst arrivallimithasbeensettoavaluegreaterthan0andthislimithasnotyetbeenmet. Forexample,ifuserBsMACisremovedfromthestaticMACaddresslistandthefirstarrival limithasbeensetto0,thenuserBwillnotbeabletocommunicateontheport.IfuserAsMACis removedfromthestaticMACaddresslistandthefirstarrivallimithasbeensetto10,butonlyhas 7entries,userAwillbecomethe8thentryandallowedtocommunicateontheport.

    Example
    ThisexampleshowshowtoremoveaMACfromthelistofstaticMACsallowedtocommunicate onportge.3.2:
    G3(rw)->clear maclock 0e-03-ef-d8-44-55 ge.3.2

    set maclock static


    UsethiscommandtosetthemaximumnumberofstaticMACaddressesallowedperport.Static MACsareadministrativelydefined.

    Syntax
    set maclock static port-string value

    Parameters
    portstring SpecifiestheportonwhichtosetthemaximumnumberofstaticMACs allowed.Foradetaileddescriptionofpossibleportstringvalues,referto PortStringSyntaxUsedintheCLIonpage 41. SpecifiesthemaximumnumberofstaticMACaddressesallowedper port.Validvaluesare0to20.

    value

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetthemaximumnumberofallowablestaticMACsto2onge.3.1:
    G3(rw)->set maclock static ge.3.1 2

    clear maclock static


    UsethiscommandtoresetthenumberofstaticMACaddressesallowedperporttothedefault valueof20.

    Syntax
    clear maclock static port-string

    20-52

    Security Configuration

    set maclock firstarrival

    Parameters
    portstring SpecifiestheportonwhichtoresetnumberofstaticMACaddresses allowed.Foradetaileddescriptionofpossibleportstringvalues,referto PortStringSyntaxUsedintheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresetthenumberofallowablestaticMACsonge.2.3:
    G3(rw)->clear maclock static ge.2.3

    set maclock firstarrival


    UsethiscommandtorestrictMAClockingonaporttoamaximumnumberofendstation addressesfirstconnectedtothatport.

    Syntax
    set maclock firstarrival port-string value

    Parameters
    portstring SpecifiestheportonwhichtolimitMAClocking.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41. SpecifiesthenumberoffirstarrivalendstationMACaddressestobe allowedconnectionstotheport.Validvaluesare0to600.

    value

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Themaclockfirstarrivalcountresetswhenthelinkgoesdown.Thisfeatureisbeneficialifyou haveroamingusersthefirstarrivalcountwillbereseteverytimeausermovestoanotherport, butwillstillprotectagainstconnectingmultipledevicesonasingleportandwillprotectagainst MACaddressspoofing.
    Note: Setting a ports first arrival limit to 0 does not deny the first MAC address learned on the port from passing traffic.

    Enterasys G-Series CLI Reference

    20-53

    clear maclock firstarrival

    Example
    ThisexampleshowshowtorestrictMAClockingto6MACaddressesonge.2.3:
    G3(su)->set maclock firstarrival ge.2.3 6

    clear maclock firstarrival


    UsethiscommandtoresetthenumberoffirstarrivalMACaddressesallowedperporttothe defaultvalueof600.

    Syntax
    clear maclock firstarrival port-string

    Parameters
    portstring Specifiestheportonwhichtoresetthefirstarrivalvalue.Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresetMACfirstarrivalsonge.2.3:
    G3(su)->clear maclock firstarrival ge.2.3

    set maclock agefirstarrival


    UsethiscommandtoenableordisabletheagingoffirstarrivalMACaddresses.Whenenabled, firstarrivalMACaddressesthatareagedoutoftheforwardingdatabasewillberemovedfrom theassociatedportMAClock.

    Syntax
    set maclock agefirstarrival port-string {enable | disable}

    Parameters
    portstring Specifiestheport(s)onwhichtoenableordisablefirstarrivalaging.For adetaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41. Enableordisablefirstarrivalaging.Bydefault,firstarrivalagingis disabled.

    enable|disable

    Defaults
    None.

    20-54

    Security Configuration

    clear maclock agefirstarrival

    Mode
    Switchmode,readwrite.

    Example
    Thisexampleenablesfirstarrivalagingonportge.1.1.
    G3(su)-> set maclock agefirstarrival ge.1.1 enable

    clear maclock agefirstarrival


    Usethiscommandtoresetfirstarrivalagingononeormoreportstoitsdefaultstateofdisabled.

    Syntax
    clear maclock agefirstarrival port-string

    Parameters
    portstring Specifiestheport(s)onwhichtodisablefirstarrivalaging.Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    None.

    Mode
    Switchmode,readwrite.

    Example
    Thisexampledisablesfirstarrivalagingonportge.1.1.
    G3(su)-> clear maclock agefirstarrival ge.1.1 enable

    set maclock move


    UsethiscommandtomoveallcurrentfirstarrivalMACstostaticentries.

    Syntax
    set maclock move port-string

    Parameters
    portstring SpecifiestheportonwhichMACwillbemovedfromfirstarrivalMACs tostaticentries.Foradetaileddescriptionofpossibleportstringvalues, refertoPortStringSyntaxUsedintheCLIonpage 41.

    Defaults
    None.

    Enterasys G-Series CLI Reference

    20-55

    set maclock trap

    Mode
    Switchcommand,readwrite.

    Usage
    IftherearemorefirstarrivalMACsthantheallowedmaximumstaticMACs,thenonlythelatest firstarrivalMACswillbemovedtostaticentries.Forexample,ifyousetthemaximumnumberof staticMACsto2withthesetmaclockstaticcommand,andthenexecutedthesetmaclockmove command,eventhoughtherewerefiveMACsinthefirstarrivaltable,onlythetwomostrecent MACentrieswouldbemovedtostaticentries.

    Example
    ThisexampleshowshowtomoveallcurrentfirstarrivalMACstostaticentriesonportsge.3.140:
    G3(rw)->set maclock move ge.3.1-40

    set maclock trap


    UsethiscommandtoenableordisableMAClocktrapmessaging.

    Syntax
    set maclock trap port-string {enable | disable}

    Parameters
    portstring SpecifiestheportonwhichMAClocktrapmessagingwillbeenabledor disabled.Foradetaileddescriptionofpossibleportstringvalues,referto PortStringSyntaxUsedintheCLIonpage 41. EnablesordisablesMAClocktrapmessaging.

    enable|disable

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    Whenenabled,thisfeatureauthorizestheswitchtosendanSNMPtrapmessageifanendstation isconnectedthatexceedsthemaximumvaluesconfiguredusingthesetmaclockfirstarrivaland setmaclockstaticcommands.ViolatingMACaddressesaredroppedfromthedevicesfiltering database.

    Example
    ThisexampleshowshowtoenableMAClocktrapmessagingonge.2.3:
    G3(su)->set maclock trap ge.2.3 enable

    20-56

    Security Configuration

    Configuring Port Web Authentication (PWA)

    Configuring Port Web Authentication (PWA)


    About PWA
    PWAprovidesawayofauthenticatingusersbeforeallowinggeneralaccesstothenetwork TologonusingPWA,theusermakesarequestthroughawebbrowserforthePWAwebpageor isautomaticallyredirectedtothisloginpageafterrequestingaURLinabrowser. Dependingupontheauthenticatedstateoftheuser,aloginpageoralogoutpagewilldisplay. Whenausersubmitsusernameandpassword,theswitchthenauthenticatestheuserviaa preconfiguredRADIUSserver.Iftheloginissuccessful,thentheuserwillbegrantedfullnetwork accessaccordingtotheuserspolicyconfigurationontheswitch.
    PWA PWA

    Note: One user per PWA-configured port can be authenticated on G-Series devices. PWA authentication does not support RFC-3580 VLAN authorization.

    Purpose
    Toreview,enable,disable,andconfigurePortWebAuthentication(PWA).

    Commands
    For information about... show pwa set pwa show pwa banner set pwa banner clear pwa banner set pwa displaylogo set pwa ipaddress set pwa protocol set pwa guestname clear pwa guestname set pwa guestpassword set pwa gueststatus set pwa initialize set pwa quietperiod set pwa maxrequest set pwa portcontrol show pwa session set pwa enhancedmode Refer to page... 20-58 20-59 20-60 20-60 20-61 20-61 20-62 20-62 20-63 20-63 20-64 20-64 20-65 20-65 20-66 20-66 20-67 20-68

    Enterasys G-Series CLI Reference

    20-57

    show pwa

    show pwa
    Usethiscommandtodisplayportwebauthenticationinformationforoneormoreports.

    Syntax
    show pwa [port-string]

    Parameters
    portstring (Optional)DisplaysPWAinformationforspecificport(s).

    Defaults
    Ifportstringisnotspecified,PWAinformationwillbedisplayedforallports.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayPWAinformationforge.2.1:
    G3(su)->show pwa ge.2.1 PWA Status PWA IP Address PWA Protocol PWA Enhanced Mode PWA Logo PWA Guest Networking Status PWA Guest Name PWA Redirect Time Port Mode -------- ---------------ge.2.1 disabled enabled 192.168.62.99 PAP N/A enabled disabled guest N/A QuietPeriod ----------60 MaxReq --------16

    AuthStatus -------------disconnected

    Table 208providesanexplanationofthecommandoutput. Table 20-8


    Output Field PWA Status

    show pwa Output Details


    What It Displays... Whether or not port web authentication is enabled or disabled. Default state of disabled can be changed using the set pwa command as described in set pwa on page 20-59. IP address of the end station from which PWA will prevent network access until the user is authenticated. Set using the set pwa ipaddress command as described in set pwa ipaddress on page 20-62. Whether PWA protocol is CHAP or PAP. Default setting of PAP can be changed using the set pwa protocol command as described in set pwa protocol on page 20-62. Whether PWA enhanced mode is enabled or disabled. Default state of disabled can be changed using the set pwa enhancedmode command as described in set pwa enhancedmode on page 20-68.

    PWA IP Address

    PWA Protocol

    PWA Enhanced Mode

    20-58

    Security Configuration

    set pwa

    Table 20-8
    Output Field PWA Logo

    show pwa Output Details (Continued)


    What It Displays... Whether the Enterasys Networks logo will be displayed or hidden at user login. Default state of enabled (displayed) can be changed using the set pwa displaylogo command as described in set pwa displaylogo on page 20-61. Whether PWA guest user status is disabled or enabled with RADIUS or no authentication. Default state of disabled can be changed using the set pwa gueststatus command as described in set pwa gueststatus on page 20-64. Guest user name for PWA enhanced mode networking. Default value of guest can be changed using the set pwa guestname command as described in set pwa guestname on page 20-63. Guest users password. Default value of an empty string can be changed using the set pwa guestpassword command as described in set pwa guestpassword on page 20-64. Time in seconds after login success before the user is redirected to the PWA home page. PWA port designation. Whether PWA is enabled or disabled on his port. Whether or not the port state is disconnected, authenticating, authenticated, or held (authentication has failed). Amount of time a port will be in the held state after a user unsuccessfully attempts to log on to the network. Default value of 60 can be changed using the set pwa quietperiod command as described in set pwa quietperiod on page 20-65. Maximum number of log on attempts allowed before transitioning the port to a held state. Default value of 2 can be changed using the set pwa maxrequests command as described in set pwa maxrequest on page 20-66.

    PWA Guest Networking Status PWA Guest Name

    PWA Guest Password PWA Redirect Time Port Mode Auth Status Quiet Period

    MaxReq

    set pwa
    Usethiscommandtoenableordisableportwebauthentication.

    Syntax
    set pwa {enable | disable}

    Parameters
    enable|disable Enablesordisablesportwebauthentication.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Enterasys G-Series CLI Reference

    20-59

    show pwa banner

    Example
    Thisexampleshowshowtoenableportwebauthentication:
    G3(su)->set pwa enable

    show pwa banner


    Usethiscommandtodisplaytheportwebauthenticationloginbannerstring.

    Syntax
    show pwa banner

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaythePWAloginbanner:
    G3(su)->show pwa banner Welcome to Enterasys Networks

    set pwa banner


    UsethiscommandtoconfigureastringtobedisplayedasthePWAloginbanner.

    Syntax
    set pwa banner string

    Parameters
    string SpecifiesthePWAloginbanner.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetthePWAloginbannertoWelcometoEnterasysNetworks:
    G3(su)->set pwa banner Welcome to Enterasys Networks

    20-60

    Security Configuration

    clear pwa banner

    clear pwa banner


    UsethiscommandtoresetthePWAloginbannertoablankstring.

    Syntax
    clear pwa banner

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoresetthePWAloginbannertoablankstring
    G3(su)->clear pwa banner

    set pwa displaylogo


    UsethiscommandtosetthedisplayoptionsfortheEnterasysNetworkslogo.

    Syntax
    set pwa displaylogo {display | hide}

    Parameters
    display|hide DisplaysorhidestheEnterasysNetworkslogowhenthePWAwebsite displays.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtohidetheEnterasysNetworkslogo:
    G3(su)->set pwa displaylogo hide

    Enterasys G-Series CLI Reference

    20-61

    set pwa ipaddress

    set pwa ipaddress


    UsethiscommandtosetthePWAIPaddress.ThisistheIPaddressoftheendstationfromwhich PWAwillpreventnetworkaccessuntiltheuserisauthenticated.

    Syntax
    set pwa ipaddress ip-address

    Parameters
    ipaddress SpecifiesagloballyuniqueIPaddress.Thissamevaluemustbe configuredintoeveryauthenticatingswitchinthedomain.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetaPWAIPaddressof1.2.3.4:
    G3(su)->set pwa ipaddress 1.2.3.4

    set pwa protocol


    Usethiscommandtosettheportwebauthenticationprotocol.

    Syntax
    set pwa protocol {chap | pap}

    Parameters
    chap|pap SetsthePWAprotocolto: CHAP(PPPChallengeHandshakeProtocol)encryptstheusername andpasswordbetweentheendstationandtheswitchport. PAP(PasswordAuthenticationProtocoldoesnotprovideany encryptionbetweentheendstationtheswitchport.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetathePWAprotocoltoCHAP:
    G3(su)->set pwa protocol chap

    20-62

    Security Configuration

    set pwa guestname

    set pwa guestname


    UsethiscommandtosetaguestusernameforPWAnetworking.PWAwillusethisnametogrant networkaccesstoguestswithoutestablishedloginnamesandpasswords.

    Syntax
    set pwa guestname name

    Parameters
    name Specifiesaguestusername.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetthePWAguestusernametoguestuser:
    G3(su)->set pwa guestname guestuser

    clear pwa guestname


    UsethiscommandtoclearthePWAguestusername.

    Syntax
    clear pwa guestname

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoclearthePWAguestusername
    G3(su)->clear pwa guestname

    Enterasys G-Series CLI Reference

    20-63

    set pwa guestpassword

    set pwa guestpassword


    UsethiscommandtosettheguestuserpasswordforPWAnetworking.

    Syntax
    set pwa guestpassword

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Usage
    PWAwillusethispasswordandtheguestusernametograntnetworkaccesstoguestswithout establishedloginnamesandpasswords.

    Example
    ThisexampleshowshowtosetthePWAguestuserpasswordname:
    G3(su)->set pwa guestpassword Guest Password: ********* Retype Guest Password: *********

    set pwa gueststatus


    Usethiscommandtoenableordisableguestnetworkingforportwebauthentication.

    Syntax
    set pwa gueststatus {authnone | authradius | disable}

    Parameters
    authnone authradius Enablesguestnetworkingwithnoauthenticationmethod. EnablesguestnetworkingwithRADIUSauthentication.Uponsuccessful authenticationfromRADIUS,PWAwillapplythepolicyreturnedfrom RADIUStothePWAport. Disablesguestnetworking.

    disable

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    20-64

    Security Configuration

    set pwa initialize

    Usage
    PWAwilluseaguestpasswordandguestusernametograntnetworkaccesswithdefaultpolicy privilegestouserswithoutestablishedloginnamesandpasswords.

    Example
    ThisexampleshowshowtoenablePWAguestnetworkingwithRADIUSauthentication:
    G3(su)->set pwa guestnetworking authradius

    set pwa initialize


    UsethiscommandtoinitializeaPWAporttoitsdefaultunauthenticatedstate.

    Syntax
    set pwa initialize [port-string]

    Parameters
    portstring (Optional)Initializesspecificport(s).Foradetaileddescriptionofpossible portstringvalues,refertoPortStringSyntaxUsedintheCLIon page 41.

    Defaults
    Ifportstringisnotspecified,allportswillbeinitialized.

    Mode
    Switchcommand,readwrite.

    Example
    Thisexampleshowshowtoinitializeportsge.1.57:
    G3(su)->set pwa initialize ge.1.5-7

    set pwa quietperiod


    Usethiscommandtosettheamountoftimeaportwillremainintheheldstateafterauser unsuccessfullyattemptstologontothenetwork.

    Syntax
    set pwa quietperiod time [port-string]

    Parameters
    time portstring Specifiesquiettimeinseconds. (Optional)Setsthequietperiodforspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Enterasys G-Series CLI Reference

    20-65

    set pwa maxrequest

    Defaults
    Ifportstringisnotspecified,quietperiodwillbesetforallports.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetthePWAquietperiodto30secondsforportsge.1.57:
    G3(su)->set pwa quietperiod 30 ge.1.5-7

    set pwa maxrequest


    Usethiscommandtosetthemaximumnumberoflogonattemptsallowedbeforetransitioning thePWAporttoaheldstate.

    Syntax
    set pwa maxrequests requests [port-string]

    Parameters
    maxrequests portstring Specifiesthemaximumnumberoflogonattempts. (Optional)Setsthemaximumrequestsforspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,maximumrequestswillbesetforallports.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtosetthePWAmaximumrequeststo3forallports:
    G3(su)->set pwa maxrequests 3

    set pwa portcontrol


    ThiscommandenablesordisablesPWAauthenticationonselectports.

    Syntax
    set pwa portcontrol {enable | disable} [port-string]

    Parameters
    enable|disable EnablesordisablesPWAonspecifiedports.

    20-66

    Security Configuration

    show pwa session

    portstring

    (Optional)Setsthecontrolmodeonspecificport(s).Foradetailed descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed intheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,PWAwillenabledonallports.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoenablePWAonports122:
    G3(su)->set pwa portcontrol enable ge.1.1-22

    show pwa session


    UsethiscommandtodisplayinformationaboutcurrentPWAsessions.

    Syntax
    show pwa session [port-string]

    Parameters
    portstring (Optional)DisplaysPWAsessioninformationforspecificport(s).Fora detaileddescriptionofpossibleportstringvalues,refertoPortString SyntaxUsedintheCLIonpage 41.

    Defaults
    Ifportstringisnotspecified,sessioninformationforallportswillbedisplayed.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplayPWAsessioninformation:
    G3(su)->show pwa session Port MAC -------- ----------------ge.2.19 00-c0-4f-20-05-4b ge.2.19 00-c0-4f-24-51-70 ge.2.19 00-00-f8-78-9c-a7 IP --------------172.50.15.121 172.50.15.120 172.50.15.61 User ------------pwachap10 pwachap1 pwachap11 Duration -----------0,14:46:55 0,15:43:30 0,14:47:58 Status --------active active active

    Enterasys G-Series CLI Reference

    20-67

    set pwa enhancedmode

    set pwa enhancedmode


    ThiscommandenablesPWAURLredirection.TheswitchinterceptsallHTTPpacketsonport80 fromtheenduser,andsendstheenduserarefreshpagedestinedforthePWAIPAddress configured.

    Syntax
    set pwa enhancedmode {enable | disable}

    Parameters
    enable|disable EnablesordisablesPWAenhancedmode.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoenablePWAenhancedmode:
    G3(su)->set pwa enhancedmode enable

    Configuring Secure Shell (SSH)


    Purpose
    Toreview,enable,disable,andconfiguretheSecureShell(SSH)protocol,whichprovidessecure Telnet.

    Commands
    For information about... show ssh status set ssh set ssh hostkey Refer to page... 20-68 20-69 20-69

    show ssh status


    UsethiscommandtodisplaythecurrentstatusofSSHontheswitch.

    Syntax
    show ssh status

    20-68

    Security Configuration

    set ssh

    Parameters
    None.

    Defaults
    None.

    Mode
    Switchcommand,readonly.

    Example
    ThisexampleshowshowtodisplaySSHstatusontheswitch:
    G3(su)->show ssh status SSH Server status: Disabled

    set ssh
    Usethiscommandtoenable,disableorreinitializeSSHserverontheswitch.Bydefault,theSSH serverisdisabled.

    Syntax
    set ssh {enable | disable | reinitialize}

    Parameters
    enable|disable reinitialize EnablesordisablesSSH,orreinitializestheSSHserver. ReinitializestheSSHserver.

    Defaults
    None.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtodisableSSH:
    G3(su)->set ssh disable

    set ssh hostkey


    UsethiscommandtosetorreinitializenewSSHauthenticationkeys.

    Syntax
    set ssh hostkey [reinitialize]

    Parameters
    reinitialize (Optional)Reinitializestheserverhostauthenticationkeys.

    Enterasys G-Series CLI Reference

    20-69

    Configuring Access Lists

    Defaults
    Ifreinitializeisnotspecified,theusermustsupplySSHauthenticationkeyvalues.

    Mode
    Switchcommand,readwrite.

    Example
    ThisexampleshowshowtoregenerateSSHkeys:
    G3(su)->set ssh hostkey reinitialize

    Configuring Access Lists


    Router: These commands can be executed when the device is in router mode only. For details on how to enable router configuration modes, refer to Enabling Router Configuration Modes on page 14-2.

    Purpose
    Toreviewandconfiguresecurityaccesscontrollists(ACLs),whichpermitordenyaccessto routinginterfacesbasedonprotocolandIPaddressrestrictions.

    Commands
    For information about... show access-lists access-list (standard) access-list (extended) ip access-group Refer to page... 20-70 20-74 20-72 20-74

    show access-lists
    UsethiscommandtodisplayconfiguredIPaccesslistswhenoperatinginroutermode.

    Syntax
    showaccesslists[number]

    Parameters
    accesslist number (Optional)Displaysaccesslistinformationforaspecificaccesslistnumber. Validvaluesarebetween1and199.

    Defaults
    Ifnumberisnotspecified,theentiretableofaccesslistswillbedisplayed.

    20-70

    Security Configuration

    access-list (standard)

    Mode
    Anyroutermode.

    Example
    ThisexampleshowshowtodisplayIPaccesslistnumber101.Thisisanextendedaccesslist, whichpermitsordeniesICMP,UDPandIPframesbasedonrestrictionsconfiguredwiththeone oftheaccesslistcommands.Fordetailsonconfiguringstandardaccesslists,refertoaccesslist (standard)onpage 2071.Fordetailsonconfiguringextendedaccesslists,refertoaccesslist (extended)onpage 2072.
    G3(su)->router#show access-lists 101 Extended IP access list 101 1: permit icmp host 18.2.32.130 any 2: permit udp host 198.92.32.130 host 171.68.225.126 3: deny ip 150.136.0.0 0.0.255.255 224.0.0.0 15.255.255.255 4: deny ip 11.6.0.0 0.1.255.255 224.0.0.0 15.255.255.255 5: deny ip 172.24.24.0 0.0.1.255 224.0.0.0 15.255.255.255

    access-list (standard)
    UsethiscommandtodefineastandardIPaccesslistbynumberwhenoperatinginroutermode. Thenoformofthiscommandremovesthedefinedaccesslistorentry.

    Syntax
    To create an ACL entry:
    access-list access-list-number {deny | permit} source [source-wildcard] no access-list access-list-number [entry]

    To insert or replace an ACL entry:


    access-list access-list-number insert | replace entry

    To move entries within an ACL:


    access-list access-list-number move destination source1 [source2]

    Parameters
    accesslist number deny|permit source Specifiesastandardaccesslistnumber.Validvaluesarefrom1to99. Deniesorpermitsaccessifspecifiedconditionsaremet. Specifiesthenetworkorhostfromwhichthepacketwillbesent.Valid optionsforexpressingsourceare: sourcewildcard insert|replace entry IPaddressorrangeofaddresses(A.B.C.D) anyAnysourcehost hostsourceIPaddressofasinglesourcehost

    (Optional)Specifiesthebitstoignoreinthesourceaddress. (Optional)InsertsthisnewentrybeforeaspecifiedentryinanexistingACL, orreplacesaspecifiedentrywiththisnewentry.

    Enterasys G-Series CLI Reference

    20-71

    access-list (extended)

    movedestination source1source2

    (Optional)Movesasequenceofaccesslistentriesbeforeanotherentry. Destinationisthenumberoftheexistingentrybeforewhichthisnewentry willbemoved.Source1isasingleentrynumberorthefirstentrynumberin therangetobemoved.Source2(optional)isthelastentrynumberinthe rangetobemoved.Ifsource2isnotspecified,onlythesource1entrywillbe moved.

    Defaults
    Ifinsert,replaceormovearenotspecified,thenewentrywillbeappendedtotheaccesslist. Ifsource2isnotspecifiedwithmove,onlyoneentrywillbemoved.

    Mode
    Globalconfiguration:G3(su)>router(Config)#

    Usage
    Note: ACLs are not supported on routed VLANs which incorporate LAG ports.

    ValidaccesslistnumbersforstandardACLsare1to99.ForextendedACLs,validvaluesare100 to199. Accesslistsareappliedtointerfacesbyusingthe ipaccessgroupcommand(ipaccessgroup onpage 2074).

    Examples
    Thisexampleshowshowtocreateaccesslist1withthreeentriesthatallowaccesstoonlythose hostsonthethreespecifiednetworks.Thewildcardbitsapplytothehostportionsofthenetwork addresses.Anyhostwithasourceaddressthatdoesnotmatchtheaccesslistentrieswillbe rejected:
    G3(su)->router(Config)#access-list 1 permit 192.5.34.0 0.0.0.255 G3(su)->router(Config)#access-list 1 permit 128.88.0.0 0.0.255.255 G3(su)->router(Config)#access-list 1 permit 36.0.0.0 0.255.255.255

    Thisexamplemovesentry16tothebeginningofACL22:
    G3(su)->router(Config)#access-list 22 move 1 16

    access-list (extended)
    UsethiscommandtodefineanextendedIPaccesslistbynumberwhenoperatinginroutermode. Thenoformofthiscommandremovesthedefinedaccesslistorentry:

    Syntax
    To apply ACL restrictions to IP, UDP, ICMP or TCP packets:
    access-list access-list-number {deny | permit} protocol source [source-wildcard] [operator [port]] destination [destination-wildcard] no access-list access-list-number [entry]

    20-72

    Security Configuration

    access-list (extended)

    To insert or replace an ACL entry:


    access-list access-list-number insert | replace entry

    To move entries within an ACL:


    access-list access-list-number move destination source1 [source2]

    Parameters
    accesslistnumber deny|permit protocol Specifiesanextendedaccesslistnumber.Validvaluesarefrom100to199. Deniesorpermitsaccessifspecifiedconditionsaremet. SpecifiesanIPprotocolforwhichtodenyorpermitaccess.Validvalues andtheircorrespondingprotocolsare: source ipAnyInternetprotocol udpUserDatagramProtocol tcpTransmissionControlProtocol icmpInternetControlMessageProtocol

    Specifiesthenetworkorhostfromwhichthepacketwillbesent.Valid optionsforexpressingsourceare: IPaddressorrangeofaddresses(A.B.C.D) anyAnysourcehost hostsourceIPaddressofasinglesourcehost

    sourcewildcard operatorport

    (Optional)Specifiesthebitstoignoreinthesourceaddress. (Optional)AppliesaccessrulestoTCPorUDPsourceordestinationport numbers.Possibleoperandis: eqportMatchesonlypacketsonagivenportnumber.

    destination

    Specifiesthenetworkorhosttowhichthepacketwillbesent.Validoptions forexpressingdestinationare: IPaddress(A.B.C.D) anyAnydestinationhost hostsourceIPaddressofasingledestinationhost

    destination wildcard insert|replace entry movedestination source1source2

    (Optional)Specifiesthebitstoignoreinthedestinationaddress. (Optional)Insertsthisnewentrybeforeaspecifiedentryinanexisting ACL,orreplacesaspecifiedentrywiththisnewentry. (Optional)Movesasequenceofaccesslistentriesbeforeanotherentry. Destinationisthenumberoftheexistingentrybeforewhichthisnewentry willbemoved.Source1isasingleentrynumberorthefirstentrynumberin therangetobemoved.Source2(optional)isthelastentrynumberinthe rangetobemoved.Ifsource2isnotspecified,onlythesource1entrywillbe moved.

    Defaults
    Ifinsert,replace,ormovearenotspecified,thenewentrywillbeappendedtotheaccesslist. Ifsource2isnotspecifiedwithmove,onlyoneentrywillbemoved. Ifoperatorandportarenotspecified,accessparameterswillbeappliedtoallTCPorUDPports.
    Enterasys G-Series CLI Reference 20-73

    ip access-group

    Mode
    Globalconfiguration:G3(su)>router(Config)#

    Usage
    Accesslistsareappliedtointerfacesbyusingtheipaccessgroupcommandasdescribedinip accessgrouponpage 2074. ValidaccesslistnumbersforextendedACLsare100to199.ForstandardACLs,validvaluesare1 to99.

    Example
    Thisexampleshowshowtodefineaccesslist101todenyICMPtransmissionsfromanysource andforanydestination:
    G3(su)->router(Config)#access-list 101 deny ICMP any any

    ip access-group
    Usethiscommandtoapplyaccessrestrictionstoinboundframesonaninterfacewhenoperating inroutermode.Thenoformofthiscommandremovesthespecifiedaccesslist.

    Syntax
    ip access-group access-list-number in no ip access-group access-list-number in

    Parameters
    accesslistnumber in Specifiesthenumberoftheaccesslisttobeappliedtotheaccesslist.This isadecimalnumberfrom1to199. Filtersinboundframes.

    Defaults
    None.

    Mode
    Interfaceconfiguration:G3(su)>router(Configif(Vlan<vlan_id>))#

    Usage
    ACLsmustbeappliedperroutinginterface.Anentry(rule)canbeappliedtoinboundframes only.

    Example
    Thisexampleshowshowtoapplyaccesslist1forallinboundframesontheVLAN1interface. Throughthedefinitionofaccesslist1,onlyframeswithasourceaddressonthe192.5.34.0/24 networkwillberouted.AlltheframeswithothersourceaddressesreceivedontheVLAN1 interfacearedropped:
    G3(su)->router(Config)#access-list 1 permit 192.5.34.0 0.0.0.255 G3(su)->router(Config)#interface vlan 1 G3(su)->router(Config-if(Vlan 1))#ip access-group 1 in

    20-74

    Security Configuration

    Index
    Numerics
    802.1D 6-1 802.1p 8-15, 9-1 802.1Q 7-1 802.1s 6-1 802.1w 6-1 802.1x 20-5, 20-17 Configuration clearing switch parameters 2-52 modes for router operation 14-2 Configuration Files copying 2-47 deleting 2-47 displaying 2-45 executing 2-46 show running config 2-47 show running-config 15-6 Contexts (SNMP) 5-3 Copying Configuration or Image Files 2-47 Cost area default 16-21 OSPF 16-14, 16-21 Spanning Tree port 6-37 Interface Configuration Mode 15-3 Interface(s) configuring OSPF parameters 16-10 configuring settings for IP 15-1 loopback, configuring 18-9 RIP passive 16-8 RIP receive 16-8 RIP send 16-4 tunnel, configuring 15-7, 18-9 IP access lists 20-71 to 20-72 address, setting for a routing interface 15-5 routes, adding in router mode 15-19 routes, managing in switch mode 11-15 IPv6 about 18-1 addresses, configuring 18-9 addresses, setting 17-3 configuration defaults 18-2 default router, setting 17-5 displaying information 18-19 gateway, setting 17-5 general configuration commands 18-3 interface configuration commands 18-9 management 17-1 Neighbor Discovery Protocol about 18-1 configuring 18-12 displaying cache 17-6 OSPFv3, configuring 19-1 IRDP 16-34

    A
    Access Groups 20-74 Access Lists 20-71 to 20-72 Addresses MAC, adding entries to routing table 15-5 setting the router ID address 16-11 Advertised Ability 4-14 Alias node 11-31 Area Border Routers (ABRs) 16-20 ARP entries, adding in routing mode 15-12 proxy, enabling 15-13 timeout 15-14 Authentication EAPOL 20-17 MAC 20-19 MD5 16-18 OSPF MD5 16-18 simple password 16-18 Port web 20-57 RADIUS server 20-5, 20-8 SSH 20-69 Auto-negotiation 4-14

    D
    Defaults CLI behavior, described 1-8 factory installed 1-2 DHCP server, configuring 13-1 DVMRP 16-31 Dynamic policy profile assignment 20-2

    E
    EAP pass-through 20-2, 20-13 EAPOL 20-17

    F
    Flow Control 4-18 Forbidden VLAN port 7-13

    G
    Getting help xxxii GVRP enabling and disabling 7-22 purpose of 7-18 timer 7-23

    B
    banner motd 2-20 Baud Rate 2-27 Broadcast settings for IP routing 15-15 suppression, enabling on ports 4-28

    J
    Jumbo Frame Support 4-12

    K
    Keyword Lookups 1-8

    H
    Hardware show system 2-13, 2-21 Hello Packets 16-17 Help keyword lookups 1-8 Host VLAN 7-16

    L
    License key advanced routing 16-1 licenses activating 2-27 license key field descriptions 2-27 Line Editing Commands 1-10 Link Layer Discovery Protocol (LLDP) configuring 3-13 Link State Advertisements displaying 16-25 retransmit interval 16-16 transmit delay 16-16 LLDP configuring 3-13

    C
    CDP Discovery Protocol 3-1 CIDR 16-6 Cisco Discovery Protocol 3-6 Class of Service 8-6, 8-11, 8-15 to 8-21, 9-1 Classification Policies 8-1 Clearing NVRAM 2-52 CLI closing 2-50 scrolling screens 1-9 starting 1-6 Command History Buffer 11-11, 11-12 Command Line Interface. See also CLI

    I
    ICMP 11-13 IGMP 10-1 enabling and disabling 10-2, 10-9 Image File copying 2-47 downloading 2-35 Ingress Filtering 7-6, 7-9

    LLDP-MED configuring 3-13 Lockout set system 2-7 Logging 11-1 Login administratively configured 1-7 default 1-7 setting accounts 2-2 via Telnet 1-7 Loopback interfaces, configuring 18-9

    M
    MAC Addresses displaying 11-18 MAC Authentication 20-19 MAC Locking 20-46 maximum static entries 20-52 static 20-52 Management VLAN 7-1 MD5 Authentication 16-18 motd 2-20 Multicast 16-45 Multicast Filtering 10-1, 10-2 Multiple Spanning Tree Protocol (MSTP) 6-1

    priority 16-14 redistribute 16-24 retransmit interval 16-16 timers 16-15 transmit delay 16-16 virtual links 16-23, 16-29 OSPFv3 about 19-1 area configuration commands 19-9 configuration defaults 19-2 configuring 19-1 displaying information 19-27 global configuration commands 19-3 interface configuration commands 19-20

    Priority to Transmit Queue Mapping 9-4 Prompt in router mode 14-2 set 2-19 Protocol Independant Multicast 16-45 PWA 20-57

    R
    RADIUS 20-3 realm 20-5 RADIUS Filter-ID 20-2 attribute formats 20-3 RADIUS server 20-5, 20-8 Rapid Spanning Tree Protocol (RSTP) 6-1 Redistribute 16-9, 16-24 Related Manuals xxxi Reset 2-52 RFC 3580 20-41 RIP CIDR 16-6 configuration mode, enabling 16-2 configuration tasks 16-1 passive interface 16-8 redistribute 16-9 Router Mode(s) enabling 14-2 Routing Interfaces configuring 15-3 Routing Protocol Configuration DVMRP 16-31 IRDP 16-34 OSPF 16-10 OSPFv3 19-1 RIP 16-1 VRRP 16-38

    P
    Password aging 2-6 history 2-6, 2-7 set new 2-5 setting the login 2-5 PIM-SM 16-45 Ping 11-13, 15-19 Policy Management assigning ports 8-13 classifying to a VLAN or Class of Service 8-6, 8-11 dynamic assignment of profiles 20-2 profiles 8-1, 8-15 Port Mirroring 4-30 Port Priority configuring 9-1 Port String syntax used in the CLI 4-1 Port Trunking 4-33 Port web authentication configuring 20-57 Port(s) alias 4-9 assignment scheme 4-1 auto-negotiation and advertised ability 4-14 broadcast suppression 4-28 counters, reviewing statistics 4-5 duplex mode, setting 4-9 flow control 4-18 link flap about 4-19 configuration defaults 4-22 configuring 4-21 link traps, configuring 4-19 MAC lock 20-49 priority, configuring 9-1 speed, setting 4-9 status, reviewing 4-3 Power over Ethernet (PoE), configuring 2-30 Priority OSPF 16-14 VRRP 16-41

    N
    Name setting for a VLAN 7-5 setting for the system 2-22 Neighbor Discovery Protocol configuring 18-12 Neighbors OSPF 16-28 Network Management addresses and routes 11-15 monitoring switch events and status 11-11 Networks OSPF 16-13 Node Alias 11-31 NSSA Areas 16-22 NVRAM clearing 2-52

    S
    Scrolling Screens 1-9 Secure Shell (SSH) 20-68 enabling 20-69 regenerating new keys 20-69 Security methods, overview of 20-1 Serial Port downloading upgrades via 2-35 show system utilization cpu 2-14 SNMP access rights 5-15 accessing in router mode 5-3 enabling on the switch 5-16 MIB views 5-18 notification parameters 5-28 notify filters 5-28 security models and levels 5-2 statistics 5-3 target addresses 5-25 target parameters 5-22 trap configuration example 5-36 users, groups and communities 5-7

    O
    OSPF Area Border Routers (ABRs) 16-20 areas, defining NSSAs 16-22 areas, defining range 16-20 areas, defining stub 16-21 configuration mode, enabling 16-12 configuration tasks 16-10 cost 16-14, 16-21 hello packet intervals 16-17 information, displaying 16-25 to 16-29 link state advertisements 16-25 neighbors 16-28 networks 16-13

    SNTP 11-25 Spanning Tree 6-1 backup root 6-21 bridge parameters 6-3 features 6-2 port parameters 6-31 Rapid Spanning Tree Protocol (RSTP) 6-1 Split Horizon 16-7 SSL WebView 2-55 Stub Areas 16-21 Syslog 11-1 System Information displaying basic 2-11 setting basic 2-8

    forbidden ports 7-13 host, setting 7-16 ingress filtering 7-6 naming 7-5 RADIUS 20-41 secure management, creating 7-1 VRRP configuration mode, enabling 16-39 creating a session 16-40 enabling on an interface 16-43 priority 16-41 virtual router address 16-40

    W
    WebView 1-2, 2-53 WebView SSL 2-55

    T
    Technical Support xxxii Telnet disconnecting 11-14 enabling in switch mode 2-39 Terminal Settings 2-24 TFTP downloading firmware upgrades via 2-35 Timeout ARP 15-14 CLI, system 2-25 RADIUS 20-5 Timers OSPF 16-15 Traceroute in router mode 15-20 Trap SNMP configuration example 5-36 Tunnel Attributes RFC 3580 RADIUS attributes 20-41 Tunnel interfaces about 15-7 configuring 18-9

    U
    User Accounts default 1-7 setting 2-2

    V
    Version RIP receive 16-5 RIP send 16-4 Version Information 2-21 Virtual Links 16-23, 16-29 VLANs assigning ingress filtering 7-9 assigning port VLAN IDs 7-6 authentication 20-41, 20-45 classifying to 8-6, 8-11 creating static 7-4 dynamic egress 7-16 egress lists 7-11, 20-44 enabling GVRP 7-18

    You might also like