Vs 2024 Command Line Reference

DATACOM SYSTEMS INC

VS-2024-F CLI User Manual

Datacom Systems Inc

Revision Number: 2.2

DATACOM SYSTEMS INC

Copyright © 2012 Datacom Systems Inc . All Rights Reserved. No part of this document may be reproduced, stored in a retrieval system or transmitted, in any form, or by any means, electronic or otherwise, including photocopying, reprinting, or recording, for any purpose, without the express written permission of Datacom Systems Inc.

Printed in ________

TRADEMARKS Datacom Systems Inc LOGO are trademarks of Datacom Systems Inc . inthe U.S. and other countries. The use of any of these trademarks without Datacom Systems Inc. prior written consent is strictly prohibited. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Datacom Systems Inc. disclaims any proprietary interest in the trademarks and trade names other than its own.

DISCLAIMER The information in this book is provided “as is”, with no warranties whatsoever, including any warranty of merchantability, fitness for any particular purpose or any warranty otherwise arising out of any proposal, specification or sample. This document is provided for informational purposes only and should not be construed as a commitment on the part of Datacom Systems Inc. Information in this document is subject to change without notice.

REQUESTS For information or obtaining permission for use of material of this work, please submit a

written request to: Corporate Marketing and Legal, Datacom Systems Inc on wwwdatacomsystems.com

DOCUMENT No.: Datacom Systems Inc v 2.2

DATACOM SYSTEMS INC

CLI USER MANUAL 1 DATACOM SYSTEMS CONFIDENTIAL

Contents

CHAPTER 1: 1. INTRODUCTION _____________________________________________ 111.1 PURPOSE ................................................................................................... 11 1.2 SCOPE ....................................................................................................... 11 1.3 DOCUMENT CONVENTIONS .......................................................................... 11 1.4 KEY CONVENTIONS ..................................................................................... 12 1.4.1 Keyboard shortcuts ................................................................................ 12 1.4.2 Others .................................................................................................... 12

CHAPTER 2: 2. COMMAND LINE INTERFACE __________________________________ 132.1 CLI COMMAND MODES ............................................................................... 14 2.2 USER EXEC MODE .................................................................................... 15 2.3 PRIVILEGED EXEC MODE ........................................................................... 15 2.4 GLOBAL CONFIGURATION MODE .................................................................. 15 2.5 INTERFACE CONFIGURATION MODE ............................................................. 15 2.5.1 Physical Interface Mode ........................................................................ 15 2.5.2 Port Channel Interface Mode ................................................................. 16 2.5.3 VLAN Interface Mode ............................................................................ 16 2.5.4 Tunnel Interface Mode ........................................................................... 16 2.5.5 Out of Band Interface Mode .................................................................. 16 2.6 CONFIG-VLAN MODE ................................................................................. 16 2.7 LINE CONFIGURATION MODE ....................................................................... 16 2.8 BOOT CONFIGURATION ............................................................................... 16 2.9 REDUNDANCY CONFIGURATION ................................................................... 16 2.10 PROTOCOL SPECIFIC MODES ...................................................................... 16 2.10.1 DiffSrv ClassMap Configuration mode .................................................. 16 2.10.2 DiffSrv Policy-Map Configuration Mode ................................................. 17 2.10.3 DiffSrv Policy-Map Class Configuration Mode ....................................... 17 2.10.4 DHCP Pool Configuration Mode ............................................................ 17 2.10.5 ACL Standard Access List Configuration Mode .................................... 17 2.10.6 ACL Extended Access List Configuration Mode .................................... 17 2.10.7 ACL MAC Configuration Mode .............................................................. 18

CHAPTER 3: 3. DIFFSERV (DIFFERENTIATED SERVICES)________________________ 213.1 SET QOS ..................................................................................................... 23 3.2 CLASS-MAP ................................................................................................. 24 3.3 POLICY-MAP ............................................................................................... 25 3.4 MATCH ....................................................................................................... 26 3.5 CLASS ........................................................................................................ 27 3.6 SET COS ..................................................................................................... 28 3.7 SHUTDOWN QOS ......................................................................................... 29 3.8 COSQ SCHEDULING ALGORITHM ................................................................... 30 3.9 TRAFFIC CLASS ........................................................................................... 31 3.10 SHOW POLICY-MAP ...................................................................................... 32 3.11 SHOW CLASS-MAP ....................................................................................... 34 3.12 SHOW COSQ ALGORITHM ............................................................................. 35 3.13 SHOW COSQ WEIGHTS-BW ........................................................................... 36

CHAPTER 4: 4. ACL (ACCESS CONTROL LISTS) _______________________________ 374.1 IP ACCESS-LIST ........................................................................................... 39 4.2 MAC ACCESS-LIST EXTENDED....................................................................... 41 4.3 USER-DEFINED ACCESS-LIST ........................................................................ 42 4.4 USERDEFINED-LIST ..................................................................................... 43

VS-2024-F DATACOM SYSTEMS INC

2 CLI USER MANUAL CONFIDENTIAL

4.5 PERMIT USR-DEFINED-PACKET-TYPE ........................................................... 45 4.6 DENY USR-DEFINED-PACKET-TYPE .............................................................. 48 4.7 PERMIT - STANDARD MODE .......................................................................... 50 4.8 DENY - STANDARD MODE ............................................................................. 52 4.9 PERMIT- IP/OSPF/PIM/PROTOCOL TYPE ......................................................... 53 4.10 PERMIT IPV6 ............................................................................................... 56 4.11 DENY IPV6 .................................................................................................. 58 4.12 DENY - IP/OSPF/PIM/PROTOCOL TYPE ........................................................... 59 4.13 PERMIT TCP ................................................................................................ 61 4.14 DENY TCP ................................................................................................... 64 4.15 PERMIT UDP ................................................................................................ 66 4.16 DENY UDP ................................................................................................... 69 4.17 PERMIT ICMP ............................................................................................... 71 4.18 DENY ICMP ................................................................................................. 75 4.19 IP ACCESS-GROUP ...................................................................................... 78 4.20 MAC ACCESS-GROUP ................................................................................... 79 4.21 USER-DEFINED ACCESS-GROUP ................................................................... 80 4.22 PERMIT ....................................................................................................... 81 4.23 DENY .......................................................................................................... 85 4.24 SHOW ACCESS-LISTS ................................................................................... 88

CHAPTER 5: 5. QOS (QUALITY OF SERVICE) __________________________________ 935.1 SHUTDOWN QOS ......................................................................................... 95 5.2 QOS ........................................................................................................... 96 5.3 PRIORITY-MAP ............................................................................................ 97 5.4 CLASS-MAP ................................................................................................. 98 5.5 METER ....................................................................................................... 99 5.6 POLICY-MAP ............................................................................................. 100 5.7 QUEUE-TYPE ............................................................................................ 101 5.8 SHAPE-TEMPLATE ..................................................................................... 102 5.9 SCHEDULER .............................................................................................. 103 5.10 QUEUE ..................................................................................................... 105 5.11 QUEUE-MAP .............................................................................................. 107 5.12 SCHED-HIERARCHY ................................................................................... 108 5.13 QOS INTERFACE ........................................................................................ 109 5.14 MAP ......................................................................................................... 110 5.15 MATCH ACCESS-GROUP ............................................................................. 112 5.16 SET CLASS ................................................................................................ 113 5.17 METER-TYPE ............................................................................................. 114 5.18 SET POLICY............................................................................................... 116 5.19 SET METER ............................................................................................... 117 5.20 SET ALGO-TYPE ........................................................................................ 120 5.21 RANDOM-DETECT DP ................................................................................. 121 5.22 SHOW QOS GLOBAL INFO ........................................................................... 122 5.23 SHOW PRIORITY-MAP ................................................................................. 123 5.24 SHOW CLASS-MAP ..................................................................................... 124 5.25 SHOW CLASS-TO-PRIORITY-MAP ................................................................. 125 5.26 SHOW METER ............................................................................................ 126 5.27 SHOW POLICY-MAP .................................................................................... 127 5.28 SHOW QUEUE-TEMPLATE ........................................................................... 128 5.29 SHOW SHAPE-TEMPLATE ........................................................................... 129 5.30 SHOW SCHEDULER .................................................................................... 130 5.31 SHOW QUEUE ........................................................................................... 131 5.32 SHOW QUEUE-MAP .................................................................................... 132 5.33 SHOW SCHED-HIERARCHY ......................................................................... 133 5.34 SHOW QOS DEF-USER-PRIORITY ................................................................. 134 5.35 SHOW QOS METER-STATS .......................................................................... 136

DATACOM SYSTEMS INC CONTENTS


5.36 SHOW QOS QUEUE-STATS .......................................................................... 137 CHAPTER 6: 6. TACACS ___________________________________________________ 138

6.1 TACACS-SERVER HOST .............................................................................. 139 6.2 TACACS USE-SERVER ADDRESS ................................................................. 141 6.3 TACACS-SERVER RETRANSMIT ................................................................... 142 6.4 DEBUG TACACS ......................................................................................... 143 6.5 SHOW TACACS .......................................................................................... 144

CHAPTER 7: 7. LA ________________________________________________________ 1467.1 SET PORT-CHANNEL .................................................................................. 148 7.2 CHANNEL-PROTOCOL ................................................................................ 149 7.3 LACP SYSTEM-PRIORITY ............................................................................ 150 7.4 LACP SYSTEM-IDENTIFIER .......................................................................... 151 7.5 PORT-CHANNEL LOAD-BALANCE ................................................................. 152 7.6 LACP PORT-PRIORITY ................................................................................ 154 7.7 LACP PORT-IDENTIFIER .............................................................................. 155 7.8 CHANNEL-GROUP ...................................................................................... 156 7.9 LACP WAIT-TIME ........................................................................................ 157 7.10 LACP TIMEOUT .......................................................................................... 158 7.11 LACP RATE ............................................................................................... 159 7.12 LACP ........................................................................................................ 160 7.13 DEFAULT PORT.......................................................................................... 161 7.14 PORT-CHANNEL MAX-PORTS ...................................................................... 162 7.15 SHUTDOWN PORT-CHANNEL ....................................................................... 163 7.16 DEBUG LACP ............................................................................................. 164 7.17 DEBUG ETHERCHANNEL ............................................................................. 165 7.18 SHOW ETHERCHANNEL .............................................................................. 166 7.19 SHOW ETHERCHANNEL - REDUNDANCY ...................................................... 172 7.20 SHOW INTERFACES ................................................................................... 174 7.21 SHOW LACP .............................................................................................. 177

CHAPTER 8: 8. SYSLOG ___________________________________________________ 1808.1 LOGGING .................................................................................................. 182 8.2 LOGGING SYNCHRONOUS .......................................................................... 184 8.3 MAILSERVER ............................................................................................. 186 8.4 SENDER MAIL-ID ........................................................................................ 187 8.5 RECEIVER MAIL-ID ..................................................................................... 188 8.6 CMDBUFFS ............................................................................................... 189 8.7 SERVICE TIMESTAMPS ............................................................................... 190 8.8 CLEAR LOGS ............................................................................................. 191 8.9 SYSLOG MAIL ............................................................................................ 192 8.10 SYSLOG LOCAL STORAGE .......................................................................... 193 8.11 SYSLOG FILENAME-ONE ............................................................................. 194 8.12 SYSLOG FILENAME-TWO ............................................................................ 195 8.13 SYSLOG FILENAME-THREE ......................................................................... 196 8.14 SYSLOG RELAY - PORT .............................................................................. 197 8.15 SYSLOG PROFILE ...................................................................................... 198 8.16 LOGGING-FILE ........................................................................................... 199 8.17 LOGGING SERVER ..................................................................................... 200 8.18 MAIL SERVER TABLE .................................................................................. 201 8.19 SYSLOG RELAY ......................................................................................... 202 8.20 SYSLOG RELAY TRANSPORT TYPE .............................................................. 203 8.21 SHOW LOGGING ........................................................................................ 204 8.22 SHOW EMAIL ALERTS ................................................................................. 205 8.23 SHOW SYSLOG ROLE ................................................................................. 206 8.24 SHOW SYSLOG MAIL .................................................................................. 208



8.25 SHOW SYSLOG LOCAL STORAGE ................................................................. 209 8.26 SHOW LOGGING FILE ................................................................................. 210 8.27 SHOW LOGGING SERVER............................................................................ 211 8.28 SHOW MAIL SERVER .................................................................................. 212 8.29 SHOW SYSLOG RELAY - PORT ..................................................................... 213 8.30 SHOW SYSLOG PROFILE ............................................................................. 214 8.31 SHOW SYSLOG RELAY TRANSPORT TYPE .................................................... 215 8.32 SHOW SYSLOG FILE-NAME ......................................................................... 216 8.33 SHOW SYSLOG INFORMATION ..................................................................... 217

CHAPTER 9: 9. VLAN _____________________________________________________ 2199.1 SET VLAN .................................................................................................. 223 9.2 VLAN ........................................................................................................ 224 9.3 SET MAC-LEARNING ................................................................................... 225 9.4 SET UNICAST-MAC-LEARNING ..................................................................... 226 9.5 INTERFACE RANGE .................................................................................... 227 9.6 BASE BRIDGE-MODE .................................................................................. 228 9.7 MAC-VLAN ................................................................................................ 229 9.8 SUBNET-VLAN ........................................................................................... 230 9.9 PROTOCOL-VLAN ....................................................................................... 231 9.10 MAP PROTOCOL ........................................................................................ 232 9.11 SET GVRP ................................................................................................. 233 9.12 SET PORT GVRP ........................................................................................ 234 9.13 SET PORT GVRP - ENABLE | DISABLE ........................................................... 235 9.14 SET GMRP ................................................................................................ 236 9.15 SET PORT GMRP ........................................................................................ 237 9.16 VLAN LEARNING MODE ............................................................................... 238 9.17 FID - VLAN RANGE ..................................................................................... 239 9.18 SET VLAN TRAFFIC-CLASSES ...................................................................... 240 9.19 MAC-MAP .................................................................................................. 241 9.20 MAP SUBNET ............................................................................................. 242 9.21 SWITCHPORT FILTERING-UTILITY-CRITERIA ................................................. 243 9.22 MAC-ADDRESS-TABLE STATIC UNICAST ....................................................... 244 9.23 MAC-ADDRESS-TABLE STATIC UNICAST – TRANSPARENT BRIDGING MODE .... 247 9.24 MAC-ADDRESS-TABLE STATIC MULTICAST ................................................... 249 9.25 MAC ADDRESS-TABLE STATIC MCAST .......................................................... 251 9.26 MAC-ADDRESS-TABLE STATIC MULTICAST – TRANSPARENT BRIDGING MODE 252 9.27 MAC-ADDRESS-TABLE AGING-TIME ............................................................. 254 9.28 BRIDGE-MODE- METRO ............................................................................. 255 9.29 L2PROTOCOL-TUNNEL COS ........................................................................ 257 9.30 CLEAR L2PROTOCOL-TUNNEL COUNTERS ................................................... 258 9.31 CLEAR VLAN STATISTICS ............................................................................ 259 9.32 VLAN DEFAULT HYBRID TYPE ...................................................................... 260 9.33 WILDCARD ................................................................................................ 261 9.34 SET UNICAST-MAC LEARNING ..................................................................... 262 9.35 VLAN UNICAST-MAC LEARNING LIMIT ........................................................... 263 9.36 UNICAST-MAC LEARNING LIMIT ................................................................... 264 9.37 PORTS ...................................................................................................... 265 9.38 VLAN ACTIVE ............................................................................................. 267 9.39 FORWARD-ALL .......................................................................................... 268 9.40 FORWARD-UNREGISTERED ........................................................................ 271 9.41 SWITCHPORT PVID ..................................................................................... 272 9.42 SWITCHPORT ACCESS VLAN ....................................................................... 273 9.43 SWITCHPORT ACCEPTABLE-FRAME-TYPE .................................................... 274 9.44 SWITCHPORT INGRESS-FILTER ................................................................... 275 9.45 PORT MAC-VLAN........................................................................................ 276 9.46 PORT SUBNET – VLAN ................................................................................ 277



9.47 PORT PROTOCOL-VLAN .............................................................................. 278 9.48 SWITCHPORT MAP PROTOCOLS-GROUP ...................................................... 279 9.49 SWITCHPORT PRIORITY DEFAULT ................................................................ 280 9.50 SWITCHPORT MODE ................................................................................... 281 9.51 SWITCHPORT MODE DOT1Q-TUNNEL ........................................................... 282 9.52 SET GARP TIMER ....................................................................................... 283 9.53 VLAN RESTRICTED ..................................................................................... 284 9.54 GROUP RESTRICTED .................................................................................. 285 9.55 VLAN MAX-TRAFFIC-CLASS ......................................................................... 286 9.56 VLAN MAP-PRIORITY .................................................................................. 287 9.57 SHUTDOWN GARP ..................................................................................... 288 9.58 SHUTDOWN VLAN ...................................................................................... 289 9.59 DEBUG VLAN ............................................................................................. 290 9.60 DEBUG GARP ............................................................................................ 292 9.61 SHOW VLAN .............................................................................................. 295 9.62 SHOW VLAN DEVICE INFO ........................................................................... 297 9.63 SHOW VLAN DEVICE CAPABILITIES .............................................................. 300 9.64 SHOW FID - DETAIL .................................................................................... 301 9.65 SHOW FORWARD-ALL ................................................................................ 303 9.66 SHOW FORWARD-UNREGISTERED ............................................................... 306 9.67 SHOW VLAN TRAFFIC-CLASSES ................................................................... 308 9.68 SHOW GARP TIMER .................................................................................... 311 9.69 SHOW VLAN PORT CONFIG ......................................................................... 313 9.70 SHOW VLAN PROTOCOLS-GROUP ............................................................... 317 9.71 SHOW PROTOCOL-VLAN ............................................................................. 318 9.72 SHOW MAC-VLAN ....................................................................................... 319 9.73 SHOW SUBNET VLAN MAPPING ................................................................... 320 9.74 SHOW VLAN COUNTERS ............................................................................. 322 9.75 SHOW VLAN STATISTICS ............................................................................. 324 9.76 SHOW MAC-ADDRESS-TABLE ...................................................................... 325 9.77 SHOW DOT1D MAC-ADDRESS-TABLE ........................................................... 327 9.78 SHOW DOT1D MAC-ADDRESS-TABLE STATIC UNICAST .................................. 328 9.79 SHOW DOT1D MAC-ADDRESS-TABLE STATIC MULTICAST .............................. 329 9.80 SHOW MAC-ADDRESS-TABLE COUNT ........................................................... 330 9.81 SHOW MAC-ADDRESS-TABLE STATIC UNICAST ............................................. 332 9.82 SHOW MAC-ADDRESS-TABLE STATIC MULTICAST ......................................... 334 9.83 SHOW MAC-ADDRESS-TABLE DYNAMIC UNICAST .......................................... 336 9.84 SHOW MAC-ADDRESS-TABLE DYNAMIC MULTICAST ...................................... 338 9.85 SHOW MAC-ADDRESS-TABLE AGING-TIME ................................................... 340 9.86 SHOW WILDCARD ...................................................................................... 341

CHAPTER 10: 10. SNMPV3 __________________________________________________ 343 10.1 ENABLE SNMPSUBAGENT ........................................................................... 346 10.2 DISABLE SNMPSUBAGENT .......................................................................... 347 10.3 SHOW SNMP AGENTX INFORMATION ............................................................ 348 10.4 SHOW SNMP AGENTX STATISTICS ............................................................... 349 10.5 ENABLE SNMPAGENT ................................................................................. 350 10.6 DISABLE SNMPAGENT ................................................................................ 351 10.7 SNMP COMMUNITY INDEX ........................................................................... 352 10.8 SNMP GROUP ............................................................................................ 354 10.9 SNMP ACCESS .......................................................................................... 355 10.10 SNMP ENGINEID ........................................................................................ 357 10.11 SNMP PROXY NAME ................................................................................... 358 10.12 SNMP MIBPROXY NAME .............................................................................. 360 10.13 SNMP VIEW ............................................................................................... 362 10.14 SNMP TARGETADDR .................................................................................. 364 10.15 SNMP TARGETPARAMS .............................................................................. 366



10.16 SNMP USER .............................................................................................. 368 10.17 SNMP NOTIFY ............................................................................................ 370 10.18 SNMP FILTERPROFILE ................................................................................ 372 10.19 SNMP-SERVER ENABLE TRAPS SNMP AUTHENTICATION ................................ 373 10.20 SNMP-SERVER TRAP UDP-PORT ................................................................. 374 10.21 SNMP-SERVER TRAP PROXY-UDP-PORT ...................................................... 375 10.22 SNMP AGENT PORT .................................................................................... 376 10.23 SNMP TCP ENABLE .................................................................................... 377 10.24 SNMP TRAP TCP ENABLE ............................................................................ 378 10.25 SNMP-SERVER TCP-PORT .......................................................................... 379 10.26 SNMP-SERVER TRAP TCP-PORT .................................................................. 380 10.27 SNMP-SERVER ENABLE TRAPS ................................................................... 381 10.28 SHOW SNMP ............................................................................................. 382 10.29 SHOW SNMP COMMUNITY ........................................................................... 383 10.30 SHOW SNMP GROUP .................................................................................. 384 10.31 SHOW SNMP GROUP ACCESS ..................................................................... 386 10.32 SHOW SNMP ENGINEID .............................................................................. 387 10.33 SHOW SNMP PROXY .................................................................................. 388 10.34 SHOW SNMP MIBPROXY ............................................................................. 389 10.35 SHOW SNMP VIEWTREE ............................................................................. 391 10.36 SHOW SNMP TARGETADDR ......................................................................... 392 10.37 SHOW SNMP TARGETPARAM....................................................................... 393 10.38 SHOW SNMP USER ..................................................................................... 394 10.39 SHOW SNMP NOTIF .................................................................................... 395 10.40 SHOW SNMP INFORM STATISTICS ................................................................ 397 10.41 SHOW SNMP-SERVER TRAPS ...................................................................... 398 10.42 SHOW SNMP-SERVER PROXY-UDP-PORT ..................................................... 399 10.43 SHOW SNMP TCP ....................................................................................... 400 10.44 SHOW SNMP FILTER TABLE ......................................................................... 401

CHAPTER 11: 11. SNTP ____________________________________________________ 402 11.1 SNTP ........................................................................................................ 404 11.2 SET SNTP CLIENT ...................................................................................... 405 11.3 SET SNTP CLIENT VERSION ........................................................................ 406 11.4 SET SNTP CLIENT ADDRESSING MODE ......................................................... 407 11.5 SET SNTP CLIENT PORT ............................................................................. 408 11.6 SET SNTP CLIENT CLOCK-FORMAT .............................................................. 409 11.7 SET SNTP TIME ZONE ................................................................................. 410 11.8 SET SNTP CLIENT CLOCK-SUMMER-TIME ..................................................... 411 11.9 SET SNTP CLIENT AUTHENTICATION-KEY ..................................................... 412 11.10 SET SNTP UNICAST-SERVER AUTO-DISCOVERY ............................................ 413 11.11 SET SNTP UNICAST-POLL-INTERVAL ............................................................ 414 11.12 SET SNTP UNICAST-MAX-POLL-TIMEOUT ...................................................... 415 11.13 SET SNTP UNICAST-MAX-POLL-RETRY ......................................................... 416 11.14 SET SNTP UNICAST-SERVER ....................................................................... 417 11.15 SET SNTP BROADCAST-MODE SEND-REQUEST ............................................. 418 11.16 SET SNTP BROADCAST-POLL-TIMEOUT ........................................................ 419 11.17 SET SNTP BROADCAST-DELAY-TIME ............................................................ 420 11.18 SET SNTP MULTICAST-MODE SEND-REQUEST .............................................. 421 11.19 SET SNTP MULTICAST-POLL-TIMEOUT ......................................................... 422 11.20 SET SNTP MULTICAST-DELAY-TIME ............................................................. 423 11.21 SET SNTP MULTICAST-GROUP-ADDRESS ..................................................... 424 11.22 SET SNTP ANYCAST-POLL-INTERVAL ........................................................... 425 11.23 SET SNTP ANYCAST-POLL-TIMEOUT ............................................................ 426 11.24 SET SNTP ANYCAST-POLL-RETRY-COUNT .................................................... 427 11.25 SET SNTP ANYCAST-SERVER ...................................................................... 428 11.26 SHOW SNTP CLOCK ................................................................................... 429



11.27 SHOW SNTP STATUS .................................................................................. 430 11.28 SHOW SNTP UNICAST–MODE STATUS .......................................................... 431 11.29 SHOW SNTP BROADCAST–MODE STATUS .................................................... 432 11.30 SHOW SNTP MULTICAST–MODE STATUS ...................................................... 433 11.31 SHOW SNTP ANYCAST–MODE STATUS ......................................................... 434 11.32 DEBUG SNTP ............................................................................................. 435

CHAPTER 12: 12. RMON ____________________________________________________ 437 12.1 SET RMON ................................................................................................ 438 12.2 RMON COLLECTION HISTORY ...................................................................... 439 12.3 RMON COLLECTION STATS ......................................................................... 440 12.4 RMON EVENT ............................................................................................ 441 12.5 RMON ALARM ............................................................................................ 442 12.6 SHOW RMON ............................................................................................. 444

DATACOM SYSTEMS INC


Figures

Figure 2-1: Command Modes Access Path ................................................................................................. 19

.


Chapter

1 1.Introduction

1.1 Purpose Datacom Systems Inc is a pre-integrated OEM ready software for managed Layer2/Layer 3 switches, which performs switching between Ethernet ports at wire speed. Datacom Systems Inc provides the basic bridging functionality and also offers advanced features such as link aggregation, GVRP/GMRP, IGMP Snooping and Network Access Control.

This document describes in detail the CLI commands that are specific to xCAT target. It is intended to be a reference manual for users and system administrators who will configure Datacom Systems Inc through the CLI interface.

1.2 Scope The scope of this document is limited to Datacom Systems Inc release 5.0.0.0. This document details all the Marvell xCAT based CLI commands provided by the Datacom Systems Inc software.

1.3 Document Conventions The syntax of the CLI command is given in Courier New 10 bold.

Elements in (< >) indicate the field required as input along with a CLI command, for example, <integer (100-1000)>.

Elements in square brackets ([]) indicate optional fields for a command.

Text in {} refers to ‘either-or group’ for the tokens given inside separated by a | symbol.

The CLI command usage is given in Courier New 10 regular.

Outputs and messages for CLI commands are given in Courier New 10 regular.


12 ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT. CONFIDENTIAL

The no form of the command resets a particular configuration to its default value or revokes the effect. This is explicitly explained in the description of the commands for which it is applicable.

Any action that can change the switch configuration, any conditionals and requirements for a command and any information associated with significant details and functionality of command is

listed using the symbol.

Datacom Systems Inc is available in three different packages, namely, Workgroup, Enterprise and Metro1. The parameters specific for a particular package are indicated along with the description of the parameter itself.

1.4 Key Conventions

1.4.1 Keyboard shortcuts

Up Arrow /

Down Arrow

Displays the previously executed command

Ctrl + C Exits from the ISS prompt

Backspace

/ Ctrl + H

Removes a single character

TAB Completes a command without typing the full word

Left Arrow /

Right Arrow

Traverses the current line

1.4.2 Others ? - helps to list the available commands

'q' - exits the output display if display is more than one page and returns to the ISS prompt

"show history" - displays the command history list

1 Refer ISS Product Specification Document for a detailed description of the package.


Chapter

2 2.Command Line Interface

This section describes the configuration of Datacom Systems Inc using the Command Line Interface.

The Command Line Interface (CLI) can be used to configure the Intelligent Switch Solution from a console attached to the serial port of the switch or from a remote terminal using TELNET.

The Datacom Systems Inc CLI supports a simple login authentication mechanism. The authentication is based on a user name and password provided by the user during login. The user "root" is created by default with password "admin123".

When Datacom Systems Inc is started, the user name and password has to be given at the login prompt to access the CLI shell:

Datacom Systems Inc. Intelligent Switch Solution

ISS Login: guest

Password: ********

iss#

The "user-exec" mode is now available to the user. CLI Command Modes provide a detailed description of the various modes available for ISS.

When Datacom Systems Inc. ISS-Chassis is started, the user name and password has to be given at the login prompt to access the CLI shell:

IDatacom Systems Inc. Intelligent Switch Solution

ISS Login: chassisuser

Password: ********

iss-boot>



The Boot Configuration mode is now available to the user.

The command prompt always displays the current mode.

CLI commands need not be fully typed. The abbreviated forms of CLI commands are alsoaccepted by the Datacom Systems Inc CLI. For example, commands like " show ip global config" can be typed as "sh ip gl co".

CLI commands are case insensitive.

CLI commands will be successful only if the dependencies are satisfied for a particularcommand that is issued. Appropriate error messages will be displayed, if the dependencies are not satisfied

Note: The ethernet type of an interface is determined during System Startup. While configuring interface-specific parameters, its ethernet type needs to be specified correctly. A fast ethernet interface cannot be configured as a gigabit-ethernet interface and vice-versa.

2.1 CLI Command Modes Command Mode Access Method Prompt Exit method

User EXEC This is the initial mode to start a session.

iss> The logout method is used.

Privileged EXEC The User EXEC mode command enable, is used to enter the Privileged EXEC mode.

iss# To return from the Privileged EXEC mode to User EXEC mode the disable command is used.

Global Configuration The Privileged EXEC mode command configure terminal, is used to enter the Global Configuration mode

iss(config)# To exit to the Global Configuration mode the exit command is used and to exit to the Privileged EXEC mode the end command is used.

Interface Configuration The Global Configuration mode command interface <interface-type><interface-id> is used to enter the Interface configuration mode.

iss(config-if)#

To exit to the Global Configuration mode the exit command is used and to exit to the Privileged EXEC mode the end command is used.

Config-VLAN The globalconfiguration mode command vlan vlan-id, is used to enter the Config-VLAN mode.

iss(config-vlan)#

To exit to the Global Configuration mode the exit command is used and to exit to the Privileged EXEC mode the end

DATACOM SYSTEMS INC CHAPTER 2: COMMAND LINE INTERFACE


Command Mode Access Method Prompt Exit method

command is used.

Line Configuration The global configuration mode command line, is used to enter the Line Configuration mode.

iss(config-line)#

To exit to the Global Configuration mode the exit command is used and to exit to the Privileged EXEC mode the end command is used.

Redundancy Configuration

The global configuration mode command redundancy, is used to enter the Redundancy Configuration mode.

iss(config-r)#

To exit to the Global Configuration mode the exit command is used.

Boot Configuration This is the initial mode to start an ISS-Chassis session.

iss-boot> The reload command is used to restart the switch.

2.2 User EXEC Mode After logging into the device, the user is automatically in the User EXEC mode. In general, the User EXEC commands are used to temporarily change terminal settings, perform basic tests and list system information.

2.3 Privileged EXEC Mode Since many of the privileged commands set operating parameters, privileged access is password protected to prevent unauthorized use. The password is not displayed on the screen and is case sensitive. The Privileged EXEC mode prompt is the device name followed by the pound (#) sign.

2.4 Global Configuration Mode Global Configuration commands apply to features that affect the system as a whole, to any specific interface.

2.5 Interface Configuration Mode The following are the different modes present under the Interface Configuration mode.

2.5.1 Physical Interface Mode The Physical Interface mode is used to perform interface specific operations. To return to the global configuration mode the exit command is used.



2.5.2 Port Channel Interface Mode The Port Channel Interface mode is used to perform port-channel specific operations.

To return to the global configuration mode the exit command is used.

2.5.3 VLAN Interface Mode The VLAN Interface mode is used to perform L3-IPVLAN specific operations. To return to the global configuration mode the exit command is used.

2.5.4 Tunnel Interface Mode The Tunnel Interface mode is used to perform Tunnel specific operations. To return to the global configuration mode the exit command is used.

2.5.5 Out of Band Interface Mode The Out of Band Interface mode is used to perform OOB interface specific operations. To return to the global configuration mode the exit command is used.

2.6 Config-VLAN Mode This mode is used to perform VLAN specific operations. To return to the global configuration mode the exit command is used.

2.7 Line Configuration Mode Line configuration commands modify the operations of a terminal line.

2.8 Boot Configuration This mode is used to generate the Slot information (module type). The reload command is used to restart the switch.

2.9 Redundancy Configuration This mode is used to modify the redundancy parameters. To return to the global configuration mode the exit command is used.

2.10 Protocol Specific Modes The following are the different Protocol specific modes.

2.10.1 DiffSrv ClassMap Configuration mode The class-map global configuration command creates a class map to be used for matching the packets to the class whose index is specified and to enter the class-map configuration mode The Global



configuration mode command class-map <short(1-65535)> is used to enter the DiffSrv ClassMap Configuration mode and. the prompt seen at this mode is iss(config-cmap)#.


2.10.2 DiffSrv Policy-Map Configuration Mode In the Policy-Map Configuration mode the user can create or modify a policy map.

The Global configuration mode command policy-map <short(1-65535)> is used to enter the DiffSrv PolicyMap Configuration mode and the prompt seen at this mode is iss(config-pmap)#.


2.10.3 DiffSrv Policy-Map Class Configuration Mode The Policy-Map Class Configuration command defines a traffic classification for the policy to act on. The class-map-num that is specified in the policy map ties the characteristics for that class and its match criteria as configured by using the class-map global configuration command to the class map. Once the class command is entered, the switch enters policy-map class configuration mode.

The DiffSrv Policy mode command policy-map <short(1-65535)> is used to enter the DiffSrv Policy-Map Class Configuration mode and. the prompt seen at this mode is iss(config-pmap-c)#.


2.10.4 DHCP Pool Configuration Mode This mode is used to configure the network pool / host configurations of a subnet pool.

The Global configuration mode command ip dhcp pool <integer(1-2147483647)> creates a DHCP server address pool and places the user in DHCP pool configuration mode. The prompt seen at this mode is iss(dhcp-config)#.


2.10.5 ACL Standard Access List Configuration Mode Standard access lists create filters based on IP address and network mask only (L3 filters only).

The Global configuration mode command ip access-list standard <(1-1000) creates IP ACLs and is used to enter the ACL Standard Access List Configuration mode. The prompt seen at this mode is iss(config-std-nacl)#.


2.10.6 ACL Extended Access List Configuration Mode The Extended Access lists enables to specify filters based on the type of protocol, range of TCP/UDP ports as well as IP address and network mask (Layer 4 filters).

The Global configuration mode command ip access-list extended <(1001-65535)> is used to enter the ACL Extended Access List Configuration mode and the prompt seen at this mode is iss(config-ext-nacl)#.




2.10.7 ACL MAC Configuration Mode The MAC access-list global configuration command creates Layer 2 MAC ACLs, and returns the MAC-Access list configuration mode to the user.

The Global configuration mode command mac access-list extended <(1-65535)> is used to enter the ACL MAC Configuration mode and the prompt seen at this mode is iss(config-ext-macl)#.




Figure 2-1: Command Modes Access Path

Password

General Configuration Modes Protocol Specific Modes

User EXEC Mode

Prompt: iss> enable

Privileged Mode

Prompt: iss#

Global Configuration Mode

Prompt: iss(config)#

Line Configuration

Prompt:: iss (config-line)#

DiffSrv Policy-Map Configuration

Prompt: iss(config-pmap)#

DiffSrv Policy-Map Class Configuration Mode

Prompt: iss(config-pmap-c)#

DiffSrv ClassMap Configuration

Prompt: iss(config-cmap)#

DHCP Pool Configuration

Prompt: iss(dhcp-config)#

ACL Standard Access List Configuration

Prompt: iss(config-std-nacl)#

ACL Extended Access List Configuration

Prompt: iss(config-ext-nacl)#

ACL MAC Configuration Prompt: iss(config-ext-macl)#

Interface Configuration Mode

Prompt: iss (config-if)#

Config-VLAN

Prompt: iss(config-vlan)#

Redundancy Configuration

Prompt: iss(config-r)#


Chapter

3 3.DiffServ (Differentiated Services)

DiffServ (Differentiated Services) is an architecture for providing different types or levels of service for network traffic. One key characteristic of Diffserv is that flows are aggregated in the network, so that core routers only need to distinguish a comparably small number of aggregated flows, even if those flows contain thousands or millions of individual flows.

Differentiated services are intended to provide a framework and building blocks to enable deployment of scalable service discrimination in the Internet. The differentiated services approach aims to speed deployment by separating the architecture into two major components, one of which is fairly well-understood and the other of which is just beginning to be understood. In this, we are guided by the original design of the Internet where the decision was made to separate the forwarding and routing components. Packet forwarding is the relatively simple task that needs to be performed on a per-packet basis as quickly as possible. Forwarding uses the packet header to find an entry in a routing table that determines the packet's output interface. Routing sets the entries in that table and may need to reflect a range of transit and other policies as well as to keep track of route failures. Routing tables are maintained as a background process to the forwarding task.

The list of CLI commands for the configuration of DiffServ is as follows:

set qos

class-map

policy-map

match

class

set cos

shutdown qos

cosq scheduling algorithm

traffic class



show policy-map

show class-map

show cosq algorithm

show cosq weights-bw

DATACOM SYSTEMS INC CHAPTER 3: DIFFSERV (DIFFERENTIATED SERVICES)


3.1 set qos This command enables differentiated services on the device. The disable option is used to disable the QoS feature on the device.

set qos { enable | disable }

Syntax Description

enable

- Enables differentiated services

disable

- Disables differentiated services

Mode Global Configuration Mode

Package Workgroup, Enterprise and Metro

Defaults disable

Example iss(config)# set qos enable

QoS must be globally enabled prior to the execution of the class-map and policy-map mode commands.

When set as 'enabled', DiffServ Module programs the hardware and starts Protocol Operation.

When set as 'disabled', it stops protocol operation by deleting the hardware configuration.

Related Commands

show policy-map - Displays the quality of service (QoS) policy maps

show class-map - Displays quality of service (QoS) class maps



3.2 class-map This command creates a class map that is meant to be used for matching the packets to the class whose index is specified. This command is also used to enter the class-map configuration mode. The no form of this command is used to delete an existing class map and to return to global configuration mode.

class-map <class-map-number(1-65535)>

no class-map <class-map-number(1-65535)>

Syntax Description

class-map-number - QoS class map number



Example iss(config)# class-map 5

Differentiated services must have been enabled in the device.

The class-map command and its subcommands are used to define packetclassification, marking, and aggregate policing as part of a globally namedservice policy applied on a per-interface basis.

The match command is available from the class-map configuration mode.

Related Command




3.3 policy-map This command is used to enter the policy-map configuration mode. In the policy-map configuration mode the user can create or modify a policy map. The no form of this command deletes an existing policy map and returns to the global configuration mode.

policy-map <policy-map-number(1-65535)>

no policy-map <policy-map-number(1-65535)>

Syntax Description

policy-map-number - QoS Policy map number



Example iss(config)# policy-map 6


The following two commands are available from the policy-map configuration mode:

- class

- exit - Exits from the policy map configuration mode and returns to the global configuration mode.

Related Command

show policy-map - Displays quality of service (QoS) policy maps



3.4 match This command specifies the fields in the incoming packets that are to be examined for the classification of the packets. The IP access group / MAC access group can be used as match criteria.

match access-group { mac-access-list | ip-access-list } <acl-index-num (1-65535) >

Syntax Description

mac-access-list

- Access list created based on MAC addresses for non-IP traffic

ip-access-list

- Access list created based on IP addresses. The IP-access list can either be defined as a standard IP-access list or an extended IP-access list.

acl-index-num

- Specifies the ACL index range. The ACL index range for an IP standard ACL is 1 to 1000 and IP extended ACL is 1001 to 65535.

The ACL index range for a MAC extended ACL is 1 to 65535.

Mode Class Map Configuration Mode


Example iss (config-cmap)# match access-group mac-access-list 5


MAC access list and IP access list must have been configured.

Related Commands

class-map - Creates a class map to be used for matching the packets with the class whose name/index is specified

show class-map - Displays QoS Class maps



3.5 class This command defines a traffic classification for the policy to act. The class-map-number that is specified in the policy map ties the characteristics for that class to the class map and its match criteria, as configured by using the class-map global configuration command. On execution of the class command, the switch enters the policy-map class configuration mode.

The no form of this command un-maps the class-map from the current policy-map configuration.

class <class-map-number(1-65535)>

no class <class-map-number(1-65535)>

Syntax Description

class-map-number

- Class Map Number

Mode Policy-Map Configuration Mode


Example iss (config-pmap)# class 5


The policy-map global configuration command must be executed prior to using the class command. After a policy map is specified, the user can either configure a policy for new classes or modify a policy for any existing classes in that policy map.

The following configuration commands are available from the policy map class configuration mode:

- set cos

Related Commands

policy-map - Enters the policy map configuration mode

show policy-map - Displays the QoS policy maps



3.6 set cos This command defines the in-profile action by setting a class of service (CoS), Differentiated Services Code Point (DSCP), or IP-precedence value in the packet.

The no form of the command deletes the configured values.

set {cos <new-cos(0-7)> | ip dscp <new-dscp(0-63)> | ip precedence <new-precedence(0-7)>}

no set {cos <new-cos(0-7)> | ip { dscp <new-dscp(0-63)> | precedence <new-precedence(0-7)>}}

Syntax Description

cos - New COS value assigned to the classified traffic

ip dscp - New DSCP value assigned to the classified traffic

ip precedence - New IP-precedence value assigned to the classified traffic

Mode Policy-Map Class Configuration Mode


Example iss (config-pmap-c)# set cos 5

To attach policy maps that contain the following elements to an ingress interface

- set policy-map class configuration commands must be used. Moreover, the police policy-map class configuration command can be used to mark down (reduce) the DSCP value at the ingress interface.

- Access control list (ACL) classification.

- Per-port per-VLAN classification.

Related Commands

class- Defines a traffic classification for the policy set

policy-map - Used to enter the policy map configuration mode

class-map - Creates a class map

show policy-map - Displays the QoS policy map configuration



3.7 shutdown qos This command shuts down the Quality-of-Service operation. The no form of the command starts and enables the Quality-of-Service operation.

shutdown qos

no shutdown qos



Defaults QoS is started and enabled by default

Example iss(config)# shutdown qos

When shutdown, all the pools used by DiffServ module will be released to the system.

When started, the resources required by DiffServ module are allocated and the module starts running.

Related Commands

show policy-map - Displays the quality of service (QoS) policy maps




3.8 cosq scheduling algorithm This command sets cosq scheduling algorithm.

cosq scheduling algorithm { strict | rr | wrr | wfq | strict-rr | strict-wrr | strict-wfq | deficit }

Syntax Description

strict - strict

rr - round robin

wrr - weighted round robin

wfq - weighted fair queing

strict-rr - strict - round robin

strict-wrr - strict - weighted round robin

strict-wfq - strict - weighted fair queing

deficit - deficit

Mode Interface Configuration mode


Example iss(config-if)# cosq scheduling algorithm strict

Related Commands

show cosq algorithm - Displays the CoSq algorithm used for the interface.

show cosq weights-bw - Displays the CoSq weights and the bandwidth for the interface.



3.9 traffic class This command sets weight and bandwidth for traffic classes.

traffic-class <integer(0-7)> weight <integer(0-15)> [ minbandwidth <integer(1-262143)>]

Syntax Description

traffic-class - Configures cosq numbers

weight - Configures cosq weights

minbandwidth - Configures minimum bandwidth

Mode Interface Configuration mode


Defaults weight - 1

Example iss(config-if)# traffic-class 1 weight 7 minbandwidth 1234

Related Commands

show cosq algorithm - Displays the CoSq algorithm used for the interface.

show cosq weights-bw - Ddisplays the CoSq weights and the bandwidth for the interface.



3.10 show policy-map This command displays the quality of service (QoS) policy maps, which defines the classification criteria for the incoming traffic. Policy maps can include policers that specify the bandwidth limitations and the action to take if the limits are exceeded.

show policy-map [<policy-map-num(1-65535)> [class <class-map-num(1-65535)>]]

Syntax Description

policy-map-num

- Policy map number

class

- Class map number

Mode Privileged/User EXEC Mode


Example iss# show policy-map 24

DiffServ Configurations:

------------------------

Quality of Service has been enabled

Policy Map 24 is not active

Class Map: 20

----------------

Protocol : 255

In Profile Entry

----------------

In profile action : policed-precedence 5

Out Profile Entry

-----------------

Metering on

burst bytes/token size : 6

Refresh count : 1000

Out profile action : drop

No Match Entry

--------------

No match action : policed-precedence 5

Related Commands

policy-map - Used to enter the policy map configuration mode



class - Defines a traffic classification for the policy to act

set cos - Defines the in-profile action by setting a CoS, DSCP or IP-precedence value in the packet



3.11 show class-map This command displays quality of service (QoS) class maps, which defines the match criteria to classify traffic.

show class-map [<class-map-num(1-65535)>]

Syntax Description

class-map-num

- Displays the configured class map number



Example iss# show class-map DiffServ Configurations:

------------------------

Class map 20

--------------

Filter-ID : 3

Filter-Type : IP-Filter

Related Commands

class-map - Creates a class map that is meant to be used for matching the packets to the class whose index is specified

match - Specifies the fields in the incoming packets that are to be examined for the classification of the packets



3.12 show cosq algorithm This command displays the CoSq algorithm used for the interface.

show cosq algorithm [ interface <interface-type> <interface-id> ]

Syntax Description

interface-type - Interface Type

interface-id - Interface ID



Example iss(config)# show cosq algorithm interface gigabitethernet 0/1

CoSq Algorithm

------------------------

Interface Algorithm

----------- ---------------

Gi0/1 StrictPriority

....... .......................

--------------------------



3.13 show cosq weights-bw This command displays the CoSq weights and the bandwidth for the interface.

show cosq weights-bw [ interface <interface-type> <interface-id> ]

Syntax Description

interface-type

- Interface Type

interface-id - Interface ID



Example iss(config)# show cosq weights-bw interface gigabitethernet 0/1 CoSq Weights and Bandwidths

----------------------------------------------

Interface CoSqId CoSqWeight MinBw MaxBw Flag

--------- ------ --------- ------ ---- -----

Gi0/1 0 1 0 0 2

Gi0/1 1 1 0 0 2

Gi0/1 2 1 0 0 2

Gi0/1 3 1 0 0 2

Gi0/1 4 1 0 0 2

Gi0/1 5 1 0 0 2

Gi0/1 6 1 0 0 2

Gi0/1 7 1 0 0 2

..... ... .. ... ... ...

---------------------------------------------------


Chapter

4 4.ACL (Access Control Lists)

ACLs (Access Control Lists) filter network traffic by controlling whether routed packets are forwarded or blocked at the router's interfaces. ACLs are used to block IP packets from being forwarded by a router. The router examines each packet to determine whether to forward or drop the packet, based on the criteria specified within the access lists.

Access list criteria can be the source address of the traffic, the destination address of the traffic, the upper-layer protocol or other information.

There are many reasons to configure access lists - access lists can be used to restrict contents of routing updates or to provide traffic flow control. But one of the most important reasons to configure access lists is to provide security for the network.

Access lists must be used to provide a basic level of security for accessing the network. If access lists has not been configured on the router, all packets passing through the router can be allowed onto all parts of the network.

For example, access lists can allow one host to access a part of the network and prevent another host from accessing the same area.

The list of CLI commands for the configuration of ACL is as follows:

ip access-list

mac access-list extended

user-defined access-list

userdefined-list

permit usr-defined-packet-type

deny usr-defined-packet-type

permit - standard mode

deny - standard mode



permit- ip/ospf/pim/protocol type

permit ipv6

deny ipv6

deny - ip/ospf/pim/protocol type

permit tcp

deny tcp

permit udp

deny udp

permit icmp

deny icmp

ip access-group

mac access-group

user-defined access-group

permit

deny

show access-lists

DATACOM SYSTEMS INC CHAPTER 4: ACL (ACCESS CONTROL LISTS)


4.1 ip access-list This command creates IP ACLs and enters the IP Access-list configuration mode. Standard access lists create filters based on IP address and network mask only (L3 filters only ). Extended access lists enables specification of filters based on the type of protocol, range of TCP/UDP ports as well as the IP address and network mask (Layer 4 filters).

Depending on the standard or extended option chosen by the user, this command returns a corresponding IP Access list configuration mode.

The no form of the command deletes the IP access-list.

ip access-list {standard <access-list-number (1-1000)> | extended <access-list-number (1001-65535)> }

no ip access-list {standard <access-list-number (1-1000)> | extended <access-list-number (1001-65535)> }

Syntax Description

standard

- Standard access-list number

extended

- Extended access-list number



Example iss(config)# ip access-list standard 1

ACLs on the system perform both access control and Layer 3 field classification. To define Layer 3 fields’ access-lists the ip access-list command must be used.

Related Commands

permit - standard mode - Specifies the packets to be forwarded depending upon the associated parameters

deny - standard mode - Denies traffic if the conditions defined in the deny statement are matched

permit- ip/ospf/pim/protocol type - Allows traffic for a particular protocol packet if the conditions defined in the permit statement are matched

deny - ip/ospf/pim/protocol type- Denies traffic for a particular protocol packet if the conditions defined in the deny statement are matched

permit tcp - Specifies the TCP packets to be forwarded based on the associated parameters

deny tcp - Specifies the TCP packets to be rejected based on the associated parameters

permit udp - Specifies the UDP packets to be forwarded based on the associated parameters

deny udp - Specifies the UDP packets to be rejected based on the associated parameters



permit icmp - Specifies the ICMP packets to be forwarded based on the IP address and the associated parameters

deny icmp - Specifies the ICMP packets to be rejected based on the IP address and associated parameters

ip access-group - Enables access control for the packets on the interface

show access-lists - Displays the access list configuration



4.2 mac access-list extended This command creates Layer 2 MAC ACLs, that is, this command creates a MAC access-list and returns the MAC-Access list configuration mode to the user. The no form of the command deletes the MAC access-list.

mac access-list extended <access-list-number (1-65535)>

no mac access-list extended <short (1-65535)>

Syntax Description

access-list-number

- Access list number



Example iss(config)# mac access-list extended 5

ACLs on the system perform both access control and layer 2 field classification. To define Layer 2 access lists, the mac access-list command must be used.

Related Commands


permit - Specifies the packets to be forwarded based on the MAC address and the associated parameters

deny - Specifies the packets to be rejected based on the MAC address and the associated parameters

mac access-group - Applies a MAC access control list (ACL) to a Layer 2 interface.



4.3 user-defined access-list This command creates a user defined access-list. The no form of the command deletes the user defined access-list. The value ranges between 1 to 65535.

user-defined access-list <access-list-number (1-65535)>

no user-defined access-list <short (1-65535)>



Example iss(config)# user-defined access-list 5

ACLs on the system perform both access control and layer 2 field classification based on user defined bytes in the packets.

Related Commands

permit usr-defined-packet-type - Permits Packet Based on User Defined Packet type




userdefined-list- Creates a user defined access list by applying AND, OR, NOT operation ( regular expressions) on existing ACL rules or specifying match on user-defined packet offsets.

user-defined access-group - Applies a user defined access list (ACL) to an interface.

Usage of Regular Expressions AND, OR , NOT

AND - Apply AND operation on base filter rules identified uniquely as ACL1, ACL2. This operation merges the match qualifiers of two ACL rules ACL1, ACL2 to derive a new ACL Rule ACL3

OR - Apply OR operation on base filter rules identified uniquely as ACL1 and ACL2. This operation results in applying the filter action { permit/deny/redirect } corresponding to ACL Rule 1 on ACL Rule2.

NOT – Apply NOT operation on base filter rule ( ACL 1) and derive new ACL Rule. If the action corresponding to ACL 1 is permit, then after applying NOT operation, new rule will have filter action deny. The filter actions on which NOT operation can be applied are – permit, deny. This operation is not applicable for other filter actions.



4.4 userdefined-list This command creates a user defined access list after application of regular expressions AND, OR, NOT on existing ACL rules

userdefined-list {{ ip-acl1-and-ip-acl2| ip-acl1-or-ip-acl2 | mac-acl1-and-mac-acl2 | mac-acl1-and-ip-acl2 | mac-acl1-or-mac-acl2 | ip-acl1-or-mac-acl2 } <short(1-65535)> <short(1-65535)> | { not-ip-acl1 | not-mac-acl1 } <short(1-65535)>}

Syntax Description

ip-acl1-and-ip-acl2 - Performs AND operation on two Layer 3 ACL Rules ( acl1 , acl2). And create a new layer 3 ACL rule that is represented by this user defined access-list..The filter action corresponding to the new ACL rule is identical to the base rules.

ip-acl1-or-ip-acl2 - Performs OR operation on two layer 3 ACL Rules. This operation results in applying the action of ACL Rule 1 on ACL Rule 2

mac-acl1-and-mac-acl2 - Performs AND operation on two layer 2 ACL Rules and create a new layer 2 ACL rule that is represented by this user defined access-list. The filter action corresponding to the new ACL rule is identical to the base rules.

mac-acl1-and-ip-acl2 - Performs AND operation on two ACL rules - acl1 ( layer 2 ACL Rule) and acl2 ( Layer 3 ACL rule) and create an new ACL Rule represented by this user defined access-list. The filter action corresponding to the new ACL rule is identical to the base rules.

mac-acl1-or-mac-acl2 - Performs OR operation on two Layer 2 ACL Rules and results in application of filter-action of ACL1 on ACL2

ip-acl1-or-mac-acl2 - Performs OR operation on Layer 3 ACL Rule (ACL1) using Layer 2 ACL rule ( ACL2) and results in application of filter-action of ACL1 on ACL2.

not-ip-acl1 - Performs NOT operation on ACL Rule 1 and derive new Rule. The filter action for the derived ACL Rule is “deny” if base Rule is configured for filter action “permit” and vice-versa. Other actions are not applicable for this operation

not-mac-acl1 - Performs NOT operation on ACL Rule 1 and derive new Rule. The filter action for the derived ACL Rule is “deny” if base Rule is configured for filter action “permit” and vice-versa. Other actions are not applicable for this operation

Mode User defined Configuration Mode




Example iss(config-userdef-acl)# userdefined-list ip-acl1-and-ip-acl215 123

Related Commands


user-defined access-list - Creates user defined access-list.



4.5 permit usr-defined-packet-type This command permits packets matching a particular User Defined Byte and by specifying the packet type – namely user-defined, tcp-ipv4, udp, mpls, ipv4, ipv6, frag-ip.

permit usr-defined-packet-type { user-def | tcp-ipv4 | udp-ipv4 | mpls | ipv4 |ipv6 | frag-ip }offset-base {l2 | l3 | l4 | ipv6-ext-hdr | ether-type | <short(0-127)>} offset1 <short(0-127)> <short(0-255)>[offset2 <short(0-127)> <short(0-255)>][offset3 <short(0-127)> <short(0-255)>][offset4 <short(0-127)> <short(0-255)>][offset5 <short(0-127)> <short(0-255)>][offset6 <short(0-127)> <short(0-255)>][redirect {interface <ifXtype> <ifnum> | <ifXtype><iface_list> [<ifXtype><iface_list>]load-balance {src-ip | dst-ip | src-mac | dst-mac | vlanid | src-tcpport| dst-tcpport | src-udpport | dst-udpport | udb <short(0-127)>}}][vlan-action {none | modify-vlan<short (1-4094)> | nested-vlan <short (1 -4094)>}]

Syntax Description

user-def - Specifies the packet type as user defined.

tcp-ipv4 - Specifies the packet type as tcp in the ipV4 packet.

udp-ipv4 - Specifies the packet type as udp in the ipV4 packet.

mpls - Specifies the packet type as mpls.

ipv4 - Specifies the packet type as ipv4.

ipv6 - Specifies the packet type as ipv6.

frag-ip - Specifies the packet type as fragmented ip.

offset-base - Specifies the start of the packet from which the user defined byte should be considered. l2 – Start of the packet is considered as layer 2 l3 – Start of the packet is considered as layer 3 l4 – Start of the packet is considered as layer 4 ipv6-ext-hdr - Start of the packet is considered as ipv6 extended header. ether-type – Start of the packet is considered as ether type.

offset1 - Specifies the offset position and offset value that needs to be considered as the match for offset1. The two input value ranges 0 to 127 and 0 to 255.



offset2 - Specifies the offset position and offset value value that needs to be considered as the match for offset 2. The two input value ranges 0 to 127 and 0 to 255.

Offset3 - Specifies the offset position and offset value that needs to be considered as the match for offset 3. The two input value ranges 0 to 127 and 0 to 255.



Offset6 - Specifies the offset position and value that needs to be considered as the match for offset 6. The two input value ranges 0 to 127 and 0 to 255.

Redirect - Redirects the packet to the destination interface or set of interfaces.

- ifXtype – Specifies the interfae type

- ifnum – Specifies the interface number

- iface_list – Specifies the list of interfaces

load-balance - Specifies the parameters based on which the traffic distribution needs to be done. Options are:

src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport

udb

Options in the Layer 3 header are classified as IPv4 or IPv6 based on packet type



vlan-action - Specifies the VLAN specific sub action to be performed on the packet -

- none – Actions relating to the VLAN ID will not be considered.

- modify-vlan – Modifies the VLAN ID to which the packet gets classified. The packet could be an untagged or VLAN tagged packet.

- nested-vlan – Adds an outer VLAN tag to the packet with the VLAN ID as configured.



Example iss(config-userdef-acl)# permit usr-defined-packet-type user-def offset-base l2 offset1 5 10 load-balance src-ip

Related Commands:


user-defined access-list – Creates the user defined access-list.



4.6 deny usr-defined-packet-type This command denies packets matching a particular User Defined Byte and by specifying the packet type – namely user-defined, tcp-ipv4, udp, mpls, ipv4, ipv6, frag-ip.

deny usr-defined-packet-type { user-def | tcp-ipv4 | udp-ipv4 | mpls | ipv4 |ipv6 | frag-ip }offset-base {l2 | l3 | l4 | ipv6-ext-hdr | ether-type | <short(0-127)>} offset1 <short(0-127)> <short(0-255)> [offset2 <short(0-127)> <short(0-255)>][offset3 <short(0-127)> <short(0-255)>] [offset4 <short(0-127)> <short(0-255)>][offset5 <short(0-127)> <short(0-255)>] [offset6 <short(0-127)> <short(0-255)>]

Syntax Description

usr-defined-packet-type - - user-def – Specifies the packet type as user defined

- tcp-ipv4 – Specifies the packet type as tcp in the ipV4 packet.

- udp-ipv4 - Specifies the packet type as udp in the ipV4 packet.

- mpls - Specifies the packet type as mpls.

- ipv4 - Specifies the packet type as ipv4.

- ipv6 - Specifies the packet type as ipv6.

- frag-ip - Specifies the packet type as fragmented ip.

offset-base Specifies the start of the packet from which the user defined byte should be comsidered

- l2 – Start of the packet is considered as layer 2



- ipv6-ext-hdr – Start of the packet is considered as ipv6 extended header.

- ether-type – Start of the packet is considered as ether type.

offset1 Specifies the offset position and offset value that needs to be considered as the match for offset1. The two input value ranges 0 to 127 and 0 to 255.

offset2 Specifies the offset position and offset value that needs to be considered as the match for offset2. The two input value ranges 0 to 127 and 0 to 255



Offset3 Specifies the offset position and offset value that needs to be considered as the match for offset3. The two input value ranges 0 to 127 and 0 to 255

Offset4 - Specifies the offset position and offset value that needs to be considered as the match for offset4. The two input value ranges 0 to 127 and 0 to 255.





Example iss(config-userdef-acl)# deny usr-defined-packet-type user-def offset-base l2 offset1 112 25

Related Commands:




4.7 permit - standard mode This command specifies the packets to be forwarded depending upon the associated parameters. Standard IP access lists use source addresses for matching operations.

permit { any | host <src-ip-address> | <network-src-ip> <mask> } [{ any | host <dest-ip-address> | <network-dest-ip> <mask>}]redirect {interface <ifXtype> <ifnum> | <ifXtype><iface_list> [<ifXtype><iface_list>] load-balance {src-ip | dst-ip | src-mac | dst-mac | vlanid | src-tcpport | dst-tcpport | src-udpport | dst-udpport}}] [vlan-action {none | modify-vlan<short (1-4094)> | nested-vlan <short (1 -4094)>}]

Syntax Description

any|host

<src-ip-address>| <network-src-ip-><mask>

- Source IP address can be - 'any' or

- the dotted decimal address

- the IP address of the host that the packet is from and the network mask to use with the source IP address

any|host <dest-ip-address>|< network-dest-ip><mask>

- Destination IP address can be - 'any' or

- the dotted decimal address or

- the IP address of the host that the packet is destined for and the network mask to use with the destination IP address

redirect Redirects the action to the destination interface or set of interfaces.






load-balance Specifies the parameters based on which the traffic distribution needs to be done. Options are:

src-ip

src-mac

dst-ip

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport

Options in the Layer 3 header are classified as IPv4 or IPv6 based on packet type

vlan-action Specifies the VLAN specific sub action to be performed on the packet -

none – Actions relating to the VLAN ID will not be considered.

modify-vlan – Modifies the VLAN ID to which the packet gets classified. The packet could be an untagged or VLAN tagged packet.

nested-vlan – Adds an outer VLAN tag to the packet with the VLAN ID as configured.

Mode IP ACL Configuration (standard)


Example iss(config-std-nacl)# permit host 100.0.0.10

Related Commands

ip access-list - Creates IP ACLs and enters the IP Access-list configuration mode


show access-lists- Displays the access list configuration



4.8 deny - standard mode This command denies traffic if the conditions defined in the deny statement are matched.

deny{ any | host <src-ip-address> | <src-ip-address> <mask> } [ { any | host <dest-ip-address> | <dest-ip-address> <mask> } ]

Syntax Description

any|host

src-ip-address|

<src-ip-address> <mask>

- Source IP address can be - 'any' or

- the word 'host' and the dotted decimal address or

- number of the network or the host that the packet is from and the network mask to use with the source IP address

any|host

dest-ip-address| <dest-ip-address><mask>

- Destination IP address can be - 'any' or


- number of the network or the host that the packet is destined for and the network mask to use with the destination IP address

Mode IP ACL Configuration (standard)


Example iss(config-std-nacl)# deny host 100.0.0.10 any

Related Commands



show access-lists-Displays the access list configuration



4.9 permit- ip/ospf/pim/protocol type

This command allows traffic for a particular protocol packet if the conditions defined in the permit statement are matched.

permit { ip | ospf | pim | <protocol-type (1-255)>}{ any | host <src-ip-address> | <src-ip-address> <mask> }{ any | host <dest-ip-addresq> | <dest-ip-address> <mask> }[ {tos{max-reliability | max-throughput | min-delay | normal |<value (0-7)>} | dscp <value (0-63)>} ][priority <value (1-255)>][redirect {interface <ifXtype> <ifnum> | <ifXtype><iface_list> [<ifXtype><iface_list>] load-balance {src-ip | dst-ip | src-mac | dst-mac | vlanid | src-tcpport | dst-tcpport | src-udpport | dst-udpport}}][vlan-action {none | modify-vlan<short (1-4094)> | nested-vlan <short (1 -4094)>}]

Syntax Description

ip| ospf|pim|

<protocol-type (1-255)>

- Type of protocol for the packet. It can also be a protocol number.

any| host

<src-ip-address>|


- Source IP address can be - ‘any’ or


- the IP Address of the network or the host that the packet is from and the network mask to use with the source address.

any|host

<dest-ip-address>|

<dest-ip-address> <mask>

- Destination IP address can be - ‘any’ or


- the IP Address of the network or the host that the packet is destined for and the network mask to use with the destination address

tos

- Type of service. Can be max-reliability, max throughput, min-delay, normal or a range of values from 0 to 7, Differentiated Services Code Point (DSCP) values to match against incoming packets.

priority

- The priority of the L3 filter is used to decide which filter rule is applicable when the packet matches with more than one filter rules. Lower value of ‘filter priority’ implies a higher priority.








src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport





Mode ACL Extended Access List Configuration Mode


Defaults protocol-type

- 255

priority

- 1

Example iss(config-ext-nacl)# permit 200 host 100.0.0.10 any tos 6 load balance src-ip



Protocol type with the value 255 indicates that protocol can be anything and it will not be checked against the action to be performed.

Service VLAN, Service VLAN Priority, Customer VLAN and Customer VLAN Priority options are applicable only for Metro Solution, when the bridge mode is “Provider Bridge”.

Related Commands



deny - ip/ospf/pim/protocol type- Denies traffic for a particular protocol packet if the conditions defined in the deny statement are matched



4.10 permit ipv6 This command specifies IP packets to be forwarded based on protocol and associated parameters.

permit ipv6 { flow-label <integer(1-65535)> | {any | host <ip6_addr> <integer(0-128)> } { any | host <ip6_addr> <integer(0-128)> }} [redirect {interface <ifXtype> <ifnum> | <ifXtype><iface_list> [<ifXtype><iface_list>]load-balance {src-ip | dst-ip | src-mac | dst-mac | vlanid | src-tcpport| dst-tcpport | src-udpport | dst-udpport}}][vlan-action {none | modify-vlan<short (1-4094)> | nested-vlan <short (1 -4094)>}]

Syntax Description

flow-label - Flow identifier in IPv6 header.

any | host <ip6_addr> <integer(0-128)>

- Source address of the host / any host.


- Destination address of the host / any host.





load-balance Specifies the parameters based on which the traffic

distribution needs to be done. Options are:

src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport vlan-action

Specifies the VLAN specific sub action to be performed on the packet -








Example iss(config-ext-nacl)# permit ipv6 host c004::04 28 any load-balance src-ip

Flow label cannot be configured along with either source/destination IP address.

Related Commands

show access-lists - Displays the access lists configuration.



4.11 deny ipv6 This command specifies IPv6 packets to be rejected based on protocol and associated parameters.

deny ipv6 { flow-label <integer(1-65535)> | {any | host <ip6_addr> <integer(0-128)> } { any | host <ip6_addr> <integer(0-128)> }}

Syntax Description

flow-label - Flow identifier in IPv6 header.


- Source address of the host / any host.


- Destination address of the host / any host.



Example iss(config-ext-nacl)# deny ipv6 host c004::04 28 any iss(config-ext-nacl)# deny ipv6 flow-label 40

Flow label cannot be configured along with either source/destination IP address.

Related Commands

show access-lists - Displays the access lists configuration.



4.12 deny - ip/ospf/pim/protocol type This command denies traffic for a particular protocol packet if the conditions defined in the deny statement are matched.

deny { ip | ospf | pim | <protocol-type (1-255)>} { any | host <src-ip-address> | <src-ip-address> <mask> } { any | host <dest-ip-address> | <dest-ip-address> <mask> }[ {tos{max-reliability | max-throughput | min-delay | normal |<value (0-7)>} | dscp <value (0-63)>} ] [ priority <value (1-255)>]

Syntax Description

ip| ospf|pim|

<protocol-type

(1-255)>

- Type of protocol for the packet. It can also be a protocol number.

any| host

<src-ip-address>|


- Source IP address can be

- ‘any’ or

- the word ‘host’ and the dotted decimal address or

- number of the network or the host that the packet is from and the network mask to use with the source address

any|host

<dest-ip-address>|

<dest-ip-address> <mask>

- Destination IP address can be

- ‘any’ or


- number of the network or the host that the packet is destined for and the network mask to use with the destination address

tos


priority

- The priority of the L3 filter is used to decide which filter rule is applicable when the packet matches with more than one filter rules. Lower value of ‘filter priority’ implies a higher priority.





Defaults protocol type

- 255

priority

- 1

Example iss(config-ext-nacl)# deny ospf any host 10.0.0.1 tos max-throughput

Protocol type with the value 255 indicates that protocol can be anything and it will not be checked against the action to be performed.

Service Vlan, Service Vlan Priority, Customer Vlan and Customer Vlan Priority options are applicable only for Metro Solution, when the bridge mode is “Provider Bridge”.

Related Commands



show access-lists -Displays the access list configuration



4.13 permit tcp This command specifies the TCP packets to be forwarded based on the associated parameters.

permit tcp {any | host <src-ip-address> | <src-ip-address> <src-mask> }[{gt <port-number (1-65535)> | lt <port-number (1-65535)>|eq <port-number (1-65535)> |range <port-number (1-65535)> <port-number (1-65535)>}]{ any | host <dest-ip-address> | <dest-ip-address> <dest-mask> }[{gt <port-number (1-65535)> | lt <port-number (1-65535)> | eq <port-number (1-65535)> |range <port-number (1-65535)> <port-number (1-65535)>}][{ ack | rst }][{tos{max-reliability|max-throughput|min-delay|normal|<tos-value(0-7)>}|dscp <value (0-63)>}][ priority <short(1-255)>][redirect {interface <ifXtype> <ifnum> | <ifXtype><iface_list> [<ifXtype><iface_list>]load-balance {src-ip | dst-ip | src-mac | dst-mac | vlanid | src-tcpport| dst-tcpport | src-udpport | dst-udpport}}] [vlan-action {none | modify-vlan<short (1-4094)> | nested-vlan <short (1 -4094)>}]

Syntax Description

tcp

- Transport Control Protocol

any| host

<src-ip-address>|

<src-ip-address> < src-mask >


- ‘any’ or

- the dotted decimal address OR

- the IP address of the network or the host that the packet is from and the network mask to use with the source address

port-number

- Port Number. The input for the source and the destination port-number is prefixed with one of the following operators.

- eq=equal

- lt=less than

- gt=greater than

- range=a range of ports; two different port numbers must be specified



any|host

<dest-ip-address> |<dest-ip-address> < dest-mask >


- ‘any’ or


- the IP Address of the network or the host that the packet is destined for and the network mask to use with the destination address

ack

- TCP ACK bit to be checked against the packet. It can be establish (1), non-establish (2) or any (3).

rst

- TCP RST bit to be checked against the packet. It can be set (1), notset (2) or any (3).

tos - Type of service. Can be max-reliability, max throughput, min-delay, normal or a range of values from 0 to 7, Differentiated Services Code Point (DSCP) values to match against incoming packets.

priority

- The priority of the filter is used to decide which filter rule is applicable when the packet matches with more than one filter rules. Lower value of ‘filter priority’ implies a higher priority.







Load-balance Specifies the parameters based on which the traffic distribution needs to be done. Options are:

src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport







Defaults tos-value

- 0

ack - ‘any’ (3) [indicates that the TCP ACK bit will not be checked to decide the action]

rst - any’ (3) [indicates that the TCP RST bit will not be

checked to decide the action]

Example iss(config-ext-nacl)# permit tcp any 10.0.0.1 load-balance scr-ip


Related Commands





-deny tcp Specifies the TCP packets to be rejected based on the associated parameters

4.14 deny tcp This command specifies the TCP packets to be rejected based on the associated parameters.

deny tcp {any | host <src-ip-address> | <src-ip-address> <src-mask> }[{gt <port-number (1-65535)> | lt <port-number (1-65535)> |eq <port-number (1-65535)> | range <port-number (1-65535)> <port-number (1-65535)>}]{ any | host <dest-ip-address> | <dest-ip-address> <dest-mask> }[{gt <port-number (1-65535)> | lt <port-number (1-65535)> | eq <port-number (1-65535)> |range <port-number (1-65535)> <port-number (1-65535)>}][{ ack | rst }][{tos{max-reliability|max-throughput|min-delay|normal|<tos-value(0-7)>} | dscp <value (0-63)>}] [ priority <short (1-255)>]

Syntax Description

tcp

- Transmission control protocol

any| host

<src-ip-address>|

<src-ip-address> <src-mask>


- ‘any’ or





port-number


- eq=equal

- lt=less than

- gt=greater than


any|host

<dest-ip-address>|

<dest-ip-address>

<dest-mask>


- ‘any’ or



ack

- TCP ACK bit to be checked against the packet. It can be establish (1), non-establish (2) or any (3)

rst

- TCP RST bit to be checked against the packet. It can be set (1), notset (2) or any (3)

tos


priority

- The priority of the filter is used to decide which filter rule is applicable when the packet matches with more than one filter rules. Lower value of ‘filter priority’ implies a higher priority.



Defaults tos-value

- 0



ack

- ‘any’ (3) [indicates that TCP ACK bit will not be checked to decide the action]

rst

- any’ (3) [indicates that TCP RST bit will not be checked to decide the action]

Example iss(config-ext-nacl)# deny tcp 100.0.0.10 255.255.255.0 eq 20

any


Related Commands



permit tcp - Specifies the TCP packets to be forwarded based on the associated parameters

4.15 permit udp This command specifies the UDP packets to be forwarded based on the associated parameters.

permit udp { any | host <src-ip-address> | <src-ip-address> <src-mask>}[{gt <port-number (1-65535)> | lt <port-number (1-65535)>| eq <port-number (1-65535)> | range <port-number (1-65535)> <port-number (1-65535)>}]{ any | host <dest-ip-address> | <dest-ip-address> <dest-mask> }[{ gt <port-number (1-65535)> | lt <port-number (1-65535)>| eq <port-number (1-65535)>| range <port-number (1-65535)> <port-number (1-65535)>}][{tos{max-reliability|max-throughput|min-delay|normal|<tos-value(0-7)>} | dscp <value (0-63)>}] [ priority <(1-255)>][redirect {interface <ifXtype> <ifnum> | <ifXtype><iface_list> [<ifXtype><iface_list>] load-balance {src-ip | dst-ip | src-mac | dst-mac | vlanid | src-tcpport| dst-tcpport | src-udpport | dst-udpport}}] [vlan-action {none | modify-vlan<short (1-4094)> | nested-vlan <short (1 -4094)>}]

Syntax Description

udp

- User Datagram Protocol



any| host

<src-ip-address>|

<src-ip-address>

<src-mask>


- 'any' or



port-number


- eq=equal

- lt=less than

- gt=greater than


any|host

<dest-ip-address>|

<dest-ip-address>

<dest-mask>


- 'any' or



tos

{max-reliability |max-throughput | min-delay | normal| <value (0-7)> | dscp <value(0-63)>}


priority

- The priority of the filter is used to decide which filter rule is applicable when the packet matches with more than one filter rules. Lower value of 'filter priority' implies a higher priority.



redirect

Redirects the action to the destination interface or set of interfaces.




load-balance

Specifies the parameters based on which the traffic distribution needs to be done. Options are:

src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport







Example iss(config-ext-nacl)# permit udp any 100.0.0.10 load-balance src-ip


Related Commands





deny udp - Specifies the UDP packets to be rejected based on the associated parameters

4.16 deny udp This command specifies the UDP packets to be rejected based on the associated parameters.

deny udp { any | host <src-ip-address> | <src-ip-address> <src-mask>}[{gt <port-number (1-65535)> | lt <port-number (1-65535)>| eq <port-number (1-65535)> | range <port-number (1-65535)> <port-number (1-65535)>}]{ any | host <dest-ip-address> | <dest-ip-address> <dest-mask> }[{ gt <port-number (1-65535)> | lt <port-number (1-65535)>| eq <port-number (1-65535)>| range <port-number (1-65535)> <port-number (1-65535)>}][{tos{max-reliability|max-throughput|min-delay|normal|<tos-value(0-7)>} | dscp <value (0-63)>}] [ priority <(1-255)>]

Syntax Description

udp

- User Datagram Protocol



any| host

<src-ip-address>|

<src-ip-address>

<src-mask>


- 'any' or



port-number


- eq=equal

- lt=less than

- gt=greater than


any|host

<dest-ip-address>

|<dest-ip-address>

<dest-mask>


- 'any' or



tos


priority

- The priority of the filter used to decide which filter rule is applicable when the packet matches with more than one filter rules. Lower value of 'filter priority' implies a higher priority.



Example iss(config-ext-nacl)# deny udp host 10.0.0.1 any eq 20




Related Commands



permit udp - Specifies the UDP packets to be forwarded based on the associated parameters

4.17 permit icmp This command specifies the ICMP packets to be forwarded based on the IP address and the associated parameters.

permit icmp {any |host <src-ip-address>|<src-ip-address> <mask>}{any | host <dest-ip-address> | <dest-ip-address> <mask> }[<message-type (0-255)>] [<message-code (0-255)>] [ priority <(1-255)>] [redirect {interface <ifXtype> <ifnum> | <ifXtype><iface_list>[<ifXtype><iface_list>] Load-balance {src-ip | dst-ip | src-mac | dst-mac | vlanid | src-tcpport | dst-tcpport | src-udpport | dst-udpport}}] [vlan-action {none | modify-vlan<short (1-4094)> | nested-vlan <short (1 -4094)>}]

Syntax Description

icmp

- Internet Control Message Protocol



any| host

<src-ip-address>

|<src-ip-address> <mask>


- 'any' or



any|host

<dest-ip-address>|

<dest-ip-address>

<mask>


- 'any' or



message-type

- Message type

message-code

- ICMP Message code

priority - The priority of the filter used to decide which filter rule is applicable when the packet matches with more than one filter rules. Lower value of 'filter priority' implies a higher priority.

Redirect Redirects the action to the destination interface or set of interfaces.






Load-balance Specifies the parameters based on which the traffic distribution needs to be done. Options are:

src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport

dst-udpport

Vlan-action Specifies the VLAN specific sub action to be performed on the packet -






Defaults message-type/message code

- 255

Example iss(config-ext-nacl)# permit icmp any 10.0.0.1 load balance src-ip

The ICMP message type can be one of the following:

Value ICMP type

0 Echo reply

3 Destination unreachable

4 Source quench

5 Redirect

8 Echo request



11 Time exceeded

12 Parameter problem

13 Timestamp request

14 Timestamp reply

15 Information request

16 Information reply

17 Address mask request

18 Address mask reply

155 No ICMP type

The ICMP code can be any of the following:

- Value ICMP code

- 0 Network unreachable

- 1 Host unreachable

- 2 Protocol unreachable

- 3 Port unreachable

- 4 Fragment need

- 5 Source route fail

- 6 Destination network unknown

- 7 Destination host unknown

- 8 Source host isolated

- 9 Destination network administratively prohibited

- 10 Destination host administratively prohibited

- 11 Network unreachable TOS

- 12 Host unreachable TOS

- 255 No ICMP code

- Service Vlan, Service Vlan Priority, Customer Vlan and Customer Vlan Priority options are applicable only for Metro Solution, when the bridge mode is “Provider Bridge”.

Related Commands

ip access-list - Created IP ACLs and enters the IP Access-list configuration mode





4.18 deny icmp This command specifies the ICMP packets to be rejected based on the IP address and associated parameters.

deny icmp {any |host <src-ip-address>|<src-ip-address> <mask>}{any | host <dest-ip-address> | <dest-ip-address> <mask> }[<message-type (0-255)>] [<message-code (0-255)>] [ priority <(1-255)>]



Syntax Description

icmp

- Internet Control Message Protocol

any| host

<src-ip-address>|

<src-ip-address>

<mask>


- 'any' or



any|host

<dest-ip-address>|

<dest-ip-address>

<mask>


- 'any' or



message-type

- Message type

message-code

- ICMP Message code

priority - The priority of the filter used to decide which filter rule is applicable when the packet matches with more than one filter rules. Lower value of 'filter priority' implies a higher priority.



Defaults message-type/ message code

- 255

Example iss(config-ext-nacl)# deny icmp host 100.0.0.10 10.0.0.1 255.255.255.255

The ICMP message type can be one of the following:

Value ICMP type



0 Echo reply

3 Destination unreachable

4 Source quench

5 Redirect

8 Echo request

11 Time exceeded

12 Parameter problem

13 Timestamp request

14 Timestamp reply

15 Information request

16 Information reply

17 Address mask request

18 Address mask reply

155 No ICMP type

The ICMP code can be any of the following:

Value ICMP code

0 Network unreachable

1 Host unreachable

2 Protocol unreachable

3 Port unreachable

4 Fragment need

5 Source route fail

6 Destination network unknown

7 Destination host unknown

8 Source host isolated

9 Destination network administratively prohibited

10 Destination host administratively prohibited

11 Network unreachable TOS

12 Host unreachable TOS

255 No ICMP code

- Service Vlan, Service Vlan Priority, Customer Vlan and Customer Vlan Priority options are applicable only for Metro Solution, when the bridge mode is “Provider Bridge”.

Related Commands





permit icmp - Specifies the ICMP packets to be forwarded based on the IP address and the associated parameters

4.19 ip access-group

This command enables access control for the packets on the interface. It controls access to a Layer 2 or Layer 3 interface. The no form of this command removes all access groups or the specified access group from the interface. The direction of filtering is specified using the token in or out.



ip access-group <access-list-number (1-65535)> {in | out}

no ip access-group [<access-list-number (1-65535)>] {in | out}

Syntax Description

access-list-number

- IP access control list number

in

- Inbound packets

out

- Outbound packets

Mode Interface Configuration Mode


Example iss(config-if)# ip access-group 1 in

IP access list must have been created.

Following are the limitations for this command to be applicable to Layer 2 interfaces.

- The out keyword is not supported by Layer 2 interfaces.

- An IP ACL applied to a Layer 2 interface filters only the IP packets. MAC access-group interface configuration command with MAC extended ACLs must be used to filter non-IP packets.

Related Commands



4.20 mac access-group This command applies a MAC access control list (ACL) to a Layer 2 interface. The no form of this command can be used to remove the MAC ACLs from the interface.

mac access-group <access-list-number (1-65535)> {in | out}

no mac access-group [<access-list-number (1-65535)>] {in | out}



Syntax Description

access-list-number

- Access List Number

in

- Inbound packets

out - Outbound packets



Example iss(config-if)# mac access-group 5 in

MAC access list must have been created.

Related Commands

mac access-list extended - Creates Layer 2 MAC ACLs, and returns the MAC-Access list configuration mode to the user

show access-lists - Displays the access list statistics


deny - Specifies the packets to be rejected based on the MAC address and the associated parameters.

4.21 user-defined access-group

This command applies a user defined access list (ACL) to an interface. The no form of this command removes the User defined ACLs from the interface.



user-defined access-group <access-list-number (1-65535)> {in| out}

no user-defined access-group [<access-list-number (1-65535)>] {in| out}

Syntax Description

access-list-number

- IP access control list number

in

- Inbound packets

out

- Outbound packets



Example iss(config-if)# user-defined access-group 5 in

User defined access list should be created already, before executing this command.

Related Commands


user-defined access-list – Creates the user defined access-list.

4.22 permit This command specifies the packets to be forwarded based on the MAC address and the associated parameters, that is, this command allows non-IP traffic to be forwarded if the conditions are matched.



permit { any | host <src-mac-address>}{ any | host <dest-mac-address> }[aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000|etype-8042 | lat | lavc-sca | mop-console | mop-dump | msdos | mumps | netbios | vines-echo | vines-ip | xns-id | <protocol (0-65535)>][ encaptype <value (1-65535)>][ Vlan <vlan-id (1-4094)>][priority <value (1-255)>][redirect {interface <ifXtype> <ifnum> | <ifXtype><iface_list> [<ifXtype><iface_list>] load-balance {src-ip | dst-ip | src-mac | dst-mac | vlanid | src-tcpport | dst-tcpport | src-udpport | dst-udpport}}][vlan-action {none | modify-vlan<short (1-4094)> | nested-vlan <short (1 -4094)>}]

Syntax Description

any | host <src-mac-address >

- Source MAC address to be matched with the packet

any | host <dest-mac-address >

- Destination MAC address to be matched with the packet

aarp

Ethertype AppleTalk Address Resolution Protocol that maps a data-link address to a network address

amber

EtherType DEC-Amber

dec-spanning

EtherType Digital Equipment Corporation (DEC) spanning tree

decnet-iv

EtherType DECnet Phase IV protocol

diagnostic

EtherType DEC-Diagnostic

dsm

EtherType DEC-DSM/DDP

etype-6000

EtherType 0x6000

etype-8042

EtherType 0x8042

lat

EtherType DEC-LAT

lavc-sca

EtherType DEC-LAVC-SCA

mop-console

EtherType DEC-MOP Remote Console



mop-dump EtherType DEC-MOP Dump

msdos

EtherType DEC-MSDOS

mumps

EtherType DEC-MUMPS

netbios

EtherType DEC- Network Basic Input/Output System (NETBIOS)

vines-echo

EtherType Virtual Integrated Network Service (VINES) Echo from Banyan Systems

vines-ip

EtherType VINES IP

xns-id EtherType Xerox Network Systems (XNS) protocol suite

encaptype Encapsulation Type






src-ip

dst-ip

src-mac

dst-mac

vlanid

src-tcpport

dst-tcpport

src-udpport dst-udpport







Mode ACL MAC Configuration Mode


Defaults vlan-id

- 0

priority

- 1

Example iss(config-ext-macl)# permit host 00:11:22:33:44:55 any load-balance src-ip vlan-action modify lan 526


OuterEtherType, Service Vlan, Service Vlan Priority and Customer Vlan Priority options are applicable only for Metro Solution, when the bridge mode is “Provider Bridge”.

Related Commands


mac access-group - Applies a MAC access control list (ACL) to a Layer 2 interface



user-defined access-list - Creates user defined access-list



4.23 deny This command specifies the packets to be rejected based on the MAC address and the associated parameters.

deny { any | host <src-mac-address>}{ any | host <dest-mac-address> } [aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000 |etype-8042 | lat | lavc-sca | mop-console | mop-dump | msdos | mumps | netbios | vines-echo | vines-ip | xns-id | <protocol (0-65535)>] [ encaptype <value (1-65535)>][ Vlan <vlan-id (1-4094)>] [priority <value (1-255)>]

Syntax Description

any | host <src-mac-address >

- Source MAC address to be matched with the packet



any | host <dest-mac-address >

- Destination MAC address to be matched with the packet

aarp

- Ethertype AppleTalk Address Resolution Protocol that maps a data-link address to a network address

amber

- EtherType DEC-Amber

dec-spanning

- EtherType Digital Equipment Corporation (DEC) spanning tree

decent-iv

- EtherType DECnet Phase IV protocol

diagnostic

- EtherType DEC-Diagnostic

dsm

- EtherType DEC-DSM/DDP

etype-6000

- EtherType 0x6000

etype-8042

- EtherType 0x8042

lat

- EtherType DEC-LAT

lavc-sca

- EtherType DEC-LAVC-SCA

mop-console

- EtherType DEC-MOP Remote Console

mop-dump

- EtherType DEC-MOP Dump

msdos

- EtherType DEC-MSDOS

mumps

- EtherType DEC-MUMPS

netbios

- EtherType DEC- Network Basic Input/Output System (NETBIOS)



vines-echo

- EtherType Virtual Integrated Network Service (VINES) Echo from Banyan Systems

vines-ip

- EtherType VINES IP

xns-id

- EtherType Xerox Network Systems (XNS) protocol suite

encaptype

- Encapsulation Type

vlan

- VLAN ID to be filtered

priority

- The priority of the L2 filter is used to decide which filter rule is applicable when the packet matches with more than one filter rules. Lower value of 'filter priority' implies a higher priority.

Mode ACL MAC Configuration Mode


Defaults vlan-id

- 0

priority

- 1

Example iss(config-ext-macl)# deny any host 00:11:22:33:44:55 priority 200


OuterEtherType, Service Vlan, Service Vlan Priority and Customer Vlan Priority options are applicable only for Metro Solution, when the bridge mode is “Provider Bridge”.

Related Commands








4.24 show access-lists

This command displays the access lists configuration.

show access-lists [[{ip | mac | user-defined }] < access-list-number (1-65535)> ]

Syntax Description

ip - IP Access List



mac - MAC Access List

user-defined - user defined access list



Example iss# show access-lists EIP ACCESS LISTS

-----------------

Standard IP Access List 34

----------------------------

IP address Type : IPV4

Source IP address : 172.30.3.134

Source IP address mask : 255.255.255.255

Source IP Prefix Length : 32

Destination IP address : 0.0.0.0

Destination IP address mask : 0.0.0.0

Destination IP Prefix Length : 0

Flow Identifier : 0

In Port List : NIL

Out Port List : NIL

Filter Action : Deny

Status : InActive

Extended IP Access List 1002

-----------------------------

Filter Priority : 1

Filter Protocol Type : ANY










Flow Identifier : 0

In Port List : NIL

Out Port List : NIL

Filter TOS : Invalid combination

Filter DSCP : NIL

Filter Action : Permit

Status : InActive

Extended IP Access List 10022

-----------------------------

Filter Priority : 1

Filter Protocol Type : ANY








Flow Identifier : 0

In Port List : NIL

Out Port List : NIL

Filter TOS : Invalid combination

Filter DSCP : NIL

Filter Action : Permit

Status : InActive

MAC ACCESS LISTS

-----------------

No MAC Access Lists have been configured



OuterEtherType, Service Vlan, Service Vlan Priority, innerEtherType, Customer Vlan and Customer Vlan Priority options are applicable only with Metro Ethernet Feature and bridge mode is provider.

Related Commands



permit usr-defined-packet-type - Permits Packet Based on User Defined Packet Byte

deny usr-defined-packet-type - This command denies packet based on user defined byte.




deny - ip/ospf/pim/protocol type Denies traffic for a particular protocol packet if the conditions defined in the deny statement are matched

permit tcp- Specifies the TCP packets to be forwarded based on the associated parameters

deny tcp- Specifies the TCP packets to be rejected based on the associated parameters

permit udp- Specifies the UDP packets to be forwarded based on the associated parameters

deny udp- Specifies the UDP packets to be rejected based on the associated parameters

permit icmp- Specifies the ICMP packets to be forwarded based on the IP address and the associated parameters


ip access-group- Enables access control for the packets on the interface



deny- specifies the packets to be rejected based on the MAC address and the associated parameters


userdefined-list - Creates a user defined access list by applying AND, OR, NOT operation on existing ACL rules

permit ipv6 - Specifies IP packets to be forwarded based on protocol and associated parameters.

deny ipv6 - Specifies IPv6 packets to be rejected based on protocol and associated parameters.

user-defined access-group - Applies a user defined access list (ACL) to an interface


Chapter

5 5.QoS (Quality of Service)

QoS defines the ability to provide different priority to different applications, users or data flows or the ability to guarantee a certain level of performance to a data flow. QoS refers to resource reservation control mechanisms rather than the achieved service quality and specifies a guaranteed throughput level.

Datacom Systems Inc. QoS provides a complete Quality of Service solution and helps in implementing service provisioning policies for application or customers, who desire to have an enhanced performance for their traffic on the Internet.

The list of CLI commands for the configuration of QoS is as follows:

shutdown qos

qos

priority-map

class-map

meter

policy-map

queue-type

shape-template

scheduler

queue

queue-map

sched-hierarchy

qos interface

map

match access-group



set class

meter-type

set policy

set meter

set

random-detect dp

show priority-map

show class-map

show class-to-priority-map

show meter

show policy-map

show queue-template

show shape-template

show scheduler

show queue

show queue-map

show sched-hierarchy

show qos def-user-priority

show qos meter-stats

show qos queue-stats

DATACOM SYSTEMS INC CHAPTER 5: QOS (QUALITY OF SERVICE)


5.1 shutdown qos This command shuts down the QoS subsystem. The no form of the command starts the QoS subsystem.

shutdown qos

no shutdown qos



Defaults QoS subsystem is started and enabled by default.

Example iss(config)# shutdown qos

Resources required by QoS subsystem are allocated and QoS subsystem starts running, when started.

All the MemPools used by the QoS subsystem will be released, when shutdown.

Related Commands

show qos global info - Displays QoS related global configurations.



5.2 qos This command enables or disables the QoS subsystem.

qos {enable | disable}

Syntax Description

enable - Enables QoS subsystem

disable - Disables Qos subsystem



Defaults Enabled

Example iss(config)# qos enable

QoS module programs the hardware and starts protocol operation, when set as enable.

QoS module stops protocol operation by deleting the hardware configuration, when set as disable.

Related Commands

show qos global info - Displays QoS related global configurations.



5.3 priority-map This command adds a Priority Map entry. The no form of the command deletes a Priority Map entry.

priority-map <priority-map-Id(1-65535)>

no priority-map <priority-map-Id(1-65535)>

Syntax Description

Priority-map-Id - Priority map index for the incoming packet received over ingress Port/VLAN with specified incoming priority. This value ranges between 1 and 65535.



Example iss(config)# priority-map 1

QoS subsystem should have been started.

Related Commands

show priority-map – Displays the Priority Map entry.



5.4 class-map This command adds a Class Map entry. The no form of the command deletes a Class Map entry.

class-map <class-map-id(1-65535)>

no class-map <class-map-id(1-65535)>

Syntax Description

class-map-id - Index that enumerates the MultiField Classifier table entries. This value ranges between 1 and 65535.



Example iss(config)# class-map 1


Related Commands

show class-map – Displays the Class Map entry.



5.5 meter This command creates a Meter. The no form of the command deletes a Meter.

meter <meter-id(1-65535)>

no meter <meter-id(1-65535)>

Syntax Description

meter-id - Index that enumerates the Meter entries. This value ranges between 1 and 65535.



Example iss(config)# meter 1


Related Commands

show meter – Displays the Meter entry.



5.6 policy-map This command creates a policy map. The no form of the command deletes a policy map.

policy-map <policy-map-id(1-65535)>

no policy-map <policy-map-id(1-65535)>

Syntax Description

policy-map-id - Index that enumerates the policy-map table entries. This value ranges between 1 and 65535.



Example iss(config)# policy-map 1


Related Commands

show policy-map – Displays the Policy Map entry.



5.7 queue-type This command creates a Queue Template Type. The no form of the command deletes a Queue Template Type.

queue-type <Q-Template-Id(1-65535)>

no queue-type <Q-Template-Id(1-65535)>

Syntax Description

Q-Template-Id - Queue Template Table index. This value ranges between 1 and 65535.



Example iss(config)# queue-type 1

Related Commands

show queue-template – Displays the Q Template and Random Detect configurations.



5.8 shape-template This command creates a Shape Template. The no form of the command deletes a Shape Template.

shape-template <integer(1-65535)> [cir <integer(1-65535)>] [cbs <integer(0-65535)>] [eir <integer(0-65535)>] [ebs <integer(0-65535)>]

no shape-template <Shape-Template-Id(1-65535)>

Syntax Description

Shape-Template-Id - Shape Template Table index.

cir - Committed information rate for packets through the queue.

cbs - Committed burst size for packets through the queue.

eir - Excess information rate for packets through the hierarchy.

ebs - Excess burst size for packets through the hierarchy.



Example iss(config)# shape-template 1 cir 20 cbs 40 eir 50 ebs 40

Related Commands

show shape-template – Displays the Shape Template configurations.



5.9 scheduler This command creates a Scheduler and configures the Scheduler parameters. The no form of the command deletes a scheduler.

scheduler <integer(1-65535)> interface <iftype> <ifnum> [sched-algo {strict-priority | rr | wrr | wfq | strict-rr | strict-wrr | strict-wfq | deficit-rr}] [shaper <integer(0-65535)>] [hierarchy-level <integer(0-10)>]

no scheduler <Scheduler-Id(1-65535)> interface <iftype> <ifnum>

Syntax Description

Scheduler-Id - Scheduler identifier that uniquely identifies the scheduler in the system/egress interface.

iftype - Interface type.

ifnum - Interface number.

sched-algo - Packet scheduling algorithm for the port. The algorithms are:

strict-priority – strictPriority.

rr – roundRobin.

wrr – weightedRoundRobin.

wfg – weightedFairQueing.

strict-rr – strictRoundRobin.

strict-wrr – strictWeightedRoundRobin.

strict-wfg – strictWeightedFairQueing.

deficit-rr – deficitRoundRobin.

shaper - Shaper identifier that specifies the bandwidth requirements for the scheduler.

hierarchy-level - Depth of the queue/scheduler hierarchy.



Defaults sched-algo - strict-priority



hierarchy-level - 0

Example iss(config)# scheduler 1 interface giga 0/1 sched-algo rr shaper 1 hierarchy-level 1

Shaper identifier is not mandatory for the creation of the conceptual row.

Related Commands

show scheduler – Displays the configured Scheduler.

sched-hierarchy – Creates a Scheduler Hierarchy.

show sched-hierarchy – Displays the configured hierarchy scheduler.



5.10 queue This command creates a Queue and configures the Queue parameters. The no form of the command deletes a Queue.

queue <integer(1-65535)> interface <iftype> <ifnum> [qtype <integer(1-65535)>] [scheduler <integer(1-65535)>] [weight <integer(0-1000)>] [priority <integer(0-15)>] [shaper <integer(0-65535)>]

no queue <integer(1-65535)> interface <iftype> <ifnum>

Syntax Description

queue - Queue identifier that uniquely identifies the queue in the system/port.



qtype - Queue Type identifier.

scheduler - Scheduler identifier that manages the specified queue.

weight - User assigned weight to the CoS queue.

priority User assigned priority for the CoS queue.

shaper Shaper identifier that specifies the bandwidth requirements for the queue.



Defaults weight - 0

priority - 0

Example iss(config)# queue 1 interface giga 0/1 qtype 2 scheduler 1 weight 20 priority 10 shaper 1.



Scheduler identifier is unique relative to an egress interface.

User assigned weights are used only when scheduling algorithm is a weighted scheduling algorithm.

User assigned priority is used only when the scheduler uses a priority based scheduling algorithm.

Shaper identifier is not mandatory for the creation of the row.

Related Commands

queue-type – Creates a Queue Template Type.

scheduler – Creates a Scheduler and configures the Scheduler parameters.

shape-template – Creates a Shape Template.

show queue – Displays the configured Queues.



5.11 queue-map This command creates a Map for a Queue with Class or regenerated priority. The no form of the command deletes a Queue map entry.

queue-map { CLASS <integer(1-65535)> | regn-priority { vlanPri | ipTos | ipDscp | mplsExp | vlanDEI } <integer(0-63)> } [interface <iftype> <ifnum>] queue-id <integer(1-65535)>

no queue-map { CLASS <integer(1-65535)> | regn-priority { vlanPri | ipTos | ipDscp | mplsExp | vlanDEI } <integer(0-63)> } [interface <iftype> <ifnum>]

Syntax Description

CLASS - Input CLASS that needs to be mapped to an outbound queue.

regn-priority - Regenerated-priority type and regenerated-priority that needs to be mapped to an outbound queue. The types are

vlanPri – VLAN Priority.

ipTos – IP Type of Service.

ipDscp – IP Differentiated Services Code Point.

mplsExp – MPLS Experimental

vlanDEI – VLAN Drop Eligibility Indicator. iftype - Interface type.


queue-id - Queue identifier that uniquely identifies a queue relative to an interface.



Example iss(config)# queue-map CLASS 1 interface giga 0/1 queue-id 1

CLASS should be zero while configuring RegenPriority specific Q.

Regenerated-priority should be zero while configuring CLASS specific Queue.

Related Commands

show queue-map – Displays the configured Queue map.



5.12 sched-hierarchy This command creates a Scheduler Hierarchy. The no form of the command deletes a Scheduler Hierarchy.

sched-hierarchy interface <iftype> <ifnum> hierarchy-level <integer(1-10)> sched-id <integer(1-65535)> {next-level-queue <integer(0-65535)> | next-level-scheduler <integer(0-65535)>} [priority <integer(0-15)>] [weight <integer(0-1000)>]

no sched-hierarchy interface <iftype> <ifnum> hierarchy-level <integer(1-10)> sched-id <integer(1-65535)>

Syntax Description



hierarchy-level - Depth of the queue/scheduler hierarchy.

sched-id - Scheduler identifier.

next-level-queue – Next-level queue to which the scheduler output needs to be sent.

next-level-scheduler – Next-level scheduler to which the scheduler output needs to be sent.

priority - Scheduler priority.

weight - Scheduler weight.



Defaults priority - 0

Example iss(config)# sched-hierarchy interface giga 0/1 hierarchy-level 3 sched-id 1 next-level-queue 2 priority 5 weight 50

The priority is specified when the scheduler is connecting to any of the priorities ( EF, AF, BE) of the next level strict-priority scheduler.

The weight is specified if the scheduler is connecting to a WeightedFairQueing of another scheduler.

Related Commands

show sched-hierarchy– Displays the configured hierarchy scheduler.



5.13 qos interface This command sets the default ingress user priority for the port.

qos interface <iftype> <ifnum> def-user-priority <integer(0-7)>

Syntax Description

iftype - Interface type

ifnum - Interface number

def-user-priority - Default ingress user priority for the port



Example iss(config)# qos interface giga 0/1 def-user-priority 3

The default ingress user priority will be used to set priority for untagged packets.

Related Commands

show qos def-user-priority – Displays the configured default ingress user priority for a port.



5.14 map This command adds a Priority Map Entry for mapping an incoming priority to a regenerated priority. The no form of the command sets default value to the Interface, VLAN, regenerated inner priority.

map [interface <iftype> <ifnum>] [vlan <integer(1-4094)>] in-priority-type { vlanPri | ipTos | ipDscp | mplsExp | vlanDEI } [in-priority <integer(0-63)>] regen-priority <integer(0-63)> [regen-inner-priority <integer(0-7)>]

no map { interface | vlan | regen-inner-priority }

Syntax Description



vlan - VLAN identifier. This value ranges between 1 and 4094.

in-priority-type - Type of the incoming priority. The types are:

vlanPri – VLAN Priority.



mplsExp – MPLS Experimental

vlanDEI – VLAN Drop Eligibility Indicator.

in-priority - Incoming priority value determined for the received

frame. This value ranges between 0 and 63.

regen-priority - Regenerated priority value determined for the received frame. This value ranges between 0 and 63.

regen-inner-priority

- Regenerated inner-VLAN (CVLAN) priority value determined for the received frame. This value ranges between zero and seven.

Mode Priority Map Configuration Mode


Defaults vlan - 0

in-priority-type - vlanPri



in-priority - -1

regen-priority - 0

Example iss(config-pri-map)# map interface gig 0/1 vlan 4094 in-priority-type vlanPri in-priority 0 regen-priority 7 regen-inner-priority 1

Priority Map entry should have been created.

Related Commands

priority-map – Adds a Priority Map entry

show priority-map – Displays the Priority Map entry.



5.15 match access-group This command sets Class Map parameters using L2and/or L3 ACL or Priority Map ID.

match access-group { [mac-access-list <integer(0-65535)>] [ ip-access-list <integer(0-65535)>] | priority-map <integer(0-65535)> }

Syntax Description

mac-access-list - Identifier of the MAC filter. This value ranges between 0 and 65535.

ip-access-list - Identifier of the IP filter. This value ranges between 0 and 65535.

priority-map - Priority Map identifier for mapping incoming priority against received packet. This value ranges between 0 and 65535.



Defaults mac-access-list - 0

ip-access-list - 0

priority-map - 0

Example iss(config-cls-map)# match access-group priority-map 1

Priority map ID should have been created.

L2 and/or L3 ACL should have been created.

Related Commands

priority-map – Adds a Priority Map entry.




5.16 set class This command sets CLASS for L2and/or L3 filters or Priority Map ID and adds a CLASS to Priority Map entry with regenerated priority. The no form of the command deletes a CLASS to Priority Map Table entry.

set class <class integer(1-65535)> [pre-color { green | yellow | red | none }] [ regen-priority <integer(0-7)> group-name <string(31)> ]

no set class <class integer(1-65535)>

Syntax Description

class - Traffic CLASS to which an incoming frame pattern is classified.

pre-color - Color of the packet prior to metering. This can be any one of the following:

None – Traffic is not pre-colored.

green – Traffic conforms to SLAs (Service Level Agreements.

yellow – Traffic exceeds the SLAs.

red – Traffic violates the SLAs. regen-priority - Regenerated priority value determined for the input

CLASS. This value ranges between zero and seven.

group-name - Unique identification of the group to which an input CLASS belongs.



Defaults class - 0

Example iss(config-cls-map)# set class 1000 pre-color none regen-priority 1 group-name CLASS

Class map should have created.

The default value zero provided for the class is not configurable.

Related Commands

show class-to-priority-map – Displays the class group Entry.



5.17 meter-type This command sets Meter parameters CIR, CBS, EIR, EBS, Interval, meter type and color awareness.

meter-type { simpleTokenBucket | avgRate| srTCM | trTCM | tswTCM | mefCoupled | mefDeCoupled } [ color-mode { aware | blind } ] [interval <short(1-10000)>] [cir <integer(0-65535)>] [cbs <integer(0-65535)>] [eir <integer(0-65535)>] [ebs <integer(0-65535)>] [next-meter <integer(0-65535)>]

Syntax Description

simpleTokenBucket - Two Parameter Token Bucket Meter.

avgRate - Average Rate Meter.

srTCM - Single Rate Three Color Marker Metering as defined by RFC 2697.

trTCM - Two Rate Three Color Marker Metering as defined by RFC 2698

tswTCM - Time Sliding Window Three Color Marker Metering as defined by RFC 2859.

mefCoupled - Dual bucket meter as defined by RFC 4115.

mefDeCoupled - Dual bucket meter as defined by RFC 2697 and MEF coupling Flag.

color-mode - Indicates the color mode of the Meter. The color modes are:

aware – The Meter considers the pre-color of the packet.

blind – The Meter ignores the pre-color of the packet.

interval - Time interval used with the token bucket. This value ranges between 1 and 10000.

cir - Committed information rate. This value ranges between 0 and 65535.

cbs - Committed burst size. This value ranges between 0 and 65535.



eir - Excess information rate. This value ranges between 0 and 65535.

ebs - Excess burst size. This value ranges between 0 and 65535.

next-meter - Meter entry identifier used for applying the second/next level of conformance on the incoming packet. This value ranges between 0 and 65535.

Mode Meter Configuration Mode


Defaults color-mode - blind

interval - 0

next-meter - 0

Example iss(config-meter)# meter-type simpleTokenBucket color-mode aware interval 10 cir 1000

Meter should have been created.

Related Commands

meter – Creates a Meter.




5.18 set policy This command sets CLASS for policy. The no form of the command sets the default value for interface in this policy.

set policy [class <number(0-65535)>] [interface <iftype> <ifnum>] default-priority-type { none | { vlanPri | ipTos | ipDscp | mplsExp } <integer(0-63)> }

no set policy interface

Syntax Description

class - Traffic CLASS for which the policy-map needs to be applied.



default-priority-type

- Per-Hop Behvior (PHB) type to be used for filling the default PHB for the policy-map entry. The types are:

none – No specific PHB type is set.

vlanPri – VLAN priority.



mplsExp – MPLS Experimental Mode Policy Map Configuration Mode


Defaults class - 0

Example iss(config-ply-map)# set policy class 1 interface giga 0/1 default-priority-type none

CLASS should have been created.

Related Commands

class-map – Adds a Class Map Entry.

policy-map – Creates a policy map.

show policy-map – Displays the Policy Map Entry.



5.19 set meter This command sets Policy parameters such as Meter and Meter Actions. The no form of the command removes the Meter from the Policy and the Meter Actions.

set meter <integer(1-65535)> [ conform-action { none | set-cos-transmit <short(0-7)> set-de-transmit <short(0-1)> | set-port <iftype> <ifnum> | set-inner-vlan-pri <short(0-7)> |set-mpls-exp-transmit <short(0-7)> | set-ip-prec-transmit <short(0-7)> | set-ip-dscp-transmit <short(0-63)> }] [ exceed-action {drop | set-cos-transmit <short(0-7)> set-de-transmit <short(0-1)> | set-inner-vlan-pri <short(0-7)> | set-mpls-exp-transmit <short(0-7)> | set-ip-prec-transmit <short(0-7)> | set-ip-dscp-transmit <short(0-63)> }] [ violate-action {drop | set-cos-transmit <short(0-7)> set-de-transmit <short(0-1)> | set-inner-vlan-pri <short(0-7)> | set-mpls-exp-transmit <short(0-7)> | set-ip-prec-transmit <short(0-7)> | set-ip-dscp-transmit <short(0-63)> }] [ set-conform-newclass <integer(0-65535)> ] [ set-exceed-newclass <integer(0-65535)> ] [ set-violate-newclass <integer(0-65535)> ]

no set meter

Syntax Description

meter - Meter table identifier which is the index for the Meter table.

conform-action - Action to be performed on the packet, when the packets are found to be In profile (conform). Options are:

none – No action is configured.

set-cos-transmit – Sets the VLAN priority of the outgoing packet.

set-de-transmit – Sets the VLAN Drop Eligible indicator of the outgoing packet.

set-port – Sets the new port value.

set-inner-vlan-pri – Sets the inner VLAN priority of the outgoing packet.

set-mpls-exp-transmit – Sets the MPLS Experimental bits of the outgoing packet.

set-ip-prec-transmit – Sets the new IP TOS value.

set-ip-dscp-transmit – Sets the new DSCP value.

exceed-action - Action to be performed on the packet, when the packets

are found to be In profile (exceed). Options are:

drop – Drops the packet.









violate-action - Action to be performed on the packet, when the packets

are found to be out of profile. Options are:

drop – Drops the packet.







set-conform-newclass

- Represents the Traffic CLASS to which an incoming frame pattern is classified after metering.

set-exceed-newclass


set-violate-newclass


Mode Policy Map Configuration Mode


Defaults set-cos-transmit - 0

set-de-transmit - 0

set-mpls-exp-transmit - 0

set-inner-vlan-pri - 0

Example iss(config-ply-map)# set meter 1 exceed-action drop violate-action drop



VLAN priority can be set to a non-zero value only when MPLS Experimental bits is set to zero.

Related Commands




5.20 set algo-type This command sets Q Template entry parameters.

set algo-type { tailDrop | headDrop | red | wred } [queue-limit <integer(1-65535)>] [queue-drop-algo {enable | disable }]

Syntax Description

algo-type - Type of drop algorithm used by the queue template. Options are:

tailDrop – Beyond the maximum depth of the queue, all newly arriving packets will be dropped.

headDrop – Packets currently at the head of the queue are dropped to make room for the new packet to be enqueued at the tail of the queue, when the current depth of the queue is at the maximum depth of the queue.

red – On packet arrival, an Active Queue Management algorithm is executed which may randomly drop a packet.

wred – On packet arrival, an Active Queue Management algorithm is executed which may randomly drop a packet.

queue-limit - Queue size. This value ranges between 1 and 65535.

queue-drop-algo - Enable/disable Drop Algorithm for Congestion Management. Options are:

enable – Enables Drop Algorithm.

disable – Disables Drop Algorithm. Mode Queue Template Configuration mode


Defaults queue-drop-algo - enable

Example iss(config-qtype)# set algo-type red queue-limit 18 queue-drop-algo enable

Queue size must be greater than or equal to the minimum average threshold and less than or equal to the maximum average threshold.

Drop algorithm for Congestion Management can be enabled only when the Random Detect Table entry is created for the Queue.

Related Commands

random-detect dp – Sets Random Detect Table entry parameters.




5.21 random-detect dp This command sets Random Detect Table entry parameters. The no form of the command deletes Random Detect Table entry.

random-detect dp <short(0-2)> [min-threshold <short(1-65535)>] [max-threshold <short(1-65535)>] [max-pkt-size <short(1-65535)>] [mark-probability-denominator <short(1-100)>] [exponential-weight <integer(0-31)>]

no random-detect dp <short(0-2)>

Syntax Description

dp - Drop Precedence. Options are:

0 – low drop precedence.

1 – medium drop precedence.

2 – high drop precedence. min-threshold - Minimum average threshold for the random detect

algorithm. This value ranges between 1 and 65535.

max-threshold - Maximum average threshold for the random detect algorithm. This value ranges between 1 and 65535.

max-pkt-size - Maximum allowed packet size. This value ranges between 1 and 65535.

mark-probability-denominator

- Maximum probability of discarding a packet in units of percentage. This value ranges between 1 and 100.

exponential-weight

- Exponential weight for determining the average queue size. This value ranges between 0 and 31.

Mode Queue Template Configuration Mode


Defaults mark-probability-denominator

- 100

exponential-weight - 0

Example iss(config-qtype)# random-detect dp 1 min-threshold 1200 max-threshold 13000 max-pkt-size 100 mark-probability-denominator 50 exponential-weight 30



5.22 show qos global info This command displays QoS related global configurations.

show qos global info

Mode Privileged EXEC Mode


Example iss# show qos global info

QoS Global Information

----------------------

System Control : Start

System Control : Enable

Rate Unit : kbps

Rate Granularity : 64

Trace Flag : 0

Related Commands

shutdown qos – Shutsdown the QoS subsystem.

qos – Enables or disables the QoS subsystem.



5.23 show priority-map This command displays the Priority Map entry.

show priority-map [<priority-map-id(1-65535)>]

Syntax Description

priority-map-id - Output priority map index for the incoming packet received over ingress Port/VLAN with specified incoming priority.

Mode Privileged EXEC Mode.


Example iss# show priority-map QoS Priority Map Entries

========================

PriorityMapId : 1

IfIndex : 1

VlanId : 4094

InPriorityType : VlanPriority

InPriority : 0

RegenPriority : 7

InnerRegenPriority : 1

iss# show priority-map 9 QoS Priority Map Entries

------------------------

PriorityMapId : 9

IfIndex : gi 0/5

VlanId : 2

InPriorityType : IP Protocol

InPriority : -1

RegenPriority : 5

InnerRegenPriority : 7

If executed without the optional parameters, this command displays all the available Priority Map information.

Related Commands


map - Adds a Priority Map entry for mapping an incoming priority to a regenerated priority



5.24 show class-map This command displays the Class Map entry.

show class-map [<class-map-id(1-65535)>]

Syntax Description

class-map-id - Index that enumerates the MultiField Classifier table entries.



Example iss# show class-map QoS Class Map Entries

=====================

ClassMapId : 1

L2FilterId : None

L3FilterId : None

PriorityMapId : 1

CLASS : 1000

PolicyMapId : 1

PreColor : None

Status : Active

If executed without the optional parameters, this command displays all the available Class Map information

Related Commands

class-map – Adds a Class Map entry.




5.25 show class-to-priority-map This command displays the class group entry.

show class-to-priority-map <group-name(31)>

Syntax Description

Group-name - Unique identification of the group to which an input CLASS belongs.



Example iss# show class-to-priority-map CLASS1

QoS Class To Priority Map Entries

---------------------------------

GroupName : CLASS1

Class LocalPriority

----------------------------------

2 2

Related Commands


set class – Sets CLASS for L2and/or L3 filters or Priority Map ID and adds a CLASS to Priority Map Entry with regenerated priority.



5.26 show meter This command displays the Meter entry.

show meter [<meter-id(1-65535)>]

Syntax Description

meter-id - Index that enumerates the Meter entries.



Example iss# show meter QoS Meter Entries

=================

MeterId : 1

Type : Simple Token Bucket

Color Mode : Color Aware

Interval : 10

CIR : 1000

CBS : None

EIR : None

EBS : None

NextMeter : None

Status : Active

If executed without the optional parameters, this command displays all the available Meter information.

Related Commands

set meter – Sets Policy parameters such as Meter and Meter Actions.



5.27 show policy-map This command displays the Policy Map entry.

show policy-map [<meter-id(1-65535)>]

Syntax Description

meter-id - Index that enumerates the Meter entries.



Example iss# show policy-map QoS Policy Map Entries

======================

PolicyMapId : 1

IfIndex : 0

Class : 0

DefaultPHB : None.

MeterId : 1

ConNClass : 0

ExcNClass : 0

VioNClass : 0

ConfAct : Port 1

ExcAct : Drop.

VioAct : Drop.

If executed without the optional parameter, this command displays all the available Policy Map. information

Related Commands set policy – Sets CLASS for policy.



5.28 show queue-template This command displays the Q Template and Random Detect configurations.

show queue-template [<queue-template-Id(1-65535)>]

Syntax Description

queue-template-Id - Queue Template Table index.



Example iss# show queue-template Queue Template Entries

----------------------

Q Template Id : 1

Q Limit : 10000

Drop Type : Tail Drop

Drop Algo Status : Disable

If executed without the optional parameter, this command displays all the available Queue Template information.

Related Commands




5.29 show shape-template This command displays the Shape Template configurations.

show shape-template [<shape-template-Id(1-65535)>]

Syntax Description

shape-template-Id - Shape Template Table index.



Example iss# show shape-template QoS Shape Template Entries

--------------------------

ShapeTemplate Id CIR CBS EIR EBS

---------------- --- --- --- ---

1 1 1 1 1

If executed without the optional parameter, this command displays all the available Shape Template information

Related Commands

shape-template – Creates a Shape Template.



5.30 show scheduler This command displays the configured Scheduler.

show scheduler [interface <iftype> <ifnum>]

Syntax Description





Example iss# show scheduler QoS Scheduler Entries

---------------------

IfIndex Scheduler Index Scheduler Algo Shape Index Scheduler HL GlobalId

------- --------------- -------------- ----------- ------------ --------

Gi0/1 1 strictPriority 0 0 1

If executed without the optional parameter, this command displays all the available scheduler entries.

Related Commands




5.31 show queue This command displays the configured Queues.

show queue [interface <iftype> <ifnum>]

Syntax Description





Example iss# show queue QoS Queue Entries

-----------------

IfIndex Queue Idx Queue Type Scheduler Idx Weight Priority Shape Idx Global Id

------- --------- ---------- ------------- ------ -------- ------------------

Gi0/1 1 1 1 1 1 1 1

If executed without the optional parameter, this command displays all the available queue entries

Related Commands

queue – Creates a Queue and configures the Queue parameters.





5.32 show queue-map This command displays the configured Queue map.

show queue-map [interface <iftype> <ifnum>]

Syntax Description





Example iss# show queue-map QoS Queue Map Entries

---------------------

IfIndex CLASS PriorityType Priority Value Mapped Queue

------- ----- ------------ -------------- ------------

Gi0/1 1 none 0 1

If executed without the optional parameter, this command displays all the available queue map entries.

Related Commands

queue-map – Creates a Map for a Queue with Class or regenerated priority.



5.33 show sched-hierarchy This command displays the configured hierarchy scheduler.

show sched-hierarchy [interface <iftype> <ifnum>]

Syntax Description





Example iss# show sched-hierarchy QoS Hierarchy Scheduler Entries

-------------------------------

IfIndex Hierarchy Level Sched Index NextQueue Id NextSched Id Weight Priority

------- --------------- ----------- ------------ ------------ --------------

Gi0/1 1 1 0 2 1 1

If executed without the optional parameter, this command displays all the available hierarchy scheduler entries

Related Commands


sched-hierarchy – Creates a Scheduler Hierarchy.



5.34 show qos def-user-priority This command displays the configured default ingress user priority for a port.

show qos def-user-priority [interface <iftype> <ifnum>]

Syntax Description





Example iss# show qos def-user-priority QoS Default User Priority Entries

---------------------------------

IfIndex Default User Priority

-------- ---------------------

Gi0/1 0

Gi0/2 0

Gi0/3 0

Gi0/4 0

Gi0/5 0

Gi0/6 0

Gi0/7 0

Gi0/8 0

Gi0/9 0

Gi0/10 0

Gi0/11 0

Gi0/12 0

Gi0/13 0

Gi0/14 0

Gi0/15 0

Gi0/16 0

Gi0/17 0

Gi0/18 0

Gi0/19 0



Gi0/20 0

Gi0/21 0

Gi0/22 0

Gi0/23 0

Gi0/24 0

If executed without the optional parameter, this command displays the available default ingress user priority entries for all the interface.

Related Commands

qos interface – Sets the default ingress user priority for the port.



5.35 show qos meter-stats This command displays the Meters statistics for conform, exceed, violate packets and octets count.

show qos meter-stats [<Meter-Id(1-65535)>]

Syntax Description

Meter-Id - Index that enumerates the Meter entries.



Example iss# show qos meter-stats QoS Meter (Policer) Stats

-------------------------

Meter Index : 1

Conform Packets : 00

Conform Octects : 00

Exceed Packets : 00

Exceed Octects : 00

Violate Packets : 00

Violate Octects : 0

If executed without the optional parameter, this command displays the Meter statistics for all the available Meters.

Related Commands


set meter – Sets Policy parameters such as Meter and Meter Actions.



5.36 show qos queue-stats This command displays Queue statistics for EnQ, DeQ, discarded packets and octets Count, Management Algo Drop and Q occupancy.

show qos queue-stats [interface <iftype> <ifnum>]

Syntax Description

iftype - Interface Type.

ifnum - Interface Number.



Example iss# show qos queue-stats QoS Queue Stats

-------------------

Interface Index : Gi 0/1

Queue Index : 2

EnQ Packets : 00

EnQ Octects : 00

DeQ Packets : 00

DeQ Octects : 00

Discard Packets : 00

Discard Octects : 00

Occupancy Octects : 00

CongMgntAlgoDrop Octects : 00

If executed without the optional parameter, this command displays the Queue statistics for all the available Interfaces.

Related Commands

show queue – Displays the configured Queues.



Chapter

6 6.TACACS

TACACS (Terminal Access Controller Access Control System), widely used in network environments, is a client/server protocol that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. It is commonly used for providing NAS (Network Access Security). NAS ensures secure access from remotely connected users. TACACS implements the TACACS Client and provides the AAA (Authentication, Authorization and Accounting) functionalities.

TACACS is used for several reasons:

Facilitates centralized user administration.

Uses TCP for transport to ensure reliable delivery.

Supports inbound authentication, outbound authentication and change password request for the Authentication service.

Provides some level of protection against an active attacker.

The list of CLI commands for the configuration of TACACS is as follows:

tacacs-server host

tacacs use-server address

tacacs-server retransmit

debug tacacs

show tacacs

DATACOM SYSTEMS INC CHAPTER 6: TACACS


6.1 tacacs-server host

This command configures the TACACS server with the parameters (host, timeout, key). The no form of the command deletes server entry from the TACACS server table.

tacacs-server host {<ipv4-address> | <ipv6-address> | <host-name>} [single-connection] [port <tcp port (1-65535 )>] [timeout <time out in seconds(1-255)>] {key <secret key>}

no tacacs-server host { <ipv4-address> | <ipv6-address>}

Syntax Description

ipv4-address

- IPv4 address of the host

ipv6-address


host-name - Name of the host

single-connection

- Establishes Single TCP connection to communicate with TACACS Server

port - TCP Port number. This value ranges between 1 and 65535.

timeout - The time period in seconds for which a client will wait for a response from the server before closing the connection. This value ranges between 1 and 255 seconds.

key - Per-server encryption key. Specifies the authentication and encryption key for all TACACS communications between the authenticator and the TACACS server. The string length is 64.



Defaults port

- 40

timeout

- 5 seconds

Example iss(config)# tacacs-server host 12.0.0.100 TACACS+ server configured with default secret key !



iss(config)# tacacs-server host 2005::33 TACACS+ server configured with default secret key !

Related Commands

show tacacs - Displays the statistical log information and server for TACACS client



6.2 tacacs use-server address

This command selects a server from the list of servers maintained in the TACACS client and makes the TACACS client to use the specified server. The no form of the command disables the configured TACACS active server.

tacacs use-server address { <ipv4-address> | <ipv6-address>}

no tacacs use-server

Syntax Description

ipv4-address


ipv6-address




Example iss(config)# tacacs use-server address 10.0.0.100

Related Commands show tacacs - Displays the statistical log information and server for TACACS client



6.3 tacacs-server retransmit

This command specifies the number of times the client searches the active server from the list of servers maintained in the TACACS client, when active server is not configured. The no form of the command sets the default retries.

tacacs-server retransmit <retries>

no tacacs-server retransmit



Example iss(config)# tacacs-server retransmit 3



6.4 debug tacacs

This command sets the debug trace level for TACACS client module. The no form of the command disables the debug trace level for TACACS client module.

debug tacacs { all | info | errors | dumptx | dumprx }

no debug tacacs

Syntax Description

all - All TACACS debug messages

info - TACACS Server information messages

errors - Error code debug messages

dumptx

- Transmitted packet dump messages

dumprx - Received packet dump messages



Defaults Debugging is Disabled

Example iss# debug tacacs all



6.5 show tacacs

This command displays the statistical log information and server for TACACS+ client.

show tacacs



Example iss# sh tacacs Server : 1

Server address : 12.0.0.100

Address Type : IPV4

Single Connection : no

TCP port : 49

Timeout

Secret Key

: 5

: Datacom Systems

Server : 2

Server address : 2005::33

Address Type : IPV6

Single Connection : no

TCP port : 4949

Timeout : 5

Secret Key

Authen. Starts sent

: Datacom Systems

: 0

Authen. Continues sent : 0

Authen. Enables sent : 0

Authen. Aborts sent : 0

Authen. Pass rvcd. : 0

Authen. Fails rcvd. : 0

Authen. Get User rcvd. : 0

Authen. Get Pass rcvd. : 0



Authen. Get Data rcvd. : 0

Authen. Errors rcvd. : 0

Authen. Follows rcvd. : 0

Authen. Restart rcvd. : 0

Authen. Sess. timeouts : 0

Author. Requests sent : 0

Author. Pass Add rcvd. : 0

Author. Pass Repl rcvd : 0

Author. Fails rcvd. : 0

Author. Errors rcvd. : 0

Author Follows rcvd. : 0

Author. Sess. timeouts : 0

Acct. start reqs. sent : 0

Acct. WD reqs. sent : 0

Acct. Stop reqs. sent : 0

Acct. Success rcvd. : 0

Acct. Errors rcvd. : 0

Acct. Follows rcvd. : 0

Acct. Sess. timeouts : 0

Malformed Pkts. rcvd. : 0

Socket failures : 0

Connection failures : 0

Related Commands

tacacs-server host - Configures the TACACS server with the parameters

tacacs use-server address - Selects a server from the list of servers maintained in the TACACS client and makes the TACACS client to use the specified server



Chapter

7 7.LA

LA (Link Aggregation) is a method of combining physical network links into a single logical link for increased bandwidth. LA increases the capacity and availability of the communications channel between devices (both switches and end stations) using existing Fast Ethernet and Gigabit Ethernet technology. LA also provides load balancing where the processing and communication activity is distributed across several links in a trunk, so that no single link is overwhelmed. By taking multiple LAN connections and treating them as a unified, aggregated link, practical benefits in many applications can be achieved. LA provides the following important benefits:

Higher link availability

Increased link capacity

Improvements are obtained using existing hardware (no upgrading to higher-capacity link technology is necessary)

The list of CLI commands for the configuration of LA is as follows:

set port-channel/channel-protocol

lacp system-priority

lacp system-identifier

port-channel load-balance

lacp port-priority

lacp port-identifier

channel-group

lacp wait-time

lacp timeout/lacp rate

DATACOM SYSTEMS INC CHAPTER 7: LA


lacp

default port

port-channel max-ports

shutdown port-channel

debug lacp/debug etherchannel

show etherchannel

show etherchannel - Redundancy

show interfaces

show lacp



7.1 set port-channel

This command enables/disables link aggregation in the switch.

set port-channel { enable | disable }

Syntax Description

enable

- Enables link aggregation in the switch

disable

- Disables link aggregation in the switch



Defaults disable

Example iss(config)# set port-channel enable

Related Command

show etherchannel - Displays Etherchannel information



7.2 channel-protocol

This command enables link aggregation in the switch and the no form of the command disables link aggregation in the switch.

This command operates similar to that of the command set port-channel.

channel-protocol { lacp | pagp }

no channel-protocol

Syntax Description

lacp

- Specifies LACP (Link Aggregation Control Protocol) to manage channeling.

pagp

- Specifies PAgP (Port aggregation protocol) to manage channeling.



Defaults Link aggregation is disabled

Example iss(config)# channel-protocol lacp

Related Command




7.3 lacp system-priority

This command sets the LACP priority for the system and the no form of the command sets the LACP priority for the system to the default value. System Priority represents a 2-octet value indicating the priority value associated with the system involved in link aggregation.

lacp system-priority <0-65535>

no lacp system-priority



Defaults 0x8000 or 32768

Example iss(config)# lacp system-priority 5

The switch with the lowest system priority value decides the standby and active links in the aggregation.

Although this is a global configuration command, the priority only takes effect on EtherChannels that have physical interfaces with LACP enabled.

Related Command

show etherchannel - Displays lacp system-priority value



7.4 lacp system-identifier

This command sets the global LACP System ID. The no form of the command sets the global LACP System ID to the default value.

lacp system-identifier <aa:aa:aa:aa:aa:aa>

no lacp system-identifier



Example iss(config)#lacp system-identifier 00:01:02:03:04:05

The MAC address configured must not be a Null MAC address or a Multicast MAC address.

Related Commands

show etherchannel - Displays lacp system-priority value

Error! Reference source not found. - Displays the current operating configuration in the system



7.5 port-channel load-balance

This command sets the load balancing policy for aggregated ports on each of the previously created port channels. The no form of the command sets the load balancing policy to the default value.

port-channel load-balance {src-mac | dest-mac | src-dest-mac| src-ip | dest-ip | src-dest-ip | vlan-id | service-instance | mac-src-vid | mac-dest-vid | mac-src-dest-vid | mpls-vc-label | mpls-tunnel-label | mpls-vc-tunnel-label} [ <port-channel-index(1-65535)>]

no port-channel load-balance [ <port-channel-index(1-65535)> ]

Syntax Description

src-mac

- Load distribution is based on the source MAC address. Packets from different hosts use different ports in the channel, but packets from the same host use the same port

dest-mac - Load distribution is based on the destination host MAC

address. Packets to the same destination are sent on the same port, but packets to different destinations are sent on different ports in the channel

src-dest-mac

- Load distribution is based on the source and destination MAC address

src-ip

- Load distribution is based on the source IP address

dest-ip

- Load distribution is based on the destination IP address

src-dest-ip

- Load distribution is based on the source and destination IP address

mac-src-vid2

- Link selection policy is based on the combination of source MAC address and VLAN identifier.

mac-dest-vid2

- Link selection policy is based on the combination of destination MAC address and VLAN identifier.

2 This option is available only when MPLS is enabled.



mac-src-dest-vid2

- Link selection policy is based on the combination of source, destination MAC address and VLAN identifier.

mpls-vc-label2

- Link selection policy is based on MPLS VC label.

mpls-tunnel-label2

- Link selection policy is based on MPLS tunnel label.

mpls-vc-tunnel-label2

- Link selection policy is based on the combination of MPLS VC and tunnel label.

vlan-id - Load distribution is based on VLAN Identifier

service-instance

- Load distribution is based on service-instance. Packets with the same service-instance use the same port. Packets with different service-instance use different ports such that the load is balanced among ports. Same port can have packets with different service-instances also.

port-channel-index

- Port channel number



Defaults source and destination MAC address based

Example iss(config)# port-channel load-balance service-instance 20 iss(config)# port-channel load balance dest-mac 28

If the port-channel index is not mentioned in this command, the load-balancing must apply for all port-channels configured in the system.

Initially, the port channel interface must have been configured for this command.

Related Command

show etherchannel - Displays Etherchannel load balance information



7.6 lacp port-priority

This command sets the LACP port priority and the no form of the command sets the LACP port priority to the default value. Port priority determines whether the link is an active link or a standby link, when the number of ports in the aggregation exceeds the maximum number supported by the hardware

lacp port-priority <0-65535>

no lacp port-priority



Defaults port-priority

- 128

Example iss(config-if)# lacp port-priority 1

This command takes effect only on EtherChannel interfaces that are already configured for LACP.

If the number of links in an aggregation exceeds the maximum supported by the hardware, then the links with lower priority become active links.

Related Commands

lacp system-priority - Globally sets the LACP priority

show etherchannel - Displays Etherchannel detailed / port information



7.7 lacp port-identifier

This command sets the LACP actor admin port to be filled in the LACP PDUs.

lacp port-identifier <1-65535>



Example iss(config-if)# lacp port-identifier 2

Related Commands


show interfaces – Displays interface specific port-channel information



7.8 channel-group

This command configures an Etherchannel and the no form of the command removes an interface from the Etherchannel.

channel-group <channel-group-number(1-65535)> mode {auto [non-silent] | desirable [non-silent] | on | active | passive}

no channel-group

Syntax Description

mode - Mode represents any one of the following:

active - LACP negotiation is started un-conditionally

passive - LACP negotiation is started only when LACP packet is received from peer

on - Force the interface to channel without LACP. This is equivalent to manual aggregation

auto - Places a port into a passive negotiating state in which the port responds to received PAgP packets, but does not initiate PAgP packet negotiation.

desirable - Places a port into an active negotiating state in which the port initiates negotiations with other ports by sending PAgP packets.

[non-silent] - Used with the auto or desirable keyword when traffic is expected from the other device.



Example iss(config-if)# channel-group 1 mode active

If the port-channel is not present, then the port channel must be created.



Related Command


7.9 lacp wait-time

This command sets the LACP wait-time and the no form of the command sets the LACP wait-time to the default value.

lacp wait-time <0-10>

no lacp wait-time



Defaults 2

Example iss(config-if)# lacp wait-time 1

Configuring the wait-time value as 0 ensures that links get aggregated immediately.

Related Command




7.10 lacp timeout

This command sets the LACP timeout period and the no form of the command sets the LACP timeout period to the default value.

lacp timeout {long | short }

no lacp timeout

Syntax Description

long

- Long timeout value

short

- Short timeout value



Defaults long

Example iss(config-if)# lacp timeout short

The long timeout value means that LACP PDU will be sent every 30 seconds and LACP timeout value (no packet is received from peer ) is 90 seconds.

The short timeout value means that LACP PDU will be sent every 1 second and timeout value is 3 seconds.

Related Command




7.11 lacp rate

This command sets the LACP timeout period and the no form of the command sets the LACP timeout period to the default value

This command operates similar to that of the command lacp timeout.

lacp rate {normal | fast }

no lacp rate

Syntax Description

normal

- LACP control packets are ingressed at the normal rate.That is, LACP PDU will be sent every 30 seconds and the timeout value will be set as 90 seconds.

fast

- LACP control packets are ingressed at the fast rate. That is, LACP PDU will be sent every 1 second and the timeout value will be set as 3 seconds.



Defaults normal

Example iss(config-if)# lacp rate fast

The normal timeout value means that LACP PDU will be sent every 30 seconds and LACP timeout value (no packet is received from peer) is 90 seconds.

The fast timeout value means that LACP PDU will be sent every 1 second and timeout value is 3 seconds.



Related Command


7.12 lacp

This command sets the LACP Actor Admin key and/or LACP mode for the port.

lacp [admin-key <(Admin Key)1-65535>] [mode {active | passive}]

Syntax Description

admin-key

- LACP Actor Admin key

mode

- LACP mode



Defaults mode - active

Example iss(config-if)# lacp admin-key 1 mode active

This command can be configured only after configuring the default port.

Related Command

default port - Configures the default physical interface for the port channel.



7.13 default port

This command configures the default physical interface for the port channel and the no form of the command removes default port for a port channel.

default port <interface-type> <interface-id>

no default port

Syntax Description

interface-type

- Interface Type

interface-id

- Interface Identifier



Example iss(config-if)# default port gigabitethernet 0/1

Related Commands

lacp - Sets the LACP Actor Admin key and/or LACP mode for the port.



7.14 port-channel max-ports

This command configures the maximum number of ports for a port channel.

port-channel max-ports <integer (2-8)>



Defaults 8

Example iss(config-if)# port-channel max-ports 5



7.15 shutdown port-channel

This command shuts down Link Aggregation in the switch and the no form of the command starts and enables Link Aggregation in the switch.

shutdown port-channel

no shutdown port-channel



Example iss(config)# shutdown port-channel

When shutdown, all resources used by the Link Aggregation Module are released to the system.

Related Commands




show interfaces - Displays interface specific port-channel information

7.16 debug lacp

This command enables trace messages for link aggregation and the no form of the command disables trace messages for link aggregation.

debug lacp [ { init-shutdown | mgmt | data | events | packet | os | failall | buffer | all } ]

no debug lacp [ { init-shutdown | mgmt | data | events | packet | os | failall | buffer | all } ]

Syntax Description

init-shutdown

- Initialization and shutdown traces

mgmt - Management traces

data - Data path traces

events - Event traces



packet - Packet dump traces

os - Traces related to all resources except buffers

failall - All failure traces

buffer - Buffer traces

all - All traces



Defaults init-shutdown

Example iss# debug lacp data

7.17 debug etherchannel

This command enables trace messages for link aggregation and the no form of the command disables trace messages for link aggregation.

This command operates similar to that of the command debug lacp.

debug etherchannel {[all] [detail] [error] [event] [idb]}

no debug etherchannel {[all] [detail] [error] [event] [idb]}

Syntax Description

all

- All traces

detail

- Detailed debug traces

error

- All failure traces



event

- Event traces

idb

- Interface descriptor block messages



Example iss# debug etherchannel detail

7.18 show etherchannel

This command displays Etherchannel information.

show etherchannel [[channel-group-number] { detail | load-balance | port | port-channel | summary | protocol}]

Syntax Description

channel-group-number

- Number of the channel group. Valid numbers range from maximum number of ports in the system to maximum number of aggregations supported

detail

- Detailed EtherChannel information

load-balance

- Load-balance or frame-distribution scheme among ports in the port channel



port

- EtherChannel port information

port-channel

- Port-channel information

summary

- Protocol that is being used in the EtherChannel

protocol

- One-line summary per channel-group



Example iss# show etherchannel Port-channel Module Admin Status is enabled

Port-channel Module Oper Status is enabled

Port-channel System Identifier is 00:01:02:03:04:01

Channel Group Listing

---------------------

Group : 1

----------

Protocol : LACP

iss# show etherchannel 1 detail

Port-channel Module Admin Status is enabled



LACP System Priority: 32768


---------------------

Group: 1

----------

Protocol :LACP

Ports in the Group



------------------

Port : Gi0/1

-------------

Port State = Up in Bundle

Channel Group : 1

Mode : Active

Pseudo port-channel = Po1

LACP port-priority = 128

LACP Wait-time = 2 secs

LACP Activity : Active

LACP Timeout : Long

Aggregation State : Aggregation, Sync, Collecting, Distributing, Defaulted

LACP Port Admin Oper Port Port

Port State Priority Key Key Number State

------------------------------------------------

Gi0/1 Bundle 128 1 1 0x1 0xbe

Port-channel : Po1

------------------

Number of Ports = 1

HotStandBy port = null

Port state = Port-channel Ag-Inuse

Protocol = LACP

Aggregator-MAC 00:01:02:03:04:19

Default Port = None

iss# show etherchannel 1 port


---------------------

Group: 1

----------



Protocol :LACP

Ports in the Group

------------------

Port : Gi0/1

-------------


Channel Group : 1

Mode : Active

port-channel = Po1




LACP Port Identifier = 2


LACP Timeout : Long

Aggregation State : Aggregation, Sync, Collecting, Distributing,

Port : Gi0/2

-------------


Channel Group : 1

Mode : Active

port-channel = Po1





LACP Timeout : Long






------------------------------------------------

Gi0/1 Bundle 128 1 1 0x1 0xbc

Gi0/2 Bundle 128 1 1 0x2 0xbc

iss# show etherchannel 1 port-channel





---------------------

Group : 1

----------

Port-channels in the group:

---------------------------

Port-channel : Po1

-------------------

Number of Ports = 1



Protocol = LACP


Default Port = None

iss# show etherchannel summary




Flags:



D - down P - in port-channel

I - stand-alone H - Hot-standby (LACP only)

U - in-use

Number of channel-groups in use: 1

Number of aggregators: 1

Group Port-channel Protocol Ports

----------------------------------------------------------

1 Po1(U) LACP Gi0/1(P),Gi0/2(D)

iss# show etherchannel 1 protocol


---------------------

Group : 1

----------

Protocol : LACP

iss# show etherchannel load-balance


---------------------

Group : 1

----------

Source & Destination MAC Address

If the channel group number is not specified details on all channels are displayed.

Related Commands

channel-group - Assigns an Ethernet interface to an EtherChannel group

set port-channel / channel-protocol - Enables/disables link aggregation in the switch

lacp system-priority - Sets the LACP priority for the system

port-channel load-balance - Sets the load balancing policy

lacp port-priority - Sets the LACP port priority

lacp wait-time - Sets the LACP wait-time



lacp timeout / lacp rate - Sets the LACP timeout period


7.19 show etherchannel - Redundancy

This command displays Etherchannel information.

show etherchannel [[channel-group-number] { detail | load-balance | port | port-channel | summary | protocol | redundancy}]

Syntax Description

channel-group-number

- Number of the channel group. Valid numbers range from maximum number of ports in the system to maximum number of aggregations supported

detail

- Detailed EtherChannel information

load-balance

- Load-balance or frame-distribution scheme among ports in the port channel

port

- EtherChannel port information

port-channel

- Port-channel information

summary

- Protocol that is being used in the EtherChannel

protocol

- One-line summary per channel-group

redundancy3 - Synced messages


Package Metro

Example iss# show etherchannel redundancy Actor Information for Port : Gi0/1

3 This feature is not supported.



----------------------------------

Channel Group : 1


CurrentWhile Split Interval Tmr Count = 1

Synced Partner Information for Port : Gi0/1

-----------------------------------

Partner System ID : 00:11:22:33:44:55

Flags : A

LACP Partner Port Priority : 128

LACP Partner Oper Key : 1

Port State Flags Decode

------------------------

Activity : Active

LACP Timeout : Long


Actor Information for Port : Gi0/2

-------------

Channel Group : 1


CurrentWhile Split Interval Tmr Count = 1

Synced Partner Information for Port : Gi0/2

-------------


Flags : A




------------------------

Activity : Active

LACP Timeout : Long




----------------------------------------------------------------

If the channel group number is not specified details on all channels are displayed.

Related Commands channel-group - Assigns an Ethernet interface to an EtherChannel group

set port-channel / channel-protocol - Enables/disables link aggregation in the switch

lacp system-priority - Sets the LACP priority for the system




lacp timeout / lacp rate - Sets the LACP timeout period


7.20 show interfaces

This command displays interface specific port-channel information.

show interfaces [<interface-type> <interface-id> ] etherchannel

Syntax Description

etherchannel

- Interface EtherChannel information



Example iss# show interfaces gigabitethernet 0/1 etherchannel Port : Gi0/1

-------------




Channel Group : 2

Mode : Active



LACP Port Identifier = 2


LACP Activity : Passive

LACP Timeout : Long




-------------------------------------------------------------

Gi0/1 Bundle 128 2 2 0x1 0x3c

iss# show interfaces etherchannel

Port : Gi0/1

-------------


Channel Group : 2

Mode : Active





LACP Timeout : Long


Port : Gi0/2



-------------


Channel Group : 2

Mode : Active





LACP Timeout : Long




-------------------------------------------------------------

Gi0/1 Bundle 128 2 2 0x1 0x3c

Gi0/2 Bundle 128 2 2 0x2 0x3c

Port-channel : Po2

-------------------

Number of Ports = 2



Protocol = LACP


Default Port = None

Expressions are case sensitive.

The port-channel range is 1 to 64.

Related Commands set port-channel - Enables/disables link aggregation in the switch







lacp timeout - Sets the LACP timeout period


7.21 show lacp

This command displays port-channel traffic/neighbor information.

show lacp [<port-channel(1-65535)>] { counters | neighbor [detail] }

Syntax Description

port-channel

- Number of the channel group

counters

- Traffic information

neighbor

- Neighbor information

detail - Neighbor detail information


Example iss# show lacp 1 counters LACPDUs Marker Marker Response LACPDUs

Port Sent Recv Sent Recv Sent Recv Pkts Err

------------------------------------------

Channel group: 1

------------------

Gi0/1 394 352 0 0 0 0 0 0

Gi0/2 318 297 0 0 0 0 0 0

iss# show lacp neighbor detail



Flags:

A - Device is in Active mode

P - Device is in Passive mode

Channel group 1 neighbors

Port Gi0/1

----------


Flags : P



LACP Partner Port State : 0x3c


------------------------

Activity : Passive

LACP Timeout : Long

Aggregation State : Aggregation, Sync, Collecting, Distributing

Port Gi0/2

----------


Flags : P



LACP Partner Port State : 0x3c


------------------------

Activity : Passive

LACP Timeout : Long

Aggregation State : Aggregation, Sync, Collecting, Distributing



Expressions are case sensitive

Related Commands lacp wait-time - Sets the LACP wait-time

lacp timeout - Sets the LACP timeout period



show etherchannel - Displays Etherchannel detailed information



Chapter

8 8.Syslog

Syslog is a protocol used for capturing log information for devices on a network. The syslog protocol provides a transport to allow a machine to send event notification messages across IP networks to event message collectors, also known as syslog servers. The protocol is simply designed to transport the event messages.

One of the fundamental tenets of the syslog protocol and process is its simplicity. The transmission of syslog messages may be started on a device without a receiver being configured, or even actually physically present. This simplicity has greatly aided the acceptance and deployment of syslog.

The list of CLI commands for the configuration of Syslog is as follows:

logging

logging synchronous

mailserver

sender mail-id

receiver mail-id

cmdbuffs

service timestamps

clear logs

syslog mail

syslog local storage

syslog filename-one

syslog filename-two

DATACOM SYSTEMS INC CHAPTER 8: SYSLOG


syslog filename-three

syslog relay - port

syslog profile

logging-file

logging server

mail server

syslog relay

syslog relay transport type

show logging

show email alerts

show syslog role

show syslog mail

show syslog local storage

show logging file

show logging server

show mail server

show syslog relay - port

show syslog profile

show syslog relay transport type

show syslog file-name

show syslog information



8.1 logging

This command enables Syslog server and configures the Syslog Server IP address, the log-level and other Syslog related parameters. The no form of the command disables Syslog server and resets the configured Syslog server IP address, the log-level and other Syslog related parameters.

logging { <ip-address> | buffered [<size (1-200)>] | console | facility {local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7|}| severity [{ <level (0-7)> | alerts | critical | debugging | emergencies | errors | informational | notification | warnings }] | on }

no logging { <ip-address> | buffered | console | facility | severity | on }

Syntax Description

ip-address - Host IP address used as a Syslog server.

buffered - Limits Syslog messages displayed from an internal buffer. This size ranges between 1 and 200 entries.

The size feature is optional only in the code using the industrial standard command, otherwise this feature is mandatory.

console - Limits messages logged to the console.

facility - The facility that is indicated in the message. Can be one of the following values: local0, local1, local2, local3, local4, local5, local 6, local7.

severity - Message severity level. Messages with severity level equal to or high than the specified value are printed asynchronously. This can be configured using numerical value or using the available option. The options are:

0 | emergencies - System is unusable.

1 | alerts - Immediate action needed.

2 | critical - Critical conditions.

3 | errors - Error conditions.

4 | warnings - Warning conditions.

5 | notification - Normal but significant conditions.

6 | informational - Informational messages.

7 | debugging – Debugging messages.

alerts - Immediate action needed

critical - Critical conditions

debugging - Debugging messages

emergencies - System is unusable

errors - Error conditions



informational - Information messages

notification - Normal but significant messages

warnings - Warning conditions

on - Syslog enabled



Defaults console - enabled

severity - informational, when no option is selected while configuration.

debugging, at system start-up.

buffered - 50

facility - local0

Example iss(config)# logging 12.0.0.2

The log file is stored in ASCII text format. The Privileged EXEC command is used to display its contents

The logging process controls the distribution of logging messages to the various destinations, such as the logging buffer, logging file, or Syslog server

The existing syslog buffers will not be cleared and none of the configured options will be changed, when the Syslog feature is disabled

Related Command

show logging - Displays Logging status and configuration information



8.2 logging synchronous

This command enables synchronous logging of messages.

This command operates similar to that of the command logging.

logging synchronous {severity [{<short (0-7)> | alerts | critical | debugging | emergencies | errors | informational | notification | warnings|all}] | limit <number-of-buffers(size(1-200))}

Syntax Description

severity - Message severity level. Messages with severity level equal to or high than the specified value are printed asynchronously. This can be configured using numerical value or using the available option. The options are:

0 | emergencies - System is unusable.

1 | alerts - Immediate action needed.

2 | critical - Critical conditions.

3 | errors - Error conditions.

4 | warnings - Warning conditions.

5 | notification - Normal but significant conditions.

6 | informational - Informational messages.

7 | debugging – Debugging messages.

all - All messages are printed asynchronously regardless of the severity level.

limit - Number of buffers to be queued for the terminal after which new messages are dropped. This value ranges between 1 and 200 entries.

Mode Line Configuration Mode


Defaults severity - informational, when no option is selected while configuration.

debugging, at system start-up.

limit - 50

Example iss(config-line)# logging synchronous severity 4

The log file is stored in ASCII text format. The Privileged EXEC command is used to



display its contents.

The logging process controls the distribution of logging messages to the various destinations, such as the logging buffer, logging file, or Syslog server.

The existing syslog buffers will not be cleared and none of the configured options will be changed, when the Syslog feature is disabled.

Related Command




8.3 mailserver

This command sets the mail server IP address to be used for sending email alert messages and the no form of the command re-sets the mail server IP address used for sending email alert messages.

mailserver <ip-address>

no mailserver



Example iss(config)# mailserver 23.78.67.89

Initially, the mailserver has to be configured, for the show email alerts command.

Related Commands logging - Enables Syslog Server and configures the Syslog Server IP address, the log-level and

other Syslog related parameter

show email alerts - Displays email alerts related configuration



8.4 sender mail-id

This command sets the sender mail id and the no form of the command deletes the configured sender mail id.

sender mail-id <mail-id (100)>

no sender mail-id


Package

Defaults

Workgroup, Enterprise and Metro

syslog@Datacom Systems.com

Example iss(config)# sender mail-id [email protected]

Primarily, the mailserver must have been configured for this command

The sender and receiver email-ids are mandatory for email alert messages to besent.

Related Commands

mailserver - Sets the mail server IP address to be used for sending email alert messages

logging - Enables Syslog Server and configures the Syslog Server IP address, the log-level andother Syslog related parameter



receiver mail-id - Sets the receiver mail id



8.5 receiver mail-id

This command sets the receiver mail id and the no form of the command deletes the configured receiver mail id.

receiver mail-id <mail-id (100)>

no receiver mail-id


Package

Defaults


[email protected]

Example iss(config)#receiver mail-id plabinik@IDatacom Systems.com

Primarily, the mailserver must have been configured for this command

The sender and receiver email-ids are mandatory for email alert messages to besent

Related Commands





sender mail-id - Sets the sender mail id



8.6 cmdbuffs

This command configures the number of syslog buffers for a particular user.

cmdbuffs <user name> <no.of buffers (1-200)>

Syntax Description

user name - User Name

no.of buffers

- Number of log buffers to be allocated in the system



Defaults 50

Example iss(config)#cmdbuffs Datacom Systems Inc. 50

CLI related events like commands given by the user, login/logout etc can be logged on to the Syslog Server.

Related Commands





8.7 service timestamps

This command enables timestamp option for logged messages and the no form of the command disables timestamp option for logged messages.

service timestamps

no service timestamps



Defaults Enabled

Example iss(config)#service timestamps

When enabled, the messages (log and email alert messages) will hold the time stamp information

When disabled, the time stamp information will not be carried with the messages sent to the log and mail servers

Related Commands logging - Enables Syslog Server and configures the Syslog Server IP address, the log-level and

other Syslog related parameter




8.8 clear logs

This command clears the system syslog buffers.

clear logs



Example iss(config)# clear logs

Related Commands

cmdbuffs - Configures the number of Syslog buffers for a particular user

logging - Enables Syslog Server and configures the Syslog Server IP address, the log-level and other Syslog related parameter




8.9 syslog mail

This command enables the mail option in syslog. The no form of command disables the mail option in syslog.

syslog mail

no syslog mail



Example iss(config)# syslog mail

Related Commands show syslog mail - Displays the mail option in syslog

mail server table - Adds an entry to mail-server table



8.10 syslog local storage

This command enables the syslog local storage. The no form of command disables the syslog local storage.

syslog localstorage

no syslog localstorage



Example iss (config)# syslog localstorage

Related Commands

show syslog local storage - Displays the syslog local storage.

syslog filename-one - Configures the file name to store the syslog messages.

syslog filename-two - Configures the file name to store the syslog messages.

syslog filename-three - Configures the file name to store the syslog messages

logging-file - Adds an entry in to file table



8.11 syslog filename-one

This command configures the file name to store the syslog messages. The maximum size of the file name is 32.

syslog filename-one <string(32)>



Example iss (config)# syslog filename-one iss1

Syslog local storage must be enabled.

Related Commands syslog local storage - Enables the syslog local storage

show syslog file-name - Displays the Syslog local storage file name





8.12 syslog filename-two


syslog filename-two <string(32)>



Example iss(config)# syslog filename-two iss2








8.13 syslog filename-three


syslog filename-three <string(32)>



Example iss(config)# syslog filename-three iss3








8.14 syslog relay - port

This command sets the syslog port through which it receives the syslog messages. The no form of command sets the syslog port to default port 514.

syslog relay-port <integer(0-65535)>

no syslog relay-port



Example iss(config)# syslog relay-port 500

Syslog relay must be enabled

Related Commands syslog relay - Changes the syslog role from device to relay

syslog relay transport type - Sets the Syslog relay transport type either as udp or tcp

show syslog relay - port - Displays the Syslog relay port



8.15 syslog profile

This command sets the profile for reliable syslog. The no form of command sets the profile to default (raw ) for Reliable Syslog.

syslog profile {raw | cooked4}

no syslog profile

Syntax Description

raw - Profile with minimum parameters in the BEEP



Example iss(config)# syslog profile raw

Related Commands

show syslog profile - Displays the Syslog profile.

4 This feature is not supported. It may be implemented in the future.



8.16 logging-file

This command adds an entry in to file table. The no form of command deletes an entry from the file table.

logging-file <short(0-191)> <string(32)>

no logging-file <short(0-191)> <string(32)>

Syntax Description

short - Priority of syslog messages. 0-lowest priority, 191-highest priority

string - File-name



Example iss (config)# logging-file 134 iss1

Syslog local storage must be enabled

Related Commands



show logging file - Displays the Syslog file table

syslog local storage - Enables the syslog local storage

8.17 logging server

This command adds an entry in to logging-server table. The no form of command deletes an entry from forward table.

logging-server <short(0-191)> {ipv4 <ucast_addr> | ipv6 <ip6_addr>} [ port <integer(0-65535)>] [{udp | tcp | beep}]

no logging-server <short(0-191)> {ipv4 <ucast_addr> |ipv6 <ip6_addr>}

Syntax Description


ipv4,ipv6 - Version 4 and Version 6 IP address

port - Port number

udp, tcp,beep

Sets the transport type as either udp, tcp, beep





Example iss (config)# logging-server 134 ipv4 12.0.0.3

Related Commands

show logging server - Displays the Syslog logging server table

8.18 mail server table

This command adds an entry to mail-server table. The no form of command deletes an entry from mail table.

mail-server <short(0-191)> {ipv4 <ucast_addr> |ipv6 <ip6_addr>} <string(50)>

no mail-server <short(0-191)> {ipv4 <ucast_addr> |ipv6 <ip6_addr>}

Syntax Description


ipv4, ipv6

- Version 4 and Version 6 IP address





Example iss (config)# mail-server 134 ipv4 12.0.0.100 root@localhost

Related Commands

show mail server - Displays the Syslog mail server table

syslog mail - Enables the mail option in syslog

8.19 syslog relay

This command changes the syslog role from device to relay. The no form of command changes the syslog role from relay to device.

syslog relay

no syslog relay



Example iss(config)# syslog relay



Related Commands

show syslog role - Displays the syslog role.

syslog relay transport type - Sets the Syslog relay transport type either as udp or tcp

syslog relay - port - Sets the syslog port through which it receives the syslog messages

8.20 syslog relay transport type

This command sets the Syslog relay transport type either as udp or tcp.

syslog relay transport type {udp | tcp}

Syntax Description

udp - Sets the relay transport type as udp

tcp - Sets the relay transport type as tcp



Example iss(config)# syslog relay transport type udp



Syslog relay must be enabled

Related Commands

syslog relay - Changes the syslog role from device to relay

show syslog role - Displays the syslog role.

show syslog relay transport type - Displays the Syslog relay transport type

show syslog relay - port - Displays the Syslog relay port.

8.21 show logging

This command displays logging status and configuration information.

show logging





Example iss# show logging System Log Information

----------------------

Syslog logging : enabled(Number of messages 0)

Console logging : enabled(Number of messages 0)

TimeStamp option : enabled

Severity logging : Debugging

Log server IP : 10.0.0.1

Facility : Default (local0)

Buffered size : 100

LogBuffer(0 Entries, 0 bytes)

Related Commands

logging - Enables Syslog Server and configures the Syslog Server IP address, the log-level and other Syslog related parameter

service timestamps - Enables timestamp option for logged messages

8.22 show email alerts

This command displays configurations related to email alerts.



show email alerts



Example iss# show email alerts

Sender email-id : [email protected]

Receiver email-id : [email protected]

Mail server IP : 12.0.0.3

Related Commands


receiver mail-id - Sets the receiver mail id

sender mail-id - Sets the sender mail id

8.23 show syslog role



This command displays the syslog role.

show syslog role



Example iss# show syslog role Syslog Role : Relay

Related Commands syslog relay - Changes the syslog role from device to relay



8.24 show syslog mail

This command displays the mail option in syslog.

show syslog mail



Example iss# show syslog mail Syslog Mail Option : Enabled

Related Commands

syslog mail – Enables the mail option in syslog



8.25 show syslog local storage

This command displays the syslog local storage.

show syslog localstorage



Example iss# show syslog localstorage Syslog Localstorage : Enabled




8.26 show logging file

This command displays the Syslog file table.

show logging-file



Example iss# show logging-file Syslog File Table Information

----------------------------

Priority File-Name

-------- ----------

134 iss1

134 iss2

134 iss3

Related Commands syslog filename-one/syslog filename-two/syslog filename-three - Gets the users

desired file name to store syslog message




8.27 show logging server

This command displays the Syslog logging server table.

show logging-server



Example iss# show logging-server Syslog Forward Table Information

--------------------------------

Priority Address-Type IpAddress Port Trans-Type

-------- ------------ --------- ---- ----------

129 ipv4 12.0.0.2 514 udp

134 ipv4 12.0.0.1 514 udp

Related Commands logging server - Adds an entry in to logging-server table



8.28 show mail server

This command displays the Syslog mail server table.

show mail-server



Example iss# show mail-server Syslog Mail Table Information

----------------------------

Priority Address-Type IpAddress Receiver Mail-Id

-------- ------------ --------- ----------------

134 ipv4 12.0.0.100 root@localhost

Related Commands

mail server - Adds an entry to mail-server table



8.29 show syslog relay - port

This command displays the Syslog relay port.

show syslog relay-port



Example iss# show syslog relay-port Syslog Port : 251

Related Commands





8.30 show syslog profile

This command displays the Syslog profile.

show syslog profile



Example iss# show syslog profile Syslog Profile : raw

Related Commands

syslog profile - Sets the profile for reliable syslog



8.31 show syslog relay transport type

This command displays the Syslog relay transport type.

show syslog relay transport type



Example iss# show syslog relay transport type Syslog Relay Transport type udp

Related Commands syslog relay transport type - Sets the Syslog relay transport type either as udp or tcp





8.32 show syslog file-name

This command displays the Syslog local storage file name.

show syslog file-name





Example iss# show syslog file-name Syslog File Name

----------------------

Syslog File-One :iss1

Syslog File-Two :iss2

Syslog File-Three :iss3

Related Commands

syslog local storage - Enables the syslog local storage


syslog filename-one - Configures the file name to store the syslog messages.

syslog filename-two - Configures the file name to store the syslog messages.

syslog filename-three - Configures the file name to store the syslog messages

8.33 show syslog information

This command displays the Syslog information.

show syslog information





Example iss# show syslog information System Log Information

----------------------

Syslog Localstorage : Enabled

Syslog Mail Option : Enabled

Syslog Port : 251

Syslog Role : Relay


syslog mail – Enables the mail option in syslog


DATACOM SYSTEMS INC CHAPTER 9: VLAN


Chapter

9 9.VLAN

VLANs (Virtual LANs) can be viewed as a group of devices on different physical LAN segments which can communicate with each other as if they were all on the same physical LAN segment, that is, a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN. VLANs are configured through software rather than hardware, which makes them extremely flexible.

VLAN provides the following benefits for switched LANs:

Improved administration efficiency

Optimized Broadcast/Multicast Activity

Enhanced network security

The list of CLI commands for the configuration of VLAN are common to both Single Instance and Multiple Instance except for a difference in the prompt that appears for the Switch with Multiple Instance support.

The prompt for the Global Configuration Mode is,

iss(config)# set vlan enable

The prompt for the VLAN Configuration Mode is,

iss(config-vlan)# ports gigabitethernet 0/1 untagged gigabitethernet 0/1 forbidden gigabitethernet 0/2 name vl1

The parameters specific to Multiple Instance are stated so, against the respective parameter descriptions in this document.

The output of the Show commands differ for Single Instance and Multiple Instance. Hence both the output are documented while depicting the show command examples.



The list of commands for the configuration of VLAN is as follows::

set vlan

vlan

interface range

base bridge-mode

mac-vlan

subnet-vlan

protocol-vlan

map protocol

set gvrp

set port gvrp/set port gvrp - enable | disable

set gmrp

set port gmrp

vlan learning mode

fid - vlan range

set vlan traffic-classes

mac-map

map subnet

switchport filtering-utility-criteria

mac-address-table static unicast

mac-address-table static unicast – Transparent Bridging Mode

mac-address-table static multicast/mac address-table static mcast

mac-address-table static multicast – Transparent Bridging mode

mac-address-table aging-time

bridge-mode- Metro

l2protocol-tunnel cos

clear l2protocol-tunnel counters

clear vlan statistics

vlan default hybrid type

wildcard

set unicast-mac learning

vlan unicast-mac learning limit

unicast-mac learning limit

ports

vlan active



forward-all

forward-unregistered

switchport pvid/switchport access vlan

switchport acceptable-frame-type

switchport ingress-filter

port mac-vlan

port subnet – vlan

port protocol-vlan

switchport map protocols-group

switchport priority default

switchport mode

switchport mode dot1q-tunnel

set garp timer

vlan restricted

group restricted

vlan max-traffic-class

vlan map-priority

shutdown garp

shutdown vlan

debug vlan

show vlan

show vlan device info

show vlan device capabilities

show fid - detail

show forward-all

show forward-unregistered

show vlan traffic-classes

show garp timer

show vlan port config

show vlan protocols-group

show protocol-vlan

show mac-vlan

show subnet vlan mapping

show vlan statistics

show mac-address-table

show dot1d mac-address-table



show dot1d mac-address-table static unicast

show dot1d mac-address-table static multicast

show mac-address-table count

show mac-address-table static unicast

show mac-address-table static multicast

show mac-address-table dynamic unicast

show mac-address-table dynamic multicast

show mac-address-table aging-time

show wildcard

The following commands can be executed only in a Linux environment and cannot be executed on the target.

shutdown vlan

set vlan

show vlan counters



9.1 set vlan

This command enables/disables VLAN in the switch. The value enable indicates that VLAN will be enabled in the device on all ports. The value disable indicates that VLAN will be disabled in the device on all ports.

set vlan { enable | disable }

Syntax Description

enable

- Enables VLAN in the switch

disable

- Disables VLAN in the switch



Defaults enable

Example iss(config)# set vlan enable

The configuration can be set to disabled if and only if, GVRP and GMRP are disabled.

Related Commands

show vlan - Displays VLAN information in the database

show vlan device info - Displays the VLAN global status variables



9.2 vlan

This command configures a VLAN in the switch and is also used to enter into the config-VLAN mode. The no form of the command deletes a VLAN from the switch.

vlan <vlan-id(1-4094)>

no vlan <vlan-id(1-4094)>


In Metro package, this command will be executed only in Switch configuration mode.


Defaults vlan-id

- 1

Example iss(config)# vlan 4

Leading zeros must not be entered for VLAN ID.

The VLAN 1 interface cannot be deleted.

This command is used in PBB bridge mode to create customer, service and backbone VLANs.

Related Command




9.3 set mac-learning

This command configures the global mac learning status.

set mac-learning { enable | disable }

Syntax Description

enable

- Enables the global mac learning status

disable

- Disables the global mac learning status



Defaults enable

Example iss(config)# set mac-learning enable



9.4 set unicast-mac-learning

This command configures unicast-mac learning for the vlan

set unicast-mac learning { enable | disable | default}

Syntax Description

enable

- Enables the unicast-mac learning for the vlan

disable

- Disables the unicast-mac learning for the vlan

default - Sets the unicast-mac learning for the vlan as default



Default Enable

Example iss(config)# set unicast mac-learning enable



9.5 interface range

This command selects the range of physical interfaces and VLAN interfaces to be configured and the no form of the command selects the range of VLAN interfaces to be removed.

interface range ( { <interface-type> <slot/port-port>} {vlan <vlan-id(1-4094)> - <vlan-id(2-4094)>})

no interface range vlan <vlan-id(1-4094)> - <vlan-id(2-4094)>

Syntax Description

interface-type

- Interface type.

slot/port-port

- Member Ports ID.

vlan - VLAN identifier.



Example iss(config)# interface range gigabitethernet 0/1-23 vlan 1 - 2 iss(config-if-range)# iss(config)# interface range vlan 1 gigabitethernet 0/1 iss(config-if-range)# iss(config)# interface range vlan 1 - 4 gigabitethernet 0/1-3 iss(config-if-range)# iss(config)# interface range vlan 1 - 4 gigabitethernet 0/1 iss(config-if-range)# iss(config)# interface range gigabitethernet 0/1-23 vlan 1 - 128 iss(config-if-range)#

For specifying the interface VLAN range, space should be provided before and after the dash. That is, the command interface range vlan 1 – 4 is valid, whereas the command interface range vlan 1– 4 is not valid.

For port channel range, the specified range must be configured using the interface command.

Related Commands

Error! Reference source not found. – Enters into the interface mode



Error! Reference source not found. description - Displays the interface status and configuration

9.6 base bridge-mode This command specifies whether the bridge mode is Transparent or VLAN aware bridge.

base bridge-mode { dot1d-bridge | dot1q-vlan }

Syntax Description

dot1d-bridge

- Specifies that the bridge mode is transparent

dot1q-vlan

- Specifies that the bridge mode is VLAN aware bridge



Defaults dot1q-vlan

Example iss(config)# base bridge-mode dot1d-bridge

To configure as dot1d-bridge:

PNAC/ LA/ GARP/Snooping/LLDP needs to be shutdown.

Spanning Tree mode should be RSTP

All non-physical interfaces (ivr, loopback and so on) should be deleted

Related Commands

show vlan device info: Displays the VLAN related global status variables.



9.7 mac-vlan

This command enables MAC-based VLAN for all the available interfaces of the VLAN. The no form of the command disables MAC-based VLAN on the device.

mac-vlan

no mac-vlan



Defaults Disabled

Example iss(config)# mac-vlan

Related Commands


show mac-vlan - Displays the entries in the MAC-VLAN database



9.8 subnet-vlan This command enables the Subnet-VLAN based classification on all ports. The no form of the command disables Subnet-VLAN based classification on all the ports.

subnet-vlan

no subnet-vlan



Defaults disabled

Example iss(config)# subnet-vlan

Related Commands

show vlan device info - Displays the VLAN related global status variables



9.9 protocol-vlan

This command enables Protocol-VLAN based classification on all the ports. The no form of the command disables Protocol-VLAN based classification on all ports.

protocol-vlan

no protocol-vlan



Defaults Enabled

Example iss(config)# protocol-vlan

Related Commands


show protocol-vlan - Displays the entries in the protocol-VLAN database



9.10 map protocol

This command configures the group ID for a specific encapsulation and protocol value combination. This command adds a protocol to a protocol group for protocol based VLAN learning. The no form of the command removes the protocol from the entire group.

map protocol {ip | novell | netbios | appletalk | other <aa:aa or aa:aa:aa:aa:aa>} {enet-v2 | snap | llcOther | snap8021H | snapOther} protocols-group <Group id integer(0-2147483647)>

no map protocol {ip | novell | netbios | appletalk | other <aa:aa or aa:aa:aa:aa:aa>} {enet-v2 | snap | llcOther | snap8021H | snapOther}

Syntax Description

ip | novell | netbios | appletalk |

- Protocol types

other

- MAC address of any other protocol type not included in the list

enet-v2 | snap | llcOther | snap8021H | snapOther

- Encapsulation Frame Types

protocols-group

- Group ID.



Example iss(config)# map protocol ip enet-v2 protocols-group 1



Related Command

show vlan protocols-group - Displays the protocol group database

9.11 set gvrp

This command enables or disables GVRP on a global basis.

set gvrp { enable | disable }

Syntax Description

enable

- Enables GVRP in the switch

disable

- Disables GVRP in the switch



Defaults enable

Example iss(config)# set gvrp disable

GVRP needs to be explicitly enabled even after GARP is enabled.

Related Commands





9.12 set port gvrp

This command enables or disables GVRP on the interface.

set port gvrp <interface-type> <interface-id> { enable | disable }

Syntax Description

interface-type

- Interface type

interface-id

- Interface Id

enable

- Enables GVRP on the interface

disable

- Disables GVRP on the interface



Defaults enable

Example iss(config)# set port gvrp gigabitethernet 0/1 disable



The value enable indicates that GVRP is enabled on the current port, as long as global GVRP status is also enabled for the device

If port GVRP state is disabled, but global GVRP status is still enabled, then GVRP is disabled on current port. Any GVRP packet received will be discarded and no GVRP registrations will be propagated from other ports

Related Command

show vlan port config - Displays the vlan related parameters specific for ports

9.13 set port gvrp - enable | disable

This command enables or disables GVRP (GARP VLAN Registration Protocol) on the interface.

This command operates similar to that of the command set port gvrp.

set port gvrp { enable | disable } <interface-id>

Syntax Description

enable

- Enables GVRP on the interface

disable

- Disables GVRP on the interface

interface-id

- Interface identifier



Defaults enable

Example iss(config)# set port gvrp disable 0/1



The value enable indicates that GVRP is enabled on the current port, as long as global GVRP status is also enabled for the device

If port GVRP state is disabled, but global GVRP status is still enabled, then GVRP is disabled on current port. Any received GVRP packets will be discarded and no GVRP registrations will be propagated from other ports

Related Command


9.14 set gmrp

This command enables or disables GMRP globally on the device.

set gmrp { enable | disable }

Syntax Description

enable

- Enables GMRP on the device

disable

- Disables GMRP on the device



Defaults enable

Example iss(config)# set gmrp disable

GMRP needs to be explicitly enabled even after GARP is enabled.



Related Commands



9.15 set port gmrp

This command enables or disables GMRP on the port.

set port gmrp <interface-type> <interface-id> { enable | disable }

Syntax Description

interface-type

- Interface type

interface-id

- Interface ID

enable

- Enables GMRP on the interface

disable

- Disables GMRP on the interface





Defaults enable

Example iss(config)# set port gmrp gigabitethernet 0/1 disable

The value enable indicates that GMRP is enabled on this port in all VLANs as long as GMRP Status is also enabled globally

The value disable indicates that GMRP is disabled on this port in all VLANs; any GMRP packet received will be silently discarded and no GMRP registrations will be propagated from other ports

Related Command


9.16 vlan learning mode

This command configures the VLAN learning mode for the switch.

vlan learning mode {ivl | svl | hybrid}

Syntax Description

ivl

- Independent VLAN learning

svl - Shared VLAN learning

hybrid

- Hybrid VLAN learning





Defaults ivl

Example iss(config)# vlan learning mode ivl

A change in the configuration of the VLAN learning mode will be effective only after the next reboot of the system.

Related Commands


Error! Reference source not found. - Displays the current information stored in the NVRAM

9.17 fid - vlan range

This command configures a VLAN or a list of VLANs to use a Filtering database identified by a filtering database identifier and the no form of the command configures the FIDs of all VLANs in the list to their default value.

fid <integer(1-4094)> vlan <vlan-range>

no fid vlan <vlan-range>

Syntax Description

vlan

- List of VLANs. The vlan-range can have any valid range between 1 and 4094.





Defaults By default, the FID of all VLANs is their VLAN ID.

Example iss(config)# fid 2 vlan 2-20

The MST instance of all VLANs in the list must be the same.

Any other VLAN with the same FID must have MST instance same as that of the VLANs in the list for this command to succeed.

This command is successful when the VLAN learning mode is hybrid.

Related Commands vlan learning mode - Configures the VLAN learning mode for the switch

vlan default hybrid type - Configures the default learning type for VLANs when the operational learning mode of the switch is hybrid

show fid - detail - Displays forwarding database identifier used by VLANs in the switch

9.18 set vlan traffic-classes

This command enables / disables traffic classes.

set vlan traffic-classes {enable | disable}

Syntax Description

enable

- Enables traffic classes

disable

- Disables traffic classes





Defaults enable

Example iss(config)# set vlan traffic-classes enable

This command has to be executed prior to executing the vlan max traffic class command.

Related Commands


vlan max-traffic-class - Assigns traffic class value to a port

show vlan traffic-classes - Displays the traffic class information of all the available interfaces

9.19 mac-map

This command configures the VLAN-MAC address mapping. The no form of this command is used to delete the specific mac map entry.

mac-map <aa:aa:aa:aa:aa:aa> vlan <vlan-id(1-4094)> [mcast-bcast {discard | allow}]

no mac-map <aa:aa:aa:aa:aa:aa>

Syntax Description

aa:aa:aa:aa:aa:aa

- MAC address



vlan VLAN Identifier

mcast-bcast

- Specifies the way broadcast and multicast traffic will be handled for the packets received from the source address of this MAC classification entry



Example iss(config-if)# mac-map 00:11:22:33:44:55 vlan 2 mcast-bcast discard

This command is valid only if VLAN is configured as 'Mac-based'.

Related Commands

mac-vlan - Enables MAC-based VLAN for all the available interfaces of the VLAN

show mac-vlan - Displays the entries in the MAC-VLAN database

9.20 map subnet This command configures a VLAN subnet mapping entry. The no form of command deletes the vlan subnet mapping entry.

map subnet <ip-subnet-address> vlan <vlan-id(1-4094)> [arp {suppress | allow}]

no map subnet <ip-subnet-address>

Syntax Description

ip-subnet-address

Subnet address



vlan-id VLAN identifier

arp - Configurable option for discarding/allowing ARP Untagged frames on the vlan.

Mode Interface Mode

This command can be executed in the Global configuration mode, in BCMX switches


Default allow

Example iss(config-if)# map subnet 14.0.0.0 vlan 1 arp allow

VLAN should be present.

Related Commands :

show subnet vlan mapping - Displays the entries in Subnet-VLAN database

9.21 switchport filtering-utility-criteria

This command changes filtering utility criteria to default or enhanced filtering criteria.

switchport filtering-utility-criteria {default | enhanced}





Default default

Example iss(config-if)# switchport filtering-utility-criteria enhanced

9.22 mac-address-table static unicast

This command configures a static unicast MAC address in the forwarding database. The no form of the command deletes a configured static Unicast MAC address from the forwarding database.

mac-address-table static unicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(1-4094)> [{recv-port <ifXtype> <ifnum> }] interface ([<interface-type> <0/a-b, 0/c, ...>] [<interface-type> <0/a-b, 0/c, ...>] [port-channel



<a,b,c-d>]) [connection-identifier <ucast_mac>] [status { permanent | deleteOnReset | deleteOnTimeout }]

no mac-address-table static unicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(1-4094)> [{recv-port <ifXtype> <ifnum>}]

PBB feature enabled in the switch

mac-address-table static unicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(1-4094)> [{recv-port <ifXtype> <ifnum> | service-instance <integer(256-16777214)>}] interface ([<interface-type> <0/a-b,0/c,...>] [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>]) [connection-identifier <ucast_mac>][status { permanent | deleteOnReset | deleteOnTimeout }]

no mac-address-table static unicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(1-4094)> [{recv-port <ifXtype> <ifnum> | service-instance <integer(256-16777214)>}]

Syntax Description

aa:aa:aa:aa:aa:aa

- Destination MAC address

vlan - VLAN Identifier

recv-port

- Received port's Interface type and ID

service-instance - Service instance identifier. This value ranges between 256 and 16777214.

interface

- Member Ports Interface type and ID.

<interface-type> <0/a-b, 0/c, ...>


port-channel - Port-channel ID

connection-identifier

- Associates backbone MAC address of peer backbone edge bridge with customer MAC address that can be reached through the bridge.



status

- Status of the Static unicast entry. The options are:

permanent - Entry remains even after the next reset of the bridge

deleteOnReset - Entry remains until the next reset of the bridge

deleteOnTimeout - Entry remains until it is aged out



Defaults status

- permanent

Example iss(config)# mac-address-table static unicast 00:11:22:33:44:55 vlan 3 recv-port gigabitethernet 0/2 interface gigabitethernet 0/1 status deleteOnTimeout iss(config)# mac-address-table static unicast 00:11:22:33:44:55 vlan 3 service-instance 1005 interface gigabitethernet 0/1 status deleteOnTimeout

VLAN/Service-instance must have been configured and member ports must have been configured for the specified VLAN/Service-instance.

Related Commands

show mac-address-table static unicast - Displays the statically configured unicast address from the MAC address table.

mac-address-table static multicast - Configures a static multicast MAC address in the forwarding database.

vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode.

service instance - Used to enter the service instance mode for performing ISID specific operations.



9.23 mac-address-table static unicast – Transparent Bridging Mode

This command configures a static unicast MAC Address in the forwarding database in transparent bridging mode. The no form of the command deletes the configured Static Unicast address from the forwarding database.

mac-address-table static unicast <aa:aa:aa:aa:aa:aa> [recv-port <interface-type> <interface-id>] interface ([<interface-type> <0/a-b,0/c,...>] [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>]) [status { permanent | deleteOnReset | deleteOnTimeout }]

no mac-address-table static unicast <aa:aa:aa:aa:aa:aa> [recv-port <interface-type> <interface-id>]

Syntax Description

aa:aa:aa:aa:aa:aa - Destination MAC address

recv-port - Received port's Interface type and ID

interface - Member Ports Interface type and ID.



port-channel - Port-channel ID

status - Status of the Static unicast entry. The options are:






Defaults status

- permanent

Example iss(config)# mac-address-table static unicast 00:11:22:33:44:55 recv-port gigabitethernet 0/2 interface gigabitethernet 0/2 status deleteOnTimeout

Base bridge mode should be transparent bridging.



Related Commands

show dot1d mac-address-table static unicast - Displays Static Unicast MAC Address table

mac-address-table static multicast - Configures a static multicast MAC address in the forwarding database.



9.24 mac-address-table static multicast

This command configures a static multicast MAC address in the forwarding database.

mac-address-table static multicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(1-4094)> [{recv-port <ifXtype> <ifnum>>}] interface ([<interface-type> <0/a-b, 0/c, ...>] [<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>]]) [forbidden-ports ([<interface-type> <0/a-b, 0/c, ...>] [<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>]]) [status { permanent | deleteOnReset | deleteOnTimeout }]

no mac-address-table static multicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(1-4094)> [recv-port <ifXtype> <ifnum>}]

PBB feature enabled in the switch

mac-address-table static multicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(1-4094)> [{recv-port <ifXtype> <ifnum> | service-instance <integer(256-16777214)>}] interface ([<interface-type> <0/a-b,0/c,...>] [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>]]) [forbidden-ports ([<interface-type> <0/a-b,0/c,...>] [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>]]) [status { permanent | deleteOnReset | deleteOnTimeout }]

no mac-address-table static multicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(1-4094)> [{recv-port <ifXtype> <ifnum> | service-instance <integer(256-16777214)>}]

Syntax Description

aa:aa:aa:aa:aa:aa

- Multicast MAC address

vlan

- VLAN Identifier

recv-port


service-instance - Service instance identifier. This value ranges between 256 and 16777214.

interface






port-channel - Port channel ID

forbidden-ports

- Forbidden ports interface type and ID.


- Forbidden ports interface type and ID.

port-channel

- Port-channel ID

status

- Status of the static multicast entry. The options are:






Defaults status

- permanent

Example iss(config)# mac-address-table static multicast 01:02:03:04:05:06 vlan 2 interface gigabitethernet 0/1


Related Command

show mac-address-table static multicast - Displays the statically configured multicast entries.


service instance – Used to enter the service instance mode for performing ISID specific operations.



9.25 mac address-table static mcast

This command configures a static multicast MAC (Media Access Control) address in the forwarding database and the no form of the command deletes a configured static multicast MAC address from the forwarding database.

This command operates similar to that of the command mac-address-table static multicast.

mac address-table static <mcast_mac> vlan <integer(1-4094)> ([interface <interface-type> <0/a-b,0/c,...>] [<interface-type> <0/a-b,0/c,...>][port-channel <a,b,c-d>])

no mac address-table static <mcast_mac> vlan <vlan-id(1-4094)> [interface <ifXtype> <ifnum>]

Syntax Description

mcast_mac

- Multicast MAC address.

vlan

- VLAN identifier. This value ranges between 1 and 4094.

interface



- Specifies interface type and ID of the member and forbidden ports.

port-channel

- Port-channel ID



Example iss(config)# mac address-table static 01:02:03:04:05:06 vlan 2 interface gigabitethernet 0/1


Related Command



show mac-address-table static multicast - Displays the statically configured multicast entries.


service instance – Used to enter the service instance mode for performing ISID specific operations.

9.26 mac-address-table static multicast – Transparent Bridging mode

This command configures a static multicast MAC address in the forwarding database in transparent bridging. The no form of command deletes the configured Static Multicast address from the forwarding database.

mac-address-table static multicast <aa:aa:aa:aa:aa:aa> [recv-port <interface-type> <interface-id>] interface ([<interface-type> <0/a-b,0/c,...>] [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>]]) [status { permanent | deleteOnReset | deleteOnTimeout }]

no mac-address-table static multicast <aa:aa:aa:aa:aa:aa> [recv-port <interface-type> <interface-id>]

Syntax Description

aa:aa:aa:aa:aa:aa

- Multicast MAC address

recv-port


interface




port-channel - Port channel ID

port-channel

- Port-channel ID

status

- Status of the static multicast entry. The options are:








Defaults status

- permanent

Example iss(config)# mac-address-table static multicast 01:00:5E:01:02:03interface gigabitethernet 0/2

Base bridge mode should be transparent bridging

Related Command

show dot1d mac-address-table static multicast - Displays Static Multicast MAC Address table.

mac-address-table static unicast - Configures a static unicast MAC address in the forwarding database.



9.27 mac-address-table aging-time

This command sets the maximum age of a dynamically learnt entry in the MAC address table. The no form of the command sets the maximum age of an entry in the MAC address table to its default value.

mac-address-table aging-time <10-1000000 seconds>

no mac-address-table aging-time

For DX260 target

mac-address-table aging-time <10-630 seconds>



Defaults 300

Example iss(config)# mac-address-table aging-time 200

If traffic on an interface is not very frequent, then the aging time must be increased to record the dynamic entries for a longer time. Increasing the time can reduce the possibility of flooding.

Related Command show mac-address-table aging-time - Displays the MAC address-table with ageing time



9.28 bridge-mode- Metro

This command configures the bridge mode of the Switch.

bridge-mode {customer | provider | provider-core | provider-edge | provider-backbone-icomp |provider-backbone-bcomp}

Syntax Description

customer

- Customer Bridge Mode

provider

- Provider Bridge Mode

provider-core

- Provider core Bridge Mode

provider-edge

- Provider edge Bridge Mode

provider-backbone-icomp

- Provider Backbone Bridge I component Mode

provider-backbone-bcomp

- Provider Backbone Bridge B component Mode

Mode Global Configuration Mode in SI mode/Switch Configuration Mode in MI mode


In the Workgroup and the Enterprise package, only the customer and provider are the valid parameters.

Defaults Based on the bridge mode value in issnvram.txt

Example iss(config)# bridge-mode provider-backbone-icomp



Only one bridge mode can be set at a time. If multiple bridge modes are required, multiple instances of the bridge should be run.

To configure the bridge mode of the switch.

- Spanning tree must be shut down.

- GARP must be shut down.

- ECFM must be shutdown

Related Command

no Error! Reference source not found. - Starts MRP module in the switch




9.29 l2protocol-tunnel cos

This command configures the priority for the tunneled STP BPDUs. The no form of the command configures the default priority for the tunneled STP BPDUs.

l2protocol-tunnel cos <cos-value(0-7)>

no l2protocol-tunnel cos



Defaults cos - value - 7

Example iss(config)# l2protocol-tunnel cos 5

The configured priority value will be effective only when the L2 Protocol tunnel STP is enabled on an interface

Related Command

show l2protocol-tunnel - Displays the entries in VLAN tunnel protocol table containing the number of ingress or egress STP BPDUs tunneled



9.30 clear l2protocol-tunnel counters

This command clears the L2 protocol tunnel counters.

clear l2protocol-tunnel counters [<interface-type> <interface-id>]

Syntax Description

interface-type

- Type of interface

interface-id

- Interface ID



Example iss(config)# clear l2protocol-tunnel counters

If executed without the optional parameters this command clears the STP tunnel counters of all the available interfaces.

Related Command

show l2protocol-tunnel - Displays the entries in VLAN tunnel protocol table containing the number of ingress or egress STP BPDUs tunneled



9.31 clear vlan statistics

This command clears the VLAN counters.

clear vlan statistics [vlan < vlan-id (1-4094)>]

Syntax Description

vlan - VLAN Identifier



Example iss(config)# clear vlan statistics vlan 1

If executed without the optional parameters this command clears all the VLAN counters.

Related Command

show vlan statistics - Displays the VLAN statistics



9.32 vlan default hybrid type

This command configures the default learning type for VLANs when the operational learning mode of the switch is hybrid.

vlan default hybrid type {ivl | svl}

Syntax Description

ivl

- Independent VLAN learning

svl

- Shared VLAN learning



Example iss(config)# vlan default hybrid type ivl

This command is successful when the VLAN learning mode is not hybrid.

This configuration is useful when the switch is restarted with VLAN learning mode changed to Hybrid.

A config save restore must be done for this configuration

Related Commands



vlan learning mode - Configures the VLAN learning mode for the switch

show fid - detail - Displays forwarding database identifier used by VLANs in the switch

9.33 wildcard

This command configures the wildcard vlan entry for a given mac address and the no form of the command deletes the wildcard entry for the same.

wildcard {mac-adddress <mac_addr> | broadcast} interface ([<interface-type> <0/a-b, 0/c, ...>] [<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>])

no wildcard {mac-adddress <mac_addr> | broadcast}

Syntax Description

mac-adddress / broadcast

- Unicast/Multicast/BroadCast Mac Address of Wildcard entry

Interface

- Interface type and ID

port-channel

- Port-channel ID





Example iss(config)# wildcard mac-address 01:02:03:04:05:06 interface gigabitethernet 0/1

9.34 set unicast-mac learning

This command enables / disables unicast-mac learning for the VLAN.

set unicast-mac learning { enable | disable }

Syntax Description

enable - Enables unicast-mac learning for the VLAN

disable - Disables unicast-mac learning for the VLAN

Mode Config-VLAN Mode


Defaults enable



Example iss(config-vlan)# set unicast-mac learning enable

This configuration will not take effect on VLANs with the number of member ports greater than or equal to 3.

Related Command

show vlan learning params - Displays unicast-MAC learning status and learning limit configured for the specified VLAN

9.35 vlan unicast-mac learning limit

This command sets the unicast-mac learning limit for the VLAN. The no form of the command resets the unicast-mac learning limit for the vlan to the default value.

vlan unicast-mac learning limit <size(0-4294967295)>

no vlan unicast-mac learning limit

Syntax Description

learning limit

- Specifies the MAC learning limit configured for the VLAN





Defaults A value calculated depending on the dynamic unicast size and the maximum number of VLANs supported in the system.

Example iss(config-vlan)# vlan unicast-mac learning limit 100

The maximum limit that can be configured for a VLAN is dependent on the total size available for dynamic unicast entries in the forwarding table and on the maximum number of VLANs that can be supported.

This configuration is allowed only in case of independent VLAN learning mode.

Related Command

show vlan learning params - Displays unicast-MAC learning status and learning limit configured for the specified VLAN

9.36 unicast-mac learning limit

This command sets unicast MAC learning limit for the switch. The no form of the command resets unicast MAC learning limit for the switch to the default value.

unicast-mac learning limit <limit value(0-4294967295)>

no unicast-mac learning limit

Syntax Description

limit value - Limiting value on the number of distinct unicast MAC addresses that can be learnt in the device. This value ranges between 0 and 4294967295



Mode Global Configuration mode.


Example iss(config)# unicast-mac learning limit 5

The limiting value must not be less than any of the unicast MAC learning limits set for the VLANs.

The upper limiting value that can be set is determined by the underlying hardware.

Related Command

show vlan device info - Displays the VLAN related global status variables.

9.37 ports

This command configures a static VLAN entry with the required member ports, untagged ports and forbidden ports. The tagged and untagged member ports defined by this command are used for egress tagging for a VLAN at a port.

For ports in PBB bridge mode, this command is used to define member ports for a VLAN in a component.

For BVLAN in a B component, these member ports can be only PNP.

For SVLAN in an I component, these member ports can be only CNP-Stagged.

For CVLAN in an I component, these member ports can be only CNP-Ctagged. The no form of the command resets port list for the VLAN.



ports ([<interface-type> <0/a-b,0/c,...>] [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>]) [untagged <interface-type> <0/a-b,0/c,...> [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>][all])] [forbidden <interface-type> <0/a-b,0/c,...> [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>]] [name <vlan-name>]

no ports [<interface-type> <0/a-b,0/c,...>] [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>] [all] [untagged ([<interface-type> <0/a-b,0/c,...>] [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>] [all])] [forbidden ([<interface-type> <0/a-b,0/c,...>] [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>] [all])] [name <vlan-name>]

Syntax Description

ports



- Member Ports Interface type and Id.

port-channel <a,b,c-d>

- Port-channel ID

untagged

- Untagged Ports Interface type and Id


- Untagged Ports Interface type and Id

forbidden

- Forbidden Ports Interface type and Id


- Forbidden Ports Interface type and Id

port-channel

- Port-channel ID

all - All Member Ports

name

- Administratively assigned string used to identify the VLAN



Mode VLAN Configuration Mode


Example iss(config-switch-vlan)# ports gigabitethernet 0/1 untagged gigabitethernet 0/1 forbidden gigabitethernet 0/2 name vl1

Member-ports represent the set of ports permanently assigned to the egress list

Forbidden-ports represent the set of ports forbidden for the VLAN

Untagged ports represent the set of ports which transmits untagged frames

CBP should always be set as untagged member port of a BVLAN.

All the existing commands in VLAN configuration mode are also used for the configuration of a B-VLAN of a PBB.

Related Command


9.38 vlan active

This command makes the particular VLAN active in the switch.

vlan active





Example iss(config-vlan)# vlan active

9.39 forward-all

This command configures the forward-all information for a VLAN specifying the set of ports to which all multicasts must be forwarded.

The no form of the command sets the forward-all to default.



forward-all ([static-ports ([<interface-type> <0/a-b, 0/c, ...>] [<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>] [none])] [forbidden-ports <interface-type> <0/a-b, 0/c, ...> [<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>]])

no forward-all

Syntax Description

static-ports

- Static Ports Interface type and ID.



port-channel

- Port-channel ID

none

- None

forbidden-ports

- Forbidden Ports Interface type and ID.



port-channel

- Port-channel ID



Example iss(config-vlan)# forward-all static-ports gigabitethernet 0/1 forbidden-ports gigabitethernet 0/2



static-ports are the set of ports configured by the user in this VLAN to which the multicast group-addressed frames are to be forwarded

forbidden-ports are the set of ports configured by the user in this VLAN to which the multicast group-addressed frames are NOT to be forwarded

Related Command

show forward-all - Displays the GMRP forward-all table entries



9.40 forward-unregistered

This command configures the forward unregistered information for a VLAN for which there is no specific forwarding information. The no form of the command sets the forward-unregistered information to default.

forward-unregistered ([static-ports ([<interface-type> <0/a-b, 0/c, ...>] [<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>] [none])] [forbidden-ports <interface-type> <0/a-b, 0/c, ...> [<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>]])

no forward-unregistered

Syntax Description

static-ports




port-channel

- Port-channel ID

none - None

forbidden-ports




port-channel

- Port-channel ID



Example iss(config-vlan)# forward-unregistered static-ports gigabitethernet 0/2 forbidden-ports gigabitethernet 0/1

static-ports are the set of ports configured by the user in this VLAN to which the multicast group-addressed frames are to be forwarded

forbidden-ports are the set of ports configured by the user in this VLAN to which the multicast group-addressed frames are NOT to be forwarded

Related Command

show forward-unregistered - Displays the GMRP forward-unregistered table



9.41 switchport pvid

This command configures the PVID (VLAN Identifier) on a port. The no form of this command sets the PVID to the default value on the port.

switchport pvid <vlan-id(1-4094)>

no switchport pvid

Syntax Description

vlan-id - PVID value to be configured on the port.


Example iss(config-if)# switchport pvid 3

If the frame (untagged/priority tagged/customer VLAN tagged) is received on a "tunnel" port, then the default Port VLAN Id (PVID) associated with the port is used.

If the received frame cannot be classified as MAC-based or port-and-protocol-based, then the PVID associated with the port is used.

For ports in PBB bridge mode, PVID can be configured on CNP and CBP.

Usage is based on acceptable frame type of the port. Packets will be either dropped or accepted at ingress. Once a packet is accepted, if packet is having a tag, it will be processed against that tag. Otherwise, the packet will be processed against PVID.

Related Command

show vlan port config - Displays the VLAN related parameters specific for ports



9.42 switchport access vlan

This command configures the PVID (Port VLAN Identifier) on a port. The no form of this command sets the PVID to the default value on the port.

This command operates similar to that of the command switchport pvid.

switchport access vlan <vlanid (1-4094)>

no switchport access vlan

Syntax Description

vlan-id - PVID value to be configured on the port.


Example iss(config-if)# switchport access vlan 3

If the frame (untagged/priority tagged/customer VLAN tagged) is received on a "tunnel" port, then the default PVID associated with the port is used.

If the received frame cannot be classified as MAC-based or port-and-protocol-based, then the PVID associated with the port is used.

For ports in PBB bridge mode, PVID can be configured on CNP (Customer Network Port) and CBP (Customer Backbone Port).

Usage is based on acceptable frame type of the port. Packets will be either dropped or accepted at ingress. Once a packet is accepted, if the packet is having a tag, it will be processed against that tag. Otherwise, the packet will be processed against PVID.

Related Command




9.43 switchport acceptable-frame-type

This command configures the acceptable frame type for the port. The no form of this command sets the default value of acceptable frame type - all where all frames will be accepted.

switchport acceptable-frame-type {all | tagged | untaggedAndPrioritytagged }

no switchport acceptable-frame-type

Syntax Description

all

- All frames. Both tagged and untagged frames are allowed.

tagged

- Tagged frames. For ports in PBB bridge mode, the description of tagged frames is given in the below table:

Port Type What will be considered as TAG

CNP STagged S-Tag

CNP CTagged C-Tag

CNP Port Based S-Tag

PIP I-Tag

CBP I-Tag

PNP B-Tag or S Tag

untaggedAndPrioritytagged

- Untagged and priority tagged frames. For ports in PBB bridge mode, the description of untagged frames is given in the below table:



Defaults all

Example iss(config-if)# switchport acceptable-frame-type tagged



When set to "tagged" the device will discard untagged and priority tagged frames received on the port and will process only the VLAN tagged frames

When set to "all" untagged frames or priority-tagged frames received on the port are also accepted

When set to “untaggedAndPrioritytagged”, untagged and priority tagged frames alone are accepted and tagged frames are dropped.

Related Command

show vlan port config - Displays the VLAN related parameters specific for ports.

9.44 switchport ingress-filter

This command enables ingress filtering on the port. The no form of this command disables ingress filtering on the port.

switchport ingress-filter

no switchport ingress-filter



Defaults Disabled

Example iss(config-if)# switchport ingress-filter

When ingress-filtering is enabled, the device discards those incoming frames for VLANs which do not include this port in its member set

When the ingress filtering is disabled using the no form of the command, the device accepts all incoming frames

Related Command




9.45 port mac-vlan

This command enables MAC-based VLAN learning on the port. The no form of the command disables MAC-based VLAN learning on the port.

port mac-vlan

no port mac-vlan



Defaults Disabled

Example iss(config-if)# port mac-vlan

VLAN classification on the port will be MAC-based as long as MAC-based VLAN classification is enabled globally for the device.

Related Command




9.46 port subnet – vlan This command enables subnet based VLAN classification on the port. The no form of command disables the subnet based VLAN learning on the port.

port subnet-vlan

no port subnet-vlan



Defaults Disabled

Example iss(config-if)# port subnet-vlan

Related Command

show subnet vlan mapping: Displays the entries in Subnet-VLAN database



9.47 port protocol-vlan

This command enables port protocol based VLANs. The no form of the command disables port Protocol based VLANs.

port protocol-vlan

no port protocol-vlan



Defaults Enabled

Example iss(config-if)# port protocol-vlan

The value enable indicates that the VLAN classification on this port is port and protocol based as long as the port and protocol based classification is enabled globally for the device.

Related Command




9.48 switchport map protocols-group

This command maps the protocol group configured to a particular VLAN identifier for the specified interface. The no form of the command unmaps the VLAN identifier to group Id mapping.

switchport map protocols-group <Group id integer(0-2147483647)>vlan <vlan-id(1-4094)>

no switchport map protocols-group <Group id integer(0-2147483647)>>

Syntax Description

Group id

- Group ID

vlan

- VLAN ID



Example iss(config-if)# switchport map protocols-group 1 vlan 2

Protocol group must have been configured

Related Commands

map protocol - Adds a protocol to a protocol group for protocol based VLAN learning



show protocol-vlan - Displays the entries in protocol-VLAN database

show vlan protocols-group - Displays the protocol group database

9.49 switchport priority default

This command sets the default user priority for the port. The no form of the command sets the default user priority for the port to the default value.

switchport priority default <priority value(0-7)>

no switchport priority default



Defaults 0

Example iss(config-if)# switchport priority default 5

Related Command




9.50 switchport mode

This command configures the VLAN port mode. The no form of the command configures the default VLAN port mode.

switchport mode { access | trunk | hybrid | {dynamic {auto | desirable}} }

no switchport mode

Syntax Description

access

- Access port Mode

trunk

- Trunk port Mode

hybrid

- Hybrid VLAN port Mode

dynamic

- Dynamic Mode. This can be:

auto – Interface converts the link to a trunk link.

desirable – Interface actively attempts to convert the link to a trunk link.





Defaults Hybrid Mode

Example iss(config-if)# switchport mode access

It is not possible to set the switchport mode status to Trunk/Hybrid if the tunnel is enabled.

It is not possible to configure the switchport mode status to trunk if the port is an untagged member of a VLAN.

It is not possible to configure the switchport mode status to access if the ports acceptable frame type is All/Tagged.

Related Commands switchport mode dot1q-tunnel - Enables dot1q-tunneling on the specified interface


9.51 switchport mode dot1q-tunnel

This command enables dot1q-tunneling on the specified interface. The no form of the command disables dot1q-tunneling on the specified interface.

switchport mode dot1q-tunnel

no switchport mode dot1q-tunnel



Defaults Disabled

Example iss(config-if)# switchport mode dot1q-tunnel



Bridge Mode must be set to 'provider' for the dot1q-tunneling status to be enabled

It is not possible to set the dot1q-tunnel status on the port if the port mode is not 'access' type

PNAC port control must be force-authorized

If dot1q tunneling is enabled on the specified interface, then GMRP is disabled internally

Related Commands

bridge-mode- Metro - Configures the bridge mode of the Switch

switchport mode - Configures the VLAN port mode

show dot1q-tunnel - Displays the entries in the dot1q-tunnel table


show vlan port config - Displays the VLAN port information

9.52 set garp timer

This command configures the GARP join time, leave time, and leaveall time in milli-seconds.

set garp timer {join | leave | leaveall} <time in milli seconds>

Syntax Description

join

- Join Time

leave

- Leave Time

leaveall

- Leaveall Time





Defaults join

- 20

leave - 60

leaveall

- 1000

Example iss(config-if)# set garp timer join 500

Leave Timer must be greater than 2 times Join Timer and Leaveall Timer must be greater than Leave Timer

Timer values cannot be set to zero

The GARP timer configuration will be applied to the GARP applications (GMRP and GVRP) on the specified interface.

Related Command

show garp timer - Displays the GARP timer information of the available interfaces

9.53 vlan restricted

This command enables/disables restricted VLAN registration on the port.

vlan restricted {enable | disable}

Syntax Description

enable

- Enables restricted VLAN registration

disable

- Disables restricted VLAN registration





Defaults disable

Example iss(config-if)# vlan restricted enable

If restricted VLAN registration rules are enabled, then a VLAN is learnt dynamically from the GVRP frame only if the specific VLAN is statically configured in the switch. If restricted VLAN registration rules are disabled, then GVRP packets are processed normally and the VLANs are learnt dynamically even if they are not statically configured in the switch.

Related Command


9.54 group restricted

This command enables or disables restricted group registration on a port.

group restricted {enable | disable }

Syntax Description

enable

- Enables restricted group registration

disable

- Disables restricted group registration





Defaults disable

Example iss(config-if)# group restricted enable

If restricted group registration rules are enabled, then a multicast group attribute/service requirement attribute is learnt dynamically from the GMRP frame only if the specific multicast group attribute/service requirement attribute is statically configured in the switch. If restricted group registration rules are disabled, then GMRP packets are processed normally and the multicast group attribute/service requirement attribute are learnt dynamically even if they are not statically configured in the switch.

Related Command


9.55 vlan max-traffic-class

This command configures the maximum number of traffic classes supported on a port. The no form of the command assigns the default maximum traffic class value to a port.

vlan max-traffic-class <MAX Traffic class(1-8)>

no vlan max-traffic-class

Syntax Description

MAX Traffic class

- The number of traffic classes supported on the port





Defaults 8

Example iss(config-if)# vlan max-traffic-class 7

Related Command

show vlan traffic-classes - Displays the traffic classes information of all the available interfaces

9.56 vlan map-priority

This command maps a priority to a traffic class on the specified port. The frame received on the interface with the configured priority will be processed in the configured traffic class.

The no form of the command maps the default priority to traffic class value on the port.

vlan map-priority <priority value(0-7)> traffic-class <Traffic class value(0-7)>

no vlan map-priority <priority value (0-7)>



Syntax Description

traffic-class

- Traffic class value



Example iss(config-if)# vlan map-priority 2 traffic-class 2

The default traffic class value depends upon the configured priority value

Following is the list of default traffic class values for different priority values

Priority Default traffic class 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7

Related Command

show vlan traffic-classes - Displays the traffic classes information of all the available interfaces

9.57 shutdown garp

This command shuts down the GARP Module. The no form of the command starts and enables the GARP Module.

shutdown garp

no shutdown garp





Defaults GARP Module is Started and enabled by default

Example iss(config)# shutdown garp

GARP cannot be started, if VLAN is shutdown and MRP is not shutdown

GARP cannot be shutdown, if GVRP and/or GMRP are enabled

Related Command

set gvrp disable - Globally disables GVRP

set gmrp disable - Globally disables GMRP

Error! Reference source not found. - Shuts down MRP module in the switch

shutdown vlan – Shuts down VLAN switching

9.58 shutdown vlan

This command shuts down VLAN switching. The no form of the command starts and enables VLAN switching.

shutdown vlan



no shutdown vlan



Defaults VLAN Module is Started and enabled by default

Example iss(config)# shutdown vlan

VLAN module cannot be shutdown when the GARP Module is started

shutdown command releases the resources acquired by the VLAN Module, disabling VLAN on all the ports in the device

start acquires the resources required by the VLAN Module to function in the device

Related Commands set vlan - Enables/disables VLAN in the switch

shutdown garp – Shuts down the GARP Module

show vlan - Displays the VLAN information in the database

9.59 debug vlan

This command sets the debug level. The no form of the command sets the debug level to default value.

debug vlan { global | [{fwd | priority | | redundancy} [initshut] [mgmt] [data] [ctpl] [dump] [os] [failall] [buffer] [all]] switch <context_name> }



no debug vlan { global | [{fwd | priority | | redundancy} [initshut] [mgmt] [data] [ctpl] [dump] [os] [failall] [buffer] [all]] switch <context_name> }

Syntax Description

global

- Global related debug messages

fwd - Forwarding Module

priority

- VLAN Priority Module

redundancy Redundancy related debug messages

initshut

- Init and Shutdown

mgmt

- Management

data

- Data path

ctpl

- Control Plane

dump

- Packet dump

os

- Traces related to all Resources except Buffer

failall

- All Failures

buffer

- Buffer

all - All Traces

switch

- Context/Switch Name. If the switch supports multiple instances, the name of the instance can be specified. Otherwise this parameter need not be given or the context name can be given as ‘default’.

Mode Privileged Exec Mode




Defaults Disabled

Example iss # debug vlan fwd all

Related Command

Error! Reference source not found. - Displays state of each debugging option

9.60 debug garp

This command sets debug level. The no form of the command sets the debug level to default value.



debug garp { global | [{protocol | gmrp | gvrp | redundancy} [initshut] [mgmt] [data] [ctpl] [dump] [os] [failall] [buffer] [all]] [switch <context_name>] }

no debug garp { global | [{protocol | gmrp | garp | redundancy} [initshut] [mgmt] [data] [ctpl] [dump] [os] [failall] [buffer] [all]] [switch <context_name>] }

Syntax Description

global

- Global related debug messages

protocol - Protocol related traces

gmrp - GMRP related traces

gvrp - GVRP related traces

redundancy Redundancy related debug messages

initshut

- Init and Shutdown

mgmt

- Management

data

- Data path

ctpl

- Control Plane

dump

- Packet dump

os

- Traces related to all Resources except Buffer

failall

- All Failures

buffer

- Buffer

all - All Traces



switch

- Context/Switch Name. If the switch supports multiple instances, the name of the instance can be specified. Otherwise this parameter need not be given or the context name can be given as ‘default’

Mode Privileged Exec Mode


Defaults Disabled

Example iss # debug garp fwd all

Related Command

Error! Reference source not found. - Displays state of each debugging option



9.61 show vlan

This command displays the VLAN information in the database.

show vlan [brief | id <vlan-range> | summary] [ switch <context_name>]

Syntax Description

brief

- Information about all the VLANs in brief

id

- Information specific to the VLAN Id

summary - Summary of the VLAN

switch - Context/Switch Name. This parameter is specific to Multiple Instance.



Example Single Instance: iss# show vlan brief Vlan database

-------------

Vlan ID : 1

Member Ports : Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6

Gi0/7, Gi0/8, Gi0/9, Gi0/10, Gi0/11, Gi0/12

Gi0/13, Gi0/14, Gi0/15, Gi0/16, Gi0/17, Gi0/18

Gi0/19, Gi0/20, Gi0/21, Gi0/22, Gi0/23, Gi0/24

Untagged Ports : Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6

Gi0/7, Gi0/8, Gi0/9, Gi0/10, Gi0/11, Gi0/12

Gi0/13, Gi0/14, Gi0/15, Gi0/16, Gi0/17, Gi0/18

Gi0/19, Gi0/20, Gi0/21, Gi0/22, Gi0/23, Gi0/24

Forbidden Ports : None

Name :

Status : Permanent

----------------------------------------------------

iss# show vlan summary

Number of vlans : 1

Multiple Instance:



iss# show vlan Switch - default

Vlan database

-------------

Vlan ID : 1

Member Ports : Gi0/49

Untagged Ports : Gi0/49


Name :

Status : Permanent

----------------------------------------------------

Switch - cust1

Vlan database

-------------

Vlan ID : 1

Member Ports : Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6

Untagged Ports : Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6


Name :

Status : Permanent

----------------------------------------------------

Vlan ID : 20


Untagged Ports : Gi0/1


Name :

Status : Permanent

----------------------------------------------------

Vlan ID : 30


Untagged Ports : None


Name :



Status : Dynamic Gvrp

----------------------------------------------------

If the optional parameter is not specified then this command displays the VLAN information of all the available interfaces.

Related Commands

shutdown vlan – Shuts down VLAN switching. The no form of the command starts and enables VLAN switching

set vlan - Enables/disables VLAN in the switch

vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode

ports - Configures a static VLAN entry with the required member ports, untagged ports and forbidden ports

9.62 show vlan device info

This command displays the VLAN related global status variables.

show vlan device info [ switch <context_name>]

Syntax Description

switch

- Context/Switch Name. This parameter is specific to Multiple Instance.



Example Single Instance: iss# show vlan device info

Vlan device configurations

--------------------------



Vlan Status : Enabled

Vlan Oper status : Enabled

Gvrp status : Enabled

Gmrp status : Disabled

Gvrp Oper status : Enabled

Gmrp Oper status : Disabled

Mac-Vlan Status : Disabled

Subnet-Vlan Status : Enabled

Protocol-Vlan Status : Enabled

Bridge Mode : Customer Bridge

Base-Bridge Mode : Vlan Aware Bridge

Traffic Classes : Enabled

Vlan Operational Learning Mode : IVL

Version number : 1

Max Vlan id : 4094

Max supported vlans : 1024

Unicast mac learning limit : 150

Multiple Instance: iss# show vlan device info Switch default

Vlan device configurations

--------------------------

Vlan Status : Enabled

Vlan Oper status : Enabled

Gvrp status : Enabled

Gmrp status : Enabled

Gvrp Oper status : Enabled

Gmrp Oper status : Enabled

Mac-Vlan Status : Disabled

Protocol-Vlan Status : Enabled

Bridge Mode : Customer Bridge

Traffic Classes : Enabled

Vlan Operational Learning Mode : IVL

Version number : 1



Max Vlan id : 4094

Max supported vlans : 1024

Unicast mac learning limit : 150

Related Commands shutdown vlan – Shuts down VLAN switching. The no form of the command starts and enables

VLAN switching

set vlan - Enables/disables VLAN in the switch


- Enables MAC-based VLAN for all the available interfaces of the VLAN


set gvrp - Enables or disables GVRP on a global basis

set port gvrp - Enables or disables GVRP on the interface

set gmrp - Enables or disables GMRP on a global basis

set port gmrp - Enables or disables GMRP on the interface

set vlan traffic-classes - Enables or disables traffic classes


port protocol-vlan - Enables port protocol based VLANs

vlan learning mode - Configures the VLAN learning mode

show vlan traffic-classes - Displays the traffic classes information of all the available interfaces.

show protocol-vlan - Displays the entries in the protocol-VLAN database.

unicast-mac learning limit - Sets unicast MAC learning limit for the switch



9.63 show vlan device capabilities

This command displays VLAN capabilities of the device.

show vlan device capabilities [ switch <context_name>]

Syntax Description




Example Single Instance: iss# show vlan device capabilities Vlan device capabilities

--------------------------

Extended filtering services

Traffic classes

Static Entry Individual port

IVL capable

SVL capable

Hybrid capable

Configurable Pvid Tagging

Multiple Instance: iss# show vlan device capabilities Switch - default

Vlan device capabilities

--------------------------


Traffic classes


IVL capable

SVL capable

Hybrid capable




Switch - cust1

Vlan device capabilities

--------------------------


Traffic classes


IVL capable

SVL capable

Hybrid capable


9.64 show fid - detail

This command displays forwarding database identifier used by VLANs in the switch.

show fid [<integer(1-4094)> | detail] [ switch <context_name>]

Syntax Description

switch




Example Single Instance: iss# show fid 2 Default Learning Type : IVL

Fid Vlan mapping information

----------------------------

Fid : 2

Vlan's : 2,

----------------------------

iss# show fid detail Default Learning Type : IVL




----------------------------

Fid : 1

Vlan's : 1,

----------------------------

Fid : 2

Vlan's : 2,

----------------------------

Fid : 3

Vlan's : 3,

----------------------------

Fid : 4

Vlan's : 4,

----------------------------

Fid : 5

Vlan's : 5,

----------------------------

Fid : 6

Vlan's : 6,

Multiple Instance:

iss# show fid 2 Switch - default

Default Learning Type : IVL


----------------------------

Fid : 2

Vlan's : 2,

----------------------------

Switch - cust1

Default Learning Type : IVL


----------------------------

Fid : 2

Vlan's : 2,

----------------------------



Related Commands

fid - vlan range - Configures a VLAN or a list of VLANs to use a Filtering database identified by a filtering database identifier

vlan default hybrid type - Configures the default learning type for VLANs

9.65 show forward-all

This command displays the GMRP forward-all table entries.

show forward-all [ switch <context_name>]



Syntax Description

switch




Example Single Instance: iss# show forward-all Vlan Forward All Table

------------------------

Vlan ID : 1

ForwardAll Ports : Gi0/2

ForwardAll Static Ports : Gi0/2

ForwardAll ForbiddenPorts : Gi0/1

----------------------------------------------------------

Vlan ID : 2




----------------------------------------------------------

Multiple Instance: iss# show forward-all Switch – default

Vlan Forward All Table

------------------------

Vlan ID : 1




----------------------------------------------------------

Vlan ID : 2






----------------------------------------------------------

Related Commands

vlan - Configures a VLAN in the switch and is used to enter into the VLAN mode


forward-all - Configures the forward-all information for a VLAN



9.66 show forward-unregistered

This command displays the GMRP forward-unregistered table.

show forward-unregistered [ switch <context_name>]

Syntax Description

switch




Example Single Instance: iss# show forward-unregistered Vlan Forward Unregistered Table

---------------------------------

Vlan ID : 1

Unreg ports : Gi0/1

Unreg Static Ports : Gi0/1

Unreg Forbidden Ports : Gi0/2

------------------------------------------------------

Vlan ID : 2

Unreg ports : Gi0/2


Unreg Forbidden Ports : Gi0/1

------------------------------------------------------

Multiple Instance: iss# show forward-unregistered Switch - default



Vlan Forward Unregistered Table

---------------------------------

Vlan ID : 1

Unreg ports : Gi0/49


Unreg Forbidden Ports : None

------------------------------------------------------

Switch - cust1

Vlan Forward Unregistered Table

---------------------------------

Vlan ID : 1

Unreg ports : Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6

Unreg Static Ports : Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6


------------------------------------------------------

Vlan ID : 20

Unreg ports : Gi0/1



------------------------------------------------------

Vlan ID : 30

Unreg ports : Gi0/2



------------------------------------------------------

Related Commands



forward-unregistered - Configures the forward unregistered information for a VLAN



9.67 show vlan traffic-classes

This command displays the traffic classes information of all the available interfaces.

show vlan traffic-classes [{port <interface-type> <interface-id> | switch <context_name>}]

Syntax Description

port

- Interface Type and ID of the port




Example Single Instance:



iss# show vlan traffic-classes Traffic Class table

---------------------

Port Priority Traffic Class

----- --------- -------------

Gi0/1 0 2

Gi0/1 1 0

Gi0/1 2 1

Gi0/1 3 3

Gi0/1 4 4

Gi0/1 5 5

Gi0/1 6 6

Gi0/1 7 7

Gi0/2 0 2

Gi0/2 1 0

Gi0/2 2 1

Gi0/2 3 3

Gi0/2 4 4

Gi0/2 5 5

Gi0/2 6 6

Gi0/2 7 7

Multiple Instance:

iss# show vlan traffic-classes Switch - default

Traffic Class table

---------------------


----- --------- -------------

Gi0/49 0 2

Gi0/49 1 0

Gi0/49 2 1

Gi0/49 3 3

Gi0/49 4 4

Gi0/49 5 5



Gi0/49 6 6

Gi0/49 7 7

Switch - cust1

Traffic Class table

---------------------


----- --------- -------------

Gi0/1 0 2

Gi0/1 1 0

Gi0/1 2 1

Gi0/1 3 3

Gi0/1 4 4

Gi0/1 5 5

Gi0/1 6 6

Gi0/1 7 7

Gi0/2 0 2

Gi0/2 1 0

Gi0/2 2 1

Gi0/2 3 3

Gi0/2 4 4

Gi0/2 5 5

Gi0/2 6 6

Gi0/2 7 7

If executed without the ports option, this command displays the priority mapped to all the available traffic classes on the port.

Related Commands



set vlan traffic-classes - Enables / disables traffic classes




9.68 show garp timer

This command displays the GARP timer information of the available interfaces.

show garp timer [{ port <interface-type> <interface-id> | switch <context_name>}]

Syntax Description

port

- Interface type and ID of the port




Example Single Instance: iss# show garp timer port gigabitethernet 0/1 Garp Port Timer Info (in milli seconds)

---------------------------------------

Port Join-time Leave-time Leave-all-time

----- --------- ---------- --------------

Gi0/1 200 600 10000

Multiple Instance:

iss# show garp timer Switch - default

Garp Port Timer Info (in milli seconds)

---------------------------------------




----- --------- ---------- --------------

Gi0/49 200 600 10000

Switch - cust1

Garp Port Timer Info (in milli seconds)

---------------------------------------


----- --------- ---------- --------------

Gi0/1 200 600 10000

Gi0/2 200 600 10000

Gi0/3 200 600 10000

Gi0/4 200 600 10000

Gi0/5 200 600 10000

Gi0/6 200 600 10000

The timer information is the same for GVRP and GMRP.

Related Commands



set garp timer - Configures the GARP join time, leave time, and leaveall time in milli-seconds



9.69 show vlan port config

This command displays the VLAN related parameters specific for ports.

show vlan port config [{port <interface-type> <interface-id> | switch <context_name>}]

Syntax Description

port

- Interface type and ID of the port




Example Single Instance: iss# show vlan port config Vlan Port configuration table

-------------------------------



Port Gi0/1

Port Vlan ID : 1

Port Acceptable Frame Type : Admit All

Port Ingress Filtering : Disabled

Port Mode : Hybrid

Port Gvrp Status : Enabled

Port Gmrp Status : Enabled

Port Gvrp Failed Registrations : 0

Gvrp last pdu origin : 00:00:00:00:00:00

Port Restricted Vlan Registration : Disabled

Port Restricted Group Registration : Disabled

Mac Based Support : Disabled

Subnet Based Support : Disabled

Port-and-Protocol Based Support : Enabled

Default Priority : 0

Filtering Utility Criteria : Default

Port Protected Status : Disabled

-------------------------------------------------------

Port Gi0/2

Port Vlan ID : 1



Port Mode : Hybrid








Subnet Based Support : Disabled



Filtering Utility Criteria : Default

Port Protected Status : Disabled

-------------------------------------------------------

Multiple Instance: iss# show vlan port config



Switch - default

Vlan Port configuration table

-------------------------------

Port Gi0/49

Port Vlan ID : 1



Port Mode : Hybrid










Dot1x Protocol Tunnel Status : Peer

LACP Protocol Tunnel Status : Peer

Spanning Tree Tunnel Status : Peer

GVRP Protocol Tunnel Status : Peer

GMRP Protocol Tunnel Status : Peer

IGMP Protocol Tunnel Status : Peer

Filtering Utility Criteria : Enhanced

-------------------------------------------------------

Switch - cust1

Vlan Port configuration table

-------------------------------

Port Gi0/1

Port Vlan ID : 20



Port Mode : Hybrid












-------------------------------------------------------

Port Gi0/2

Port Vlan ID : 1



Port Mode : Hybrid




Gvrp last pdu origin : 00:01:02:03:04:0e






-------------------------------------------------------

If executed with out the optional parameter this command displays the port information of all the available ports.

Related Commands set port gvrp / set port gvrp - enable | disable - Enables or disables GVRP on the

interface

set port gmrp - Enables or disables GMRP on the interface

switchport pvid / switchport access vlan - Configures the PVID (VLAN ID) that would be assigned to untagged/priority-tagged frames/VLAN tagged frames

switchport acceptable-frame-type - Configures the acceptable frame type for the port

switchport ingress-filter - Enables ingress filtering on the port



port mac-vlan - Enables MAC-based VLAN on the port

port protocol-vlan - Enables port protocol based VLANs

vlan restricted - Enables/disables restricted VLAN registration on the port

9.70 show vlan protocols-group

This command displays the protocol group database.

show vlan protocols-group [ switch <context_name>]

Syntax Description

switch




Example Single Instance: iss# show vlan protocols-group Protocol Group Table

--------------------

------------------------------------------

Frame Type Protocol Group

------------------------------------------

Enet-v2 IP 1



Snap Novell 2

------------------------------------------

Multiple Instance: iss# show vlan protocols-group Switch - default

Protocol Group Table

--------------------

------------------------------------------

Frame Type Protocol Group

------------------------------------------

Enet-v2 IP 1

Snap Novell 2

------------------------------------------

Related Commands map protocol - Configures the group ID for a specific encapsulation and protocol value

combination

show protocol-vlan - Displays the entries in the protocol-VLAN database

switchport map protocols-group - Maps the protocol group configured to a particular VLAN identifier for the specified interface

9.71 show protocol-vlan

This command displays the entries in protocol-VLAN database.

show protocol-vlan [ switch <context_name>]

Syntax Description

switch




Example Single Instance: iss# show protocol-vlan



Port Protocol Table

--------------------------------------

Port Group Vlan ID

--------------------------------------

Gi0/2 1 2

Gi0/1 2 3

--------------------------------------

Multiple Instance:

iss# show protocol-vlan Switch - default

Port Protocol Table

--------------------------------------

Port Group Vlan ID

--------------------------------------

Gi0/2 1 2

Gi0/1 2 3

--------------------------------------

Related Command

switchport map protocols-group - Maps the protocol group configured to a particular VLAN identifier for the specified interface

9.72 show mac-vlan

This command displays the entries in the MAC-VLAN database.

show mac-vlan [{interface <interface-type> <interface-id>] [ switch <context_name>]

Syntax interface - Interface Type and Identifier



Description switch - Context/Switch Name. This parameter is specific to Multiple Instance.



Example Single Instance: iss# show mac-vlan interface gigabitethernet 0/1 Mac Map Table For Port 1--Mac Vlan Disabled

--------------------------

Mac Address Vlan ID MCast/Bcast

----------- ------- -----------

00:11:11:11:11:11 1 discard

00:22:22:22:22:22 1 allow

Multiple Instance: iss# show mac-vlan switch cust1 Switch - cust1

Mac Map Table

--------------

Mac Address Vlan ID

----------- -------

00:11:22:33:44:55 2

Related Commands

mac-vlan - Enables MAC-based VLAN for all the available interfaces of the VLAN

mac-map - Configures the VLAN-MAC address mapping


9.73 show subnet vlan mapping



This command displays the entries in Subnet-VLAN database.

show subnet-vlan mapping [{interface <interface-type> <interface-id> | switch <string(32)>}]

Syntax Description

interface - Interface Type and Identifier




Example iss# show subnet -vlan mapping interface gigabitethernet 0/1

Subnet Map Table For Port 1--Subnet Vlan Enabled

-------------------------------------------------

Subnet Address Vlan ID ARP Traffic

-------------------------------------------------

14.0.0.0 1 allow

192.168.1.0 1 discard

Related Commands

map subnet: Configures a VLAN subnet mapping entry




9.74 show vlan counters

This command displays the VLAN counters database.

show vlan counters [vlan <vlan-range>] [ switch <context_name>]

Syntax Description

vlan - VLAN range.




Example Single Instance: iss# show vlan counters Port Vlan statistics

--------------------------

Port Gi0/1

Vlan ID : 1

In frames : 342

Out frames : 345

Discards : 0

Port Gi0/1

Vlan ID : 2

In frames : 446

Out frames : 248

Discards : 0

Port Gi0/2

Vlan ID : 2

In frames : 115

Out frames : 517

Discards : 7

Port Gi0/2

Vlan ID : 2

In frames : 0



Out frames : 0

Discards : 0

Multiple Instance:

iss# show vlan counters Switch - default

Port Vlan statistics

--------------------------

Port Gi0/49

Vlan ID : 1

In frames : 75

Out frames : 0

Discards : 0

--------------------------

Switch - cust1

Port Vlan statistics

--------------------------

Port Gi0/1

Vlan ID : 1

In frames : 0

Out frames : 0

Discards : 0

--------------------------

Port Gi0/1

Vlan ID : 20

In frames : 0

Out frames : 0

Discards : 0

--------------------------

Port Gi0/2

Vlan ID : 1

In frames : 70

Out frames : 0

Discards : 0

--------------------------



Port Gi0/2

Vlan ID : 30

In frames : 0

Out frames : 0

Discards : 2

--------------------------

Related Commands

vlan - Configures a VLAN in the switch and is also used to enter into the config-VLAN mode


9.75 show vlan statistics

This command displays VLAN statistics such as the number of unicast frames forwarded broadcast packets and unknown unicast packets flooded in that VLAN.

show vlan statistics [vlan <vlan-range>] [ switch <context_name>]

Syntax Description

vlan - VLAN range.






Example Single Instance iss# show vlan statistics vlan 1 Unicast/broadcast Vlan statistics

-------------------------------------

Vlan Id : 1

Unicast frames received : 0

Mcast/Bcast frames received : 0

Unknown Unicast frames flooded : 0

Unicast frames transmitted : 0

Broadcast frames transmitted : 0

-------------------------------------

Multiple Instance iss# show vlan statistics vlan 1 switch sw1 Switch – sw1

Unicast/broadcast Vlan statistics

--------------------------------------

Vlan Id : 1

Unicast frames : 16

Broadcast frames : 10

Unicast frames flooded : 25

--------------------------------------

If VLAN ID is not specified in the command, statistics of all the VLAN existing in the system will be displayed.

Related Command

clear vlan statistics - Clears the VLAN counters

9.76 show mac-address-table

This command displays the static and dynamic unicast and multicast MAC address table.



show mac-address-table [vlan <vlan-range>] [address <aa:aa:aa:aa:aa:aa>] [interface <interface-type> <interface-id> ]

Syntax Description

vlan - VLAN range

address - MAC address

interface - Interface type and ID



Example iss# show mac-address-table vlan 2 Vlan Mac Address Type ConnectionId Ports

---- ----------- ---- ----------- -----

2 00:01:02:03:04:21 Learnt Gi0/1

Total Mac Addresses displayed: 1

iss# show mac-address-table interface gigabitethernet 0/1

Vlan Mac Address Type ConnectionId Ports

---- ----------- ---- ----------- -----

2 00:01:02:03:04:21 Learnt Gi0/1

1 01:02:03:04:05:06 Static Gi0/1


If executed without the optional parameters this command displays all the static and dynamic MAC entries

Related Commands



mac-address-table static unicast - Configures a static unicast MAC address in the forwarding database

mac-address-table static multicast - Configures a static multicast MAC address in the forwarding database



9.77 show dot1d mac-address-table This command displays the static/dynamic unicast and dynamic multicast FDB table entries, when the base bridge mode is transparent bridging.

show dot1d mac-address-table [address <aa:aa:aa:aa:aa:aa>] [{interface <interface-type> <interface-id> | switch <context_name>}]

Syntax Description


interface-type, interface-id


switch - Context/Switch Name



Example iss# show dot1d mac-address-table address 00:01:02:03:04:21 Mac Address Type Ports

----------- ---- -----

00:01:02:03:04:21 Learnt Gi0/2


iss# show dot1d mac-address-table interface gigabitethernet 0/2

Mac Address Type Ports

----------- ---- -----

00:01:02:03:04:21 Learnt Gi0/2

01:02:03:04:05:06 Static Gi0/2


If executed without the optional parameters this command displays all the static/dynamic unicast and dynamic multicast entries

Related Commands



mac-address-table static unicast – Transparent Bridging Mode - Configures a static unicast MAC address in the forwarding database when base bridge mode is transparent bridging.

mac-address-table static multicast – Transparent Bridging mode- Configures a static multicast MAC address in the forwarding database when base bridge mode is transparent bridging

9.78 show dot1d mac-address-table static unicast This command displays static unicast MAC address table when the base bridge mode is transparent bridging.

show dot1d mac-address-table static unicast [address <aa:aa:aa:aa:aa:aa>] [interface <interface-type> <interface-id>]

Syntax Description






Example iss# show dot1d mac-address-table static unicast address 00:01:02:03:04:21 Mac Address RecvPort Status Ports

----------- -------- ------ -----

00:11:22:33:44:55 Permanent Gi0/2


iss# show dot1d mac-address-table static unicast address 00:11:22:33:44:55 Mac Address RecvPort Status Ports

----------- -------- ------ -----

00:11:22:33:44:55 Permanent Gi0/2


If executed without the optional parameters this command displays all the static unicast MAC entries



Related commands

mac-address-table static unicast – Transparent Bridging Mode - Configures a static unicast MAC address in the forwarding database when base bridge mode is transparent bridging.

9.79 show dot1d mac-address-table static multicast

This command displays static multicast MAC address table when the base bridge mode is transparent bridging.

show dot1d mac-address-table static multicast [address <aa:aa:aa:aa:aa:aa>] [interface <interface-type> <interface-id>]

Syntax Description






Example iss# show dot1d mac-address-table static multicast address 01:00:5E:01:02:03 Mac Address RecvPort Type Ports

----------- ---- ----- -----

01:00:5E:01:02:03 static Gi0/2-3


iss# show dot1d mac-address-table static multicast interface gigabitethernet 0/2

Mac Address RecvPort Type Ports



----------- ------ ---- -----

01:00:5E:01:02:03 static Gi0/2

01:00:5E:01:02:04 static Gi0/2


If executed without the optional parameters this command displays all the static multicast MAC entries

Related commands

mac-address-table static multicast – Transparent Bridging mode- Configures a static multicast MAC address in the forwarding database when base bridge mode is transparent bridging

9.80 show mac-address-table count

This command displays the number of MAC addresses present on all the VLANs or on the specified VLAN.

show mac-address-table count [vlan <vlan-id(1-4094)>] [ switch <context_name>]

Syntax Description

vlan

- VLAN ID




Example Single Instance iss# show mac-address-table count Mac Entries for Vlan 1:



--------------------------

Dynamic Unicast Address Count : 1

Dynamic Multicast Address Count : 0

Static Unicast Address Count : 1

Static Multicast Address Count : 1

----------------------------------------

Mac Entries for Vlan 2:

--------------------------





----------------------------------------

Multiple Instance: iss# show mac-address-table count switch cust1 Switch - cust1


--------------------------





----------------------------------------


--------------------------





----------------------------------------


--------------------------







----------------------------------------

If executed without the optional parameter this command displays the MAC addresses present on all the VLANs.

Related Commands





9.81 show mac-address-table static unicast



This command displays the statically configured unicast addresses from the MAC address table.

show mac-address-table static unicast [vlan <vlan-range>] [address <aa:aa:aa:aa:aa:aa>] [{interface <interface-type> <interface-id> | switch <context_name>}]

Syntax Description

vlan - VLAN Id







iss# show mac-address-table static unicast Vlan Mac Address RecvPort Status ConnectionId Ports

---- ----------- -------- ------ ----- -------

2 00:11:22:33:44:55 Gi0/2 Del-OnTimeout Gi0/3

Multiple Instance:

iss# sh mac-address-table static unicast switch cust1 Switch - cust1

Vlan Mac Address SrvInst/ Status Ports

---- ----------- -------- ------ -----

1 00:11:22:33:44:55 Gi0/2 Permanent Gi0/3


If executed without the optional parameters this command displays the MAC address table for all the available interfaces.

Related Commands






show mac-address-table dynamic unicast - Displays the dynamic MAC address table for the specified address or for all the addresses

9.82 show mac-address-table static multicast

This command displays the statically configured multicast entries.

show mac-address-table static multicast [vlan <vlan-range>] [address <aa:aa:aa:aa:aa:aa>] [{interface <interface-type> <interface-id> | switch <context_name>}]

Syntax Description

vlan

- VLAN Id

address

- MAC address


switch





iss# show mac-address-table static multicast Static Multicast Table

----------------------

Vlan : 1

Mac Address : 01:02:03:04:05:06

Receive Port : Gi0/1


Forbidden Ports : Gi0/2

Status : Permanent

------------------------------------------------




Multiple Instance:

iss# sh mac-address-table static multicast switch cust1 Switch - cust1

Static Multicast Table

----------------------

Vlan : 1

Mac Address : 01:02:03:04:05:06

Receive Port : Gi0/2


Status : Permanent

------------------------------------------------


Related Commands



mac-address-table static multicast / mac address-table static mcast - Configures a static multicast MAC address in the forwarding database

show mac-address-table dynamic multicast - Displays the dynamic MAC address table for the specified address or for all the addresses



9.83 show mac-address-table dynamic unicast

This command displays the dynamically learnt unicast entries from the MAC address table.

show mac-address-table dynamic unicast [vlan <vlan-range>] [address <aa:aa:aa:aa:aa:aa>] [{interface <interface-type> <interface-id> | switch <context_name>}]

Syntax Description

vlan

- VLAN Id

address

- MAC address

interface





Example Single Instance: iss# show mac-address-table dynamic unicast vlan 2 Vlan Mac Address Type ConnectionId Ports

---- ----------- ---- ------------ -----

2 00:01:02:03:04:21 Learnt Gi0/1




Multiple Instance: iss# show mac-address-table dynamic unicast

Switch - default

Vlan Mac Address Type Ports

---- ----------- ---- -----

1 00:02:02:03:04:04 Learnt Gi0/2

1 00:03:02:03:04:04 Learnt Gi0/3

2 00:02:02:03:04:04 Learnt Gi0/2

2 00:03:02:03:04:04 Learnt Gi0/3

3 00:02:02:03:04:04 Learnt Gi0/2

3 00:03:02:03:04:04 Learnt Gi0/3


If executed without the optional parameters this command displays the MAC address table of all the available interfaces

Related Commands




show mac-address-table static unicast - Displays the statically configured unicast address from the MAC address table



9.84 show mac-address-table dynamic multicast

This command displays the dynamically learnt multicast MAC address.

show mac-address-table dynamic multicast [vlan <vlan-range>] [address <aa:aa:aa:aa:aa:aa>] [{interface <interface-type> <interface-id> | switch <context_name>}]

Syntax Description

vlan

- VLAN Id

address

- MAC address


switch







iss# show mac-address-table dynamic multicast Vlan Mac Address Type ConnectionId Ports

---- ----------- ---- ------------ -----

2 01:03:05:07:09:04 Learnt Gi0/1


Multiple Instance:

iss# show mac-address-table dynamic multicast Switch - default

Vlan Mac Address Type Ports

---- ----------- ---- -----

2 01:02:02:02:02:02 Learnt Gi0/2, Gi0/3

3 01:02:02:02:02:02 Learnt Gi0/2

3 01:03:03:03:03:03 Learnt Gi0/3


If executed without the optional parameters this command displays the MAC address table of all the available interfaces.

Related Commands vlan - Configures a VLAN in the switch and is also used to enter into the config-VLAN mode



show mac-address-table static multicast - Displays the statically configured multicast entries



9.85 show mac-address-table aging-time

This command displays the MAC address-table ageing time.

show mac-address-table aging-time [ switch <context_name>]

Syntax Description

switch







iss# show mac-address-table aging-time Mac Address Aging Time: 300

Multiple Instance:

iss# show mac-address-table aging-time Context default: Mac Address Aging Time: 300

Related Commands

show mac-address-table - Displays the static and dynamic MAC entries

mac-address-table aging-time - Configures the MAC address table entry maximum age

9.86 show wildcard

This command displays wildcard Mac Address Table entries

show wildcard {mac-address <mac_addr> | broadcast} [switch <context_name>]

Syntax Description

mac-address / broadcast

- Unicast/Multicast/BroadCast Mac Address of Wildcard entry






Example iss# show wildcard mac-address 01:02:03:04:05:06 Switch default

Wild Card Entries:

------------------

Mac Address Ports

---------------- , -------------------

01:02:03:04:05:06 Gi0/1

DATACOM SYSTEMS INC CHAPTER 10: SNMPV3


Chapter

11 10.SNMPv3

SNMP (Simple Network Management Protocol) is the most widely-used network management protocol on TCP/IP-based networks. SNMPv3 is designed mainly to overcome the security shortcomings of SNMPv1/v2. USM (User based Security Model) and VACM (View based Access Control Model) are the main features added as part of the SNMPv3 specification. USM provides for both encryption and authentication of the SNMP PDUs, while VACM specifies a mechanism for defining access policies for different users with different MIB trees. Also, SNMPv3 specifies a generic management framework, which is expandable for adding new Management Engines, Security Models, Access Control Models and so on. With SNMPv3, the SNMP communication is completely safe and secure.

SNMPv3 is a multi-lingual Agent supporting all three versions of SNMP (SNMPv1, SNMPv2c and SNMPv3) while conforming to the latest specifications. It is available as a portable source code product, which can be easily integrated to any platform (any OS and any Processor). MIB integration is made simple with the aid of a tool called Middle Level Code Generator (MIDGEN), which is available along with DatacomSystems SNMP. MIDGEN generates the interface stubs required for every object in the MIB for the SET, GET and GETNEXT operations.

These stubs can be implemented by the respective modules supporting the MIB. DatacomSystems SNMP is provided as source code available for licensing to OEMs and VARs who wish to incorporate the multi-lingual SNMP functionality into their products.

The list of CLI commands for the configuration of SNMPv3 is as follows:

enable snmpsubagent

disable snmpsubagent

show snmp agentx information

show snmp agentx statistics

enable snmpagent

disable snmpagent



snmp community index

snmp group

snmp access

snmp engineid

snmp proxy name

snmp mibproxy name

snmp view

snmp targetaddr

snmp targetparams

snmp user

snmp notify

snmp filterprofile

snmp-server enable traps snmp authentication

snmp-server trap udp-port

snmp-server trap proxy-udp-port

snmp agent port

snmp tcp enable

snmp trap tcp enable

snmp-server tcp-port

snmp-server trap tcp-port

snmp-server enable traps

show snmp

show snmp community

show snmp group

show snmp group access

show snmp engineID

show snmp proxy

show snmp mibproxy

show snmp viewtree

show snmp targetaddr

show snmp targetparam

show snmp user

show snmp notif

show snmp inform statistics

show snmp-server traps

show snmp-server proxy-udp-port



show snmp tcp

show snmp filter table



10.1 enable snmpsubagent

This command enables either snmp agent or agentx-subagent capabilities.

enable snmpsubagent { master { ip4 <ipv4_address> | ip6 <ipv6_address> } [port <number>] }

Syntax Description

snmpsubagent - Enables SNMP Subagent

master - The master agent address. It can be either ip4 or ip6.

port - Port number on which master agent listens subagent.



Defaults port - 705

Example iss(config)# enable snmpsubagent master ip4 10.0.0.5 port 897

Related Commands

show snmp agentx information - Displays global information of SNMP Agentx communications.

show snmp agentx statistics - Displays all the information regarding SNMP Agentx statistics.



10.2 disable snmpsubagent This command disables agentx-subagent.

disable snmpsubagent



Example iss(config)# disable snmpsubagent

Related Commands

show snmp agentx information - Displays global information of SNMP Agentx communications.

show snmp agentx statistics - Displays all the information regarding SNMP Agentx statistics.



10.3 show snmp agentx information

This command displays global information of SNMP Agentx communications.

show snmp agentx information



Example iss# show snmp agentx information

Agentx Subagent is enabled

TransportDomain :TCP

Master IP Address :10.0.0.2

Master PortNo :705



10.4 show snmp agentx statistics

This command displays all the information regarding SNMP Agentx statistics.

show snmp agentx statistics



Example iss# show snmp agentx statistics

Tx Statistics

Transmitted Packets :860

Open PDU :1

Index Allocate PDU :0

Index DeAllocate PDU :0

Register PDU :2

Add Agent Capabilities PDU :0

Notify PDU :0

Ping PDU :20

Remove Agent Capabilities PDU :0

UnRegister PDU :0

Close PDU :0

Response PDU :837

Rx Statistics

Rx Packets :859

Get PDU :1

GetNext PDU :836

GetBulk PDU :0

TestSet PDU :0

Commit PDU :0

Cleanup PDU :0



Undo PDU :0

Dropped Packets :0

Parse Drop Errors :1

Open Fail Errors :0

Close PDU :0

Response PDU :21

10.5 enable snmpagent

This command enables SNMP agent.

enable snmpagent



Defaults SNMP agent is enabled.

Example iss(config)# enable snmpagent

Related Commands

disable snmpagent - Disables SNMP agent.

enable snmpsubagent - Enables either snmp agent or agentx-subagent capabilities.



10.6 disable snmpagent

This command disables SNMP agent.

disable snmpagent



Example iss(config)# disable snmpagent

Related Commands

enable snmpagent - Enables SNMP agent.

enable snmpsubagent - Enables either snmp agent or agentx-subagent capabilities.



10.7 snmp community index

This command configures the SNMP community details. The no form of this command removes the SNMP community details.

snmp community index <CommunityIndex> name <CommunityName> security <SecurityName> [context <Name >] [{volatile | nonvolatile}] [transporttag <TransportTagIdentifier | none>] [contextengineid <ContextEngineID>]

no snmp community index <CommunityIndex>

Syntax Description

CommunityIndex

- Community index identifier

name

- Community name

security

- User Name



context

- Context name through which the management information is accessed when using the community string specified by the corresponding instance of SNMP community name

volatile | nonvolatile

- Storage type

transporttag

- Transport tag identifier

contextengineid Context engine identifier.



Defaults Community Index

- NETMAN/PUBLIC

CommunityName

- NETMAN/PUBLIC

Security Name

- None

ContextName

- Null

Transport Tag

- Null

Storage type

- Volatile

Example iss(config)# snmp community index myv3com name myv3com security xyz context myinst nonvolatile transporttag myv3tag

The community index identifier must be unique for every community name entry.

Related Commands show snmp - Displays the status information of SNMP communications

show snmp community - Displays the configured SNMP community details



10.8 snmp group

This command configures SNMP group details. The no form of the command removes the SNMP group details.

snmp group <GroupName> user <UserName> security-model {v1 | v2c | v3 } [{volatile | nonvolatile}]

no snmp group <GroupName> user <UserName> security-model {v1 | v2c | v3 }

Syntax Description

GroupName

- Name of the SNMP group

user

- User Name

security-model

- Security Model




- Storage Type



Defaults Group Name

- iso/initial

Example iss(config)# snmp group myv3group user myv3user security-model v1 volatile

Related Commands

show snmp group - Displays the configured SNMP groups

show snmp user - Displays the configured SNMP users

10.9 snmp access

This command configures the SNMP group access details. The no form of the command removes the SNMP group access details.

snmp access <GroupName> {v1 | v2c | v3 {auth | noauth | priv}} [read <ReadView | none>] [write <WriteView | none>] [notify <NotifyView | none>] [{volatile | nonvolatile}] [context <name>]

no snmp access <GroupName> {v1 | v2c | v3 {auth | noauth | priv}} [context <name>]

Syntax Description

GroupName

- Name of the group



v1 | v2c | v3

- Version of the SNMP

auth

- Authentication - Enables Message digest (MD5) or Secure Hash Algorithm (SHA) packet authentication

noauth

- no-authentication

priv

- Specifies both authentication and privacy

read

- A read view identifier

write

- A write view identifier

notify

- A notification view identifier


- Storage type

context - Name of the SNMP context



Defaults Group Name

- iso

Read/Write/Notify view

- iso

Storage Type

- volatile

Group Name

- initial

Read/Write/Notify View

- restricted

Storage Type

- non-volatile

Group Name

- initial



Read/Write/Notify View

- iso

Storage Type

- non-volatile

Example iss(config)# snmp access myv2group v2 read v2readview write v2writeview notify v2notifyview nonvolatile

To configure an SNMP access along with the group, a group must have already been created using the snmp group command

Version 3 is the most secure model as it allows packet encryption with the priv key word

Related Commands

snmp group - Configures SNMP group details

snmp view - Configures the SNMP view

show snmp group - Displays the configured SNMP groups

show snmp group access - Displays the configured SNMP group access details

show snmp viewtree - Displays the configured SNMP Tree views

10.10 snmp engineid

This command configures the engine identifier. The no form of the command removes the configured engine identifier.

snmp engineid <EngineIdentifier>

no snmp engineid

Syntax Description

EngineIdentifier

- Engine ID





Defaults 80.00.08.1c.04.46.53

Example iss(config)# snmp engineid 80.0.08.1c.04.5f.a9

The Engine ID must be given as octets in hexadecimal separated by dots and the allowed length is 5 to 32 octets.

SNMP engine ID is an administratively unique identifier.

Changing the value of the SNMP engine ID has significant effects.

All the user information will be updated automatically to reflect the change

Related Commands

show snmp engineID - Displays the Engine Identifier


10.11 snmp proxy name

This command configures the proxy. The no form of the command removes the proxy.

snmp proxy name <ProxyName> ProxyType {Read | Write | inform | Trap} ContextEngineID <EngineId> TargetParamsIn <TargetParam> TargetOut <TargetOut> [ContextName <ProxyContextName>] [StorageType {volatile | nonvolatile}]

no snmp proxy name <ProxyName>



Syntax Description

ProxyName - The locally arbitrary, but unique identifier associated with the tProxyEntry.

This will be the INDEX used for the Proxy Table.

ProxyType - Type of message that are forwarded using the translation parameters. Options are:

Read

Write

Inform

Trap ContextEngineID - Context engine identifier contained in messages

that are forwarded using the translation parameters.

TargetParamsIn - This object selects an entry in the snmpTargetParamsTable. The selected entry is used to determine which row of the snmpProxyTable is to be used for forwarding the received messages.

TargetOut - This object selects a management target defined in the snmpTargetAddrTable (in the SNMP-TARGET-MIB). The selected target is defined by an entry in the snmpTargetAddrTable whose index value (snmpTargetAddrName) is equal to this object.

This object is only used when selection of a single target is required (that is, when forwarding an incoming read or write request).

ContextName - Context name contained in messages that are forwarded using the translation parameters.

Storage Type - Storage type. Options are:

volatile

nonvolatile Mode Global Configuration Mode


Defaults Storage Type - nonvolatile

Example iss(config)# snmp proxy name proxy1 ProxyType write ContextEngineID 80.00.08.1c.04.46.53 TargetParamsIn param2 TargetOut target2 ContextName pxyctxtname StorageType nonvolatile

Related Commands



show snmp proxy - Displays proxy details.

10.12 snmp mibproxy name

This command configures the proxy. The no form of the command removes the proxy.

snmp mibproxy name <ProxyName> ProxyType {Read | Write | inform | Trap} mibid <MibId> TargetParamsIn <TargetParam> TargetOut <TargetOut> [StorageType {volatile | nonvolatile}]

no snmp mibproxy name <ProxyMibName>



Syntax Description

ProxyName

- The locally arbitrary, but unique identifier associated with the tProxyEntry.

This will be the INDEX used for the Proxy Table.

ProxyType

- Type of message that are forwarded using the translation parameters. Options are:

Read

Write

Inform

Trap mibid - MIB identifier.

TargetParamsIn - This object selects an entry in the snmpTargetParamsTable. The selected entry is used to determine which row of the snmpProxyTable to use for forwarding the received messages.

TargetOut - This object selects a management target defined in the snmpTargetAddrTable (in the SNMP-TARGET-MIB). The selected target is defined by an entry in the snmpTargetAddrTable whose index value (snmpTargetAddrName) is equal to this object.

This object is only used when selection of a single target is required (that is, when forwarding an incoming read or write request).

ContextName - Context name contained in messages that are forwarded using the translation parameters

Storage Type - Storage type. Options are:

volatile

nonvolatile Mode Global Configuration Mode


Defaults Storage Type - nonvolatile

Example iss(config)# snmp mibproxy name mibproxy1 ProxyType read mibid 1 TargetParamsIn param1 TargetOut target1 StorageType nonvolatile

Related Commands

show snmp mibproxy - Displays proxy details.



10.13 snmp view

This command configures the SNMP view. The no form of the command removes the SNMP view.

snmp view <ViewName> <OIDTree> [mask <OIDMask>] {included | excluded} [{volatile | nonvolatile}]

no snmp view <ViewName> <OIDTree>



Syntax Description

ViewName

- View Name

OIDTree

- Object Identifier

OIDMask | none

- Defines views' subtrees

included | excluded

- Type of view


- Type of storage



Defaults View Name

- iso/restricted

OIDTree

- 1

OIDMask

- None

View type - included

Storage type

- non-volatile

Example iss(config)# snmp view v2readview 1.3.6.1 mask 1.1.1.1 included nonvolatile

To configure an SNMP view (read/write/notify), a group must have already been created using the snmp group command and SNMP group access must be configured using the snmp access command.

Related Commands

snmp access - Configures the SNMP group access details

show snmp viewtree - Displays the configured SNMP Tree views

show snmp group access - Displays the configured SNMP group access details



10.14 snmp targetaddr

This command configures the SNMP target address. The no form of the command removes the configured SNMP target address.

snmp targetaddr <TargetAddressName> param <ParamName> {<IPAddress> | <IP6Address>} [timeout <Seconds(1-1500)] [retries <RetryCount(1-3)] [taglist <TagIdentifier | none>] [{volatile | nonvolatile}] [port <integer (1-65535)>]



no snmp targetaddr <TargetAddressName>

Syntax Description

TargetAddressName - Name of the Target address (host)

param - SNMP parameter Name

IPAddress/ IP6Address

- IP/IP6 Address of the host

timeout - The time the SNMP agent waits for a response from the SNMP Manager before retransmitting the Inform Request Message

retries - The Maximum number of times the agent can retransmit the Inform Request Message

taglist - Tag Identifier


- Storage type

port - SNMP Manager port number for sending the TRAP/INFORM messages to SNMP Manager. This value ranges between 1 and 65535.



Defaults ParamName - Internet

IPAddress - 10.0.0.10

taglist - snmp

volatile | nonvolatile - volatile

port - 162



Example iss(config)# snmp targetaddr issmgr param issd 10.0.0.10 taglist mytag nonvolatile

Target param must have been configured.

Related Commands

show snmp targetaddr - Displays the configured SNMP target Addresses

snmp targetparams - Configures the SNMP target parameters

show snmp targetparam - Displays the configured SNMP Target Address Params

10.15 snmp targetparams

This command configures the SNMP target parameters. The no form of the command removes the SNMP target parameters.

snmp targetparams <ParamName> user <UserName> security-model {v1 | v2c | v3 {auth | noauth | priv}} message-processing {v1 | v2c | v3} [{volatile



| nonvolatile}] [filterprofile-name <profilename> ] [filter-storagetype {volatile | nonvolatile}]

no snmp targetparams <ParamName>

Syntax Description

ParamName - SNMP Parameter Name

user - User Name

security-model - Security Model

auth - Authentication - Enables Message digest (MD5) or Secure Hash Algorithm (SHA) packet authentication

noauth - no-authentication

priv - Specifies both authentication and privacy

message-processing

- Message processing model


- Storage type

filterprofile-name

- Name of the filter profile to be used for the specified target address.

filter-storagetype

- Storage type for the filter. This can be:

volatile - Temporary storage. Details are lost once restarted.

nonvolatile - Permanent storage. Details are present even after restart.



Defaults ParamName - internet

User/Security Name - None



Security Model - v2c

Security Level - NoauthNoPriv

Message Processing Model

- v2c

Storage Type - Non-volatile

ParamName - test1

User/Security Name - None

Security Model - v1

Security Level - NoauthNoPriv

Message Processing Model

- v1

Storage Type - Non-volatile

Example iss(config)# snmp targetparams param1 user user1 security-model v3 noauth message-processing v3

User information must have been configured prior to the configuration of SNMP target parameters

Related Commands snmp user - Configures the SNMP user details

snmp filterprofile - Creates Notify filter Table

show snmp targetparam - Displays the configured SNMP Target Address Params

show snmp user - Displays the configured SNMP users.

10.16 snmp user

This command configures the SNMP user details. The no form of the command removes the SNMP user details.



snmp user <UserName> [auth {md5 | sha} <passwd> [priv DES <passwd>]] [{volatile | nonvolatile}] [EngineId <EngineID>]

no snmp user <UserName> [EnginId <EngineID>]

Syntax Description

UserName

- Name of the User

auth

- Authentication Algorithm - can be Message Digest 5 or Secure Hash Algorithm

passwd

- Password associated with the Authentication type

priv DES

- Private encryption password


- Storage type - can be either volatile or non-volatile

EngineId - SNMP engine identifier



Defaults UserName

- Initial

Authentication Protocol

- None

Privacy Protocol

- None

Storage type

- Non-volatile

Storage type

- Non-volatile

Example iss(config)# snmp user user1

SNMP passwords are localized using the local SNMP engine ID



Related Commands

show snmp engineID - Displays the Engine Identifier


10.17 snmp notify



This command configures the SNMP notification details. The no form of this command removes the SNMP notification details.

snmp notify <NotifyName> tag <TagName> type {Trap | Inform} [{volatile | nonvolatile}]

no snmp notify <NotifyName>

Syntax Description

NotifyName

- Notification Name

tag - Tag Name

type - Type of Notification


Storage type of the notification details



Defaults Notify Name

- iss/iss1

Notify Tag

- iss/iss1

Storage type

- volatile

Example iss(config)# snmp notify note1 tag tag1 type Inform

Related Commands

show snmp notif - Displays the configured SNMP Notifications

show snmp targetaddr - Displays the configured SNMP target Addresses



10.18 snmp filterprofile

This command creates Notify filter Table. The no form of the command removes the filter entry from the table.

snmp filterprofile <profile-name> <OIDTree> [mask <OIDMask>] {included | excluded} [{volatile | nonvolatile}]

no snmp filterprofile <profilename> <OIDTree>

Syntax Description

profile-name

- Name of the filter profile.

OIDTree - Object Identifier

mask <OIDMask>

- Defines a family of subtrees, in combination with the object identifier.

included | excluded

- Type of filter. This indicates whether the OID and mask should be included in or excluded from the fileter profile.


- Storage type.

volatile - Temporary storage. Details are lost once restarted.

nonvolatile - Permanent storage. Details are present even after restart.



Example iss(config)# snmp filterprofile filter1 1.5 mask 1.1 included nonvolatile

Related Commands show snmp filter table - Displays the configured SNMP filters




10.19 snmp-server enable traps snmp authentication

This command enables generation of authentication traps for SNMPv1 and SNMPv2c. The no form of the command disables generation of authentication traps for SNMPv1 and SNMPv2c.

snmp-server enable traps snmp authentication

no snmp-server enable traps snmp authentication



Defaults Generation of authentication traps is disabled by default.

Example iss(config)# snmp-server enable traps snmp authentication



10.20 snmp-server trap udp-port

This command configures the udp port over which agent sends the trap. The no form of the command configures the snmp agent to sent trap on default udp port.

snmp-server trap udp-port <port>

no snmp-server trap udp-port

Syntax Description

port - Port number



Example iss(config)# snmp-server trap udp-port 1234

Related Commands show snmp notif - Displays the configured SNMP Notification types.



10.21 snmp-server trap proxy-udp-port

This command configures the udp port over which agent sends the trap. The no form of the command configures the snmp agent to sent trap on default udp port.

snmp-server trap proxy-udp-port <port>

no snmp-server trap proxy-udp-port

Syntax Description

port - Port number



Defaults 162

Example iss(config)# snmp-server trap proxy-udp-port 162

Related Commands

show snmp-server proxy-udp-port - Displays the proxy udp port.



10.22 snmp agent port

This command configures the agent port on which agent listens.

snmp agent port <port>

Syntax Description

port - Port number. This value ranges between 1 and 65535.



Defaults 161

Example iss(config)# snmp agent port 100

Related Commands

show snmp - Displays the status information of SNMP communications



10.23 snmp tcp enable

This command enables sending snmp messages over tcp. The no form of the command disables sending snmp messages over tcp.

snmp tcp enable

no snmp tcp enable



Defaults Disabled

Example iss(config)# snmp tcp enable

Related Commands

show snmp tcp - Displays the configuration for snmp over tcp.



10.24 snmp trap tcp enable

This command enables sending snmp trap messages over tcp. The no form of the command disables sending snmp trap messages over tcp.

snmp trap tcp enable

no snmp trap tcp enable



Defaults Disabled

Example iss(config)# snmp trap tcp enable

Related Commands




10.25 snmp-server tcp-port

This command configures the tcp port over which agent sends the snmp message. The no form of the command configures the snmp agent to sent snmp message on default tcp port.

snmp-server tcp-port <port>

no snmp-server tcp-port

Syntax Description

port - Port number



Defaults 161

Example iss(config)# snmp-server tcp-port 161

Related Commands




10.26 snmp-server trap tcp-port

This command configures the tcp port over which agent sends the trap. The no form of the command configures the snmp agent to sent trap on default tcp port.

snmp-server trap tcp-port <port>

no snmp-server trap tcp-port

Syntax Description

port - Port number



Defaults 162

Example iss(config)# snmp-server trap tcp-port 162

Related Commands




10.27 snmp-server enable traps

This command enables generation of a particular trap. The no form of the command disables generation of a particular trap.

snmp-server enable traps {[firewall-limit] [linkup] [linkdown] [sip-states] [sip-cfg-change] [coldstart] [poe-power] [dhcp-pool-limit] [dsx1-line]}

no snmp-server enable traps {[firewall-limit] [linkup] [linkdown] [sip-states] [sip-cfg-change] [coldstart] [poe-power] [dhcp-pool-limit] [dsx1-line]}

Syntax Description

firewall-limit

- Firewall attack summary trap

linkup - Linkup trap

linkdown - Linkdown trap

sip-states - SIP states trap

sip-cfg-change

- SIP configuration change trap

coldstart - Coldstart trap

poe-power - Power on Ethernet trap

dhcp-pool-limit

- DHCP Server pool limit trap

dsx1-line - DSX1 line trap



Example iss(config)# snmp-server enable traps firewall-limit

Related Commands

show snmp-server traps - Displays the set of traps that are currently enabled.



10.28 show snmp

This command displays the status information of SNMP communications.

show snmp



Example iss# show snmp

0 SNMP Packets Input

0 Bad SNMP Version errors

0 Unknown community name

0 Get request PDUs

0 Get Next PDUs

0 Set request PDUs

0 SNMP Packets Output

0 Too big errors

0 No such name errors

0 Bad value errors

0 General errors

0 Trap PDUs

0 SNMP Rollback failures

SNMP Manager-role output packets

0 Drops

SNMP Informs:

0 Inform Requests generated



0 Inform Responses received

0 Inform messages Dropped

0 Inform Requests awaiting Acknowledgement

SNMP Trap Listen Port is 162

snmp agent port : 170

Related Command snmp agent port - Configures the agent port on which agent listens

10.29 show snmp community

This command displays the configured SNMP community details.

show snmp community





Example iss# show snmp community Community Index: NETMAN

Community Name: NETMAN

Security Name: none

Context Name:

Transport Tag:

Storage Type: volatile

Row Status: active

------------------------------

Community Index: PUBLIC

Community Name: PUBLIC

Security Name: none

Context Name:

Transport Tag:


Row Status: active

Related Command snmp community index - Configures the SNMP community details

10.30 show snmp group

This command displays the configured SNMP groups.



show snmp group



Example iss# show snmp group Security Model: v1

Security Name: none

Group Name: iso


Row Status: active

------------------------------

Security Model: v2c

Security Name: none

Group Name: iso


Row Status: active

------------------------------

Security Model: v3

Security Name: initial

Group Name: initial

Storage Type: nonVolatile

Row Status: active

------------------------------

Security Model: v3

Security Name: templateMD5

Group Name: initial


Row Status: active

------------------------------

Security Model: v3

Security Name: templateSHA

Group Name: initial


Row Status: active



Related Commands

snmp group - Configures the SNMP group details

snmp user - Configures the SNMP user details

10.31 show snmp group access

This command displays the configured SNMP group access details.

show snmp group access



Example iss# show snmp group access Group Name: iso

Read View: iso

Write View: iso

Notify View: iso


Row Status: active

------------------------------

Group Name: iso

Read View: iso

Write View: iso

Notify View: iso


Row Status: active

------------------------------

Group Name: initial

Read View: restricted

Write View: restricted

Notify View: restricted




Row Status: active

------------------------------

Group Name: initial

Read View: iso

Write View: iso

Notify View: iso


Row Status: active

Related Commands

snmp access - Configures the SNMP group access details


10.32 show snmp engineID

This command displays the Engine Identifier.

show snmp engineID



Example iss# show snmp engineID EngineId: 80.00.08.1c.04.46.53

Related Command

snmp engineid - Configures the engine identifier



10.33 show snmp proxy

This command displays proxy details.

show snmp proxy





Example iss# show snmp proxy Proxy Name : PROXY1

Proxy ContextEngineID : 80.00.08.1c.04.46.54

Proxy ContextName :

Proxy TargetParamIn : param1

Proxy SingleTargetOut : Tgt1

Proxy MultipleTargetOut :

Proxy Type : Read

Storage Type : Non-volatile

Row Status : Active

----------------------------------------------------

Proxy Name : PROXY2

Proxy ContextEngineID : 80.00.08.1c.04.46.54

Proxy ContextName :

Proxy TargetParamIn : param1

Proxy SingleTargetOut : Tgt1

Proxy MultipleTargetOut :

Proxy Type : Write


Row Status : Active

----------------------------------------------------

Related Command

snmp proxy name - Configures the proxy.

10.34 show snmp mibproxy

This command displays proxy details.



show snmp mibproxy



Example iss# show snmp mibproxy Prop Proxy Name : proxy1

Prop MibID : 2

Prop Proxy TargetParamIn : param1

Prop Proxy SingleTargetOut : target1

Prop Proxy MultipleTargetOut :

Prop Proxy Type : Read

Prop Storage Type : Non-volatile

Prop Row Status : Active

----------------------------------------------------

Related Command

snmp mibproxy name - Configures the proxy.



10.35 show snmp viewtree

This command displays the configured SNMP Tree views.

show snmp viewtree



Example iss# show snmp viewtree View Name: iso

Subtree OID: 1

Subtree Mask:

View Type: included


Row Status: active

------------------------------

View Name: restricted

Subtree OID: 1

Subtree Mask:

View Type: included


Row Status: active

------------------------------

Related Command




10.36 show snmp targetaddr

This command displays the configured SNMP target Addresses.

show snmp targetaddr



Example iss# sh snmp targetaddr

Target Address Name : ht231

IP Address : 12.0.0.100

Port : 150

Tag List : tg231

Parameters : pa231


Row Status : Active

------------------------------

Related Commands snmp targetaddr - Configures the SNMP target address


snmp notify - Configures the SNMP notification details



10.37 show snmp targetparam

This command displays the configured SNMP Target Address Params.

show snmp targetparam



Example iss# sh snmp targetparam

Target Parameter Name : internet

Message Processing Model : v2c

Security Model : v2c

Security Name : none

Security Level : No Authenitcation, No Privacy


Row Status : Active

Filter Profile Name : None

Row Status : Active

------------------------------

Target Parameter Name : pa231

Message Processing Model : v3

Security Model : v3

Security Name : u231


Storage Type : Volatile



Row Status : Active

Filter Profile Name : filter1

Row Status : Active

------------------------------

Target Parameter Name : test1

Message Processing Model : v2c

Security Model : v1

Security Name : none



Row Status : Active

Filter Profile Name : None

Row Status : Active

------------------------------

Related Commands


snmp user - Configures the SNMP user details

10.38 show snmp user

This command displays the configured SNMP users.

show snmp user



Example iss# show snmp user Engine ID: 80.00.08.1c.04.46.53

User: initial

Authentication Protocol: none

Privacy Protocol: none




Row Status: active

------------------------------

Engine ID: 80.00.08.1c.04.46.53

User: templateMD5

Authentication Protocol: MD5

Privacy Protocol: none


Row Status: active

------------------------------

Engine ID: 80.00.08.1c.04.46.53

User: templateSHA

Authentication Protocol: SHA

Privacy Protocol: DES_CBC


Row Status: active

------------------------------

Related Commands snmp user - Configures the SNMP user details

show snmp community - Displays the configured SNMP community details

10.39 show snmp notif

This command displays the configured SNMP Notification types.

show snmp notif





Example iss# show snmp notif Notify Name: iss

Notify Tag: iss

Notify Type: trap


Row Status: active

------------------------------

Notify Name: iss1

Notify Tag: iss1

Notify Type: trap


Row Status: active

Related Commands

snmp notify - Configures the SNMP notification details




10.40 show snmp inform statistics

This command displays the inform message statistics.

show snmp inform statistics



Example iss# show snmp inform statistics Target Address Name : issmanager

IP Address : 10.0.0.10

Inform messages sent : 20

Acknowledgement awaited for : 2 Inform messages

Inform messages dropped : 0

Acknowledgement failed for : 0 Inform messages

Informs retransmitted: 0

Inform responses received: 18

SNMP Manager must have been configured and Inform type notifications must have been generated.



10.41 show snmp-server traps

This command displays the set of traps that are currently enabled.

show snmp-server traps



Example iss# show snmp-server traps Currently enabled traps:

------------------------

linkup,linkdown,

Related Command

snmp-server enable traps - Enables generation of a particular trap.



10.42 show snmp-server proxy-udp-port

This command displays the proxy udp port.

show snmp-server proxy-udp-port



Example iss# show snmp-server proxy-udp-port snmp-server proxy-udp-port : 162

Related Command

snmp-server trap proxy-udp-port - Configures the udp port over which agent sends the trap.



10.43 show snmp tcp

This command displays the configuration for snmp over tcp.

show snmp tcp



Example iss# show snmp tcp snmp over tcp disabled

snmp trap over tcp disabled

snmp listen tcp port 161

Snmp listen tcp trap port 162

Related Command

snmp tcp enable – Enables sending snmp messages over tcp.

snmp trap tcp enable - Enables sending snmp trap messages over tcp.

snmp-server tcp-port – Configures the tcp port over which agent sends the snmp message.

snmp-server trap tcp-port - Configures the tcp port over which agent sends the trap.



10.44 show snmp filter table

This command displays the configured SNMP filters.

show snmp filter table



Example iss# show snmp filter table

Filter Name : filter1

Subtree OID : 1.5

Subtree Mask : 1.1

Filter Type : Included


Row Status : Active

------------------------------

Related Command

snmp filterprofile - Creates Notify filter Table



Chapter

12 11.SNTP

The SNTP (Simple Network Time Protocol) module is used to synchronize the time and date in ISS by contacting the SNTP Server. It supports different time zones, where the user can set the required time zone.

The following are the list of SNTP commands:

sntp

set sntp client

set sntp client version

set sntp client addressing mode

set sntp client port

set sntp client clock-format

set sntp time zone

set sntp client clock-summer-time

set sntp client authentication-key

set sntp unicast-server auto-discovery

set sntp unicast-poll-interval

set sntp unicast-max-poll-timeout

set sntp unicast-max-poll-retry

set sntp unicast-server

set sntp broadcast-mode send-request

set sntp broadcast-poll-timeout

set sntp broadcast-delay-time

DATACOM SYSTEMS INC CHAPTER 11: SNTP


set sntp multicast-mode send-request

set sntp multicast-poll-timeout

set sntp multicast-delay-time

set sntp multicast-group-address

set sntp anycast-poll-interval

set sntp anycast-poll-timeout

set sntp anycast-poll-retry-count

set sntp anycast-server

set sntp client clock-format

show sntp status

show sntp unicast–mode status

show sntp broadcast–mode status

show sntp multicast–mode status

show sntp anycast–mode status

debug sntp



11.1 sntp

This command enters SNTP configuration mode.

sntp

Mode Profile configuration mode


Example iss(config)# sntp iss(config-sntp)#



11.2 set sntp client This command enables or disables SNTP client module.

set sntp client {enabled | disabled}

Syntax Description

enabled - Enables the SNTP client module

disabled - Disables the SNTP client module

Mode SNTP Configuration Mode


Defaults disabled

Example iss(config-sntp)# set sntp client enabled

SNTP client should be enabled

Related Command

show sntp status: Displays SNTP status



11.3 set sntp client version

This command sets the operating version of the SNTP for the client.

set sntp client version { v1 | v2 | v3 | v4 }

Syntax Description

v1

- SNTP Version 1

v2

- SNTP Version 2

v3 - SNTP Version 3

v4

- SNTP Version 4



Defaults v4

Example iss(config-sntp)# set sntp client version v3


Related Command




11.4 set sntp client addressing mode

This command sets the addressing mode of SNTP client as either unicast, multicast, broadcast, anycast.

set sntp client addressing-mode { unicast | broadcast | multicast | anycast }

Syntax Description

unicast

- Sets the addressing mode of SNTP client as unicast.

broadcast

- Sets the addressing mode of SNTP client as broadcast.

multicast Sets the addressing mode of SNTP client as multicast

anycast - Sets the addressing mode of SNTP client as anycast.



Defaults unicast

Example iss(config-sntp)# set sntp client addressing-mode unicast


Related Command show sntp anycast–mode status – Displays the SNTP anycast mode status

show sntp broadcast–mode status – Displays the SNTP broadcast mode status

show sntp multicast–mode status – Displays the SNTP multicast mode status


show sntp unicast–mode status - Displays the SNTP Unicast Mode status



11.5 set sntp client port

This command sets the listening port for SNTP client greater than 1024 as below 1024 are reserved. Therefore the configurable listening port for SNTP client starts at 1025.The no form of command deletes the listening port for SNTP client and sets the default value.

set sntp client port <portno(1025-65535)>

no sntp client port

Syntax Description

port no - Listening port for SNTP client



Defaults 123

Example iss (config-sntp)# set sntp client port 1026


Related commands




11.6 set sntp client clock-format

This command sets the system clock format as AM PM format or HOURS format.

set sntp client clock-format {ampm | hours}

Syntax Description

am-pm - Sets the system clock in am/ pm format

hours - Sets the system clock in 24 hours format



Default hours

Example iss (config-sntp)# set sntp client clock-format ampm

SNTP clock format configuration in the Switch: Date – Hours, Minutes, Seconds, Date Month and Year

Month – Jan, Feb, Mar…..

Year - yyyy

Related Command

show sntp clock - Displays the current time.



11.7 set sntp time zone

This command sets the system time zone with respect to UTC. The no form of command resets the system time zone to GMT.

set sntp client time-zone <+/- UTC TimeDiff in Hrs:UTC TimeDiff in Min> Eg: +05:30

no sntp client time-zone

Syntax Description

+/- - After or before UTC

UTCTimeDiff in Hrs

- UTC Time difference in hours

UTC TimeDiffin Min

- UTC Time difference in minutes



Example iss(config-sntp)# set sntp client time-zone +05:30

SNTP server must be enabled prior to the execution of this command.

Related Command




11.8 set sntp client clock-summer-time

This command enables the Daylight Saving Time. The no form of the command disables the Daylight Saving Time.

set sntp client clock-summer-time <week-day-month,hh:mm> <week-day-month,hh:mm> Eg: set sntp client clock-summer-time First-Sun-Mar,05:10 Second-Sun-Nov,06:1

0

no sntp client clock summer-time

Syntax Description

week-day-month

- Week – First, Second, Third, Fourth or Last week of month. Day –Sunday, Monday, Tuesday, Wednesday, Thursday, Friday or Saturday. Month: January, February, March, April, May, June, July, August, September, October, November or December.

hh:mm - Time in hours and minutes



Example iss(config-sntp)# set sntp client clock-summer-time First-Sun-Jan,12:12 Second-Sun-Mar,12:12

Related Commands: show sntp status: Displays SNTP status



11.9 set sntp client authentication-key

This command sets the authentication parameters. The no form of the command disables authentication.

set sntp client authentication-key <key-id> md5 <key>

no sntp client authentication

Syntax Description

key-id - Key Identifier (integer value). Range is 1 – 65535.

md5 - Message Digest Algorithm

key - Key value (string value)



Example

iss(config-sntp)# set sntp client authentication-key 123 md5 DatacomSystems SNTP client should be enabled

Related Command




11.10 set sntp unicast-server auto-discovery

This command configures SNTP client status of auto-discovery of server.

set sntp unicast-server auto-discovery {enabled | disabled}

Syntax Description

enabled - Enables the auto discovery of server

disabled - Disables the auto discovery of server



Defaults disabled

Example iss(config-sntp)# set sntp unicast-server auto-discovery enabled

SNTP client addressing mode should be unicast

Related Command




11.11 set sntp unicast-poll-interval

This command configures SNTP client poll interval.

set sntp unicast-poll-interval <value (16-16284) seconds>

Syntax Description

value - Poll interval value in seconds.



Default 64

Example iss(config-sntp)# set sntp unicast-poll-interval 50


Related Command show sntp unicast–mode status - Displays the SNTP Unicast Mode status



11.12 set sntp unicast-max-poll-timeout This command configures SNTP client maximum poll interval timeout.

set sntp unicast-max-poll-timeout <value (1-30) seconds>

Syntax Description

value - Maximum poll interval time out value in seconds.



Default 5

Example iss(config-sntp)# set sntp unicast-max-poll-timeout 25


Related Command




11.13 set sntp unicast-max-poll-retry This command configures SNTP client maximum retry poll count.

set sntp unicast-max-poll-retry <value (1-10) times>

Syntax Description

value - Maximum retry poll count value



Default 3

Example iss(config-sntp)# set sntp unicast-max-poll-retry 10


Related Command




11.14 set sntp unicast-server This command configures SNTP unicast server attributes. The no form of command deletes the sntp unicast server attributes and sets to default.

set sntp unicast-server {ipv4 <ucast_addr> | ipv6 <ip6_addr>} [{primary | Secondary}] [{version3 | version 4}] [<portid(1025-36564)>]

no sntp unicast-server {ipv4 <ucast_addr> | ipv6 <ip6_addr>}

Syntax Description

ipv4, ipv6 - Version 4 and Version 6 IP address

Primary/ secondary

- Primary/ Secondary NTP servers

Port-id - Port identifier



Example iss(config-sntp)# set sntp unicast-server ipv4 12.0.0.100 Primary 3 1234


Related Command




11.15 set sntp broadcast-mode send-request

This command sets the status of sending the request for knowing the delay.

set sntp broadcast-mode send-request {enabled | disabled}

Syntax Description

enabled - When enabled the SNTP request packet is sent to broadcast server to calculate the actual delay.

disabled - When disabled no SNTP request packet is sent out to broadcast server instead default value for the delay is taken.



Defaults disabled

Example iss(config-sntp)# set sntp broadcast-mode send-request enabled

SNTP client addressing mode should be broadcast

Related Command




11.16 set sntp broadcast-poll-timeout This command configures SNTP client poll interval in broadcast mode.

set sntp broadcast-poll-timeout [<value (1-30) seconds>]

Syntax Description

value - Poll interval time out value in seconds for broadcast mode



Default 5

Example iss(config-sntp)# set sntp broadcast-poll-timeout 30


Related Command




11.17 set sntp broadcast-delay-time This command configures SNTP delay time in broadcast mode.

set sntp broadcast-delay-time [<value (1000-15000) microseconds>]

Syntax Description

value - Delay time value in micro seconds in broadcast mode



Default 8000

Example iss(config-sntp)# set sntp broadcast-delay-time 2000


Related Command




11.18 set sntp multicast-mode send-request

This command sets the status of sending the request for knowing the delay.

set sntp multicast-mode send-request {enabled | disabled}

Syntax Description

enabled - When enabled the SNTP request packet is sent to broadcast server to calculate the actual delay.

disabled - When disabled no SNTP request packet is sent out to broadcast server instead default value for the delay is taken.



Defaults disabled

Example iss(config-sntp)# set sntp multicast-mode send-request enabled

SNTP client addressing mode should be multicast

Related Command




11.19 set sntp multicast-poll-timeout This command configures SNTP client poll interval in multicast mode.

set sntp multicast-poll-timeout [<value (1-30) seconds>]

Syntax Description

value - Poll interval time out value in seconds in multicast mode



Default 5

Example

iss(config-sntp# set sntp multicast-poll-timeout 10


Related Command




11.20 set sntp multicast-delay-time This command configures SNTP delay time in multicast mode.

set sntp multicast-delay-time [<value (1000-15000) microseconds>]

Syntax Description

value - Delay time value in micros seconds in multicast mode



Default 8000

Example iss(config-sntp)# set sntp multicast-delay-time 2000


Related Command




11.21 set sntp multicast-group-address This command configures SNTP multicast group address.

set sntp multicast-group-address {ipv4 {<mcast_addr> | default} | ipv6 {<ipv6_addr> | default}}

Syntax Description

ipv4, ipv6 - Version4, Version 6 multicast group address



Example iss(config-sntp)# set sntp multicast-group-address ipv4 224.1.1.10.


Related Command




11.22 set sntp anycast-poll-interval

This command configures SNTP client poll interval in anycast mode.

set sntp anycast-poll-interval [<value (16-16284) seconds>]

Syntax Description

value - Poll interval value in seconds in anycast mode.



Default 64

Example iss(config-sntp)# set sntp anycast-poll-interval 20

SNTP client addressing mode should be anycast

Related Command

show sntp anycast–mode status – Displays the SNTP anycast mode status



11.23 set sntp anycast-poll-timeout This command configures SNTP client poll timeout in anycast mode.

set sntp anycast-poll-timeout [<value (1-30) seconds>]

Syntax Description

value - Poll interval time out value in seconds in anycast mode



Default 5

Example iss(config-sntp)# set sntp anycast-poll-timeout 10


Related Command




11.24 set sntp anycast-poll-retry-count This command configures SNTP poll retries in anycast mode.

set sntp anycast-poll-retry-count [<value (1-10)>]

Syntax Description

value - Maximum retry poll count value in anycast mode



Default 3

Example iss(config-sntp)# set sntp anycast-poll-retry-count 5


Related Command




11.25 set sntp anycast-server This command configures SNTP multicast or broadcast server address in anycast mode.

set sntp anycast-server { broadcast | multicast {ipv4 [<ipv4_addr>] |ipv6 [<ip6_addr>]} }

Syntax Description

broadcast - Configures SNTP broadcast server address in anycast mode

multicast - Configures SNTP multicast server address in anycast mode.

ipv4,ipv6 - Version 4, Version 6

ipv4 addr, ip6addr

- Version 4/ Version 6 any cast address



Example iss(config-sntp)# set sntp anycast-server ipv4 12.0.0.100


Related Command




11.26 show sntp clock

This command displays the current time.

show sntp clock

Mode User EXEC Mode


Example iss# show sntp clock current time : Sat Jan 01 2000 00:07:04 (UTC + 0: 0 )

Related Command

Error! Reference source not found.: Displays the system date and time.



11.27 show sntp status

This command displays SNTP status.

show sntp status

Mode User EXEC Mode


Example iss# show sntp status

sntp client is enabled

current sntp client version is v4

current sntp client addressing mode is unicast

sntp client port is 123

sntp client clock format is 24 hours

sntp client authenticatin key id is 5

sntp client authentication algorithm is md5

sntp client auth Key is DatacomSystems

sntp client time zone is + 05:30

sntp client dst start time is not set

sntp client dst end time is not set

Related Command

show sntp unicast–mode status – Displays the SNTP Unicast Mode status




show sntp multicast–mode status - Displays the SNTP multicast mode status

show sntp anycast–mode status - Displays the SNTP anycast mode status

11.28 show sntp unicast–mode status

This command displays the SNTP Unicast Mode status.

show sntp unicast-mode status

Mode User EXEC Mode


Example iss# show sntp unicast-mode status auto discovery of sntp/ntp servers is disabled

unicast poll interval value is 50

unicast max poll time out value is 25

unicast max retry time value is 10

unicast primary server address is 12.0.0.100

unicast primary server version is 3

unicast primary server port is 1234

Related Command



set sntp unicast-server auto-discovery - Configures SNTP client status of auto-discovery of server

set sntp unicast-poll-interval - Configures SNTP client poll interval

set sntp unicast-max-poll-timeout - Configures SNTP client maximum poll interval timeout

set sntp unicast-max-poll-retry - Configures SNTP client maximum retry poll count

11.29 show sntp broadcast–mode status

This command displays the SNTP broadcast mode status.

show sntp broadcast-mode status

Mode User EXEC Mode


Example iss# show sntp broadcast-mode status

send sntp request to server in broadcast mode is disabled

broadcast poll time out value is 5

broadcast delay time value is 8000

broadcast sntp server is 12.0.0.100

Related Command



set sntp broadcast-mode send-request - Sets the status of sending the request for knowing

the delay

set sntp broadcast-poll-timeout - Configures SNTP client poll interval in broadcast mode

set sntp broadcast-delay-time - Configures SNTP delay time in broadcast mode

11.30 show sntp multicast–mode status

This command displays the SNTP multicast mode status.

show sntp multicast-mode status

Mode User EXEC Mode




Example iss# show sntp multicast-mode status

send sntp request to server in multicast mode is disabled

multicast poll time out value is 5

multicast delay time value is 8000

multicast group address is 12.0.0.100

Related Command

set sntp multicast-mode send-request - Sets the status of sending the request for knowing the delay

set sntp multicast-poll-timeout - Configures SNTP client poll interval in multicast mode

set sntp multicast-delay-time - Configures SNTP delay time in multicast mode

set sntp multicast-group-address - Configures SNTP multicast server address

11.31 show sntp anycast–mode status

This command displays the SNTP anycast mode status.

show sntp anycast-mode status



Mode User EXEC Mode


Example iss# show sntp anycast-mode status

anycast poll interval value is 64

anycast max poll time out value is 5

anycast max retry time value is 3

anycast server type is broadcast

primary server address is 12.0.0.100

Related Command

set sntp anycast-poll-interval - Configures SNTP client poll interval in anycast mode

set sntp anycast-poll-timeout - Configures SNTP client poll timeout in anycast mode

set sntp anycast-poll-retry-count - Configures SNTP poll retries in anycast mode

11.32 debug sntp



This command enables SNTP trace. The no form of the command disables the SNTP trace.

debug sntp {all | [init-shut] [mgmt] [data-path] [control] [pkt-dump] [resource] [all-fail] [buff]}

no debug sntp {all | [init-shut] [mgmt] [data-path] [control] [pkt-dump] [resource] [all-fail] [buff]}

Syntax Description

init/shut

- Initialization/ Shutdown messages

mgmt - Management Messages

data-path - Data Path Messages

control - Control Messages

pkt-dump - Packet Dump Messages

resource - Resource Messages

all-fail

- All failure Messages

buff - Buffer Message

Mode User EXEC Mode


Defaults Debugging is Disabled

Example debug sntp all

DATACOM SYSTEMS INC CHAPTER 12: RMON


Chapter

13 12.RMON

RMON (Remote Monitoring) is a standard monitoring specification5 that enables various network monitors and console systems to exchange network-monitoring data.

The RMON specification defines a set of statistics and functions that can be exchanged between RMON-compliant console managers and network probes. As such, RMON provides network administrators with comprehensive network-fault diagnosis, planning, and performance-tuning information.

The list of CLI commands for the configuration of RMON is as follows:

set rmon

rmon collection history

rmon collection stats

rmon event

rmon alarm

show rmon



12.1 set rmon

This command is used to enable or disable the RMON feature.

set rmon {enable | disable}

Syntax Description

enable - Enables the RMON feature in the system

disable - Disables the RMON feature in the system



Defaults The RMON Module is disabled by default

Example iss(config)# set rmon enable

All the other RMON Module commands can be executed only when the RMON Module is enabled. Fatal error messages are displayed when commands are executed without enabling the RMON feature.

Related Command

show rmon - Successful execution of this command without any messages indicates that RMON feature is enabled in the system



12.2 rmon collection history

This command enables history collection of interface statistics in the buckets for the specified time interval. The no form of the command disables the history collection on the interface.

rmon collection history <index (1-65535)> [buckets <bucket-number (1-65535)>] [interval <seconds (1-3600)>] [owner <ownername (127)>]

no rmon collection history <index (1-65535)>

Syntax Description

index

- History table index

buckets

- The maximum number of buckets desired for the RMON collection history group of statistics

interval

- The number of seconds in each polling cycle

owner

- Optional field - allows the user to enter the name of the owner of the RMON group of statistics



Defaults bucket number

- 50

interval

- 1800 seconds

owner

- monitor

Example iss(config-if)# rmon collection history 1 buckets 2 interval 20

The RMON feature must be enabled for the successful execution of this command.

The polling cycle is the bucket interval where the interface statistics details are stored.

Related Command

show rmon - Displays the history collection for the configured bucket (show rmon history [history-index (1-65535)>])



12.3 rmon collection stats

This command enables RMON statistic collection on the interface. The no form of the command disables RMON statistic collection on the interface.

rmon collection stats <index (1-65535)> [owner <ownername (127)>]

no rmon collection stats <index (1-65535)>

Syntax Description

index

- Statistics table index

owner

- Optional field - allows the user to enter the name of the owner of the RMON group of statistics with a string length of 127



Defaults owner

- monitor

Example iss(config-if)# rmon collection stats 1


Related Command

show rmon - Displays the RMON collection statistics (show rmon statistics [<stats-index (1-65535)>])



12.4 rmon event

This command adds an event to the RMON event table. The added event is associated with an RMON event number. The no form of the command deletes an event from the RMON event table.

rmon event <number (1-65535)> [description <event-description (127)>] [log] [owner <ownername (127)>] [trap <community (127)>]

no rmon event <number (1-65535)>

Syntax Description

number - Event number

description - Description of the event

log - Used to generate a log entry

owner - Owner of the event

trap - Used to generate a trap. The SNMP community string is to be passed for the specified trap.


Package

Example


iss(config)# rmon event 1 log owner DatacomSystems trap

NETMAN


Related Commands

rmon alarm - Sets an alarm on a MIB object

show rmon events - Displays the RMON events

show rmon alarms - Displays the RMON alarms

show snmp community - Configures the SNMP community details



12.5 rmon alarm

This command sets an alarm on a MIB object. The Alarm group periodically takes statistical samples from variables in the probe and compares them to thresholds that have been configured. The no form of the command deletes the alarm configured on the MIB object.

rmon alarm <alarm-number> <mib-object-id (255)> <sample-interval-time (1-65535)> {absolute | delta} rising-threshold <value (0-2147483647)> [rising-event-number (1-65535)] falling-threshold <value (0-2147483647)> [falling-event-number (1-65535)] [owner <ownername (127)>]

no rmon alarm <number (1-65535)>

Syntax Description

alarm-number

- Alarm Number. This value ranges between 1 and 65535.

mib-object-id

- The mib object identifier

sample-interval-time

- Time in seconds during which the alarm monitors the MIB variable. This value ranges between 1 and 65535 seconds.

absolute - Used to test each mib variable directly

delta Used to test the change between samples of a variable

rising-threshold

- A number at which the alarm is triggered. This value ranges between 0 and 2147483647.

falling-threshold value

- A number at which the alarm is reset. This value ranges between 0 and 2147483647.

rising-event-number

- The event number to trigger when the rising threshold exceeds its limit. This value ranges between 1 and 65535.

This feature is optional only in the code using the industrial standard command, otherwise this feature is mandatory.

falling-event-number

- The event number to trigger when the falling threshold exceeds its limit. This value ranges between 1 and 65535.

This feature is optional only in the code using the industrial standard command, otherwise this feature is mandatory.

owner - Owner of the alarm





Defaults By default, the least event number in the event table is assigned for the rising and falling threshold as its event number.

Example iss(config)# rmon alarm 4 1.3.6.1.6.3.16.1.2.1.4.1.4.110.111.110.101 2 absolute rising-threshold 2 2 falling-threshold 1 2 owner DatacomSystems

The RMON Feature must be enabled for the successful execution of this command

RMON events must have been configured

In DatacomSystems ISS, we cannot monitor all the mib objects through RMON. This will be applicable only to the Ethernet interfaces

Falling threshold should be less than rising threshold.

Related Commands

rmon collection stats - Enables RMON statistic collection on the interface

rmon event - Adds an event to the RMON event table

show rmon alarms - Displays the RMON alarms

show rmon events - Displays the RMON events



12.6 show rmon

This command displays the RMON statistics, alarms, events, and history configured on the interface.

show rmon [statistics [<stats-index (1-65535)>]] [alarms] [events] [history [history-index (1-65535)] [overview]]

Syntax Description

statistics

- The configured stats index value

alarms

- The configured alarm

events - The configured event

history

- The configured history index

overview - Displays only the overview of rmon history entries



Example iss# show rmon statistics 2 RMON is enabled

Collection 2 on Gi0/2 is active, and owned by fsoft,

Monitors ifEntry.1.2 which has

Received 1240 octets, 10 packets,

2 broadcast and 10 multicast packets,

0 undersized and 1 oversized packets,

0 fragments and 0 jabbers,

0 CRC alignment errors and 0 collisions.

# of packets received of length (in octets):



64: 0, 65-127: 10, 128-255: 0,

256-511: 0, 512-1023: 0, 1024-1518: 0

iss# show rmon

RMON is enabled

iss# show rmon history

RMON is enabled

Entry 1 is active, and owned by fsoft

Monitors ifEntry.1.1 every 3000 second(s)

Requested # of time intervals, ie buckets, is 3,

Granted # of time intervals, ie buckets, is 3,

Sample 1 began measuring at 0





0 CRC alignment errors and 0 collisions,

# of dropped packet events is 0

Network utilization is estimated at 0

Sample 2 began measuring at 0





0 CRC alignment errors and 0 collisions,

# of dropped packet events is 0

Network utilization is estimated at 0

iss# show rmon events

RMON is enabled

Event 1 is active, owned by



Description is

Event firing causes nothing,

Time last sent is Aug 27 18:30:01 2009


Description is



iss# show rmon alarms

RMON is enabled

Alarm 4 is active, owned by DatacomSystems

Monitors 1.3.6.1.6.3.16.1.2.1.4.1.4.110.111.110.101 every 2 second(s)

Taking absolute samples, last value was 3

Rising threshold is 2, assigned to event 2

Falling threshold is 1, assigned to event 2

On startup enable rising or falling alarm

iss# show rmon statistics 2 alarms events history 1

RMON is enabled

Collection 2 on Ex0/1 is active, and owned by monitor,

Monitors ifEntry.1.1 which has





53 CRC alignment errors and 0 collisions.

# of packets received of length (in octets):

64: 0, 65-127: 53, 128-255: 0,

256-511: 0, 512-1023: 0, 1024-1518: 0

Alarm 4 is active, owned by DatacomSystems

Monitors 1.3.6.1.6.3.16.1.2.1.4.1.4.110.111.110.101 every 2 second(s)



Taking absolute samples, last value was 3

Rising threshold is 2, assigned to event 2

Falling threshold is 1, assigned to event 2

On startup enable rising or falling alarm


Description is




Description is



iss# show rmon history overview

RMON is enabled

Entry 1 is active, and owned by fsoft

Monitors ifEntry.1.1 every 3000 second(s)

Requested # of time intervals, ie buckets, is 3,

Granted # of time intervals, ie buckets, is 3

If the show rmon command is executed with out enabling the RMON feature, then the following output is displayed

iss# show rmon

RMON feature is disabled

Related Commands

set rmon - Enables or disables the RMON feature

rmon collection history - Enables history collection of interface statistics in the buckets for thespecified time interval

rmon collection stats - Enables RMON statistic collection on the interface

rmon event - Adds an event to the RMON event table

rmon alarm - Sets an alarm on a MIB object

Date post:	03-Feb-2016
Category:	Documents
Upload:	chandru-blueeyes
View:	245 times
Download:	2 times

Vs 2024 Command Line Reference

Documents