DES-3550
Layer 2 Switch
Command Line Interface Reference Manual
First Edition (February 2004)
651ES3550015
Printed In Taiwan
RECYCLABLE
Limited Warranty
Hardware:
D-Link warrants each of its hardware products to be free from defects in workmanship and materials under normal use and service for a period
commencing on the date of purchase from D-Link or its Authorized Reseller and extending for the length of time stipulated by the Authorized
Reseller or D-Link Branch Office nearest to the place of purchase.
This Warranty applies on the condition that the product Registration Card is filled out and returned to a D-Link office within ninety (90) days
of purchase. A list of D-Link offices is provided at the back of this manual, together with a copy of the Registration Card.
If the product proves defective within the applicable warranty period, D-Link will provide repair or replacement of the product. D-Link shall
have the sole discretion whether to repair or replace, and replacement product may be new or reconditioned. Replacement product shall be of
equivalent or better specifications, relative to the defective product, but need not be identical. Any product or part repaired by D-Link
pursuant to this warranty shall have a warranty period of not less than 90 days, from date of such repair, irrespective of any earlier expiration
of original warranty period. When D-Link provides replacement, then the defective product becomes the property of D-Link.
Warranty service may be obtained by contacting a D-Link office within the applicable warranty period, and requesting a Return Material
Authorization (RMA) number. If a Registration Card for the product in question has not been returned to D-Link, then a proof of purchase
(such as a copy of the dated purchase invoice) must be provided. If Purchaser's circumstances require special handling of warranty correction,
then at the time of requesting RMA number, Purchaser may also propose special procedure as may be suitable to the case.
After an RMA number is issued, the defective product must be packaged securely in the original or other suitable shipping package to ensure
that it will not be damaged in transit, and the RMA number must be prominently marked on the outside of the package. The package must be
mailed or otherwise shipped to D-Link with all costs of mailing/shipping/insurance prepaid. D-Link shall never be responsible for any
software, firmware, information, or memory data of Purchaser contained in, stored on, or integrated with any product returned to D-Link
pursuant to this warranty.
Any package returned to D-Link without an RMA number will be rejected and shipped back to Purchaser at Purchaser's expense, and D-Link
reserves the right in such a case to levy a reasonable handling charge in addition mailing or shipping costs.
Software:
Warranty service for software products may be obtained by contacting a D-Link office within the applicable warranty period. A list of D-Link
offices is provided at the back of this manual, together with a copy of the Registration Card. If a Registration Card for the product in question
has not been returned to a D-Link office, then a proof of purchase (such as a copy of the dated purchase invoice) must be provided when
requesting warranty service. The term "purchase" in this software warranty refers to the purchase transaction and resulting license to use such
software.
D-Link warrants that its software products will perform in substantial conformance with the applicable product documentation provided by
D-Link with such software product, for a period of ninety (90) days from the date of purchase from D-Link or its Authorized Reseller. D-Link
warrants the magnetic media, on which D-Link provides its software product, against failure during the same warranty period. This warranty
applies to purchased software, and to replacement software provided by D-Link pursuant to this warranty, but shall not apply to any update or
replacement which may be provided for download via the Internet, or to any update which may otherwise be provided free of charge.
D-Link's sole obligation under this software warranty shall be to replace any defective software product with product which substantially
conforms to D-Link's applicable product documentation. Purchaser assumes responsibility for the selection of appropriate application and
system/platform software and associated reference materials. D-Link makes no warranty that its software products will work in combination
with any hardware, or any application or system/platform software product provided by any third party, excepting only such products as are
expressly represented, in D-Link's applicable product documentation as being compatible. D-Link's obligation under this warranty shall be a
reasonable effort to provide compatibility, but D-Link shall have no obligation to provide compatibility when there is fault in the third-party
hardware or software. D-Link makes no warranty that operation of its software products will be uninterrupted or absolutely error-free, and no
warranty that all defects in the software product, within or without the scope of D-Link's applicable product documentation, will be corrected.
iii
Subject to the terms and conditions set forth herein, D-Link Systems, Inc. (“D-Link”) provides this Limited warranty for its product only to the person
or entity that originally purchased the product from:
ꢀ
ꢀ
D-Link or its authorized reseller or distributor and
Products purchased and delivered within the fifty states of the United States, the District of Columbia, U.S. Possessions or Protectorates,
and U.S. Military Installations, addresses with an APO or FPO.
Limited Warranty: D-Link warrants that the hardware portion of the D-Link products described below will be free from material defects in
workmanship and materials from the date of original retail purchase of the product, for the period set forth below applicable to the product type
(“Warranty Period”), except as otherwise stated herein.
5-Year Limited Warranty for the Product(s) is defined as follows:
ꢀ
ꢀ
ꢀ
Hardware (excluding power supplies and fans) Five (5) Years
Power Supplies and Fans Three (3) Year
Spare parts and spare kits Ninety (90) days
D-Link’s sole obligation shall be to repair or replace the defective Hardware during the Warranty Period at no charge to the original owner or to
refund at D-Link’s sole discretion. Such repair or replacement will be rendered by D-Link at an Authorized D-Link Service Office. The replacement
Hardware need not be new or have an identical make, model or part. D-Link may in its sole discretion replace the defective Hardware (or any part
thereof) with any reconditioned product that D-Link reasonably determines is substantially equivalent (or superior) in all material respects to the
defective Hardware. Repaired or replacement Hardware will be warranted for the remainder of the original Warranty Period from the date of original
retail purchase. If a material defect is incapable of correction, or if D-Link determines in its sole discretion that it is not practical to repair or replace
the defective Hardware, the price paid by the original purchaser for the defective Hardware will be refunded by D-Link upon return to D-Link of the
defective Hardware. All Hardware (or part thereof) that is replaced by D-Link, or for which the purchase price is refunded, shall become the property
of D-Link upon replacement or refund.
Limited Software Warranty: D-Link warrants that the software portion of the product (“Software”) will substantially conform to D-Link’s then
current functional specifications for the Software, as set forth in the applicable documentation, from the date of original retail purchase of the
Software for a period of ninety (90) days (“Warranty Period”), provided that the Software is properly installed on approved hardware and operated as
contemplated in its documentation. D-Link further warrants that, during the Warranty Period, the magnetic media on which D-Link delivers the
Software will be free of physical defects. D-Link’s sole obligation shall be to replace the non-conforming Software (or defective media) with software
that substantially conforms to D-Link’s functional specifications for the Software or to refund at D-Link’s sole discretion. Except as otherwise agreed
by D-Link in writing, the replacement Software is provided only to the original licensee, and is subject to the terms and conditions of the license
granted by D-Link for the Software. Software will be warranted for the remainder of the original Warranty Period from the date or original retail
purchase. If a material non-conformance is incapable of correction, or if D-Link determines in its sole discretion that it is not practical to replace the
non-conforming Software, the price paid by the original licensee for the non-conforming Software will be refunded by D-Link; provided that the non-
conforming Software (and all copies thereof) is first returned to D-Link. The license granted respecting any Software for which a refund is given
automatically terminates.
Non-Applicability of Warranty: The Limited Warranty provided hereunder for hardware and software of D-Link's products, will not be applied to
and does not cover any product purchased through the inventory clearance or liquidation sale or other sales in which D-Link, the sellers, or the
liquidators expressly disclaim their warranty obligation pertaining to the product and in that case, the product is being sold "As-Is" without any
warranty whatsoever including, without limitation, the Limited Warranty as described herein, notwithstanding anything stated herein to the contrary.
Submitting A Claim: Any claim under this limited warranty must be submitted in writing before the end of the Warranty Period to an Authorized D-
Link Service Office.
ꢀ
The customer must submit as part of the claim a written description of the Hardware defect or Software nonconformance in sufficient
detail to allow D-Link to confirm the same.
ꢀ
The original product owner must obtain a Return Material Authorization (“RMA”) number from the Authorized D-Link Service Office and, if
requested, provide written proof of purchase of the product (such as a copy of the dated purchase invoice for the product) before the
warranty service is provided.
ꢀ
ꢀ
After an RMA number is issued, the defective product must be packaged securely in the original or other suitable shipping package to
ensure that it will not be damaged in transit, and the RMA number must be prominently marked on the outside of the package. Do not
include any manuals or accessories in the shipping package. D-Link will only replace the defective portion of the Product and will not ship
back any accessories.
The customer is responsible for all shipping charges to D-Link. No Charge on Delivery (“COD”) is allowed. Products sent COD will either
be rejected by D-Link or become the property of D-Link. Products should be fully insured by the customer and shipped to D-Link Systems,
Inc., 53 Discovery Drive, Irvine, CA 92618. D-Link will not be held responsible for any packages that are lost in transit to D-Link. The
repaired or replaced packages will be shipped via UPS Ground or any common carrier selected by D-Link, with shipping charges prepaid.
Expedited shipping is available if shipping charges are prepaid by the customer.
D-Link may reject or return any product that is not packaged and shipped in strict compliance with the foregoing requirements, or for which an RMA
number is not visible from the outside of the package. The product owner agrees to pay D-Link’s reasonable handling and return shipping charges for
any product that is not packaged and shipped in accordance with the foregoing requirements, or that is determined by D-Link not to be defective or
non-conforming.
What Is Not Covered: This limited warranty provided by D-Link does not cover: Products, if in D-Link’s judgment, have been subjected to abuse,
accident, alteration, modification, tampering, negligence, misuse, faulty installation, lack of reasonable care, repair or service in any way that is not
contemplated in the documentation for the product, or if the model or serial number has been altered, tampered with, defaced or removed; Initial
installation, installation and removal of the product for repair, and shipping costs; Operational adjustments covered in the operating manual for the
product, and normal maintenance; Damage that occurs in shipment, due to act of God, failures due to power surge, and cosmetic damage; Any
hardware, software, firmware or other products or services provided by anyone other than D-Link; Products that have been purchased from
iv
inventory clearance or liquidation sales or other sales in which D-Link, the sellers, or the liquidators expressly disclaim their warranty obligation
pertaining to the product. Repair by anyone other than D-Link or an Authorized D-Link Service Office will void this Warranty.
Disclaimer of Other Warranties: EXCEPT FOR THE LIMITED WARRANTY SPECIFIED HEREIN, THE PRODUCT IS PROVIDED “AS-IS” WITHOUT
ANY WARRANTY OF ANY KIND WHATSOEVER INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NON-INFRINGEMENT. IF ANY IMPLIED WARRANTY CANNOT BE DISCLAIMED IN ANY TERRITORY WHERE A
PRODUCT IS SOLD, THE DURATION OF SUCH IMPLIED WARRANTY SHALL BE LIMITED TO NINETY (90) DAYS. EXCEPT AS EXPRESSLY COVERED
UNDER THE LIMITED WARRANTY PROVIDED HEREIN, THE ENTIRE RISK AS TO THE QUALITY, SELECTION AND PERFORMANCE OF THE
PRODUCT IS WITH THE PURCHASER OF THE PRODUCT.
Limitation of Liability: TO THE MAXIMUM EXTENT PERMITTED BY LAW, D-LINK IS NOT LIABLE UNDER ANY CONTRACT, NEGLIGENCE, STRICT
LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY LOSS OF USE OF THE PRODUCT, INCONVENIENCE OR DAMAGES OF ANY
CHARACTER, WHETHER DIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF
GOODWILL, LOSS OF REVENUE OR PROFIT, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, FAILURE OF OTHER EQUIPMENT OR
COMPUTER PROGRAMS TO WHICH D-LINK’S PRODUCT IS CONNECTED WITH, LOSS OF INFORMATION OR DATA CONTAINED IN, STORED ON,
OR INTEGRATED WITH ANY PRODUCT RETURNED TO D-LINK FOR WARRANTY SERVICE) RESULTING FROM THE USE OF THE PRODUCT,
RELATING TO WARRANTY SERVICE, OR ARISING OUT OF ANY BREACH OF THIS LIMITED WARRANTY, EVEN IF D-LINK HAS BEEN ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES. THE SOLE REMEDY FOR
A
BREACH OF THE FOREGOING LIMITED WARRANTY IS REPAIR,
REPLACEMENT OR REFUND OF THE DEFECTIVE OR NON-CONFORMING PRODUCT. THE MAXIMUM LIABILITY OF D-LINK UNDER THIS
WARRANTY IS LIMITED TO THE PURCHASE PRICE OF THE PRODUCT COVERED BY THE WARRANTY. THE FOREGOING EXPRESS WRITTEN
WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ANY OTHER WARRANTIES OR REMEDIES, EXPRESS, IMPLIED OR
STATUTORY.
Governing Law: This Limited Warranty shall be governed by the laws of the state of California. Some states do not allow
exclusion or limitation of incidental or consequential damages, or limitations on how long an implied warranty lasts, so the
foregoing limitations and exclusions may not apply. This limited warranty provides specific legal rights and the product owner
may also have other rights which vary from state to state
For detailed warranty outside the United States, please contact corresponding local D-Link office.
Register online your D-Link product at http://support.dlink.com/register/
D-Link Offices for Registration and Warranty Service
The product's Registration Card, provided at the back of this manual, must be sent to a D-Link office. To obtain an RMA number for warranty
service as to a hardware product, or to obtain warranty service as to a software product, contact the D-Link office nearest you. An
address/telephone/fax/e-mail/Web site list of D-Link offices is provided in the back of this manual.
Trademarks
Copyright 2003 D-Link Corporation.
Contents subject to change without prior notice.
D-Link is a registered trademark of D-Link Corporation/D-Link Systems, Inc. All other trademarks belong to their respective proprietors.
Copyright Statement
No part of this publication may be reproduced in any form or by any means or used to make any derivative such as translation, transformation,
or adaptation without permission from D-Link Corporation/D-Link Systems Inc., as stipulated by the United States Copyright Act of 1976.
FCC Warning
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC
Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated
in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and
used in accordance with this user’s guide, may cause harmful interference to radio communications. Operation of this
equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the
interference at his own expense.
CE Mark Warning
This is a Class A product. In a domestic environment, this product may cause radio interference in which case the user may be
required to take adequate measures.
VCCI Warning
v
Table of Contents
Introduction...................................................................................................................................................................................... 1
Using the Console CLI..................................................................................................................................................................... 4
Command Syntax............................................................................................................................................................................. 8
Basic Switch Commands................................................................................................................................................................ 10
Switch Port Commands.................................................................................................................................................................. 21
Port Security Commands................................................................................................................................................................ 24
Network Management (SNMP) Commands .................................................................................................................................. 27
Switch Utility Commands .............................................................................................................................................................. 49
Network Monitoring Commands ................................................................................................................................................... 53
Spanning Tree Commands ............................................................................................................................................................. 66
Forwarding Database Commands .................................................................................................................................................. 72
Broadcast Storm Control Commands............................................................................................................................................. 80
QoS Commands ............................................................................................................................................................................. 82
Port Mirroring Commands ............................................................................................................................................................. 90
VLAN Commands.......................................................................................................................................................................... 94
Asymmetric VLAN Commands................................................................................................................................................... 100
Link Aggregation Commands ...................................................................................................................................................... 102
Basic IP Commands ..................................................................................................................................................................... 108
IGMP Snooping Commands ........................................................................................................................................................ 110
802.1X Commands....................................................................................................................................................................... 120
Access Control List (ACL) Commands ....................................................................................................................................... 132
Traffic Segmentation Commands................................................................................................................................................. 143
Time and SNTP Commands......................................................................................................................................................... 145
ARP Commands........................................................................................................................................................................... 152
Routing Table Commands............................................................................................................................................................ 156
MAC Notification Commands ..................................................................................................................................................... 158
Access Authentication Control Commands.................................................................................................................................. 162
Single IP Management Commands...............................................................................................................................................187
Command History List..................................................................................................................................................................198
Technical Specifications...............................................................................................................................................................201
1
INTRODUCTION
The Switch can be managed through the Switch’s serial port, Telnet, or the Web-based management agent. The Command Line
Interface (CLI) can be used to configure and manage the Switch via the serial port or Telnet interfaces.
This manual provides a reference for all of the commands contained in the CLI. Configuration and management of the switch
via the Web-based management agent is discussed in the User’s Guide.
Accessing the Switch via the Serial Port
The Switch’s serial port’s default settings are as follows:
•
•
•
•
9600 baud
no parity
8 data bits
1 stop bit
A computer running a terminal emulation program capable of emulating a VT-100 terminal and a serial port configured as
above is then connected to the Switch’s serial port via an RS-232 DB-9 cable.
With the serial port properly connected to a management computer, the following screen should be visible. If this screen does
not appear, try pressing Ctrl+r to refresh the console screen.
Figure 1-1. Initial CLI screen
There is no initial username or password. Just press the Enter key twice to display the CLI input cursor − DES-3550:4#. This is
the command line where all commands are input.
Setting the Switch’s IP Address
Each Switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other
TCP/IP application (for example BOOTP, TFTP). The Switch’s default IP address is 10.90.90.90. You can change the default
Switch IP address to meet the specification of your networking address scheme.
The Switch is also assigned a unique MAC address by the factory. This MAC address cannot be changed, and can be found on
the initial boot console screen – shown below.
1
Figure 1-2. Boot Screen
The Switch’s MAC address can also be found in the Web management program on the Switch Information (Basic Settings)
window on the Configuration menu.
The IP address for the switch must be set before it can be managed with the Web-based manager. The Switch IP address can be
automatically set using BOOTP or DHCP protocols, in which case the actual address assigned to the switch must be known.
The IP address may be set using the Command Line Interface (CLI) over the console serial port as follows:
1. Starting at the command line prompt, enter the commands config ipif System ipaddress
xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy. Where the x’s represent the IP address to be assigned to the IP interface named
System and the y’s represent the corresponding subnet mask.
2. Alternatively, you can enter config ipif System ipaddress xxx.xxx.xxx.xxx/z. Where the x’s represent the IP address
to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR
notation.
The IP interface named System on the switch can be assigned an IP address and subnet mask which can then be used to connect
a management station to the switch’s Telnet or Web-based management agent.
Figure 1-3. Assigning an IP Address
2
In the above example, the Switch was assigned an IP address of 10.53.13.144/8 with a subnet mask of 255.0.0.0. The system
message Success indicates that the command was executed successfully. The Switch can now be configured and managed via
Telnet, SNMP MIB browser and the CLI or via the Web-based management agent using the above IP address to connect to the
Switch.
3
2
USING THE CONSOLE CLI
The DES-3550 supports a console management interface that allows the user to connect to the switch’s management agent via a
serial port and a terminal or a computer running a terminal emulation program. The console can also be used over the network
using the TCP/IP Telnet protocol. The console program can be used to configure the Switch to use an SNMP-based network
management software over the network.
This chapter describes how to use the console interface to access the switch, change its settings, and monitor its operation.
Note: Switch configuration settings are saved to non-volatile RAM using
the save command. The current configuration will then be retained in the
switch’s NV-RAM, and reloaded when the Switch is rebooted. If the Switch
is rebooted without using the save command, the last configuration saved
to NV-RAM will be loaded.
Connecting to the Switch
The console interface is used by connecting the Switch to a VT100-compatible terminal or a computer running an ordinary
terminal emulator program (e.g., the HyperTerminal program included with the Windows operating system) using an RS-232C
serial cable. Your terminal parameters will need to be set to:
•
•
•
•
•
•
VT-100 compatible
9600 baud
8 data bits
No parity
One stop bit
No flow control
You can also access the same functions over a Telnet interface. Once you have set an IP address for your Switch, you can use a
Telnet program (in VT-100 compatible terminal mode) to access and control the Switch. All of the screens are identical,
whether accessed from the console port or from a Telnet interface.
After the Switch reboots and you have logged in, the console looks like this:
Figure 2-1. Initial Console Screen
4
Commands are entered at the command prompt, DES-3550:4#.
There are a number of helpful features included in the CLI. Entering the ? command will display a list of all of the top-level
commands.
Figure 2-2. The ? Command
When you enter a command without its required parameters, the CLI will prompt you with a Next possible completions:
message.
Figure 2-3. Example Command Parameter Help
In this case, the command config account was entered with the parameter <username>. The CLI will then prompt you to enter
the <username> with the message, Next possible completions:. Every command in the CLI has this feature, and complex
commands have several layers of parameter prompting.
In addition, after typing any given command plus one space, you can see all of the next possible sub-commands, in sequential
order, by repeatedly pressing the Tab key.
To re-enter the previous command at the command prompt, press the up arrow cursor key. The previous command will appear at
the command prompt.
5
Figure 2-4. Using the Up Arrow to Re-enter a Command
In the above example, the command config account was entered without the required parameter <username>, the CLI returned
the Next possible completions: <username> prompt. The up arrow cursor control key was pressed to re-enter the previous
command (config account) at the command prompt. Now the appropriate username can be entered and the config account
command re-executed.
All commands in the CLI function in this way. In addition, the syntax of the help prompts are the same as presented in this
manual − angle brackets < > indicate a numerical value or character string, braces { } indicate optional parameters or a choice of
parameters, and brackets [ ] indicate required parameters.
If a command is entered that is unrecognized by the CLI, the top-level commands will be displayed under the Available
commands: prompt.
Figure 2-5. The Next Available Commands Prompt
The top-level commands consist of commands such as show or config. Most of these commands require one or more parameters
to narrow the top-level command. This is equivalent to show what? or config what? Where the what? is the next parameter.
For example, if you enter the show command with no additional parameters, the CLI will then display all of the possible next
parameters.
6
Figure 2-6. Next possible completions: Show Command
In the above example, all of the possible next parameters for the show command are displayed. At the next command prompt,
the up arrow was used to re-enter the show command, followed by the account parameter. The CLI then displays the user
accounts configured on the Switch.
7
3
COMMAND SYNTAX
The following symbols are used to describe how command entries are made and values and arguments are specified in this
manual. The online help contained in the CLI and available through the console interface uses the same syntax.
Note: All commands are case-sensitive. Be sure to disable Caps Lock or any other
unwanted function that changes text case.
<angle brackets>
Purpose
Encloses a variable or value that must be specified.
Syntax
create ipif <ipif_name> vlan <vlan_name 32> ipaddress
<network_address>
Description
In the above syntax example, you must supply an IP interface name in
the <ipif_name> space, a VLAN name in the <vlan_name 32> space,
and the network address in the <network_address> space. Do not
type the angle brackets.
Example
create ipif Engineering vlan Design ipaddress 10.24.22.5/255.0.0.0
Command
[square brackets]
Purpose
Encloses a required value or set of required arguments. One value or
argument can be specified.
Syntax
create account [admin|user]
Description
In the above syntax example, you must specify either an admin or a
user level account to be created. Do not type the square brackets.
Example
create account admin
Command
| vertical bar
Purpose
Separates two or more mutually exclusive items in a list, one of which
must be entered.
Syntax
show snmp [community|detail]
Description
In the above syntax example, you must specify either
or
community,
detail. Do not type the backslash.
Example
show snmp community
Command
{braces}
Purpose
Encloses an optional value or set of optional arguments.
Syntax
reset {[config|system]}
8
{braces}
Description
In the above syntax example, you have the option to specify config or
detail. It is not necessary to specify either optional value, however the
effect of the system reset is dependent on which, if any, value is
specified. Therefore, with this example there are three possible
outcomes of performing a system reset. See the following chapter,
Basic Commands for more details about the reset command.
Example
reset config
command
Line Editing Key Usage
Delete
Deletes the character under the cursor and then shifts the remaining
characters in the line to the left.
Backspace
Insert or Ctrl+R
Deletes the character to the left of the cursor and shifts the remaining
characters in the line to the left.
Toggle on and off. When toggled on, inserts text and shifts previous
text to right.
Left Arrow
Right Arrow
Up Arrow
Moves the cursor to the left.
Moves the cursor to the right.
Repeat the previously entered command. Each time the up arrow is
pressed, the command previous to that displayed appears. This way it
is possible to review the command history for the current session. Use
the down arrow to progress sequentially forward through the command
history list.
Down Arrow
Tab
The down arrow will display the next command in the command history
entered in the current session. This displays each command
sequentially as it was entered. Use the up arrow to review previous
commands.
Shifts the cursor to the next field to the left.
Multiple Page Display Control Keys
Space
Displays the next page.
CTRL+c
Stops the display of remaining pages when multiple pages are to be
displayed.
ESC
Stops the display of remaining pages when multiple pages are to be
displayed.
n
p
q
Displays the next page.
Displays the previous page.
Stops the display of remaining pages when multiple pages are to be
displayed.
r
Refreshes the pages currently displayed.
a
Displays the remaining pages without pausing between pages.
Displays the next line or table entry.
Enter
9
4
BASIC SWITCH COMMANDS
The basic switch commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
Command
Parameters
create account
[admin|user]
<username 15>
config account
show account
delete account
show session
show switch
<username 15>
<username 15>
show serial_port
config serial_port
{baud_rate [9600|19200|38400|115200]
auto_logout [never|2_minutes|5_minutes
|10_minutes|15_minutes]}
enable clipaging
disable clipaging
enable telnet
disable telnet
enable web
disable web
save
<tcp_port_number 1-65535>
<tcp_port_number 1-65535>
reboot
reset
{[config|system]}
login
logout
Each command is listed, in detail, in the following sections.
create account
Used to create user accounts
Purpose
Syntax
create [admin | user] <username 15>
The create account command is used to create user accounts that
consist of a username of 1 to 15 characters and a password of 0 to 15
characters. Up to 8 user accounts can be created.
Description
Admin <username>
Parameters
Restrictions
User <username>
Only Administrator-level users can issue this command.
Usernames can be between 1 and 15 characters.
Passwords can be between 0 and 15 characters.
10
Example usage:
To create an administrator-level user account with the username “dlink”.
DES-3550:4#create account admin dlink
Command: create account admin dlink
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
Success.
DES-3550:4#
config account
Used to configure user accounts
Purpose
Syntax
config account <username>
The config account command configures a user account that has
Description
been created using the create account command.
<username>
Parameters
Restrictions
Only Administrator-level users can issue this command.
Usernames can be between 1 and 15 characters.
Passwords can be between 0 and 15 characters.
Example usage:
To configure the user password of “dlink” account:
DES-3550:4#config account dlink
Command: config account dlink
Enter a old password:****
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
Success.
DES-3550:4#
show account
Used to display user accounts
Purpose
Syntax
show account
11
show account
Displays all user accounts created on the switch. Up to 8 user
accounts can exist on the switch at one time.
Description
None.
Parameters
Restrictions
Only Administrator-level users can issue this command.
Example usage:
To display the accounts that have been created:
DES-3550:4#show account
Command: show account
Current Accounts:
Username
---------------
dlink
Access Level
------------
Admin
Total Entries: 1
DES-3550:4#
delete account
Used to delete an existing user account
Purpose
Syntax
delete account <username>
The delete account command deletes a user account that has been
Description
created using the create account command.
<username>
Parameters
Restrictions
Only Administrator-level users can issue this command.
Example usage:
To delete the user account “System”:
DES-3550:4#delete account System
Command: delete account System
Success.
DES-3550:4#
show session
Used to display a list of currently logged-in users.
Purpose
12
show session
Syntax
show session
This command displays a list of all the users that are logged-in at
the time the command is issued.
Description
None
Parameters
Restrictions
None.
Example usage:
To display the way that the users logged in:
DES-3550:4#show session
Command: show session
ID Login Time
Live Time From
Level Name
----- -----------
03:36:27 Serial Port 4 Anonymous
-- ------------------------------- ---------
------------
*8 00000 days 00:00:37
show switch
Used to display information about the switch.
show switch
Purpose
Syntax
This command displays information about the switch.
None.
Description
Parameters
Restrictions
Only Administrator-level users can issue this command.
Example usage:
To display the switch information:
DES-3550:4#show switch
Command: show switch
Device Type
Combo Port
MAC Address
IP Address
: DES-3550 Fast Ethernet Switch
: 1000Base-T + 1000Base-T
: 00-01-02-03-04-00
: 10.41.44.22 (Manual)
: default
VLAN Name
Subnet Mask
Default Gateway
: 255.0.0.0
: 0.0.0.0
Boot PROM Version : Build 3.00.001
Firmware Version
Hardware Version
Device S/N
: Build 1.00-B02
: 2A1
:
Power Status
System Name
: Main – Normal, Redundant – Not Present
: DES-3550
13
System Location
System Contact
Spanning Tree
GVRP
: 7th_flr_east_cabinet
: Julius_Erving_212-555-6666
: Disabled
: Disabled
IGMP Snooping
TELNET
: Disabled
: Enabled (TCP 23)
: Enabled (TCP 80)
: Enabled
WEB
RMON
Asymmetric VLAN : Disabled
DES-3550:4#
show serial_port
Used to display the current serial port settings.
Purpose
Syntax
show serial_port
This command displays the current serial port settings.
Description
Parameters
Restrictions
None.
None
Example usage:
To display the serial port setting:
DES-3550:4#show serial_port
Command: show serial_port
Baud Rate
Data Bits
Parity Bits
Stop Bits
: 9600
: 8
: None
: 1
Auto-Logout : 10 mins
DES-3550:4#
config serial_port
Used to configure the serial port and the auto logout time for idle
connections.
Purpose
Syntax
config serial_port {baud_rate [9600|19200|38400|115200] |
auto_logout [never | 2_minutes | 5_minutes | 10_minutes |
15_minutes]}
Description
This command is used to configure the serial port’s baud rate and auto
logout settings.
Parameters
baud_rate[9600|19200|38400|115200]− The serial bit rate that will be used
to communicate with the management host. There are four options: 9600,
14
config serial_port
19200, 38400, 115200.
never − No time limit on the length of time the console can be open with no
user input.
2_minutes − The console will log out the current user if there is no user
input for 2 minutes.
5_minutes − The console will log out the current user if there is no user
input for 5 minutes.
10_minutes − The console will log out the current user if there is no user
input for 10 minutes.
15_minutes − The console will log out the current user if there is no user
input for 15 minutes.
Restrictions
Example usage:
To configure baud rate:
DES-3550:4#config serial_port baud_rate 115200
Only administrator-level users can issue this command.
Command: config serial_port baud_rate 115200
Success.
DES-3550:4#
enable clipaging
Used to pause the scrolling of the console screen when the show
command displays more than one page.
Purpose
Syntax
enable clipaging
This command is used when issuing the show command which
causes the console screen to rapidly scroll through several pages.
This command will cause the console to pause at the end of each
page. The default setting is enabled.
Description
None.
Parameters
Restrictions
Only administrator-level users can issue this command.
Example usage:
To enable pausing of the screen display when the show command output reaches the end of the page:
15
DES-3550:4#enable clipaging
Command: enable clipaging
Success.
DES-3550:4#
disable clipaging
Used to disable the pausing of the console screen scrolling at the end
of each page when the show command displays more than one
screen of information.
Purpose
Syntax
disable clipaging
This command is used to disable the pausing of the console screen
at the end of each page when the show command would display
more than one screen of information.
Description
None.
Parameters
Restrictions
Only administrator-level users can issue this command.
Example usage:
To disable pausing of the screen display when show command output reaches the end of the page:
DES-3550:4#disable clipaging
Command: disable clipaging
Success.
DES-3550:4#
enable telnet
Used to enable communication with and management of the switch
using the Telnet protocol.
Purpose
Syntax
enable telnet <tcp_port_number 1-65535>
This command is used to enable the Telnet protocol on the switch.
The user can specify the TCP or UDP port number the switch will use
to listen for Telnet requests.
Description
Parameters
<tcp_port_number> − The TCP port number. TCP ports are
numbered between 1 and 65535. The “well-known” TCP port for the
Telnet protocol is 23.
Only administrator-level users can issue this command.
Restrictions
Example usage:
To enable Telnet and configure port number:
16
DES-3550:4#enable telnet 23
Command: enable telnet 23
Success.
DES-3550:4#
disable telnet
Used to disable the Telnet protocol on the switch.
disable telnet
Purpose
Syntax
This command is used to disable the Telnet protocol on the switch.
None.
Description
Parameters
Restrictions
Only administrator-level users can issue this command.
Example usage:
To disable the Telnet protocol on the switch:
DES-3550:4#disable telnet
Command: disable telnet
Success.
DES-3550:4#
enable web
Used to enable the HTTP-based management software on the
switch.
Purpose
Syntax
enable web <tcp_port_number 1-65535>
This command is used to enable the Web-based management
software on the switch. The user can specify the TCP port number
the switch will use to listen for Telnet requests.
Description
Parameters
<tcp_port_number> − The TCP port number. TCP ports are
numbered between 1 and 65535. The “well-known” port for the Web-
based management software is 80.
Only administrator-level users can issue this command.
Restrictions
Example usage:
To enable HTTP and configure port number:
17
DES-3550:4#enable web 80
Command: enable web 80
Success.
DES-3550:4#
disable web
Used to disable the HTTP-based management software on the
switch.
Purpose
Syntax
disable web
This command disables the Web-based management software on
the switch.
Description
None.
Parameters
Restrictions
Only administrator-level users can issue this command.
Example usage:
To disable HTTP:
DES-3550:4#disable web
Command: disable web
Success.
DES-3550:4#
save
Used to save changes in the switch’s configuration to non-volatile
RAM.
Purpose
Syntax
save
This command is used to enter the current switch configuration into
non-volatile RAM. The saved switch configuration will be loaded
into the switch’s memory each time the switch is restarted.
Description
None
Parameters
Restrictions
Only administrator-level users can issue this command.
Example usage:
To save the switch’s current configuration to non-volatile RAM:
18
DES-3550:4#save
Command: save
Saving all configurations to NV-RAM... Done.
DES-3550:4#
reboot
Used to restart the switch.
Purpose
Syntax
reboot
This command is used to restart the switch.
Description
Parameters
Restrictions
None.
None.
Example usage:
To restart the switch:
DES-3550:4#reboot
Command: reboot
Are you sure want to proceed with the system reboot? (y|n)
Please wait, the switch is rebooting...
reset
Used to reset the switch to the factory default settings.
Purpose
Syntax
reset {[config|system]}
This command is used to restore the switch’s configuration to the
default settings assigned from the factory.
Description
Parameters
config − If the keyword ‘config’ is specified, all of the factory default
settings are restored on the switch including the IP address, user
accounts, and the switch history log. The switch will not save or
reboot.
system − If the keyword ‘system’ is specified all of the factory default
settings are restored on the switch. The switch will save and reboot
after the settings are changed to default. Rebooting will clear all
entries in the Forwarding Data Base.
If no parameter is specified, the switch’s current IP address, user
accounts, and the switch history log are not changed. All other
parameters are restored to the factory default settings. The switch
will not save or reboot.
Only administrator-level users can issue this command.
Restrictions
Example usage:
19
To restore all of the switch’s parameters to their default values:
DES-3550:4#reset config
Command: reset config
Are you sure to proceed with system reset?(y/n)
Success.
DES-3550:4#
login
Used to log in a user to the switch’s console.
Purpose
Syntax
login
This command is used to initiate the login procedure. The user will
be prompted for his Username and Password.
Description
None.
None.
Parameters
Restrictions
Example usage:
To initiate the login procedure:
DES-3550:4#login
Command: login
UserName:
logout
Used to log out a user from the switch’s console.
Purpose
Syntax
logout
This command terminates the current user’s session on the
switch’s console.
Description
None.
None.
Parameters
Restrictions
Example usage:
To terminate the current user’s console session:
DES-3550:4#logout
20
5
SWITCH PORT COMMANDS
The switch port commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
Command
Parameters
config ports
[<portlist | all> {speed [auto | 10_half | 10_full |100_half | 100_full |
1000_full} | flow_control [enable | disable] | learning [enable |
disable] state [enable | disable]} description <desc 32>
show ports
<portlist> {description}
Each command is listed, in detail, in the following sections.
config ports
Used to configure the Switch’s Ethernet port settings.
Purpose
Syntax
config ports [<portlist | all>] {speed [auto | 10_half | 10_full |100_half
| 100_full | 1000_half | 1000_full} | flow_control [enable | disable] |
learning [enable | disable] state [enable | disable] description <desc
32>
This command allows for the configuration of the switch’s Ethernet ports.
Only the ports listed in the <portlist> will be affected.
Description
Parameters
all − Configure all ports on the switch.
<portlist> − Specifies a port or range of ports to be configured. Tauto −
Enables auto-negotiation for the specified range of ports.
[10|100|1000] − Configures the speed in Mbps for the specified range of
ports. Gigabit ports are statically set to 1000 and cannot be set to slower
speeds.
[half|full] − Configures the specified range of ports as either full- or half-
duplex.
[master | slave] This parameter denotes whether the ports selected will be
of the master switch or the slave switch and is only used when the port
speed is selected to be 1000_full.
flow_control [enabled | disabled] – Enable or disable flow control for the
specified ports.
learning [enabled | disabled] − Enables or disables the MAC address
learning on the specified range of ports.
state [enabled | disabled] − Enables or disables the specified range of
ports.
description <desc 32> - Enter an alphanumeric string of no more than 32
characters to describe a selected port interface.
Only administrator-level users can issue this command.
Restrictions
Example usage:
21
To configure the speed of port 3 to be 10 Mbps, full duplex, with learning and state enabled:
DES-3550:4#config ports 1-3 speed 10_full learning enabled
state enabled
Command: config ports 1-3 speed 10_full learning enabled
state enabled
Success.
DES-3550:4#
show ports
Used to display the current configuration of a range of ports.
Purpose
Syntax
show ports <portlist> {description}
This command is used to display the current configuration of a range
of ports.
Description
Parameters
<portlist> − Specifies a port or range of ports to be displayed.
{description} – Adding this parameter to the show ports command
indicates that the port description will be included in the display.
None.
Restrictions
Example usage:
To display the configuration of all ports on a switch:
DES-3550:4#show ports
Command show ports:
Port Port
State Speed/Duplex/FlowCtrl Speed/Duplex/FlowCtrl Learning
------ -------- ---------------------
Settings
Connection
Address
---------------------
Link Down
Link Down
Link Down
Link Down
Link Down
Link Down
Link Down
Link Down
Link Down
100M/Full/None
Link Down
Link Down
Link Down
Link Down
Link Down
Link Down
Link Down
Link Down
Link Down
Link Down
--------
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
1
Enabled Auto/Enabled
Enabled Auto/Enabled
Enabled Auto/Enabled
Enabled Auto/Enabled
Enabled Auto/Enabled
Enabled Auto/Enabled
Enabled Auto/Enabled
Enabled Auto/Enabled
Enabled Auto/Enabled
Enabled Auto/Enabled
Enabled Auto/Enabled
Enabled Auto/Enabled
Enabled Auto/Disabled
Enabled Auto/Disabled
Enabled Auto/Disabled
Enabled Auto/Disabled
Enabled Auto/Disabled
Enabled Auto/Disabled
Enabled Auto/Disabled
Enabled Auto/Disabled
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
22
Example usage:
To display the configuration of all ports on a switch, with description:
DES-3550:4#show ports description
Command: show ports description
Port Port
Settings
Connection
Address
Learning
--------
State Speed/Duplex/FlowCtrl Speed/Duplex/FlowCtrl
------ --------
Enabled Auto/Disabled
Description: dads1
Enabled Auto/Disabled
Description:
---------------------
---------------------
Link Down
1
Enabled
2
Link Down
Link Down
Link Down
Link Down
Link Down
Link Down
Link Down
Link Down
Link Down
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
3
Enabled Auto/Disabled
Description:
4
Enabled Auto/Disabled
Description:
5
Enabled Auto/Disabled
Description:
6
Enabled Auto/Disabled
Description:
7
Enabled Auto/Disabled
Description:
8
Enabled Auto/Disabled
Description:
9
Enabled Auto/Disabled
Description:
10
Enabled Auto/Disabled
Description:
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
23
6
PORT SECURITY COMMANDS
The switch port security commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in
the following table.
Command
Parameters
config port_security
ports
[<portlist>| all ] {admin_state [enable| disable]
|max_learning_addr <max_lock_no 0-10> | lock_address_mode
[Permanent | DeleteOnTimeout | DeleteOnReset]}
delete port_security vlan_name <vlan_name 32> mac_address <macaddr> port <port>
entry
clear
port <portlist>
port_security_entry
show port_security
{ports <portlist>}
Each command is listed, in detail, in the following sections.
config port_security ports
Used to configure port security settings.
Purpose
Syntax
config port_security ports [<portlist>| all ] {admin_state [enable|
disable] | max_learning_addr <max_lock_no 0-10> |
lock_address_mode [Permanent | DeleteOnTimeout |
DeleteOnReset]}
This command allows for the configuration of the port security feature.
Only the ports listed in the <portlist> are effected.
Description
Parameters
portlist − specifies a port or range of ports to be configured.
all − configure port security for all ports on the switch.
admin_state [enable|disable] – enable or disable port security for the listed
ports.
max_learning_addr <max_lock_no 0-10> - use this to limit the number of
MAC addresses dynamically listed in the FDB for the ports.
lock_address_mode[Permanent | DeleteOnTimout | DeleteOnReset] –
Indicates the method of locking addresses. The user has three choices:
ꢁ
ꢁ
ꢁ
Permanent – The locked addresses will not age out after the
aging timer expires.
DeleteOnTimeout – The locked addresses will age out after the
aging timer expires.
DeleteOnReset – The locked addresses will not age out until the
switch has been reset.
Only administrator-level users can issue this command.
Restrictions
Example usage:
24
To configure the port security:
DES-3550:4#config port_security ports 1-5 admin_state enable
max_learning_addr 5 lock_address_mode DeleteOnReset
Command: config port_security ports 1-5 admin_state enable
max_learning_addr 5 lock_address_mode DeleteOnReset
Success.
DES-3550:4#
delete port_security_entry
Used to delete a port security entry by MAC address, port number
and VLAN ID.
Purpose
Syntax
delete port_security_entry vlan name <vlan_name 32>
mac_address <macaddr> port <port>
This command is used to delete a single, previously learned port
security entry by port, VLAN name, and MAC Address.
Description
Parameters
vlan name <vlan_name 32> Enter the corresponding vlan name of
the port which the user wishes to delete.
mac_address <macaddr> - Enter the corresponding MAC address,
previously learned by the port, which the user wishes to delete.
port <port> - Enter the port number which has learned the previously
enterd MAC address.
Only administrator-level users can issue this command.
Restrictions
Example usage:
To delete a port security entry:
DES-3550:4#delete port_security_entry vlan_name default
mac_address 00-01-30-10-2C-C7 port 6
Command: delete port_security_entry vlan_name default
mac_address 00-01-30-10-2C-C7 port 6
Success.
DES-3550:4#
clear port_security_entry
Used to clear MAC address entries learned from a specified port for
Purpose
the port security function.
Syntax
clear port_security_entry port <portlist>
This command is used to clear MAC address entries which were
learned by the switch by a specified port. This command only relates
Description
25
clear port_security_entry
to the port security function.
Parameters
Restrictions
<portlist> − specifies a port or port range the user wishes to clear.
Only administrator-level users can issue this command.
Example usage:
To clear a port security entry by port:
DES-3550:4# clear port_security_entry port 6
Command: clear port_security_entry port 6
Success.
DES-3550:4#
show port_security
Used to display the current port security configuration.
Purpose
Syntax
show port_security {ports <portlist>}
This command is used to display port security information of the
switch ports. The information displayed includes port security admin
state, maximum number of learning address and lock mode.
Description
Parameters
Restrictions
<portlist> − specifies a port or range of ports to be viewed.
None.
Example usage:
To display the port security configuration:
DES-3550:4#show port_security ports 1-5
Command: show port_security ports 1-5
Port# Admin State Max. Learning Addr. Lock Address Mode
----
1
-----------
Disabled
Disabled
Disabled
Disabled
Disabled
-------------------
-----------------
DeleteOnReset
DeleteOnReset
DeleteOnReset
DeleteOnReset
DeleteOnReset
1
1
1
1
1
2
3
4
5
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
26
7
NETWORK MANAGEMENT (SNMP) COMMANDS
The network management commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in
the following table.
The DES-3550 supports the Simple Network Management Protocol (SNMP) versions 1, 2c, and 3. You can specify which
version of the SNMP you want to use to monitor and control the switch. The three versions of SNMP vary in the level of
security provided between the management station and the network device. The following table lists the security features of the
three SNMP versions:
SNMP
Version
Authentication Method
Community String
Community String
Description
v1
Community String is used for authentication −
NoAuthNoPriv
v2c
Community String is used for authentication −
NoAuthNoPriv
v3
v3
Username
Username is used for authentication − NoAuthNoPriv
MD5 or SHA
Authentication is based on the HMAC-MD5 or
HMAC-SHA algorithms − AuthNoPriv
v3
MD5 DES or SHA DES
Authentication is based on the HMAC-MD5 or
HMAC-SHA algorithms − AuthPriv.
DES 56-bit encryption is added based on the CBC-
DES (DES-56) standard
Command
Parameters
create snmp user
<username 32> <groupname 32> {encrypted [by_password auth
[md5 <auth_password 8-16 > | sha <auth_password 8-20 >] priv
[none | des <priv_password 8-16> ] | by_key auth [md5 <auth_key
32-32>| sha <auth_key 40-40>] priv [none | des <priv_key 32-
32> ]]}
delete snmp user
show snmp user
create snmp view
delete snmp view
show snmp view
<SNMP_name 32>
<view_name 32> <oid> view_type [included | excluded]
<view_name 32> [all | oid]
<view_name 32>
<community_string 32> view <view_name 32> [read_only |
read_write]
create snmp
community
delete snmp
community
<community_string 32>
<community_string 32>
show snmp
community
config snmp
<snmp_engineID>
27
Command
Parameters
engineID
show snmp
engineID
create snmp group
<groupname 32> {v1 | v2c |v3 [noauth_nopriv | auth_nopriv |
auth_priv ]} {read_view <view_name 32> | write_view
<view_name 32> | notify_view <view_name 32>}
delete snmp group
show snmp groups
create snmp host
<groupname 32>
<ipaddr> {v1 |v2c | v3 [noauth_nopriv | auth_nopriv | auth_priv]}
<auth_string 32>
delete snmp host
show snmp host
<ipaddr>
<ipaddr>
create trusted_host <ipaddr>
delete trusted_host <ipaddr>
show trusted_host
enable snmp traps
<ipaddr>
enable snmp
authenticate_traps
show snmp traps
disable snmp traps
disable snmp
authenticate_traps
config snmp system <sw_contact>
contact
config snmp system <sw_location>
location
config snmp system <sw_name>
name
enable rmon
disable rmon
Each command is listed, in detail, in the following sections.
create snmp user
Purpose
Used to create a new SNMP user and adds the user to an SNMP
28
create snmp user
group that is also created by this command.
Syntax
create snmp user <username 32> <groupname 32> {encrypted
[by_password auth [md5 <auth_password 8-16 > | sha
<auth_password 8-20 >] priv [none | des <priv_password 8-
16> ]|by_key auth [md5 <auth_key 32-32>| sha <auth_key 40-
40>] priv [none | des <priv_key 32-32> ]]}
Description
Parameters
The create snmp user command creates a new SNMP user and
adds the user to an SNMP group that is also created by this
command.
<username 32> − An alphanumeric name of up to 32 characters that
will identify the new SNMP user.
<groupname 32> − An alphanumeric name of up to 32 characters
that will identify the SNMP group the new SNMP user will be
associated with.
by_password – Requires the SNMP user to enter a password for
authentication and privacy. The password is defined by specifying
the auth_password below. This method is recommended.
by_key - Requires the SNMP user to enter a encryption key for
authentication and privacy. The key is defined by specifying the
priv_password below. This method is not recommended.
Message integrity − ensures that packets have not been tampered
with during transit.
Authentication − determines if an SNMP message is from a valid
source.
Encryption − scrambles the contents of messages to prevent it being
viewed by an unauthorized source.
encrypted – Specifies that the password will be in an encrypted
format.
auth [md5|sha] – Initiate an authentication-level setting session.
md5 − Specifies that the HMAC-MD5-96 authentication level will be
used.
− Specifies that the HMAC-SHA-96 authentication level will be
sha
used.
<auth_password 8-20> − An alphanumeric sting of between 8 and
20 characters that will be used to authorize the agent to receive
packets for the host.
des <priv_password 8-16> − An alphanumeric string of between 8
and 16 characters that will be used to encrypt the contents of
messages the host sends to the agent.
Restrictions
Only administrator-level users can issue this command.
Example usage:
29
To create an SNMP user on the switch:
DES-3550:4#create snmp user dlink default encrypted
by_password auth md5 auth_password priv none
Command: create snmp user dlink default encrypted
by_password auth md5 auth_password priv none
Success.
DES-3550:4#
delete snmp user
Used to remove an SNMP user from an SNMP group and also to
delete an entry from the USM User Table Settings
Purpose
Syntax
delete snmp user <usmusername 32>
Description
The delete snmp user command removes an SNMP user from its
SNMP group and then deletes the entry from the USM User Table
Settings.
Parameters
Restrictions
<username 32> − An alphanumeric string of up to 32 characters that
identifies the SNMP user that will be deleted.
Only administrator-level users can issue this command.
Example usage:
To delete a previously entered SNMP user on the switch:
DES-3550:4#delete snmp user dlink
Command: delete snmp user dlink
Success.
DES-3550:4#
show snmp user
Purpose
Used to display information about each SNMP username in the
SNMP group username table.
Syntax
show snmp user
Description
The
command displays information about each
show snmp user
SNMP username in the SNMP group username table.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To display the SNMP users currently configured on the switch:
30
DES-3550:4#show snmp user
Command: show snmp user
Username Group Name Ver
Auth Priv
-------- -------
None None
--------------- --------------
initial initial
-----
V3
Total Entries: 1
DES-3550:4#
create snmp view
Purpose
Used to assign views to community strings to limit which MIB objects
and SNMP manager can access.
Syntax
create snmp view <view_name 32> <oid> view_type [included |
excluded]
Description
Parameters
The create snmp view command assigns views to community
strings to limit which MIB objects an SNMP manager can access.
<view_name 32> − An alphanumeric string of up to 32 characters
that identifies the SNMP view that will be created.
<oid> − The object ID that identifies an object tree (MIB tree) that will
be included or excluded from access by an SNMP manager.
included − Include this object in the list of objects that an SNMP
manager can access.
excluded − Exclude this object from the list of objects that an SNMP
manager can access.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To create an SNMP view:
DES-3550:4#create snmp view dlinkview 1.3.6 view_type
included
Command: create snmp view dlinkview 1.3.6 view_type included
Success.
DES-3550:4#
delete snmp view
Purpose
Used to remove an SNMP view entry previously created on the
switch.
31
delete snmp view
Syntax
delete snmp view <view_name 32> [all | <oid>]
Description
The command is used to remove an SNMP view
delete snmp view
previously created on the switch.
Parameters
<view_name 32> − An alphanumeric string of up to 32 characters
that identifies the SNMP view to be deleted.
all − Specifies that all of the SNMP views on the switch will be
deleted.
<oid> − The object ID that identifies an object tree (MIB tree) that
will be deleted from the switch.
Restrictions
Example usage:
Only administrator-level users can issue this command.
To delete a previously configured SNMP view from the switch:
DES-3550:4#delete snmp view dlinkview all
Command: delete snmp view dlinkview all
Success.
DES-3550:4#
show snmp view
Purpose
Used to display an SNMP view previously created on the switch.
Syntax
show snmp view {<view_name 32>}
Description
The show snmp view command displays an SNMP view previously
created on the switch in the VACM View Table Settings.
Parameters
Restrictions
<view_name 32> − An alphanumeric string of up to 32 characters
that identifies the SNMP view that will be displayed.
None.
Example usage:
To display SNMP view configuration:
DES-3550:4#show snmp view
Command: show snmp view
Vacm View Table Settings
View Name
--------------------
ReadView
WriteView
NotifyView
Subtree
-------------------------
View Type
----------
1
1
Included
Included
Included
Included
Included
1.3.6
1.3.6.1.2.1.1
1.3.6.1.2.1.11
restricted
restricted
32
restricted
restricted
restricted
CommunityView
CommunityView
CommunityView
1.3.6.1.6.3.10.2.1
1.3.6.1.6.3.11.2.1
1.3.6.1.6.3.15.1.1
1
Included
Included
Included
Included
Excluded
Included
1.3.6.1.6.3
1.3.6.1.6.3.1
Total Entries: 11
DES-3550:4#
create snmp community
Purpose
Used to create an SNMP community string to define the relationship
between the SNMP manager and an agent. The community string
acts like a password to permit access to the agent on the switch.
One or more of the following characteristics can be associated with
the community string:
An Access List of IP addresses of SNMP managers that are
permitted to use the community string to gain access to the switch’s
SNMP agent.
An MIB view that defines the subset of all MIB objects that will be
accessible to the SNMP community.
Read|write or read-only level permission for the MIB objects
accessible to the SNMP community.
Syntax
create snmp community <community_string 32> view
<view_name 32> [read_only | read_write]
Description
The
command is used to create an SNMP
create snmp community
community string and to assign access-limiting characteristics to this
community string.
Parameters
<community_string 32> − An alphanumeric string of up to 32
characters that is used to identify members of an SNMP community.
This string is used like a password to give remote SNMP managers
access to MIB objects in the switch’s SNMP agent.
<view_name 32> − An alphanumeric string of up to 32 characters
that is used to identify the group of MIB objects that a remote SNMP
manager is allowed to access on the switch.
read_only − Specifies that SNMP community members using the
community string created with this command can only read the
contents of the MIBs on the switch.
read_write − Specifies that SNMP community members using the
community string created with this command can read from and
write to the contents of the MIBs on the switch.
Restrictions
Example usage:
To create the SNMP community string “dlink:”
Only administrator-level users can issue this command.
33
DES-3550:4#create snmp community dlink view ReadView
read_write
Command: create snmp community dlink view ReadView
read_write
Success.
delete snmp community
Purpose
Used to remove a specific SNMP community string from the switch.
Syntax
delete snmp community <community_string 32>
Description
The delete snmp community command is used to remove a
previously defined SNMP community string from the switch.
Parameters
<community_string 32> − An alphanumeric string of up to 32
characters that is used to identify members of an SNMP community.
This string is used like a password to give remote SNMP managers
access to MIB objects in the switch’s SNMP agent.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To delete the SNMP community string “dlink:”
DES-3550:4#delete snmp community dlink
Command: delete snmp community dlink
Success.
DES-3550:4#
show snmp community
Purpose
Used to display SNMP community strings configured on the switch.
Syntax
show snmp community {<community_string 32>}
Description
The show snmp community command is used to display SNMP
community strings that are configured on the switch.
Parameters
Restrictions
<community_string 32> − An alphanumeric string of up to 32
characters that is used to identify members of an SNMP community.
This string is used like a password to give remote SNMP managers
access to MIB objects in the switch’s SNMP agent.
None.
Example usage:
To display the currently entered SNMP community strings:
34
DES-3550:4#show snmp community
Command: show snmp community
SNMP Community Table
Community Name
View Name
Access Right
------------
-------------------------------- --------------------------------
dlink
ReadView
read_write
read_write
read_only
private
public
CommunityView
CommunityView
Total Entries: 3
DES-3550:4#
config snmp engineID
Purpose
Used to configure a name for the SNMP engine on the switch.
Syntax
config snmp engineID <snmp_engineID>
Description
The
command configures a name for the
config snmp engineID
SNMP engine on the switch.
Parameters
Restrictions
<snmp_engineID> − An alphanumeric string that will be used to
identify the SNMP engine on the switch.
Only administrator-level users can issue this command.
Example usage:
To give the SNMP agent on the switch the name “0035636666”
DES-3550:4#config snmp 0035636666
Command: config snmp engineID 0035636666
Success.
DES-3550:4#
show snmp engineID
Purpose
Used to display the identification of the SNMP engine on the switch.
Syntax
show snmp engineID
Description
The show snmp engineID command displays the identification of
the SNMP engine on the switch.
Parameters
None.
35
show snmp engineID
Restrictions
None.
Example usage:
To display the current name of the SNMP engine on the switch:
DES-3550:4#show snmp engineID
Command: show snmp engineID
SNMP Engine ID : 0035636666
DES-3550:4#
create snmp group
Purpose
Used to create a new SNMP group, or a table that maps SNMP users
to SNMP views. This will set then entry in the VACM Access Table
Settings.
Syntax
create snmp group <groupname 32> [v1|v2c|v3 [noauth_nopriv |
auth_nopriv | auth_priv]] {read_view <view_name 32> |
write_view <view_name 32> | notify_view <view_name 32>}
Description
Parameters
The create snmp group command creates a new SNMP group, or a
table that maps SNMP users to SNMP views.
<groupname 32> − An alphanumeric name of up to 32 characters
that will identify the SNMP group the new SNMP user will be
associated with.
v1 – Specifies that SNMP version 1 will be used. The Simple
Network Management Protocol (SNMP), version 1, is a network
management protocol that provides a means to monitor and control
network devices.
v2c – Specifies that SNMP version 2c will be used. The SNMP v2c
supports both centralized and distributed network management
strategies. It includes improvements in the Structure of Management
Information (SMI) and adds some security features.
v3 – Specifies that the SNMP version 3 will be used. SNMP v3
provides secure access to devices through a combination of
authentication and encrypting packets over the network. SNMP v3
adds:
Message integrity − ensures that packets have not been tampered
with during transit.
Authentication − determines if an SNMP message is from a valid
source.
Encryption − scrambles the contents of messages to prevent it being
viewed by an unauthorized source.
noauth_nopriv − Specifies that there will be no authorization and no
encryption of packets sent between the switch and a remote SNMP
36
create snmp group
manager.
auth_nopriv − Specifies that authorization will be required, but there
will be no encryption of packets sent between the switch and a
remote SNMP manager.
auth_priv − Specifies that authorization will be required, and that
packets sent between the switch and a remote SNMP manger will be
encrypted.
read_view – Specifies that the SNMP group being created can
request SNMP messages.
write_view – Specifies that the SNMP group being created has write
privileges.
<view_name 32> − An alphanumeric string of up to 32 characters that
is used to identify the group of MIB objects that a remote SNMP
manager is allowed to access on the switch.
notify_view − Specifies that the SNMP group being created can
receive SNMP trap messages generated by the switch’s SNMP
agent.
Restrictions
Example usage:
To create an SNMP group named “sg1:”
DES-3550:4#create snmp group sg1 v3 noauth_nopriv read_view v1
Only administrator-level users can issue this command.
write_view v1 notify_view v1
Command: create snmp group sg1 v3 noauth_nopriv read_view v1
write_view v1 notify_view v1
Success.
DES-3550:4#
delete snmp group
Purpose
Used to remove an SNMP group from the switch.
Syntax
delete snmp group <groupname 32>
Description
The delete snmp group command is used to remove an SNMP
group from the switch.
Parameters
<groupname 32> − An alphanumeric name of up to 32 characters
that will identify the SNMP group the new SNMP user will be
associated with.
Restrictions
Only administrator-level users can issue this command.
Example usage:
37
To delete the SNMP group named “sg1”.
DES-3550:4#delete snmp group sg1
Command: delete snmp group sg1
Success.
DES-3550:4#
show snmp groups
Purpose
Used to display the group-names of SNMP groups currently
configured on the switch. The security model, level, and status of
each group are also displayed.
Syntax
show snmp groups
Description
The show snmp groups command displays the group-names of
SNMP groups currently configured on the switch. The security
model, level, and status of each group are also displayed.
Parameters
Restrictions
None.
None.
Example usage:
To display the currently configured SNMP groups on the switch:
DES-3550:4#show snmp groups
Command: show snmp groups
Vacm Access
Table Settings
Group Name
: Group3
ReadView Name : ReadView
WriteView Name : WriteView
Notify View Name : NotifyView
Security Model
Security Level
: SNMPv3
: NoAuthNoPriv
Group Name
: Group4
ReadView Name : ReadView
WriteView Name : WriteView
Notify View Name : NotifyView
Security Model
Security Level
: SNMPv3
: authNoPriv
Group Name
: Group5
ReadView Name : ReadView
WriteView Name : WriteView
Notify View Name : NotifyView
Security Model
Security Level
: SNMPv3
: authNoPriv
Group Name
: Group6
ReadView Name : ReadView
38
WriteView Name : WriteView
Notify View Name : NotifyView
Security Model
Security Level
: SNMPv3
: authPriv
Group Name
: Group7
ReadView Name : ReadView
WriteView Name : WriteView
Notify View Name : NotifyView
Security Model
Security Level
: SNMPv3
: authPriv
Group Name
: initial
ReadView Name : restricted
WriteView Name
Notify View Name : restricted
:
Security Model
Security Level
: SNMPv3
: NoAuthNoPriv
Group Name
: ReadGroup
ReadView Name : CommunityView
WriteView Name
Notify View Name : CommunityView
:
Security Model
Security Level
: SNMPv1
: NoAuthNoPriv
Group Name
: ReadGroup
ReadView Name : CommunityView
WriteView Name
Notify View Name : CommunityView
:
Security Model
Security Level
: SNMPv2
: NoAuthNoPriv
Group Name
: WriteGroup
ReadView Name : CommunityView
WriteView Name : CommunityView
Notify View Name : CommunityView
Security Model
Security Level
: SNMPv1
: NoAuthNoPriv
Group Name
: WriteGroup
ReadView Name : CommunityView
WriteView Name : CommunityView
Notify View Name : CommunityView
Security Model
Security Level
: SNMPv2
: NoAuthNoPriv
Total Entries: 10
DES-3550:4#
create snmp host
Purpose
Used to create a recipient of SNMP traps generated by the switch’s
SNMP agent.
Syntax
create snmp host <ipaddr> [v1 | v2c | v3 [noauth_nopriv |
39
create snmp host
auth_nopriv | auth_priv] <auth_string 32>]
Description
Parameters
The create snmp host command creates a recipient of SNMP traps
generated by the switch’s SNMP agent.
<ipaddr> − The IP address of the remote management station that
will serve as the SNMP host for the switch.
v1 – Specifies that SNMP version 1 will be used. The Simple
Network Management Protocol (SNMP), version 1, is a network
management protocol that provides a means to monitor and control
network devices.
v2c – Specifies that SNMP version 2c will be used. The SNMP v2c
supports both centralized and distributed network management
strategies. It includes improvements in the Structure of
Management Information (SMI) and adds some security features.
v3 – Specifies that the SNMP version 3 will be used. SNMP v3
provides secure access to devices through a combination of
authentication and encrypting packets over the network. SNMP v3
adds:
Message integrity − ensures that packets have not been tampered
with during transit.
Authentication − determines if an SNMP message is from a valid
source.
Encryption − scrambles the contents of messages to prevent it being
viewed by an unauthorized source.
noauth_nopriv − Specifies that there will be no authorization and no
encryption of packets sent between the switch and a remote SNMP
manager.
auth_nopriv − Specifies that authorization will be required, but there
will be no encryption of packets sent between the switch and a
remote SNMP manager.
auth_priv − Specifies that authorization will be required, and that
packets sent between the switch and a remote SNMP manger will
be encrypted.
<auth_sting 32> − An alphanumeric string used to authorize a
remote SNMP manager to access the switch’s SNMP agent.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To create an SNMP host to receive SNMP messages:
40
DES-3550:4#create snmp host 10.48.74.100 v3 auth_priv public
Command: create snmp host 10.48.74.100 v3 auth_priv public
Success.
DES-3550:4#
delete snmp host
Purpose
Used to remove a recipient of SNMP traps generated by the switch’s
SNMP agent.
Syntax
delete snmp host <ipaddr>
Description
The delete snmp host command deletes a recipient of SNMP traps
generated by the switch’s SNMP agent.
Parameters
Restrictions
<ipaddr> − The IP address of a remote SNMP manager that will
receive SNMP traps generated by the switch’s SNMP agent.
Only administrator-level users can issue this command.
Example usage:
To delete an SNMP host entry:
DES-3550:4#delete snmp host 10.48.74.100
Command: delete snmp host 10.48.74.100
Success.
DES-3550:4#
show snmp host
Purpose
Used to display the recipient of SNMP traps generated by the
switch’s SNMP agent.
Syntax
show snmp host {<ipaddr>}
Description
The show snmp host command is used to display the IP addresses
and configuration information of remote SNMP managers that are
designated as recipients of SNMP traps that are generated by the
switch’s SNMP agent.
Parameters
Restrictions
<ipaddr> − The IP address of a remote SNMP manager that will
receive SNMP traps generated by the switch’s SNMP agent.
None.
Example usage:
To display the currently configured SNMP hosts on the switch:
41
DES-3550:4#show snmp host
Command: show snmp host
SNMP Host Table
Host IP Address SNMP Version Community Name/SNMPv3
User Name
---------------
10.48.76.23
10.48.74.100
---------------------
V2c
------------------------------
private
V3 authpriv
public
Total Entries: 2
DES-3550:4#
create trusted_host
Purpose
Used to create the trusted host.
Syntax
create trusted_host <ipaddr>
Description
The create trusted_host command creates the trusted host. The
switch allows you to specify up to four IP addresses that are allowed
to manage the switch via in-band SNMP or TELNET based
management software. These IP addresses must be members of
the Management VLAN. If no IP addresses are specified, then there
is nothing to prevent any IP address from accessing the switch,
provided the user knows the Username and Password.
Parameters
Restrictions
<ipaddr> − The IP address of the trusted host.
Only administrator-level users can issue this command.
Example usage:
To create the trusted host:
DES-3550:4#create trusted_host 10.48.74.121
Command: create trusted_host 10.48.74.121
Success.
DES-3550:4#
show trusted_host
Purpose
Used to display a list of trusted hosts entered on the switch using the
create trusted_host command above.
Syntax
show trusted_host <ipaddr>
Description
This command is used to display a list of trusted hosts entered on
42
show trusted_host
the switch using the create trusted_host command above.
Parameters
Restrictions
<ipaddr> − The IP address of the trusted host.
none.
Example Usage:
To display the list of trust hosts:
DES-3550:4#show trusted_host
Command: show trusted_host
Management Stations
IP Address
-----------------------
10.53.13.94
Total Entries: 1
DES-3550:4#
delete trusted_host
Purpose
Used to delete a trusted host entry made using the create
trusted_host command above.
Syntax
delete trusted _host <ipaddr>
Description
This command is used to delete a trusted host entry made using the
create trusted_host command above.
Parameters
Restrictions
<ipaddr> − The IP address of the trusted host.
Only administrator-level users can issue this command.
Example Usage:
To delete a trusted host with an IP address 10.48.74.121:
DES-3550:4#delete trusted_host 10.48.74.121
Command: delete trusted_host 10.48.74.121
Success.
DES-3550:4#
enable snmp traps
Purpose
Used to enable SNMP trap support.
43
enable snmp traps
Syntax
enable snmp traps
Description
The enable snmp traps command is used to enable SNMP trap
support on the switch.
Parameters
Restrictions
none.
Only administrator-level users can issue this command.
Example usage:
To enable SNMP trap support on the switch:
DES-3550:4#enable snmp traps
Command: enable snmp traps
Success.
DES-3550:4#
enable snmp authenticate_traps
Purpose
Used to enable SNMP authentication trap support.
Syntax
enable snmp authenticate_traps
Description
This command is used to enable SNMP authentication trap support
on the Switch.
Parameters
Restrictions
none.
Only administrator-level users can issue this command.
Example Usage:
To turn on SNMP authentication trap support:
DES-3550:4#enable snmp authenticate_traps
Command: enable snmp authenticate_traps
Success.
DES-3550:4#
show snmp traps
Purpose
Used to show SNMP trap support on the switch .
Syntax
show snmp traps
Description
This command is used to view the SNMP trap support status
44
show snmp traps
currently configured on the Switch.
none.
Only administrator-level users can issue this command.
Parameters
Restrictions
Example usage:
To view the current SNMP trap support:
DES-3550:4#show snmp traps
Command: show snmp traps
SNMP Traps
: Enabled
Authenticate Traps : Enabled
DES-3550:4#
disable snmp traps
Purpose
Used to disable SNMP trap support on the switch.
Syntax
disable snmp traps
Description
Parameters
Restrictions
This command is used to disable SNMP trap support on the Switch.
none.
Only administrator-level users can issue this command.
Example Usage:
To prevent SNMP traps from being sent from the Switch:
DES-3550:4#disable snmp traps
Command: disable snmp traps
Success.
DES-3550:4#
disable snmp authenticate_traps
Purpose
Syntax
Used to disable SNMP authentication trap support.
disable snmp authenticate_traps
Description
This command is used to disable SNMP authentication support on
the Switch.
45
disable snmp authenticate_traps
Parameters
Restrictions
none.
Only administrator-level users can issue this command.
Example Usage:
To disable the SNMP authentication trap support:
DES-3550:4#disable snmp authenticate_traps
Command: disable snmp authenticate_traps
Success.
DES-3550:4#
config snmp system_contact
Purpose
Used to enter the name of a contact person who is responsible for
the switch.
Syntax
config snmp system_contact{<sw_contact>}
Description
The config snmp system_contact command is used to enter the
name and/or other information to identify a contact person who is
responsible for the switch. A maximum of 255 character can be
used.
Parameters
Restrictions
<sw_contact> - A maximum of 255 characters is allowed. A NULL
string is accepted if there is no contact.
Only administrator-level users can issue this command.
Example usage:
To configure the switch contact to “MIS Department II”:
DES-3550:4#config snmp system_contact MIS Department II
Command: config snmp system_contact MIS Department II
Success.
DES-3550:4#
config snmp system_location
Purpose
Syntax
Used to enter a description of the location of the switch.
config snmp system_location {<sw_location>}
Description
The config snmp system_location command is used to enter a
description of the location of the switch. A maximum of 255
46
config snmp system_location
characters can be used.
Parameters
Restrictions
<sw_location> - A maximum of 255 characters is allowed. A NULL
string is accepted if there is no location desired.
Only administrator-level users can issue this command.
Example usage:
To configure the switch location for “HQ 5F”:
DES-3550:4#config snmp system_location HQ 5F
Command: config snmp system_location HQ 5F
Success.
DES-3550:4#
config snmp system_name
Purpose
Syntax
Used to configure the name for the switch.
config snmp system_name {<sw_name>}
Description
The config snmp system_name command configures the name of
the switch.
Parameters
Restrictions
<sw_name> - A maximum of 255 characters is allowed. A NULL
string is accepted if no name is desired.
Only administrator-level users can issue this command.
Example usage:
To configure the switch name for “DES-3550 Switch”:
DES-3550:4#config snmp system_name DES-3550 Switch
Command: config snmp system_name DES-3550 Switch
Success.
DES-3550:4#
enable rmon
Purpose
Syntax
Used to enable RMON on the switch.
enable rmon
47
enable rmon
Description
This command is used, in conjunction with the disable rmon
command below, to enable and disable remote monitoring (RMON)
on the switch.
Parameters
Restrictions
none.
Only administrator-level users can issue this command.
Example Usage:
To enable RMON:
DES-3550:4#enable rmon
Command: enable rmon
Success.
DES-3550:4#
disable rmon
Purpose
Used to disable RMON on the switch.
Syntax
disable rmon
Description
This command is used, in conjunction with the enable rmon
command above, to enable and disable remote monitoring (RMON)
on the switch.
Parameters
Restrictions
none.
Only administrator-level users can issue this command.
Example Usage:
To disable RMON:
DES-3550:4#disable rmon
Command: disable rmon
Success.
DES-3550:4#
48
8
SWITCH UTILITY COMMANDS
The download/upload commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
Command
Parameters
download
[ firmware <ipaddr> <path_filename 64> {section_id <int 1-2>}
configuration <ipaddr> <path_filename 64> {increment} ]
config firmware
section_id <value 1-2> [delete | boot_up]
show
firmware_information
upload
ping
[ configuration | log ] <ipaddr> <path_filename 64>
<ipaddr> {times <value 1-255>} {timeout <sec 1-99>}
Each command is listed, in detail, in the following sections.
download
Purpose
Used to download and install new firmware or a switch configuration
file from a TFTP server.
Syntax
download[ firmware <ipaddr> <path_filename 64> {section_id
<int 1-2>} configuration <ipaddr> <path_filename 64>
{increment} ]
Description
Parameters
This command is used to download a new firmware or a switch
configuration file from a TFTP server.
firmware − Download and install new firmware on the switch from a
TFTP server.
configuration − Download a switch configuration file from a TFTP
server.
<ipaddr> − The IP address of the TFTP server.
<path_filename> − The DOS path and filename of the firmware or
switch configuration file on the TFTP server. For example,
C:\3550.had.
section_id <int 1-2> - Specify the working section id. The Switch can
hold two firmware versions for the user to select from, which are
specified by section id.
increment − Allows the download of a partial switch configuration file.
This allows a file to be downloaded that will change only the switch
parameters explicitly stated in the configuration file. All other switch
parameters will remain unchanged.
Restrictions
The TFTP server must be on the same IP subnet as the switch. Only
administrator-level users can issue this command.
Example usage:
49
To download a configuration file:
DES-3550:4#download configuration 10.48.74.121 c:\cfg\setting.txt
Command: download configuration 10.48.74.121 c:\cfg\setting.txt
Connecting to server................... Done.
Download configuration............. Done.
DES-3550:4#
config firmware
Purpose
Used to configure the firmware section as a boot up section, or to
delete the firmware section
Syntax
config firmware section_id <int 1-2> [delete | boot_up]
Description
This command is used to configure the firmware section. The user
may choose to remove the firmware section or use it as a boot up
section.
Parameters
section_id – Specifies the working section. The Switch can hold two
firmware versions for the user to select from, which are specified by
section id.
delete – Entering this parameter will delete the specified firmware
section.
boot_up – Entering this parameter will specify the firmware section id
as a boot up section.
Restrictions
Example usage:
To configure firmware section 1 as a boot up section:
DES-3550:4# config firmware section_id 1 boot_up
Only administrator-level users can issue this command.
Command: config firmware section_id 1 boot_up
Success.
DES-3550:4#
show firmware information
Purpose
Used to display the firmware section information.
Syntax
show firmware information
Description
Parameters
This command is used to display the firmware section information
None.
50
show firmware information
Restrictions
None.
Example usage:
To display the current firmware information on the switch:
DES-3550:4#show firmware information
Command: show firmware information
ID Version Size(B) Update Time
From
User
-- --------
-------
-------------------
------------------
---------------
1 1.00-B00 1360471 00000 days 00:00:00 Serial Port (PROM) Unknown
*2 1.00-B02 2052372 00000 days 00:00:56 10.53.13.94
Anonymous
'*' means boot up section
(T) means firmware update thru TELNET
(S) means firmware update thru SNMP
(W) means firmware update thru WEB
Free space: 3145728 bytes
DES-3550:4#
upload
Purpose
Used to upload the current switch settings or the switch history log to
a TFTP.
Syntax
upload [ configuration | log ] <ipaddr> <path_filename 64>
Description
This command is used to upload either the switch’s current settings
or the switch’s history log to a TFTP server.
Parameters
configuration − Specifies that the switch’s current settings will be
uploaded to the TFTP server.
log − Specifies that the switch history log will be uploaded to the
TFTP server.
<ipaddr> − The IP address of the TFTP server. The TFTP server
must be on the same IP subnet as the switch.
<path_filename> − Specifies the location of the switch configuration
file on the TFTP server. This file will be replaced by the uploaded file
from the switch.
Restrictions
The TFTP server must be on the same IP subnet as the switch.
Only administrator-level users can issue this command.
Example usage:
51
To upload a configuration file:
DES-3550:4#upload configuration 10.48.74.121 c:\cfg\log.txt
Command: upload configuration 10.48.74.121 c:\cfg\log.txt
Connecting to server................... Done.
Upload configuration...................Done.
DES-3550:4#
ping
Purpose
Used to test the connectivity between network devices.
Syntax
ping <ipaddr> {times <value 1-255>} {timeout <sec 1-99>}
Description
Parameters
The ping command sends Internet Control Message Protocol (ICMP)
echo messages to a remote IP address. The remote IP address will
then “echo” or return the message. This is used to confirm
connectivity between the switch and the remote device.
<ipaddr> - Specifies the IP address of the host.
times - The number of individual ICMP echo messages to be sent.
A value of 0 will send an infinite ICMP echo messages. The
maximum value is 255. The default is 0.
timeout - Defines the time-out period while waiting for a response
from the remote device.
A value of 1 to 99 seconds can be specified. The default is 1 second
None.
Restrictions
Example usage:
To ping a device with the IP address 10.48.74.121 four times:
DES-3550:4#ping 10.48.74.121 times 4
Command: ping 10.48.74.121
Reply from 10.48.74.121, time<10ms
Reply from 10.48.74.121, time<10ms
Reply from 10.48.74.121, time<10ms
Reply from 10.48.74.121, time<10ms
Ping statistics for 10.48.74.121
Packets: Sent =4, Received =4, Lost =0
DES-3550:4#
52
9
NETWORK MONITORING COMMANDS
The network monitoring commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in
the following table.
Command
show packet ports
show error ports
show utilitzation
clear counters
clear log
Parameters
<portlist>
<portlist>
[cpu | ports {<portlist>}]
ports <portlist>
show log
index <value_list>
enable syslog
disable syslog
show syslog
create syslog host
<index 1-4> ipaddress <ipaddr> {severity
[informational|warning|all]| facility[local0|local1|local2|local3|
local4|local5|local6|local7] |udp_port<udp_port_number>|
state[enable|disable]
[all | <index 1-4>] {severity [informational | warning |all] |facility
[local0|local1|local2|local3|local4|local5|local6|local7] |udp_port
<udp_port_number> | ipaddress <ipaddr> | state [enable |
disable]}
config syslog host
<index 1-4>
all
delete syslog host
show syslog host
<index 1-4>
Each command is listed, in detail, in the following sections.
show packet ports
Purpose
Used to display statistics about the packets sent
and received by the switch.
Syntax
show packet ports <portlist>
Description
This command is used to display statistics about
packets sent and received by ports specified in
the port list.
Parameters
Restrictions
<portlist> − specifies a port or range of ports to
be displayed.
None.
Example usage:
To display the packets analysis for port 7 of module 2:
53
DES-3550:4#show packet port 2
Port number : 2
Frame Size Frame Counts Frame/sec
Frame Type
----------
Total Total/sec
------- ---------
408973 1657
------------
64
------------
3275
755
----------
10
10
1
RX Bytes
RX Frames
65-127
395
19
128-255
256-511
512-1023
1024-1518
316
145
0
TX Bytes
7918
111
178
2
15
0
TX Frames
0
0
Unicast RX
152
557
1
2
Multicast RX
Broadcast RX 3686
16
DES-3550:4#
show error ports
Purpose
Used to display the error statistics for a range of ports.
Syntax
show error ports <portlist>
Description
This command will display all of the packet error statistics collected
and logged by the switch for a given port list.
Parameters
Restrictions
<portlist> − specifies a port or range of ports to be displayed.
None.
Example usage:
To display the errors of port 3:
DES-3550:4#show errors port 3
RX Frames
TX Frames
---------------
----------------
CRC Error
Undersize
Oversize
Fragment
Jabber
19
Excessive Deferral
CRC Error
0
0
0
0
0
Late Collision
0
Excessive Collision
Single Collision
Collision
0
0
0
11
Drop Pkts
20837
DES-3550:4#
54
show utilization
Purpose
Used to display real-time port and cpu utilization statistics.
Syntax
show utilization [cpu | ports {<portlist>}]
Description
This command will display the real-time port and cpu utilization
statistics for the switch.
Parameters
cpu – Entering this parameter will display the current cpu utilization
of the switch.
ports - Entering this parameter will display the current port
utilization of the switch.
ꢁ
<portlist> Specifies a port or range of ports to be displayed.
Restrictions
None.
Example usage:
To display the port utilization statistics:
DES-3550:4#show utilization ports
Command: show utilization ports
Port TX/sec
RX/sec Util
Port TX/sec RX/sec
Util
------ ---------- ----------
----
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
------ ---------- ---------- ----
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
26
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
CTRL+C ESC q Quit Space n Next Page p Previous Page r Refresh
55
To display the current cpu utilization:
DES-3550:4#show utilization cpu
Command: show utilization cpu
CPU utilization :
-------------------------------------------------------------------------------
Five seconds - 15%
One minute - 25%
Five minutes - 14%
DES-3550:4#
clear counters
Purpose
Used to clear the switch’s statistics counters.
Syntax
clear counters {ports <portlist>}
Description
This command will clear the counters used by the switch to compile
statistics.
Parameters
Restrictions
<portlist> − specifies a port or range of ports to be displayed.
Only administrator-level users can issue this command.
Example usage:
To clear the counters:
DES-3550:4#clear counters ports 2-9
Command: clear counters ports 2-9
Success.
DES-3550:4#
clear log
Purpose
Used to clear the switch’s history log.
clear log
Syntax
Description
Parameters
Restrictions
This command will clear the switch’s history log.
None.
Only administrator-level users can issue this command.
Example usage:
To clear the log information:
56
DES-3550:4#clear log
Command: clear log
Success.
DES-3550:4#
show log
Purpose
Used to display the switch history log.
Syntax
show log {index <value>}
Description
Parameters
This command will display the contents of the switch’s history log.
index <value> − This command will display the history log, beginning
at 1 and ending at the value specified by the user in the <value> field.
If no parameter is specified, all history log entries will be displayed.
None.
Restrictions
Example usage:
To display the switch history log:
DES-3550:4#show log index 5
Command: show log index 5
Index Time
Log Text
----------------------------------------------------
----- -------------------
5
4
3
2
1
00000 days 00:01:09 Successful login through Console (Username: Anonymous)
00000 days 00:00:14 System started up
00000 days 00:00:06 Port 1 link up, 100Mbps FULL duplex
00000 days 00:00:01 Spanning Tree Protocol is disabled
00000 days 00:06:31 Configuration saved to flash (Username: Anonymous)
DES-3550:4#
enable syslog
Purpose
Used to enable the system log to be sent to a remote host.
Syntax
enable syslog
Description
The enable syslog command enables the system log to be sent to a
remote host.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
57
Example usage:
To the syslog function on the switch:
DES-3550:4#enable syslog
Command: enable syslog
Success.
DES-3550:4#
disable syslog
Purpose
Used to enable the system log to be sent to a remote host.
Syntax
disable syslog
Description
The disable syslog command enables the system log to be sent to
a remote host.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To disable the syslog function on the switch:
DES-3550:4#disable syslog
Command: disable syslog
Success.
DES-3550:4#
show syslog
Purpose
Used to display the syslog protocol status as enabled or disabled.
Syntax
show syslog
Description
The show syslog command displays the syslog status as enabled
or disabled.
Parameters
Restrictions
None.
None.
Example usage:
To display the current status of the syslog function:
58
DES-3550:4#show syslog
Command: show syslog
Syslog Global State: Enabled
DES-3550:4#
create syslog host
Purpose
Used to create a new syslog host.
Syntax
create syslog host <index 1-4> ipaddress <ipaddr> {severity
[informational|warning|all]| facility[local0|local1|local2|local3|
local4|local5|local6|local7] |udp_port<udp_port_number>|
state[enable|disable]
Description
Parameters
The
command is used to create a new syslog
create syslog host
host.
<index 1-4> − Specifies that the command will be applied to an index
of hosts. There are four available indexes, numbered 1 through 4.
ipaddress <ipaddr> − Specifies the IP address of the remote host
where syslog messages will be sent.
severity − Severity level indicator. These are described in the
following:
Bold font indicates that the corresponding severity level is currently
supported on the switch.
Numerical
Code
Severity
0
1
2
3
4
5
6
7
Emergency: system is unusable
Alert: action must be taken immediately
Critical: critical conditions
Error: error conditions
Warning: warning conditions
Notice: normal but significant condition
Informational: informational messages
Debug: debug-level messages
informational − Specifies that informational messages will be sent to
the remote host. This corresponds to number 6 from the list above.
warning − Specifies that warning messages will be sent to the
remote host. This corresponds to number 4 from the list above.
all − Specifies that all of the currently supported syslog messages
that are generated by the switch will be sent to the remote host.
59
create syslog host
facility − Some of the operating system daemons and processes
have been assigned Facility values. Processes and daemons that
have not been explicitly assigned a Facility may use any of the"local
use" facilities or they may use the "user-level" Facility. Those
Facilities that have been designated are shown in the following: Bold
font indicates the facility values that the switch currently supports.
Numerical
Code
Facility
0
kernel messages
1
user-level messages
mail system
2
3
system daemons
4
security|authorization messages
messages generated internally by syslog
line printer subsystem
network news subsystem
UUCP subsystem
5
6
7
8
9
clock daemon
10
11
12
13
14
15
16
17
18
19
20
21
22
23
security|authorization messages
FTP daemon
NTP subsystem
log audit
log alert
clock daemon
local use 0 (local0)
local use 1 (local1)
local use 2 (local2)
local use 3 (local3)
local use 4 (local4)
local use 5 (local5)
local use 6 (local6)
local use 7 (local7)
local0 − Specifies that local use 0 messages will be sent to the
60
create syslog host
remote host. This corresponds to number 16 from the list above.
local1 − Specifies that local use 1 messages will be sent to the
remote host. This corresponds to number 17 from the list above.
local2 − Specifies that local use 2 messages will be sent to the
remote host. This corresponds to number 18 from the list above.
local3 − Specifies that local use 3 messages will be sent to the
remote host. This corresponds to number 19 from the list above.
local4 − Specifies that local use 4 messages will be sent to the
remote host. This corresponds to number 20 from the list above.
local5 − Specifies that local use 5 messages will be sent to the
remote host. This corresponds to number 21 from the list above.
local6 − Specifies that local use 6 messages will be sent to the
remote host. This corresponds to number 22 from the list above.
local7 − Specifies that local use 7 messages will be sent to the
remote host. This corresponds to number 23 from the list above.
udp_port <udp_port_number> − Specifies the UDP port number that
the syslog protocol will use to send messages to the remote host.
state [enable | disable] − Allows the sending of syslog messages to
the remote host, specified above, to be enabled and disabled.
Restrictions
Example usage:
To create syslog host:
Only administrator-level users can issue this command.
DES-3550:4#create syslog host 1 severity all facility local0
Command: create syslog host 1 severity all facility local0
Success.
DES-3550:4#
config syslog host
Purpose
Used to configure the syslog protocol to send system log data to a
remote host.
Syntax
config syslog host [all | <index 1-4>] {severity [informational |
warning | all] | facility [local0|local1|local2|local3|
local4|local5|local6|local7] | udp_port<udp_port_number> |
ipaddress <ipaddr> | state [enable | disable]
Description
Parameters
The config syslog host command is used to configure the syslog
protocol to send system log information to a remote host.
all − Specifies that the command will be applied to all hosts.
61
config syslog host
<index 1-4> − Specifies that the command will be applied to an index
of hosts. There are four available indexes, numbered 1 through 4.
severity − Severity level indicator. These are described in the
following:
Bold font indicates that the corresponding severity level is currently
supported on the switch.
Numerical
Code
Severity
0
1
2
3
4
5
6
7
Emergency: system is unusable
Alert: action must be taken immediately
Critical: critical conditions
Error: error conditions
Warning: warning conditions
Notice: normal but significant condition
Informational: informational messages
Debug: debug-level messages
informational − Specifies that informational messages will be sent to
the remote host. This corresponds to number 6 from the list above.
warning − Specifies that warning messages will be sent to the
remote host. This corresponds to number 4 from the list above.
all − Specifies that all of the currently supported syslog messages
that are generated by the switch will be sent to the remote host.
facility − Some of the operating system daemons and processes
have been assigned Facility values. Processes and daemons that
have not been explicitly assigned a Facility may use any of the"local
use" facilities or they may use the "user-level" Facility. Those
Facilities that have been designated are shown in the following: Bold
font indicates that the facility values the switch currently supports.
Numerical
Code
Facility
0
1
2
3
4
5
6
7
8
9
10
kernel messages
user-level messages
mail system
system daemons
security|authorization messages
messages generated internally by syslog
line printer subsystem
network news subsystem
UUCP subsystem
clock daemon
security|authorization messages
62
config syslog host
11
12
13
14
15
16
17
18
19
20
21
22
23
FTP daemon
NTP subsystem
log audit
log alert
clock daemon
local use 0 (local0)
local use 1 (local1)
local use 2 (local2)
local use 3 (local3)
local use 4 (local4)
local use 5 (local5)
local use 6 (local6)
local use 7 (local7)
local0 − Specifies that local use 0 messages will be sent to the
remote host. This corresponds to number 16 from the list above.
local1 − Specifies that local use 1 messages will be sent to the
remote host. This corresponds to number 17 from the list above.
local2 − Specifies that local use 2 messages will be sent to the
remote host. This corresponds to number 18 from the list above.
local3 − Specifies that local use 3 messages will be sent to the
remote host. This corresponds to number 19 from the list above.
local4 − Specifies that local use 4 messages will be sent to the
remote host. This corresponds to number 20 from the list above.
local5 − Specifies that local use 5 messages will be sent to the
remote host. This corresponds to number 21 from the list above.
local6 − Specifies that local use 6 messages will be sent to the
remote host. This corresponds to number 22 from the list above.
local7 − Specifies that local use 7 messages will be sent to the
remote host. This corresponds to number 23 from the list above.
udp_port <udp_port_number> − Specifies the UDP port number that
the syslog protocol will use to send messages to the remote host.
ipaddress <ipaddr> − Specifies the IP address of the remote host
where syslog messages will be sent.
state [enable | disable] − Allows the sending of syslog messages to
the remote host, specified above, to be enabled and disabled.
Restrictions
Example usage:
To configure a syslog host:
Only administrator-level users can issue this command.
63
DES-3550:4#config syslog host 1 severity all facility local0
Command: config syslog host all severity all facility local0
Success.
DES-3550:4#
Example usage:
To configure a syslog host for all hosts:
DES-3550:4#config syslog host all severity all facility local0
Command: config syslog host all severity all facility local0
Success.
DES-3550:4#
delete syslog host
Purpose
Used to remove a syslog host, that has been previously configured,
from the switch.
Syntax
delete syslog host [<index 1-4> | all]
Description
The delete syslog host command is used to remove a syslog host
that has been previously configured from the switch.
Parameters
<index 1-4> − Specifies that the command will be applied to an index
of hosts. There are four available indexes, numbered 1 through 4.
all − Specifies that the command will be applied to all hosts.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To delete a previously configured syslog host:
DES-3550:4#delete syslog host 4
Command: delete syslog host 4
Success.
DES-3550:4#
show syslog host
Purpose
Used to display the syslog hosts currently configured on the switch.
Syntax
show syslog host {<index 1-4>}
Description
The
command is used to display the syslog
show syslog host
hosts that are currently configured on the switch.
64
show syslog host
Parameters
<index 1-4> − Specifies that the command will be applied to an index
of hosts. There are four available indexes, numbered 1 through 4.
Restrictions
None.
Example usage:
To show Syslog host information:
DES-3550:4#show syslog host
Command: show syslog host
Syslog Global State: Disabled
Host Id Host IP Address Severity Facility UDP port Status
-------
---------------
10.1.1.2
-------------- --------
--------
514
--------
Disabled
Disabled
Disabled
1
2
3
All
All
All
Local0
Local0
Local0
10.40.2.3
10.21.13.1
514
514
Total Entries : 3
DES-3550:4#
65
10
SPANNING TREE COMMANDS
The switch supports 802.1d STP and 802.1w Rapid STP. The spanning tree commands in the Command Line Interface (CLI)
are listed (along with the appropriate parameters) in the following table.
Command
Parameters
config stp
{maxage <value 6-40> | hellotime <value 1-10> | forwarddelay
<value 4-30> | priority <value 0-61440> | version [rstp | stp] |
txholdcount <value 1-10> | fbpdu [enable | disable]}
config stp ports
[all | <portlist>] {cost [auto | <value 1-200000000>] | priority <value
0-240>|migrate [yes | no] |edge [true | false]|p2p [true | false | auto]
|state [enable | disable]}
enable stp
disable stp
show stp
show stp ports
<portlist>
Each command is listed, in detail, in the following sections.
config stp
Purpose
Used to setup STP and RSTP on the switch.
Syntax
config stp {maxage <value 6-40> | hellotime <value 1-10> |
forwarddelay <value 4-30> | priority <value 0-61440> |
version[rstp | stp] | txholdcount <value 1-10>| fbpdu [enable |
disable]}
Description
Parameters
This command is used to setup the Spanning Tree Protocol (STP)
for the entire switch.
maxage <value> − The maximum amount of time (in seconds) that
the switch will wait to receive a BPDU packet before reconfiguring
STP. The user may choose a time between 6 and 40 seconds. The
default is 20 seconds.
hellotime <value> − The time interval between transmission of
configuration messages by the root device. The user may choose a
time between 1 and 10 seconds. The default is 2 seconds.
forwarddelay <value> − The maximum amount of time (in seconds)
that the root device will wait before changing states. The user may
choose a time between 4 and 30 seconds. The default is 15
seconds.
priority <value> − A numerical value between 0 and 61440 that is
used in determining the root device, root port, and designated port.
The device with the highest priority becomes the root device. The
lower the numerical value, the higher the priority. The default is
32,768.
version [rstp | stp] - select the Spanning Tree Protocol version used
for the switch.
66
config stp
•
•
stp – Selct this parameter for IEEE 802.1d STP and for
IEEE 802.1w STP compatibility mode.
rstp - Select this paramter for IEEE 802.1w Rapid STP
mode.
txholdcount <1-10> - the maximum number of Hello packets
transmitted per interval. Default value = 3.
fbpdu [enable | disable] − Allows the forwarding of STP BPDU
packets from other network devices when STP is disabled on the
switch. The default is enabled.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure STP with maxage 18 and hellotime 4:
DES-3550:4#config stp maxage 18 hellotime 4
Command: config stp maxage 18 hellotime 4
Success.
DES-3550:4#
config stp ports
Purpose
Used to setup STP on the port level.
Syntax
config stp ports <portlist> {cost [auto | <value 1-200000000>] |
priority <value 0-240> | migrate [yes | no] | edge [true | false] |
p2p [true | false | auto]| state [enable | disable]
Description
Parameters
This command is used to create and configure STP for a group of
ports.
cost<value> − This defines a metric that indicates the relative cost of
forwarding packets to the specified port list. Port cost can be set from
1 to 200000000. The lower the number, the greater the probability the
port will be chosen to forward packets.
Default port cost: 100Mbps port = 200000 Gigabit port = 20000
priority <value> − Port Priority can be from 0 to 240. The lower the
number, the greater the probability the port will be chosen as the Root
Port. Default = 128.
<portlist> − Specifies a port or range of ports to be configured.
migrate [yes | no] – yes will enable the port to migrate from 802.1d
STP status to 802.1w RSTP status. RSTP can coexist with standard
STP, however the benefits of RSTP are not realized on a port where
an 802.1d network connects to an 802.1w enabled network. Migration
should be enabled (yes) on ports connected to network stations or
segments that will be upgraded to 802.1w RSTP onall or some
67
config stp ports
portion of the segment.
edge [true | false] – true designates the port as an edge port. Edge
ports cannot create loops, however an edge port can lose edge port
status if a topology change creates a potential for a loop. An edge
port normally should not receive BPDU packets. If a BPDU packet is
received it automatically loses edge port status. False indicates that
the port does not have edge port status.
p2p [true | false | auto] – true indicates a point-to-point (P2P) shared
link. P2P ports are similar to edge ports however they are restricted in
that a P2P port must operate in full-duplex. Like edge ports, P2P
ports transition to a forwarding state rapidly thus benefiting from
RSTP. A p2p value of false indicates that the port cannot have p2p
status. Auto allows the port to have p2p status whenever possible
and operate as if the p2p status were true. If the port cannot maintain
this status (for example if the port is forced to half-duplex operation)
the p2p status changes to operate as if the p2p value were false.
state [enable | disable] − Allows STP to be enabled or disabled for the
ports specified in the port list. The default is disabled.
Restrictions
Example usage:
Only administrator-level users can issue this command.
To configure STP with path cost 19, priority 16, and state enabled for ports 1-5 of the switch.
DES-3550:4#config stp ports 1-5 cost 19 priority 16 state enabled
Command: config stp ports 1-5 cost 19 priority 16 state enabled
Success.
DES-3550:4#
enable stp
Purpose
Used to globally enable STP on the switch.
Syntax
enable stp
Description
This command allows the Spanning Tree Protocol to be globally
enabled on the switch.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To enable STP, globally, on the switch:
68
DES-3550:4#enable stp
Command: enable stp
Success.
DES-3550:4#
disable stp
Purpose
Used to globally disable STP on the switch.
Syntax
disable stp
Description
This command allows the Spanning Tree Protocol to be globally
disabled on the switch.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To disable STP on the switch:
DES-3550:4#disable stp
Command: disable stp
Success.
DES-3550:4#
show stp
Purpose
Used to display the switch’s current STP configuration.
Syntax
show stp
Description
Parameters
Restrictions
This command displays the switch’s current STP configuration.
none
None.
Example usage:
To display the status of STP on the switch:
Status 1: STP enabled with STP compatible version
69
DES-3550:4#show stp
Command: show stp
Bridge Parameters Settings
STP Status
Max Age
: Enabled
: 20
Hello Time
: 2
Forward Delay : 15
Priority : 32768
STP Version : RSTP
TX Hold Count : 3
Forwarding BPDU : Enabled
Designated Root Bridge : 00-00-51-43-70-00
Root Priority
Cost to Root
Root Port
: 32768
: 200000
: 10
Last Topology Change : 53sec
Topology Changes Count : 1
Protocol Specification : 3
Max Age
: 20
: 2
: 15
: 3
Hello Time
Forward Delay
Hold Time
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
Status 2 : STP disabled
DES-3550:4#show stp
Command: show stp
Bridge Parameters Settings
STP Status
Max Age
: Disabled
: 20
: 2
Hello Time
Forward Delay : 15
Priority : 32768
STP Version : STP compatible
TX Hold Count : 3
Forwarding BPDU : Enabled
DES-3550:4#
show stp ports
Purpose
Used to display the switch’s current per-port group STP
configuration.
Syntax
show stp ports <portlist>
70
show stp ports
Description
This command displays the switch’s current per-port group STP
configuration.
Parameters
Restrictions
<portlist> − Specifies a port or range of ports to be displayed.
None
Example usage:
To display STP state of port 1-9 of module 1:
DES-3550:4#show stp ports
Command: show ports
Port Designated Bridge
------ ------------------
State Cost
Pri Edge P2P Status
--- ----------
Role
---- ---------- ---- ----
----------
1
N/A
Yes *200000
Yes *200000
Yes *200000
Yes *200000
Yes *200000
Yes *200000
Yes *200000
Yes *200000
Yes *200000
128 No Yes Disabled Disabled
128 No Yes Disabled Disabled
128 No Yes Disabled Disabled
128 No Yes Disabled Disabled
128 No Yes Disabled Disabled
128 No Yes Disabled Disabled
128 No Yes Disabled Disabled
128 No Yes Disabled Disabled
2
N/A
3
N/A
4
N/A
5
N/A
6
N/A
7
N/A
8
N/A
9
N/A
128 No Yes Disabled
Disabled
10
11
12
13
14
15
16
17
18
19
20
21
8000/000102030400
Yes *200000 128 No Yes Forwarding Designated
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
Yes *200000
Yes *200000
Yes *200000
Yes *200000
Yes *200000
Yes *200000
Yes *200000
Yes *200000
Yes *200000
Yes *200000
Yes *200000
128 No Yes Disabled
128 No Yes Disabled
128 No Yes Disabled
128 No Yes Disabled
Disabled
Disabled
Disabled
Disabled
128 No Yes Disabled Disabled
128 No Yes Disabled Disabled
128 No Yes Disabled Disabled
128 No Yes Disabled Disabled
128 No Yes Disabled Disabled
128 No Yes Disabled Disabled
128 No Yes Disabled Disabled
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
71
11
FORWARDING DATABASE COMMANDS
The layer 2 forwarding database commands in the Command Line Interface (CLI) are listed (along with the appropriate
parameters) in the following table.
Command
create fdb
Parameters
<vlan_name 32> <macaddr> port <port>
create multicast_fdb
config multicast_fdb
config fdb aging_time
delete fdb
<vlan_name 32> <macaddr>
<vlan_name 32> <macaddr> [add | delete] <portlist>
<sec 10-1000000>
<vlan_name 32> <macaddr>
clear fdb
[vlan <vlan_name 32> | port <port> | all]
{vlan <vlan_name 32> | mac_address <macaddr>}
show multicast_fdb
show fdb
{port <port> | vlan <vlan_name 32> | mac_address
<macaddr> | static | aging_time}
config multicast
[<portlist> | all] [forward_all_groups |
port_filtering_mode
forward_unregistered_groups | filter_unregistered_groups]
show multicast
{<portlist>}
port_filtering_mode
Each command is listed, in detail, in the following sections.
create fdb
Purpose
Used to create a static entry to the unicast MAC address forwarding
table (database)
Syntax
create fdb <vlan_name 32> <macaddr> port <port>
Description
This command will make an entry into the switch’s unicast MAC
address forwarding database.
Parameters
<vlan_name 32> − The name of the VLAN on which the MAC
address resides.
<macaddr> − The MAC address that will be added to the forwarding
table.
<port> − The port number corresponding to the MAC destination
address. The switch will always forward traffic to the specified device
through this port.
Restrictions
Example usage:
To create a unicast MAC FDB entry:
Only administrator-level users can issue this command.
72
DES-3550:4#create fdb default 00-00-00-00-01-02 port 5
Command: create fdb default 00-00-00-00-01-02 port 5
Success.
DES-3550:4#
create multicast_fdb
Purpose
Used to create a static entry to the multicast MAC address
forwarding table (database)
Syntax
create multicast_fdb <vlan_name 32> <macaddr>
Description
This command will make an entry into the switch’s multicast MAC
address forwarding database.
Parameters
<vlan_name 32> − The name of the VLAN on which the MAC
address resides.
<macaddr> − The MAC address that will be added to the forwarding
table.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To create multicast MAC forwarding:
DES-3550:4#create multicast_fdb default 01-00-00-00-00-01
Command: create multicast_fdb default 01-00-00-00-00-01
Success.
DES-3550:4#
config multicast_fdb
Purpose
Used to configure the switch’s multicast MAC address forwarding
database.
Syntax
config multicast_fdb <vlan_name 32> <macaddr> [add | delete]
<portlist>
Description
Parameters
This command configures the multicast MAC address forwarding
table.
<vlan_name 32> − The name of the VLAN on which the MAC
address resides.
<macaddr> − The MAC address that will be added to the multicast
forwarding table.
[add | delete] − Add will add ports to the forwarding table. Delete will
remove ports from the multicast forwarding table.
73
config multicast_fdb
<portlist> − Specifies a range of ports to be configured.
Restrictions
Example usage:
To add multicast MAC forwarding:
DES-3550:4#config multicast_fdb default 01-00-00-00-00-01 add
Only administrator-level users can issue this command.
1-5
Command: config multicast_fdb default 01-00-00-00-00-01 add 1-
1-5
Success.
DES-3550:4#
config fdb aging_time
Purpose
Used to set the aging time of the forwarding database.
Syntax
config fdb aging_time <sec 10-1000000>
Description
The aging time affects the learning process of the switch. Dynamic
forwarding table entries, which are made up of the source MAC
addresses and their associated port numbers, are deleted from the
table if they are not accessed within the aging time. The aging time
can be from 10 to 1000000 seconds with a default value of 300
seconds. A very long aging time can result in dynamic forwarding
table entries that are out-of-date or no longer exist. This may cause
incorrect packet forwarding decisions by the switch. If the aging time
is too short however, many entries may be aged out too soon. This
will result in a high percentage of received packets whose source
addresses cannot be found in the forwarding table, in which case the
switch will broadcast the packet to all ports, negating many of the
benefits of having a switch.
Parameters
Restrictions
<sec> − The aging time for the MAC address forwarding database
value. The value in seconds may be between 10 and 1000000
seconds.
Only administrator-level users can issue this command.
Example usage:
To set the fdb aging time:
DES-3550:4#config fdb aging_time 300
Command: config fdb aging_time 300
Success.
DES-3550:4#
74
delete fdb
Purpose
Used to delete an entry to the switch’s forwarding database.
Syntax
delete fdb <vlan_name 32> <macaddr>
Description
This command is used to delete a previous entry to the switch’s
MAC address forwarding database.
Parameters
<vlan_name 32> − The name of the VLAN on which the MAC
address resides.
<macaddr> − The MAC address that will be added to the forwarding
table.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To delete a permanent FDB entry:
DES-3550:4#delete fdb default 00-00-00-00-01-02
Command: delete fdb default 00-00-00-00-01-02
Success.
DES-3550:4#
Example usage:
To delete a multicast fdb entry:
DES-3550:4#delete fdb default 01-00-00-00-01-02
Command: delete fdb default 01-00-00-00-01-02
Success.
DES-3550:4#
clear fdb
Purpose
Used to clear the switch’s forwarding database of all dynamically
learned MAC addresses.
Syntax
clear fdb [vlan <vlan_name 32> | port <port> | all]
Description
This command is used to clear dynamically learned entries to the
switch’s forwarding database.
Parameters
<vlan_name 32> − The name of the VLAN on which the MAC
address resides.
<port> − The port number corresponding to the MAC destination
address. The switch will always forward traffic to the specified device
75
clear fdb
through this port.
all − Clears all dynamic entries to the switch’s forwarding database.
Only administrator-level users can issue this command.
Restrictions
Example usage:
To clear all FDB dynamic entries:
DES-3550:4#clear fdb all
Command: clear fdb all
Success.
DES-3550:4#
show multicast_fdb
Purpose
Used to display the contents of the switch’s multicast forwarding
database.
Syntax
show mulitcast_fdb [vlan <vlan_name 32> | mac_address
<macaddr>]
Description
Parameters
This command is used to display the current contents of the switch’s
multicast MAC address forwarding database.
<vlan_name 32> − The name of the VLAN on which the MAC address
resides.
<macaddr> − The MAC address that is present in the forwarding
database table.
Restrictions
None.
Example usage:
To display multicast MAC address table:
DES-3550:4#show multicast_fdb vlan default
Command: show multicast_fdb vlan default
VLAN Name
: default
MAC Address : 01-00-5E-00-00-00
Egress Ports : 1-5
Mode
: Static
Total Entries
DES-3550:4#
: 1
76
show fdb
Purpose
Used to display the current unicast MAC address forwarding
database.
Syntax
show fdb {port <port> | vlan <vlan_name 32> | mac_address
<macaddr> | static | aging_time}
Description
Parameters
This command will display the current contents of the switch’s
forwarding database.
<port> − The port number corresponding to the MAC destination
address. The switch will always forward traffic to the specified device
through this port.
<vlan_name 32> − The name of the VLAN on which the MAC
address resides.
<macaddr> − The MAC address that is present in the forwarding
database table.
static − Displays the static MAC address entries.
aging_time − Displays the aging time for the MAC address forwarding
database.
Restrictions
None.
Example usage:
To display unicast MAC address table:
DES-3550:4#show fdb
Command: show fdb
Unicast MAC Address Aging Time = 300
VID VLAN Name
---- ----------------
MAC Address
Port
------
10
Type
-----------------
----------------
Dynamic
Dynamic
Dynamic
Dynamic
Dynamic
Dynamic
Dynamic
Dynamic
Dynamic
Dynamic
Dynamic
Dynamic
Dynamic
Self
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
default
default
default
default
default
default
default
default
default
default
default
default
default
default
default
default
default
default
00-00-39-34-66-9A
00-00-51-43-70-00
00-00-5E-00-01-01
00-00-74-60-72-2D
00-00-81-05-00-80
00-00-81-05-02-00
00-00-81-48-70-01
00-00-E2-4F-57-03
00-00-E2-61-53-18
00-00-E2-6B-BC-F6
00-00-E2-7F-6B-53
00-00-E2-82-7D-90
00-00-F8-7C-1C-29
00-01-02-03-04-00
00-01-02-03-04-05
00-01-30-10-2C-C7
00-01-30-FA-5F-00
00-02-3F-63-DD-68
10
10
10
10
10
10
10
10
10
10
10
10
CPU
10
10
10
10
Dynamic
Dynamic
Dynamic
Dynamic
CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All
77
config multicast port_filtering_mode
Purpose
Used to configure the multicast packet filtering mode on a port per
port basis.
Syntax
config multicast port_filtering_mode [<portlist> | all]
[forward_all_groups | forward_unregistered_groups |
filter_unregistered_groups]
Description
Parameters
This command will configure the multicast packet filtering mode for
specified ports on the switch.
<portlist> Specifies a port or range of ports to view.
[forward_all_groups | forward_unregistered_groups |
filter_unregistered_groups] – The user may set the filtering mode to
any of these three options
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure the multicast filtering mode to forward all groups on ports 1 through 4.
DES-3550:4#config multicast port_filtering_mode 1-4
forward_all_groups
Command: config multicast port_filtering_mode 1-4
forward_all_groups
Success.
DES-3550:4#
show multicast port_filtering_mode
Purpose
Used to show the multicast packet filtering mode on a port per port
basis.
Syntax
show multicast port_filtering_mode {<portlist>}
Description
This command will display the current multicast packet filtering mode
for specified ports on the switch.
Parameters
Restrictions
<portlist> Specifies a port or range of ports to view.
None.
Example usage:
To view the multicast port filtering mode for all ports:
78
DES-3550:4#show multicast port_filtering_mode
Command: show multicast port_filtering_mode
Port
------
1
Multicast Filter Mode
---------------------------
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
forward_unregistered_groups
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
79
12
BROADCAST STORM CONTROL COMMANDS
The broadcast storm control commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters)
in the following table.
Command
Parameters
config traffic control [<storm_grouplist 1-8> | all ] { broadcast [enabled | disabled] |
multicast [enabled | disabled] | dlf [enabled | disabled] | threshold
<value 0-255> }
show traffic control
group_list <storm_grouplist>
Each command is listed, in detail, in the following sections.
config traffic control
Purpose
Used to configure broadcast/multicast traffic control.
Syntax
config traffic control [<storm_grouplist 1-8> | all] broadcast
[enable | disable] | multicast [enable | disable] | dlf [enable |
disable] | threshold <value 0-255>
Description
Parameters
This command is used to configure broadcast storm control.
<storm_grouplist> − Used to specify a broadcast storm control
group. This is specified by entering the syntax unit_id.
all − Specifies all broadcast storm control groups on the switch.
broadcast [enable | disable] − Enables or disables broadcast storm
control.
multicast [enable | disable] − Enables or disables multicast storm
control.
dlf [enable | disable] − Enables or disables dlf traffic control.
threshold <value> − The upper threshold at which the specified
traffic control is switched on. The <value> is the number of
broadcast/multicast/dlf packets, in Kbps, received by the switch that
will trigger the storm traffic control measures.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure traffic control and enable broadcast storm control system wide:
DES-3550:4#config traffic control all broadcast enabled
Command: config traffic control all broadcast enabled
Success.
DES-3550:4#
80
show traffic control
Purpose
Used to display current traffic control settings.
Syntax
show traffic control {group_list <storm_grouplist>}
Description
This command displays the current storm traffic control configuration
on the switch.
Parameters
Restrictions
group_list <storm_grouplist> − Used to specify a broadcast storm
control group. This is specified by entering the syntax unit_id.
None.
Example usage:
To display traffic control setting:
DES-3550:4#show traffic control
Command: show traffic control
Traffic Control
Broadcast Multicast
Destination
Module Group [ports] Threshold
Fail
Storm
Storm
Lookup
------
1
-------------
1 [1-8]
---------
128
128
128
128
128
128
128
128
---------
---------
--------
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
1
2 [9-16]
3 [17-24]
4 [25-32]
5 [33-40]
6 [41-48]
7 [49]
1
1
1
1
1
1
8 [50]
Total Entries: 8
DES-3550:4#
81
13
QOS COMMANDS
The DES-3550 switch supports 802.1p priority queuing. The switch has 4 priority queues. These priority queues are numbered
from 3 (Class 3) — the highest priority queue — to 0 (Class 0) — the lowest priority queue. The eight priority tags specified in
IEEE 802.1p (p0 to p7) are mapped to the switch’s priority queues as follows:
•
•
•
•
•
•
•
•
Priority 0 is assigned to the Switch’s Q1 queue.
Priority 1 is assigned to the Switch’s Q0 queue.
Priority 2 is assigned to the Switch’s Q0 queue.
Priority 3 is assigned to the Switch’s Q1 queue.
Priority 4 is assigned to the Switch’s Q2 queue.
Priority 5 is assigned to the Switch’s Q2 queue.
Priority 6 is assigned to the Switch’s Q3 queue.
Priority 7 is assigned to the Switch’s Q3 queue.
Priority scheduling is implemented by the priority queues stated above. The switch will empty the four hardware priority queues
in order, beginning with the highest priority queue, 4, to the lowest priority queue, 0. Each hardware queue will transmit all of
the packets in its buffer before permitting the next lower priority to transmit its packets. When the lowest hardware priority
queue has finished transmitting all of its packets, the highest hardware priority queue will begin transmitting any packets it may
have received.
The commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table.
Command
Parameters
config
bandwidth_control
[<portlist>] {rx_rate [no_limit | <value 1-1000>] | tx_rate
[no_limit<value 1-1000>]}
show bandwidth_control <portlist>
config scheduling
<class_id 0-3> {max_packet <value 0-255> | max_latency
<value 0-255>}
show scheduling
config 802.1p
user_priority
<priority 0-7>
<class_id 0-3>
show 802.1p
user_priority
config 802.1p
default_priority
[<portlist> |all ] <priority 0-7>
<portlist>
show 802.1p
default_priority
Each command is listed, in detail, in the following sections.
config bandwidth_control
Purpose
Used to configure bandwidth control on a by-port basis.
Syntax
config bandwidth_control [<portlist>] {rx_rate [no_limit | <value
1-1000>] | tx_rate [no_limit <value 1-1000>]}
Description
The config bandwidth_control command is used to configure
82
config bandwidth_control
bandwidth on a by-port basis.
Parameters
<portlist> − Specifies a port or range of ports to be configured.
rx_rate − Specifies that one of the parameters below (no_limit or
) will be applied to the rate at which the above
<value 1-1000>
specified ports will be allowed to receive packets
ꢁ
ꢁ
no_limit − Specifies that there will be no limit on the rate of
packets received by the above specified ports.
<value 1-1000> − Specifies the packet limit, in Mbps, that
the above ports will be allowed to receive.
tx_rate − Specifies that one of the parameters below (
no_limit
or
<value 1-1000>) will be applied to the rate at which the above
specified ports will be allowed to transmit packets.
ꢁ
ꢁ
no_limit − Specifies that there will be no limit on the rate of
packets received by the above specified ports.
<value 1-1000> − Specifies the packet limit, in Mbps, that
the above ports will be allowed to receive.
The transfer(tx) and receive(rx) rate of packets for Gigabit ports
must be configured in a multiple of 8 Mbits. (8, 16, 24…)
Restrictions
Example usage:
To configure bandwidth control:
DES-3550:4#config bandwidth_control 1-10 tx_rate 10
Only administrator-level users can issue this command.
Command: config bandwidth_control 1-10 tx_rate 10
Success.
DES-3550:4#
show bandwidth_control
Purpose
Used to display the bandwidth control table.
Syntax
show bandwidth_control {<portlist>}
Description
The show bandwidth_control command displays the current
bandwidth control configuration on the switch, on a port-by-port
basis.
Parameters
Restrictions
<portlist> − Specifies a port or range of ports to be viewed.
None.
Example usage:
83
To display bandwidth control settings:
DES-3550:4#show bandwidth_control 1-10
Command: show bandwidth_control 1-10
Bandwidth Control Table
Port RX Rate (Mbit/sec) TX_RATE (Mbit/sec)
---- ------------------------ ----------------------
1:1
1:2
1:3
1:4
1:5
1:6
1:7
1:8
1:9
1:10
no_limit
no_limit
no_limit
no_limit
no_limit
no_limit
no_limit
no_limit
no_limit
no_limit
10
10
10
10
10
10
10
10
10
10
DES-3550:4#
config scheduling
Purpose
Used to configure the traffic scheduling mechanism for each COS
queue.
Syntax
config scheduling <class_id 0-3> [max_packet <value 0-
255>|max_latency <value 0-255>]
Description
The switch contains 4 hardware priority queues. Incoming packets
must be mapped to one of these four queues. This command is
used to specify the rotation by which these four hardware priority
queues are emptied.
The switch’s default (if the config scheduling command is not used,
or if the config scheduling command is entered with both max_packet
and max_latency parameters are set to 0) is to empty the 4 hardware
priority queues in order − from the highest priority queue (hardware
queue 3) to the lowest priority queue (hardware queue 0). Each
hardware queue will transmit all of the packets in its buffer before
allowing the next lower priority queue to transmit its packets. When
the lowest hardware priority queue has finished transmitting all of its
packets, the highest hardware priority queue can again transmit any
packets it may have received.
The max_packets parameter allows you to specify the maximum
number of packets a given hardware priority queue can transmit
before allowing the next lowest hardware priority queue to begin
transmitting its packets. A value between 0 and 255 can be specified.
For example, if a value of 3 is specified, then the highest hardware
priority queue (number 3) will be allowed to transmit 3 packets − then
the next lowest hardware priority queue (number 2) will be allowed to
transmit 3 packets, and so on, until all of the queues have
84
config scheduling
transmitted 3 packets. The process will then repeat.
The max_latency parameter allows you to specify the maximum
amount of time that packets are delayed before being transmitted to
a given hardware priority queue. A value between 0 and 255 can be
specified. This number is then multiplied by 16 ms to determine the
maximum latency. For example, if 3 is specified, the maximum
latency allowed will be 3 X 16 = 48 ms.
When the specified hardware priority queue has been waiting to
transmit packets for this amount of time, the current queue will finish
transmitting its current packet, and then allow the hardware priority
queue whose max_latency timer has expired to begin transmitting
packets.
Parameters
<class_id 0-3> − This specifies which of the four hardware priority
queues the config scheduling command will apply to. The four
hardware priority queues are identified by number − from 0 to 3 −
with the 0 queue being the lowest priority.
max_packet <value 0-255> − Specifies the maximum number of
packets the above specified hardware priority queue will be allowed
to transmit before allowing the next lowest priority queue to transmit
its packets. A value between 0 and 255 can be specified.
max_latency <value 0-255> − Specifies the maximum amount of time
the above specified hardware priority queue will be allowed to
transmit packets before allowing the next lowest hardware priority
queue to begin transmitting its packets. A value between 0 and 255
can be specified − with this value multiplied by 16 ms to arrive at the
total allowed time for the queue to transmit packets. For example, a
value of 3 specifies 3 X 16 = 48 ms. The queue will continue
transmitting the last packet until it is finished when the max_latency
timer expires.
Restrictions
Example usage:
To configure the traffic scheduling mechanism for each queue:
DES-3550:4# config scheduling 0 max_packet 100
Only administrator-level users can issue this command.
max_latency 150
Command: config scheduling 0 max_packet 100
max_latency 150
Success.
DES-3550:4#
show scheduling
Purpose
Used to display the currently configured traffic scheduling on the
switch.
Syntax
show scheduling
Description
The show scheduling command will display the current traffic
scheduling mechanisms in use on the switch.
85
show scheduling
Parameters
None.
Restrictions
None.
Example usage:
To display the current scheduling configuration:
DES-3550:4# show scheduling
Command: show scheduling
QOS Output Scheduling
Class ID MAX. Packets MAX. Latency
------------ ------------------- --------------------
Class-0
Class-1
Class-2
Class-3
100
99
150
100
101
201
91
21
DES-3550:4#
config 802.1p user_priority
Purpose
Used to map the 802.1p user priority of an incoming packet to one of
the four hardware queues available on the switch.
Syntax
config 802.1p user_priority <priority 0-7> <class_id 0-3>
Description
This command allows you to configure the way the switch will map
an incoming packet, based on its 802.1p user priority, to one of the
four available hardware priority queues on the switch.
The switch’s default is to map the following incoming 802.1p user
priority values to the four hardware priority queues:
802.1p
Hardware Queue
Remark
Mid-low
Lowest
0
1
2
3
4
5
6
7
1
0
0
1
2
2
3
3
Lowest
Mid-low
Mid-high
Mid-high
Highest
Highest.
This mapping scheme is based upon recommendations contained in
IEEE 802.1D.
You can change this mapping by specifying the 802.1p user priority
you want to go to the <class_id 0-3> (the number of the hardware
86
config 802.1p user_priority
queue).
<priority 0-7> − The 802.1p user priority you want to associate with
the <class_id 0-3> (the number of the hardware queue) with.
<class_id 0-3> − The number of the switch’s hardware priority queue.
The switch has four hardware priority queues available. They are
numbered between 0 (the lowest priority) and 3 (the highest priority).
Restrictions
Example usage:
To configure 802.1 user priority on the switch:
DES-3550:4# config 802.1p user_priority 1 3
Only administrator-level users can issue this command.
Command: config 802.1p user_priority 1 3
Success.
DES-3550:4#
show 802.1p user_priority
Purpose
Used to display the current mapping between an incoming packet’s
802.1p priority value and one of the switch’s four hardware priority
queues.
Syntax
show 802.1p user_priority
Description
The show 802.1p user_priority command displays the current
mapping of an incoming packet’s 802.1p priority value to one of the
switch’s four hardware priority queues.
Parameters
Restrictions
None.
None.
Example usage:
To show 802.1p user priority:
DES-3550:4# show 802.1p user_priority
Command: show 802.1p user_priority
QOS Class of Traffic
Priority-0 -> <Class-1>
Priority-1 -> <Class-0>
Priority-2 -> <Class-0>
Priority-3 -> <Class-1>
Priority-4 -> <Class-2>
Priority-5 -> <Class-2>
Priority-6 -> <Class-3>
Priority-7 -> <Class-3>
DES-3550:4#
87
config 802.1p default_priority
Purpose
Used to configure the 802.1p default priority settings on the switch.
If an untagged packet is received by the switch, the priority
configured with this command will be written to the packet’s priority
field.
Syntax
config 802.1p default_priority [<portlist> | all] <priority 0-7>
Description
This command allows you to specify default priority handling of
untagged packets received by the switch. The priority value entered
with this command will be used to determine which of the four
hardware priority queues the packet is forwarded to.
Parameters
<portlist> − Specifies a port or range of ports to be configured.
all − Specifies that the command applies to all ports on the switch.
<priority 0-7> − The priority value you want to assign to untagged
packets received by the switch or a range of ports on the switch.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure 802.1p default priority on the switch:
DES-3550:4#config 802.1p default_priority all 5
Command: config 802.1p default_priority all 5
Success.
DES-3550:4#
show 802.1 default_priority
Purpose
Used to display the currently configured 802.1p priority value that will
be assigned to an incoming, untagged packet before being
forwarded to its destination.
Syntax
show 802.1p default_priority {<portlist>}
Description
The show 802.1p default_priority command displays the currently
configured 802.1p priority value that will be assigned to an incoming,
untagged packet before being forwarded to its destination.
Parameters
Restrictions
<portlist> − Specifies a port or range of ports to be configured.
None.
Example usage:
To display the current 802.1p default priority configuration on the switch:
88
DES-3550:4# show 802.1p default_priority
Command: show 802.1p default_priority
Port Priority
------- -----------
1
2
3
4
5
6
7
8
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
9
10
11
12
13
14
15
16
17
18
19
20
CTRL+C ESC q Quit Space n Next Page Enter Next Entry a All
89
14
PORT MIRRORING COMMANDS
The port mirroring commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
Command
config mirror port
enable mirror
disable mirror
show mirror
Parameters
<port> [add | delete] source ports <portlist> [rx | tx | both]
Each command is listed, in detail, in the following sections.
config mirror port
Purpose
Used to configure a mirror port − source port pair on the switch.
Traffic from any source port to a target port can be mirrored for real-
time analysis. A logic analyzer or an RMON proble can then be
attached to study the traffic crossing the source port in a completely
obtrusive manner.
Syntax
config mirror port <port> add source ports <portlist> [rx | tx |
both]
Description
This command allows a range of ports to have all of their traffic also
sent to a designated port, where a network sniffer or other device
can monitor the network traffic. In addition, you can specify that only
traffic received by or sent by one or both is mirrored to the Target
port.
Parameters
<port> − This specifies the Target port (the port where mirrored
packets will be received). The target port must be configured in the
same VLAN and must be operationg at the same speed a s the
source port. If the target port is operating at a lower speed, the
source port will be forced to drop its operating speed to match that of
the target port.
source ports – The port or ports being mirrored. This cannot include
the Target port.
<portlist> − This specifies a range of ports that will be mirrored. That
is, the range of ports in which all traffic will be copied and sent to the
Target port.
rx − Allows the mirroring of only packets received by (flowing into) the
port or ports in the port list.
tx − Allows the mirroring of only packets sent to (flowing out of) the
port or ports in the port list.
both − Mirrors all the packets received or sent by the port or ports in
the port list.
Restrictions
The Target port cannot be listed as a source port. Only administrator-
90
config mirror port
level users can issue this command.
Example usage:
To add the mirroring ports:
DES-3550:4# config mirror port 1 add source ports 2-7 both
Command: config mirror port 1 add source ports 2-7 both
Success.
DES-3550:4#
config mirror delete
Purpose
Used to delete a port mirroring configuration|
Syntax
config mirror port <port> delete source port <portlist> [rx | tx |
both]
Description
Parameters
This command is used to delete a previously entered port mirroring
configuration.
<port> − This specifies the Target port (the port where mirrored
packets will be received).
<portlist> − This specifies a range of ports that will be mirrored. That
is, the range of ports in which all traffic will be copied and sent to the
Target port.
rx − Allows the mirroring of only packets received by (flowing into)
the port or ports in the port list.
tx − Allows the mirroring of only packets sent to (flowing out of) the
port or ports in the port list.
both − Mirrors all the packets received or sent by the port or ports in
the port list.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To delete the mirroring ports:
DES-3550:4#config mirror port 1 delete source port 2-4
Command: config mirror 1 delete source 2-4
Success.
DES-3550:4#
91
enable mirror
Purpose
Used to enable a previously entered port mirroring configuration.
Syntax
enable mirror
Description
This command, combined with the disable mirror command below,
allows you to enter a port mirroring configuration into the switch, and
then turn the port mirroring on and off without having to modify the
port mirroring configuration.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To enable mirroring configurations:
DES-3550:4#enable mirror
Command: enable mirror
Success.
DES-3550:4#
disable mirror
Purpose
Used to disable a previously entered port mirroring configuration.
Syntax
disable mirror
Description
This command, combined with the enable mirror command above,
allows you to enter a port mirroring configuration into the switch, and
then turn the port mirroring on and off without having to modify the
port mirroring configuration.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To disable mirroring configurations:
DES-3550:4#disable mirror
Command: disable mirror
Success.
DES-3550:4#
92
show mirror
Purpose
Used to show the current port mirroring configuration on the switch.
Syntax
show mirror
Description
This command displays the current port mirroring configuration on
the switch.
Parameters
Restrictions
None
None.
Example usage:
To display mirroring configuration:
DES-3550:4#show mirror
Command: show mirror
Current Settings
Mirror Status: Enabled
Target Port: 1
Mirrored Port:
RX:
TX: 5-7
DES-3550:4#
93
15
VLAN COMMANDS
The VLAN commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following
table.
Command
Parameters
create vlan
<vlan_name 32> {tag <vlanid 1-4094> |
advertisement}
delete vlan
config vlan
<vlan_name 32>
<vlan_name 32> {[add [tagged | untagged | forbidden] | delete]
<portlist> | advertisement [enable | disable]}
config gvrp
[<portlist> | all] {state [enable | disable] | ingress_checking [enable
| disable] | acceptable_frame [tagged_only | admit_all] | pvid
<vlanid 1-4094>}
enable gvrp
disable gvrp
show vlan
<vlan_name 32>
<portlist>
show gvrp
Each command is listed, in detail, in the following sections.
create vlan
Purpose
Used to create a VLAN on the switch.
Syntax
create vlan <vlan_name 32> {tag <vlanid 1-4094> |
advertisement}
Description
Parameters
This command allows you to create a VLAN on the switch.
<vlan_name 32> − The name of the VLAN to be created.
<vlanid> − The VLAN ID of the VLAN to be created. Allowed values
= 1-4094
advertisement − Specifies that the VLAN is able to join GVRP. If
this parameter is not set, the VLAN cannot be configured to have
forbidden ports.
Restrictions
Each VLAN name can be up to 32 characters. If the VLAN is not
given a tag, it will be a port-based VLAN. Only administrator-level
users can issue this command.
Example usage:
To create a VLAN v1, tag 2:
94
DES-3550:4#create vlan v1 tag 2
Command: create vlan v1 tag 2
Success.
DES-3550:4#
delete vlan
Purpose
Used to delete a previously configured VLAN on the switch.
Syntax
delete vlan <vlan_name 32>
Description
This command will delete a previously configured VLAN on the
switch.
Parameters
Restrictions
<vlan_name 32> − The VLAN name of the VLAN you want to delete.
Only administrator-level users can issue this command.
Example usage:
To remove the vlan “v1”:
DES-3550:4#delete vlan v1
Command: delete vlan v1
Success.
DES-3550:4#
config vlan
Purpose
Used to add additional ports to a previously configured VLAN.
Syntax
config vlan <vlan_name 32> { [ add [ tagged | untagged |
forbidden ] | delete ] <portlist> | advertisement [ enable |
disable]}
Description
This command allows you to add ports to the port list of a previously
configured VLAN. You can specify the additional ports as tagging,
untagging, or forbidden. The default is to assign the ports as
untagging.
Parameters
<vlan_name 32> − The name of the VLAN you want to add ports to.
add − Specifies all of the ports on the switch.
tagged − Specifies the additional ports as tagged.
untagged − Specifies the additional ports as untagged.
forbidden − Specifies the additional ports as forbidden.
95
config vlan
delete − Deletes the above specified VLAN from the switch.
<portlist> − A port or range of ports to add to the VLAN.
advertisement [enable|disable] − Enables or disables GVRP on the
specified VLAN.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To add 4 through 8 as tagged ports to the VLAN v1:
DES-3550:4#config vlan v1 add tagged 4-8
Command: config vlan v1 add tagged 4-8
Success.
DES-3550:4#
config gvrp
Purpose
Used to configure GVRP on the switch.
Syntax
config gvrp [<portlist> | all] {state [enable | disable] |
ingress_checking [enable | disable] | acceptable_frame
[tagged_only | admit_all] | pvid <vlanid 1-4094>}
Description
Parameters
This command is used to configure the Group VLAN Registration
Protocol on the switch. You can configure ingress checking, the
sending and receiving of GVRP information, and the Port VLAN ID
(PVID).
<portlist> − A port or range of ports for which you want ingress
checking.
all − Specifies all of the ports on the switch.
state [enable | disable] − Enables or disables GVRP for the ports
specified in the port list.
ingress_checking [enable | disable] − Enables or disables ingress
checking for the specified port list.
acceptable_frame [tagged_only | admit_all] – This parameter states
the frame type that will be accepted by the switch for this function.
Tagged_only implies that only VLAN tagged frames will be accepted,
while admit_all implies tagged and untagged frames will be accepted
byt the switch.
pvid – Specifies the default VLAN associated with the port.
Only administrator-level users can issue this command.
Restrictions
Example usage:
96
To set the ingress checking status, the sending and receiving GVRP information :
DES-3550:4#config gvrp 1-4 state enable ingress_checking enable
acceptable_frame tagged_only pvid 2
Command: config gvrp 1-4 state enable ingress_checking enable
acceptable_frame tagged_only pvid 2
Success.
DES-3550:4#
enable gvrp
Purpose
Used to enable GVRP on the switch.
Syntax
enable gvrp
Description
This command, along with disable gvrp below, is used to enable
and disable GVRP on the switch, without changing the GVRP
configuration on the switch.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To enable the generic VLAN Registration Protocol (GVRP):
DES-3550:4#enable gvrp
Command: enable gvrp
Success.
DES-3550:4#
disable gvrp
Purpose
Used to disable GVRP on the switch.
Syntax
disable gvrp
Description
This command, along with disable gvrp below, is used to enable
and disable GVRP on the switch, without changing the GVRP
configuration on the switch.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To disable the Generic VLAN Registration Protocol (GVRP):
97
DES-3550:4#disable gvrp
Command: disable gvrp
Success.
DES-3550:4#
show vlan
Purpose
Used to display the current VLAN configuration on the switch
Syntax
show vlan {<vlan_name 32>}
Description
This command displays summary information about each VLAN
including the VLAN ID, VLAN name, the Tagging|Untagging status,
and the Member|Non-member|Forbidden status of each port that is a
member of the VLAN.
Parameters
Restrictions
<vlan_name 32> − The VLAN name of the VLAN for which you want
to display a summary of settings.
None.
Example usage:
To display the switch’s current VLAN settings:
DES-3550:4#show vlan
Command: show vlan
VID
: 1
VLAN Name
: default
VLAN TYPE
Member ports
Static ports
: static
: 1-50
: 1-50
Advertisement : Enabled
Current Untagged ports : 1-50
Static Untagged ports
Forbidden ports :
: 1-50
Total Entries :
DES-3550:4#
show gvrp
Purpose
Used to display the GVRP status for a port list on the switch.
show gvrp {<portlist>}
Syntax
Description
Parameters
This command displays the GVRP status for a port list on the switch
<portlist> − Specifies a port or range of ports for which the GVRP
98
show gvrp
status is to be displayed.
None.
Restrictions
Example usage:
To display GVRP port status:
DES-3550:4#show gvrp
Command: show gvrp
Global GVRP : Disabled
Port
------
1
2
3
4
5
6
7
PVID
----
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
GVRP
--------
Ingress Checking Acceptable Frame Type
----------------
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
---------------------------
All Frames
All Frames
All Frames
All Frames
All Frames
All Frames
All Frames
All Frames
All Frames
All Frames
All Frames
All Frames
All Frames
All Frames
All Frames
All Frames
All Frames
All Frames
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
8
9
10
11
12
13
14
15
16
17
18
1
1
1
CTRL+C ESC q Quit SPACE n Next Page Enter Next Entry a All
99
16
ASYMMETRIC VLAN COMMANDS
The asymmetric VLAN commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in
the following table.
Command
Parameters
enable asymmetric_vlan
disable asymmetric_vlan
show asymmetric_vlan
Each command is listed, in detail, in the following sections.
enable asymmetric_vlan
Purpose
Used to enable the asymmetric VLAN function on the switch.
Syntax
enable asymmetric_vlan
Description
Parameters
Restrictions
This command enables the asymmetric VLAN function on the switch
None.
Only administrator-level users can issue this command.
Example usage:
To enable asymmetric VLANs:
DES-3550:4#enable asymmetric_vlan
Command: enable asymmetric_vlan
Success.
DES-3550:4#
disable asymmetric_vlan
Purpose
Used to disable the asymmetric VLAN function on the switch.
Syntax
disable asymmetric_vlan
Description
Parameters
Restrictions
This command disables the asymmetric VLAN function on the switch
None.
Only administrator-level users can issue this command.
Example usage:
To disable asymmetric VLANs:
100
DES-3550:4#disable asymmetric_vlan
Command: disable asymmetric_vlan
Success.
DES-3550:4#
show asymmetric_vlan
Purpose
Used to view the asymmetric VLAN state on the switch.
Syntax
show asymmetric_vlan
Description
Parameters
Restrictions
This command displays the asymmetric VLAN state on the switch
None.
Only administrator-level users can issue this command.
Example usage:
To display the asymmetric VLAN state cuurently set on the switch:
DES-3550:4#show asymmetric_vlan
Command: show asymmetric_vlan
Asymmetric Vlan: Enabled
DES-3550:4#
101
17
LINK AGGREGATION COMMANDS
The link aggregation commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
Command
Parameters
create
group_id <value 1-6> {type [lacp | static]}
link_aggregation
delete
group_id <value 1-6>
link_aggregation
config
link_aggregation
group_id <value1-6> {master_port <port> | ports <portlist> state
[enable | disable]}
config
link_aggregation
algorithm
[mac_source | mac_destination | mac_source_dest | ip_source |
ip_destination | ip_source_dest]
show
{group_id <value 1-6> | algorithm}
link_aggregation
config lacp_port
show lacp_port
<portlist> mode [active | passive]
{<portlist>}
Each command is listed, in detail, in the following sections.
create link_aggregation
Purpose
Used to create a link aggregation group on the switch.
Syntax
create link_aggregation group_id <value 1-6> {type[lacp |
static]}
Description
Parameters
This command will create a link aggregation group with a unique
identifier.
<value> − Specifies the group id. The switch allows up to 6 link
aggregation groups to be configured. The group number identifies
each of the groups.
type – Specify the type of link aggregation used for the group. If the
type is not specified the default type is static.
lacp – This designates the port group as LACP compliant. LACP
allows dynamic adjustment to the aggregated port group. LACP
compliant ports may be further configured (see config lacp_ports).
LACP compliant must be connected to LACP compliant devices.
static – This designates the aggregated port group as static. Static
port groups can not be changed as easily as LACP compliant port
groups since both linked devices must be manually configured if the
configuration of the trunked group is changed. If static link
aggregation is used, be sure that both ends of the connection are
properly configured and that all ports have the same speed/duplex
settings.
102
create link_aggregation
Restrictions
Only administrator-level users can issue this command.
Example usage:
To create a link aggregation group:
DES-3550:4#create link_aggregation group_id 1
Command: create link_aggregation group_id 1
Success.
DES-3550:4#
delete link_aggregation group_id
Purpose
Used to delete a previously configured link aggregation group.
Syntax
delete link_aggregation group_id <value 1-6>
Description
This command is used to delete a previously configured link
aggregation group.
Parameters
<value> − Specifies the group id. The switch allows up to 6 link
aggregation groups to be configured. The group number identifies
each of the groups.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To delete link aggregation group:
DES-3550:4#delete link_aggregation group_id 6
Command: delete link_aggregation group_id 6
Success.
DES-3550:4#
config link_aggregation
Purpose
Used to configure a previously created link aggregation group.
Syntax
config link_aggregation group_id <value 1-6> {master_port
<port> | ports <portlist> | state [enable | disable]
Description
This command allows you to configure a link aggregation group that
was created with the create link_aggregation command above.
The DES-3550 supports link_aggregation cross box which specifies
that link aggregation groups may be spread over multiple switches in
the switching stack.
103
config link_aggregation
Parameters
group _id<value> − Specifies the group id. The switch allows up to 6
link aggregation groups to be configured. The group number
identifies each of the groups.
master_port<port> − Master port ID. Specifies which port (by port
number) of the link aggregation group will be the master port. All of
the ports in a link aggregation group will share the port configuration
with the master port.
ports<portlist> − Specifies a range of ports that will belong to the link
aggregation group.
state [enable | disable] − Allows you to enable or disable the
specified link aggregation group.
Restrictions
Only administrator-level users can issue this command. Link
aggregation groups may not overlap.
Example usage:
To define a load-sharing group of ports, group-id 1,master port 5 with group members ports 5-7 plus port 9:
DES-3550:4#config link_aggregation group_id 1 master_port 1 ports 5-7, 9
Command: config link_aggregation group_id 1 master_port 1 ports 5-7, 9
Success.
DES-3550:4#
config link_aggregation algorithm
Purpose
Used to configure the link aggregation algorithm.
Syntax
config link_aggregation algorithm [mac_source | mac_destination |
mac_source_dest | ip_source | ip_destination | ip_source_dest]
Description
Parameters
This command configures to part of the packet examined by the switch
when selecting the egress port for transmitting load-sharing data. This
feature is only available using the address-based load-sharing algorithm.
mac_source − Indicates that the switch should examine the MAC source
address.
mac_destination − Indicates that the switch should examine the MAC
destination address.
mac_source_dest − Indicates that the switch should examine the MAC
source and destination addresses
ip_source − Indicates that the switch should examine the IP source
address.
ip_destination − Indicates that the switch should examine the IP
destination address.
104
config link_aggregation algorithm
ip_source_dest − Indicates that the switch should examine the IP source
address and the destination address.
Restrictions
Example usage:
To configure link aggregation algorithm for mac-source-dest:
DES-3550:4#config link_aggregation algorithm mac_source_dest
Only administrator-level users can issue this command.
Command: config link_aggregation algorithm mac_source_dest
Success.
DES-3550:4#
show link_aggregation
Purpose
Used to display the current link aggregation configuration on the
switch.
Syntax
show link_aggregation {group_id <value 1-6> | algorithm}
Description
This command will display the current link aggregation configuration
of the switch.
Parameters
<value> − Specifies the group id. The switch allows up to 6 link
aggregation groups to be configured. The group number identifies
each of the groups.
algorithm − Allows you to specify the display of link aggregation by
the algorithm in use by that group.
Restrictions
None.
Example usage:
To display Link Aggregation configuration:
DES-3550:4#show link_aggregation
Command: show link_aggregation
Link Aggregation Algorithm = MAC-source-dest
Group ID
: 1
Master Port : 1
Member Port : 5-10
Active Port:
Status
: Disabled
Flooding Port : 5
105
config lacp_ports
Purpose
Used to configure settings for LACP compliant ports.
Syntax
config lacp_ports <portlist> mode [active | passive]
Description
This command is used to configure ports that have been previously
designated as LACP ports (see create link_aggregation).
Parameters
<portlist> − Specifies a port or range of ports to be configured.
mode – Select the mode to determine if LACP ports will process
LACP control frames.
active – Active LACP ports are capable of processing and sending
LACP control frames. This allows LACP compliant devices to
negotiate the aggregated link so the group may be changed
dynamically as needs require. In order to utilize the ability to change
an aggregated port group, that is, to add or subtract ports from the
group, at least one of the participating devices must designate
LACP ports as active. Both devices must support LACP.
passive – LACP ports that are designated as passive cannot
process LACP control frames. In order to allow the linked port group
to negotiate adjustments and make changes dynamically, at one
end of the connection must have “active” LACP ports (see above).
Restrictions
Example usage:
To configure LACP port mode settings:
DES-3550:4#config lacp_port 1-12 mode active
Only administrator-level users can issue this command.
Command: config lacp_port 1-12 mode active
Success.
DES-3550:4#
show lacp_port
Purpose
Used to display current LACP port mode settings.
Syntax
show lacp_port {<portlist>}
Description
This command will display the LACP mode settings as they are
currently configured.
Parameters
<portlist> - Specifies a port or range of ports to be configured.
If no parameter is specified, the system will display the current LACP
status for all ports.
Restrictions
Only administrator-level users can issue this command.
Example usage:
106
To display LACP port mode settings:
DES-3550:4#show lacp_port 1-10
Command: show lacp_port 1-10
Port Activity
------
1
--------
Active
2
3
4
5
6
7
8
9
Active
Active
Active
Active
Active
Active
Active
Active
Active
10
DES-3550:4#
107
18
BASIC IP COMMANDS
The IP interface commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
Command
Parameters
config ipif
<ipif_name 12> [{ipaddress <network_address> | vlan <vlan_name
32> |state [enable | disable]} bootp |dhcp]
show ipif
<ipif_name 12>
Each command is listed, in detail, in the following sections.
config ipif
Purpose
Used to configure the System IP interface.
Syntax
config ipif <ipif_name 12> [{ ipaddress <network_address>
[ vlan <vlan_name 32> | state [enabled | disabled]} | bootp |
dhcp]
Description
Parameters
This command is used to configure the System IP interface on the
switch.
<ipif_name 12> Enter an alphanumeric string of up to 12 characters
to identify this ip interface.
<network_address> − IP address and netmask of the IP interface to
be created. You can specify the address and mask information
using the traditional format (for example, 10.1.2.3|255.0.0.0 or in
CIDR format, 10.1.2.3|8).
<vlan_name 32> − The name of the VLAN corresponding to the
System IP interface.
state [enable | disable] − Allows you to enable or disable the IP
interface.
bootp − Allows the selection of the BOOTP protocol for the
assignment of an IP address to the switch’s System IP interface.
dhcp − Allows the selection of the DHCP protocol for the assignment
of an IP address to the switch’s System IP interface.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure the IP interface System:
108
DES-3550:4#config ipif System ipaddress 10.48.74.122/8
Command: config ipif System ipaddress 10.48.74.122/8
Success.
DES-3550:4#
show ipif
Purpose
Used to display the configuration of an IP interface on the switch.
Syntax
show ipif <ipif_name 12>
Description
This command will display the configuration of an IP interface on the
switch.
Parameters
Restrictions
<ipif_name> − The name created for the IP interface.
None.
Example usage:
To display IP interface settings.
DES-3550:4#show ipif System
Command: show ipif System
IP Interface Settings
Interface Name : System
IP Address : 10.48.74.122 (MANUAL)
Subnet Mask : 255.0.0.0
VLAN Name : default
Admin. State : Disabled
Link Status : Link UP
Member Ports : 1-50
Total Entries : 1
DES-3550:4#
109
19
IGMP SNOOPING COMMANDS
The switch port commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
Command
Parameters
config igmp_snooping
[<vlan_name 32> | all] {host_timeout <sec 1-16711450>
| router_timeout < sec 1-16711450> | leave_timer < sec
0-16711450> | state [enable | disable]}
config igmp_snooping
querier
[<vlan_name 32> | all] {query_interval <sec 1-65535> |
max_response_time <sec 1-25> | robustness_variable
<value 1-255> | last_member_query_interval <sec 1-
25> | state [enable | disable]
config router_ports
<vlan_name 32> [add | delete] <portlist>
forward_mcrouter_only
enable igmp snooping
show igmp snooping
disable igmp snooping
vlan <vlan_name 32>
show igmp snooping
group
vlan <vlan_name 32>
show router ports
{vlan <vlan_name 32>} {static | dynamic | forbidden}
{vlan<vlan_name 32>}
show igmp_snooping
forwarding
Each command is listed, in detail, in the following sections.
config igmp_snooping
Purpose
Used to configure IGMP snooping on the switch.
Syntax
config igmp_snooping [<vlan_name 32> | all] {host_timeout
<sec 1-16711450> | router_timeout < sec 1-16711450> |
leave_timer < sec 0-16711450> | state [enable | disable]}
Description
Parameters
This command allows you to configure IGMP snooping on the
switch.
<vlan_name 32> − The name of the VLAN for which IGMP snooping
is to be configured.
host_timeout <sec> − Specifies the maximum amount of time a host
can be a member of a multicast group without the switch receiving a
host membership report. The default is 260 seconds.
router_timeout <sec> − Specifies the maximum amount of time a
route can be a member of a multicast group without the switch
receiving a host membership report. The default is 260 seconds.
leave_timer <sec> − Specifies the amount of time a Multicast
address will stay in the database before it is deleted, after it has sent
out a leave group message. An entry of zero (0) specifies an
immediate deletion of the Multicast address. The default is 2
110
config igmp_snooping
seconds.
state [enable | disable] − Allows you to enable or disable IGMP
snooping for the specified VLAN.
Restrictions
Example usage:
To configure the igmp snooping:
DES-3550:4#config igmp_snooping default host_timeout 250 state
Only administrator-level users can issue this command.
enable
Command: config igmp_snooping default host_timeout 250 state
enable
Success.
DES-3550:4#
config igmp_snooping querier
Purpose
This command configures IGMP snooping querier.
Syntax
config igmp_snooping querier [<vlan_name 32> | all]
{query_interval <sec 1-65535> | max_response_time <sec 1-25>
| robustness_variable <value 1-255> |
last_member_query_interval <sec 1-25> | state [enable |
disable]
Description
Parameters
Used to configure the time in seconds between general query
transmissions, the maximum time in seconds to wait for reports from
members and the permitted packet loss that guarantees IGMP
snooping.
<vlan_name 32> − The name of the VLAN for which IGMP snooping
querier is to be configured.
query_interval <sec> − Specifies the amount of time in seconds
between general query transmissions. The default setting is 125
seconds.
max_response_time <sec> − Specifies the maximum time in
seconds to wait for reports from members. The default setting is 10
seconds.
robustness_variable <value> − Provides fine-tuning to allow for
expected packet loss on a subnet. The value of the robustness
variable is used in calculating the following IGMP message intervals:
•
Group member interval—Amount of time that must pass
before a multicast router decides there are no more
members of a group on a network. This interval is calculated
as follows: (robustness variable x query interval) + (1 x
query response interval).
111
config igmp_snooping querier
•
Other querier present interval—Amount of time that must
pass before a multicast router decides that there is no longer
another multicast router that is the querier. This interval is
calculated as follows: (robustness variable x query interval)
+ (0.5 x query response interval).
•
•
Last member query count—Number of group-specific
queries sent before the router assumes there are no local
members of a group. The default number is the value of the
robustness variable.
By default, the robustness variable is set to 2. You might
want to increase this value if you expect a subnet to be
lossy. Although 1 is specified as a valid entry, the
roubustness variable should not be one or problems may
arise.
last_member_query_interval <sec> − The maximum amount of time
between group-specific query messages, including those sent in
response to leave-group messages. You might lower this interval to
reduce the amount of time it takes a router to detect the loss of the
last member of a group.
state [enable | disable] − Allows the switch to be specified as an
IGMP Querier or Non-querier.
Restrictions
Example usage:
To configure the igmp snooping:
DES-3550:4#config igmp_snooping querier default query_interval
Only administrator-level users can issue this command.
125 state enable
Command: config igmp_snooping querier default query_interval
125 state enable
Success.
DES-3550:4#
config router_ports
Purpose
Used to configure ports as router ports.
Syntax
config router_ports <vlan_name 32> [add | delete] <portlist>
Description
This command allows you to designate a range of ports as being
connected to multicast-enabled routers. This will ensure that all
packets with such a router as its destination will reach the multicast-
enabled router − regardless of protocol, etc.
Parameters
<vlan_name 32> − The name of the VLAN on which the router port
resides.
112
config router_ports
<portlist> − Specifies a port or range of ports that will be configured
as router ports.
Restrictions
Example usage:
To set up static router ports:
Only administrator-level users can issue this command.
DES-3550:4#config router_ports default add 1-10
Command: config router_ports default add 1-10
Success.
DES-3550:4#
enable igmp_snooping
Purpose
Used to enable IGMP snooping on the switch.
Syntax
enable igmp_snooping {forward_mcrouter_only}
This command allows you to enable IGMP snooping on the switch. If
Description
is specified, the switch will only forward all
forward_mcrouter_only
multicast traffic to the multicast router, only. Otherwise, the switch
forwards all multicast traffic to any IP router.
Parameters
Restrictions
forward_mcrouter_only − Specifies that the switch should only
forward all multicast traffic to a multicast-enabled router. Otherwise,
the switch will forward all multicast traffic to any IP router.
Only administrator-level users can issue this command.
Example usage:
To enable IGMP snooping on the switch:
DES-3550:4#enable igmp_snooping
Command: enable igmp_snooping
Success.
DES-3550:4#
disable igmp_snooping
Purpose
Used to enable IGMP snooping on the switch.
Syntax
disable igmp_snooping {forward_mcrouter_only}
Description
This command disables IGMP snooping on the switch. IGMP
snooping can be disabled only if IP multicast routing is not being
used. Disabling IGMP snooping allows all IGMP and IP multicast
113
disable igmp_snooping
traffic to flood within a given IP interface.
Parameters
forward_mcrouter_only – Adding this parameter to this command will
disable forwarding all multicast traffic to a multicast-enabled
routers .The switch will then forward all multicast traffic to any IP
router.
Entering this command without the parameter will disable igmp
snooping on the switch.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To disable IGMP snooping on the switch:
DES-3550:4#disable igmp_snooping
Command: disable igmp_snooping
Success.
DES-3550:4#
Example usage:
To disable forwarding all multicast traffic to a multicast-enabled router:
DES-3550:4#disable igmp_snooping forward_mcrouter_only
Command: disable igmp_snooping forward_mcrouter_only
Success.
DES-3550:4#
show igmp_snooping
Purpose
Used to show the current status of IGMP snooping on the switch.
Syntax
show igmp_snooping {vlan <vlan_name 32>}
Description
This command will display the current IGMP snooping configuration
on the switch.
Parameters
Restrictions
<vlan_name 32> − The name of the VLAN for which you want to
view the IGMP snooping configuration.
None.
Example usage:
To show igmp snooping:
114
DES-3550:4#show igmp_snooping
Command: show igmp_snooping
IGMP Snooping Global State : Disabled
Multicast router Only
: Disabled
VLAN Name
Query Interval
: default
: 125
Max Response Time
Robustness Value
Last Member Query Interval
Host Timeout
: 10
: 2
: 1
: 260
Route Timeout
Leave Timer
: 260
: 2
Querier State
Querier Router Behavior
State
: Disabled
: Non-Querier
: Disabled
VLAN Name
Query Interval
: vlan2
: 125
Max Response Time
Robustness Value
Last Member Query Interval
Host Timeout
: 10
: 2
: 1
: 260
Route Timeout
Leave Timer
: 260
: 2
Querier State
Querier Router Behavior
State
: Disabled
: Non-Querier
: Disabled
Total Entries: 2
DES-3550:4#
show igmp_snooping group
Purpose
Used to display the current IGMP snooping group configuration on
the switch.
Syntax
show igmp_snooping group {vlan <vlan_name 32>}
Description
This command will display the current IGMP snooping group
configuration on the switch.
Parameters
Restrictions
<vlan_name 32> − The name of the VLAN for which you want to
view IGMP snooping group configuration information.
None.
Example usage:
To show igmp snooping group:
115
DES-3550:4#show igmp_snooping group
Command: show igmp_snooping group
VLAN Name
: default
Multicast group: 224.0.0.2
MAC address : 01-00-5E-00-00-02
Reports
: 1
Port Member : 2,5
VLAN Name
: default
Multicast group: 224.0.0.9
MAC address : 01-00-5E-00-00-09
Reports
: 1
Port Member : 6,8
VLAN Name
: default
Multicast group: 234.5.6.7
MAC address : 01-00-5E-05-06-07
Reports
: 1
Port Member : 4,10
VLAN Name
: default
Multicast group: 236.54.63.75
MAC address : 01-00-5E-36-3F-4B
Reports
: 1
Port Member : 18,22
VLAN Name
: default
Multicast group: 239.255.255.250
MAC address : 01-00-5E-7F-FF-FA
Reports
: 2
Port Member : 9,19
VLAN Name
: default
Multicast group: 239.255.255.254
MAC address : 01-00-5E-7F-FF-FE
Reports
: 1
Port Member : 13,17
Total Entries : 6
DES-3550:4#
show router_ports
Purpose
Used to display the currently configured router ports on the switch.
Syntax
show router_ports {vlan <vlan_name 32>} {static | dynamic }
Description
This command will display the router ports currently configured on
the switch.
116
show router_ports
Parameters
<vlan_name 32> − The name of the VLAN on which the router port
resides.
static − Displays router ports that have been statically configured.
dynamic − Displays router ports that have been dynamically
configured.
Restrictions
None.
Example usage:
To display the router ports.
DES-3550:4#show router_ports
Command: show router_ports
VLAN Name
Static router port
: default
: 1-2,10
Dynamic router port :
Total Entries: 1
DES-3550:4#
show igmp_snooping forwarding
Purpose
Used to display the IGMP snooping forwarding table entries on the
switch.
Syntax
show igmp_snooping forwarding {vlan <vlan_name 32>}
Description
This command will display the current IGMP snooping forwarding
table entries currently configured on the switch.
Parameters
<vlan_name 32> − The name of the VLAN for which you want to
view IGMP snooping forwarding table information.
Restrictions
None.
Example usage:
To view the IGMP snooping forwarding table for VLAN “Trinity”:
DES-3550:4#show igmp_snooping forwarding vlan Trinity
Command: show igmp_snooping forwarding vlan Trinity
VLAN Name
: Trinity
Multicast group : 224.0.0.2
MAC address : 01-00-5E-00-00-02
Port Member : 17
Total Entries: 1
DES-3550:4#
117
show igmp_snooping group
Purpose
Used to display the current IGMP snooping configuration on the
switch.
Syntax
show igmp_snooping group {vlan <vlan_name 32>}
Description
This command will display the current IGMP setup currently
configured on the switch.
Parameters
Restrictions
<vlan_name 32> − The name of the VLAN for which you want to
view IGMP snooping forwarding table information.
None.
Example usage:
To view the current IGMP snooping group:
DES-XXXXS:4#show igmp_snooping
group
Command: show igmp_snooping group
VLAN Name
: default
Multicast group: 224.0.0.2
MAC address : 01-00-5E-00-00-02
Reports
: 1
Port Member : 2,4
VLAN Name
: default
Multicast group: 224.0.0.9
MAC address : 01-00-5E-00-00-09
Reports
: 1
Port Member : 6,8
VLAN Name
: default
Multicast group: 234.5.6.7
MAC address : 01-00-5E-05-06-07
Reports
: 1
Port Member : 10,12
VLAN Name
: default
Multicast group: 236.54.63.75
MAC address : 01-00-5E-36-3F-4B
Reports
: 1
Port Member : 14,16
VLAN Name
: default
118
Multicast group: 239.255.255.250
MAC address : 01-00-5E-7F-FF-FA
Reports
: 2
Port Member : 18,20
VLAN Name
: default
Multicast group: 239.255.255.254
MAC address : 01-00-5E-7F-FF-FE
Reports
: 1
Port Member : 22,24
Total Entries : 6
DES-XXXXS:4#
119
20
802.1X COMMANDS
The DES-3550 implements the server-side of the IEEE 802.1x Port-based Network Access Control. This mechanism is
intended to allow only authorized users, or other network devices, access to network resources by establishing criteria for each
port on the switch that a user or network device must meet before allowing that port to forward or receive frames.
Command
enable 802.1x
disable 802.1x
Parameters
show 802.1x
auth_state
{ports <portlist>}
show 802.1x
{ports <portlist>}
auth_configuration
config 802.1x
[<portlist> | all] [authenticator | none]
capability ports
config 802.1x
auth_parameter
ports
[<portlist> | all] [default | {direction [both | in] | port_control
[force_unauth | auto | force_auth] | quiet_period <sec 0-65535> |
tx_period <sec 1-65535> | supp_timeout <sec 1-65535> |
server_timeout <sec 1-65535> | max_req <value 1-10> |
reauth_period <sec 1-65535> | enable_reauth [enable | disable]}]
config 802.1x init
{port_based ports [<portlist> | all] | mac_based [ports] [<portlist>
|all] {mac_address <macaddr>}]
config 802.1x
auth_mode
[port_based | mac_based]
config 802.1x
reauth
{port_based ports [<portlist> | all] | mac_based [ports] [<portlist>
|all] {mac_address <macaddr>}]
config radius add
<server_index 1-3> <server_ip> key <passwd 32> [default |
{auth_port <udp_port_number 1-65535> | acct_port
<udp_port_number 1-65535>}]
config radius delete <server_index 1-3>
config radius
<server_index 1-3> {ipaddress <server_ip> | key <passwd 32>
[auth_port <udp_port_number 1-65535> acct_port
<udp_port_number 1-65535>]}
show radius
Each command is listed, in detail, in the following sections.
enable 802.1x
Purpose
Used to enable the 802.1x server on the switch.
Syntax
enable 802.1x
Description
The enable 802.1x command enables the 802.1x Port-based
Network Access control server application on the switch.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
120
Example usage:
To enable 802.1x switch wide:
DES-3550:4#enable 802.1x
Command: enable 802.1x
Success.
DES-3550:4#
disable 802.1x
Purpose
Used to disable the 802.1x server on the switch.
Syntax
disable 802.1x
Description
The disable 802.1x command is used to disable the 802.1x Port-
based Network Access control server application on the switch.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To disable 802.1x on the switch:
DES-3550:4#disable 802.1x
Command: disable 802.1x
Success.
DES-3550:4#
show 802.1x auth_configuration
Purpose
Used to display the current configuration of the 802.1x server on the
switch.
Syntax
show 802.1x auth_configuration {ports <portlist>}
Description
The show 802.1x command is used to display the current
configuration of the 802.1x Port-based Network Access Control
server application on the switch.
Parameters
ports <portlist> − Specifies a port or range of ports to view.
The following details what is displayed:
802.1x Enabled | Disabled − Shows the current status of 802.1x
functions on the switch.
Authentication Mode – Shows the authentication mode, whether it be
121
show 802.1x auth_configuration
by mac address or by port.
Authentication Protocol: Radius_Eap − Shows the authentication
protocol suite in use between the switch and a Radius server. May
read Radius_Eap or Radius_Pap.
Port number − Shows the physical port number on the switch.
Capability: Authenticator|None − Shows the capability of 802.1x
functions on the port number displayed above. There are two
802.1x capabilities that can be set on the switch: Authenticator and
None.
AdminCtlDir: Both|In − Shows whether a controlled Port that is
unauthorized will exert control over communication in both receiving
and transmitting directions, or just the receiving direction.
OpenCtlDir: Both|In − Shows whether a controlled Port that is
unauthorized will exert control over communication in both receiving
and transmitting directions, or just the receiving direction.
Port Control: ForceAuth|ForceUnauth|Auto − Shows the
administrative control over the port’s authorization status. ForceAuth
forces the Authenticator of the port to become Authorized.
ForceUnauth forces the port to become Unauthorized.
QuietPeriod − Shows the time interval between authentication failure
and the start of a new authentication attempt.
TxPeriod − Shows the time to wait for a response from a supplicant
(user) to send EAP Request|Identiy packets.
SuppTimeout − Shows the time to wait for a response from a
supplicant (user) for all EAP packets, except for the Request|Identity
packets.
ServerTimeout − Shows the length of time to wait for a response
from a Radius server.
MaxReq − Shows the maximum number of times to retry sending
packets to the supplicant.
ReAuthPeriod − shows the time interval between successive re-
authentications.
ReAuthenticate: Enabled|Disabled − Shows whether or not to re-
authenticate.
Restrictions
Example usage:
To display the 802.1x authtication states (stacking disabled):
Only administrator-level users can issue this command.
122
DES-3550:4#show 802.1x auth_configuration ports 1
Command: show 802.1x auth_configuration ports 1
802.1X
: Enabled
Authentication Mode : Port_based
Authentication Protocol : Radius_Eap
Port number : 1
Capability : None
AdminCrlDir : Both
OpenCrlDir : Both
Port Control : Auto
QuietPeriod : 60 sec
TxPeriod
: 30 sec
SuppTimeout : 30 sec
ServerTimeout : 30 sec
MaxReq
: 2 times
ReAuthPeriod : 3600 sec
ReAuthenticate : Disabled
CTRL+C ESC q Quit SPACE n Next Page Enter Next Entry a All
show 802.1x auth_state
Purpose
Used to display the current authentication state of the 802.1x server
on the switch.
Syntax
show 802.1x auth_state {ports <portlist>}
Description
The show 802.1x auth_state command is used to display the current
authentication state of the 802.1x Port-based Network Access Control
server application on the switch.
Parameters
ports<portlist> − Specifies a port or range of ports to be viewed.
The following details what is displayed:
Port number − Shows the physical port number on the switch.
Auth PAE State: Initalize|Disconnected|Connecting|
Authenticating|Authenticated|Held |ForceAuth|ForceUnauth − Shows
the current state of the Authenticator PAE.
Backend State: Request|Response|Fail| Idle|Initalize|Success
|Timeout − Shows the current state of the Backend Authenticator.
Port Status: Authorized|Unauthorized − Shows the result of the
authentication process. Authorized means that the user was
authenticated, and can access the network. Unauthorized means that
the user was not authenticated, and cannot access the network.
123
show 802.1x auth_state
Restrictions
Example usage:
To display the 802.1x auth state:
Only administrator-level users can issue this command.
DES-3550:4#show 802.1x auth_state
Command: show 802.1x auth_state
Port
------
1
Auth PAE State
-----------------------
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
ForceAuth
Backend State
---------------------
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Success
Port Status
-----------------
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
Authorized
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
CTRL+C ESC q Quit SPACE n Next Page Enter Next Entry a All
config 802.1x capability ports
Purpose
Used to configure the 802.1x capability of a range of ports on the
switch.
Syntax
config 802.1x capability ports [<portlist> | all] [authenticator |
none]
Description
The config 802.1x command has four capabilities that can be set for
each port. Authenticator, Supplicant, Authenticator and Supplicant,
and None.
Parameters
<portlist> − Specifies a port or range of ports to be configured.
124
config 802.1x capability ports
all − Specifies all of the ports on the switch.
authenticator − A user must pass the authentication process to gain
access to the network.
none − The port is not controlled by the 802.1x functions.
Restrictions
Example usage:
To configure 802.1x capability on ports 1-10 on switch 1:
DES-3550:4#config 802.1x capability ports 1 –10 authenticator
Only administrator-level users can issue this command.
Command: config 802.1x capability ports 1-10 authenticator
Success.
DES-3550:4#
config 802.1x auth_parameter
Purpose
Used to configure the 802.1x Authentication parameters on a range
of ports. The default parameter will return all ports in the specified
range to their default 802.1x settings.
Syntax
config 802.1x auth_parameter ports [ <portlist> | all] [default |
{direction [ both | in ] | port_control | force_unauth |auto |
force_auth ] | quiet_period <sec 0-65535> | tx_period <sec 1-
65535> | supp_timeout <sec 1-65535> | server_timeout <sec 1-
65535> | max_req <value 1-10> | reauth_period <sec 1-65535> |
enable_reauth [enable | disable]}]
Description
Parameters
The config 802.1x auth_parameter command is used to configure
the 802.1x Authentication parameters on a range of ports. The
default parameter will return all ports in the specified range to their
default 802.1x settings.
<portlist> − Specifies a port or range of ports to be configured.
all − Specifies all of the ports on the switch.
default − Returns all of the ports in the specified range to their
802.1x default settings.
direction [both | in] − Determines whether a controlled port blocks
communication in both the receiving and transmitting directions, or
just the receiving direction.
port_control − Configures the administrative control over the
authentication process for the range of ports.The user has the
following authentication options:
•
force_auth − Forces the Authenticator for the port to
become authorized. Network access is allowed.
125
config 802.1x auth_parameter
•
auto − Allows the port’s status to reflect the outcome of the
authentication process.
•
force_unauth − Forces the Authenticator for the port to
become unauthorized. Network access will be blocked.
quiet_period <sec 0-65535> − Configures the time interval between
authentication failure and the start of a new authentication attempt.
tx_period <sec 1-65535> - Configures the time to wait for a
response from a supplicant (user) to send EAP Request/Identity
packets.
supp_timeout <sec 1-65535> - Configures the time to wait for a
response from a supplicant (user) for all EAP packets, except for the
Request/Identity packets.
server_timeout <sec 1-65535> - Configure the length of time to wait
for a response from a Radius server.
max_req <value 1-10> − Configures the number of times to retry
sending packets to a supplicant (user).
reauth_period <sec 1-65535> − Configures the time interval
between successive re-authentications.
enable_reauth [enable|disable] − Determines whether or not the
switch will re-authenticate. Enabled causes re-authentication of
users at the time interval specified in the Re-authentication Period
field, above.
Restrictions
Example usage:
Only administrator-level users can issue this command.
To configure 802.1x authentication parameters for ports 1 – 20 of switch 1:
DES-3550:4#config 802.1x auth_parameter ports 1–20 direction
both
Command: config 802.1x auth_parameter ports 1–20 direction
both
Success.
DES-3550:4#
config 802.1x init
Purpose
Used to initialize the 802.1x function on a range of ports.
Syntax
config 802.1x init {port_based ports [<portlist> | all] |
mac_based [ports] [<portlist> |all] {mac_address <macaddr>}]
Description
The
command is used to immediately initialize the
config 802.1x init
802.1x functions on a specified range of ports or for specified MAC
126
config 802.1x init
addresses operating from a specified range of ports.
Parameters
port_based – This instructs the switch to initialize 802.1x functions
based only on the port number. Ports approved for initialization can
then be specified.
mac_based ports − This instructs the switch to initialize 802.1x
functions based only on the MAC address. MAC addresses
approved for initialization can then be specified.
<portlist> − Specifies a port or range of ports to be configured.
mac_address <macaddr> - Enter the MAC address to be initialized.
all − Specifies all of the ports on the switch.
Restrictions
Example usage:
To initialize the authentication state machine of some or all:
DES-3550:4# config 802.1x init port_based ports all
Only administrator-level users can issue this command.
Command: config 802.1x init port_based ports all
Success.
DES-3550:4#
config 802.1x auth_mode
Purpose
Used to configure the 802.1x authentication mode on the switch.
Syntax
config 802.1x auth_mode {port_based | mac_based]
Description
The config 802.1x authentication mode command is used to enable
either the port-based or MAC-based 802.1x authentication feature
on the switch.
Parameters
port_based | mac_based ports − The switch allows you to
authenticate 802.1x by either port or MAC address.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure 802.1x authentication by MAC address:
127
DES-3550:4#config 802.1x auth_mode mac_based
Command: config 802.1x auth_mode mac_based
Success.
DES-3550:4#
config 802.1x reauth
Purpose
Used to configure the 802.1x re-authentication feature of the switch.
Syntax
config 802.1x reauth {port_based ports [ <portlist> | all] |
mac_based [ports] [<portlist> | all ] {mac_address <macaddr>}]
Description
Parameters
The config 802.1x reauth command is used to re-authenticate a
previously authenticated device based on port number.
port_based – This instructs the switch to re-authorize 802.1x
functions based only on the port number. Ports approved for re-
authorization can then be specified.
mac_based ports − This instructs the switch to re-authorize 802.1x
functions based only on the MAC address. MAC addresses
approved for re-authorization can then be specified.
<portlist> − Specifies a port or range of ports to be re-authorized.
mac_address <macaddr> - Enter the MAC address to be re-
authorized.
all − Specifies all of the ports on the switch.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure 802.1x reauthentication for ports 1-18:
DES-3550:4#config 802.1x reauth port_based ports 1-18
Command: config 802.1x reauth port_based ports 1-18
Success.
DES-3550:4#
config radius add
Purpose
Used to configure the settings the switch will use to communicate
with a RADIUS server.
Syntax
config radius add <server_index 1-3> <server_ip> key <passwd
32> [default | {auth_port <udp_port_number 1-65535> |
acct_port <udp_port_number 1-65535>}]
128
config radius add
Description
The config radius add command is used to configure the settings
the switch will use to communicate with a RADIUS server.
Parameters
<server_index 1-3> − Assigns a number to the current set of
RADIUS server settings. Up to 3 groups of RADIUS server settings
can be entered on the switch.
<server_ip> − The IP address of the RADIUS server.
key − Specifies that a password and encryption key will be used
between the switch and the Radius server.
<passwd 32> − The shared-secret key used by the RADIUS server
and the switch. Up to 32 characters can be used.
default − Uses the default udp port number in both the “auth_port”
and “acct_port” settings.
auth_port <udp_port_number> − The UDP port number for
authentication requests. The default is 1812.
acct_port <udp_port_number> − The UDP port number for
accounting requests. The default is 1813.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure the RADIUS server communication setttings:
DES-3550:4#config radius add 1 10.48.74.121 key dlink default
Command: config radius add 1 10.48.74.121 key dlink default
Success.
DES-3550:4#
config radius delete
Purpose
Used to delete a previously entered RADIUS server configuration.
Syntax
config radius delete <server_index 1-3>
Description
The
command is used to delete a previously
config radius delete
entered RADIUS server configuration.
Parameters
<server_index 1-3> − Assigns a number to the current set of
RADIUS server settings. Up to 3 groups of RADIUS server settings
can be entered on the switch.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To delete previously configured RADIUS server communication settings:
129
DES-3550:4#config radius delete 1
Command: config radius delete 1
Success.
DES-3550:4#
config radius
Purpose
Used to configure the switch’s RADIUS settings.
Syntax
config radius <server_index 1-3> {ipaddress <server_ip> | key
<passwd 32> | auth_port <udp_port_number 1-65535> |
acct_port <udp_port_number 1-65535>}
Description
Parameters
The config radius command is used to configure the switch’s
Radius settings.
<server_index 1-3> − Assigns a number to the current set of
RADIUS server settings. Up to 3 groups of RADIUS server settings
can be entered on the switch.
<server_ip> − The IP address of the Radius server.
key − Specifies that a password and encryption key will be used
between the switch and the RADIUS server.
<passwd 32> − The shared-secret key used by the RADIUS server
and the switch. Up to 32 characters can be used.
default − Uses the default udp port number in both the “auth_port”
and “acct_port” settings.
auth_port <udp_port_number> − The UDP port number for
authentication requests. The default is 1812.
acct_port <udp_port_number> − The UDP port number for
accounting requests. The default is 1813.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure the RADIUS settings:
130
DES-3550:4#config radius 1 10.48.74.121 key dlink default
Command: config radius 1 10.48.74.121 key dlink default
Success.
DES-3550:4#
show radius
Purpose
Used to display the current RADIUS configurations on the switch.
Syntax
show radius
Description
The show radius command is used to display the current RADIUS
configurations on the switch.
Parameters
Restrictions
None.
None.
Example usage:
To display RADIUS settings on th switch:
DES-3550:4#show radius
Command: show radius
Idx IP Address
----- ------------------
Auth-Port Acct-Port
Status
Key
Number
---------
1812
Number
---------
1813
----------- ------------
1
2
3
10.1.1.1
20.1.1.1
30.1.1.1
Active
Active
Active
switch
des3226
dlink
1800
1813
1812
1813
Total Entries : 3
DES-3550:4#
131
21
ACCESS CONTROL LIST (ACL) COMMANDS
The DES-3550 implements Access Control Lists that enable the switch to deny network access to specific devices or device
groups based on IP settings or MAC address.
Command
Parameters
create
access_profile
[ ethernet{ vlan | source_mac <macmask> | destination_mac
<macmask> | 802.1p | ethernet_type}| ip { vlan |
source_ip_mask <netmask> | destination_ip_mask <netmask> |
dscp | [ icmp {type | code } | igmp {type } | tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>|
flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-xffff>} |
protocol_id_mask <hex0x0 - 0xFF> {user_define_mask <hex 0x0-
0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex 0x0-0xffffffff>} ]}|packet_content_mask{offset_0-15
<hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff> | offset_16-31 <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex
0x0-0xffffffff><hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-
0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff> |
offset_48-63 <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-0xffffffff><hex
0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff>}]{port[<portlist>|all] | profile_id <value 1-255> }
delete
<value 1-255>
access_profile
profile_id
config
access_profile
profile_id
<value 1-255>[ add access_id <value 1-255>[ ethernet {vlan
<vlan_name 32> | source_mac <macaddr> | destination_mac
<macaddr> | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>
}| ip {vlan <vlan_name 32> | source_ip <ipaddr> | destination_ip
<ipaddr> | dscp <value 0-63> |[ icmp {type <value 0-255> code
<value 0-255>} | igmp {type <value 0-255>} | tcp {src_port <value
0-65535> | dst_port <value 0-65535> | flag_mask [all | {urg | ack |
psh | rst | syn | fin}]} | udp {src_port <value 0-65535> | dst_port
<value 0-65535>} | protocol_id <value 0 - 255> {user_define
<hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex 0x0-0xffffffff>}]} | packet_content_mask{offset_0-15
<hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff> | offset_16-31 <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex
0x0-0xffffffff><hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-
0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff> |
offset_48-63 <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-0xffffffff><hex
0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff>}][
permit{replace_priority_with <value 0-7> | replace_dscp_with
<value 0-63> } | deny] | delete access_id <value 1-255> ]
show
{profile_id <value 1-255>}
access_profile
Due to a chipset limitation, the switch currently supports a maximum of 9 access profiles, each containing a maximum of 50
rules − with the additional limitation of 50 rules total for all 9 access profiles.
Access profiles allow you to establish criteria to determine whether or not the switch will forward packets based on the
information contained in each packet’s header. These criteria can be specified on a VLAN-by-VLAN basis.
132
Creating an access profile is divided into two basic parts. First, an access profile must be created using the create
access_profile command. For example, if you want to deny all traffic to the subnet 10.42.73.0 to 10.42.73.255, you must first
create an access profile that instructs the switch to examine all of the relevant fields of each frame:
create access_profile ip source_ip_mask 255.255.255.0 profile_id 1
Here we have created an access profile that will examine the IP field of each frame received by the switch. Each source IP
address the switch finds will be combined with the source_ip_mask with a logical AND operation. The profile_id parameter is
used to give the access profile an identifying number − in this case, 1. The deny parameter instructs the switch to filter any
frames that meet the criteria − in this case, when a logical AND operation between an IP address specified in the next step and
the ip_source_mask match.
The default for an access profile on the switch is to permit traffic flow. If you want to restrict traffic, you must use the deny
parameter.
Now that an access profile has been created, you must add the criteria the switch will use to decide if a given frame should be
forwarded or filtered. Here, we want to filter any packets that have an IP source address between 10.42.73.0 and 10.42.73.255:
config access_profile profile_id 1 add access_id 1 ip source_ip 10.42.73.1 deny
Here we use the profile_id 1 which was specified when the access profile was created. The add parameter instructs the switch
to add the criteria that follows to the list of rules that are associated with access profile 1. For each rule entered into the access
profile, you can assign an access_id that both identifies the rule and establishes a priority within the list of rules. A lower
access_id gives the rule a higher priority. In case of a conflict in the rules entered for an access profile, the rule with the highest
priority (lowest access_id) will take precedence.
The ip parameter instructs the switch that this new rule will be applied to the IP addresses contained within each frame’s header.
source_ip tells the switch that this rule will apply to the source IP addresses in each frame’s header. Finally, the IP address
10.42.73.1 will be combined with the source_ip_mask 255.255.255.0 to give the IP address 10.42.73.0 for any source IP
address between 10.42.73.0 to 10.42.73.255.
create access_profile
Purpose
Used to create an access profile on the switch and to define which
parts of each incoming frame’s header the switch will examine.
Masks can be entered that will be combined with the values the
switch finds in the specified frame header fields. Specific values for
the rules are entered using the config access_profile command,
below.
Syntax
[ ethernet{ vlan | source_mac <macmask> | destination_mac
<macmask> | 802.1p | ethernet_type} | ip {vlan |
source_ip_mask <netmask> | destination_ip_mask <netmask> |
dscp | [ icmp {type | code } | igmp {type } | tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-
0xffff>| flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-
xffff>} | protocol_id_mask <hex0x0 - 0xFF>
{user_define_mask <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex
0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff>} ]} |
packet_content_mask{offset_0-15 <hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff> | offset_16-31
<hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex
0x0-0xffffffff> | offset_32-47 <hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63
<hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex
0x0-0xffffffff> | offset_64-79 <hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff>}] {port
[<portlist>|all] | profile_id <value 1-255> }
Description
The create access_profile command is used to create an access
profile on the switch and to define which parts of each incoming
frame’s header the switch will examine. Masks can be entered that
will be combined with the values the switch finds in the specified
frame header fields. Specific values for the rules are entered using
133
create access_profile
the config access_profile command, below.
Parameters
ethernet − Specifies that the switch will examine the layer 2 part of
each packet header.
•
•
vlan − Specifies that the switch will examine the VLAN part of
each packet header.
source_mac <macmask> − Specifies a MAC address mask for
the source MAC address. This mask is entered in the
following hexadecimal format:
•
•
•
destination_mac <macmask> − Specifies a MAC address
mask for the destination MAC address.
802.1p − Specifies that the switch will examine the 802.1p
priority value in the frame’s header.
ethernet_type − Specifies that the switch will examine the
Ethernet type value in each frame’s header.
ip − Specifies that the switch will examine the IP address in each
frame’s header.
•
•
vlan − Specifies a VLAN mask.
source_ip_mask <netmask> − Specifies an IP address mask
for the source IP address.
•
•
destination_ip_mask <netmask> − Specifies an IP address
mask for the destination IP address.
dscp − Specifies that the switch will examine the DiffServ Code
Point (DSCP) field in each frame’s header.
•
icmp − Specifies that the switch will examine the Internet
Control Message Protocol (ICMP) field in each frame’s header.
•
type − Specifies that the switch will examine each frame’s
ICMP Type field.
•
code − Specifies that the switch will examine each
frame’s ICMP Code field.
•
•
igmp − Specifies that the switch will examine each frame’s
Internet Group Management Protocol (IGMP) field.
• type − Specifies that the switch will examine each frame’s
IGMP Type field.
tcp − Specifies that the switch will examine each frames
Transport Control Protocol (TCP) field.
• src_port_mask <hex 0x0-0xffff> − Specifies a TCP port
mask for the source port.
• dst_port_mask <hex 0x0-0xffff> − Specifies a TCP port
mask for the destination port.
134
create access_profile
•
flag_mask [ all | {urg | ack | psh | rst | syn | fin}] – Enter the
appropriate flag_mask parameter. All incoming packets have
TCP port numbers contained in them as the forwarding
criterion. These numbers have flag bits asscociated with them
which are parts of a packet that determine what to do with the
packet. The user may deny packets by denying certain flag bits
within the packets. The user may choose between
,
all urg
(urgent), ack (acknowledgement), psh (push), rst (reset), syn
(synchronize) and (finish).
fin
•
udp − Specifies that the switch will examine each frame’s
Universal Datagram Protocol (UDP) field.
• src_port_mask <hex 0x0-0xffff> − Specifies a UDP port
mask for the source port.
• dst_port_mask <hex 0x0-0xffff> − Specifies a UDP port
mask for the destination port.
•
•
protocol_id − Specifies that the switch will examine each
frame’s Protocol ID field.
• user_define_mask <hex 0x0-0xffffffff> − Specifies that the
rule applies to the IP protocol ID and the mask options behind
the IP header.
packet_content_mask – Specifies that the switch will mask the
packet header beginning with the offset value specified as
follows:
• offset_0-15 – Enter a value in hex form to mask the packet
from the beginning of the packet to the 16th byte.
• offset_16-31 - Enter a value in hex form to mask the packet
from byte 16 to byte 31.
• offset_32-47 - Enter a value in hex form to mask the packet
from byte 32 to byte 47.
• offset_48-63 - Enter a value in hex form to mask the packet
from byte 48 to byte 63.
• offset_64-79- Enter a value in hex form to mask the packet
from byte 64 to byte 79.
port<portlist> - Specifies a port or range of ports to be configured.
all – denotes all ports on the switch.
profile_id <value 1-255> − Specifies an index number that will
identify the access profile being created with this command.
Restrictions
Example usage:
To create an access list rules:
Only administrator-level users can issue this command.
135
DES-3550:4#create access_profile ip vlan source_ip_mask 20.0.0.0
destination_ip_mask 10.0.0.0 dscp icmp type code permit profile_id 101
Command: create access_profile ip vlan source_ip_mask 20.0.0.0
destination_ip_mask 10.0.0.0 dscp icmp type code permit profile_id 101
Success.
DES-3550:4#
delete access_profile
Purpose
Used to delete a previously created access profile.
Syntax
delete access_profile [profile_id <value 1-255>]
Description
The delete access_profile command is used to delete a previously
created access profile on the switch.
Parameters
profile_id <value 1-255> − an integer between 1 and 255 that is
used to identify the access profile that will be deleted with this
command. This value is assigned to the access profile when it is
created with the
command.
create access_profile
Restrictions
Only administrator-level users can issue this command.
Example usage:
To delete the access profile with a profile ID of 1:
DES-3550:4# delete access_profile profile_id 1
Command: delete access_profile profile_id 1
Success.
DES-3550:4#
config access_profile
Purpose
Used to configure an access profile on the switch and to define
specific values that will be used to by the switch to determine if a
given packet should be forwarded or filtered. Masks entered using
the create access_profile command will be combined, using a
logical AND operation, with the values the switch finds in the
specified frame header fields. Specific values for the rules are
entered using the
command, below.
config access_profile
Syntax
config access profile profile_id <value 1-255>[ add access_id
<value 1-255>[ ethernet { vlan <vlan_name 32> | source_mac
<macaddr> | destination_mac <macaddr> | 802.1p <value 0-
7> | ethernet_type <hex 0x0-0xffff> }| ip{ vlan <vlan_name
32> | source_ip <ipaddr> | destination_ip <ipaddr> | dscp
<value 0-63> |[ icmp {type <value 0-255> code <value 0-255>} |
igmp {type <value 0-255>} | tcp {src_port <value 0-65535> |
dst_port <value 0-65535> | flag_mask [all | {urg | ack | psh | rst |
136
config access_profile
syn | fin}]} | udp {src_port <value 0-65535> | dst_port <value
0-65535>} | protocol_id <value 0 - 255> {user_define <hex
0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex0x0-0xffffffff>}]} | packet_content_mask {offset_0-
15 <hex0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex
0x0-0xffffffff> | offset_16-31 <hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff> | offset_32-47
<hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex
0x0-0xffffffff> | offset_48-63 <hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff> | offset_64-79
<hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-
0xffffffff><hex0x0-0xffffffff>}][ permit {replace_priority_with
<value 0-7> | replace_dscp_with <value 0-63> } | deny] | delete
access_id <value 1-255> ]
Description
Parameters
The config access_profile command is used to configure an
access profile on the switch and to enter specific values that will be
combined, using a logical AND operation, with masks entered with
the create access_profile command, above.
profile_id <value 1-255> − an integer between 1 and 8 that is used to
identify the access profile that will be deleted with this command.
This value is assigned to the access profile when it is created with
the create access_profile command.
add access_id <value 1-255> − Adds an additional rule to the above
specified access profile. The value specifies the relative priority of
the additional rule. The lower access ID, the higher the priority the
rule will be given.
ethernet − Specifies that the switch will look only into the layer 2 part
of each packet.
•
•
•
•
•
vlan <vlan_name 32> − Specifies that the access profile will
apply to only to this VLAN.
source_mac <macaddr> − Specifies that the access profile will
apply to only packets with this source MAC address.
destination_mac <macaddr> − Specifies that the access profile
will apply to only packets with this destination MAC address.
802.1p <value 0-7> − Specifies that the access profile will
apply only to packets with this 802.1p priority value.
ethernet_type <hex 0x0-0xffff> − Specifies that the access
profile will apply only to packets with this hexadecimal 802.1Q
Ethernet type value in the packet header.
ip − Specifies that the switch will look into the IP fields in each
packet.
•
•
•
vlan <vlan_name 32> − − Specifies that the access profile will
apply to only to this VLAN.
source_ip <ipaddr> − Specifies that the access profile will
apply to only packets with this source IP address.
destination_id <value 0-255> − Specifies that the access
137
config access_profile
profile will apply to only packets with this destination IP
address.
•
•
dscp <value 0-63> − Specifies that the access profile will apply
only to packets that have this value in their Type-of-Service
(DiffServ code point, DSCP) field in their IP packet header.
priority <value 0-7> − Specifies that the access profile will
apply to packets that contain this value in their 802.1p priority
field of their header.
•
•
dscp <value 0-63> − Allows you to specify a value to be written
to the DSCP field of an incoming packet.
icmp − Specifies that the switch will examine the Internet
Control Message Protocol (ICMP) field within each packet.
• type <value 0-65535> − Specifies that the access profile will
apply to this ICMP type value.
• code <value 0-255> − Specifies that the access profile will
apply to this ICMP code.
•
•
igmp − Specifies that the switch will examine the Internet
Group Management Protocol (IGMP) field within each packet.
• type <value 0-255> − Specifies that the access profile will
apply to packets that have this IGMP type value.
tcp − Specifies that the switch will examine the Transmission
Control Protocol (TCP) field within each packet.
• src_port <value 0-65535> − Specifies that the access profile
will apply only to packets that have this TCP source port in
their TCP header.
• dst_port <value 0-65535> − Specifies that the access profile
will apply only to packets that have this TCP destination port in
their TCP header.
•
flag_mask – Enter the type of TCP flag to be masked. The
choices are:
• all: all flags are selected.
• urg: TCP control flag (urgent)
• ack: TCP control flag (acknowledgement)
• psh: TCP control flag (push)
• rst: TCP control flag (reset)
• syn: TCP control flag (synchronize)
• fin: TCP control flag (finish)
•
udp − Specifies that the switch will examine the Universal
138
config access_profile
Datagram Protocol (UDP) field in each packet.
• src_port <value 0-65535> − Specifies that the access profile
will apply only to packets that have this UDP source port in
their header.
• dst_port <value 0-65535> − Specifies that the access profile
will apply only to packets that have this UDP destination port in
their header.
•
•
•
protocol_id <value 0-255> − Specifies that the switch will
examine the Protocol field in each packet and if this field
contains the value entered here, apply the following rules.
user_define <hex 0x0-0xfffffff> − Specifies a mask to be
combined with the value found in the frame header using a
logical AND operation.
packet_content_mask – Specifies that the switch will mask the
packet header beginning with the offset value specified as
follows:
• offset_0-15 – Enter a value in hex form to mask the packet
from the beginning of the packet to the 15th byte.
• offset_16-31 - Enter a value in hex form to mask the packet
from byte 16 to byte 32.
• offset_32-47 - Enter a value in hex form to mask the packet
from byte 32 to byte 47.
• offset_48-63 - Enter a value in hex form to mask the packet
from byte 48 to byte 63.
•
offset_64-79- Enter a value in hex form to mask the packet
from byte 64 to byte 79.
permit – Specifies that packets that match the access profile are
permitted to be forwarded by the switch.
•
replace_priority with (0-7) − This parameter is specified if you
want to change the 802.1p user priority of a packet that meets
the specified criteria. Otherwise, a packet will have its
incoming 802.1p user priority re-written to its original value
before being transmitted from the switch.
replace_dscp with <value 0-63> − Allows you to specify a value to
be written to the DSCP field of an incoming packet that meets the
criteria specified in the first part of the command. This value will
over-write the value in the DSCP field of the packet.
deny – Specifies that packets that do not match the access profile
are not permitted to be forwarded by the switch and will be filtered.
delete access_id <value 1-255> − Specifies the access ID of a rule
you want to delete.
Restrictions
Only administrator-level users can issue this command.
139
Example usage:
To configure the access profile with the profile ID of 1 to filter frames that have IP addresses in the range between
10.42.73.0 to 10.42.73.255:
DES-3550:4# config access_profile profile_id 2 add access_id 1
ip source_ip 10.42.73.1 deny
Command: config access_profile profile_id 1 add access_id 1 ip
source_ip 10.42.73.1 deny
Success.
DES-3550:4#
show access_profile
Purpose
Used to display the currently configured access profiles on the
switch.
Syntax
show access_profile
Description
The
command is used to display the currently
show access_profile
configured access profiles
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To display all of the currently configured access profiles on the switch:
DES-3550:4#show access_profile
Command: show access_profile
Access Profile Table
Access Profile ID : 4
Type : IP Frame Filter
Ports : All
Masks : VLAN
----------------
ID Mode
--- ------ ----------------
1 Permit default
Access Profile ID : 246
Type : IP Frame Filter
140
Ports : All
Masks : Source IP Addr
---------------
255.0.0.0
ID Mode
--- ------ ---------------
Access Profile ID : 247
Type : Ethernet Frame Filter
Ports : All
Masks : 802.1p
------
ID Mode
--- ------ ------
Access Profile ID : 248
Type : Ethernet Frame Filter
Ports : All
Masks : VLAN
----------------
ID Mode
--- ------ ----------------
Access Profile ID : 249
Type : Packet Content Filter
Ports : All
Masks : Offset 0-15 : 0x00000000 00000000 00000000 00000000
Offset 16-31 : 0x00000000 00000000 00000000 00000000
Offset 32-47 : 0x00000000 00000000 00000000 00000000
Offset 48-63 : 0x00000000 00000000 00000000 00000000
Offset 64-79 : 0x00000000 00000000 00000000 00000000
ID Mode
--- ------ ----------------------------------------------------
Access Profile ID : 250
Type : Ethernet Frame Filter
Ports : All
Masks : VLAN
----------------
141
ID Mode
--- ------ ----------------
Access Profile ID : 251
Type : Ethernet Frame Filter
Ports : All
Masks : VLAN
----------------
ID Mode
--- ------ ----------------
Access Profile ID : 252
Type : Ethernet Frame Filter
Ports : All
Masks : VLAN
----------------
ID Mode
--- ------ ----------------
Access Profile ID : 253
Type : Ethernet Frame Filter
Ports : All
Masks : VLAN
----------------
ID Mode
--- ------ ----------------
Total Entries : 1
DES-3550:4#
142
22
TRAFFIC SEGMENTATION COMMANDS
Traffic segmentation allows you to further sub-divide VLANs into smaller groups of ports that will help to reduce traffic on the
VLAN. The VLAN rules take precedence, and then the traffic segmentation rules are applied.
Command
Parameters
config
[<portlist>] forward_list [null | <portlist>]
traffic_segmentation
show
<portlist>
traffic_segmentation
config traffic_segmentation
Purpose
Used to configure traffic segmentation on the switch.
Syntax
config traffic_segmentation [<portlist>] forward_list [null |
<portlist>]
Description
Parameters
The
command is used to configure
config traffic_segmentation
traffic segmentation on the switch.
<portlist> − Specifies a port or range of ports that will be configured
for traffic segmentation.
forward_list − Specifies a range of ports that will receive forwarded
frames from the ports specified in the portlist, above.
null − no ports are specified
<portlist> − Specifies a range of ports for the forwarding list. This list
must be on the same switch previously specified for traffic
segmentation (i.e. following the <portlist> specified above for config
traffic_segmentation).
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure ports 1 through 10 to be able to forward frames to port 11 through 15:
DES-3550:4# config traffic_segmentation 1-10 forward_list 11-15
Command: config traffic_segmentation 1-10 forward_list 11-15
Success.
DES-3550:4#
show traffic_segmentation
Purpose
Used to display the current traffic segmentation configuration on the
switch.
143
show traffic_segmentation
Syntax
show traffic_segmentation <portlist>
Description
The command is used to display the
show traffic_segmentation
current traffic segmentation configuration on the switch.
Parameters
Restrictions
<portlist> − Specifies a port or range of ports for which the current
traffic segmentation configuration on the switch will be displayed.
The port lists for segmentation and the forward list must be on the
same switch.
Example usage:
To display the current traffic segmentation configuration on the switch.
DES-3550:4#show traffic_segmentation
Command: show traffic_segmentation
Traffic Segmentation Table
Port Forward Portlist
----
1
----------------------------
1-50
1-50
1-50
1-50
1-50
1-50
1-50
1-50
1-50
1-50
1-50
1-50
1-50
1-50
1-50
1-50
1-50
1-50
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All
144
23
TIME AND SNTP COMMANDS
The Simple Network Time Protocol (SNTP) (an adaptation of the Network Time Protocol (NPT)) commands in the Command
Line Interface (CLI) are listed (along with the appropriate parameters) in the following table.
Command
Parameters
{primary <ipaddr> | secondary <ipaddr> | poll-interval <int 30-
99999>}
config sntp
show sntp
enable sntp
disable sntp
config time
<date ddmmmyyyy > <time hh:mm:ss >
{operator(1) [+ | -] | hour(2) <gmt_hour 0-13> | min(3) <minute 0-
59>}
config time-zone
[disable | repeating {s-week<start_week 1-4,last> | s-wday
<start_weekday sun-sat>| s-mth <start_mth 1-12>| s-time
<start_time hh:mm> | e-week <end_week 1-4,last> | e-wday
<end_weekday sun-sat> | e-mth <end_mth 1-12> | e-time
<end_time hh:mm> | offset [30 | 60|90|120]} | annual {s-date
<start_date 1-31> | s-mth <start_mth 1-12> | s-time <start_time
hh:mm> | e-date <end_date 1-31> | e-mth <end_mth 1-12> | e-
time <end_time hh:mm>
config dst
show time
| offset [30 | 60 | 90 | 120]}]}
Each command is listed, in detail, in the following sections.
config sntp
Purpose
Used to setup SNTP service.
Syntax
config sntp {primary <ipaddr> | secondary <ipaddr> | poll-
interval <int 30-99999>}
Description
Parameters
Use this command to configure SNTP service from an SNTP server.
SNTP must be enabled for this command to function (See enable
sntp).
primary − This is the primary server the SNTP information will be
taken from.
<ipaddr> − The IP address of the primary server.
secondary − This is the secondary server the SNTP information will
be taken from in the event the primary server is unavailable.
<ipaddr> − The IP address for the secondary server.
poll-interval − This is the interval between requests for updated
SNTP information.
<int 30-99999> − The polling interval ranges from 30 to 99,999
seconds.
145
config sntp
Restrictions
Only administrator-level users can issue this command. SNTP
service must be enabled for this command to function (enable sntp).
Example usage:
To configure SNTP settings:
DES-3550:4#config sntp primary 10.1.1.1 secondary 10.1.1.2 poll-interval 30
Command: config sntp primary 10.1.1.1 secondary 10.1.1.2 poll-interval 30
Success.
DES-3550:4#
show sntp
Purpose
Used to display the SNTP information.
Syntax
show sntp
Description
This command will display SNTP settings information including the
source IP address, time and poll interval.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To display SNTP configuration information:
DES-3550:4#show sntp
Command: show sntp
Current Time Source : System Clock
SNTP
: Disabled
SNTP Primary Server : 10.1.1.1
SNTP Secondary Server : 10.1.1.2
SNTP Poll Interval : 30 sec
DES-3550:4#
enable sntp
Purpose
Enables SNTP server support.
Syntax
enable sntp
Description
This will enable SNTP support. SNTP service must be separately
configured (see config sntp).Enabling and configuring SNTP support
146
enable sntp
will override any manually configured system time settings.
None.
Parameters
Restrictions
Only administrator-level users can issue this command. SNTP
settings must be configured for SNTP to function (config sntp).
Example usage:
To enable the SNTP function:
DES-3550:4#enable sntp
Command: enable sntp
Success.
DES-3550:4#
disable sntp
Purpose
Disables SNTP server support.
Syntax
disable sntp
Description
This will disable SNTP support. SNTP service must be separately
configured (see config sntp).
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example:
To stop SNTP support:
DES-3550:4#disable sntp
Command: disable sntp
Success.
DES-3550:4#
config time
Purpose
Used to manually configure system time and date settings.
Syntax
config time <date ddmmmyyyy> <time hh:mm:ss>
Description
This will configure the system time and date settings. These will be
overridden if SNTP is configured and enabled.
Parameters
date – Express the date using two numerical characters for the day
of the month, three alphabetical characters for the name of the
147
config time
month, and four numerical characters for the year. For example:
03aug2003.
time – Express the system time using the format hh:mm:ss, that is,
two numerical characters each for the hour using a 24-hour clock,
the minute and second. For example: 19:42:30.
Restrictions
Only administrator-level users can issue this command. Manually
configured system time and date settings are overridden if SNTP
support is enabled.
Example usage:
To manually set system time and date settings:
DES-3550:4#config time 30jun2003 16:30:30
Command: config time 30jun2003 16:30:30
Success.
DES-3550:4#
config time_zone
Purpose
Used to determine the time zone used in order to adjust the system
clock.
Syntax
config time_zone {operator [+ | -] | hour <gmt_hour 0-13> | min
<minute 0-59>}
Description
Parameters
This will adjust system clock settings according to the time zone.
Time zone settings will adjust SNTP information accordingly.
operator – Choose to add (+) or subtract (-) time to adjust for time
zone relative to GMT.
hour – Select the number hours different from GMT.
min – Select the number of minutes difference added or subtracted
to adjust the time zone.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure time zone settings:
DES-3550:4#config time_zone operator + hour 2 min 30
Command: config time_zone operator + hour 2 min 30
Success.
DES-3550:4#
148
config dst
Purpose
Used to enable and configure time adjustments to allow for the use of
Daylight Savings Time (DST).
config dst [disable | repeating {s_week <start_week 1-4,last> |
s_day <start_day sun-sat> | s_mth <start_mth 1-12> | s_time
start_time hh:mm> | e_week <end_week 1-4,last> | e_day
<end_day sun-sat> | e_mth <end_mth 1-12> | e_time <end_time
hh:mm> | offset [30| 60 | 90 | 120]} | annual {s_date start_date 1-
31> | s_mth <start_mth 1-12> | s_time <start_time hh:mm> |
e_date <end_date 1-31> | e_mth <end_mth 1-12> | e_time
<end_time hh:mm> | offset [30|60|90|120]}]
Syntax
Description
Parameters
DST can be enabled and configured using this command. When
enabled this will adjust the system clock to comply with any DST
requirement. DST adjustment effects system time for both manually
configured time and time set using SNTP service.
disable -Disable the DST seasonal time adjustment for the switch.
repeating - Using repeating mode will enable DST seasonal time
adjustment. Repeating mode requires that the DST beginning and
ending date be specified using a formula. For example, specify to
begin DST on Saturday during the second week of April and end DST
on Sunday during the last week of October.
annual - Using annual mode will enable DST seasonal time
adjustment. Annual mode requires that the DST beginning and
ending date be specified concisely. For example, specify to begin
DST on April 3 and end DST on October 14.
s-week - Configure the week of the month in which DST begins.
<start_week 1-4,last> - The number of the week during the month in
which DST begins where 1 is the first week, 2 is the second week
and so on, last is the last week of the month.
e-week - Configure the week of the month in which DST ends.
<end_week 1-4,last> - The number of the week during the month in
which DST ends where 1 is the first week, 2 is the second week and
so on, last is the last week of the month.
s-wday – Configure the day of the week in which DST begins.
<start_weekday sun-sat> - The day of the week in which DST begins
expressed using a three character abbreviation (sun, mon, tue, wed,
thu, fri, sat)
e-wday - Configure the day of the week in which DST ends.
<end_weekday sun-sat> - The day of the week in which DST ends
expressed using a three character abbreviation (sun, mon, tue, wed,
thu, fri, sat)
s-mth - Configure the month in which DST begins.
<start_mth 1-12> - The month to begin DST expressed as a number.
149
config dst
e-mth - Configure the month in which DST ends.
<end_mth 1-12> - The month to end DST expressed as a number.
s-time – Configure the time of day to begin DST. Time is expressed
using a 24-hour clock.
e-time - Configure the time of day to end DST. Time is expressed
using a 24-hour clock.
s-date - Configure the specific date (day of the month) to begin DST.
The date is expressed numerically.
e-date - Configure the specific date (day of the month) to begin DST.
The date is expressed numerically.
offset - Indicates number of minutes to add or to subtract during the
summertime. The range of offset are 30,60,90,120; default value is 60
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure daylight savings time on the switch:
DES-3550:4#config dst repeating s_week 2 s_day tue s_mth 4 s_time
15:00 e_week 2 e_day wed e_mth 10 e_time 15:30 offset 30
Command: config dst repeating s_week 2 s_day tue s_mth 4 s_time
15:00 e_week 2 e_day wed e_mth 10 e_time 15:30 offset 30
Success.
DES-3550:4#
show time
Purpose
Used to display the current time settings and status.
Syntax
show time
Description
This will display system time and date configuration as well as
display current system time.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To show the time cuurently set on the switch’s System clock:
150
DES-3550:4#show time
Command: show time
Current Time Source : System Clock
Current Time
Time Zone
: 2 Days 01:43:41
: GMT +02:30
Daylight Saving Time : Repeating
Offset in Minutes
Repeating From
To
: 30
: Apr 2nd Tue 15:00
: Oct 2nd Wed 15:30
: 29 Apr 00:00
: 12 Oct 00:00
Annual From
To
DES-3550:4#
151
24
ARP COMMANDS
The ARP commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following
table.
Command
create arpentry
config arpentry
delete arpentry
show arpentry
Parameters
<ipaddr> <macaddr>
<ipaddr> <macaddr>
{[<ipaddr> | all]}
{ipif <ipif_name 12> | ipaddress <ipaddr> | [static | local]}
config arp_aging time <value 0-65535>
clear arptable
Each command is listed, in detail, in the following sections.
create arpentry
Purpose
Used to make a static entry into the ARP table.
Syntax
create arpentry <ipaddr> <macaddr>
Description
This command is used to enter an IP address and the corresponding
MAC address into the switch’s ARP table.
Parameters
<ipaddr> − The IP address of the end node or station.
<macaddr> − The MAC address corresponding to the IP address
above.
Restrictions
Only administrator-level users can issue this command.
Example Usage:
To create a static arp entry for the IP address 10.48.74.121 and MAC address 00:50:BA:00:07:36:
DES-3550:4#create arpentry 10.48.74.121 00-50-BA-00-07-36
Command: create arpentry 10.48.74.121 00-50-BA-00-07-36
Success.
DES-3550:4#
config arpentry
Purpose
Used to configure a static entry in the ARP table.
Syntax
config arpentry <ipaddr> <macaddr>
Description
This command is used to configure a static entry in the ARP Table.
The user may specify the IP address and the corresponding MAC
152
config arpentry
address of an entry in the switch’s ARP table.
Parameters
<ipaddr> − The IP address of the end node or station.
<macaddr> − The MAC address corresponding to the IP address
above.
Restrictions
Only administrator-level users can issue this command.
Example Usage:
To configure a static arp entry for the IP address 10.48.74.12 and MAC address 00:50:BA:00:07:36:
DES-3550:4#config arpentry 10.48.74.12 00-50-BA-00-07-36
Command: config arpentry 10.48.74.12 00-50-BA-00-07-36
Success.
DES-3550:4#
delete arpentry
Purpose
Used to delete a static entry into the ARP table.
Syntax
delete arpentry {[<ipaddr> | all]}
Description
This command is used to delete a static ARP entry, made using the
create arpentry command above, by specifying either the IP address
of the entry or all. Specifying all clears the switch’s ARP table.
Parameters
<ipaddr> − The IP address of the end node or station.
all − deletes all ARP entries.
Restrictions
Only administrator-level users can issue this command.
Example Usage:
To delete an entry of IP address 10.48.74.121 from the ARP table:
DES-3550:4#delete arpentry 10.48.74.121
Command: delete arpentry 10.48.74.121
Success.
DES-3550:4#
config arp_aging time
Purpose
Used to configure the age-out timer for ARP table entries on the
switch.
153
config arp_aging time
Syntax
config arp_aging time <value 0-65535>
Description
This command sets the maximum amount of time, in minutes, that
an ARP entry can remain in the switch’s ARP table, without being
accessed, before it is dropped from the table.
Parameters
time <value> − The ARP age-out time, in minutes. The value may be
set in the range of 0-65535 minutes with a default setting of 20
minutes.
Restrictions
Only administrator-level users can issue this command.
Example Usage:
To configure ARP aging time:
DES-3550:4#config arp_aging time 30
Command: config arp_aging time 30
Success.
DES-3550:4#
show arpentry
Purpose
Used to display the ARP table.
Syntax
show arpentry {ipif <ipif_name 12> | ipaddress <ipaddr> | [static
| local]}
Description
Parameters
This command is used to display the current contents of the switch’s
ARP table.
<ipif_name> − The name of the IP interface the end node or station
for which the ARP table entry was made, resides on.
<ipaddr> − The network address corresponding to the IP interface
name above.
static − Displays the static entries to the ARP table.
local – Displays the local entries in the ARP table.
none.
Restrictions
Example Usage:
To display the ARP table:
DES-3550:4#show arpentry
Command: show arpentry
ARP Aging Time : 30
Interface
-------------
IP Address
---------------
MAC Address
-----------------
Type
---------------
154
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
10.0.0.0
FF-FF-FF-FF-FF-FF Local/Broadcast
00-50-BA-70-E4-4E Dynamic
00-01-30-FA-5F-00 Dynamic
00-A0-C9-A4-22-5B Dynamic
00-80-C8-2E-C7-45 Dynamic
00-80-C8-48-DF-AB Dynamic
00-80-C8-93-05-6B Dynamic
10.1.1.169
10.1.1.254
10.9.68.1
10.9.68.4
10.10.27.51
10.11.22.145
10.11.94.10
10.14.82.24
10.15.1.60
10.17.42.153
10.19.72.100
10.21.32.203
10.40.44.60
10.42.73.221
10.44.67.1
10.47.65.25
10.50.8.7
00-10-83-F9-37-6E
00-50-BA-90-37-10
00-80-C8-17-42-55
Dynamic
Dynamic
Dynamic
00-80-C8-4D-4E-0A Dynamic
00-50-BA-38-7D-5E Dynamic
00-80-C8-40-C1-06
00-50-BA-6B-2A-1E Dynamic
00-01-02-03-04-00 Dynamic
Dynamic
00-50-BA-DA-02-51 Dynamic
00-50-BA-DA-03-2B Dynamic
00-E0-18-45-C7-28
00-01-02-03-04-00
Dynamic
Local
10.90.90.90
10.255.255.255 FF-FF-FF-FF-FF-FF Local/Broadcast
Total Entries = 20
DES-3550:4#
clear arptable
Purpose
Used to remove all dynamic ARP table entries.
Syntax
clear arptable
Description
This command is used to remove dynamic ARP table entries from
the switch’s ARP table. Static ARP table entries are not affected.
Parameters
Restrictions
none.
Only administrator-level users can issue this command.
Example Usage:
To remove dynamic entries in the ARP table:
DES-3550:4#clear arptable
Command: clear arptable
Success.
DES-3550:4#
155
25
ROUTING TABLE COMMANDS
The routing table commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
Command
Parameters
create iproute default
delete iproute default
show iproute
<ipaddr> {<metric 1-65535>}
{<network_address>} {static}
Each command is listed, in detail, in the following sections.
create iproute default
Purpose
Used to create IP route entries to the switch’s IP
routing table.
Syntax
create iproute default <ipaddr> {<metric 1-
65535>}
Description
Parameters
This command is used to create a default static IP
route entry to the switch’s IP routing table.
<ipaddr> − The gateway IP address for the next
hop router.
<metric> − Allows the entry of a routing protocol
metric entry representing the number of routers
between the Switch and the IP address above.The
default setting is 1.
Restrictions
Only administrator-level users can issue this
command.
Example Usage:
To add the default static address 10.48.74.121, with a metric setting of 1, to the routing table:
DES-3550:4#create iproute default 10.48.74.121 1
Command: create iproute default 10.48.74.121 1
Success.
DES-3550:4#
delete iproute default
Purpose
Used to delete a default IP route entry from the switch’s IP routing
table.
Syntax
delete iproute default
156
delete iproute default
Description
This command will delete an existing default entry from the switch’s
IP routing table.
Parameters
Restrictions
none
Only administrator-level users can issue this command.
Example usage:
To delete the default IP route 10.53.13.254:
DES-3550:4#delete iproute default 10.53.13.254
Command: delete iproute default 10.53.13.254
Success.
DES-3550:4#
show iproute
Purpose
Used to display the switch’s current IP routing table.
show iproute {<network_address>} {static}
Syntax
Description
Parameters
This command will display the switch’s current IP routing table.
<network_address> − IP address and netmask of the IP interface
that is the destination of the route. You can specify the address and
mask information using the traditional format (for example,
10.1.2.3/255.0.0.0 or in CIDR format, 10.1.2.3/8).
static – use this to display static iproute entries.
none.
Restrictions
Example Usage:
To display the contents of the IP routing table:
DES-3550:4#show iproute
Command: show iproute
Routing Table
IP Address/Netmask
---------------
Gateway
Interface
---------------
System
Hops Protocol
---------------
10.1.1.254
10.48.74.122
----
1
-----------
Default
Local
0.0.0.0
10.0.0.0/8
System
1
Total Entries: 2
DES-3550:4#
157
26
MAC NOTIFICATION COMMANDS
The MAC Notification Commands in the Command Line Interface (CLI) are listed, in the following table, along with their
appropriate parameters.
Command
Parameters
enable mac_notification
disable mac_notification
config mac_notification
{interval <int 1-2147483647> | historysize <int 1-500>
[<portlist> | all] [enable | disable]
config mac_notification
ports
show mac_notification
ports <portlist>
<portlist>
show mac_notification
ports
Each command is listed, in detail, in the following sections.
enable mac_notification
Purpose
Used to enable global MAC address table notification on the switch.
Syntax
enable mac_notification
Description
This command is used to enable MAC address notification without
changing configuration.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example Usage:
To enable MAC notification without changing basic configuration:
DES-3550:4#enable mac_notification
Command: enable mac_notification
Success.
DES-3550:4#
disable mac_notification
Purpose
Used to disable global MAC address table notification on the switch.
Syntax
disableable mac_notification
Description
This command is used to disable MAC Address Notification without
changing configuration.
158
disable mac_notification
Parameters
None.
Restrictions
Only administrator-level users can issue this command.
Example Usage:
To disable MAC notification without changing basic configuration:
DES-3550:4#disable mac_notification
Command: disable mac_notification
Success.
DES-3550:4#
config mac_notification
Purpose
Syntax
Used to configure MAC address notification.
config mac_notification {interval <int 1-2147483647> |
historysize <int 1-500>
Description
Parameters
MAC address notificiation is used to monitor MAC addresses learned
and entered into the FDB.
interval <int 1-2147483647> - time in seconds between notifications.
The user may choose an interval between 1 and 2,147,483,647
seconds.
historysize <1 - 500> - maximum number of entries listed in the
history log used for notification.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure the switch’s MAC address table notification global settings:
DES-3550:4#config mac_notification interval 1 historysize 500
Command: config mac_notification interval 1 historysize 500
Success.
DES-3550:4#
config mac_notification ports
Purpose
Syntax
Used to configure MAC address notification status settings.
config mac_notification ports [<portlist | all] [enable | disable]
159
config mac_notification ports
Description
MAC address notificiation is used to monitor MAC addresses learned
and entered into the FDB.
Parameters
<portlist> Specify a port or range of ports to be configured.
all – Entering this command will set all ports on the system.
enable / disable – These commands will enable or disable MAC
address table notification on the switch.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To enable port 7 for MAC address table notification:
DES-3550:4#config mac_notification ports 7 enable
Command: config mac_notification ports 7 enable
Success.
DES-3550:4#
show mac_notification
Purpose
Used to display the switch’s MAC address table notification global
settings
Syntax
show mac_notification ports <portlist>
Description
This command is used to display the switch’s MAC address table
notification global settings.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To view the switch’s MAC address table notification global settings:
DES-3550:4#show mac_notification
Command: show mac_notification
Global Mac Notification Settings
State
: Enabled
: 1
Interval
History Size : 1
Success.
DES-3550:4#
160
show mac_notification ports
Purpose
Used to display the switch’s MAC address table notification status
settings
Syntax
show mac_notification ports <portlist>
Description
This command is used to display the switch’s MAC address table
notification status settings.
Parameters
Restrictions
<portlist> - Specify a port or group of ports to be viewed.
Entering this command without the parameter will display the MAC
notification table for all ports.
None
Example usage:
To display all port’s MAC address table notification status settings:
DES-3550:4#show mac_notification ports
Command: show mac_notification ports
Port # MAC Address Table Notification State
------ ------------------------------------
1
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
CTRL+C ESC q Quit SPACE n Next Page Enter Next Entry a All
161
27
ACCESS AUTHENTICATION CONTROL COMMANDS
The TACACS / XTACACS / TACACS+ commands let you secure access to the switch using the TACACS / XTACACS /
TACACS+ protocols. When a user logs in to the switch or tries to access the administrator level privelege, he or she is prompted
for a password. If TACACS / XTACACS / TACACS+ authentication is enabled on the switch, it will contact a TACACS /
XTACACS / TACACS+ server to verify the user. If the user is verified, he or she is granted access to the switch.
There are currently three versions of the TACACS security protocol, each a separate entity. The switch’s software supports the
following versions of TACACS:
• TACACS (Terminal Access Controller Access Control System) —Provides password checking and authentication,
and notification of user actions for security purposes utilizing via one or more centralized TACACS servers, utilizing the UDP
protocol for packet transmission.
• Extended TACACS (XTACACS) — An extension of the TACACS protocol with the ability to provide more types of
authentication requests and more types of response condes than TACACS. This protocol also uses UDP to transmit packets.
• TACACS+ (Terminal Access Controller Access Control System plus) — Provides detailed access control for
authentication for network devices. TACACS+ is facilitated through Authentication commands via one or more centralized
servers. The TACACS+ protocol encrypts all traffic between the switch and the TACACS+ daemon, using the TCP protocol to
ensure reliable delivery
In order for the TACACS / XTACACS / TACACS+ security function to work properly, a TACACS / XTACACS / TACACS+
server must be configured on a device other than the switch, called a server host and it must include usernames and passwords
for authentication. When the user is prompted by the switch to enter usernames and passwords for authentication, the switch
contacts the TACACS / XTACACS / TACACS+ server to verify, and the server will respond with one of three messages:
A) The server verifies the username and password, and the user is granted normal user priviledges on the switch.
B) The server will not accept the username and password and the user is denied access to the switch.
C) The server doesn’t respond to the verification query. At this point, the switch receives the timeout from the server and
then moves to the next method of verification configured in the method list.
The switch has three built-in server groups, one for each of the TACACS, XTACACS and TACACS+ protocols. These built-in
server groups are used to authenticate users trying to access the switch. The users will set server hosts in a preferable order in
the built-in server group and when a user tries to gain acess to the switch, the switch will ask the first server host for
authentication. If no authentication is made, the second server host in the list will be queried, and so on. The built-in server
group can only have hosts that are running the specified protocol. For example, the TACACS server group can only have
TACACS server hosts.
The administrator for the switch may set up 5 different authentication techniques per user-defined method list (TACACS /
XTACACS / TACACS+ / local / none) for authentication. These techniques will be listed in an order preferable, and defined by
the user for normal user authentication on the switch, and may contain up to eight authentication techniques. When a user
attempts to access the switch, the switch will select the first technique listed for authentication. If the first technique goes
through its server hosts and no authentication is returned, the switch will then go to the next technique listed in the server group
for authentication, until the authentication has been verified or denied, or the list is exhausted.
Please note that user granted access to the switch will be granted normal user privileges on the switch. To gain acess to admin
level priveledges, the user must enter the enable admin command and then enter a password, which was previously
configured by the administrator of the switch.
The TACACS (Terminal Access Controller Access Control System) commands in the Command Line Interface (CLI) are listed
(along with the appropriate parameters) in the following table.
NOTE: TACACS, XTACACS and TACACS+ are separate entities and are not
compatible. The switch and the server must be configured exactly the same, using
the same protocol. (For example, if the switch is set up for TACACS authentication,
so must be the host server.)
162
Command
Parameters
enable authen_policy
disable authen_policy
show authen_policy
create authen_login
method_list_name
<string 15>
config authen_login
[default | method_list_name <string 15>] method {tacacs |
xtacacs | tacacs+ | server_group <string 15> | local | none}
delete authen_login
method_list_name
<string 15>
show authen_login
{default | method_list_name <string 15> | all}
<string 15>
create authen_enable
method_list_name
config authen_enable
[default | method_list_name <string 15>] method {tacacs |
xtacacs | tacacs+ | server_group <string 15> | local_enable
| none}
delete authen_enable
method_list_name
<string 15>
show authen_enable
[default | method_list_name <string 15> | all]
config authen application
{console | telnet | http | all] [login | enable] [default |
method_list_name <string 15>]
show authen application
create authen server_group <string 15>
config authen server_group [tacacs | xtacacs | tacacs+ | <string 15>] [add | delete]
server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+]
delete authen server_group <string 15>
show authen server_group
create authen server_host
<string 15>
<ipaddr> protocol [tacacs | xtacacs | tacacs+] {port <int 1-
65535> | key [<key_string 254> | none] | timeout <int 1-
255> | retransmit <int 1-255>}
config authen server_host
<ipaddr> protocol [tacacs | xtacacs | tacacs+] {port <int 1-
65535> | key [<key_string 254> | none] | timeout <int 1-
255> | retransmit <int 1-255>}
delete authen server_host
show authen server_host
<ipaddr> protocol [tacacs | xtacacs | tacacs+]
config authen parameter
response_timeout
<int 1-255>
<int 1-255>
config authen parameter
attempt
show authen parameter
enable admin
config admin local_enable
<password 15>
Each command is listed, in detail, in the following sections.
163
enable authen_policy
Purpose
Used to enable system access authentication policy.
Syntax
enable authen_policy
Description
This command will enable an administrator-defined authentication
policy for users trying to access the switch. When enabled, the
device will check the method list and choose a technique for user
authentication upon login.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To enable the system access authentication policy:
DES-3550:4#enable authen_policy
Command: enable authen_policy
Success.
DES-3550:4#
disable authen_policy
Purpose
Used to disable system access authentication policy.
Syntax
disable authen_policy
Description
This command will disable the administrator-defined authentication
policy for users trying to access the switch. When disabled, the
switch will access the local user account database for username and
password verification. In addition, the switch will now accept the
local enable password as the authentication for normal users
attempting to access administrator level priveledges.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To disable the system access authentication policy:
DES-3550:4#disable authen_policy
Command: disable authen_policy
Success.
DES-3550:4#
164
show authen_policy
Purpose
Used to display the system access authentication policy status on
the switch.
Syntax
show authen_policy
Description
This command will show the current status of the access
authentication policy on the switch
Parameters
Restrictions
None.
None.
Example usage:
To display the system access authentication policy:
DES-3550:4#show authen_policy
Command: show authen_policy
Authentication Policy: Enabled
DES-3550:4#
create authen_login method_list_name
Purpose
Used to create a user defined method list of authentication methods
for users logging on to the switch.
Syntax
create authen_login method_list_name <string 15>
Description
This command is used to create a list for authentication techniques
for user login. The switch can support up to eight method lists, but
one is reserved as a default and cannot be deleted. Multiple method
lists must be created and configured separately.
Parameters
Restrictions
<string 15> Enter an alphanumeric string of up to 15 characters to
define the given method list.
Only administrator-level users can issue this command.
Example usage:
To create the method list “Trinity.”:
DES-3550:4#create authen_login method_list_name Trinity
Command: create authen_login method_list_name Trinity
Success.
DES-3550:4#
165
config authen_login
Purpose
Used to configure a user-defined or default method list of
authentication methods for user login.
Syntax
config authen_login [default | method_list_name <string 15>]
method {tacacs | xtacacs | tacacs+ | server_group <string 15> |
local | none}
Description
This command will configure a user-defined or default method list of
authentication methods for users logging on to the switch. The
sequence of methods implemented in this command will affect the
authentication result. For example, if a user enters a sequence of
methods like tacacs – xtacacs – local, the switch will send an
authentication request to the first tacacs host in the server group. If
no response comes from the server host, the switch will send an
authentication request to the second tacacs host in the server
group and so on, until the list is exhausted. At that point, the switch
will restart the same sequence with the following protocol listed,
xtacacs. If no authentication takes place using the xtacacs list, the
local account database set in the switch is used to authenticate the
user. When the local method is used, the priviledge level will be
dependant on the local account priveledge configured on the
switch.
Successful login using any of these methods will give the user a
“user” priviledge only. If the user wishes to upgrade his or her
status to the administrator level, the user must implement the
enable admin command, followed by a previously configured
password. (See the enable admin part of this section for more
detailed information, concerning the enable admin command.)
Parameters
default – The default method list for access authentication, as
defined by the user. The user may choose one or a combination of
up to four (4) of the following authentication methods:
ꢁ
ꢁ
ꢁ
ꢁ
ꢁ
ꢁ
tacacs – Adding this parameter will require the user to be
authenticated using the tacacs protocol from the remote
tacacs server hosts of the tacacs server group list.
xtacacs – Adding this parameter will require the user to be
authenticated using the xtacacs protocol from the remote
xtacacs server hosts of the xtacacs server group list.
tacacs+ – Adding this parameter will require the user to be
authenticated using the tacacs protocol from the remote
tacacs+ server hosts of the tacacs+ server group list.
server_group <string 15> - Adding this parameter will
require the user to be authenticated using a user-defined
server group previously configured on the switch.
local - Adding this parameter will require the user to be
authenticated using the local user account database on
the switch.
none – Adding this parameter will require no
authentication to access the switch.
method_list_name – Enter a previously implemented method list
166
config authen_login
name defined by the user. The user may add one, or a combination
of up to four (4) of the following authentication methods to this
method list:
ꢁ
ꢁ
ꢁ
ꢁ
ꢁ
ꢁ
tacacs – Adding this parameter will require the user to be
authenticated using the tacacs protocol from a remote
tacacs server.
xtacacs – Adding this parameter will require the user to be
authenticated using the xtacacs protocol from a remote
xtacacs server.
tacacs+ – Adding this parameter will require the user to be
authenticated using the tacacs protocol from a remote
tacacs server.
server_group <string 15> - Adding this parameter will
require the user to be authenticated using a user-defined
server group previously configured on the switch.
local - Adding this parameter will require the user to be
authenticated using the local user account database on
the switch.
none – Adding this parameter will require no
authentication to access the switch.
NOTE: Entering none or local as an authentication
protocol will override any other authentication that follows
it on a method list or on the default method list.
Restrictions
Example usage:
Only administrator-level users can issue this command.
To configure the user defined method list “Trinity” with authentication methods tacacs, xtacacs and local, in that order.
DES-3550:4#config authen_login method_list_name Trinity
method tacacs xtacacs local
Command: config authen_login method_list_name Trinity
method tacacs xtacacs local
Success.
DES-3550:4#
Example usage:
To configure the default method list with nauthentication methods xtacacs, tacacs+ and local, in that order:
167
DES-3550:4#config authen_login default method xtacacs
tacacs+ local
Command: config authen_login default method xtacacs
tacacs+ local
Success.
DES-3550:4#
delete authen_login method_list_name
Purpose
Used to delete a previously configured user defined method list of
authentication methods for users logging on to the switch.
Syntax
delete authen_login method_list_name <string 15>
Description
This command is used to delete a list for authentication methods for
user login.
Parameters
Restrictions
<string 15> Enter an alphanumeric string of up to 15 characters to
define the given method list the user wishes to delete.
Only administrator-level users can issue this command.
Example usage:
To delete the method list name “Trinity”:
DES-3550:4#delete authen_login method_list_name Trinity
Command: delete authen_login method_list_name Trinity
Success.
DES-3550:4#
show authen_login
Purpose
Used to display a previously configured user defined method list of
authentication methods for users logging on to the switch.
Syntax
show authen_login [default | method_list_name <string 15> |
all]
Description
Parameters
This command is used to show a list of authentication methods for
user login.
default – Entering this parameter will display the default method list
for users logging on to the switch.
method_list_name <string 15> Enter an alphanumeric string of up to
15 characters to define the given method list the user wishes to
view.
all – Entering this parameter will display all the authentication login
168
show authen_login
methods currewntly configured on the switch.
The window will display the following parameters:
ꢁ
ꢁ
Method List Name – The name of a previously configured
method list name.
Priority – Defines which order the method list protocols will
be queried for authentication when a user attempts to log
on to the switch. Priority ranges from 1(highest) to 4
(lowest).
ꢁ
ꢁ
Method Name – Defines which security protocols are
implemeted, per method list name.
Comment – Defines the type of Method. User-defined
Group refers to server group defined by the user. Built-in
Group refers to the tacacs, xtracacs and tacacs+ security
protocols which are permanently set in the switch. Keyword
refers to authentication using a technique INSTEAD of
TACACS/XTACACS/TACACS+ which are local
(authentication through the user account on the switch) and
none (no authentication necessary to access any function
on the switch).
Restrictions
Only administrator-level users can issue this command.
DES-3550:4#show authen_login method_list_name Trinity
Command: show authen_login method_list_name Trinity
Method List Name Priority Method Name
Comment
----------------
Trinity
--------
---------------
tacacs+
tacacs
---------
1
2
3
4
Built-in Group
Built-in Group
User-defined Group
Keyword
Darren
local
DES-3550:4#
create authen_enable method_list_name
Purpose
Used to create a user-defined method list of authentication methods
for promoting normal user level privileges to Administrator level
privileges on the switch.
Syntax
create authen_enable method_list_name <string 15>
Description
This command is used to promote users with normal level priveleges
to Administrator level priviledges using authentication methods on
the switch. Once a user acquires normal user level privileges on the
switch, he or she must be authenticated by a method on the switch
169
create authen_enable method_list_name
to gain administrator privileges on the switch, which is defined by the
Administrator. A maximum of eight (8) enable method lists can be
implemented on the switch.
Parameters
Restrictions
<string 15> Enter an alphanumeric string of up to 15 characters to
define the given enable method list the user wishes to create.
Only administrator-level users can issue this command.
Example usage:
To create a user-defined method list, named “Permit” for promoting user privileges to Adminstrator privileges:
DES-3550:4#create authen_enable method_list_name Permit
Command: show authen_login method_list_name Permit
Success.
DES-3550:4#
config authen_enable
Purpose
Used to configure a user-defined method list of authentication
methods for promoting normal user level priveledges to
Administrator level priveledges on the switch.
Syntax
config authen_enable [default | method_list_name <string 15>]
method {tacacs | xtacacs | tacacs+ | server_group <string 15> |
local_enable | none}
Description
This command is used to promote users with normal level priveleges
to Administrator level priviledges using authentication methods on
the switch. Once a user acquires normal user level privileges on the
switch, he or she must be authenticated by a method on the switch
to gain administrator privileges on the switch, which is defined by the
Administrator. A maximum of eight (8) enable method lists can be
implemented on the switch.
The sequence of methods implemented in this command will affect
the authentication result. For example, if a user enters a sequence of
methods like tacacs – xtacacs – local_enable, the switch will send
an authentication request to the first tacacs host in the server group.
If no verification is found, the switch will send an authentication
request to the second tacacs host in the server group and so on,
until the list is exhausted. At that point, the switch will restart the
same sequence with the following protocol listed, xtacacs. If no
authentication takes place using the xtacacs list, the local_enable
password set in the switch is used to authenticate the user.
Successful authentication using any of these methods will give the
user a “Admin” priviledge.
Parameters
default – The default method list for adminstration rights
authentication, as defined by the user. The user may choose one or
a combination of up to four (4) of the following authentication
methods:
170
config authen_enable
ꢁ
ꢁ
ꢁ
ꢁ
ꢁ
ꢁ
tacacs – Adding this parameter will require the user to be
authenticated using the tacacs protocol from the remote
tacacs server hosts of the tacacs server group list.
xtacacs – Adding this parameter will require the user to be
authenticated using the xtacacs protocol from the remote
xtacacs server hosts of the xtacacs server group list.
tacacs+ – Adding this parameter will require the user to be
authenticated using the tacacs protocol from the remote
tacacs+ server hosts of the tacacs+ server group list.
server_group <string 15> - Adding this parameter will
require the user to be authenticated using a user-defined
server group previously configured on the switch.
local_enable - Adding this parameter will require the user to
be authenticated using the local user account database on
the switch.
none – Adding this parameter will require no authentication
to access the switch.
method_list_name – Enter a previously implemented method list
name defined by the user (create authen_enable). The user may add
one, or a combination of up to four (4) of the following authentication
methods to this method list:
ꢁ
ꢁ
ꢁ
ꢁ
ꢁ
tacacs – Adding this parameter will require the user to be
authenticated using the tacacs protocol from a remote
tacacs server.
xtacacs – Adding this parameter will require the user to be
authenticated using the xtacacs protocol from a remote
xtacacs server.
tacacs+ – Adding this parameter will require the user to be
authenticated using the tacacs protocol from a remote
tacacs server.
server_group <string 15> - Adding this parameter will
require the user to be authenticated using a user-defined
server group previously configured on the switch.
local_enable - Adding this parameter will require the user to
be authenticated using the local user account database on
the switch. The local enable password of the device can be
configured using the “config admin local_password”
command.
ꢁ
none – Adding this parameter will require no authentication
to access the administration level privileges on the switch.
Restrictions
Example usage:
Only administrator-level users can issue this command.
To configure the user defined method list “Permit” with authentication methods tacacs, xtacacs and local, in that order.
171
DES-3550:4#config authen_enable method_list_name Trinity
method tacacs xtacacs local
Command: config authen_enable method_list_name Trinity
method tacacs xtacacs local
Success.
DES-3550:4#
Example usage:
To configure the default method list with authentication methods xtacacs, tacacs+ and local, in that order:
DES-3550:4#config authen_enable default method xtacacs
tacacs+ local
Command: config authen_enable default method xtacacs
tacacs+ local
Success.
DES-3550:4#
delete authen_enable method_list_name
Purpose
Used to delete a user-defined method list of authentication methods
for promoting normal user level priveledges to Administrator level
priveledges on the switch.
Syntax
delete authen_enable method_list_name <string 15>
Description
This command is used to delete a user-defined method list of
authentication methods for promoting user level privileges to
Adminstrator level privileges.
Parameters
Restrictions
<string 15> Enter an alphanumeric string of up to 15 characters to
define the given enable method list the user wishes to delete.
Only administrator-level users can issue this command.
Example usage:
To delete the user-defined method list “Permit”
DES-3550:4#delete authen_enable method_list_name Permit
Command: delete authen_enable method_list_name Permit
Success.
DES-3550:4#
172
show authen_enable
Purpose
Used to display the method list of authentication methods for
promoting normal user level priveledges to Administrator level
priveledges on the switch.
Syntax
show authen_enable [default | method_list_name <string 15> |
all]
Description
This command is used to delete a user-defined method list of
authentication methods for promoting user level privileges to
Adminstrator level privileges.
Parameters
default – Entering this parameter will display the default method list
for users attempting to gain access to Administrator level privileges
on the switch.
method_list_name <string 15> Enter an alphanumeric string of up to
15 characters to define the given method list the user wishes to
view.
all – Entering this parameter will display all the authentication login
methods currently configured on the switch.
The window will display the following parameters:
ꢁ
ꢁ
Method List Name – The name of a previously configured
method list name.
Priority – Defines which order the method list protocols will
be queried for authentication when a user attempts to log
on to the switch. Priority ranges from 1(highest) to 4
(lowest).
ꢁ
ꢁ
Method Name – Defines which security protocols are
implemeted, per method list name.
Comment – Defines the type of Method. User-defined
Group refers to server groups defined by the user. Built-in
Group refers to the tacacs, xtracacs and tacacs+ security
protocols which are permanently set in the switch. Keyword
refers to authentication using a technique INSTEAD of
TACACS/XTACACS/TACACS+ which are local
(authentication through the local_enable password on the
switch) and none (no authentication necessary to access
any function on the switch).
Restrictions
Example usage:
To display all method lists for promoting user level privileges to administrator level privileges.
None
173
DES-3550:4#show authen_enable all
Command: show authen_enable all
Method List Name Priority Method Name Comment
----------------
Permit
--------
---------------
tacacs+
tacacs
------------------
Built-in Group
Built-in Group
User-defined Group
Keyword
1
2
3
4
Darren
local
default
1
2
tacacs+
local
Built-in Group
Keyword
Total Entries : 2
DES-3550:4#
config authen application
Purpose
Used to configure various applications on the switch for
authentication using a previously configured method list.
Syntax
config authen application [console | telnet | http | all] [login |
enable] [default | method_list_name <string 15>]
Description
This command is used to configure switch configuration
applications(console, telnet, web) for login at the user level and at
the administration level (authen_enable) utilizing a previously
configured method list.
Parameters
Application – choose the application to configure. The user may
choose one of the following four applications to configure.
ꢁ
ꢁ
ꢁ
ꢁ
console – choose this parameter to configure the command
line interface login method.
telnet – choose this parameter to configure the telnet login
method.
http – choose this parameter to configure the web interface
login method.
all – choose this parameter to configure all applications
(console, telnet, web) login method.
login – Use this parameter to configure an application for normal
login on the user level, using a previously configured method list.
enable - Use this parameter to configure an application for
upgrading a normal user level to administrator privileges, using a
previously configured method list.
default – Use this parameter to configure an application for user
174
config authen application
authentication using the default method list.
method_list_name <string 15> - Use this parameter to configure an
application for user authentication using a prevoisly configured
method list. Enter a alphanumeric string of up to 15 characters to
define a previously configured method list.
Restrictions
Example usage:
To configure the default method list for the web interface:
DES-3550:4#config authen application http login default
Only administrator-level users can issue this command.
Command: config authen application http login default
Success.
DES-3550:4#
show authen application
Purpose
Used to display authentication methods for the various applications
on the switch.
Syntax
show authen application
Description
This command will display all of the authentication method lists
(login, enable administrator privileges) for switch configuration
applications(console, telnet, web) currently configured on the switch.
Parameters
Restrictions
None.
None.
Example usage:
To display the login and enable method list for all applications on the switch:
DES-3550:4#show authen application
Command: show authen application
Application Login Method List Enable Method List
----------------- ------------------
------------------------
default
Console
Telnet
HTTP
default
Trinity
default
default
default
DES-3550:4#
175
create authen server_host
Purpose
Used to create an authentication server host.
Syntax
create authen server_host <ipaddr> protocol [tacacs | xtacacs
| tacacs+] {port <int 1-65535> | key [<key_string 254> | none] |
timeout <int 1-255> | retransmit < 1-255>}
Description
This command will create an authentication server host for the
tacacs/xtacacs/tacacs+ security protocols on the switch. When a
user attempts to access the switch with authentication protocol
enabled, the switch will send authentication packets to a remote
tacacs/xtacacs/tacacs+ server host on a remote host. The
tacacs/xtacacs/tacacs+ server host will then verify or deny the
request and return the appropriate message to the switch. More
than one authentication protocol can be run on the same physical
server host but, remember that tacacs/xtacacs/tacacs+ are
separate entities and are not compatible with each other. The
maximum supported number of server hosts is 16.
Parameters
server_host <ipaddr> - The IP address of the remote server host
the user wishes to add.
protocol – The protocol used by the server host. The user may
choose one of the following:
ꢁ
ꢁ
ꢁ
tacacs – Enter this parameter if the server host utilizes the
tacacs protocol.
xtacacs - Enter this parameter if the server host utilizes the
xtacacs protocol.
tacacs+ - Enter this parameter if the server host utilizes
the tacacs+ protocol.
port <int 1-65535> Enter a number between 1 and 65535 to define
the virtual port number of the authentication protocol on a server
host. The default port number is 49 for tacacs/xtacacs/tacacs+
servers but the user may set a unique port number for higher
security.
key <key_string 254> - Authentication key to be shared with a
configured TACACS+ server only. Specify an alphanumeric string
up to 254 characters.
timeout <int 1-255> - Enter the time in seconds the switch will wait
for the server host to reply to an authentication request. The default
value is 5 seconds.
retransmit <int 1-255> - Enter the value in the retransmit field to
change how many times the device will resend an authentication
request when the TACACS server does not respond.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To create a TACACS+ authentication server host, with port number 1234, a timeout value of 10 seconds and a
retransmit count of 5.
176
DES-3550:4#create authen server_host 10.1.1.121 protocol
tacacs+ port 1234 timeout 10 retransmit 5
Command: create authen server_host 10.1.1.121 protocol tacacs+
port 1234 timeout 10 retransmit 5
Success.
DES-3550:4#
config authen server_host
Purpose
Used to configure a user-defined authentication server host.
Syntax
create authen server_host <ipaddr> protocol [tacacs | xtacacs |
tacacs+] {port <int 1-65535> | key [<key_string 254> | none] |
timeout <int 1-255> | retransmit < 1-255>}
Description
This command will configure a user-defined authentication server
host for the tacacs/xtacacs/tacacs+ security protocols on the switch.
When a user attempts to access the switch with authentication
protocol enabled, the switch will send authentication packets to a
remote tacacs/xtacacs/tacacs+ server host on a remote host. The
tacacs/xtacacs/tacacs+ server host will then verify or deny the
request and return the appropriate message to the switch. More than
one authentication protocol can be run on the same physical server
host but, remember that tacacs/xtacacs/tacacs+ are separate
entities and are not compatible with each other. The maximum
supported number of server hosts is 16.
Parameters
server_host <ipaddr> - The IP address of the remote server host the
user wishes to alter.
protocol – The protocol used by the server host. The user may
choose one of the following:
ꢁ
ꢁ
ꢁ
tacacs – Enter this parameter if the server host utilizes the
tacacs protocol.
xtacacs - Enter this parameter if the server host utilizes the
xtacacs protocol.
tacacs+ - Enter this parameter if the server host utilizes the
tacacs+ protocol.
port <int 1-65535> Enter a number between 1 and 65535 to define
the virtual port number of the authentication protocol on a server
host. The default port number is 49 for tacacs/xtacacs/tacacs+
servers but the user may set a unique port number for higher
security.
key <key_string 254> - Authentication key to be shared with a
configured TACACS+ server only. Specify an alphanumeric string up
to 254 characters or choose none.
timeout <int 1-255> - Enter the time in seconds the switch will wait
for the server host to reply to an authentication request. The default
value is 5 seconds.
retransmit <int 1-255> - Enter the value in the retransmit field to
177
config authen server_host
change how many times the device will resend an authentication
request when the TACACS server does not respond. This field is
inoperable for the tacacs+ protocol.
Restrictions
Example usage:
Only administrator-level users can issue this command.
To configure a TACACS+ authentication server host, with port number 4321, a timeout value of 12 seconds and a
retransmit count of 4.
DES-3550:4#config authen server_host 10.1.1.121 protocol
tacacs+ port 4321 timeout 12 retransmit 4
Command: config authen server_host 10.1.1.121 protocol tacacs+
port 4321 timeout 12 retransmit 4
Success.
DES-3550:4#
delete authen server_host
Purpose
Used to delete a user-defined authentication server host.
Syntax
delete authen server_host <ipaddr> protocol [tacacs | xtacacs |
tacacs+]
Description
Parameters
This command is used to delete a user-defined authentication server
host previously created on the switch.
server_host <ipaddr> - The IP address of the remote server host the
user wishes to delete.
protocol – The protocol used by the server host the user wishes to
delete. The user may choose one of the following:
ꢁ
ꢁ
ꢁ
tacacs – Enter this parameter if the server host utilizes the
tacacs protocol.
xtacacs - Enter this parameter if the server host utilizes the
xtacacs protocol.
tacacs+ - Enter this parameter if the server host utilizes the
tacacs+ protocol.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To delete a user-defined TACACS+ authentication server host:
178
DES-3550:4#delete authen server_host 10.1.1.121 protocol
tacacs+
Command: delete authen server_host 10.1.1.121 protocol tacacs+
Success.
DES-3550:4#
show authen server_host
Purpose
Used to view a user-defined authentication server host.
Syntax
show authen server_host
Description
This command is used to view user-defined authentication server
hosts previously created on the switch.
The following parameters are displayed:
IP address – The IP address of the authentication server host.
Protocol – he protocol used by the server host. Possible results will
include tacacs, xtacacs and tacacs+.
Port – The virtual port number on the server host. The default value
is 49.
Timeout - The time in seconds the switch will wait for the server host
to reply to an authentication request.
Retransmit - The value in the retransmit field denotes how many
times the device will resend an authentication request when the
TACACS server does not respond. This field is inoperable for the
tacacs+ protocol.
Key - Authentication key to be shared with a configured TACACS+
server only.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To view authenticaion server hosts currently set on the switch:
179
DES-3550:4#show authen server_host
Command: show authen server_host
IP Address Protocol Port Timeout Retransmit Key
--------------- --------
----- -------
--------------- --------
No Use
10.53.13.94 TACACS 49
5
2
Total Entries : 1
DES-3550:4#
create authen server_group
Purpose
Used to create a user-defined authentication server group.
Syntax
create authen server_group <string 15>
Description
This command will create an authentication server group. A server
group is a technique used to group tacacs/xtacacs/tacacs+ server
hosts into user defined categories for authentication using method
lists. The user may add up to eight (8) authentication server hosts to
this group using the config authen server_group command.
Parameters
Restrictions
<string 15> Enter an alphanumeric string of up to 15 characters to
define the newly created server group.
Only administrator-level users can issue this command.
Example usage:
To create the server group “group_1”:
DES-3550:4#create server_group group_1
Command: create server_group group_1
Success.
DES-3550:4#
config authen server_group
Purpose
Used to create a user-defined authentication server group.
Syntax
config authen server_group [tacacs | xtacacs | tacacs+ | <string
15>] [add | delete] server_host <ipaddr> protocol [tacacs |
xtacacs | tacacs+]
Description
This command will configure an authentication server group. A
server group is a technique used to group tacacs/xtacacs/tacacs+
server hosts into user defined categories for authentication using
method lists. The user may define the type of server group by
protocol or by previously defined server group. Up to eight (8)
180
config authen server_group
authentication server hosts may be added to any particular group
Parameters
server_group - The user may define the group by protocol groups
built into the switch(tacacs/xtacacs/tacacs+), or by a user-defined
group previously created using the create authen server_group
command.
ꢁ
ꢁ
ꢁ
ꢁ
tacacs – Use this parameter to utilize the built-in tacacs
server protocol on the switch. Only server hosts utilizing the
tacacs protocol may be added to this group.
xtacacs – Use this parameter to utilize the built-in xtacacs
server protocol on the switch. Only server hosts utilizing the
xtacacs protocol may be added to this group.
tacacs+ – Use this parameter to utilize the built-in tacacs+
server protocol on the switch. Only server hosts utilizing the
tacacs+ protocol may be added to this group.
<string 15> Enter an alphanumeric string of up to 15
characters to define the previously created server group.
This group may add any combination of server hosts to it,
regardless of protocol.
add/delete – Enter the correct parameter to add or delete a server
host from a server group.
server_host <ipaddr> - Enter the IP address of the previously
configured server host the user wishes to add or delete.
protocol – Enter the protocol utilized by the server host. There are
three options:
ꢁ
ꢁ
ꢁ
tacacs – Use this parameter to define the protocol if the
server host is using the tacacs authentication protocol.
xtacacs – Use this parameter to define the protocol if the
server host is using the xtacacs authentication protocol.
tacacs+ – Use this parameter to define the protocol if the
server host is using the tacacs+ authentication protocol.
Restrictions
Example usage:
To add an authentication host to server group “group_1”:
DES-3550:4# config authen server_group group_1
Only administrator-level users can issue this command.
add server_host 10.1.1.121 protocol tacacs+
Command: config authen server_group group_1 add
server_host 10.1.1.121 protocol tacacs+
Success.
DES-3550:4#
181
delete authen server_group
Purpose
Used to delete a user-defined authentication server group.
Syntax
delete authen server_group <string 15>
Description
Parameters
This command will delete an authentication server group.
<string 15> Enter an alphanumeric string of up to 15 characters to
define the previously created server group the user wishes to delete.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To delete the server group “group_1”:
DES-3550:4#delete server_group group_1
Command: delete server_group group_1
Success.
DES-3550:4#
show authen server_group
Purpose
Used to view authentication server groups on the switch.
Syntax
show authen server_group <string 15>
Description
This command will display authentication server groups currently
configured on the switch.
This command will display the following fields:
Group Name: The name of the server group currently configured on
the switch, including built in groups and user defined groups.
IP Address: The IP address of the server host.
Protocol: The authentication protocol used by the server host..
Parameters
Restrictions
<string 15> Enter an alphanumeric string of up to 15 characters to
define the previously created server group the user wishes to dview.
None.
Example usage:
To view the authentication server groups configured on the switch.
182
DES-3550:4#show authen server_group
Command: show authen server_group
Group Name IP Address
Protocol
--------
---------------
Darren
---------------
10.53.13.2
TACACS
TACACS
tacacs
10.53.13.94
tacacs+
xtacacs
(This group has no entry)
(This group has no entry)
Total Entries : 4
DES-3550:4#
config authen parameter response_timeout
Purpose
Used to configure the amount of time the switch will wait for a user to
enter authentication before timing out.
Syntax
config authen parameter response_timeout <int 1-255>
Description
This command will set the time the switch will wait for a response of
authentication from the user.
Parameters
response_timeout <int 1-255> - Set the time, in seconds, the switch
will wait for a response of authentication from the user attempting to
log in from the command line interface or telnet interface.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure the response timeout for 60 seconds:
DES-3550:4# config authen parameter response_timeout 60
Command: config authen parameter response_timeout 60
Success.
DES-3550:4#
config authen parameter attempt
Purpose
Used to configure the maximum number of times the switch will
accept authentication attempts.
Syntax
config authen parameter attempt <int 1-255>
Description
This command will configure the maximum number of times the
switch will accept authentication attempts. Users failing to be
183
config authen parameter attempt
authenticated after the set amount of attempts will be denied access
to the switch and will be locked out of further authentication
attempts. Command line interface users will have to wait 60 seconds
before another authentication attempt. Telnet users will be
disconnected from the switch.
Parameters
Restrictions
parameter attempt <int 1-255> - Set the maximum number of
attempts the user may try to become authenticated by the switch,
before being locked out.
Only administrator-level users can issue this command.
Example usage:
To set the maximum number of authentication attempts at 5:
DES-3550:4# config authen parameter attempt 5
Command: config authen parameter attempt 5
Success.
DES-3550:4#
show authen parameter
Purpose
Used to display the authentication parameters currently configured
on the switch.
Syntax
show authen parameter
Description
This command will display the authentication parameters currently
configured on the switch, including the response timeout and user
authentication attempts.
This command will display the following fields:
Response timeout – The configured time allotted for the switch to
wait for a response of authentication from the user attempting to log
in from the command line interface or telnet interface.
User attempts: The maximum number of attempts the user may try
to become authenticated by the switch, before being locked out.
Parameters
Restrictions
None.
None.
Example usage:
To display the authentication parameter set on the switch:
184
DES-3550:4#show authen parameter
Command: show authen parameter
Response timeout: 60 seconds
User attempts
: 5
DES-3550:4#
enable admin
Purpose
Used to promote user level privileges to administrator level privileges
Syntax
enable admin
Description
This command is for users who have logged on to the switch on the
normal user level, to become promoted to the administrator level.
After logging on to the switch users, will have only user level
privileges. To gain acess to administrator level privileges, the user
will enter this command and will have to enter an authentication
password. Possible authentication methods for this function include
tacacs, xtacacs, tacacs+, user defined server groups, local enable
(local account on the switch), or no authentication(none). Because
xtacacs and tacacs do not support the enable function, the user
must create a special account on the server host which has the
username “enable”, and a password configured by the administrator
that will support the “enable” function. This function becomes
inoperable when the authentication policy is disabled.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To enable administrator privileges on the switch:
DES-3550:4#enable admin
Password: ******
DES-3550:4#
config admin local_enable
Purpose
Used to configure the local enable password for administrator level
privileges.
Syntax
config admin local_enable
Description
This command will configure the locally enabled password for the
enable admin command. When a user chooses the “local_enable”
method to promote user level privileges to administrator privileges,
he or she will be prompted to enter the password configured here,
that is set locally on the switch.
185
config admin local_enable
Parameters
<password 15> - After entering this command, the user will be
prompted to enter the old password, then a new password in an
alphanumeric string of no more than 15 characters, and finally
prompted to enter the new password again to confirm. See the
example below.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To configure the password for the “local_enable” authentication method.
DES-3550:4#config admin local_enable
Command: config admin local_ebable
Enter the old password:
Enter the case-sensitive new password:******
Enter the new password again for confirmation:******
Success.
DES-3550:4#
186
28
SINGLE IP MANAGEMENT COMMANDS
Simply put, Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking
ports or modules. Switches using Single IP Management(labeled here as SIM) must conform to the following rules:
ꢀ SIM is an optional feature on the switch and can easily be enabled or disabled. SIM grouping has no effect on the
normal operation of the switch in the user’s network.
ꢀ There are three classifications for switches using SIM. The Commander Switch(CS), which is the master switch of
the group, Member Switch(MS), which is a switch that is recognized by the CS a member of a SIM group, and a
Candidate Switch(CaS), which is a switch that has a physical link to the SIM group but has not been recognized by
the CS as a member of the SIM group.
ꢀ A SIM group can only have one Commander Switch(CS).
ꢀ All switches in a particular SIM group must be in the same IP subnet(broadcast domain). Members of a SIM group
cannot cross a router.
ꢀ A SIM group accepts up to 32 switches (numbered 0-31), including the Commander Switch(numbered 0).
ꢀ There is no limit to the number of SIM groups in the same IP subnet (broadcast domain), however a single switch can
only belong to one group.
ꢀ If multiple VLANs are configured, the SIM group will only utilize the default VLAN on any switch.
ꢀ SIM allows intermediate devices that do not support SIM. This enables the user to manage a switch that are more
than one hop away from the CS.
The SIM group is a group of switches that are managed as a single entity. The DES-3550 may take on three different roles:
Commander Switch(CS) – This is a switch that has been manually configured as the controlling device for a group, and
takes on the following characteristics:
ꢁ
ꢁ
ꢁ
It has an IP Address.
It is not a command switch or member switch of another Single IP group.
It is connected to the member switches through its management VLAN.
Member Switch(MS) – This is a switch that has joined a single IP group and is accessible from the CS, and it takes on the
following characteristics:
ꢁ
ꢁ
It is not a CS or MS of another IP group.
It is connected to the CS through the CS management VLAN.
Candidate Switch(CaS) – This is a switch that is ready to join a SIM group but is not yet a member of the SIM group. The
Candidate Switch may join the SIM group through an automatic function of the DES-3550, or by manually configuring it to be a
MS of a SIM group. A switch configured as a CaS is not a member of a SIM group and will take on the following
characteristics:
ꢁ
ꢁ
It is not a CS or MS of another Single IP group.
It is connected to the CS through the CS management VLAN
The following rules also apply to the above roles:
1. Each device begins in a Commander state.
2. CS’s must change their role to CaS and then to MS, to become a MS of a SIM group. Thus the CS cannot directly be
converted to a MS.
3. The user can manually configure a CS to become a CaS.
4. A MS can become a CaS by:
a. Being configured as a CaS through the CS.
b. If report packets from the CS to the MS time out.
5. The user can manually configure a CaS to become a CS
187
6. The CaS can be configured through the CS to become a MS.
After configuring one switch to operate as the CS of a SIM group, additional DES-3550 switches may join the group by either
an automatic method or by manually configuring the switch to be a MS. The CS will then serve as the in band entry point for
access to the MS. The CS’s IP address will become the path to all MS’s of the group and the CS’s Administrator’s password,
and/or authentication will control access to all MS’s of the SIM group.
With SIM enabled, the applications in the CS will redirect the packet instead of executing the packets. The applications will
decode the packet from the administrator, modify some data, then send it to the MS. After execution, the CS may receive a
response packet from the MS, which it will encode and send it back to the administrator.
When a CS becomes a MS, it automatically becomes a member of first SNMP community (include read/write and read only) to
which the CS belongs. However if a MS has its own IP address, it can belong to SNMP communities to which other switches in
the group, including the CS, do not belong.
The switch port commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
Command
enable sim
disable sim
show sim
Parameters
show sim {[candidates{<candidate_id 1-32>} |
members{ <member_id 1-32>} | group {commander_mac
<macaddr>} | neighbor]}
reconfig
{member_id <value 1-32> | exit}
config sim
[ commander { group_name <groupname 64> | candidate]|
dp_interval <sec 30-90> | hold_time <sec 1-180>}]
download sim_ms
[ firmware | configuration] <ipaddr> <path_filename 64> {members
<mslist> | all}
upload sim_ms
configuration
[configuration] <ipaddr> <path_filename 64> <member_id 1-32>
Each command is listed, in detail, in the following sections.
enable sim
Purpose
Used to enable Single IP Management(SIM) on the switch
Syntax
enable sim
Description
This command will enable SIM globally on the switch. SIM features
and functions will not function properly unless this function is
enabled.
Parameters
Restrictions
None.
Only administrator-level users can issue this command.
Example usage:
To enable SIM on the switch:
188
DES-3550:4#enable sim
Command: enable sim
Success.
DES-3550:4#
disable sim
Purpose
Used to disable Single IP Management(SIM) on the switch
disable sim
Syntax
Description
Parameters
Restrictions
This command will disable SIM globally on the switch..
None.
Only administrator-level users can issue this command.
Example usage:
To disable SIM on the switch:
DES-3550:4#disable sim
Command: disable sim
Success.
DES-3550:4#
show sim
Purpose
Used to view the current information regarding the SIM group on the
switch.
Syntax
show sim {[candidates{<candidate_id 1-32>} |
members{ <member_id 1-32>} | group {commander_mac
<macaddr>} | neighbor]}
Description
This command will display the current information regarding the SIM
group on the switch, including the following:
SIM Version - Displays the current Single IP Management version on
the switch.
Firmware Version - Displays the current Firmware version on the
switch.
Device Name - Displays the user-defined device name on the switch.
MAC Address - Displays the MAC Address of the switch.
Capabilities – Displays the type of switch, be it Layer 2 (L2) or Layer 3
189
show sim
(L3).
Platform – Switch Description including name and model number.
SIM State –Displays the current Single IP Management State of the
switch, whether it be enabled or disabled.
Role State – Displays the current role the switch is taking, including
Commander, Member or Candidate. A Stand-alone switch will always
have the commander role.
Discovery Interval - Time in seconds the switch will send discovery
packets out over the network.
Hold time – Displays the time in seconds the switch will hold discovery
results before dropping it or utilizing it.
Parameters
candidates <candidate_id 1-32> - Entering this parameter will display
information concerning candidates of the SIM group. To view a specific
candidate, include that candidate’s id number, listed from 1 to 32.
members <member_id 1-32> Entering this parameter will display
information concerning members of the SIM group. To view a specific
member, include that member’s id number, listed from 1 to 32.
group commander_mac <macaddr>- Entering this parameter will
display information concerning the SIM group. To view a specific
group, include the commander’s MAC address of the group.
Neighbor – Entering this parameter will display neighboring devices of
the switch. A SIM neighbor is defined as a switch that is physically
connected to the switch but is not part of the SIM group. This screen
will produce the following results:
Port – Displays the physical port number of the commander
switch where the uplink to the neighbor switch is located.
MAC Address – Displays the MAC Address of the neighbor
switch.
Role – Displays the role(CS, CaS, MS) of the neighbor switch.
Only administrator-level users can issue this command.
Restrictions
Example usage:
To show the SIM information in detail:
DES-3550:4#show sim
Command: show sim
SIM Version
: VER-1
Firmware Version : Build 1.00-B02
Device Name
MAC Address
Capabilities
:
: 00-35-26-11-11-00
: L3
190
Platform
: DES-3550 Fast-Ethernet Switch
: Enabled
SIM State
Role State
Discovery Interval
Hold Time
: Commander
: 60 sec
: 180 sec
DES-3550:4#
To show the candidate information in summary, if the candidate id is specified:
DES-3550:4#show sim candidate
Command: show sim candidate
ID MAC Address
--- -----------------
Platform /
Hold Firmware
Time Version
Device Name
Capability
------------------------
-----
40
---------
----------------
The Man
1 00-01-02-03-04-00 DES-3550 L2 Switch
2 00-55-55-00-55-00 DES-3550 L2 Switch
Total Entries: 2
1.00-B06
140 1.00-B06
default master
DES-3550:4#
To show the member information in summary, if the member id is specified:
DES-3550:4#show sim member
Command: show sim member
ID MAC Address
--- -----------------
Platform /
Hold Firmware Device Name
Time Version
Capability
------------------------
----
---------
----------------
The Man
1 00-01-02-03-04-00 DES-3550 L2 Switch 40
2 00-55-55-00-55-00 DES-3550 L2 Switch 140
Total Entries: 2
1.00-B06
1.00-B06 default master
DES-3550:4#
To show other groups information in summary, if group is specified:
DES-3550:4#show sim group
Command: show sim group
SIM Group Name : default
191
ID MAC Address
--- -----------------
Platform /
Hold
Time
-----
Firmware Device Name
Version
Capability
------------------------
---------
1.00-B06
1.00-B06
----------------
Trinity
*1 00-01-02-03-04-00 DES-3550 L2 Switch 40
2 00-55-55-00-55-00 DES-3550 L2 Switch 140
default master
SIM Group Name : SIM2
ID MAC Address
--- -----------------
Platform /
Hold
Time
- -----
Firmware Device Name
Version
Capability
-----------------------
---------
----------------
Neo
*1 00-01-02-03-04-00 DES-3550 L2 Switch 40
2 00-55-55-00-55-00 DES-3550 L2 Switch 140
1.00-B06
1.00-B06
default master
‘*’ means commander switch.
DES-3550:4#
Example usage:
To view SIM neighbors:
DES-3550:4#show sim neighbor
Command: show sim neighbor
Neighbor Info Table
Port MAC Address
------ ------------------
Role
---------
23
23
24
00-35-26-00-11-99 Commander
00-35-26-00-11-91 Member
00-35-26-00-11-90 Candidate
Total Entries: 3
DES-3550:4#
reconfig
Purpose
Used to connect to a member switch, through the commander switch
using telnet.
Syntax
reconfig {member_id <value 1-32 | exit}
Description
Parameters
This command is used to reconnect to a member switch using telnet.
member_id <value 1-32> - Select the id number of the member
192
reconfig
switch the user desires to configure.
exit – This command is used to exit from managing the member
switch and will return to managing the commander switch.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To connect to the MS, with member id 2, through the CS, using the command line interface:
DES-3550:4#reconfig member_id 2
Command: reconfig member_id 2
DES-3550:4#
Login:
config sim
Purpose
Used to configure the SIM role of the switch and its corresponding
parameters.
Syntax
config sim [{[commander { group_name <groupname 64> |
candidate] | dp_interval <sec 30-90 | hold_time <sec 100-300>}]
Description
Parameters
This command is used to add candidates and delete members from
the SIM group by id number.
commander – Use this parameter to configure the commander
switch for the following parameters:
ꢁ
group_name <groupname 64> - Used to update the name of
the group. Enter an alphanumeric string of up to 64
characters to rename the SIM group.
ꢁ
dp_interval – The user may set the discovery protocol
interval, in seconds that the switch will send out discovery
packets. Returning information to the commander switch will
include information about other switches connected to it.
(Ex. MS, CaS). The user may set the dp interval from 1 to 60
seconds.
ꢁ
hold time – Using this parameter, the user may set the time,
in seconds, the switch will hold information sent to it from
other switches, utilizing the discovery interval protocol. The
user amy set the hold time from 1 to 180 seconds.
candidate – Used to change the role of a commander switch to a
candidate switch.
ꢁ
dp_interval – The user may set the discovery protocol
interval, in seconds that the switch will send out discovery
packets. Returning information to the commander switch will
include information about other switches connected to it.
(Ex. MS, CaS). The user may set the dp interval from 1 to 60
seconds.
193
config sim
ꢁ
hold time – Using this parameter, the user may set the time,
in seconds, the switch will hold information sent to it from
other switches, utilizing the discovery interval protocol. The
user amy set the hold time from 1 to 180 seconds.
Restrictions
Only administrator-level users can issue this command.
To change the time interval of the discovery protocol:
DES-3550:4# config sim commander dp_interval 30
Command: config sim commander dp_interval 30
Success.
DES-3550:4#
To change the hold time of the discovery protocol:
DES-3550:4# config sim commander hold_time 120
Command: config sim commander hold_time 120
Success.
DES-3550:4#
To transfer the commander switch to be a candidate:
DES-3550:4# config sim candidate
Command: config sim candidate
Success.
DES-3550:4#
To transfer the switch to be a commander:
DES-3550:4# config sim commander
Command: config sim commander
Success.
DES-3550:4#
To update the name of a group:
194
DES-3550:4# config sim commander group_name Trinity
Command: config sim commander group_name Trinity
Success.
DES-3550:4#
download sim_ms
Purpose
Used to download firmware or configuration file to an indicated
device.
Syntax
download sim_ms [ firmware | configuration] <ipaddr>
<path_filename 64> {members <mslist> | all}
Description
Parameters
This command will download a firmware file or configuration file to a
specified device from a TFTP server.
firmware – Specify this parameter if the user wishes to download
firmware to members of a SIM group.
configuration - Specify this parameter if the user wishes to download
a switch configuration to members of a SIM group.
ipaddr – Enter the IP address of the TFTP server.
path_filename – Enter the path and the filename of the firmware or
switch on the TFTP server.
members – Enter this parameter to specify the members the user
prefers to download firmware or switch configuation files to. The
user may specify a member or members by adding one of the
following:
ꢁ
<mslist> - Enter a value, or values to specify which
members of the SIM group will receive the firmware or
switch configuration.
ꢁ
all – Add this parameter to specify all members of the SIM
group will receive the firmware or switch configuration.
Restrictions
Only administrator-level users can issue this command.
Example usage:
To download firmware:
DES-3550:4# download sim_ms firmware 10.53.13.94
c:/des3550.had members all
Command: download sim_ms firmware 10.53.13.94 c:/des3550.had
members all
This device is updating firmware. Please wait...
195
Download Status :
ID MAC Address
--- -----------------
Result
----------------
1
2
00-01-02-03-04-00 Success
00-07-06-05-04-03 Success
3 00-07-06-05-04-03 Success
DES-3550:4#
To download configuration files:
DES-3550:4# download sim_ms configuration 10.53.13.94
c:/des3550.txt members all
Command: download sim_ms firmware 10.53.13.94 c:/des35250.txt
members all
This device is updating configuation. Please wait...
Download Status :
ID MAC Address
--- -----------------
Result
----------------
1
2
00-01-02-03-04-00 Success
00-07-06-05-04-03 Success
3 00-07-06-05-04-03 Success
DES-3550:4#
upload sim_ms
Purpose
User to upload a configuration file to a TFTP server froma specified
member of a SIM group.
Syntax
upload sim_ms <ipaddr> <path_filename> <member_id 1-32>
Description
This command will upload a configuration file to a TFTP server
froma specified member of a SIM group.
Parameters
<ipaddr> Enter the IP address of the TFTP server the user wishes to
upload a configuration file to.
<path_filename> – Enter a user-defined path and file name on the
TFTP server the user wishes to upload configuration files to.
<member_id 1-32> Enter this parameter to specify the member the
user prefers to upload a switch configuation file to. The user may
specify a member or members by adding the ID number of the
specified member.
Restrictions
Only administrator-level users can issue this command.
196
Example usage:
To upload configuration files to a TFTP server:
DES-3550:4# upload sim_ms configuration 10.55.47.1
D:\configuration.txt 1
Command: upload sim_ms configuration 10.55.47.1
D:\configuration.txt 1
Success.
DES-3550:4#
197
29
COMMAND HISTORY LIST
The switch history commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the
following table.
Command
Parameters
?
dir
config
<value 1-40>
command_history
show
command_history
Each command is listed, in detail, in the following sections.
?
Purpose
Used to display all commands in the Command Line Interface (CLI).
Syntax
?
Description
This command will display all of the commands available through the
Command Line Interface (CLI).
Parameters
Restrictions
None.
None.
Example usage
To display all of the commands in the CLI:
DES-3550:4#?
..
?
clear
clear arptable
clear counters
clear fdb
clear log
clear port_security_entry port
config 802.1p default_priority
config 802.1p user_priority
config 802.1x auth_mode
config 802.1x auth_parameter ports
config 802.1x auth_protocol
config 802.1x capability ports
config 802.1x init
198
config 802.1x reauth
config access_profile profile_id
config account
config admin local_enable
config arp_aging time
config arpentry
config authen application
CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All
dir
Purpose
Used to display all commands in the Command Line Interface (CLI).
Syntax
dir
Description
This command will display all of the commands available through the
Command Line Interface (CLI).
Parameters
Restrictions
None.
None.
Example usage:
To display all commands:
DES-3550:4#dir
..
?
clear
clear arptable
clear counters
clear fdb
clear log
clear port_security_entry port
config 802.1p default_priority
config 802.1p user_priority
config 802.1x auth_mode
config 802.1x auth_parameter ports
config 802.1x auth_protocol
config 802.1x capability ports
config 802.1x init
config 802.1x reauth
config access_profile profile_id
config account
config admin local_enable
config arp_aging time
199
config arpentry
config authen application
CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All
config command_history
Purpose
Used to configure the command history.
Syntax
config command_history <value 1-40>
Description
Parameters
This command is used to configure the command history.
<value 1-40> − the number of previously executed commands
maintained in the buffer. Up to 40 of the latest executed commands
may be viewed.
Restrictions
None.
Example usage
To configure the command history:
DES-3550:4#config command_history 20
Command: config command_history 20
Success.
DES-3550:4#
show command_history
Purpose
Used to display the command history.
Syntax
show command_history
Description
Parameters
Restrictions
This command will display the command history.
None.
None.
Example usage
To display the command history:
DES-3550:4#show command_history
Command: show command_history
?
? show
show vlan
show command history
DES-3550:4#
200
A
TECHNICAL SPECIFICATIONS
Physical and Environmental
AC input &
External
Redundant
power Supply:
100 - 240 VAC, 50-60 Hz (internal universal power supply)
Redundant power supply – will take over when internal power supply
fails.
Power
90 watts maximum
Consumption:
DC fans:
2 built-in 40 x 40 x10 mm fans
0 to 40 degrees Celsius
Operating
Temperature:
Storage
-40 to 70 degrees Celsius
Temperature:
Humidity:
Operating: 5% to 95% RH non-condensing;
95% RH non-condensing
Storage: 0% to
Dimensions:
Weight:
441 mm x 207 mm x 44 mm (1U), 19 inch rack-mount width
3.15 kg
CE Class A
FCC Class A
C-Tick
EMC:
VCCI Class A
CSA International
Safety:
General
IEEE 802.3u 100BASE-TX Fast Ethernet
IEEE 802.3ab 1000BASE-T Gigabit Ethernet
IEEE 802.1 P/Q VLAN
Standards:
IEEE 802.3x Full-duplex Flow Control
IEEE 802.3 Nway auto-negotiation
CSMA|CD
Protocols:
Data Transfer
Rates:
Half-duplex
10 Mbps
Full-duplex
20Mbps
Ethernet
Fast Ethernet
Gigabit Ethernet
100Mbps
200Mbps
201
General
n|a
2000Mbps
SFP (Mini GBIC) Support
Fiber Optic
IEEE 802.3z 1000BASE-LX (DEM-310GT transceiver)
IEEE 802.3z 1000BASE-SX (DEM-311GT transceiver)
IEEE 802.3z 1000BASE-LH (DEM-314GT transceiver)
IEEE 802.3z 1000BASE-ZX (DEM-315GT transceiver)
Network Cables:
10BASE-T:
UTP Cat.5, Cat.5 Enhanced for 1000Mbps
UTP Cat.5 for 100Mbps
UTP Cat.3, 4, 5 for 10Mbps
EIA/TIA-568 100-ohm screened twisted-pair (STP)(100m)
100BASE-TX:
Number of
Ports:
48 x 10|100 Mbps NWay ports
2 Gigabit Ethernet
Performance
Transmission Method:
RAM Buffer:
Store-and-forward
64 MB per device
Filtering Address Table:
8K MAC address per device
Full-wire speed for all connections.
148,810 pps per port (for 100Mbps)
1,488,100 pps per port (for 1000Mbps)
Automatic update.
Packet Filtering /
Forwarding Rate:
MAC Address Learning:
Max age: 10 - 1000000 seconds.
Default = 300.
Forwarding Table Age
Time:
202
|