SFTOS CLI v2.1.4

SFTOS Command Reference
Guide
Version 2.1.4
May 2005
100-00029-02
Copyright 2005 Force10 Networks

All rights reserved. Printed in the USA. January 2005.
Force10 Networks reserves the right to change, modify, revise this publication without notice.
Trademarks
Copyright 2005 by Force10 Networks, Inc. All rights reserved. Force10, the Force10 logo, E1200, E600, E300, EtherScale, TeraScale and
FTOS are trademarks of Force10 Networks, Inc. All other brand and product names are registered trademarks or trademarks of their
respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, Force10 Networks reserves the right to make changes to
products described in this document without notice.
Force10 Networks does not assume any liability that may occur due to the use or application of the product(s) described herein.
USA
Federal Communications Commission (FCC) Statement
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These
limits are designated to provide reasonable protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio frequency energy. If it is not installed and used in accordance to the
instructions, it may cause harmful interference to radio communications.
Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to take whatever
measures necessary to correct the interference at their own expense.
Canadian Department of Communication Statement

The digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference
Regulations of the Canadian Department of Communications.
Attention: Le present appareil numerique n emet pas de perturbations radioelectriques depassant les normes applicables aux appareils
numeriques de la Class A prescrites dans le Reglement sur les interferences radioelectriques etabli par le ministere des Communications du
Canada.
VCCI Compliance for Class A Equipment (Japan)
This is Class A product based on the standard of the Voluntary Control Council For Interference by Information Technology Equipment
(VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be
required to take corrective actions.
Caution: This device is a Class A product. In a domestic environment, this device can cause radio
interference, in which case, the user may be required to take appropriate measures.
Contents
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 1
About This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Why the Document was Created . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
How to Use This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Annotations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Special Characters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Products and Services Liability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Contact and Patents Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Chapter 4
SFTOS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Chapter 5
Supported Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Chapter 6
Quick Start-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Quick Starting the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
System Info and System Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Physical Port Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
User Account Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Uploading from Switch to Out-of-Band PC (Only XMODEM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Downloading from Out-of-Band PC to Switch (Only XMODEM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Downloading from TFTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Factory Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
SFTOS Command Line Interface Reference, Version 2.1.4
Chapter 7
Stacking Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Dedicated-port Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
show switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
show switch [unit] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
show supported switchtype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
show supported switchtype [switchindex] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
switch priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
switch renumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
movemanagement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
archive copy-sw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
archive download-sw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Slot and Card Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
slot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
set slot disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
set slot power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
show slot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
show slot <unit/slot/port> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
show supported cardtype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
show supported cardtype [cardindex] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Reset and Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Front Panel Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
stack-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
qos-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
show stack-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
show stack-port counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
show stack-port diag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Chapter 8
Using the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Configuring for Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Web Page Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Starting the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Command Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Chapter 9
Mode-based Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Mode-based Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Mode-based Command Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
No Form of a Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Contents
Support for No Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Chapter 10
Switching Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
System Information and Statistics Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
show arp switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
show eventlog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
show hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
show interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
show interface ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
show mac-addr-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
show msglog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
show running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
show sysinfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
snmp-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Chapter 11
System Management Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
transport input telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
transport output telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
session-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
session-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
bridge aging-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
network mac-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
network mac-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
network parms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
network protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
telnetcon maxsessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
telnetcon timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
remotecon maxsessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
remotecon timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
serial baudrate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
serial timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
set prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
show telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
show forwardingdb agetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
show network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
show telnetcon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
show serial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
SNMP Community Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
show snmpcommunity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
show snmptrap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
show trapflags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
no snmp-server community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
snmp-server community ipaddr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
snmp-server community mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
snmp-server community ro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
snmp-server community rw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
snmp-server enable traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
snmp-server enable traps bcaststorm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
snmp-server enable traps multiusers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
snmp-server enable traps stpmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
snmptrap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
snmptrap ipaddr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
snmptrap mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
snmp trap link-status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
snmp trap link-status all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Management VLAN Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
network mgmt_vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Chapter 12
System Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
addport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
auto-negotiate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
auto-negotiate all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
deleteport (interface config) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
deleteport (global config) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
monitor session mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
monitor session 1 source interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
no monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
no monitor session 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
show monitor session 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
shutdown all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
storm-control broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
storm-control flowcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
show mac-address-table multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
show mac-address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
show monitor session 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
show port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Contents
show port protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

show storm-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
snmp-server enable traps linkmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
snmp-server community ipmask . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Virtual LAN (VLAN) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
vlan acceptframe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
vlan ingressfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
vlan makestatic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
vlan name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
vlan participation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
vlan participation all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
vlan port acceptframe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116
vlan port ingressfilter all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116
vlan port pvid all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
vlan port tagging all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
vlan protocol group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117
vlan protocol group add protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
vlan protocol group remove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
protocol group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118
protocol vlan group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
protocol vlan group all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
vlan pvid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
vlan tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
show vlan brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
show vlan port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
System Utility Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
clear config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
clear counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
clear igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
clear pass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
enable passwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
clear port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
clear traplog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
clear vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Pre-login Banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
copy (clibanner) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
CLI Command Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

logging cli-command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Configuration Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
configscript apply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
configscript delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
configscript list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
configscript show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
configscript validate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Chapter 13
System Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
logging buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
logging buffered wrap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
logging console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
logging persistent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
logging host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
logging host remove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
logging port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
logging syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
show logging persistent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
show logging buffered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
show logging hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Chapter 14
User Account Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
show loginsession . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
users name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
users passwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
users snmpv3 accessmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
users snmpv3 authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
users snmpv3 encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Chapter 15
SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
sntp broadcast client poll-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
sntp client mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
sntp client port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
sntp unicast client poll-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
sntp unicast client poll-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
sntp unicast client poll-retry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Contents
sntp multicast client poll-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
show sntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
show sntp client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
show sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Chapter 16
DHCP Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
client-identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
client-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
default-router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
dns-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
hardware-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
ip dhcp excluded-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
ip dhcp ping packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
ip dhcp pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
lease . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
service dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
bootfile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
ip dhcp bootp automatic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
ip dhcp conflict logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
netbios-name-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
netbios-node-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
next-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
show ip dhcp binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
show ip dhcp global configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
show ip dhcp pool configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
show ip dhcp server statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
show ip dhcp conflict . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
clear ip dhcp binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
clear ip dhcp server statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
clear ip dhcp conflict . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Chapter 17
Double VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
dvlan-tunnel etherType . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
mode dot1q-tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
mode dvlan-tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
show dot1q-tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
show dot1q-tunnel interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

show dvlan-tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
show dvlan-tunnel interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Chapter 18
Provisioning (IEEE 802.1p) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
classofservice dot1pmapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
show classofservice dot1pmapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
vlan port priority all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
vlan priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Chapter 19
GARP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
set garp timer join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
set garp timer join all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
set garp timer leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
set garp timer leave all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
set garp timer leaveall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
set garp timer leaveall all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
show garp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
GARP VLAN Registration Protocol (GVRP) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
set gvrp adminmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
set gvrp interfacemode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
set gvrp interfacemode all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
show gvrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
GARP Multicast Registration Protocol (GMRP) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
set gmrp adminmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
set gmrp interfacemode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
set gmrp interfacemode all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
show gmrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
show mac-address-table gmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Chapter 20
IGMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
set igmp (system) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
set igmp (interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
set igmp groupmembershipinterval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
set igmp interfacemode all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
set igmp maxresponse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
set igmp mcrtrexpiretime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
show mac-address-table igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
set igmp groupmembershipinterval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
10
Contents
set igmp groupmembershipinterval all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

set igmp maxresponse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
set igmp maxresponse all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
set igmp mcrtexpiretime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
set igmp mcrtexpiretime all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
set igmp fast-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
set igmp mrouter interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
set igmp mrouter <vlan-id> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
show igmpsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
show igmpsnooping fast-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
show igmpsnooping mrouter interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Chapter 21
Link Aggregation (LAG)/Port-Channel (802.1AD) Commands. . . . . . . . . . . . . . . . . . . . . . 187
port-channel staticcapability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
port lacpmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
port lacpmode all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
port-channel adminmode all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
port-channel linktrap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
port-channel name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
show port-channel brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
show port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
show port-channel summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Chapter 22
Spanning Tree (STP) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
spanning-tree configuration name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
spanning-tree configuration revision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
spanning-tree edgeport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
spanning-tree forceversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
spanning-tree forward-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
spanning-tree hello-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
spanning-tree max-age . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
spanning-tree mst . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
no spanning-tree mst . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
spanning-tree mst instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
spanning-tree mst priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
spanning-tree mst vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
spanning-tree port mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
spanning-tree port mode all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
11
spanning-tree bpdumigrationcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
show spanning-tree interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
show spanning-tree mst detailed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
show spanning-tree mst port detailed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
show spanning-tree mst port summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
show spanning-tree mst summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
show spanning-tree summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
show spanning-tree vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
spanning-tree max-hops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Chapter 23
Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
port-security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
port-security max-dynamic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
port-security max-static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
port-security mac-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
port-security mac-address move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
snmp-server enable traps violation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
show port-security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
show port-security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
show port-security dynamic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
show port-security static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
show port-security violation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211
Port Based Network Access Control (IEEE 802.1X) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .211
authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211
clear dot1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
clear radius statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
dot1x defaultlogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
dot1x initialize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
dot1x login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
dot1x port-control All . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
dot1x re-authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
dot1x re-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
dot1x system-auth-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
dot1x timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
dot1x user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
show accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
show authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
show authentication users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
12
Contents
show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

show dot1x users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
show users authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
users defaultlogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
users login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Remote Authentication Dial In User Service (RADIUS) Commands . . . . . . . . . . . . . . . . . . . . . . . . 222
radius accounting mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
radius server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
radius server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
radius server msgauth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
radius server primary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
radius server retransmit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
radius server timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
show radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
show radius statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Secure Shell (SSH) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
ip ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
show ip ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
ip ssh protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
sshcon maxsessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
sshcon timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Hypertext Transfer Protocol (HTTP) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
ip http secure-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
ip http secure-protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
ip http secure-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
show ip http . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Chapter 24
Quality of Service (QoS) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Access Control List (ACL) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
mac access-list extended . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
mac access-list extended rename . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
{deny|permit} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
mac access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
show mac access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
show mac access-lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
ip access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
ip access-group all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
show ip access-lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
13
Chapter 25
Differentiated Services (DiffServ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
diffserv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Class Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
class-map rename . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
match ethertype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
match any . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
match class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
match cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
match destination-address mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
match dstip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
match dstl4port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
match ip dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
match ip precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
match ip tos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
match protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
match source-address mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
match srcip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
match srcl4port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
match vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Policy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
assign-queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
drop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
conform-color . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
mark cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
mark ip-dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
mark ip-precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
police-simple . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
policy-map rename . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Service Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
service-policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
show class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
show diffserv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
show policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
show diffserv service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
14
Contents
show diffserv service brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

show policy-map interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
show service-policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Chapter 26
Class of Service (CoS) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
classofservice dot1p-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
classofservice ip-dscp-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
classofservice ip-precedence-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
classofservice trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
cos-queue min-bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
cos-queue strict . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
random-detect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
random-detect exponential-weighting-constant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
random-detect queue-parms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
tail-drop queue-parms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
traffic-shape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
show classofservice dot1p-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
show classofservice ip-precedence-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
show classofservice trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
show interfaces cos-queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
show interfaces random-detect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
show interfaces tail-drop-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Chapter 27
Routing Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Address Resolution Protocol (ARP) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
arp cachesize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
ip proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
arp dynamicrenew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
arp purge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
arp resptime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
arp retries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
arp timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
clear arp-cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
show arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
show arp brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
ip routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
15
ip route default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

ip route distance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
ip forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
ip netdirbcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
ip mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
show ip brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
show ip interface brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
show ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
show ip route bestroutes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
show ip route entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
show ip route preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
show ip stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Bootp/DHCP Relay Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
bootpdhcprelay cidoptmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
bootpdhcprelay enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
bootpdhcprelay maxhopcount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
bootpdhcprelay minwaittime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
bootpdhcprelay serverip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
show bootpdhcprelay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Router Discovery Protocol Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
ip irdp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
ip irdp address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
ip irdp holdtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
ip irdp maxadvertinterval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
ip irdp minadvertinterval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
ip irdp preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
show ip irdp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Virtual LAN Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
vlan routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
show ip vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Virtual Router Redundancy Protocol (VRRP) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
ip vrrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
ip vrrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
ip vrrp mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
ip vrrp ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
ip vrrp authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
ip vrrp preempt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
ip vrrp priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
ip vrrp timers advertise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
show ip vrrp interface stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
show ip vrrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
16
Contents
show ip vrrp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

show ip vrrp interface brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Chapter 28
OSPF Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
enable (OSPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
ip ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
1583compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
area authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
area default-cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
area nssa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
area nssa default-info-originate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
area nssa no-redistribute (OSPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
area nssa no-summary (OSPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
area nssa translator-role (OSPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
area nssa translator-stab-intv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
area range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
area stub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
area stub summarylsa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
area virtual-link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
area virtual-link authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
area virtual-link dead-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
area virtual-link hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
area virtual-link retransmit-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
area virtual-link transmit-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
default-information originate (OSPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
default-metric (OSPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
distance ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
distribute-list out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
exit-overflow-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
external-lsdb-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
ip ospf areaid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
ip ospf authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
ip ospf cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
ip ospf dead-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
ip ospf hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
ip ospf priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311
ip ospf retransmit-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311
ip ospf transmit-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
ip ospf mtu-ignore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
router-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
redistribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
maximum-paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
17
show ip ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

show ip ospf area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
show ip ospf database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
show ip ospf interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
show ip ospf interface brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
show ip ospf interface stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
show ip ospf neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
show ip ospf neighbor brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
show ip ospf range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
show ip ospf stub table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
show ip ospf virtual-link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
show ip ospf virtual-link brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
trapflags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Routing Information Protocol (RIP) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
enable (RIP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
ip rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
auto-summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
default-information originate (RIP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
default-metric (RIP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
distance rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
distribute-list out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
no default-information originate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
ip rip authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
ip rip receive version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
ip rip send version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
hostroutesaccept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
split-horizon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
redistribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
show ip rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
show ip rip interface brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
show ip rip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Chapter 29
IP Multicast Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
ip mcast boundary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
ip multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
ip multicast staticroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
ip multicast ttl-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
disable ip multicast mdebug mtrace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
mrinfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
mstat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
mtrace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
no ip mcast mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
18
Contents
show ip mcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

show ip mcast boundary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
show ip mcast interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
show ip mcast mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
show ip mcast mroute group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
show ip mcast mroute source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
show ip mcast mroute static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
show mrinfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
show mstat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
show mtrace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Distance Vector Multicast Routing Protocol (DVMRP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
ip dvmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
ip dvmrp metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
ip dvmrp trapflags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
ip dvmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
show ip dvmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
show ip dvmrp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
show ip dvmrp neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
show ip dvmrp nexthop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
show ip dvmrp prune . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
show ip dvmrp route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Internet Group Management Protocol (IGMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
ip igmp version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
ip igmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
ip igmp last-member-query-count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
ip igmp last-member-query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
ip igmp query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
ip igmp query-max-response-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
ip igmp robustness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
ip igmp startup-query-count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
ip igmp startup-query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
show ip igmp groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
show ip igmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
show ip igmp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
show ip igmp interface membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
show ip igmp interface stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Chapter 30
PIM-DM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
ip pimdm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
ip pimdm mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
ip pimdm query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
show ip pimdm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
19
show ip pimdm interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

show ip pimdm interface stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
show ip pimdm neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Protocol Independent Multicast - Sparse Mode(PIM-SM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
ip pimsm cbsrpreference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
ip pimsm cbsrhashmasklength . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
ip pimsm crppreference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
ip pimsm datathreshrate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
ip pimsm message-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
ip pimsm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
ip pimsm mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
ip pimsm query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
ip pimsm spt-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
ip pim-trapflags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
ip pimsm staticrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
show ip pimsm rphash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
show ip pimsm staticrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
show ip pimsm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
show ip pimsm candrptable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
show ip pimsm componenttable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
show ip pimsm interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
show ip pimsm interface stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
show ip pimsm neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
show ip pimsm rp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
show ip pimsm rphash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
20
Contents
Chapter 1
About This Book
This document describes configuration commands for SFTOS software. The commands can
be accessed from the CLI, Telnet, and web interface.
This chapter covers the following topics:
Why the Document was Created on page 21

How to Use This Document on page 22
Objectives on page 22
Audience on page 22
Conventions on page 22
Special Characters on page 26
Related Documents on page 26
Products and Services Liability on page 26
Contact and Patents Information on page 27
Note: Please note that BGP and bandwidth allocation are not supported in this
release but may appear in the command output examples in this document.
Why the Document was Created

This document was created primarily for system administrators configuring and operating a
system using SFTOS software. It is intended to provide an understanding of the configuration
options of SFTOS software.
In addition, software engineers who will be integrating SFTOS software into their router or
switch product can benefit from a description of the configuration options.
It is assumed that the reader has an understanding of the SFTOS software base and has read
the appropriate specification for the relevant switch platform. It is also assumed that the
reader has a basic knowledge of Ethernet and networking concepts.
21
How to Use This Document
Chapter 4, SFTOS Overview introduces the SFTOS software at a very high level.
details the procedure to quickly become acquainted with the SFTOS software.
Chapter 9, Mode-based Command Line Interface describes the mapping between
the current CLI commands and the previous SFTOS commands.
Note: Refer to the release notes for the SFTOS application level code. The release
notes detail the platform specific functionality of the Switching, Routing, SNMP,
Config, Management, and Bandwidth Provisioning packages. The suite of features
supported by the SFTOS packages are not available on all the platforms to which
SFTOS has been ported.
Objectives
This document provides configuration instructions and examples for the S-Series. It includes
information on the protocols and features found in SFTOS. Background on networking
protocols is included to describe the capabilities of SFTOS.
For more complete information on protocols, refer to other documentation and IETF RFCs.
Audience
This document is intended for system administrators who are responsible for configuring or
maintaining networks. This guide assumes you are knowledgeable in Layer-2 and Layer-3
networking technologies.
Conventions
The Command Line Interface (CLI) syntax, conventions and terminology are described in
this section. Each CLI command referenced in this document is illustrated using the structure
outlined below.
This document uses the following conventions to describe command syntax:
22
Convention
Description
keyword
Keywords are in bold and should be entered in the CLI as listed.
parameter
Parameters are in italics and require a number or word to be entered in the CLI. Also
shown in brackets: <parameter>
About This Book
{X}
Keywords and parameters within braces must be entered in the CLI.
[X]
Keywords and parameters within brackets are optional.
x|y
Keywords and parameters separated by bar require you to choose one.
The following conventions apply to the command name:
The command name is displayed in this document in bold font and must be typed exactly
as shown.
Once you have entered enough letters of a command name to uniquely identify the
command, hitting the space bar or Tab key will cause the system to complete the word.
Entering Ctrl-Z will return you to the root level command prompt.
Format
Some commands, such as show inventory or clear vlan, do not require parameters.
Other commands, such as network parms, have parameters for which you must supply a
value. Parameters are positional you must type the values in the correct order. Optional
parameters follow required parameters. For example:
network parms ipaddr netmask [gateway]
network parms is the command name.

ipaddr netmask are the required values for the command.
[gateway] is the optional value for the command.
snmp-server location loc
snmp-server location is the command name.

loc
is the required parameter for the command.
clear vlan
clear vlan is the command name.
Parameters
Parameters are order dependent.

Parameters are displayed in this document in bold italic font, which must be replaced
with a name or number.
To use spaces as part of a name parameter, enclose it in double quotes. For example, the
expression "System Name with Spaces" forces the system to accept the spaces.
Parameters may be mandatory values, optional values, choices, or a combination.
23
<parameter>a word in italics indicate that a mandatory parameter must be entered

in place of the brackets and text inside them. Sometimes shown without brackets:
parameter.
[parameter]square brackets indicate that an optional parameter may be entered in

place of the brackets and text inside them.
choice1 | choice2pipe indicates that only one of the parameters should be entered.
{parameter}curly braces indicate that a parameter must be chosen from the list of
choices.
Values
ipaddrThis parameter is a valid IP address. Presently the IP address can be entered in
following formats:
a (32 bits)
a.b (8.24 bits)
a.b.c (8.8.16 bits)
a.b.c.d (8.8.8.8)
In addition to these formats, decimal, hexidecimal and octal formats are supported through
the following input formats (where n is any valid hexidecimal, octal or decimal number):
0xn (CLI assumes hexidecimal format)

0n (CLI assumes octal format with leading
n (CLI assumes decimal format)
zeros)
macaddrThe MAC address format is six hexadecimal numbers separated by colons, for
example 00:06:29:32:81:40.
areaidArea IDs may be entered in dotted-decimal notation (for example, 0.0.0.1). An area
ID of 0.0.0.0 is reserved for the backbone. Area IDs have the same form as IP addresses, but
are distinct from IP addresses. The IP network number of the sub-netted network may be used
for the area ID.
routeridThe value of <router id> must be entered in 4-digit dotted-decimal notation (for
example, 0.0.0.1). A router ID of 0.0.0.0 is invalid.

unit/slot/portValid slot and port number separated by forward slashes. For example, 0/1
represents slot number 0 and port number 1.

logical unit/slot/portLogical unit, slot and port number. This is applicable in the
case of a port-channel (LAG). The operator can use the logical unit/slot/port to configure
the port-channel.
character stringsUse double quotation marks to identify character strings, for example,
System Name with Spaces. An empty string () is not valid.
24
About This Book
Addresses
Network addresses are used to define a link to a remote host, workstation or network.
Network addresses are shown using the following syntax:
Table 1 Network Address Syntax
Address Type
Format
Range
ipaddr
192.165.11.110
0.0.0.0 to 255.255.255.255
(decimal)
macaddr
A7:C9:89:DD:A9:B3
hexidecimal digit pairs
Double quotation marks such as "System Name with Spaces" set off user defined strings. If
the operator wishes to use spaces as part of a name parameter then it must be enclosed in
double quotation marks.
Empty strings () are not valid user defined strings.
Command completion finishes spelling the command when enough letters of a command are
typed to uniquely identify the command word. The command may be executed by typing
<enter> (command abbreviation) or the command word may be completed by typing the
<tab> or <space bar> (command completion).
The value 'Err' designates that the requested value was not internally accessible. This should
never happen and indicates that there is a case in the software that is not handled correctly.
The value of '-----' designates that the value is unknown.
Annotations
The CLI allows the user to type single-line annotations at the command prompt for use when
writing test or configuration scripts and for better readability. The exclamation point (!)
character flags the beginning of a comment. The comment flag character can begin a word
anywhere on the command line and all input following this character is ignored. Any
command line that begins with the character ! is recognized as a comment line and ignored
by the parser.
Some examples are provided below:
! Script file for displaying the ip interface
! Display information about interfaces
show ip interface 1/0/1 !Displays the information about the first interface
! Display information about the next interface
show ip interface 1/0/2
! End of the script file
25
Special Characters
Certain special key combinations speed up use of the CLI. They are listed in this section.
Also, help is available for the CLI by typing HELP:
DEL, BSdelete previous character
Ctrl-Ago to beginning of line
Ctrl-Ego to end of line
Ctrl-Fgo forward one character
Ctrl-Bgo backward one character
Ctrl-Ddelete current character
Ctrl-Hdisplay command history or retrieve a command
Ctrl-U, Xdelete to beginning of line
Ctrl-Kdelete to end of line
Ctrl-Wdelete previous word
Ctrl-Ttranspose previous character
Ctrl-Pgo to previous line in history buffer
Ctrl-Ngo to next line in history buffer
Ctrl-Zreturn to root command prompt
Tab, <SPACE>command-line completion
Exitgo to next lower command prompt
Related Documents
For more information about the Force10 Networks SFTOS software, refer to the S50
Hardware Installation Guide.
The Command Line Interface (CLI) syntax, conventions and terminology are described in
this section. Each CLI command referenced in this document is illustrated using the structure
outlined below.
Products and Services Liability

References in this publication to Force10 products, programs, or services do not imply that
Force10 intends to make these available in all countries in which Force10 operates. Any
reference to a Force10 product, program, or service is not intended to state or imply that only
Force10's product, program, or service may be used. Any functionally equivalent product,
26
About This Book
program, or service that does not infringe on any of Force10 's intellectual property rights
may be used instead of the Force10 product, program, or service. Evaluation and verification
of operation in conjunction with other products, except those expressly designated by
Force10, are the user's responsibility.
Contact and Patents Information

For questions or support contact Force10 using the following addresses.
Force10 may have patents or pending patent applications covering subject matter in this
document. The furnishing of this document does not give you any license to these patents.
Send license inquiries, in writing, to:
Force10 Networks, Inc.
1440 McCarthy Boulevard
Milpitas, CA 95035
USA
27
28
About This Book
Chapter 4
SFTOS Overview
The SFTOS software has two purposes:
Assist attached hardware in switching frames, based on Layer 2, 3, or 4 information

contained in the frames.
Provide a complete device management portfolio to the network administrator.
Scope
SFTOS software encompasses both hardware and software support. SFTOS is partitioned to
run in the following processors:
CPU
This code runs the switch management portfolio and controls the overall switch
hardware. It also assists in frame forwarding, as needed and specified. This code is
designed to run on multiple platforms with minimal changes from platform to platform.
Switching processor
This code does the majority of the packet switching, usually at wire speed. This code is
platform dependent, and substantial changes may exist across products.
Overview
Fast Ethernet (FEN) and Gigabit Ethernet (GEN) switching continues to evolve from
high-end backbone applications to desktop switching applications. The price of the
technology continues to decline, while performance and feature sets continue to improve.
Devices that are capable of switching Layers 2, 3, and 4 are increasingly in demand. SFTOS
provides a flexible solution to these ever-increasing needs.
The exact functionality provided by each switch on which the SFTOS software base runs
varies depending upon the platform and requirements of Force10.
SFTOS provides the network administrator with a set of comprehensive management
functions for managing both SFTOS and the network. The network administrator has a choice
of three easy-to-use management methods:
29
Web-based
VT100 interface
Note: When configuring a device by use of a configuration file, the maximum number of
configuration file command lines is 2000.
Simple Network Management Protocol (SNMP)
Each of the SFTOS management methods enables the network administrator to configure,
manage, and control SFTOS locally or remotely using in-band or out-of-band mechanisms.
Management is standards-based, with configuration parameters and a private MIB providing
control for functions not completely specified in the MIBs.
30
SFTOS Overview
Chapter 5
Supported Features
(*) Denotes Pre-Production Feature
Table 2 Supported Features (NOTE: Layer 3 Package includes all features of Layer 2 Package)
Features
Package Group
Hardware Features
48 GigE ports - Copper
Layer 2
4 port SFP Shared GigE
Layer 2
Optional 2 port 10GigE Uplink
Layer 2
10/100/1000 port for management
Layer 2
1 Serial Port
Layer 2
Software Features Basic Routing and Switching

IPv4 (RFC 1812)
Layer 3
CIDR (RFC 1519)
Layer 3
IPv4 Router Discovery (RFC 1256)
Layer 3
"BootP (RFC951, 1542)
Layer 2
BOOTP/DHCP Relay and Server (RFC 2131)
Layer 2
Host Requirements (RFC 1122)
Layer 2
UDP (RFC 768)
Layer 2
IP (RFC 791)
Layer 2
ICMP (RFC 792)
Layer 2
TCP (RFC 793)
Layer 2
ARP (RFC 826)
Layer 3
VRRP (RFC 2338)
Layer 3
Spanning Tree Protocol (IEEE 802.1d)
Layer 2
Rapid Spanning Tree (IEEE 802.1w)
Layer 2
MSTP (IEEE 802.1s)
Layer 2
SFTOS Configuration Guide, Version 2.1.4
31
Features
Package Group
Proxy ARP (RFC 1027)
Layer 3
10 GigE (IEEE 802.3ae)
Layer 2
1000 Base-T (IEEE 802.3ab)
Layer 2
Flow Control (IEEE 802.3x)
Layer 2
IEEE 802.3ad
Layer 2
16k MAC Address table
Layer 2
Jumbo Frame Support
Layer 2
4k IPv4 Routing Table Entry
Layer 3
QOS
Priority Queues
Layer 2 (*)
Layer 2 classification
Layer 2 (*)
802.1p priority marking
Layer 2 (*)
Layer 3 DSCP
Layer 2 (*)
Bandwidth based rate limiting
Layer 2 (*)
Wirespeed ACLs (L2/L3/L4)
Layer 2 (*)
ACL entries (L2 + L3)
Layer 2 (*)
VLANS
Supported number of VLANs
Layer 2
IEEE 802.1q support
Layer 2
Port based VLANs
Layer 2
Frame Extensions (IEEE 802.3ac)
Layer 2 (*)
Protocol Based VLANs
Layer 2 (*)
GVRP, GARP, GMRP
Layer 2 (*)
Routing Protocol Support

RIPv1/v2
Layer 3
OSPF (RFC 2328, 1587, 1765, 2370)
Layer 3
Static Routes
Layer 3
32
Supported Features
Features
Package Group
Multicast Protocols
IGMP v1/v2 (RFC 1112, 2236)
Layer 3
IGMP snooping
Layer 2 (*)
PIM-SM-edge
Layer 3
DVMRP
Layer 3
PIM-DM
Layer 3
Layer 2 Multicast forwarding
Layer 2
Security & Packet Control Features

Ingress Rate Limiting
Layer 2 (*)
Login Access Control
Layer 2
RADIUS
Layer 2
IEEE 802.1x
Layer 2 (*)
SSH2 server support
Layer 2 (*)
Port Mirroring
Layer 2
Access Profiles on routing protocols
Layer 2
DOS Protection
Layer 2
MAC based port Security
Layer 2 (*)
Management Features
Telnet (RFC 854)
Layer 2
SSHv2
Layer 2
TFTP (RFC 783)
Layer 2
Syslog
Layer 2
SNMP v1/v2c
Layer 2
RMON Groups
Layer 2
HTML based management
Layer 2
ECMP
Layer 3
External redundant power system
Layer 2
SNTP
Layer 2
HTTPS/SSL
Layer 2
SFTOS Configuration Guide, Version 2.1.4
33
Features
Package Group
Stacking
Stacking Multiple Unitsk
Layer 2
LAG across units in a stack
Layer 2
Hot insertion and removal of units in a stack
Layer 2
Auto master election
Layer 2
Auto configuration
Layer 2
34
Supported Features
Chapter 6
Quick Start-up
The CLI Quick Start-up chapter details procedures to quickly become acquainted with the
SFTOS software.
Quick Starting the Switch on page 35
System Info and System Setup on page 36
Physical Port Data on page 36
User Account Management on page 37
IP Address on page 37
Uploading from Switch to Out-of-Band PC (Only XMODEM) on page 39
Downloading from Out-of-Band PC to Switch (Only XMODEM) on page 39
Downloading from TFTP Server on page 40
Factory Defaults on page 40
Quick Starting the Switch

In-band connectivity allows access to the SFTOS software locally or from a remote
workstation. The device must be configured with IP information (IP address, subnet mask,
and default gateway).
1. Turn the Power ON.

2. Allow the device to load the software until the login prompt appears. The device
initial state is called the default mode.
3. When the prompt asks for operator login, execute the following steps:
Type the word admin in the login area. Since a number of the Quick Setup
commands require administrator account rights, Force10 suggests logging into an
administrator account.
Do not enter a password because there is no password in the default mode.
Press the enter key two times.
The CLI User EXEC prompt will be displayed.
Use enable to switch to the Privileged EXEC mode from User EXEC.
Use configure to switch to the Global Config mode from Privileged EXEC.
35
Use exit to return to the previous mode.
System Info and System Setup

To get information on the software version, use the show hardware command:
Command Syntax
Command Mode
Purpose
show hardware [unit]
Privileged EXEC
Allows the user to see the software version the

device contains.
The parameter unit is optional. When the unit
number is specified, the information for the
specified unit is displayed.
When the unit number is unspecified the
information for all units in the stack is displayed.
Example:
Machine Model.2402
24 = 24 10/100 ports
02 = 2 Uplink ports on back of switch
Physical Port Data

To get information on the physical port, use the show port all command:
Command Syntax
Command Mode
Purpose
show port all
Privileged EXEC
Displays the Ports
unit/slot/port
Type - Indicates if the port is a special type of port
Admin Mode - Selects the Port Control
Administration State
Physical Mode - Selects the desired port speed and
duplex mode
Physical Status - Indicates the port speed and
duplex mode
Link Status - Indicates whether the link is up or
down
Link Trap - Determines whether or not to send a
trap when link status changes
LACP Mode - Displays whether LACP is enabled or
disabled on this port.
36
Quick Start-up
User Account Management

To configure account management, use the following commands:
Command Syntax
Command Mode
Purpose
show users
Privileged EXEC
Displays all of the users that are allowed to access the

switch
Access Mode - Shows whether the user is able to
change parameters on the switch(Read/Write) or is only
able to view them (Read Only).
As a factory default, the admin user has Read/Write
access and the guest user has Read Only access.
There can only be one Read/Write user and up to five
Read Only users.
show loginsession
User EXEC
Displays all of the login session information
users passwd username
Global Config
Allows the user to set passwords or change passwords

needed to login
A prompt will appear after the command is entered
requesting the users old password. In the absence of an
old password leave the area blank. The operator must
press enter to execute the command.
The system then prompts the user for a new password
then a prompt to confirm the new password. If the new
password and the confirmed password match a
message will be displayed.
User password should not be more than eight
characters in length.
copy system:running-config
nvram:startup-config
Privileged EXEC
This will save passwords and all other changes to the

device.
If you do not save the configuration by doing this
command, all configurations will be lost when a power
cycle is performed on the switch or when the switch is
reset.
In a stacking environment, the running configuration is
saved in all units of the stack.
logout
User EXEC and

Privileged EXEC
Logs the user out of the switch.
IP Address
To view the network parameters the operator can access the device by the following three
methods.
Simple Network Management Protocol (SNMP)
Telnet
Web browser
37
Note: Helpful Hint: The user should do a copy system:running-config

nvram:startup-config after configuring the network parameters so that the
configurations are not lost.
To help configure the IP address, use the following commands
Command Syntax
Command Mode
Purpose
show network
User EXEC
Displays the Network Configurations

IP Address - IP Address of the interface
Default IP is 0.0.0.0
Subnet Mask - IP Subnet Mask for the interface
Default is 0.0.0.0
Default Gateway - The default Gateway for this
interface
Default value is 0.0.0.0
Burned in MAC Address - The Burned in MAC Address
used for in-band connectivity
Locally Administered MAC Address - Can be configured
to allow a locally administered MAC address
MAC Address Type - Specifies which MAC address
should be used for in-band connectivity
Network Configurations Protocol Current - Indicates
which network protocol is being used
Default is none
Management VLAN Id - Specifies VLAN id
Web Mode - Indicates whether HTTP/Web is enabled.
Java Mode - Indicates whether java mode is enabled.
network parms
Privileged EXEC
network parms <ipaddr> <netmask>

[gateway]
IP Address range from 0.0.0.0 to 255.255.255.255
Subnet Mask range from 0.0.0.0 to 255.255.255.255
Gateway Address range from 0.0.0.0 to
255.255.255.255
38
Quick Start-up
Uploading from Switch to Out-of-Band PC (Only XMODEM)

To help copy from an out-of-band PC (XMODEM), use the following commands.
Command Syntax
Command Mode
Purpose
copy
{nvram:startup-config |
nvram:errorlog |
nvram:msglog | nvram:traplog}
<tftp://<ip address>/>
Privileged EXEC
The types are:

config configuration file
errorlog error log
system trace system trace
traplog trap log
The URL must be specified as:
xmodem:filepath/fileName
This starts the upload and also displays the mode of
uploading and the type of upload it is and confirms the
upload is taking place.
For example:
If the user is using HyperTerminal, the user must specify
where the file is going to be received by the PC.
Downloading from Out-of-Band PC to Switch (Only XMODEM)

To help download from an out-of-band PC, use the following command:
Command Syntax
Command Mode
Purpose
copy <tftp://<ip address>/>

system:image}
Privileged EXEC
Sets the destination (download) datatype to be an

image (system:image) or a configuration file
(nvram:startup-config).
xmodem:filepath/fileName
For example:
If the user is using HyperTerminal, the user must
specify which file is to be sent to the switch.
The switch will restart automatically once the code
has been downloaded.
39
Downloading from TFTP Server

Before starting a TFTP server download, the operator must complete the Quick
Start-up for the IP Address.
To download from a TFTP server, use the following command:
Command Syntax
Command Mode
Purpose
copy <tftp://<ip address>/>

system:image}
Privileged EXEC
Sets the destination (download) datatype to be an

image (system:image) or a configuration file
(nvram:startup-config).
tftp://ipAddr/filepath/fileName.
The nvram:startup-config option downloads the
configuration file using tftp and system:image option
downloads the code file.
Factory Defaults
To help configure factory defaults, use the following commands:
Command Syntax
Command Mode
Purpose
clear config
Privileged EXEC
Enter yes when the prompt pops up to clear all the

configurations made to the switch.
copy system:running-config
nvram:startup-config
Privileged EXEC
Enter yes when the prompt pops up that asks if you

want to save the configurations made to the switch.
reload (or cold boot of the switch)
Privileged EXEC
Enter yes when the prompt pops up that asks if you

want to reset the system.
Choose to reset the switch or cold boot the switch
both work effectively.
40
Quick Start-up
41
42
Quick Start-up
Chapter 7
Stacking Commands
This chapter provides a detailed explanation of the Stacking commands. The following
Stacking commands are available in the SFTOS Platform.
Dedicated-port Stacking
This section provides detailed explanations of the dedicated-port stacking commands. The
commands are divided into two functional groups:
Show commands display stacking settings, statistics and other information.

Configuration commands configure features and options of the switch. For every
configuration command there is a show command that displays the configuration setting.
show switch
This command displays information about all units in the stack.
Syntax
Mode
show switch
User Exec
SwitchThis field displays the unit identifier assigned to the switch.
Management StatusThis field indicates whether the switch is the Primary Management Unit, a stack
member, or the status is unassigned.
Preconfigured Model IdentifierThis field displays the model identifier of a preconfigured switch ready
to join the stack. The Model Identifier is a 32-character field assigned by the device manufacturer to
identify the device.
Plugged-In Model IdentifierThis field displays the model identifier of the switch in the stack. Model
Identifier is a 32-character field assigned by the device manufacturer to identify the device.
Switch StatusThis field indicates the switch status. Possible values for this state are: OK, Unsup
ported, CodeMismatch, ConfigMismatch, or NotPresent.
43
show switch [unit]
Code TypeThis field indicates the detected version of code on this switch.
show switch [unit]

This command displays information for a specific unit in the stack.
Syntax
Mode
show switch [unit]
User Exec
SwitchThis field displays the unit identifier assigned to the switch.
Management StatusThis field indicates whether the switch is the Primary Management Unit a , stack
member, or the status is unassigned.
Hardware Management PreferenceThis field indicates the hardware management preference of the
switch. The hardware management preference can be disabled or unassigned.
Admin Management PreferenceThis field indicates the administrative management preference value
assigned to the switch. This preference value indicates how likely the switch is to be chosen as the
CODE TYPEPrimary Management Unit.
Switch TypeThis field displays the 32-bit numeric switch type.
Model IdentifierThis field displays the model identifier for this switch. Model Identifier is a 32-character
field assigned by the device manufacturer to identify the device.
Switch StatusThis field displays the switch status. Possible values are OK, Unsupported, Code
Mismatch, Config Mismatch, or Not Present.
Switch DescriptionThis field displays the switch description.
Expected Code TypeThis field indicates the expected code type.
Detected Code VersionThis field displays the version of code running on this switch. If the switch is
not present and the data is from pre-configuration, then the code version is None.
Detected Code in FlashThis field displays the version of code that is currently stored in FLASH
memory on the switch. This code will execute after the switch is reset. If the switch is not present and
the data is from pre-configuration, then the code version is None.
Up TimeThis field displays the system up time.
show supported switchtype

This commands displays information about all supported switch types.
44
Stacking Commands
show supported switchtype [switchindex]
Syntax
Mode
show supported switchtype
User Exec
Switch Index (SID)This field displays the index into the database of supported switch types. This
index is used when preconfiguring a member to be added to the stack.
Model IdentifierThis field displays the model identifier for the supported switch type.
Management PreferenceThis field indicates the management preference value of the switch type.
Code TypeThis field displays the code load target identifier of the switch type.

This command displays information about a requested switch type.
Syntax
Mode
User Exec
Switch TypeThis field displays the 32-bit numeric switch type for the supported switch.
Model IdentifierThis field displays the model identifier for the supported switch type.
Switch DescriptionThis field displays the description for the supported switch type.
member
This command configures a switch. The unit is the switch identifier of the switch to be
added/removed from the stack. The switchindex is the index into the database of the
supported switch types, indicating the type of the switch being preconfigured. The switch
index is a 32-bit integer. This command is executed on the Primary Management Unit.
The no version of this command removes a switch from the stack. The unit is the switch
identifier of the switch to be removed from the stack. This command is executed on the
Primary Management Unit.
Syntax
member unit switchindex

no member unit
Mode
Stack Global Config
45
stack
Note: Switch index can be obtained by executing the show supported

switchtype command in User Exec mode.
stack
This command allows user to enter Config-stack mode.
Syntax
Mode
stack
Global Config
switch priority
This command configures the ability of a switch to become the Primary Management Unit.
The unit is the switch identifier. The value is the preference parameter that allows the user
to specify, priority of one backup switch over another. The range for priority is 1 to 15. The
switch with the highest priority value will be chosen to become the Primary Management
Unit if the active Primary Management Unit fails. The switch priority defaults to the
hardware management preference value 1. Switches that do not have the hardware capability
to become the Primary Management Unit are not eligible for management.
Default
enable
Syntax
switch unit priority value
Mode
Global Config
switch renumber
This command changes the switch identifier for a switch in the stack. The oldunit is the
current switch identifier on the switch whose identifier is to be changed. The newunit is the
updated value of the switch identifier. Upon execution, the switch is configured with the
configuration information for the new switch, if any. The old switch configuration
information is retained, however the old switch is operationally unplugged. This command is
executed on the Primary Management Unit.
Syntax
46
switch oldunit renumber newunit

Stacking Commands
movemanagement
Mode
Global Config
movemanagement
This command moves the Primary Management Unit functionality from one switch to
another. The fromunit is the switch identifier on the current Primary Management Unit. The
tounit is the switch identifier on the new Primary Management Unit. Upon execution, the
entire stack (including all interfaces in the stack) will be unconfigured and reconfigured with
the configuration on the new Primary Management Unit. After the reload is complete, all
stack management capability must be performed on the new Primary Management Unit. To
preserve the current configuration across a stack move, execute the copyconfig command
before performing the stack move. A stack move will cause all routes and layer 2 addresses to
be lost. This command is executed on the Primary Management Unit. The administrator is
prompted to confirm the management move.
Syntax
Mode
movemanagement fromunit tounit
Stack Global Config
archive copy-sw
This command replicates the STK file from the Primary Management Unit to the other
switch(es) in the stack. The code is loaded on the destination system unit, if specified,
otherwise the code is loaded on all switches in the stack. Switch(es) must be reset for the new
code to start running.
Syntax
Mode
archive copy-sw destination-system unit
Stack Global Config
archive download-sw
This command downloads the STK file to the switch. The url is the transfer mode. The
switch must be reset for the new code to start running.
Syntax
Mode
archive download-sw url
Stack Global Config
47
slot
Slot and Card Commands

This section provides detailed explanations of the slot and card commands. The commands
are divided into two functional groups:

slot
This command configures a slot in the system. The unit/slot/port is the slot identifier of the
slot. The cardindex is the index into the database of the supported card types, indicating the
type of the card being preconfigured in the specified slot. The card index is a 32-bit integer. If
a card is currently present in the slot that is unconfigured, the configured information will be
deleted and the slot will be re-configured with default information for the card.
The no version of this command removes configured information from an existing slot in the
system.
Syntax
slot unit/slot/port cardindex

no slot unit/slot/port cardindex
Mode
Global Config
Note: Card index can be obtained by executing show supported

cardtype command in User Exec mode.
set slot disable

This command configures the administrative mode of the slot(s). If all is specified the
command is applied to all slots, otherwise the command is applied to the slot identified by
slot/port.
If a card or other module is present in the slot, this administrative mode will effectively be
applied to the contents of the slot. If the slot is empty, this administrative mode will be
applied to any module that is inserted into the slot. If a card is disabled, all the ports on the
device are operationally disabled and shown as unplugged on management screens.
48
Stacking Commands
set slot power
The no version of this command unconfigures the administrative mode of the slot(s). If all is
specified the command removes the configuration from all slots, otherwise the configuration
is removed from the slot identified by slot/port.
If a card or other module is present in the slot, this administrative mode removes the
configuration from the contents of the slot. If the slot is empty, this administrative mode
removes the configuration from any module inserted into the slot. If a card is disabled, all the
ports on the device are operationally disabled and shown as unplugged on management
screens.
Syntax
set slot disable {slot/port | all}

no set slot disable {slot/port | all}
Mode
Global Config
set slot power

This command configures the power mode of the slot(s) and allows power to be supplied to a
card located in the slot. If all is specified the command is applied to all slots, otherwise the
command is applied to the slot identified by slot/port.
Use this command when installing or removing cards. If a card or other module is present in
this slot, the power mode is applied to the contents of the slot. If the slot is empty, the power
mode is applied to any card inserted into the slot.
The no version of this command unconfigures the power mode of the slot(s) and prohibits
power from being supplied to a card located in the slot. If all is specified the command
prohibits power to all slots, otherwise the command prohibits power to the slot identified by
slot/port.
Use this command when installing or removing cards. If a card or other module is present in
this slot, power is prohibited to the contents of the slot. If the slot is empty, power is
prohibited to any card inserted into the slot.
Syntax
Mode
[no] set slot power {slot/port | all}
Global Config
show slot
This command displays information about all the slots in the system.
49
show slot <unit/slot/port>
Syntax
Mode
show slot
User Exec
SlotThis field displays the slot identifier in a slot/port format.
Slot StatusThis field indicates whether the slot is empty, full, or has encountered an error.
Admin StateThis field displays the slot administrative mode as enabled or disabled.
Power StateThis field displays the slot power mode as enabled or disabled.
Configured Card Model IdentifierThis field displays the model identifier of the card preconfigured in
the slot. Model Identifier is a 32-character field used to identify a card.
PluggableThis field indicates whether cards are pluggable or non-pluggable in the slot.
Power DownThis field indicates whether the slot can be powered down.
show slot <unit/slot/port>

This command displays information for the requested slot. If the slot holds a card or module,
information about the contents of the slot is also displayed.
Syntax
Mode
show slot unit/slot/port
User Exec
SlotThis field displays the slot identifier. In a stacking environment this field is displayed in a unit/
slot/port format.
Slot StatusThis field indicates whether the slot is empty, full, or errored.
Admin StateThis field displays the slot administrative mode as enabled or disabled.
Power StateThis field displays the slot power mode as enabled or disabled.
Inserted Card Model IdentifierThis field displays the model identifier of the card inserted in the slot.
Model Identifier is a 32-character field used to identify a card. This field is displayed only if the slot is full.
Inserted Card DescriptionThis field displays the card description. This field is displayed only if the slot
is full.
Configured Card Model IdentifierThis field displays the model identifier of the card preconfigured in
the slot. Model Identifier is a 32-character field used to identify a card. This field is displayed only if the
slot is preconfigured.
Configured Card DescriptionThis field displays the card description. This field is displayed only if the
slot is preconfigured.
PluggableThis field indicates whether cards are pluggable or non-pluggable in the slot.
50
Stacking Commands
show supported cardtype
Power DownThis field indicates whether the slot can be powered down.

This commands displays information about all card types supported in the system.
Syntax
Mode
User Exec
Card Index (CID)This field displays the index into the database of the supported card types. This
index is used when preconfiguring a slot.
Card Model IdentifierThis field displays the model identifier for the supported card type.
show supported cardtype [cardindex]

This commands displays information about specific card types supported in the system.
Syntax
Mode
show supported cardtype cardindex
User Exec
Card TypeThis field displays the 32-bit numeric card type for the supported card.
Model IdentifierThis field displays the model identifier for the supported card type.
Card DescriptionThis field displays the description for the supported card type.
Reset and Port Commands

This section provides detailed explanations of the reset and port commands.
reload
This command resets the entire stack or the identified [unit]. The administrator is prompted
to confirm that the reset should proceed.
51
stack-port
Syntax
reload [unit]
Mode
Global Config
Front Panel Stacking

This section provides detailed explanations of the Front Panel Stacking commands. The

stack-port
This command sets front panel stacking per port to either stack or ethernet mode.
Default
stack
Syntax
stack-port <Syntax> {ethernet | stack}
Mode
Stack Global Config
qos-mode
This command enables QOS mode for front panel stacking.
The no version of this command disables QOS mode for front panel stacking.
Default
enabled
Syntax
[no] qos-mode
Mode
52
Stack Global Config
Stacking Commands
show stack-port
show stack-port
This command displays summary stack-port information for all interfaces.
Syntax
Mode
show stack-port
Privileged Exec
QOS ModeFront Panel Stacking QOS Mode for all Interfaces
For Each Interface:

UnitUnit
InterfaceUnit/Slot/Port
Configured Stack ModeStack or Ethernet
Running Stack ModeStack or Ethernet
Link StatusStatus of the link
Link SpeedSpeed (Gb/s) of the stack port link
show stack-port counters

This command displays summary data counter information for all interfaces.
Syntax
Mode
show stack-port counters
Privileged Exec
UnitUnit
InterfaceSlot/Port
Tx Data RateTrasmit data rate in megabits per second on the stacking port.
Tx Error RatePlatform-specific number of transmit errors per second.
Tx Total ErrorPlatform-specific number of total transmit errors since power-up.
Rx Data RateReceive data rate in megabits per second on the stacking port.
Rx Error RatePlatform-specific number of receive errors per second.
Rx Total ErrorsPlatform-specific number of total receive errors since power-up.
53
show stack-port diag

This command shows front panel stacking diagnostics for each port and is only intended for
Field Application Engineers (FAEs) and developers. An FAE will advise on the necessity to
run this command and capture this information.
Syntax
Mode
Privileged Exec
UnitUnit
InterfaceSlot/Port
Diagnostic Entry180 character string used for dianostics.
54
Stacking Commands
Chapter 8
Using the Web Interface
This chapter is a brief introduction to the web. You can manage your switch through a Web
browser and Internet connection. This is referred to as Web-based management. To access the
switch, the Web browser must support:
HTML version 4.0, or later

HTTP version 1.1, or later
JavaScript(TM) version 1.2, or later
This section explains how to access the switch Web-based management panels to configure
and manage the switch.
It is important to note that there are equivalent functions in the Web interface as in the
terminal interface (that is, there are usually the same menus to accomplish a task). For
example, when you log in, there is a Main Menu with the same functions available, and so on.
To terminate the Web login session, close the web browser.
There are several differences between the Web and terminal interfaces. For example, on the
Web interface the entire forwarding database can be displayed, and the terminal interface only
displays 10 entries starting at specified addresses.
Configuring for Web Access on page 55

Web Page Layout on page 56
Starting the Web Interface on page 56
Command Buttons on page 56
Configuring for Web Access

To enable Web access to the switch:
1. Configure the switch for in-band connectivity.

2. Enable HTTP Web mode. For layer 2, see ip http server command.
55
Web Page Layout

A Web interface panel for the switch Web page consists of three frames.
Frame 1, across the top, displays a banner graphic of the switch.
Frame 2, at the bottom-left displays a hierarchical-tree view. The tree consists of a
combination of folders, subfolders, and configuration and status HTML pages. You can think
of the folders and subfolders as branches and the configuration and status HTML pages as
leafs. Only the selection of a leaf (not a folder or subfolder) will cause Frame 2 to display a
new HTML page. A folder or subfolder has no corresponding Frame 3 HTML page.
Frame 3, the bottom-right frame, displays the currently selected device configuration status or
the user configurable information that you have selected from the tree view of Frame 2, or
both. You can resize each of these frames. There are no fixed-sized frames.
Starting the Web Interface

Note: You must configure the IP address of the switch before using
the Web interface.
Follow these steps to bring up the switch Web interface:
1. Enter the IP address of the switch in the Web browser address field.
2. When the Login panel is displayed, enter the appropriate User Name and Password. The User Name and associated password are the same ones used for the terminal interface. Click on the Login button. The navigation tree is displayed in
Frame 2, and the System Description Menu is displayed in Frame 3.
3. Make your selection by clicking on the appropriate item in the navigation tree in
Frame 2.
Command Buttons
The following command buttons are used throughout the Web interface panels for the switch:
SaveImplements and saves the changes you just made. Some settings may require you to
reset the system in order for them to take effect.
RefreshThe Refresh button that appears next to the Apply button in Web interface panels
refreshes the data on the panel.
56
SubmitSend the updated configuration to the switch. Configuration changes take effect
immediately. These changes will not be retained across a power cycle unless a save is
performed.
57
58
Chapter 9
Mode-based Command Line

Interface
The Command Line Interface (CLI) groups all the commands in appropriate modes according
to the nature of the commands. Sample of the CLI command modes are described below.
Each of the command modes supports specific SFTOS software commands.
The Command Mode table captures the command modes, the prompts visible in that mode
and the exit method from that mode.
Table 3 Command Mode
Command Mode
Access Method
Prompt
Exit or Access Previous Mode
User Exec Mode
This is the first level of

access. Perform basic tasks
and list system information.
Switch>
Enter Logout command
Privileged Exec
Mode
From the User Exec mode,

enter the enable
command.
Switch#
To exit to the User Exec mode, enter exit

or press Ctrl-Z.
VLAN Mode
From the Privileged Exec

mode, enter the vlan
database command.
Switch (Vlan) #
To exit to the Privileged Exec mode, enter

the exit command, or press Ctrl-Z to
switch to the User Exec mode.
Global Config
Mode
From the Privileged Exec

mode, enter the configure
command.
Switch (Config)#
To exit to the Privileged Exec mode, enter

the exit command, or press Ctrl-Z to
switch to the User Exec mode.
Interface Config
Mode
From the Global Config

mode, enter the interface
<unit/slot/port>
command.
Switch (Interface "if

number")#
To exit to the Global Config mode, enter

exit. To return to the User Exec mode,
enter ctrl-Z.
Line Config Mode

mode, enter the
lineconfig command
Switch (line) #

enter ctrl-Z.
Policy Map Config

Mode

mode, enter the
policy-map command
Switch
(Config-policy-map)#

enter ctrl-Z.
Policy Class Config From the Policy Map mode

Mode
enter the class command
Switch
(Config-policy-classma
p)#
To exit to the Policy Map mode, enter

enter ctrl-Z.
Class Map Config

Mode
Switch
(Config-classmap)#

enter ctrl-Z.

mode, enter the
class-map command
59
Table 3 Command Mode

Command Mode
Access Method
Prompt
Exit or Access Previous Mode
Router OSPF
Config Mode

mode, enter the router
ospf command
Switch
(Config-router)#

enter ctrl-Z.
Router RIP Config

Mode
Switch
mode, enter the router rip (Config-router)#
command

enter ctrl-Z.
Bwprovisioning
Config Mode

mode, enter the
Switch (Config-bwp)#

enter ctrl-Z.
bwprovisioning
command.
Bwprovisioning Trafficclass Config
Mode
From the Bwprovisioning

mode, enter the
traffic-class command.
Switch
(Config-bwp-trafficcla
ss)#
To exit to the Bwprovisioning Config

mode, enter exit. To return to the User
Exec mode, enter ctrl-Z.
DHCP Pool Config

Mode

mode, enter the ip dhcp
Switch
(Config-dhcp-pool)#

enter ctrl-Z
pool <pool-name>
command.
Stack Global
Config Mode

mode, enter the stack
command.
Switch (Config-stack )# To exit to the Global Config mode, enter

enter ctrl-Z
Mode-based Topology
The CLI tree is built on a mode concept where the commands are available according to the
interface. Some of the modes are depicted in the mode-based CLI Figure 1.
60
Mode-based Command Line Interface
Figure 1. Mode-based CLI
ROOT
The User Exec commands

are also accesible in the
Priveledged Exec mode.
User Exec
Enable
No
Passwd
Correc
Correct
t
?
Return to the Exec

prompt
Yes
Privileged Exec
VLAN
Global Config
DHCP Pool
Bwprovisioning
Interface Config
Policy Map
Config
Router OSPF
Class Map
Line Config
Policy Class
Bwp
bwallocation
Config
Router RIP
Stacking
Config
Config
Bwp traffic class
Access to all commands in the Privileged Exec mode and below are restricted through a
password.
Mode-based Command Hierarchy

The CLI is divided into various modes. The Commands in one mode are not available until
the operator switches to that particular mode, with the exception of the User Exec mode
commands. The User Exec mode commands may also be executed in the Privileged Exec
mode.
61
The commands available to the operator at any point in time depend upon the mode. Entering
a question mark (?) at the CLI prompt, displays a list of the available commands and
descriptions of the commands.
The CLI provides the following modes:
User Exec ModeWhen the operator logs into the CLI, the User Exec mode is the initial mode. The
User Exec mode contains a limited set of commands. The command prompt shown at this level is:
Command Prompt: $>

Privileged Exec ModeTo have access to the full suite of commands, the operator must enter the
Privileged Exec mode. The Privileged Exec mode requires password authentication. From Privileged
Exec mode, the operator can issue any Exec command, enter the VLAN mode or enter the Global
Configuration mode . The command prompt shown at this level is:
Command Prompt: $#
VLAN ModeThis mode groups all the commands pertaining to VLANs. The command prompt shown
at this level is:
Command Prompt: $(VLAN)#

Global Config ModeThis mode permits the operator to make modifications to the running
configuration. General setup commands are grouped in this mode. From the Global Configuration
mode, the operator can enter the System Configuration mode, the Physical Port Configuration mode,
the Interface Configuration mode, or the Protocol Specific modes specified below. The command
prompt at this level is:
Command Prompt: $(Config)#
From the Global Config mode, the operator may enter the following configuration modes:
Interface Config ModeMany features are enabled for a particular interface. The Interface commands
enable or modify the operation of an interface.
In this mode, a physical port is set up for a specific logical connection operation. The Interface Config
mode provides access to the router interface configuration commands. The command prompt at this
level is:
Command Prompt: $(Interface <unit/slot/port>)#
The resulting prompt for the interface configuration command entered in the Global
Configuration mode is shown below:
$(Config)# interface 1/2/1
$(Interface 1/2/1)#+
Line Config ModeThis mode allows the operator to configure the console interface. The operator may
configure the interface from the directly connected console or the virtual terminal used with Telnet. The
command prompt at this level is:
Command Prompt: $(Line)#
62
Policy Map ModeUse the policy-map <policy-name>command to access the QoS policy map
configuration mode to configure the QoS policy map.
$(Config)# policy map <policy name>

Command Prompt: $(Config-policy-map)#
Policy Class ModeUse the class <class-name> command to access the QoS policy-classmap mode
to attach/remove a diffserv class to a policy and to configure the QoS policy class.
$(Config policy-map)# class <class name>

Command Prompt: $(Config-policy-classmap)#
Class Map Mode:This mode consists of class creation/deletion and matching commands. The class
match commands specify layer 2, layer 3 and general match criteria. Use the class-map
class-map-name commands to access the QoS class map configuration mode to configure QoS class
maps.
$(Config)# class-map <class-map-name>

Command Prompt: $(Config class-map)#
Router OSPF Config Mode: In this mode, the operator is allowed to access the router OSPF
configuration commands. The command prompt at this level is:
$(Config)# router ospf

Command Prompt: $(Config router)#
Router RIP Config Mode: In this mode, the operator is allowed to access the router RIP configuration
commands. The command prompt at this level is:
$(Config)# router rip

Command Prompt: $(Config router)#
Bwprovisioning Config ModeUse the bwprovisioning command to access the Bandwidth provisioning
Config Mode to configure bandwidth provisioning.
$(Config)# bwprovisioning
Command Prompt: $(Config-bwp)#
Bwprovisioning Trafficclass ModeUse the traffic-class command to access the Bandwidth provisioning
Config Mode to configure bandwidth traffic class.
$(Config bwp)# traffic-class

Command Prompt: $(Config-bwp-trafficclass)#
63
MAC Access-List Config ModeUse the MAC Access-List Config mode to create a MAC access-List
and to enter the mode containing mac access-list configuration commands.
$(Config)#mac-access-list extended <name>

Command Prompt: $(Config-mac-access-list)#
DHCP Pool Config ModeUse the ip dhcp pool <pool-name> command to access the DHCP Pool
Config .
$(Config)# ip dhcp pool <pool-name>

Command Prompt: (Config-dhcp-pool)#
The operator logs into the CLI session and enters the User Exec mode. In the User Exec mode
the $(exec)> prompt is displayed on the screen.
The parsing process is initiated whenever the operator types a command and presses
<ENTER>. The command tree is searched for the command of interest. If the command is not
found, the output message indicates where the offending entry begins. For instance, command
node A has the command show arp brief but the operator attempts to execute the command
show arpp brief then the output message would be $(exec)> show arpp brief^.
$%Invalid input detected at '^' marker. If the operator has given an invalid input
parameter in the command, then the message conveys to the operator an invalid input was
detected. The layout of the syntax error message output is depicted below:
(exec) #show arpp brief
^
%Invalid input detected at ^ marker.
After all the mandatory parameters are entered, any additional parameters entered are treated
as optional parameters. If any of the parameters are not recognized a syntax error message
will be displayed.
1. After the command is successfully parsed and validated, the control of execution
goes to the corresponding CLI callback function.
2. For mandatory parameters, the command tree extends till the mandatory parameters make the leaf of the branch. The callback function is only invoked when all
the mandatory parameters are provided. For optional parameters, the command
tree extends till the mandatory parameters and the optional parameters make the
leaf of the branch. However, the call back function is associated with the node
where the mandatory parameters are fetched. The call back function then takes
care of the optional parameters.
3. Once the control has reached the callback function, the callback function has
complete information about the parameters entered by the operator.
64
No Form of a Command
No is a specific form of an existing command and does not represent a new or distinct
command. Only the configuration commands are available in the no form. The behavior
and the support details of the no form is captured as part of the mapping sheets.
Support for No Form

Almost every configuration command has a no form. In general, use the no form to reverse
the action of a command or reset a value back to the default. For example, the no shutdown
interface configuration command reverses the shutdown of an interface. Use the command
without the keyword no to re-enable a disabled feature or to enable a feature that is disabled
by default.
65
66
Chapter 10
Switching Commands
This chapter provides detailed explanation of the Switching commands. The commands are
divided into five functional groups:
Show commands display switch settings, statistics, and other information.

configuration command, there is a show command that displays the configuration
setting.
Copy commands transfer or save configuration and informational files to and
from the switch.
Clear commands clear some or all of the settings to factory defaults.
This chapter includes the following configuration types:
System information and statistics commands

System management commands
Device configuration commands
User account management commands
Security commands
System utilities
System Information and Statistics Commands

This chapter provides a detailed explanation of the SFTOS software platform commands. The
commands are divided into five functional groups:

setting.
Copy commands transfer or save configuration and informational files to and
from the switch.
67
show arp switch
SFTOS supports the following switching commands:
show arp switch on page 68

show eventlog on page 68
show hardware on page 69
show interface on page 70
show interface ethernet on page 71
show logging on page 76
show mac-addr-table on page 76
show msglog on page 77
show running-config on page 77
show sysinfo on page 78
snmp-server on page 78
show arp switch

This command displays connectivity between the switch and other devices. The Address
Resolution Protocol (ARP) cache identifies the MAC addresses of the IP stations
communicating with the switch.
Syntax
Mode
show arp switch
Privileged EXEC
MAC AddressA unicast MAC address for which the switch has forwarding and/or filtering information.
The format is 6 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB
IP AddressThe IP address assigned to each interface.
unit/slot/portValid unit, slot and port number separated by forward slashes.
show eventlog
This command displays the event log, which contains error messages from the system. The
event log is not cleared on a system reset.
Syntax
show eventlog
Mode
Privileged EXEC
FileThe file in which the event originated.
68
Switching Commands
show hardware
LineThe line number of the event

Task IdThe task ID of the event.
CodeThe event code.
TimeThe time this event occurred.
Note: Event log information is retained across a switch reset.
show hardware
This command displays inventory information for the switch.
Syntax
show hardware
Mode
Privileged EXEC
Switch DescriptionText used to identify the product name of this switch.
Machine TypeSpecifies the machine model as defined by the Vital Product Data.
Machine ModelSpecifies the machine model as defined by the Vital Product Data.
Serial NumberThe unique box serial number for this switch.
FRU NumberThe field replaceable unit number.
Part NumberManufacturing part number.
Maintenance LevelIndicates hardware changes that are significant to software.
ManufacturerManufacturer descriptor field.
Burned in MAC AddressUniversally assigned network address.
Software VersionThe release.version.revision number of the code currently running on the switch.
Operating SystemThe operating system currently running on the switch.
Network Processing ElementThe type of the processor microcode.
Additional PackagesThis displays the additional packages that are incorporated into this system, such
as SFTOS Multicast.
69
show interface
show interface
This command displays a summary of statistics for a specific port or a count of all CPU traffic
based upon the argument.
Syntax
Mode
show interface {unit/slot/port | switchport }
Privileged EXEC
The display parameters, when the argument is unit/slot/port, is as follows:
Packets Received Without ErrorThe total number of packets (including broadcast packets and
multicast packets) received by the processor.
Packets Received With ErrorThe number of inbound packets that contained errors preventing them
from being deliverable to a higher-layer protocol.
Broadcast Packets ReceivedThe total number of packets received that were directed to the broadcast
address. Note that this does not include multicast packets.
Packets Transmitted Without ErrorThe total number of packets transmitted out of the interface.
Transmit Packets ErrorsThe number of outbound packets that could not be transmitted because of
errors.
Collisions FramesThe best estimate of the total number of collisions on this Ethernet segment.
Time Since Counters Last ClearedThe elapsed time, in days, hours, minutes, and seconds since the
statistics for this port were last cleared.
The display parameters, when the argument is switchport, is as follows:
Packets Received Without ErrorThe total number of packets (including broadcast packets and
Packets Received With ErrorThe number of inbound packets that contained errors preventing them
from being deliverable to a higher-layer protocol.
Packets Transmitted Without ErrorThe total number of packets transmitted out of the interface.
Broadcast Packets TransmittedThe total number of packets that higher-level protocols requested to
be transmitted to the Broadcast address, including those that were discarded or not sent.
Transmit Packet ErrorsThe number of outbound packets that could not be transmitted because of
errors.
Address Entries Currently In UseThe total number of Forwarding Database Address Table entries
now active on the switch, including learned and static entries.
VLAN Entries Currently In UseThe number of VLAN entries presently occupying the VLAN table.
statistics for this switch were last cleared.
70
Switching Commands
show interface ethernet

This command displays detailed statistics for a specific port or for all CPU traffic based upon
the argument.
Syntax
Mode
show interface ethernet {unit/slot/port | switchport}
Privileged EXEC
The display parameters, when the argument is unit/slot/port, are as follows:
Packets Received
Octets ReceivedThe total number of octets of data (including those in bad packets) received on the
network (excluding framing bits but including Frame Check Sequence (FCS) octets). This object can be
used as a reasonable estimate of ethernet utilization. If greater precision is desired, the etherStatsPkts
and etherStatsOctets objects should be sampled before and after a common interval. ----- The result of
this equation is the value Utilization which is the percent utilization of the ethernet segment on a scale of
0 to 100 percent.
Packets Received < 64 OctetsThe total number of packets (including bad packets) received that were
< 64 octets in length (excluding framing bits but including FCS octets).
Packets Received 64 OctetsThe total number of packets (including bad packets) received that were
64 octets in length (excluding framing bits but including FCS octets).
Packets Received 65-127 OctetsThe total number of packets (including bad packets) received that
were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets).
Packets Received 1024-1518 OctetsThe total number of packets (including bad packets) received
that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS
octets).
Packets Received 1519-1522 OctetsThe total number of packets (including bad packets) received
octets).
Packets Received > 1522 OctetsThe total number of packets received that were longer than 1522
octets (excluding framing bits, but including FCS octets) and were otherwise well formed.
Packets Received
Successfully
TotalThe total number of packets received that were without errors.

Unicast Packets ReceivedThe number of subnetwork-unicast packets delivered to a higher-layer
protocol.
Multicast Packets ReceivedThe total number of good packets received that were directed to a
multicast address. Note that this number does not include packets directed to the broadcast address.
71
Broadcast Packets ReceivedThe total number of good packets received that were directed to the
broadcast address. Note that this does not include multicast packets.
Packets
Received with
MAC Errors
TotalThe total number of inbound packets that contained errors preventing them from being
deliverable to a higher-layer protocol.
Jabbers ReceivedThe total number of packets received that were longer than 1518 octets (excluding
framing bits, but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an
integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment
Error). Note that this definition of jabber is different than the definition in IEEE-802.3 section 8.2.1.5
(10BASE5) and section 10.3.1.4 (10BASE2). These documents define jabber as the condition where
any packet exceeds 20 ms. The allowed range to detect jabber is between 20 ms and 150 ms.
Fragments/Undersize ReceivedThe total number of packets received that were less than 64 octets in
length (excluding framing bits but including FCS octets).
Alignment ErrorsThe total number of packets received that had a length (excluding framing bits, but
including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad Frame Check Sequence
(FCS) with a non-integral number of octets.
Rx FCS ErrorsThe total number of packets received that had a length (excluding framing bits, but
(FCS) with an integral number of octets
OverrunsThe total number of frames discarded as this port was overloaded with incoming packets,
and could not keep up with the inflow.
Received Packets
not forwarded
TotalA count of valid frames received which were discarded (i.e. filtered) by the forwarding process.
Local Traffic FramesThe total number of frames dropped in the forwarding process because the
destination address was located off of this port.
802.3x Pause Frames ReceivedA count of MAC Control frames received on this interface with an
opcode indicating the PAUSE operation. This counter does not increment when the interface is
operating in half-duplex mode.
Unacceptable Frame TypeThe number of frames discarded from this port due to being an
unacceptable frame type.
VLAN Membership MismatchThe number of frames discarded on this port due to ingress filtering.
VLAN Viable DiscardsThe number of frames discarded on this port when a lookup on a particular
VLAN occurs while that entry in the VLAN table is being modified, or if the VLAN has not been
configured.
Multicast Tree Viable DiscardsThe number of frames discarded when a lookup in the multicast tree for
a VLAN occurs while that tree is being modified.
Reserved Address DiscardsThe number of frames discarded that are destined to an IEEE 802.1
reserved address and are not supported by the system.
Broadcast Storm RecoveryThe number of frames discarded that are destined for FF:FF:FF:FF:FF:FF
when Broadcast Storm Recovery is enabled.
CFI DiscardsThe number of frames discarded that have CFI bit set and the addresses in RIF are in
non-canonical format.
Upstream ThresholdThe number of frames discarded due to lack of cell descriptors available for that
packet's priority level.
72
Switching Commands
Packets
Transmitted
Octets
Total BytesThe total number of octets of data (including those in bad packets) received on the network
(excluding framing bits but including FCS octets). This object can be used as a reasonable estimate of
ethernet utilization. If greater precision is desired, the etherStatsPkts and etherStatsOctets objects
should be sampled before and after a common interval. ----Packets Transmitted 64 OctetsThe total number of packets (including bad packets) received that were
64 octets in length (excluding framing bits but including FCS octets).
Packets Transmitted 65-127 OctetsThe total number of packets (including bad packets) received that
Packets Transmitted 128-255 OctetsThe total number of packets (including bad packets) received
octets).
Packets Transmitted 256-511 OctetsThe total number of packets (including bad packets) received that
octets).
octets).
octets).
Max InfoThe maximum size of the Info (non-MAC) field that this port will receive or transmit.
Packets
Transmitted
Successfully
TotalThe number of frames that have been transmitted by this port to its segment.
Unicast Packets TransmittedThe total number of packets that higher-level protocols requested be
transmitted to a subnetwork-unicast address, including those that were discarded or not sent.
Multicast Packets TransmittedThe total number of packets that higher-level protocols requested be
transmitted to a Multicast address, including those that were discarded or not sent.
Broadcast Packets TransmittedThe total number of packets that higher-level protocols requested be
transmitted to the Broadcast address, including those that were discarded or not sent.
Transmit Errors
Total ErrorsThe sum of Single, Multiple, and Excessive Collisions.

Tx FCS ErrorsThe total number of packets transmitted that had a length (excluding framing bits, but
(FCS) with an integral number of octets
OversizedThe total number of frames that exceeded the max permitted frame size. This counter has a
max increment rate of 815 counts per sec. at 10 Mb/s.
Underrun ErrorsThe total number of frames discarded because the transmit FIFO buffer became
empty during frame transmission.
Transmit
Discards
Total DiscardsThe sum of single collision frames discarded, multiple collision frames discarded, and
excessive frames discarded.
73
Single Collision FramesA count of the number of successfully transmitted frames on a particular
interface for which transmission is inhibited by exactly one collision.
Multiple Collision FramesA count of the number of successfully transmitted frames on a particular
interface for which transmission is inhibited by more than one collision.
Excessive CollisionsA count of frames for which transmission on a particular interface fails due to
excessive collisions.
Port MembershipThe number of frames discarded on egress for this port due to egress filtering being
enabled.
VLAN Viable DiscardsThe number of frames discarded on this port when a lookup on a particular
VLAN occurs while that entry in the VLAN table is being modified, or if the VLAN has not been
configured.
Protocol
Statistics
BPDU's receivedThe count of BPDU's (Bridge Protocol Data Units) received in the spanning tree
layer.
BPDU's TransmittedThe count of BPDU's (Bridge Protocol Data Units) transmitted from the spanning
tree layer.
802.3x Pause Frames ReceivedA count of MAC Control frames received on this interface with an
opcode indicating the PAUSE operation. This counter does not increment when the interface is
operating in half-duplex mode.
GVRP PDU's ReceivedThe count of GVRP PDU's received in the GARP layer.
GVRP PDU's TransmittedThe count of GVRP PDU's transmitted from the GARP layer.
GVRP Failed RegistrationsThe number of times attempted GVRP registrations could not be
completed.
GMRP PDU's receivedThe count of GMRP PDU's received in the GARP layer.
GMRP PDU's TransmittedThe count of GMRP PDU's transmitted from the GARP layer.
GMRP Failed RegistrationsThe number of times attempted GMRP registrations could not be
completed.
STP BPDUs TransmittedSpanning Tree Protocol Bridge Protocol Data Units sent
STP BPDUs ReceivedSpanning Tree Protocol Bridge Protocol Data Units received
RST BPDUs TransmittedRapid Spanning Tree Protocol Bridge Protocol Data Units sent
RSTP BPDUs ReceivedRapid Spanning Tree Protocol Bridge Protocol Data Units received
MSTP BPDUs TransmittedMultiple Spanning Tree Protocol Bridge Protocol Data Units sent
MSTP BPDUs ReceivedMultiple Spanning Tree Protocol Bridge Protocol Data Units received
Dot1x Statistics
EAPOL Frames Received The number of valid EAPOL frames of any type that have been received
by this authenticator.
EAPOL Frames TransmittedThe number of EAPOL frames of any type that have been transmitted by
this authenticator.
74
Switching Commands
statistics for this port were last cleared.
The display parameters, when the argument is switchport, are as follows:

Octets ReceivedThe total number of octets of data received by the processor (excluding framing bits
but including FCS octets).
Total Packets Received Without Error- The total number of packets (including broadcast packets and
Unicast Packets ReceivedThe number of subnetwork-unicast packets delivered to a higher-layer
protocol.
Multicast Packets ReceivedThe total number of packets received that were directed to a multicast
address. Note that this number does not include packets directed to the broadcast address.
Receive Packets DiscardedThe number of inbound packets which were chosen to be discarded even
though no errors had been detected to prevent their being deliverable to a higher-layer protocol. A
possible reason for discarding a packet could be to free up buffer space.
Octets TransmittedThe total number of octets transmitted out of the interface, including framing
characters.
Packets Transmitted without ErrorsThe total number of packets transmitted out of the interface.
Unicast Packets TransmittedThe total number of packets that higher-level protocols requested be
transmitted to a subnetwork-unicast address, including those that were discarded or not sent.
Multicast Packets TransmittedThe total number of packets that higher-level protocols requested be
transmitted to a Multicast address, including those that were discarded or not sent.
Broadcast Packets TransmittedThe total number of packets that higher-level protocols requested be
transmitted to the Broadcast address, including those that were discarded or not sent.
Transmit Packets DiscardedThe number of outbound packets which were chosen to be discarded
even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. A
possible reason for discarding a packet could be to free up buffer space.
Most Address Entries Ever UsedThe highest number of Forwarding Database Address Table entries
that have been learned by this switch since the most recent reboot.
Address Entries in UseThe number of Learned and static entries in the Forwarding Database Address
Table for this switch.
Maximum VLAN EntriesThe maximum number of Virtual LANs (VLANs) allowed on this switch.
Most VLAN Entries Ever UsedThe largest number of VLANs that have been active on this switch
since the last reboot.
Static VLAN EntriesThe number of presently active VLAN entries on this switch that have been
created statically.
Dynamic VLAN EntriesThe number of presently active VLAN entries on this switch that have been
created by GVRP registration.
75
show logging
VLAN DeletesThe number of VLANs on this switch that have been created and then deleted since the
last reboot.
Time Since Counters Last ClearedThe elapsed time, in days, hours, minutes, and seconds, since the
statistics for this switch were last cleared.
show logging
This command displays the trap log maintained by the switch. The trap log contains a
maximum of 256 entries that wrap.
Syntax
Mode
show logging
Privileged EXEC
Number of Traps since last resetThe number of traps that have occurred since the last reset of this
device.
Number of Traps since log last displayedThe number of traps that have occurred since the traps were
last displayed. Getting the traps by any method (terminal interface display, Web display, upload file from
switch etc.) will result in this counter being cleared to 0.
LogThe sequence number of this trap.
System Up TimeThe relative time since the last reboot of the switch at which this trap occurred.
TrapThe relevant information of this trap.
Note: Trap log information is not retained across a switch reset.
show mac-addr-table
This command displays the forwarding database entries. If the command is entered with no
parameter, the entire table is displayed. This is the same as entering the optional all
parameter. Alternatively, the administrator can enter a MAC Address to display the table
entry for the requested MAC address and all entries following the requested MAC address.
Syntax
Mode
show mac-addr-table [macaddr | all ]
Privileged EXEC
Mac AddressA unicast MAC address for which the switch has forwarding and or filtering information.
The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB. In a system the MAC address will be displayed as 8 bytes.
76
Switching Commands
show msglog
Unit/Slot/PortThe port which this address was learned.

if IndexThis object indicates the ifIndex of the interface table entry associated with this port.
StatusThe status of this entry. The meanings of the values are:
StaticThe value of the corresponding instance was added by the system or a user when a static MAC
filter was defined. It cannot be relearned.
LearnedThe value of the corresponding instance was learned by observing the source MAC
addresses of incoming traffic, and is currently in use.
ManagementThe value of the corresponding instance (system MAC address) is also the value of an
existing instance of dot1dStaticAddress. It is identified with interface 0/1 and is currently used when
enabling VLANs for routing.
SelfThe value of the corresponding instance is the address of one of the switchs physical interfaces
(the systems own MAC address).
GMRP LearnedThe value of the corresponding was learned via GMRP and applies to Multicast.
OtherThe value of the corresponding instance does not fall into one of the other categories.
show msglog
This command displays the message log maintained by the switch. The message log contains
system trace information.
The trap log contains a maximum of 256 entries that wrap.
Syntax
Mode
Message
show msglog
Privileged EXEC
The message that has been logged.
Note: Message log information is not retained across a switch reset.
show running-config
This command is used to display/capture the current setting of different protocol packages
supported on switch. This command displays/captures only commands with settings/
configurations with values that differ from the default value. The output is displayed in script
format, which can be used to configure another switch with the same configuration.
77
show sysinfo
When a script name is provided, the output is redirected to a configuration script. The option
[all] will also enable the display/capture of all commands with settings/configurations that
include values that are same as the default values. If the optional <scriptname> is provided
with a file name extension of .scr, the output will be redirected to a script file.
Syntax
Mode
show running-config [all] [<scriptname>]
Privileged EXEC
If static capability is enabled:
port-channel staticcapabilityThe device has static capability enabled.
show sysinfo
This command displays switch information.
Syntax
Mode
show sysinfo
Privileged EXEC
Switch DescriptionText used to identify this switch.
System NameName used to identify the switch.
System LocationText used to identify the location of the switch. May be up to 31 alpha-numeric
characters. The factory default is blank.
System ContactText used to identify a contact person for this switch. May be up to 31 alpha-numeric
characters. The factory default is blank.
System ObjectIDThe base object ID for the switchs enterprise MIB.
System Up TimeThe time in days, hours and minutes since the last switch reboot.
MIBs SupportedA list of MIBs supported by this agent.
snmp-server
This command sets the name and the physical location of the switch, and the organization
responsible for the network.The range for name, location and contact is from 1 to 31
alphanumeric characters.
Default
78
None
Switching Commands
snmp-server
Syntax
Mode
snmp-server {sysname name | location loc | contact con}
Global Config
79
snmp-server
80
Switching Commands
Chapter 11
System Management
Commands
These commands manage the switch and show current management settings. The commands

configuration command, there is a show command that displays the configuration setting.
SFTOS supports the following system management commands:
telnet on page 82
transport input telnet on page 82
transport output telnet on page 83
session-limit on page 83
bridge aging-time on page 84
mtu on page 84
network mac-address on page 85
network mac-type on page 85
network parms on page 86
network protocol on page 86
telnetcon maxsessions on page 86
telnetcon timeout on page 87
remotecon maxsessions on page 87
remotecon timeout on page 88
serial baudrate on page 88
serial timeout on page 88
set prompt on page 89
show forwardingdb agetime on page 90
show network on page 90
show telnetcon on page 91
show serial on page 91
show snmpcommunity on page 92
show snmptrap on page 93
81
telnet
show trapflags on page 93

snmp-server community on page 94
no snmp-server community on page 94
snmp-server community ipaddr on page 95
snmp-server community mode on page 95
snmp-server community ro on page 95
snmp-server community rw on page 96
snmp-server enable traps on page 96
snmp-server enable traps bcaststorm on page 96
snmp-server enable traps multiusers on page 97
snmp-server enable traps stpmode on page 97
snmptrap on page 97
snmptrap ipaddr on page 98
snmptrap mode on page 98
telnet on page 98
snmp trap link-status on page 99
snmp trap link-status all on page 99
network mgmt_vlan on page 99
telnet
This command establishes a new outbound telnet connection to a remote host. The host value
must be a valid IP address. Valid values for port should be a valid decimal integer in the range
of 0 to 65535, where the default value is 23. If [debug] is used, the current telnet options
enabled is displayed. The optional line parameter sets the outbound telnet operational mode
as linemode, where by default, the operational mode is character mode. The noecho option
disables local echo.
Syntax
telnet <host> [port] [debug] [line] [noecho]
Modes
Privileged EXEC and User EXEC
transport input telnet

This command regulates new telnet sessions. If sessions are enabled, new telnet sessions can
be established until there are no more sessions available. If sessions are disabled, no new
telnet sessions are established. An established session remains active until the session is
ended or an abnormal network error ends the session.
82
System Management Commands
transport output telnet
The no version of this command disables telnet sessions. If sessions are disabled, no new
telnet sessions are established.
Default
enabled
Syntax
[no] transport input telnet
Mode
Line Config
transport output telnet

This command regulates new outbound telnet connections. If enabled, new outbound telnet
sessions can be established until it reaches the maximum number of simultaneous outbound
telnet sessions allowed. If disabled, no new outbound telnet session can be established. An
established session remains active until the session is ended or an abnormal network error
ends it.
The no version of this command disables new outbound telnet connections. If disabled, no
new outbound telnet connection can be established.
Default
enabled
Syntax
[no] transport output telnet
Mode
Line Config
session-limit
This command specifies the maximum number of simultaneous outbound telnet sessions. A
value of 0 indicates that no outbound telnet session can be established.
The no version of this command sets the maximum number of simultaneous outbound telnet
sessions to the default value.
Default
Syntax
session-limit <0-5>
Mode
Line Config
83
session-timeout
session-timeout
This command sets the outbound telnet session timeout value.The timeout value unit of time
is minutes. A value of 0 indicates that a session remains active indefinitely.
The no version of this command sets the outbound telnet session timeout value to the default.
The timeout value unit of time is minutes.
Default
Syntax
[no] session-timeout <0-160>
Mode
Line Config
bridge aging-time
This command configures the forwarding database address aging timeout in seconds. In an
system, the [fdbid | all] parameter is required.
The no version of this command sets the forwarding database address aging timeout to 300
seconds. In a system, the [all] parameter is required.
Default
300
Syntax
bridge aging-time 10-1,000,000 [all]

no bridge aging-time [all]
Mode
Global Config
SecondsThis parameter must be within the range of 10 to 1,000,000 seconds.
Forwarding Database IDFdbid (Forwarding database ID) indicates which forwarding database's aging
timeout is being configured.
allUsed to configure all forwarding database's agetime.
mtu
This command sets the maximum transmission unit (MTU) size (in bytes) for physical and
port-channel (LAG) interfaces. For the standard implementation, the range of <mtusize> is a
valid integer between 1518-9216.
84
network mac-address
The no version of this command sets the default maximum transmission unit (MTU) size (in
bytes) for the interface.
Default
1518
NOTE: The hardware on the 1 Gig ports automatically compensates for the tags on tagged
packets. For a 1 Gig port, the default setting of 1518, allows 1518 byte untagged and 1522
byte tagged packets. Likewise, set to the maximum, a setting of 9216 will allow for tagged
packets up to 9220 bytes.
10 Gig ports use a different chipset that does not automatically allow for the length of a tag.
For 10 Gig ports, the default setting of 1518 means 1518 untagged or tagged. The maximum
is 9216 bytes.
Syntax
Mode
mtu 1518-9216
Interface Config
network mac-address
This command sets locally administered MAC addresses. The following rules apply:
Syntax
Mode
Bit 6 of byte 0 (called the U/L bit) indicates whether the address is universally
administered (b'0') or locally administered (b'1').
Bit 7 of byte 0 (called the I/G bit) indicates whether the destination address is an
individual address (b'0') or a group address (b'1').
The second character, of the twelve character macaddr, must be 2, 6, A or E.
A locally administered address must have bit 6 On (b'1') and bit 7 Off (b'0').
network mac-address <macaddr>
Privileged EXEC
network mac-type
This command specifies whether the burned in MAC address or the locally-administered
MAC address is used.
The no version of this command resets the value of MAC address to its default.
Default
burnedin
85
network parms
Syntax
network mac-type {local | burnedin}

no network mac-type
Mode
Privileged EXEC
network parms
This command sets the IP Address, subnet mask and gateway of the router. The IP Address
and the gateway must be on the same subnet.
Syntax
Mode
network parms ipaddr netmask [gateway]
Privileged EXEC
network protocol
This command specifies the network configuration protocol to be used. If you modify this
value change is effective immediately. The parameter bootp indicates that the switch
periodically sends requests to a Bootstrap Protocol (BootP) server or a dhcp server until a
response is received. none indicates that the switch should be manually configured with IP
information.
Default
None
Syntax
network protocol {none | bootp | dhcp}
Mode
Privileged EXEC
telnetcon maxsessions
This command specifies the maximum number of telnet connection sessions that can be
established. A value of 0 indicates that no telnet connection can be established. The range is 0
to 5.
The no version of this command sets the maximum number of telnet connection sessions that
can be established to the default value.
Default
86
5
telnetcon timeout
Syntax
Mode
[no] telnetcon maxsessions <0-5>
Privileged EXEC
telnetcon timeout
This command sets the telnet connection session timeout value, in minutes. A session is
active as long as the session has been idle for the value set. A value of 0 indicates that a
session remains active indefinitely. The time is a decimal value from 0 to 160.
The no version of this command sets the telnet connection session timeout value, in minutes,
to the default.
Note: Changing the timeout value for active sessions does not
become effective until the session is reaccessed. Any keystroke will
also activate the new timeout duration.
Default
Syntax
[no] telnetcon timeout <0-160>
Mode
Privileged EXEC
remotecon maxsessions
This command specifies the maximum number of remote connection sessions that can be
established. A value of 0 indicates that no remote connection can be established. The range is
0 to 5.
The no version of this command sets the maximum number of remote connection sessions
that can be established to the default value.
Default
Syntax
remotecon maxsessions 0-5

no remotecon maxsessions
Mode
Privileged EXEC
87
remotecon timeout
remotecon timeout
This command sets the remote connection session timeout value, in minutes. A session is
active as long as the session has been idle for the value set. A value of 0 indicates that a
session remains active indefinitely. The time is a decimal value from 0 to 160.
The no version of this command sets the remote connection session timeout value, in
minutes, to the default.
Note: Changing the timeout value for active sessions does not
become effective until the session is reaccessed. Any keystroke will
also activate the new timeout duration.
Default
Syntax
remotecon timeout 0-160

no remotecon timeout
Mode
Privileged EXEC
serial baudrate
This command specifies the communication rate of the terminal interface. The supported
rates are 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200.
The no version of this command sets the communication rate of the terminal interface.
Default
9600
Syntax
serial baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 | 115200}
no serial baudrate
Mode
Line Config
serial timeout
This command specifies the maximum connect time (in minutes) without console activity. A
value of 0 indicates that a console can be connected indefinitely. The time range is 0 to 160.
88
set prompt
The no version of this command sets the maximum connect time (in minutes) without
console activity.
Default
Syntax
serial timeout 0-160

no serial timeout
Mode
Line Config
set prompt
This command changes the name of the prompt. The length of name may be up to 64
Syntax
Mode
set prompt prompt string
Privileged EXEC
show telnet
This command displays the current outbound telnet settings.
Syntax
show telnet
Modes

Outbound Telnet Login Timeout (in minutes)Indicates the number of minutes an outbound telnet
session is allowed to remain inactive before being logged off. A value of 0, which is the default, results in
no timeout.
Maximum Number of Outbound Telnet SessionsIndicates the number of simultaneous outbound
telnet connections allowed.
Allow New Outbound Telnet SessionsIndicates whether outbound telnet sessions will be allowed.
89
show forwardingdb agetime
show forwardingdb agetime

This command displays the timeout for address aging. In an system, the [fdbid | all] parameter
is required.
Default
All
Syntax
show forwardingdb agetime [fdbid | all]
Mode
Privileged EXEC
Forwarding DB IDFdbid (Forwarding database ID) indicates the forwarding database whose aging
timeout is to be shown. The all option is used to display the aging timeouts associated with all
forwarding databases. This field displays the forwarding database ID in a system.
AgetimeIn an IVL system, this parameter displays the address aging timeout for the associated
forwarding database.
show network
This command displays configuration settings associated with the switch's network interface.
The network interface is the logical interface used for in-band connectivity with the switch
via any of the switch's front panel ports. The configuration parameters associated with the
switch's network interface do not affect the configuration of the front panel ports through
which traffic is switched or routed.
Syntax
Mode
show network

IP AddressThe IP address of the interface. The factory default value is 0.0.0.0
Subnet MaskThe IP subnet mask for this interface. The factory default value is 0.0.0.0
Default GatewayThe default gateway for this IP interface. The factory default value is 0.0.0.0
Burned In MAC AddressThe burned in MAC address used for in-band connectivity.
Locally Administered MAC AddressIf desired, a locally administered MAC address can be configured
for in-band connectivity. To take effect, 'MAC Address Type' must be set to 'Locally Administered'. Enter
the address as twelve hexadecimal digits (6 bytes) with a colon between each byte. Bit 1 of byte 0 must
be set to a 1 and bit 0 to a 0, i.e. byte 0 should have the following mask 'xxxx xx10'. The MAC address
used by this bridge when it must be referred to in a unique fashion. It is recommended that this be the
numerically smallest MAC address of all ports that belong to this bridge. However it is only required to
be unique. When concatenated with dot1dStpPriority a unique BridgeIdentifier is formed which is used
in the Spanning Tree Protocol.
90
show telnetcon
MAC Address TypeSpecifies which MAC address should be used for in-band connectivity. The
choices are the burned in or the Locally Administered address. The factory default is to use the burned
in MAC address.
Network Configuration Protocol CurrentIndicates which network protocol is being used. The options
are bootp | dhcp | none.
Java ModeSpecifies if the switch should allow access to the Java applet in the header frame. Enabled
means the applet can be viewed. The factory default is disabled.
Management VLAN IDSpecifies the management VLAN ID.
show telnetcon
This command displays telnet settings.
Syntax
Mode
show telnetcon

Remote Connection Login Timeout (minutes)This object indicates the number of minutes a remote
connection session is allowed to remain inactive before being logged off. A zero means there will be no
timeout. May be specified as a number from 0 to 160. The factory default is 5.
Maximum Number of Remote Connection SessionsThis object indicates the number of simultaneous
remote connection sessions allowed. The factory default is 5.
Allow New Telnet SessionsIndicates that new telnet sessions will not be allowed when set to no. The
factory default value is yes.
show serial
This command displays serial communication settings for the switch.
Syntax
Mode
show serial

Serial Port Login Timeout (minutes)Specifies the time, in minutes, of inactivity on a Serial port
connection, after which the Switch will close the connection. Any numeric value between 0 and 160 is
allowed, the factory default is 5. A value of 0 disables the timeout.
Baud RateThe default baud rate at which the serial port will try to connect. The available values are
1200, 2400, 4800, 9600, 19200, 38400,57600, and 115200 baud. The factory Default is 9600 baud.
Character SizeThe number of bits in a character. The number of bits is always 8.
91
show snmpcommunity
Flow ControlWhether Hardware Flow-Control is enabled or disabled. Hardware Flow Control is

always disabled.
Stop BitsThe number of Stop bits per character. The number of Stop bits is always 1.
Parity TypeThe Parity Method used on the Serial Port. The Parity Method is always None.
SNMP Community Commands
show snmpcommunity
This command displays SNMP community information. Six communities are supported. You
can add, change, or delete communities. The switch does not have to be reset for changes to
take effect.
The SNMP agent of the switch complies with SNMP Version 1 (for more about the SNMP
specification, see the SNMP RFCs). The SNMP agent sends traps through TCP/IP to an
external SNMP manager based on the SNMP configuration (the trap receiver and other
SNMP community parameters).
Syntax
Mode
show snmpcommunity
Privileged EXEC
SNMP Community NameThe community string to which this entry grants access. A valid entry is a
case-sensitive alphanumeric string of up to 16 characters. Each row of this table must contain a unique
community name.
Client IP AddressAn IP address (or portion thereof) from which this device will accept SNMP packets
with the associated community. The requesting entity's IP address is ANDed with the Subnet Mask
before being compared to the IP Address. Note: that if the Subnet Mask is set to 0.0.0.0, an IP Address
of 0.0.0.0 matches all IP addresses. The default value is 0.0.0.0
Client IP MaskA mask to be ANDed with the requesting entity's IP address before comparison with IP
Address. If the result matches with IP Address then the address is an authenticated IP address. For
example, if the IP Address = 9.47.128.0 and the corresponding Subnet Mask = 255.255.255.0 a range
of incoming IP addresses would match, i.e. the incoming IP Address could equal 9.47.128.0 9.47.128.255. The default value is 0.0.0.0
Access ModeThe access level for this community string.
StatusThe status of this community access entry.
92
show snmptrap
show snmptrap
This command displays SNMP trap receivers. Trap messages are sent across a network to an
SNMP Network Manager. These messages alert the manager to events occurring within the
switch or on the network. Six trap receivers are simultaneously supported.
Syntax
Mode
show snmptrap
Privileged EXEC
SNMP Trap NameThe community string of the SNMP trap packet sent to the trap manager. This may
be up to 16 alphanumeric characters. This string is case sensitive.
IP AddressThe IP address to receive SNMP traps from this device. Enter four numbers between 0
and 255 separated by periods.
StatusIndicates the receiver's status (enabled or disabled).
show trapflags
This command displays trap conditions. Configure which traps the switch should generate by
enabling or disabling the trap condition. If a trap condition is enabled and the condition is
detected, the switch's SNMP agent sends the trap to all enabled trap receivers. The switch
does not have to be reset to implement the changes. Cold and warm start traps are always
generated and cannot be disabled.
Note: The DVMRP, OSPF, and PIM traps are not supported in the L2
image.
Syntax
show trapflags
Mode
Privileged EXEC
Authentication FlagMay be enabled or disabled. The factory default is enabled. Indicates whether
authentication failure traps will be sent.
Link Up/Down FlagMay be enabled or disabled. The factory default is enabled. Indicates whether link
status traps will be sent.
Multiple Users FlagMay be enabled or disabled. The factory default is enabled. Indicates whether a
trap will be sent when the same user ID is logged into the switch more than once at the same time
(either via telnet or serial port).
Spanning Tree FlagMay be enabled or disabled. The factory default is enabled. Indicates whether
spanning tree traps will be sent.
Broadcast Storm FlagMay be enabled or disabled. The factory default is enabled. Indicates whether
broadcast storm traps will be sent.
93
snmp-server community
DVMRP TrapsMay be enabled or disabled. The factory default is disabled. Indicates whether DVMRP
traps will be sent.
OSPF TrapsMay be enabled or disabled. The factory default is disabled. Indicates whether OSPF
traps will be sent.
PIM TrapsMay be enabled or disabled. The factory default is disabled. Indicates whether PIM traps
will be sent.
snmp-server community
This command adds (and names) a new SNMP community. A community name is a name
associated with the switch and with a set of SNMP managers that manage it with a specified
privileged level. The length of name can be up to 16 case-sensitive characters.
Note: Community names in the SNMP community table must be
unique. When making multiple entries using the same community
name, the first entry is kept and processed and all duplicate entries
are ignored.
Default
Two default community names: Public and Private. You can replace these default community
names with unique identifiers for each community. The default values for the remaining four
community names are blank.
Syntax
snmp-server community <name>
Mode
Global Config
no snmp-server community
This command removes this community name from the table. The name is the community
name to be deleted.
Syntax
Mode
94
no snmp-server community name
Global Config
snmp-server community ipaddr
snmp-server community ipaddr

This command sets a client IP address for an SNMP community. The address is the associated
community SNMP packet sending address and is used along with the client IP mask value to
denote a range of IP addresses from which SNMP clients may use that community to access
the device. A value of 0.0.0.0 allows access from any IP address. Otherwise, this value is
ANDed with the mask to determine the range of allowed client IP addresses. The name is the
applicable community name.
The no version of this command sets a client IP address for an SNMP community to 0.0.0.0.
The name is the applicable community name.
Default
0.0.0.0
Syntax
[no] snmp-server community ipaddr ipaddr name
Mode
Global Config
snmp-server community mode

This command activates an SNMP community. If a community is enabled, an SNMP
manager associated with this community manages the switch according to its access right. If
the community is disabled, no SNMP requests using this community are accepted. In this case
the SNMP manager associated with this community cannot manage the switch until the Status
is changed back to Enable.
The no version of this command deactivates an SNMP community. If the community is
disabled, no SNMP requests using this community are accepted. In this case the SNMP
manager associated with this community cannot manage the switch until the Status is changed
back to Enable.
Default
The default private and public communities are enabled by default. The four undefined
communities are disabled by default.
Syntax
[no] snmp-server community mode name
Mode
Global Config
snmp-server community ro
This command restricts access to switch information. The access mode is read-only (also
called public).
95
snmp-server community rw
Syntax
Mode
snmp-server community ro name
Global Config
snmp-server community rw
This command restricts access to switch information. The access mode is read/write (also
called private).
Syntax
Mode
snmp-server community rw name

Global Config
snmp-server enable traps

This command enables the Authentication Flag.
The no version of this command disables the Authentication Flag.
Default
enabled
Syntax
snmp-server enable traps
Mode
Global Config
snmp-server enable traps bcaststorm

This command enables the broadcast storm trap. When enabled, broadcast storm traps are
sent only if the broadcast storm recovery mode setting associated with the port is enabled .
The no version of this command disables the broadcast storm trap. When enabled, broadcast
storm traps are sent only if the broadcast storm recovery mode setting associated with the port
is enabled.
Default
enabled
Syntax
[no] snmp-server enable traps bcaststorm
Mode
96
Global Config
snmp-server enable traps multiusers
snmp-server enable traps multiusers

This command enables Multiple User traps. When the traps are enabled, a Multiple User Trap
is sent when a user logs in to the terminal interface (EIA 232 or telnet) and there is an existing
terminal interface session.
The no version of this command disables Multiple User traps.
Default
enabled
Syntax
[no] snmp-server enable traps multiusers
Mode
Global Config
snmp-server enable traps stpmode

This command enables the sending of new root traps and topology change notification traps.
The no version of this command disables the sending of new root traps and topology change
notification traps.
Default
enabled
Syntax
[no] snmp-server enable traps stpmode
Mode
Global Config
snmptrap
This command adds an SNMP trap name. The maximum length of name is 16 case-sensitive
The no version of this command deletes trap receivers for a community.
Default
The default name for the six undefined community names is Delete.
Syntax
[no] snmptrap name ipaddr
Mode
Global Config
97
snmptrap ipaddr
snmptrap ipaddr
This command assigns an IP address to a specified community name. The maximum length of
name is 16 case-sensitive alphanumeric characters.
Note: IP addresses in the SNMP trap receiver table must be unique. If you make
multiple entries using the same IP address, the first entry is retained and processed.
All duplicate entries are ignored.
Syntax
Mode
[no] snmptrap ipaddr name ipaddrold ipaddrnew
Global Config
snmptrap mode
This command activates or deactivates an SNMP trap. Enabled trap receivers are active (able
to receive traps). Disabled trap receivers are inactive (not able to receive traps).
The no version of this command deactivates an SNMP trap. Disabled trap receivers are
inactive (not able to receive traps).
Syntax
Mode
[no] snmptrap mode name ipaddr
Global Config
telnet
This command regulates new telnet sessions. If sessions are enabled, new telnet sessions can
be established until there are no more sessions available. If sessions are disabled, no new
telnet sessions are established. An established session remains active until the session is
ended or an abnormal network error ends it.
The no version of this command disables telnet sessions. If sessions are disabled, no new
telnet sessions are established.
Default
enabled
Syntax
[no] telnet
Mode
98
Privileged EXEC
snmp trap link-status
snmp trap link-status

This command enables link status traps by interface.
The no version of this command disables link status traps by interface.
Note: This command is valid only when the Link Up/Down Flag is enabled. See
snmp-server enable traps linkmode command.
Syntax
Mode
[no] snmp trap link-status
Interface Config
snmp trap link-status all

This command enables link status traps for all interfaces.
The no version of this command disables link status traps for all interfaces.
Note: This command is valid only when the Link Up/Down Flag is enabled. See
snmp-server enable traps linkmode.
Syntax
Mode
[no] snmp trap link-status all
Global Config
Management VLAN Command

This command is used to set the Management VLAN.
network mgmt_vlan
This command configures the Management VLAN ID.
Default
Syntax
network mgmt_vlan 1-4094
99
network mgmt_vlan
Mode
100
Privileged EXEC
System Configuration
Commands
Chapter 12
This chapter provides a detailed explanation of the System configuration commands. The

setting.
SFTOS supports the following system management commands:
addport on page 103

auto-negotiate on page 103
auto-negotiate all on page 103
deleteport (interface config) on page 104
deleteport (global config) on page 104
monitor session mode on page 104
monitor session 1 source interface on page 105
no monitor on page 105
no monitor session 1 on page 106
show monitor session 1 on page 106
shutdown on page 107
shutdown all on page 107
speed on page 107
storm-control broadcast on page 107
storm-control flowcontrol on page 108
show mac-address-table multicast on page 109
show mac-address-table on page 109
show monitor session 1 on page 110
show port on page 110
show port protocol on page 111
show storm-control on page 111
snmp-server enable traps linkmode on page 112
101
102
snmp-server community ipmask on page 112

vlan on page 113
vlan acceptframe on page 113
vlan ingressfilter on page 114
vlan makestatic on page 114
vlan name on page 114
vlan participation on page 115
vlan participation all on page 115
vlan port acceptframe on page 116
vlan port ingressfilter all on page 116
vlan port pvid all on page 117
vlan port tagging all on page 117
vlan protocol group on page 117
vlan protocol group add protocol on page 118
vlan protocol group remove on page 118
protocol group on page 118
protocol vlan group on page 119
protocol vlan group all on page 119
vlan pvid on page 120
vlan tagging on page 120
show vlan on page 120
show vlan brief on page 121
show vlan port on page 122
traceroute on page 123
clear config on page 123
clear counters on page 123
clear igmpsnooping on page 123
clear pass on page 124
enable passwd on page 124
clear port-channel on page 124
clear traplog on page 124
clear vlan on page 125
logout on page 125
ping on page 125
reload on page 126
copy on page 126
copy (clibanner) on page 127
logging cli-command on page 127
configscript apply on page 128
configscript delete on page 128
System Configuration Commands
addport
configscript list on page 129

configscript show on page 129
configscript validate on page 129
addport
This command adds one port to the port-channel (LAG). The first interface is a logical unit,
slot and port slot and port number of a configured port-channel.
Note: Before adding a port to a port-channel, set the physical mode of the port. See
speed command.
Syntax
Mode
addport logical unit/slot/port
Interface Config
auto-negotiate
This command enables automatic negotiation on a port. The default value is enable.
The no version of this command disables automatic negotiation on a port.
Note: Automatic sensing is disabled when automatic negotiation is disabled.
Syntax
Mode
[no] auto-negotiate
Interface Config
auto-negotiate all
This command enables automatic negotiation on all ports. The default value is enable.
The no version of this command disables automatic negotiation on all ports.
Syntax
[no] auto-negotiate all
103
Mode
Global Config
deleteport (interface config)

This command deletes the port from the port-channel (LAG). The interface is a
logical unit, slot and port slot and port number of a configured port-channel.
Syntax
Mode
deleteport logical unit/slot/port
Interface Config
deleteport (global config)

This command deletes all configured ports from the port-channel (LAG). The
interface is a logical unit, slot and port slot and port number of a configured
port-channel.
Syntax
Mode
deleteport {logical unit/slot/port | all }
Global Config
monitor session mode

This command configures the monitor session (port monitoring) mode to enable.
The probe and monitored ports must be configured before monitor session (port
monitoring) can be enabled. When enabled, the probe port monitors all traffic
received and transmitted on the physical monitored port. It is not necessary to
disable port monitoring before modifying the probe and monitored ports.
A session is operationally active if and only if both a destination port and at least
one source port is configured. If neither is true, the session is inactive.
A port configured as a destination port acts as a mirroring port when the session is
operationally active. If it is not, the port acts as a normal port and participates in
all normal operation with respect to transmitting traffic.
The no version of this command sets the monitor session (port monitoring) mode
to disable.
104
monitor session 1 source interface
Default
disabled
Syntax
[no] monitor session 1 mode
Mode
Global Config
monitor session 1 source interface

This command adds a mirrored port (source port) to a session identified with <session-id>.
The 1 or <session-id> parameter is an integer value used to identify the session. In the
current version of the software, the <session-id> parameter is always 1.
The no version of this command removes the specified mirrored port (source port) from the
session. The <session-id> parameter is an integer value used to identify the session. In the
current version of the software, the <session-id> parameter is always 1.
Default
None
Format
monitor session 1 [source] interface <unit/slot/port>

monitor session 1 [destination] interface
[no] monitor session 1 mode
Mode
Global config
no monitor
This command removes all the source ports and a destination port and restores the default
value for mirroring session mode for all the configured sessions.
This is a stand-alone no command. This command does not have a normal form.
Default
enabled
Format
no monitor
Mode
Global config
105
no monitor session 1
This command removes all the source ports and a destination port of the mirroring
session and restore the default value for mirroring session mode.
The 1 or <session-id> parameter is an integer value used to identify the session.
In the current version of the software, the <session-id> parameter is always 1.
This is a stand-alone no command. This command does not have a normal
form. This command can be issued without regard for the session status (enabled
or disabled).
Default
enabled
Format
no monitor session 1
Mode
Global config
show monitor session 1

This command displays the Port monitoring information for a particular mirroring
session.
The 1 or <session-id> parameter is an integer value used to identify the session.
In the current version of the software, the <session-id> parameter is always 1.
Format
Mode
Privileged EXEC
The following is the explanation of the output parameters for this command:
Session IDIt is an integer value used to identify the session. Its value can be
anything between 1 and L7_MIRRORING_MAX_SESSIONS.
Monitor Session ModeIt indicates whether the Port Mirroring feature is enabled
or disabled for the session identified with <session-id>. The possible values are
Enabled and Disabled.
Probe PortIt is the probe port (destination port) for the session identified with
<session-id>. If probe port is not set then this field is blank.
List of source PortsIt is the list of ports, which are configured as mirrored ports
(source ports) for the session identified with <session-id>. If no source port is
configured for the session then this field is blank.
106
shutdown
shutdown
This command disables a port.
The no version of this command enables a port.
Default
enabled
Syntax
[no] shutdown
Mode
Interface Config
shutdown all
This command disables all ports.
The no version of this command enables all ports.
Default
enabled
Syntax
[no] shutdown all
Mode
Global Config
speed
This command sets the speed and duplex setting for all interfaces.
Syntax
Mode
speed
Global Config
storm-control broadcast
This command enables broadcast storm recovery mode. If the mode is enabled, broadcast
storm recovery with high and low thresholds is implemented.
107
The threshold implementation follows a percentage pattern. If the broadcast traffic

on any Ethernet port exceeds the high threshold percentage (as represented in
Broadcast Storm Recovery Thresholds table) of the link speed, the switch
discards the broadcasts traffic until the broadcast traffic returns to the low
threshold percentage or less. The full implementation is depicted in the table
below.
Table 4 Broadcast Storm Recovery Thresholds
Link Speed
High
Low
10M
20
10
100M
1000M
The no version of this command disables broadcast storm recovery mode. The
threshold implementation follows a percentage pattern. If the broadcast traffic on
any Ethernet port exceeds the high threshold percentage (as represented in
Broadcast Storm Recovery Thresholds table) of the link speed, the switch
discards the broadcasts traffic until the broadcast traffic returns to the low
threshold percentage or less. The full implementation is depicted in the
Broadcast Storm Recovery Thresholds table.
Syntax
Mode
[no] storm-control broadcast
Global Config
storm-control flowcontrol
This command enables 802.3x flow control for the switch.
The no version of this command disables 802.3x flow control for the switch.
Note: This command only applies to full-duplex mode ports.
Note: 802.3x flow control works by pausing a port when the port becomes
oversubscribed and dropping all traffic for small bursts of time during the congestion
condition. This can lead to high-priority and/or network control traffic loss.
Default
disabled
Syntax
[no] storm-control flowcontrol
Mode
108
Global Config
show mac-address-table multicast
show mac-address-table multicast

This command displays the Multicast Forwarding Database (MFDB) information. If the
command is entered with no parameter, the entire table is displayed. This is the same as
entering the optional all parameter. The user can display the table entry for one MAC Address
by specifying the MAC address as an optional parameter.
Syntax
Mode
show mac-address-table multicast {macaddr | all }
Privileged EXEC
MAC AddressA multicast MAC address for which the switch has forwarding and or filtering
information. The format is two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB. In a system the MAC address will be displayed as a MAC address and VLAN ID
combination of 8 bytes.
TypeThis displays the type of the entry. Static entries are those that are configured by the end user.
Dynamic entries are added to the table as a result of a learning process or protocol.
ComponentThe component that is responsible for this entry in the Multicast Forwarding Database.
Possible values are IGMP Snooping, GMRP, and Static Filtering.
DescriptionThe text description of this multicast table entry.
InterfacesThe list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
Forwarding InterfacesThe resultant forwarding list is derived from combining all the components
forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces.
show mac-address-table
This command displays the Multicast Forwarding Database (MFDB) statistics.
Format
Mode
show mac-address-table [gmrp | igmpsnooping | multicast | stats]
Privileged EXEC
gmrpDisplay GMRP entries in the MFDB table.
igmpsnoopingDisplay IGMP Snooping entries in the MFDB table.
multicastDisplay Multicast Forwarding Database Table information.
statsDisplay MFDB statistics.
The output field descriptions are:

Total EntriesThis displays the total number of entries that can possibly be in the Multicast
Forwarding Database table.
109
Most MFDB Entries Ever UsedThis displays the largest number of entries that
have been present in the Multicast Forwarding Database table. This value is also
known as the MFDB high-water mark.
Current EntriesThis displays the current number of entries in the Multicast
ForwardingDatabase table.

This command displays the Port monitoring information for the system.
Syntax
Mode
Privileged EXEC
Port Monitor Modeindicates whether the Port Monitoring feature is enabled or disabled.
The possible values are enable and disable.
Probe Port unit/slot/portis the unit/slot/port configured as the probe port. If this
value has not been configured, 'Not Configured' will be displayed.
Monitored Port unit/slot/portis the unit/slot/port configured as the monitored
port. If this value has not been configured, 'Not Configured' will be displayed.
show port
This command displays port information.
Syntax
Mode
show port {unit/slot/port | all }
Privileged EXEC
Unit/Slot/PortValid unit, slot and port number separated by forward slashes.
TypeIf not blank, this field indicates that this port is a special type of port. The possible
values are:
Monthis port is a monitoring port. Look at the Port Monitoring screens to find out more
information.
Lagthis port is a member of a port-channel (LAG).
Probethis port is a probe port.
110
show port protocol
Admin ModeSelects the Port control administration state. The port must be enabled in order for it to
be allowed into the networkMay be enabled or disabled. The factory default is enabled.
Physical ModeSelects the desired port speed and duplex mode. If auto-negotiation support is
selected, then the duplex mode and speed will be set from the auto-negotiation process. Note that the
port's maximum capability (full duplex -100M) will be advertised. Otherwise, this object will determine
the port's duplex mode and transmission rate. The factory default is Auto.
Physical StatusIndicates the port speed and duplex mode.
Link StatusIndicates whether the Link is up or down.
Link TrapThis object determines whether or not to send a trap when link status changes. The factory
default is enabled.
LACP ModeDisplays whether LACP is enabled or disabled on this port.
show port protocol

This command displays the Protocol-Based VLAN information for either the entire system,
or for the indicated Group.
Syntax
Mode
show port protocol groupid | all
Privileged EXEC
Group NameThis field displays the group name of an entry in the Protocol-based VLAN table.
Group IDThis field displays the group identifier of the protocol group.
Protocol(s)This field indicates the type of protocol(s) for this group.
VLANThis field indicates the VLAN associated with this Protocol Group.
Interface(s)This field lists the unit/slot/port interface(s) that are associated with this Protocol
Group.
show storm-control
This command displays switch configuration information.
Syntax
Mode
show storm-control
Privileged EXEC
Broadcast Storm Recovery ModeMay be enabled or disabled. The factory default is disabled.
111
802.3x Flow Control ModeMay be enabled or disabled. The factory default is disabled.
snmp-server enable traps linkmode

This command enables Link Up/Down traps for the entire switch. When enabled,
link traps are sent only if the Link Trap flag setting associated with the port is
enabled (see snmp trap link-status command).
The no version of this command disables Link Up/Down traps for the entire
switch.
Default
enabled
Syntax
Mode
Global Config

This command enables Link Up/Down traps for the entire switch. When enabled,
link traps are sent only if the Link Trap flag setting associated with the port is
enabled (see snmp trap link-status command).
The no version of this command disables Link Up/Down traps for the entire
switch.
Default
enabled
Syntax
Mode
Global Config
snmp-server community ipmask

This command sets a client IP mask for an SNMP community. The address is the
associated community SNMP packet sending address and is used along with the
client IP address value to denote a range of IP addresses from which SNMP
clients may use that community to access the device. A value of 255.255.255.255
will allow access from only one station, and will use that machine's IP address for
the client IP Address. A value of 0.0.0.0 will allow access from any IP address.
The name is the applicable community name.
112
vlan
The no version of this command sets a client IP mask for an SNMP community to 0.0.0.0.
The name is the applicable community name. The community name may be up to 16
Default
0.0.0.0
Syntax
[no] snmp-server community ipmask ipmask name
Mode
Global Config
Virtual LAN (VLAN) Commands
vlan
This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN
identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-1024.
The no version of this command deletes an existing VLAN. The ID is a valid VLAN
identification number (ID 1 is reserved for the default VLAN). VLAN range is 2-1024.
Syntax
Mode
[no] vlan 2-1024
VLAN database
vlan acceptframe
This command sets the frame acceptance mode per interface. For VLAN Only mode,
untagged frames or priority frames received on this interface are discarded. For Admit All
mode, untagged frames or priority frames received on this interface are accepted and assigned
the PVID value set for that interface. With either option, VLAN tagged frames are forwarded
in accordance with the IEEE 802.1Q VLAN Specification.
The no version of this command sets the frame acceptance mode per interface to Admit All.
For Admit All mode, untagged frames or priority frames received on this interface are
accepted and assigned the value of the interface VLAN ID for this port. With either option,
VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN
Specification.
Default
admit all
113
Syntax
Mode
[no] vlan acceptframe vlanonly | all
Interface Config
vlan ingressfilter
This command enables ingress filtering. If ingress filtering is disabled, frames
received with VLAN IDs that do not match the VLAN membership of the
receiving interface are admitted and forwarded to ports that are members of that
VLAN.
The no version of this command disables ingress filtering.
If ingress filtering is disabled, frames received with VLAN IDs that do not match
the VLAN membership of the receiving interface are admitted and forwarded to
ports that are members of that VLAN.
Default
disabled
Syntax
[no] vlan ingressfilter
Mode
Interface Config
vlan makestatic
This command changes a dynamically created VLAN (one that is created by
GVRP registration) to a static VLAN (one that is permanently configured and
defined). The ID is a valid VLAN identification number. VLAN range is 2-4094.
Syntax
Mode
vlan makestatic 2-4094
VLAN database
vlan name
This command changes the name of a VLAN. The name is an alphanumeric string
of up to 32 characters, and the ID is a valid VLAN identification number. ID range
is 2-3965.
114
vlan participation
The no version of this command sets the name of a VLAN to a blank string. The VLAN ID is
a valid VLAN identification number. ID range is 2-3965.
Default
The name for VLAN ID 1 is always Default. The name for other VLANs is defaulted to a
blank string.
Syntax
[no] vlan name 2-1024 name
Mode
VLAN database
vlan participation
This command configures the degree of participation for a specific interface in a VLAN. The
ID is a valid VLAN identification number, and the interface is a valid interface number.
Syntax
Mode
vlan participation { [exclude | include | auto] [1-4094 ] }
Interface Config
Participation options are:
includeThe interface is always a member of this VLAN. This is equivalent to registration fixed.
excludeThe interface is never a member of this VLAN. This is equivalent to registration forbidden.
autoThe interface is dynamically registered in this VLAN by GVRP. The interface will not participate in
this VLAN unless a join request is received on this interface. This is equivalent to registration normal.
vlan participation all

This command configures the degree of participation for all interfaces in a VLAN. The ID is
a valid VLAN identification number.
Syntax
Mode
vlan participation all { [exclude | include | auto] [1-4094 ] }
Global Config
Participation options are:
includeThe interface is always a member of this VLAN. This is equivalent to registration fixed.
excludeThe interface is never a member of this VLAN. This is equivalent to registration forbidden.
115
autoThe interface is dynamically registered in this VLAN by GVRP. The interface will not
participate in this VLAN unless a join request is received on this interface. This is
equivalent to registration normal.
vlan port acceptframe

This command sets the frame acceptance mode for all interfaces. For VLAN Only
mode, untagged frames or priority frames received on this interface are discarded.
For Admit All mode, untagged frames or priority frames received on this interface
are accepted and assigned the value of the interface VLAN ID for this port. With
either option, VLAN tagged frames are forwarded in accordance with the IEEE
802.1Q VLAN Specification.
The no version of this command sets the frame acceptance mode for all interfaces
to Admit All. For Admit All mode, untagged frames or priority frames received
on this interface are accepted and assigned the value of the interface VLAN ID for
this port. With either option, VLAN tagged frames are forwarded in accordance
with the IEEE 802.1Q VLAN Specification.
Default
Admit All
Syntax
[no] vlan port acceptframe all <vlanonly | all>
Mode
Global Config
vlan port ingressfilter all

This command enables ingress filtering for all ports. If ingress filtering is
disabled, frames received with VLAN IDs that do not match the VLAN
membership of the receiving interface are admitted and forwarded to ports that are
members of that VLAN.
The no version of this command disables ingress filtering for all ports.
Default
disabled
Syntax
vlan port ingressfilter all
Mode
116
Global Config
vlan port pvid all
vlan port pvid all

This command changes the VLAN ID for all interface.
The no version of this command sets the VLAN ID for all interfaces to 1.
Default
Syntax
[no] vlan port pvid all 1-4094
Mode
Global Config
vlan port tagging all

This command configures the tagging behavior for all interfaces in a VLAN to enabled. If
tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is
transmitted as untagged frames. The ID is a valid VLAN identification number.
The no version of this command configures the tagging behavior for all interfaces in a VLAN
to disabled. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid
VLAN identification number.
Syntax
Mode
vlan port tagging all 1-4094
Global Config
vlan protocol group

This command adds protocol-based VLAN group to the system. The <groupName> is a
character string of 1 to 16 characters. When it is created, the protocol group will be assigned
a unique number that will be used to identify the group in subsequent commands.
Syntax
Mode
vlan protocol group groupname
Global Config
117
vlan protocol group add protocol

This command adds the protocol to the protocol-based VLAN identified by
groupid. A group may have more than one protocol associated with it. Each
interface and protocol combination can only be associated with one group. If
adding a protocol to a group causes any conflicts with interfaces currently
associated with the group, this command will fail and the protocol will not be
added to the group. The possible values for protocol are ip, arp, and ipx.
The no version of this command removes the protocol from this protocol-based
VLAN group that is identified by this groupid. The possible values for protocol
are ip, arp, and ipx.
Default
None
Syntax
[no] vlan protocol group add protocol groupid protocol
Mode
Global Config
vlan protocol group remove

This command removes the protocol-based VLAN group that is identified by this
<groupid>.
Syntax
Mode
vlan protocol group remove groupid
Global Config
protocol group
This command attaches a vlanid to the protocol-based VLAN identified by
groupid. A group may only be associated with one VLAN at a time, however
the VLAN association can be changed.
The referenced VLAN should be created prior to the creation of the
protocol-based VLAN except when GVRP is expected to create the VLAN.
The no version of this command removes the <vlanid> from this protocol-based
VLAN group that is identified by this groupid.
Default
118
None
protocol vlan group
Syntax
Mode
[no] protocol group groupid vlanid
VLAN database
protocol vlan group

This command adds the physical unit/slot/port interface to the protocol-based VLAN
identified by groupid. A group may have more than one interface associated with it. Each
interface and protocol combination can only be associated with one group. If adding an
interface to a group causes any conflicts with protocols currently associated with the group,
this command will fail and the interface(s) will not be added to the group.
The referenced VLAN should be created prior to the creation of the protocol-based VLAN
except when GVRP is expected to create the VLAN.
The no version of this command removes the <interface> from this protocol-based VLAN
group that is identified by this <groupid>. If <all> is selected, all ports will be removed from
this protocol group.
Default
None
Syntax
[no] protocol vlan group groupid
Mode
Interface Config
protocol vlan group all

This command adds all physical interfaces to the protocol-based VLAN identified by
groupid. A group may have more than one interface associated with it. Each interface and
protocol combination can only be associated with one group. If adding an interface to a group
causes any conflicts with protocols currently associated with the group, this command will
fail and the interface(s) will not be added to the group.
The referenced VLAN should be created prior to the creation of the protocol-based VLAN
except when GVRP is expected to create the VLAN.
The no version of this command removes all interfaces from this protocol-based VLAN
group that is identified by this groupid.
Default
None
Syntax
[no] protocol vlan group all groupid
119
Mode
Global Config
vlan pvid
This command changes the VLAN ID per interface.
The no version of this command sets the VLAN ID per interface to 1.
Default
Syntax
[no] vlan pvid 1-4094
Mode
Interface Config
vlan tagging
This command configures the tagging behavior for a specific interface in a VLAN
to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging
is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN
identification number.
The no version of this command configures the tagging behavior for a specific
interface in a VLAN to disabled. If tagging is disabled, traffic is transmitted as
untagged frames. The ID is a valid VLAN identification number.
Syntax
Mode
[no] vlan tagging 1-4094
Interface Config
show vlan
This command displays detailed information, including interface information, for
a specific VLAN. The ID is a valid VLAN identification number
Syntax
Mode
120
show vlan vlanid
show vlan brief
VLAN IDThere is a VLAN Identifier (VID) associated with each VLAN. The range of the VLAN ID is 1
to 4094.
VLAN NameA string associated with this VLAN as a convenience. It can be up to 32 alphanumeric
characters long, including blanks. The default is blank. VLAN ID 1 always has a name of `Default`. This
field is optional.
VLAN TypeType of VLAN, which can be Default, (VLAN ID = 1), a static (one that is configured and
permanently defined), or Dynamic (one that is created by GVRP registration).
Unit/Slot/PortValid unit, slot and port number separated by forward slashes. It is possible to set the
parameters for all ports by using the selectors on the top line.
CurrentDetermines the degree of participation of this port in this VLAN.
The permissible values are:
IncludeThis port is always a member of this VLAN. This is equivalent to registration fixed in the IEEE
802.1Q standard.
ExcludeThis port is never a member of this VLAN. This is equivalent to registration forbidden in the
IEEE 802.1Q standard.
AutodetectSpecifies to allow the port to be dynamically registered in this VLAN via GVRP. The port
will not participate in this VLAN unless a join request is received on this port. This is equivalent to
registration normal in the IEEE 802.1Q standard.
ConfiguredDetermines the configured degree of participation of this port in this VLAN. The
permissible values are:
IncludeThis port is always a member of this VLAN. This is equivalent to registration fixed in the IEEE
802.1Q standard.
ExcludeThis port is never a member of this VLAN. This is equivalent to registration forbidden in the
IEEE 802.1Q standard.
AutodetectSpecifies to allow the port to be dynamically registered in this VLAN via GVRP. The port
will not participate in this VLAN unless a join request is received on this port. This is equivalent to
registration normal in the IEEE 802.1Q standard.
TaggingSelect the tagging behavior for this port in this VLAN.
Taggedspecifies to transmit traffic for this VLAN as tagged frames.
Untaggedspecifies to transmit traffic for this VLAN as untagged frames.
show vlan brief

This command displays a list of all configured VLANs.
Syntax
Mode
show vlan brief
121
show vlan port
VLAN IDThere is a VLAN Identifier (vlanid )associated with each VLAN. The range of the VLAN ID is
1 to 4094.
VLAN NameA string associated with this VLAN as a convenience. It can be up to 32 alphanumeric
characters long, including blanks. The default is blank. VLAN ID 1 always has a name of `Default`. This
field is optional.
VLAN TypeType of VLAN, which can be Default, (VLAN ID = 1), a static (one that is configured and
permanently defined), or a Dynamic (one that is created by GVRP registration).
show vlan port

This command displays VLAN port information.
Syntax
Mode
show vlan port {unit/slot/port | all }

Unit/Slot/PortValid unit, slot and port number separated by forward slashes. It is possible to set the
parameters for all ports by using the selectors on the top line.
Port VLAN IDThe VLAN ID that this port will assign to untagged frames or priority tagged frames
received on this port. The value must be for an existing VLAN. The factory default is 1.
Acceptable Frame TypesSpecifies the types of frames that may be received on this port. The options
are 'VLAN only' and 'Admit All'. When set to 'VLAN only', untagged frames or priority tagged frames
received on this port are discarded. When set to 'Admit All', untagged frames or priority tagged frames
received on this port are accepted and assigned the value of the Port VLAN ID for this port. With either
option, VLAN tagged frames are forwarded in accordance to the 802.1Q VLAN specification.
Ingress FilteringMay be enabled or disabled. When enabled, the frame is discarded if this port is not a
member of the VLAN with which this frame is associated. In a tagged frame, the VLAN is identified by
the VLAN ID in the tag. In an untagged frame, the VLAN is the Port VLAN ID specified for the port that
received this frame. When disabled, all frames are forwarded in accordance with the 802.1Q VLAN
bridge specification. The factory default is disabled.
GVRPMay be enabled or disabled.
Default PriorityThe 802.1p priority assigned to tagged packets arriving on the port.
System Utility Commands

This section describes system utilities. The commands are divided into two functional groups:
122

traceroute
traceroute
This command is used to discover the routes that packets actually take when traveling to their
destination through the network on a hop-by-hop basis. <ipaddr> should be a valid IP
address. [port] should be a valid decimal integer in the range of 0(zero) to 65535. The default
value is 33434.
The optional port parameter is the UDP port used as the destination of packets sent as part of
the traceroute. This port should be an unused port on the destination system.
Syntax
Mode
traceroute <ipaddr> [port]
Privileged EXEC
clear config
This command resets the configuration to the factory defaults without powering off the
switch. The switch is automatically reset when this command is processed. You are prompted
to confirm that the reset should proceed.
Syntax
Mode
clear config
Privileged EXEC
clear counters
This command clears the stats for a specified <unit/slot/port>or for all the ports or for the
entire switch based upon the argument.
Syntax
Mode
clear counters { unit/slot/port | all }
Privileged EXEC
clear igmpsnooping
This command clears the tables managed by the IGMP Snooping function and will attempt to
delete these entries from the Multicast Forwarding Database.
123
clear pass
Syntax
Mode
clear igmpsnooping
Privileged EXEC
clear pass
This command resets all user passwords to the factory defaults without powering off the
switch. You are prompted to confirm that the password reset should proceed.
Syntax
Mode
clear pass
Privileged EXEC
enable passwd
This command changes the Privileged EXEC password. First type the command then hit the
enter or the return key.
Syntax
enable passwd
Mode
Privileged EXEC
clear port-channel
This command clears all port-channels (LAGs).
Syntax
Mode
clear port-channel
Privileged EXEC
clear traplog
This command clears the trap log.
Syntax
124
clear traplog
clear vlan
Mode
Privileged EXEC
clear vlan
This command resets VLAN configuration parameters to the factory defaults.
Syntax
Mode
clear vlan
Privileged EXEC
logout
This command closes the current telnet connection or resets the current serial connection.
Note: Save configuration changes before logging out.
Syntax
Mode
logout
Privileged EXEC
ping
This command checks if another computer is on the network and listens for connections. To
use this command, configure the switch for network (in-band) connection (as described in the
SFTOS 2402/4802 Hardware User Guide). The source and target devices must have the ping
utility enabled and running on top of TCP/IP. The switch can be pinged from any IP
workstation with which the switch is connected through the default VLAN (VLAN 1), as long
as there is a physical path between the switch and the workstation. The terminal interface
sends, three pings to the target station.
Syntax
Mode
ping ipaddr
125
reload
reload
This command resets the switch without powering it off. Reset means that all network
connections are terminated and the boot code executes. The switch uses the stored
configuration to initialize the switch. You are prompted to confirm that the reset should
proceed. A successful reset is indicated by the LEDs on the switch.
Syntax
Mode
reload
Privileged EXEC
copy
This command uploads and downloads to/from the switch. Local URLs can be specified
using tftp or xmodem. The following can be specified as the source file for uploading from
the switch: startup configuration (nvram:startup-config), error log (nvram:errorlog),
message log (nvram:msglog) and trap log (nvram:traplog). A URL is specified for the
destination.
The command can also be used to download the startup configuration or code image by
specifying the source as a URL and destination as nvram:startup-config or .system:image
respectively.
The command can be used to the save the running configuration to nvram by specifying the
source as system:running-config and the destination as nvram:startup-config. In a
stacking environment, the running configuration is saved in all units of the stack.
The command can also be used to download ssh key files as nvram:sshkey-rsa,
nvram:sshkey-rsa2, and nvram:sshkey-dsa and http secure-server certificates as
nvram:sslpem-root, nvram:sslpem-server, nvram:sslpem-dhweak, and
nvram:sslpem-dhstrong.
126
Default
None
Syntax
copy
copy
copy
copy
copy
copy
copy
copy
copy
copy
copy
copy
nvram:startup-config <tftp://<ip address>/> <filename>

nvram:errorlog <tftp://<ip address>/> <filename>
nvram:log <tftp://<ip address>/> <filename>
nvram:traplog <tftp://<ip address>/> <filename>
nvram:script <scriptname> <tftp://<ip address>/> <filename>
<tftp://<ip address>/> <filename> nvram:startup-config
<tftp://<ip address>/> <filename> system:image
<tftp://<ip address>/> <filename> nvram:configscript
system:running-config nvram:startup-config
<tftp://<ip address>/> <filename> nvram:sslpem-root
<tftp://<ip address>/> <filename> nvram:sslpem-server
<tftp://<ip address>/> <filename> nvram:sslpem-dhweak
copy (clibanner)
copy
copy
copy
copy
copy
Mode
<tftp://<ip
<tftp://<ip
<tftp://<ip
<tftp://<ip
<tftp://<ip
address>/>
address>/>
address>/>
address>/>
address>/>
<filename>
<filename>
<filename>
<filename>
<filename>
nvram:sslpem-dhstrong
nvram:sshkey-rsa1
nvram:sshkey-rsa2
nvram:sshkey-dsa
nvram:clibanner
Privileged EXEC
Pre-login Banner
This section provides a detailed explanation of the Pre-login Banner command.
copy (clibanner)
The copy command (See copy on page 126.) includes the clibanner option. This
command uploads and downloads to/from the switch. Local URLs can be specified using tftp
or xmodem.
Default
none
Syntax
copy <tftp://<ip address>/> <filename> nvram:clibanner
Mode
Privileged EXEC
CLI Command Logging

This section provides a detailed explanation of the CLI Command Logging commands.
logging cli-command
This command enables the CLI command Logging feature.The Command Logging
component enables the FASTPATH software to log all Command Line Interface (CLI)
commands issued on the system.
Default
enabled
Syntax
[no] logging cli-command
Mode
Global Config
127
Configuration Scripting
Configuration Scripting
Configuration Scripting allows the user to generate text-formatted script files representing the
current configuration. These configuration script files can be uploaded to a PC and edited,
downloaded to the system and applied to the system. Configuration scripts can be applied to
one or more switches with no/minor modifications.
Use the show running-config command to capture the running configuration into a script.
Use the copy command (See copy on page 126. ) to transfer the configuration script to/
from the switch.
Note: The file extension must be .scr. A maximum of ten scripts are allowed on the
switch. The combined size of all script files on the switch shall not exceed 500 KB.
Note: Configuration script files are not distributed across the stack, and only live in
the unit that is the master unit at the time of the file download.
Note: The file extension must be .scr.
Note: A maximum of ten scripts are allowed on the switch.
Note: The combined size of all script files on the switch shall not exceed 500 KB.
configscript apply
This command applies the commands in the configuration script to the switch. The apply
command backs up the running configuration and then starts applying the commands in the
script file. Application of the commands stops at the first failure of a command. The
<scriptname> parameter is the name of the script to be applied.
Syntax
Mode
configscript apply <scriptname>
Global Config
configscript delete
This command deletes a specified script where the <scriptname> parameter is the name of
the script to be deleted. The all option deletes all the scripts present on the switch.
Syntax
Mode
128
configscript delete {<scriptname> | all} <unit/slot/port>
Global Config
configscript list
configscript list
This command lists all scripts present on the switch as well as the total number of files
present.
Syntax
Mode
configscript list
Global Config
Configuration ScriptName of the configuration script.
SizeSize of the configuration script.
configscript show
This command displays the contents of a script file. The parameter <scriptname> is the name
of the script file.
Syntax
Mode
configscript show <unit/slot/port> <scriptname>
Global Config
The format of display is: Line <no>: <Line contents>
configscript validate
This command validates a configuration script file by parsing each line in the script file where
<scriptname> is the name of the script to be validated. The validation will stop at the first
failure of a command.
Syntax
Mode
configscript validate <scriptname> <unit/slot/port>
Global Config
129
configscript validate
130
Chapter 13
System Log
This section provides a detailed explanation of the Syslog commands. The commands are
divided into two functional groups:
Show commands display spanning tree settings, statistics, and other information.
Configuration Commands configure features and options of the device. For every
logging buffered
This command enables logging to in-memory log where up to 128 logs are kept. The
<severitylevel> value is specified as either an integer from 0 to 7 or symbolically through one
of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice
(5), informational (6), debug (7).
The no version of this command disables logging to in-memory log.
Default
disabled; critical
Syntax
[no] logging buffered [severitylevel]
Mode
Global Config
logging buffered wrap

This command enables wrapping of in-memory logging when full capacity reached.
Otherwise when full capacity is reached, logging stops.
The no version of this command disables wrapping of in-memory logging and configures
logging to stop when capacity is full.
Default
wrap
131
logging console
Syntax
Mode
[no] logging buffered wrap
Privileged EXEC
logging console
This command enables logging to the console. The <severitylevel> value is specified as
either an integer from 0 to 7 or symbolically through one of the following keywords:
emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), informational (6),
debug (7).
The no version of this command disables logging to the console.
Default
disabled; critical
Syntax
logging console [severitylevel]
Mode
Global Config
logging persistent
This command enables logging of system startup and system operation logs to storage. The
<severitylevel> value is specified as either an integer from 0 to 7 or symbolically through
one of the following keywords: EMERGENCY (0), ALERT (1), CRITICAL (2), ERROR (3),
WARNING (4), NOTICE (5), INFORMATIONAL (6), DEBUG (7).
The no version of this command disables logging. It does not clear the contents of the log.
Default
enabled; severitylevel - critical
Syntax
[no] logging persistent [severitylevel]
Mode
Global Config
logging host
This command enables logging to a host where up to eight hosts can be configured.
AddressType can be ipv4 or dns, port can be of a value from
132
System Log
logging host remove
Default
Port - 514; Level - Critical;
Syntax
logging host <ipaddress> <addresstype> [port <port>] [level <severitylevel>]
Mode
Global Config
logging host remove

This command disables logging to host. See show logging hosts for a list of host indices.
Syntax
Mode
logging host remove <hostindex>
Global Config
logging port
This command sets the local port number of the LOG client for logging messages. The
<portid> can be in the range from 1 to 65535.
The no version of this command resets the local logging port to the default.
Default
514
Syntax
logging port <portid>
Mode
Global Config
logging syslog
This command enables syslog logging.
The no version of this command disables syslog logging.
Default
disabled; local0
Syntax
[no] logging syslog
Mode
Global Config
133
show logging
show logging
This command displays logging.
Syntax
Mode
show logging
Privileged EXEC
Client Local PortThe port on the collector/relay to which syslog messages are sent
Console Logging Administrative ModeThe mode for console logging.
Console Logging Severity FilterThe minimum severity to log to the console log. Messages with an
equal or lower numerical severity are logged.
Buffered Logging Administrative ModeThe mode for buffered logging.
Buffered Logging Severity FilterThe minimum severity to log to the buffered log. Messages with an
Historical Logging Administrative ModeThe mode for historical logging.
Historical Logging Severity FilterThe minimum severity to log to the historical log. Messages with an
Syslog Logging Administrative ModeThe mode for logging to configured syslog hosts. If set to disable
logging stops to all syslog hosts.
Log Messages ReceivedThe number of messages received by the log process. This includes
messages that are dropped or ignored
Log Messages DroppedThe number of messages that could not be processed.
show logging persistent

This command displays logging.
Syntax
Mode
show logging persistent
Privileged EXEC
Persistent Logging Administrative ModeThe mode for historical logging.
Persistent Logging Severity FilterThe minimum severity to log to the historical log. Messages with an
Persistent Log Count:The number of messages received by the log process. This includes messages
that are dropped or ignored
Log Messages: The log messages appear here.
134
System Log
show logging buffered

This command displays buffered logging (system startup and system operation logs).
Syntax
Mode
Privileged EXEC
Admin StatusThe current state of the in-memory log.
Severity Level FilterThe minimum severity to log to the in memory log. Messages with an equal or
lower numerical severity are logged.
Component FilterThe component(s) from which received messages are to be logged to the in memory
log. Either a single component id or "all components" may be specified.
Wrapping BehaviorThe behavior of the In Memory log when faced with a log full situation.
Log CountThe count of valid entries in the buffered log.
show logging hosts

This command displays all configured logging hosts.
Syntax
Mode
show logging hosts
Privileged EXEC
Host Index (used for deleting)
Host IP AddressIP Address of the configured server.
Address TypeAddress Type of Server.
Severity LevelThe minimum severity to log to the specified address.
PortServer Port Number.This is the port on the local host from which syslog messages are sent.
Host StatusThe state of logging to configured syslog hosts. If the status is disable, no logging occurs.
135
show logging hosts
136
System Log
Chapter 14
User Account Commands
These commands manage user accounts. The commands are divided into two functional
groups:

disconnect
This command closes a telnet session.
Syntax
Mode
disconnect {sessionID | all }
Privileged EXEC
show loginsession
This command displays current telnet and serial port connections to the switch.
Syntax
show loginsession
Mode
Privileged EXEC
ID
Login Session ID
Parameters
User NameThe name the user will use to login using the serial port or Telnet. A new user may be
added to the switch by entering a name in a blank entry. The user name may be up to 8 characters, and
is not case sensitive. Two users are included as the factory default, admin and guest.
Connection FromIP address of the telnet client machine or EIA-232 for the serial port connection.
Idle TimeTime this session has been idle.
Session TimeTotal time this session has been connected.
137
show users
show users
This command displays the configured user names and their settings. This command is only
available for users with Read/Write privileges. The SNMPv3 fields will only be displayed if SNMP is
available on the system.
Syntax
Mode
Parameters
show users
Privileged EXEC
User NameThe name the user will use to login using the serial port, Telnet or Web. A new user may
be added to the switch by entering a name in a blank entry. The user name may be up to eight
characters, and is not case sensitive. Two users are included as the factory default, admin and guest
Access ModeShows whether the operator is able to change parameters on the switch (Read/Write) or
is only able to view them (Read Only). As a factory default, the admin user has Read/Write access and
the guest has Read Only access. There can only be one Read/Write user and up to five Read Only
users.
SNMPv3 Access ModeThis field displays the SNMPv3 Access Mode. If the value is set to
ReadWrite, the SNMPv3 user will be able to set and retrieve parameters on the system. If the value
is set to ReadOnly, the SNMPv3 user will only be able to retrieve parameter information. The
SNMPv3 access mode may be different than the CLI and Web access mode.
SNMPv3 AuthenticationThis field displays the authentication protocol to be used for the specified
login user.
SNMPv3 EncryptionThis field displays the encryption protocol to be used for the specified login user.
users name
This command adds a new user (account) if space permits. The account username can be up
to eight characters in length. The name may be comprised of alphanumeric characters as well
as the dash (-) and underscore (_). The username is not case-sensitive.
Six user names can be defined.
The no version of this command removes an operator.
Note: The admin user account cannot be deleted.
Syntax
Mode
138
[no] users name username
Global Config
users passwd
users passwd
This command is used to change a password. The password should not be more than eight
alphanumeric characters in length. If a user is authorized for authentication or encryption is
enabled, the password must be at least eight alphanumeric characters in length. The username
and password are not case-sensitive. When a password is changed, a prompt will ask for the
former password. If none, press enter.
The no version of this command sets the password of an existing operator to blank. When a
password is changed, a prompt will ask for the operator's former password. If none, press
enter.
Default
no password
Syntax
[no] users passwd username
Mode
Global Config
users snmpv3 accessmode

This command specifies the snmpv3 access privileges for the specified login user. The valid
accessmode values are readonly or readwrite. The username is the login user name for
which the specified access mode applies. The default is readwrite for admin user;
readonly for all other users.
The no version of this command sets the snmpv3 access privileges for the specified login
user as readwrite for the admin user; readonly for all other users. The username is the
login user name for which the specified access mode will apply.
Default
admin -- readwrite; other -- readonly
Syntax
[no] users snmpv3 accessmode username [readonly | readwrite]
Mode
Global Config
users snmpv3 authentication

This command specifies the authentication protocol to be used for the specified login user.
The valid authentication protocols are none, md5 or sha. If md5 or sha are specified, the
user login password is also used as the snmpv3 authentication password and therefore must
be at least eight characters in length. The username is the login user name associated with
the authentication protocol.
139
users snmpv3 encryption
The no version of this command sets the authentication protocol to be used for the specified
login user to none. The username is the login user name for which the specified
authentication protocol will be used.
Default
no authentication
Syntax
users snmpv3 authentication username [none | md5 | sha]

users snmpv3 authentication username
Mode
Global Config
users snmpv3 encryption

This command specifies the encryption protocol to be used for the specified login user. The
valid encryption protocols are des or none.
If des is specified, the required key may be specified on the command line. The key may be
up to 16 characters long. If the des protocol is specified but a key is not provided, the user
will be prompted for the key. When using the des protocol, the user login password is also
used as the snmpv3 encryption password and therefore must be at least eight characters in
length.
If none is specified, a key must not be provided. The username is the login user name
associated with the specified encryption.
The no version of this command sets the encryption protocol to none. The username is the
login user name for which the specified encryption protocol will be used.
Default
no encryption
Syntax
[no] users snmpv3 encryption username none | des [key]
Mode
140
Global Config
Chapter 15
SNTP
This section provides a detailed explanation of the Simple Network Tim Protocol (SNTP)
commands. The commands are divided into two functional groups:
Show commands display spanning tree settings, statistics, and other information.
Configuration Commands configure features and options of the switch. For every
sntp broadcast client poll-interval

This command sets the poll interval for SNTP broadcast clients in seconds as a power of two
where <poll-interval> can be a value from 6 to 16.
The no version of this command resets the poll interval for SNTP broadcast client back to its
default value.
Default
Syntax
sntp broadcast client poll-interval <poll-interval>

no sntp broadcast client poll-interval
Mode
Global Config
sntp client mode

This command enables Simple Network Time Protocol (SNTP) client mode and optionally
setting the mode to either broadcast, multicast, or unicast.
The no version of this command disables Simple Network Time Protocol (SNTP) client
mode.
141
sntp client port
Default
Disabled
Syntax
sntp client mode [broadcast | multicast | unicast]

no sntp client mode
Mode
Global Config
sntp client port

This command sets the SNTP client port id to a value from 1-65535.
The no version of this command resets the SNTP client port back to its default value.
Default
123
Syntax
sntp client port <portid>

no sntp client port
Mode
Global Config
sntp unicast client poll-interval

This command sets the poll interval for SNTP unicast clients in seconds as a power of two
The no version of this command resets the poll interval for SNTP unicast clients to its
default.
Default
Syntax
sntp unicast client poll-interval <poll-interval>

no sntp unicast client poll-interval
Mode
142
Global Config
SNTP
sntp unicast client poll-timeout
sntp unicast client poll-timeout

This command sets the poll timeout for SNTP unicast clients in seconds to a value from 1-30.
The no version of this command resets the poll timeout for SNTP unicast clients to its default
value.
Default
Syntax
sntp unicast client poll-timeout <poll-timeout>

no sntp unicast client poll-timeout
Mode
Global Config
sntp unicast client poll-retry

This command sets the poll retry for SNTP unicast clients to a value from 0 to 10.
The no version of this command resets the poll retry for SNTP unicast clients to its default
value.
Default
Syntax
sntp unicast client poll-retry <poll-retry>

no sntp unicast client poll-retry
Mode
Global Config
sntp multicast client poll-interval

This command sets the poll interval for SNTP multicast clients in seconds as a power of two
The no version of this command resets the poll interval for SNTP multicast clients to its
default.
Default
Syntax
sntp multicast client poll-interval <poll-interval>
143
sntp server
no sntp multicast client poll-interval
Mode
Global Config
sntp server
This command configures an SNTP server (with a maximum of three) where the server
address can be an ip address or a domain name and the address type either ipv4 or dns. The
optional priority can be a value of 1-3, the version a value of 1-4, and the port id a value of
1-65535.
The no version of this command deletes an server from the configured SNTP servers.
Syntax
sntp server <ipaddress/domain-name> <addresstype> [<priority> [<version>

[<portid>]]]
no sntp server remove <ipaddress/domain-name>
Mode
Global Config
show sntp
This command is used to display SNTP settings and status.
Syntax
Mode
show sntp
Privileged Exec
Last Update TimeTime of last clock update.
Last Attempt TimeTime of last transmit query (in unicast mode).
Last Attempt StatusStatus of the last SNTP request (in unicast mode) or unsolicited message (in
broadcast mode).
Broadcast CountCurrent number of unsolicited broadcast messages that have been received and
processed by the SNTP client since last reboot.
Multicast CountCurrent number of unsolicited multicast messages that have been received and
processed by the SNTP client since last reboot
144
SNTP
show sntp client
show sntp client

This command is used to display SNTP client settings.
Syntax
Mode
show sntp client
Privileged Exec
Client Supported ModesSupported SNTP Modes (Broadcast, Unicast, or Multicast).
SNTP VersionThe highest SNTP version the client supports
PortSNTP Client Port
Client Mode:Configured SNTP Client Mode
Poll IntervalPoll interval value for SNTP clients in seconds as a power of two.
Poll TimeoutPoll timeout value in seconds for SNTP clients.
Poll RetryPoll retry value for SNTP clients.
show sntp server

This command is used to display SNTP server settings and configured servers.
Syntax
Mode
show sntp server
Privileged Exec
Server IP AddressIP Address of configured SNTP Server
Server TypeAddress Type of Server.
Server StratumClaimed stratum of the server for the last received valid packet.
Server Reference IDReference clock identifier of the server for the last received valid packet.
Server ModeSNTP Server mode.
Server Max EntriesTotal number of SNTP Servers allowed.
Server Current EntriesTotal number of SNTP configured.
For each configured server:

IP AddressIP Address of configured SNTP Server.
Address TypeAddress Type of configured SNTP server.
145
show sntp server
PriorityIP priority type of the configured server.

VersionSNTP Version number of the server. The protocol version used to query the server in unicast
mode.
PortServer Port Number
Last Attempt TimeLast server attempt time for the specified server.
Last Attempt StatusLast server attempt status for the server.
Total Unicast RequestsNumber of requests to the server.
Failed Unicast RequestsNumber of failed requests from server.
146
SNTP
Chapter 16
DHCP Server Commands
These commands configure the Dynamic Host Configuration Protocol (DHCP) Server
parameters and address pools. The commands are divided by functionality into these different
groups:
Configuration Commands are used to configure features and options of the switch. For
every configuration command there is a show command that will display the
configuration setting.
Show commands are used to display switch settings, statistics and other information.
client-identifier
This command specifies the unique identifier for a DHCP client. Unique-identifier is a valid
notation in hexadecimal format. In some systems, such as Microsoft DHCP clients, the client
identifier is required instead of hardware addresses. The unique-identifier is a concatenation
of the media type and the MAC address. For example, the Microsoft client identifier for
Ethernet address c819.2488.f177 is 01c8.1924.88f1.77 where 01 represents the Ethernet
media type. Refer to the "Address Resolution Protocol Parameters" section of RFC 1700,
Assigned Numbers for a list of media type codes.
The no version of this command deletes the client identifier.
Default
None
Syntax
[no] client-identifier uniqueidentifier
Mode
DHCP Pool Config
147
client-name
client-name
This command specifies the name for a DHCP client. Name is a string consisting of standard
ASCII characters.
The no version of this command removes the client name.
Default
None
Syntax
client-name name
no client-name
Mode
DHCP Pool Config
default-router
This command specifies the default router list for a DHCP client. {address1, address2
address8} are valid IP addresses, each made up of four decimal bytes ranging from 0 to 255.
IP address 0.0.0.0 is invalid.
The no version of this command removes the default router list.
Default
None
Syntax
default-router address1 [address2....address8 ]

no default-router
Mode
DHCP Pool Config
dns-server
This command specifies the IP servers available to a DHCP client. Address parameters are
valid IP addresses; each made up of four decimal bytes ranging from 0 to 255. IP address
0.0.0.0 is invalid.
The no version of this command removes the DNS Server list.
148
Default
none
Syntax
dns-server address1 [address2....address8 ]
hardware-address
no dns-server
Mode
DHCP Pool Config
hardware-address
This command specifies the hardware address of a DHCP client.
Hardware-address is the MAC address of the hardware platform of the client consisting of 6
bytes in dotted hexadecimal format.
Type indicates the protocol of the hardware platform. It is 1 for 10 MB Ethernet and 6 for
IEEE 802.
The no version of this command removes the hardware address of the DHCP client.
Default
ethernet
Syntax
[no] hardware-address hardware-address [type]
Mode
DHCP Pool Config
host
This command specifies the IP address and network mask for a manual binding to a DHCP
client. Address and Mask are valid IP addresses; each made up of four decimal bytes ranging
from 0 to 255. IP address 0.0.0.0 is invalid.
The prefix-length is an integer from 0 to 32.
The no version of this command removes the IP address of the DHCP client.
Default
none
Syntax
host address [mask | prefix-length]

no host
Mode
DHCP Pool Config
149
ip dhcp excluded-address
ip dhcp excluded-address
This command specifies the IP addresses that a DHCP server should not assign to DHCP
clients. Low-address and high-address are valid IP addresses; each made up of four decimal
bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid.
The no version of this command removes the excluded IP addresses for a DHCP client.
Low-address and high-address are valid IP addresses; each made up of four decimal bytes
ranging from 0 to 255. IP address 0.0.0.0 is invalid.
Default
none
Syntax
ip dhcp excluded-address lowaddress [highaddress]
Mode
Global Config
ip dhcp ping packets

This command is used to specify the number in a range from 2-10, of packets a DHCP server
sends to a pool address as part of a ping operation. Setting the number of ping packets to 0 is
the same as no ip dhcp ping packets and will prevent the server from pinging pool
addresses.
The no version of this command prevents the server from pinging pool addresses and will set
the number of packets to 0.
Default
Syntax
ip dhcp ping packets 0,2-10

no ip dhcp ping packets
Mode
Global Config
ip dhcp pool
This command configures a DHCP address pool name on a DHCP server and enters DHCP
pool configuration mode.
The no version of this command removes the DHCP address pool. The name should be
previously configured pool name.
150
Default
none
Syntax
ip dhcp pool name

lease
Mode
Global Config Mode
lease
This command configures the duration of the lease for an IP address that is assigned from a
DHCP server to a DHCP client. The overall lease time should be between 1-86400 minutes. If
infinite is specified, lease is set for 60 days. Days is an integer from 0 to 59. Hours is an
integer from 0 to 1439. Minutes is an integer from 0 to 86399.
The no version of this command restores the default value of the lease time for DHCP Server.
Default
1 (day)
Syntax
lease {[days [hours] [minutes]] | [infinite]}
Mode
DHCP Pool Config
network
This command is used to configure the subnet number and mask for a DHCP address pool on
the server. Network-number is a valid IP address, made up of four decimal bytes ranging from
0 to 255. IP address 0.0.0.0 is invalid. Mask is the IP subnet mask for the specified address
pool. The prefix-length is an integer from 0 to 32.
The no version of this command removes the subnet number and mask.
Default
none
Syntax
network networknumber [mask | prefixlength]

no network
Mode
DHCP Pool Config
service dhcp
This command enables the DHCP server and relay agent features on the router.
The no version of this command disables the DHCP server and relay agent features.
Default
disabled
151
bootfile
Syntax
service dhcp
Mode
Global Config
bootfile
The command specifies the name of the default boot image for a DHCP client. The filename
specifies the boot image file.
The no version of this command deletes the boot image name.
Default
none
Syntax
bootfile filename
no bootfile
Mode
DHCP Pool Config
domain-name
This command specifies the domain name for a DHCP client. The domain specifies the
domain name string of the client.
The no version of this command removes the domain name.
Default
none
Syntax
domain-name domain
Mode
DHCP Pool Config
ip dhcp bootp automatic

This command enables the allocation of the addresses to the bootp client. The addresses are
from the automatic address pool.
The no version of this command disables the allocation of the addresses to the bootp client.
The address are from the automatic address pool.
Default
152
disable
ip dhcp conflict logging
Syntax
Mode
ip dhcp bootp automatic
Global Config

This command enables conflict logging on DHCP server.
The no version of this command disables conflict logging on DHCP server.
Default
enabled
Syntax
Mode
Global Config
netbios-name-server
This command configures NetBIOS Windows Internet Naming Service (WINS) name servers
that are available to DHCP clients.
One IP address is required, although one can specify up to eight addresses in one command
line. Servers are listed in order of preference (address1 is the most preferred server, address2
is the next most preferred server, and so on).
The no version of this command
Default
none
Syntax
netbios-name-server address [address2...address8 ]
Mode
DHCP Pool Config
netbios-node-type
The command configures the NetBIOS node type for Microsoft Dynamic Host Configuration
Protocol (DHCP) clients.type Specifies the NetBIOS node type. Valid types are:
b-nodeBroadcast
p-nodePeer-to-peer
153
next-server
m-nodeMixed
h-nodeHybrid (recommended)
The no version of this command removes the NetBIOS node Type.

Default
none
Syntax
netbios-node-type type
Mode
DHCP Pool Config
next-server
This command configures the next server in the boot process of a DHCP client.
Address is the IP address of the next server in the boot process, which is typically a Trivial
File Transfer Protocol (TFTP) server.
The no version of this command removes the boot server list.
Default
If the next-server command is not used to configure a boot server list, the DHCP Server uses
inbound interface helper addresses as boot servers.
Syntax
next-server address
no next-server
Mode
DHCP Pool Config
option
The command configures DHCP Server options. Code specifies the DHCP option code. Ascii
string specifies an NVT ASCII character string. ASCII character strings that contain white
space must be delimited by quotation marks. Hex string specifies hexadecimal data. in
hexadecimal character strings is two hexadecimal digitseach byte can be separated by a
period, colon, or white space.
Example :a3:4f:22:0c / a3 4f 22 0c / a34f.220c.9fed The address specifies an IP address.
The no version of this command removes the options.
Default
154
none
show ip dhcp binding
Syntax
option code {ascii string | hex string1 [string2...string8 ] | ip address1

[address2...address8 ]}
no option code
Mode
DHCP Pool Config
show ip dhcp binding

This command displays address bindings for the specific IP address on the DHCP server. If
no IP address is specified, the bindings corresponding to all the addresses are displayed.
Syntax
Mode
show ip dhcp binding [address]

IP addressThe IP address of the client.
Hardware AddressThe MAC Address or the client identifier.
Lease expirationThe lease expiration time of the IP Address assigned to the client.
TypeThe manner in which IP Address was assigned to the client.
show ip dhcp global configuration

This command displays address bindings for the specific IP address on the DHCP server. If
no IP address is specified, the bindings corresponding to all the addresses are displayed.
Syntax
Mode
show ip dhcp global configuration

Service DHCPThe field to display the status of dhcp protocol.
Number of Ping PacketsThe maximum number of Ping Packets that will be sent to verify that an ip
address id not already assigned.
Excluded AddressThe ranges of IP addresses that a DHCP server should not assign to DHCP clients.
155
show ip dhcp pool configuration
show ip dhcp pool configuration

This command displays pool configuration. If all is specified, configuration for all the pools
is displayed.
Syntax
Mode
show ip dhcp pool configuration {name | all}

Pool NameThe name of the configured pool.
Pool TypeThe pool type.
Lease TimeThe lease expiration time of the IP Address assigned to the client.
DNS ServersThe list of DNS servers available to the DHCP client
Default RoutersThe list of the default routers available to the DHCP client
Following additional field is displayed for Dynamic pool type:

NetworkThe network number and the mask for the DHCP address pool.
Following additional fields are displayed for Manual pool type:

Client NameThe name of a DHCP client.
Client IdentifierThe unique identifier of a DHCP client.
Hardware AddressThe hardware address of a DHCP client.
Hardware Address TypeThe protocol of the hardware platform.
HostThe IP address and the mask for a manual binding to a DHCP client.
show ip dhcp server statistics

This command displays DHCP server statistics.
Syntax
Mode
show ip dhcp server statistics

Address PoolThe number of configured address pools in the DHCP server.
Automatic bindingsThe number of IP addresses that have been automatically mapped to the MAC
addresses of hosts that are found in the DHCP database.
Manual bindingsThe number of IP addresses that have been manually mapped to the MAC
addresses of hosts that are found in the DHCP database.
156
show ip dhcp conflict
Expired bindingsThe number of expired leases.

Malformed messagesThe number of truncated or corrupted messages that were received by the
DHCP server.
Message Received
DHCPREQUESTThe number of DHCPREQUEST messages that were received by the server.
DHCPDECLINEThe number of DHCPDECLINE messages that were received by the server.
DHCPRELEASEThe number of DHCPRELEASE messages that were received by the server.
DHCPINFORMThe number of DHCPINFORM messages that were received by the server.
Message Sent
DHCPOFFER The number of DHCPOFFER messages that were sent by the server.
DHCPACKThe number of DHCPPACK messages that were sent by the server.
DHCPNACKThe number of DHCPNACK messages that were sent by the server.
show ip dhcp conflict

This command displays address conflicts logged by the DHCP Server. If no IP address is
specified, all the conflicting addresses are displayed.
Syntax
Mode
show ip dhcp conflict [ip-address]

IP addressThe IP address of the host as recorded on the DHCP server.
Detection MethodThe manner in which the IP address of the hosts were found on the DHCP Server
Detection timeThe time when the conflict was found.
clear ip dhcp binding

This command deletes an automatic address binding from the DHCP server database. If * is
specified, the bindings corresponding to all the addresses are deleted. address is a valid IP
address made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid.
Default
none
Syntax
clear ip dhcp binding {address | *}
157
clear ip dhcp server statistics
Mode
Privileged EXEC

This command clears DHCP server statistics counters.
Syntax
Mode
Privileged EXEC
clear ip dhcp conflict

The command is used to clear an address conflict from the DHCP Server database. The server
detects conflicts using a ping. DHCP server clears all conflicts If the asterisk (*) character is
used as the address parameter.
Default
none
Syntax
clear ip dhcp conflict {address | *}
Mode
158
Privileged EXEC
Chapter 17
Double VLAN Commands
This chapter provides a detailed explanation of the Double VLAN (dvlan) commands. The

dvlan-tunnel etherType
This command configures the ether-type for the specified interface. The ether-type may have
the values of 802.1Q, vMAN, or custom. If the ether-type has a value of custom, the optional
value of the custom ether type must be set to a value from 0 to 65535.
The no version of this command configures the ether-type for the specified interface to its
default value.
Default
vman
Syntax
dvlan-tunnel etherType [802.1Q | vman | custom] [0-65535]
Mode
Interface Config
mode dot1q-tunnel
This command is used to enable Double VLAN Tunneling on the specified interface. By
default, Double VLAN Tunneling is disabled. This command is synonymous with mode
dvlan-tunnel.
The no version of this command is used to disable Double VLAN Tunneling on the specified
interface. By default, Double VLAN Tunneling is disabled.
Default
disabled
159
mode dvlan-tunnel
Syntax
Mode
mode dot1q-tunnel
Interface Config
mode dvlan-tunnel
This command is used to enable Double VLAN Tunneling on the specified interface. By
default, Double VLAN Tunneling is disabled.This command is synonymous with mode
dot1q-tunnel.
The no version of this command is used to disable Double VLAN Tunneling on the specified
interface. By default, Double VLAN Tunneling is disabled.
Default
disabled
Syntax
mode dvlan-tunnel
Mode
Interface Config
show dot1q-tunnel
This command displays all interfaces enabled for Double VLAN Tunneling.
Syntax
Mode
show dot1q-tunnel

show dot1q-tunnel interface

This command displays detailed information about Double VLAN Tunneling for the
specified interface.
Syntax
Mode
show dot1q-tunnel interface unit/slot/port

ModeThis field specifies the administrative mode through which Double VLAN Tunneling can be
enabled or disabled. The default value for this field is disabled.
160
show dvlan-tunnel
Customer IdThis is a 12-bit customer ID which will be used as the last 12 bits of the Double VLAN
Tunnel. The valid range for a customer ID is 0 to 4095.
EtherTypeThis field represents a 2-byte hex EtherType to be used as the first 16 bits of the DVLAN
tunnel. There are three different EtherType tags. The first is 802.1Q, which represents the commonly
used value of 0x8100. The second is vMAN, which represents the commonly used value of 0x88A8. If
EtherType is not one of these two values, then it is a custom tunnel value, representing any value in the
range of 0 to 65535.
show dvlan-tunnel
This command displays all interfaces enabled for Double VLAN Tunneling.
Syntax
Mode
show dvlan-tunnel

show dvlan-tunnel interface

This command displays detailed information about Double VLAN Tunneling for the
specified interface.
Syntax
Mode
show dvlan-tunnel interface unit/slot/port

ModeThis field specifies the administrative mode through which Double VLAN Tunneling can be
enabled or disabled. The default value for this field is disabled.
Customer IdThis is a 12-bit customer ID which will be used as the last 12 bits of the DVLAN Tunnel.
The valid range for a customer ID is 0 to 4095.
EtherTypeThis field represents a 2-byte hex EtherType to be used as the first 16 bits of the DVLAN
tunnel. There are three different EtherType tags. The first is 802.1Q, which represents the commonly
used value of 0x8100. The second is vMAN, which represents the commonly used value of 0x88A8. If
EtherType is not one of these two values, then it is a custom tunnel value, representing any value in the
range of 0 to 65535.
161
show dvlan-tunnel interface
162
Chapter 18
Provisioning (IEEE 802.1p)

Commands
This chapter provides a detailed explanation of the Provisioning commands. The commands

classofservice dot1pmapping
This command maps an 802.1p priority to an internal traffic class for a device when in
Global Config mode. The number of available traffic classes may vary with the platform.
Userpriority and trafficclass can both be the range from 0-7. The command is only available
on platforms that support priority to traffic class mapping on a per-port basis, and the
number of available traffic classes may vary with the platform.
Syntax
Mode
classofservice dot1pmapping userpriority trafficclass
Global Config or Interface Config
show classofservice dot1pmapping

This command displays the current 802.1p priority mapping to internal traffic classes for a
specific interface. The unit/slot/port parameter is required on platforms that support priority
to traffic class mapping on a per-port basis.
Platforms that support priority to traffic class mapping on a per-port basis:
Syntax
show classofservice dot1pmapping unit/slot/port
Platforms that do not support priority to traffic class mapping on a per-port basis:
163
vlan port priority all
Syntax
Mode
show classofservice dot1pmapping
vlan port priority all

This command configures the port priority assigned for untagged packets for all ports
presently plugged into the device. The range for the priority is 0-7. Any subsequent per port
configuration will override this configuration setting.
Syntax
Mode
vlan port priority all priority
Global Config
vlan priority
This command configures the default 802.1p port priority assigned for untagged packets for a
specific interface. The range for the priority is 0-7
Default
Syntax
vlan priority priority
Mode
164
Interface Config
Provisioning (IEEE 802.1p) Commands
Chapter 19
GARP Commands
This chapter provides a detailed explanation of the General Attribute Registration Protocol
(GARP) commands. The commands are divided into two functional groups:

set garp timer join

This command sets the GVRP join time per port and per GARP. Join time is the interval
between the transmission of GARP Protocol Data Units (PDUs) registering (or re-registering)
membership for a VLAN or multicast group.
This command has an effect only when GVRP is enabled. The time is from 10 to 100
(centiseconds). the value 20 centiseconds is 0.2 seconds.
The no version of this command sets the GVRP join time per port and per GARP to 20
centiseconds (0.2 seconds). This command has an effect only when GVRP is enabled.
Default
20
Syntax
set garp timer join 10-100

no set garp timer join
Mode
Interface Config
set garp timer join all

This command sets the GVRP join time for all ports and per GARP. Join time is the interval
between the transmission of GARP Protocol Data Units (PDUs) registering (or re-registering)
membership for a VLAN or multicast group.
165
set garp timer leave
This command has an effect only when GVRP is enabled. The time is from 10 to 100
(centiseconds). The value 20 centiseconds is 0.2 seconds.
The no version of this command sets the GVRP join time for all ports and per GARP to 20
centiseconds (0.2 seconds). This command has an effect only when GVRP is enabled.
Default
20
Syntax
set garp timer join all 10-100
Mode
Global Config
set garp timer leave

This command sets the GVRP leave time per port. Leave time is the time to wait after
receiving an unregister request for a VLAN or a multicast group before deleting the VLAN
entry. This can be considered a buffer time for another station to assert registration for the
same attribute in order to maintain uninterrupted service.time is 20 to 600 (centiseconds). The
value 60 centiseconds is 0.6 seconds.
Note: This command has an effect only when GVRP is enabled.
The no version of this command sets the GVRP leave time per port to 60 centiseconds (0.6
seconds).
Default
60
Syntax
set garp timer leave <20-600>

no set garp timer leave
Mode
166
Interface Config
GARP Commands
set garp timer leave all
set garp timer leave all

This command sets the GVRP leave time for all ports. Leave time is the time to wait after
receiving an unregister request for a VLAN or a multicast group before deleting the VLAN
entry. This can be considered a buffer time for another station to assert registration for the
same attribute in order to maintain uninterrupted service.time is 20 to 600 (centiseconds). The
value 60 centiseconds is 0.6 seconds.
The no version of this command sets the GVRP leave time for all ports to the default 60
centiseconds (0.6 seconds).
Default
60
Syntax
set garp timer leave all 20-600

no set garp timer leave all
Mode
Global Config
set garp timer leaveall

This command sets how frequently Leave All PDUs are generated per port. A Leave All PDU
indicates that all registrations will be unregistered. Participants would need to rejoin in order
to maintain registration. The value applies per port and per GARP participation. The time
may range from 200 to 6000 (centiseconds). The value 1000 centiseconds is 10 seconds.
The no version of this command sets how frequently Leave All PDUs are generated per port to
1000 centiseconds (10 seconds).
167
set garp timer leaveall all
Default
1000
Syntax
set garp timer leaveall 200-6000

no set garp timer leaveall
Mode
Interface Config
set garp timer leaveall all

This command sets how frequently Leave All PDUs are generated for all ports. A Leave All
PDU indicates that all registrations will be unregistered. Participants would need to rejoin in
order to maintain registration. The value applies per port and per GARP participation. The
time may range from 200 to 6000 (centiseconds). The value 1000 centiseconds is 10 seconds.
The no version of this command sets how frequently Leave All PDUs are generated for all
ports to 1000 centiseconds (10 seconds).
Note: These commands have an effect only when GVRP is enabled.
Default
1000
Syntax
set garp timer leaveall all 200-6000

no set garp timer leaveall all
Mode
Global Config
show garp
This command displays Generic Attributes Registration Protocol (GARP) information.
Syntax
Mode
show garp

GMRP Admin ModeThis displays the administrative mode of GARP Multicast Registration Protocol
(GMRP) for the system.
GVRP Admin ModeThis displays the administrative mode of GARP VLAN Registration Protocol
(GVRP) for the system
168
GARP Commands
set gvrp adminmode
GARP VLAN Registration Protocol (GVRP) Commands

This chapter provides a detailed explanation of the GVRP commands. The commands are

set gvrp adminmode

This command enables GVRP.
Default
disabled
Syntax
[no] set gvrp adminmode
Mode
Privileged EXEC
set gvrp interfacemode

This command enables GVRP (GARP VLAN Registration Protocol) for a specific port.
The no version of this command disables GVRP (GARP VLAN Registration Protocol) for a
specific port. If GVRP is disabled, Join Time, Leave Time and Leave All Time have no effect.
Default
disabled
Syntax
[no] set gvrp interfacemode
Mode
Interface Config
set gvrp interfacemode all

This command enables GVRP (GARP VLAN Registration Protocol) for all ports.
The no version of this command disables GVRP (GARP VLAN Registration Protocol) for all
ports. If GVRP is disabled, Join Time, Leave Time and Leave All Time have no effect.
169
show gvrp configuration
Default
disabled
Syntax
[no] set gvrp interfacemode all
Mode
Global Config
show gvrp configuration

This command displays Generic Attributes Registration Protocol (GARP) information for
one or all interfaces.
Syntax
Mode
Interface
show gvrp configuration {unit/slot/port | all}

Valid unit, slot and port number separated by forward slashes.
Join TimerSpecifies the interval between the transmission of GARP PDUs registering (or
re-registering) membership for an attribute. Current attributes are a VLAN or multicast group. There is
an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 10 to 100
centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds (0.2 seconds). The finest
granularity of specification is 1 centisecond (0.01 seconds).
Leave TimerSpecifies the period of time to wait after receiving an unregister request for an attribute
before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered
a buffer time for another station to assert registration for the same attribute in order to maintain
uninterrupted service. There is an instance of this timer on a per-Port, per-GARP participant basis.
Permissible values are 20 to 600 centiseconds (0.2 to 6.0 seconds). The factory default is 60
centiseconds (0.6 seconds). The finest granularity of specification is 1 centisecond (0.01 seconds).
LeaveAll TimerThis Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll
PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to
maintain registration. There is an instance of this timer on a per-Port, per-GARP participant basis. The
Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1.5*LeaveAllTime.
Permissible values are 200 to 6000 centiseconds (2 to 60 seconds). The factory default is 1000
centiseconds (10 seconds). The finest granularity of specification is 1 centisecond (0.01 seconds).
Port GMRP ModeIndicates the GMRP administrative mode for the port. It may be enabled or
disabled. If this parameter is disabled, Join Time, Leave Time and Leave All Time have no effect. The
factory default is disabled.
Port GVRP ModeIndicates the GVRP administrative mode for the port. It may be enabled or disabled.
If this parameter is disabled, Join Time, Leave Time and Leave All Time have no effect. The factory
default is disabled.
170
GARP Commands
set gmrp adminmode
GARP Multicast Registration Protocol (GMRP) Commands

This chapter provides a detailed explanation of the GMRP commands. The commands are

set gmrp adminmode

This command enables GARP Multicast Registration Protocol (GMRP) on the system. The
default value is disable.
The no version of this command disables GARP Multicast Registration Protocol (GMRP) on
the system.
Syntax
Mode
[no] set gmrp adminmode
Privileged EXEC
set gmrp interfacemode

This command enables GARP Multicast Registration Protocol on a selected interface. If an
interface which has GARP enabled is enabled for routing or is enlisted as a member of a
port-channel (LAG), GARP functionality will be disabled on that interface. GARP
functionality will subsequently be re-enabled if routing is disabled and port-channel (LAG)
membership is removed from an interface that has GARP enabled.
The no version of this command disables GARP Multicast Registration Protocol on a
selected interface. If an interface which has GARP enabled is enabled for routing or is
enlisted as a member of a port-channel (LAG), GARP functionality will be disabled on that
interface. GARP functionality will subsequently be re-enabled if routing is disabled and
port-channel (LAG) membership is removed from an interface that has GARP enabled.
Default
disabled
Syntax
[no] set gmrp interfacemode
Mode
Interface Config
171
set gmrp interfacemode all
set gmrp interfacemode all

This command enables GARP Multicast Registration Protocol on all interfaces. If an
interface which has GARP enabled is enabled for routing or is enlisted as a member of a
port-channel (LAG), GARP functionality will be disabled on that interface. GARP
functionality will subsequently be re-enabled if routing is disabled and port-channel (LAG)
membership is removed from an interface that has GARP enabled.
The no version of this command disables GARP Multicast Registration Protocol on a
selected interface.
Default
disabled
Syntax
[no] set gmrp interfacemode all
Mode
Global Config
show gmrp configuration

This command displays Generic Attributes Registration Protocol (GARP) information for
one or all interfaces.
Syntax
Mode
show gmrp configuration {unit/slot/port | all}

InterfaceThis displays the unit/slot/port of the interface that is described in this row of the
table.
Join TimerSpecifies the interval between the transmission of GARP PDUs registering (or
re-registering) membership for an attribute. Current attributes are a VLAN or multicast group. There is
an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 10 to 100
centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds (0.2 seconds). The finest
granularity of specification is 1 centisecond (0.01 seconds).
Leave TimerSpecifies the period of time to wait after receiving an unregister request for an attribute
before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered
a buffer time for another station to assert registration for the same attribute in order to maintain
uninterrupted service. There is an instance of this timer on a per-Port, per-GARP participant basis.
Permissible values are 20 to 600 centiseconds (0.2 to 6.0 seconds). The factory default is 60
centiseconds (0.6 seconds). The finest granularity of specification is 1 centisecond (0.01 seconds).
LeaveAll TimerThis Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll
PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to
maintain registration. There is an instance of this timer on a per-Port, per-GARP participant basis. The
Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1.5*LeaveAllTime.
Permissible values are 200 to 6000 centiseconds (2 to 60 seconds). The factory default is 1000
centiseconds (10 seconds). The finest granularity of specification is 1 centisecond (0.01 seconds).
172
GARP Commands
show mac-address-table gmrp
Port GMRP ModeIndicates the GMRP administrative mode for the port. It may be enabled or
disabled. If this parameter is disabled, Join Time, Leave Time and Leave All Time have no effect. The
factory default is disabled.
Port GVRP ModeIndicates the GVRP administrative mode for the port. It may be enabled or disabled.
If this parameter is disabled, Join Time, Leave Time and Leave All Time have no effect. The factory
default is disabled.

This command displays the GARP Multicast Registration Protocol (GMRP) entries in the
Multicast Forwarding Database (MFDB) table.
Syntax
Mode
Privileged EXEC
Mac AddressA unicast MAC address for which the switch has forwarding and or filtering information.
The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB. In a system the MAC address will be displayed as 8 bytes.
173
174
GARP Commands
Chapter 20
IGMP Commands
This chapter provides a detailed explanation of the IGMP commands. The commands are

The IGMP commands are:
set igmp (system) on page 176

set igmp (interface) on page 176
set igmp groupmembershipinterval on page 176
set igmp interfacemode all on page 177
set igmp maxresponse on page 177
set igmp mcrtrexpiretime on page 178
show igmpsnooping on page 178
show mac-address-table igmpsnooping on page 179
set igmp groupmembershipinterval on page 179
set igmp groupmembershipinterval all on page 180
set igmp maxresponse on page 180
set igmp maxresponse all on page 181
set igmp mcrtexpiretime on page 181
set igmp mcrtexpiretime all on page 182
set igmp fast-leave on page 182
set igmp mrouter interface on page 183
set igmp mrouter <vlan-id> on page 183
show igmpsnooping on page 183
show igmpsnooping fast-leave on page 184
show igmpsnooping mrouter interface on page 184
175
set igmp (system)
set igmp (system)

This command enables IGMP Snooping on the system. The default value is disable.
Note: The IGMP application supports the following:
Syntax
Mode
Global configuration or per interface configuration. Per VLAN configuration is

unsupported in the IGMP snooping application.
Validation of the IP header checksum (as well as the IGMP header checksum) and
discarding of the frame upon checksum error.
Maintenance of the forwarding table entries based on the MAC address versus the IP
address.
Flooding of unregistered multicast data packets to all ports in the VLAN.
[no] set igmp
Global Config
set igmp (interface)

This command enables IGMP Snooping on a selected interface. If an interface which has
IGMP Snooping enabled is enabled for routing or is enlisted as a member of a port-channel
(LAG), IGMP Snooping functionality will be disabled on that interface. IGMP Snooping
functionality will subsequently be re-enabled if routing is disabled or port-channel (LAG)
membership is removed from an interface that has IGMP Snooping enabled.
Default
disabled
Syntax
[no] set igmp
Mode
Interface Config
set igmp groupmembershipinterval

This command sets the IGMP Group Membership Interval time on the system. The Group
Membership Interval time is the amount of time in seconds that a switch will wait for a report
from a particular group on a particular interface before deleting the interface from the entry.
This value must be greater than the IGMP Maximum Response time value. The range is 2 to
3600 seconds.
The no version of this command sets the IGMP Group Membership Interval time on the
system to 260 seconds.
176
IGMP Commands
set igmp interfacemode all
Default
260
Syntax
[no] set igmp groupmembershipinterval 2-3600
Mode
Global Config
set igmp interfacemode all

This command enables IGMP Snooping on all interfaces. If an interface which has IGMP
Snooping enabled is enabled for routing or is enlisted as a member of a port-channel (LAG),
IGMP Snooping functionality will be disabled on that interface. IGMP Snooping
functionality will subsequently be re-enabled if routing is disabled or port-channel (LAG)
membership is removed from an interface that has IGMP Snooping enabled.
The no version of this command disables IGMP Snooping on all interfaces.
Default
disabled
Syntax
[no] set igmp interfacemode all
Mode
Global Config
set igmp maxresponse

This command sets the IGMP Maximum Response time on the system. The Maximum
Response time is the amount of time in seconds that a switch will wait after sending a query
on an interface because it did not receive a report for a particular group in that interface. This
value must be less than the IGMP Query Interval time value. The range is 1 to 3599 seconds.
The no version of this command sets the IGMP Maximum Response time on the system to 10
seconds.
Default
10
Syntax
set igmp maxresponse 1-3599

no set igmp maxresponse
Mode
Global Config
177
set igmp mcrtrexpiretime
set igmp mcrtrexpiretime

This command sets the Multicast Router Present Expiration time on the system. This is the
amount of time in seconds that a switch will wait for a query to be received on an interface
before the interface is removed from the list of interfaces with multicast routers attached. The
range is 0 to 3600 seconds. A value of 0 indicates an infinite timeout, i.e. no expiration.
The no version of this command sets the Multicast Router Present Expiration time on the
system to 0. A value of 0 indicates an infinite timeout, i.e. no expiration.
Default
Syntax
set igmp mcrtrexpiretime 0-3600

no set igmp mcrtrexpiretime
Mode
Global Config
show igmpsnooping
This command displays IGMP Snooping information. Configured information is displayed
whether or not IGMP Snooping is enabled. Status information is only displayed when IGMP
Snooping is enabled.
Syntax
Mode
show igmpsnooping
Privileged EXEC
Admin ModeThis indicates whether or not IGM
This displays the IGMP Query Interval Time. This is the amount of time a switch will wait for a report for
a particular group on a particular interface before it sends a query on that interface. This value may be
configured
Max Response TimeThis displays the amount of time the switch will wait after sending a query on an
interface because it did not receive a report for a particular group on that interface. This value may be
configured.
Multicast Router Present Expiration TimeIf a query is not received on an interface within this amount
of time, the interface is removed from the list of interfaces with multicast routers attached. This value
may be configured.
Interfaces Enabled for IGMP SnoopingThis is the list of interfaces on which IGMP Snooping is
enabled.
Multicast Control Frame CountThis displays the number of multicast control frames that are
processed by the CPU.
178
IGMP Commands
show mac-address-table igmpsnooping

This command displays the IGMP Snooping entries in the Multicast Forwarding Database
(MFDB) table.
Syntax
Mode
Privileged EXEC
Mac AddressA multicast MAC address for which the switch has forwarding and or filtering information.
The format is two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB. In a system the MAC address will be displayed as a MAC address and VLAN ID
combination of 8 bytes.
set igmp groupmembershipinterval

This command sets the IGMP Group Membership Interval time on a particular interface. The
Group Membership Interval time is the amount of time in seconds that a switch will wait for a
report from a particular group on a particular interface before deleting the interface from the
entry. This value must be greater than the IGMPv3 Maximum Response time value. The
range is 2 to 3600 seconds.
The no version of this command sets the IGMPv3 Group Membership Interval time on the
interface to the default value.
Default
260 seconds
Syntax
set igmp groupmembershipinterval <2-3600>

no set igmp groupmembershipinterval
Mode
Interface Config
179
set igmp groupmembershipinterval all
set igmp groupmembershipinterval all

This command sets the IGMP Group Membership Interval time on the system for all the
interfaces. The Group Membership Interval time is the amount of time in seconds that a
switch will wait for a report from a particular group on a particular interface before deleting
the interface from the entry. This value must be greater than the IGMP Maximum Response
time value. The range is 2 to 3600 seconds.
The no version of this command sets the IGMP Group Membership Interval time on all interfaces to the default value.
Default
260 seconds
Syntax
set igmp groupmembership-interval all <2-3600>

no set igmp groupmembershipinterval all
Mode
Global Config
set igmp maxresponse

This command sets the IGMP Maximum Response time on a particular interface. The
Maximum Response time is the amount of time in seconds that a switch will wait after
sending a query on an interface because it did not receive a report for a particular group in
that interface. This value must be less than the IGMP Query Interval time value. The range is
1 to 3599 seconds.
The no version of this command sets the IGMP Maximum Response time on the interface to
the default value.
Default
10 seconds
Syntax
set igmp maxresponse <1-3599>

no set igmp maxresponse
Mode
180
Interface Config
IGMP Commands
set igmp maxresponse all
set igmp maxresponse all

This command sets the IGMP Maximum Response time on the system for all the interfaces.
The Maximum Response time is the amount of time in seconds that a switch will wait after
sending a query on an interface because it did not receive a report for a particular group in
that interface. This value must be less than the IGMP Query Interval time value. The range is
1 to 3599 seconds.
The no version of this command sets the IGMP Maximum Response time on all interfaces to
the default value.
Default
10 seconds
Syntax
set igmp maxresponse all <1-3599>

no set igmp maxresponse all
Mode
Global Config
set igmp mcrtexpiretime

This command sets the Multicast Router Present Expiration time on a particular interface.
This is the amount of time in seconds that a switch will wait for a query to be received on an
interface before the interface is removed from the list of interfaces with multicast routers
attached. The range is 0 to 3600 seconds. A value of 0 indicates an infinite timeout, i.e. no
expiration.
The no version of this command sets the Multicast Router Present Expiration time on the
interface to 0. A value of 0 indicates an infinite timeout, i.e. no expiration.
Default
Syntax
set igmp mcrtexpiretime <0-3600>

no set igmp mcrtexpiretime
Mode
Interface Config
181
set igmp mcrtexpiretime all
set igmp mcrtexpiretime all

This command sets the Multicast Router Present Expiration time on the system for all the
interfaces. This is the amount of time in seconds that a switch will wait for a query to be
received on an interface before the interface is removed from the list of interfaces with
multicast routers attached. The range is 0 to 3600 seconds. A value of 0 indicates an infinite
timeout, i.e. no expiration.
The no version of this command sets the Multicast Router Present Expiration time on all
interfaces to 0. A value of 0 indicates an infinite timeout, i.e. no expiration.
Default
Syntax
set igmp mcrtexpiretime all <0-3600>

no set igmp mcrtexpiretime all
Mode
Global Config
set igmp fast-leave

This command enables or disables IGMP Snooping fast-leave admin mode on a selected
interface. Enabling fast-leave allows the switch to immediately remove the layer 2 LAN
interface from its forwarding table entry upon receiving an IGMP leave message for that
multicast group without first sending out MAC-based general queries to the interface.
Fast-leave admin mode should be enabled only on VLANs where only one host is connected
to each layer 2 LAN port, to prevent the inadverdent dropping of the other hosts that were
connected to the same layer 2 LAN port but were still interested in receiving multicast traffic
directed to that group. Also, fast-leave processing is supported only with IGMP version 2
hosts.
The no version of this command disables IGMP Snooping fast-leave admin mode on a
selected interface.
Default
disable
Syntax
[no] set igmp fast-leave
Mode
182
Interface Config
IGMP Commands
set igmp mrouter interface
set igmp mrouter interface

This command configures a selected interface as a multicast router interface. When
configured as a multicast router interface, the interface is treated as a multicast router
interface in all VLANs.
The no version of this command disables the status of the interface as a statically configured
multicast router interface.
Default
disable
Syntax
[no] set igmp mrouter interface
Mode
Interface Config
set igmp mrouter <vlan-id>

This command configures the VLAN ID(<vlanId>) that has the multicast router mode
enabled.
The no version of this command disables multicast router mode for a particular VLAN ID
(<vlanId>).
Syntax
Mode
[no] set igmp mrouter <vlanId>
Interface Config
show igmpsnooping
This command displays IGMP Snooping information. Configured information is displayed
whether or not IGMP Snooping is enabled.
Syntax
Mode
show igmpsnooping [unit/slot/port]
Privileged EXEC
This display parameters when the optional argument unit/slot/port is not used are as
follows:
Admin ModeThis indicates whether or not IGMP Snooping is active on the switch.
Interfaces Enabled for IGMP SnoopingThis is the list of interfaces on which IGMP Snooping is
enabled.
183
show igmpsnooping fast-leave
Multicast Control Frame CountThis displays the number of multicast control frames that are
processed by the CPU.
Data Frames Forwarded by the CPUThis displays the number of data frames that are forwarded by
the CPU.
The display parameters when the argument is unit/slot/port are as follows:

Interface Admin ModeThis indicates whether or not IGMP Snooping is active on the interface.
Query Interval TimeThis displays the IGMP Query Interval Time. This is the amount of time a switch
will wait for a report for a particular group on a particular interface before it sends a query on that
interface. This value may be configured
Max Response TimeThis displays the amount of time the switch will wait after sending a query on an
interface because it did not receive a report for a particular group on that interface. This value may be
configured.
Multicast Router Present Expiration TimeIf a query is not received on an interface within this amount
of time, the interface is removed from the list of interfaces with multicast routers attached. This value
may be configured.
show igmpsnooping fast-leave

This command displays IGMP Snooping Fast-leave information. Configured information is
displayed whether or not IGMP Snooping is enabled.
Syntax
Mode
show igmpsnooping fast-leave <unit/slot/port>
Privileged EXEC
Fast-Leave Admin ModeThis indicates whether or not IGMP Snooping Fast-leave is active on the
interface.
show igmpsnooping mrouter interface

This command displays information about statically configured ports.
Syntax
Mode
show igmpsnooping mrouter interface <unit/slot/port>
Privileged EXEC
unit/slot/portThe port on which multicast router information is being displayed.
Multicast Router AttachedThis indicates whether or not multicast router is statically enabled on the
interface.
184
IGMP Commands
VLAN IDThe list of VLANs of which the interface is a member.
185
186
IGMP Commands
Chapter 21
Link Aggregation (LAG)/

Port-Channel (802.1AD)
Commands
This section provides a detailed explanation of the LAG commands. The commands are

port-channel staticcapability
This command enables the support of port-channels (static link aggregations - LAGs) on the
device. By default, the static capability for all port-channels is disabled.
The no version of this command disables the support of static port-channels (link
aggregations - LAGs) on the device.
Default
disabled
Syntax
[no] port-channel staticcapability
Mode
Global Config
port lacpmode
This command enables Link Aggregation Control Protocol (LACP) on a port.
The no version of this command disables Link Aggregation Control Protocol (LACP) on a
port.
Default
disabled
187
port lacpmode all
Syntax
Mode
[no] port lacpmode
Interface Config
port lacpmode all

This command enables Link Aggregation Control Protocol (LACP) on all ports.
The no version of this command disables Link Aggregation Control Protocol (LACP) on all
ports.
Syntax
Mode
[no] port lacpmode all
Global Config
port-channel
This command configures a new port-channel (LAG) and generates a logical unit/slot/port
number for the port-channel. The <name> field is a character string which allows the dash '-'
character as well as alphanumeric characters. Display this number using the show
port-channel.
The no version of this command deletes a port-channel (LAG).
Note: Before including a port in a port-channel, set the port physical mode. See
speed command.
Syntax
Mode
[no] port-channel name
Global Config
port-channel adminmode all

This command enables a port-channel (LAG). The interface is a logical unit/slot/port for a
configured port-channel. The option all sets every configured port-channel with the same
administrative mode setting.
188
Link Aggregation (LAG)/Port-Channel (802.1AD) Commands
port-channel linktrap
The no version of this command disables a port-channel (LAG). The interface is a logical
unit/slot/port for a configured port-channel. The option all sets every configured
port-channel with the same administrative mode setting.
Syntax
Mode
port-channel adminmode all
Global Config
port-channel linktrap
This command enables link trap notifications for the port-channel (LAG). The interface is a
logical unit/slot/port for a configured port-channel. The option all sets every configured
port-channel with the same administrative mode setting.
The no version of this command disables link trap notifications for the port-channel (LAG).
The interface is a logical unit, slot and port slot and port for a configured port-channel. The
option all sets every configured port-channel with the same administrative mode setting.
Default
enabled
Syntax
[no] port-channel linktrap { logical unit/slot/port | all}
Mode
Global Config
port-channel name
This command defines a name for the port-channel (LAG). The interface is a logical unit/
slot/port for a configured port-channel, and name is an alphanumeric string up to 15
characters. This command is used to modify the name that was associated with the
port-channel when it was created.
Syntax
Mode
port-channel name { logical unit/slot/port | all | name }
Global Config
show port-channel brief

This command displays the static capability of all port-channels (LAGs) on the device as well
as a summary of individual port-channels.
189
show port-channel
Syntax
Mode
show port-channel brief

Static CapabilityThis field displays whether or not the device has static capability enabled.
For each port-channel the following information is displayed:

NameThis field displays the name of the port-channel.
Link StateThis field indicates whether the link is up or down.
Mbr PortsThis field lists the ports that are members of this port-channel, in <unit/slot/port>
notation.
Active PortsThis field lists the ports that are actively participating in this port-channel.
show port-channel
This command displays an overview of all port-channels (LAGs) on the switch.
Syntax
Mode
show port-channel { logical unit/slot/port | all}
Privileged EXEC
Logical unit/slot/portValid unit, slot and port number separated by forward slashes.
Lag NameThe name of this port-channel (LAG). You may enter any string of up to 15 alphanumeric
characters.
Link StateIndicates whether the Link is up or down.
Admin ModeMay be enabled or disabled. The factory default is enabled.
Link Trap ModeThis object determines whether or not to send a trap when link status changes. The
factory default is enabled.
STP ModeThe Spanning Tree Protocol Administrative Mode associated with the port or port-channel
(LAG). The possible values are:
Disable - Spanning tree is disabled for this port.
Enable - Spanning tree is enabled for this port.
Mbr PortsA listing of the ports that are members of this port-channel (LAG), in unit/slot/port
notation. There can be a maximum of eight ports assigned to a given port-channel (LAG).
Port SpeedSpeed of the port-channel port.
TypeThis field displays the status designating whether a particular port-channel (LAG) is statically or
dynamically maintained.
190
show port-channel summary
Static - The port-channel is statically maintained.

Dynamic - The port-channel is dynamically maintained.
Active PortsThis field lists the ports that are actively participating in the port-channel (LAG).

This command displays the static capability of all LAGs on the device as well as a summary
of individual LAGs.
Syntax
Mode
show port-channel
Privileged EXEC
Static Capabilitywhether the device has static capability enabled.
Port-channel/LAG Summary:
Lag NameThe name of the lag.
Link StateIndicates whether the Link is up or down.
Mbr PortsA listing of the ports that are members of this lag, in slot.port notation.
Active PortsA listing of ports that are actively participating in the LAG.
191
192
Chapter 22
Spanning Tree (STP)

Commands
This chapter provides a detailed explanation of the Spanning Tree commands. The commands

Note: The SFTOS software platform STP default mode is IEEE 802.1s, but the legacy
IEEE 802.1D mode is available. To change to the legacy IEEE 802.1D mode, set the
STP operational mode to disabled, then enable the IEEE 802.1D mode from the
source code. Recompile the Sftos software to operationally enable the IEEE 802.1D
mode. With the IEEE 802.1D mode operationally enabled, the rapid configuration and
multiple instances features are not available. If the rapid configuration and multiple
instances capabilities are required, use the IEEE 802.1s mode which is compatible
with the legacy IEEE 802.1D standard.
spanning-tree
This command sets the spanning-tree operational mode to enabled.
The no version of this command sets the spanning-tree operational mode to disabled. While
disabled, the spanning-tree configuration is retained and can be changed, but is not activated.
Default
disabled
Syntax
[no] spanning-tree
Mode
Global Config
193
spanning-tree configuration name
spanning-tree configuration name

This command sets the Configuration Identifier Name for use in identifying the configuration
that this switch is currently using. The <name> is a string of at most 32 characters.
The no version of this command resets the Configuration Identifier Name to its default.
Default
The base MAC address displayed using hexadecimal notation as specified in IEEE 802
standard.
Syntax
[no] spanning-tree configuration name name
Mode
Global Config
spanning-tree configuration revision

This command sets the Configuration Identifier Revision Level for use in identifying the
configuration that this switch is currently using. The Configuration Identifier Revision Level
is a number in the range of 0 to 65535.
The no version of this command sets the Configuration Identifier Revision Level for use in
identifying the configuration that this switch is currently using to the default value, in other
words, 0.
Default
Syntax
spanning-tree configuration revision 0-65535
Mode
Global Config
spanning-tree edgeport
This command specifies that this port is an Edge Port within the common and internal
spanning tree. This will allow this port to transition to Forwarding State without delay.
The no version of this command specifies that this port is not an Edge Port within the
common and internal spanning tree.
Syntax
Mode
194
[no] spanning-tree edgeport
Interface Config
Spanning Tree (STP) Commands
spanning-tree forceversion
spanning-tree forceversion
This command sets the Force Protocol Version parameter to a new value. The Force Protocol
Version can be one of the following:
802.1d - STP BPDUs are transmitted rather than MST BPDUs (IEEE 802.1d
functionality supported)
802.1w - RST BPDUs are transmitted rather than MST BPDUs (IEEE 802.1w
functionality supported)
802.1s - MST BPDUs are transmitted (IEEE 802.1s functionality supported)
The no version of this command sets the Force Protocol Version parameter to the default
value, in other words, 802.1s.
Default
802.1s
Syntax
[no] spanning-tree forceversion 802.1d | 802.1w | 802.1s
Mode
Global Config
spanning-tree forward-time
This command sets the Bridge Forward Delay parameter to a new value for the common and
internal spanning tree. The forward-time value is in seconds within a range of 4 to 30, with
the value being greater than or equal to "(Bridge Max Age / 2) + 1".
The no version of this command sets the Bridge Forward Delay parameter for the common
and internal spanning tree to the default value, in other words, 15.
Default
15
Syntax
[no] spanning-tree forward-time 4-30
Mode
Global Config
spanning-tree hello-time
This command sets the Admin Hello Time parameter to a new value for the common and
internal spanning tree. The hellotime <value> is in whole seconds within a range of 1 to 10
with the value being less than or equal to "(Bridge Max Age / 2) - 1".
195
spanning-tree max-age
The no version of this command sets the admin Hello Time parameter for the common and
internal spanning tree to the default value.
Default
Syntax
spanning-tree hello-time 1-10

no spanning-tree hello-time
Mode
Interface Config
spanning-tree max-age
This command sets the Bridge Max Age parameter to a new value for the common and
internal spanning tree. The max-age value is in seconds within a range of 6 to 40, with the
value being less than or equal to "2 times (Bridge Forward Delay - 1)".
The no version of this command sets the Bridge Max Age parameter for the common and
internal spanning tree to the default value, in other words, 20.
Default
20
Syntax
spanning-tree max-age <6-40>

no spanning-tree max-age
Mode
Global Config
spanning-tree mst
This command sets the Path Cost or Port Priority for this port within the multiple spanning
tree instance or in the common and internal spanning tree. If the <mstid> parameter
corresponds to an existing multiple spanning tree instance, then the configurations are done
for that multiple spanning tree instance. If however 0 (defined as the default CIST ID) is
passed as the <mstid>, then the configurations are performed for the common and internal
spanning tree instance.
If the cost token is specified, this command sets the path cost for this port within a multiple
spanning tree instance or the common and internal spanning tree instance, depending on the
<mstid> parameter. The pathcost can be specified as a number in the range of 1 to 200000000
or auto. If "auto" is specified, the pathcost value will be set based on Link Speed.
196
no spanning-tree mst
If the external-cost token is specified, this command sets the external-path cost for MST
instance 0 in other words, CIST instance. The external pathcost can be specified as a
number in the range of 1 to 200000000 or auto. If "auto" is specified, the external pathcost
value will be set based on Link Speed.
If the port-priority token is specified, this command sets the priority for this port within a
specific multiple spanning tree instance or the common and internal spanning tree instance,
depending on the <mstid> parameter. The port-priority value is a number in the range of 0 to
240 in increments of 16.
Default
cost : auto; external-cost : auto; port-priorty : 128
Syntax
spanning-tree mst mstid {{cost 1-200000000 | auto} | port-priority 0-240 }

Mode
Interface Config
This command sets the Path Cost or Port Priority for this port within the multiple spanning
tree instance or in the common and internal spanning tree to the respective default values. If
the <mstid> parameter corresponds to an existing multiple spanning tree instance, then the
configurations are done for that multiple spanning tree instance. If however 0 (defined as the
default CIST ID) is passed as the <mstid>, then the configurations are performed for the
common and internal spanning tree instance.
If the cost token is specified, this command sets the path cost for this port within a multiple
spanning tree instance or the common and internal spanning tree instance, depending on the
<mstid> parameter, to the default value, in other words, a pathcost value based on the Link
Speed.
If the external-cost token is specified, this command sets the external path cost for this port
for mst 0 instance, to the default value, in other words, a pathcost value based on the Link
Speed.
If the port-priority token is specified, this command sets the priority for this port within a
specific multiple spanning tree instance or the common and internal spanning tree instance,
depending on the <mstid> parameter, to the default value, in other words, 128.
Syntax
Mode
no spanning-tree mst <mstid> <cost | port-priority>
Interface Config
197
spanning-tree mst instance
spanning-tree mst instance

This command adds a multiple spanning tree instance to the switch. The instance <mstid> is a
number within a range of 1 to 4094, that corresponds to the new instance ID to be added. The
maximum number of multiple instances supported by SFTOS is 4.
The no version of this command removes a multiple spanning tree instance from the switch
and reallocates all VLANs allocated to the deleted instance to the common and internal
spanning tree. The instance <mstid> is a number that corresponds to the desired existing
multiple spanning tree instance to be removed.
Syntax
spanning-tree mst instance <mstid>

[no] spanning-tree mst instance <mstid>
Mode
Global Config
spanning-tree mst priority

This command sets the bridge priority for a specific multiple spanning tree instance. The
instance <mstid> is a number that corresponds to the desired existing multiple spanning tree
instance. The priority value is a number within a range of 0 to 61440 in increments of 4096.
If 0 (defined as the default CIST ID) is passed as the <mstid>, then this command sets the Bridge
Priority parameter to a new value for the common and internal spanning tree. The bridge
priority value again is a number within a range of 0 to 61440. The twelve least significant bits
will be masked according to the 802.1s specification. This will cause the priority to be
rounded down to the next lower valid priority.
The no version of this command sets the bridge priority for a specific multiple spanning tree
instance to the default value, in other words, 32768. The instance <mstid> is a number that
corresponds to the desired existing multiple spanning tree instance.
If 0 (defined as the default CIST ID) is passed as the <mstid>, then this command sets the
Bridge Priority parameter for the common and internal spanning tree to the default value, in
other words, 32768.
Default
32768
Syntax
spanning-tree mst priority mstid 0-61440

no spanning-tree mst priority mstid
Mode
198
Global Config
spanning-tree mst vlan
spanning-tree mst vlan

This command adds an association between a multiple spanning tree instance and a VLAN.
The VLAN will no longer be associated with the common and internal spanning tree. The
instance <mstid> is a number that corresponds to the desired existing multiple spanning tree
instance. The <vlanid> corresponds to an existing VLAN ID.
The no version of this command removes an association between a multiple spanning tree
instance and a VLAN. The VLAN will again be associated with the common and internal
spanning tree. The instance <mstid> is a number that corresponds to the desired existing
multiple spanning tree instance. The <vlanid> corresponds to an existing VLAN ID.
Syntax
spanning-tree mst vlan mstid vlanid

no spanning-tree mst vlan mstid vlanid
Mode
Global Config
spanning-tree port mode

This command sets the Administrative Switch Port State for this port to enabled.
The no version of this command sets the Administrative Switch Port State for this port to
disabled.
Default
disabled
Syntax
[no] spanning-tree port mode
Mode
Interface Config
spanning-tree port mode all

This command sets the Administrative Switch Port State for all ports to enabled.
The no version of this command sets the Administrative Switch Port State for all ports to
disabled.
Default
disabled
Syntax
[no] spanning-tree port mode all
199
spanning-tree
Mode
Global Config
spanning-tree
This command sets the STP mode for a specific port-channel (LAG). This is the value
specified for STP Mode on the Port Configuration Menu. 802.1D mode is the default. The
interface is a logical unit, slot and port slot and port for a configured port-channel. The all
option sets all configured port-channels (LAGs) with the same option.
Syntax
Mode
spanning-tree {logical unit/slot/port | all | [ off | 802.1d | fast ] }
Global Config
The mode is one of the following:
802.1dIEEE 802.1D-compliant STP mode is used
fastFast STP mode is used
offSTP is turned off
spanning-tree bpdumigrationcheck
This command enables BPDU migration check on a given interface. The all option enables
BPDU migration check on all interfaces.
The no version of this command disables BPDU migration check on a given interface. The
all option disables BPDU migration check on all interfaces.
Syntax
Mode
[no] spanning-tree bpdumigrationcheck {unit/slot/port | all}
Global Config
show spanning-tree
This command displays spanning tree settings for the common and internal spanning tree,
when the optional parameter brief is not included in the command. The following details
are displayed.
Syntax
200
show spanning-tree brief

show spanning-tree
Mode

Bridge PrioritySpecifies the bridge priority for the spanning tree.
Bridge IdentifierThe bridge identifier for the selected instance.
Time Since Topology ChangeThe time in seconds since the topology last changed.
Topology Change CountNumber of times the topology has changed.
Topology Change in progressBoolean value of the Topology Change parameter for the switch
indicating if a topology change is in progress on any port assigned to the common and internal spanning
tree.
Designated RootThe bridge identifier of the root bridge. It is derived from the bridge priority and the
base MAC address of the bridge.
Root Path CostValue of the Root Path Cost parameter for the common and internal spanning tree.
Root Port IdentifierPort to access the Designated Root.
Bridge Max AgeSpecifies the bridge maximum age for the spanning tree.
Bridge Forwarding DelaySpecifies the time spent in Listening and Learning mode before forwarding
packets. Bridge Forwarding Delay must be greater or equal to (Bridge Max Age/2) + 1. The time range
is from 4 seconds to 30 seconds. The default value is 15.
Hello TimeConfigured value of the parameter for common spanning tree.
Bridge Hold TimeMinimum time between transmission of Configuration Bridge Protocol Data Units
(BPDUs)
CST Regional RootBridge Identifier of the common spanning tree regional root. It is derived using the
bridge priority and the base MAC address of the bridge.
Regional Root Path CostPath cost to the common spanning tree Regional Root.
Associated FIDsList of forwarding database identifiers currently associated with this instance.
Associated VLANsList of VLAN IDs currently associated with this instance.
When the brief optional parameter is included, this command displays spanning tree
settings for the bridge. In this case, the following details are displayed.
Bridge PrioritySpecifies the bridge priority for the spanning tree.
Bridge IdentifierThe bridge identifier for the selected instance.
Bridge Max AgeSpecifies the bridge maximum age for the spanning tree.
Hello TimeConfigured value of the parameter for the common spanning tree.
Bridge Forwarding DelaySpecifies the time spent in Listening and Learning mode before forwarding
packets. Bridge Forwarding Delay must be greater or equal to (Bridge Max Age/2) + 1. The time range
is from 4 seconds to 30 seconds. The default value is 15.
Bridge Hold TimeMinimum time between transmission of Configuration Bridge Protocol Data Units
(BPDUs).
201
show spanning-tree interface
show spanning-tree interface

This command displays the settings and parameters for a specific switch port within the
common and internal spanning tree. The <unit/slot/port> is the desired switch port. The
following details are displayed on execution of the command.
Syntax
Mode
show spanning-tree interface unit/slot/port

Port modeEnabled or disabled.
Port Up Time Since Counters Last ClearedTime since port was reset, displayed in days, hours,
minutes, and seconds.
Hello TimeConfigured value of the parameter for common spanning tree.
STP BPDUs TransmittedSpanning Tree Protocol Bridge Protocol Data Units sent
STP BPDUs ReceivedSpanning Tree Protocol Bridge Protocol Data Units received.
RST BPDUs TransmittedRapid Spanning Tree Protocol Bridge Protocol Data Units sent
RST BPDUs ReceivedRapid Spanning Tree Protocol Bridge Protocol Data Units received.
MSTP BPDUs TransmittedMultiple Spanning Tree Protocol Bridge Protocol Data Units sent
MSTP BPDUs ReceivedMultiple Spanning Tree Protocol Bridge Protocol Data Units received.
show spanning-tree mst detailed

This command displays settings and parameters for the specified multiple spanning tree
instance. The instance <mstid> is a number that corresponds to the desired existing multiple
spanning tree instance ID. The following details are displayed.
Syntax
Mode
show spanning-tree mst detailed mstid

MST Instance IDThe ID of the MST being created.
MST Bridge PriorityThe bridge priority for the MST instance selected.
Time Since Topology ChangeThe time since the topology changed.
Topology Change CountNumber of times the topology has changed for this multiple spanning tree
instance.
Topology Change in ProgressValue of the Topology Change parameter for the multiple spanning tree
instance.
202
show spanning-tree mst port detailed
Designated RootIdentifier of the Regional Root for this multiple spanning tree instance.
Root Path CostPath Cost to the Designated Root for this multiple spanning tree instance.
Root Port IdentifierPort to access the Designated Root for this multiple spanning tree instance.
Associated FIDsList of forwarding database identifiers associated with this instance.
Associated VLANsList of VLAN IDs associated with this instance.
show spanning-tree mst port detailed

This command displays the detailed settings and parameters for a specific switch port within
a particular multiple spanning tree instance. The instance <mstid> is a number that
corresponds to the desired existing multiple spanning tree instance. The <unit/slot/port> is
the desired switch port.
Syntax
Mode
show spanning-tree mst port detailed mstid unit/slot/port

MST Instance IDThe ID of the MST instance.
Port IdentifierThe port identifier for the specified port within the spanning tree.
Port PriorityThe priority for a particular port within the selected MST instance.
Port Forwarding StateCurrent spanning tree state of this port
Port RoleEach MST Bridge Port that is enabled is assigned a Port Role for each spanning tree.
Port Path CostConfigured value of the Internal Port Path Cost parameter
Designated RootThe Identifier of the designated root for this port.
Designated Port CostPath Cost offered to the LAN by the Designated Port
Designated BridgeBridge Identifier of the bridge with the Designated Port.
Designated Port IdentifierPort on the Designated Bridge that offers the lowest cost to the LAN.
If 0 (defined as the default CIST ID) is passed as the <mstid>, then this command displays the
settings and parameters for a specific switch port within the common and internal spanning
tree. The <unit/slot/port> is the desired switch port. In this case, the following are
displayed.
Port IdentifierThe port identifier for this port within the CST.
Port PriorityThe priority of the port within the CST.
Port Forwarding StateThe forwarding state of the port within the CST.
203
show spanning-tree mst port summary
Port RoleThe role of the specified interface within the CST.

Port Path CostThe configured path cost for the specified interface.
Designated RootIdentifier of the designated root for this port within the CST.
Designated Port CostPath Cost offered to the LAN by the Designated Port.
Designated BridgeThe bridge containing the designated port
Designated Port IdentifierPort on the Designated Bridge that offers the lowest cost to the LAN
Topology Change AcknowledgementValue of flag in next Configuration Bridge Protocol Data Unit
(BPDU) transmission indicating if a topology change is in progress for this port.
Hello TimeThe hello time in use for this port.
Edge PortThe configured value indicating if this port is an edge port.
Edge Port StatusThe derived value of the edge port status. True if operating as an edge port; false
otherwise.
Point To Point MAC StatusDerived value indicating if this port is part of a point to point link.
CST Regional RootThe regional root identifier in use for this port.
CST Port CostThe configured path cost for this port.
show spanning-tree mst port summary

This command displays the settings of one or all ports within the specified multiple spanning
tree instance. The parameter <mstid> indicates a particular MST instance. The parameter
{<unit/slot/port> | all} indicates the desired switch port or all ports.
If 0 (defined as the default CIST ID) is passed as the <mstid>, then the status summary is
displayed for one or all ports within the common and internal spanning tree.
Syntax
Mode
show spanning-tree mst port summary mstid {unit/slot/port | all}

TypeCurrently not used.
STP StateThe forwarding state of the port in the specified spanning tree instance
Port RoleThe role of the specified port within the spanning tree.
204
show spanning-tree mst summary

This command displays summary information about all multiple spanning tree instances in
the switch. On execution, the following details are displayed.
Syntax
Mode

MST Instance ID List
List of multiple spanning trees IDs currently configured.
For each MSTID:

Associated FIDsList of forwarding database identifiers associated with this instance.
Associated VLANsList of VLAN IDs associated with this instance.
show spanning-tree summary

This command displays spanning tree settings and parameters for the switch. The following
details are displayed on execution of the command.
Syntax
show spanning-tree summary
Mode

Spanning Tree AdminmodeEnabled or disabled.
Spanning Tree VersionVersion of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE
802.1d) based upon the Force Protocol Version parameter
Configuration NameIdentifier used to identify the configuration currently being used.
Configuration Revision LevelIdentifier used to identify the configuration currently being used.
Configuration Digest KeyIdentifier used to identify the configuration currently being used.
MST InstancesList of all multiple spanning tree instances configured on the switch
205
show spanning-tree vlan
show spanning-tree vlan

This command displays the association between a VLAN and a multiple spanning tree
instance. The <vlanid> corresponds to an existing VLAN ID.
Syntax
Mode
show spanning-tree vlan vlanid

VLAN IdentifierThe VLANs associated with the selected MST instance.
Associated InstanceIdentifier for the associated multiple spanning tree instance or "CST" if associated
with the common and internal spanning tree
spanning-tree max-hops
This command sets the MSTP Max Hops parameter to a new value for the common and
internal spanning tree. The max-hops value is in a range of 1 to 127.
The no version of this command sets the Bridge Max Hops parameter for the common and
internal spanning tree to the default value.
Default
20
Syntax
spanning-tree max-hops 1-127

[no] spanning-tree max-hops
Mode
206
Global Config
Chapter 23
Security Commands
This section provides a detailed explanation of the Security commands. The commands are
divided into the following groups:
Configuration commands are used to configure features and options of the switch. For
Port Security
This section provides a detailed explanation of the Port Security commands. The commands
are divided into the following groups:
port-security
This command enables port locking at the system level (Global Config) or port level
(Interface Config).
The no version of this command disables port locking at the system level (Global Config) or
port level (Interface Config).
Default
Disabled
Syntax
[no] port-security
Modes
Global Config and Interface Config
207
port-security max-dynamic
port-security max-dynamic
This command sets the maximum of dynamically locked MAC addresses allowed on a
specific port.
The no version of this command resets the maximum of dynamically locked MAC addresses
allowed on a specific port to its default value.
Default
600
Syntax
port-security max-dynamic <maxvalue>

no port-security max-dynamic
Mode
Interface Config
port-security max-static
This command sets the maximum number of statically locked MAC addresses allowed on a
specific port.
The no version of this command resets the maximum of statically locked MAC addresses
allowed on a specific port to its default value.
Default
20
Syntax
port-security max-static <maxvalue>

no port-security max-static
Mode
Interface Config
port-security mac-address
This command adds a MAC address to the list of statically locked MAC addresses. The <vid>
is the VLAN ID.
The no version of this command removes a MAC address from the list of statically locked
MAC addresses.
Syntax
208
port-security mac-address <vid> <mac-address>
Security Commands
port-security mac-address move

no port-security mac-address <vid> <mac-address>
Mode
Interface Config

This command converts dynamically locked MAC addresses to statically locked addresses.
Syntax
Mode
Interface Config
snmp-server enable traps violation

This command enables the sending of new violation traps designating when a packet with a
disallowed MAC address is received on a locked port.
The no version of this command disables the sending of new violation traps.
Default
Disabled
Syntax
[no] snmp-server enable traps violation
Mode
Interface Config
show port-security
This command displays the port-security settings for the entire system.
Syntax
Mode
show port-security
Privileged EXEC
Admin ModePort Locking mode for the entire system
209
show port-security
show port-security
This command displays the port-security settings for a particular interface or all interfaces.
Syntax
Mode
show port-security <interface | all>
Privileged EXEC
Interface Admin ModePort Locking mode for the Interface.
Dynamic LimitMaximum dynamically allocated MAC Addresses.
Static LimitMaximum statically allocated MAC Addresses.
Violation Trap ModeWhether violation traps are enabled.
show port-security dynamic

This command displays the dynamically locked MAC addresses for port.
Syntax
Mode
MAC Address
show port-security dynamic <interface>
Privileged EXEC
MAC Address of dynamically locked MAC.
show port-security static

This command displays the statically locked MAC addresses for port.
Syntax
Mode
show port-security static <interface>
Privileged EXEC
MAC AddressMAC Address of statically locked MAC.
210
Security Commands
show port-security violation
show port-security violation

This command displays the source MAC address of the last packet that was discarded on a
locked port.
Syntax
Mode
show port-security violation <interface>
Privileged EXEC
MAC AddressMAC Address of discarded packet on locked port.
Port Based Network Access Control (IEEE 802.1X) Commands

This section provides a detailed explanation of the 802.1x commands. The commands are
authentication login
This command creates an authentication login list. The listname is up to 15 alphanumeric
characters and is not case sensitive. Up to 10 authentication login lists can be configured on
the switch. When a list is created, the authentication method local is set as the first method.
When the optional parameters Option1, Option2 and/or Option3 are used, an ordered
list of methods are set in the authentication login list. If the authentication login list does not
exist, a new authentication login list is first created and then the authentication methods are
set in the authentication login list. The maximum number of authentication login methods is
three. The possible method values are local, radius and reject.
The value of local indicates that the users locally stored ID and password are used for
authentication. The value of radius indicates that the users ID and password will be
authenticated using the RADIUS server. The value of reject indicates the user is never
authenticated.
To authenticate a user, the authentication methods in the users login will be attempted in
order until an authentication attempt succeeds or fails.
The no version of this command deletes the specified authentication login list. The attempt to
delete will fail if any of the following conditions are true:
211
clear dot1x statistics
The login list name is invalid or does not match an existing authentication login list
The specified authentication login list is assigned to any user or to the non configured
user for any component
The login list is the default login list included with the default configuration and was not
created using authentication login. The default login list cannot be deleted.
Note: The default login list included with the default configuration can not be changed.
Syntax
authentication login listname [method1 [method2 [method3]]]

no authentication login listname
Mode
Global Config
clear dot1x statistics

This command resets the 802.1x statistics for the specified port or for all ports.
Syntax
Mode
clear dot1x statistics { unit/slot/port | all }
Privileged EXEC
clear radius statistics

This command is used to clear all RADIUS statistics.
Syntax
Mode
clear radius statistics
Privileged EXEC
dot1x defaultlogin
This command assigns the authentication login list to use for non-configured users for 802.1x
port security. This setting is over-ridden by the authentication login list assigned to a specific
user if the user is configured locally. If this value is not configured, users will be
authenticated using local authentication only.
Syntax
212
dot1x defaultlogin listname

Security Commands
dot1x initialize
Mode
Global Config
dot1x initialize
This command begins the initialization sequence on the specified port. This command is only
valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an
error will be returned.
Syntax
Mode
dot1x initialize unit/slot/port
Privileged EXEC
dot1x login
This command assigns the specified authentication login list to the specified user for 802.1x
port security. The user parameter must be a configured user and the listname parameter
must be a configured authentication login list.
Syntax
Mode
dot1x login user listname
Global Config
dot1x max-req
This command sets the maximum number of times the authenticator state machine on this
port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant.
The count value must be in the range 1 - 10.
The no version of this command sets the maximum number of times the authenticator state
machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out
the supplicant.
Default
Syntax
dot1x max-req count
Mode
Interface Config
213
dot1x port-control
dot1x port-control
This command sets the authentication mode to be used on the specified port. The control
mode may be one of the following.
Force-unauthorizedThe authenticator PAE unconditionally sets the controlled port to
unauthorized.
Force-authorizedThe authenticator PAE unconditionally sets the controlled port to
authorized.
AutoThe authenticator PAE sets the controlled port mode to reflect the outcome of the
authentication exchanges between the supplicant, authenticator and the authentication server.
The no version of this command sets the authentication mode to be used on the specified port
to 'auto'.
Default
auto
Syntax
dot1x port-control {force-unauthorized | force-authorized | auto}

no dot1x port-control
Mode
Interface Config
dot1x port-control All

This command sets the authentication mode to be used on all ports. The control mode may be
one of the following.
Force-unauthorizedThe authenticator PAE unconditionally sets the controlled port to
unauthorized.
Force-authorizedThe authenticator PAE unconditionally sets the controlled port to
authorized.
AutoThe authenticator PAE sets the controlled port mode to reflect the outcome of the
authentication exchanges between the supplicant, authenticator and the authentication server.
The no version of this command sets the authentication mode to be used on all ports to 'auto'.
Default
auto
Syntax
dot1x port-control all {force-unauthorized | force-authorized | auto}

no dot1x port-control all
Mode
214
Global Config
Security Commands
dot1x re-authenticate
dot1x re-authenticate
This command begins the re-authentication sequence on the specified port. This command is
only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto'
an error will be returned.
Syntax
Mode
dot1x re-authenticate unit/slot/port
Privileged EXEC
dot1x re-authentication
This command enables re-authentication of the supplicant for the specified port.
The no version of this command disables re-authentication of the supplicant for the specified
port.
Default
disabled
Syntax
dot1x re-authentication
Mode
Interface Config
dot1x system-auth-control
This command is used to enable the dot1x authentication support on the switch. By default,
the authentication support is disabled. While disabled, the dot1x configuration is retained and
can be changed, but is not activated.
The no version of this command is used to disable the dot1x authentication support on the
switch.
Default
disabled
Syntax
dot1x system-auth-control
Mode
Global Config
215
dot1x timeout
dot1x timeout
This command sets the value, in seconds, of the timer used by the authenticator state machine
on this port. Depending on the token used and the value (in seconds) passed, various timeout
configurable parameters are set. The following tokens are supported.
The no version of this command sets the value, in seconds, of the timer used by the
authenticator state machine on this port to the default values. Depending on the token used,
the corresponding default values are set.
Parameters
reauth-periodSets the value, in seconds, of the timer used by the authenticator state machine on this
port to determine when re-authentication of the supplicant takes place. The reauth-period must be a
value in the range 1 - 65535.
quiet-periodSets the value, in seconds, of the timer used by the authenticator state machine on this
port to define periods of time in which it will not attempt to acquire a supplicant. The quiet-period must
be a value in the range 0 - 65535.
tx-periodSets the value, in seconds, of the timer used by the authenticator state machine on this port
to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The quiet-period
must be a value in the range 1 - 65535.
supp-timeoutSets the value, in seconds, of the timer used by the authenticator state machine on this
port to timeout the supplicant. The supp-timeout must be a value in the range 1 - 65535.
server-timeoutSets the value, in seconds, of the timer used by the authenticator state machine on this
port to timeout the authentication server. The supp-timeout must be a value in the range 1 - 65535.
Default
reauth-period: 3600 seconds

quiet-period: 60 seconds
tx-period: 30 seconds
supp-timeout: 30 seconds
server-timeout: 30 seconds
Syntax
dot1x timeout {{reauth-period seconds} | {quiet-period seconds} | {tx-period

seconds} | {supp-timeout seconds} | {server-timeout seconds}}
no dot1x timeout {reauth-period | quiet-period | tx-period | supp-timeout |
server-timeout}
Mode
216
Interface Config
Security Commands
dot1x user
dot1x user
This command adds the specified user to the list of users with access to the specified port or
all ports. The user parameter must be a configured user.
The no version of this command removes the user from the list of users with access to the
specified port or all ports.
Syntax
Mode
dot1x user user {unit/slot/port | all}
Global Config
show accounting
This command is used to display the configured RADIUS accounting mode, accounting
server and the statistics for the configured accounting server.
Syntax
Mode
show accounting [statistics ipaddr]
Privileged EXEC
If the optional token statistics ipaddr is not included, then only the accounting mode and
the RADIUS accounting server details are displayed.
Mode
Parameters
Enabled or disabled
IP AddressThe configured IP address of the RADIUS accounting server
PortThe port in use by the RADIUS accounting server
Secret ConfiguredYes or No
If the optional token statistics ipaddr is included, the statistics for the configured RADIUS
accounting server are displayed. The IP address parameter must match that of a previously
configured RADIUS accounting server. The following information regarding the statistics of
the RADIUS accounting server is displayed.
Accounting Server IP AddressIP Address of the configured RADIUS accounting server
Round Trip TimeThe time interval, in hundredths of a second, between the most recent
Accounting-Response and the Accounting-Request that matched it from the RADIUS accounting server.
RequestsThe number of RADIUS Accounting-Request packets sent to this accounting server. This
number does not include retransmissions.
RetransmissionThe number of RADIUS Accounting-Request packets retransmitted to this RADIUS
accounting server.
ResponsesThe number of RADIUS packets received on the accounting port from this server.
217
show authentication
Malformed ResponsesThe number of malformed RADIUS Accounting-Response packets received

from this server. Malformed packets include packets with an invalid length. Bad authenticators and
unknown types are not included as malformed accounting responses.
Bad AuthenticatorsThe number of RADIUS Accounting-Response packets containing invalid
authenticators received from this accounting server.
Pending RequestsThe number of RADIUS Accounting-Request packets sent to this server that have
not yet timed out or received a response.
TimeoutsThe number of accounting timeouts to this server.
Unknown TypesThe number of RADIUS packets of unknown types, which were received from this
server on the accounting port.
Packets DroppedThe number of RADIUS packets received from this server on the accounting port
and dropped for some other reason.
show authentication
This command displays the ordered authentication methods for all authentication login lists.
Syntax
Mode
show authentication
Privileged EXEC
Authentication Login ListThis displays the authentication login listname.
Method 1This displays the first method in the specified authentication login list, if any.
Method 2This displays the second method in the specified authentication login list, if any.
Method 3This displays the third method in the specified authentication login list, if any.
show authentication users

This command displays information about the users assigned to the specified authentication
login list. If the login is assigned to non-configured users, the user default will appear in the
user column.
Syntax
Mode
show authentication users listname
Privileged EXEC
UserThis field displays the user assigned to the specified authentication login list.
218
Security Commands
show dot1x
ComponentThis field displays the component (User or 802.1x) for which the authentication login list is
assigned.
show dot1x
This command is used to show a summary of the global dot1x configuration, summary
information of the dot1x configuration for a specified port or all ports, the detailed dot1x
configuration for a specified port and the dot1x statistics for a specified port - depending on
the tokens used.
Syntax
Mode
show dot1x [ { summary { unit/slot/port | all } | { detail unit/slot/port } | { statistics

unit/slot/port } ]
Privileged EXEC
If none of the optional parameters are used, the global dot1x configuration summary is
displayed.
Administrative modeIndicates whether authentication control on the switch is enabled or disabled.
If the optional parameter summary {unit/slot/port | all} is used, the dot1x configuration
for the specified port or all ports are displayed.
PortThe interface whose configuration is displayed.
Control ModeThe configured control mode for this port. Possible values are force-unauthorized |
force-authorized | auto
Operating Control ModeThe control mode under which this port is operating. Possible values are
authorized | unauthorized
Reauthentication EnabledIndicates whether re-authentication is enabled on this port
Key Transmission EnabledIndicates if the key is transmitted to the supplicant for the specified port
If the optional parameter detail unit/slot/port is used, the detailed dot1x configuration for
the specified port are displayed.
PortThe interface whose configuration is displayed
Protocol VersionThe protocol version associated with this port. The only possible value is 1,
corresponding to the first version of the dot1x specification.
PAE CapabilitiesThe port access entity (PAE) functionality of this port. Possible values are
Authenticator or Supplicant.
Authenticator PAE StateCurrent state of the authenticator PAE state machine. Possible values are
Initialize, Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held, ForceAuthorized,
and ForceUnauthorized.
219
show dot1x
Backend Authentication StateCurrent state of the backend authentication state machine. Possible
values are Request, Response, Success, Fail, Timeout, Idle, and Initialize.
Quiet PeriodThe timer used by the authenticator state machine on this port to define periods of time in
which it will not attempt to acquire a supplicant. The value is expressed in seconds and will be in the
range 0 and 65535.
Transmit PeriodThe timer used by the authenticator state machine on the specified port to determine
when to send an EAPOL EAP Request/Identity frame to the supplicant. The value is expressed in
seconds and will be in the range of 1 and 65535.
Supplicant TimeoutThe timer used by the authenticator state machine on this port to timeout the
supplicant. . The value is expressed in seconds and will be in the range of 1 and 65535.
Server TimeoutThe timer used by the authenticator on this port to timeout the authentication server.
The value is expressed in seconds and will be in the range of 1 and 65535.
Maximum RequestsThe maximum number of times the authenticator state machine on this port will
retransmit an EAPOL EAP Request/Identity before timing out the supplicant. The value will be in the
range of 1 and 10.
Reauthentication PeriodThe timer used by the authenticator state machine on this port to determine
when reauthentication of the supplicant takes place. The value is expressed in seconds and will be in
the range of 1 and 65535.
Reauthentication EnabledIndicates if reauthentication is enabled on this port. Possible values are
True or False.
Key Transmission Enabled Indicates if the key is transmitted to the supplicant for the specified port.
Possible values are True or False.
Control DirectionIndicates the control direction for the specified port or ports. Possible values are
both or in.
If the optional parameter statistics unit/slot/port is used, the dot1x statistics for the
specified port are displayed.
PortThe interface whose statistics are displayed.
EAPOL Frames ReceivedThe number of valid EAPOL frames of any type that have been received by
this authenticator.
EAPOL Frames TransmittedThe number of EAPOL frames of any type that have been transmitted by
this authenticator.
EAPOL Start Frames ReceivedThe number of EAPOL start frames that have been received by this
authenticator.
EAPOL Logoff Frames ReceivedThe number of EAPOL logoff frames that have been received by this
authenticator.
Last EAPOL Frame VersionThe protocol version number carried in the most recently received EAPOL
frame.
Last EAPOL Frame SourceThe source MAC address carried in the most recently received EAPOL
frame.
220
Security Commands
show dot1x users
EAP Response/Id Frames ReceivedThe number of EAP response/identity frames that have been
received by this authenticator.
EAP Response Frames ReceivedThe number of valid EAP response frames (other than resp/id
frames) that have been received by this authenticator.
EAP Request/Id Frames TransmittedThe number of EAP request/identity frames that have been
transmitted by this authenticator.
EAP Request Frames TransmittedThe number of EAP request frames (other than request/identity
frames) that have been transmitted by this authenticator.
Invalid EAPOL Frames ReceivedThe number of EAPOL frames that have been received by this
authenticator in which the frame type is not recognized.
EAP Length Error Frames ReceivedThe number of EAPOL frames that have been received by this
authenticator in which the frame type is not recognized.
show dot1x users

This command displays 802.1x port security user information for locally configured users.
Syntax
Mode
show dot1x users unit/slot/port
Privileged EXEC
UserUsers configured locally to have access to the specified port.
show users authentication

This command displays all user and all authentication login information. It also displays the
authentication login list assigned to the default user.
Syntax
Mode
show users authentication
Privileged EXEC
UserThis field lists every user that has an authentication login list assigned.
System LoginThis field displays the authentication login list assigned to the user for system login.
802.1x Port SecurityThis field displays the authentication login list assigned to the user for 802.1x port
security.
221
users defaultlogin
users defaultlogin
This command assigns the authentication login list to use for non-configured users when
attempting to log in to the system. This setting is overridden by the authentication login list
assigned to a specific user if the user is configured locally. If this value is not configured,
users will be authenticated using local authentication only.
Syntax
Mode
users defaultlogin listname
Global Config
users login
This command assigns the specified authentication login list to the specified user for system
login. The user must be a configured user and the listname must be a configured login list.
If the user is assigned a login list that requires remote authentication, all access to the
interface from all CLI, web, and telnet sessions will be blocked until the authentication is
complete.
Note that the login list associated with the admin user can not be changed to prevent
accidental lockout from the switch.
Syntax
Mode
users login user listname
Global Config
Remote Authentication Dial In User Service (RADIUS)

Commands
This section provides a detailed explanation of the RADIUS commands. The commands are
222
Security Commands
radius accounting mode

This command is used to enable the RADIUS accounting function.
The no version of this command is used to set the RADIUS accounting function to the default
value - i.e. the RADIUS accounting function is disabled.
Default
disabled
Syntax
Mode
Global Config
radius server host

This command is used to configure the RADIUS authentication and accounting server.
If the 'auth' token is used, the command configures the IP address to use to connect to a
RADIUS authentication server. Up to 3 servers can be configured per RADIUS client. If the
maximum number of configured servers is reached, the command will fail until one of the
servers is removed by executing the no form of the command. If the optional port parameter
is used, the command will configure the UDP port number to use to connect to the configured
RADIUS server. In order to configure the UDP port number, the IP address must match that
of a previously configured RADIUS authentication server. The port number must lie between
1 - 65535, with 1812 being the default value.
If the 'acct' token is used, the command configures the IP address to use for the RADIUS
accounting server. Only a single accounting server can be configured. If an accounting server
is currently configured, it must be removed from the configuration using the no form of the
command before this command succeeds. If the optional port parameter is used, the
command will configure the UDP port to use to connect to the RADIUS accounting server.
The IP address specified must match that of a previously configured accounting server. If a
port is already configured for the accounting server then the new port will replace the
previously configured value. The port must be a value in the range 1 - 65535, with 1813 being
the default value.
The no version of this command is used to remove the configured RADIUS authentication
server or the RADIUS accounting server. If the 'auth' token is used, the previously configured
RADIUS authentication server is removed from the configuration. Similarly, if the 'acct'
token is used, the previously configured RADIUS accounting server is removed from the
configuration. The ipaddr parameter must match the IP address of the previously configured
RADIUS authentication / accounting server.
Syntax
radius server host {auth | acct} ipaddr [port]

no radius server host {auth | acct} ipaddress
223
radius server key
Mode
Global Config
radius server key

This command is used to configure the shared secret between the RADIUS client and the
RADIUS accounting / authentication server. Depending on whether the 'auth' or 'acct' token is
used, the shared secret will be configured for the RADIUS authentication or RADIUS
accounting server. The IP address provided must match a previously configured server. When
this command is executed, the secret will be prompted. The secret must be an alphanumeric
value not exceeding 20 characters.
Syntax
Mode
radius server key {auth | acct} ipaddr
Global Config
radius server msgauth

This command enables the message authenticator attribute for a specified server.
Default
Mode
radius server msgauth ipaddr
Global Config
radius server primary

This command is used to configure the primary RADIUS authentication server for this
RADIUS client. The primary server is the one that is used by default for handling RADIUS
requests. The remaining configured servers are only used if the primary server cannot be
reached. A maximum of three servers can be configured on each client. Only one of these
servers can be configured as the primary. If a primary server is already configured prior to this
command being executed, the server specified by the IP address specified used in this
command will become the new primary server. The IP address must match that of a
previously configured RADIUS authentication server.
Syntax
Mode
224
radius server primary ipaddr
Global Config
Security Commands
radius server retransmit
radius server retransmit

This command sets the maximum number of times a request packet is re-transmitted when no
response is received from the RADIUS server. The retries value is an integer in the range of 1
to 15.
The no version of this command sets the maximum number of times a request packet is
re-transmitted, when no response is received from the RADIUS server, to the default value,
i.e. 10.
Default
10
Syntax
radius server retransmit retries

no radius server retransmit
Mode
Global Config
radius server timeout

This command sets the timeout value (in seconds) after which a request must be retransmitted
to the RADIUS server if no response is received. The timeout value is an integer in the range
of 1 to 30.
The no version of this command sets the timeout value (in seconds) after which a request
must be retransmitted to the RADIUS server if no response is received, to the default value,
i.e. 6.
Default
Syntax
radius server timeout seconds

no radius server timeout
Mode
Global Config
show radius
This command is used to display the various RADIUS configuration items for the switch as
well as the configured RADIUS servers. If the optional token 'servers' is not included, the
following RADIUS configuration items will be displayed.
Syntax
show radius [servers]
225
show radius statistics
Mode
Privileged EXEC
Primary Server IP AddressIndicates the configured server currently in use for authentication
Number of configured serversThe configured IP address of the authentication server
Max number of retransmitsThe configured value of the maximum number of times a request packet is
retransmitted
Timeout DurationThe configured timeout value, in seconds, for request re-transmissions
Accounting ModeYes or No
If the optional token 'servers' is included, the following information regarding the configured
RADIUS servers is displayed.
IP AddressIP Address of the configured RADIUS server
PortThe port in use by this server
TypePrimary or secondary
Secret ConfiguredYes / No
show radius statistics

This command is used to display the statistics for RADIUS or configured server . To show the
configured RADIUS server statistic, the IP Address specified must match that of a previously
configured RADIUS server. On execution, the following fields are displayed.
Syntax
Mode
show radius statistics [ipaddr]
Privileged EXEC
If ip address is not specified than only Invalid Server Address field is displayed. Otherwise
other listed fields are displayed.
Invalid Server AddressesThe number of RADIUS Access-Response packets received from unknown
addresses.
Server IP AddressIP address of the server.
Round Trip TimeThe time interval, in hundredths of a second, between the most recent Access-Reply
| Access-Challenge and the Access-Request that matched it from the RADIUS authentication server.
Access RequestsThe number of RADIUS Access-Request packets sent to this server. This number
does not include retransmissions.
Access RetransmissionThe number of RADIUS Access-Request packets retransmitted to this
RADIUS authentication server.
226
Security Commands
ip ssh
Access AcceptsThe number of RADIUS Access-Accept packets, including both valid and invalid
packets, which were received from this server.
Access RejectsThe number of RADIUS Access-Reject packets, including both valid and invalid
packets, which were received from this server.
Access ChallengesThe number of RADIUS Access-Challenge packets, including both valid and
invalid packets, which were received from this server.
Malformed Access ResponsesThe number of malformed RADIUS Access-Response packets
received from this server. Malformed packets include packets with an invalid length. Bad authenticators
or signature attributes or unknown types are not included as malformed access responses.
Bad AuthenticatorsThe number of RADIUS Access-Response packets containing invalid
authenticators or signature attributes received from this server.
Pending RequestsThe number of RADIUS Access-Request packets destined for this server that have
not yet timed out or received a response.
TimeoutsThe number of authentication timeouts to this server.
Unknown TypesThe number of RADIUS packets of unknown types, which were received from this
server on the authentication port.
Packets DroppedThe number of RADIUS packets received from this server on the authentication port
and dropped for some other reason.
Secure Shell (SSH) Commands

This section provides a detailed explanation of the SSH commands. The commands are
ip ssh
This command is used to enable SSH.
The no version of this command is used to disable SSH.
Default
disabled
Syntax
ip ssh
no ip ssh
Mode
Privileged EXEC
227
show ip ssh
show ip ssh
This command displays the ssh settings.
Syntax
Mode
show ip ssh
Privileged EXEC
Administrative ModeThis field indicates whether the administrative mode of SSH is enabled or
disabled.
Protocol LevelThe protocol level may have the values of version 1, version 2 or both versions 1 and
version 2.
ConnectionsThis field specifies the current ssh connections.
ip ssh protocol
This command is used to set or remove protocol levels (or versions) for SSH. Either SSH1
(1), SSH2 (2), or both SSH 1 and SSH 2 (1 and 2) can be set.
Default
1 and 2
Syntax
ip ssh protocol [1] [2]
Mode
Privileged EXEC
sshcon maxsessions
This command specifies the maximum number of SSH connection sessions that can be
established. A value of 0 indicates that no ssh connection can be established. The range is 0 to
5.
The no command sets the maximum number of SSH connection sessions that can be
established to the default value.
Default
Syntax
sshcon maxsessions <0-5>

no sshcon maxsessions
Mode
228
Privileged EXEC
Security Commands
sshcon timeout
sshcon timeout
This command sets the SSH connection session timeout value, in minutes. A session is active
as long as the session has been idle for the value set. A value of 0 indicates that a session
remains active indefinitely. The time is a decimal value from 0 to 160.
Changing the timeout value for active sessions does not become effective until the session is
reaccessed. Any keystroke will also activate the new timeout duration.
The no version of this command sets the SSH connection session timeout value, in minutes,
to the default.
Changing the timeout value for active sessions does not become effective until the session is
reaccessed. Any keystroke will also activate the new timeout duration.
Default
Syntax
sshcon timeout <0-160>

no sshcon timeout
Mode
Privileged EXEC
Hypertext Transfer Protocol (HTTP) Commands

This section provides a detailed explanation of the HTTP commands. The commands are
ip http secure-port
This command is used to set the sslt port where port can be 1-65535 and the default is port
443.
The no version of this command is used to reset the sslt port to the default value.
Default
443
Syntax
ip http secure-port portid

no ip http secure-port
229
ip http secure-protocol
Mode
Privileged EXEC
ip http secure-protocol
This command is used to set protocol levels (versions). The protocol level can be set to TLS1,
SSL3 or to both TLS1 and SSL3.
Default
SSL3 and TLS1
Syntax
ip http secure-protocol [SSL3] [TLS1]
Mode
Privileged EXEC
ip http secure-server
This command is used to enable the secure socket layer for secure HTTP.
The no version of this command is used to disable the secure socket layer for secure HTTP.
Default
disabled
Syntax
[no] ip http secure-server
Mode
Privileged EXEC
ip http server
This command enables access to the switch through the Web interface. When access is
enabled, the user can login to the switch from the Web interface. When access is disabled, the
user cannot login to the switch's Web server.
Disabling the Web interface takes effect immediately. All interfaces are effected.
The no version of this command disables access to the switch through the Web interface.
When access is disabled, the user cannot login to the switch's Web server.
230
Default
enabled
Syntax
ip http server
Security Commands
show ip http
Mode
Privileged EXEC
show ip http
This command displays the http settings for the switch.
Syntax
Mode
show ip http
Privileged EXEC
Secure-Server Administrative ModeThis field indicates whether the administrative mode of secure
HTTP is enabled or disabled.
Secure Protocol LevelThe protocol level may have the values of SSL3, TSL1, or both SSL3 and
TSL1.
Secure PortThis field specifies the port configured for SSLT.
HTTP ModeTHis field indicates whether the HTTP mode is enabled or disabled.
231
show ip http
232
Security Commands
Chapter 24
Quality of Service (QoS)

Commands
This chapter provides a detailed explanation of the Quality of Service (QOS) commands. The
following QOS commands are available in the FASTPATH software QOS module.
The commands are divided into these different groups:
Show commands are used to display device settings, statistics and other information.
Access Control List (ACL) Commands

Access Control Lists (ACLs) ensure that only authorized users have access to specific
resources while blocking off any unwarranted attempts to reach network resources.
ACL configuration for IP packet fragments is not supported.

The maximum number of rules per ACL translates into the number of hardware classifier
entries used when an ACL is attached to an interface. Increasing these values in the
FASTPATH software increases the RAM and NVSTORE usage.
ACLs are configured separately for Layer 2 and Layer 3/Layer 4. Some types of
hardware do not allow both types of ACLs to be applied to the same interface.
Wildcard masking for ACLs operates differently from a subnet mask. A wildcard mask is
in essence the inverse of a subnet mask. With a subnet mask, the mask has ones (1's) in
the bit positions that are used for the network address, and has zeros (0's) for the bit
postions that are not used. In contrast, a wildcard mask has (0s) in a bit position that must
be checked. A 1 in a bit position of the ACL mask indicates the corresponding bit can
be ignored.
233
mac access-list extended
mac access-list extended

This command creates a MAC Access Control List (ACL) identified by <name>, consisting
of classification fields defined for the Layer 2 header of an Ethernet frame. The <name>
parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying
the MAC access list.
If a MAC ACL by this name already exists, this command enters Mac-Access-List config
mode to allow updating the existing ACL.
Note: The CLI mode is changed to Mac-Access-List Config when this
command is successfully executed.
The no version of this command deletes a MAC ACL identified by <name> from the system.
Syntax
Mode
mac access-list extended <name>
Global Config
mac access-list extended rename

This command changes the name of a MAC Access Control List (ACL). The <name>
parameter is the name of an existing MAC ACL. The <newname> parameter is a
case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC
access list.
This command fails if a MAC ACL by the name <newname> already exists.
Syntax
Mode
234
mac access-list extended rename <name> <newname>
Global Config
Quality of Service (QoS) Commands
{deny|permit}
{deny|permit}
This command creates a new rule for the current MAC access list. Each rule is appended to
the list of configured rules for the list. Note that an implicit 'deny all' MAC rule always
terminates the access list.
Note: The 'no' form of this command is not supported, as the rules within an ACL
cannot be deleted individually. Rather, the entire ACL must be deleted and
re-specified.
A rule may either deny or permit traffic according to the specified classification fields. At a
minimum, the source and destination MAC value and mask pairs must be specified, each of
which may be substituted using the keyword any to indicate a match on any value in that
field. The bpdu keyword may be specified for the destination MAC value/mask pair
indicating a well-known BPDU MAC value of 01-80-c2-xx-xx-xx (hex), where 'xx' indicates
a don't care. The remaining command parameters are all optional.
The Ethertype may be specified as either a keyword or a four-digit hexadecimal value from
0x0600-0xFFFF. The currently supported <ethertypekey> values are: appletalk, arp,
ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp. Each of these
translates into its equivalent Ethertype value(s).
The assign-queue parameter allows specification of a particular hardware queue for handling
traffic that matches this rule. The allowed <queue-id> value is 0-(n-1), where n is the number
of user configurable queues available for the hardware platform. The redirect parameter
allows the traffic matching this rule to be forwarded to the specified <unit/slot/port>. The
assign-queue and redirect parameters are only valid for a 'permit' rule.
Syntax
{deny|permit} {<srcmac>| any} {<dstmac>} | any } [assign-queue <queue-id_0-6>]

[cos <0-7>] [<ethertypekey>] [<0x0600-0xFFFF>] [redirect <unit/slot/port>] [vlan
{eq <0-4095>]
Note: The special command form {deny|permit} any any is used to match all
Ethernet layer 2 packets, and is the equivalent of the IP access list "match every"
rule.
Mode
Mac-Access-List Config
mac access-group
This command attaches a specific MAC Access Control List (ACL) identified by <name> to
an interface in a given direction. The <name> parameter must be the name of an exsiting
MAC ACL.
235
show mac access-list
An optional sequence number may be specified to indicate the order of this access list relative
to other access lists already assigned to this interface and direction. A lower number indicates
higher precedence order. If a sequence number is already in use for this interface and
direction, the specified access list replaces the currently attached access list using that
sequence number. If the sequence number is not specified for this command, a sequence
number that is one greater than the highest sequence number currently in use for this interface
and direction will be used.
This command specified in 'Interface Config' mode only affects a single interface, whereas
the 'Global Config' mode setting is applied to all interfaces. The 'Interface Config' mode
command is only available on platforms that support independent per-port class of service
queue configuration.
The no version of this command removes a MAC ACL identified by <name> from the
interface in a given direction.
Syntax
mac access-group <name> {in} [sequence <1-4294967295>]

no mac access-group <name> {in}
Modes
show mac access-list

This command displays a MAC access list and all of the rules that are defined for the ACL.
The <name> parameter is used to identify a specific MAC ACL to display.
Syntax
Mode
show mac access-list <name>
Privileged EXEC
Rule NumberThe ordered rule number identifier defined within the ACL.
ActionDisplays the action associated with each rule. The possible values are Permit or Deny.
Source MAC AddressDisplays the source MAC address for this rule.
Source MAC MaskDisplays the source MAC mask for this rule.
Destination MAC AddressDisplays the destination MAC address for this rule.
Destination MAC MaskDisplays the destination MAC mask for this rule.
EthertypeDisplays the Ethertype keyword or custom value for this rule.
VLAN IDDisplays the VLAN identifier value or range for this rule.
COSDisplays the COS (802.1p) value for this rule.
236
show mac access-lists
Secondary VLAN IDDisplays the Secondary VLAN identifier value or range for this rule.
Secondary COSDisplays the Secondary COS (802.1p) value for this rule.
Assign QueueDisplays the queue identifier to which packets matching this rule are assigned.
Redirect InterfaceDisplays the unit/slot/port to which packets matching this rule are forwarded.

This command displays a summary of all defined MAC access lists in the system.
Syntax
Mode
Privileged EXEC
NameThe name of the MAC access list.
Number of RulesThe number of user-configured rules defined for this ACL.
This does not include the implicit 'deny all' rule defined at the end of every MAC ACL.
InterfacesDisplays the list of interfaces (unit/slot/port) to which this MAC ACL is attached in a
given direction.
DirectionDenotes the direction in which this MAC ACL is attached to the set of interfaces listed. The
possible values are Inbound or Outbound.
access-list
This command creates an Access Control List (ACL) that is identified by the parameter
accesslistnumber. The ACL number is an integer from 1 to 199. The range 1 to 99 is for
normal ACL List and 100 to 199 is extended ACL List. The ACL rule is created with the
option of permit or deny . The protocol to filter for an ACL rule is specified by giving the
protocol to be used like cmp,igmp,ip,tcp,udp. The command specifies a source ipaddress
and source mask for match condition of the ACL rule specified by the srcip and srcmask
parameters.The source layer 4 port match condition for the ACL rule are specified by the port
value parameter.The startport and endport parameters identify the first and last ports that
are part of the port range. They have values from 0 to 65535. The ending port must have a
value equal or greater than the starting port. The starting port, ending port, and all ports in
between will be part of the destination port range.The portvalue parameter uses a single
keyword notation and currently has the values of domain, echo, ftp, ftpdata, http, smtp,
snmp, telnet, tftp, and www. Each of these values translates into its equivalent port number,
237
ip access-group
which is used as both the start and end of a port range. The command specifies a destination
ipaddress and destination mask for match condition of the ACL rule specified by the dstip
and dstmask parameters.The command specifies the TOS for an ACL rule depending on a
match of precedence or DSCP values using the parameters tos, tosmask ,dscp.
The no version of this command deletes an ACL that is identified by the parameter
accesslistnumber from the system.
Default
none
Syntax
access-list {( 1-99 {deny | permit} srcip srcmask) | ( {100-199 {deny | permit} {evry |
{{icmp | igmp | ip | tcp | udp | number} srcip srcmask [{eq {portkey | portvalue} |
range startport endport}] dstip dstmask [{eq {portkey | portvalue} | range startport
endport}] [precedence precedence] [tos tos tosmask] [dscp dscp]}})}
no access-list accesslistnumber
Mode
Global Config
ip access-group
This command attach a specified access-control list to an interface.
Default
none
Syntax
ip access-group accesslistnumber in | out
Mode
Interface Config
ip access-group all
This command attach a specified access-control list to all interfaces.
Default
none
Syntax
ip access-group all accesslistnumber in | out
Mode
238
Global Config
show ip access-lists
This command displays an Access Control List (ACL) and all of the rules that are defined for
the ACL. The accesslistnumber is the number used to identify the ACL.
Syntax
Mode
show ip access-lists accesslistnumber

Rule NumberThis displays the number identifier for each rule that is defined for the ACL.
ActionThis displays the action associated with each rule. The possible values are Permit or Deny.
ProtocolThis displays the protocol to filter for this rule.
Source IP AddressThis displays the source IP address for this rule.
Source IP MaskThis field displays the source IP Mask for this rule.
Source PortsThis field displays the source port range for this rule.
Destination IP AddressThis displays the destination IP address for this rule.
Destination IP MaskThis field displays the destination IP Mask for this rule.
Destination PortsThis field displays the destination port range for this rule.
Service Type Field MatchThis field indicates whether an IP DSCP, IP Precedence, or IP TOS match
condition is specified for this rule.
Service Type Field ValueThis field indicates the value specified for the Service Type Field Match (IP
DSCP, IP Precedence, or IP TOS).
239
240
Chapter 25
Differentiated Services
(DiffServ)
This chapter contains the CLI commands used for the QOS Differentiated Services (DiffServ)
package.
The user configures DiffServ in several stages by specifying:
Class
creating and deleting classes

defining match criteria for a class. Note: The only way to remove an individual match
criterion from an existing class definition is to delete the class and re-create it.
creating and deleting policies

associating classes with a policy
defining policy statements for a policy/class combination
adding and removing a policy to/from a directional (i.e., inbound, outbound) interface
Policy
Service
Packets are filtered and processed based on defined criteria. The filtering criteria is defined
by a class. The processing is defined by a policy's attributes. Policy attributes may be
defined on a per-class instance basis, and it is these attributes that are applied when a match
occurs.
Packet processing begins by testing the match criteria for a packet. A policy is applied to a
packet when a class match within that policy is found.
Note that the type of class - all, any, or acl - has a bearing on the validity of match criteria
specified when defining the class. A class type of 'any' processes its match rules in an ordered
sequence; additional rules specified for such a class simply extend this list. A class type of
acl obtains its rule list by interpreting each ACL rule definition at the time the Diffserv class
is created. Differences arise when specifying match criteria for a class type 'all', since only
one value for each non-excluded match field is allowed within a class definition. If a field is
241
diffserv
already specified for a class, all subsequent attempts to specify the same field fail, including
the cases where a field can be specified multiple ways through alternative formats. The
exception to this is when the 'exclude' option is specified, in which case this restriction does
not apply to the excluded fields.
The following class restrictions are imposed by the FASTPATH DiffServ design:
nested class support limited to:

'any' within 'any'
'all' within 'all'
no nested 'not' conditions
no nested 'acl' class types
each class contains at most one referenced class
hierarchical service policies not supported in a class definition
access list matched by reference only, and must be sole criterion in a class
i.e., ACL rules copied as class match criteria at time of class
creation, with class type 'any'
implicit ACL 'deny all' rule also copied
no nesting of class type 'acl'
Regarding nested classes, referred to here as class references, a given class definition can
contain at most one reference to another class, which can be combined with other match
criteria. The referenced class is truly a reference and not a copy, since additions to a
referenced class affect all classes that reference it. Changes to any class definition currently
referenced by any other class must result in valid class definitions for all derived classes
otherwise the change is rejected. A class reference may be removed from a class definition.
The user can display summary and detailed information for classes, policies and services. All
configuration information is accessible via the CLI, Web, and SNMP user interfaces.
diffserv
This command sets the DiffServ operational mode to active. While disabled, the DiffServ
configuration is retained and can be changed, but it is not activated. When enabled, Diffserv
services are activated.
The no version of this command sets the DiffServ operational mode to inactive. While
disabled, the DiffServ configuration is retained and can be changed, but it is not activated.
When enabled, Diffserv services are activated.
242
Syntax
[no] diffserv
Mode
Global Config
Differentiated Services (DiffServ)
class-map
Class Commands
The class command set is used in DiffServ to define:
Traffic ClassificationSpecify Behavior Aggregate (BA), based on DSCP, and Multi-Field
(MF) classes of traffic (name, match criteria)
Service LevelsSpecify the BA forwarding classes / service levels. Conceptually, DiffServ
is a two-level hierarchy of classes: 1. Service/PHB, 2. Traffic Class
This set of commands consists of class creation/deletion and matching, with the class match
commands specifying layer 3, layer 2, and general match criteria. The class match criteria are
also known as class rules, with a class definition consisting of one or more rules to identify
the traffic belonging to the class. Note that once a class match criterion is created for a class,
it cannot be changed or deleted - the entire class must be deleted and re-created.
The CLI command root is class-map.
class-map
This command defines a new DiffServ class of type match-all, match-any or
match-access-group. The <classname> parameter is a case sensitive alphanumeric string
from 1 to 31 characters uniquely identifying the class (Note: the class name 'default' is
reserved and must not be used here).
When used without any match condition, this command enters the class-map mode. The
<classname> is the name of an existing DiffServ class (note: the class name 'default' is
reserved and is not allowed here)
The class type of match-all indicates all of the individual match conditions must be true for a
packet to be considered a member of the class.
This command may be used without specifying a class type to enter the Class-Map Config
mode for an existing DiffServ class.
Note: The CLI mode is changed to Class-Map Config when this command is
successfully executed.
The no version of this command eliminates an existing DiffServ class. The <classname> is
the name of an existing DiffServ class ( Note: the class name 'default' is reserved and is not
allowed here). This command may be issued at any time; if the class is currently referenced
by one or more policies or by any other class, this deletion attempt shall fail.
Syntax
class-map match-all <classmapname>
243
class-map rename
no class-map <classname>
Mode
Global Config
class-map rename
This command changes the name of a DiffServ class. The <classname> is the name of an
existing DiffServ class. The <newclassname> parameter is a case-sensitive alphanumeric
string from 1 to 31 characters uniquely identifying the class (Note: the class name default is
reserved and must not be used here).
Default
none
Syntax
class-map rename <classname> <newclassname>
Mode
Global Config
match ethertype
This command adds to the specified class definition a match condition based on the value of
the ethertype. The <ethertype> value is specified as one of the following keywords:
appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell,
pppoe, rarp or as a custom ethertype value in the range of 0x0600-0xFFFF.
Syntax
Mode
match ethertype {<keyword> | custom <0x0600-0xFFFF>}
Class-Map Config
match any
This command adds to the specified class definition a match condition whereby all packets
are considered to belong to the class.
Default
none
Syntax
match any
Mode
244
Class-Map Config
match class-map
match class-map
This command adds to the specified class definition the set of match conditions defined for
another class. The <refclassname> is the name of an existing DiffServ class whose match
conditions are being referenced by the specified class definition.
The no version of this command removes from the specified class definition the set of match
conditions defined for another class. The <refclassname> is the name of an existing DiffServ
class whose match conditions are being referenced by the specified class definition.
Default
none
Syntax
[no] match class-map <refclassname>
Mode
Restrictions
Class-Map Config
The class types of both <classname> and <refclassname> must be identical (i.e., any vs. any, or all
vs. all). A class type of acl is not supported by this command.
Cannot specify <refclassname> the same as <classname> (i.e., self-referencing of class name not
allowed).
At most one other class may be referenced by a class.
Any attempt to delete the <refclassname> class while still referenced by any <classname> shall
fail.
The combined match criteria of <classname> and <refclassname> must be an allowed
combination based on the class type. Any subsequent changes to the <refclassname> class match
criteria must maintain this validity, or the change attempt shall fail.
The total number of class rules formed by the complete reference class chain (includes both
predecessor and successor classes) must not exceed a platform-specific maximum.
In some cases, each removal of a refclass rule reduces the maximum number of available rules in the
class definition by one.
match cos
This command adds to the specified class definition a match condition for the Class of
Service value (the only tag in a single tagged packet or the first or outer 802.1Q tag of a
double VLAN tagged packet). The value may be from 0 to 7.
Default
none
Syntax
match cos <0-7>
Mode
Class-Map Config
245
match destination-address mac
match destination-address mac

This command adds to the specified class definition a match condition based on the
destination MAC address of a packet. The <macaddr> parameter is any layer 2 MAC
address formatted as six, two-digit hexadecimal numbers separated by colons (e.g.,
00:11:22:dd:ee:ff). The <macmask> parameter is a layer 2 MAC address bit mask, which
need not be contiguous, and is formatted as six, two-digit hexadecimal numbers separated by
colons (e.g., ff:07:23:ff:fe:dc).
Default
none
Syntax
match destination-address mac <macaddr> <macmask>
Mode
Class-Map Config
match dstip
destination IP address of a packet. The <ipaddr> parameter specifies an IP address. The
<ipmask> parameter specifies an IP address bit mask; note that although similar to a standard
subnet mask, this bit mask need not be contiguous.
Default
none
Syntax
match dstip <ipaddr> <ipmask>
Mode
Class-Map Config
match dstl4port
destination layer 4 port of a packet using a single keyword or numeric notation or a numeric
range notation.
To specify the match condition as a single keyword, the value for <portkey> is one of the
supported port name keywords. The currently supported <portkey> values are: domain,
echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, www. Each of these translates into its
equivalent port number, which is used as both the start and end of a port range.
To specify the match condition using a numeric notation, one layer 4 port number is required.
The port number is an integer from 0 to 65535.
246
match ip dscp
To specify the match condition using a numeric range notation, two layer 4 port numbers are
required and together they specify a contiguous port range. Each port number is an integer
from 0 to 65535, but with the added requirement that the second number be equal to or greater
than the first.
Default
none
Syntax
match dstl4port {portkey | <0-65535>} [0-65535]
Mode
Class-Map Config
match ip dscp
the IP DiffServ Code Point (DSCP) field in a packet, which is defined as the high-order six
bits of the Service Type octet in the IP header (the low-order two bits are not checked).
The <dscpval> value is specified as either an integer from 0 to 63, or symbolically through
one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33,
af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef.
Note: The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify
a match criterion for the same Service Type field in the IP header, but with a slightly different
user notation.
Default
none
Syntax
match ip dscp <dscpval>
Mode
Class-Map Config
match ip precedence
the IP Precedence field in a packet, which is defined as the high-order three bits of the Service
Type octet in the IP header (the low-order five bits are not checked). The precedence value is
an integer from 0 to 7.
Note: The IP DSCP, IP precedence, and IP TOS match conditions are alternative
ways to specify a match criterion for the same Service Type field in the IP header, but
with a slightly different user notation.
Default
none
247
match ip tos
Syntax
Mode
match ip precedence <0-7>
Class-Map Config
match ip tos
the IP TOS field in a packet, which is defined as all eight bits of the Service Type octet in the
IP header. The value of <tosbits> is a two-digit hexadecimal number from 00 to ff. The value
of <tosmask> is a two-digit hexadecimal number from 00 to ff.
The <tosmask> denotes the bit positions in <tosbits> that are used for comparison against
the IP TOS field in a packet. For example, to check for an IP TOS value having bits 7 and 5
set and bit 1 clear, where bit 7 is most significant, use a <tosbits> value of a0 (hex) and a
<tosmask> of a2 (hex).
Note: The IP DSCP, IP precedence, and IP TOS match conditions are alternative
ways to specify a match criterion for the same Service Type field in the IP header,
but with a slightly different user notation.
Note: In essence, this the free form version of the IP DSCP/Precedence/TOS
match specification in that the user has complete control of specifying which bits
of the IP Service Type field are checked.
Default
none
Syntax
match ip tos <tosbits> <tosmask>
Mode
Class-Map Config
match protocol
the IP Protocol field in a packet using a single keyword notation or a numeric value notation.
To specify the match condition using a single keyword notation, the value for
<protocol-name> is one of the supported protocol name keywords. The currently supported
values are: icmp, igmp, ip, tcp, udp. Note that a value of ip is interpreted to match all
protocol number values.
To specify the match condition using a numeric value notation, the protocol number is a
standard value assigned by IANA and is interpreted as an integer from 0 to 255. Note: This
command does not validate the protocol number value against the current list defined by
IANA.
248
match source-address mac
Default
none
Syntax
match protocol {protocol-name | <0-255>}
Mode
Class-Map Config
match source-address mac

This command adds to the specified class definition a match condition based on the source
MAC address of a packet. The <address> parameter is any layer 2 MAC address formatted
as six, two-digit hexadecimal numbers separated by colons (e.g., 00:11:22:dd:ee:ff). The
<macmask> parameter is a layer 2 MAC address bit mask, which need not be contiguous,
and is formatted as six, two-digit hexadecimal numbers separated by colons (e.g.,
ff:07:23:ff:fe:dc).
Default
none
Syntax
match source-address mac <address> <macmask>
Mode
Class-Map Config
match srcip
This command adds to the specified class definition a match condition based on the source IP
address of a packet. The <ipaddr> parameter specifies an IP address. The <ipmask>
parameter specifies an IP address bit mask; note that although it resembles a standard subnet
mask, this bit mask need not be contiguous.
Default
none
Syntax
match srcip <ipaddr> <ipmask>
Mode
Class-Map Config
match srcl4port
This command adds to the specified class definition a match condition based on the source
layer 4 port of a packet using a single keyword or numeric notation or a numeric range
notation.
To specify the match condition as a single keyword notation, the value for <portkey> is one
of the supported port name keywords (listed below).
249
match vlan
The currently supported <portkey> values are: domain, echo, ftp, ftpdata, http, smtp,
snmp, telnet, tftp, www. Each of these translates into its equivalent port number, which is
used as both the start and end of a port range.
To specify the match condition as a numeric value, one layer 4 port number is required. The
port number is an integer from 0 to 65535.
To specify the match condition as a range, rwo layer 4 port numbers are required and together
they specify a contiguous port range. Each port number is an integer from 0 to 65535, but
with the added requirement that the second number be equal to or greater than the first.
Default
None
Syntax
match srcl4port {portkey | <0-65535>} [0-65535]
Mode
Class-Map Config
match vlan
the layer 2 VLAN Identifier field (the only tag in a single tagged packet or the first or outer
tag of a double VLAN tagged packet). The VLAN ID is an integer from 1 to 4094.
Default
None
Syntax
match vlan <1-4094>
Mode
Class-Map Config
Policy Commands
The policy command set is used in DiffServ to define:
Traffic ConditioningSpecify traffic conditioning actions (policing, marking, shaping) to
apply to traffic classes
Service ProvisioningSpecify bandwidth and queue depth management requirements of
service levels (EF, AF, etc.)
The policy commands are used to associate a traffic class, which was defined by the class
command set, with one or more QoS policy attributes. This association is then assigned to an
interface to form a service. The user specifies the policy name when the policy is created.
250
assign-queue
The DiffServ CLI does not necessarily require that users associate only one traffic class to
one policy. In fact, multiple traffic classes can be associated with a single policy, each
defining a particular treatment for packets that match the class definition. When a packet
satisfies the conditions of more than one class, preference is based on the order in which the
classes were added to the policy, with the foremost class taking highest precedence.
This set of commands consists of policy creation/deletion, class addition/removal, and
individual policy attributes. Note that the only way to remove an individual policy attribute
from a class instance within a policy is to remove the class instance and re-add it to the policy.
The values associated with an existing policy attribute can be changed without removing the
class instance.
Class instances are always added to the end of an existing policy. While existing class
instances may be removed, their previous location in the policy is not reused, so the number
of class instance additions/removals is limited. In general, significant changes to a policy
definition require that the entire policy be deleted and re-created with the desired
configuration.
The CLI command root is policy-map.
assign-queue
This command modifies the queue id to which the associated traffic stream is assigned. The
queueid is an integer from 0 to n-1, where n is the number of egress queues supported by the
device.
Syntax
Mode
assign-queue <queueid>
Policy-Class-Map Config
drop
This command specifies that all packets for the associated traffic stream are to be dropped at
ingress.
Syntax
Mode
drop
251
redirect
redirect
This command specifies that all incoming packets for the associated traffic stream are
redirected to a specific egress interface (physical port or port-channel).
Syntax
redirect <unit/slot/port>
Mode
conform-color
This command is used to enable color-aware traffic policing and define the conform-color
and exceed-color class maps used. Used in conjunction with the police command where the
fields for the conform level (for simple, single-rate, and two-rate policing) and optionally the
exceed level (for single-rate and two-rate policing) are specified. The <class-map-name>
parameter is the name of an existing Diffserv class map, where different ones must be used
for the conform and exceed colors.
The no version of this command disables the color-aware traffic policing and mapping.
Syntax
conform-color <class-map-name> [exceed-color <class-map-name>]

no conform-color
Mode
class
This command creates an instance of a class definition within the specified policy for the
purpose of defining treatment of the traffic class through subsequent policy attribute
statements. The <classname> is the name of an existing DiffServ class. Note that this
command causes the specified policy to create a reference to the class definition.
Note: The CLI mode is changed to Policy-classmap Config when this
command is successfully executed.
The no version of this command deletes the instance of a particular class and its defined
treatment from the specified policy. <classname> is the names of an existing DiffServ class.
Note that this command removes the reference to the class definition for the specified policy.
Syntax
Mode
252
[no] class <classname>
Policy-Map Config
mark cos
mark cos
This command marks all packets for the associated traffic stream with the specified class of
service value in the priority field of the 802.1p header. If the packet does not already contain
this header, one is inserted. The CoS value is an integer from 0 to 7.
Default
Syntax
mark cos <0-7>
Mode
Policy Type
Policy-class-Map Config
In
mark ip-dscp
This command marks all packets for the associated traffic stream with the specified IP DSCP
value.
The <dscpval> value is specified as either an integer from 0 to 63, or symbolically through
one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33,
af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef.
Syntax
Mode
Policy Type
Incompatibilities
mark ip-dscp <dscpval>
Policy-classmap Config
In
Mark IP Precedence, Police (all forms)
mark ip-precedence
This command marks all packets for the associated traffic stream with the specified IP
Precedence value. The IP Precedence value is an integer from 0 to 7.
Syntax
Mode
Policy Type
Incompatibilities
mark ip-precedence <0-7>

In
Mark IP DSCP, Police (all forms)
253
police-simple
police-simple
This command is used to establish the traffic policing style for the specified class. The simple
form of the police command uses a single data rate and burst size, resulting in two outcomes:
conform and nonconform. The conforming data rate is specified in kilobits-per-second
(Kbps) and is an integer from 1 to 4294967295. The conforming burst size is specified in
kilobytes (KB) and is an integer from 1 to 128.
For each outcome, the only possible actions are drop, set-cos-transmit,
set-sec-cos-transmit, set-dscp-transmit, set-prec-transmit, or transmit. In this
simple form of the police command, the conform action defaults to transmit and the violate
action defaults to drop. These actions can be set with this command once the style has been
configured.
For set-dscp-transmit, a <dscpval> value is required and is specified as either an integer from
0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21,
af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6,
cs7, ef.
For set-prec-transmit, an IP Precedence value is required and is specified as an integer from

0-7.
Syntax
Mode
Restrictions
Only one style of police command (simple, singlerate, tworate) is allowed for a given class
instance in a particular policy.
Policy Type
In
Incompatibilities
254
police-simple {<1-4294967295> <1-128> conform-action {drop | set-prec-transmit

<0-7> | set-dscp-transmit <0-63> | set-cos-transmit <0-7> |
set-secondary-cos-transmit <0-7> | transmit} [violate-action {drop |
set-prec-transmit <0-7> | set-dscp-transmit <0-63> | set-cos-transmit <0-7> |
set-secondary-cos-transmit <0-7> | transmit}]}
Mark IP DSCP, Mark IP Precedence
policy-map
policy-map
This command establishes a new DiffServ policy. The <policyname> parameter is a
case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the policy.
The type of policy is specific to either the inbound or outbound traffic direction as indicated
by the {in | out} parameter.
Note: The policy type dictates which of the individual policy attribute commands are
valid within the policy definition.
Note: The CLI mode is changed to Policy-Map Config when this command is
successfully executed.
The no version of this command eliminates an existing DiffServ policy. The <policyname>
parameter is the name of an existing DiffServ policy. This command may be issued at any
time; if the policy is currently referenced by one or more interface service attachments, this
deletion attempt shall fail.
Syntax
policy-map <policyname> <in>

no policy-map <policyname>
Mode
Global Config
policy-map rename
This command changes the name of a DiffServ policy. The <policyname> is the name of an
existing DiffServ class. The <newpolicyname> parameter is a case-sensitive alphanumeric
string from 1 to 31 characters uniquely identifying the policy.
Syntax
Mode
policy-map rename <policyname> <newpolicyname>
Global Config
Service Commands
The service command set is used in DiffServ to define:
Traffic ConditioningAssign a DiffServ traffic conditioning policy (as specified by the policy commands)
to an interface in the incoming direction
Service ProvisioningAssign a DiffServ service provisioning policy (as specified by the policy
commands) to an interface in the outgoing direction
255
service-policy
The service commands attach a defined policy to a directional interface. Only one policy may
be assigned at any one time to an interface in a particular direction. The policy type (in, out)
must match the interface direction to which it is attached.
This set of commands consists of service addition/removal.
The CLI command root is service-policy.
service-policy
This command attaches a policy to an interface in a particular direction. The command can be
used in the Interface Config mode to attach a policy to a specific interface. Alternatively, the
command can be used in the Global Config mode to attach this policy to all system interfaces.
The direction value is either in or out. The <policyname> parameter is the name of an
existing DiffServ policy, whose type must match the interface direction. Note that this
command causes a service to create a reference to the policy.
Note: This command effectively enables DiffServ on an interface (in a particular
direction). There is no separate interface administrative 'mode' command for
DiffServ.
Note: This command shall fail if any attributes within the policy definition exceed
the capabilities of the interface. Once a policy is successfully attached to an
interface, any attempt to change the policy definition such that it would result in a
violation of said interface capabilities shall cause the policy change attempt to fail.
The no version of this command detaches a policy from an interface in a particular direction.
The command can be used in the Interface Config mode to detach a policy from a specific
interface. Alternatively, the command can be used in the Global Config mode to detach this
policy from all system interfaces to which it is currently attached. The direction value is either
in or out. The <policyname> parameter is the name of an existing DiffServ policy. Note that
this command causes a service to remove its reference to the policy.
Note: This command effectively disables DiffServ on an interface (in a
particular direction). There is no separate interface administrative
'mode' command for DiffServ.
Syntax
[no] service-policy <in> <policymapname>
Modes
Global Config (for all system interfaces)

Interface Config (for a specific interface)
Restrictions
256
Only a single policy may be attached to a particular interface in a particular direction at any
one time.
show class-map
Show Commands
The 'show' command set is used in DiffServ to display configuration and status information
for:
Classes
Policies
Services
This information can be displayed in either summary or detailed formats. The status
information is only shown when the DiffServ administrative mode is enabled; it is suppressed
otherwise.
There is also a show command for general DiffServ information that is available at any time.
show class-map
This command displays all configuration information for the specified class. The
is the name of an existing DiffServ class.
<classname>
Syntax
show class-map <classname>
Mode

If the Class Name is specified the following fields are displayed:
Class NameThe name of this class.
Class TypeThe class type (all, any, or acl) indicating how the match criteria are evaluated for this
class. A class type of all means every match criterion defined for the class is evaluated simultaneously
they must all be true to indicate a class match. For a type of any each match criterion is evaluated
sequentially and only one need be true to indicate a class match. Class type acl rules are evaluated in a
hybrid manner, with those derived from each ACL Rule grouped and evaluated simultaneously, while
each such grouping is evaluated sequentially.
Match CriteriaThe Match Criteria fields are only be displayed if they have been configured. They are
displayed in the order entered by the user. The fields are evaluated in accordance with the class type.
The possible Match Criteria fields are: Class of Service, Destination IP Address, Destination Layer 4
Port, Destination MAC Address, Every, IP DSCP, IP Precedence, IP TOS, Protocol Keyword, Reference
Class, Source IP Address, Source Layer 4 Port, Source MAC Address, COS, Secondary COS, and
VLAN, Secondary VLAN, and Ethertype.
ValuesThis field displays the values of the Match Criteria.
ExcludedThis field indicates whether or not this Match Criteria is excluded.
If the Class Name is not specified, this command displays a list of all defined DiffServ
classes. The following fields are displayed:
257
show diffserv
Class NameThe name of this class. (Note that the order in which classes are displayed is not
necessarily the same order in which they were created.)
Class TypeThe class type (all, any, or acl) indicating how the match criteria are evaluated for this
class. A class type of all means every match criterion defined for the class is evaluated simultaneously
they must all be true to indicate a class match.For a type of any each match criterion is evaluated
sequentially and only one need be true to indicate a class match. Class type acl rules are evaluated in a
hybrid manner, with those derived from each ACL Rule grouped and evaluated simultaneously, while
each such grouping is evaluated sequentially.
ACL NumberThe ACL number used to define the class match conditions at the time the class was
created. This field is only meaningful if the class type is acl. (Note that the contents of the ACL may have
changed since this class was created.)
Ref Class NameThe name of an existing DiffServ class whose match conditions are being referenced
by the specified class definition.
show diffserv
This command displays the DiffServ General Status Group information, which includes the
current administrative mode setting as well as the current and maximum number of rows in
each of the main DiffServ private MIB tables. This command takes no options.
Syntax
Mode
show diffserv
Privileged EXEC
DiffServ Admin modeThe current value of the DiffServ administrative mode.
Class Table SizeThe current number of entries (rows) in the Class Table.
Class Table MaxThe maximum allowed entries (rows) for the Class Table.
Class Rule Table SizeThe current number of entries (rows) in the Class Rule Table.
Class Rule Table MaxThe maximum allowed entries (rows) for the Class Rule Table.
Policy Table SizeThe current number of entries (rows) in the Policy Table.
Policy Table MaxThe maximum allowed entries (rows) for the Policy Table.
Policy Instance Table SizeThe current number of entries (rows) in the Policy Instance Table.
Policy Instance Table MaxThe maximum allowed entries (rows) for the Policy Instance Table.
Policy Attribute Table SizeThe current number of entries (rows) in the Policy Attribute Table.
Policy Attribute Table MaxThe maximum allowed entries (rows) for the Policy Attribute Table.
Service Table SizeThe current number of entries (rows) in the Service Table.
Service Table MaxThe maximum allowed entries (rows) for the Service Table.
258
show policy-map
show policy-map
This command displays all configuration information for the specified policy. The
<policyname> is the name of an existing DiffServ policy.
Syntax
Mode
show policy-map [policyname]
Conform COSThe action to be taken on conforming packets per the policing metrics.
Conform Secondary COSThe action to be taken on packets conforming with the secondary class of
service value per the policing metrics.
Exceed COSThe action to be taken on excess packets per the policing metrics.
Exceed Secondary COSThe action to be taken on excess packets conforming with the secondary
class of service value per the policing metrics.
Non-Conform COSThe action to be taken on violating packets per the policing metric.
Non-Conform Secondary COSThe action to be taken on violating packets conforming with the
secondary class of service per the policing metric.
Assign QueueDirects traffic stream to the specified QoS queue. This allows a traffic classifier to
specify which one of the supported hardware queues are used for handling packets belonging to the
class.
DropDrop a packet upon arrival. This is useful for emulating access control list operation using
DiffServ, especially when DiffServ and ACL cannot co-exist on the same interface.
RedirectForces a classified traffic stream to a specified egress port (physical or LAG). This can occur
in addition to any marking or policing action. It may also be specified along with a QoS queue
assignment.
If the Policy Name is specified the following fields are displayed:

Policy NameThe name of this policy.
TypeThe policy type, namely whether it is an inbound or outbound policy definition.
The following information is repeated for each class associated with this policy (only those
policy attributes actually configured are displayed):
Class NameThe name of this class.
Mark CoSDenotes the class of service value that is set in the 802.1p header of outbound packets.
This is not displayed if the mark cos was not specified.
Mark IP DSCP
Denotes the mark/re-mark value used as the DSCP for traffic matching this class. This is not displayed
if mark ip description is not specified using the police-two-rate command, or if policing is in use for the
class under this policy.
259
show policy-map
Mark IP Precedence
Denotes the mark/re-mark value used as the IP Precedence for traffic matching this class. This is not
displayed if precedence is not specified using police-two-rate command, or if either mark DSCP or
policing is in use for the class under this policy.
Policing StyleThis field denotes the style of policing, if any, used (simple, single rate, or two rate).
Committed Rate (Kbps)This field displays the committed rate, used in simple policing, single-rate
policing, and two-rate policing.
Committed Burst Size (KB)This field displays the committed burst size, used in simple policing,
single-rate policing, and two-rate policing.
Excess Burst Size (KB)This field displays the excess burst size, used in single-rate policing.
Peak Rate (Kbps)This field displays the peak rate, used in two-rate policing.
Peak Burst Size (KB)This field displays the peak burst size, used in two-rate policing.
Conform ActionThe current setting for the action taken on a packet considered to conform to the
policing parameters. This is not displayed if policing is not in use for the class under this policy.
Conform DSCP ValueThis field shows the DSCP mark value if the conform action is markdscp.
Conform IP Precedence ValueThis field shows the IP Precedence mark value if the conform action is
markprec.
Exceed ActionThe current setting for the action taken on a packet considered to exceed to the
policing parameters. This is not displayed if policing not in use for the class under this policy.
Exceed DSCP ValueThis field shows the DSCP mark value if this action is markdscp.
Exceed IP Precedence ValueThis field shows the IP Precedence mark value if this action is markprec.
Non-Conform ActionThe current setting for the action taken on a packet considered to not conform to
the policing parameters. This is not displayed if policing not in use for the class under this policy.
Non-Conform DSCP ValueThis field displays the DSCP mark value if this action is markdscp.
Non-Conform IP Precedence ValueThis field displays the IP Precedence mark value if this action is
markprec.
BandwidthThis field displays the minimum amount of bandwidth reserved in either percent or
kilobits-per-second.
Expedite Burst Size (KBytes)This field displays the maximum guaranteed amount of bandwidth
reserved in either percent or kilobits-per-second format.
Shaping AverageThis field is displayed if average shaping is in use. Indicates whether average or
peak rate shaping is in use, along with the parameters used to form the traffic shaping criteria, such as
CIR and PIR. This is not displayed if shaping is not configured for the class under this policy.
Shape Committed Rate (Kbps)This field is displayed if average or peak rate shaping is in use. It
displays the shaping committed rate in kilobits-per-second.
Shape Peak Rate (Kbps)This field is displayed if peak rate shaping is in use. It displays the shaping
peak rate in kilobits-per-second.
260
show diffserv service
Random Drop Minimum ThresholdThis field displays the RED minimum threshold.This is not
displayed if the queue depth management scheme is not RED.
Random Drop Maximum ThresholdThis field displays the RED maximum threshold.This is not
displayed if the queue depth management scheme is not RED.
Random Drop Maximum Drop ProbabilityThis field displays the RED maximum drop probability.This is
not displayed if the queue depth management scheme is not RED.
Random Drop Sampling RateThis field displays the RED sampling rate.This is not displayed if the
queue depth management scheme is not RED.
Random Drop Decay ExponentThis field displays the RED decay exponent.This is not displayed if the
queue depth management scheme is not RED.
If the Policy Name is not specified this command displays a list of all defined DiffServ
policies. The following fields are displayed:
Policy NameThe name of this policy. (Note that the order in which the policies are displayed is not
necessarily the same order in which they were created.)
Policy TypeThe policy type, namely whether it is an inbound or outbound policy definition.
Class MembersList of all class names associated with this policy.
show diffserv service

This command displays policy service information for the specified interface and direction.
The <unit/slot/port> parameter specifies a valid unit/slot/port number for the system. The
direction parameter indicates the interface direction of interest.
Syntax
Mode
show diffserv service <unit/slot/port> <in>
Privileged EXEC
DiffServ Admin ModeThe current setting of the DiffServ administrative mode. An attached policy is
only in effect on an interface while DiffServ is in an enabled mode.
InterfaceValid unit, slot and port number separated by forward slashes.
DirectionThe traffic direction of this interface service, either in or out
Operational StatusThe current operational status of this DiffServ service interface.
Policy NameThe name of the policy attached to the interface in the indicated direction.
Policy DetailsAttached policy details, whose content is identical to that described for the show
policy-map <policymapname> command (content not repeated here for brevity).
261
show diffserv service brief
show diffserv service brief

This command displays all interfaces in the system to which a DiffServ policy has been
attached. The direction parameter is optional; if specified, only services in the indicated
direction are shown, otherwise service information is shown for both directions, where
applicable.
Syntax
Mode
show diffserv service brief <in>
Privileged EXEC
DiffServ ModeThe current setting of the DiffServ administrative mode. An attached policy is only
active on an interface while DiffServ is in an enabled mode.
The following information is repeated for interface and direction (only those interfaces
configured with an attached policy are shown):
DirectionThe traffic direction of this interface service, either in or out
OperStatusThe current operational status of this DiffServ service interface.
show policy-map interface

This command displays policy-oriented statistics information for the specified interface and
direction. The <unit/slot/port> parameter specifies a valid interface for the system. The
direction parameter indicates the interface direction of interest.
Note: This command is only allowed while the DiffServ administrative mode is
enabled.
Syntax
show policy-map interface <unit/slot/port> <in>

DirectionThe traffic direction of this interface service, either in or out.
Interface Offered Octets/PacketsA cumulative count of the octets/packets offered to this service
interface in the specified direction before the defined DiffServ treatment is applied.
Interface Discarded Octets/PacketsA cumulative count of the octets/packets discarded by this service
interface in the specified direction for any reason due to DiffServ treatment.
262
show service-policy
Interface Sent Octets/PacketsA cumulative count of the octets/packets forwarded by this service
interface in the specified direction after the defined DiffServ treatment was applied. In this case,
forwarding means the traffic stream was passed to the next functional element in the data path, such as
the switching or routing function or an outbound link transmission element.
The following information is repeated for each class instance within this policy:
Class NameThe name of this class instance.
In Offered Octets/PacketsA count of the octets/packets offered to this class instance before the
defined DiffServ treatment is applied. Only displayed for the 'in' direction.
In Discarded Octets/PacketsA count of the octets/packets discarded for this class instance for any
reason due to DiffServ treatment of the traffic class. Only displayed for the 'in' direction.
Tail Dropped Octets/PacketsA count of the octets/packets discarded due to tail dropping from a
transmission queue, typically due to the effects of traffic shaping. These counts may not be supported
on all platforms. Only displayed for the 'out' direction.
Random Dropped Octets/PacketsA count of the octets/packets discarded due to WRED active queue
depth management, typically due to the effects of traffic shaping. These counts are only applicable for a
class instance whose policy attributes includes random dropping, and may not be supported on all
platforms. Only displayed for the 'out' direction.
Shape Delayed Octets/PacketsA count of the octets/packets that were delayed due to traffic shaping.
These counts are only applicable for a class instance whose policy attributes includes shaping, and may
not be supported on all platforms. Only displayed for the 'out' direction.
Sent Octets/PacketsA count of the octets/packets forwarded for this class instance after the defined
DiffServ treatment was applied. In this case, forwarding means the traffic stream was passed to the next
functional element in the data path, such as the switching or routing function or an outbound link
transmission element. Only displayed for the 'out' direction.
Note: None of the counters listed here are guaranteed to be supported on all
platforms. Only supported counters are shown in the display output.
show service-policy
This command displays a summary of policy-oriented statistics information for all interfaces
in the specified direction. The direction parameter indicates the interface direction of interest.
This command enables or disables the route reflector client. A route reflector client relies on a
route reflector to re-advertise its routes to the entire AS. The possible values for this field are
enable and disable.
Syntax
Mode
show service-policy <in>
Privileged EXEC
The following information is repeated for each interface and direction (only those interfaces
configured with an attached policy are shown):
263
show service-policy

DirThe traffic direction of this interface service, either in or out.
Offered PacketsA count of the total number of packets offered to all class instances in this service
before their defined DiffServ treatment is applied. These are overall per-interface per-direction counts.
Discarded PacketsA count of the total number of packets discarded for all class instances in this
service for any reason due to DiffServ treatment. These are overall per-interface per-direction counts.
Sent PacketsA count of the total number of packets forwarded for all class instances in this service
after their defined DiffServ treatments were applied. In this case, forwarding means the traffic stream
was passed to the next functional element in the data path, such as the switching or routing function or
an outbound link transmission element. These are overall per-interface per-direction counts.
Policy NameThe name of the policy attached to the interface.
Note: None of the counters listed here are guaranteed to be

supported on all platforms. Only supported counters are shown in the
display output.
264
Chapter 26
Class of Service (CoS)

Commands
This chapter provides a detailed explanation of the QoS CoS commands. The following
commands are available in the QOS module.
The commands are divided into these different groups:
Note: The 'Interface Config' mode only affects a single interface, whereas the
'Global Config' mode is applied to all interfaces.
classofservice dot1p-mapping
This command maps an 802.1p priority to an internal traffic class. The userpriority and
trafficclass can both range from 0-7, although the actual number of available traffic classes
depends on the platform. The 'no' form of this command is not supported.
Syntax
classofservice dot1p-mapping <userpriority> <trafficclass>
Modes
classofservice ip-dscp-mapping
This command maps an IP DSCP value to an internal traffic class. The ipdscp range is from
0-63 and the trafficclass range is from 0-7, although the actual number of available traffic
classes depends on the platform. The 'no' form of this command is not supported.
Syntax
classofservice ip-dscp-mapping <ipdscp> <trafficclass>
265
classofservice ip-precedence-mapping
Modes
classofservice ip-precedence-mapping
This command maps an IP precedence value to an internal traffic class. The ipprecedence
and trafficclass can both range from 0-7, although the actual number of available traffic
classes depends on the platform. The 'no' form of this command is not supported.
Syntax
classofservice ip-precedence-mapping <ipprecedence> <trafficclass>
Modes
classofservice trust
This command sets the class of service trust mode of an interface. The mode can be set to
trust one of the Dot1p (802.1p), IP Precedence, or IP DSCP packet markings.
The no version of this command sets the interface mode to untrusted.
Syntax
classofservice trust <dot1p/ip-precedence/ip-dscp>

no classofservice trust
Mode
cos-queue min-bandwidth
This command specifies the minimum transmission bandwidth guarantee for each interface
queue. The total number of queues supported per interface is platform specific.
The no version of this command restores the default for each queue's minimum bandwidth
value.
Syntax
cos-queue min-bandwidth <bw-0> <bw-1> <bw-n>

no cos-queue min-bandwidth
Modes
266
Class of Service (CoS) Commands
cos-queue strict
cos-queue strict
This command activates the strict priority scheduler mode for each specified queue.
The no version of this command restores the default weighted scheduler mode for each
specified queue.
Syntax
[no] cos-queue strict <queue-id-1> [<queue-id-2> <queue-id-n>]
Modes
random-detect
This command is used to enable WRED for the interface as a whole, and is only available
when per-queue WRED activation control is not supported by the device. Specific WRED
parameters are configured using the 'random-detect queue-parms' and the 'random-detect
exponential-weighting-constant' commands.
The no version of this command disables WRED, thereby restoring the default tail drop
operation for all queues on the interface.
Syntax
[no] random-detect
Modes
random-detect exponential-weighting-constant
This command sets the decay exponent used by the WRED average queue depth calculation
for the interface.
The no version of this command restores the default value.
Syntax
random-detect exponential-weighting-constant <1-15>

no random-detect exponential-weighting-constant
Modes
267
random-detect queue-parms
random-detect queue-parms
This command sets the WRED parameters for each drop precedence level supported by a
queue. The actual number of queue drop precedence levels is platform-specific. Use the 'no'
form of this command to restore the default values for the queue WRED parameters.
Syntax
random-detect queue-parms <queue-id-1> [<queue-id-2> <queue-id-n>]

min-thresh <0-16> <0-16> <0-16> max-thresh <min-16> <min-16> <min-16>
drop-prob-scale <1-15> <1-15> <1-15>
no random-detect queue-parms <queue-id-1> [<queue-id-2> <queue-id-n>]
Modes
tail-drop queue-parms
This command sets the tail drop threshold parameter for each drop precedence level
supported by a queue. The total number of queue drop precedence levels is platform-specific.
Use the 'no' form of this command to restore the default values for the queue tail drop
threshold parameters.
Syntax
tail-drop queue-parms <queue-id-1> [<queue-id-2> <queue-id-n>] threshold

<0-16> <0-16> <0-16>
no tail-drop queue-parms <queue-id-1> [<queue-id-2> <queue-id-n>]
Modes
traffic-shape
This command specifies the maximum transmission bandwidth limit for the interface as a
whole. Also known as rate shaping, this has the effect of smoothing temporary traffic bursts
over time so that the transmitted traffic rate is bounded. Use the 'no' form of this command to
restore the default interface shaping rate value.
Syntax
traffic-shape <bw>
no traffic-shape
Modes
268
show classofservice dot1p-mapping
show classofservice dot1p-mapping

This command displays the current Dot1p (802.1p) priority mapping to internal traffic classes
for a specific interface. The unit/slot/port parameter is optional and is only valid on
platforms that support independent per-port class of service mappings. If specified, the
802.1p mapping table of the interface is displayed. If omitted, the most recent global
configuration settings are displayed.
Syntax
Mode
show classofservice dot1p-mapping [unit/slot/port]
Privileged EXEC
The following information is repeated for each user priority.
User PriorityThe 802.1p user priority value.
Traffic ClassThe traffic class internal queue identifier to which the user priority value is mapped.
show classofservice ip-precedence-mapping

This command displays the current IP Precedence mapping to internal traffic classes for a
specific interface. The unit/slot/port parameter is optional and is only valid on platforms
that support independent per-port class of service mappings. If specified, the IP Precedence
mapping table of the interface is displayed. If omitted, the most recent global configuration
settings are displayed.
Syntax
Mode
show classofservice ip-precedence-mapping [unit/slot/port]
Privileged EXEC
The following information is repeated for each user priority.
IP PrecedenceThe IP Precedence value.
Traffic ClassThe traffic class internal queue identifier to which the IP Precedence value is mapped.
269
show classofservice trust
show classofservice trust

This command displays the current trust mode setting for a specific interface. The unit/slot/
port parameter is optional and is only valid on platforms that support independent per-port
class of service mappings. If specified, the port trust mode of the interface is displayed. If
omitted, the port trust mode of each interface in the system is shown. If the platform does not
support independent per-port class of service mappings, the output represents the
system-wide port trust mode used for all interfaces.
Syntax
Mode
show classofservice trust [unit/slot/port]
Privileged EXEC
Non-IP Traffic:
ClassThe traffic class used for non-IP traffic. This is only displayed when the COS trust mode is set to
either 'trust ip-dscp' or 'trust ip-precedence'.
Untrusted Traffic ClassThe traffic class used for all untrusted traffic. This is only displayed when the
COS trust mode is set to 'untrusted'.
show interfaces cos-queue

This command displays the class-of-service queue configuration for the specified interface.
The unit/slot/port parameter is optional and is only valid on platforms that support
independent per-port class of service mappings. If specified, the class-of-service queue
configuration of the interface is displayed. If omitted, the most recent global configuration
settings are displayed.
Syntax
Mode
show interfaces cos-queue [unit/slot/port]
Privileged EXEC
InterfaceThis displays the unit/slot/port of the interface. If displaying the global configuration, this
output line is replaced with a Global Config indication.
Intf Shaping RateThe maximum transmission bandwidth limit for the interface as a whole. It is
independent of any per-queue maximum bandwidth value(s) in effect for the interface. This is a
configured value.
Queue Mgmt TypeThe queue depth management technique used for all queues on this interface,
either tail drop or weighted random early discard (WRED). This is a configured value.
WRED Decay ExponentThe weighted random early discard (WRED) average queue length
calculation decay exponent. This is a configured value.
The following information is repeated for each queue on the interface.
270
show interfaces random-detect
Queue IdQueue identification number

An interface supports n queues numbered 0 to (n-1). The specific n value is platform dependent.
Minimum BandwidthThe minimum transmission bandwidth guarantee for the queue, expressed as a
percentage. A value of 0 means bandwidth is not guaranteed and the queue operates using best-effort.
This is a configured value.
Maximum BandwidthThe maximum transmission bandwidth limit for the queue, expressed as a
percentage. A value of 0 means no upper limit is enforced, so the queue may use any or all of the
available bandwidth of the interface. This is a configured value.
Scheduler TypeIndicates whether this queue is scheduled for transmission using a strict priority or a
weighted scheme. This is a configured value.
Queue Mgmt TypeThe queue depth management technique used for this queue, either tail drop or
weighted random early discard (WRED). This is a configured value.
show interfaces random-detect

This command displays the weighted random early discard (WRED) configuration for each
supported drop precedence level of each queue for the specified interface. The unit/slot/port
parameter is optional and is only valid on platforms that support independent per-port class of
service mappings. If specified, the class-of-service WRED configuration of the interface is
displayed. If omitted, the most recent global configuration settings are displayed.
Syntax
Mode
show interfaces random-detect [unit/slot/port]
Privileged EXEC

An interface supports n queues numbered 0 to (n-1). The number n is platform dependent and
corresponds to the number of supported queues (traffic classes).
The following information is repeated for each drop precedence level defined for the
preceding Queue Id.
Drop Precedence LevelThe drop precedence level for this queue, from 1 to p. The specific p value is
platform dependent.
WRED Minimum ThresholdThe WRED minimum threshold value for this drop precedence level,
expressed in sixteenths of the overall device queue size (e.g., 0/16, 1/16, 2/16, 16/16). This is a
configured value.
271
show interfaces tail-drop-threshold
WRED Maximum ThresholdThe WRED maximum threshold value for this drop precedence level,
expressed in sixteenths of the overall device queue size (e.g., 0/16, 1/16, 2/16, 16/16). This is a
configured value.
WRED Drop Probability ScaleThe WRED drop probability scale factor expressed as an integer. This
value, S, specifies that one out of every (2**S) packets are dropped by WRED when the average queue
length reaches its maximum threshold value. This is a configured value.
show interfaces tail-drop-threshold

This command displays the tail drop threshold configuration for each supported drop
precedence level of each queue for the specified interface. The unit/slot/port parameter is
optional and is only valid on platforms that support independent per-port class of service
mappings. If specified, the class-of-service tail drop configuration of the interface is
displayed. If omitted, the most recent global configuration settings are displayed.
Syntax
Mode
show interfaces tail-drop-threshold [unit/slot/port]
Privileged EXEC

An interface supports n queues numbered 0 to (n-1). The number n is platform dependent and
corresponds to the number of supported queues (traffic classes).
The following information is repeated for each drop precedence level defined for the
preceding Queue Id.
Drop Precedence LevelThe drop precedence level for this queue, from 1 to p. The specific p value is
platform dependent.
Tail Drop ThresholdThe tail drop queue threshold value for this drop precedence level, expressed in
sixteenths of the overall device queue size (e.g., 0/16, 1/16, 2/16, 16/16). This is a configured value.
272
Chapter 27
Routing Commands
This chapter provides a detailed explanation of the Routing commands.
Address Resolution Protocol (ARP) Commands

This chapter provides a detailed explanation of the ARP commands. The commands are
divided by functionality into the following different groups:
Copy commands are used to transfer configuration and informational files to and from the
switch.
arp
This command creates an ARP entry. The value for ipaddress is the IP address of a device on
a subnet attached to an existing routing interface. macaddr is a unicast MAC address for that
device.
The format is 6 two-digit hexadecimal numbers that are separated by colons, for example
00:06:29:32:81:40.
The no version of this command deletes an ARP entry. The value for arpentry is the IP
address of the interface. The value for ipaddress is the IP address of a device on a subnet
attached to an existing routing interface. macaddr is a unicast MAC address for that device.
Syntax
Mode
[no] arp ipaddress macaddr
Global Config
273
arp cachesize
arp cachesize
This command configures the ARP cache size. The value for cachesize is a platform
specific integer value.
Syntax
Mode
[no] arp cachesize Platform_specific_integer_value
Global Config
ip proxy-arp
This command enables proxy ARP on a router interface.
Without proxy ARP, a device only responds to an ARP request if the target IP address is an
address configured on the interface where the ARP request arrived. With proxy ARP, the
device may also respond if the target IP address is reachable. The device only responds if all
next hops in its route to the destination are through interfaces other than the interface that
received the ARP request.
The no version of this command disables proxy ARP on a router interface.
Default
enabled
Syntax
[no] ip proxy-arp
Mode
Interface Config
arp dynamicrenew
This command enables ARP component to automatically renew ARP entries of type dynamic
when they age out.
The no version of this command disables ARP component from automatically renewing ARP
entries of type dynamic when they age out.
Syntax
Mode
274
[no] arp dynamicrenew
Privileged Exec
Routing Commands
arp purge
arp purge
This command causes the specified IP address to be removed from the ARP cache. Only
entries of type dynamic or gateway are affected by this command.
Syntax
Mode
arp purge ipaddr
Privileged EXEC
arp resptime
This command configures the ARP request response timeout.
The value for seconds is a valid positive integer, which represents the IP ARP entry response
timeout time in seconds. The range for seconds is between 1-10 seconds.
The no version of this command configures the default ARP request response timeout.
Default
Syntax
arp resptime 1-10

no arp resptime
Mode
Global Config
arp retries
This command configures the ARP count of maximum request for retries.
The value for retries is an integer, which represents the maximum number of request for
retries. The range for retries is an integer between 0-10 retries.
The no version of this command configures the default ARP count of maximum request for
retries.
Default
Syntax
arp retries 0-10

no arp retries
Mode
Global Config
275
arp timeout
arp timeout
This command configures the ARP entry ageout time.
The value for seconds is a valid positive integer, which represents the IP ARP entry ageout
time in seconds. The range for seconds is between 15-21600 seconds.
The no version of this command configures the default ARP entry ageout time.
Default
1200
Syntax
arp timeout 15-21600
Mode
Global Config
clear arp-cache
This command causes all ARP entries of type dynamic to be removed from the ARP cache. If
the gateway parameter is specified, the dynamic entries of type gateway are purged as well.
Syntax
Mode
clear arp-cache [gateway]
Privileged Exec
show arp
This command displays the Address Resolution Protocol (ARP) cache. The displayed results
are not the total ARP entries. To view the total ARP entries, the operator should view the
show arp results in conjunction with the show arp switch results.
Syntax
Mode
show arp
Privileged EXEC
Age Time (seconds)Is the time it takes for an ARP entry to age out. This value was configured into the
unit. Age time is measured in seconds.
Response Time (seconds)Is the time it takes for an ARP request timeout. This value was configured
into the unit. Response time is measured in seconds.
RetriesIs the maximum number of times an ARP request is retried. This value was configured into the
unit.
Cache SizeIs the maximum number of entries in the ARP table. This value was configured into the
unit.
276
Routing Commands
show arp brief
Dynamic Renew ModeDisplays whether the ARP component automatically attempts to renew
dynamic ARP entries when they age out.
Total Entry Count Current / PeakField listing the total entries in the ARP table and the peak entry
count in the ARP table.
Static Entry Count Current / MaxField listing the static entry count in the ARP table and maximum
static entry count in the ARP table.
The following are displayed for each ARP entry.

IP AddressIs the IP address of a device on a subnet attached to an existing routing interface.
MAC AddressIs the hardware MAC address of that device.
InterfaceIs the routing unit/slot/port associated with the device ARP entry.
TypeIs the type that was configured into the unit. The possible values are Local, Gateway, Dynamic
and Static.
AgeThis field displays the current age of the ARP entry since last refresh (in hh:mm:ss format
show arp brief

This command displays the brief Address Resolution Protocol (ARP) table information.
Syntax
show arp brief
Mode
Privileged EXEC
Age Time (seconds)Is the time it takes for an ARP entry to age out. This value was configured into the
unit. Age time is measured in seconds.
Response Time (seconds)Is the time it takes for an ARP request timeout. This value was configured
into the unit. Response time is measured in seconds.
RetriesIs the maximum number of times an ARP request is retried. This value was configured into the
unit.
Cache SizeIs the maximum number of entries in the ARP table. This value was configured into the
unit.
Dynamic Renew ModeDisplays whether the ARP component automatically attempts to renew
dynamic ARP entries when they age out.
Total Entry Count Current / PeakField listing the total entries in the ARP table and the peak entry
count in the ARP table.
Static Entry Count Current / MaxField listing the static entry count in the ARP table and maximum
static entry count in the ARP table.
277
routing
IP Routing
This chapter provides a detailed explanation of the IP Routing commands. The commands are
switch.
routing
This command enables routing for an interface.
The current value for this function is displayed under "show ip interface" labeled as "Routing
Mode".
The no version of this command disables routing for an interface. The current value for this
function is displayed under show ip interface labeled as "Routing Mode".
Default
disabled
Syntax
[no] routing
Mode
Interface Config
ip routing
This command enables the IP Router Admin Mode for the master switch.
The no version of this command disables the IP Router Admin Mode for the master switch.
Syntax
Mode
278
[no] ip routing
Global Config
Routing Commands
ip address
ip address
This command configures an IP address on an interface. The IP address may be a secondary
IP address.
The value for <ipaddr> is the IP Address of the interface.
The value for <subnetmask> is a 4-digit dotted-decimal number which represents the
Subnet Mask of the interface. This changes the label "IP address" in show ip interface.
The no version of this command deletes an IP address from an interface.
The value for <ipaddr> is the IP Address of the interface.
The value for <subnetmask> is a 4-digit dotted-decimal number which represents the
Subnet Mask of the interface.
Syntax
Mode
[no] ip address <ipaddr> <subnetmask> [secondary]
Interface Config
ip route
This command configures a static route. The ip_addr is a valid ip address. The
subnet_mask is a valid subnet mask. The nextHopRtr is a valid IP address of the next hop
router. The preference is an integer value from 1 to 255.
The no version of this command deletes all next hops to a destination static route. If the
optional nextHopRtr parameter is designated, the next hop is deleted and if the optional
preference value is designated, the preference value of the static route is reset to its default.
Default
preference - 1
Syntax
ip route ip_addr subnet_mask nextHopRtr [preference]

no ip route ip_addr subnet_mask [ {nextHopRtr | preference} ]
Mode
Global Config
279
ip route default
ip route default
This command configures the default route. The value for nextHopRtr is a valid IP address of
the next hop router. The preference is an integer value from 1 to 255.
The no version of this command deletes all configured default routes. If the optional
nextHopRtr parameter is designated, the specific next hop is deleted from the configured
default route and if the optional preference value is designated, the preference of the
configured default route is reset to its default.
Default
preference - 1
Syntax
ip route default nextHopRtr [preference]

no ip route default [ {nextHopRtr | preference} ]
Mode
Global Config
ip route distance
This command sets the default distance for static routes. Lower route preference values are
preferred when determining the best route. The "ip route" and "ip route default" commands
allow you to optionally set the distance of an individual static route. The default distance is
used when no distance is specified in these commands. Changing the default distance does
not update the distance of existing static routes, even if they were assigned the original default
distance. The new default distance will only be applied to static routes created after invoking
the "ip route distance" command.
The no version of this command sets the default static route preference value in the router.
Lower route preference values are preferred when determining the best route.
Default
Syntax
ip route distance 1-255

no ip route distance
Mode
Global Config
ip forwarding
This command enables forwarding of IP frames.
280
Routing Commands
ip netdirbcast
The no version of this command disables forwarding of IP frames.

Default
enabled
Syntax
[no] ip forwarding
Mode
Global Config
ip netdirbcast
This command enables the forwarding of network-directed broadcasts. When enabled,
network directed broadcasts are forwarded. When disabled they are dropped.
The no version of this command disables the forwarding of network-directed broadcasts.
When disabled, network directed broadcasts are dropped.
Default
disabled
Syntax
[no] ip netdirbcast
Mode
Interface Config
ip mtu
This command sets the IP Maximum Transmission Unit (MTU) on a routing interface. The IP
MTU is the size of the largest IP packet that can be transmitted on the interface without
fragmentation. SFTOS currently does not fragment IP packets.
Packets forwarded in hardware ignore the IP MTU.

Packets forwarded in software are dropped if they exceed the IP MTU of the outgoing
interface.
Packets originated on the router, such as OSPF packets, may be fragmented by the IP stack.
The IP stack uses its default IP MTU and ignores the value set using the ip mtu command.
OSPF advertises the IP MTU in the Database Description packets it sends to its neighbors
during database exchange. If two OSPF neighbors advertise different IP MTUs, they will not
form an adjacency (unless OSPF has been instructed to ignore differences in IP MTU with the
ip ospf mtu-ignore command.)
The minimum IP MTU is 68 bytes.

The maximum IP MTU is 1500 bytes.
281
show ip brief
The no version of this command resets the ip mtu to the default value.
Default
1500 bytes
Syntax
[no] ip mtu <mtu>
Mode
Interface Config
show ip brief
This command displays all the summary information of the IP. This command takes no
options.
Syntax
Mode
show ip brief

Default Time to LiveThe computed TTL (Time to Live) of forwarding a packet from the local router to
the final destination.
Router IDIs a 32 bit integer in dotted decimal format identifying the router, about which information is
displayed. This is a configured value.
Routing ModeShows whether the routing mode is enabled or disabled.
IP Forwarding ModeShows whether forwarding of IP frames is enabled or disabled. This is a
configured value.
show ip interface
This command displays all pertinent information about the IP interface.
Syntax
Mode
show ip interface unit/slot/port

IP AddressIs an IP address representing the subnet configuration of the router interface. This value
was configured into the unit.
Subnet MaskIs a mask of the network and host portion of the IP address for the router interface. This
value was configured into the unit.
Routing ModeIs the administrative mode of router interface participation. The possible values are
enable or disable. This value was configured into the unit.
Administrative ModeIs the administrative mode of the specified interface. The possible values of this
field are enable or disable. This value was configured into the unit.
282
Routing Commands
show ip interface brief
Forward Net Directed BroadcastsDisplays whether forwarding of network-directed broadcasts is

enabled or disabled. This value was configured into the unit.
Active StateDisplays whether the interface is active or inactive. An interface is considered active if its
link is up and it is in forwarding state.
Link Speed Data RateIs an integer representing the physical link data rate of the specified interface.
This is measured in Megabits per second (Mbps).
MAC AddressIs the burned in physical address of the specified interface. The format is 6 two-digit
hexadecimal numbers that are separated by colons.
Encapsulation TypeIs the encapsulation type for the specified interface. The types are: Ethernet or
SNAP.

This command displays summary information about IP configuration settings for all ports in
the router. This command takes no options.
Syntax
Mode

IP AddressThe IP address of the routing interface in 32-bit dotted decimal format.
IP MaskThe IP mask of the routing interface in 32-bit dotted decimal format.
Netdir BcastIndicates if IP forwards net-directed broadcasts on this interface. Possible values are
Enable or Disable.
MultiCast FwdIndicates the multicast forwarding administrative mode on the interface. Possible
values are Enable or Disable.
In Access ModeIndicates the inbound access list checking administrative mode on this interface.
Possible values are Enable or Disable.
Out Access ModeIndicates the outbound access list checking administrative mode on this interface.
Possible values are Enable or Disable.
show ip route
This command displays the entire route table. This commands takes no options.
Syntax
show ip route
283
show ip route bestroutes
Mode
Privileged EXEC
Network AddressIs an IP address identifying the network on the specified interface.
Subnet MaskIs a mask of the network and host portion of the IP address for the router interface.
ProtocolTells which protocol added the specified route. The possibilities are: local, static, OSPF or
RIP.
Total Number of RoutesThe total number of routes.
For each Next Hop:

Next Hop IntfThe outgoing router interface to use when forwarding traffic to the next destination.
Next Hop IP AddressThe outgoing router IP address to use when forwarding traffic to the next router
(if any) in the path toward the destination.

This command causes the entire route table to be displayed. This commands takes no options.
Syntax
Mode
Privileged EXEC
Network AddressIs an IP route prefix for the destination.
Subnet MaskIs a mask of the network and host portion of the IP address for the specified interface.
RIP.
Total Number of RoutesThe total number of routes in the route table.
For each Next Hop

Next Hop IntfThe outgoing router interface to use when forwarding traffic to the next destination.
(if any) in the path toward the destination. The next router will always be one of the adjacent neighbors
or the IP address of the local interface for a directly attached network.
show ip route entry

This command displays the entire route table.
284
Routing Commands
show ip route preferences
Syntax
Mode
show ip route entry
Privileged EXEC
Network AddressIs a valid network address identifying the network on the specified interface.
Subnet Mask
Is a mask of the network and host portion of the IP address for the attached network.
RIP.
For each Next Hop:

Next Hop InterfaceThe outgoing router interface to use when forwarding traffic to the next destination.
(if any) in the path toward the destination.
PreferenceThe metric value that is used for this route entry.

This command displays detailed information about the route preferences. Route preferences
are used in determining the best route. Lower router preference values are preferred over
higher router preference values.
Syntax
Mode

LocalThis field displays the local route preference value.
StaticThis field displays the static route preference value.
OSPF IntraThis field displays the OSPF Intra route preference value.
OSPF InterThis field displays the OSPF Inter route preference value.
OSPF Type-1This field displays the OSPF Type-1 route preference value.
OSPF Type-2This field displays the OSPF Type-2 route preference value.
RIPThis field displays the RIP route preference value.
285
show ip stats
show ip stats
This command displays IP statistical information. Refer to RFC 1213 for more information
about the fields that are displayed. This command takes no options.
Syntax
Mode
show ip stats
encapsulation
This command configures the link layer encapsulation type for the packet. Acceptable values
for encapstype are Ethernet and SNAP. The default is Ethernet.
Syntax
Mode
encapsulation {ethernet | snap}
Interface Config
RestrictionsRouted frames are always Ethernet encapsulated when a frame is routed to a VLAN.
Bootp/DHCP Relay Commands

This chapter provides a detailed explanation of the BootP/DHCP Relay commands. The
commands are divided by functionality into the following different groups:
switch.
bootpdhcprelay cidoptmode
This command enables the circuit ID option mode for BootP/DHCP Relay on the system.
The no version of this command disables the circuit ID option mode for BootP/DHCP Relay
on the system.
286
Routing Commands
bootpdhcprelay enable
Default
disabled
Syntax
[no] bootpdhcprelay cidoptmode
Mode
Global Config
bootpdhcprelay enable
This command enables the forwarding of relay requests for BootP/DHCP Relay on the
system.
The no version of this command disables the forwarding of relay requests for BootP/DHCP
Relay on the system.
Default
disabled
Syntax
[no] bootpdhcprelay enable
Mode
Global Config
bootpdhcprelay maxhopcount
This command configures the maximum allowable relay agent hops for BootP/DHCP Relay
on the system. The hops parameter has a range of 1 to 16.
The no version of this command configures the default maximum allowable relay agent hops
for BootP/DHCP Relay on the system.
Default
Syntax
bootpdhcprelay maxhopcount 1-16

no bootpdhcprelay maxhopcount
Mode
Global Config
287
bootpdhcprelay minwaittime
bootpdhcprelay minwaittime
This command configures the minimum wait time in seconds for BootP/DHCP Relay on the
system. When the BOOTP relay agent receives a BOOTREQUEST message, it MAY use the
seconds-since-client-began-booting field of the request as a factor in deciding whether to
relay the request or not. The parameter has a range of 0 to 100 seconds.
The no version of this command configures the default minimum wait time in seconds for
BootP/DHCP Relay on the system.
Default
Syntax
bootpdhcprelay minwaittime 0-100

no bootpdhcprelay minwaittime
Mode
Global Config
bootpdhcprelay serverip
This command configures the server IP Address for BootP/DHCP Relay on the system. The
ipaddr parameter is an IP address in a 4-digit dotted decimal format.
The no version of this command configures the default server IP Address for BootP/DHCP
Relay on the system.
Default
0.0.0.0
Syntax
bootpdhcprelay serverip ipaddr

no bootpdhcprelay serverip
Mode
Global Config
show bootpdhcprelay
This command displays the BootP/DHCP Relay information.
Syntax
Mode
show bootpdhcprelay

Maximum Hop CountIs the maximum allowable relay agent hops.
Minimum Wait Time (Seconds)Is the minimum wait time.
288
Routing Commands
Admin ModeRepresents whether relaying of requests is enabled or disabled.

Server IP AddressIs the IP Address for the BootP/DHCP Relay server.
Circuit Id Option ModeIs the DHCP circuit Id option which may be enabled or disabled.
Requests ReceivedIs the number or requests received.
Requests RelayedIs the number of requests relayed.
Packets DiscardedIs the number of packets discarded.
Router Discovery Protocol Commands

This chapter provides a detailed explanation of the Router Discovery commands. The
switch.
ip irdp
This command enables Router Discovery on an interface.
The no version of this command disables Router Discovery on an interface.
Default
enabled
Syntax
[no] ip irdp
Mode
Interface Config
289
ip irdp address
ip irdp address
This command configures the address to be used to advertise the router for the interface. The
valid values for ipaddr are 224.0.0.1 and 255.255.255.255.
The no version of this command configures the default address to be used to advertise the
router for the interface.
Default
224.0.0.1
Syntax
ip irdp address ipaddr

no ip irdp address
Mode
Interface Config
ip irdp holdtime
This command configures the value, in seconds, of the holdtime field of the router
advertisement sent from this interface. The range is the maxadvertinterval to 9000 seconds.
The no version of this command configures the default value, in seconds, of the holdtime
field of the router advertisement sent from this interface.
Default
3 * maxinterval
Syntax
ip irdp holdtime maxadvertinterval-9000

no ip irdp holdtime
Mode
Interface Config
ip irdp maxadvertinterval
This command configures the maximum time, in seconds, allowed between sending router
advertisements from the interface. The range for maxadvertinterval is 4 to 1800 seconds.
The no version of this command configures the default maximum time, in seconds.
Default
600
Syntax
ip irdp maxadvertinterval 4-1800

no ip irdp maxadvertinterval
Mode
290
Interface Config
Routing Commands
ip irdp minadvertinterval
ip irdp minadvertinterval
This command configures the minimum time, in seconds, allowed between sending router
advertisements from the interface. The range for minadvertinterval is 3 to the value of
maxadvertinterval.
The no version of this command configures the default minimum time, in seconds.
Default
0.75 * maxadvertinterval
Syntax
ip irdp minadvertinterval 3-maxadvertinterval

no ip irdp minadvertinterval
Mode
Interface Config
ip irdp preference
This command configures the preferability of the address as a default router address, relative
to other router addresses on the same subnet. The range is -2147483648 to -1 to 0 to 1 to
2147483647.
The no version of this command configures the default preferability of the address as a
default router address, relative to other router addresses on the same subnet.
Default
Syntax
ip irdp preference -2147483648-2147483647

no ip irdp preference
Mode
Interface Config
show ip irdp
This command displays the router discovery information for all interfaces, or a specified
interface.
Syntax
Mode
show ip irdp {unit/slot/port | all}
291
vlan routing
Ad ModeDisplays the advertise mode which indicates whether router discovery is enabled or disabled
on this interface.
Max IntDisplays the maximum advertise interval which is the maximum time allowed between sending
router advertisements from the interface in seconds.
Min IntDisplays the minimum advertise interval which is the minimum time allowed between sending
router advertisements from the interface in seconds.
Adv LifeDisplays advertise lifetime which is the value of the lifetime field of the router advertisement
sent from the interface in seconds.
PreferencesDisplays the preference of the address as a default router address, relative to other router
addresses on the same subnet.
Virtual LAN Routing Commands

This chapter provides a detailed explanation of the Virtual LAN Routing commands. The
switch.
vlan routing
This command creates routing on a VLAN. The vlanid value has a range from 1 to 4094.
The no version of this command deletes routing on a VLAN. The vlanid value has a range
from 1 to 4094.
Syntax
Mode
[no] vlan routing vlanid
VLAN Database
show ip vlan
This command displays the VLAN routing information for all VLANs with routing enabled
in the system.
292
Routing Commands
ip vrrp
Syntax
Mode
show ip vlan

MAC Address used by Routing VLANsIs the MAC Address associated with the internal bridge-router
interface (IBRI). The same MAC Address is used by all VLAN routing interfaces. It will be displayed
above the per-VLAN information.
VLAN IDIs the identifier of the VLAN.
Logical InterfaceIndicates the logical unit/slot/port associated with the VLAN routing interface.
IP AddressDisplays the IP Address associated with this VLAN.
Subnet MaskIndicates the subnet mask that is associated with this VLAN.
Virtual Router Redundancy Protocol (VRRP) Commands

This chapter provides a detailed explanation of the VRRP commands. The commands are
switch.
ip vrrp
This command sets the virtual router ID on an interface for Virtual Router configuration in
the router. This commands also designates the configured virtual router IP address as a
secondary IP address on an interface. The parameter <vrID> is the virtual router ID which has
an integer value range from 1 to 255.
The no version of this command removes all VRRP configuration details of the virtual router
configured on a specific interface. This command also removes a virtual rourter IP address as
a secondary IP address on an interface. The parameter <vrID> is the virtual router ID which
has an integer value ranges from 1 to 255.
Default
none
Syntax
[no] ip vrrp <vrID> <ipaddress> [secondary]
Mode
Interface Config
293
ip vrrp
ip vrrp
This command enables the administrative mode of VRRP in the router. This command also
designates the configured virtual router IP address as a secondary IP address on an interface.
The no version of this command disables the default administrative mode of VRRP in the
router.
Default
enabled
Syntax
ip vrrp <vrid> <ipaddress> [secondary]

[no] ip vrrp
Mode
Global Config
ip vrrp mode
This command enables the virtual router configured on the specified interface. Enabling the
status field starts a virtual router. The parameter vrID is the virtual router ID which has an
integer value ranging from 1 to 255.
The no version of this command disables the virtual router configured on the specified
interface. Disabling the status field stops a virtual router.
Default
disabled
Syntax
[no] ip vrrp vrID mode
Mode
Interface Config
ip vrrp ip
This command sets the ipaddress value for a virtual router. The value for ipaddr is the IP
Address which is to be configured on that interface for VRRP. The parameter vrID is the
virtual router ID which has an integer value range from 1 to 255.
Default
none
Syntax
ip vrrp vrID ip ipaddr
Mode
294
Interface Config
Routing Commands
ip vrrp authentication
ip vrrp authentication
This command sets the authorization details value for the virtual router configured on a
specified interface. The parameter {none | simple} specifies the authorization type for virtual
router configured on the specified interface. The parameter [key ] is optional, it is only
required when authorization type is simple text password. The parameter vrID is the virtual
router ID which has an integer value ranges from 1 to 255.
The no version of this command sets the default authorization details value for the virtual
router configured on a specified interface.
Default
no authorization
Syntax
[no] ip vrrp vrID authentication {none | simple [key ]}

no ip vrrp vrID authentication
Mode
Interface Config
ip vrrp preempt
This command sets the preemption mode value for the virtual router configured on a specified
interface. The parameter vrID is the virtual router ID which has an integer value range from 1
to 255.
The no version of this command sets the default preemption mode value for the virtual router
configured on a specified interface.
Default
enabled
Syntax
[no] ip vrrp vrID preempt
Mode
Interface Config
ip vrrp priority
This command sets the priority value for the virtual router configured on a specified interface.
The priority of the interface is a priority integer from 1 to 254. The parameter vrID is the
virtual router ID which has an integer value ranges from 1 to 255.
The no version of this command sets the default priority value for the virtual router
configured on a specified interface.
Default
100
295
ip vrrp timers advertise
Syntax
ip vrrp vrID priority 1-254

no ip vrrp vrID priority
Mode
Interface Config
ip vrrp timers advertise

This command sets the advertisement value for a virtual router. The value for advinterval is
time used for VRRP advertisement in seconds. The parameter vrID is the virtual router ID
which has an integer value range from 1 to 255.
The no version of this command sets the default advertisement value for a virtual router.
Default
Syntax
ip vrrp vrID timers advertise 1-255

no ip vrrp vrID timers advertise
Mode
Interface Config
show ip vrrp interface stats

This command displays the statistical information about each virtual router configured on the
SFTOS switch.
Syntax
Mode
show ip vrrp interface stats unit/slot/port vrID

Is the time that the virtual router has been up, in days, hours, minutes and seconds.
State Transitioned to MasterRepresents the total number of times virtual router state has changed to
MASTER.
Advertisement ReceivedRepresents the total number of VRRP advertisements received by this virtual
router.
Advertisement Interval ErrorsRepresents the total number of VRRP advertisements received for
which advertisement interval is different than the configured value for this virtual router.
Authentication FailureRepresents the total number of VRRP packets received that don't pass the
authentication check.
296
Routing Commands
show ip vrrp
IP TTL errorsRepresents the total number of VRRP packets received by the virtual router with IP TTL
(time to live) not equal to 255.
Zero Priority Packets ReceivedRepresents the total number of VRRP packets received by virtual
router with a priority of '0'.
Zero Priority Packets SentRepresents the total number of VRRP packets sent by the virtual router
with a priority of '0'
Invalid Type Packets ReceivedRepresents the total number of VRRP packets received by the virtual
router with invalid 'type' field.
Address List ErrorsRepresents the total number of VRRP packets received for which address list
does not match the locally configured list for the virtual router.
Invalid Authentication TypeRepresents the total number of VRRP packets received with unknown
authentication type.
Authentication Type MismatchRepresents the total number of VRRP advertisements received for
which 'auth type' not equal to locally configured one for this virtual router.
Packet Length ErrorsRepresents the total number of VRRP packets received with packet length less
than length of VRRP header
show ip vrrp
This command displays whether VRRP functionality is enabled or disabled on the SFTOS
switch. It also displays some global parameters which are required for monitoring This
command takes no options.
Syntax
Mode
show ip vrrp

VRRP Admin ModeDisplays the administrative mode for VRRP functionality on the switch.
Router Checksum ErrorsRepresents the total number of VRRP packets received with an invalid
VRRP checksum value.
Router Version ErrorsRepresents the total number of VRRP packets received with Unknown or
unsupported version number.
Router VRID ErrorsRepresents the total number of VRRP packets received with invalid VRID for this
virtual router.
297
show ip vrrp interface
show ip vrrp interface

This command displays all configuration information and VRRP router statistics of a virtual
router configured on a specific interface.
Syntax
Mode
show ip vrrp interface unit/slot/port vrID

IP AddressThis field represents the configured IP Address for the Virtual router.
VMAC addressRepresents the VMAC address of the specified router.
Authentication typeRepresents the authentication type for the specific virtual router.
PriorityRepresents the priority value for the specific virtual router.
Advertisement intervalRepresents the advertisement interval for the specific virtual router.
Pre-Empt ModeIs the preemption mode configured on the specified virtual router.
Administrative ModeRepresents the status (Enable or Disable) of the specific router.
StateRepresents the state (Master/backup) of the specific virtual
show ip vrrp interface brief

This command displays information about each virtual router configured on the SFTOS
switch. This command takes no options. It displays information about each virtual router.
Syntax
Mode
show ip vrrp interface brief

VRIDRepresents the router ID of the virtual router.
IP AddressIs the IP Address that was configured on the virtual router
ModeRepresents whether the virtual router is enabled or disabled.
StateRepresents the state (Master/backup) of the virtual router.
298
Routing Commands
enable (OSPF)
Chapter 28
OSPF Commands
This chapter provides a detailed explanation of the Open Shortest Path First (OSPF)
commands. The commands are divided by functionality into the following different groups:
switch.
enable (OSPF)
This command resets the default administrative mode of OSPF in the router (active).
The no version of this command sets the administrative mode of OSPF in the router to
inactive.
Default
enabled
Syntax
[no] enable
Mode
Router OSPF Config
ip ospf
This command enables OSPF on a router interface.
The no version of this command disables OSPF on a router interface.
Default
disabled
Syntax
[no] ip ospf
Mode
Interface Config
299
1583compatibility
1583compatibility
This command enables OSPF 1583 compatibility.
The no version of this command disables OSPF 1583 compatibility.
Note: 1583 compatibility mode is enabled by default. If all OSPF routers in
the routing domain are capable of operating according to RFC 2328, OSPF
1583 compatibility mode should be disabled.
Default
enabled
Syntax
[no] 1583compatibility
Mode
Router OSPF Config
area authentication
This command specifies the authentication type to be used for the specified area id.
The no version of this command sets the default authentication type to be used for the
specified area id.
Default
none
Syntax
[no] area <areaid> authentication {none | simple | encrypt}

no area <areaid> authentication
Mode
Router OSPF Config
area default-cost
This command configures the monetary default cost for the stub area. The operator must
specify the area id and an integer value between 1-16777215.
Syntax
Mode
300
area <areaid> default-cost <1-16777215>

Router OSPF Config
OSPF Commands
area nssa
area nssa
This command configures the specified areaid to function as an NSSA.
The no version of this command disables nssa from the specified area id.
Syntax
Mode
[no] area <areaid> nssa
Router OSPF Config
area nssa default-info-originate

This command configures the metric value and type for the default route advertised into the
NSSA. The optional metric parameter specifies the metric of the default route and is to be in a
range of 1-16777215. If no metric is specified, the default value is ****. The metric type can
be comparable (nssa-external 1) or non-comparable (nssa-external 2).
Syntax
Mode
area <areaid> nssa default-info-originate [<metric>] [{comparable |

non-comparable}]
Router OSPF Config
area nssa no-redistribute (OSPF)

This command configures the NSSA ABR so that learned external routes will not be
redistributed to the NSSA.
Syntax
Mode
area <areaid> nssa no-redistribute
Router OSPF Config
area nssa no-summary (OSPF)

This command configures the NSSA so that summary LSAs are not advertised into the NSSA
Syntax
Mode
area <areaid> nssa no-summary
Router OSPF Config
301
area nssa translator-role (OSPF)
area nssa translator-role (OSPF)

This command configures the translator role of the NSSA. A value of always will cause the
router to assume the role of the translator the instant it becomes a border router and a value of
candidate will cause the router to participate in the translator election process when it attains
border router status
Syntax
Mode
area <areaid> nssa translator-role {always | candidate}
Router OSPF Config
area nssa translator-stab-intv

This command configures the translator stability interval of the NSSA. The stabilityinterval is
the period of time that an elected translator continues to perform its duties after it determines
that its translator status has been deposed by another router.
Syntax
Mode
area <areaid> nssa translator-stab-intv <stabilityinterval>
Router OSPF Config
area range
This command creates a specified area range for a specified NSSA. The <ipaddr> is a valid IP
address. The <subnetmask> is a valid subnet mask. The lsdb type must be specified by either
summarylink or nssaexternallink, and the advertising of the area range can be optionally
allowed or suppressed.
The no version of this command deletes a specified area range.
Syntax
area <areaid> range <ipaddr> <subnetmask> {summarylink | nssaexternallink}

[advertise | not-advertise]
no area <areaid> range <ipaddr> <subnetmask>
Mode
302
Router OSPF Config
OSPF Commands
area stub
area stub
This command creates a stub area for the specified area ID. A stub area is characterized by the
fact that AS External LSAs are not propagated into the area. Removing AS External LSAs
and Summary LSAs can significantly reduce the link state database of routers within the stub
area.
The no version of this command deletes a stub area for the specified area ID.
Syntax
Mode
area <areaid> stub
Router OSPF Config
area stub summarylsa

This command configures the Summary LSA mode for the stub area identified by <areaid>.
The Summary LSA mode is configured as enabled.
The no version of this command configures the default Summary LSA mode for the stub area
identified by <areaid>.
Default
disabled
Syntax
[no] area <areaid> stub summarylsa
Mode
Router OSPF Config
area virtual-link
This command creates the OSPF virtual interface for the specified <areaid> and <neighbor>.
The <neighbor> parameter is the Router ID of the neighbor.
The no version of this command deletes the OSPF virtual interface from the given interface,
identified by <areaid> and <neighbor>. The <neighbor> parameter is the Router ID of the
neighbor.
Syntax
Mode
[no] area <areaid> virtual-link <neighbor>
Router OSPF Config
303
area virtual-link authentication
area virtual-link authentication

This command configures the authentication type and key for the OSPF virtual interface
identified by <areaid> and <neighbor>. The <neighbor> parameter is the Router ID of the
neighbor. The value for <type> is either none, simple, or encrypt. The [key] is composed of
standard displayable, non-control keystrokes from a Standard 101/102-key keyboard. The
authentication key must be 8 bytes or less if the authentication type is simple. If the type is
encrypt, the key may be up to 256 bytes. Unauthenticated interfaces do not need an
authentication key. If the type is encrypt, a key id in the range of 0 and 255 must be
specified.The default value for authentication type is none. Neither the default password key
nor the default key id are configured.
The no version of this command configures the default authentication type for the OSPF
virtual interface identified by <areaid> and <neighbor>. The <neighbor> parameter is the
Router ID of the neighbor.
Default
none
Syntax
area <areaid> virtual-link <neighbor> authentication {none | {simple <key>} |

{encrypt <key> <keyid>}}
no area <areaid> virtual-link <neighbor> authentication
Mode
Router OSPF Config
area virtual-link dead-interval

This command configures the dead interval for the OSPF virtual interface on the virtual
interface identified by <areaid> and <neighbor>. The <neighbor> parameter is the Router
ID of the neighbor. The range for <seconds> is 1 to 65535.
The no version of this command configures the default dead interval for the OSPF virtual
interface on the virtual interface identified by <areaid> and <neighbor>. The <neighbor>
parameter is the Router ID of the neighbor.
Default
40
Syntax
area <areaid> virtual-link <neighbor> dead-interval <1-65535>

no area <areaid> virtual-link <neighbor> dead-interval
Mode
304
Router OSPF Config
OSPF Commands
area virtual-link hello-interval
area virtual-link hello-interval

This command configures the hello interval for the OSPF virtual interface on the virtual
The no version of this command configures the default hello interval for the OSPF virtual
Default
10
Syntax
area <areaid> virtual-link <neighbor> hello-interval <1-65535>

no area <areaid> virtual-link <neighbor> hello-interval
Mode
Router OSPF Config
area virtual-link retransmit-interval

This command configures the retransmit interval for the OSPF virtual interface on the virtual
The no version of this command configures the default retransmit interval for the OSPF
virtual interface on the virtual interface identified by <areaid> and <neighbor>. The
<neighbor> parameter is the Router ID of the neighbor.
Default
Syntax
area <areaid> virtual-link <neighbor> retransmit-interval <0-3600>

no area <areaid> virtual-link <neighbor> retransmit-interval
Mode
Router OSPF Config
area virtual-link transmit-delay

This command configures the transmit delay for the OSPF virtual interface on the virtual
ID of the neighbor. The range for <seconds> is 0 to 3600 (1 hour).
305
default-information originate (OSPF)
The no version of this command configures the default transmit delay for the OSPF virtual
Default
Syntax
area <areaid> virtual-link <neighbor> transmit-delay <0-3600>

no area <areaid> virtual-link <neighbor> transmit-delay
Mode
Router OSPF Config
default-information originate (OSPF)

This command is used to control the advertisement of default routes.
The no version of this command is used to control the advertisement of default routes.
Default
metricunspecified; type2
Syntax
default-information originate [always] [metric <0-16777215>] [metric-type {1 | 2}

]
no default-information originate [metric] [metric-type]
Mode
Router OSPF Config
default-metric (OSPF)
This command is used to set a default for the metric of distributed routes.
The no version of this command is used to set a default for the metric of distributed routes.
Syntax
default-metric <1-16777215>
no default-metric
Mode
306
Router OSPF Config
OSPF Commands
distance ospf
distance ospf
This command sets the route preference value of OSPF in the router. Lower route preference
values are preferred when determining the best route. The type of OSPF can be intra, inter,
type-1, or type-2. The OSPF specification (RFC 2328) requires that preferences must be
given to the routes learned via OSPF in the following order: intra < inter < type-1 < type-2.
The range of preference is 0 to 255.
The no version of this command sets the default route preference value of OSPF in the router.
The type of OSPF can be intra, inter, type-1, or type-2. Syntax
Default
intra8; inter10; type-113; type-2150.
Syntax
disatance ospf {intra | inter | type1 | type2} <0-255>

no disatance ospf {intra | inter | type1 | type2}
Mode
Router OSPF Config
distribute-list out
This command is used to specify the access list to filter routes received from the source
protocol.
The no version of this command is used to specify the access list to filter routes received
from the source protocol.
Syntax
Mode
[no] distribute-list <1-199> out {rip | static | connected}
Router OSPF Config
exit-overflow-interval
This command configures the exit overflow interval for OSPF. It describes the number of
seconds after entering Overflow state that a router will wait before attempting to leave the
Overflow State. This allows the router to again originate non-default AS-external-LSAs.
When set to 0, the router will not leave Overflow State until restarted. The range for
<seconds> is 0 to 2147483647 seconds.
The no version of this command configures the default exit overflow interval for OSPF.
307
external-lsdb-limit
Default
Syntax
exit-overflow-interval <0-2147483647>
no exit-overflow-interval
Mode
Router OSPF Config
external-lsdb-limit
This command configures the external LSDB limit for OSPF. If the value is -1, then there is
no limit. When the number of non-default AS-external-LSAs in a router's link-state database
reaches the external LSDB limit, the router enters overflow state. The router never holds
more than the external LSDB limit non-default AS-external-LSAs in it database. The external
LSDB limit MUST be set identically in all routers attached to the OSPF backbone and/or any
regular OSPF area. The range for <limit> is -1 to 2147483647.
The no version of this command configures the default external LSDB limit for OSPF.
Default
-1
Syntax
external-lsdb-limit <-1-2147483647>
no external-lsdb-limit
Mode
Router OSPF Config
ip ospf areaid
This command sets the OSPF area to which the specified router interface belongs. The value
for <areaid> is an IP address, formatted as a 4-digit dotted-decimal number that uniquely
identifies the area to which the interface connects. Assigning an area id, which does not exist
on an interface, causes the area to be created with default values.
Syntax
Mode
308
ip ospf areaid <areaid>
Interface Config
OSPF Commands
ip ospf authentication
ip ospf authentication
This command sets the OSPF Authentication Type and Key for the specified interface.
The value of <type> is either none, simple or encrypt. The [key] is composed of standard
displayable, non-control keystrokes from a Standard 101/102-key keyboard. The
authentication key must be 8 bytes or less if the authentication type is simple. If the type is
encrypt, the key may be up to 256 bytes. If the type is encrypt a <keyid> in the range of 0 and
255 must be specified.
The no version of this command sets the default OSPF Authentication Type for the specified
interface.
Default
The default authentication type is none.
Default
The default password key is not configured. Unauthenticated interfaces do not need an
authentication key.
Default
The default keyid is not configured. Unauthenticated interfaces do not need an authentication
key id.
Syntax
ip ospf authentication {none | {simple <key>} | {encrypt <key> <keyid>}}

no ip ospf authentication
Mode
Interface Config
ip ospf cost
This command configures the cost on an OSPF interface. The <cost> parameter has a range
of 1 to 65535.
The no version of this command configures the default cost on an OSPF interface. The
<cost> parameter has a range of 1 to 65535.
Default
10
Syntax
ip ospf cost <1-5535>

no ip ospf cost
Mode
Interface Config
309
ip ospf dead-interval
ip ospf dead-interval
This command sets the OSPF dead interval for the specified interface.
The value for <seconds> is a valid positive integer, which represents the length of time in
seconds that a router's Hello packets have not been seen before its neighbor routers declare
that the router is down. The value for the length of time must be the same for all routers
attached to a common network. This value should be some multiple of the Hello Interval (i.e.
4).
Valid values range for <seconds> is from 1 to 2147483647.
The no version of this command sets the default OSPF dead interval for the specified
interface.
Default
40
Syntax
ip ospf dead-interval <1-2147483647>

no ip ospf dead-interval
Mode
Interface Config
ip ospf hello-interval
This command sets the OSPF hello interval for the specified interface.
The value for <seconds> is a valid positive integer, which represents the length of time in
seconds. The value for the length of time must be the same for all routers attached to a
network.
Valid values range from 1 to 65535.
The no version of this command sets the default OSPF hello interval for the specified
interface.
Default
10
Syntax
ip ospf hello-interval <1-65535>

no ip ospf hello-interval
Mode
310
Interface Config
OSPF Commands
ip ospf priority
ip ospf priority
This command sets the OSPF priority for the specified router interface. The priority of the
interface is a priority integer from 0 to 255.
A value of '0' indicates that the router is not eligible to become the designated router on this
network.
The no version of this command sets the default OSPF priority for the specified router
interface.
Default
1, which is the highest router priority.
Syntax
ip ospf priority <0-255>

no ip ospf priority
Mode
Interface Config
ip ospf retransmit-interval
This command sets the OSPF retransmit Interval for the specified interface. The retransmit
interval is specified in seconds.
The value for <seconds> is the number of seconds between link-state advertisement
retransmissions for adjacencies belonging to this router interface. This value is also used
when retransmitting database and link-state request packets.
Valid values range from 0 to 3600 (1 hour).
The no version of this command sets the default OSPF retransmit Interval for the specified
interface.
Default
Syntax
ip ospf retransmit-interval <0-3600>

no ip ospf retransmit-interval
Mode
Interface Config
311
ip ospf transmit-delay
ip ospf transmit-delay
This command sets the OSPF Transit Delay for the specified interface. The transmit delay is
specified in seconds. In addition, it sets the estimated number of seconds it takes to transmit a
link state update packet over this interface.
Valid values for <seconds> range from 1 to 3600 (1 hour).
The no version of this command sets the default OSPF Transit Delay for the specified
interface.
Default
Syntax
ip ospf transmit-delay <1-3600>

no ip ospf transmit-delay
Mode
Interface Config
ip ospf mtu-ignore
This command disables OSPF maximum transmission unit (MTU) mismatch detection.
OSPF Database Description packets specify the size of the largest IP packet that can be sent
without fragmentation on the interface. When a router receives a Database Description
packet, it examines the MTU advertised by the neighbor. By default, if the MTU is larger than
the router can accept, the Database Description packet is rejected and the OSPF adjacency is
not established.
The no version of this command enables the OSPF MTU mismatch detection.
Default
Enabled
Syntax
[no] ip ospf mtu-ignore
Mode
Interface Config
router-id
This command sets a 4-digit dotted-decimal number uniquely identifying the router ospf id.
The <ipaddress> is a configured value.
Syntax
312
router-id <ipaddress>
OSPF Commands
redistribute
Mode
Router OSPF Config
redistribute
This command configures OSPF protocol to redistribute routes from the specified source
protocol/routers.
The no version of this command configures OSPF protocol to redistribute routes from the
specified source protocol/routers.
Default
metricunspecified; type2; tag0
Syntax
redistribute {rip | static | connected} [metric <0-16777215>] [metric-type {1 | 2}]

[tag <0-4294967295>] [subnets]
no redistribute {rip | static | connected} [metric] [metric-type] [tag] [subnets]
Mode
Router OSPF Config
maximum-paths
This command sets the number of paths that OSPF can report for a given destination where
maxpaths is platform dependent.
The no version of this command resets the number of paths that OSPF can report for a given
destination back to its default value.
Default
Syntax
maximum-paths <maxpaths>
no maximum-paths
Mode
OSPF Router Config
show ip ospf
This command displays information relevant to the OSPF router. This command takes no
options.
313
show ip ospf
Syntax
Mode
show ip ospf
Privileged EXEC
Router IDIs a 32 bit integer in dotted decimal format identifying the router, about which information is
displayed. This is a configured value.
OSPF Admin ModeThe administrative mode of OSPF in the router. This is a configured value.
ASBR ModeReflects whether the ASBR mode is enabled or disabled. Enable implies that the router is
an autonomous system border router. Router automatically becomes an ASBR when it is configured to
redistribute routes learnt from other protocol. The possible values for the ASBR status is enabled (if the
router is configured to re-distribute routes learnt by other protocols) or disabled (if the router is not
configured for the same).
RFC 1583 CompatibilityReflects whether 1583 compatibility is enabled or disabled. This is a
configured value.
Default-metricRDefault value for redistributed routes.
SourceSource protocol/routes that are being redistributed.
Metric-valueMetric of the routes being redistributed.
Type-valueExternal Type 1 or External Type 2 routes.
Tag-valueDecimal value attached to each external route.
SubnetsFor redistributing routes into OSPF, the scope of redistribution for the specified protocol.
Distribute-listTAccess list used to filter redistributed routes.
Default-info originateIndicates whether the default routes received from other source protocols are
advertised or not
The information below will only be displayed if OSPF is enabled.

ABR StatusReflects the whether or not the router is an OSPF Area Border Router.
Exit Overflow IntervalThe number of seconds that, after entering OverflowState, a router will attempt
to leave OverflowState.
External LSA countThe number of external (LS type 5) link-state advertisements in the link-state
database.
External LSA ChecksumA number which represents the sum of the LS checksums of external
link-state advertisements contained in the link-state database.
New LSAs OriginatedThe number of new link-state advertisements that have been originated.
LSAs ReceivedThe number of link-state advertisements received determined to be new
instantiations.
External LSDB LimitThe maximum number of non-default AS-external-LSAs entries that can be
stored in the link-state database.
Max PathsMaximum number of paths that OSPF can report for a given destination.
314
OSPF Commands
show ip ospf area
show ip ospf area

This command displays information about the area. The <areaid> identifies the OSPF area
that is being displayed.
Syntax
Mode
show ip ospf area <areaid>

AreaIDIs the area id of the requested OSPF area.
Aging IntervalIs a number representing the aging interval for this area.
External RoutingIs a number representing the external routing capabilities for this area.
Authentication TypeIs the configured authentication type to use for this area.
Spf RunsIs the number of times that the intra-area route table has been calculated using this area's
link-state database.
Area Border Router CountThe total number of area border routers reachable within this area.
Area LSA CountTotal number of link-state advertisements in this area's link-state database, excluding
AS External LSA's.
Area LSA ChecksumA number representing the Area LSA Checksum for the specified AreaID
excluding the external (LS type 5) link-state advertisements.
Stub ModeRepresents whether the specified Area is a stub area or not. The possible values are
enabled and disabled. This is a configured value.
Import Summary
LSAs
Metric ValueIs a number representing the Metric Value for the specified area.
Metric TypeIs the Default Metric Type for the specified Area.
show ip ospf database

This command displays the link state database. This command takes no options. The
information below will only be displayed if OSPF is enabled.
Syntax
Mode
show ip ospf database

Router IDIs a 32 bit dotted decimal number representing the LSDB interface.
Area IDIs the IP address identifying the router ID.
LSA TypeThe types are: router, network, ipnet sum, asbr sum, as external, group member, tmp 1, tmp
2, opaque link, opaque area.
315
show ip ospf interface
LS IDIs a number that "uniquely identifies an LSA that a router originates from all other self originated
LSA's of the same LS type."
AgeIs a number representing the age of the link state advertisement in seconds.
SequenceIs a number that represents which LSA is more recent.
ChecksumIs to total number LSA checksum.
OptionsThis is an integer. It indicates that the LSA receives special handling during routing
calculations.
show ip ospf interface

This command displays the information for the IFO object or virtual interface tables.
Syntax
Mode
show ip ospf interface <unit/slot/port>

IP AddressRepresents the IP address for the specified interface. This is a configured value.
Subnet MaskIs a mask of the network and host portion of the IP address for the OSPF interface. This
value was configured into the unit. This is a configured value.
OSPF Admin ModeStates whether OSPF is enabled or disabled on a router interface. This is a
configured value.
OSPF Area IDRepresents the OSPF Area Id for the specified interface. This is a configured value.
Router PriorityA number representing the OSPF Priority for the specified interface. This is a
configured value.
Retransmit IntervalA number representing the OSPF Retransmit Interval for the specified interface.
Hello IntervalA number representing the OSPF Hello Interval for the specified interface. This is a
configured value.
Dead IntervalA number representing the OSPF Dead Interval for the specified interface. This is a
configured value.
LSA Ack IntervalA number representing the OSPF LSA Acknowledgement Interval for the specified
interface.
Transit Delay IntervalA number representing the OSPF Transit Delay for the specified interface. This
is a configured value.
Authentication TypeThe OSPF Authentication Type for the specified interface are: none, simple, and
encrypt. This is a configured value.
The information below will only be displayed if OSPF is enabled.

316
OSPF Commands
show ip ospf interface brief
OSPF Interface TypeBroadcast LANs, such as Ethernet and IEEE 802.5, take the value 'broadcast'.
The OSPF Interface Type will be 'broadcast'.
StateThe OSPF Interface States are: down, loopback, waiting, point-to-point, designated router, and
backup designated router. This is the state of the OSPF interface.
Designated RouterIs the router ID representing the designated router.
Backup Designated RouterIs the router ID representing the backup designated router.
Number of Link EventThe number of link events.
Metric CostIs the cost of the ospf interface. This is a configured value.

This command displays brief information for the IFO object or virtual interface tables. This
command takes no options.
Syntax
Mode

OSPF Admin ModeStates whether OSPF is enabled or disabled on a router interface. This is a
configured value.
OSPF Area IDRepresents the OSPF Area Id for the specified interface. This is a configured value.
Router PriorityA number representing the OSPF Priority for the specified interface. This is a
configured value.
Hello IntervalA number representing the OSPF Hello Interval for the specified interface. This is a
configured value.
Dead IntervalA number representing the OSPF Dead Interval for the specified interface. This is a
configured value.
Retransmit IntervalA number representing the OSPF Retransmit Interval for the specified interface.
Transit Delay IntervalA number representing the OSPF Transit Delay for the specified interface. This
LSA Ack IntervalA number representing the OSPF LSA Acknowledgement Interval for the specified
interface.
317
show ip ospf interface stats
show ip ospf interface stats

This command displays the statistics for a specific interface. The information below will only
be displayed if OSPF is enabled.
Syntax
Mode
show ip ospf interface stats <unit/slot/port>

OSPF Area IDThe area id of this OSPF interface.
Spf RunsThe number of times that the intra-area route table has been calculated using this area's
link-state database.
Area Border Router CountThe total number of area border routers reachable within this area. This is
initially zero, and is calculated in each SPF pass.
AS Border Router CountThe total number of Autonomous System border routers reachable within this
area.
Area LSA CountThe total number of link-state advertisements in this area's link-state database,
excluding AS External LSAs.
IP AddressThe IP address associated with this OSPF interface.
OSPF Interface EventsThe number of times the specified OSPF interface has changed its state, or an
error has occurred.
Virtual EventsThe number of state changes or errors that occurred on this virtual link.
Neighbor EventsThe number of times this neighbor relationship has changed state, or an error has
occurred.
External LSA CountThe number of external (LS type 5) link-state advertisements in the link-state
database.
LSAs ReceivedThe number of LSAs received.
Originate New LSAsThe number of LSAs originated.
show ip ospf neighbor

This command displays the OSPF neighbor table list. When a particular neighbor ID is
specified, detailed information about a neighbor is given. The information below will only be
displayed if OSPF is enabled and the interface has a neighbor. The IP address is the IP address
of the neighbor.
Syntax
Mode
318
show ip ospf neighbor <ipaddr> <unit/slot/port>

OSPF Commands
show ip ospf neighbor
InterfaceValid unit, slot and port number separated by forward slashes..

Router IdIs a 4-digit dotted-decimal number identifying neighbor router.
OptionsAn integer value that indicates the optional OSPF capabilities supported by the neighbor. The
neighbor's optional OSPF capabilities are also listed in its Hello packets. This enables received Hello
Packets to be rejected (i.e., neighbor relationships will not even start to form) if there is a mismatch in
certain crucial OSPF capabilities.
Router PriorityDisplays the OSPF priority for the specified interface. The priority of an interface is a
priority integer from 0 to 255. A value of '0' indicates that the router is not eligible to become the
designated router on this network.
StateThe types are:
Downinitial state of the neighbor conversation - no recent information has been received from the
neighbor.
Attemptno recent information has been received from the neighbor but a more concerted effort should
be made to contact the neighbor.
Initan Hello packet has recently been seen from the neighbor, but bi-directional communication has
not yet been established.
2 waycommunication between the two routers is bi-directional.
Exchange startthe first step in creating an adjacency between the two neighboring routers, the goal is
to decide which router is the master and to decide upon the initial DD sequence number.
Exchangethe router is describing its entire link state database by sending Database Description
packets to the neighbor.
LoadingLink State Request packets are sent to the neighbor asking for the more recent LSAs that
have been discovered (but not yet received) in the Exchange state.
Fullthe neighboring routers are fully adjacent and they will now appear in router-LSAs and
network-LSAs.
Events
The number of times this neighbor relationship has changed state, or an error has occurred.
PermanenceThis variable displays the status of the entry, either dynamic or permanent. This refers to
how the neighbor became known.
Hellos SuppressedThis indicates whether Hellos are being suppressed to the neighbor. The types are
enabled and disabled.
Retransmission Queue LengthIs an integer representing the current length of the retransmission
queue of the specified neighbor router Id of the specified interface.
319
show ip ospf neighbor brief
show ip ospf neighbor brief

This command displays the OSPF neighbor table list. When a particular neighbor ID is
specified, detailed information about a neighbor is given. The information below will only be
displayed if OSPF is enabled.
Syntax
Mode
show ip ospf neighbor brief {<unit/slot/port> | all}

Router IDA 4 digit dotted decimal number representing the neighbor interface.
IP AddressAn IP address representing the neighbor interface.
Neighbor Interface IndexIs a unit/slot/port identifying the neighbor interface index.
show ip ospf range

This command displays information about the area ranges for the specified <areaid>. The
<areaid> identifies the OSPF area whose ranges are being displayed.
Syntax
Mode
show ip ospf range <areaid>

Area IDThe area id of the requested OSPF area.
IP AddressAn IP Address which represents this area range.
Subnet MaskA valid subnet mask for this area range.
Lsdb TypeThe type of link advertisement associated with this area range.
AdvertisementThe status of the advertisement. Advertisement has two possible settings: enabled or
disabled.
show ip ospf stub table

This command displays the OSPF stub table. The information below will only be displayed if
OSPF is initialized on the switch.
Syntax
Mode
320
show ip ospf stub table

OSPF Commands
show ip ospf virtual-link
Area IDIs a 32-bit identifier for the created stub area.

Type of ServiceIs the type of service associated with the stub metric. SFTOS only supports Normal
TOS.
Metric ValThe metric value is applied based on the TOS. It defaults to the least metric of the type of
service among the interfaces to other areas. The OSPF cost for a route is a function of the metric value.
Metric TypeIs the type of metric advertised as the default route.
Import Summary LSAControls the import of summary LSAs into stub areas.
show ip ospf virtual-link

This command displays the OSPF Virtual Interface information for a specific area and
neighbor. The <areaid> parameter identifies the area and the <neighbor> parameter identifies
the neighbor's Router ID.
Syntax
Mode
show ip ospf virtual-link <areaid> <neighbor>

Area IDThe area id of the requested OSPF area.
Neighbor Router IDThe input neighbor Router ID.
Hello IntervalThe configured hello interval for the OSPF virtual interface.
Dead IntervalThe configured dead interval for the OSPF virtual interface.
Iftransit Delay IntervalThe configured transit delay for the OSPF virtual interface.
Retransmit IntervalThe configured retransmit interval for the OSPF virtual interface.
Authentication TypeThe configured authentication type of the OSPF virtual interface.
StateThe OSPF Interface States are: down, loopback, waiting, point-to-point, designated router, and
backup designated router. This is the state of the OSPF interface.
Neighbor StateThe neighbor state.
show ip ospf virtual-link brief

This command displays the OSPF Virtual Interface information for all areas in the system.
321
trapflags
Syntax
Mode
show ip ospf virtual-link brief

Area IdIs the area id of the requested OSPF area.
NeighborIs the neighbor interface of the OSPF virtual interface.
Hello IntervalIs the configured hello interval for the OSPF virtual interface.
Dead IntervalIs the configured dead interval for the OSPF virtual interface.
Retransmit IntervalIs the configured retransmit interval for the OSPF virtual interface.
Transit DelayIs the configured transit delay for the OSPF virtual interface.
trapflags
This command enables OSPF traps.
The no version of this command disables OSPF traps.
Default
enabled
Syntax
[no] trapflags
Mode
Router OSPF Config
Routing Information Protocol (RIP) Commands

This chapter provides a detailed explanation of the RIP commands. The commands are
322
switch.
OSPF Commands
enable (RIP)
enable (RIP)
This command resets the default administrative mode of RIP in the router (active).
The no version of this command sets the administrative mode of RIP in the router to inactive.
Default
enabled
Syntax
[no] enable
Mode
Router RIP Config
ip rip
This command enables RIP on a router interface.
The no version of this command disables RIP on a router interface.
Default
disabled
Syntax
[no] ip rip
Mode
Interface Config
auto-summary
This command enables the RIP auto-summarization mode.
The no version of this command disables the RIP auto-summarization mode.
Default
enabled
Syntax
[no] auto-summary
Mode
Router RIP Config
323
default-information originate (RIP)
default-information originate (RIP)

The no version of this command is used to control the advertisement of default routes.
Syntax
Mode
[no] default-information originate
Router RIP Config
default-metric (RIP)
This command is used to set a default for the metric of distributed routes.
The no version of this command is used to reset the default metric of distributed routes to its
default value.
Syntax
default-metric <0-15>
no default-metric
Mode
Router RIP Config
distance rip
This command sets the route preference value of RIP in the router. Lower route preference
values are preferred when determining the best route.
The no version of this command sets the default route preference value of RIP in the router.
Default
15
Syntax
distance rip <0-255>

no distance rip
Mode
324
Router RIP Config
OSPF Commands
distribute-list out
distribute-list out
This command is used to specify the access list to filter routes received from the source
protocol.
The no version of this command is used to specify the access list to filter routes received
from the source protocol.
Default
Syntax
[no] distribute-list <1-199> out {ospf | static | connected}
Mode
Router RIP Config
no default-information originate
Syntax
Mode
no default-information originate
Router RIP Config
ip rip authentication
This command sets the RIP Version 2 Authentication Type and Key for the specified
interface. The value of <type> is either none, simple, or encrypt.
The value for authentication key [key] must be 16 bytes or less. The [key] is composed of
standard displayable, non-control keystrokes from a Standard 101/102-key keyboard. If the
value of <type> is encrypt, a keyid in the range of 0 and 255 must be specified.
The no version of this command sets the default RIP Version 2 Authentication Type.
Default
The default authentication type is none.
Default
The default password key is an empty string. Unauthenticated interfaces do not need an
authentication key.
Default
The default key id is not defined. Unauthenticated interfaces do not need an authentication
key id.
Syntax
ip rip authentication {none | {simple <key>} | {encrypt <key> <keyid>}}
325
ip rip receive version

no ip rip authentication
Mode
Interface Config
ip rip receive version

This command configures the interface to allow RIP control packets of the specified
version(s) to be received.
The value for <mode> is one of: rip1 to receive only RIP version 1 formatted packets, rip2
for RIP version 2, both to receive packets from either format, or none to not allow any RIP
control packets to be received.
The no version of this command configures the interface to allow RIP control packets of the
default version(s) to be received.
Default
both
Syntax
ip rip receive version {rip1 | rip2 | both | none}

no ip rip receive version
Mode
Interface Config
ip rip send version

This command configures the interface to allow RIP control packets of the specified version
to be sent.
The value for <mode> is one of: rip1 to broadcast RIP version 1 formatted packets, rip1c
(RIP version 1 compatibility mode) which sends RIP version 2 formatted packets via
broadcast, rip2 for sending RIP version 2 using multicast, or none to not allow any RIP
control packets to be sent.
The no version of this command configures the interface to allow RIP control packets of the
default version to be sent.
Default
rip2
Syntax
ip rip send version {rip1 | rip1c | rip2 | none}

no ip rip send version
326
OSPF Commands
hostroutesaccept
Mode
Interface Config
hostroutesaccept
This command enables the RIP hostroutesaccept mode.
The no version of this command disables the RIP hostroutesaccept mode.
Default
enabled
Syntax
[no] hostroutesaccept
Mode
Router RIP Config
split-horizon
This command sets the RIP split horizon mode.
The no version of this command sets the default RIP split horizon mode.
Default
simple
Syntax
[no] split-horizon {none | simple | poison}
Mode
Router RIP Config
redistribute
This command configures RIP protocol to redistribute routes from the specified source
protocol/routers. There are five possible match options. When you submit the command
redistribute ospf match <match-type> the match-type or types specified are added to any
match types presently being redistributed. Internal routes are redistributed by default.
The no version of this command de-configures RIP protocol to redistribute routes from the
specified source protocol/routers.
Default
metricnot-configured; matchinternal
327
show ip rip
Syntax for OSPF

as source
protocol
redistribute ospf [metric <0-15>] [match [internal] [external 1] [external 2]

[nssa-external 1] [nssa-external-2]]
no redistribute {ospf | static | connected} [metric] [match [internal] [external 1]
[external 2] [nssa-external 1] [nssa-external-2]]
Syntax for other

source protocol
Mode
redistribute {static | connected} [metric <0-15>]
Router RIP Config
show ip rip
This command displays information relevant to the RIP router.
Syntax
Mode
show ip rip
Privileged
EXEC and User EXEC
RIP Admin ModeSelect enable or disable from the pulldown menu. If you select enable RIP will be
enabled for the switch. The default is disable.
Split Horizon ModeSelect none, simple or poison reverse from the pulldown menu. Split horizon is a
technique for avoiding problems caused by including routes in updates sent to the router from which the
route was originally learned. The options are: None - no special processing for this case. Simple - a
route will not be included in updates sent to the router from which it was learned. Poisoned reverse - a
route will be included in updates sent to the router from which it was learned, but the metric will be set to
infinity. The default is simple
Auto Summary ModeSelect enable or disable from the pulldown menu. If you select enable groups of
adjacent routes will be summarized into single entries, in order to reduce the total number of entries The
default is enable.
Host Routes Accept ModeSelect enable or disable from the pulldown menu. If you select enable the
router will be accept host routes. The default is enable.
Global Route ChangesThe number of route changes made to the IP Route Database by RIP. This
does not include the refresh of a route's age.
Global queriesThe number of responses sent to RIP queries from other systems.Default Metric
Sets a default for the metric of redistributed routes.This field displays the default metric if one has
already been set or blank if not configured earlier. The valid values are (1 to 15)
Default MetricSets a default for the metric of redistributed routes.This field displays the default metric
if one has already been set or blank if not configured earlier. The valid values are (1 to 15)
Default Route AdvertiseThe default route.
328
OSPF Commands
show ip rip interface brief

This command displays general information for each RIP interface. For this command to
display successful results routing must be enabled per interface (i.e. ip rip).
Syntax
Mode

IP AddressThe IP source address used by the specified RIP interface.
Send VersionThe RIP version(s) used when sending updates on the specified interface. The types
are none, RIP-1, RIP-1c, RIP-2.
Receive VersionThe RIP version(s) allowed when receiving updates from the specified interface. The
types are none, RIP-1, RIP-2, Both
RIP ModeRIP administrative mode of router RIP operation; enable activates, disable de-activates it.
Link StateThe mode of the interface (up or down).
show ip rip interface

This command displays information related to a particular RIP interface.
Syntax
Mode
show ip rip interface <unit/slot/port>

InterfaceValid unit, slot and port number separated by forward slashes. This is a configured value.
IP AddressThe IP source address used by the specified RIP interface. This is a configured value.
Send versionThe RIP version(s) used when sending updates on the specified interface. The types are
none, RIP-1, RIP-1c, RIP-2. This is a configured value.
Receive versionThe RIP version(s) allowed when receiving updates from the specified interface. The
types are none, RIP-1, RIP-2, Both. This is a configured value.
Both RIP Admin ModeRIP administrative mode of router RIP operation; enable activates, disable
de-activates it. This is a configured value.
Link StateIndicates whether the RIP interface is up or down. This is a configured value.
Authentication TypeThe RIP Authentication Type for the specified interface. The types are none,
simple, and encrypt. This is a configured value.
329
show ip rip interface
Default MetricA number which represents the metric used for default routes in RIP updates originated
on the specified interface. This is a configured value.
The following information will be invalid if the link state is down.

Bad Packets ReceivedThe number of RIP response packets received by the RIP process which were
subsequently discarded for any reason.
Bad Routes ReceivedThe number of routes contained in valid RIP packets that were ignored for any
reason.
Updates SentThe number of triggered RIP updates actually sent on this interface.
330
OSPF Commands
Chapter 29
IP Multicast Commands
This chapter provides a detailed explanation of the IP Multicast commands. The following IP
Multicast CLI commands are available in the SFTOS software IP Multicast module.
ip mcast boundary
This command adds an administrative scope multicast boundary specified by groupipaddr
and mask for which this multicast administrative boundary is applicable. groupipaddr is a
group IP address and mask is a group IP mask.
The no version of this command deletes an administrative scope multicast boundary
specified by groupipaddr and mask for which this multicast administrative boundary is
applicable. groupipaddr is a group IP address and mask is a group IP mask.
Syntax
ip mcast boundary groupipaddr mask

no ip mcast boundary groupipaddr mask
Mode
Interface Config
ip multicast
This command sets the administrative mode of the IP multicast forwarder in the router to
active . For multicast routing to become operational, IGMP must be currently enabled. An
error message will be displayed on the CLI if multicast routing is enabled while IGMP is
disabled. However, the IP multicast mode configuration is stored in the multicast
configuration file and is automatically enabled once IGMP is enabled.
The no version of this command sets the administrative mode of the IP multicast forwarder in
the router to inactive . For multicast routing to become operational, IGMP must be currently
enabled. An error message will be displayed on the CLI if multicast routing is enabled while
IGMP is disabled. However, the IP multicast mode configuration is stored in the multicast
configuration file and is automatically enabled once IGMP is enabled.
331
ip multicast staticroute
Default
disabled
Syntax
[no] ip multicast
Mode
Global Config
ip multicast staticroute
This command creates a static route which is used to perform RPF checking in multicast
packet forwarding. The combination of the sourceipaddr and the mask fields specify the
network IP address of the multicast packet source. The groupipaddr is the IP address of the
next hop toward the source. The metric is the cost of the route entry for comparison with
other routes to the source network and is a value in the range of 0 and 255. The current
incoming interface is used for RPF checking for multicast packets matching this multicast
static route entry.
The no version of this command deletes a static route in the static mcast table. The
sourceipaddr is the IP address of the multicast packet source.
Default
none
Syntax
ip multicast staticroute sourceipaddr mask rpfipaddr metric unit/slot/port

no ip multicast staticroute sourceipaddr
Mode
Global Config
ip multicast ttl-threshold
This command applies the given ttlthreshold to a routing interface. The ttlthreshold is the
TTL threshold which is to be applied to the multicast Data packets which are to be forwarded
from the interface. The value for ttlthreshold has range from 0 to 255.
The no version of this command applies the default ttlthreshold to a routing interface. The
ttlthreshold is the TTL threshold which is to be applied to the multicast Data packets which
are to be forwarded from the interface.
Default
Syntax
ip multicast ttl-threshold ttlvalue

no ip multicast ttl-threshold
332
disable ip multicast mdebug mtrace
Mode
Interface Config
disable ip multicast mdebug mtrace

This command is used to disable the processing capability of mtrace query on this router. If
the mode is enable, the mtrace queries received by the router are processed and forwarded
appropriately by the router. If the mode is disable, this router does not respond to the mtrace
queries it receives from other router devices.
The no version of this command is used to enable the processing capability of mtrace query
on this router. If the mode is enable, the mtrace queries received by the router are processed
and forwarded appropriately by the router. If the mode is disable, this router does not respond
to the mtrace queries it receives from other router devices.
Default
none
Syntax
[no] disable ip multicast mdebug mtrace
Mode
Global Config
mrinfo
This command is used to query the neighbor information of a multicast-capable router
specified by [ipaddr]. The default value is the IP address of the system at which the
command is issued. The mrinfo command can take up to 2 minutes to complete. Only one
mrinfo command may be in process at a time. The results of this command will be available
in the results bufferpool which can be displayed by using show mrinfo.
Default
none
Syntax
mrinfo [ipaddr]
Mode
Privileged EXEC
333
mstat
mstat
This command is used to find the packet rate and loss information path from a source to a
receiver (unicast router id of the host running mstat). The results of this command will be
available in the results bufferpool which can be displayed by using show mstat. If a debug
command is already in progress, a message is displayed and the new request fails.
The source is the IP Address of the remote multicast-capable source. The [receiver] is the IP
address of the receiver. The default value is the IP address of system at which the command is
issued. The [group] is a multicast address of the group to be displayed. Default value is
224.2.0.1
Default
none
Syntax
mstat source [group] [receiver]
Mode
Privileged EXEC
mtrace
This command is used to find the multicast path from a source to a receiver (unicast router ID
of the host running mtrace). A trace query is passed hop-by-hop along the reverse path from
the receiver to the source, collecting hop addresses, packet counts, and routing error
conditions along the path, and then the response is returned to the requestor. The results of
this command will be available in the results buffer pool which can be displayed by using
show mtrace.
The source is the IP Address of the remote multicast-capable source. The [receiver] is the
IP address of the receiver. The default value is the IP address of system at which the
command is issued. The [group] is the multicast address of the group to be displayed. The
default value is 224.2.0.1
If a debug command is already in execution, a message is displayed and the new request fails.
Default
none
Syntax
mtrace sourceipaddr [destination] [group]
Mode
334
Privileged EXEC
no ip mcast mroute
no ip mcast mroute
This command is used to clear entries in the mroute table. The all parameters is used to clear
all entries.
The source parameter is used to clear the routes in the mroute table entries containing the
specified sourceipaddr or sourceipaddr [groupipaddr] pair. The source address is the
source IP address of the multicast packet. The group address is the Group Destination IP
address of the multicast packet.
The group parameter is used to clear the routes in the mroute table entries containing the
specified groupipaddr. The group address is the Group Destination IP address of the
multicast packet.
Default
none
Syntax
no ip mcast mroute {group groupipaddr | source sourceipaddr [groupipaddr] | all}
Mode
Global Config
show ip mcast
This command displays the system-wide multicast information.
Syntax
Mode
show ip mcast

Admin ModeThis field displays the administrative status of multicast. This is a configured value.
Protocol StateThis field indicates the current state of the multicast protocol. Possible values are
Operational or Non-Operational.
Table Max SizeThis field displays the maximum number of entries allowed in the multicast table.
Number Of Packets For Which Source Not FoundThis displays the number of packets for which the
source is not found.
Number Of Packets For Which Group Not FoundThis displays the number of packets for which the
group is not found.
ProtocolThis field displays the multicast protocol running on the router. Possible values are PIMDM,
PIMSM, or DVMRP.
Entry CountThis field displays the number of entries in the multicast table.
Highest Entry CountThis field displays the highest entry count in the multicast table.
335
show ip mcast boundary
show ip mcast boundary

This command displays all the configured administrative scoped multicast boundaries.
Syntax
Mode
show ip mcast boundary {unit/slot/port | all}

Group IpThe group IP address
MaskThe group IP mask
show ip mcast interface

This command displays the multicast information for the specified interface.
Syntax
Mode
show ip mcast interface unit/slot/port

TTLThis field displays the time-to-live value for this interface.
show ip mcast mroute

This command displays a summary or all the details of the multicast table.
Syntax
Mode
show ip mcast mroute {detail | summary}

If the detail parameter is specified, the following fields are displayed:
Source IP AddrThis field displays the IP address of the multicast data source.
Group IP AddrThis field displays the IP address of the destination of the multicast packet.
Expiry TimeThis field displays the time of expiry of this entry in seconds.
Up TimeThis field displays the time elapsed since the entry was created in seconds.
336
show ip mcast mroute group
RPF NeighborThis field displays the IP address of the RPF neighbor.

FlagsThis field displays the flags associated with this entry.
If the summary parameter is specified, the following fields are displayed:

ProtocolThis field displays the multicast routing protocol by which this entry was created.
Incoming InterfaceThis field displays the interface on which the packet for this source/group arrives.
Outgoing Interface ListThis field displays the list of outgoing interfaces on which this packet is
forwarded.
show ip mcast mroute group

This command displays the multicast configuration settings such as flags, timer settings,
incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the
entries in the multicast mroute table containing the given groupipaddr.
Syntax
Mode
show ip mcast mroute group groupipaddr {detail |summary}

Incoming InterfaceThis field displays the interface on which the packet for this group arrives.
forwarded.
show ip mcast mroute source

This command displays the multicast configuration settings such as flags, timer settings,
incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the
entries in the multicast mroute table containing the given sourceipaddr or sourceipaddr
[groupipaddr] pair.
Syntax
show ip mcast mroute source sourceipaddr {summary | groupipaddr}
337
show ip mcast mroute static
Mode

If the detail parameter is specified the follow fields are displayed:
Expiry TimeThis field displays the time of expiry of this entry in seconds.
Up TimeThis field displays the time elapsed since the entry was created in seconds.
RPF NeighborThis field displays the IP address of the RPF neighbor.
FlagsThis field displays the flags associated with this entry.
If the summary parameter is specified the follow fields are displayed:

Incoming InterfaceThis field displays the interface on which the packet for this source arrives.
forwarded.
show ip mcast mroute static

This command displays all the static routes configured in the static mcast table if is specified
or displays the static route associated with the particular sourceipaddr.
Syntax
Mode
show ip mcast mroute static [sourceipaddr]

Source AddressThis field displays the IP address of the multicast packet source.
Source MaskThis field displays the mask applied to the IP address of the multicast packet source.
RPF AddressThis field displays the IP address to be used as RPF for the given source and mask.
MetricThis field displays the metric value corresponding to the source address.
338
show mrinfo
show mrinfo
This command is used to display the neighbor information of a multicast-capable router from
the results buffer pool of the router subsequent to the execution/completion of a mrinfo
[ipaddr] command. The results subsequent to the completion of the latest mrinfo will be
available in the bufferpool after a maximum duration of two minutes after the completion of
the show mrinfo command. A subsequent issue mrinfo will overwrite the contents of the
buffer pool with fresh results.
Default
none
Syntax
show mrinfo
Mode
Privileged EXEC
Router InterfaceThe IP address of this neighbor
NeighborThe neighbor associated with the router interface
MetricThe metric value associated with this neighbor
TTLThe TTL threshold associated with this neighbor
FlagsStatus of the neighbor
show mstat
This command is used to display the results of packet rate and loss information from the
results buffer pool of the router, subsequent to the execution/completion of a mstat source
[group] [receiver] command. Within two minutes of the completion of the mstat
command, the results will be available in the buffer pool. The next issuing of mstat would
overwrite the buffer pool with fresh results.
Default
none
Syntax
show mstat
Mode
Privileged EXEC
339
show mtrace
show mtrace
This command is used to display results of multicast trace path from the results bufferpool of
the router, subsequent to the execution/completion of a mtrace source [group] [receiver]
command. The results subsequent to the completion of the mtrace will be available in the
bufferpool within two minutes and thereafter. A subsequent mtrace command would
overwrite the results in the bufferpool.
Default
none
Syntax
show mtrace
Mode

Hops Away From DestinationThe ordering of intermediate routers between the source and the
destination
Intermediate Router AddressThe address of the intermediate router at the specified hop distance
Mcast Protocol In UseThe multicast routing protocol used for the out interface of the specified
intermediate router.
TTL ThresholdThe Time-To-Live threshold of the out interface on the specified intermediate router.
Time Elapsed Between Hops (msecs)The time between arrival at one intermediate router to the
arrival at the next.
Distance Vector Multicast Routing Protocol (DVMRP)

This section provides a detailed explanation of the DVMRP commands. The commands are
divided into the following different groups:
ip dvmrp
This command sets administrative mode of DVMRP in the router to active. IGMP must be
enabled before DVMRP can be enabled.
The no version of this command sets administrative mode of DVMRP in the router to
inactive. IGMP must be enabled before DVMRP can be enabled.
340
ip dvmrp metric
Default
disabled
Syntax
[no] ip dvmrp
Mode
Global Config
ip dvmrp metric
This command configures the metric for an interface. This value is used in the DVMRP
messages as the cost to reach this network. This field has a range of 1 to 63.
The no version of this command resets the metric for an interface to the default value. This
value is used in the DVMRP messages as the cost to reach this network.
Default
Syntax
ip dvmrp metric metric
Mode
Interface Config
ip dvmrp trapflags
This command enables the DVMRP trap mode.
The no version of this command disables the DVMRP trap mode.
Default
disabled
Syntax
[no] ip dvmrp trapflags
Mode
Global Config
ip dvmrp
This command sets administrative mode of DVMRP on an interface to active.
The no version of this command sets administrative mode of DVMRP on an interface to
inactive.
341
show ip dvmrp
Default
disabled
Syntax
[no] ip dvmrp
Mode
Interface Config
show ip dvmrp
This command displays the system-wide information for DVMRP.
Syntax
Mode
show ip dvmrp

Admin ModeThis field indicates whether DVMRP is enabled or disabled. This is a configured value.
Version StringThis field indicates the version of DVMRP being used.
Number of RoutesThis field indicates the number of routes in the DVMRP routing table.
Reachable RoutesThis field indicates the number of entries in the routing table with non-infinite
metrics.
The following fields are displayed for each interface.

Interface ModeThis field indicates the mode of this interface. Possible values are Enabled and
Disabled.
StateThis field indicates the current state of DVMRP on this interface. Possible values are Operational
or Non-Operational.
show ip dvmrp interface

This command displays the interface information for DVMRP on the specified interface.
Syntax
Mode
show ip dvmrp interface unit/slot/port

Interface ModeThis field indicates whether DVMRP is enabled or disabled on the specified interface.
MetricThis field indicates the metric of this interface. This is a configured value.
342
show ip dvmrp neighbor
Local AddressThis is the IP Address of the interface.
This Field is displayed only when DVMRP is operational on the interface.

Generation IDThis is the Generation ID value for the interface. This is used by the neighboring routers
to detect that the DVMRP table should be resent.
The following fields are displayed only if DVMRP is enabled on this interface.
Received Bad PacketsThis is the number of invalid packets received.
Received Bad RoutesThis is the number of invalid routes received.
Sent RoutesThis is the number of routes that have been sent on this interface.

This command displays the neighbor information for DVMRP.
Syntax
Mode

IfIndexThis field displays the value of the interface used to reach the neighbor.
Nbr IP AddrThis field indicates the IP Address of the DVMRP neighbor for which this entry contains
information.
StateThis field displays the state of the neighboring router. The possible value for this field are
ACTIVE or DOWN.
Up TimeThis field indicates the time since this neighboring router was learned.
Expiry TimeThis field indicates the time remaining for the neighbor to age out. This field is not
applicable if the State is DOWN.
Generation IDThis is the Generation ID value for the neighbor.
Major VersionThis shows the major version of DVMRP protocol of neighbor.
Minor VersionThis shows the minor version of DVMRP protocol of neighbor.
CapabilitiesThis shows the capabilities of neighbor.
Received RoutesThis shows the number of routes received from the neighbor.
Rcvd Bad PktsThis field displays the number of invalid packets received from this neighbor.
Rcvd Bad RoutesThis field displays the number of correct packets received with invalid routes.
343
show ip dvmrp nexthop

This command displays the next hop information on outgoing interfaces for routing multicast
datagrams.
Syntax
Mode

Source IPThis field displays the sources for which this entry specifies a next hop on an outgoing
interface.
Source MaskThis field displays the IP Mask for the sources for which this entry specifies a next hop
on an outgoing interface.
Next Hop InterfaceThis field displays the interface in unit/slot/port format for the outgoing
interface for this next hop.
TypeThis field states whether the network is a LEAF or a BRANCH.
show ip dvmrp prune

This command displays the table listing the routers upstream prune information.
Syntax
Mode
show ip dvmrp prune

Group IPThis field identifies the multicast Address that is pruned.
Source IPThis field displays the IP Address of the source that has pruned.
Source MaskThis field displays the network Mask for the prune source. It should be all 1s or both the
prune source and prune mask must match.
Expiry Time (secs)This field indicates the expiry time in seconds. This is the time remaining for this
prune to age out.
show ip dvmrp route

This command displays the multicast routing information for DVMRP.
Syntax
Mode
344
show ip dvmrp route

ip igmp version
Source AddressThis field displays the multicast address of the source group.
Source MaskThis field displays the IP Mask for the source group.
Upstream NeighborThis field indicates the IP Address of the neighbor which is the source for the
packets for a specified multicast address.
InterfaceThis field displays the interface used to receive the packets sent by the sources.
MetricThis field displays the distance in hops to the source subnet. This field has a different meaning
than the Interface Metric field.
Expiry Time(secs)This field indicates the expiry time in seconds. This is the time remaining for this
route to age out.
Up Time(secs)This field indicates the time when a specified route was learnt, in seconds.
Internet Group Management Protocol (IGMP)

This section provides a detailed explanation of the IGMPv2 commands. The commands are
ip igmp version
This command configures the version of IGMP for an interface. The value for <version> is
either 1, 2 or 3.
The no version of this command resets the version of IGMP for this interface.The version is
reset to the default value.
Default
Syntax
[no] ip igmp version <version>

no ip igmp version
Mode
Interface Config
345
ip igmp
ip igmp
This command sets the administrative mode of IGMP in the router to active.
The no version of this command sets the administrative mode of IGMP in the router to
inactive.
Default
disabled
Syntax
[no] ip igmp
Mode
Global Config
ip igmp last-member-query-count
This command sets the number of Group-Specific Queries sent before the router assumes that
there are no local members on the interface. The range for count is 1 to 20.
The no version of this command resets the number of Group-Specific Queries to the default
value.
Syntax
ip igmp last-member-query-count count

no ip igmp last-member-query-count
Mode
Interface Config
ip igmp last-member-query-interval
This command configures the Maximum Response Time being inserted into Group-Specific
Queries sent in response to Leave Group messages on the interface. The range for seconds is
0 to 255 tenths of a second.
The no version of this command resets the Maximum Response Time being inserted into
Group-Specific Queries sent in response to Leave Group messages on the interface to the
default value.
Default
10 tenths of a second (1 second)
Syntax
ip igmp last-member-query-interval seconds

no ip igmp last-member-query-interval
346
ip igmp query-interval
Mode
Interface Config
ip igmp query-interval
This command configures the query interval for the specified interface. This is the frequency
at which IGMP Host-Query packets are transmitted on this interface. The range for
queryinterval is 1 to 3600 seconds.
The no version of this command resets the query interval for the specified interface to the
default value. This is the frequency at which IGMP Host-Query packets are transmitted on
this interface.
Default
125 seconds
Syntax
ip igmp query-interval seconds

no ip igmp query-interval
Mode
Interface Config
ip igmp query-max-response-time
This command configures the maximum response time interval for the specified interface,
which is the maximum query response time advertised in IGMPv2 queries on this
interface.The time interval is specified in tenths of a second. The range for maxresptime is
0 to 255 tenths of a second.
The no version of this command resets the maximum response time interval for the specified
interface, which is the maximum query response time advertised in IGMPv2 queries on this
interface to the default value. The maximum response time interval is reset to the default
time.
Default
100
Syntax
ip igmp query-max-response-time seconds

no ip igmp query-max-response-time
Mode
Interface Config
347
ip igmp robustness
ip igmp robustness
This command configures the robustness that allows tuning of the interface. The robustness is
the tuning for the expected packet loss on a subnet. If a subnet is expected to have a lot of
loss, the Robustness variable may be increased for the interface. The range for robustness is
1 to 255.
The no version of this command sets the robustness value to default.
Default
Syntax
ip igmp robustness robustness

no ip igmp robustness
Mode
Interface Config
ip igmp startup-query-count
This command sets the number of Queries sent out on startup, separated by the Startup Query
Interval on the interface. The range for count is 1 to 20.
The no version of this command resets the number of Queries sent out on startup, separated
by the Startup Query Interval on the interface to the default value.
Default
Syntax
ip igmp startup-query-count count

no ip igmp startup-query-count
Mode
Interface Config
ip igmp startup-query-interval
This command sets the interval between General Queries sent by a Querier on startup on the
interface. The time interval value is in seconds. The range for interval is 1 to 300 seconds.
The no version of this command resets the interval between General Queries sent by a
Querier on startup on the interface to the default value.
Default
348
31
show ip igmp groups
Syntax
ip igmp startup-query-interval interval

no ip igmp startup-query-interval
Mode
Interface Config
show ip igmp groups

This command displays the registered multicast groups on the interface. If detail is
specified this command displays the registered multicast groups on the interface in detail.
Syntax
Mode
show ip igmp groups unit/slot/port [detail]

If detail is not specified, the following fields are displayed:
IP AddressThis displays the IP address of the interface participating in the multicast group.
Subnet MaskThis displays the subnet mask of the interface participating in the multicast group.
Interface ModeThis displays whether IGMP is enabled or disabled on this interface.
The following fields are not displayed if the interface is not enabled.
Querier StatusThis displays whether the interface has IGMP in Querier mode or Non-Querier mode.
GroupsThis displays the list of multicast groups that are registered on this interface.
If detail is specified, the following fields are displayed:

Multicast IP AddressThis displays the IP Address of the registered multicast group on this interface.
Last ReporterThis displays the IP Address of the source of the last membership report received for
the specified multicast group address on this interface.
Up TimeThis displays the time elapsed since the entry was created for the specified multicast group
address on this interface.
Expiry TimeThis displays the amount of time remaining to remove this entry before it is aged out.
Version1 Host TimerThis displays the time remaining until the local router will assume that there are
no longer any IGMP version 1 multicast members on the IP subnet attached to this interface.
349
show ip igmp
show ip igmp
This command displays the system-wide IGMP information.
Syntax
Mode
show ip igmp

IGMP Admin ModeThis field displays the administrative status of IGMP. This is a configured value.
Interface ModeThis field indicates whether IGMP is enabled or disabled on the interface. This is a
configured value.
Protocol StateThis field indicates the current state of IGMP on this interface. Possible values are
show ip igmp interface

This command displays the IGMP information for the interface.
Syntax
Mode
show ip igmp interface unit/slot/port

IGMP Admin ModeThis field displays the administrative status of IGMP. This is a configured value.
Interface ModeThis field indicates whether IGMP is enabled or disabled on the interface. This is a
configured value.
IGMP VersionThis field indicates the version of IGMP running on the interface. This value can be
configured to create a router capable of running either IGMP version 1 or 2.
Query IntervalThis field indicates the frequency at which IGMP Host-Query packets are transmitted
on this interface. This is a configured value.
Query Max Response TimeThis field indicates the maximum query response time advertised in
IGMPv2 queries on this interface. This is a configured value.
RobustnessThis field displays the tuning for the expected packet loss on a subnet. If a subnet is
expected to be have a lot of loss, the Robustness variable may be increased for that interface. This is a
configured value.
Startup Query IntervalThis value indicates the interval between General Queries sent by a Querier on
startup. This is a configured value.
Startup Query CountThis value is the number of Queries sent out on startup, separated by the Startup
Query Interval. This is a configured value.
350
show ip igmp interface membership
Last Member Query IntervalThis value indicates the Maximum Response Time inserted into
Group-Specific Queries sent in response to Leave Group messages. This is a configured value.
Last Member Query CountThis value is the number of Group-Specific Queries sent before the router
assumes that there are no local members. This is a configured value.
show ip igmp interface membership

This command displays the list of interfaces that have registered in the multicast group.
Syntax
Mode
show ip igmp interface membership <multiipaddr> [detail]
Privileged EXEC
Interface IPThis displays the IP address of the interface participating in the multicast group.
StateThis displays whether the interface has IGMP in Querier mode or Non-Querier mode.
Group Compatibility ModeThe group compatibility mode (v1, v2 or v3) for the specified group on this
interface.
Source Filter ModeThe source filter mode (Include/Exclude) for the specified group on this interface.
This is ----- for IGMPv1 and IGMPv2 Membership Reports.
If detail is specified, the following fields are displayed:

Group Compatibility ModeThe group compatibility mode (v1, v2 or v3) for the specified group on this
interface.
Source Filter ModeThe source filter mode (Include/Exclude) for the specified group on this interface.
This is ----- for IGMPv1 and IGMPv2 Membership Reports.
Source HostsThis displays the list of unicast source IP Addresses in the group record of the IGMPv3
Membership Report with the specified multicast group IP Address. This is ----- for IGMPv1 and
IGMPv2 Membership Reports.
Expiry TimeThis displays the amount of time remaining to remove this entry before it is aged out. This
is ----- for IGMPv1 and IGMPv2 Membership Reports.
351
show ip igmp interface stats
show ip igmp interface stats

This command displays the IGMP statistical information for the given interface. The statistics
are only displayed when the interface is enabled for IGMP.
Syntax
Mode
show ip igmp interface stats unit/slot/port

Querier StatusThis field indicates the status of the IGMP router, whether it is running in Querier mode
or Non-Querier mode.
Querier IP AddressThis field displays the IP Address of the IGMP Querier on the IP subnet to which
this interface is attached.
Querier Up TimeThis field indicates the time since the interface Querier was last changed.
Querier Expiry TimeThis field displays the amount of time remaining before the Other Querier Present
Timer expires. If the local system is the querier, the value of this object is zero.
Wrong Version QueriesThis field indicates the number of queries received whose IGMP version does
not match the IGMP version of the interface.
Number of JoinsThis field displays the number of times a group membership has been added on this
interface.
Number of GroupsThis field indicates the current number of membership entries for this interface
352
Chapter 30
PIM-DM Commands
This section provides a detailed explanation of the Protocol Independent MulticastDense

Mode (PIM-DM) commands. The commands are divided into the following different groups:
ip pimdm
This command enables the administrative mode of PIM-DM in the router.
The no version of this command disables the administrative mode of PIM-DM in the router.
IGMP must be enabled before PIM-DM can be enabled.
Default
disabled
Syntax
[no] ip pimdm
Mode
Global Config
ip pimdm mode
This command sets administrative mode of PIM-DM on an interface to enabled.
The no version of this command sets administrative mode of PIM-DM on an interface to
disabled.
Default
disabled
Syntax
[no] ip pimdm mode unit/slot/port
353
ip pimdm query-interval
Mode
Interface Config
ip pimdm query-interval
This command configures the transmission frequency of hello messages between PIM
enabled neighbors. This field has a range of 10 to 3600 seconds.
The no version of this command resets the transmission frequency of hello messages between
PIM enabled neighbors to the default value.
Default
30
Syntax
ip pimdm query-interval seconds

no ip pimdm query-interval
Mode
Interface Config
show ip pimdm
This command displays the system-wide information for PIM-DM.
Syntax
Mode
show ip pimdm

PIM-DM Admin ModeThis field indicates whether PIM-DM is enabled or disabled. This is a configured
value.
Interface ModeThis field indicates whether PIM-DM is enabled or disabled on this interface. This is a
configured value.
StateThis field indicates the current state of PIM-DM on this interface. Possible values are
show ip pimdm interface

This command displays the interface information for PIM-DM on the specified interface.
354
PIM-DM Commands
show ip pimdm interface stats

Syntax
Mode
show ip pimdm interface unit/slot/port

Interface ModeThis field indicates whether PIM-DM is enabled or disabled on the specified interface.
PIM-DM Interface Hello IntervalThis field indicates the frequency at which PIM hello messages are
transmitted on this interface. By default, the value is 30 seconds.
show ip pimdm interface stats

This command displays the statistical information for PIM-DM on the specified interface.
Syntax
Mode
show ip pimdm interface stats {unit/slot/port | all}

IP AddressThis field indicates the IP Address that represents the PIM-DM interface.
Nbr CountThis field displays the neighbor count for the PIM-DM interface.
Hello IntervalThis field indicates the time interval between two hello messages sent from the router on
the given interface.
Designated RouterThis indicates the IP Address of the Designated Router for this interface.
show ip pimdm neighbor

This command displays the neighbor information for PIM-DM on the specified interface.
Syntax
Mode
show ip pimdm neighbor {unit/slot/port | all}

Neighbor AddressThis field displays the IP Address of the neighbor on an interface.
355
ip pimsm cbsrpreference

Up TimeThis field indicates the time since this neighbor has become active on this interface.
Expiry TimeThis field indicates the expiry time of the neighbor on this interface.
Protocol Independent Multicast - Sparse Mode(PIM-SM)

This section provides a detailed explanation of the PIM-SM commands. The commands are
ip pimsm cbsrpreference
This command is used to configure the CBSR preference for a particular PIM-SM interface.
The range of CBSR preference is 1 to 255.
The no version of this command is used to reset the CBSR preference for a particular
PIM-SM interface to the default value.
Default
Syntax
ip pimsm cbsrpreference 1-255

no ip pimsm cbsrpreference
Mode
Interface Config
ip pimsm cbsrhashmasklength
This command is used to configure the CBSR hash mask length to be advertised in bootstrap
messages for a particular PIM-SM interface. This hash mask length will be used in the hash
algorithm for selecting the RP for a particular group. The valid range is 0 - 32. The default
value is 30.
The no version of this command is used to reset the CBSR hash mask length for a particular
PIM-SM interface to the default value.
356
PIM-DM Commands
ip pimsm crppreference
Default
30
Syntax
ip pimsm cbsrhashmasklength 0-32

no ip pimsm cbsrhashmasklength
Mode
Interface Config
ip pimsm crppreference
This command is used to configure the Candidate Rendezvous Point (CRP) for a particular
PIM-SM interface. The valid values are from (1 to 255), and the value of -1 is used to indicate
that the local interface is not a Candidate RP interface.
The active router interface, with the highest IP Address and crppreference greater than -1, is
chosen as the CRP for the router. The default value is 0.
In the CRP advertisements sent to the bootstrap router (BSR), the router interface advertises
itself as the CRP for the group range 224.0.0.0 mask 240.0.0.0.
The no version of this command is used to reset the Candidate Rendezvous Point (CRP) for a
particular PIM-SM interface to the default value.
Default
Syntax
ip pimsm crppreference -1-255

no ip pimsm crppreference
Mode
Interface Config
ip pimsm datathreshrate
This command is used to configure the data Threshold rate for the PIM-SM router. The rate is
specified in Kilobytes per second. The possible values are 0 to 2000.
The no version of this command is used to reset the data Threshold rate for the PIM-SM
router to the defaule value.
Default
50
Syntax
ip pimsm datathreshrate 0-2000
357
ip pimsm message-interval
no ip pimsm datathreshrate
Mode
Global Config
ip pimsm message-interval
This command is used to configure the global join/prune interval for PIM-SM router. The
join/prune interval is specified in seconds. This parameter can be configured to a value from
10 to 3600.
The no version of this command is used to reset the global join/prune interval for PIM-SM
router to the default value.
Default
60
Syntax
ip pimsm message-interval 10-3600

no ip pimsm message-interval
Mode
Global Config
ip pimsm
This command sets administrative mode of PIM-SM multicast routing across the router to
enabled. IGMP must be enabled before PIM-SM can be enabled.
The no version of this command sets administrative mode of PIM-SM multicast routing
across the router to disabled. IGMP must be enabled before PIM-SM can be enabled.
Default
disabled
Syntax
[no] ip pimsm
Mode
Global Config
ip pimsm mode
This command sets administrative mode of PIM-SM multicast routing on a routing interface
to enabled.
358
PIM-DM Commands
ip pimsm query-interval
The no version of this command sets administrative mode of PIM-SM multicast routing on a
routing interface to disabled.
Default
disabled
Syntax
[no] ip pimsm mode
Mode
Interface Config
ip pimsm query-interval
This command configures the transmission frequency of hello messages in seconds between
PIM enabled neighbors. This field has a range of 10 to 3600 seconds.
The no version of this command resets the transmission frequency of hello messages between
PIM enabled neighbors to the default value.
Default
30
Syntax
ip pimsm query-interval 10-3600

no ip pimsm query-interval
Mode
Interface Config
ip pimsm spt-threshold
This command is used to configure the Threshold rate for the RP router to switch to the
shortest path. The rate is specified in Kilobytes per second. The possible values are 0 to 2000.
The no version of this command is used to reset the Threshold rate for the RP router to switch
to the shortest path to the default value.
Default
50
Syntax
ip pimsm spt-threshold 0-2000

no ip pimsm spt-threshold
Mode
Global Config
359
ip pim-trapflags
ip pim-trapflags
This command enables the PIM trap mode for both Sparse Mode (SM) and Dense Mode.
(DM).
The no version of this command disables the PIM trap mode.
Default
disabled
Syntax
[no] ip pim-trapflags
Mode
Global Config
ip pimsm staticrp
This command is used to create RP IP address for the PIM-SM router. The parameter
ipaddress is the IP address of the RP. The parameter groupaddress is the group address
supported by the RP. The parameter groupmask is the group mask for the group address.
The no version of this command is used to delete RP IP address for the PIM-SM router. The
parameter ipaddress is the IP address of the RP. The parameter groupaddress is the group
address supported by the RP. The parameter groupmask is the group mask for the group
address.
Default
disabled
Syntax
[no] ip pimsm staticrp ipaddress groupaddress groupmask
Mode
Global Config
show ip pimsm rphash

This command displays the RP router that will be selected from the set of active RP routers.
The RP router, for the group, is selected by using the hash algorithm defined in RFC 2362.
Syntax
Mode
show ip pimsm rphash groupaddress

RP IP AddressThis field displays the IP address of the RP.
Group MaskThis field displays the group mask for the group address.
360
PIM-DM Commands
show ip pimsm staticrp

This command displays the static RP information for the PIM-SM router.
Syntax
Mode

Group AddressThis field displays the group address supported by the RP.
show ip pimsm
This command displays the system-wide information for PIM-SM.
Syntax
Mode
show ip pimsm

PIM-SM Admin ModeThis field indicates whether PIM-SM is enabled or disabled. This is a configured
value.
Join/Prune Interval (secs)This field shows the interval at which periodic PIM-SM Join/Prune
messages are to be sent. This is a configured value.
Data Threshold Rate (K bits/sec)This field shows the data threshold rate for the PIM-SM router. This
Register Threshold Rate (K bits/sec)This field indicates the threshold rate for the RP router to switch
to the shortest path. This is a configured value.
Interface ModeThis field indicates whether PIM-SM is enabled or disabled on the interface. This is a
configured value.
Protocol StateThis field indicates the current state of the PIM-SM protocol on the interface. Possible
values are Operational or Non-Operational.
361
show ip pimsm candrptable

This command displays the IP multicast groups for which the local router is to advertise itself
as a Candidate-RP when the value of hold time is non-zero.
Syntax
Mode

Group AddressThis field specifies the IP multicast group address.
Group MaskThis field specifies the multicast group address subnet mask.
AddressThis field specifies the unicast address of the interface that will be advertised as a
Candidate-RP.
show ip pimsm componenttable

This command displays the table containing objects specific to a PIM domain. One row
exists for each domain to which the router is connected.
Syntax
Mode
show ip pimsm componenttable

Component IndexThis field displays a number which uniquely identifies the component.
Component BSR AddressThis field displays the IP address of the bootstrap router (BSR) for the local
PIM region.
Component BSR Expiry TimeThis field displays the minimum time remaining before the BSR in the
local domain will be declared down.
Component CRP Hold TimeThis field displays the hold time of the component when it is a candidate.
show ip pimsm interface

This command displays the interface information for PIM-SM on the specified interface.
Syntax
Mode
show ip pimsm interface unit/slot/port

362
PIM-DM Commands
show ip pimsm interface stats
IP AddressThis field indicates the IP address of the specified interface.

Subnet MaskThis field indicates the Subnet Mask for the IP address of the PIM interface.
ModeThis field indicates whether PIM-SM is enabled or disabled on the specified interface. This is a
configured value. By default it is disabled.
Hello IntervalThis field indicates the frequency at which PIM hello messages are transmitted on this
interface. This is a configured value. By default, the value is 30 seconds.
CBSR PreferenceThis field shows the preference value for the local interface as a candidate
bootstrap router. This is a configured value.
CRP PreferenceThis field shows the preference value as a candidate rendezvous point on this
interface.
CBSR Hash Mask LengthThis field shows the hash mask length to be advertised in bootstrap
messages if this interface is elected as the bootstrap router. The value is used in the hash algorithm for
selecting the RP for a particular group.
show ip pimsm interface stats

This command displays the statistical information for PIM-SM on the specified interface.
Syntax
Mode
show ip pimsm interface stats {unit/slot/port | all}

IP AddressThis field indicates the IP Address that represents the PIM-SM interface.
Subnet MaskThis field indicates the Subnet Mask of this PIM-SM interface.
Designated RouterThis indicates the IP Address of the Designated Router for this interface.
Neighbor CountThis field displays the number of neighbors on the PIM-SM interface.
show ip pimsm neighbor

This command displays the neighbor information for PIM-SM on the specified interface.
Syntax
Mode
show ip pimsm neighbor {unit/slot/port | all}
363
show ip pimsm rp

IP AddressThis field displays the IP Address of the neighbor on an interface.
Up TimeThis field indicates the time since this neighbor has become active on this interface.
Expiry TimeThis field indicates the expiry time of the neighbor on this interface.
show ip pimsm rp
This command displays the PIM information for candidate Rendezvous Points (RPs) for all
IP multicast groups or for the specific groupaddress groupmask provided in the command.
The information in the table is displayed for each IP multicast group.
Syntax
Mode
show ip pimsm rp {groupaddress groupmask | candidate | all}

Group AddressThis field specifies the IP multicast group address.
Group MaskThis field specifies the multicast group address subnet mask.
AddressThis field displays the IP address of the Candidate-RP.
Hold TimeThis field displays the hold time of a Candidate-RP.
Expiry TimeThis field displays the minimum time remaining before the Candidate-RP will be declared
down.
ComponentThis field displays a number which uniquely identifies the component. Each protocol
instance connected to a separate domain should have a different index value.
show ip pimsm rphash

This command displays the RP router that will be selected from the set of active RP routers.
The RP router, for the group, is selected by using the hash algorithm defined in RFC 2362.
Syntax
Mode
show ip pimsm rphash groupaddress

364
PIM-DM Commands
Glossary
Numerics
802.1D. The IEEE designator for Spanning Tree Protocol
(STP). STP, a link management protocol, is part of the
802.1D standard for media access control bridges. Using
the spanning tree algorithm, STP provides path
redundancy while preventing endless loops in a network.
An endless loop is created by multiple active paths
between stations where there are alternate routes between
hosts. To establish path redundancy, STP creates a logical
tree that spans all of the switches in an extended network,
forcing redundant paths into a standby, or blocked, state.
STP allows only one active path at a time between any two
network devices (this prevents the loops) but establishes
the redundant links as a backup if the initial link should
fail. If STP costs change, or if one network segment in the
STP becomes unreachable, the spanning tree algorithm
reconfigures the spanning tree topology and reestablishes
the link by activating the standby path. Without spanning
tree in place, it is possible that both connections may be
simultaneously live, which could result in an endless loop
of traffic on the LAN.
802.1P. The IEEE protocol designator for Local Area
Network (LAN). This Layer 2 network standard improves
support of time critical traffic, and limits the extent of high
bandwidth multicast traffic within a bridged LAN. To do
this, 802.1P defines a methodology for introducing traffic
class priorities. The 802.1P standard allows priority to be
defined in all 802 MAC protocols (Ethernet, Token Bus,
Token Ring), as well as in FDDI. For protocols (such as
Ethernet) that do not contain a priority field, 802.1P
specifies a method for indicating frame priority based on
the new fields defined in the 802.1Q (VLAN) standard.
802.1Q VLAN. The IEEE protocol designator for Virtual
Local Area Network (VLAN). This standard provides
VLAN identification and quality of service (QoS) levels.
Four bytes are added to an Ethernet frame to allow eight
priority levels (QoS) and to identify up to 4096 VLANs.
See VLAN on page 373 for more information.
A
ABR. See Area Border Router on page 365.
Access Control List. An ACL is a database that an
Operating System uses to track each users access rights to
system objects (such as file directories and/or files).
Address Resolution Protocol. An Internet Protocol that

dynamically maps Internet addresses to physical
(hardware) addresses on a LAN.
Advanced Network Device Layer/Software. Force10 s
term for the Device Driver level.
Aging. When an entry for a node is added to the lookup
table of a switch, it is given a timestamp. Each time a
packet is received from a node, the timestamp is updated.
The switch has a user-configurable timer that erases the
entry after a certain length of time with no activity from
that node.
API. See Application Programming Interface on
page 365.
Application Programming Interface. An API is an
interface used by an programmer to interface with
functions provided by an application.
Area Border Router. A router located on the border of
one or more OSPF areas that connects those areas to the
backbone network. ABRs are considered members of both
the OSPF backbone and the attached areas. They therefore
maintain routing tables describing both the backbone
topology and the topology of the other areas.
ARP. See Address Resolution Protocol on page 365.
ASAM. See ATM Subscriber Access Multiplexer on
page 365.
ASBR. See Autonomous System Boundary Router on
page 365.
ATM Subscriber Access Multiplexer. A telephone
central office multiplexer that supports SDL ports over a
wide range of network interfaces. An ASAM sends and
receives subscriber data (often Internet services) over
existing copper telephone lines, concentrating all traffic
onto a single high-speed trunk for transport to the Internet
or the enterprise intranet. This device is similar to a
DSLAM (different manufacturers use different terms for
similar devices).
Autonomous System Boundary Router. ABR located
between an OSPF autonomous system and a non-OSPF
network. ASBRs run both OSPF and another routing
protocol, such as RIP. ASBRs must reside in a non-stub
OSPF area. See also ABR, non-stub area, and OSPF.
AVL tree. Binary tree having the property that for any
node in the tree, the difference in height between the left
and right subtrees of that node is no more than 1.
ACL. See Access Control List on page 365.
365
BPDU. See Bridge Protocol Data Unit on page 366.
cards.h. A file that instructs the base code driver how to

construct the driver.
BGP. See Border Gateway Protocol on page 366.

BootP. See Bootstrap Protocol. on page 366.
Bootstrap Protocol. An Internet protocol that enables a
diskless workstation to discover its own IP address, the IP
address of a BootP server on the network, and a file to be
loaded into memory to boot the machine. This enables the
workstation to boot without requiring a hard or floppy disk
drive.
Border Gateway Protocol. BGP is a protocol for
exchanging routing information between gateway host
(each with its own router) in a network of autonomous
systems. BGP is often the protocol used between gateway
hosts on the Internet. The routing table contains a list of
known routers, the addresses they can reach, and a cost
metric associated with the path to each router so that the
best available route is chosen. Hosts using BGP
communicate using the Transmission Control Protocol
(TCP) and send updated router table information only
when one host has detected a change. Only the affected
part of the routing table is sent. BGP-4, the latest version,
lets administrators configure cost metrics based on policy
statements. (BGP-4 is sometimes called BGP4, without
the hyphen.) BGP communicates with autonomous (local)
networks using Internal BGP (IBGP) since it doesn't work
well with IGP. The routers inside the autonomous network
thus maintain two routing tables: one for the interior
gateway protocol and one for IBGP. BGP-4 makes it easy
to use Classless Inter-Domain Routing (Classless InterDomain Routing), which is a way to have more addresses
within the network than with the current IP address
assignment scheme.
Bridge Protocol Data Unit. BPDU is the IEEE 802.1D
MAC Bridge Management protocol that is the standard
implementation of STP (Spanning Tree Protocol). It uses
the STP algorithm to insure that physical loops in the
network topology do not result in logical looping of
network traffic. Using one bridge configured as root for
reference, the BPDU switches one of two bridges forming
a network loop into standby mode, so that only one side of
a potential loop passes traffic. By examing frequent
802.1d configuration updates, a bridge in the standby
mode can switch automatically into the forward mode if
the other bridge forming the loop fails.
366
card_db. A database that contains everything from port

maps to module information.
Checksum. A simple error-detection scheme in which
each transmitted message is identified with a numerical
value based on the number of set bits in the message. The
receiving station then applies a formula to the message and
checks to make sure the accompanying numerical value is
the same. If not, the receiver can assume that the message
has been corrupted.
CLI. See Command Line Interface on page 366.
Command Line Interface. CLI is a line-item interface
for configuring systems. (In the case of Force10 , it is one
of the user interfaces they have programmed for allowing
programmers to configure their system).
Common Open Policy Service Protocol. A proposed
standard protocol for exchanging network policy
information between a Policy Decision Point (PDP) in a
network and Policy Enforcement Points (PEPs) as part of
overall Quality of Service (QoS) - the allocation of
network traffic resources according to desired priorities of
service. The policy decision point might be a network
server controlled directly by the network administrator
who enters policy statements about which kinds of traffic
(voice, bulk data, video, teleconferencing, and so forth)
should get the highest priority. The policy enforcement
points might be router or layer 3 switches that implement
the policy choices as traffic moves through the network.
Currently, COPS is designed for use with the Resource
Reservation Protocol (RSVP), which lets you allocate
traffic priorities in advance for temporary high-bandwidth
requirements (for example, video broadcasts or
multicasts). It is possible that COPS will be extended to be
a general policy communications protocol.
Complex Programmable Logic Device. CPLD is a
programmable circuit on which a logic network can be
programmed after its construction.
COPS. See Common Open Policy Service Protocol. on
page 366.
CPLD. See Complex Programmable Logic Device. on
page 366.
Glossary
D
DAPI. See Device Application Programming Interface
on page 367.
Device Application Programming Interface. DAPI is
the software interface that facilitates communication of
both data and control information between the Application
Layer and HAPI, with support from System Support.
DHCP. See Dynamic Host Configuration Protocol. on
page 367.
Differentiated Services. Diffserv is a protocol for
specifying and controlling network traffic by class so that
certain types of traffic get precedence - for example, voice
traffic, which requires a relatively uninterrupted flow of
data, might get precedence over other kinds of traffic.
Differentiated Services is the most advanced method for
managing traffic in terms of what is called Class of
Service (CoS). Unlike the earlier mechanisms of 802.1P
tagging and Type of Service (ToS), Differentiated Services
avoids simple priority tagging and depends on more
complex policy or rule statements to determine how to
forward a given network packet. An analogy is made to
travel services, in which a person can choose among
different modes of travel - train, bus, airplane - degree of
comfort, the number of stops on the route, standby status,
the time of day or period of year for the trip, and so forth.
For a given set of packet travel rules, a packet is given one
of 64 possible forwarding behaviors - known as per hop
behaviors (PHBs). A six-bit field, known as the
Differentiated Services Code Point (DSCP), in the Internet
Protocol (Internet Protocol) header specifies the per hop
behavior for a given flow of packets. Differentiated
Services and the Class of Service approach provide a way
to control traffic that is both more flexible and more
scalability than the Quality of Service approach.
Diffserv. See Differentiated Services. on page 367..
Distance-Vector Multicast Routing Protocol. DVMRP
is a distance vector routing protocol used between routers
in an intranet. This hop-based protocol describes a method
of building multicast trees from the multicast source to all
the receivers (or leaves) of the tree.
DVMRP. See Distance-Vector Multicast Routing
Protocol. on page 367.
Dynamic Host Configuration Protocol. DHCP is a
protocol for assigning dynamic IP addresses to devices on
a network. With dynamic addressing, a device can have a
different IP address every time it connects to the network.
In some systems, the device's IP address can even change
while it is still connected. DHCP also supports a mix of
static and dynamic IP addresses. Dynamic addressing

simplifies network administration because the software
tracks IP addresses rather than requiring an administrator
to manage the task. A new computer can be added to a
network without the hassle of manually assigning it a
unique IP address.
E
EEPROM. See Electronically Erasable Programmable
Read Only Memory on page 367.
Electronically Erasable Programmable Read Only
Memory. EEPROM is also known as Flash memory. This
is re-programmable memory.
F
Fast STP. A high-performance Spanning Tree Protocol.
See STP on page 372 for more information.
FIFO. First In First Out.
Flash Memory. See EEPROM on page 367.
Flow Control. The process of adjusting the flow of data
from one network device to another to ensure that the
receiving device can handle all of the incoming data. This
is particularly important where the sending device is
capable of sending data much faster than the receiving
device can receive it. There are many flow control
mechanisms. One of the most common flow control
protocols for asynchronous communication is called xonxoff. In this case, the receiving device sends a an xoff
message to the sending device when its buffer is full. The
sending device then stops sending data. When the
receiving device is ready to receive more data, it sends an
xon signal.
Forwarding. When a frame is received on an input port
on a switch, the address is checked against the lookup
table. If the lookup table has recorded the destination
address, the frame is automatically forwarded on an output
port.
Frame Check Sequence. The extra characters added to a
frame for error detection and correction. FCS is used in
X.25, HDLC, Frame Relay, and other data link layer
protocols.
G
GARP. See Generic Attribute Registration Protocol. on
page 368.
367
GARP Information Propagation. GIP is the

propagation of information between GARP participants
for the same application in a bridge is carried out by a GIP
component.
GARP Multicast Registration Protocol. GMRP
provides a mechanism that allows Bridges and end stations
to dynamically register (and subsequently, de-register)
Group membership information with the MAC Bridges
attached to the same LAN segment, and for that
information to be disseminated across all Bridges in the
Bridged LAN that support Extended Filtering Services.
The operation of GMRP relies upon the services provided
by the GARP.
GARP VLAN Registration Protocol. GVRP allows
workstations to request admission to a particular VLAN
for multicast purposes.
GE. See Gigabit Ethernet on page 368.
General Purpose Chip-select Machine. GPCM
provides interfacing for simpler, lower-performance
memory resources and memory mapped-devices. The
GPCM does not support bursting and is used primarily for
boot-loading.
Generic Attribute Registration Protocol. GARP
provides a generic attribute dissemination capability that is
used by participants in GARP Applications (called GARP
Participants) to register and de-register attribute values
with other GARP Participants within a Bridged LAN. The
definition of the attribute types, the values that they can
carry, and the semantics that are associated with those
values when registered are specific to the operation of the
GARP Application concerned.
Gigabit Ethernet. A high-speed Ethernet connection.
GIP. See GARP Information Propagation on page 368.
GMRP. See GARP Multicast Registration Protocol on
page 368.
GPCM. See General Purpose Chip-select Machine on
page 368.
GVD. GARP VLAN Database.
GVRP. See GARP VLAN Registration Protocol. on
page 368.
H
.h file. Header file in C code. Contains function and
coding definitions.
368
HAPI. See Hardware Abstraction Programming

Interface on page 368.
Hardware Abstraction Programming Interface. HAPI
is the module that contains the NP specific software that
interacts with the hardware.
hop count. The number of routers that a data packet
passes through on its way to its destination.
I
ICMP. See Internet Control Message Protocol on
page 368.
IGMP. See Internet Group Management Protocol on
page 368.
IGMP Snooping. A series of operations performed by
intermediate systems to add logic to the network to
optimize the flow of multicast traffic; these intermediate
systems (such as Layer 2 switches) listen for IGMP
messages and build mapping tables and associated
forwarding filters, in addition to reducing the IGMP
protocol traffic. See Internet Group Management
Protocol on page 368 for more information.
Internet Control Message Protocol. ICMP is an
extension to the Internet Protocol (IP) that supports
packets containg error, control, and informational
messages. The PING command, for example, uses ICMP
to test an Internet connection.
Internet Group Management Protocol. IGMP is the
standard for IP Multicasting on the Internet. IGMP is used
to establish host memberships in particular multicast
groups on a single network. The mechanisms of the
protocol allow a host to inform its local router, using Host
Membership Reports, that it wants to receive messages
addressed to a specific multicast group. All hosts
conforming to Level 2 of the IP Multicasting specification
require IGMP.
IP. See Internet Protocol on page 368.
IP Multicasting. Sending out data to distributed servers
on the MBone (Multicast Backbone). For large amounts of
data, IP Multicast is more efficient than normal Internet
transmissions because the server can broadcast a message
to many recipients simultaneously. Unlike traditional
Internet traffic that requires separate connections for each
source-destination pair, IP Multicasting allows many
recipients to share the same source. This means that just
one set of packets is transmitted for all the destinations.
Internet Protocol. The method or protocol by which data
is sent from one computer to another on the Internet. Each
Glossary
computer (known as a host) on the Internet has at least one

IP address that uniquely identifies it among all other
computers on the Internet. When you send or receive data
(for example, an e-mail note or a Web page), the message
gets divided into little chunks called packets. Each of these
packets contains both the sender's Internet address and the
receiver's address. Any packet is sent first to a gateway
computer that understands a small part of the Internet. The
gateway computer reads the destination address and
forwards the packet to an adjacent gateway that in turn
reads the destination address and so forth across the
Internet until one gateway recognizes the packet as
belonging to a computer within its immediate
neighborhood or domain. That gateway then forwards the
packet directly to the computer whose address is specified.
based on the standards contained within the X.500

standard, but is significantly simpler. Unlike X.500, LDAP
supports TCP/IP, which is necessary for any type of
Internet access. Although not yet widely implemented,
LDAP should eventually make it possible for almost any
application running on virtually any computer platform to
obtain directory information, such as e-mail addresses and
public keys. Because LDAP is an open protocol,
applications need not worry about the type of server
hosting the directory.
Because a message is divided into a number of packets,

each packet can, if necessary, be sent by a different route
across the Internet. Packets can arrive in a different order
than they were sent. The Internet Protocol just delivers
them. It's up to another protocol, the Transmission Control
Protocol (TCP) to put them back in the right order. IP is a
connectionless protocol, which means that there is no
continuing connection between the end points that are
communicating. Each packet that travels through the
Internet is treated as an independent unit of data without
any relation to any other unit of data. (The reason the
packets do get put in the right order is because of TCP, the
connection-oriented protocol that keeps track of the packet
sequence in a message.) In the Open Systems
Interconnection (OSI) communication model, IP is in
Layer 3, the Networking Layer. The most widely used
version of IP today is IP version 4 (IPv4). However, IP
version 6 (IPv6) is also beginning to be supported. IPv6
provides for much longer addresses and therefore for the
possibility of many more Internet users. IPv6 includes the
capabilities of IPv4 and any server that can support IPv6
packets can also support IPv4 packets.
Link-State. In routing protocols, the declared information

about the available interfaces and available neighbors of a
router or network. The protocol's topological database is
formed from the collected link-state declarations.
J
Joint Test Action Group. An IEEE group that specifies
test framework standards for electronic logic components.
JTAG. See Joint Test Action Group on page 369.
L
LAN. See Local Area Network on page 369.
LDAP. See Lightweight Directory Access Protocol on
page 369.
Lightweight Directory Access Protocol. A set of
protocols for accessing information directories. LDAP is
Learning. The bridge examines the Layer 2 source

addresses of every frame on the attached networks (called
listening) and then maintains a table, or cache, of which
MAC addresses are attached to each of its ports.
Local Area Network. A group of computers that are

located in one area and are connected by less than 1,000
feet of cable. A typical LAN might interconnect
computers and peripherals on a single floor or in a single
building. LANs can be connected together, but if modems
and telephones connect two or more LANs, the larger
network constitutes what is called a WAN or Wide Area
Network.
M
MAC. (1) Medium Access Control. In LANs, the
sublayer of the data link control layer that supports
medium-dependent functions and uses the services of the
physical layer to provide services to the logical link
control (LLC) sublayer. The MAC sublayer includes the
method of determing when a device has access to the
transmission medium. (2) Message Authentication Code.
In computer security, a value that is a part of a message or
accompanies a message and is used to determine that the
contents, origin, author, or other attributes of all or part of
the message are as they appear to be. (IBM Glossary of
Computing Terms)
Management Information Base. When SNMP devices
send SNMP messages to the management console (the
device managing SNMP messages), it stores information
in the MIB.
MBONE. See Multicast Backbone on page 370.
MDC. Management Data Clock.
MDI. Management Data Interface.
369
MDIO. Management Data Input/Output.

MDIX. Management Dependent Interface Crossover.
MIB. See Management Information Base on page 369.
MOSPF. See Multicast OSPF on page 370.
MPLS. See Multi-Protocol Label Switching on
page 370.
Multicast Backbone. The MBONE is a virtual network.
It is layered on top of portions of the physical Internet to
support routing of IP multicast packets since that function
has not yet been integrated into many production routers.
The network is composed of islands that can directly
support IP multicast, such as multicast LANs like
Ethernet, linked by virtual point-to-point links called
"tunnels". The tunnel endpoints are typically workstationclass machines having operating system support for IP
multicast and running the "mrouted" multicast routing
daemon.
Multicasting. To transmit a message to specific
recipients across a network. A simple example of
multicasting is sending an e-mail message to a mailing list.
Teleconferencing and videoconferencing also use
multicasting, but require more robust protocols and
networks. Standards are being developed to support
multicasting over a TCP/IP network such as the Internet.
These standards, IP Multicast and Mbone, will allow users
to easily join multicast groups. Note that multicasting
refers to sending a message to a select group whereas
broadcasting refers to sending a message to everyone
connected to a network. The terms multicast and
narrowcast are often used interchangeably, although
narrowcast usually refers to the business model whereas
multicast refers to the actual technology used to transmit
the data.
Multicast OSPF. With a MOSPF specification, an IP
Multicast packet is routed based both on the packet's
source and its multicast destination (commonly referred to
as source/destination routing). As it is routed, the multicast
packet follows a shortest path to each multicast
destination. During packet forwarding, any commonality
of paths is exploited; when multiple hosts belong to a
single multicast group, a multicast packet will be
replicated only when the paths to the separate hosts
diverge. See OSPF on page 371 for more information.
Multiplexing. A function within a layer that interleaves
the information from multiple connections into one
connection.
Multi-Protocol Label Switching. An initiative that
integrates Layer 2 information about network links
370
(bandwidth, latency, utilization) into Layer 3 (IP) within a

particular autonomous systemor ISPin order to
simplify and improve IP-packet exchange. MPLS gives
network operators a great deal of flexibility to divert and
route traffic around link failures, congestion, and
bottlenecks. From a QoS standpoint, ISPs will better be
able to manage different kinds of data streams based on
priority and service plan. For instance, those who
subscribe to a premium service plan, or those who receive
a lot of streaming media or high-bandwidth content can
see minimal latency and packet loss. When packets enter
into a MPLS-based network, Label Edge Routers (LERs)
give them a label (identifier). These labels not only
contain information based on the routing table entry (i.e.,
destination, bandwidth, delay, and other metrics), but also
refer to the IP header field (source IP address), Layer 4
socket number information, and differentiated service.
Once this classification is complete and mapped, different
packets are assigned to corresponding Labeled Switch
Paths (LSPs), where Label Switch Routers (LSRs) place
outgoing labels on the packets. With these LSPs, network
operators can divert and route traffic based on data-stream
type and Internet-access customer.
MT-RJ connector. A type of fiber-optic cable jack that is
similar in shape and concept to a standard telephone jack,
enabling duplex fiber-optic cables to be plugged into
compatible devices as easily as plugging in a telephone
cable.
MUX. See Multiplexing on page 370.
N
NAT. See Network Address Translation on page 370.
Network Address Translation. Sometimes referred to as
Transparent Proxying, IP Address Overloading, or IP
Masquerading. Involves use of a device called a Network
Address Translator, which assigns a contrived, or logical,
IP address and port number to each node on an
organization's internal network and passes packets using
these assigned addresses.
NM. Network Module.
nm. Nanometer (1 x 10e9) meters.
non-stub area. Resource-intensive OSPF area that
carries a default route, static routes, intra-area routes,
interarea routes, and external routes. Non-stub areas are
the only OSPF areas that can have virtual links configured
across them, and are the only areas that can contain an
ASBR. Compare with stub area. See also ASAM and
OSPF.
Glossary
NP. Network Processor.
O
Open Shortest Path First. A link- state (algorithm used
by the router to determine the current topology of a
network), Interior Gateway (distributes routing
information between routers belonging to a single
Autonomous System) routing protocol. This protocol's
algorithm determines the shortest path from its router to all
the other routers in the network. This protocol is rapidly
replacing RIP on the Internet.
Open Systems Interconnection. OSI is a seven (7) layer
architecture model for communications systems developed
by the ISO for the interconnection of data communications
systems. Each layer uses and builds on the services
provided by those below it.
Operating System Application Programming
Interface. OSAPI is a module within the System Support
software that provides a set of interfaces to OS support
functions.
and alter it if necessary. Port mirroring can be managed

locally or remotely. An administrator configures port
mirroring by assigning a port from which to copy all
packets and another port where those packets will be sent.
A packet bound for or heading away from the first port
will be forwarded onto the second port as well. The
administrator places a protocol analyzer on the port
receiving the mirrored data to monitor each segment
separately. The analyzer captures and evaluates the data
without affecting the client on the original port. The
monitor port may be a port on the same SwitchModule
with an attached RMON probe, a port on a different
SwitchModule in the same hub, or the SwitchModule
processor. Port mirroring can consume significant CPU
resources while active. Better choices for long-term
monitoring may include a passive tap like an optical probe
or an Ethernet repeater.
Protocol Data Unit. PDU is a packet of data passed
across a network. The term implies a specific layer of the
OSI model and a specific protocol.
OSAPI. See Operating System Application

Programming Interface on page 371.
Protocol Independent Multicast Dense Mode. Like

DVMRP, PIM-DM uses a flood and prune protocol for
building multicast trees. However, unlike DVMRP, PIMDM uses existing unicast protocols for determing the route
to the source.
OSI. See Open Systems Interconnection on page 371.
OSPF. See Open Shortest Path First on page 371.
QoS. See Quality of Service on page 371.
Quality of Service. QoS is a networking term that

specifies a guaranteed level of throughput. Throughput is
the amount of data transferred from one device to another
or processed in a specified amount of time - typically,
throughputs are measured in bytes per second (Bps).
OS. Operating System.
PDU. See Protocol Data Unit on page 371.

PHY. The OSI Physical Layer: The physical layer
provides for transmission of cells over a physical medium
connecting two ATM devices. This physical layer is
comprised of two sublayers: the Physical Medium
Dependent (PMD) sublayer, and the Transmission
Convergence (TC) sublayer.
PIM-DM. See Protocol Independent Multicast Dense
Mode on page 371.
PMC. Packet Mode Channel.
Port Mirroring. Also known as a roving analysis port.
This is a method of monitoring network traffic that
forwards a copy of each incoming and outgoing packet
from one port of a network switch to another port where
the packet can be studied. A network administrator uses
port mirroring as a diagnostic tool or debugging feature,
especially when fending off an attack. It enables the
administrator to keep close track of switch performance
R
Real-Time Operating System. RTOS is a component of
the OSAPI module that abstracts operating systems with
which other systems can interface.
Resource Reservation Setup Protocol. RSVP is a new
Internet protocol being developed to enable the Internet to
support specified Qualities-of-Service (QoS). Using
RSVP, an application will be able to reserve resources
along a route from source to destination. RSVP-enabled
routers will then schedule and prioritize packets to meet
the prioritization assigned by QoS. RSVP is a chief
component of a new type of Internet being developed,
known broadly as an integrated services Internet. The
general idea is to enhance the Internet to support
transmission of real-time data.
371
RIP. See Routing Information Protocol on page 372.
SNMPv2u (experimental): This version of the protocol

uses the protocol operations and data types of SNMPv2c
and security based on users.
Routing Information Protocol. RIP is the routing

protocol used by the routed process on Berkeley-derived
UNIX systems. Many networks use RIP; it works well for
small, isolated, and topologically simple networks.
SNMPv2* (experimental): This version combined the best

features of SNMPv2p and SNMPv2u. (It is also called
SNMPv2star.) The documents defing this version were
never published as RFCs.
RIPng. Routing Information Protocol, new generation.
SNMPv3 (proposed): This version of the protocol is a

combination of user-based security and the protocol
operations and data types from SNMPv2p and support for
proxies. The security is based on that found in SNMPv2u
and SNMPv2*, and updated after much review. The
documents defing this protocol will soon be published as
RFCs.
RFC. Request For Comment.
RMON. Short for remote monitoring, a network

management protocol that allows network information to
be gathered at a single workstation. Whereas SNMP
gathers network data from a single type of Management
Information Base (MIB), RMON 1 defines nine additional
MIBs that provide a much richer set of data about network
usage. For RMON to work, network devices, such as hubs
and switches, must be designed to support it. The newest
version of RMON, RMON 2, provides data about traffic at
the network layer in addition to the physical layer. This
allows administrators to analyze traffic by protocol.
SimpleX signaling. SX is one of IEEE 802.3's

designations for media. For example, 1000SX indicates
1000 gigabit Ethernet over "short haul" or "short
wavelength" optical fiber.
RP. Rendezvous Point. Used with IP Multicast.
SMC1. A model of Serial Management Controller from

Motorola.
RPU. Remote Power Unit.
SMII. Serial Media Independent Interface.
RSVP. See Resource Reservation Setup Protocol on

page 371.
SNMP. See Simple Network Management Protocol on

page 372.
RTOS. See Real-Time Operating System on page 371.
SODIMM. Small Outline Dual Inline Memory Module.
SRAM. Static Random Access Memory.
SDL. Synchronous Data Link.
STP. Spanning Tree Protocol. See 802.1D on page 365

for more information.
Simple Network Management Protocol. SNMP is the

protocol governing network management and the
monitoring of network devices and their functions. It is not
necessarily limited to TCP/IP networks. The versions have
the following differences:
SNMPv1 (full): Security is based on community strings.
SNMPsec (historic): Security is based on parties. Few, if
any, vendors implemented this version of the protocol,
which is now largely forgotten.
SNMPv2p (historic): For this version, much work was
done to update the SNMPv1 protocol and the SMIv1, and
not just security. The result was updated protocol
operations, new protocol operations and data types, and
party-based security from SNMPsec.
SNMPv2c (experimental): This version of the protocol is
called community string-based SNMPv2. It is an update of
the protocol operations and data types of SNMPv2p, and
uses community-based security from SNMPv1.
372
stub area. OSPF area that carries a default route, intraarea routes, and interarea routes, but does not carry
external routes. Virtual links cannot be configured across a
stub area, and they cannot contain an ASBR. Compare
with non-stub area. See also ASAM and OSPF.
SX. See SimpleX signaling on page 372.
SYSAPI. See Systems Application Programming
Interface on page 372.
Systems Application Programming Interface. SYSAPI
is a module within the System Support software that
provides system-wide routines for network and mbuf
support and provides the interface into the system registry.
T
TBI. Ten Bit Interface.
Glossary
Telnet. A character-based UNIX application that enables

users with a Telnet server account to log on to a UNIX
computer and utilize its resources.
TFTP. See Trivial File Transfer Protocol on page 373.
Trivial File Transfer Protocol. TFTP is a simple form of
the File Transfer Protocol (FTP). TFTP uses the User
Datagram Protocol (UDP, a direct protocol used to
communicate datagrams over a network with little error
recovery) and provides no security features. It is often
used by servers to boot diskless workstations, X-terminals,
and routers.
Trunking. The process of combing a set of trunks that are
traffic-engineered as a unit for the establishment of
connections between switching systems in which all of the
communications paths are interchangeable.
U
UPM. User Programmable Machine.
UPMA. The first of two UPMs in Motorola's MPC855T
processor.
UPMB. The second of two UPMs in Motorola's
MPC855T processor.
USP. An abbreviation that represents Unit, Slot, Port.
V
Virtual Local Area Network. Operating at the Data Link
Layer (Layer 2 of the OSI model), the VLAN is a means
of parsing a single network into logical user groups or
organizations, as if they physically resided on a dedicated
LAN segment of their own. In reality, this virtually
defined community may have individual members
peppered across a large, extended LAN. The VLAN
identifier is part of the 802.1Q tag, which is added to an
Ethernet frame by an 802.1Q-compliant switch or router.
Devices recognizing 802.1Q-tagged frames maintain
appropriate tables to track VLANs. The first three bits of
the 802.1Q tag are used by 802.1P to establish priority for
the packet.
Virtual Router Redundancy Protocol. VRRP specifies
an election protocol that dynamically assigns
responsibility for a virtual router to one of the VRRP
routers on a LAN. The VRRP router controlling the IP
address(es) associated with a virtual router is called the
Master, and forwards packets sent to these IP addresses.
The election process provides dynamic fail-over in the
forwarding responsibility should the Master become
unavailable. This allows any of the virtual router IP
addresses on the LAN to be used as the default first hop

router by end-hosts. The advantage gained from using
VRRP is a higher availability default path without
requiring configuration of dynamic routing or router
discovery protocols on every end-host.
VLAN. See Virtual Local Area Network on page 373.
vMAN. Virtual Metropolitan Area Network.
VRRP. See Virtual Router Redundancy Protocol on
page 373.
W
WAN. See Wide Area Network on page 373.
Web. Also known as World-Wide Web (WWW) or W3.
An Internet client-server system to distribute information,
based upon the hypertext transfer protocol (HTTP).
Wide Area Network. A WAN is a computer network that
spans a relatively large geographical area. Typically, a
WAN consists of two or more local-area networks
(LANs).
X
X.500. A directory standard that enables applications like
e-mail to access information that can either be central or
distributed. The benefit of a directory is the ability to
minimize the impact on the user of changes to a network.
The standard is broken down under subsequent standards,
as follows:
X.501 Models
X.509 Authentication framework
X.511 Abstract service definition
X.518 Procedures for distributed operation
X.519 Protocol specifications
X.520 Selected attribute types
X.521 Selected object types
XModem. One of the most popular file transfer protocols
(FTPs). Xmodem is fairly effective at detecting errors. It
sends blocks of data together with a checksum and then
waits for acknowledgment of the block's receipt. The
waiting slows down the rate of data transmission
considerably, but it ensures accurate transmission.
Xmodem can be implemented either in software or in
hardware. Many modems, and almost all communications
software packages, support Xmodem. However, it is
373
useful only at relatively slow data transmission speeds

(less than 4,800 bps). Enhanced versions of Xmodem that
work at higher transmission speeds are known as Ymodem
and Zmodem.
374
Glossary
Index
Numerics
1583compatibility
194
access-list 135
addport 49
aggregate-address 221
area authentication 194
area default-cost 194
area nssa 195
area nssa default-info-originate 195
area nssa no-redistribute (OSPF) 195
area nssa no-summary (OSPF) 195
area nssa translator-role (OSPF) 195
area nssa translator-stab-intv 196
area range 196
area stub 196
area stub summarylsa 197
area virtual-link 197
area virtual-link authentication 197
area virtual-link dead-interval 198
area virtual-link hello-interval 198
area virtual-link retransmit-interval 199
area virtual-link transmit-delay 199
areaid 6
arp 171
arp cachesize 171
arp dynamicrenew 172
arp purge 172
arp resptime 172
arp retries 172
arp timeout 173
authentication login 75
auto-negotiate 49
auto-negotiate all 50
auto-summary 214
bandwidth kbps 154

bandwidth percent 154
bootpdhcprelay disable 182
bootpdhcprelay maxhopcount 182
bootpdhcprelay minwaittime 182
bootpdhcprelay serverip 183
bridge aging-time 35
bwallocation 139
class 155
class-map rename 148
classofservice dot1pmapping
clear arp-cache 173
clear config 66
clear counters 66
clear dot1x statistics 76
clear igmpsnooping 66
clear pass 67
clear port-channel 67
clear radius statistics 76
clear trap log 67
clear vlan 67
105
default-information originate (OSPF) 200, 215

default-information originate (RIP) 215
default-metric (OSPF) 200
default-metric (RIP) 215
deleteport 50
diffserv 146
disable ip multicast mdebug mtrace 253
disconnect 71
distance ospf 200, 215
distance rip 201, 215
distribute-list out 201, 216, 235
dot1x defaultlogin 76
dot1x initialize 76
dot1x login 76
dot1x max-req 76
dot1x port-control 77
dot1x port-control All 77
dot1x re-authenticate 78
dot1x re-authentication 78
dot1x system-auth-control 78
dot1x timeout 78
dot1x user 79
dvlan-tunnel customer-id 101
dvlan-tunnel etherType 101
enable (OSPF) 193

enable (RIP) 200, 215
encapsulation 201
exit-overflow-interval 201
expedite kbps 155
expedite percent 156
375
external-lsdb-limit
H
hostroutesaccept
202
218
ip access-group 136
ip access-group all 136
ip address 193
ip dvmrp 258, 259
ip dvmrp metric 259
ip dvmrp trapflags 259
ip forwarding 177
ip http secure-port 88
ip http secure-protocol 88
ip http secure-server 89
ip http server 89
ip igmp 262
ip igmp last-member-query-count 263
ip igmp last-member-query-interval 263
ip igmp query-interval 263
ip igmp query-max-response-time 264
ip igmp robustness 264
ip igmp startup-query-count 265
ip igmp startup-query-interval 265
ip igmp version 265
ip irdp 183
ip irdp address 184
ip irdp holdtime 184
ip irdp maxadvertinterval 184
ip irdp minadvertinterval 185
ip irdp preference 185
ip mcast boundary 271
ip multicast 251
ip multicast staticroute 252
ip multicast ttl-threshold 252
ip netdirbcast 177
ip ospf 193, 214
ip ospf areaid 202
ip ospf authentication 202
ip ospf cost 203
ip ospf dead-interval 203
ip ospf hello-interval 204
ip ospf priority 204
ip ospf retransmit-interval 204
ip ospf transmit-delay 205
ip pimdm 271
ip pimdm mode 271
ip pimdm query-interval 272
ip pimsm 275
ip pimsm cbsrpreference 273
ip pimsm datathreshrate 275
ip pimsm message-interval 275
376
ip pimsm mode 276

ip pimsm query-interval 276
ip pimsm spt-threshold 276
ip pim-trapflags 277
ip rip 214
ip rip authentication 216
ip rip receive version 217
ip rip send version 217
ip route default 177
ip route distance 177
ip routing 175
ip ssh 87
ip ssh protocol 88
ip vrrp 187
ip vrrp authentication 188
ip vrrp ip 188
ip vrrp mode 187
ip vrrp preempt 188
ip vrrp priority 189
ip vrrp timers advertise 189
ipaddr 6
L
logical unit/slot/port
macaddr 6
mark cos 156
mark ip-dscp 157
mark ip-precedence 157
match any 148
match class-map 148
match cos 149
match destination-address mac 149
match dstip 150
match dstl4port 150
match ip dscp 150
match ip precedence 151
match ip tos 151
match protocol 152
match source-address mac 152
match srcip 152
match srcl4port 153
match vlan 153
maxbandwidth 140
minbandwidth 140
mode dvlan-tunnel 102
monitor session 52
monitor session mode 52
mrinfo 253
mstat 254
mtrace 254
mtu 35
Index
neighbor addrfamily 236

neighbor authentication none 236
neighbor authentication simple 237
neighbor confedmember 237
neighbor connretry 237
neighbor msgsendlimit 238
neighbor next-hop-self 238
neighbor optionalcap 238
neighbor remote-as 239
neighbor route-reflector-client 239
neighbor shutdown 240
neighbor timers 240
neighbor txdelayint 240
network 241
network mac-address 36
network mac-type 36
network parms 37
network protocol 37
nmp 48
no ip mcast mroute 254
ping 68
police-simple 157
police-single-rate 158
police-two-rate 158
policy-map 159
policy-map rename 160
port 140
port lacpmode 119
port lacpmode all 119
port-channel 120
port-channel adminmode 120
port-channel linktrap 121
port-channel name 121
protocol group 53
protocol vlan group 63
protocol vlan group all 63
radius accounting mode 83

radius server host 84
radius server key 85
radius server msgauth 85
radius server primary 85
radius server retransmit 85
radius server timeout 86
randomdrop 160
redistribute 218, 241
redistribute (RIP) 206
reload 68
remotecon maxsessions 37
remotecon timeout 37
route-aggregation 242
routereflect 242
router-id 185
routerid 6
routing 175
serial baudrate 38
serial timeout 38
service-policy 161
set garp timer join all 107
set garp timer leave 108
set garp timer leave all 108
set garp timer leaveall 109
set garp timer leaveall all 109
set gmrp adminmode 112
set gmrp interfacemode all 113
set gvrp adminmode 49, 110
set gvrp interfacemode 110
set gvrp interfacemode all 111
set igmp 115
set igmp groupmembershipinterval 116
set igmp interfacemode all 116
set igmp maxresponse 116
set igmp mcrtrexpiretime 117
set prompt 39
shape bps-average 160
shape bps-peak 161
show accounting 80
show arp 173
show arp brief 174
show arp switch 25
show authentication 80
show authentication users 81
show bwp-bwallocation detailed 142
show bwp-bwallocation summary 142
show bwp-trafficclass allocatedbw 141
show bwp-trafficclass detailed 141
show bwp-trafficclass summary 141
show class-map 162
show classofservice dot1pmapping 105
show diffserv 163
show diffserv service 165
show diffserv service brief 166
show dot1x 81
show dot1x users 82
show dvlan-tunnel 103
show dvlan-tunnel interface 103
show eventlog 26
show forwardingdb agetime 39
show gmrp configuration 113
show hardware 26
377
show igmpsnooping 117

show interface 26
show interface ethernet 27
show inventory 25, 88, 102, 277, 278
show ip access-lists 135
show ip brief 178
show ip dvmrp 260
show ip dvmrp interface 260
show ip dvmrp neighbor 261
show ip dvmrp nexthop 261
show ip dvmrp prune 261
show ip dvmrp route 262
show ip http 89
show ip igmp 266
show ip igmp groups 266
show ip igmp interface 267
show ip igmp interface membership 267
show ip igmp interface stats 267
show ip interface 178
show ip interface brief 179
show ip irdp 185, 207
show ip mcast 278
show ip mcast boundary 255
show ip mcast interface 255
show ip mcast mroute 255
show ip mcast mroute group 256
show ip mcast mroute source 256
show ip mcast mroute static 257
show ip ospf 207, 219
show ip ospf area 208
show ip ospf database 208
show ip ospf interface 209
show ip ospf interface brief 209
show ip ospf interface stats 210
show ip ospf neighbor 211
show ip ospf neighbor brief 212
show ip ospf range 212
show ip ospf stub table 212
show ip ospf virtual-link 212
show ip ospf virtual-link brief 213
show ip pimdm 278
show ip pimdm interface 272
show ip pimdm interface stats 272
show ip pimdm neighbor 273
show ip pimsm 278
show ip pimsm candrptable 278
show ip pimsm componenttable 279
show ip pimsm interface 279
show ip pimsm interface stats 279
show ip pimsm neighbor 280
show ip pimsm rp 280
show ip rip 219
show ip rip interface brief 219
show ip route 213
378
show ip route bestroutes 180

show ip route entry 180
show ip route preferences 180
show ip stats 181
show ip vrrp 190
show ip vrrp interface 190
show ip vrrp interface brief 191
show ip vrrp interface stats 218
show logging 32
show loginsession 71
show mac-address-table gmrp 118
show mac-address-table igmpsnooping 118
show mac-address-table multicast 55
show mac-address-table staticfiltering 56
show mac-address-table stats 56
show mac-addr-table 33
show monitor 56, 66, 178
show mrinfo 257
show msglog 33
show mstat 258
show mtrace 258
show network 39
show policy-map 164
show policy-map interface 166
show port 57
show port protocol 57
show port-channel 57
show port-channel brief 121
show radius 86
show radius statistics 86
show remotecon 40
show router rip interface 220
show running-config 33
show serial 40
show service-policy 167
show snmpcommunity 41
show snmptrap 42
show snpalist 249
show spanning-tree 130
show spanning-tree interface 130
show spanning-tree mst detailed 131
show spanning-tree mst port detailed 131
show spanning-tree mst port summary 132
show spanning-tree mst summary 133
show spanning-tree summary 133
show spanning-tree vlan 133
show storm-control 57
show sysinfo 34, 102, 119, 277
show trapflags 42
show users 71
show users authentication 83
show vlan 64
show vlan brief 65
show vlan port 65
Index
shutdown 53, 58
shutdown all 53
unit/slot/port 6
snmp-server 34
snmp-server community 43
snmp-server community ipaddr 43
snmp-server community ipmask 44
snmp-server community mode 44
snmp-server community ro 44
snmp-server community rw 45
snmp-server enable traps 45
snmp-server enable traps bcaststorm 45
snmp-server enable traps multiusers 46
snmp-server enable traps stpmode 46
snmptrap 46
snmptrap ipaddr 47
snmptrap mode 47
spanning-tree 123, 129
spanning-tree bpdumigrationcheck 129
spanning-tree configuration name 124
spanning-tree configuration revision 124
spanning-tree edgeport 124
spanning-tree forceversion 125
spanning-tree forward-time 125
spanning-tree hello-time 125
spanning-tree max-age 126
spanning-tree mst instance 125, 127
spanning-tree mst priority 127
spanning-tree mst vlan 128
spanning-tree port mode 128
spanning-tree port mode all 129
speed 53
speed all 54
splithorizon 213, 218
storm-control broadcast 54
storm-control flowcontro 55
T
telnet
traffic-class 142
trapflags 213, 249
users defaultlogin 83
users login 83
users name 72
users passwd 72
users snmpv3 accessmode 73
users snmpv3 authentication 73
users snmpv3 encryption 73
vlan 58, 143

vlan acceptframe 58
vlan ingressfilter 58
vlan makestatic 59
vlan name 59
vlan participation 59
vlan participation all 60
vlan port acceptframe all 60
vlan port ingressfilter all 60
vlan port priority all 105
vlan port pvid all 61
vlan port tagging all 61
vlan priority 106
vlan protocol group 64
vlan protocol group add protocol
vlan protocol group remove 62
vlan pvid 64
vlan routing 186
vlan tagging 64
W
weight
62
143
47
379
380
Index

SFTOS CLI v2.1.4

Uploaded by

Copyright:

Available Formats

SFTOS CLI v2.1.4

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SFTOS CLI v2.1.4

Uploaded by

Copyright:

Available Formats

SFTOS Command Reference

Copyright 2005 Force10 Networks

Canadian Department of Communication Statement

VCCI Compliance for Class A Equipment (Japan)

SFTOS Command Line Interface Reference, Version 2.1.4

Support for No Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

SFTOS Command Line Interface Reference, Version 2.1.4

show port protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

SFTOS Command Line Interface Reference, Version 2.1.4

CLI Command Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

sntp multicast client poll-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

SFTOS Command Line Interface Reference, Version 2.1.4

show dot1q-tunnel interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

set igmp groupmembershipinterval all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

SFTOS Command Line Interface Reference, Version 2.1.4

spanning-tree bpdumigrationcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

SFTOS Command Line Interface Reference, Version 2.1.4

show diffserv service brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

SFTOS Command Line Interface Reference, Version 2.1.4

ip route default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

show ip vrrp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

SFTOS Command Line Interface Reference, Version 2.1.4

show ip ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

show ip mcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

SFTOS Command Line Interface Reference, Version 2.1.4

show ip pimdm interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

About This Book

Why the Document was Created on page 21

Why the Document was Created

SFTOS Command Line Interface Reference, Version 2.1.4

How to Use This Document

Keywords are in bold and should be entered in the CLI as listed.

About This Book

Keywords and parameters within braces must be entered in the CLI.

Keywords and parameters within brackets are optional.

Keywords and parameters separated by bar require you to choose one.

The following conventions apply to the command name:

network parms is the command name.

snmp-server location loc

snmp-server location is the command name.

is the required parameter for the command.

clear vlan is the command name.

Parameters are order dependent.

SFTOS Command Line Interface Reference, Version 2.1.4

<parameter>a word in italics indicate that a mandatory parameter must be entered

[parameter]square brackets indicate that an optional parameter may be entered in

0xn (CLI assumes hexidecimal format)

example, 0.0.0.1). A router ID of 0.0.0.0 is invalid.

represents slot number 0 and port number 1.

About This Book

hexidecimal digit pairs

SFTOS Command Line Interface Reference, Version 2.1.4

Products and Services Liability

About This Book

Contact and Patents Information

SFTOS Command Line Interface Reference, Version 2.1.4

About This Book

The SFTOS software has two purposes: