HP | Moonshot-180G | Command Reference Guide | HP Moonshot-180G Command Reference Guide

HP Moonshot-45G/180G Switch Module
CLI Command Reference
Software Version 2.0
Published: September 2014
Edition: 4
Part Number: 727829-002
© Copyright 2003, 2014 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in
the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an
additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and
12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed
to the U.S. Government under vendor's standard commercial license.
HP Moonshot Switch Module CLI Command Reference
Table of Contents
Table of Contents
About This Document.....................................................................................................................................9
Purpose ....................................................................................................................................................9
Audience ..................................................................................................................................................9
Support and Other Resources ........................................................................................................................9
Before you Contact HP.............................................................................................................................9
HP Contact Information .........................................................................................................................10
Documentation Feedback ............................................................................................................................10
Section 1: About Switch Module Software ...................................................................... 11
Overview.......................................................................................................................................................11
Scope......................................................................................................................................................11
Product Concept ....................................................................................................................................11
Section 2: Using the Command-Line Interface ................................................................. 12
Command Syntax..........................................................................................................................................12
Using the “No” Form of a Command ...........................................................................................................13
Command Conventions ................................................................................................................................13
Common Parameter Values .........................................................................................................................14
unit/slot/port Naming Convention..............................................................................................................15
CLI Output Filtering ......................................................................................................................................16
Command Modes .........................................................................................................................................17
Command Completion and Abbreviation ....................................................................................................20
CLI Error Messages .......................................................................................................................................20
CLI Line-Editing Conventions........................................................................................................................21
Using CLI Help ...............................................................................................................................................22
Accessing the CLI ..........................................................................................................................................23
Section 3: Stacking Commands ........................................................................................ 24
Switch Stacking.............................................................................................................................................24
Stack Port Commands ..................................................................................................................................33
Stack Firmware Synchronization Commands ..............................................................................................35
Nonstop Forwarding Commands .................................................................................................................37
Section 4: Management Commands ................................................................................ 41
Enable and Do Commands ...........................................................................................................................42
Network Interface Commands.....................................................................................................................43
IPv6 Management Commands .....................................................................................................................49
Console Port Access Commands ..................................................................................................................59
September 2014
CLI Command Reference
Page 3
HP Moonshot Switch Module CLI Command Reference
Table of Contents
Telnet Commands.........................................................................................................................................62
Secure Shell Commands ............................................................................................................................... 67
Management Security Commands...............................................................................................................69
Access Commands ........................................................................................................................................70
User Account Commands .............................................................................................................................71
SNMP Commands .......................................................................................................................................100
RADIUS Commands ....................................................................................................................................115
TACACS+ Commands ..................................................................................................................................128
Configuration Scripting Commands ...........................................................................................................134
Banner, Prompt, and Host Name Commands............................................................................................136
Section 5: Utility Commands ......................................................................................... 138
AutoInstall Commands ............................................................................................................................... 139
CLI Output Filtering Commands .................................................................................................................142
Dual Image Commands ..............................................................................................................................145
Bootcode and Firmware Commands .........................................................................................................146
System Information and Statistics Commands..........................................................................................148
Warp Core Expandable Port Configuration ...............................................................................................174
Logging Commands ....................................................................................................................................176
Email Alerting and Mail Server Commands ...............................................................................................184
Device Location, System Utility, and Clear Commands.............................................................................190
Simple Network Time Protocol Commands...............................................................................................199
Time Zone Commands................................................................................................................................206
DNS Client Commands................................................................................................................................210
IP Address Conflict Commands ..................................................................................................................216
Serviceability Packet Tracing Commands ..................................................................................................217
Support Mode Commands .........................................................................................................................241
sFlow Commands........................................................................................................................................243
Switch Database Management Template Commands ..............................................................................250
Remote Monitoring Commands.................................................................................................................252
Section 6: Switching Commands .................................................................................... 268
Port Configuration Commands ..................................................................................................................269
Spanning Tree Protocol Commands...........................................................................................................275
VLAN Commands ........................................................................................................................................298
Double VLAN Commands ...........................................................................................................................313
Private VLAN Commands ...........................................................................................................................317
Provisioning (IEEE 802.1p) Commands ......................................................................................................320
Cut-Through (ASF) Commands ...................................................................................................................321
September 2014
CLI Command Reference
Page 4
HP Moonshot Switch Module CLI Command Reference
Table of Contents
Asymmetric Flow Control...........................................................................................................................322
Protected Ports Commands .......................................................................................................................324
GARP Commands........................................................................................................................................326
GVRP Commands........................................................................................................................................328
GMRP Commands.......................................................................................................................................330
Port-Based Network Access Control Commands.......................................................................................333
802.1X Supplicant Commands ...................................................................................................................348
Storm-Control Commands..........................................................................................................................352
Link Local Protocol Filtering Commands....................................................................................................359
MMRP Commands......................................................................................................................................360
MVRP Commands.......................................................................................................................................364
Port-Channel/LAG (802.3ad) Commands ..................................................................................................368
Port Mirroring Commands .........................................................................................................................388
Static MAC Filtering Commands ................................................................................................................392
DHCP L2 Relay Agent Commands...............................................................................................................396
DHCP Client Commands .............................................................................................................................401
DHCP Snooping Configuration Commands ................................................................................................403
Dynamic ARP Inspection Commands .........................................................................................................413
IGMP Snooping Configuration Commands ................................................................................................421
IGMP Snooping Querier Commands ..........................................................................................................430
MLD Snooping Commands .........................................................................................................................434
MLD Snooping Querier Commands............................................................................................................443
Port Security Commands............................................................................................................................447
LLDP (802.1AB) Commands ........................................................................................................................453
LLDP-MED Commands ................................................................................................................................462
Denial of Service Commands......................................................................................................................469
MAC Database Commands.........................................................................................................................480
ISDP Commands .........................................................................................................................................483
UniDirectional Link Detection Commands.................................................................................................490
Priority-Based Flow Control Commands....................................................................................................495
Section 7: Routing Commands....................................................................................... 500
Address Resolution Protocol Commands ..................................................................................................501
IP Routing Commands ................................................................................................................................508
Router Discovery Protocol Commands ......................................................................................................528
Virtual LAN Routing Commands ................................................................................................................532
Virtual Router Redundancy Protocol Commands......................................................................................535
DHCP and BOOTP Relay Commands ..........................................................................................................544
September 2014
CLI Command Reference
Page 5
HP Moonshot Switch Module CLI Command Reference
Table of Contents
IP Helper Commands ..................................................................................................................................546
Open Shortest Path First Commands.........................................................................................................555
General OSPF Commands ....................................................................................................................555
OSPF Interface Commands ..................................................................................................................575
IP Event Dampening Commands..........................................................................................................581
OSPF Graceful Restart Commands.......................................................................................................583
OSPFv2 Stub Router Commands..........................................................................................................586
OSPF Show Commands ........................................................................................................................587
Routing Information Protocol Commands.................................................................................................607
ICMP Throttling Commands .......................................................................................................................614
Loopback Interface Commands..................................................................................................................616
Section 8: Quality of Service Commands........................................................................ 618
Class of Service Commands........................................................................................................................619
Differentiated Services Commands ...........................................................................................................627
DiffServ Class Commands...........................................................................................................................628
DiffServ Policy Commands .........................................................................................................................637
DiffServ Service Commands .......................................................................................................................643
DiffServ Show Commands ..........................................................................................................................644
Management Access Control List...............................................................................................................651
MAC Access Control List Commands..........................................................................................................657
IP Access Control List Commands ..............................................................................................................663
IPv6 Access Control List Commands...........................................................................................................672
Time Range Commands for Time-Based ACLs ...........................................................................................676
iSCSI Optimization Commands...................................................................................................................680
Section 9: Log Message Information.............................................................................. 686
Core.............................................................................................................................................................686
Utilities........................................................................................................................................................688
Management ..............................................................................................................................................692
Switching ....................................................................................................................................................694
QoS..............................................................................................................................................................701
Routing........................................................................................................................................................702
Stacking.......................................................................................................................................................704
Technologies...............................................................................................................................................704
O/S Support ................................................................................................................................................706
Command Index ............................................................................................................ 708
September 2014
CLI Command Reference
Page 6
HP Moonshot Switch Module CLI Command Reference
List of Tables
List of Tables
Table 1: Parameter Conventions......................................................................................................................13
Table 2: Parameter Descriptions ......................................................................................................................14
Table 3: Type of Slots .......................................................................................................................................15
Table 4: Type of Ports.......................................................................................................................................15
Table 5: CLI Command Modes..........................................................................................................................17
Table 6: CLI Mode Access .................................................................................................................................19
Table 7: CLI Error Messages .............................................................................................................................20
Table 8: CLI Editing Conventions ......................................................................................................................21
Table 9: Copy Parameters ..............................................................................................................................197
Table 10: Default Ports - UDP Port Numbers Implied by Wildcard ................................................................546
Table 11: Trapflags Groups.............................................................................................................................573
Table 12: Type of OSPF Packets Sent and Received on the Interface ............................................................599
Table 13: Ethertype Keyword and 4-digit Hexadecimal Value .......................................................................658
Table 14: ACL Command Parameters.............................................................................................................663
Table 15: BSP Log Messages...........................................................................................................................686
Table 16: NIM Log Messages..........................................................................................................................686
Table 17: SIM Log Message ............................................................................................................................687
Table 18: System Log Messages .....................................................................................................................687
Table 19: Trap Mgr Log Message ...................................................................................................................688
Table 20: DHCP Filtering Log Messages..........................................................................................................688
Table 21: NVStore Log Messages ...................................................................................................................689
Table 22: RADIUS Log Messages.....................................................................................................................689
Table 23: TACACS+ Log Messages ..................................................................................................................690
Table 24: LLDP Log Message...........................................................................................................................690
Table 25: SNTP Log Message ..........................................................................................................................690
Table 26: DHCPv6 Client Log Messages..........................................................................................................691
Table 27: DHCPv4 Client Log Messages..........................................................................................................691
Table 28: SNMP Log Message.........................................................................................................................692
Table 29: EmWeb Log Messages ....................................................................................................................692
Table 30: CLI_UTIL Log Messages...................................................................................................................692
Table 31: CLI_WEB_MGR Log Messages ........................................................................................................692
Table 32: SSHD Log Messages ........................................................................................................................693
Table 33: User_Manager Log Messages.........................................................................................................693
Table 34: Protected Ports Log Messages........................................................................................................694
Table 35: IP Subnet VLANS Log Messages ......................................................................................................694
September 2014
CLI Command Reference
Page 7
HP Moonshot Switch Module CLI Command Reference
List of Tables
Table 36: Mac-based VLANs Log Messages....................................................................................................695
Table 37: 802.1X Log Messages......................................................................................................................695
Table 38: IGMP Snooping Log Messages ........................................................................................................696
Table 39: GARP/GVRP/GMRP Log Messages..................................................................................................696
Table 40: 802.3ad Log Messages....................................................................................................................697
Table 41: FDB Log Message ............................................................................................................................697
Table 42: Double VLAN Tag Log Message ......................................................................................................697
Table 43: IPv6 Provisioning Log Message.......................................................................................................697
Table 44: MFDB Log Message.........................................................................................................................697
Table 45: 802.1Q Log Messages .....................................................................................................................698
Table 46: 802.1S Log Messages ......................................................................................................................700
Table 47: Port Mac Locking Log Message.......................................................................................................700
Table 48: Protocol-based VLANs Log Messages .............................................................................................700
Table 49: ACL Log Messages...........................................................................................................................701
Table 50: CoS Log Message ............................................................................................................................701
Table 51: DiffServ Log Messages ....................................................................................................................701
Table 52: DHCP Relay Log Messages ..............................................................................................................702
Table 53: OSPFv2 Log Messages.....................................................................................................................702
Table 54: Routing Table Manager Log Messages ...........................................................................................703
Table 55: VRRP Log Messages ........................................................................................................................703
Table 56: ARP Log Message............................................................................................................................703
Table 57: RIP Log Message .............................................................................................................................703
Table 58: EDB Log Message............................................................................................................................704
Table 59: Switching Silicon Error Messages ...................................................................................................704
Table 60: Linux BSP Log Message ...................................................................................................................706
Table 61: OSAPI Linux Log Messages..............................................................................................................706
September 2014
CLI Command Reference
Page 8
HP Moonshot Switch Module CLI Command Reference
About This Document
Purpose
This document describes command-line interface (CLI) commands you use to view and configure HP
Moonshot-45G Switch Module and Moonshot-180G Switch Module software. You can access the CLI by using
a direct connection to the serial port or by using Telnet or SSH over a remote network connection.
Audience
This document is for system administrators who configure and operate systems using HP Moonshot Switch
Module software. This document assumes that the reader has a basic knowledge of Ethernet and networking
concepts.
Support and Other Resources
Before you Contact HP
Be sure to have the following information available before you call HP:
• Technical support registration number (if applicable)
• Product serial number
• Product model name and number
• Product identification number
• Applicable error messages
• Add-on boards or hardware
• Third-party hardware or software
• Operating system type and revision level
September 2014
CLI Command Reference
Page 9
HP Moonshot Switch Module CLI Command Reference
HP Contact Information
For United States and worldwide contact information, see the Contact HP website (http://www.hp.com/go/
assistance).
In the United States:
• To contact HP by phone, call 1-800-334-5144. For continuous quality improvement, calls may be recorded
or monitored.
• If you have purchased a Care Pack (service upgrade), see the Support & Drivers website (http://
www8.hp.com/us/en/support-drivers.html). If the problem cannot be resolved at the website, call 1-800633-3600. For more information about Care Packs, see the HP website (http://pro-aqsama.houston.hp.com/services/cache/10950-0-0-225-121.html).
Documentation Feedback
HP is committed to providing documentation that meets your needs. To help us improve the documentation,
send any errors, suggestions, or comments to Documentation Feedback (mailto:docsfeedback@hp.com).
Include the document title and part number, version number, or the URL when submitting your feedback.
September 2014
CLI Command Reference
Page 10
HP Moonshot Switch Module CLI Command Reference
About Switch Module Software
Section 1: About Switch Module Software
Overview
The HP Moonshot-45G Switch Module and Moonshot-180G Switch Module software has two purposes:
• Assist attached hardware in switching frames, based on Layer 2, 3, or 4 information contained in the
frames.
• Provide a complete device management portfolio to the network administrator.
Scope
HP Moonshot Switch Module software encompasses both hardware and software support. The software is
partitioned to run in the following processors:
• CPU
This code runs the networking device management portfolio and controls the overall networking device
hardware. It also assists in frame forwarding, as needed and specified.
• Networking device processor
This code does the majority of the packet switching, usually at wire speed.
Product Concept
Fast Ethernet and Gigabit Ethernet switching continues to evolve from high-end backbone applications to
desktop switching applications. The price of the technology continues to decline, while performance and
feature sets continue to improve. Devices that are capable of switching Layers 2, 3, and 4 are increasingly in
demand. HP Moonshot Switch Module software provides a flexible solution to these ever-increasing needs.
HP Moonshot Switch Module software includes a set of comprehensive management functions for managing
both HP Moonshot Switch Module software and the network. You can manage the HP Moonshot Switch
Module software by using one of the following two methods:
• Command-Line Interface (CLI)
• Simple Network Management Protocol (SNMP)
Each of the HP Moonshot Switch Module management methods enables you to configure, manage, and
control the software locally or remotely using in-band or out-of-band mechanisms. Management is standardsbased, with configuration parameters and a private MIB providing control for functions not completely
specified in the MIBs.
September 2014
CLI Command Reference
Page 11
HP Moonshot Switch Module CLI Command Reference
Using the Command-Line Interface
Section 2: Using the Command-Line Interface
The command-line interface (CLI) is a text-based way to manage and monitor the system. You can access the
CLI by using a direct serial connection or by using a remote logical connection with Telnet or SSH.
This chapter describes the CLI syntax, conventions, and modes. It contains the following sections:
• “Command Syntax” on page 12
• “Command Conventions” on page 13
• “Common Parameter Values” on page 14
• “unit/slot/port Naming Convention” on page 15
• “Using the “No” Form of a Command” on page 13
• “Command Modes” on page 17
• “Command Completion and Abbreviation” on page 20
• “CLI Error Messages” on page 20
• “CLI Line-Editing Conventions” on page 21
• “Using CLI Help” on page 22
• “Accessing the CLI” on page 23
Command Syntax
A command is one or more words that might be followed by one or more parameters. Parameters can be
required or optional values.
Some commands, such as show network or clear vlan, do not require parameters. Other commands, such as
network parms, require that you supply a value after the command. You must type the parameter values in a
specific order, and optional parameters follow required parameters. The following example describes the
network parms command syntax:
network parms ipaddr netmask [gateway]
• network parms is the command name.
• ipaddr and netmask are parameters and represent required values that you must enter after you type the
command keywords.
• [gateway] is an optional parameter, so you are not required to enter a value in place of the parameter.
September 2014
CLI Command Reference
Page 12
HP Moonshot Switch Module CLI Command Reference
Using the “No” Form of a Command
The CLI Command Reference lists each command by the command name and provides a brief description of
the command. Each command reference also contains the following information:
• Format shows the command keywords and the required and optional parameters.
• Mode identifies the command mode you must be in to access the command.
• Default shows the default value, if any, of a configurable setting on the device.
The show commands also contain a description of the information that the command shows.
Using the “No” Form of a Command
The no keyword is a specific form of an existing command and does not represent a new or distinct command.
Almost every configuration command has a no form. In general, use the no form to reverse the action of a
command or reset a value back to the default. For example, the no shutdown configuration command reverses
the shutdown of an interface. Use the command without the keyword no to re-enable a disabled feature or to
enable a feature that is disabled by default. Only the configuration commands are available in the no form.
Command Conventions
The parameters for a command might include mandatory values, optional values, or keyword choices.
Parameters are order-dependent. Table 1 describes the conventions this document uses to distinguish
between value types.
Table 1: Parameter Conventions
Symbol
Example
[] square brackets [value]
italic font in a
parameter.
value or [value]
{} curly braces
{choice1 | choice2}
| Vertical bars
[{}] Braces within
square brackets
choice1 | choice2
September 2014
[{choice1 | choice2}]
Description
Indicates an optional parameter.
Indicates a variable value. You must replace the italicized text
and brackets with an appropriate value, which might be a
name or number.
Indicates that you must select a parameter from the list of
choices.
Separates the mutually exclusive choices.
Indicates a choice within an optional element.
CLI Command Reference
Page 13
HP Moonshot Switch Module CLI Command Reference
Common Parameter Values
Common Parameter Values
Parameter values might be names (strings) or numbers. To use spaces as part of a name parameter, enclose the
name value in double quotes. For example, the expression “System Name with Spaces” forces the system to
accept the spaces. Empty strings (““) are not valid user-defined strings. Table 2 describes common parameter
values and value formatting.
Table 2: Parameter Descriptions
Parameter
Description
ipaddr
This parameter is a valid IP address. Enter the IP address in a the standard dotted
decimal format, for example 192.168.2.10.
In addition to the standard format, the CLI accepts decimal, hexadecimal and octal
formats through the following input formats (where n is any valid hexadecimal, octal
or decimal number):
0xn (CLI assumes hexadecimal format.)
0n (CLI assumes octal format with leading zeros.)
n (CLI assumes decimal format.)
ipv6-address
Interface or
unit/slot/port
Logical Interface
Character strings
September 2014
FE80:0000:0000:0000:020F:24FF:FEBF:DBCB, or
FE80:0:0:0:20F:24FF:FEBF:DBCB, or
FE80::20F24FF:FEBF:DBCB
For additional information, refer to RFC 3513.
Valid slot and port number separated by a forward slash. For example, 1/0/1
represents unit number 1, slot number 0, and port number 1.
Represents a logical slot and port number. This is applicable in the case of a portchannel (LAG). You can use the logical unit/slot/port to configure the port-channel.
Use double quotation marks to identify character strings, for example, “System
Name with Spaces”. An empty string (“”) is not valid.
CLI Command Reference
Page 14
HP Moonshot Switch Module CLI Command Reference
unit/slot/port Naming Convention
unit/slot/port Naming Convention
HP Moonshot Switch Module software references physical entities such as cards and ports by using a unit/
slot/port naming convention. The HP Moonshot Switch Module software also uses this convention to identify
certain logical entities, such as Port-Channel interfaces.
The unit number identifies the stack member within a stack of switches. The slot number has two uses. In the
case of physical ports, it identifies the card containing the ports. In the case of logical and CPU ports it also
identifies the type of interface or port.
Table 3: Type of Slots
Slot Type
Description
Physical slot numbers
Physical slot numbers begin with zero, and are allocated up to the maximum
number of physical slots. Internal ports are located on slot 0, and external
ports are located on slot 1. For example, the external uplink/stacking ports are
1/1/1, 1/1/2, 1/1/3, and so on.
Logical slots immediately follow physical slots and identify port-channel (LAG)
or router interfaces.
A LAG (port-channel) interface uses 3 as the slot number. By default, the first
LAG that is configured is 0/3/1.
A VLAN routing interface uses 4 as the slot number. By default, the first VLAN
configured as a VLAN routing interface is 0/4/1.
The CPU slots immediately follow the logical slots.
Logical slot numbers
CPU slot numbers
The port identifies the specific physical port or logical interface being managed on a given slot.
Table 4: Type of Ports
Port Type
Description
Physical Ports
The physical ports for each slot are numbered sequentially starting from one,
For example, port 1 on slot 0 (an internal port) for a stand alone (nonstacked)
switch is 1/0/1, port 2 is 1/0/2, port 3 is 1/0/3, and so on.
Port-channel or Link Aggregation Group (LAG) interfaces are logical interfaces
that are only used for bridging functions.
VLAN routing interfaces are only used for routing functions.
Loopback interfaces are logical interfaces that are always up.
CPU ports are handled by the driver as one or more physical entities located on
physical slots.
Logical Interfaces
CPU ports
Note: In the CLI, loopback interfaces do not use the unit/slot/port format. To specify a loopback
interface, you use the loopback ID.
September 2014
CLI Command Reference
Page 15
HP Moonshot Switch Module CLI Command Reference
CLI Output Filtering
CLI Output Filtering
Many CLI show commands display a large amount of content. This can make output difficult to parse through
to find the information of desired importance. The CLI Output Filtering feature allows you to optionally specify
arguments in show commands to filter the CLI output to display only the desired information. The result is to
simplify the display and make it easier to find the desired information.
The main functions of the CLI Output Filtering feature are:
• Pagination Control
– Supports enabling/disabling paginated output for all show CLI commands. When disabled, the output is
displayed in its entirety. When enabled, the command output is displayed page-by-page such that
content does not scroll off the terminal screen until the user presses a key to continue.
Note: Although some HP Moonshot Switch Module show commands already support pagination, the
implementation is unique per command and not generic to all commands.
• Output Filtering
– “Grep”-like control for modifying the displayed output to show only the user-desired content.
• Filter displayed output to include only lines containing a specified string match.
• Filter displayed output to exclude lines containing a specified string match.
• Filter displayed output to include only lines including and following a specified string match.
• Filter displayed output to include only a specified section of the content (e.g. interface 10/1) with a
configurable end-of-section delimiter.
• String matching is case insensitive.
• Pagination, when enabled, also applies to filtered output.
Example: The following shows an example of the extensions made to the CLI show commands for the
Output Filtering feature.
(Routing) #show running-config ?
<cr>
Press enter to execute the command.
|
Output filter options.
<scriptname>
Script file name for writing active configuration.
all
Show all the running configuration on the switch.
(Routing) #show running-config | ?
begin
Begin with the line that matches
exclude
Exclude lines that matches
include
Include lines that matches
section
Display portion of lines
For commands for the feature, see “CLI Output Filtering Commands” on page 142.
September 2014
CLI Command Reference
Page 16
Command Modes
HP Moonshot Switch Module CLI Command Reference
Command Modes
The CLI groups commands into modes according to the command function. Each of the command modes
supports specific HP Moonshot Switch Module software commands. The commands in one mode are not
available until you switch to that particular mode, with the exception of the User EXEC mode commands. You
can execute the User EXEC mode commands in the Privileged EXEC mode.
Note: Show commands are available in every mode.
Note: The do command allows Privileged EXEC mode commands to be executed in any command
mode. For more information, see “do (Privileged EXEC commands)” on page 42.
The command prompt changes in each command mode to help you identify the current mode. Table 5
describes the command modes and the prompts visible in that mode.
Table 5: CLI Command Modes
Command Mode
Prompt
User EXEC
Contains a limited set of commands to view
basic system information.
(Routing) #
Allows you to issue any EXEC command, enter
the VLAN mode, or enter the Global
Configuration mode.
(Routing) (Config)#
Groups general setup commands and permits
you to make modifications to the running
configuration.
(Routing) (Vlan)#
Groups all the VLAN commands.
(Routing) (Interface unit/slot/port)# Manages the operation of an interface or
range of interfaces including the following
(Routing) (Interface Loopback id)#
interface types:
• Physical port
(Routing) (Interface unit/slot/port
(startrange)-unit/slot/port(endrange)# • Link aggregation group (LAG, also known
as port-channel)
(Routing) (Interface lag lag-intf-num)# • VLAN routing interface
• Loopback interface
Privileged EXEC
Global Config
VLAN Config
Interface Config
Mode Description
(Routing) >
(Routing) (Interface vlan vlan-id)#
Line Console
(Routing) (config-line)#
Line SSH
(Routing) (config-ssh)#
September 2014
Contains commands to configure outbound
Telnet settings and console interface settings,
as well as to configure console login/enable
authentication.
Contains commands to configure SSH login/
enable authentication.
CLI Command Reference
Page 17
Command Modes
HP Moonshot Switch Module CLI Command Reference
Table 5: CLI Command Modes (Cont.)
Command Mode
Prompt
Mode Description
Line Telnet
(Routing) (config-telnet)#
Contains commands to configure telnet
login/enable authentication.
Allows password configuration for a user in
the IAS database.
Allows configuration of the email server.
Allows configuration of periodic and absolute
entries in within a named time range.
Contains the QoS Policy-Map configuration
commands.
Consists of class creation, deletion, and
matching commands. The class match
commands specify Layer 2, Layer 3, and
general match criteria.
Contains the QoS class map configuration
commands for IPv4.
Contains the QoS class map configuration
commands for IPv6.
Contains the OSPF configuration commands.
(Routing) (Config-IAS-User)#
AAA IAS User
Config
Mail Server Config (Routing) (Mail-Server)#
Time Range Config (Routing) (config-time-range)#
Policy Map
Config
Policy Class
Config
(Routing) (Config-policy-map)#
Class Map Config
(Routing) (Config-class-map)#
Ipv6_Class-Map
Config
Router OSPF
Config
Router RIP Config
IPv4 ACL Config
(Routing) (Config-class-map)#
IPv6 ACL Config
(Routing) (Config-ipv6-acl)#
MAC Access-list
Config
(Routing) (Config-mac-access-list)#
(Routing) (Config-policy-class-map)#
(Routing) (Config-router)#
(Routing) (Config-router)#
(Routing) (Config-ipv4-acl)#
Management ACL (Routing) (config-macal)#
Config
(Routing) (Tacacs)#
TACACS Config
Stack Global
Config Mode
ARP Access-List
Config Mode
Support Mode
(Routing) (Config stack)#
Data Center
Bridging
(Routing) (config-if-dcb)#
September 2014
(Routing) (Config-arp-access-list)#
(Routing) (Support)#
Contains the RIP configuration commands.
Allows you to create a IPv4 ACL and configure
rules for the ACL.
Allows you to create a IPv4 ACL and configure
rules for the ACL.
Allows you to create a MAC Access-List and to
enter the mode containing MAC Access-List
configuration commands.
Allows you to create a management ACL and
configure rules for the ACL.
Contains commands to configure properties
for the TACACS servers.
Allows you to access the Stack Global Config
Mode.
Contains commands to add ARP ACL rules in
an ARP Access List.
Allows access to the support commands,
which should only be used by the
manufacturer's technical support personnel
as improper use could cause unexpected
system behavior and/or invalidate product
warranty.
Allows access to priority flow control (PFC)
commands for an interface.
CLI Command Reference
Page 18
HP Moonshot Switch Module CLI Command Reference
Command Modes
Table 6 explains how to enter each command mode. To exit a mode and return to the previous mode, enter
exit. To exit to Privileged EXEC mode, enter end.
Note: Entering end from Privileged EXEC mode exits to User EXEC mode. To exit User EXEC mode,
enter logout.
Table 6: CLI Mode Access
Command Mode
Access Method
User EXEC
Privileged EXEC
Global Config
VLAN Config
Interface Config
This is the first level of access.
From the User EXEC mode, enter enable.
From the Privileged EXEC mode, enter configure.
From the Privileged EXEC mode, enter vlan database.
From the Global Config mode, enter one of the following, depending on the type
of interface:
interface
interface
interface
interface
interface
unit/slot/port
unit/slot/port(startrange)-unit/slot/port(endrange)
loopback id
lag lag-intf-num
vlan vlan-id
The following example shows how to enter interface configuration mode for the
range of interfaces that includes physical ports 1, 2, 3, and 4.
interface 1/0/1-1/0/4
Line Console
Line SSH
Line Telnet
AAA IAS User Config
Mail Server Config
Time Range Config
Policy-Map
Config
Policy-Class-Map Config
Class-Map
Config
Ipv6-Class-Map
Config
Router OSPF Config
Router RIP
Config
September 2014
Note: The interface unit/slot/port command and range command can be
used to enter interface configuration mode for a physical port (for example,
1/0/1), VLAN routing interface (for example, 0/4/1), or LAG (for example, 0/3/1).
From the Global Config mode, enter line console.
From the Global Config mode, enter line ssh.
From the Global Config mode, enter line telnet.
From the Global Config mode, enter aaa ias-user username name.
From the Global Config mode, enter mail-server ip_address
From the Global Config mode, enter time-range name
From the Global Config mode, enter policy-map.
From the Policy Map mode enter class.
From the Global Config mode, enter class-map match-all class-name ipv4. If
the named class has already been created, enter class-map class-name. See
“class-map” on page 629 for more information.
From the Global Config mode, enter class-map match-all class-name ipv6. If
the named class has already been created, enter class-map class-name. See
“class-map” on page 629 for more information.
From the Global Config mode, enter router ospf.
From the Global Config mode, enter router rip.
CLI Command Reference
Page 19
HP Moonshot Switch Module CLI Command Reference
Command Completion and Abbreviation
Table 6: CLI Mode Access (Cont.)
Command Mode
Access Method
IPv6 Access-list Config
IPv4 Access-list Config
MAC Access-list Config
Management Access-list
Config
TACACS Config
From the Global Config mode, enter ipv6 access-list name.
From the Global Config mode, enter ip access-list name.
From the Global Config mode, enter mac access-list extended name.
From the Global Config mode, enter management access-list name.
From the Global Config mode, enter tacacs-server host ip-addr, where ipaddr is the IP address of the TACACS server on your network.
Stack Global Config Mode From the Global Config mode, enter the stack command.
ARP Access-List Config Mode From the Global Config mode, enter the arp access-list command.
Support Mode
From the Privileged EXEC mode, enter support.
Note: The support command is available only if the techsupport enable
command has been issued.
From the Interface Config mode, enter datacenter-bridging.
Data Center Bridging
Command Completion and Abbreviation
Command completion finishes spelling the command when you type enough letters of a command to uniquely
identify the command keyword. Once you have entered enough letters, press the SPACEBAR or TAB key to
complete the word.
Command abbreviation allows you to execute a command when you have entered there are enough letters to
uniquely identify the command. You must enter all of the required keywords and parameters before you enter
the command.
CLI Error Messages
If you enter a command and the system is unable to execute it, an error message appears. Table 7 describes
the most common CLI error messages.
Table 7: CLI Error Messages
Message Text
Description
% Invalid input detected at '^'
marker.
Indicates that you entered an incorrect or unavailable command. The
carat (^) shows where the invalid text is detected. This message also
appears if any of the parameters or values are not recognized.
Indicates that you did not enter the required keywords or values.
Command not found / Incomplete
command. Use ? to list commands.
Ambiguous command
September 2014
Indicates that you did not enter enough letters to uniquely identify the
command.
CLI Command Reference
Page 20
HP Moonshot Switch Module CLI Command Reference
CLI Line-Editing Conventions
CLI Line-Editing Conventions
Table 8 describes the key combinations you can use to edit commands or increase the speed of command
entry. You can access this list from the CLI by entering help from the User or Privileged EXEC modes.
Table 8: CLI Editing Conventions
Key Sequence
Description
DEL or Backspace
Ctrl-A
Ctrl-E
Ctrl-F
Ctrl-B
Ctrl-D
Ctrl-U, X
Ctrl-K
Ctrl-W
Ctrl-T
Ctrl-P
Ctrl-R
Ctrl-N
Ctrl-Y
Ctrl-Q
Ctrl-S
Ctrl-Z
Tab, <SPACE>
Exit
?
Delete previous character.
Go to beginning of line.
Go to end of line.
Go forward one character.
Go backward one character.
Delete current character.
Delete to beginning of line.
Delete to end of line.
Delete previous word.
Transpose previous character.
Go to previous line in history buffer.
Rewrites or pastes the line.
Go to next line in history buffer.
Prints last deleted character.
Enables serial flow.
Disables serial flow.
Return to root command prompt.
Command-line completion.
Go to next lower command prompt.
List available commands, keywords, or parameters.
September 2014
CLI Command Reference
Page 21
Using CLI Help
HP Moonshot Switch Module CLI Command Reference
Using CLI Help
Enter a question mark (?) at the command prompt to display the commands available in the current mode.
(Routing) >?
enable
help
logout
ping
quit
show
telnet
Enter into user privilege mode.
Display help for various special keys.
Exit this session. Any unsaved changes are lost.
Send ICMP echo packets to a specified IP address.
Exit this session. Any unsaved changes are lost.
Display Switch Options and Settings.
Telnet to a remote host.
Enter a question mark (?) after each word you enter to display available command keywords or parameters.
(Routing) #network ?
ipv6
mac-address
mac-type
mgmt_vlan
parms
protocol
Configure IPv6 parameters for system network.
Configure MAC Address.
Select the locally administered or burnedin MAC
address.
Configure the Management VLAN ID of the switch.
Configure Network Parameters of the device.
Select DHCP, BootP, or None as the network config
protocol.
If the help output shows a parameter in angle brackets, you must replace the parameter with a value.
(Routing) #network parms ?
<ipaddr>
none
Enter the IP Address.
Reset IP address and gateway on management interface
If there are no additional command keywords or parameters, or if additional parameters are optional, the
following message appears in the output:
<cr>
Press Enter to execute the command
You can also enter a question mark (?) after typing one or more characters of a word to list the available
command or parameters that begin with the letters, as shown in the following example:
(Routing) #show m?
mac
mail-server
mmrp
mvr
September 2014
mac-addr-table
management
monitor
mvrp
mac-address-table
mldsnooping
mrp
CLI Command Reference
Page 22
HP Moonshot Switch Module CLI Command Reference
Accessing the CLI
Accessing the CLI
You can access the CLI by using a direct console connection or by using a telnet or SSH connection from a
remote management host.
For the initial connection, you must use a direct connection to the console port. You cannot access the system
remotely until the system has an IP address, subnet mask, and default gateway. You can set the network
configuration information manually, or you can configure the system to accept these settings from a BOOTP or
DHCP server on your network. For more information, see “Network Interface Commands” on page 43.
For step-by-step instructions about how to connect to the switch management interface, see the HP Moonshot
Switch Module Administrator’s Guide.
September 2014
CLI Command Reference
Page 23
Stacking Commands
HP Moonshot Switch Module CLI Command Reference
Section 3: Stacking Commands
This chapter describes the stacking commands available in the HP Moonshot Switch Module CLI.
The Stacking Commands chapter includes the following sections:
• “Switch Stacking” on page 24
• “Stack Port Commands” on page 33
• “Nonstop Forwarding Commands” on page 37
Note: The Primary Management Unit is the unit that controls the stack.
Switch Stacking
This section describes the commands you use to configure switch stacks.
stack
This command sets the mode to Stack Global Config.
Format
stack
Mode
Global Config
member
This command configures a switch. The unit is the switch identifier of the switch to be added/removed from
the stack. The switchindex is the index into the database of the supported switch types, indicating the type of
the switch being preconfigured. The switch index is a 32-bit integer. This command is executed on the Primary
Management Unit.
Format
member unit switchindex
Mode
Stack Global Config
Note: Switch index can be obtained by executing the show supported switchtype command in User
EXEC mode.
September 2014
CLI Command Reference
Page 24
HP Moonshot Switch Module CLI Command Reference
Switch Stacking
no member
This command removes a switch from the stack. The unit is the switch identifier of the switch to be removed
from the stack. This command is executed on the Primary Management Unit.
Format
no member unit
Mode
Stack Global Config
switch priority
This command configures the ability of a switch to become the Primary Management Unit. The unit is the
switch identifier. The value is the preference parameter that allows the user to specify, priority of one backup
switch over another. The range for priority is 0 to 15. The switch with the highest priority value will be chosen
to become the Primary Management Unit if the active Primary Management Unit fails. Setting the value to 0
prevents the unit from being able to become the Management Unit. The switch priority defaults to the
hardware management preference value 1. Switches that do not have the hardware capability to become the
Primary Management Unit are not eligible for management.
Default
enabled
Format
switch unit priority value
Mode
Global Config
switch renumber
This command changes the switch identifier for a switch in the stack. The oldunit is the current switch
identifier on the switch whose identifier is to be changed. The newunit is the updated value of the switch
identifier. Upon execution, the switch will be configured with the configuration information for the new switch,
if any. The old switch configuration information will be retained, however the old switch will be operationally
unplugged. This command is executed on the Primary Management Unit. After issuing this command, you are
prompted to reload the unit that is being renumbered. The renumbering will not take effect until the unit is
reloaded.
Note: If the management unit is renumbered, then the running configuration is no longer applied (i.e.
the stack acts as if the configuration had been cleared).
Format
switch oldunit renumber newunit
Mode
Global Config
September 2014
CLI Command Reference
Page 25
HP Moonshot Switch Module CLI Command Reference
Switch Stacking
movemanagement
This command moves the Primary Management Unit functionality from one switch to another. The fromunit
is the switch identifier on the current Primary Management Unit. The tounit is the switch identifier on the new
Primary Management Unit. Upon execution, the entire stack (including all interfaces in the stack) is
unconfigured and reconfigured with the configuration on the new Primary Management Unit. After the reload
is complete, all stack management capability must be performed on the new Primary Management Unit. To
preserve the current configuration across a stack move, execute the copy system:running-config
nvram:startup-config (in Privileged EXEC) command before performing the stack move. A stack move causes
all routes and layer 2 addresses to be lost. This command is executed on the Primary Management Unit. The
system prompts you to confirm the management move.
Format
movemanagement fromunit tounit
Mode
Stack Global Config
standby
Use this command to configure a unit as a Standby Management Unit (STBY).
Note: The Standby Management Unit cannot be the current Management Unit. The Standby unit
should be a management-capable unit.
Format
standby unit number
Mode
Stack Global Config
Parameter
Description
Standby Management Unit Number
Indicates the unit number which is to be the Standby Management
Unit. unit number must be a valid unit number.
no standby
The no form of this command allows the application to run the auto Standby Management Unit logic.
Format
no standby
Mode
Stack Global Config
September 2014
CLI Command Reference
Page 26
HP Moonshot Switch Module CLI Command Reference
Switch Stacking
slot
This command configures a slot in the system. The unit/slot is the slot identifier of the slot. The cardindex is
the index into the database of the supported card types, indicating the type of the card being preconfigured in
the specified slot. The card index is a 32-bit integer. If a card is currently present in the slot that is unconfigured,
the configured information will be deleted and the slot will be re-configured with default information for the
card.
slot unit/slot cardindex
Format
Mode
Global Config
Note: Card index can be obtained by executing show supported cardtype command in User EXEC
mode.
no slot
This command removes configured information from an existing slot in the system.
Format
no slot unit/slot cardindex
Mode
Global Config
Note: Card index can be obtained by executing show supported cardtype command in User EXEC
mode.
set slot disable
This command configures the administrative mode of the slot(s). If you specify [all], the command is applied to
all slots, otherwise the command is applied to the slot identified by unit/slot.
If a card or other module is present in the slot, this administrative mode will effectively be applied to the
contents of the slot. If the slot is empty, this administrative mode will be applied to any module that is inserted
into the slot. If a card is disabled, all the ports on the device are operationally disabled and shown as
“unplugged” on management screens.
Format
set slot disable [unit/slot] | all]
Mode
Global Config
September 2014
CLI Command Reference
Page 27
HP Moonshot Switch Module CLI Command Reference
Switch Stacking
no set slot disable
This command unconfigures the administrative mode of the slot(s). If you specify all, the command removes
the configuration from all slots, otherwise the configuration is removed from the slot identified by unit/slot.
If a card or other module is present in the slot, this administrative mode removes the configuration from the
contents of the slot. If the slot is empty, this administrative mode removes the configuration from any module
inserted into the slot. If a card is disabled, all the ports on the device are operationally disabled and shown as
“unplugged” on management screens.
Format
no set slot disable [unit/slot] | all]
Mode
Global Config
set slot power
This command configures the power mode of the slot(s) and allows power to be supplied to a card located in
the slot. If you specify all, the command is applied to all slots, otherwise the command is applied to the slot
identified by unit/slot.
Use this command when installing or removing cards. If a card or other module is present in this slot, the power
mode is applied to the contents of the slot. If the slot is empty, the power mode is applied to any card inserted
into the slot.
Format
set slot power [unit/slot] | all]
Mode
Global Config
no set slot power
This command unconfigures the power mode of the slot(s) and prohibits power from being supplied to a card
located in the slot. If you specify all, the command prohibits power to all slots, otherwise the command
prohibits power to the slot identified by unit/slot.
Use this command when installing or removing cards. If a card or other module is present in this slot, power is
prohibited to the contents of the slot. If the slot is empty, power is prohibited to any card inserted into the slot.
Format
no set slot power [unit/slot] | all]
Mode
Global Config
reload (Stack)
This command resets the entire stack or the identified unit. The unit is the switch identifier. The system
prompts you to confirm that you want to reset the switch.
Format
reload [unit]
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 28
Switch Stacking
HP Moonshot Switch Module CLI Command Reference
show slot
This command displays information about all the slots in the system or for a specific slot.
show slot [unit/slot]
Format
Mode
User EXEC
Term
Definition
Slot
Status
Admin State
Power State
Configured Card
Model Identifier
Pluggable
Power Down
The slot identifier in a unit/slot format.
The slot is empty, full, or has encountered an error
The slot administrative mode is enabled or disabled.
The slot power mode is enabled or disabled.
The model identifier of the card preconfigured in the slot. Model Identifier is a 32-character
field used to identify a card.
Cards are pluggable or non-pluggable in the slot.
Indicates whether the slot can be powered down.
If you supply a value for unit/slot, the following information appears:
Term
Definition
Slot
Slot Status
Admin State
Power State
Inserted Card
Model Identifier
Inserted Card
Description
Configured Card
Model Identifier
Configured Card
Description
Pluggable
Power Down
The slot identifier in a unit/slot format.
The slot is empty, full, or has encountered an error
The slot administrative mode is enabled or disabled.
The slot power mode is enabled or disabled.
The model identifier of the card inserted in the slot. Model Identifier is a 32-character field
used to identify a card. This field is displayed only if the slot is full.
The card description. This field is displayed only if the slot is full.
September 2014
The model identifier of the card preconfigured in the slot. Model Identifier is a 32-character
field used to identify a card.
A description of the card configured for the slot.
Cards are pluggable or non-pluggable in the slot.
Indicates whether the slot can be powered down.
CLI Command Reference
Page 29
HP Moonshot Switch Module CLI Command Reference
Switch Stacking
show supported cardtype
This commands displays information about all card types or specific card types supported in the system.
Format
show supported cardtype [cardindex]
Mode
User EXEC
If you do not supply a value for cardindex, the following output appears:
Term
Definition
Card Index (CID) The index into the database of the supported card types. This index is used when
preconfiguring a slot.
Card Model
The model identifier for the supported card type.
Identifier
If you supply a value for cardindex, the following output appears:
Term
Definition
Card Type
The 32-bit numeric card type for the supported card.
Model Identifier The model identifier for the supported card type.
Card Description The description for the supported card type.
show switch
This command displays switch status information about all units in the stack or a single unit when you specify
the unit value.
Format
show switch [unit]
Mode
Privileged EXEC
Term
Definition
Switch
The unit identifier assigned to the switch.
When you do not specify a value for unit, the following information appears:
Term
Definition
Management
Switch
Standby Status
Preconfigured
Model Identifier
Indicates whether the switch is the Primary Management Unit, a stack member, a
configured standby switch, an operational standby switch, or the status is unassigned.
Indicates whether the switch a configured or operational standby switch.
The model identifier of a preconfigured switch ready to join the stack. The Model Identifier
is a 32-character field assigned by the device manufacturer to identify the device.
September 2014
CLI Command Reference
Page 30
Switch Stacking
HP Moonshot Switch Module CLI Command Reference
Term
Definition
Plugged-In Model The model identifier of the switch in the stack. Model Identifier is a 32-character field
Identifier
assigned by the device manufacturer to identify the device.
Switch Status
The switch status. Possible values for this state are: OK, Code Mismatch, or Not Present. A
mismatch indicates that a stack unit is running a different version of the code than the
management unit.
If there is a Stacking Firmware Synchronization operation in progress status is shown as
Updating Code.
Code Version
The detected version of code on this switch.
Example: The following shows example CLI display output for the command.
(Routing) #show switch
(Routing) #show switch
Management Standby
Preconfig
Plugged-in
Switch
Code
SW
Switch
Status
Model ID
Model ID
Status
Version
--- ---------- --------- ---------------- ---------------- ------------- ----------1
Mgmt Sw
Moonshot-180G
Moonshot-180G
OK
H.9.1.2
2
Stack Mbr Oper Stby Moonshot-180G
Moonshot-180G
OK
H.9.1.2
When you specify a value for unit, the following information appears.
Term
Definition
Switch
Management Status
Switch ID
Indicates whether the switch is the Primary Management Unit, a stack member, or
the status is unassigned.
Hardware Management The hardware management preference of the switch. The hardware management
Preference
preference can be disabled or unassigned.
Admin Management
The administrative management preference value assigned to the switch. This
Preference
preference value indicates how likely the switch is to be chosen as the Primary
Management Unit.
Switch Type
The 32-bit numeric switch type.
Preconfigured Model
The model identifier for this switch that has been preconfigured for the unit prior
Identifier
to joining the stack. Model Identifier is a 32-character field assigned by the device
manufacturer to identify the device.
Plugged-in Model
The model identifier for this switch detected by the hardware. Model Identifier is a
Identifier
32-character field assigned by the device manufacturer to identify the device.
Switch Status
The switch status. Possible values are OK, Code Mismatch, or Not Present.
Switch Description
The switch description.
Detected Code in Flash The version of code that is currently stored in FLASH memory on the switch. This
code executes after the switch is reset. If the switch is not present and the data is
from pre-configuration, then the code version is “None”.
SFS Last Attempt Status The stack firmware synchronization status in the last attempt for the specified unit.
Serial Number
The unique serial number assigned to the switch.
(Moonshot-180G only)
Up Time
The system up time.
September 2014
CLI Command Reference
Page 31
Switch Stacking
HP Moonshot Switch Module CLI Command Reference
Example: The following shows example CLI display output for the command on a Moonshot-45G switch
module.
(Routing) #show switch 1
Switch............................
Management Status.................
Hardware Management Preference....
Admin Management Preference.......
Switch Type.......................
Preconfigured Model Identifier....
Plugged-in Model Identifier.......
Switch Status.....................
Switch Description................
Detected Code in Flash............
SFS Last Attempt Status...........
Up Time...........................
1
Management Switch
Unassigned
Unassigned
0x68440101
HP Moonshot-45G
HP Moonshot-45G
OK
HP Moonshot-45G Switch
1.0.0.15
None
0 days 2 hrs 31 mins 9 secs
show supported switchtype
This commands displays information about all supported switch types or a specific switch type.
Format
show supported switchtype [switchindex]
Mode
User EXEC
Privileged EXEC
If you do not supply a value for switchindex, the following output appears:
Term
Definition
SID
The index into the database of supported switch types. This index is used when
preconfiguring a member to be added to the stack.
Switch Model ID The model identifier for the supported switch type.
Mgmt Pref
The management preference value of the switch type.
If you supply a value for switchindex, the following output appears:
Term
Definition
Switch Type
Model Identifier
Switch
Description
Management
Preference
Supported Cards
The 32-bit numeric switch type for the supported switch.
The model identifier for the supported switch type.
The description for the supported switch type.
September 2014
The management preference value of the switch type.
Provides information about the supported cards in the device, including the slot number,
card index, and model identifier.
CLI Command Reference
Page 32
Stack Port Commands
HP Moonshot Switch Module CLI Command Reference
Stack Port Commands
This section describes the commands you use to view and configure stack port information.
stack-port
This command sets stacking per port or range of ports to either stack or ethernet mode.
Default
stack
Format
stack-port unit/slot/port [{ethernet | stack}]
Mode
Stack Global Config
show stack-port
This command displays summary stack-port information for all interfaces.
show stack-port
Format
Mode
Privileged EXEC
For Each Interface:
Term
Definition
Unit
Interface
Configured Stack Mode
Running Stack Mode
Link Status
Link Speed
The unit number.
The slot and port numbers.
Stack or Ethernet.
Stack or Ethernet.
Status of the link.
Speed (Gbps) of the stack port link.
September 2014
CLI Command Reference
Page 33
HP Moonshot Switch Module CLI Command Reference
Stack Port Commands
show stack-port counters
This command displays summary data counter information for all interfaces.
show stack-port counters
Format
Mode
Privileged EXEC
Term
Definition
Unit
Interface
Tx Data Rate
Tx Error Rate
Tx Total Errors
Rx Data Rate
Rx Error Rate
Rx Total Errors
The unit number.
The slot and port numbers.
Trashing data rate in megabits per second on the stacking port.
Platform-specific number of transmit errors per second.
Platform-specific number of total transmit errors since power-up.
Receive data rate in megabits per second on the stacking port.
Platform-specific number of receive errors per second.
Platform-specific number of total receive errors since power-up.
show stack-port diag
This command shows stack port diagnostics for each port and is only intended for Field Application Engineers
(FAEs) and developers. An FAE will advise on the necessity to run this command and capture this information.
show stack-port diag
Format
Mode
Privileged EXEC
Term
Definition
Unit
Interface
Diagnostic Entry1
Diagnostic Entry2
Diagnostic Entry3
The unit number.
The slot and port numbers.
80 character string used for diagnostics.
80 character string used for diagnostics.
80 character string used for diagnostics.
show stack-port stack-path
This command displays the route a packet will take to reach the destination.
Format
show stack-port stack-path {1—9 | all}
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 34
HP Moonshot Switch Module CLI Command Reference
Stack Firmware Synchronization Commands
Stack Firmware Synchronization Commands
Stack Firmware Synchronization (SFS) provides the ability to automatically synchronize firmware for all stack
members. If a unit joins the stack and its firmware version is different from the version running on the stack
manager, the SFS feature can either upgrade or downgrade the firmware on the mismatched stack member.
There is no attempt to synchronize the stack to the latest firmware in the stack.
For optimal operation, use the recommended firmware version.
For more information on recommended firmware versions, see the HP website (http://www.hp.com/go/
servers/Moonshot/download).
boot auto-copy-sw
Use this command to enable the Stack Firmware Synchronization feature on the stack.
Default
Disabled
Format
boot auto-copy-sw
Mode
Privileged Exec
no boot auto-copy-sw
Use this command to disable the Stack Firmware Synchronization feature on the stack
Format
no boot auto-copy-sw
Mode
Privileged Exec
boot auto-copy-sw trap
Use this command to enable the sending of SNMP traps related to the Stack Firmware Synchronization feature.
Default
Enabled
Format
boot auto-copy-sw trap
Mode
Privileged Exec
no boot auto-copy-sw trap
Use this command to disable the sending of traps related to the Stack Firmware Synchronization feature.
Format
no boot auto-copy-sw trap
Mode
Privileged Exec
September 2014
CLI Command Reference
Page 35
HP Moonshot Switch Module CLI Command Reference
Stack Firmware Synchronization Commands
boot auto-copy-sw allow-downgrade
Use this command to allow the stack manager to downgrade the firmware version on the stack member if the
firmware version on the manager is older than the firmware version on the member.
Default
Enabled
Format
boot auto-copy-sw allow-downgrade
Mode
Privileged Exec
no boot auto-copy-sw allow-downgrade
Use this command to prevent the stack manager from downgrading the firmware version of a stack member.
Format
no boot auto-copy-sw allow-downgrade
Mode
Privileged Exec
show auto-copy-sw
Use this command to display Stack Firmware Synchronization configuration status information.
show auto-copy-sw
Format
Mode
Privileged Exec
Term
Definition
Synchronization
SNMP Trap Status
Allow Downgrade
Shows whether the SFS feature is enabled.
Shows whether the stack will send traps for SFS events.
Shows wether the manager is permitted to downgrade the firmware version of a
stack member.
September 2014
CLI Command Reference
Page 36
HP Moonshot Switch Module CLI Command Reference
Nonstop Forwarding Commands
Nonstop Forwarding Commands
A switch can be described in terms of three semi-independent functions called the forwarding plane, the
control plane, and the management plane. The forwarding plane forwards data packets. The forwarding plane
is implemented in hardware. The control plane is the set of protocols that determine how the forwarding plane
should forward packets, deciding which data packets are allowed to be forwarded and where they should go.
Application software on the management unit acts as the control plane. The management plane is application
software running on the management unit that provides interfaces allowing a network administrator to
configure and monitor the device.
Nonstop forwarding (NSF) allows the forwarding plane of stack units to continue to forward packets while the
control and management planes restart as a result of a power failure, hardware failure, or software fault on
the management unit. A nonstop forwarding failover can also be manually initiated using the initiate
failover command. Traffic flows that enter and exit the stack through physical ports on a unit other than the
management continue with at most sub-second interruption when the management unit fails.
To prepare the backup management unit in case of a failover, applications on the management unit
continuously checkpoint some state information to the backup unit. Changes to the running configuration are
automatically copied to the backup unit. MAC addresses stay the same across a nonstop forwarding failover so
that neighbors do not have to relearn them.
When a nonstop forwarding failover occurs, the control plane on the backup unit starts from a partiallyinitialized state and applies the checkpointed state information. While the control plane is initializing, the stack
cannot react to external changes, such as network topology changes. Once the control plane is fully operational
on the new management unit, the control plane ensures that the hardware state is updated as necessary.
Control plane failover time depends on the size of the stack, the complexity of the configuration, and the speed
of the CPU.
The management plane restarts when a failover occurs. Management connections must be reestablished.
For NSF to be effective, adjacent networking devices must not reroute traffic around the restarting device. The
switch uses three techniques to prevent traffic from being rerouted:
1. A protocol may distribute a part of its control plane to stack units so that the protocol can give the
appearance that it is still functional during the restart. Spanning tree and port channels use this technique.
2. A protocol may enlist the cooperation of its neighbors through a technique known as graceful restart. OSPF
uses graceful restart if it is enabled (see “IP Event Dampening Commands” on page 581).
3. A protocol may simply restart after the failover if neighbors react slowly enough that they will not normally
detect the outage. The IP multicast routing protocols are a good example of this behavior.
To take full advantage of nonstop forwarding, layer 2 connections to neighbors should be via port channels that
span two or more stack units, and layer 3 routes should be ECMP routes with next hops via physical ports on
two or more units. The hardware can quickly move traffic flows from port channel members or ECMP paths on
a failed unit to a surviving unit.
September 2014
CLI Command Reference
Page 37
HP Moonshot Switch Module CLI Command Reference
Nonstop Forwarding Commands
nsf (Stack Global Config Mode)
This command enables nonstop forwarding feature on the stack. When nonstop forwarding is enabled, if the
management unit of a stack fails, the backup unit takes over as the master without clearing the hardware tables
of any of the surviving units. Data traffic continues to be forwarded in hardware while the management
functions initialize on the backup unit.
NSF is enabled by default. The administrator may wish to disable NSF in order to redirect the CPU resources
consumed by data checkpointing.
If a unit that does not support NSF is connected to the stack, then NSF is disabled on all stack members. When
a unit that does not support NSF is disconnected from the stack and all other units support NSF, and NSF is
administratively enabled, then NSF operation resumes.
Default
enabled
Format
nsf
Mode
Stack Global Config Mode
no nsf
This command disables NSF on the stack.
Format
no nsf
Mode
Stack Global Config Mode
show nsf
This command displays global and per-unit information on NSF configuration on the stack.
Format
show nsf
Mode
Privileged Exec
Parameter
Description
NSF Administrative
Whether nonstop forwarding is administratively enabled or disabled.
Status
Default: Enabled
NSF Operational Status Indicates whether NSF is enabled on the stack.
September 2014
CLI Command Reference
Page 38
HP Moonshot Switch Module CLI Command Reference
Parameter
Nonstop Forwarding Commands
Description
Last Startup Reason
The type of activation that caused the software to start the last time:
• “Power-On” means that the switch rebooted. This could have been caused by a
power cycle or an administrative “Reload” command.
• “Administrative Move” means that the administrator issued the movemanagement
command for the stand-by manager to take over.
• “Warm-Auto-Restart” means that the primary management card restarted due to
a failure, and the system executed a nonstop forwarding failover.
• “Cold-Auto-Restart” means that the system switched from the active manager to
the backup manager and was unable to maintain user data traffic. This is usually
caused by multiple failures occurring close together.
Time Since Last Restart Time since the current management unit became the active management unit.
Restart in progress
Whether a restart is in progress.
Warm Restart Ready
Whether the system is ready to perform a nonstop forwarding failover from the
management unit to the backup unit.
Copy of Running
Whether the running configuration on the backup unit includes all changes made on
Configuration to
the management unit. Displays as Current or Stale.
Backup Unit: Status
Time Since Last Copy When the running configuration was last copied from the management unit to the
backup unit.
Time Until Next Copy The number of seconds until the running configuration will be copied to the backup
unit. This line only appears when the running configuration on the backup unit is
Stale.
Per Unit Status Parameters
NSF Support
Whether a unit supports NSF.
initiate failover
This command forces the backup unit to take over as the management unit and perform a “warm restart” of
the stack. On a warm restart, the backup unit becomes the management unit without clearing its hardware
tables (on a cold restart, hardware tables are cleared). Applications apply checkpointed data from the former
management unit. The original management unit reboots.
If the system is not ready for a warm restart, for example because no backup unit has been elected or one or
more members of the stack do not support nonstop forwarding, the command fails with a warning message.
The movemanagement command (see page 26) also transfers control from the current management unit;
however, the hardware is cleared and all units reinitialize.
Format
initiate failover
Mode
Stack Global Config Mode
September 2014
CLI Command Reference
Page 39
HP Moonshot Switch Module CLI Command Reference
Nonstop Forwarding Commands
show checkpoint statistics
This command displays general information about the checkpoint service operation.
Format
show checkpoint statistics
Mode
Privileged Exec
Parameter
Description
Messages Checkpointed
Number of checkpoint messages transmitted to the backup unit. Range: Integer.
Default: 0
Bytes Checkpointed
Number of bytes transmitted to the backup unit. Range: Integer. Default: 0
Time Since Counters Cleared Number of days, hours, minutes and seconds since the counters were reset to
zero. The counters are cleared when a unit becomes manager and with a
support command. Range: Time Stamp. Default: 0d00:00:00
Checkpoint Message Rate
Average number of checkpoint messages per second. The average is computed
over the time period since the counters were cleared. Range: Integer. Default: 0
Last 10-second Message Rate Average number of checkpoint messages per second in the last 10-second
interval. This average is updated once every 10 seconds. Range: Integer.
Default: 0
Highest 10-second Message The highest rate recorded over a 10-second interval since the counters were
Rate
cleared. Range: Integer. Default: 0
clear checkpoint statistics
This command clears all checkpoint statistics to their initial values.
Format
clear checkpoint statistics
Mode
Privileged Exec
September 2014
CLI Command Reference
Page 40
HP Moonshot Switch Module CLI Command Reference
Management Commands
Section 4: Management Commands
This chapter describes the management commands available in the HP Moonshot Switch Module CLI.
The Management Commands chapter contains the following sections:
• “Network Interface Commands” on page 43
• “Console Port Access Commands” on page 59
• “Telnet Commands” on page 62
• “Secure Shell Commands” on page 67
• “Management Security Commands” on page 69
• “Access Commands” on page 70
• “User Account Commands” on page 71
• “SNMP Commands” on page 100
• “RADIUS Commands” on page 115
• “TACACS+ Commands” on page 128
• “Configuration Scripting Commands” on page 134
• “Banner, Prompt, and Host Name Commands” on page 136
September 2014
CLI Command Reference
Page 41
HP Moonshot Switch Module CLI Command Reference
Enable and Do Commands
Enable and Do Commands
enable (Privileged EXEC access)
This command gives you access to the Privileged EXEC mode. From the Privileged EXEC mode, you can
configure the network interface.
Format
enable
Mode
User EXEC
do (Privileged EXEC commands)
This command executes Privileged EXEC mode commands from any of the configuration modes.
Format
do Priv Exec Mode Command
Mode
•
•
•
•
Global Config
Interface Config
VLAN Config
Routing Config
Example: The following is an example of the do command that executes the Privileged Exec command
script list in Global Config Mode.
(Routing) #configure
(Routing)(config)#do script list
Configuration Script Name
Size(Bytes)
-------------------------------- ----------backup-config
2105
running-config
4483
startup-config
445
3 configuration script(s) found.
2041 Kbytes free.
September 2014
CLI Command Reference
Page 42
HP Moonshot Switch Module CLI Command Reference
Network Interface Commands
Network Interface Commands
This section describes the commands you use to configure a logical interface for management access. To
configure the management VLAN, see “network mgmt_vlan” on page 298.
serviceport ip
This command sets the IP address, the netmask and the gateway of the network management port. You can
specify the none option to clear the IPv4 address and mask and the default gateway (i.e., reset each of these
values to 0.0.0.0).
Format
serviceport ip {ipaddr netmask [gateway] | none}
Mode
Privileged EXEC
serviceport protocol
This command specifies the network management port configuration protocol. If you modify this value, the
change is effective immediately. If you use the bootp parameter, the switch periodically sends requests to a
BootP server until a response is received. If you use the dhcp parameter, the switch periodically sends requests
to a DHCP server until a response is received. If you use the none parameter, you must configure the network
information for the switch manually.
Format
serviceport protocol {none | bootp | dhcp}
Mode
Privileged EXEC
serviceport protocol dhcp
This command enables the DHCPv4 client on a Service port. If the client-id optional parameter is given, the
DHCP client messages are sent with the client identifier option.
Default
DHCP
Format
serviceport protocol dhcp [client-id]
Mode
Privileged EXEC
There is no support for the no form of the command serviceport protocol dhcp client-id. To remove the
client-id option from the DHCP client messages, issue the command serviceport protocol dhcp without the
client-id option. The command serviceport protocol none can be used to disable the DHCP client and client-
id option on the interface.
Example: The following shows an example of the command.
(Routing) # serviceport protocol dhcp client-id
September 2014
CLI Command Reference
Page 43
HP Moonshot Switch Module CLI Command Reference
Network Interface Commands
network parms
This command sets the IP address, subnet mask and gateway of the device. The IP address and the gateway
must be on the same subnet. When you specify the none option, the IP address and subnet mask are set to the
factory defaults.
Format
network parms {ipaddr netmask [gateway]| none}
Mode
Privileged EXEC
network protocol
This command specifies the network configuration protocol to be used. If you modify this value, change is
effective immediately. If you use the bootp parameter, the switch periodically sends requests to a BootP server
until a response is received. If you use the dhcp parameter, the switch periodically sends requests to a DHCP
server until a response is received. If you use the none parameter, you must configure the network information
for the switch manually.
Default
none
Format
network protocol {none | bootp | dhcp}
Mode
Privileged EXEC
network protocol dhcp
This command enables the DHCPv4 client on a Network port. If the client-id optional parameter is given, the
DHCP client messages are sent with the client identifier option.
Default
none
Format
network protocol dhcp [client-id]
Mode
Global Config
There is no support for the no form of the command network protocol dhcp client-id. To remove the clientid option from the DHCP client messages, issue the command network protocol dhcp without the client-id
option. The command network protocol none can be used to disable the DHCP client and client-id option on
the interface.
Example: The following shows an example of the command.
(Routing) # network protocol dhcp client-id
September 2014
CLI Command Reference
Page 44
HP Moonshot Switch Module CLI Command Reference
Network Interface Commands
network mac-address
This command sets locally administered MAC addresses. The following rules apply:
• Bit 6 of byte 0 (called the U/L bit) indicates whether the address is universally administered (b'0') or locally
administered (b'1').
• Bit 7 of byte 0 (called the I/G bit) indicates whether the destination address is an individual address (b'0')
or a group address (b'1').
• The second character, of the twelve character macaddr, must be 2, 6, A or E.
A locally administered address must have bit 6 On (b'1') and bit 7 Off (b'0').
Format
network mac-address macaddr
Mode
Privileged EXEC
network mac-type
This command specifies whether the switch uses the burned in MAC address or the locally-administered MAC
address.
Default
burnedin
Format
network mac-type {local | burnedin}
Mode
Privileged EXEC
no network mac-type
This command resets the value of MAC address to its default.
Format
no network mac-type
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 45
HP Moonshot Switch Module CLI Command Reference
Network Interface Commands
show network
This command displays configuration settings associated with the switch's network interface. The network
interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel
ports. The configuration parameters associated with the switch's network interface do not affect the
configuration of the front panel ports through which traffic is switched or routed. The network interface is
always considered to be up, whether or not any member ports are up; therefore, the show network command
will always show Interface Status as Up.
Format
show network
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Interface Status
IP Address
Subnet Mask
Default Gateway
IPv6 Administrative Mode
IPv6 Address/Length
The network interface status; it is always considered to be up.
The IP address of the interface. The factory default value is 0.0.0.0.
The IP subnet mask for this interface. The factory default value is 0.0.0.0.
The default gateway for this IP interface. The factory default value is 0.0.0.0.
Whether enabled or disabled.
The IPv6 address and length. This field is visible only if the IPv6 administrative
mode is enabled.
The IPv6 default router address. This field is visible only if the IPv6
administrative mode is enabled.
The burned in MAC address used for in-band connectivity.
If desired, a locally administered MAC address can be configured for in-band
connectivity. To take effect, 'MAC Address Type' must be set to 'Locally
Administered'. Enter the address as twelve hexadecimal digits (6 bytes) with a
colon between each byte. Bit 1 of byte 0 must be set to a 1 and bit 0 to a 0, i.e.
byte 0 should have the following mask 'xxxx xx10'. The MAC address used by
this bridge when it must be referred to in a unique fashion. It is recommended
that this be the numerically smallest MAC address of all ports that belong to
this bridge. However it is only required to be unique. When concatenated with
dot1dStpPriority a unique Bridge Identifier is formed which is used in the
Spanning Tree Protocol.
The MAC address which should be used for in-band connectivity. The choices
are the burned in or the Locally Administered address. The factory default is to
use the burned in MAC address.
The IPv4 network protocol being used. The options are bootp | dhcp | none.
The IPv6 network protocol being used. The options are dhcp | none.
The DHCPv6 client’s unique client identifier. This row is displayed only when the
configured IPv6 protocol is DHCP.
Whether IPv6 Stateless address autoconfiguration is enabled or disabled.
IPv6 Default Router
Burned In MAC Address
Locally Administered MAC
Address
MAC Address Type
Configured IPv4 Protocol
Configured IPv6 Protocol
DHCPv6 Client DUID
IPv6 Autoconfig Mode
September 2014
CLI Command Reference
Page 46
Network Interface Commands
HP Moonshot Switch Module CLI Command Reference
Term
Definition
Management VLAN ID
The VLAN ID for the management VLAN. Some network administrators use a
management VLAN to isolate system management traffic from end-user data
traffic.
The client identifier is displayed in the output of the command only if DHCP is
enabled with the client-id option on the network port. See “network protocol
dhcp” on page 44.
DHCP Client Identifier
Example: The following shows example CLI display output for the network port.
(Routing) #show network
Interface Status...............................
IP Address.....................................
Subnet Mask....................................
Default Gateway................................
IPv6 Administrative Mode.......................
Burned In MAC Address..........................
Locally Administered MAC address...............
MAC Address Type...............................
Configured IPv4 Protocol.......................
Configured IPv6 Protocol.......................
IPv6 AutoConfig Mode...........................
Management VLAN ID.............................
Up
0.0.0.0
0.0.0.0
0.0.0.0
Disabled
00:24:81:D0:0F:C2
00:00:00:00:00:00
Burned In
None
None
Disabled
1
show serviceport
This command displays service port configuration information.
Format
show serviceport
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Interface Status
IP Address
Subnet Mask
Default Gateway
IPv6 Administrative
Mode
IPv6 Address/Length
IPv6 Default Router
The network interface status. It is always considered to be up.
The IP address of the interface. The factory default value is 0.0.0.0.
The IP subnet mask for this interface. The factory default value is 0.0.0.0.
The default gateway for this IP interface. The factory default value is 0.0.0.0.
Whether enabled or disabled. Default value is enabled.
The IPv6 address and length. Default is Link Local format.
TheIPv6 default router address on the service port. The factory default value is an
unspecified address.
Configured IPv4 Protocol The IPv4 network protocol being used. The options are bootp | dhcp | none.
Configured IPv6 Protocol The IPv6 network protocol being used. The options are dhcp | none.
DHCPv6 Client DUID
The DHCPv6 client’s unique client identifier. This row is displayed only when the
configured IPv6 protocol is dhcp.
September 2014
CLI Command Reference
Page 47
Network Interface Commands
HP Moonshot Switch Module CLI Command Reference
Term
Definition
IPv6 Autoconfig Mode
Burned in MAC Address
DHCP Client Identifier
Whether IPv6 Stateless address autoconfiguration is enabled or disabled.
The burned in MAC address used for in-band connectivity.
The client identifier is displayed in the output of the command only if DHCP is
enabled with the client-id option on the service port. See “serviceport protocol”
on page 43.
Example: The following shows example CLI display output for the service port.
(admin) #show serviceport
Interface Status...............................
IP Address.....................................
Subnet Mask....................................
Default Gateway................................
IPv6 Administrative Mode.......................
IPv6 Prefix is ................................
IPv6 Prefix is ................................
IPv6 Default Router is ........................
Configured IPv4 Protocol ......................
Configured IPv6 Protocol ......................
DHCPv6 Client DUID ............................
IPv6 Autoconfig Mode...........................
Burned In MAC Address..........................
DHCP Client Identifier.........................
September 2014
Up
10.230.3.51
255.255.255.0
10.230.3.1
Enabled
fe80::210:18ff:fe82:640/64
2005::21/128
fe80::204:76ff:fe73:423a
DHCP
DHCP
00:03:00:06:00:10:18:82:06:4C
Disabled
00:10:18:82:06:4D
0Moonshot-0010.1882.160C
CLI Command Reference
Page 48
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
IPv6 Management Commands
IPv6 Management commands allow a device to be managed via an IPv6 address. HP Moonshot Switch Module
software has capabilities such as:
• Static assignment of IPv6 addresses and gateways for the service/network ports.
• The ability to ping an IPv6 link-local address over the service/network port.
• The ability to send SNMP traps and queries via the service/network port.
• Management of the device via the network port (in addition to a Routing Interface or the Service port).
serviceport ipv6 enable
Use this command to enable IPv6 operation on the service port. By default, IPv6 operation is enabled on the
service port.
Format
serviceport ipv6 enable
Mode
Privileged EXEC
no serviceport ipv6 enable
Use this command to disable IPv6 operation on the service port.
Format
no serviceport ipv6 enable
Mode
Privileged EXEC
network ipv6 enable
Use this command to enable IPv6 operation on the network port. By default, IPv6 operation is enabled on the
network port.
Format
network ipv6 enable
Mode
Privileged EXEC
no network ipv6 enable
Use this command to disable IPv6 operation on the network port.
Format
no network ipv6 enable
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 49
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
serviceport ipv6 address
Use the options of this command to manually configure IPv6 global address, enable/disable stateless global
address autoconfiguration and to enable/disable dhcpv6 client protocol information on the service port.
Note: Multiple IPv6 prefixes can be configured on the service port.
Format
serviceport ipv6 address {address/prefix-length [eui64]|autoconfig|dhcp}
Mode
Privileged EXEC
Parameter
Description
address
prefix-length
eui64
autoconfig
dhcp
IPv6 prefix in IPv6 global address format.
IPv6 prefix length value.
Formulate IPv6 address in eui64 address format.
Configure stateless global address autoconfiguration capability.
Configure dhcpv6 client protocol.
no serviceport ipv6 address
Use the command no serviceport ipv6 address to remove all configured IPv6 prefixes on the service port
interface.
Use the command with the address option to remove the manually configured IPv6 global address on the
network port interface.
Use the command with the autoconfig option to disable the stateless global address autoconfiguration on the
service port.
Use the command with the dhcp option to disable the dhcpv6 client protocol on the service port.
Format
no serviceport ipv6 address {address/prefix-length [eui64] | autoconfig | dhcp}
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 50
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
serviceport ipv6 gateway
Use this command to configure IPv6 gateway (i.e. Default routers) information for the service port.
Note: Only a single IPv6 gateway address can be configured for the service port. There may be a
combination of IPv6 prefixes and gateways that are explicitly configured and those that are set
through auto-address configuration with a connected IPv6 router on their service port interface.
Format
serviceport ipv6 gateway gateway-address
Mode
Privileged EXEC
Parameter
Description
gateway-address Gateway address in IPv6 global or link-local address format.
no serviceport ipv6 gateway
Use this command to remove IPv6 gateways on the service port interface.
Format
no serviceport ipv6 gateway
Mode
Privileged EXEC
network ipv6 address
Use the options of this command to manually configure IPv6 global address, enable/disable stateless global
address autoconfiguration and to enable/disable dhcpv6 client protocol information for the network port.
Multiple IPv6 addresses can be configured on the network port.
Format
network ipv6 address {address/prefix-length [eui64] | autoconfig | dhcp}
Mode
Privileged EXEC
Parameter
Description
address
prefix-length
eui64
autoconfig
dhcp
IPv6 prefix in IPv6 global address format.
IPv6 prefix length value.
Formulate IPv6 address in eui64 format.
Configure stateless global address autoconfiguration capability.
Configure dhcpv6 client protocol.
September 2014
CLI Command Reference
Page 51
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
no network ipv6 address
The command no network ipv6 address removes all configured IPv6 prefixes.
Use this command with the address option to remove the manually configured IPv6 global address on the
network port interface.
Use this command with the autoconfig option to disable the stateless global address autoconfiguration on the
network port.
Use this command with the dhcp option disables the dhcpv6 client protocol on the network port.
Format
no network ipv6 address {address/prefix-length [eui64] | autoconfig | dhcp}
Mode
Privileged EXEC
network ipv6 gateway
Use this command to configure IPv6 gateway (i.e. default routers) information for the network port.
network ipv6 gateway gateway-address
Format
Mode
Parameter
Privileged EXEC
Description
gateway-address Gateway address in IPv6 global or link-local address format.
no network ipv6 gateway
Use this command to remove IPv6 gateways on the network port interface.
Format
no network ipv6 gateway
Mode
Privileged EXEC
network ipv6 neighbor
Use this command to manually add IPv6 neighbors to the IPv6 neighbor table for this network port. If an IPv6
neighbor already exists in the neighbor table, the entry is automatically converted to a static entry. Static
entries are not modified by the neighbor discovery process. They are, however, treated the same for IPv6
forwarding. Static IPv6 neighbor entries are applied to the kernel stack and to the hardware when the
corresponding interface is operationally active.
Format
network ipv6 neighbor ipv6-address macaddr
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 52
HP Moonshot Switch Module CLI Command Reference
Parameter
Description
ipv6-address
macaddr
The IPv6 address of the neighbor or interface.
The link-layer address.
IPv6 Management Commands
no network ipv6 neighbor
Use this command to remove IPv6 neighbors from the neighbor table.
Format
no network ipv6 neighbor ipv6-address macaddr
Mode
Privileged EXEC
show network ipv6 neighbors
Use this command to display the information about the IPv6 neighbor entries cached on the network port. The
information is updated to show the type of the entry.
Default
None
Format
show network ipv6 neighbors
Mode
• Privileged EXEC
Field
Description
IPv6 Address
MAC Address
isRtr
Neighbor State
The IPv6 address of the neighbor.
The MAC Address of the neighbor.
Shows if the neighbor is a router. If TRUE, the neighbor is a router; FALSE it is not a router.
The state of the neighbor cache entry. Possible values are: Incomplete, Reachable, Stale,
Delay, Probe, and Unknown
The time in seconds that has elapsed since an entry was added to the cache.
The time in seconds that has elapsed since an entry was added to the cache.
The type of neighbor entry. The type is Static if the entry is manually configured and
Dynamic if dynamically resolved.
Age
Last Updated
Type
Example: The following is an example of the command.
(Routing) #show network ipv6 neighbors
Neighbor Age
IPv6 Address
MAC Address
isRtr State
(Secs)
------------------------ ----------------- ----- --------- -----FE80::5E26:AFF:FEBD:852C 5c:26:0a:bd:85:2c FALSE Reachable 0
September 2014
Type
-----Static
CLI Command Reference
Page 53
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
serviceport ipv6 neighbor
Use this command to manually add IPv6 neighbors to the IPv6 neighbor table for the service port. If an IPv6
neighbor already exists in the neighbor table, the entry is automatically converted to a static entry. Static
entries are not modified by the neighbor discovery process. They are, however, treated the same for IPv6
forwarding. Static IPv6 neighbor entries are applied to the kernel stack and to the hardware when the
corresponding interface is operationally active.
Format
serviceport ipv6 neighbor ipv6-address macaddr
Mode
Privileged EXEC
Parameter
Description
ipv6-address
macaddr
The IPv6 address of the neighbor or interface.
The link-layer address.
no serviceport ipv6 neighbor
Use this command to remove IPv6 neighbors from the IPv6 neighbor table for the service port.
Format
no serviceport ipv6 neighbor ipv6-address macaddr
Mode
Privileged EXEC
show serviceport ipv6 neighbors
Use this command to displays information about the IPv6 neighbor entries cached on the service port. The
information is updated to show the type of the entry.
Default
None
Format
show serviceport ipv6 neighbors
Mode
Privileged EXEC
Field
Description
IPv6 Address
MAC Address
isRtr
Neighbor State
The IPv6 address of the neighbor.
The MAC Address of the neighbor.
Shows if the neighbor is a router. If TRUE, the neighbor is a router; if FALSE, it is not a router.
The state of the neighbor cache entry. The possible values are: Incomplete, Reachable,
Stale, Delay, Probe, and Unknown.
The time in seconds that has elapsed since an entry was added to the cache.
The type of neighbor entry. The type is Static if the entry is manually configured and
Dynamic if dynamically resolved.
Age
Type
September 2014
CLI Command Reference
Page 54
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
Example: The following is an example of the command.
(Routing) #show serviceport ipv6 neighbors
Neighbor Age
IPv6 Address
MAC Address
isRtr State
(Secs)
--------------------------------------- ----------------- ----- --------- -----FE80::5E26:AFF:FEBD:852C
5c:26:0a:bd:85:2c FALSE Reachable 0
Type
-------Dynamic
ping ipv6
Use this command to determine whether another computer is on the network. Ping provides a synchronous
response when initiated from the CLI and Web interfaces. To use the command, configure the switch for
network (in-band) connection. The source and target devices must have the ping utility enabled and running
on top of TCP/IP. The switch can be pinged from any IP workstation with which the switch is connected through
the default VLAN (VLAN 1), as long as there is a physical path between the switch and the workstation. The
terminal interface sends three pings to the target station. Use the ipv6-address|hostname parameter to ping
an interface by using the global IPv6 address of the interface. The argument unit/slot/port corresponds to a
physical routing interface or VLAN routing interface. The keyword vlan is used to specify the VLAN ID of the
routing VLAN directly instead of a unit/slot/port format. Use the optional size keyword to specify the size of
the ping packet.
You can utilize the ping or traceroute facilities over the service/network ports when using an IPv6 global
address ipv6-global-address|hostname. Any IPv6 global address or gateway assignments to these interfaces
will cause IPv6 routes to be installed within the IP stack such that the ping or traceroute request is routed out
the service/network port properly. When referencing an IPv6 link-local address, you must also specify the
service or network port interface by using the serviceport or network parameter.
Default
• The default count is 1.
• The default interval is 3 seconds.
• The default size is 0 bytes.
Format
ping ipv6 {ipv6-global-address | hostname | {interface {unit/slot/port | vlan 1-4093|
serviceport | network} link-local-address} [count count] [interval 1-60] [size size]
[source {ipv6-address | {unit/slot/port | vlan 1-4093 | serviceport | network}]
Mode
• Privileged EXEC
• User Exec
Using the options described below, you can specify the number and size of Echo Requests and the interval
between Echo Requests. You can also specify the interface to ping and the source interface from which the ping
should originate.
Parameter
Description
ipv6-global-address
hostname
interface
link-local-address
Global IPv6 addresses to ping.
The DNS-resolvable host name of the system to ping.
Use the interface keyword to ping a link-local IPv6 address over an interface.
The link-local IPv6 address to ping over an interface.
September 2014
CLI Command Reference
Page 55
HP Moonshot Switch Module CLI Command Reference
IPv6 Management Commands
Parameter
Description
count
Use the count parameter to specify the number of ping packets (ICMP Echo
requests) that are sent to the destination address specified by the ip-address field.
The range for count is 1 to 15 requests.
Use the interval parameter to specify the time between Echo Requests, in
seconds. Range is 1 to 60 seconds.
Use the size parameter to specify the size, in bytes, of the payload of the Echo
Requests sent. Range is 0 to 65507 bytes.
Use the source parameter to specify the source IP/IPv6 address or interface to use
when sending the Echo requests packets.
interval
size
source
Example: IPv6 ping success
(Routing) #ping 2001::1
Pinging 2001::1 with 64 bytes of data:
Send count=3, Receive count=3 from 2001::1
Average round trip time = 3.00 ms
Example: IPv6 ping failure
(Routing) #ping ipv6 2001::4
Pinging 2001::4 with 64 bytes of data:
Send count=3, Receive count=0 from 2001::4
Average round trip time = 0.00 ms
show network ipv6 dhcp statistics
This command displays the statistics of the DHCPv6 client running on the network management interface.
Format
show network ipv6 dhcp statistics
Mode
• Privileged EXEC
• User EXEC
Field
Description
DHCPv6 Advertisement Packets The number of DHCPv6 Advertisement packets received on the network
Received
interface.
DHCPv6 Reply Packets Received The number of DHCPv6 Reply packets received on the network interface.
Received DHCPv6
The number of DHCPv6 Advertisement packets discarded on the network
Advertisement Packets
interface.
Discarded
Received DHCPv6 Reply Packets The number of DHCPv6 Reply packets discarded on the network interface.
Discarded
DHCPv6 Malformed Packets
The number of DHCPv6 packets that are received malformed on the network
Received
interface.
Total DHCPv6 Packets Received The total number of DHCPv6 packets received on the network interface.
September 2014
CLI Command Reference
Page 56
IPv6 Management Commands
HP Moonshot Switch Module CLI Command Reference
Field
Description
DHCPv6 Solicit Packets
Transmitted
DHCPv6 Request Packets
Transmitted
DHCPv6 Renew Packets
Transmitted
DHCPv6 Rebind Packets
Transmitted
DHCPv6 Release Packets
Transmitted
Total DHCPv6 Packets
Transmitted
The number of DHCPv6 Solicit packets transmitted on the network interface.
The number of DHCPv6 Request packets transmitted on the network
interface.
The number of DHCPv6 Renew packets transmitted on the network
interface.
The number of DHCPv6 Rebind packets transmitted on the network
interface.
The number of DHCPv6 Release packets transmitted on the network
interface.
The total number of DHCPv6 packets transmitted on the network interface.
Example: The following shows example CLI display output for the command.
(admin)#show network ipv6 dhcp statistics
DHCPv6 Client Statistics
------------------------DHCPv6 Advertisement Packets Received.................
DHCPv6 Reply Packets Received.........................
Received DHCPv6 Advertisement Packets Discarded.......
Received DHCPv6 Reply Packets Discarded...............
DHCPv6 Malformed Packets Received.....................
Total DHCPv6 Packets Received.........................
0
0
0
0
0
0
DHCPv6 Solicit Packets Transmitted....................
DHCPv6 Request Packets Transmitted....................
DHCPv6 Renew Packets Transmitted......................
DHCPv6 Rebind Packets Transmitted.....................
DHCPv6 Release Packets Transmitted....................
Total DHCPv6 Packets Transmitted......................
0
0
0
0
0
0
September 2014
CLI Command Reference
Page 57
IPv6 Management Commands
HP Moonshot Switch Module CLI Command Reference
show serviceport ipv6 dhcp statistics
This command displays the statistics of the DHCPv6 client running on the serviceport management interface.
Format
show serviceport ipv6 dhcp statistics
Mode
• Privileged EXEC
• User EXEC
Field
Description
DHCPv6 Advertisement
Packets Received
DHCPv6 Reply Packets
Received
Received DHCPv6
Advertisement Packets
Discarded
Received DHCPv6 Reply
Packets Discarded
DHCPv6 Malformed
Packets Received
Total DHCPv6 Packets
Received
DHCPv6 Solicit Packets
Transmitted
DHCPv6 Request Packets
Transmitted
DHCPv6 Renew Packets
Transmitted
DHCPv6 Rebind Packets
Transmitted
DHCPv6 Release Packets
Transmitted
Total DHCPv6 Packets
Transmitted
The number of DHCPv6 Advertisement packets received on the service port
interface.
The number of DHCPv6 Reply packets received on the service port interface.
The number of DHCPv6 Advertisement packets discarded on the service port
interface.
The number of DHCPv6 Reply packets discarded on the service port interface.
The number of DHCPv6 packets that are received malformed on the service port
interface.
The total number of DHCPv6 packets received on the service port interface.
The number of DHCPv6 Solicit packets transmitted on the service port interface.
The number of DHCPv6 Request packets transmitted on the service port interface.
The number of DHCPv6 Renew packets transmitted on the service port interface.
The number of DHCPv6 Rebind packets transmitted on the service port interface.
The number of DHCPv6 Release packets transmitted on the service port interface.
The total number of DHCPv6 packets transmitted on the service port interface.
Example: The following shows example CLI display output for the command.
(admin)#show serviceport ipv6 dhcp statistics
DHCPv6 Client Statistics
------------------------DHCPv6 Advertisement Packets Received.................
DHCPv6 Reply Packets Received.........................
Received DHCPv6 Advertisement Packets Discarded.......
Received DHCPv6 Reply Packets Discarded...............
DHCPv6 Malformed Packets Received.....................
Total DHCPv6 Packets Received.........................
September 2014
0
0
0
0
0
0
CLI Command Reference
Page 58
Console Port Access Commands
HP Moonshot Switch Module CLI Command Reference
DHCPv6 Solicit Packets Transmitted....................
DHCPv6 Request Packets Transmitted....................
DHCPv6 Renew Packets Transmitted......................
DHCPv6 Rebind Packets Transmitted.....................
DHCPv6 Release Packets Transmitted....................
Total DHCPv6 Packets Transmitted......................
0
0
0
0
0
0
clear network ipv6 dhcp statistics
Use this command to clear the DHCPv6 statistics on the network management interface.
Format
clear network ipv6 dhcp statistics
Mode
Privileged EXEC
clear serviceport ipv6 dhcp statistics
Use this command to clear the DHCPv6 client statistics on the service port interface.
Format
clear serviceport ipv6 dhcp statistics
Mode
Privileged EXEC
Console Port Access Commands
This section describes the commands you use to configure the console port. You can use a serial cable to
connect a management host directly to the console port of the switch.
configuration
This command gives you access to the Global Config mode. From the Global Config mode, you can configure a
variety of system settings, including user accounts. From the Global Config mode, you can enter other
command modes, including Line Config mode.
Format
configuration
Mode
Privileged EXEC
line
This command gives you access to the Line Console mode, which allows you to configure various Telnet settings
and the console port, as well as to configure console login/enable authentication.
Format
line {console | telnet | ssh}
Mode
Global Config
September 2014
CLI Command Reference
Page 59
HP Moonshot Switch Module CLI Command Reference
Term
Definition
console
telnet
ssh
Console terminal line.
Virtual terminal for remote console access (Telnet).
Virtual terminal for secured remote console access (SSH).
Console Port Access Commands
Example: The following shows an example of the CLI command.
(Routing)(config)#line telnet
(Routing)(config-telnet)#
serial baudrate
This command specifies the communication rate of the terminal interface. The supported rates are 1200, 2400,
4800, 9600, 19200, 38400, 57600, 115200.
Default
115200
Format
serial baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 | 115200}
Mode
Line Config
no serial baudrate
This command sets the communication rate of the terminal interface.
Format
no serial baudrate
Mode
Line Config
serial timeout
This command specifies the maximum connect time (in minutes) without console activity. A value of 0 indicates
that a console can be connected indefinitely. The time range is 0 to 160.
Default
No timeout
Format
serial timeout 0-160
Mode
Line Config
no serial timeout
This command sets the maximum connect time (in minutes) without console activity.
Format
no serial timeout
Mode
Line Config
September 2014
CLI Command Reference
Page 60
Console Port Access Commands
HP Moonshot Switch Module CLI Command Reference
serial port
This command controls which of the two serial ports is the active serial port. Only one serial port can be active
at a time. The external serial port is the RJ45 port next to the external Ethernet/stacking ports on the switch
uplink module at the rear of the chassis. The internal serial port is accessible from the iLO Chassis Manager
virtual serial port feature. Only one serial port is accessible at a time. By default, the external serial port is
enabled, and the virtual serial port is disabled.
Note: After executing this command to change the active serial port, you must reboot the system for
the change to take effect.
Default
External
Format
serial port {internal | external}
Modes
Line Config
show serial
This command displays serial communication settings for the switch.
Format
show serial
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Serial Port Login
Timeout (minutes)
Baud Rate (bps)
Character Size (bits)
Flow Control
The time, in minutes, of inactivity on a serial port connection, after which the switch
will close the connection. A value of 0 disables the timeout.
The default baud rate at which the serial port will try to connect.
The number of bits in a character. The number of bits is always 8.
Whether Hardware Flow-Control is enabled or disabled. Hardware Flow Control is
always disabled.
The number of Stop bits per character. The number of Stop bits is always 1.
The parity method used on the Serial Port. The Parity Method is always None.
Stop Bits
Parity
Example: The following is an example of the command output.
(Routing) #show serial
Serial Port Login Timeout (minutes)............
Baud Rate (bps)................................
Character Size (bits)..........................
Flow Control...................................
Stop Bits......................................
Parity.........................................
September 2014
0
115200
8
Disable
1
none
CLI Command Reference
Page 61
HP Moonshot Switch Module CLI Command Reference
Telnet Commands
Telnet Commands
This section describes the commands you use to configure and view Telnet settings. You can use Telnet to
manage the device from a remote management host.
ip telnet server enable
Use this command to enable Telnet connections to the system and to enable the Telnet Server Admin Mode.
This command opens the Telnet listening port.
Default
disabled
Format
ip telnet server enable
Mode
Privileged EXEC
no ip telnet server enable
Use this command to disable Telnet access to the system and to disable the Telnet Server Admin Mode. This
command closes the Telnet listening port and disconnects all open Telnet sessions.
Format
no ip telnet server enable
Mode
Privileged EXEC
telnet
This command establishes a new outbound Telnet connection to a remote host. The host value must be a valid
IP address or host name. Valid values for port should be a valid decimal integer in the range of 0 to 65535,
where the default value is 23. If [debug] is used, the current Telnet options enabled is displayed. The optional
line parameter sets the outbound Telnet operational mode as linemode where, by default, the operational
mode is character mode. The localecho option enables local echo.
Format
telnet ip-address|hostname port [debug] [line] [localecho]
Modes
• Privileged EXEC
• User EXEC
September 2014
CLI Command Reference
Page 62
HP Moonshot Switch Module CLI Command Reference
Telnet Commands
transport input telnet
This command regulates new Telnet sessions. If enabled, new Telnet sessions can be established until there are
no more sessions available. An established session remains active until the session is ended or an abnormal
network error ends the session.
Note: If the Telnet Server Admin Mode is disabled, Telnet sessions cannot be established. Use the ip
telnet server enable command to enable Telnet Server Admin Mode.
Default
enabled
Format
transport input telnet
Mode
Line Config
no transport input telnet
Use this command to prevent new Telnet sessions from being established.
Format
no transport input telnet
Mode
Line Config
transport output telnet
This command regulates new outbound Telnet connections. If enabled, new outbound Telnet sessions can be
established until the system reaches the maximum number of simultaneous outbound Telnet sessions allowed.
An established session remains active until the session is ended or an abnormal network error ends it.
Default
enabled
Format
transport output telnet
Mode
Line Config
no transport output telnet
Use this command to prevent new outbound Telnet connection from being established.
Format
no transport output telnet
Mode
Line Config
September 2014
CLI Command Reference
Page 63
HP Moonshot Switch Module CLI Command Reference
Telnet Commands
session-limit
This command specifies the maximum number of simultaneous outbound Telnet sessions. A value of 0
indicates that no outbound Telnet session can be established.
Default
5
Format
session-limit 0-5
Mode
Line Config
no session-limit
This command sets the maximum number of simultaneous outbound Telnet sessions to the default value.
Format
no session-limit
Mode
Line Config
session-timeout
This command sets the Telnet session timeout value.The timeout value unit of time is minutes.
Default
5
Format
session-timeout 1-160
Mode
Line Config
no session-timeout
This command sets the Telnet session timeout value to the default. The timeout value unit of time is minutes.
Format
no session-timeout
Mode
Line Config
telnetcon maxsessions
This command specifies the maximum number of Telnet connection sessions that can be established. A value
of 0 indicates that no Telnet connection can be established. The range is 0-5.
Default
5
Format
telnetcon maxsessions 0-5
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 64
HP Moonshot Switch Module CLI Command Reference
Telnet Commands
no telnetcon maxsessions
This command sets the maximum number of Telnet connection sessions that can be established to the default
value.
Format
no telnetcon maxsessions
Mode
Privileged EXEC
telnetcon timeout
This command sets the Telnet connection session timeout value, in minutes. A session is active as long as the
session has not been idle for the value set. The time is a decimal value from 1 to 160.
Note: When you change the timeout value, the new value is applied to all active and inactive sessions
immediately. Any sessions that have been idle longer than the new timeout value are disconnected
immediately.
Default
5
Format
telnetcon timeout 1-160
Mode
Privileged EXEC
no telnetcon timeout
This command sets the Telnet connection session timeout value to the default.
Note: Changing the timeout value for active sessions does not become effective until the session is
accessed again. Also, any keystroke activates the new timeout duration.
Format
no telnetcon timeout
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 65
HP Moonshot Switch Module CLI Command Reference
Telnet Commands
show telnet
This command displays the current outbound Telnet settings. In other words, these settings apply to Telnet
connections initiated from the switch to a remote system.
Format
show telnet
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Outbound Telnet Login Timeout The number of minutes an outbound Telnet session is allowed to remain
inactive before being logged off.
Maximum Number of Outbound The number of simultaneous outbound Telnet connections allowed.
Telnet Sessions
Allow New Outbound Telnet
Indicates whether outbound Telnet sessions will be allowed.
Sessions
show telnetcon
This command displays the current inbound Telnet settings. In other words, these settings apply to Telnet
connections initiated from a remote system to the switch.
show telnetcon
Format
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Remote Connection Login
Timeout (minutes)
This object indicates the number of minutes a remote connection session is
allowed to remain inactive before being logged off. May be specified as a
number from 1 to 160. The factory default is 5.
This object indicates the number of simultaneous remote connection
sessions allowed. The factory default is 5.
New Telnet sessions will not be allowed when this field is set to no. The
factory default value is yes.
The administrative mode of the telnet server on the system.
Maximum Number of Remote
Connection Sessions
Allow New Telnet Sessions
Telnet Server Admin Mode
September 2014
CLI Command Reference
Page 66
HP Moonshot Switch Module CLI Command Reference
Secure Shell Commands
Secure Shell Commands
This section describes the commands you use to configure Secure Shell (SSH) access to the switch. Use SSH to
access the switch from a remote management host.
Note: The system allows a maximum of 5 SSH sessions.
ip ssh
Use this command to enable SSH access to the system. (This command is the short form of the ip ssh server
enable command.)
Default
enabled
Format
ip ssh
Mode
Privileged EXEC
ip ssh protocol
This command is used to set or remove protocol levels (or versions) for SSH. Either SSH1 (1), SSH2 (2), or both
SSH 1 and SSH 2 (1 and 2) can be set.
Default
2
Format
ip ssh protocol [1] [2]
Mode
Privileged EXEC
ip ssh server enable
This command enables the IP secure shell server. No new SSH connections are allowed, but the existing SSH
connections continue to work until timed-out or logged-out.
Default
enabled
Format
ip ssh server enable
Mode
Privileged EXEC
no ip ssh server enable
This command disables the IP secure shell server.
Format
no ip ssh server enable
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 67
HP Moonshot Switch Module CLI Command Reference
Secure Shell Commands
sshcon maxsessions
This command specifies the maximum number of SSH connection sessions that can be established. A value of
0 indicates that no ssh connection can be established. The range is 0 to 5.
Default
5
Format
sshcon maxsessions 0-5
Mode
Privileged EXEC
no sshcon maxsessions
This command sets the maximum number of allowed SSH connection sessions to the default value.
Format
no sshcon maxsessions
Mode
Privileged EXEC
sshcon timeout
This command sets the SSH connection session timeout value, in minutes. A session is active as long as the
session has been idle for the value set. The time is a decimal value from 1 to 160.
Changing the timeout value for active sessions does not become effective until the session is re accessed. Also,
any keystroke activates the new timeout duration.
Default
5
Format
sshcon timeout 1-160
Mode
Privileged EXEC
no sshcon timeout
This command sets the SSH connection session timeout value, in minutes, to the default.
Changing the timeout value for active sessions does not become effective until the session is re accessed. Also,
any keystroke activates the new timeout duration.
Format
no sshcon timeout
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 68
HP Moonshot Switch Module CLI Command Reference
Management Security Commands
show ip ssh
This command displays the ssh settings.
Format
show ip ssh
Mode
Privileged EXEC
Term
Definition
Administrative Mode
This field indicates whether the administrative mode of SSH is enabled or
disabled.
The protocol level may have the values of version 1, version 2 or both
versions 1 and version 2.
The number of SSH sessions currently active.
The maximum number of SSH sessions allowed.
The SSH timeout value in minutes.
Indicates whether the SSH RSA and DSA key files are present on the device.
Indicates whether RSA or DSA key files generation is currently in progress.
Protocol Level
SSH Sessions Currently Active
Max SSH Sessions Allowed
SSH Timeout
Keys Present
Key Generation in Progress
Management Security Commands
This section describes commands you use to generate keys and certificates, which you can do in addition to
loading them as before.
crypto key generate rsa
Use this command to generate an RSA key pair for SSH. The new key files will overwrite any existing generated
or downloaded RSA key files.
Format
crypto key generate rsa
Mode
Global Config
no crypto key generate rsa
Use this command to delete the RSA key files from the device.
Format
no crypto key generate rsa
Mode
Global Config
September 2014
CLI Command Reference
Page 69
HP Moonshot Switch Module CLI Command Reference
Access Commands
crypto key generate dsa
Use this command to generate a DSA key pair for SSH. The new key files will overwrite any existing generated
or downloaded DSA key files.
Format
crypto key generate dsa
Mode
Global Config
no crypto key generate dsa
Use this command to delete the DSA key files from the device.
Format
no crypto key generate dsa
Mode
Global Config
Access Commands
Use the commands in this section to close remote connections or to view information about connections to
the system.
disconnect
Use the disconnect command to close Telnet or SSH sessions. Use all to close all active sessions, or use
session-id to specify the session ID to close. To view the possible values for session-id, use the show
loginsession command.
Format
disconnect {session_id | all}
Mode
Privileged EXEC
show loginsession
This command displays current Telnet, SSH and serial port connections to the switch. This command displays
truncated user names. Use the show loginsession long command to display the complete usernames.
Format
show loginsession
Mode
Privileged EXEC
Term
Definition
ID
Login Session ID.
User Name
The name the user entered to log on to the system.
Connection From IP address of the remote client machine or EIA-232 for the serial port connection.
September 2014
CLI Command Reference
Page 70
HP Moonshot Switch Module CLI Command Reference
User Account Commands
Term
Definition
Idle Time
Session Time
Session Type
Time this session has been idle.
Total time this session has been connected.
Shows the type of session, which can be HTTP, HTTPS, telnet, serial, or SSH.
show loginsession long
This command displays the complete user names of the users currently logged in to the switch.
Format
show loginsession long
Mode
Privileged EXEC
Example: The following shows an example of the command.
(Routing) #show loginsession long
User Name
-----------admin
test1111test1111test1111test1111test1111test1111test1111test1111
User Account Commands
This section describes the commands you use to add, manage, and delete system users. HP Moonshot Switch
Module software has two default users: admin and guest. The admin user can view and configure system
settings, and the guest user can view settings.
Note: You cannot delete the admin user. There is only one user allowed with read/write privileges.
You can configure up to five read-only users on the system.
aaa authentication login
Use this command to set authentication at login. The default and optional list names created with the
command are used with the aaa authentication login command. Create a list by entering the aaa
authentication login list-name method command, where list-name is any character string used to name this
list. The method argument identifies the list of methods that the authentication algorithm tries, in the given
sequence.
The additional methods of authentication are used only if the previous method returns an error, not if there is
an authentication failure. To ensure that the authentication succeeds even if all methods return an error,
specify none as the fInal method in the command line. For example, if none is specified as an authentication
method after radius, no authentication is used if the RADIUS server is down.
September 2014
CLI Command Reference
Page 71
HP Moonshot Switch Module CLI Command Reference
User Account Commands
Default
• defaultList. Used by the console and only contains the method local.
• networkList. Used by telnet and SSH and only contains the method local.
Format
aaa authentication login {default | list-name} method1 [method2...]
Mode
Global Config
Parameter
Definition
default
Uses the listed authentication methods that follow this argument as the default list of
methods when a user logs in.
Character string of up to 15 characters used to name the list of authentication methods
activated when a user logs in.
At least one from the following:
• enable. Uses the enable password for authentication.
• line. Uses the line password for authentication.
• local. Uses the local username database for authentication.
• none. Uses no authentication.
• radius. Uses the list of all RADIUS servers for authentication.
• tacacs. Uses the list of all TACACS servers for authentication.
list-name
method1...
[method2...]
Example: The following shows an example of the command.
(Routing)(config)# aaa authentication login default radius local enable none
no aaa authentication login
This command returns to the default.
aaa authentication login {default | list-name}
Format
Mode
September 2014
Global Config
CLI Command Reference
Page 72
HP Moonshot Switch Module CLI Command Reference
User Account Commands
aaa authentication enable
Use this command to set authentication for accessing higher privilege levels. The default enable list is
enableList. It is used by console, and contains the method as enable followed by none.
A separate default enable list, enableNetList, is used for Telnet and SSH users instead of enableList. This list
is applied by default for Telnet and SSH, and contains enable followed by deny methods. In HP Moonshot
Switch Module, by default, the enable password is not configured. That means that, by default, Telnet and SSH
users will not get access to Privileged EXEC mode. On the other hand, with default conditions, a console user
always enter the Privileged EXEC mode without entering the enable password.
The default and optional list names created with the aaa authentication enable command are used with the
enable authentication command. Create a list by entering the aaa authentication enable list-name method
command where list-name is any character string used to name this list. The method argument identifies the
list of methods that the authentication algorithm tries in the given sequence.
The user manager returns ERROR (not PASS or FAIL) for enable and line methods if no password is configured,
and moves to the next configured method in the authentication list. The method none reflects that there is no
authentication needed.
The user will only be prompted for an enable password if one is required. The following authentication
methods do not require passwords:
1. none
2. deny
3. enable (if no enable password is configured)
4. line (if no line password is configured)
Example: See the examples below.
a. aaa authentication enable default enable none
b. aaa authentication enable default line none
c. aaa authentication enable default enable radius none
d. aaa authentication enable default line tacacs none
Examples a and b do not prompt for a password, however because examples c and d contain the radius and
tacacs methods, the password prompt is displayed.
If the login methods include only enable, and there is no enable password configured, then HP Moonshot
Switch Module does not prompt for a username. In such cases, HP Moonshot Switch Module only prompts for
a password. HP Moonshot Switch Module supports configuring methods after the local method in
authentication and authorization lists. If the user is not present in the local database, then the next configured
method is tried.
The additional methods of authentication are used only if the previous method returns an error, not if it fails.
To ensure that the authentication succeeds even if all methods return an error, specify none as the final method
in the command line.
Use the command “show authorization methods” on page 76 to display information about the authentication
methods.
September 2014
CLI Command Reference
Page 73
HP Moonshot Switch Module CLI Command Reference
User Account Commands
Note: Requests sent by the switch to a RADIUS server include the username $enabx$, where x is the
requested privilege level. For enable to be authenticated on Radius servers, add $enabx$ users to
them. The login user ID is now sent to TACACS+ servers for enable authentication.
Default
default
Format
aaa authentication enable {default | list-name} method1 [method2...]
Mode
Global Config
Parameter
Description
default
Uses the listed authentication methods that follow this argument as the default list of
methods, when using higher privilege levels.
Character string used to name the list of authentication methods activated, when using
access higher privilege levels. Range: 1-15 characters.
Specify at least one from the following:
• deny. Used to deny access.
• enable. Uses the enable password for authentication.
• line. Uses the line password for authentication.
• none. Uses no authentication.
• radius. Uses the list of all RADIUS servers for authentication.
• tacacs. Uses the list of all TACACS+ servers for authentication.
list-name
method1
[method2...]
Example: The following example sets authentication when accessing higher privilege levels.
(Routing)(config)# aaa authentication enable default enable
no aaa authentication enable
Use this command to return to the default configuration.
Format
no aaa authentication enable {default | list-name}
Mode
Global Config
September 2014
CLI Command Reference
Page 74
HP Moonshot Switch Module CLI Command Reference
User Account Commands
aaa authorization
Use this command to configure command and exec authorization method lists. This list is identified by default
or a user-specified list-name. If tacacs is specified as the authorization method, authorization commands are
notified to a TACACS+ server. If none is specified as the authorization method, command authorization is not
applicable. A maximum of five authorization method lists can be created for the commands type.
Note: Local method is not supported for command authorization. Command authorization with
RADIUS will work if, and only if, the applied authentication method is also radius.
Per-Command Authorization
When authorization is configured for a line mode, the user manager sends information about an entered
command to the AAA server. The AAA server validates the received command, and responds with either a PASS
or FAIL response. If approved, the command is executed. Otherwise, the command is denied and an error
message is shown to the user. The various utility commands like tftp, ping, and outbound telnet should also
pass command authorization. Applying the script is treated as a single command apply script, which also goes
through authorization. Startup-config commands applied on device boot-up are not an object of the
authorization process.
The per-command authorization usage scenario is this:
1. Configure Authorization Method List
aaa authorization commands listname tacacs radius none
2. Apply AML to an Access Line Mode (console, telnet, SSH)
authorization commands listname
3. Commands entered by the user will go through command authorization via TACACS+ or RADIUS server and
will be accepted or denied.
Exec Authorization
When exec authorization is configured for a line mode, the user may not be required to use the enable
command to enter Privileged EXEC mode. If the authorization response indicates that the user has sufficient
privilege levels for Privileged EXEC mode, then the user bypasses User EXEC mode entirely.
The exec authorization usage scenario is this:
1. Configure Authorization Method List
aaa authorization exec listname method1 [method2....]
2. Apply AML to an Access Line Mode (console, telnet, SSH)
authorization exec listname
3. When the user logs in, in addition to authentication, authorization will be performed to determine if the
user is allowed direct access to Privileged EXEC mode.
Format
aaa authorization {commands|exec} {default|list-name} method1[method2]
Mode
Global Config
September 2014
CLI Command Reference
Page 75
HP Moonshot Switch Module CLI Command Reference
User Account Commands
Parameter
Description
commands
exec
default
list-name
method
Provides authorization for all user-executed commands.
Provides exec authorization.
The default list of methods for authorization services.
Alphanumeric character string used to name the list of authorization methods.
TACACS+/RADIUS/Local and none are supported.
Example: The following shows an example of the command.
(Routing)
(Routing)
(Routing)
(Routing)
#
#configure
(Config)#aaa authorization exec default tacacs none
(Config)#aaa authorization commands default tacacs none
no aaa authorization
This command deletes the authorization method list.
Format
no aaa authorization {commands|exec} {default|list-name}
Mode
Global Config
show authorization methods
This command displays the configured authorization method lists.
Format
show authorization methods
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show authorization methods
Command Authorization Method Lists
------------------------------------dfltCmdAuthList
:
none
Line
--------Console
Telnet
SSH
Command Method List
--------------------dfltCmdAuthList
dfltCmdAuthList
dfltCmdAuthList
Exec Authorization Method Lists
------------------------------------dfltExecAuthList
:
none
September 2014
CLI Command Reference
Page 76
HP Moonshot Switch Module CLI Command Reference
Line
--------Console
Telnet
SSH
User Account Commands
Exec Method List
--------------------dfltExecAuthList
dfltExecAuthList
dfltExecAuthList
enable authentication
Use this command to specify the authentication method list when accessing a higher privilege level from a
remote telnet or console.
Format
enable authentication {default | list-name}
Mode
Line Config
Parameter
Description
default
list-name
Uses the default list created with the aaa authentication enable command.
Uses the indicated list created with the aaa authentication enable command.
Example: The following example specifies the default authentication method when accessing a higher
privilege level console.
(Routing)(config)# line console
(Routing)(config-line)# enable authentication default
no enable authentication
Use this command to return to the default specified by the enable authentication command.
Format
no enable authentication
Mode
Line Config
September 2014
CLI Command Reference
Page 77
HP Moonshot Switch Module CLI Command Reference
User Account Commands
username (Global Config)
Use the username command in Global Config mode to add a new user to the local user database. The default
privilege level is 1. Using the encrypted keyword allows the administrator to transfer local user passwords
between devices without having to know the passwords. When the password parameter is used along with
encrypted parameter, the password must be exactly 128 hexadecimal characters in length. If the password
strength feature is enabled, this command checks for password strength and returns an appropriate error if it
fails to meet the password strength criteria. Giving the optional parameter override-complexity-check
disables the validation of the password strength.
Format
username name {password password [encrypted [override-complexity-check] | level level
[encrypted [override-complexity-check]] | override-complexity-check]} | {level level
[override-complexity-check] password}
Mode
Global Config
Parameter
Description
name
password
The name of the user. Range: 1–32 characters.
The authentication password for the user. Range 8-64 characters. This value can
be zero if the no passwords min-length command has been executed. The
special characters allowed in the password include ! # $ % & ' ( ) * + , - .
/ : ; < = > @ [ \ ] ^ _ ` { | } ~.
The user level. Level 0 can be assigned by a level 15 user to another user to
suspend that user’s access. Range 0-15. Enter access level 1 for Read Access or
15 for Read/Write Access. If not specified where it is optional, the privilege level
is 1.
Encrypted password entered, copied from another switch configuration.
Disables the validation of the password strength.
level
encrypted
override-complexity-check
Example: The following example configures user bob with password xxxyyymmmm and user level 15.
(Routing)(config)# username bob password xxxyyymmmm level 15
Example: The following example configures user test with password testPassword and assigns a user level
of 1 (read-only). The password strength will not be validated.
(Routing)(config)# username test password testPassword level 1 override-complexity-check
Example: A third example.
(Routing) (Config)#username test password testtest
Example: A fourth example.
(Routing) (Config)# username test password
e8d63677741431114f9e39a853a15e8fd35ad059e2e1b49816c243d7e08152b052eafbf23b528d348cdba1b1b7ab91be84
2278e5e970dbfc62d16dcd13c0b864 level 1 encrypted override-complexity-check
(Routing) (Config)#
username test level 15 password
Enter new password:********
Confirm new password:********
September 2014
CLI Command Reference
Page 78
HP Moonshot Switch Module CLI Command Reference
User Account Commands
no username
Use this command to remove a user name.
Format
no username name
Mode
Global Config
username name nopassword
Use this command to remove an existing user’s password (NULL password).
Format
username name nopassword [level level]
Mode
Global Config
Parameter
Description
name
password
level
The name of the user. Range: 1-32 characters.
The authentication password for the user. Range 8-64 characters.
The user level. Level 0 can be assigned by a level 15 user to another user to suspend that
user’s access. Range 0-15.
username name unlock
Use this command to allows a locked user account to be unlocked. Only a user with read/write access can reactivate a locked user account.
Format
username name unlock
Mode
Global Config
username snmpv3 accessmode
This command specifies the snmpv3 access privileges for the specified login user. The valid accessmode values
are readonly or readwrite. The username is the login user name for which the specified access mode applies.
The default is readwrite for the “admin” user and readonly for all other users. You must enter the username in
the same case you used when you added the user. To see the case of the username, enter the show users
command.
Defaults
• admin - readwrite
• other - readonly
Format
username snmpv3 accessmode username {readonly | readwrite}
Mode
Global Config
September 2014
CLI Command Reference
Page 79
HP Moonshot Switch Module CLI Command Reference
User Account Commands
no username snmpv3 accessmode
This command sets the snmpv3 access privileges for the specified user as readwrite for the “admin” user and
readonly for all other users. The username value is the user name for which the specified access mode will apply.
no username snmpv3 accessmode username
Format
Mode
Global Config
username snmpv3 authentication
This command specifies the authentication protocol to be used for the specified user. The valid authentication
protocols are none, md5 or sha. If you specify md5 or sha, the login password is also used as the snmpv3
authentication password and therefore must be at least eight characters in length. The username is the user
name associated with the authentication protocol. You must enter the username in the same case you used
when you added the user. To see the case of the username, enter the show users command.
Default
no authentication
Format
username snmpv3 authentication username {none | md5 | sha}
Mode
Global Config
no username snmpv3 authentication
This command sets the authentication protocol to be used for the specified user to none. The username is the
user name for which the specified authentication protocol is used.
no username snmpv3 authentication username
Format
Mode
Global Config
username snmpv3 encryption
This command specifies the encryption protocol used for the specified user. The valid encryption protocols are
des or none.
If you select des, you can specify the required key on the command line. The encryption key must be 8 to 64
characters long. If you select the des protocol but do not provide a key, the user is prompted for the key. When
you use the des protocol, the login password is also used as the snmpv3 encryption password, so it must be a
minimum of eight characters. If you select none, you do not need to provide a key.
The username value is the login user name associated with the specified encryption. You must enter the
username in the same case you used when you added the user. To see the case of the username, enter the show
users command.
Default
no encryption
Format
username snmpv3 encryption username {none | des[key]}
Mode
Global Config
September 2014
CLI Command Reference
Page 80
HP Moonshot Switch Module CLI Command Reference
User Account Commands
no username snmpv3 encryption
This command sets the encryption protocol to none. The username is the login user name for which the
specified encryption protocol will be used.
no username snmpv3 encryption username
Format
Mode
Global Config
username snmpv3 encryption encrypted
This command specifies the des encryption protocol and the required encryption key for the specified user. The
encryption key must be 8 to 64 characters long.
Default
no encryption
Format
username snmpv3 encryption encrypted username des key
Mode
Global Config
show users
This command displays the configured user names and their privilege levels. The show users command displays
truncated user names. Use the show users long command to display the complete usernames. The show users
command is only available for users with Read/Write privileges. The SNMPv3 fields will only be displayed if
SNMP is available on the system.
show users
Format
Mode
Privileged EXEC
Term
Definition
User Name
User Access Mode
The name the user enters to login using the serial port, Telnet or Web.
Shows the privilege level associated with the user. A user with Privilege 15 is able
to change parameters on the switch (Read/Write). A user with Privilege 1 is only
able to view parameters (Read Only). As a factory default, the admin user has Read/
Write access (Privilege 15) and the guest has Read Only access (Privilege 1).
SNMPv3 Access Mode
The SNMPv3 Access Mode. If the value is set to ReadWrite, the SNMPv3 user is
able to set and retrieve parameters on the system. If the value is set to ReadOnly,
the SNMPv3 user is only able to retrieve parameter information. The SNMPv3
access mode may be different than the CLI and Web access mode.
SNMPv3 Authentication The authentication protocol to be used for the specified login user.
SNMPv3 Encryption
The encryption protocol to be used for the specified login user.
Example: The following shows an example of the command.
(Routing) #show users
User Name
-----------------------admin
guest
September 2014
User
Access Mode
----------Privilege-15
Privilege-1
CLI Command Reference
Page 81
HP Moonshot Switch Module CLI Command Reference
User Account Commands
show users long
This command displays the complete usernames of the configured users on the switch.
show users long
Format
Mode
Privileged EXEC
Example: The following shows an example of the command.
(Routing) #show users long
User Name
-----------admin
guest
test1111test1111test1111test1111
show users accounts
This command displays the local user status with respect to user account lockout and password aging.This
command displays truncated user names. Use the show users long command to display the complete
usernames.
Format
show users accounts [detail]
Mode
Privileged EXEC
Term
Definition
User Name
Access Level
Password Aging
Password Expiry
Date
Lockout
The local user account’s user name.
The user’s access level (1 for read-only or 15 for read/write).
Number of days, since the password was configured, until the password expires.
The current password expiration date in date format.
September 2014
Indicates whether the user account is locked out (true or false).
CLI Command Reference
Page 82
User Account Commands
HP Moonshot Switch Module CLI Command Reference
If the detail keyword is included, the following additional fields display.
Term
Definition
Password Override
Complexity Check
Displays the user's Password override complexity check status. By default it is disabled.
Password Strength
Displays the user password's strength (Strong or Weak). This field is displayed only if
the Password Strength feature is enabled.
Example: The following example displays information about the local user database.
(Routing)#show users accounts
UserName
Privilege Password
Aging
------------------- --------- -------admin
15
--guest
1
---
Password
Expiry date
----------------
Lockout
------False
False
console#show users accounts detail
UserName.......................................
Privilege......................................
Password Aging.................................
Password Expiry................................
Lockout........................................
Override Complexity Check......................
Password Strength..............................
admin
15
----False
Disable
---
UserName.......................................
Privilege......................................
Password Aging.................................
Password Expiry................................
Lockout........................................
Override Complexity Check......................
Password Strength..............................
guest
1
----False
Disable
---
show users login-history [long]
Use this command to display information about the login history of users.
Format
show users login-history [long]
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 83
HP Moonshot Switch Module CLI Command Reference
User Account Commands
show users login-history [username]
Use this command to display information about the login history of users.
Format
show users login-history [username name]
Mode
Privileged EXEC
Parameter
Description
name
Name of the user. Range: 1-20 characters.
Example: The following example shows user login history outputs.
Console>show users login-history
Login Time
Username Protocol
-------------------- --------- --------Jan 19 2005 08:23:48 Bob
Serial
Jan 19 2005 08:29:29 Robert
HTTP
Jan 19 2005 08:42:31 John
SSH
Jan 19 2005 08:49:52 Betty
Telnet
Location
--------------172.16.0.8
172.16.0.1
172.16.1.7
login authentication
Use this command to specify the login authentication method list for a line (console, telnet, or SSH). The default
configuration uses the default set with the command aaa authentication login.
Format
login authentication {default | list-name}
Mode
Line Configuration
Parameter
Description
default
list-name
Uses the default list created with the aaa authentication login command.
Uses the indicated list created with the aaa authentication login command.
Example: The following example specifies the default authentication method for a console.
(Routing) (config)# line console
(Routing) (config-line)# login authentication default
no login authentication
Use this command to return to the default specified by the authentication login command.
September 2014
CLI Command Reference
Page 84
HP Moonshot Switch Module CLI Command Reference
User Account Commands
password
This command allows the currently logged in user to change his or her password without having read/write
privileges.
Format
password cr
Mode
User EXEC
Example: The following is an example of the command.
console>password
Enter old password:********
Enter new password:********
Confirm new password:********
password (Line Configuration)
Use the password command in Line Configuration mode to specify a password on a line. The default
configuration is no password is specified.
Format
password [password [encrypted]]
Mode
Line Config
Parameter
Definition
password
encrypted
Password for this level. Range: 8-64 characters
Encrypted password to be entered, copied from another switch configuration. The
encrypted password should be 128 characters long because the assumption is that this
password is already encrypted with AES.
Example: The following example specifies a password mcmxxyyy on a line.
(Routing)(config-line)# password mcmxxyyy
Example: The following is another example of the command.
(Routing)(Config-line)# password testtest
(Routing) (Config-line)# password
e8d63677741431114f9e39a853a15e8fd35ad059e2e1b49816c243d7e08152b052eafbf23b528d348cdba1b1b7ab91be84
2278e5e970dbfc62d16dcd13c0b864 encrypted
(Routing) (Config-line)# password
Enter new password:********
Confirm new password:********
September 2014
CLI Command Reference
Page 85
HP Moonshot Switch Module CLI Command Reference
User Account Commands
no password (Line Configuration)
Use this command to remove the password on a line.
Format
no password
Mode
Line Config
password (User EXEC)
Use this command to allow a user to change the password for only that user. This command should be used
after the password has aged. The user is prompted to enter the old password and the new password.
Format
password
Mode
User EXEC
Example: The following example shows the prompt sequence for executing the password command.
(Routing)>password
Enter old password:********
Enter new password:********
Confirm new password:********
password (aaa IAS User Config)
This command is used to configure a password for a user. An optional parameter [encrypted] is provided to
indicate that the password given to the command is already pre-encrypted.
Format
password password [encrypted]
Mode
aaa IAS User Config
no password (aaa IAS User Config)
This command is used to clear the password of a user.
Format
no password
Mode
aaa IAS User Config
Example: The following shows an example of the command.
(Routing)
(Routing)
(Routing)
(Routing)
#configure
(Config)#aaa ias-user username client-1
(Config-aaa-ias-User)#password client123
(Config-aaa-ias-User)#no password
September 2014
CLI Command Reference
Page 86
HP Moonshot Switch Module CLI Command Reference
User Account Commands
Example: The following is an example of adding a MAB Client to the Internal user database.
(Routing)
(Routing)
(Routing)
(Routing)
(Routing)
(Routing)
#
#configure
(Config)#aaa ias-user username 1f3ccb1157
(Config-aaa-ias-User)#password 1f3ccb1157
(Config-aaa-ias-User)#exit
(Config)#
enable password (Privileged EXEC)
Use the enable password configuration command to set a local password to control access to the privileged
EXEC mode.
Format
enable password [password [encrypted]]
Mode
Privileged EXEC
Parameter
Description
password
encrypted
Password string. Range: 8-64 characters.
Encrypted password you entered, copied from another switch configuration. The
encrypted password should be 128 characters long because the assumption is that this
password is already encrypted with AES.
Example: The following shows an example of the command.
(Routing) #enable password testtest
(Routing) #enable password
e8d63677741431114f9e39a853a15e8fd35ad059e2e1b49816c243d7e08152b052eafbf23b528d348cdba1b1b7ab91be84
2278e5e970dbfc62d16dcd13c0b864 encrypted
(Routing) #enable password
Enter old password:********
Enter new password:********
Confirm new password:********
no enable password (Privileged EXEC)
Use the no enable password command to remove the password requirement.
Format
no enable password
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 87
HP Moonshot Switch Module CLI Command Reference
User Account Commands
passwords min-length
Use this command to enforce a minimum password length for local users. The value also applies to the enable
password. The valid range is 8-64.
Default
8
Format
passwords min-length 8-64
Mode
Global Config
no passwords min-length
Use this command to set the minimum password length to the default value.
no passwords min-length
Format
Mode
Global Config
passwords history
Use this command to set the number of previous passwords that shall be stored for each user account. When
a local user changes his or her password, the user will not be able to reuse any password stored in password
history. This ensures that users don’t reuse their passwords often. The valid range is 0-10.
Default
0
Format
passwords history 0-10
Mode
Global Config
no passwords history
Use this command to set the password history to the default value.
no passwords history
Format
Mode
Global Config
passwords aging
Use this command to implement aging on passwords for local users. When a user’s password expires, the user
will be prompted to change it before logging in again. The valid range is 1-365. The default is 0, or no aging.
Default
0
Format
passwords aging 1-365
Mode
Global Config
no passwords aging
Use this command to set the password aging to the default value.
no passwords aging
Format
Mode
September 2014
Global Config
CLI Command Reference
Page 88
HP Moonshot Switch Module CLI Command Reference
User Account Commands
passwords lock-out
Use this command to strengthen the security of the switch by locking user accounts that have failed login due
to wrong passwords. When a lockout count is configured, a user that is logged in must enter the correct
password within that count. Otherwise the user will be locked out from further switch access. Only a user with
read/write access can re-activate a locked user account. Password lockout does not apply to logins from the
serial console. The valid range is 1-5. The default is 0, or no lockout count enforced.
Default
0
Format
passwords lock-out 1-5
Mode
Global Config
no passwords lock-out
Use this command to set the password lock-out count to the default value.
no passwords lock-out
Format
Mode
Global Config
passwords strength-check
Use this command to enable the password strength feature. It is used to verify the strength of a password
during configuration.
Default
Disable
Format
passwords strength-check
Mode
Global Config
no passwords strength-check
Use this command to set the password strength checking to the default value.
no passwords strength-check
Format
Mode
Global Config
passwords strength maximum consecutive-characters
Use this command to set the maximum number of consecutive characters to be used in password strength. The
valid range is 0-15. The default is 0. Minimum of 0 means no restriction on that set of characters.
Default
0
Format
passwords strength maximum consecutive-characters 0-15
Mode
Global Config
September 2014
CLI Command Reference
Page 89
HP Moonshot Switch Module CLI Command Reference
User Account Commands
passwords strength maximum repeated-characters
Use this command to set the maximum number of repeated characters to be used in password strength. The
valid range is 0-15. The default is 0. Minimum of 0 means no restriction on that set of characters.
Default
0
Format
passwords strength maximum consecutive-characters 0-15
Mode
Global Config
passwords strength minimum uppercase-letters
Use this command to enforce a minimum number of uppercase letters that a password should contain. The
valid range is 0-16. The default is 2. Minimum of 0 means no restriction on that set of characters.
Default
2
Format
passwords strength minimum uppercase-letters
Mode
Global Config
no passwords strength minimum uppercase-letters
Use this command to reset the minimum uppercase letters required in a password to the default value.
no passwords minimum uppercase-letter
Format
Mode
Global Config
passwords strength minimum lowercase-letters
Use this command to enforce a minimum number of lowercase letters that a password should contain. The
valid range is 0-16. The default is 2. Minimum of 0 means no restriction on that set of characters.
Default
2
Format
passwords strength minimum lowercase-letters
Mode
Global Config
no passwords strength minimum lowercase-letters
Use this command to reset the minimum lower letters required in a password to the default value.
no passwords minimum lowercase-letter
Format
Mode
September 2014
Global Config
CLI Command Reference
Page 90
HP Moonshot Switch Module CLI Command Reference
User Account Commands
passwords strength minimum numeric-characters
Use this command to enforce a minimum number of numeric characters that a password should contain. The
valid range is 0-16. The default is 2. Minimum of 0 means no restriction on that set of characters.
Default
2
Format
passwords strength minimum numeric-characters
Mode
Global Config
no passwords strength minimum numeric-characters
Use this command to reset the minimum numeric characters required in a password to the default value.
no passwords minimum numeric-characters
Format
Mode
Global Config
passwords strength minimum special-characters
Use this command to enforce a minimum number of special characters that a password should contain. The
valid range is 0-16. The default is 2. Minimum of 0 means no restriction on that set of characters.
Default
2
Format
passwords strength minimum special-characters
Mode
Global Config
no passwords strength minimum special-characters
Use this command to reset the minimum special characters required in a password to the default value.
no passwords minimum special-characters
Format
Mode
Global Config
passwords strength minimum character-classes
Use this command to enforce a minimum number of characters classes that a password should contain.
Character classes are uppercase letters, lowercase letters, numeric characters and special characters. The valid
range is 0-4. The default is 4.
Default
4
Format
passwords strength minimum character-classes
Mode
Global Config
no passwords strength minimum character-classes
Use this command to reset the minimum number of character classes required in a password to the default
value.
no passwords minimum character-classes
Format
Mode
September 2014
Global Config
CLI Command Reference
Page 91
HP Moonshot Switch Module CLI Command Reference
User Account Commands
passwords strength exclude-keyword
Use this command to exclude the specified keyword while configuring the password. The password does not
accept the keyword in any form (in between the string, case in-sensitive and reverse) as a substring. User can
configure up to a maximum of 3 keywords.
passwords strength exclude-keyword keyword
Format
Mode
Global Config
no passwords strength exclude-keyword
Use this command to reset the restriction for the specified keyword or all the keywords configured.
no passwords exclude-keyword [keyword]
Format
Mode
Global Config
show passwords configuration
Use this command to display the configured password management settings.
show passwords configuration
Format
Mode
Privileged EXEC
Term
Definition
Minimum Password
Length
Password History
Password Aging
Lockout Attempts
Minimum Password
Uppercase Letters
Minimum Password
Lowercase Letters
Minimum Password
Numeric Characters
Maximum Password
Consecutive Characters
Maximum Password
Repeated Characters
Minimum Password
Character Classes
Password ExcludeKeywords
Minimum number of characters required when changing passwords.
September 2014
Number of passwords to store for reuse prevention.
Length in days that a password is valid.
Number of failed password login attempts before lockout.
Minimum number of uppercase characters required when configuring passwords.
Minimum number of lowercase characters required when configuring passwords.
Minimum number of numeric characters required when configuring passwords.
Maximum number of consecutive characters required that the password should
contain when configuring passwords.
Maximum number of repetition of characters that the password should contain
when configuring passwords.
Minimum number of character classes (uppercase, lowercase, numeric and
special) required when configuring passwords.
The set of keywords to be excluded from the configured password when strength
checking is enabled.
CLI Command Reference
Page 92
HP Moonshot Switch Module CLI Command Reference
User Account Commands
show passwords result
Use this command to display the last password set result information.
show passwords result
Format
Mode
Privileged EXEC
Term
Definition
Last User Whose Password Shows the name of the user with the most recently set password.
Is Set
Password Strength Check Shows whether password strength checking is enabled.
Last Password Set Result Shows whether the attempt to set a password was successful. If the attempt
failed, the reason for the failure is included.
write memory
Use this command to save running configuration changes to NVRAM so that the changes you make will persist
across a reboot. This command is the same as copy system:running-config nvram:startup-config. Use the
confirm keyword to directly save the configuration to NVRAM without prompting for a confirmation.
write memory [confirm]
Format
Mode
Privileged EXEC
aaa ias-user username
The Internal Authentication Server (IAS) database is a dedicated internal database used for local authentication
of users for network access through the IEEE 802.1X feature.
Use the aaa ias-user username command in Global Config mode to add the specified user to the internal user
database. This command also changes the mode to AAA User Config mode.
aaa ias-user username user
Format
Mode
Global Config
no aaa ias-user username
Use this command to remove the specified user from the internal user database.
no aaa ias-user username user
Format
Mode
September 2014
Global Config
CLI Command Reference
Page 93
HP Moonshot Switch Module CLI Command Reference
User Account Commands
aaa session-id
Use this command in Global Config mode to specify if the same session-id is used for Authentication,
Authorization and Accounting service type within a session.
Default
common
Format
aaa session-id [common | unique]
Mode
Global Config
Parameter
Description
common
unique
Use the same session-id for all AAA Service types.
Use a unique session-id for all AAA Service types.
no aaa session-id
Use this command in Global Config mode to reset the aaa session-id behavior to the default.
Format
no aaa session-id [unique]
Mode
Global Config
aaa accounting
Use this command in Global Config mode to create an accounting method list for user EXEC sessions, userexecuted commands, or DOT1X. This list is identified by default or a user-specified list_name. Accounting
records, when enabled for a line-mode, can be sent at both the beginning and at the end (start-stop) or only
at the end (stop-only). If none is specified, then accounting is disabled for the specified list. If tacacs is specified
as the accounting method, accounting records are notified to a TACACS+ server. If radius is the specified
accounting method, accounting records are notified to a RADIUS server.
Note: Please note the following:
• A maximum of five Accounting Method lists can be created for each exec and commands type.
• Only the default Accounting Method list can be created for DOT1X. There is no provision to create
more.
• The same list-name can be used for both exec and commands accounting type
• AAA Accounting for commands with RADIUS as the accounting method is not supported.
• Start-stop or None are the only supported record types for DOT1X accounting. Start-stop enables
accounting and None disables accounting.
• RADIUS is the only accounting method type supported for DOT1X accounting.
Format
aaa accounting {exec | commands | dot1x} {default | list_name} {start-stop | stoponly |none} method1 [method2…]
Mode
Global Config
September 2014
CLI Command Reference
Page 94
HP Moonshot Switch Module CLI Command Reference
User Account Commands
Parameter
Description
exec
commands
dot1x
default
list-name
start-stop
Provides accounting for a user EXEC terminal sessions.
Provides accounting for all user executed commands.
Provides accounting for DOT1X user commands.
The default list of methods for accounting services.
Character string used to name the list of accounting methods.
Sends a start accounting notice at the beginning of a process and a stop accounting notice
at the beginning of a process and a stop accounting notice at the end of a process.
Sends a stop accounting notice at the end of the requested user process.
Disables accounting services on this line.
Use either TACACS or radius server for accounting purposes.
stop-only
none
method
Example: The following shows an example of the command.
(Routing)
(Routing)
(Routing)
(Routing)
(Routing)
(Routing)
(Routing)
#
#configure
#aaa accounting
#aaa accounting
#aaa accounting
#aaa accounting
#exit
commands default stop-only tacacs
exec default start-stop radius
dot1x default start-stop radius
dot1x default none
For the same set of accounting type and list name, the administrator can change the record type, or the
methods list, without having to first delete the previous configuration.
(Routing)
(Routing)
(Routing)
(Routing)
(Routing)
#
#configure
#aaa accounting exec ExecList stop-only tacacs
#aaa accounting exec ExecList start-stop tacacs
#aaa accounting exec ExecList start-stop tacacs radius
The first aaa command creates a method list for exec sessions with the name ExecList, with record-type as stoponly and the method as TACACS+. The second command changes the record type to start-stop from stop-only
for the same method list. The third command, for the same list changes the methods list to {tacacs,radius}
from {tacacs}.
no aaa accounting
This command deletes the accounting method list.
Format
no aaa accounting {exec | commands | dot1x} {default | list_name default}
Mode
Global Config
September 2014
CLI Command Reference
Page 95
HP Moonshot Switch Module CLI Command Reference
User Account Commands
password (AAA IAS User Configuration)
Use this command to specify a password for a user in the IAS database. An optional parameter encrypted is
provided to indicate that the password given to the command is already pre-encrypted.
Format
password password [encrypted]
Mode
AAA IAS User Config
Parameter
Definition
password
encrypted
Password for this level. Range: 8-64 characters
Encrypted password to be entered, copied from another switch configuration.
no password (AAA IAS User Configuration)
Use this command to clear the password of a user.
no password
Format
Mode
AAA IAS User Config
Example: The following shows an example of the command.
(Routing)
(Routing)
(Routing)
(Routing)
(Routing)
#
#configure
(Config)#aaa ias-user username client-1
(Config-aaa-ias-User)#password client123
(Config-aaa-ias-User)#no password
Example: The following is an example of adding a MAB Client to the Internal user database.
(Routing)
(Routing)
(Routing)
(Routing)
(Routing)
(Routing)
#
#configure
(Config)#aaa ias-user username 1f3ccb1157
(Config-aaa-ias-User)#password 1f3ccb1157
(Config-aaa-ias-User)#exit
(Config)#
September 2014
CLI Command Reference
Page 96
HP Moonshot Switch Module CLI Command Reference
User Account Commands
clear aaa ias-users
Use this command to remove all users from the IAS database.
clear aaa ias-users
Format
Mode
Privileged Exec
Parameter
Definition
password
encrypted
Password for this level. Range: 8-64 characters
Encrypted password to be entered, copied from another switch configuration.
Example: The following is an example of the command.
(Routing) #
(Routing) #clear aaa ias-users
(Routing) #
show aaa ias-users
Use this command to display configured IAS users and their attributes. Passwords configured are not shown in
the show command output.
show aaa ias-users [username]
Format
Mode
Privileged EXEC
Example: The following is an example of the command.
(Routing) #
(Routing) #show aaa ias-users
UserName
------------------Client-1
Client-2
Example: Following are the IAS configuration commands shown in the output of show running-config
command. Passwords shown in the command output are always encrypted.
aaa ias-user username client-1
password a45c74fdf50a558a2b5cf05573cd633bac2c6c598d54497ad4c46104918f2c encrypted
exit
September 2014
CLI Command Reference
Page 97
HP Moonshot Switch Module CLI Command Reference
User Account Commands
accounting
Use this command in Line Configuration mode to apply the accounting method list to a line config (console/
telnet/ssh).
Format
accounting {exec | commands } {default | listname}
Mode
Line Configuration
Parameter
Description
exec
commands
Causes accounting for an EXEC session.
This causes accounting for each command execution attempt. If a user is enabling
accounting for exec mode for the current line-configuration type, the user will be logged
out.
The default Accounting List
Enter a string of not more than 15 characters.
default
listname
Example: The following is a example of the command.
(Routing) #configure
(Routing) (Config)#line telnet
(Routing)(Config-line)# accounting exec default
no accounting
Use this command to remove accounting from a Line Configuration mode.
Format
no accounting {exec|commands]
Mode
Line Configuration
show accounting
Use this command to display ordered methods for accounting lists.
Format
show accounting
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show accounting
Number of Accounting Notifications sent at beginning of an EXEC session:
Errors when sending Accounting Notifications beginning of an EXEC session:
Number of Accounting Notifications at end of an EXEC session:
Errors when sending Accounting Notifications at end of an EXEC session:
Number of Accounting Notifications sent at beginning of a command execution:
Errors when sending Accounting Notifications at beginning of a command execution:
Number of Accounting Notifications sent at end of a command execution:
Errors when sending Accounting Notifications at end of a command execution:
September 2014
0
0
0
0
0
0
0
0
CLI Command Reference
Page 98
HP Moonshot Switch Module CLI Command Reference
User Account Commands
show accounting methods
Use this command to display configured accounting method lists.
Format
show accounting methods
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show accounting methods
AcctType
--------Exec
Commands
DOT1X
MethodName
---------------dfltExecList
dfltCmdList
dfltDot1xList
MethodType
------------start-stop
stop-only
start-stop
Line
--------Console
Telnet
SSH
EXEC Method List
-------------------none
none
none
Method1
Method2
--------- --------tacacs
tacacs
radius
Command Method List
-------------------none
none
none
clear accounting statistics
This command clears the accounting statistics.
Format
clear accounting statistics
Mode
Privileged Exec
show domain-name
This command displays the configured domain-name.
Format
show domain-name
Mode
Privileged Exec
Example: The following shows how to configure and display the domain name information.
(Routing) (Config)#domain-name test.hp.com
(Routing) (Config)#domain-name enable
(Routing) (Config)#exit
(Routing) #show domain-name
User-Domain Enabled :
TRUE
User-Domain Name :
test.hp.com
September 2014
CLI Command Reference
Page 99
HP Moonshot Switch Module CLI Command Reference
SNMP Commands
SNMP Commands
This section describes the commands you use to configure Simple Network Management Protocol (SNMP) on
the switch. You can configure the switch to act as an SNMP agent so that it can communicate with SNMP
managers on your network.
snmp-server
This command sets the name and the physical location of the switch, and the organization responsible for the
network. The parameters name, loc and con can be up to 255 characters in length.
Default
none
Format
snmp-server {sysname name | location loc | contact con}
Mode
Global Config
snmp-server community
This command adds (and names) a new SNMP community, and optionally sets the access mode, allowed IP
address, and create a view for the community.
Note: Community names in the SNMP Community Table must be unique. When making multiple
entries using the same community name, the first entry is kept and processed and all duplicate
entries are ignored.
Default
Two communities are created by default:
• public, with read-only permissions, a view name of Default, and allows access from all IP
addresses
• private, with read/write permissions, a view name of Default, and allows access from all IP
addresses.
Format
snmp-server community community-string [{ro | rw |su }] [ipaddress ip-address]
[view view-name]
Mode
Global Config
Parameter
Description
community-name
A name associated with the switch and with a set of SNMP managers that manage
it with a specified privileged level. The length of community-name can be up to 16
case-sensitive characters.
The access mode of the SNMP community, which can be public (Read-Only/RO),
private (Read-Write/RW), or Super User (SU).
ro | rw | su
September 2014
CLI Command Reference
Page 100
HP Moonshot Switch Module CLI Command Reference
SNMP Commands
Parameter
Description
ip-address
The associated community SNMP packet sending address and is used along with the
client IP mask value to denote a range of IP addresses from which SNMP clients may
use that community to access the device. A value of 0.0.0.0 allows access from any
IP address. Otherwise, this value is ANDed with the mask to determine the range of
allowed client IP addresses.
The name of the view to create or update.
view-name
no snmp-server community
This command removes this community name from the table. The name is the community name to be deleted.
Format
no snmp-server community community-name
Mode
Global Config
snmp-server community-group
This command configures a community access string to permit access via the SNMPv1 and SNMPv2c protocols.
Format
snmp-server community-group community-string group-name [ipaddress ipaddress]
Mode
Global Config
Parameter
Description
community-string The community which is created and then associated with the group. The range is 1 to 20
characters.
group-name
The name of the group that the community is associated with. The range is 1 to 30
characters.
ipaddress
Optionally, the IPv4 address that the community may be accessed from.
snmp-server enable traps violation
The Port MAC locking component interprets this command and configures violation action to send an SNMP
trap with default trap frequency of 30 seconds. The Global command configures the trap violation mode across
all interfaces valid for port-security. There is no global trap mode as such.
Note: For other port security commands, see “Port Security Commands” on page 447.
Default
disabled
Format
snmp-server enable traps violation
September 2014
CLI Command Reference
Page 101
HP Moonshot Switch Module CLI Command Reference
Mode
SNMP Commands
• Global Config
• Interface Config
no snmp-server enable traps violation
This command disables the sending of new violation traps.
Format
no snmp-server enable traps violation
Mode
Interface Config
snmp-server enable traps
This command enables the Authentication Flag.
Default
enabled
Format
snmp-server enable traps
Mode
Global Config
no snmp-server enable traps
This command disables the Authentication Flag.
Format
no snmp-server enable traps
Mode
Global Config
snmp trap link-status
This command enables link status traps on an interface or range of interfaces.
Format
snmp trap link-status
Mode
Interface Config
no snmp trap link-status
This command disables link status traps by interface.
Note: This command is valid only when the Link Up/Down Flag is enabled.
Format
no snmp trap link-status
Mode
Interface Config
September 2014
CLI Command Reference
Page 102
HP Moonshot Switch Module CLI Command Reference
SNMP Commands
snmp trap link-status all
This command enables link status traps for all interfaces.
Format
snmp trap link-status all
Mode
Global Config
no snmp trap link-status all
This command disables link status traps for all interfaces.
Format
no snmp trap link-status all
Mode
Global Config
snmp-server enable traps linkmode
This command enables Link Up/Down traps for the entire switch. When enabled, link traps are sent only if the
Link Trap flag setting associated with the port is enabled. See “show snmp” on page 111.
Default
enabled
Format
snmp-server enable traps linkmode
Mode
Global Config
no snmp-server enable traps linkmode
This command disables Link Up/Down traps for the entire switch.
Format
no snmp-server enable traps linkmode
Mode
Global Config
snmp-server enable traps multiusers
This command enables Multiple User traps. When the traps are enabled, a Multiple User Trap is sent when a
user logs in to the terminal interface (EIA 232 or Telnet) and there is an existing terminal interface session.
Default
enabled
Format
snmp-server enable traps multiusers
Mode
Global Config
September 2014
CLI Command Reference
Page 103
SNMP Commands
HP Moonshot Switch Module CLI Command Reference
no snmp-server enable traps multiusers
This command disables Multiple User traps.
Format
no snmp-server enable traps multiusers
Mode
Global Config
snmp-server enable traps stpmode
This command enables the sending of new root traps and topology change notification traps.
Default
enabled
Format
snmp-server enable traps stpmode
Mode
Global Config
no snmp-server enable traps stpmode
This command disables the sending of new root traps and topology change notification traps.
Format
no snmp-server enable traps stpmode
Mode
Global Config
snmp-server engineID local
This command configures the SNMP engine ID on the local device.
Default
The engineID is configured automatically, based on the device MAC address.
Format
snmp-server engineID local {engineid-string|default}
Mode
Global Config
Parameter
Description
engineid-string
A hexadecimal string identifying the engine-id, used for localizing configuration. Engine-id
must be an even length in the range of 6 to 32 hexadecimal characters.
Sets the engine-id to the default string, based on the device MAC address.
default
Caution! Changing the engine-id will invalidate all SNMP configuration that exists on the box.
September 2014
CLI Command Reference
Page 104
SNMP Commands
HP Moonshot Switch Module CLI Command Reference
no snmp-server engineID local
This command removes the specified engine ID.
Default
The engineID is configured automatically, based on the device MAC address.
Format
no snmp-server engineID local
Mode
Global Config
snmp-server filter
This command creates a filter entry for use in limiting which traps will be sent to a host.
Default
No filters are created by default.
Format
snmp-server filter filtername oid-tree {included|excluded}
Mode
Global Config
Parameter
Description
filtername
oid-tree
The label for the filter being created. The range is 1 to 30 characters.
The OID subtree to include or exclude from the filter. Subtrees may be specified by
numerical (1.3.6.2.4) or keywords (system), and asterisks may be used to specify a subtree
family (1.3.*.4).
The tree is included in the filter.
The tree is excluded from the filter.
included
exclueded
no snmp-server filter
This command removes the specified filter.
Default
No filters are created by default.
Format
snmp-server filter filtername [oid-tree]
Mode
Global Config
September 2014
CLI Command Reference
Page 105
HP Moonshot Switch Module CLI Command Reference
SNMP Commands
snmp-server group
This command creates an SNMP access group.
Default
Generic groups are created for all versions and privileges using the default views.
Format
snmp-server group group-name {v1 | v2c | v3 {noauth | auth | priv}} [context contextname] [read read-view] [write write-view] [notify notify-view]
Mode
Global Config
Parameter
Description
group-name
The group name to be used when configuring communities or users. The range is 1 to 30
characters.
This group can only access via SNMPv1.
This group can only access via SNMPv2c.
This group can only access via SNMPv3.
This group can be accessed only when not using Authentication or Encryption. Applicable
only if SNMPv3 is selected.
This group can be accessed only when using Authentication but not Encryption. Applicable
only if SNMPv3 is selected.
This group can be accessed only when using both Authentication and Encryption.
Applicable only if SNMPv3 is selected.
The SNMPv3 context used during access. Applicable only if SNMPv3 is selected.
The view this group will use during GET requests. The range is 1 to 30 characters.
The view this group will use during SET requests. The range is 1 to 30 characters.
The view this group will use when sending out traps. The range is 1 to 30 characters.
v1
v2
v3
noauth
auth
priv
context-name
read-view
write-view
notify-view
no snmp-server group
This command removes the specified group.
Format
no snmp-server group group-name {v1|v2c| 3 {noauth|auth|priv}} [context context-name]
Mode
Global Config
September 2014
CLI Command Reference
Page 106
HP Moonshot Switch Module CLI Command Reference
SNMP Commands
snmp-server host
This command configures traps to be sent to the specified host.
Default
No default hosts are configured.
Format
snmp-server host host-addr {informs [timeout seconds] [retries retries]|traps version
{1 | 2c }} community-string [udp-port port] [filter filter-name]
Mode
Global Config
Parameter
Description
host-addr
traps
version 1
version 2
The IPv4 or IPv6 address of the host to send the trap or inform to.
Send SNMP traps to the host. This option is selected by default.
Sends SNMPv1 traps. This option is not available if informs is selected.
Sends SNMPv2c traps. This option is not available if informs is selected. This option is
selected by default.
informs
Send SNMPv2 informs to the host.
seconds
The number of seconds to wait for an acknowledgement before resending the Inform. The
default is 15 seconds. The range is 1 to 300 seconds.
retries
The number of times to resend an Inform. The default is 3 attempts. The range is 0 to 255
retries.
community-string Community string sent as part of the notification. The range is 1 to 20 characters.
port
The SNMP Trap receiver port. The default is port 162.
filter-name
The filter name to associate with this host. Filters can be used to specify which traps are
sent to this host. The range is 1 to 30 characters.
no snmp-server host
This command removes the specified host entry.
Format
no snmp-server host host-addr [traps|informs]
Mode
Global Config
September 2014
CLI Command Reference
Page 107
HP Moonshot Switch Module CLI Command Reference
SNMP Commands
snmp-server user
This command creates an SNMPv3 user for access to the system.
Default
No default users are created.
Format
snmp-server user username groupname [remote engineid-string] [ {auth-md5 password |
auth-sha password | auth-md5-key md5-key | auth-sha-key sha-key} [priv-des password
| priv-des-key des-key]
Mode
Global Config
Parameter
Description
username
The username the SNMPv3 user will connect to the switch as. The range is 1 to 30
characters.
The name of the group the user belongs to. The range is 1 to 30 characters.
The engine-id of the remote management station that this user will be connecting from.
The range is 5 to 32 characters.
The password the user will use for the authentication or encryption mechanism. The range
is 1 to 32 characters.
A pre-generated MD5 authentication key. The length is 32 characters.
A pre-generated SHA authentication key. The length is 48 characters.
A pre-generated DES encryption key. The length is 32 characters if MD5 is selected, 48
characters if SHA is selected.
group-name
engineid-string
password
md5-key
sha-key
des-key
no snmp-server user
This command removes the specified SNMPv3 user.
Format
no snmp-server user username
Mode
Global Config
September 2014
CLI Command Reference
Page 108
HP Moonshot Switch Module CLI Command Reference
SNMP Commands
snmp-server view
This command creates or modifies an existing view entry that is used by groups to determine which objects can
be accessed by a community or user.
Default
Views are created by default to provide access to the default groups.
Format
snmp-server viewname oid-tree {included|excluded}
Mode
Global Config
Parameter
Description
viewname
oid-tree
The label for the view being created. The range is 1 to 30 characters.
The OID subtree to include or exclude from the view. Subtrees may be specified by
numerical (1.3.6.2.4) or keywords (system), and asterisks may be used to specify a subtree
family (1.3.*.4).
The tree is included in the view.
The tree is excluded from the view.
included
excluded
no snmp-server view
This command removes the specified view.
Format
no snmp-server view viewname [oid-tree]
Mode
Global Config
snmp-server v3-host
This command configures traps to be sent to the specified host.
Default
No default hosts are configured.
Format
snmp-server v3-host host-addr username [traps | informs [timeout seconds] [retries
retries]] [auth | noauth | priv] [udpport port] [filter filtername]
Mode
Global Config
Parameter
Description
host-addr
user-name
The IPv4 or IPv6 address of the host to send the trap or inform to.
User used to send a Trap or Inform message. This user must be associated with a group that
supports the version and access method. The range is 1 to 30 characters.
Send SNMP traps to the host. This is the default option.
Send SNMP informs to the host.
Number of seconds to wait for an acknowledgement before resending the Inform. The
default is 15 seconds. The range is 1 to 300 seconds.
traps
informs
seconds
September 2014
CLI Command Reference
Page 109
HP Moonshot Switch Module CLI Command Reference
SNMP Commands
Parameter
Description
retries
Number of times to resend an Inform. The default is 3 attempts. The range is 0 to 255
retries.
Enables authentication but not encryption.
No authentication or encryption. This is the default.
Enables authentication and encryption.
The SNMP Trap receiver port. This value defaults to port 162.
The filter name to associate with this host. Filters can be used to specify which traps are
sent to this host. The range is 1 to 30 characters.
auth
noauth
priv
port
filter-name
snmptrap source-interface
Use this command in Global Configuration mode to configure the global source-interface (Source IP address)
for all SNMP communication between the SNMP client and the server.
Format
snmptrap source-interface {unit/slot/port | loopback loopback-id|tunnel tunnelid|vlan vlan-id}
Mode
Global Configuration
Parameter
Description
unit/slot/port
loopback-id
tunnel-id
vlan-id
The unit identifier assigned to the switch.
Configures the loopback interface. The range of the loopback ID is 0 to 7.
Configures the IPv6 tunnel interface. The range of the tunnel ID is 0 to 7.
Configures the VLAN interface to use as the source IP address. The range of the VLAN ID is
1 to 4093.
no snmptrap source-interface
Use this command in Global Configuration mode to remove the global source-interface (Source IP selection)
for all SNMP communication between the SNMP client and the server.
Format
no snmptrap source-interface
Mode
Global Configuration
September 2014
CLI Command Reference
Page 110
HP Moonshot Switch Module CLI Command Reference
SNMP Commands
show snmp
This command displays the current SNMP configuration.
Format
show snmp
Mode
Privileged EXEC
Term
Community
Table:
Community
Group Table:
Host Table:
Definition
CommunityString
CommunityAccess
View Name
IP Address
CommunityString
Group Name
IP Address
Target Address
Type
Community
Version
UDP Port
Filter name
TO Sec
Retries
The community string for the entry. This is used by SNMPv1 and SNMPv2
protocols to access the switch.
The type of access the community has:
• Read only
• Read write
• su
The view this community has access to.
Access to this community is limited to this IP address.
The community this mapping configures
The group this community is assigned to.
The IP address this community is limited to.
The address of the host that traps will be sent to.
The type of message that will be sent, either traps or informs.
The community traps will be sent to.
The version of SNMP the trap will be sent as.
The UDP port the trap or inform will be sent to.
The filter the traps will be limited by for this host.
The number of seconds before informs will time out when sending to this
host.
The number of times informs will be sent after timing out.
show snmp engineID
This command displays the currently configured SNMP engineID.
Format
show snmp engineID
Mode
Privileged EXEC
Parameter
Description
Local SNMP EnginID
The current configuration of the displayed SNMP engineID.
September 2014
CLI Command Reference
Page 111
HP Moonshot Switch Module CLI Command Reference
SNMP Commands
show snmp filters
This command displays the configured filters used when sending traps.
Format
show snmp filters [filtername]
Mode
Privileged EXEC
Parameter
Description
Name
OID Tree
Type
The filter name for this entry.
The OID tree this entry will include or exclude.
Indicates if this entry includes or excludes the OID Tree.
show snmp group
This command displays the configured groups.
Format
show snmp group [groupname]
Mode
Privileged EXEC
Parameter
Description
Name
Security Model
Security Level
Read View
Write View
Notify View
The name of the group.
Indicates which protocol can access the system via this group.
Indicates the security level allowed for this group.
The view this group provides read access to.
The view this group provides write access to.
The view this group provides trap access to.
show snmp source-interface
Use this command in Privileged EXEC mode to display the configured global source-interface (Source IP
address) details used for an SNMP client.
Format
show snmp source-interface
Mode
Privileged Exec
Example: The following shows example CLI display output for the command.
(Routing)# show snmp source-interface
SNMP trap Client Source Interface.............. (not configured)
September 2014
CLI Command Reference
Page 112
HP Moonshot Switch Module CLI Command Reference
SNMP Commands
show snmp user
This command displays the currently configured SNMPv3 users.
Format
show snmp user [username]
Mode
Privileged EXEC
Term
Definition
Name
The name of the user.
Group Name
The group that defines the SNMPv3 access parameters.
Auth Method
The authentication algorithm configured for this user.
Privilege Method The encryption algorithm configured for this user.
Remote Engine ID The engineID for the user defined on the client machine.
show snmp views
This command displays the currently configured views.
Format
show snmp views [viewname]
Mode
Privileged EXEC
Parameter
Description
Name
OID Tree
Type
The view name for this entry.
The OID tree that this entry will include or exclude.
Indicates if this entry includes or excludes the OID tree.
September 2014
CLI Command Reference
Page 113
HP Moonshot Switch Module CLI Command Reference
SNMP Commands
show trapflags
This command displays trap conditions. The command’s display shows all the enabled OSPFv2 and OSPFv3
trapflags. Configure which traps the switch should generate by enabling or disabling the trap condition. If a trap
condition is enabled and the condition is detected, the SNMP agent on the switch sends the trap to all enabled
trap receivers. You do not have to reset the switch to implement the changes. Cold and warm start traps are
always generated and cannot be disabled.
show trapflags
Format
Mode
Term
Privileged EXEC
Definition
Authentication
Flag
Link Up/Down
Flag
Multiple Users
Flag
Can be enabled or disabled. The factory default is enabled. Indicates whether
authentication failure traps will be sent.
Can be enabled or disabled. The factory default is enabled. Indicates whether link status
traps will be sent.
Can be enabled or disabled. The factory default is enabled. Indicates whether a trap will be
sent when the same user ID is logged into the switch more than once at the same time
(either through Telnet or the serial port).
Spanning Tree
Can be enabled or disabled. The factory default is enabled. Indicates whether spanning tree
Flag
traps are sent.
ACL Traps
May be enabled or disabled. The factory default is disabled. Indicates whether ACL traps
are sent.
OSPFv2 Traps
Can be enabled or disabled. The factory default is disabled. Indicates whether OSPF traps
are sent. If any of the OSPF trap flags are not enabled, then the command displays
disabled. Otherwise, the command shows all the enabled OSPF traps’ information.
Power Supply
May be enabled or disabled. The factory default is enabled. Indicates whether traps are
Module state trap sent when the power supply module status changes.
Temperature trap May be enabled or disabled. The factory default is enabled. Indicates whether traps are
sent when the temperature exceeds the recommended operating level.
Fan trap
May be enabled or disabled. The factory default is enabled. Indicates whether traps are
sent when a fan unit is down.
September 2014
CLI Command Reference
Page 114
RADIUS Commands
HP Moonshot Switch Module CLI Command Reference
RADIUS Commands
This section describes the commands you use to configure the switch to use a Remote Authentication Dial-In
User Service (RADIUS) server on your network for authentication and accounting.
authorization network radius
Use this command to enable the switch to accept VLAN assignment by the radius server.
Default
disable
Format
authorization network radius
Mode
Global Config
no authorization network radius
Use this command to disable the switch to accept VLAN assignment by the radius server.
no authorization network radius
Format
Mode
Global Config
radius accounting mode
This command is used to enable the RADIUS accounting function.
Default
disabled
Format
radius accounting mode
Mode
Global Config
no radius accounting mode
This command is used to set the RADIUS accounting function to the default value - i.e. the RADIUS accounting
function is disabled.
Format
no radius accounting mode
Mode
Global Config
September 2014
CLI Command Reference
Page 115
RADIUS Commands
HP Moonshot Switch Module CLI Command Reference
radius server attribute 4
This command specifies the RADIUS client to use the NAS-IP Address attribute in the RADIUS requests. If the
specific IP address is configured while enabling this attribute, the RADIUS client uses that IP address while
sending NAS-IP-Address attribute in RADIUS communication.
Format
radius server attribute 4 [ipaddr]
Mode
Global Config
Term
Definition
4
ipaddr
NAS-IP-Address attribute to be used in RADIUS requests.
The IP address of the server.
no radius server attribute 4
The no version of this command disables the NAS-IP-Address attribute global parameter for RADIUS client.
When this parameter is disabled, the RADIUS client does not send the NAS-IP-Address attribute in RADIUS
requests.
Format
no radius server attribute 4 [ipaddr]
Mode
Global Config
Example: The following shows an example of the command.
(Routing) (Config) #radius server attribute 4
(Routing) (Config) #radius server attribute 4
192.168.37.60
radius server host
This command configures the IP address or DNS name to use for communicating with the RADIUS server of a
selected server type. While configuring the IP address or DNS name for the authenticating or accounting
servers, you can also configure the port number and server name. If the authenticating and accounting servers
are configured without a name, the command uses the Default_RADIUS_Auth_Server and
Default_RADIUS_Acct_Server as the default names, respectively. The same name can be configured for more
than one authenticating servers and the name should be unique for accounting servers. The RADIUS client
allows the configuration of a maximum 32 authenticating and accounting servers.
If you use the auth parameter, the command configures the IP address or hostname to use to connect to a
RADIUS authentication server. You can configure up to 3 servers per RADIUS client. If the maximum number of
configured servers is reached, the command fails until you remove one of the servers by issuing the “no” form
of the command. If you use the optional port parameter, the command configures the UDP port number to use
when connecting to the configured RADIUS server. The port number range is 1 - 65535, with 1812 being the
default value.
Note: To re-configure a RADIUS authentication server to use the default UDP port, set the port
parameter to 1812.
September 2014
CLI Command Reference
Page 116
HP Moonshot Switch Module CLI Command Reference
RADIUS Commands
If you use the acct token, the command configures the IP address or hostname to use for the RADIUS
accounting server. You can only configure one accounting server. If an accounting server is currently configured,
use the “no” form of the command to remove it from the configuration. The IP address or hostname you
specify must match that of a previously configured accounting server. If you use the optional port parameter,
the command configures the UDP port to use when connecting to the RADIUS accounting server. If a port is
already configured for the accounting server, the new port replaces the previously configured port. The port
must be a value in the range 0 - 65535, with 1813 being the default.
Note: To re-configure a RADIUS accounting server to use the default UDP port, set the port
parameter to 1813.
Format
radius server host {auth | acct} {ipaddr|dnsname} [name servername] [port 0-65535]
Mode
Global Config
Field
Description
ipaddr
dnsname
0-65535
servername
The IP address of the server.
The DNS name of the server.
The port number to use to connect to the specified RADIUS server.
The alias name to identify the server.
no radius server host
The no version of this command deletes the configured server entry from the list of configured RADIUS servers.
If the RADIUS authenticating server being removed is the active server in the servers that are identified by the
same server name, then the RADIUS client selects another server for making RADIUS transactions. If the 'auth'
token is used, the previously configured RADIUS authentication server is removed from the configuration.
Similarly, if the 'acct' token is used, the previously configured RADIUS accounting server is removed from the
configuration. The ipaddr|dnsname parameter must match the IP address or DNS name of the previously
configured RADIUS authentication / accounting server.
Format
no radius server host {auth | acct} {ipaddr|dnsname}
Mode
Global Config
Example: The following shows an example of the command.
(Routing)
(Routing)
(Routing)
(Routing)
(Routing)
(Config)
(Config)
(Config)
(Config)
(Config)
September 2014
#radius server host acct 192.168.37.60
#radius server host acct 192.168.37.60 port 1813
#radius server host auth 192.168.37.60 name Network1_RS port 1813
#radius server host acct 192.168.37.60 name Network2_RS
#no radius server host acct 192.168.37.60
CLI Command Reference
Page 117
RADIUS Commands
HP Moonshot Switch Module CLI Command Reference
radius server key
This command configures the key to be used in RADIUS client communication with the specified server.
Depending on whether the 'auth' or 'acct' token is used, the shared secret is configured for the RADIUS
authentication or RADIUS accounting server. The IP address or hostname provided must match a previously
configured server. When this command is executed, the secret is prompted.
Text-based configuration supports Radius server’s secrets in encrypted and non-encrypted format. When you
save the configuration, these secret keys are stored in encrypted format only. If you want to enter the key in
encrypted format, enter the key along with the encrypted keyword. In the show running config command’s
display, these secret keys are displayed in encrypted format. You cannot show these keys in plain text format.
Note: The secret must be an alphanumeric value not exceeding 16 characters.
Format
radius server key {auth | acct} {ipaddr|dnsname} encrypted password
Mode
Global Config
Field
Description
ipaddr
dnsname
password
The IP address of the server.
The DNS name of the server.
The password in encrypted format.
Example: The following shows an example of the CLI command.
radius server key acct 10.240.4.10 encrypted encrypt-string
radius server msgauth
This command enables the message authenticator attribute to be used for the specified RADIUS Authenticating
server.
Format
radius server msgauth ipaddr|dnsname
Mode
Global Config
Field
Description
ip addr
dnsname
The IP address of the server.
The DNS name of the server.
September 2014
CLI Command Reference
Page 118
RADIUS Commands
HP Moonshot Switch Module CLI Command Reference
no radius server msgauth
The no version of this command disables the message authenticator attribute to be used for the specified
RADIUS Authenticating server.
no radius server msgauth ipaddr|dnsname
Format
Mode
Global Config
radius server primary
This command specifies a configured server that should be the primary server in the group of servers which
have the same server name. Multiple primary servers can be configured for each number of servers that have
the same name. When the RADIUS client has to perform transactions with an authenticating RADIUS server of
specified name, the client uses the primary server that has the specified server name by default. If the RADIUS
client fails to communicate with the primary server for any reason, the client uses the backup servers
configured with the same server name. These backup servers are identified as the Secondary type.
Format
radius server primary {ipaddr|dnsname}
Mode
Global Config
Field
Description
ip addr
dnsname
The IP address of the RADIUS Authenticating server.
The DNS name of the server.
radius server retransmit
This command configures the global parameter for the RADIUS client that specifies the number of
transmissions of the messages to be made before attempting the fall back server upon unsuccessful
communication with the current RADIUS authenticating server. When the maximum number of retries are
exhausted for the RADIUS accounting server and no response is received, the client does not communicate
with any other server.
Default
4
Format
radius server retransmit retries
Mode
Global Config
Field
Description
retries
The maximum number of transmission attempts in the range of 1 to 15.
September 2014
CLI Command Reference
Page 119
HP Moonshot Switch Module CLI Command Reference
RADIUS Commands
no radius server retransmit
The no version of this command sets the value of this global parameter to the default value.
no radius server retransmit
Format
Mode
Global Config
radius source-interface
Use this command to specify the physical or logical interface to use as the RADIUS client source interface
(Source IP address). If configured, the address of source Interface is used for all RADIUS communications
between the RADIUS server and the RADIUS client. The selected source-interface IP address is used for filling
the IP header of RADIUS management protocol packets. This allows security devices (firewalls) to identify the
source packets coming from the specific switch.
If a source-interface is not specified, the primary IP address of the originating (outbound) interface is used as
the source address. If the configured interface is down, the RADIUS client falls back to its default behavior.
Format
radius source-interface {unit/slot/port | loopback loopback-id | vlan vlan-id}
Mode
Global Config
Parameter
Description
unit/slot/port
loopback-id
vlan-id
The unit identifier assigned to the switch.
Configures the loopback interface. The range of the loopback ID is 0 to 7.
Configures the VLAN interface to use as the source IP address. The range of the VLAN ID is
1 to 4093.
no radius source-interface
Use this command to reset the RADIUS source interface to the default settings.
Format
no radius source-interface
Mode
Global Config
September 2014
CLI Command Reference
Page 120
RADIUS Commands
HP Moonshot Switch Module CLI Command Reference
radius server timeout
This command configures the global parameter for the RADIUS client that specifies the timeout value (in
seconds) after which a request must be retransmitted to the RADIUS server if no response is received. The
timeout value is an integer in the range of 1 to 30.
Default
5
Format
radius server timeout seconds
Mode
Global Config
Field
Description
retries
Maximum number of transmission attempts in the range 1–30.
no radius server timeout
The no version of this command sets the timeout global parameter to the default value.
no radius server timeout
Format
Mode
Global Config
show radius
This command displays the values configured for the global parameters of the RADIUS client.
Format
show radius
Mode
Privileged EXEC
Term
Definition
Number of Configured
Authentication Servers
Number of Configured Accounting
Servers
Number of Named Authentication
Server Groups
Number of Named Accounting
Server Groups
Number of Retransmits
The number of RADIUS Authentication servers that have been
configured.
The number of RADIUS Accounting servers that have been configured.
Time Duration
RADIUS Accounting Mode
September 2014
The number of configured named RADIUS server groups.
The number of configured named RADIUS server groups.
The configured value of the maximum number of times a request packet
is retransmitted.
The configured timeout value, in seconds, for request re-transmissions.
A global parameter to indicate whether the accounting mode for all the
servers is enabled or not.
CLI Command Reference
Page 121
RADIUS Commands
HP Moonshot Switch Module CLI Command Reference
Term
Definition
RADIUS Attribute 4 Mode
A global parameter to indicate whether the NAS-IP-Address attribute has
been enabled to use in RADIUS requests.
A global parameter that specifies the IP address to be used in the NAS-IPAddress attribute to be used in RADIUS requests.
RADIUS Attribute 4 Value
Example: The following shows example CLI display output for the command.
(Routing) #show radius
Number of Configured Authentication Servers.............
Number of Configured Accounting Servers.................
Number of Named Authentication Server Groups............
Number of Named Accounting Server Groups................
Number of Retransmits...................................
Time Duration...........................................
RADIUS Accounting Mode..................................
RADIUS Attribute 4 Mode.................................
RADIUS Attribute 4 Value ...............................
32
32
15
3
4
10
Disable
Enable
192.168.37.60
show radius servers
This command displays the summary and details of RADIUS authenticating servers configured for the RADIUS
client.
Format
show radius servers [{ipaddr|dnsname | name [servername]}]
Mode
Privileged EXEC
Field
Description
ipaddr
dnsname
servername
Current
Host Address
Server Name
Port
Type
Current Host
Address
Secret Configured
Number of
Retransmits
Message
Authenticator
Time Duration
The IP address of the authenticating server.
The DNS name of the authenticating server.
The alias name to identify the server.
The * symbol preceding the server host address specifies that the server is currently active.
The IP address of the host.
The name of the authenticating server.
The port used for communication with the authenticating server.
Specifies whether this server is a primary or secondary type.
The IP address of the currently active authenticating server.
September 2014
Yes or No Boolean value that indicates whether this server is configured with a secret.
The configured value of the maximum number of times a request packet is retransmitted.
A global parameter to indicate whether the Message Authenticator attribute is enabled or
disabled.
The configured timeout value, in seconds, for request retransmissions.
CLI Command Reference
Page 122
RADIUS Commands
HP Moonshot Switch Module CLI Command Reference
Field
Description
RADIUS
Accounting Mode
RADIUS Attribute
4 Mode
RADIUS Attribute
4 Value
A global parameter to indicate whether the accounting mode for all the servers is enabled
or not.
A global parameter to indicate whether the NAS-IP-Address attribute has been enabled to
use in RADIUS requests.
A global parameter that specifies the IP address to be used in NAS-IP-Address attribute
used in RADIUS requests.
Example: The following shows example CLI display output for the command.
(Routing) #show radius servers
Cur Host Address
rent
---- -----------------------*
192.168.37.200
192.168.37.201
192.168.37.202
192.168.37.203
Server Name
Port
--------------------------------Network1_RADIUS_Server
Network2_RADIUS_Server
Network3_RADIUS_Server
Network4_RADIUS_Server
Type
----- ---------1813 Primary
1813 Secondary
1813 Primary
1813 Secondary
(Routing) #show radius servers name
Current Host Address
-----------------------Network1_RADIUS_Server
192.168.37.201
192.168.37.202
192.168.37.203
Server Name
--------------------------------Secondary
Network2_RADIUS_Server
Network3_RADIUS_Server
Network4_RADIUS_Server
Type
----------192.168.37.200
Primary
Secondary
Primary
(Routing) #show radius servers name Default_RADIUS_Server
Server Name............................
Host Address...........................
Secret Configured......................
Message Authenticator .................
Number of Retransmits..................
Time Duration..........................
RADIUS Accounting Mode.................
RADIUS Attribute 4 Mode................
RADIUS Attribute 4 Value ..............
Default_RADIUS_Server
192.168.37.58
No
Enable
4
10
Disable
Enable
192.168.37.60
(Routing) #show radius servers 192.168.37.58
Server Name............................
Host Address...........................
Secret Configured......................
Message Authenticator .................
Number of Retransmits..................
Time Duration..........................
RADIUS Accounting Mode.................
RADIUS Attribute 4 Mode................
RADIUS Attribute 4 Value ..............
September 2014
Default_RADIUS_Server
192.168.37.58
No
Enable
4
10
Disable
Enable
192.168.37.60
CLI Command Reference
Page 123
RADIUS Commands
HP Moonshot Switch Module CLI Command Reference
show radius accounting
This command displays a summary of configured RADIUS accounting servers.
Format
show radius accounting name [servername]
Mode
Privileged EXEC
Field
Description
servername
An alias name to identify the server.
RADIUS Accounting A global parameter to indicate whether the accounting mode for all the servers is
Mode
enabled or not.
If you do not specify any parameters, then only the accounting mode and the RADIUS accounting server details
are displayed.
Term
Definition
Host Address
Server Name
Port
Secret Configured
The IP address of the host.
The name of the accounting server.
The port used for communication with the accounting server.
Yes or No Boolean value indicating whether this server is configured with a secret.
Example: The following shows example CLI display output for the command.
(Routing) #show radius accounting name
Host Address
Server Name
Port
Secret
Configured
----------------------- --------------------------------- -------- ----------192.168.37.200
Network1_RADIUS_Server
1813
Yes
192.168.37.201
Network2_RADIUS_Server
1813
No
192.168.37.202
Network3_RADIUS_Server
1813
Yes
192.168.37.203
Network4_RADIUS_Server
1813
No
(Routing) #show radius accounting name Default_RADIUS_Server
Server Name............................
Host Address...........................
RADIUS Accounting Mode.................
Port ..................................
Secret Configured .....................
September 2014
Default_RADIUS_Server
192.168.37.200
Disable
1813
Yes
CLI Command Reference
Page 124
RADIUS Commands
HP Moonshot Switch Module CLI Command Reference
show radius accounting statistics
This command displays a summary of statistics for the configured RADIUS accounting servers.
Format
show radius accounting statistics {ipaddr|dnsname | name servername}
Mode
Privileged EXEC
Term
Definition
ipaddr
dnsname
servername
RADIUS Accounting
Server Name
Server Host Address
Round Trip Time
The IP address of the server.
The DNS name of the server.
The alias name to identify the server.
The name of the accounting server.
Requests
Retransmission
Responses
Malformed Responses
Bad Authenticators
Pending Requests
Timeouts
Unknown Types
Packets Dropped
The IP address of the host.
The time interval, in hundredths of a second, between the most recent AccountingResponse and the Accounting-Request that matched it from this RADIUS
accounting server.
The number of RADIUS Accounting-Request packets sent to this server. This
number does not include retransmissions.
The number of RADIUS Accounting-Request packets retransmitted to this RADIUS
accounting server.
The number of RADIUS packets received on the accounting port from this server.
The number of malformed RADIUS Accounting-Response packets received from
this server. Malformed packets include packets with an invalid length. Bad
authenticators or signature attributes or unknown types are not included as
malformed accounting responses.
The number of RADIUS Accounting-Response packets containing invalid
authenticators received from this accounting server.
The number of RADIUS Accounting-Request packets sent to this server that have
not yet timed out or received a response.
The number of accounting timeouts to this server.
The number of RADIUS packets of unknown types, which were received from this
server on the accounting port.
The number of RADIUS packets received from this server on the accounting port
and dropped for some other reason.
Example: The following shows example CLI display output for the command.
(Routing) #show radius accounting statistics 192.168.37.200
RADIUS Accounting Server Name.................
Host Address..................................
Round Trip Time...............................
Requests......................................
Retransmissions...............................
Responses.....................................
September 2014
Default_RADIUS_Server
192.168.37.200
0.00
0
0
0
CLI Command Reference
Page 125
RADIUS Commands
HP Moonshot Switch Module CLI Command Reference
Malformed Responses...........................
Bad Authenticators............................
Pending Requests..............................
Timeouts......................................
Unknown Types.................................
Packets Dropped...............................
0
0
0
0
0
0
(Routing) #show radius accounting statistics name Default_RADIUS_Server
RADIUS Accounting Server Name.................
Host Address..................................
Round Trip Time...............................
Requests......................................
Retransmissions...............................
Responses.....................................
Malformed Responses...........................
Bad Authenticators............................
Pending Requests..............................
Timeouts......................................
Unknown Types.................................
Packets Dropped...............................
Default_RADIUS_Server
192.168.37.200
0.00
0
0
0
0
0
0
0
0
0
show radius source-interface
Use this command in Privileged EXEC mode to display the configured RADIUS client source-interface (Source IP
address) information.
Format
show radius source-interface
Mode
Privileged Exec
Example: The following shows example CLI display output for the command.
(Routing)# show radius source-interface
RADIUS Client Source Interface.............. (not configured)
show radius statistics
This command displays the summary statistics of configured RADIUS Authenticating servers.
Format
show radius statistics {ipaddr|dnsname | name servername}
Mode
Privileged EXEC
Term
Definition
ipaddr
dnsname
servername
The IP address of the server.
The DNS name of the server.
The alias name to identify the server.
September 2014
CLI Command Reference
Page 126
RADIUS Commands
HP Moonshot Switch Module CLI Command Reference
Term
Definition
RADIUS Server
The name of the authenticating server.
Name
Server Host
The IP address of the host.
Address
Access Requests The number of RADIUS Access-Request packets sent to this server. This number does not
include retransmissions.
Access
The number of RADIUS Access-Request packets retransmitted to this RADIUS
Retransmissions authentication server.
Access Accepts
The number of RADIUS Access-Accept packets, including both valid and invalid packets,
that were received from this server.
Access Rejects
The number of RADIUS Access-Reject packets, including both valid and invalid packets, that
were received from this server.
Access Challenges The number of RADIUS Access-Challenge packets, including both valid and invalid packets,
that were received from this server.
Malformed
The number of malformed RADIUS Access-Response packets received from this server.
Access Responses Malformed packets include packets with an invalid length. Bad authenticators or signature
attributes or unknown types are not included as malformed access responses.
Bad
The number of RADIUS Access-Response packets containing invalid authenticators or
Authenticators signature attributes received from this server.
Pending Requests The number of RADIUS Access-Request packets destined for this server that have not yet
timed out or received a response.
Timeouts
The number of authentication timeouts to this server.
Unknown Types The number of packets of unknown type that were received from this server on the
authentication port.
Packets Dropped The number of RADIUS packets received from this server on the authentication port and
dropped for some other reason.
Example: The following shows example CLI display output for the command.
(Routing) #show radius statistics 192.168.37.200
RADIUS Server Name............................
Server Host Address...........................
Access Requests...............................
Access Retransmissions........................
Access Accepts................................
Access Rejects................................
Access Challenges.............................
Malformed Access Responses....................
Bad Authenticators............................
Pending Requests..............................
Timeouts......................................
Unknown Types.................................
Packets Dropped...............................
Default_RADIUS_Server
192.168.37.200
0.00
0
0
0
0
0
0
0
0
0
0
(Routing) #show radius statistics name Default_RADIUS_Server
RADIUS Server Name............................ Default_RADIUS_Server
Server Host Address........................... 192.168.37.200
September 2014
CLI Command Reference
Page 127
TACACS+ Commands
HP Moonshot Switch Module CLI Command Reference
Access Requests...............................
Access Retransmissions........................
Access Accepts................................
Access Rejects................................
Access Challenges.............................
Malformed Access Responses....................
Bad Authenticators............................
Pending Requests..............................
Timeouts......................................
Unknown Types.................................
Packets Dropped...............................
0.00
0
0
0
0
0
0
0
0
0
0
TACACS+ Commands
TACACS+ provides access control for networked devices via one or more centralized servers. Similar to RADIUS,
this protocol simplifies authentication by making use of a single database that can be shared by many clients
on a large network. TACACS+ is based on the TACACS protocol (described in RFC1492) but additionally provides
for separate authentication, authorization, and accounting services. The original protocol was UDP based with
messages passed in clear text over the network; TACACS+ uses TCP to ensure reliable delivery and a shared key
configured on the client and daemon server to encrypt all messages.
tacacs-server host
Use the tacacs-server host command in Global Configuration mode to configure a TACACS+ server. This
command enters into the TACACS+ configuration mode. The ip-address|hostname parameter is the IP address
or hostname of the TACACS+ server. To specify multiple hosts, multiple tacacs-server host commands can be
used.
tacacs-server host ip-address|hostname
Format
Mode
Global Config
no tacacs-server host
Use the no tacacs-server host command to delete the specified hostname or IP address. The ipaddress|hostname parameter is the IP address of the TACACS+ server.
Format
no tacacs-server host ip-address|hostname
Mode
Global Config
September 2014
CLI Command Reference
Page 128
HP Moonshot Switch Module CLI Command Reference
TACACS+ Commands
tacacs-server key
Use the tacacs-server key command to set the authentication and encryption key for all TACACS+
communications between the switch and the TACACS+ daemon. The key-string parameter has a range of 0 128 characters and specifies the authentication and encryption key for all TACACS communications between
the switch and the TACACS+ server. This key must match the key used on the TACACS+ daemon.
Text-based configuration supports TACACS server’s secrets in encrypted and non-encrypted format. When you
save the configuration, these secret keys are stored in encrypted format only. If you want to enter the key in
encrypted format, enter the key along with the encrypted keyword. In the show running config command’s
display, these secret keys are displayed in encrypted format. You cannot show these keys in plain text format.
Format
tacacs-server key [key-string | encrypted key-string]
Mode
Global Config
no tacacs-server key
Use the no tacacs-server key command to disable the authentication and encryption key for all TACACS+
communications between the switch and the TACACS+ daemon. The key-string parameter has a range of 0 128 characters This key must match the key used on the TACACS+ daemon.
Format
no tacacs-server key key-string
Mode
Global Config
tacacs-server keystring
Use the tacacs-server keystring command to set the global authentication encryption key used for all
TACACS+ communications between the TACACS+ server and the client.
Format
tacacs-server keystring
Mode
Global Config
Example: The following shows an example of the CLI command.
(Routing)(Config)#tacacs-server keystring
Enter tacacs key:********
Re-enter tacacs key:********
September 2014
CLI Command Reference
Page 129
HP Moonshot Switch Module CLI Command Reference
TACACS+ Commands
tacacs-server source-interface
Use this command in Global Configuration mode to configure the source interface (Source IP address) for
TACACS+ server configuration. The selected source-interface IP address is used for filling the IP header of
management protocol packets. This allows security devices (firewalls) to identify the source packets coming
from the specific switch.
If a source-interface is not specified, the primary IP address of the originating (outbound) interface is used as
the source address.
Format
tacacs-server source-interface {unit/slot/port|loopback loopback-id|vlan vlan-id}
Mode
Global Config
Parameter
Description
unit/slot/port
loopback-id
vlan-id
The unit identifier assigned to the switch, in unit/slot/port format.
The loopback interface. The range of the loopback ID is 0 to 7.
Configures the VLAN interface to use as the source IP address. The range of the VLAN ID is
1 to 4093.
Example: The following shows an example of the command.
(Config)#tacacs-server source-interface loopback 0
(Config)#tacacs-server source-interface 1/0/1
(Config)#no tacacs-server source-interface
no tacacs-server source-interface
Use this command in Global Configuration mode to remove the global source interface (Source IP selection)
for all TACACS+ communications between the TACACS+ client and the server.
Format
no tacacs-server source-interface
Mode
Global Config
tacacs-server timeout
Use the tacacs-server timeout command to set the global timeout value for communication with the TACACS+
servers. The timeout parameter has a range of 1-30 and is the timeout value in seconds. If you do not specify
a timeout value, the command sets the global timeout to the default value. TACACS+ servers that do not use
the global timeout will retain their configured timeout values.
Default
5
Format
tacacs-server timeout [timeout]
Mode
Global Config
September 2014
CLI Command Reference
Page 130
HP Moonshot Switch Module CLI Command Reference
TACACS+ Commands
no tacacs-server timeout
Use the no tacacs-server timeout command to restore the default global timeout value for TACACS servers.
TACACS+ servers that do not use the global timeout will retain their configured timeout values.
Format
no tacacs-server timeout
Mode
Global Config
key
Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all
TACACS communications between the device and the TACACS server. This key must match the key used on the
TACACS daemon. The key-string parameter specifies the key name. For an empty string use “ ”. (Range: 0 - 128
characters).
Text-based configuration supports TACACS server’s secrets in encrypted and non-encrypted format. When you
save the configuration, these secret keys are stored in encrypted format only. If you want to enter the key in
encrypted format, enter the key along with the encrypted keyword. In the show running config command’s
display, these secret keys are displayed in encrypted format. You cannot show these keys in plain text format.
Format
key [key-string | encrypted key-string]
Mode
TACACS Config
keystring
Use the keystring command in TACACS Server Configuration mode to set the TACACS+ server-specific
authentication encryption key used for all TACACS+ communications between the TACACS+ server and the
client.
Format
keystring
Mode
TACACS Server Config
Example: The following shows an example of the command.
(Routing)(Config)#tacacs-server host 1.1.1.1
(Routing)(Tacacs)#keystring
Enter tacacs key:********
Re-enter tacacs key:********
September 2014
CLI Command Reference
Page 131
HP Moonshot Switch Module CLI Command Reference
TACACS+ Commands
port
Use the port command in TACACS Configuration mode to specify a server port number. The server port-number
range is 0 - 65535.
Default
49
Format
port port-number
Mode
TACACS Config
priority (TACACS Config)
Use the priority command in TACACS Configuration mode to specify the order in which servers are used,
where 0 (zero) is the highest priority. The priority parameter specifies the priority for servers. The highest
priority is 0 (zero), and the range is 0 - 65535.
Default
0
Format
priority priority
Mode
TACACS Config
timeout
Use the timeout command in TACACS Configuration mode to specify the timeout value in seconds. If no
timeout value is specified, the global value is used. The timeout parameter has a range of 1-30 and is the
timeout value in seconds.
Format
timeout timeout
Mode
TACACS Config
September 2014
CLI Command Reference
Page 132
HP Moonshot Switch Module CLI Command Reference
TACACS+ Commands
show tacacs
Use the show tacacs command to display the configuration, statistics, and source interface details of the
TACACS+ client.
Format
show tacacs [ip-address|hostname]
Mode
Privileged EXEC
Term
Definition
Host address
Port
TimeOut
Priority
The IP address or hostname of the configured TACACS+ server.
The configured TACACS+ server port number.
The timeout in seconds for establishing a TCP connection.
The preference order in which TACACS+ servers are contacted. If a server connection fails,
the next highest priority server is contacted.
show tacacs source-interface
Use the show tacacs source-interface command in Global Config mode to display the configured global
source interface details used for a TACACS+ client. The IP address of the selected interface is used as source IP
for all communications with the server.
Format
show tacacs source-interface
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Config)# show tacacs source-interface
TACACS Client Source Interface
TACACS Client Source IPv4 Address
September 2014
: loopback 0
: 1.1.1.1 [UP]
CLI Command Reference
Page 133
HP Moonshot Switch Module CLI Command Reference
Configuration Scripting Commands
Configuration Scripting Commands
Configuration Scripting allows you to generate text-formatted script files representing the current
configuration of a system. You can upload these configuration script files to a PC or UNIX system and edit them.
Then, you can download the edited files to the system and apply the new configuration. You can apply
configuration scripts to one or more switches with no or minor modifications.
Use the show running-config command (see “show running-config” on page 169) to capture the running
configuration into a script. Use the copy command (see “copy” on page 196) to transfer the configuration script
to or from the switch.
You should use scripts on systems with default configuration; however, you are not prevented from applying
scripts on systems with non-default configurations.
Scripts must conform to the following rules:
• Script files are not distributed across the stack, and only live in the unit that is the master unit at the time
of the file download.
• The file extension must be .scr.
• A maximum of ten scripts are allowed on the switch.
• The combined size of all script files on the switch shall not exceed 2048 KB.
• The maximum number of configuration file command lines is 2000.
You can type single-line annotations at the command prompt to use when you write test or configuration
scripts to improve script readability. The exclamation point (!) character flags the beginning of a comment. The
comment flag character can begin a word anywhere on the command line, and all input following this character
is ignored. Any command line that begins with the “!” character is recognized as a comment line and ignored
by the parser.
The following lines show an example of a script:
! Script file for displaying management access
show telnet !Displays the information about remote connections
! Display information about direct connections
show serial
! End of the script file!
Note: To specify a blank password for a user in the configuration script, you must specify it as a space
within quotes. For example, to change the password for user jane from a blank password to hello, the
script entry is as follows:
users passwd jane
" "
hello
hello
September 2014
CLI Command Reference
Page 134
HP Moonshot Switch Module CLI Command Reference
Configuration Scripting Commands
script apply
This command applies the commands in the script to the switch. The scriptname parameter is the name of the
script to apply.
script apply scriptname
Format
Mode
Privileged EXEC
script delete
This command deletes a specified script where the scriptname parameter is the name of the script to delete.
The all option deletes all the scripts present on the switch.
script delete {scriptname | all}
Format
Mode
Privileged EXEC
script list
This command lists all scripts present on the switch as well as the remaining available space.
script list
Format
Mode
Privileged EXEC
Term
Definition
Configuration
Script
Size
Name of the script.
Privileged EXEC
script show
This command displays the contents of a script file, which is named scriptname.
script show scriptname
Format
Mode
Privileged EXEC
Term
Definition
Output Format
line number: line contents
script validate
This command validates a script file by parsing each line in the script file where scriptname is the name of the
script to validate.The validate option is intended to be used as a tool for script development. Validation
identifies potential problems. It might not identify all problems with a given script on any given device.
script validate scriptname
Format
Mode
September 2014
Privileged EXEC
CLI Command Reference
Page 135
HP Moonshot Switch Module CLI Command Reference
Banner, Prompt, and Host Name Commands
Banner, Prompt, and Host Name Commands
This section describes the commands you use to configure the pre-login banner and the system prompt. The
pre-login banner is the text that displays before you login at the User: prompt.
copy (pre-login banner)
The copy command includes the option to upload or download the CLI Banner to or from the switch. You can
specify local URLs by using FTP, TFTP, SFTP, SCP, or Xmodem.
Note: The parameter ip6address is also a valid parameter for routing packages that support IPv6.
Default
none
Format
copy <tftp://<ipaddr>/<filepath>/<filename>> nvram:clibanner
copy nvram:clibanner <tftp://<ipaddr>/<filepath>/<filename>>
Mode
Privileged EXEC
Note: For more information about copying files, including command formats for protocols other than
TFTP, see “copy” on page 196.
set prompt
This command changes the name of the prompt. The length of name may be up to 64 alphanumeric characters.
Format
set prompt prompt_string
Mode
Privileged EXEC
hostname
This command sets the system hostname. It also changes the prompt. The length of name may be up to 64
alphanumeric, case-sensitive characters.
Format
hostname hostname
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 136
HP Moonshot Switch Module CLI Command Reference
Banner, Prompt, and Host Name Commands
show clibanner
Use this command to display the configured pre-login CLI banner. The pre-login banner is the text that displays
before displaying the CLI prompt.
Default
No contents to display before displaying the login prompt.
Format
show clibanner
Mode
Privileged Exec
Example: The following shows example CLI display output for the command.
(Routing) #show clibanner
Banner Message configured :
=========================
-------------------------TEST
--------------------------
set clibanner
Use this command to configure the pre-login CLI banner before displaying the login prompt.
Format
set clibanner line
Mode
Global Config
Parameter
Description
line
Banner text where ““ (double quote) is a delimiting character. The banner message can be
up to 2000 characters.
no set clibanner
Use this command to unconfigure the pre-login CLI banner.
Format
no set clibanner
Mode
Global Config
September 2014
CLI Command Reference
Page 137
Utility Commands
HP Moonshot Switch Module CLI Command Reference
Section 5: Utility Commands
This chapter describes the utility commands available in the HP Moonshot Switch Module CLI.
The Utility Commands chapter includes the following sections:
• “AutoInstall Commands” on page 139
• “CLI Output Filtering Commands” on page 142
• “Dual Image Commands” on page 145
• “System Information and Statistics Commands” on page 148
• “Warp Core Expandable Port Configuration” on page 174
• “Logging Commands” on page 176
• “Email Alerting and Mail Server Commands” on page 184
• “Device Location, System Utility, and Clear Commands” on page 190
• “Simple Network Time Protocol Commands” on page 199
• “Time Zone Commands” on page 206
• “DNS Client Commands” on page 210
• “DNS Client Commands” on page 210
• “IP Address Conflict Commands” on page 216
• “Serviceability Packet Tracing Commands” on page 217
• “sFlow Commands” on page 243
• “Switch Database Management Template Commands” on page 250
• “Remote Monitoring Commands” on page 252
September 2014
CLI Command Reference
Page 138
HP Moonshot Switch Module CLI Command Reference
AutoInstall Commands
AutoInstall Commands
The AutoInstall feature enables the automatic update of the image and configuration of the switch. This feature
enables touchless or low-touch provisioning to simplify switch configuration and imaging.
AutoInstall includes the following support:
• Downloading an image from TFTP server using DHCP option 125. The image update can result in a
downgrade or upgrade of the firmware on the switch.
• Automatically downloading a configuration file from a TFTP server when the switch is booted with no
saved configuration file.
• Automatically downloading an image from a TFTP server in the following situations:
• When the switch is booted with no saved configuration found.
• When the switch is booted with a saved configuration that has AutoInstall enabled.
When the switch boots and no configuration file is found, it attempts to obtain an IP address from a network
DHCP server. The response from the DHCP server includes the IP address of the TFTP server where the image
and configuration flies are located.
After acquiring an IP address and the additional relevant information from the DHCP server, the switch
downloads the image file or configuration file from the TFTP server. A downloaded image is automatically
installed. A downloaded configuration file is saved to non-volatile memory.
Note: AutoInstall from a TFTP server can run on any IP interface, including the network port, service
port, and in-band routing interfaces (if supported). To support AutoInstall, the DHCP client is enabled
operationally on the service port, if it exists, or the network port, if there is no service port.
boot autoinstall
Use this command to operationally start or stop the AutoInstall process on the switch. The command is nonpersistent and is not saved in the startup or running configuration file.
Default
stopped
Format
boot autoinstall {start | stop}
Mode
Privileged EXEC
boot host retrycount
Use this command to set the number of attempts to download a configuration file from the TFTP server.
Default
3
Format
boot host retrycount 1-3
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 139
HP Moonshot Switch Module CLI Command Reference
AutoInstall Commands
no boot host retrycount
Use this command to set the number of attempts to download a configuration file to the default value.
Format
no boot host retrycount
Mode
Privileged EXEC
boot host dhcp
Use this command to enable AutoInstall on the switch for the next reboot cycle. The command does not change
the current behavior of AutoInstall and saves the command to NVRAM.
Default
disabled
Format
boot host dhcp
Mode
Privileged EXEC
no boot host dhcp
Use this command to disable AutoInstall for the next reboot cycle.
Format
no boot host dhcp
Mode
Privileged EXEC
boot host autosave
Use this command to automatically save the downloaded configuration file to the startup-config file on the
switch. When autosave is disabled, you must explicitly save the downloaded configuration to non-volatile
memory by using the write memory or copy system:running-config nvram:startup-config command. If the
switch reboots and the downloaded configuration has not been saved, the AutoInstall process begins, if the
feature is enabled.
Default
disabled
Format
boot host autosave
Mode
Privileged EXEC
no boot host autosave
Use this command to disable automatically saving the downloaded configuration on the switch.
Format
no boot host autosave
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 140
HP Moonshot Switch Module CLI Command Reference
AutoInstall Commands
boot host autoreboot
Use this command to allow the switch to automatically reboot after successfully downloading an image. When
auto reboot is enabled, no administrative action is required to activate the image and reload the switch.
Default
enabled
Format
boot host autoreboot
Mode
Privileged EXEC
no boot host autoreboot
Use this command to prevent the switch from automatically rebooting after the image is downloaded by using
the AutoInstall feature.
Format
no boot host autoreboot
Mode
Privileged EXEC
erase startup-config
Use this command to erase the text-based configuration file stored in non-volatile memory. If the switch boots
and no startup-config file is found, the AutoInstall process automatically begins.
Format
erase startup-config
Mode
Privileged EXEC
erase factory-defaults
Use this command to erase the text-based factory-defaults file stored in non-volatile memory.
Default
Disable
Format
erase factory-defaults
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 141
CLI Output Filtering Commands
HP Moonshot Switch Module CLI Command Reference
show autoinstall
This command displays the current status of the AutoInstall process.
Format
show autoinstall
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show autoinstall
AutoInstall Mode...............................
AutoInstall Persistent Mode....................
AutoSave Mode..................................
AutoReboot Mode................................
AutoInstall Retry Count........................
Stopped
Disabled
Disabled
Enabled
3
CLI Output Filtering Commands
show xxx|include “string”
The command xxx is executed and the output is filtered to only show lines containing the “string” match. All
other non-matching lines in the output are suppressed.
Example: The following shows an example of the CLI command.
(Routing) #show running-config | include “spanning-tree”
spanning-tree
spanning-tree
spanning-tree
spanning-tree
configuration name "00-02-BC-42-F9-33"
bpduguard
bpdufilter default
forceversion 802.1w
show xxx|include “string” exclude “string2”
The command xxx is executed and the output is filtered to only show lines containing the “string” match and
not containing the “string2” match. All other non-matching lines in the output are suppressed. If a line of
output contains both the include and exclude strings then the line is not displayed.
Example: The following shows example of the CLI command.
(Routing) #show running-config | include “spanning-tree” exclude “configuration”
spanning-tree bpduguard
spanning-tree bpdufilter default
spanning-tree forceversion 802.1w
September 2014
CLI Command Reference
Page 142
CLI Output Filtering Commands
HP Moonshot Switch Module CLI Command Reference
show xxx|exclude “string”
The command xxx is executed and the output is filtered to show all lines not containing the “string” match.
Output lines containing the “string” match are suppressed.
Example: The following shows an example of the CLI command.
(Routing) #show interface 1/0/1
Packets Received Without Error.................
Packets Received With Error....................
Broadcast Packets Received.....................
Receive Packets Discarded......................
Packets Transmitted Without Errors.............
Transmit Packets Discarded.....................
Transmit Packet Errors.........................
Collision Frames...............................
Time Since Counters Last Cleared...............
0
0
0
0
0
0
0
0
20 day 21 hr 30 min 9 sec
(Routing) #show interface 0/1 | exclude “Packets”
Transmit Packet Errors......................... 0
Collision Frames............................... 0
Time Since Counters Last Cleared............... 20 day 21 hr 30 min 9 sec
show xxx|begin “string”
The command xxx is executed and the output is filtered to show all lines beginning with and following the first
line containing the “string” match. All prior lines are suppressed.
Example: The following shows an example of the CLI command.
(Routing) #show port all | begin “1/1”
1/1/1
Enable
10G Full
1/1/2
Enable
10G Full
1/1/3
Enable
10G Full
1/1/4
Enable
10G Full
1/1/5
Enable
10G Full
1/1/6
Enable
2/0/1
Enable
Auto
2/0/2
Enable
Auto
2/0/3
Enable
Auto
...
...
September 2014
Down
Down
Down
Down
Down
Detach
Down
Down
Down
Enable
Enable
Enable
Enable
Enable
Enable
Enable
Enable
Enable
Enable
Enable
Enable
Enable
Enable
Enable
Enable
Enable
Enable
long
long
long
long
long
long
long
long
long
CLI Command Reference
Page 143
HP Moonshot Switch Module CLI Command Reference
CLI Output Filtering Commands
show xxx|section “string”
The command xxx is executed and the output is filtered to show only lines included within the section(s)
identified by lines containing the “string” match and ending with the first line containing the default end-ofsection identifier (i.e. “exit”).
Example: The following shows an example of the CLI command.
(Routing) #show running-config | section “interface 1/0/1”
interface 1/0/1
no spanning-tree port mode
exit
show xxx|section “string” “string2”
The command xxx is executed and the output is filtered to only show lines included within the section(s)
identified by lines containing the “string” match and ending with the first line containing the “string2” match.
If multiple sessions matching the specified string match criteria are part of the base output, then all instances
are displayed.
show xxx|section “string” include “string2”
The command xxx is executed and the output is filtered to only show lines included within the section(s)
identified by lines containing the “string” match and ending with the first line containing the default end-ofsection identifier (i.e. “exit”) and that include the “string2” match. This type of filter command could also
include “exclude” or user-defined end-of-section identifier parameters as well.
September 2014
CLI Command Reference
Page 144
HP Moonshot Switch Module CLI Command Reference
Dual Image Commands
Dual Image Commands
HP Moonshot Switch Module software supports a dual image feature that allows the switch to have two
software images in the permanent storage. You can specify which image is the primary image to be loaded in
subsequent reboots. This feature allows reduced down-time when you upgrade or downgrade the software.
delete
This command deletes the alternate image file from the permanent storage. The optional unit parameter is
valid only on switch stacks. If you specify the unit number on a stand alone switch, an error message is
displayed. In a stack, the unit parameter identifies the node on which this command must be executed. When
this parameter is not supplied, the command is executed on all nodes in a stack.
Format
delete [unit] alternate
Mode
Privileged EXEC
boot system
This command activates the specified image. It will be the primary image for subsequent reboots and will be
loaded by the boot loader. The current primary image is marked as the alternate image for subsequent reboots.
If the specified image doesn't exist on the system, this command returns an error message. The optional unit
parameter is valid only in stacking, where the unit parameter identifies the node on which this command must
be executed. When this parameter is not supplied on a stack, the command is executed on all nodes in a stack.
Format
boot system [unit] {primary | alternate}
Mode
Privileged EXEC
show bootvar
This command displays the version information and the activation status for the current primary and alternate
images on the supplied unit (node) of the stack. If you do not specify a unit number, the command displays
image details for all nodes on the stack. The command also displays any text description associated with an
image. This command, when used on a stand-alone system, displays the switch activation status. For a standalone system, the unit parameter is not valid.
Format
show bootvar [unit]
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 145
HP Moonshot Switch Module CLI Command Reference
Bootcode and Firmware Commands
filedescr
This command associates a given text description with an image. Any existing description will be replaced. The
command is executed on all nodes in a stack.
Format
filedescr {primary | alternate} text-description
Mode
Privileged EXEC
Bootcode and Firmware Commands
update bootcode
This command updates the bootcode (boot loader) on the switch. The bootcode is read from the primary image
for subsequent reboots. The unit parameter identifies the node on which this command must be executed.
When this parameter is not supplied, the command is executed on all nodes in a stack.
Format
update bootcode [unit]
Mode
Privileged EXEC
update cpld
This command updates the CPLD firmware code on the switch if a new CPLD is found. The CPLD firmware is
embedded in the primary image. After issuing this command, the switch checks the version of CPLD in the
firmware against the version on the device. If an applicable update is found, you are prompted to confirm the
update. If you choose to proceed, the update continues. Upon completion, the chassis automatically power
cycles the switch after successfully programming the CPLD. All connections to the server cartridges are lost
until the switch boots. The update can take up to 10 minutes. If the existing CPLD version is the same as the
new CPLD version, the command displays a no cpld update message.
Format
update cpld
Mode
Privileged EXEC
Example: The following example shows the output of the update cpld command when an applicable
update is found:
(Routing) #update cpld
CPLD Update takes about 10 minutes and the switch will power cycle automatically.
Do you want to continue? (y/n)
September 2014
CLI Command Reference
Page 146
HP Moonshot Switch Module CLI Command Reference
Bootcode and Firmware Commands
show cpld versions
This command shows information about the currently installed CPLD firmware code versions as well as the
versions available for installation by using the update cpld command.
Format
show cpld versions
Mode
Privileged EXEC
Example: The following example shows the output of the show cpld versions command. In this example,
the management module and fabric module CPLDs would be updated if the update cpld command were
issued. Even though the available fabric module CPLD is older than what is installed, it would be
overwritten.
(Routing) #show cpld versions
Management Module
Fabric Module
Faceplate Module
Installed CPLD: 0x10
Installed CPLD: 0x0C
Installed CPLD: 0x0A
Available CPLD: 0x11
Available CPLD: 0x0B
Available CPLD: 0x0A
Example: The following example shows the output of the show cpld command when the installed and
available CPLD versions are in sync, and no update would take place if the update cpld command were
issued.
(Routing) #show cpld versions
Management Module
Fabric Module
Faceplate Module
September 2014
Installed CPLD: 0x20
Installed CPLD: 0x03
Installed CPLD: 0x02
Available CPLD: 0x20
Available CPLD: 0x03
Available CPLD: 0x02
CLI Command Reference
Page 147
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
System Information and Statistics Commands
This section describes the commands you use to view information about system features, components, and
configurations.
show arp switch
This command displays the contents of the IP stack’s Address Resolution Protocol (ARP) table. The IP stack only
learns ARP entries associated with the management interfaces - network or service ports. ARP entries
associated with routing interfaces are not listed.
Format
show arp switch
Mode
Privileged EXEC
Term
Definition
IP Address
MAC Address
Interface
IP address of the management interface or another device on the management network.
Hardware MAC address of that device.
For a service port the output is Management. For a network port, the output is the unit/
slot/port of the physical interface.
show eventlog
This command displays the event log, which contains error messages from the system. The event log is not
cleared on a system reset. The unit is the switch identifier.
Format
show eventlog [unit]
Mode
Privileged EXEC
Term
Definition
File
Line
Task Id
Code
Time
The file in which the event originated.
The line number of the event.
The task ID of the event.
The event code.
The time this event occurred.
Note: Event log information is retained across a switch reset.
September 2014
CLI Command Reference
Page 148
System Information and Statistics Commands
HP Moonshot Switch Module CLI Command Reference
show hardware
This command displays inventory information for the switch.
Note: The show version command and the show hardware command display the same information.
In future releases of the software, the show hardware command will not be available. For a description
of the command output, see the command “show version” on page 150.
Format
show hardware
Mode
Privileged EXEC
show environment
This command displays information about the temperature and status of the power supplies and fans in the
system chassis.
Format
show environment
Mode
Privileged EXEC
Example: The following example shows the output of the show environment command:
Temp (C)....................................... 65
Temperature traps range: 0 to 45 degrees (Celsius)
Temperature Sensors:
Unit
Sensor Description
--------- ---------------1
1
Faceplate,local
1
2
Faceplate,remote
1
3
Fabric
1
4
Management board
1
5
CPU
1
6
SODIMM
2
1
Faceplate,local
2
2
Faceplate,remote
2
3
Fabric
2
4
Management board
2
5
CPU
2
6
SODIMM
September 2014
Temp (C)
---------34
32
65
51
31
0
30
29
47
42
25
26
State
-------------Normal
Normal
Normal
Normal
Normal
Normal
Normal
Normal
Normal
Normal
Normal
Normal
Max_Temp (C)
-------------34
32
66
54
32
0
30
29
48
44
26
27
CLI Command Reference
Page 149
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
show version
This command displays inventory information for the switch.
Note: The show version command will replace the show hardware command in future releases of the
software.
Format
show version
Mode
Privileged EXEC
Term
Definition
System Description
Machine Type
Machine Model
Serial Number
Part Number
Maintenance Level
Manufacturer
Burned in MAC Address
Software Version
Operating System
Network Processing
Device
Additional Packages
Text used to identify the product name of this switch.
The machine model as defined by the Vital Product Data.
The machine model as defined by the Vital Product Data
The serial number assigned to the switch.
Manufacturing part number.
Hardware changes that are significant to software.
Manufacturer descriptor field.
Universally assigned network address.
The release.version.revision number of the code currently running on the switch.
The operating system currently running on the switch.
The type of the processor microcode.
The additional packages incorporated into this system.
Example: The following shows example CLI display output for the command for the HP Moonshot Switch
Module.
(Routing) #show version
Switch: 1System Description............................. Moonshot-180G Switch, H.9.1.2, Linux
2.6.34.6
Machine Type................................... Moonshot-180G Switch
Machine Model.................................. Moonshot-180G
Serial Number.................................. 7C534I001W
Part Number.................................... 704642-B21
Maintenance Level.............................. A
Manufacturer................................... 0xbc00
Burned In MAC Address.......................... 00:24:81:D0:1D:96
Software Version............................... H.9.1.2
Operating System............................... Linux 2.6.34.6
Network Processing Device...................... BCM56850_A1
Additional Packages............................ QOS
IPv6 Management
Stacking
Routing
September 2014
CLI Command Reference
Page 150
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
show platform vpd
This command displays vital product data for the switch.
Format
show platform vpd
Mode
User Privileged
The following information is displayed.
Term
Definition
Operational Code Build Signature loaded into the switch
Image File Name
Software Version Release Version Maintenance Level and Build (RVMB) information of the switch.
Timestamp
Timestamp at which the image is built
Example: The following shows example CLI display output for the command.
(Routing) #show platform vpd
Operational Code Image File Name............... hadleyr8v13m11b17
Software Version............................... 8.13.11.17
Timestamp...................................... Tue Aug 13 11:17:36 EDT 2013:
show interface
This command displays a summary of statistics for a specific interface or a count of all CPU traffic based upon
the argument.
Format
show interface {unit/slot/port | switchport}
Mode
Privileged EXEC
The display parameters, when the argument is unit/slot/port, are as follows:
Parameters
Definition
Packets Received
Without Error
Packets Received With
Error
Broadcast Packets
Received
Receive Packets
Discarded
The total number of packets (including broadcast packets and multicast packets)
received by the processor.
The number of inbound packets that contained errors preventing them from being
deliverable to a higher-layer protocol.
The total number of packets received that were directed to the broadcast address.
Note that this does not include multicast packets.
The number of inbound packets which were chosen to be discarded even though
no errors had been detected to prevent their being deliverable to a higher-layer
protocol. One possible reason for discarding such a packet could be to free up
buffer space.
The total number of packets transmitted out of the interface.
Packets Transmitted
Without Error
September 2014
CLI Command Reference
Page 151
HP Moonshot Switch Module CLI Command Reference
Parameters
System Information and Statistics Commands
Definition
Transmit Packets
Discarded
The number of outbound packets which were chosen to be discarded even though
no errors had been detected to prevent their being deliverable to a higher-layer
protocol. A possible reason for discarding a packet could be to free up buffer space.
Transmit Packets Errors The number of outbound packets that could not be transmitted because of errors.
Collisions Frames
The best estimate of the total number of collisions on this Ethernet segment.
Time Since Counters Last The elapsed time, in days, hours, minutes, and seconds since the statistics for this
Cleared
port were last cleared.
The display parameters, when the argument is switchport are as follows:
Term
Definition
Packets Received
Without Error
Broadcast Packets
Received
Packets Received With
Error
Packets Transmitted
Without Error
Broadcast Packets
Transmitted
The total number of packets (including broadcast packets and multicast packets)
received by the processor.
The total number of packets received that were directed to the broadcast address.
Note that this does not include multicast packets.
The number of inbound packets that contained errors preventing them from being
deliverable to a higher-layer protocol.
The total number of packets transmitted out of the interface.
The total number of packets that higher-level protocols requested to be
transmitted to the Broadcast address, including those that were discarded or not
sent.
Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors.
Time Since Counters Last The elapsed time, in days, hours, minutes, and seconds since the statistics for this
Cleared
switch were last cleared.
show interface counters
This command reports key summary statistics for all the ports (physical/CPU/port-channel).
Format
show interface counters
Mode
Privileged EXEC
Term
Definition
Port
InOctects
InUcastPkts
InMcastPkts
InBcastPkts
OutOctects
The interface associated with the rest of the data in the row.
The total number of octets received on the interface.
The total number of unicast packets received on the interface.
The total number of multicast packets received on the interface.
The total number of broadcast packets received on the interface.
The total number of octets transmitted by the interface.
September 2014
CLI Command Reference
Page 152
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
Term
Definition
OutUcastPkts
OutMcastPkts
OutBcastPkts
The total number of unicast packets transmitted by the interface.
The total number of multicast packets transmitted by the interface.
The total number of broadcast packets transmitted by the interface.
Example: The following shows example CLI display output for the command.
(Routing) #show interface counters
Port
InOctets
InUcastPkts
InMcastPkts
InBcastPkts
--------- ---------------- ---------------- ---------------- ---------------1/0/1
0
0
0
0
1/0/2
0
0
0
0
1/0/3
15098
0
31
39
1/0/4
0
0
0
0
CPU
359533
0
3044
217
Port
OutOctets
OutUcastPkts
OutMcastPkts
OutBcastPkts
--------- ---------------- ---------------- ---------------- ---------------1/0/1
0
0
0
0
1/0/2
0
0
0
0
1/0/3
131369
0
11
89
1/0/4
0
0
0
0
1/0/5
0
0
0
0
...
CPU
4025293
0
32910
120
show interface ethernet
This command displays detailed statistics for a specific interface or for all CPU traffic based upon the argument.
Format
show interface ethernet {unit/slot/port | switchport | all}
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 153
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
When you specify a value for unit/slot/port, the command displays the following information.
Term
Definition
Packets Received • Total Packets Received (Octets) - The total number of octets of data (including those in
bad packets) received on the network (excluding framing bits but including Frame
Check Sequence (FCS) octets). This object can be used as a reasonable estimate of
Ethernet utilization. If greater precision is desired, the etherStatsPkts and
etherStatsOctets objects should be sampled before and after a common interval. The
result of this equation is the value Utilization which is the percent utilization of the
Ethernet segment on a scale of 0 to 100 percent.
• Packets Received 64 Octets - The total number of packets (including bad packets)
received that were 64 octets in length (excluding framing bits but including FCS octets).
• Packets Received 65–127 Octets - The total number of packets (including bad packets)
received that were between 65 and 127 octets in length inclusive (excluding framing
bits but including FCS octets).
• Packets Received 128–255 Octets - The total number of packets (including bad packets)
received that were between 128 and 255 octets in length inclusive (excluding framing
bits but including FCS octets).
Packets Received • Packets Received 256–511 Octets - The total number of packets (including bad packets)
received that were between 256 and 511 octets in length inclusive (excluding framing
(con’t)
bits but including FCS octets).
• Packets Received 512–1023 Octets - The total number of packets (including bad
packets) received that were between 512 and 1023 octets in length inclusive (excluding
framing bits but including FCS octets).
• Packets Received 1024–1518 Octets - The total number of packets (including bad
packets) received that were between 1024 and 1518 octets in length inclusive
(excluding framing bits but including FCS octets).
• Packets Received > 1518 Octets - The total number of packets received that were longer
than 1522 octets (excluding framing bits, but including FCS octets) and were otherwise
well formed.
• Packets RX and TX 64 Octets - The total number of packets (including bad packets)
received and transmitted that were 64 octets in length (excluding framing bits but
including FCS octets).
• Packets RX and TX 65–127 Octets - The total number of packets (including bad packets)
received and transmitted that were between 65 and 127 octets in length inclusive
(excluding framing bits but including FCS octets).
• Packets RX and TX 128–255 Octets - The total number of packets (including bad
packets) received and transmitted that were between 128 and 255 octets in length
inclusive (excluding framing bits but including FCS octets).
• Packets RX and TX 256–511 Octets - The total number of packets (including bad
packets) received and transmitted that were between 256 and 511 octets in length
inclusive (excluding framing bits but including FCS octets).
September 2014
CLI Command Reference
Page 154
HP Moonshot Switch Module CLI Command Reference
Term
System Information and Statistics Commands
Definition
• Packets RX and TX 512–1023 Octets - The total number of packets (including bad
packets) received and transmitted that were between 512 and 1023 octets in length
inclusive (excluding framing bits but including FCS octets).
• Packets RX and TX 1024–1518 Octets - The total number of packets (including bad
packets) received and transmitted that were between 1024 and 1518 octets in length
inclusive (excluding framing bits but including FCS octets).
• Packets RX and TX 1519–2047 Octets - The total number of packets received and
transmitted that were between 1519 and 2047 octets in length inclusive (excluding
framing bits, but including FCS octets) and were otherwise well formed.
• Packets RX and TX 2048–4095 Octets - The total number of packets received that were
between 2048 and 4095 octets in length inclusive (excluding framing bits, but including
FCS octets) and were otherwise well formed.
• Packets RX and TX 4096–9216 Octets - The total number of packets received that were
between 4096 and 9216 octets in length inclusive (excluding framing bits, but including
FCS octets) and were otherwise well formed.
Packets Received • Total Packets Received Without Error - The total number of packets received that were
Successfully
without errors.
• Unicast Packets Received - The number of subnetwork-unicast packets delivered to a
higher-layer protocol.
• Multicast Packets Received - The total number of good packets received that were
directed to a multicast address. Note that this number does not include packets
directed to the broadcast address.
• Broadcast Packets Received - The total number of good packets received that were
directed to the broadcast address. Note that this does not include multicast packets.
Receive Packets The number of inbound packets which were chosen to be discarded even though no errors
Discarded
had been detected to prevent their being deliverable to a higher-layer protocol. One
possible reason for discarding such a packet could be to free up buffer space.
Packets Received • Total Packets Received with MAC Errors - The total number of inbound packets that
with MAC Errors
contained errors preventing them from being deliverable to a higher-layer protocol.
• Jabbers Received - The total number of packets received that were longer than 1518
octets (excluding framing bits, but including FCS octets), and had either a bad Frame
Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a
non-integral number of octets (Alignment Error). Note that this definition of jabber is
different than the definition in IEEE-802.3 section 8.2.1.5 (10BASE5) and section
10.3.1.4 (10BASE2). These documents define jabber as the condition where any packet
exceeds 20 ms. The allowed range to detect jabber is between 20 ms and 150 ms.
• Fragments/Undersize Received - The total number of packets received that were less
than 64 octets in length (excluding framing bits but including FCS octets).
• Alignment Errors - The total number of packets received that had a length (excluding
framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had
a bad Frame Check Sequence (FCS) with a non-integral number of octets.
• FCS Errors - The total number of packets received that had a length (excluding framing
bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad
Frame Check Sequence (FCS) with an integral number of octets.
• Overruns - The total number of frames discarded as this port was overloaded with
incoming packets, and could not keep up with the inflow.
September 2014
CLI Command Reference
Page 155
HP Moonshot Switch Module CLI Command Reference
Term
System Information and Statistics Commands
Definition
Received Packets • Total Received Packets Not Forwarded - A count of valid frames received which were
Not Forwarded
discarded (in other words, filtered) by the forwarding process
• 802.3x Pause Frames Received - A count of MAC Control frames received on this
interface with an opcode indicating the PAUSE operation. This counter does not
increment when the interface is operating in half-duplex mode.
• Unacceptable Frame Type - The number of frames discarded from this port due to
being an unacceptable frame type.
Packets
• Total Packets Transmitted (Octets) - The total number of octets of data (including those
Transmitted
in bad packets) received on the network (excluding framing bits but including FCS
Octets
octets). This object can be used as a reasonable estimate of Ethernet utilization. If
greater precision is desired, the etherStatsPkts and etherStatsOctets objects should be
sampled before and after a common interval. ----• Packets Transmitted 64 Octets - The total number of packets (including bad packets)
received that were 64 octets in length (excluding framing bits but including FCS octets).
• Packets Transmitted 65-127 Octets - The total number of packets (including bad
packets) received that were between 65 and 127 octets in length inclusive (excluding
framing bits but including FCS octets).
• Packets Transmitted 128-255 Octets - The total number of packets (including bad
packets) received that were between 128 and 255 octets in length inclusive (excluding
framing bits but including FCS octets).
• Packets Transmitted 256-511 Octets - The total number of packets (including bad
packets) received that were between 256 and 511 octets in length inclusive (excluding
framing bits but including FCS octets).
• Packets Transmitted 512-1023 Octets - The total number of packets (including bad
packets) received that were between 512 and 1023 octets in length inclusive (excluding
framing bits but including FCS octets).
• Packets Transmitted 1024-1518 Octets - The total number of packets (including bad
packets) received that were between 1024 and 1518 octets in length inclusive
(excluding framing bits but including FCS octets).
• Packets Transmitted > 1518 Octets - The total number of packets transmitted that were
longer than 1518 octets (excluding framing bits, but including FCS octets) and were
otherwise well formed.
• Max Frame Size - The maximum size of the Info (non-MAC) field that this port will
receive or transmit.
Packets
• Total Packets Transmitted Successfully- The number of frames that have been
Transmitted
transmitted by this port to its segment.
Successfully
• Unicast Packets Transmitted - The total number of packets that higher-level protocols
requested be transmitted to a subnetwork-unicast address, including those that were
discarded or not sent.
• Multicast Packets Transmitted - The total number of packets that higher-level protocols
requested be transmitted to a Multicast address, including those that were discarded
or not sent.
• Broadcast Packets Transmitted - The total number of packets that higher-level
protocols requested be transmitted to the Broadcast address, including those that were
discarded or not sent.
Transmit Packets The number of outbound packets which were chosen to be discarded even though no
Discarded
errors had been detected to prevent their being deliverable to a higher-layer protocol. A
possible reason for discarding a packet could be to free up buffer space.
September 2014
CLI Command Reference
Page 156
HP Moonshot Switch Module CLI Command Reference
Term
System Information and Statistics Commands
Definition
Total transmit
The sum of Single, Multiple, and Excessive Collisions.
Errors
Transmit Discards • Total Transmit Packets Discards - The sum of single collision frames discarded, multiple
collision frames discarded, and excessive frames discarded.
• Single Collision Frames - A count of the number of successfully transmitted frames on
a particular interface for which transmission is inhibited by exactly one collision.
• Multiple Collision Frames - A count of the number of successfully transmitted frames
on a particular interface for which transmission is inhibited by more than one collision.
• Excessive Collisions - A count of frames for which transmission on a particular interface
fails due to excessive collisions.
Protocol Statistics • 802.3x Pause Frames Transmitted - A count of MAC Control frames transmitted on this
interface with an opcode indicating the PAUSE operation. This counter does not
increment when the interface is operating in half-duplex mode.
• GVRP PDUs Received - The count of GVRP PDUs received in the GARP layer.
• GVRP PDUs Transmitted - The count of GVRP PDUs transmitted from the GARP layer.
• GVRP Failed Registrations - The number of times attempted GVRP registrations could
not be completed.
• GMRP PDUs Received - The count of GMRP PDUs received in the GARP layer.
• GMRP PDUs Transmitted - The count of GMRP PDUs transmitted from the GARP layer.
• GMRP Failed Registrations - The number of times attempted GMRP registrations could
not be completed.
• STP BPDUs Transmitted - Spanning Tree Protocol Bridge Protocol Data Units sent.
• STP BPDUs Received - Spanning Tree Protocol Bridge Protocol Data Units received.
• RST BPDUs Transmitted - Rapid Spanning Tree Protocol Bridge Protocol Data Units sent.
• RSTP BPDUs Received - Rapid Spanning Tree Protocol Bridge Protocol Data Units
received.
• MSTP BPDUs Transmitted - Multiple Spanning Tree Protocol Bridge Protocol Data Units
sent.
• MSTP BPDUs Received - Multiple Spanning Tree Protocol Bridge Protocol Data Units
received.
Dot1x Statistics • EAPOL Frames Transmitted - The number of EAPOL frames of any type that have been
transmitted by this authenticator.
• EAPOL Start Frames Received - The number of valid EAPOL start frames that have been
received by this authenticator.
Time Since
The elapsed time, in days, hours, minutes, and seconds since the statistics for this port were
Counters Last
last cleared.
Cleared
September 2014
CLI Command Reference
Page 157
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
If you use the switchport keyword, the following information appears.
Term
Definition
Total Packets Received
(Octets)
Packets Received
Without Error
Unicast Packets
Received
Multicast Packets
Received
Broadcast Packets
Received
Receive Packets
Discarded
The total number of octets of data received by the processor (excluding framing bits
but including FCS octets).
The total number of packets (including broadcast packets and multicast packets)
received by the processor.
The number of subnetwork-unicast packets delivered to a higher-layer protocol.
Octets Transmitted
Packets Transmitted
without Errors
Unicast Packets
Transmitted
Multicast Packets
Transmitted
Broadcast Packets
Transmitted
Transmit Packets
Discarded
The total number of packets received that were directed to a multicast address. Note
that this number does not include packets directed to the broadcast address.
The total number of packets received that were directed to the broadcast address.
Note that this does not include multicast packets.
The number of inbound packets which were chosen to be discarded even though no
errors had been detected to prevent their being deliverable to a higher-layer
protocol. A possible reason for discarding a packet could be to free up buffer space.
The total number of octets transmitted out of the interface, including framing
characters.
The total number of packets transmitted out of the interface.
The total number of packets that higher-level protocols requested be transmitted to
a subnetwork-unicast address, including those that were discarded or not sent.
The total number of packets that higher-level protocols requested be transmitted to
a Multicast address, including those that were discarded or not sent.
The total number of packets that higher-level protocols requested be transmitted to
the Broadcast address, including those that were discarded or not sent.
The number of outbound packets which were chosen to be discarded even though
no errors had been detected to prevent their being deliverable to a higher-layer
protocol. A possible reason for discarding a packet could be to free up buffer space.
Most Address Entries
The highest number of Forwarding Database Address Table entries that have been
Ever Used
learned by this switch since the most recent reboot.
Address Entries
The number of Learned and static entries in the Forwarding Database Address Table
Currently in Use
for this switch.
Maximum VLAN Entries The maximum number of Virtual LANs (VLANs) allowed on this switch.
Most VLAN Entries Ever The largest number of VLANs that have been active on this switch since the last
Used
reboot.
Static VLAN Entries
The number of presently active VLAN entries on this switch that have been created
statically.
Dynamic VLAN Entries The number of presently active VLAN entries on this switch that have been created
by GVRP registration.
VLAN Deletes
The number of VLANs on this switch that have been created and then deleted since
the last reboot.
Time Since Counters
The elapsed time, in days, hours, minutes, and seconds, since the statistics for this
Last Cleared
switch were last cleared.
September 2014
CLI Command Reference
Page 158
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
If you use the all keyword, the following information appears for all interfaces on the switch.
Term
Definition
Port
Bytes Tx
Bytes Rx
Packets Tx
Packets Rx
The Interface ID.
The total number of bytes transmitted by the interface.
The total number of bytes transmitted by the interface.
The total number of packets transmitted by the interface.
The total number of packets transmitted by the interface.
show interface ethernet switchport
This command displays the private VLAN mapping information for the switch interfaces.
Format
show interface ethernet interface-id switchport
Mode
Privileged EXEC
Parameter
Description
interface-id
The unit/slot/port of the switch.
The command displays the following information.
Term
Definition
Port
VLAN Switchport mode
Private VLAN configured
Host association
Private VLAN configured
Promiscuous VLANS
Operational Private
VLANs
The port for which data is displayed.
The VLAN role of the port.
The VLAN association for community or host ports.
September 2014
The VLAN mapping for the private-VLAN promiscuous ports.
The number of operational private VLANs for which this port is a member.
CLI Command Reference
Page 159
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
show interface lag
Use this command to display configuration information about the specified LAG interface.
Format
show interface lag lag-intf-num
Mode
Privileged EXEC
Parameters
Definition
Packets Received
Without Error
Packets Received With
Error
Broadcast Packets
Received
Receive Packets
Discarded
The total number of packets (including broadcast packets and multicast packets)
received on the LAG interface
The number of inbound packets that contained errors preventing them from being
deliverable to a higher-layer protocol.
The total number of packets received that were directed to the broadcast address.
Note that this does not include multicast packets.
The number of inbound packets which were chosen to be discarded even though
no errors had been detected to prevent their being deliverable to a higher-layer
protocol. One possible reason for discarding such a packet could be to free up
buffer space.
The total number of packets transmitted out of the LAG.
Packets Transmitted
Without Error
Transmit Packets
Discarded
The number of outbound packets which were chosen to be discarded even though
no errors had been detected to prevent their being deliverable to a higher-layer
protocol. A possible reason for discarding a packet could be to free up buffer space.
Transmit Packets Errors The number of outbound packets that could not be transmitted because of errors.
Collisions Frames
The best estimate of the total number of collisions on this Ethernet segment.
Time Since Counters Last The elapsed time, in days, hours, minutes, and seconds since the statistics for this
Cleared
LAG were last cleared.
September 2014
CLI Command Reference
Page 160
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
show interfaces status
Use this command to display interface information, including the description, port state, speed and autoneg
capabilities. The command is similar to show port all but displays additional fields like interface description
and port-capability.
The description of the interface is configurable through the existing command description <name> which has
a maximum length of 64 characters that is truncated to 28 characters in the output. The long form of the
description can be displayed using show port description. The interfaces displayed by this command are
physical interfaces, LAG interfaces and VLAN routing interfaces.
Format
show interfaces status [<unit/slot/port>]
Mode
Privileged EXEC
Field
Description
Port
Name
Link State
Physical Mode
Physical Status
The interface associated with the rest of the data in the row.
The descriptive user-configured name for the interface.
Indicates whether the link is up or down.
The speed and duplex settings on the interface.
Indicates the port speed and duplex mode for physical interfaces. The
physical status for LAGs is not reported. When a port is down, the physical
status is unknown.
The media type of the interface.
The 802.3x flow control status.
The configured 802.3x flow control mode.
Media Type
Flow Control Status
Flow Control
show interfaces traffic
Use this command to display interface traffic information.
Format
show interfaces traffic [unit/slot/port]
Mode
Privileged EXEC
Field
Description
Interface Name
Congestion Drops
TX Queue
RX Queue
Color Drops: Yellow
Color Drops: Red
WRED TX Queue
The interface associated with the rest of the data in the row.
The number of packets that have been dropped on the interface due to congestion.
The number of cells in the transmit queue.
The number of cells in the receive queue.
The number of yellow (conformed) packets that were dropped.
The number of red (exceeded) packets that were dropped.
The number of packets in the WRED transmit queue.
September 2014
CLI Command Reference
Page 161
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
show fiber-ports optical-transceiver
This command displays the diagnostics information of the SFP like Temp, Voltage, Current, Input Power, Output
Power, Tx Fault, and LOS. The values are derived from the SFP's A2 (Diagnostics) table using the I2C interface.
Format
show fiber-ports optical-transceiver {all | unit/slot/port}
Mode
Privileged EXEC
Field
Description
Temp
Voltage
Current
Output Power
Input Power
TX Fault
LOS
Internally measured transceiver temperature.
Internally measured supply voltage.
Measured TX bias current.
Measured optical output power relative to 1mW.
Measured optical power received relative to 1mW.
Transmitter fault.
Loss of signal.
Example: The following information shows an example of the command output:
(Routing) #show fiber-ports optical-transceiver all
Port
-------1/1/1
1/1/2
1/1/3
Output
Input
Temp Voltage Current
Power
Power
TX
[C]
[Volt]
[mA]
[dBm]
[dBm]
Fault
---- ------- ------------- ----------39.3
3.256
5.0
-2.234
-2.465
No
33.9
3.260
5.3
-2.374 -40.000
No
32.2
3.256
5.6
-2.300
-2.897
No
LOS
--No
Yes
No
show fiber-ports optical-transceiver-info
This command displays the SFP vendor related information like Vendor Name, Serial Number of the SFP, Part
Number of the SFP. The values are derived from the SFP's A0 table using the I2C interface.
Format
show fiber-ports optical-transceiver-info {all | slot/port}
Mode
Privileged EXEC
Field
Description
Vendor Name
The vendor name is a 16 character field that contains ASCII characters, left-aligned
and padded on the right with ASCII spaces (20h). The vendor name shall be the full
name of the corporation, a commonly accepted abbreviation of the name of the
corporation, the SCSI company code for the corporation, or the stock exchange code
for the corporation.
September 2014
CLI Command Reference
Page 162
HP Moonshot Switch Module CLI Command Reference
Field
System Information and Statistics Commands
Description
Length (50um, OM2)
This value specifies link length that is supported by the transceiver while operating in
compliance with applicable standards using 50 micron multimode OM2
[500MHz*km at 850nm] fiber. A value of zero means that the transceiver does not
support 50 micron multimode fiber or that the length information must be
determined from the transceiver technology.
Length (62.5um, OM1) This value specifies link length that is supported by the transceiver while operating in
compliance with applicable standards using 62.5 micron multimode OM1 [200
MHz*km at 850nm, 500 MHz*km at 1310nm] fiber. A value of zero means that the
transceiver does not support 62.5 micron multimode fiber or that the length
information must determined from the transceiver technology
Vendor SN
The vendor serial number (vendor SN) is a 16 character field that contains ASCII
characters, left-aligned and padded on the right with ASCII spaces (20h), defining the
vendor's serial number for the transceiver. A value of all zero in the 16-byte field
indicates that the vendor SN is unspecified.
Vendor PN
The vendor part number (vendor PN) is a 16-byte field that contains ASCII characters,
left aligned and added on the right with ASCII spaces (20h), defining the vendor part
number or product name. A value of all zero in the 16-byte field indicates that the
vendor PN is unspecified.
BR, nominal
The nominal bit (signaling) rate (BR, nominal) is specified in units of 100 MBd,
rounded off to the nearest 100 MBd. The bit rate includes those bits necessary to
encode and delimit the signal as well as those bits carrying data information. A value
of 0 indicates that the bit rate is not specified and must be determined from the
transceiver technology. The actual information transfer rate will depend on the
encoding of the data, as defined by the encoding value.
Vendor Rev
The vendor revision number (vendor rev) contains ASCII characters, left aligned and
padded on the right with ASCII spaces (20h), defining the vendor's product revision
number. A value of all zero in this field indicates that the vendor revision is
unspecified.
Example: The following information shows an example of the command output:
(Routing) #show fiber-ports optical-transceiver-info all
Link
Length
50um
Port
Vendor Name
[m]
-------- ---------------- --1/0/49 HP
8
1/0/51 HP
8
1/0/52 HP
8
Link
Length
62.5um
[m]
---3
3
3
Nominal
Bit
Rate
Part Number
[Mbps]
------------- ----AXM761
10300
AXM761
10300
AXM761
10300
Rev
---10
10
10
show mac-addr-table
This command displays the forwarding database entries. These entries are used by the transparent bridging
function to determine how to forward a received frame.
September 2014
CLI Command Reference
Page 163
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
Enter all or no parameter to display the entire table. Enter a MAC Address and VLAN ID to display the table
entry for the requested MAC address on the specified VLAN. Enter the count parameter to view summary
information about the forwarding database table. Use the interface unit/slot/port parameter to view MAC
addresses on a specific interface.
Instead of unit/slot/port, lag lag-intf-num can be used as an alternate way to specify the LAG interface. lag
lag-intf-num can also be used to specify the LAG interface where lag-intf-num is the LAG port number. Use
the vlan vlan_id parameter to display information about MAC addresses on a specified VLAN.
Format
show mac-addr-table [{macaddr vlan_id | all | count | interface unit/slot/port | vlan
vlan_id}]
Mode
Privileged EXEC
The following information displays if you do not enter a parameter, the keyword all, or the MAC address and
VLAN ID.
Term
Definition
VLAN ID
MAC Address
The VLAN in which the MAC address is learned.
A unicast MAC address for which the switch has forwarding and or filtering information. The
format is 6 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB.
Interface
The port through which this address was learned.
Interface Index This object indicates the ifIndex of the interface table entry associated with this port.
Status
The status of this entry. The meanings of the values are:
• Static—The value of the corresponding instance was added by the system or a user when
a static MAC filter was defined. It cannot be relearned.
• Learned—The value of the corresponding instance was learned by observing the source
MAC addresses of incoming traffic, and is currently in use.
• Management—The value of the corresponding instance (system MAC address) is also the
value of an existing instance of dot1dStaticAddress. It is identified with interface 1/0/1. and
is currently used when enabling VLANs for routing.
• Self—The value of the corresponding instance is the address of one of the switch’s physical
interfaces (the system’s own MAC address).
• GMRP Learned—The value of the corresponding was learned via GMRP and applies to
Multicast.
• Other—The value of the corresponding instance does not fall into one of the other
categories.
If you enter vlan vlan_id, only the MAC Address, Interface, and Status fields appear. If you enter the interface
unit/slot/port parameter, in addition to the MAC Address and Status fields, the VLAN ID field also appears.
September 2014
CLI Command Reference
Page 164
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
The following information displays if you enter the count parameter:
Term
Definition
Dynamic Address
count
Static Address (Userdefined) count
Total MAC Addresses
in use
Total MAC Addresses
available
Number of MAC addresses in the forwarding database that were automatically
learned.
Number of MAC addresses in the forwarding database that were manually entered by
a user.
Number of MAC addresses currently in the forwarding database.
Number of MAC addresses the forwarding database can handle.
process cpu threshold
Use this command to configure the CPU utilization thresholds. The Rising and Falling thresholds are specified
as a percentage of CPU resources. The utilization monitoring time period can be configured from 5 seconds to
86400 seconds in multiples of 5 seconds. The CPU utilization threshold configuration is saved across a switch
reboot. Configuring the falling utilization threshold is optional. If the falling CPU utilization parameters are not
configured, then they take the same value as the rising CPU utilization parameters.
Format
process cpu threshold type total rising 1-100 interval
Mode
Global Config
Parameter
Description
rising threshold
The percentage of CPU resources that, when exceeded for the configured rising interval,
triggers a notification. The range is 1 to 100. The default is 0 (disabled).
rising interval
The duration of the CPU rising threshold violation, in seconds, that must be met to trigger
a notification. The range is 5 to 86400. The default is 0 (disabled).
falling threshold The percentage of CPU resources that, when usage falls below this level for the configured
interval, triggers a notification. The range is 1 to 100. The default is 0 (disabled).
A notification is triggered when the total CPU utilization falls below this level for a
configured period of time. The falling utilization threshold notification is made only if a
rising threshold notification was previously done. The falling utilization threshold must
always be equal or less than the rising threshold value. The CLI does not allow setting the
falling threshold to be greater than the rising threshold.
falling interval
The duration of the CPU falling threshold, in seconds, that must be met to trigger a
notification. The range is 5 to 86400. The default is 0 (disabled).
September 2014
CLI Command Reference
Page 165
System Information and Statistics Commands
HP Moonshot Switch Module CLI Command Reference
show process app-list
This command displays the user and system applications.
Format
show process app-list
Mode
Privileged EXEC
Parameter
Description
ID
Name
PID
Admin Status
Auto Restart
Running Status
The application identifier.
The name that identifies the process.
The number the software uses to identify the process.
The administrative status of the process.
Indicates whether the process will automatically restart if it stops.
Indicates whether the process is currently running or stopped.
Example: The following shows example CLI display output for the command.
(Routing) #show process app-list
Admin
ID
Name
PID
Status
---- ---------------- ----- --------1 switchdrvr
251 Enabled
2 syncdb
252 Enabled
3 syncdb-test
0 Disabled
4 proctest
0 Disabled
5 utelnetd
0 Disabled
6 lxshTelnetd
0 Disabled
7 user.start
0 Enabled
Auto
Restart
--------Disabled
Disabled
Disabled
Enabled
Disabled
Disabled
Disabled
Running
Status
-------Running
Running
Stopped
Stopped
Stopped
Stopped
Stopped
show process app-resource-list
This command displays the configured and in-use resources of each application.
Format
show process app-resource-list
Mode
Privileged EXEC
Parameter
Description
ID
Name
PID
Memory Limit
CPU Share
The application identifier.
The name that identifies the process.
The number the software uses to identify the process.
The maximum amount of memory the process can consume.
The maximum percentage of CPU utilization the process can consume.
September 2014
CLI Command Reference
Page 166
HP Moonshot Switch Module CLI Command Reference
Parameter
System Information and Statistics Commands
Description
Memory Usage The amount of memory the process is currently using.
Max Mem Usage The maximum amount of memory the process has used at any given time since it started.
(Routing) #show process app-resource-list
ID
---1
2
3
4
5
6
7
Memory
Name
PID Limit
---------------- ---- ----------switchdrvr
251
Unlimited
syncdb
252
Unlimited
syncdb-test
0
Unlimited
proctest
0
10 MB
utelnetd
0
Unlimited
lxshTelnetd
0
Unlimited
user.start
0
Unlimited
CPU
Memory
Max Mem
Share
Usage
Usage
--------- ----------- ----------Unlimited
380 MB
381 MB
Unlimited
0 MB
0 MB
Unlimited
0 MB
0 MB
20%
0 MB
0 MB
Unlimited
0 MB
0 MB
Unlimited
0 MB
0 MB
Unlimited
0 MB
0 MB
show process proc-list
This application displays the processes started by applications created by the Process Manager.
Parameter
Description
PID
Process Name
Application IDName
Child
VM Size
VM Peak
FD Count
The number the software uses to identify the process.
The name that identifies the process.
The application identifier and its associated name.
Indicates whether the process has spawned a child process.
Virtual memory size.
The maximum amount of virtual memory the process has used at a given time.
The file descriptors count for the process.
Format
show process proc-list
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show process proc-list
PID
---208
251
252
Process
Name
---------------procmgr
switchdrvr
syncdb
September 2014
Application
ID-Name
-------------------0-procmgr
1-switchdrvr
2-syncdb
VM Size VM Peak
Chld (KB)
(KB)
FD Count
---- -------- -------- -------No
2500
2528
8
No
466720
485424
37
No
2664
2664
8
CLI Command Reference
Page 167
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
show process cpu
This command provides the percentage utilization of the CPU by different tasks.
Note: It is not necessarily the traffic to the CPU, but different tasks that keep the CPU busy.
Format
show process cpu
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show process cpu
Memory Utilization Report
status
bytes
------ ---------free
1637306368
alloc
473403392
CPU Utilization:
PID
Name
------- -------------------24
(kmmcd)
208
(procmgr)
262
envMonitorTask
287
osapiTimer
290
bcmINTR
291
socdmadesc.0
292
socdmadesc.1
296
bcmL2X.0
297
bcmCNTR.0
301
bcmL2X.1
302
bcmCNTR.1
305
bcmRX
306
bcmNHOP
307
bcmATP-TX
308
bcmATP-RX
318
bcmLINK.0
319
bcmLINK.1
320
cpuUtilMonitorTask
328
simPts_task
346
emWeb
352
trafficStormControl
355
DHCP snoop
368
dot1s_timer_task
382
snoopTask
395
spmTask
420
lldpTask
425
isdpTask
427
RMONTask
433
mvrpTask
------- -------------------Total CPU Utilization
September 2014
5 Secs
---------4.99%
0.00%
0.19%
0.00%
0.09%
0.19%
0.09%
4.11%
1.07%
4.11%
0.88%
0.09%
0.00%
0.00%
0.00%
2.35%
2.54%
0.19%
0.00%
0.00%
0.00%
0.00%
0.00%
0.09%
0.00%
0.09%
0.00%
0.19%
0.09%
---------21.45%
60 Secs
---------4.51%
0.01%
0.12%
0.04%
0.14%
0.13%
0.12%
4.04%
0.97%
4.01%
0.96%
0.24%
0.01%
0.03%
0.03%
2.41%
2.63%
0.10%
0.01%
0.01%
0.01%
0.01%
0.17%
0.02%
0.01%
0.01%
0.01%
0.79%
0.28%
---------21.96%
300 Secs
---------4.47%
0.00%
0.12%
0.03%
0.13%
0.12%
0.12%
4.02%
0.97%
4.01%
0.97%
0.23%
0.00%
0.03%
0.03%
2.41%
2.66%
0.09%
0.01%
0.01%
0.00%
0.00%
0.13%
0.02%
0.01%
0.00%
0.01%
0.77%
0.23%
---------21.81%
CLI Command Reference
Page 168
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
show running-config
Use this command to display or capture the current setting of different protocol packages supported on the
switch. This command displays or captures commands with settings and configurations that differ from the
default value. To display or capture the commands with settings and configurations that are equal to the
default value, include the all option.
Note: Show running-config does not display the User Password, even if you set one different from the
default.
The output is displayed in script format, which can be used to configure another switch with the same
configuration. If the optional scriptname is provided with a file name extension of .scr, the output is redirected
to a script file.
Note: If you issue the show running-config command from a serial connection, access to the switch
through remote connections (such as Telnet) is suspended while the output is being generated and
displayed.
Note: If you use a text-based configuration file, the show running-config command will only display
configured physical interfaces, i.e. if any interface only contains the default configuration, that
interface will be skipped from the show running-config command output. This is true for any
configuration mode that contains nothing but default configuration. That is, the command to enter a
particular config mode, followed immediately by its exit command, are both omitted from the show
running-config command output (and hence from the startup-config file when the system
configuration is saved.)
Format
show running-config [all | scriptname]
Mode
Privileged EXEC
dir
Use this command to list the files in flash.
Format
dir
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 169
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
show running-config interface
Use this command to display the running configuration for a specific interface. Valid interfaces include physical,
LAG, loopback, tunnel and VLAN interfaces.
Format
show running-config interface {interface | lag {lag-intf-num} | loopback {loopbackid} | vlan {vlan-id}}
Mode
Privileged EXEC
Parameter
Description
interface
lag-intf-num
loopback-id
vlan-id
Running configuration for the specified interface.
Running configuration for the LAG interface.
Running configuration for the loopback interface.
Running configuration for the VLAN routing interface.
show sysinfo
This command displays switch information.
Format
show sysinfo
Mode
Privileged EXEC
Term
Definition
Switch Description
System Name
Text used to identify this switch.
Name used to identify the switch.The factory default is blank. To configure the system
name, see “snmp-server” on page 100.
Text used to identify the location of the switch. The factory default is blank. To
configure the system location, see “snmp-server” on page 100.
Text used to identify a contact person for this switch. The factory default is blank. To
configure the system location, see “snmp-server” on page 100.
The base object ID for the switch’s enterprise MIB.
The time in days, hours and minutes since the last switch reboot.
The system time acquired from a network SNTP server.
System Location
System Contact
System ObjectID
System Up Time
Current SNTP
Synchronized Time
MIBs Supported
September 2014
A list of MIBs supported by this agent.
CLI Command Reference
Page 170
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
show tech-support
Use the show tech-support command to create a file that contains the system and configuration information
that is used when you contact technical support. The output of the show tech-support command combines the
output of the following commands and includes log history files from previous runs:
• show version
• show sysinfo
• show port all
• show isdp neighbors
• show logging
• show eventlog
• show logging buffered
• show logging traplogs
• show running config
Including the optional ospf parameter also displays OSPF information.
Format
show tech-support [ospf]
Mode
Privileged EXEC
show startup-config
This command displays the content of the startup-config file, which is a text-based configuration file. The
startup-config file is saved compressed in flash. With this command, the file is decompressed while displaying
its content.
Format
show startup-config
Mode
Privileged EXEC
show backup-config
This command displays the content of the backup-config file, which is a text-based configuration file. The
backup-config file is saved compressed in flash. With this command, the file is decompressed while displaying
its content.
Format
show backup-config
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 171
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
show factory-defaults
This command displays the content of the factory-defaults file, which is a text-based configuration file. The
factory-defaults file is saved compressed in flash. With this command, the file is decompressed while displaying
its content.
Format
show factory-defualts
Mode
Privileged EXEC
length value
Use this command to set the pagination length to value number of lines for the sessions specified by
configuring on different Line Config modes (telnet/ssh/console) and is persistent.
Example: Length command on Line Console mode applies for Serial Console session.
Default
24
Format
length value
Mode
Line Config
no length value
Use this command to set the pagination length to the default value number of lines.
Format
no length value
Mode
Line Config
terminal length
Use this command to set the pagination length to value number of lines for the current session. This command
configuration takes an immediate effect on the current session and is nonpersistent.
Default
24 lines per page
Format
terminal length value
Mode
Privileged EXEC
no terminal length
Use this command to set the value to the length value configured on Line Config mode depending on the type
of session.
Format
no terminal length value
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 172
HP Moonshot Switch Module CLI Command Reference
System Information and Statistics Commands
show terminal length
Use this command to display all the configured terminal length values.
show terminal length
Format
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show terminal length
Terminal Length:
---------------------For Current Session………………….. 24
For Serial Console…………………… 24
For Telnet Sessions…………………... 24
For SSH Sessions…………………….. 24
memory free low-watermark processor
Use this command to get notifications when the CPU free memory falls below the configured threshold. A
notification is generated when the free memory falls below the threshold. Another notification is generated
once the available free memory rises to 10 percent above the specified threshold. To prevent generation of
excessive notifications when the CPU free memory fluctuates around the configured threshold, only one Rising
or Falling memory notification is generated over a period of 60 seconds. The threshold is specified in kilobytes.
The CPU free memory threshold configuration is saved across a switch reboot.
Format
memory free low-watermark processor 1-2061240
Mode
Global Config
Parameter
Description
low-watermark
When CPU free memory falls below this threshold, a notification message is triggered. The
range is 1 to the maximum available memory on the switch. The default is 0 (disabled).
September 2014
CLI Command Reference
Page 173
HP Moonshot Switch Module CLI Command Reference
Warp Core Expandable Port Configuration
Warp Core Expandable Port Configuration
The HP Moonshot Switch Module includes expandable ports that can be configured to present a different
number of ports and speeds. The expandable port configuration mode allows you to dynamically configure a
40G port in 4 × 10G mode or in 1 × 40G mode.
hardware profile portmode
Use the hardware profile portmode command to configure the mode for an expandable port. This command
can be executed only on a 40G interface. Entering this command on any of the 4 × 10G interfaces (or any other
10G port) will give an error.
Note: This command takes effect only after rebooting the switch.
Default
By default, 40G ports are configured in 1 × 40G mode.
Format
hardware profile portmode {1x40g | 4x10g}
Mode
Interface Config
Parameter
Description
1x40g
4x10g
Configure the port as a single 40G port using four lanes.
Configure the port as four 10G ports, each on a separate lane. This mode requires the use
of a suitable 4 × 10G to 1 × 40G pigtail cable.
no hardware profile portmode
Use the no form of the command to return the port to the default mode (1 × 40G).
Format
no hardware profile portmode
Mode
Interface Config
September 2014
CLI Command Reference
Page 174
HP Moonshot Switch Module CLI Command Reference
Warp Core Expandable Port Configuration
show interfaces hardware profile
Use the show interfaces hardware profile command to display the hardware profile information for the 40G
ports. The command displays the 40G interface and the corresponding 10G interfaces. Because any hardware
profile configuration is only effective in the next boot of the switch, the configured mode may be different than
the operational mode of the interface. Therefore, this command also displays the configured mode and the
operational mode of the interface.
You can optionally specify an interface to view.
Format
show interfaces hardware profile [interface]
Mode
Privileged EXEC
Field
Description
40G Interface
10G Interfaces
The unit/slot/port identifier of the 40G interface.
The unit/slot/port identifiers of the 4 × 10G interfaces that correspond to the single
1 × 40G interface.
The mode the port is configured to operate in after the next boot cycle.
The mode in which the port is currently operating.
Configured Mode
Operating Mode
Example: The following shows an example of the CLI display output for the command after the hardware
command has been executed on interfaces 1/1/1 and 1/1/6 and the switch has
been reset.
profile portmode 4x10g
(Routing) #show interfaces hardware profile
40G Interface
------------1/1/1
1/1/6
1/1/11
1/1/16
September 2014
10G Interfaces
-------------1/1/2-5
1/1/7-10
1/1/12-15
1/1/17-20
Configured
Mode
---------4x10g
4x10g
1x40g
1x40g
Oper
Mode
------4x10g
4x10g
1x40g
1x40g
CLI Command Reference
Page 175
HP Moonshot Switch Module CLI Command Reference
Logging Commands
Logging Commands
This section describes the commands you use to configure system logging, and to view logs and the logging
settings.
logging buffered
This command enables logging to an in-memory log.
Default
disabled; critical when enabled
Format
logging buffered
Mode
Global Config
no logging buffered
This command disables logging to the in-memory log.
Format
no logging buffered
Mode
Global Config
logging buffered wrap
This command enables wrapping of in-memory logging when the log file reaches full capacity. Otherwise when
the log file reaches full capacity, logging stops.
Default
enabled
Format
logging buffered wrap
Mode
Privileged EXEC
no logging buffered wrap
This command disables wrapping of in-memory logging and configures logging to stop when the log file
capacity is full.
Format
no logging buffered wrap
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 176
HP Moonshot Switch Module CLI Command Reference
Logging Commands
logging cli-command
This command enables the CLI command logging feature, which enables the HP Moonshot Switch Module
software to log all CLI commands issued on the system.
Default
enabled
Format
logging cli-command
Mode
Global Config
no logging cli-command
This command disables the CLI command Logging feature.
Format
no logging cli-command
Mode
Global Config
logging console
This command enables logging to the console. You can specify the severitylevel value as either an integer
from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error
(3), warning (4), notice (5), info (6), or debug (7).
Default
disabled; critical when enabled
Format
logging console [severitylevel]
Mode
Global Config
no logging console
This command disables logging to the console.
no logging console
Format
Mode
September 2014
Global Config
CLI Command Reference
Page 177
Logging Commands
HP Moonshot Switch Module CLI Command Reference
logging host
This command configures the logging host parameters. You can configure up to eight hosts.
Default
• port—514
• level—critical (2)
Format
logging host {hostaddress|hostname} addresstype {port severitylevel}
Mode
Global Config
Parameter
Description
hostaddress|host
name
address-type
port
severitylevel
The IP address of the logging host.
Indicates the type of address ipv4 or ipv6 or dns being passed.
A port number from 1 to 65535.
Specify this value as either an integer from 0 to 7, or symbolically through one of the
following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5),
info (6), or debug (7).
Example: The following shows examples of the command.
(Routing) (Config)# logging host google.com dns 214
(Routing) (Config)# logging host 10.130.64.88 ipv4 214 6
(Routing) (Config)# logging host 2000::150 ipv6 214 7
logging host reconfigure
This command enables logging host reconfiguration.
Format
logging host reconfigure hostindex
Mode
Global Config
Parameter
Description
hostindex
Enter the Logging Host Index for which to change the IP address.
September 2014
CLI Command Reference
Page 178
Logging Commands
HP Moonshot Switch Module CLI Command Reference
logging host remove
This command disables logging to host. See “show logging hosts” on page 182 for a list of host indexes.
Format
logging host remove hostindex
Mode
Global Config
logging persistent
Use this command to configure the Persistent logging for the switch. The severity level of logging messages is
specified at severity level. Possible values for severity level are (emergency|0, alert|1, critical|2, error|3,
warning|4, notice|5, info|6, debug|7).
Default
Disable
Format
logging persistent severity level
Mode
Global Config
no logging persistent
Use this command to disable the persistent logging in the switch
.
Format
no logging persistent
Mode
Global Config
logging syslog
This command enables logging to a host where up to eight hosts can be configured.
Default
Port - 514, Level - Critical, Component - All
Format
logging host ipaddress component component lvl7clear
Mode
Global Config
no logging syslog
This command disables syslog logging.
Format
no logging syslog
Mode
Global Config
September 2014
CLI Command Reference
Page 179
HP Moonshot Switch Module CLI Command Reference
Logging Commands
logging syslog source-interface
This command configures the syslog source-interface (source IP address) for syslog server configuration. The
selected source-interface IP address is used for filling the IP header of management protocol packets. This
allows security devices (firewalls) to identify the source packets coming from the specific switch. If a sourceinterface is not specified, the primary IP address of the originating (outbound) interface is used as the source
address.
Format
logging syslog source-interface {unit/slot/port|{loopback loopback-id}|{vlan vlanid}}
Mode
Global Config
Parameter
Description
unit/slot/port
loopback-id
VLAN or port-based routing interface.
Configures the loopback interface to use as the source IP address. The range of the
loopback ID is 0 to 7.
Configures the tunnel interface to use as the source IP address. The range of the tunnel ID
is 0 to 7.
Configures the VLAN interface to use as the source IP address. The range of the VLAN ID is
1 to 4093.
tunnel-id
vlan-id
Example: The following shows examples of the command.
(config)#logging
(config)#logging
(config)#logging
(config)#logging
syslog
syslog
syslog
syslog
source-interface
source-interface
source-interface
source-interface
loopback 0
tunnel 0
0/4/1
1/0/1
no logging syslog source-interface
This command disables syslog logging.
Format
no logging syslog
Mode
Global Config
show logging
This command displays logging configuration information.
Format
show logging
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 180
Logging Commands
HP Moonshot Switch Module CLI Command Reference
Term
Definition
Logging Client Local
Port
Logging Client Source
Interface
CLI Command Logging
Console Logging
Console Logging
Severity Filter
Buffered Logging
Persistent Logging
Persistent Logging
Severity Filter
Syslog Logging
Log Messages Received
Port on the collector/relay to which syslog messages are sent.
Shows the configured syslog source-interface (source IP address).
Shows whether CLI Command logging is enabled.
Shows whether console logging is enabled.
The minimum severity to log to the console log. Messages with an equal or lower
numerical severity are logged.
Shows whether buffered logging is enabled.
Shows whether persistent logging is enabled.
The minimum severity at which the logging entries are retained after a system
reboot.
Shows whether syslog logging is enabled.
Number of messages received by the log process. This includes messages that are
dropped or ignored.
Log Messages Dropped Number of messages that could not be processed due to error or lack of resources.
Log Messages Relayed Number of messages sent to the collector/relay.
Example: The following shows example CLI display output for the command.
(Routing) #show logging
Logging Client Local Port
Logging Client Source Interface
CLI Command Logging
Console Logging
Console Logging Severity Filter
Buffered Logging
Persistent Logging
Persistent Logging Severity Filter
:
:
:
:
:
:
:
:
514
(not configured)
disabled
enabled
error
enabled
disabled
alert
Syslog Logging
Log Messages Received
Log Messages Dropped
Log Messages Relayed
:
:
:
:
disabled
1010
0
0
September 2014
CLI Command Reference
Page 181
HP Moonshot Switch Module CLI Command Reference
Logging Commands
show logging buffered
This command displays buffered logging (system startup and system operation logs).
Format
show logging buffered
Mode
Privileged EXEC
Term
Definition
Buffered (In-Memory)
Logging
Buffered Logging
Wrapping Behavior
Buffered Log Count
Shows whether the In-Memory log is enabled or disabled.
The behavior of the In Memory log when faced with a log full situation.
The count of valid entries in the buffered log.
show logging hosts
This command displays all configured logging hosts. Use the “|” character to display the output filter options.
Format
show logging hosts
Mode
Privileged EXEC
Term
Definition
Host Index
IP Address /
Hostname
Severity Level
(Used for deleting hosts.)
IP address or hostname of the logging host.
Port
Host Status
The minimum severity to log to the specified address. The possible values are emergency
(0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7).
The server port number, which is the port on the local host from which syslog messages are
sent.
The state of logging to configured syslog hosts. If the status is disable, no logging occurs.
Example: The following shows example CLI display output for the command.
(Routing) #show logging hosts ?
<cr>
|
Press enter to execute the command.
Output filter options.
(Routing) #show logging hosts
Index IP Address/Hostname
Severity
Port
Status
-------- ---------------------- ----------- ------ --------1
10.130.64.88
critical
514
Active
2
2000::150
critical
514
Active
September 2014
CLI Command Reference
Page 182
HP Moonshot Switch Module CLI Command Reference
Logging Commands
show logging persistent
Use the show logging persistent command to display persistent log entries.
Format
show logging persistent
Mode
Privileged EXEC
Parameter
Persistent
Logging
Persistent Log
Count
Description
The number of persistent log entries.
Example: The following shows example CLI display output for the command.
(Routing) #show logging persistent
Persistent Logging
Persistent Log Count
: disabled
: 0
show logging traplogs
This command displays SNMP trap events and statistics.
Format
show logging traplogs
Mode
Privileged EXEC
Term
Definition
Number of Traps Since Last Reset
Trap Log Capacity
Number of Traps Since Log Last
Viewed
Log
System Time Up
Trap
The number of traps since the last boot.
The number of traps the system can retain.
The number of new traps since the command was last executed.
The log number.
How long the system had been running at the time the trap was sent.
The text of the trap message.
clear logging buffered
This command clears all entries from the buffered log.
Format
clear logging buffered
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 183
HP Moonshot Switch Module CLI Command Reference
Email Alerting and Mail Server Commands
Email Alerting and Mail Server Commands
logging email
This command enables email alerting and sets the lowest severity level for which log messages are emailed. If
you specify a severity level, log messages at or above this severity level, but below the urgent severity level,
are emailed in a non-urgent manner by collecting them together until the log time expires. You can specify the
severitylevel value as either an integer from 0 to 7 or symbolically through one of the following keywords:
emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7).
Default
disabled; when enabled, log messages at or above severity Warning (4) are emailed
Format
logging email [severitylevel]
Mode
Global Config
no logging email
This command disables email alerting.
no logging email
Format
Mode
Global Config
logging email urgent
This command sets the lowest severity level at which log messages are emailed immediately in a single email
message. Specify the severitylevel value as either an integer from 0 to 7 or symbolically through one of the
following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug
(7). Specify none to indicate that log messages are collected and sent in a batch email at a specified interval.
Default
Alert (1) and emergency (0) messages are sent immediately.
Format
logging email urgent {severitylevel | none}
Mode
Global Config
no logging email urgent
This command resets the urgent severity level to the default value.
no logging email urgent
Format
Mode
September 2014
Global Config
CLI Command Reference
Page 184
HP Moonshot Switch Module CLI Command Reference
Email Alerting and Mail Server Commands
logging email message-type to-addr
This command configures the email address to which messages are sent. The message types supported are
urgent, non-urgent, and both. For each supported severity level, multiple email addresses can be configured.
The to-email-addr variable is a standard email address, for example admin@yourcompany.com.
Format
logging email message-type {urgent |non-urgent |both} to-addr to-email-addr
Mode
Global Config
no logging email message-type to-addr
This command removes the configured to-addr field of email.
Format
no logging email message-type {urgent |non-urgent |both} to-addr to-email-addr
Mode
Global Config
logging email from-addr
This command configures the email address of the sender (the switch).
Default
switch@hp.com
Format
logging email from-addr from-email-addr
Mode
Global Config
no logging email from-addr
This command removes the configured email source address.
Format
no logging email from-addr from-email-addr
Mode
Global Config
logging email message-type subject
This command configures the subject line of the email for the specified type.
Default
For urgent messages: Urgent Log Messages
For non-urgent messages: Non Urgent Log Messages
Format
logging email message-type {urgent |non-urgent |both} subject subject
Mode
Global Config
September 2014
CLI Command Reference
Page 185
HP Moonshot Switch Module CLI Command Reference
Email Alerting and Mail Server Commands
no logging email message-type subject
This command removes the configured email subject for the specified message type and restores it to the
default email subject.
Format
no logging email message-type {urgent |non-urgent |both} subject
Mode
Global Config
logging email logtime
This command configures how frequently non-urgent email messages are sent. Non-urgent messages are
collected and sent in a batch email at the specified interval. The valid range is every 30–1440 minutes.
Default
30 minutes
Format
logging email logtime minutes
Mode
Global Config
no logging email logtime
This command resets the non-urgent log time to the default value.
Format
no logging email logtime
Mode
Global Config
logging traps
This command sets the severity at which SNMP traps are logged and sent in an email. Specify the
severitylevel value as either an integer from 0 to 7 or symbolically through one of the following keywords:
emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7).
Default
Info (6) messages and higher are logged.
Format
logging traps severitylevel
Mode
Global Config
no logging traps
This command resets the SNMP trap logging severity level to the default value.
no logging traps
Format
Mode
September 2014
Global Config
CLI Command Reference
Page 186
HP Moonshot Switch Module CLI Command Reference
Email Alerting and Mail Server Commands
logging email test message-type
This command sends an email to the SMTP server to test the email alerting function.
Format
logging email test message-type {urgent |non-urgent |both} message-body message-body
Mode
Global Config
show logging email config
This command displays information about the email alert configuration.
Format
show logging email config
Mode
Privileged EXEC
Term
Definition
Email Alert Logging
Email Alert From Address
Email Alert Urgent Severity
Level
Email Alert Non Urgent Severity
Level
The administrative status of the feature: enabled or disabled
The email address of the sender (the switch).
The lowest severity level that is considered urgent. Messages of this type are
sent immediately.
The lowest severity level that is considered non-urgent. Messages of this
type, up to the urgent level, are collected and sent in a batch email. Log
messages that are less severe are not sent in an email message at all.
Email Alert Trap Severity Level The lowest severity level at which traps are logged.
Email Alert Notification Period The amount of time to wait between non-urgent messages.
Email Alert To Address Table
The configured email recipients.
Email Alert Subject Table
The subject lines included in urgent (Type 1) and non-urgent (Type 2)
messages.
For Msg Type urgent, subject is The configured email subject for sending urgent messages.
For Msg Type non-urgent,
The configured email subject for sending non-urgent messages.
subject is
September 2014
CLI Command Reference
Page 187
HP Moonshot Switch Module CLI Command Reference
Email Alerting and Mail Server Commands
show logging email statistics
This command displays email alerting statistics.
Format
show logging email statistics
Mode
Privileged EXEC
Term
Definition
Email Alert Operation
Status
No of Email Failures
The operational status of the email alerting feature.
No of Email Sent
Time Since Last Email
Sent
The number of email messages that have attempted to be sent but were
unsuccessful.
The number of email messages that were sent from the switch since the counter
was cleared.
The amount of time that has passed since the last email was sent from the switch.
clear logging email statistics
This command resets the email alerting statistics.
Format
clear logging email statistics
Mode
Privileged EXEC
mail-server
This command configures the SMTP server to which the switch sends email alert messages and changes the
mode to Mail Server Configuration mode. The server address can be in the IPv4, IPv6, or DNS name format.
Format
mail-server {ip-address | ipv6-address | hostname}
Mode
Global Config
no mail-server
This command removes the specified SMTP server from the configuration.
Format
no mail-server {ip-address | ipv6-address | hostname}
Mode
Global Config
September 2014
CLI Command Reference
Page 188
HP Moonshot Switch Module CLI Command Reference
Email Alerting and Mail Server Commands
security
This command sets the email alerting security protocol by enabling the switch to use TLS authentication with
the SMTP Server. If the TLS mode is enabled on the switch but the SMTP sever does not support TLS mode, no
email is sent to the SMTP server.
Default
none
Format
security {tlsv1 | none}
Mode
Mail Server Config
port
This command configures the TCP port to use for communication with the SMTP server. The recommended
port for TLSv1 is 465, and for no security (i.e. none) it is 25. However, any nonstandard port in the range 1 to
65535 is also allowed.
Default
25
Format
port {465 | 25 | 1–65535}
Mode
Mail Server Config
username (Mail Server Config)
This command configures the login ID the switch uses to authenticate with the SMTP server.
Default
admin
Format
username name
Mode
Mail Server Config
password
This command configures the password the switch uses to authenticate with the SMTP server.
Default
admin
Format
password password
Mode
Mail Server Config
September 2014
CLI Command Reference
Page 189
HP Moonshot Switch Module CLI Command Reference
Device Location, System Utility, and Clear Commands
show mail-server config
This command displays information about the email alert configuration.
Format
show mail-server {ip-address | hostname | all} config
Mode
Privileged EXEC
Term
Definition
No of mail servers configured
Email Alert Mail Server Address
Email Alert Mail Server Port
Email Alert Security Protocol
The number of SMTP servers configured on the switch.
The IPv4/IPv6 address or DNS hostname of the configured SMTP server.
The TCP port the switch uses to send email to the SMTP server
The security protocol (TLS or none) the switch uses to authenticate with the
SMTP server.
The username the switch uses to authenticate with the SMTP server.
The password the switch uses to authenticate with the SMTP server.
Email Alert Username
Email Alert Password
Device Location, System Utility, and Clear Commands
This section describes the commands you use to help troubleshoot connectivity issues and to restore various
configurations to their factory defaults.
uid
Use this command to illuminate the Unit Identifier (UID) LED on the lower-left corner of the face plate (above
the Health LED). When the UID LED is on, it is blue and can help you locate the physical unit within a rack of
devices.
Default
Off
Format
uid {on |off}
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 190
HP Moonshot Switch Module CLI Command Reference
Device Location, System Utility, and Clear Commands
traceroute
Use the traceroute command to discover the routes that IPv4 or IPv6 packets actually take when traveling to
their destination through the network on a hop-by-hop basis. Traceroute continues to provide a synchronous
response when initiated from the CLI.
The user may specify the source IP address of the traceroute probes. Recall that traceroute works by sending
packets that are expected not to reach their final destination, but instead trigger ICMP error messages back to
the source address from each hop along the forward path to the destination. By specifying the source address,
the user can determine where along the forward path there is no route back to the source address. Note that
this is only useful if the route from source to destination and destination to source is symmetric.) It would be
common, for example, to send a traceroute from an edge router to a target higher in the network using a
source address from a host subnet on the edge router. This would test reachability from within the network
back to hosts attached to the edge router. Alternatively, one might send a traceroute with an address on a
loopback interface as a source to test reachability back to the loopback interface address.
In the CLI, the user may specify the source either as an IPv4 address, IPv6 address, or as a routing interface.
When the source is specified as a routing interface, the traceroute is sent using the primary IPv4 address on
the source interface. With SNMP, the source must be specified as an address. The source cannot be specified
in the web UI.
HP Moonshot Switch Module will not accept an incoming packet, such as a traceroute response, that arrives
on a routing interface if the packet’s destination address is on one of the out-of-band management interfaces
(service port or network port). Similarly, HP Moonshot Switch Module will not accept a packet that arrives on
a management interface if the packet’s destination is an address on a routing interface. Thus, it would be futile
to send a traceroute on a management interface using a routing interface address as source, or to send a
traceroute on a routing interface using a management interface as source. When sending a traceroute on a
routing interface, the source must be that routing interface or another routing interface. When sending a
traceroute on a management interface, the source must be on that management interface. For this reason, the
user cannot specify the source as a management interface or management interface address. When sending a
traceroute on a management interface, the user should not specify a source address, but instead let the system
select the source address from the outgoing interface.
Default
•
•
•
•
•
•
•
count: 3 probes
interval: 3 seconds
size: 0 bytes
port: 33434
maxTtl: 30 hops
maxFail: 5 probes
initTtl: 1 hop
Format
traceroute {ip-address | [ipv6] {ipv6-address | hostname}} [initTtl initTtl]
[maxTtl maxTtl] [maxFail maxFail] [interval interval] [count count] [port port]
[size size] [source {ip-address | | ipv6-address | unit/slot/port}]
Mode
Privileged EXEC
Using the options described below, you can specify the initial and maximum time-to-live (TTL) in probe packets,
the maximum number of failures before termination, the number of probes sent for each TTL, and the size of
each probe.
September 2014
CLI Command Reference
Page 191
HP Moonshot Switch Module CLI Command Reference
Device Location, System Utility, and Clear Commands
Parameter
Description
ipaddress
ipv6-address
hostname
ipv6
The ipaddress value should be a valid IP address.
The ipv6-address value should be a valid IPv6 address.
The hostname value should be a valid hostname.
The optional ipv6 keyword can be used before ipv6-address or hostname. Giving the
ipv6 keyword before the hostname tries it to resolve to an IPv6 address.
Use initTtl to specify the initial time-to-live (TTL), the maximum number of router
hops between the local and remote system. Range is 0 to 255.
Use maxTtle to specify the maximum TTL. Range is 1 to 255.
Use maxFail to terminate the traceroute after failing to receive a response for this
number of consecutive probes. Range is 0 to 255.
Use the optional interval parameter to specify the time between probes, in seconds.
If a response is not received within this interval, then traceroute considers that probe
a failure (printing *) and sends the next probe. If traceroute does receive a response to
a probe within this interval, then it sends the next probe immediately. Range is 1 to 60
seconds.
Use the optional count parameter to specify the number of probes to send for each TTL
value. Range is 1 to 10 probes.
Use the optional port parameter to specify destination UDP port of the probe. This
should be an unused port on the remote destination system. Range is 1 to 65535.
Use the optional size parameter to specify the size, in bytes, of the payload of the Echo
Requests sent. Range is 0 to 65507 bytes.
Use the optional source parameter to specify the source IP address or interface for the
traceroute.
initTtl
maxTtl
maxFail
interval
count
port
size
source
The following are examples of the CLI command.
Example: traceroute Success:
(Routing) # traceroute 10.240.10.115 initTtl 1 maxTtl 4 maxFail 0 interval 1 count 3 port 33434 size
43
Traceroute to 10.240.10.115 ,4 hops max 43 byte packets:
1 10.240.4.1
708 msec
41 msec
11 msec
2 10.240.10.115
0 msec
0 msec
0 msec
Hop Count = 1 Last TTL = 2 Test attempt = 6 Test Success = 6
Example: traceroute ipv6 Success
(Routing) # traceroute 2001::2 initTtl 1 maxTtl 4 maxFail 0 interval 1 count 3 port 33434 size 43
Traceroute to 2001::2 hops max 43 byte packets:
1
2001::2
708 msec
41 msec
11 msec
The above command can also be execute with the optional ipv6 parameter as follows:
(Routing) # traceroute ipv6 2001::2 initTtl 1 maxTtl 4 maxFail 0 interval 1 count 3 port 33434 size 43
September 2014
CLI Command Reference
Page 192
HP Moonshot Switch Module CLI Command Reference
Device Location, System Utility, and Clear Commands
Example: traceroute Failure:
(Routing) # traceroute 10.40.1.1 initTtl 1 maxFail 0 interval 1 count 3
port 33434 size 43
Traceroute to 10.40.1.1 ,30 hops max 43 byte packets:
1 10.240.4.1
19 msec
18 msec
9 msec
2 10.240.1.252
0 msec
0 msec
1 msec
3 172.31.0.9
277 msec
276 msec
277 msec
4 10.254.1.1
289 msec
327 msec
282 msec
5 10.254.21.2
287 msec
293 msec
296 msec
6 192.168.76.2
290 msec
291 msec
289 msec
7 0.0.0.0
0 msec *
Hop Count = 6 Last TTL = 7 Test attempt = 19 Test Success = 18
Example: traceroute ipv6 Failure
(Routing)# traceroute 2001::2 initTtl 1 maxFail 0 interval 1 count 3 port 33434 size 43
Traceroute to
1 3001::1
2 4001::2
3 5001::3
4 6001::4
5
0
Hop Count = 4
2001::2 hops
708 msec
250 msec
289 msec
651 msec
0
Last TTL = 5
max 43 byte packets:
41 msec
11 msec
200 msec
193 msec
313 msec
278 msec
41 msec
270 msec
msec *
Test attempt = 1 Test Success = 0
clear config
This command resets the configuration to the factory defaults without powering off the switch. When you issue
this command, a prompt appears to confirm that the reset should proceed. When you enter y, you
automatically reset the current configuration on the switch to the default values. It does not reset the switch.
clear config
Format
Mode
Privileged EXEC
clear counters
This command clears the statistics for a specified unit/slot/port, for all the ports, or for the entire switch
based upon the argument.
clear counters {unit/slot/port | all}
Format
Mode
Privileged EXEC
clear igmpsnooping
This command clears the tables managed by the IGMP Snooping function and attempts to delete these entries
from the Multicast Forwarding Database.
clear igmpsnooping
Format
Mode
September 2014
Privileged EXEC
CLI Command Reference
Page 193
HP Moonshot Switch Module CLI Command Reference
Device Location, System Utility, and Clear Commands
clear pass
This command resets all user passwords to the factory defaults without powering off the switch. You are
prompted to confirm that the password reset should proceed.
clear pass
Format
Mode
Privileged EXEC
clear traplog
This command clears the trap log.
clear traplog
Format
Mode
Privileged EXEC
clear vlan
This command resets VLAN configuration parameters to the factory defaults. When the VLAN configuration is
reset to the factory defaults, there are some scenarios regarding GVRP and MVRP that happen due to this:
1. Static VLANs are deleted.
2. GVRP is restored to the factory default as a result of handling the VLAN RESTORE NOTIFY event. Since GVRP
is disabled by default, this means that GVRP should be disabled and all of its dynamic VLANs should be
deleted.
3. MVRP is restored to the factory default as a result of handling the VLAN RESTORE NOTIFY event. Since MVRP
is enabled by default, this means that any VLANs already created by MVRP are unaffected.
Format
clear vlan
Mode
Privileged EXEC
logout
This command closes the current telnet connection or resets the current serial connection.
Note: Save configuration changes before logging out.
Format
logout
Modes
• Privileged EXEC
• User EXEC
September 2014
CLI Command Reference
Page 194
HP Moonshot Switch Module CLI Command Reference
Device Location, System Utility, and Clear Commands
ping
Use this command to determine whether another computer is on the network. Ping provides a synchronous
response when initiated from the CLI and Web interfaces.
Note: For information about the ping command for IPv6 hosts, see “ping ipv6” on page 55.
Default
• The default count is 1.
• The default interval is 3 seconds.
• The default size is 0 bytes.
Format
ping {address| hostname} [count count] [interval 1-60] [size size] [source ip-address
| ipv6-address | {unit/slot/port | vlan 1-4093 | serviceport | network}]
Modes
• Privileged EXEC
• User EXEC
Using the options described below, you can specify the number and size of Echo Requests and the interval
between Echo Requests.
Parameter
Description
address
hostname
IPv4 address to ping.
The DNS-resolvable host name of the system to ping. The IPv4 address is resolved if no
keyword is specified.
The number of ping packets (ICMP Echo requests) that are sent to the destination address
specified by the ip-address field. The range for count is 1 to 15 requests.
The time between Echo Requests, in seconds. Range is 1 to 60 seconds.
The size, in bytes, of the payload of the Echo Requests sent. Range is 0 to 65507 bytes.
The source IP address or interface to use when sending the Echo requests packets.
count
interval
size
source
The following are examples of the CLI command.
Example: IPv4 ping success:
(Routing) #ping 10.254.2.160 count 3 interval 1 size 255
Pinging 10.254.2.160 with 255 bytes of data:
Received response for icmp_seq = 0. time = 275268 usec
Received response for icmp_seq = 1. time = 274009 usec
Received response for icmp_seq = 2. time = 279459 usec
----10.254.2.160 PING statistics---3 packets transmitted, 3 packets received, 0% packet loss
round-trip (msec) min/avg/max = 274/279/276
September 2014
CLI Command Reference
Page 195
HP Moonshot Switch Module CLI Command Reference
Device Location, System Utility, and Clear Commands
Example: IPv4 ping failure:
In Case of Unreachable Destination:
(Routing) # ping 192.168.254.222 count 3 interval 1 size 255
Pinging 192.168.254.222 with 255 bytes of data:
Received Response: Unreachable Destination
Received Response :Unreachable Destination
Received Response :Unreachable Destination
----192.168.254.222 PING statistics---3 packets transmitted,3 packets received, 0% packet loss
round-trip (msec) min/avg/max = 0/0/0
In Case Of Request TimedOut:
(Routing) # ping 1.1.1.1 count 1 interval 3
Pinging 1.1.1.1 with 0 bytes of data:
----1.1.1.1 PING statistics---1 packets transmitted,0 packets received, 100% packet loss
round-trip (msec) min/avg/max = 0/0/0
quit
This command closes the current telnet connection or resets the current serial connection. The system asks
you whether to save configuration changes before quitting.
Format
quit
Modes
• Privileged EXEC
• User EXEC
reload
This command resets the switch without powering it off. Reset means that all network connections are
terminated and the boot code executes. The switch uses the stored configuration to initialize the switch. You
are prompted to confirm that the reset should proceed. The LEDs on the switch indicate a successful reset.
Format
reload
Mode
Privileged EXEC
copy
The copy command uploads and downloads files to and from the switch. You can also use the copy command
to manage the dual images (primary and alternate) on the file system. Upload and download files from a server
by using FTP, TFTP, Xmodem, Ymodem, or Zmodem. SFTP and SCP are available as additional transfer methods
if the software package supports secure management.
Format
copy source destination
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 196
Device Location, System Utility, and Clear Commands
HP Moonshot Switch Module CLI Command Reference
Replace the source and destination parameters with the options in Table 9 on page 197. For the url source or
destination, use one of the following values:
{xmodem | ftp://user@ipaddr|hostname/path/filename | tftp://ipaddr|hostname/filepath/filename
[noval]| sftp|scp://username@ipaddr/filepath/filename}
The keyword ias-users supports the downloading of the IAS user database file. When the IAS users file is
downloaded, the switch IAS user’s database is replaced with the users and its attributes available in the
downloaded file. In the command copy url ias-users, for url one of the following is used for IAS users file:
{{ftp://user@ipaddr|hostname/path/filename} | {tftp://ipaddr | hostname /filepath/filename} | {sftp
| scp://username@ipaddress/filepath/filename}}
Note: The maximum length for the file path is 160 characters, and the maximum length for the file
name is 31 characters.
For FTP, TFTP, SFTP and SCP, the ipaddr|hostname parameter is the IP address or host name of the server,
filepath is the path to the file, and filename is the name of the file you want to upload or download. For SFTP
and SCP, the username parameter is the username for logging into the remote server via SSH.
T
Table 9: Copy Parameters
Source
Destination
nvram:tech-support
url
nvram:backup-config
nvram:backup-config
nvram:clibanner
nvram:cpu-pktcapture.pcap
nvram:crash-log
nvram:errorlog
nvram:factory-defaults
nvram:log
nvram:operational-log
nvram:script scriptname
nvram:startup-config
nvram:startup-config
nvram:startup-log
nvram:traplog
system:running-config
system:running-config
url
September 2014
Description
Copies the Technical Support file from the switch to a
remote server.
nvram:startup-config
Copies the backup configuration to the startup
configuration.
url
Copies the backup configuration to a server.
url
Copies the CLI banner to a server.
url
Copies the CPU packet capture file from the switch to
a server.
url
Copies the crash log to a server.
url
Copies the error log file to a server.
url
Uploads factory defaults file.
url
Copies the log file to a server.
url
Copies the operational log file to a server.
url
Copies a specified configuration script file to a server.
nvram:backup-config
Copies the startup configuration to the backup
configuration.
url
Copies the startup configuration to a server.
url
Copies the startup log file to a server.
url
Copies the trap log file to a server.
nvram:startup-config
Saves the running configuration to nvram.
nvram:factory-defaults Saves the running configuration to nvram to the
factory-defaults file.
nvram:backup-config
Downloads a backup configuration file to the system.
CLI Command Reference
Page 197
HP Moonshot Switch Module CLI Command Reference
Device Location, System Utility, and Clear Commands
Table 9: Copy Parameters (Cont.)
Source
Destination
Description
url
nvram:clibanner
url
nvram:script
destfilename
url
nvram:script
destfilename noval
Downloads the CLI banner to the system.
Downloads a configuration script file to the system.
During the download of a configuration script, the
copy command validates the script. In case of any
error, the command lists all the lines at the end of the
validation process and prompts you to confirm before
copying the script file.
When you use this option, the copy command will not
validate the downloaded script file. An example of the
CLI command follows:
(Routing) #copy tftp://1.1.1.1/file.scr nvram:script file.scr noval
url
url
url
url
url
url
url
{primary | alternate}
primary
alternate
{primary | alternate}
{primary | alternate}
September 2014
Downloads an SSH key file. For more information, see
“Secure Shell Commands” on page 67.
nvram:sshkey-rsa1
Downloads an SSH key file.
nvram:sshkey-rsa2
Downloads an SSH key file.
nvram:startup-config
Downloads the startup configuration file to the
system.
system:image
Downloads a code image to the system.
ias-users
Downloads an IAS users database file to the system.
When the IAS users file is downloaded, the switch IAS
user’s database is replaced with the users and their
attributes available in the downloaded file.
{primary | alternate} Download an image from the remote server to either
image. In a stacking environment, the downloaded
image is distributed to the stack nodes.
url
Upload either image to the remote server.
alternate
Copy the primary image to the alternate image.
primary
Copy the alternate image to the primary image.
unit://unit/{primary | Copy an image from the management node to a given
alternate}
node in a Stack. Use the unit parameter to specify the
node to which the image should be copied.
unit://*/{primary |
Copy an image from the management node to all of
alternate}
the nodes in a Stack.
nvram:sshkey-dsa
CLI Command Reference
Page 198
Simple Network Time Protocol Commands
HP Moonshot Switch Module CLI Command Reference
Example: The following shows an example of downloading and applying ias users file.
(Routing) #copy tftp://10.131.17.104/aaa_users.txt ias-users
Mode...........................................
Set Server IP..................................
Path...........................................
Filename.......................................
Data Type......................................
TFTP
10.131.17.104
./
aaa_users.txt
IAS Users
Management access will be blocked for the duration of the transfer
Are you sure you want to start? (y/n) y
File transfer operation completed successfully.
Validating and updating the users to the IAS users database.
Updated IAS users database successfully.
Simple Network Time Protocol Commands
This section describes the commands you use to automatically configure the system time and date by using
Simple Network Time Protocol (SNTP).
sntp broadcast client poll-interval
This command sets the poll interval for SNTP broadcast clients in seconds as a power of two where pollinterval can be a value from 6 to 10.
Default
6
Format
sntp broadcast client poll-interval poll-interval
Mode
Global Config
no sntp broadcast client poll-interval
This command resets the poll interval for SNTP broadcast client back to the default value.
Format
no sntp broadcast client poll-interval
Mode
Global Config
September 2014
CLI Command Reference
Page 199
HP Moonshot Switch Module CLI Command Reference
Simple Network Time Protocol Commands
sntp client mode
This command enables Simple Network Time Protocol (SNTP) client mode and may set the mode to either
broadcast or unicast.
Default
disabled
Format
sntp client mode [broadcast | unicast]
Mode
Global Config
no sntp client mode
This command disables Simple Network Time Protocol (SNTP) client mode.
Format
no sntp client mode
Mode
Global Config
sntp client port
This command sets the SNTP client port ID to a value from 1-65535. The default value is 0, which means that
the SNTP port is not configured by the user. In the default case, the actual client port value used in SNTP packets
is assigned by the underlying OS.
Default
0
Format
sntp client port portid
Mode
Global Config
no sntp client port
This command resets the SNTP client port back to its default value.
Format
no sntp client port
Mode
Global Config
sntp unicast client poll-interval
This command sets the poll interval for SNTP unicast clients in seconds as a power of two where poll-interval
can be a value from 6 to 10.
Default
6
Format
sntp unicast client poll-interval poll-interval
Mode
Global Config
September 2014
CLI Command Reference
Page 200
HP Moonshot Switch Module CLI Command Reference
Simple Network Time Protocol Commands
no sntp unicast client poll-interval
This command resets the poll interval for SNTP unicast clients to its default value.
Format
no sntp unicast client poll-interval
Mode
Global Config
sntp unicast client poll-timeout
This command will set the poll timeout for SNTP unicast clients in seconds to a value from 1-30.
Default
5
Format
sntp unicast client poll-timeout poll-timeout
Mode
Global Config
no sntp unicast client poll-timeout
This command will reset the poll timeout for SNTP unicast clients to its default value.
Format
no sntp unicast client poll-timeout
Mode
Global Config
sntp unicast client poll-retry
This command will set the poll retry for SNTP unicast clients to a value from 0 to 10.
Default
1
Format
sntp unicast client poll-retry poll-retry
Mode
Global Config
no sntp unicast client poll-retry
This command will reset the poll retry for SNTP unicast clients to its default value.
Format
no sntp unicast client poll-retry
Mode
Global Config
September 2014
CLI Command Reference
Page 201
HP Moonshot Switch Module CLI Command Reference
Simple Network Time Protocol Commands
sntp server
This command configures an SNTP server (a maximum of three). The server address can be either an IPv4
address or an IPv6 address. The optional priority can be a value of 1-3, the version a value of 1-4, and the port
id a value of 1-65535.
Format
sntp server {ipaddress | ipv6address | hostname} [priority [version [portid]]]
Mode
Global Config
no sntp server
This command deletes an server from the configured SNTP servers.
Format
no sntp server remove {ipaddress | ipv6address | hostname}
Mode
Global Config
sntp source-interface
Use this command to specify the physical or logical interface to use as the source interface (source IP address)
for SNTP unicast server configuration. If configured, the address of source Interface is used for all SNTP
communications between the SNTP server and the SNTP client. The selected source-interface IP address is
used for filling the IP header of management protocol packets. This allows security devices (firewalls) to
identify the source packets coming from the specific switch. If a source-interface is not specified, the primary
IP address of the originating (outbound) interface is used as the source address. If the configured interface is
down, the SNTP client falls back to its default behavior.
Format
sntp source-interface {unit/slot/port | loopback loopback-id | vlan vlan-id}
Mode
Global Config
Parameter
Description
unit/slot/port
loopback-id
tunnel-id
vlan-id
The unit identifier assigned to the switch.
Configures the loopback interface. The range of the loopback ID is 0 to 7.
Configures the IPv6 tunnel interface. The range of the tunnel ID is 0 to 7.
Configures the VLAN interface to use as the source IP address. The range of the VLAN ID is
1 to 4093.
no sntp source-interface
Use this command to reset the SNTP source interface to the default settings.
Format
no sntp source-interface
Mode
Global Config
September 2014
CLI Command Reference
Page 202
HP Moonshot Switch Module CLI Command Reference
Simple Network Time Protocol Commands
show sntp
This command is used to display SNTP settings and status.
Format
show sntp
Mode
Privileged EXEC
Term
Definition
Last Update Time
Last Attempt
Time
Last Attempt
Status
Broadcast Count
Time of last clock update.
Time of last transmit query (in unicast mode).
Status of the last SNTP request (in unicast mode) or unsolicited message (in broadcast
mode).
Current number of unsolicited broadcast messages that have been received and processed
by the SNTP client since last reboot.
show sntp client
This command is used to display SNTP client settings.
Format
show sntp client
Mode
Privileged EXEC
Term
Definition
Client Supported Modes
SNTP Version
Port
Supported SNTP Modes (Broadcast or Unicast).
The highest SNTP version the client supports.
SNTP Client Port. The field displays the value 0 if it is default value. When the
client port value is 0, if the client is in broadcast mode, it binds to port 123; if the
client is in unicast mode, it binds to the port assigned by the underlying OS.
Configured SNTP Client Mode.
Client Mode
September 2014
CLI Command Reference
Page 203
HP Moonshot Switch Module CLI Command Reference
Simple Network Time Protocol Commands
show sntp server
This command is used to display SNTP server settings and configured servers.
Format
show sntp server
Mode
Privileged EXEC
Term
Definition
Server Host Address
Server Type
Server Stratum
Server Reference ID
Server Mode
Server Maximum Entries
Server Current Entries
IP address or hostname of configured SNTP Server.
Address type of server (IPv4, IPv6, or DNS).
Claimed stratum of the server for the last received valid packet.
Reference clock identifier of the server for the last received valid packet.
SNTP Server mode.
Total number of SNTP Servers allowed.
Total number of SNTP configured.
For each configured server:
Term
Definition
IP Address / Hostname
Address Type
Priority
Version
IP address or hostname of configured SNTP Server.
Address Type of configured SNTP server (IPv4, IPv6, or DNS).
IP priority type of the configured server.
SNTP Version number of the server. The protocol version used to query the server
in unicast mode.
Server Port Number.
Last server attempt time for the specified server.
Last server attempt status for the server.
Number of requests to the server.
Number of failed requests from server.
Port
Last Attempt Time
Last Update Status
Total Unicast Requests
Failed Unicast Requests
September 2014
CLI Command Reference
Page 204
HP Moonshot Switch Module CLI Command Reference
Simple Network Time Protocol Commands
show sntp source-interface
Use this command to display the SNTP client source interface configured on the switch.
Format
show sntp source-interface
Mode
Privileged EXEC
Field
Description
SNTP Client Source
Interface
SNTP Client Source IPv4
Address
The interface ID of the physical or logical interface configured as the SNTP client
source interface.
The IP address of the interface configured as the SNTP client source interface.
Example: The following shows example CLI display output for the command.
(Routing) #show sntp source-interface
SNTP Client Source Interface................... (not configured)
(Routing) #
September 2014
CLI Command Reference
Page 205
HP Moonshot Switch Module CLI Command Reference
Time Zone Commands
Time Zone Commands
Use the Time Zone commands to configure system time and date, Time Zone and Summer Time (that is,
Daylight Saving Time). Summer time can be recurring or non-recurring.
clock set
This command sets the system time and date.
Format
clock set hh:mm:ss
clock set mm/dd/yyyy
Mode
Global Config
Parameter
Description
hh:mm:ss
Enter the current system time in 24-hour format in hours, minutes, and seconds. The range
is hours: 0 to 23, minutes: 0 to 59, seconds: 0 to 59.
Enter the current system date the format month, day, year. The range for month is 1 to 12.
The range for the day of the month is 1 to 31. The range for year is 2010 to 2079.
mm/dd/yyyy
Example: The following shows examples of the command.
(Routing) (Config)# clock set 03:17:00
(Routing) (Config)# clock set 11/01/2011
clock summer-time date
Use the clock summer-time date command to set the summer-time offset to Coordinated Universal Time (UTC).
If the optional parameters are not specified, they are read as either 0 or \0, as appropriate.
Format
clock summer-time date {date month year hh:mm date month year hh:mm}[offset offset]
[zone acronym]
Mode
Global Config
Parameter
Description
date
month
year
hh:mm
Day of the month. Range is 1 to 31.
Month. Range is the first three letters by name; jan, for example.
Year. The range is 2000 to 2079.
Time in 24-hour format in hours and minutes. The range is hours: 0 to 23, minutes: 0 to 59.
September 2014
CLI Command Reference
Page 206
HP Moonshot Switch Module CLI Command Reference
Time Zone Commands
Parameter
Description
offset
acronym
The number of minutes to add during the summertime. The range is 1 to 1440.
The acronym for the summer-time to be displayed when summertime is in effect. The
range is up to four characters are allowed.
Example: The following shows examples of the command.
(Routing) (Config)# clock summer-time date 1 nov 2011 3:18 2 nov 2011 3:18
(Routing) (Config)# clock summer-time date 1 nov 2011 3:18 2 nov 2011 3:18 offset 120 zone INDA
clock summer-time recurring
This command sets the summer-time recurring parameters.
Format
clock summer-time recurring {EU | USA | week day month hh:mm week day month hh:mm}
[offset offset] [zone acronym]
Mode
Global Config
Parameter
Description
EU
The system clock uses the standard recurring summer time settings used in countries in the
European Union.
The system clock uses the standard recurring daylight saving time settings used in the
United States.
Week of the month. The range is 1 to 5, first, last.)
Day of the week. The range is the first three letters by name; sun, for example.
Month. The range is the first three letters by name; jan, for example.
Time in 24-hour format in hours and minutes. The range is hours: 0 to 23, minutes: 0 to 59.
The number of minutes to add during the summertime. The range is 1 to 1440.
The acronym for the summertime to be displayed when summertime is in effect. Up to four
characters are allowed.
USA
week
day
month
hh:mm
offset
acronym
Example: The following shows examples of the command.
(Routing) (Config)# clock summer-time recurring 2 sun nov 3:18 2 mon nov 3:18
(Routing) (Config)# clock summer-time recurring 2 sun nov 3:18 2 mon nov 3:18 offset 120 zone INDA
no clock summer-time
This command disables the summer-time settings.
Format
no clock summer-time
Mode
Global Config
September 2014
CLI Command Reference
Page 207
HP Moonshot Switch Module CLI Command Reference
Time Zone Commands
clock timezone
Use this command to set the offset to Coordinated Universal Time (UTC). If the optional parameters are not
specified, they will be read as either 0 or \0 as appropriate.
Format
clock timezone {hours} [minutes minutes] [zone acronym]
Mode
Global Config
Parameter
Description
hours
minutes
acronym
Hours difference from UTC. The range is -12 to +13.
Minutes difference from UTC. The range is 0 to 59.
The acronym for the time zone. The range is up to four characters.
Example: The following shows an example of the command.
(Routing) (Config)# clock timezone 5 minutes 30 zone INDA
no clock timezone
Use this command to reset the time zone settings.
Format
no clock timezone
Mode
Global Config
Example: The following shows an example of the command.
(Routing) (Config)# no clock timezone
show clock
Use this command to display the time and date from the system clock.
Format
show clock
Mode
Privileged Exec
Example: The following shows example CLI display output for the command.
(Routing) # show clock
15:02:09 (UTC+0:00) Nov 1 2011
No time source
September 2014
CLI Command Reference
Page 208
HP Moonshot Switch Module CLI Command Reference
Time Zone Commands
show clock detail
Use this command to display the detailed system time along with the time zone and the summertime
configuration.
Format
show clock detail
Mode
Privileged Exec
Example: The following shows example CLI display output for the command.
(Routing) # show clock detail
15:05:24 (UTC+0:00) Nov 1 2011
No time source
Time zone:
Acronym not configured
Offset is UTC+0:00
Summertime:
Summer-time is disabled
Example: The following shows example CLI display output for the command.
With the above configuration the output appears as below:
(Routing) # show clock detail
10:57:57 INDA(UTC+7:30) Nov 1 2011
No time source
Time zone:
Acronym is INDA
Offset is UTC+5:30
Summertime:
Acronym is INDA
Recurring every year
Begins on second Sunday of Nov at 03:18
Ends on second Monday of Nov at 03:18
Offset is 120 minutes
Summer-time is in effect.
September 2014
CLI Command Reference
Page 209
HP Moonshot Switch Module CLI Command Reference
DNS Client Commands
DNS Client Commands
These commands are used in the Domain Name System (DNS), an Internet directory service. DNS is how
domain names are translated into IP addresses. When enabled, the DNS client provides a hostname lookup
service to other components of HP Moonshot Switch Module.
ip domain lookup
Use this command to enable the DNS client.
Default
enabled
Format
ip domain lookup
Mode
Global Config
no ip domain lookup
Use this command to disable the DNS client.
Format
no ip domain lookup
Mode
Global Config
ip domain name
Use this command to define a default domain name that HP Moonshot Switch Module software uses to
complete unqualified host names (names with a domain name). By default, no default domain name is
configured in the system. name may not be longer than 255 characters and should not include an initial period.
This name should be used only when the default domain name list, configured using the ip domain list
command, is empty.
Default
none
Format
ip domain name name
Mode
Global Config
Example: The CLI command ip domain name yahoo.com will configure yahoo.com as a default domain name.
For an unqualified hostname xxx, a DNS query is made to find the IP address corresponding to
xxx.yahoo.com.
no ip domain name
Use this command to remove the default domain name configured using the ip domain name command.
Format
no ip domain name
Mode
Global Config
September 2014
CLI Command Reference
Page 210
HP Moonshot Switch Module CLI Command Reference
DNS Client Commands
ip domain list
Use this command to define a list of default domain names to complete unqualified names. By default, the list
is empty. Each name must be no more than 256 characters, and should not include an initial period. The default
domain name, configured using the ip domain name command, is used only when the default domain name list
is empty. A maximum of 32 names can be entered in to this list.
Default
none
Format
ip domain list name
Mode
Global Config
no ip domain list
Use this command to delete a name from a list.
Format
no ip domain list name
Mode
Global Config
ip name server
Use this command to configure the available name servers. Up to eight servers can be defined in one command
or by using multiple commands. The parameter server-address is a valid IPv4 or IPv6 address of the server. The
preference of the servers is determined by the order they were entered.
Format
ip name server server-address1 [server-address2...server-address8]
Mode
Global Config
no ip name server
Use this command to remove a name server.
Format
no ip name server [server-address1...server-address8]
Mode
Global Config
September 2014
CLI Command Reference
Page 211
HP Moonshot Switch Module CLI Command Reference
DNS Client Commands
ip name source-interface
Use this command to specify the physical or logical interface to use as the DNS client (IP name) source interface
(source IP address) for the DNS client management application. If configured, the address of source Interface
is used for all DNS communications between the DNS server and the DNS client. The selected source-interface
IP address is used for filling the IP header of management protocol packets. This allows security devices
(firewalls) to identify the source packets coming from the specific switch. If a source-interface is not specified,
the primary IP address of the originating (outbound) interface is used as the source address. If the configured
interface is down, the DNS client falls back to its default behavior.
Format
ip name source-interface {unit/slot/port | loopback loopback-id | vlan vlan-id}
Mode
Global Config
no ip name source-interface
Use this command to reset the DNS source interface to the default settings.
Format
no ip name source-interface
Mode
Global Config
ip host
Use this command to define static host name-to-address mapping in the host cache. The parameter name is host
name and ip address is the IP address of the host. The hostname can include 1–255 alphanumeric characters,
periods, hyphens, underscores, and non-consecutive spaces. Hostnames that include one or more space must
be enclosed in quotation marks, for example “lab-pc 45”.
Default
none
Format
ip host name ipaddress
Mode
Global Config
no ip host
Use this command to remove the name-to-address mapping.
Format
no ip host name
Mode
Global Config
September 2014
CLI Command Reference
Page 212
HP Moonshot Switch Module CLI Command Reference
DNS Client Commands
ipv6 host
Use this command to define static host name-to-IPv6 address mapping in the host cache. The parameter name
is host name and v6 address is the IPv6 address of the host. The hostname can include 1–255 alphanumeric
characters, periods, hyphens, and spaces. Hostnames that include one or more space must be enclosed in
quotation marks, for example “lab-pc 45”.
Default
none
Format
ipv6 host name v6 address
Mode
Global Config
no ipv6 host
Use this command to remove the static host name-to-IPv6 address mapping in the host cache.
Format
no ipv6 host name
Mode
Global Config
ip domain retry
Use this command to specify the number of times to retry sending Domain Name System (DNS) queries. The
parameter number indicates the number of times to retry sending a DNS query to the DNS server. This number
ranges from 0 to 100.
Default
2
Format
ip domain retry number
Mode
Global Config
no ip domain retry
Use this command to return to the default.
Format
no ip domain retry number
Mode
Global Config
September 2014
CLI Command Reference
Page 213
HP Moonshot Switch Module CLI Command Reference
DNS Client Commands
ip domain timeout
Use this command to specify the amount of time to wait for a response to a DNS query. The parameter seconds
specifies the time, in seconds, to wait for a response to a DNS query. The parameter seconds ranges from 0 to
3600.
Default
3
Format
ip domain timeout seconds
Mode
Global Config
no ip domain timeout
Use this command to return to the default setting.
Format
no ip domain timeout seconds
Mode
Global Config
clear host
Use this command to delete entries from the host name-to-address cache. This command clears the entries
from the DNS cache maintained by the software. This command clears both IPv4 and IPv6 entries.
Format
clear host {name | all}
Mode
Privileged EXEC
Field
Description
name
all
A particular host entry to remove. The parameter name ranges from 1-255 characters.
Removes all entries.
September 2014
CLI Command Reference
Page 214
DNS Client Commands
HP Moonshot Switch Module CLI Command Reference
show hosts
Use this command to display the default domain name, a list of name server hosts, the static and the cached
list of host names and addresses. The parameter name ranges from 1-255 characters. This command displays
both IPv4 and IPv6 entries.
Format
show hosts [name]
Mode
Privileged EXEC
User EXEC
Field
Description
Host Name
Default Domain
Default Domain List
Domain Name Lookup
Number of Retries
Retry Timeout Period
Name Servers
DNS Client Source
Interface
Domain host name.
Default domain name.
Default domain list.
DNS client enabled/disabled.
Number of time to retry sending Domain Name System (DNS) queries.
Amount of time to wait for a response to a DNS query.
Configured name servers.
Shows the configured source interface (source IP address) used for a DNS client.
The IP address of the selected interface is used as source IP for all communications
with the server.
Example: The following shows example CLI display output for the command.
<Routing> show hosts
Host name.........................
Default domain....................
Default domain list...............
Domain Name lookup................
Number of retries.................
Retry timeout period..............
Name servers (Preference order)...
DNS Client Source Interface.......
Device
gm.com
yahoo.com, Stanford.edu, rediff.com
Enabled
5
1500
176.16.1.18 176.16.1.19
(not configured)
Configured host name-to-address mapping:
Host
Addresses
------------------------------ -----------------------------accounting.gm.com
176.16.8.8
Host
Total
Elapsed
Type
--------------- -------- ------------www.stanford.edu
72
3
IP
September 2014
Addresses
-------------171.64.14.203
CLI Command Reference
Page 215
HP Moonshot Switch Module CLI Command Reference
IP Address Conflict Commands
IP Address Conflict Commands
The commands in this section help troubleshoot IP address conflicts.
ip address-conflict-detect run
This command triggers the switch to run active address conflict detection by sending gratuitous ARP packets
for IPv4 addresses on the switch.
Format
ip address-conflict-detect run
Mode
Global Config
show ip address-conflict
This command displays the status information corresponding to the last detected address conflict.
Format
show ip address-conflict
Modes
Privileged EXEC
Term
Definition
Address Conflict Detection
Status
Last Conflicting IP Address
Last Conflicting MAC Address
Identifies whether the switch has detected an address conflict on any IP
address.
The IP Address that was last detected as conflicting on any interface.
The MAC Address of the conflicting host that was last detected on any
interface.
The time in days, hours, minutes and seconds since the last address conflict
was detected.
Time Since Conflict Detected
clear ip address-conflict-detect
This command clears the detected address conflict status information.
Format
clear ip address-conflict-detect
Modes
Privileged EXEC
September 2014
CLI Command Reference
Page 216
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
Serviceability Packet Tracing Commands
These commands improve the capability of network engineers to diagnose conditions affecting their HP
Moonshot Switch Module.
Caution! The output of “debug” commands can be long and may adversely affect system
performance.
capture start
Use the command capture start to manually start capturing CPU packets for packet trace.
The packet capture operates in three modes:
• capture file
• remote capture
• capture line
The command is not persistent across a reboot cycle.
Format
capture start [{all | receive | transmit}]
Mode
Privileged EXEC
Parameter
Description
all
receive
transmit
Capture all traffic.
Capture only received traffic.
Capture only transmitted traffic.
September 2014
CLI Command Reference
Page 217
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
capture stop
Use the command capture stop to manually stop capturing CPU packets for packet trace.
Format
capture stop
Mode
Privileged EXEC
capture file|remote|line
Use this command to configure file capture options. The command is persistent across a reboot cycle.
Format
capture {file|remote|line}
Mode
Global Config
Parameter
Description
file
In the capture file mode, the captured packets are stored in a file on NVRAM. The maximum
file size defaults to 524288 bytes. The switch can transfer the file to a TFTP server via TFTP,
SFTP, SCP via CLI, and SNMP.
The file is formatted in pcap format, is named cpuPktCapture.pcap, and can be examined
using network analyzer tools such as Wireshark® or Ethereal®. Starting a file capture
automatically terminates any remote capture sessions and line capturing. After the packet
capture is activated, the capture proceeds until the capture file reaches its maximum size,
or until the capture is stopped manually using the CLI command capture stop.
In the remote capture mode, the captured packets are redirected in real time to an external
PC running the Wireshark tool for Microsoft® Windows®. A packet capture server runs on
the switch side and sends the captured packets via a TCP connection to the Wireshark tool.
The remote capture can be enabled or disabled using the CLI. There should be a Windows
PC with the Wireshark tool to display the captured file. When using the remote capture
mode, the switch does not store any captured data locally on its file system.
You can configure the IP port number for connecting Wireshark to the switch. The default
port number is 2002. If a firewall is installed between the Wireshark PC and the switch,
then these ports must be allowed to pass through the firewall. You must configure the
firewall to allow the Wireshark PC to initiate TCP connections to the switch.
If the client successfully connects to the switch, the CPU packets are sent to the client PC,
then Wireshark receives the packets and displays them. This continues until the session is
terminated by either end.
Starting a remote capture session automatically terminates the file capture and line
capturing.
In the capture line mode, the captured packets are saved into the RAM and can be
displayed on the CLI. Starting a line capture automatically terminates any remote capture
session and capturing into a file. There is a maximum 128 packets of maximum 128 bytes
that can be captured and displayed in line mode.
remote
line
September 2014
CLI Command Reference
Page 218
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
capture remote port
Use this command to configure file capture options. The command is persistent across a reboot cycle. The id
parameter is a TCP port number from 1024– 49151.
Format
capture remote port id
Mode
Global Config
capture file size
Use this command to configure file capture options. The command is persistent across a reboot cycle. The maxfile-size parameter is the maximum size the pcap file can reach, which is 2–512 KB.
Format
capture file size max-file-size
Mode
Global Config
capture line wrap
This command enables wrapping of captured packets in line mode when the captured packets reaches full
capacity.
Format
capture line wrap
Mode
Global Config
no capture line wrap
This command disables wrapping of captured packets and configures capture packet to stop when the captured
packet capacity is full.
Format
no capture line wrap
Mode
Global Config
show capture packets
Use this command to display packets captured and saved to RAM. It is possible to capture and save into RAM,
packets that are received or transmitted through the CPU. A maximum of 128 packets (128 bytes per packet
max) can be saved into RAM per capturing session. If a packet holds more than 128 bytes, only the first 128
bytes are saved; data more than 128 bytes is skipped and cannot be displayed in the CLI.
Capturing packets is stopped automatically when 128 packets are captured and have not yet been displayed
during a capture session. Captured packets are not retained after a reload cycle.
Format
show capture packets
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 219
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
debug aaa accounting
This command is useful to debug accounting configuration and functionality in User Manager.
Format
debug aaa accounting
Mode
Privileged EXEC
no debug aaa accounting
Use this command to turn off debugging of User Manager accounting functionality.
Format
no debug aaa accounting
Mode
Privileged EXEC
debug aaa authorization
Use this command to enable the tracing for AAA in User Manager. This is useful to debug authorization
configuration and functionality in the User Manager. Each of the parameters are used to configure
authorization debug flags.
Format
debug aaa authorization {commands | exec}
Mode
Privileged EXEC
no debug aaa authorization
Use this command to turn off debugging of the User Manager authorization functionality.
Format
no debug aaa authorization
Mode
Privileged EXEC
Example: The following is an example of the command.
(Routing) #debug aaa authorization
Tacacs authorization receive packet tracing enabled.
(Routing) #debug tacacs authorization packet transmit
authorization tracing enabled.
(Routing) #no debug aaa authorization
AAA authorization tracing enabled
September 2014
CLI Command Reference
Page 220
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
debug arp
Use this command to enable ARP debug protocol messages.
Default
disabled
Format
debug arp
Mode
Privileged EXEC
no debug arp
Use this command to disable ARP debug protocol messages.
no debug arp
Format
Mode
Privileged EXEC
debug clear
This command disables all previously enabled “debug” traces.
Default
disabled
Format
debug clear
Mode
Privileged EXEC
debug console
This command enables the display of “debug” trace output on the login session in which it is executed. Debug
console display must be enabled in order to view any trace output. The output of debug trace commands will
appear on all login sessions for which debug console has been enabled. The configuration of this command
remains in effect for the life of the login session. The effect of this command is not persistent across resets.
Default
disabled
Format
debug console
Mode
Privileged EXEC
no debug console
This command disables the display of “debug” trace output on the login session in which it is executed.
Format
no debug console
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 221
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
debug crashlog
Use this command to view information contained in the crash log file that the system maintains when it
experiences an unexpected reset. The crash log file contains the following information:
• Call stack information in both primitive and verbose forms
• Log Status
• Buffered logging
• Event logging
• Persistent logging
• System Information (output of sysapiMbufDump)
• Message Queue Debug Information
• Memory Debug Information
• Memory Debug Status
• OS Information (output of osapiShowTasks)
• /proc information (meminfo, cpuinfo, interrupts, version and net/sockstat)
Default
disabled
Format
debug crashlog {[kernel] crashlog-number [upload url] | proc | verbose | deleteall}
| data crashdump-number [{{upload url | download url} | component-id [item-numer]
[additional-parameter-1] [additional-parameter-2]...}]
Mode
Privileged EXEC
Parameter
Description
kernel
crashlog-number
View the crash log file for the kernel
Specifies the file number to view. The system maintains up to four copies, and the
valid range is 1–4.”deb
To upload the crash log (or crash dump) to a TFTP server, use the upload keyword and
specify the required TFTP server information.
View the application process crashlog.
Enable the verbose crashlog.
Delete all crash log files on the system.
Crash log data recorder.
Specifies the crash dump number to view. The valid range is 0–2.
To download a crash dump to the switch, use the download keyword and specify the
required TFTP server information.
The ID of the component that caused the crash.
The item number.
Additional parameters to include.
upload url
proc
verbose
deleteall
data
crashdump-number
download url
component-id
item-number
additional-parameter
September 2014
CLI Command Reference
Page 222
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
debug dhcp packet
This command displays debugging information about DHCPv4 client activities and traces DHCPv4 packets to
and from the local DHCPv4 client.
Default
disabled
Format
debug dhcp packet [transmit | receive]
Mode
Privileged EXEC
no debug dhcp
This command disables the display of “debug” trace output for DHCPv4 client activity.
Format
no debug dhcp packet [transmit | receive]
Mode
Privileged EXEC
debug debug-config
Use this command to download or upload the debug-config.ini file. The debug-config.ini file executes CLI
commands (including devshell and drivshell commands) on specific predefined events. The debug config file is
created manually and downloaded to the switch.
Default
disabled
Format
debug debug-config {download <url> | upload <url>}
Mode
Privileged EXEC
debug dot1x packet
Use this command to enable dot1x packet debug trace. Use the optional receive or transmit keywords to
specify whether to enable tracing for received or transmitted dot1x packets.
Default
disabled
Format
debug dot1x [{receive | transmit}]
Mode
Privileged EXEC
no debug dot1x packet
Use this command to disable dot1x packet debug trace.
Format
no debug dot1x
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 223
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
debug igmpsnooping packet
This command enables tracing of IGMP Snooping packets received and transmitted by the switch.
Default
disabled
Format
debug igmpsnooping packet
Mode
Privileged EXEC
no debug igmpsnooping packet
This command disables tracing of IGMP Snooping packets.
Format
no debug igmpsnooping packet
Mode
Privileged EXEC
debug igmpsnooping packet transmit
This command enables tracing of IGMP Snooping packets transmitted by the switch. Snooping should be
enabled on the device and the interface in order to monitor packets for a particular interface.
Default
disabled
Format
debug igmpsnooping packet transmit
Mode
Privileged EXEC
A sample output of the trace message is shown below.
<15> JAN 01 02:45:06 192.168.17.29-1 IGMPSNOOP[185429992]: igmp_snooping_debug.c(116) 908 % Pkt TX
- Intf: 1/0/20(20), Vlan_Id:1 Src_Mac: 00:03:0e:00:00:00 Dest_Mac: 01:00:5e:00:00:01 Src_IP: 9.1.1.1
Dest_IP: 225.0.0.1 Type: V2_Membership_Report Group: 225.0.0.1
The following parameters are displayed in the trace message:
Parameter
Definition
TX
Intf
A packet transmitted by the device.
The interface that the packet went out on. Format used is unit/slot/port (internal interface
number). Unit is always shown as 1 for interfaces on a non-stacking device.
Source MAC address of the packet.
Destination multicast MAC address of the packet.
The source IP address in the IP header in the packet.
The destination multicast IP address in the packet.
Src_Mac
Dest_Mac
Src_IP
Dest_IP
September 2014
CLI Command Reference
Page 224
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
Parameter
Definition
Type
The type of IGMP packet. Type can be one of the following:
• Membership Query – IGMP Membership Query
• V1_Membership_Report – IGMP Version 1 Membership Report
• V2_Membership_Report – IGMP Version 2 Membership Report
• V3_Membership_Report – IGMP Version 3 Membership Report
• V2_Leave_Group – IGMP Version 2 Leave Group
Multicast group address in the IGMP header.
Group
no debug igmpsnooping transmit
This command disables tracing of transmitted IGMP snooping packets.
Format
no debug igmpsnooping transmit
Mode
Privileged EXEC
debug igmpsnooping packet receive
This command enables tracing of IGMP Snooping packets received by the switch. Snooping should be enabled
on the device and the interface in order to monitor packets for a particular interface.
Default
disabled
Format
debug igmpsnooping packet receive
Mode
Privileged EXEC
A sample output of the trace message is shown below.
<15> JAN 01 02:45:06 192.168.17.29-1 IGMPSNOOP[185429992]: igmp_snooping_debug.c(116) 908 % Pkt RX
- Intf: 1/0/20(20), Vlan_Id:1 Src_Mac: 00:03:0e:00:00:10 Dest_Mac: 01:00:5e:00:00:05 Src_IP:
11.1.1.1 Dest_IP: 225.0.0.5 Type: Membership_Query Group: 225.0.0.5
The following parameters are displayed in the trace message:
Parameter
Definition
RX
Intf
A packet received by the device.
The interface that the packet went out on. Format used is unit/slot/port (internal interface
number). Unit is always shown as 1 for interfaces on a non-stacking device.
Source MAC address of the packet.
Destination multicast MAC address of the packet.
The source IP address in the ip header in the packet.
The destination multicast ip address in the packet.
Src_Mac
Dest_Mac
Src_IP
Dest_IP
September 2014
CLI Command Reference
Page 225
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
Parameter
Definition
Type
The type of IGMP packet. Type can be one of the following:
• Membership_Query – IGMP Membership Query
• V1_Membership_Report – IGMP Version 1 Membership Report
• V2_Membership_Report – IGMP Version 2 Membership Report
• V3_Membership_Report – IGMP Version 3 Membership Report
• V2_Leave_Group – IGMP Version 2 Leave Group
Multicast group address in the IGMP header.
Group
no debug igmpsnooping receive
This command disables tracing of received IGMP Snooping packets.
Format
no debug igmpsnooping receive
Mode
Privileged EXEC
debug ip acl
Use this command to enable debug of IP Protocol packets matching the ACL criteria.
Default
disabled
Format
debug ip acl acl Number
Mode
Privileged EXEC
no debug ip acl
Use this command to disable debug of IP Protocol packets matching the ACL criteria.
Format
no debug ip acl acl Number
Mode
Privileged EXEC
debug ip vrrp
Use this command to enable VRRP debug protocol messages.
Default
disabled
Format
debug ip vrrp
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 226
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
no debug ip vrrp
Use this command to disable VRRP debug protocol messages.
Format
no debug ip vrrp
Mode
Privileged EXEC
debug ipv6 dhcp
This command displays “debug” information about DHCPv6 client activities and traces DHCPv6 packets to and
from the local DHCPv6 client.
Default
disabled
Format
debug ipv6 dhcp
Mode
Privileged EXEC
no debug ipv6 dhcp
This command disables the display of “debug” trace output for DHCPv6 client activity.
Format
no debug ipv6 dhcp
Mode
Privileged EXEC
debug isdp packet
This command enables tracing of ISDP packets processed by the switch. ISDP must be enabled on both the
device and the interface in order to monitor packets for a particular interface. Use the optional receive or
transmit keywords to specify whether to enable tracing for received or transmitted packets.
Format
debug isdp packet [{receive | transmit}]
Mode
Privileged EXEC
no debug isdp packet
This command disables tracing of ISDP packets on the receive or the transmit sides or on both sides.
Format
no debug isdp packet [{receive | transmit}]
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 227
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
debug lacp packet
This command enables tracing of LACP packets received and transmitted by the switch.
Default
disabled
Format
debug lacp packet
Mode
Privileged EXEC
A sample output of the trace message is shown below.
<15> JAN 01 14:04:51 10.254.24.31-1 DOT3AD[183697744]: dot3ad_debug.c(385) 58 %%
Pkt TX - Intf: 1/0/1(1), Type: LACP, Sys: 00:11:88:14:62:e1, State: 0x47, Key:
0x36
no debug lacp packet
This command disables tracing of LACP packets.
Format
no debug lacp packet
Mode
Privileged EXEC
debug mldsnooping packet
Use this command to trace MLD snooping packet reception and transmission. Use the optional receive or
transmit keywords to specify whether to enable tracing for received or transmitted packets. When neither
keyword is used in the command, then all MLD snooping packet traces are dumped. Vital information such as
source address, destination address, control packet type, packet length, and the interface on which the packet
is received or transmitted is displayed on the console.
Default
disabled
Format
debug mldsnooping packet [receive | transmit]
Mode
Privileged EXEC
no debug mldsnooping packet
Use this command to disable debug tracing of MLD snooping packet reception and transmission.
September 2014
CLI Command Reference
Page 228
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
debug ospf packet
This command enables tracing of OSPF packets received and transmitted by the switch.
Default
disabled
Format
debug ospf packet
Mode
Privileged EXEC
Sample outputs of the trace messages are shown below.
<15> JAN 02 11:03:31 10.50.50.1-2 OSPF[46300472]: ospf_debug.c(297) 25430 % Pkt RX - Intf:2/0/48 Src
Ip:192.168.50.2 DestIp:224.0.0.5 AreaId:0.0.0.0 Type:HELLO NetMask:255.255.255.0 D
esigRouter:0.0.0.0 Backup:0.0.0.0
<15> JAN 02 11:03:35 10.50.50.1-2 OSPF[46300472]: ospf_debug.c(293) 25431 % Pkt TX - Intf:2/0/48 Src
Ip:10.50.50.1 DestIp:192.168.50.2 AreaId:0.0.0.0 Type:DB_DSCR Mtu:1500 Options:E
Flags: I/M/MS Seq:126166
<15> JAN 02 11:03:36 10.50.50.1-2 OSPF[46300472]: ospf_debug.c(297) 25434 % Pkt RX - Intf:2/0/48 Src
Ip:192.168.50.2 DestIp:192.168.50.1 AreaId:0.0.0.0 Type:LS_REQ Length: 1500
<15> JAN 02 11:03:36 10.50.50.1-2 OSPF[46300472]: ospf_debug.c(293) 25435 % Pkt TX - Intf:2/0/48 Src
Ip:10.50.50.1 DestIp:192.168.50.2 AreaId:0.0.0.0 Type:LS_UPD Length: 1500
<15> JAN 02 11:03:37 10.50.50.1-2 OSPF[46300472]: ospf_debug.c(293) 25441 % Pkt TX - Intf:2/0/48 Src
Ip:10.50.50.1 DestIp:224.0.0.6 AreaId:0.0.0.0 Type:LS_ACK Length: 1500
The following parameters are displayed in the trace message:
Parameter
Definition
TX/RX
Intf
TX refers to a packet transmitted by the device. RX refers to packets received by the device.
The interface that the packet came in or went out on. Format used is unit/slot/port
(internal interface number).
The source IP address in the IP header of the packet.
The destination IP address in the IP header of the packet.
The area ID in the OSPF header of the packet.
Could be one of the following:
HELLO – Hello packet
DB_DSCR – Database descriptor
LS_REQ – LS Request
LS_UPD – LS Update
LS_ACK – LS Acknowledge
SrcIp
DestIp
AreaId
Type
The remaining fields in the trace are specific to the type of OSPF Packet.
September 2014
CLI Command Reference
Page 229
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
HELLO packet field definitions:
Parameter
Definition
Netmask
DesignRouter
Backup
The netmask in the hello packet.
Designated Router IP address.
Backup router IP address.
DB_DSCR packet field definitions:
Field
Definition
MTU
Options
Flags
MTU
Options in the OSPF packet.
Could be one or more of the following:
• I – Init
• M – More
• MS – Master/Slave
Sequence Number of the DD packet.
Seq
LS_REQ packet field definitions.
Field
Definition
Length
Length of packet
LS_UPD packet field definitions.
Field
Definition
Length
Length of packet
LS_ACK packet field definitions.
Field
Definition
Length
Length of packet
no debug ospf packet
This command disables tracing of OSPF packets.
Format
no debug ospf packet
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 230
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
debug ping packet
This command enables tracing of ICMP echo requests and responses. The command traces pings on the
network port/ service port for switching packages. For routing packages, pings are traced on the routing ports
as well.
Default
disabled
Format
debug ping packet
Mode
Privileged EXEC
A sample output of the trace message is shown below.
<15> JAN 01 00:21:22 192.168.17.29-1 SIM[181040176]: sim_debug.c(128) 20 % Pkt TX - Intf: 1/0/1(1),
SRC_IP:10.50.50.2, DEST_IP:10.50.50.1, Type:ECHO_REQUEST
<15> JAN 01 00:21:22 192.168.17.29-1 SIM[182813968]: sim_debug.c(82) 21 % Pkt RX - Intf: 1/0/1(1), S
RC_IP:10.50.50.1, DEST_IP:10.50.50.2, Type:ECHO_REPLY
The following parameters are displayed in the trace message:
Parameter
Definition
TX/RX
Intf
TX refers to a packet transmitted by the device. RX refers to packets received by the device.
The interface that the packet came in or went out on. Format used is unit/slot/port
(internal interface number). Unit is always shown as 1 for interfaces on a non-stacking
device.
The source IP address in the IP header in the packet.
The destination IP address in the IP header in the packet.
Type determines whether or not the ICMP message is a REQUEST or a RESPONSE.
SRC_IP
DEST_IP
Type
no debug ping packet
This command disables tracing of ICMP echo requests and responses.
no debug ping packet
Format
Mode
Privileged EXEC
debug rip packet
This command turns on tracing of RIP requests and responses. This command takes no options. The output is
directed to the log file.
Default
disabled
Format
debug rip packet
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 231
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
A sample output of the trace message is shown below.
<15> JAN 01 00:35:15 192.168.17.29-1 RIP[181783160]: rip_map_debug.c(96) 775 %
Pkt RX on Intf: 1/0/1(1), Src_IP:43.1.1.1 Dest_IP:43.1.1.2
Rip_Version: RIPv2 Packet_Type:RIP_RESPONSE
ROUTE 1): Network: 10.1.1.0 Mask: 255.255.255.0 Metric: 1
ROUTE 2): Network: 40.1.0.0 Mask: 255.255.0.0 Metric: 1
ROUTE 3): Network: 10.50.50.0 Mask: 255.255.255.0 Metric: 1
ROUTE 4): Network: 41.1.0.0 Mask: 255.255.0.0 Metric: 1
ROUTE 5): Network:42.0.0.0 Mask:255.0.0.0 Metric:1
Another 6 routes present in packet not displayed.
The following parameters are displayed in the trace message:
Parameter
Definition
TX/RX
Intf
TX refers to a packet transmitted by the device. RX refers to packets received by the device.
The interface that the packet came in or went out on. Format used is unit/slot/port
(internal interface number). Unit is always shown as 1 for interfaces on a non-stacking
device.
Src_IP
The source IP address in the IP header of the packet.
Dest_IP
The destination IP address in the IP header of the packet.
Rip_Version
RIP version used: RIPv1 or RIPv2.
Packet_Type
Type of RIP packet: RIP_REQUEST or RIP_RESPONSE.
Routes
Up to 5 routes in the packet are displayed in the following format:
Network: a.b.c.d Mask a.b.c.d Next_Hop a.b.c.d Metric a
The next hop is only displayed if it is different from 0.0.0.0.
For RIPv1 packets, Mask is always 0.0.0.0.
Number of routes Only the first five routes present in the packet are included in the trace. There is another
not printed
notification of the number of additional routes present in the packet that were not
included in the trace.
no debug rip packet
This command disables tracing of RIP requests and responses.
Format
no debug rip packet
Mode
Privileged EXEC
debug sflow packet
Use this command to enable sFlow debug packet trace.
Default
disabled
Format
debug sflow packet
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 232
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
no debug sflow packet
Use this command to disable sFlow debug packet trace.
Format
no debug sflow packet
Mode
Privileged EXEC
debug spanning-tree bpdu
This command enables tracing of spanning tree BPDUs received and transmitted by the switch.
Default
disabled
Format
debug spanning-tree bpdu
Mode
Privileged EXEC
no debug spanning-tree bpdu
This command disables tracing of spanning tree BPDUs.
no debug spanning-tree bpdu
Format
Mode
Privileged EXEC
debug spanning-tree bpdu receive
This command enables tracing of spanning tree BPDUs received by the switch. Spanning tree should be enabled
on the device and on the interface in order to monitor packets for a particular interface.
Default
disabled
Format
debug spanning-tree bpdu receive
Mode
Privileged EXEC
A sample output of the trace message is shown below.
<15> JAN 01 01:02:04 192.168.17.29-1 DOT1S[191096896]: dot1s_debug.c(1249) 101 % Pkt RX - Intf: 1/
0/9(9), Source_Mac: 00:11:88:4e:c2:10 Version: 3, Root Mac: 00:11:88:4e:c2:00, Root Priority: 0x8000
Path Cost: 0
The following parameters are displayed in the trace message:
Parameter
Definition
RX
Intf
A packet received by the device.
The interface that the packet came in on. Format used is unit/port/slot (internal interface
number). Unit is always shown as 1 for interfaces on a non-stacking device.
Source MAC address of the packet.
Spanning tree protocol version (0-3). 0 refers to STP, 2 RSTP and 3 MSTP.
Source_Mac
Version
September 2014
CLI Command Reference
Page 233
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
Parameter
Definition
Root_Mac
Root_Priority
MAC address of the CIST root bridge.
Priority of the CIST root bridge. The value is between 0 and 61440. It is displayed in hex in
multiples of 4096.
External root path cost component of the BPDU.
Path_Cost
no debug spanning-tree bpdu receive
This command disables tracing of received spanning tree BPDUs.
Format
no debug spanning-tree bpdu receive
Mode
Privileged EXEC
debug spanning-tree bpdu transmit
This command enables tracing of spanning tree BPDUs transmitted by the switch. Spanning tree should be
enabled on the device and on the interface in order to monitor packets on a particular interface.
Default
disabled
Format
debug spanning-tree bpdu transmit
Mode
Privileged EXEC
A sample output of the trace message is shown below.
<15> JAN 01 01:02:04 192.168.17.29-1 DOT1S[191096896]: dot1s_debug.c(1249) 101 % Pkt TX - Intf: 1/
0/7(7), Source_Mac: 00:11:88:4e:c2:00 Version: 3, Root_Mac: 00:11:88:4e:c2:00, Root_Priority: 0x8000
Path_Cost: 0
The following parameters are displayed in the trace message:
Parameter
Definition
TX
Intf
A packet transmitted by the device.
The interface that the packet went out on. Format used is unit/port/slot (internal interface
number). Unit is always shown as 1 for interfaces on a non-stacking device.
Source MAC address of the packet.
Spanning tree protocol version (0-3). 0 refers to STP, 2 RSTP and 3 MSTP.
MAC address of the CIST root bridge.
Priority of the CIST root bridge. The value is between 0 and 61440. It is displayed in hex in
multiples of 4096.
External root path cost component of the BPDU.
Source_Mac
Version
Root_Mac
Root_Priority
Path_Cost
September 2014
CLI Command Reference
Page 234
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
no debug spanning-tree bpdu transmit
This command disables tracing of transmitted spanning tree BPDUs.
Format
no debug spanning-tree bpdu transmit
Mode
Privileged EXEC
debug tacacs
Use the debug tacacs packet command to turn on TACACS+ debugging.
Format
debug tacacs {packet | accounting | authorization | authentication}
Mode
Global Config
Parameter
Description
packet
accounting
authorization
authentication
Turn on TACACS+ packet debugs.
Turn on TACACS+ accounting debugging.
Turn on TACACS+ authorization
Turn on TACACS+ authentication debugging.
debug transfer
This command enables debugging for file transfers.
Format
debug transfer
Mode
Privileged EXEC
no debug transfer
This command disables debugging for file transfers.
Format
no debug transfer
Mode
Privileged EXEC
debug udld events
This command enables debugging for the UDLD events.
Default
Disabled
Format
debug udld events
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 235
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
no debug udld events
This command disables debugging for UDLD events.
Format
no debug udld events
Mode
Privileged EXEC
debug udld packet receive
This command enables debugging on the received UDLD PDUs.
Default
Disabled
Format
debug udld packet receive
Mode
Privileged EXEC
no debug udld receive
This command disables debugging on the received UDLD PDUs.
Format
no debug udld receive
Mode
Privileged EXEC
debug udld packet transmit
This command enables debugging on the transmitted UDLD PDUs.
Default
Disabled
Format
debug udld packet transmit
Mode
Privileged EXEC
no debug udld transmit
This command disables debugging for transmitted UDLD PDU.
Format
no debug udld transmit
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 236
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
show debugging
Use the show debugging command to display enabled packet tracing configurations.
Format
show debugging
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
console# debug arp
Arp packet tracing enabled.
console# show debugging
Arp packet tracing enabled.
no show debugging
Use the no show debugging command to disable packet tracing configurations.
Format
no show debugging
Mode
Privileged EXEC
exception protocol
Use this command to specify the protocol used to store the core dump file.
Default
None
Format
exception protocol {tftp | none}
Mode
Global Config
no exception protocol
Use this command to reset the exception protocol configuration to its factory default value.
Format
no exception protocol
Mode
Global Config
exception dump tftp-server
Use this command to configure the IP address of a remote TFTP server in order to dump core files to an external
server.
Default
None
Format
exception dump tftp-server {ip-address}
Mode
Global Config
September 2014
CLI Command Reference
Page 237
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
no exception dump tftp-server
Use this command to reset the exception dump remote server configuration to its factory default value.
Format
no exception dump tftp-server
Mode
Global Config
exception dump filepath
Use this command to configure a file-path to dump core file to a TFTP server, NFS mount or USB device
subdirectory.
Default
None
Format
exception dump
Mode
Global Config
filepath dir
no exception dump filepath
Use this command to reset the exception dump filepath configuration to its factory default value.
Format
exception dump
Mode
Global Config
filepath
exception core-file
Use this command to configure a prefix for a core-file name. The core file name is generated with the prefix as
follows:
If hostname is selected:
file-name-prefix_hostname_Time_Stamp.bin
If hostname is not selected:
file-name-prefix_MAC_Address_Time_Stamp.bin
If hostname is configured the core file name takes the hostname, otherwise the core-file names uses the MAC
address when generating a core dump file. The prefix length is 15 characters.
Default
Core
Format
exception core-file {file-name-prefix | [hostname] | [time-stamp]}
Mode
Global Config
September 2014
CLI Command Reference
Page 238
HP Moonshot Switch Module CLI Command Reference
Serviceability Packet Tracing Commands
no exception core-file
Use this command to reset the exception core file prefix configuration to its factory default value. The
hostname and time-stamp are disabled.
Format
no exception core-file
Mode
Global Config
exception switch-chip-register
This command enables or disables the switch-chip-register dump in case of an exception. The switch-chipregister dump is taken only for a master unit and not for member units
Default
Disable
Format
exception switch-chip-register {enable | disable}
Mode
Global Config
write core
Use the write core command to generate a core dump file on demand. The write core test command is
helpful when testing the core dump setup. For example, if the TFTP protocol is configured, write core test
communicates with the TFTP server and informs the user if the TFTP server can be contacted. Similarly, if
protocol is configured as nfs, this command mounts and unmounts the file system and informs the user of the
status.
Note: write core reloads the switch which is useful when the device malfunctions, but has not
crashed.
For write core test, the destination file name is used for the TFTP test. Optionally, you can specify the
destination file name when the protocol is configured as TFTP.
Default
None
Format
write core test [dest_file_name]]
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 239
Serviceability Packet Tracing Commands
HP Moonshot Switch Module CLI Command Reference
show exception
Use this command to display the configuration parameters for generating a core dump file.
Default
None
Format
show exception
Mode
Privileged EXEC
Example: The following shows an example of this command.
(Routing) #show exception
Coredump file name.............................
Coredump filename uses hostname................
Coredump filename uses time-stamp..............
TFTP server IP.................................
File path......................................
Protocol.......................................
Switch-chip-register...........................
core
FALSE
TRUE
./.
none
FALSE
session start unit
Use this command to initiate a console session from the stack master to another unit in the stack. During the
session, troubleshooting and debugging commands can be issued on the stack master, and the output displays
the relevant information from the member unit specified in the session. The unit-number range is 1–2.
Default
Disable
Format
session start unit unit-number
Mode
Global Config
September 2014
CLI Command Reference
Page 240
HP Moonshot Switch Module CLI Command Reference
Support Mode Commands
Support Mode Commands
Support mode is hidden and available when the techsupport enable command is executed. techsupport mode
is disabled by default. Configurations related to support mode are shown in the show tech-support command.
They can be persisted by using the command save in support mode. Support configurations are stored in a
separate binary config file, which cannot be uploaded or downloaded.
techsupport enable
Use this command to allow access to Support mode.
Default
Disabled
Format
techsupport enable
Mode
Privileged Exec
console
Use this command to enable the display of support debug for this session.
Default
Disabled
Format
console
Mode
Support
save
Use this command to save the trace configuration to non-volatile storage.
Format
save
Mode
Support
snapshot ospf
Use this command in Support mode to dump a set of OSPF debug information to capture the current state of
OSPF. The output is written to the console and can be extensive
Format
snapshot ospf
Mode
Support mode
September 2014
CLI Command Reference
Page 241
HP Moonshot Switch Module CLI Command Reference
Support Mode Commands
snapshot routing
Use this command in Support mode to dump a set of routing debug information to capture the current state
of routing on the switch. The output is written to the console and can be extensive.
Format
snapshot routing
Mode
Support
snapshot system
Use this command in Support mode to dump a set of system debug information to capture the current state of
the device. The output is written to the console and can be extensive.
Format
snapshot multicast
Mode
Support
telnetd
Use this command in Support mode to start or stop the Telnet daemon on the switch.
Format
telnetd {start | stop}
Mode
Support
September 2014
CLI Command Reference
Page 242
HP Moonshot Switch Module CLI Command Reference
sFlow Commands
sFlow Commands
sFlow® is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into
network equipment and gives complete visibility into network activity, enabling effective management and
control of network resources.
sflow receiver
Use this command to configure the sFlow collector parameters (owner string, receiver timeout, max datagram
size, IP address, and port).
Format
sflow receiver rcvr_idx {owner owner-string timeout rcvr_timeout | max datagram size
| ip ip | port port}
Mode
Global Config
Parameter
Description
Receiver Owner
The identity string for the receiver, the entity making use of this sFlowRcvrTable entry. The
range is 127 characters. The default is a null string. The empty string indicates that the entry
is currently unclaimed and the receiver configuration is reset to the default values. An
entity wishing to claim an sFlowRcvrTable entry must ensure that the entry is unclaimed
before trying to claim it. The entry is claimed by setting the owner string to a non-null value.
The entry must be claimed before assigning a receiver to a sampler or poller.
Receiver Timeout The time, in seconds, remaining before the sampler or poller is released and stops sending
samples to receiver. A management entity wanting to maintain control of the sampler is
responsible for setting a new value before the old one expires. The allowed range is 02147483647 seconds. The default is zero (0).
No Timeout
The configured entry will be in the config until you explicitly removes the entry.
Receiver Max
The maximum number of data bytes that can be sent in a single sample datagram. The
Datagram Size
management entity should set this value to avoid fragmentation of the sFlow datagrams.
The allowed range is 200 to 9116). The default is 1400.
Receiver IP
The sFlow receiver IP address. If set to 0.0.0.0, no sFlow datagrams will be sent. The default
is 0.0.0.0.
Receiver Port
The destination Layer4 UDP port for sFlow datagrams. The range is 1-65535. The default is
6343.
no sflow receiver
Use this command to set the sFlow collector parameters back to the defaults.
Format
no sflow receiver indx {ip ip-address | maxdatagram size | owner string timeout
interval | port 14-port}
Mode
Global Config
September 2014
CLI Command Reference
Page 243
sFlow Commands
HP Moonshot Switch Module CLI Command Reference
sflow receiver owner notimeout
Use this command to configure a receiver as a non-timeout entry. Unlike entries configured with a specific
timeout value, this command will be shown in show running-config and retained after reboot. As the sFlow
receiver is configured as a non-timeout entry, information related to sampler and pollers will also be shown in
the running-config and will be retained after reboot.
If a receiver is configured with a specific value, these configurations will not be shown in running-config.
Samplers and pollers information related to this receiver will also not be shown in running-config.
Format
sflow receiver index owner owner-string notimeout
Mode
Global Config
Field
Description
index
Receiver Owner
Receiver index identifier. The range is 1 to 8.
The owner name corresponds to the receiver name. The identity string for the receiver, the
entity making use of this sFlowRcvrTable entry. The range is 127 characters. The default is
a null string. The empty string indicates that the entry is currently unclaimed and the
receiver configuration is reset to the default values. An entity wishing to claim an
sFlowRcvrTable entry must ensure that the entry is unclaimed before trying to claim it. The
entry is claimed by setting the owner string to a non-null value. The entry must be claimed
before assigning a receiver to a sampler or poller.
sflow sampler
A data source configured to collect flow samples is called a poller. Use this command to configure a new sFlow
sampler instance on an interface or range of interfaces for this data source if rcvr_idx is valid.
Format
sflow sampler {rcvr-indx | rate sampling-rate | maxheadersize size}
Mode
Interface Config
Field
Description
Receiver Index
The sFlow Receiver for this sFlow sampler to which flow samples are to be sent. A value of
zero (0) means that no receiver is configured, no packets will be sampled. Only active
receivers can be set. If a receiver expires, then all samplers associated with the receiver will
also expire. Possible values are 1-8. The default is 0.
The maximum number of bytes that should be copied from the sampler packet. The range
is 20-256. The default is 128. When set to zero (0), all the sampler parameters are set to
their corresponding default value.
The statistical sampling rate for packet sampling from this source. A sampling rate of 1
counts all packets. A value of zero (0) disables sampling. A value of N means that out of N
incoming packets, 1 packet will be sampled. The range is 1024-65536 and 0. The default is
0.
Maxheadersize
Sampling Rate
September 2014
CLI Command Reference
Page 244
HP Moonshot Switch Module CLI Command Reference
sFlow Commands
no sflow sampler
Use this command to reset the sFlow sampler instance to the default settings.
Format
no sflow sampler {rcvr-indx | rate sampling-rate | maxheadersize size}
Mode
Interface Config
sflow poller
A data source configured to collect counter samples is called a poller. Use this command to enable a new sFlow
poller instance on an interface or range of interfaces for this data source if rcvr_idx is valid.
Format
sflow poller {rcvr-indx | interval poll-interval}
Mode
Interface Config
Field
Description
Receiver Index
Enter the sFlow Receiver associated with the sampler/poller. A value of zero (0) means that
no receiver is configured. The range is 1-8. The default is 0.
Enter the sFlow instance polling interval. A poll interval of zero (0) disables counter
sampling. When set to zero (0), all the poller parameters are set to their corresponding
default value. The range is 0-86400. The default is 0. A value of N means once in N seconds
a counter sample is generated.
Poll Interval
no sflow poller
Use this command to reset the sFlow poller instance to the default settings.
Format
no sflow poller [interval]
Mode
Interface Config
sflow source-interface
Use this command to specify the physical or logical interface to use as the sFlow client source interface. If
configured, the address of source Interface is used for all sFlow communications between the sFlow receiver
and the sFlow client. Otherwise there is no change in behavior. If the configured interface is down, the sFlow
client falls back to normal behavior.
Format
sflow source-interface {unit/slot/port | loopback loopback-id | vlan vlan-id}
Mode
Global Config
September 2014
CLI Command Reference
Page 245
HP Moonshot Switch Module CLI Command Reference
sFlow Commands
Parameter
Description
unit/slot/port
loopback-id
VLAN or port-based routing interface.
Configures the loopback interface to use as the source IP address. The range of the
loopback ID is 0 to 7.
Configures the VLAN interface to use as the source IP address. The range of the VLAN ID is
1 to 4093.
vlan-id
no sflow source-interface
Use this command to reset the sFlow source interface to the default settings.
Format
no sflow source-interface
Mode
Global Config
show sflow agent
The sFlow agent collects time-based sampling of network interface statistics and flow-based samples. These
are sent to the configured sFlow receivers. Use this command to display the sFlow agent information.
Format
show sflow agent
Mode
Privileged EXEC
Field
Description
sFlow Version
Uniquely identifies the version and implementation of this MIB. The version string must
have the following structure: MIB Version; Organization; Software Revision where:
• MIB Version: 1.3, the version of this MIB.
• Organization: HP.
• Revision: 1.0
The IP address associated with this agent.
IP Address
Example: The following shows example CLI display output for the command.
(Routing) #show sflow agent
sFlow Version.................................. 1.3;HP;8.6.5.4
IP Address..................................... 10.27.22.133
September 2014
CLI Command Reference
Page 246
sFlow Commands
HP Moonshot Switch Module CLI Command Reference
show sflow pollers
Use this command to display the sFlow polling instances created on the switch. Use “-” for range.
Format
show sflow pollers
Mode
Privileged EXEC
Field
Description
Poller Data Source
The sFlowDataSource (slot/port) for this sFlow sampler. This agent will support
Physical ports only.
The sFlowReceiver associated with this sFlow counter poller.
The number of seconds between successive samples of the counters associated
with this data source.
Receiver Index
Poller Interval
show sflow receivers
Use this command to display configuration information related to the sFlow receivers.
Format
show sflow receivers [index]
Mode
Privileged EXEC
Parameter
Description
Receiver Index
Owner String
Time Out
The sFlow Receiver associated with the sampler/poller.
The identity string for receiver, the entity making use of this sFlowRcvrTable entry.
The time (in seconds) remaining before the receiver is released and stops sending
samples to sFlow receiver. The no timeout value of this parameter means that the
sFlow receiver is configured as a non-timeout entry.
The maximum number of bytes that can be sent in a single sFlow datagram.
The destination Layer4 UDP port for sFlow datagrams.
The sFlow receiver IP address.
The sFlow receiver IP address type. For an IPv4 address, the value is 1 and for an IPv6
address, the value is 2.
The sFlow protocol version to be used while sending samples to sFlow receiver.
Max Datagram Size
Port
IP Address
Address Type
Datagram Version
Example: The following shows example CLI display output for the show sflow receivers command.
(Routing) #show sflow receivers 1
Receiver Index.................................
Owner String...................................
Time out.......................................
IP Address:....................................
Address Type...................................
September 2014
1
tulasi
0
0.0.0.0
1
CLI Command Reference
Page 247
sFlow Commands
HP Moonshot Switch Module CLI Command Reference
Port........................................... 6343
Datagram Version............................... 5
Maximum Datagram Size.......................... 1400
Example: The following examples show CLI display output for the command when a receiver is configured
as a non-timeout entry.
(Routing) #show sflow receivers
Rcvr
Indx
---1
2
3
4
5
6
7
8
Owner
Timeout
String
-------------------------------- ---------tulasi
No Timeout
0
0
0
0
0
0
0
Max Dgram
Size
--------1400
1400
1400
1400
1400
1400
1400
1400
Port
IP Address
----6343
6343
6343
6343
6343
6343
6343
6343
--------------0.0.0.0 <= No Timeout string
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
0.0.0.0
(Routing) #show sflow receivers 1
Receiver Index.................................
Owner String...................................
Time out.......................................
IP Address:....................................
Address Type...................................
Port...........................................
Datagram Version...............................
Maximum Datagram Size..........................
1
tulasi
No Timeout
0.0.0.0
1
6343
5
1400
<= No Timeout string is added
show sflow samplers
Use this command to display the sFlow sampling instances created on the switch.
Format
show sflow samplers
Mode
Privileged EXEC
Field
Description
Sampler Data Source
The sFlowDataSource (slot/port) for this sFlow sampler. This agent will support
Physical ports only.
The sFlowReceiver configured for this sFlow sampler.
The statistical sampling rate for packet sampling from this source.
The maximum number of bytes that should be copied from a sampled packet to
form a flow sample.
Receiver Index
Packet Sampling Rate
Max Header Size
September 2014
CLI Command Reference
Page 248
HP Moonshot Switch Module CLI Command Reference
sFlow Commands
show sflow source-interface
Use this command to display the sFlow source interface configured on the switch.
Format
show sflow source-interface
Mode
Privileged EXEC
Field
Description
sFlow Client Source
Interface
sFlow Client Source IPv4
Address
The interface ID of the physical or logical interface configured as the sFlow client
source interface.
The IP address of the interface configured as the sFlow client source interface.
Example: The following shows example CLI display output for the command.
(Routing) #show sflow source-interface
sFlow Client Source Interface.................. (not configured)
September 2014
CLI Command Reference
Page 249
HP Moonshot Switch Module CLI Command Reference
Switch Database Management Template Commands
Switch Database Management Template Commands
A Switch Database Management (SDM) template is a description of the maximum resources a switch or router
can use for various features. Different SDM templates allow different combinations of scaling factors, enabling
different allocations of resources depending on how the device is used. In other words, SDM templates enable
you to reallocate system resources to support a different mix of features based on your network requirements.
Note: If you attach a unit to a stack and its template does not match the stack's template, then the
new unit will automatically reboot using the template used by other stack members. To avoid the
automatic reboot, you may first set the template to the template used by existing members of the
stack. Then power off the new unit, attach it to the stack, and power it on.
sdm prefer
Use this command to change the template that will be active after the next reboot. The keywords are as
follows:
• ipv4-routing—filters subsequent template choices to those that support IPv4. The default IPv4-only
template maximizes the number of IPv4 unicast routes, while limiting the number of ECMP next hops in
each route to 4. The data-center default template supports increases the number of ECMP next hops to 32
and reduces the number of routes. The data center plus template increases the number of ECMP next
hops to 32 while keeping the maximum IPv4 and IPv6 routes.
Note: After setting the template, you must reboot in order for the configuration change to take effect.
Default
dual IPv4 and IPv6 template
Format
sdm prefer ipv4-routing default [plus]
Mode
Global Config
no sdm prefer
Use this command to revert to the default template after the next reboot.
no sdm prefer
Format
Mode
September 2014
Global Config
CLI Command Reference
Page 250
Switch Database Management Template Commands
HP Moonshot Switch Module CLI Command Reference
show sdm prefer
Use this command to view the currently active SDM template and its scaling parameters, or to view the scaling
parameters for an inactive template. When invoked with no optional keywords, this command lists the
currently active template and the template that will become active on the next reboot, if it is different from
the currently active template. If the system boots with a non-default template, and you clear the template
configuration, either using no sdm prefer or by deleting the startup configuration, show sdm prefer lists the
default template as the next active template. To list the scaling parameters of a specific template, use that
template’s keyword as an argument to the command.
Use the optional keywords to list the scaling parameters of a specific template.
Format
show sdm prefer [ipv4-routing default]
Mode
Privileged EXEC
Field
Description
ARP Entries
The maximum number of entries in the IPv4 Address Resolution Protocol (ARP)
cache for routing interfaces.
The maximum number of IPv4 unicast forwarding table entries.
The maximum number of IPv6 Neighbor Discovery Protocol (NDP) cache entries.
The maximum number of IPv6 unicast forwarding table entries.
The maximum number of next hops that can be installed in the IPv4 and IPv6
unicast forwarding tables.
The maximum number of IPv4 multicast forwarding table entries.
The maximum number of IPv6 multicast forwarding table entries.
IPv4 Unicast Routes
IPv6 NDP Entries
IPv6 Unicast Routes
ECMP Next Hops
IPv4 Multicast Routes
IPv6 Multicast Routes
Example: This example shows the current SDM template. The user has not changed the next active SDM
template.
(Routing) #show sdm prefer
The current template is the IPv4-routing Default template.
ARP Entries....................................
IPv4 Unicast Routes............................
IPv6 NDP Entries...............................
IPv6 Unicast Routes............................
ECMP Next Hops.................................
IPv4 Multicast Routes..........................
IPv6 Multicast Routes..........................
September 2014
6144
12288
0
0
4
0
0
CLI Command Reference
Page 251
HP Moonshot Switch Module CLI Command Reference
Remote Monitoring Commands
Remote Monitoring Commands
Remote Monitoring (RMON) is a method of collecting a variety of data about network traffic. RMON supports
64-bit counters (RFC 3273) and High Capacity Alarm Table (RFC 3434).
Note: There is no configuration command for ether stats and high capacity ether stats. The data
source for ether stats and high capacity ether stats are configured during initialization.
rmon alarm
This command sets the RMON alarm entry in the RMON alarm MIB group.
Format
rmon alarm alarm number variable sample interval {absolute|delta} rising-threshold
value [rising-event-index] falling-threshold value [falling-event-index] [startup
{rising|falling|rising-falling}] [owner string]
Mode
Global Config
Parameter
Description
Alarm Index
An index that uniquely identifies an entry in the alarm table. Each entry defines a diagnostic
sample at a particular interval for an object on the device. The range is 1 to 65535.
The object identifier of the particular variable to be sampled. Only variables that resolve to
an ASN.1 primitive type of integer.
The interval in seconds over which the data is sampled and compared with the rising and
falling thresholds. The range is 1 to 2147483647. The default is 1.
The value of the statistic during the last sampling period. This object is a read-only, 32-bit
signed value.
The rising threshold for the sample statistics. The range is –2147483648 to 2147483647.
The default is 1.
The index of the eventEntry that is used when a rising threshold is crossed. The range is 1
to 65535. The default is 1.
The falling threshold for the sample statistics. The range is –2147483648 to 2147483647.
The default is 1.
The index of the eventEntry that is used when a falling threshold is crossed. The range is 1
to 65535. The default is 2.
The alarm that may be sent. Possible values are rising, falling or both rising-falling. The
default is rising-falling.
The owner string associated with the alarm entry. The default is monitorAlarm.
Alarm Variable
Alarm Interval
Alarm Absolute
Value
Alarm Rising
Threshold
Alarm Rising
Event Index
Alarm Falling
Threshold
Alarm Falling
Event Index
Alarm Startup
Alarm
Alarm Owner
Example: The following shows an example of the command.
(Routing) (Config)# rmon alarm 1 ifInErrors.2 30 absolute rising-threshold 100 1 falling-threshold
10 2 startup rising owner myOwner
September 2014
CLI Command Reference
Page 252
HP Moonshot Switch Module CLI Command Reference
Remote Monitoring Commands
no rmon alarm
This command deletes the RMON alarm entry.
Format
no rmon alarm alarm number
Mode
Global Config
Example: The following shows an example of the command.
(Routing) (Config)# no rmon alarm 1
rmon hcalarm
This command sets the RMON hcalarm entry in the High Capacity RMON alarm MIB group.
Format
rmon hcalarm alarm number variable sample interval {absolute|delta} rising-threshold
high value low value status {positive|negative} [rising-event-index] fallingthreshold high value low value status {positive|negative} [falling-event-index]
[startup {rising|falling|rising-falling}] [owner string]
Mode
Global Config
Parameter
Description
High Capacity Alarm
Index
High Capacity Alarm
Variable
High Capacity Alarm
Interval
High Capacity Alarm
Sample Type
An arbitrary integer index value used to uniquely identify the high capacity alarm
entry. The range is 1 to 65535.
The object identifier of the particular variable to be sampled. Only variables that
resolve to an ASN.1 primitive type of integer.
The interval in seconds over which the data is sampled and compared with the rising
and falling thresholds. The range is 1 to 2147483647. The default is 1.
The method of sampling the selected variable and calculating the value to be
compared against the thresholds. Possible types are Absolute Value or Delta Value.
The default is Absolute Value.
The absolute value (that is, the unsigned value) of the hcAlarmVariable statistic
during the last sampling period. The value during the current sampling period is not
made available until the period is complete. This object is a 64-bit unsigned value
that is Read-Only.
This object indicates the validity and sign of the data for the high capacity alarm
absolute value object (hcAlarmAbsValueobject). Possible status types are
valueNotAvailable, valuePositive, or valueNegative. The default is
valueNotAvailable.
High capacity alarm startup alarm that may be sent. Possible values are rising,
falling, or rising-falling. The default is rising-falling.
The lower 32 bits of the absolute value for threshold for the sampled statistic. The
range is 0 to 4294967295. The default is 1.
High Capacity Alarm
Absolute Value
High Capacity Alarm
Absolute Alarm Status
High Capacity Alarm
Startup Alarm
High Capacity Alarm
Rising-Threshold
Absolute Value Low
September 2014
CLI Command Reference
Page 253
HP Moonshot Switch Module CLI Command Reference
Remote Monitoring Commands
Parameter
Description
High Capacity Alarm
Rising-Threshold
Absolute Value High
High Capacity Alarm
Rising-Threshold Value
Status
The upper 32 bits of the absolute value for threshold for the sampled statistic. The
range is 0 to 4294967295. The default is 0.
High Capacity Alarm
Falling-Threshold
Absolute Value Low
High Capacity Alarm
Falling-Threshold
Absolute Value High
This object indicates the sign of the data for the rising threshold, as defined by the
objects hcAlarmRisingThresAbsValueLow and hcAlarmRisingThresAbsValueHigh.
Possible values are valueNotAvailable, valuePositive, or valueNegative. The
default is valuePositive.
The lower 32 bits of the absolute value for threshold for the sampled statistic. The
range is 0 to 4294967295. The default is 1.
The upper 32 bits of the absolute value for threshold for the sampled statistic. The
range is 0 to 4294967295. The default is 0.
High Capacity Alarm
This object indicates the sign of the data for the falling threshold, as defined by the
Falling-Threshold Value objects hcAlarmFallingThresAbsValueLow and hcAlarmFallingThresAbsValueHigh.
Status
Possible values are valueNotAvailable, valuePositive, or valueNegative. The
default is valuePositive.
High Capacity Alarm
The index of the eventEntry that is used when a rising threshold is crossed. The
Rising Event Index
range is 1 to 65535. The default is 1.
High Capacity Alarm
The index of the eventEntry that is used when a falling threshold is crossed. The
Falling Event Index
range is 1 to 65535. The default is 2.
High Capacity Alarm
The number of times the associated hcAlarmVariable instance was polled on behalf
Failed Attempts
of the hcAlarmEntry (while in the active state) and the value was not available. This
object is a 32-bit counter value that is read-only.
High Capacity Alarm
The owner string associated with the alarm entry. The default is monitorHCAlarm.
Owner
High Capacity Alarm
The type of non-volatile storage configured for this entry. This object is read-only.
Storage Type
The default is volatile.
Example: The following shows an example of the command.
(Routing) (Config)# rmon hcalarm 1 ifInOctets.1 30 absolute rising-threshold high 1 low 100 status
positive 1 falling-threshold high 1 low 10 status positive startup rising owner myOwner
no rmon hcalarm
This command deletes the rmon hcalarm entry.
Format
no rmon hcalarm alarm number
Mode
Global Config
Example: The following shows an example of the command.
(Routing) (Config)# no rmon hcalarm 1
September 2014
CLI Command Reference
Page 254
HP Moonshot Switch Module CLI Command Reference
Remote Monitoring Commands
rmon event
This command sets the RMON event entry in the RMON event MIB group.
Format
rmon event event number [description string|log|owner string|trap community]
Mode
Global Config
Parameter
Description
Event Number
An index that uniquely identifies an entry in the event table. Each such entry defines one
event that is to be generated when the appropriate conditions occur. The range is 1 to
65535.
Event Description A comment describing the event entry. The default is alarmEvent.
Event Log
Use this keyword to generate an RMON log when the event occurs.
Owner
Owner string associated with the entry. The default is monitorEvent.
Trap Community The SNMP community specific by this octet string which is used to send an SNMP trap. The
default is public.
Example: The following shows an example of the command.
(Routing) (Config)# rmon event 1 log description test
no rmon event
This command deletes the rmon event entry.
Format
no rmon event event number
Mode
Global Config
Example: The following shows an example of the command.
(Routing) (Config)# no rmon event 1
September 2014
CLI Command Reference
Page 255
HP Moonshot Switch Module CLI Command Reference
Remote Monitoring Commands
rmon collection history
This command sets the history control parameters of the RMON historyControl MIB group.
Note: This command is not supported on interface range. Each RMON history control collection entry
can be configured on only one interface. If you try to configure on multiple interfaces, DUT displays
an error.
Format
rmon collection history index number [buckets number|interval interval in sec|owner
string]
Mode
Interface Config
Parameter
Description
Index
An index that uniquely identifies an entry in the historyControl table. Each such
entry defines a set of samples at a particular interval for an interface on the
device. The range is 1 to 65535.
The maximum number of entries to maintain. The range is 1 to 65535.
The interval in seconds over which the data is sampled. The range is 1 to 3600.
The default is 1800.
The owner string associated with the history control entry. The default is
monitorHistoryControl.
Buckets number
Interval
Owner
Example: The following shows an example of the command.
(Routing) (Interface 1/0/1)# rmon collection history 1 buckets 10 interval 30 owner myOwner
Example: The following shows an example of the command.
(Routing) (Interface 1/0/1-1/0/10)#rmon collection history 1 buckets 10 interval 30 owner myOwner
Error: 'rmon collection history' is not supported on range of interfaces.
no rmon collection history
This command will delete the history control group entry with the specified index number.
Format
no rmon collection history index number
Mode
Interface Config
Example: The following shows an example of the command.
(Routing) (Interface 1/0/1-1/0/10)# no rmon collection history 1
September 2014
CLI Command Reference
Page 256
HP Moonshot Switch Module CLI Command Reference
Remote Monitoring Commands
show rmon
This command displays the entries in the RMON alarm table.
Format
show rmon {alarms | alarm alarm-index}
Mode
Privileged Exec
Parameter
Description
Alarm Index
An index that uniquely identifies an entry in the alarm table. Each entry defines a diagnostic
sample at a particular interval for an object on the device.
The object identifier of the particular variable to be sampled. Only variables that resolve to
an ASN.1 primitive type of integer.
The interval in seconds over which the data is sampled and compared with the rising and
falling thresholds.
The value of the statistic during the last sampling period. This object is a read-only, 32-bit
signed value.
The rising threshold for the sample statistics.
Alarm Variable
Alarm Interval
Alarm Absolute
Value
Alarm Rising
Threshold
Alarm Rising
Event Index
Alarm Falling
Threshold
Alarm Falling
Event Index
Alarm Startup
Alarm
Alarm Owner
The index of the eventEntry that is used when a rising threshold is crossed.
The falling threshold for the sample statistics.
The index of the eventEntry that is used when a falling threshold is crossed.
The alarm that may be sent. Possible values are rising, falling or both rising-falling. The
default is rising-falling.
The owner string associated with the alarm entry. The default is monitorAlarm.
Example: The following shows example CLI display output for the command.
(Routing) #show rmon alarms
Index
OID
Owner
---------------------------------------------1
alarmInterval.1
MibBrowser
2
alarmInterval.1
MibBrowser
September 2014
CLI Command Reference
Page 257
HP Moonshot Switch Module CLI Command Reference
Remote Monitoring Commands
Example: The following shows example CLI display output for the command.
(Routing) #show rmon alarm 1
Alarm 1
---------OID: alarmInterval.1
Last Sample Value: 1
Interval: 1
Sample Type: absolute
Startup Alarm: rising-falling
Rising Threshold: 1
Falling Threshold: 1
Rising Event: 1
Falling Event: 2
Owner: MibBrowser
show rmon collection history
This command displays the entries in the RMON history control table.
Format
show rmon collection history [interfaces unit/slot/port]
Mode
Privileged Exec
Parameter
Description
Index
An index that uniquely identifies an entry in the historyControl table. Each such entry
defines a set of samples at a particular interval for an interface on the device. The
range is 1 to 65535.
The source interface for which historical data is collected.
The interval in seconds over which the data is sampled. The range is 1 to 3600. The
default is 1800.
The requested number of discrete time intervals over which data is to be saved. The
range is 1 to 65535. The default is 50.
The number of discrete sampling intervals over which data shall be saved. This object
is read-only. The default is 10.
The owner string associated with the history control entry. The default is
monitorHistoryControl.
Interface
Interval
Samples Requested
Samples Granted
Owner
September 2014
CLI Command Reference
Page 258
HP Moonshot Switch Module CLI Command Reference
Remote Monitoring Commands
Example: The following shows example CLI display output for the command.
(Routing) #show rmon collection history
Index
Interface
Interval
Requested
Granted
Owner
Samples
Samples
---------------------------------------------------------------------1
1/0/1
30
10
10
myowner
2
1/0/1
1800
50
10
monitorHistoryControl
3
1/0/2
30
50
10
monitorHistoryControl
4
1/0/2
1800
50
10
monitorHistoryControl
5
1/0/3
30
50
10
monitorHistoryControl
6
1/0/3
1800
50
10
monitorHistoryControl
7
1/0/4
30
50
10
monitorHistoryControl
8
1/0/4
1800
50
10
monitorHistoryControl
9
1/0/5
30
50
10
monitorHistoryControl
10
1/0/5
1800
50
10
monitorHistoryControl
11
1/0/6
30
50
10
monitorHistoryControl
12
1/0/6
1800
50
10
monitorHistoryControl
13
1/0/7
30
50
10
monitorHistoryControl
14
1/0/7
1800
50
10
monitorHistoryControl
15
1/0/8
30
50
10
monitorHistoryControl
16
1/0/8
1800
50
10
monitorHistoryControl
17
1/0/9
30
50
10
monitorHistoryControl
18
1/0/9
1800
50
10
monitorHistoryControl
19
1/0/10
30
50
10
monitorHistoryControl
--More-- or (q)uit
Example: The following shows example CLI display output for the command.
(Routing) #show rmon collection history interfaces 1/0/1
Index
Interface
Requested
Granted
Owner
Samples
Samples
---------------------------------------------------------------------1
1/0/1
30
10
10
myowner
2
1/0/1
1800
50
10
monitorHistoryControl
September 2014
Interval
CLI Command Reference
Page 259
HP Moonshot Switch Module CLI Command Reference
Remote Monitoring Commands
show rmon events
This command displays the entries in the RMON event table.
Format
show rmon events
Mode
Privileged Exec
Parameter
Description
Index
An index that uniquely identifies an entry in the event table. Each such entry defines one
event that is to be generated when the appropriate conditions occur. The range is 1 to
65535.
A comment describing the event entry. The default is alarmEvent.
The type of notification that the probe makes about the event. Possible values are None,
Log, SNMP Trap, Log and SNMP Trap. The default is None.
The SNMP community specific by this octet string which is used to send an SNMP trap. The
default is public.
Event owner. The owner string associated with the entry.
Description
Type
Community
Owner
Last time sent
The last time over which a log or a SNMP trap message is generated.
Example: The following shows example CLI display output for the command.
(Routing) # show rmon events
Index Description
Type
Community
Owner
Last time sent
------------------------------------------------------------------------------1
test
log
public
MIB
0 days 0 h:0 m:0 s
show rmon history
This command displays the specified entry in the RMON history table.
Format
show rmon history index {errors [period seconds]|other [period seconds]|throughput
[period seconds]}
Mode
Privileged Exec
Parameter
Description
History Control
Index
An index that uniquely identifies an entry in the historyControl table. Each such entry
defines a set of samples at a particular interval for an interface on the device. The range
is 1 to 65535.
History Control Data The source interface for which historical data is collected.
Source
History Control
The requested number of discrete time intervals over which data is to be saved. The
Buckets Requested range is 1 to 65535. The default is 50.
September 2014
CLI Command Reference
Page 260
Remote Monitoring Commands
HP Moonshot Switch Module CLI Command Reference
Parameter
Description
History Control
The number of discrete sampling intervals over which data shall be saved. This object is
Buckets Granted
read-only. The default is 10.
History Control
The interval in seconds over which the data is sampled. The range is 1 to 3600. The
Interval
default is 1800.
History Control
The owner string associated with the history control entry. The default is
Owner
monitorHistoryControl.
Maximum Table Size Maximum number of entries that the history table can hold.
Time
Time at which the sample is collected, displayed as period seconds.
CRC Align
Number of CRC align errors.
Undersize Packets Total number of undersize packets. Packets are less than 64 octets long (excluding
framing bits, including FCS octets).
Oversize Packets
Total number of oversize packets. Packets are longer than 1518 octets (excluding
framing bits, including FCS octets).
Fragments
Total number of fragment packets. Packets are not an integral number of octets in length
or had a bad Frame Check Sequence (FCS), and are less than 64 octets in length
(excluding framing bits, including FCS octets).
Jabbers
Total number of jabber packets. Packets are longer than 1518 octets (excluding framing
bits, including FCS octets), and are not an integral number of octets in length or had a
bad Frame Check Sequence (FCS).
Octets
Total number of octets received on the interface.
Packets
Total number of packets received (including error packets) on the interface.
Broadcast
Total number of good Broadcast packets received on the interface.
Multicast
Total number of good Multicast packets received on the interface.
Util
Port utilization of the interface associated with the history index specified.
Dropped Collisions Total number of dropped collisions.
Example: The following shows example CLI display output for the command.
(Routing) #show rmon history 1 errors
Sample set: 1
Owner: myowner
Interface: 1/0/1
Interval: 30
Requested Samples: 10
Granted Samples: 10
Maximum table size: 1758
Time
--------------------Jan 01 1970 21:41:43
Jan 01 1970 21:42:14
Jan 01 1970 21:42:44
Jan 01 1970 21:43:14
Jan 01 1970 21:43:44
Jan 01 1970 21:44:14
Jan 01 1970 21:44:45
Jan 01 1970 21:45:15
Jan 01 1970 21:45:45
Jan 01 1970 21:46:15
September 2014
CRC Align
---------0
0
0
0
0
0
0
0
0
0
Undersize
--------0
0
0
0
0
0
0
0
0
0
Oversize
--------0
0
0
0
0
0
0
0
0
0
Fragments
---------0
0
0
0
0
0
0
0
0
0
Jabbers
------0
0
0
0
0
0
0
0
0
0
CLI Command Reference
Page 261
Remote Monitoring Commands
HP Moonshot Switch Module CLI Command Reference
Example: The following shows example CLI display output for the command.
(Routing) #show rmon history 1 throughput
Sample set: 1
Owner: myowner
Interface: 1/0/1
Interval: 30
Requested Samples: 10
Granted Samples: 10
Maximum table size: 1758
Time
-------------------Jan 01 1970 21:41:43
Jan 01 1970 21:42:14
Jan 01 1970 21:42:44
Jan 01 1970 21:43:14
Jan 01 1970 21:43:44
Jan 01 1970 21:44:14
Jan 01 1970 21:44:45
Jan 01 1970 21:45:15
Jan 01 1970 21:45:45
Jan 01 1970 21:46:15
Octets
---------0
0
0
0
0
0
0
0
0
0
Packets
--------0
0
0
0
0
0
0
0
0
0
Broadcast
--------0
0
0
0
0
0
0
0
0
0
Multicast
---------0
0
0
0
0
0
0
0
0
0
Util
-------1
1
1
1
1
1
1
1
1
1
(Routing) #show rmon history 1 other
Sample set: 1
Owner: myowner
Interface: 1/0/1
Interval: 30
Requested Samples: 10
Granted Samples: 10
Maximum table size: 1758
Time
-------------------Jan 01 1970 21:41:43
Jan 01 1970 21:42:14
Jan 01 1970 21:42:44
Jan 01 1970 21:43:14
Jan 01 1970 21:43:44
Jan 01 1970 21:44:14
Jan 01 1970 21:44:45
Jan 01 1970 21:45:15
Jan 01 1970 21:45:45
Jan 01 1970 21:46:15
September 2014
Dropped
------0
0
0
0
0
0
0
0
0
0
Collisions
---------0
0
0
0
0
0
0
0
0
0
CLI Command Reference
Page 262
HP Moonshot Switch Module CLI Command Reference
Remote Monitoring Commands
show rmon log
This command displays the entries in the RMON log table.
Format
show rmon log [event-index]
Mode
Privileged Exec
Parameter
Description
Maximum table size
Event
Description
Time
Maximum number of entries that the log table can hold.
Event index for which the log is generated.
A comment describing the event entry for which the log is generated.
Time at which the event is generated.
Example: The following shows example CLI display output for the command.
(Routing) #show rmon log
Event
Description
Time
------------------------------------------------
Example: The following shows example CLI display output for the command.
(Routing) #show rmon log 1
Maximum table size: 10
Event
Description
Time
------------------------------------------------
show rmon statistics interfaces
This command displays the RMON statistics for the given interfaces.
Format
show rmon statistics interfaces unit/slot/port
Mode
Privileged Exec
Parameter
Description
Port
Dropped
Octets
Packets
Broadcast
Multicast
unit/slot/port
Total number of dropped events on the interface.
Total number of octets received on the interface.
Total number of packets received (including error packets) on the interface.
Total number of good broadcast packets received on the interface.
Total number of good multicast packets received on the interface.
September 2014
CLI Command Reference
Page 263
HP Moonshot Switch Module CLI Command Reference
Parameter
Remote Monitoring Commands
Description
CRC Align Errors
Total number of packets received have a length (excluding framing bits,
including FCS octets) of between 64 and 1518 octets inclusive.
Collisions
Total number of collisions on the interface.
Undersize Pkts
Total number of undersize packets. Packets are less than 64 octets long
(excluding framing bits, including FCS octets).
Oversize Pkts
Total number of oversize packets. Packets are longer than 1518 octets
(excluding framing bits, including FCS octets).
Fragments
Total number of fragment packets. Packets are not an integral number of octets
in length or had a bad Frame Check Sequence (FCS), and are less than 64 octets
in length (excluding framing bits, including FCS octets).
Jabbers
Total number of jabber packets. Packets are longer than 1518 octets (excluding
framing bits, including FCS octets), and are not an integral number of octets in
length or had a bad Frame Check Sequence (FCS).
64 Octets
Total number of packets which are 64 octets in length (excluding framing bits,
including FCS octets).
65-127 Octets
Total number of packets which are between 65 and 127 octets in length
(excluding framing bits, including FCS octets).
128-255 Octets
Total number of packets which are between 128 and 255 octets in length
(excluding framing bits, including FCS octets).
256-511 Octets
Total number of packets which are between 256 and 511 octets in length
(excluding framing bits, including FCS octets).
512-1023 Octets
Total number of packets which are between 512 and 1023 octets in length
(excluding framing bits, including FCS octets).
1024-1518 Octets
Total number of packets which are between 1024 and 1518 octets in length
(excluding framing bits, including FCS octets).
HC Overflow Pkts
Total number of HC overflow packets.
HC Overflow Octets
Total number of HC overflow octets.
HC Overflow Pkts 64 Octets Total number of HC overflow packets which are 64 octets in length
HC Overflow Pkts 65 - 127
Total number of HC overflow packets which are between 65 and 127 octets in
Octets
length.
HC Overflow Pkts 128 - 255 Total number of HC overflow packets which are between 128 and 255 octets in
Octets
length.
HC Overflow Pkts 256 - 511 Total number of HC overflow packets which are between 256 and 511 octets in
Octets
length.
HC Overflow Pkts 512 - 1023 Total number of HC overflow packets which are between 512 and 1023 octets
Octets
in length.
HC Overflow Pkts 1024 - 1518 Total number of HC overflow packets which are between 1024 and 1518 octets
Octets
in length.
September 2014
CLI Command Reference
Page 264
HP Moonshot Switch Module CLI Command Reference
Remote Monitoring Commands
Example: The following shows example CLI display output for the command.
(Routing) # show rmon statistics interfaces 1/0/1
Port: 1/0/1
Dropped: 0
Octets: 0 Packets: 0
Broadcast: 0 Multicast: 0
CRC Align Errors: 0 Collisions: 0
Undersize Pkts: 0 Oversize Pkts: 0
Fragments: 0 Jabbers: 0
64 Octets: 0 65 - 127 Octets: 0
128 - 255 Octets: 0 256 - 511 Octets: 0
512 - 1023 Octets: 0 1024 - 1518 Octets: 0
HC Overflow Pkts: 0 HC Pkts: 0
HC Overflow Octets: 0 HC Octets: 0
HC Overflow Pkts 64 Octets: 0 HC Pkts 64 Octets: 0
HC Overflow Pkts 65 - 127 Octets: 0 HC Pkts 65 - 127 Octets: 0
HC Overflow Pkts 128 - 255 Octets: 0 HC Pkts 128 - 255 Octets: 0
HC Overflow Pkts 256 - 511 Octets: 0 HC Pkts 256 - 511 Octets: 0
HC Overflow Pkts 512 - 1023 Octets: 0 HC Pkts 512 - 1023 Octets: 0
HC Overflow Pkts 1024 - 1518 Octets: 0 HC Pkts 1024 - 1518 Octets: 0
show rmon hcalarms
This command displays the entries in the RMON high-capacity alarm table.
Format
show rmon {hcalarms|hcalarm alarm index}
Mode
Privileged Exec
Parameter
Description
High Capacity Alarm Index
An arbitrary integer index value used to uniquely identify the high capacity
alarm entry. The range is 1 to 65535.
High Capacity Alarm Variable The object identifier of the particular variable to be sampled. Only variables
that resolve to an ASN.1 primitive type of integer.
High Capacity Alarm Interval The interval in seconds over which the data is sampled and compared with the
rising and falling thresholds. The range is 1 to 2147483647. The default is 1.
High Capacity Alarm Sample The method of sampling the selected variable and calculating the value to be
Type
compared against the thresholds. Possible types are Absolute Value or Delta
Value. The default is Absolute Value.
High Capacity Alarm Absolute The absolute value (that is, the unsigned value) of the hcAlarmVariable
Value
statistic during the last sampling period. The value during the current
sampling period is not made available until the period is complete. This object
is a 64-bit unsigned value that is Read-Only.
High Capacity Alarm Absolute This object indicates the validity and sign of the data for the high capacity
Alarm Status
alarm absolute value object (hcAlarmAbsValueobject). Possible status types
are valueNotAvailable, valuePositive, or valueNegative. The default is
valueNotAvailable.
High Capacity Alarm Startup High capacity alarm startup alarm that may be sent. Possible values are rising,
Alarm
falling, or rising-falling. The default is rising-falling.
September 2014
CLI Command Reference
Page 265
HP Moonshot Switch Module CLI Command Reference
Parameter
Remote Monitoring Commands
Description
High Capacity Alarm RisingThe lower 32 bits of the absolute value for threshold for the sampled statistic.
Threshold Absolute Value Low The range is 0 to 4294967295. The default is 1.
High Capacity Alarm RisingThe upper 32 bits of the absolute value for threshold for the sampled statistic.
Threshold Absolute Value High The range is 0 to 4294967295. The default is 0.
High Capacity Alarm RisingThis object indicates the sign of the data for the rising threshold, as defined by
Threshold Value Status
the objects hcAlarmRisingThresAbsValueLow and
hcAlarmRisingThresAbsValueHigh. Possible values are valueNotAvailable,
valuePositive, or valueNegative. The default is valuePositive.
High Capacity Alarm Falling- The lower 32 bits of the absolute value for threshold for the sampled statistic.
Threshold Absolute Value Low The range is 0 to 4294967295. The default is 1.
High Capacity Alarm Falling- The upper 32 bits of the absolute value for threshold for the sampled statistic.
Threshold Absolute Value High The range is 0 to 4294967295. The default is 0.
High Capacity Alarm Falling- This object indicates the sign of the data for the falling threshold, as defined
Threshold Value Status
by the objects hcAlarmFallingThresAbsValueLow and
hcAlarmFallingThresAbsValueHigh. Possible values are valueNotAvailable,
valuePositive, or valueNegative. The default is valuePositive.
High Capacity Alarm Rising
The index of the eventEntry that is used when a rising threshold is crossed.
Event Index
The range is 1 to 65535. The default is 1.
High Capacity Alarm Falling
The index of the eventEntry that is used when a falling threshold is crossed.
Event Index
The range is 1 to 65535. The default is 2.
High Capacity Alarm Failed
The number of times the associated hcAlarmVariable instance was polled on
Attempts
behalf of the hcAlarmEntry (while in the active state) and the value was not
available. This object is a 32-bit counter value that is read-only.
High Capacity Alarm Owner
The owner string associated with the alarm entry. The default is
monitorHCAlarm.
High Capacity Alarm Storage The type of non-volatile storage configured for this entry. This object is readType
only. The default is volatile.
Example: The following shows example CLI display output for the command.
(Routing) #show rmon hcalarms
Index
OID
Owner
---------------------------------------------1
alarmInterval.1
MibBrowser
2
alarmInterval.1
MibBrowser
September 2014
CLI Command Reference
Page 266
HP Moonshot Switch Module CLI Command Reference
Remote Monitoring Commands
(Routing) #show rmon hcalarm 1
Alarm 1
---------OID: alarmInterval.1
Last Sample Value: 1
Interval: 1
Sample Type: absolute
Startup Alarm: rising-falling
Rising Threshold High: 0
Rising Threshold Low: 1
Rising Threshold Status: Positive
Falling Threshold High: 0
Falling Threshold Low: 1
Falling Threshold Status: Positive
Rising Event: 1
Falling Event: 2
Startup Alarm: Rising-Falling
Owner: MibBrowser
September 2014
CLI Command Reference
Page 267
Switching Commands
HP Moonshot Switch Module CLI Command Reference
Section 6: Switching Commands
This chapter describes the switching commands available in the HP Moonshot Switch Module CLI.
The Switching Commands chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
“Port Configuration Commands” on page 269
“Spanning Tree Protocol Commands” on page 275
“VLAN Commands” on page 298
“Double VLAN Commands” on page 313
“Private VLAN Commands” on page 317
“Provisioning (IEEE 802.1p) Commands” on
page 320
“Cut-Through (ASF) Commands” on page 321
“Asymmetric Flow Control” on page 322
“Protected Ports Commands” on page 324
“GARP Commands” on page 326
“GVRP Commands” on page 328
“GMRP Commands” on page 330
“Port-Based Network Access Control Commands”
on page 333
“802.1X Supplicant Commands” on page 348
“Storm-Control Commands” on page 352
“Link Local Protocol Filtering Commands” on
page 359
“MMRP Commands” on page 360
“MVRP Commands” on page 364
“Port-Channel/LAG (802.3ad) Commands” on
page 368
September 2014
• “Port Mirroring Commands” on page 388
• “Static MAC Filtering Commands” on
page 392“DHCP L2 Relay Agent Commands” on
page 396
• “DHCP Client Commands” on page 401
• “DHCP Snooping Configuration Commands” on
page 403
• “Dynamic ARP Inspection Commands” on
page 413
• “IGMP Snooping Configuration Commands” on
page 421
• “IGMP Snooping Querier Commands” on page 430
• “MLD Snooping Commands” on page 434
• “MLD Snooping Querier Commands” on page 443
• “Port Security Commands” on page 447
• “LLDP (802.1AB) Commands” on page 453
• “LLDP-MED Commands” on page 462
• “Denial of Service Commands” on page 469
• “MAC Database Commands” on page 480
• “ISDP Commands” on page 483
• “UniDirectional Link Detection Commands” on
page 490
CLI Command Reference
Page 268
HP Moonshot Switch Module CLI Command Reference
Port Configuration Commands
Port Configuration Commands
This section describes the commands you use to view and configure port settings.
interface
This command gives you access to the Interface Config mode, which allows you to enable or modify the
operation of an interface (port). You can also specify a range of ports to configure at the same time by
specifying the starting unit/slot/port and ending unit/slot/port, separated by a hyphen.
Format
interface {unit/slot/port | unit/slot/port(startrange)-unit/slot/port(endrange)}
Mode
Global Config
Example: The following example enters Interface Config mode for port 1/0/1:
(Routing) #configure
(Routing) (config)#interface 1/0/1
(Routing) (interface 1/0/1)#
Example: The following example enters Interface Config mode for ports 1/0/1 through 1/0/4:
(Routing) #configure
(Routing) (config)#interface 1/0/1-1/0/4
(Routing) (interface 1/0/1-1/0/4)#
auto-negotiate
This command enables automatic negotiation on a port or range of ports.
Default
enabled
Format
auto-negotiate
Mode
Interface Config
no auto-negotiate
This command disables automatic negotiation on a port.
Note: Automatic sensing is disabled when automatic negotiation is disabled.
Format
no auto-negotiate
Mode
Interface Config
September 2014
CLI Command Reference
Page 269
HP Moonshot Switch Module CLI Command Reference
Port Configuration Commands
auto-negotiate all
This command enables automatic negotiation on all ports.
Default
enabled
Format
auto-negotiate all
Mode
Global Config
no auto-negotiate all
This command disables automatic negotiation on all ports.
Format
no auto-negotiate all
Mode
Global Config
description
Use this command to create an alpha-numeric description of an interface or range of interfaces.
Format
description description
Mode
Interface Config
mtu
Use the mtu command to set the maximum transmission unit (MTU) size, in bytes, for frames that ingress or
egress the interface. You can use the mtu command to configure jumbo frame support for physical and portchannel (LAG) interfaces. For the HP Moonshot Switch Module, the MTU size is a valid integer between 1522–
12288 for tagged packets and a valid integer between 1518 - 12288 for untagged packets.
Note: To receive and process packets, the Ethernet MTU must include any extra bytes that Layer-2
headers might require. To configure the IP MTU size, which is the maximum size of the IP packet (IP
Header + IP payload), see “ip mtu” on page 514.
Default
1518 (untagged)
Format
mtu 1518-12288
Mode
Interface Config
no mtu
This command sets the default MTU size (in bytes) for the interface.
Format
no mtu
Mode
Interface Config
September 2014
CLI Command Reference
Page 270
Port Configuration Commands
HP Moonshot Switch Module CLI Command Reference
shutdown
This command disables a port or range of ports.
Note: You can use the shutdown command on physical and port-channel (LAG) interfaces, but not on
VLAN routing interfaces.
Default
enabled
Format
shutdown
Mode
Interface Config
no shutdown
This command enables a port
.
Format
no shutdown
Mode
Interface Config
shutdown all
This command disables all ports.
Note: You can use the shutdown all command on physical and port-channel (LAG) interfaces, but not
on VLAN routing interfaces.
Default
enabled
Format
shutdown all
Mode
Global Config
no shutdown all
This command enables all ports.
Format
no shutdown all
Mode
Global Config
September 2014
CLI Command Reference
Page 271
Port Configuration Commands
HP Moonshot Switch Module CLI Command Reference
speed
Use this command to enable or disable auto-negotiation and set the speed that will be advertised by that port.
The duplex parameter allows you to set the advertised speed for both half as well as full duplex mode.
Use the auto keyword to enable auto-negotiation on the port. Use the command without the auto keyword
to ensure auto-negotiation is disabled and to set the port speed and mode according to the command values.
If auto-negotiation is disabled, the speed and duplex mode must be set
.
Default
Auto-negotiation is enabled.
Format
speed {auto {10G | 100 } {half-duplex | full-duplex}}
Mode
Interface Config
speed all
This command sets the speed and duplex setting for all interfaces.
Format
speed all {100 | 10} {half-duplex | full-duplex}
Mode
Global Config
show port
This command displays port information for a single interface, range of interfaces, or all interfaces.
Format
show port {intf-range | all}
Mode
Privileged EXEC
Term
Definition
Interface
Type
unit/slot/port
If not blank, this field indicates that this port is a special type of port. The possible values
are:
• Mirror — this port is a monitoring port. For more information, see “Port Mirroring
Commands” on page 388.
• PC Mbr— this port is a member of a port-channel (LAG).
• Probe — this port is a probe port.
The Port control administration state. The port must be enabled in order for it to be allowed
into the network. May be enabled or disabled. The factory default is enabled.
The desired port speed and duplex mode. If auto-negotiation support is selected, then the
duplex mode and speed is set from the auto-negotiation process. Note that the maximum
capability of the port (full duplex -100M) is advertised. Otherwise, this object determines
the port's duplex mode and transmission rate. The factory default is Auto.
The port speed and duplex mode.
The Link is up or down.
Admin Mode
Physical Mode
Physical Status
Link Status
September 2014
CLI Command Reference
Page 272
Port Configuration Commands
HP Moonshot Switch Module CLI Command Reference
Term
Definition
Link Trap
This object determines whether or not to send a trap when link status changes. The factory
default is enabled.
LACP is enabled or disabled on this port.
The configured timeout value for the LACP actor (the local LAG interface).
LACP Mode
Actor Timeout
show port advertise
Use this command to display the local administrative link advertisement configuration, local operational link
advertisement, and the link partner advertisement for an interface. It also displays priority Resolution for
speed and duplex as per 802.3 Annex 28B.3. It displays the Auto negotiation state, Phy Master/Slave Clock
configuration, and Link state of the port.
If the link is down, the Clock is displayed as No Link, and a dash is displayed against the Oper Peer
advertisement, and Priority Resolution. If Auto negotiation is disabled, then the admin Local Link
advertisement, operational local link advertisement, operational peer advertisement, and Priority resolution
fields are not displayed.
If this command is executed without the optional unit/slot/port parameter, then it displays the Autonegotiation state and operational Local link advertisement for all the ports. Operational link advertisement
will display speed only if it is supported by both local as well as link partner. If auto-negotiation is disabled,
then operational local link advertisement is not displayed.
Format
show port advertise [unit/slot/port]
Mode
Privileged EXEC
Example: The following commands show the command output with and without the optional parameter:
(Routing)#show port advertise 1/0/1
Port: 1/0/1
Type: Gigabit - Level
Link State: Down
Auto Negotiation: Enabled
Clock: Auto
1000f
----Admin Local Link Advertisement no
Oper Local Link Advertisement no
Oper Peer Advertisement
no
Priority Resolution
-
1000h
----no
no
no
-
100f
---yes
yes
yes
yes
100h
---no
no
yes
-
10f
--yes
yes
yes
-
10h
--no
no
yes
-
(Routing)#show port advertise
Port
Type
Neg
Operational Link Advertisement
--------- ------------------------------ ----------- -----------------------------1/0/1
Gigabit - Level
Enabled 1000f, 100f, 100h, 10f, 10h
1/0/2
Gigabit - Level
Enabled 1000f, 100f, 100h, 10f, 10h
1/0/3
Gigabit - Level
Enabled 1000f, 100f, 100h, 10f, 10h
September 2014
CLI Command Reference
Page 273
HP Moonshot Switch Module CLI Command Reference
Port Configuration Commands
show port description
This command displays the interface description. Instead of unit/slot/port, lag lag-intf-num can be used as
an alternate way to specify the LAG interface. lag lag-intf-num can also be used to specify the LAG interface
where lag-intf-num is the LAG port number.
Format
show port description unit/slot/port
Mode
Privileged EXEC
Term
Definition
Interface
ifIndex
Description
unit/slot/port
The interface index number associated with the port.
The alpha-numeric description of the interface created by the command “description” on
page 270.
The MAC address of the port. The format is 6 two-digit hexadecimal numbers that are
separated by colons, for example 01:23:45:67:89:AB.
The bit offset value.
MAC address
Bit Offset Val
Example: The following shows example CLI display output for the command.
(Routing) #show port description 1/0/1
Interface...........1/0/1
ifIndex.............1
Description.........
MAC address.........00:10:18:82:0C:10
Bit Offset Val......1
September 2014
CLI Command Reference
Page 274
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
Spanning Tree Protocol Commands
This section describes the commands you use to configure Spanning Tree Protocol (STP). STP helps prevent
network loops, duplicate messages, and network instability.
Note: STP is enabled on the switch and on all ports and LAGs by default.
Note: If STP is disabled, the system does not forward BPDU messages.
spanning-tree
This command sets the spanning-tree operational mode to enabled.
Default
enabled
Format
spanning-tree
Mode
Global Config
no spanning-tree
This command sets the spanning-tree operational mode to disabled. While disabled, the spanning-tree
configuration is retained and can be changed, but is not activated.
Format
no spanning-tree
Mode
Global Config
spanning-tree auto-edge
Use this command to allow the interface to become an edge port if it does not receive any BPDUs within a given
amount of time.
Default
Enabled
Format
spanning-tree auto-edge
Mode
Interface Config
no spanning-tree auto-edge
This command resets the auto-edge status of the port to the default value.
Format
no spanning-tree auto-edge
Mode
Interface Config
September 2014
CLI Command Reference
Page 275
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
spanning-tree bpdufilter
Use this command to enable BPDU Filter on an interface or range of interfaces.
Default
disabled
Format
spanning-tree bpdufilter
Mode
Interface Config
no spanning-tree bpdufilter
Use this command to disable BPDU Filter on the interface or range of interfaces.
Default
disabled
Format
no spanning-tree bpdufilter
Mode
Interface Config
spanning-tree bpdufilter default
Use this command to enable BPDU Filter on all the edge port interfaces.
Default
disabled
Format
spanning-tree bpdufilter default
Mode
Global Config
no spanning-tree bpdufilter default
Use this command to disable BPDU Filter on all the edge port interfaces.
Default
disabled
Format
no spanning-tree bpdufilter default
Mode
Global Config
spanning-tree bpduflood
Use this command to enable BPDU Flood on an interface or range of interfaces.
Default
disabled
Format
spanning-tree bpduflood
Mode
Interface Config
September 2014
CLI Command Reference
Page 276
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
no spanning-tree bpduflood
Use this command to disable BPDU Flood on the interface or range of interfaces.
Default
disabled
Format
no spanning-tree bpduflood
Mode
Interface Config
spanning-tree bpduguard
Use this command to enable BPDU Guard on the switch.
Default
disabled
Format
spanning-tree bpduguard
Mode
Global Config
no spanning-tree bpduguard
Use this command to disable BPDU Guard on the switch.
Default
disabled
Format
no spanning-tree bpduguard
Mode
Global Config
spanning-tree bpdumigrationcheck
Use this command to force a transmission of rapid spanning tree (RSTP) and multiple spanning tree (MSTP)
BPDUs. Use the unit/slot/port parameter to transmit a BPDU from a specified interface, or use the all
keyword to transmit RST or MST BPDUs from all interfaces. This command forces the BPDU transmission when
you execute it, so the command does not change the system configuration or have a no version.
Format
spanning-tree bpdumigrationcheck {unit/slot/port | all}
Mode
Global Config
spanning-tree configuration name
This command sets the Configuration Identifier Name for use in identifying the configuration that this switch
is currently using. The name is a string of up to 32 characters.
Default
base MAC address in hexadecimal notation
Format
spanning-tree configuration name name
Mode
Global Config
September 2014
CLI Command Reference
Page 277
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
no spanning-tree configuration name
This command resets the Configuration Identifier Name to its default.
Format
no spanning-tree configuration name
Mode
Global Config
spanning-tree configuration revision
This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this
switch is currently using. The Configuration Identifier Revision Level is a number in the range of 0 to 65535.
Default
0
Format
spanning-tree configuration revision 0-65535
Mode
Global Config
no spanning-tree configuration revision
This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this
switch is currently using to the default value.
Format
no spanning-tree configuration revision
Mode
Global Config
spanning-tree cost
Use this command to configure the external path cost for port used by a MST instance. When the auto keyword
is used, the path cost from the port to the root bridge is automatically determined by the speed of the
interface. To configure the cost manually, specify a cost value from 1–200000000.
Default
auto
Format
spanning-tree cost {cost | auto}
Mode
Interface Config
no spanning-tree cost
This command resets the auto-edge status of the port to the default value.
Format
no spanning-tree cost
Mode
Interface Config
September 2014
CLI Command Reference
Page 278
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
spanning-tree edgeport
This command specifies that an interface (or range of interfaces) is an Edge Port within the common and
internal spanning tree. This allows this port to transition to Forwarding State without delay.
Format
spanning-tree edgeport
Mode
Interface Config
no spanning-tree edgeport
This command specifies that this port is not an Edge Port within the common and internal spanning tree.
Format
no spanning-tree edgeport
Mode
Interface Config
spanning-tree forceversion
This command sets the Force Protocol Version parameter to a new value.
Default
802.1w
Format
spanning-tree forceversion {802.1d | 802.1s | 802.1w}
Mode
Global Config
• Use 802.1d to specify that the switch transmits ST BPDUs rather than MST BPDUs (IEEE 802.1d
functionality supported).
• Use 802.1s to specify that the switch transmits MST BPDUs (IEEE 802.1s functionality supported).
• Use 802.1w to specify that the switch transmits RST BPDUs rather than MST BPDUs (IEEE 802.1w
functionality supported).
no spanning-tree forceversion
This command sets the Force Protocol Version parameter to the default value.
Format
no spanning-tree forceversion
Mode
Global Config
September 2014
CLI Command Reference
Page 279
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
spanning-tree forward-time
This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning
tree. The forward-time value is in seconds within a range of 4 to 30, with the value being greater than or equal
to “(Bridge Max Age / 2) + 1”.
Default
15
Format
spanning-tree forward-time 4-30
Mode
Global Config
no spanning-tree forward-time
This command sets the Bridge Forward Delay parameter for the common and internal spanning tree to the
default value.
Format
no spanning-tree forward-time
Mode
Global Config
spanning-tree guard
This command selects whether loop guard or root guard is enabled on an interface or range of interfaces. If
neither is enabled, then the port operates in accordance with the multiple spanning tree protocol.
Default
none
Format
spanning-tree guard {none | root | loop}
Mode
Interface Config
no spanning-tree guard
This command disables loop guard or root guard on the interface.
Format
no spanning-tree guard
Mode
Interface Config
spanning-tree max-age
This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree.
The max-age value is in seconds within a range of 6 to 40, with the value being less than or equal to 2 x (Bridge
Forward Delay - 1).
Default
20
Format
spanning-tree max-age 6-40
Mode
Global Config
September 2014
CLI Command Reference
Page 280
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
no spanning-tree max-age
This command sets the Bridge Max Age parameter for the common and internal spanning tree to the default
value.
Format
no spanning-tree max-age
Mode
Global Config
spanning-tree max-hops
This command sets the Bridge Max Hops parameter to a new value for the common and internal spanning tree.
The max-hops value is a range from 6 to 40.
Default
20
Format
spanning-tree max-hops 6-40
Mode
Global Config
no spanning-tree max-hops
This command sets the Bridge Max Hops parameter for the common and internal spanning tree to the default
value.
Format
no spanning-tree max-hops
Mode
Global Config
September 2014
CLI Command Reference
Page 281
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
spanning-tree mst
This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in
the common and internal spanning tree. If you specify an mstid parameter that corresponds to an existing
multiple spanning tree instance, the configurations are done for that multiple spanning tree instance. If you
specify 0 (defined as the default CIST ID) as the mstid, the configurations are done for the common and internal
spanning tree instance.
If you specify the cost option, the command sets the path cost for this port within a multiple spanning tree
instance or the common and internal spanning tree instance, depending on the mstid parameter. You can set
the path cost as a number in the range of 1 to 200000000 or auto. If you select auto the path cost value is set
based on Link Speed.
If you specify the port-priority option, this command sets the priority for this port within a specific multiple
spanning tree instance or the common and internal spanning tree instance, depending on the mstid parameter.
The port-priority value is a number in the range of 0 to 240 in increments of 16.
Default
• cost—auto
• port-priority—128
Format
spanning-tree mst mstid {{cost 1-200000000 | auto} | auto} | port-priority 0-240}
Mode
Interface Config
no spanning-tree mst
This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance, or in
the common and internal spanning tree to the respective default values. If you specify an mstid parameter that
corresponds to an existing multiple spanning tree instance, you are configuring that multiple spanning tree
instance. If you specify 0 (defined as the default CIST ID) as the mstid, you are configuring the common and
internal spanning tree instance.
If the you specify cost, this command sets the path cost for this port within a multiple spanning tree instance
or the common and internal spanning tree instance, depending on the mstid parameter, to the default value,
i.e., a path cost value based on the Link Speed.
If you specify port-priority, this command sets the priority for this port within a specific multiple spanning tree
instance or the common and internal spanning tree instance, depending on the mstid parameter, to the default
value.
Format
no spanning-tree mst mstid {cost | port-priority}
Mode
Interface Config
September 2014
CLI Command Reference
Page 282
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
spanning-tree mst instance
This command adds a multiple spanning tree instance to the switch. The parameter mstid is a number within
a range of 1 to 4094, that corresponds to the new instance ID to be added. The maximum number of multiple
instances supported by the switch is 4.
Default
none
Format
spanning-tree mst instance mstid
Mode
Global Config
no spanning-tree mst instance
This command removes a multiple spanning tree instance from the switch and reallocates all VLANs allocated
to the deleted instance to the common and internal spanning tree. The parameter mstid is a number that
corresponds to the desired existing multiple spanning tree instance to be removed.
Format
no spanning-tree mst instance mstid
Mode
Global Config
spanning-tree mst priority
This command sets the bridge priority for a specific multiple spanning tree instance. The parameter mstid is a
number that corresponds to the desired existing multiple spanning tree instance. The priority value is a number
within a range of 0 to 61440.
If you specify 0 (defined as the default CIST ID) as the mstid, this command sets the Bridge Priority parameter
to a new value for the common and internal spanning tree. The bridge priority value is a number within a range
of 0 to 61440. The twelve least significant bits are masked according to the 802.1s specification. This causes the
priority to be rounded down to the next lower valid priority.
Default
32768
Format
spanning-tree mst priority mstid 0-61440
Mode
Global Config
no spanning-tree mst priority
This command sets the bridge priority for a specific multiple spanning tree instance to the default value. The
parameter mstid is a number that corresponds to the desired existing multiple spanning tree instance.
If 0 (defined as the default CIST ID) is passed as the mstid, this command sets the Bridge Priority parameter for
the common and internal spanning tree to the default value.
Format
no spanning-tree mst priority mstid
Mode
Global Config
September 2014
CLI Command Reference
Page 283
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
spanning-tree mst vlan
This command adds an association between a multiple spanning tree instance and one or more VLANs so that
the VLAN(s) are no longer associated with the common and internal spanning tree. The parameter mstid is a
multiple spanning tree instance identifier, in the range of 0 to 4094, that corresponds to the desired existing
multiple spanning tree instance. The vlanid can be specified as a single VLAN, a list, or a range of values. To
specify a list of VLANs, enter a list of VLAN IDs in the range 1 to 4093, each separated by a comma with no
spaces in between. To specify a range of VLANs, separate the beginning and ending VLAN ID with a dash (-).
Spaces and zeros are not permitted. The VLAN IDs may or may not exist in the system.
Format
spanning-tree mst vlan mstid vlanid
Mode
Global Config
no spanning-tree mst vlan
This command removes an association between a multiple spanning tree instance and one or more VLANs so
that the VLAN(s) are again associated with the common and internal spanning tree.
Format
no spanning-tree mst vlan mstid vlanid
Mode
Global Config
spanning-tree port mode
This command sets the Administrative Switch Port State for this port to enabled for use by spanning tree.
Default
enabled
Format
spanning-tree port mode
Mode
Interface Config
no spanning-tree port mode
This command sets the Administrative Switch Port State for this port to disabled, disabling the port for use by
spanning tree.
Format
no spanning-tree port mode
Mode
Interface Config
spanning-tree port mode all
This command sets the Administrative Switch Port State for all ports to enabled.
Default
enabled
Format
spanning-tree port mode all
Mode
Global Config
September 2014
CLI Command Reference
Page 284
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
no spanning-tree port mode all
This command sets the Administrative Switch Port State for all ports to disabled.
Format
no spanning-tree port mode all
Mode
Global Config
spanning-tree tcnguard
Use this command to enable TCN guard on the interface. When enabled, TCN Guard restricts the interface from
propagating any topology change information received through that interface.
Default
Enabled
Format
spanning-tree tcnguard
Mode
Interface Config
no spanning-tree tcnguard
This command resets the TCN guard status of the port to the default value.
Format
no spanning-tree tcnguard
Mode
Interface Config
spanning-tree transmit
This command sets the Bridge Transmit Hold Count parameter.
Default
6
Format
spanning-tree transmit hold-count
Mode
Global Config
Parameter
Description
hold-count
The Bridge Tx hold-count parameter. The value in an integer between 1 and 10.
September 2014
CLI Command Reference
Page 285
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
show spanning-tree
This command displays spanning tree settings for the common and internal spanning tree. The following
details are displayed.
Format
show spanning-tree
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Bridge Priority
Specifies the bridge priority for the Common and Internal Spanning tree (CST). The
value lies between 0 and 61440. It is displayed in multiples of 4096.
Bridge Identifier
The bridge identifier for the CST. It is made up using the bridge priority and the base
MAC address of the bridge.
Time Since Topology The amount of time that has passed since the topology of the spanning tree has
Change
changed since the device was last reset.
Topology Change
The number of times the topology of the spanning tree has changed.
Count
Topology Change in Indicates whether a topology change is in progress on any port assigned to the CST. If a
progress
change is in progress the value is True; otherwise, it is False.
Designated Root
The bridge identifier of the root bridge. It is made up from the bridge priority and the
base MAC address of the bridge.
Root Path Cost
Value of the Root Path Cost parameter for the common and internal spanning tree.
Root Port Identifier Identifier of the port to access the Designated Root for the CST
Bridge Port Max Age The amount of time a bridge waits before implementing a topological change.
Bridge Max Hops
Bridge max-hops count for the device.
Bridge TX Hold count The maximum number of BPDUs that a bridge is allowed to send within a hello time
window.
Bridge Forwarding The amount of time a bridge remains in a listening and learning state before forwarding
Delay
packets.
Hello Time
The amount of time the root bridge waits between sending hello BPDUs.
CST Regional Root
Bridge Identifier of the CST Regional Root. It is made up using the bridge priority and
the base MAC address of the bridge.
Regional Root Path Path Cost to the CST Regional Root.
Cost
Associated FIDs
List of forwarding database identifiers currently associated with this instance.
Associated VLANs
List of VLAN IDs currently associated with this instance.
Example: The following shows example CLI display output for the command.
(Routing) #show spanning-tree
Bridge Priority................................ 32768
Bridge Identifier.............................. 80:00:00:24:81:D0:1D:96
Time Since Topology Change..................... 0 day 8 hr 32 min 14 sec
September 2014
CLI Command Reference
Page 286
HP Moonshot Switch Module CLI Command Reference
Topology Change Count..........................
Topology Change in progress....................
Designated Root................................
Root Path Cost.................................
Root Port Identifier...........................
Bridge Max Age.................................
Bridge Max Hops................................
Bridge Tx Hold Count...........................
Bridge Forwarding Delay........................
Hello Time.....................................
Bridge Hold Time...............................
CST Regional Root..............................
Regional Root Path Cost........................
Associated FIDs
--------------1
Spanning Tree Protocol Commands
0
FALSE
80:00:00:24:81:D0:1D:96
0
00:00
20
20
6
15
2
6
80:00:00:24:81:D0:1D:96
0
Associated VLANs
---------------1
show spanning-tree brief
This command displays spanning tree settings for the bridge. The following information appears.
Format
show spanning-tree brief
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Bridge Priority
Configured value.
Bridge Identifier The bridge identifier for the selected MST instance. It is made up using the bridge priority
and the base MAC address of the bridge.
Bridge Max Age Configured value.
Bridge Max Hops Bridge max-hops count for the device.
Bridge Hello Time Configured value.
Bridge Forward Configured value.
Delay
Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs).
Example: The following shows example CLI display output for the command.
(Routing) #show spanning-tree brief
Bridge
Bridge
Bridge
Bridge
Bridge
Bridge
Bridge
Priority................................
Identifier..............................
Max Age.................................
Max Hops................................
Hello Time..............................
Forward Delay...........................
Hold Time...............................
September 2014
32768
80:00:00:10:18:48:FC:07
20
20
2
15
6
CLI Command Reference
Page 287
Spanning Tree Protocol Commands
HP Moonshot Switch Module CLI Command Reference
show spanning-tree interface
This command displays the settings and parameters for a specific switch port within the common and internal
spanning tree. The unit/slot/port is the desired switch port. Instead of unit/slot/port, lag lag-intf-num can
be used as an alternate way to specify the LAG interface. lag lag-intf-num can also be used to specify the LAG
interface where lag-intf-num is the LAG port number. The following details are displayed on execution of the
command.
Format
show spanning-tree interface unit/slot/port|lag lag-intf-num
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Hello Time
Port Mode
BPDU Guard Effect
Root Guard
Loop Guard
TCN Guard
Admin hello time for this port.
Enabled or disabled.
Enabled or disabled.
Enabled or disabled.
Enabled or disabled.
Enable or disable the propagation of received topology change notifications and
topology changes to other ports.
Enabled or disabled.
Enabled or disabled.
To enable or disable the feature that causes a port that has not seen a BPDU for edge
delay time, to become an edge port and transition to forwarding faster.
Time since port was reset, displayed in days, hours, minutes, and seconds.
BPDU Filter Mode
BPDU Flood Mode
Auto Edge
Port Up Time Since
Counters Last Cleared
STP BPDUs
Spanning Tree Protocol Bridge Protocol Data Units sent.
Transmitted
STP BPDUs Received Spanning Tree Protocol Bridge Protocol Data Units received.
RSTP BPDUs
Rapid Spanning Tree Protocol Bridge Protocol Data Units sent.
Transmitted
RSTP BPDUs Received Rapid Spanning Tree Protocol Bridge Protocol Data Units received.
MSTP BPDUs
Multiple Spanning Tree Protocol Bridge Protocol Data Units sent.
Transmitted
MSTP BPDUs Received Multiple Spanning Tree Protocol Bridge Protocol Data Units received.
Example: The following shows example CLI display output for the command.
(Routing) >show spanning-tree interface 1/0/1
Hello Time.....................................
Port Mode......................................
BPDU Guard Effect..............................
Root Guard.....................................
Loop Guard.....................................
September 2014
Not Configured
Enabled
Disabled
FALSE
FALSE
CLI Command Reference
Page 288
HP Moonshot Switch Module CLI Command Reference
TCN Guard......................................
BPDU Filter Mode...............................
BPDU Flood Mode................................
Auto Edge......................................
Port Up Time Since Counters Last Cleared.......
STP BPDUs Transmitted..........................
STP BPDUs Received.............................
RSTP BPDUs Transmitted.........................
RSTP BPDUs Received............................
MSTP BPDUs Transmitted.........................
MSTP BPDUs Received............................
Spanning Tree Protocol Commands
FALSE
Disabled
Disabled
TRUE
8 day 3 hr 39 min 58 sec
0
0
0
0
0
0
(Routing) >
Example: The following shows example CLI display output for the command.
(Routing) >show spanning-tree interface lag 1
Hello Time.....................................
Port Mode......................................
BPDU Guard Effect..............................
Root Guard.....................................
Loop Guard.....................................
TCN Guard......................................
BPDU Filter Mode...............................
BPDU Flood Mode................................
Auto Edge......................................
Port Up Time Since Counters Last Cleared.......
STP BPDUs Transmitted..........................
STP BPDUs Received.............................
RSTP BPDUs Transmitted.........................
RSTP BPDUs Received............................
MSTP BPDUs Transmitted.........................
MSTP BPDUs Received............................
Not Configured
Enabled
Disabled
FALSE
FALSE
FALSE
Disabled
Disabled
TRUE
8 day 3 hr 42 min 5 sec
0
0
0
0
0
0
(Routing) >
September 2014
CLI Command Reference
Page 289
Spanning Tree Protocol Commands
HP Moonshot Switch Module CLI Command Reference
show spanning-tree mst detailed
This command displays the detailed settings for an MST instance.
Format
show spanning-tree mst detailed mstid
Mode
• Privileged EXEC
• User EXEC
Term
Definition
MST Instance ID
MST Bridge Priority
The number that identifies the MST instance.
The bridge priority for the spanning-tree instance. This value affects the
likelihood that the bridge is selected as the root bridge. A lower value increases
the probability that the bridge is selected as the root bridge.
MST Bridge Identifier
A unique value that is automatically generated based on the bridge priority
value of the MSTI and the base MAC address of the bridge. When electing the
root bridge for an MST instance, if the bridge priorities for multiple bridges are
equal, the bridge with the lowest MAC address is elected as the root bridge.
Time Since Topology Change The amount of time that has passed since the topology of the spanning tree has
changed since the device was last reset.
Topology Change Count
The number of times the topology of the spanning tree has changed.
Topology Change in progress Indicates whether a topology change is in progress on any port assigned to the
MST. If a change is in progress the value is True; otherwise, it is False.
Designated Root
The bridge identifier of the root bridge. It is made up from the bridge priority
and the base MAC address of the bridge.
Root Path Cost
The path cost to the designated root for this MST instance. Traffic from a
connected device to the root bridge takes the least-cost path to the bridge. If the
value is 0, the cost is automatically calculated based on port speed.
Root Port Identifier
The port on the bridge with the least-cost path to the designated root for the
MST instance.
Associated FIDs
List of forwarding database identifiers currently associated with this instance.
Associated VLANs
List of VLAN IDs currently associated with this instance.
Example: The following shows example CLI display output for the command.
(Routing) >show spanning-tree mst detailed 0
MST Instance ID................................
MST Bridge Priority............................
MST Bridge Identifier..........................
Time Since Topology Change.....................
Topology Change Count..........................
Topology Change in progress....................
Designated Root................................
Root Path Cost.................................
Root Port Identifier...........................
Associated FIDs
---------------
September 2014
0
32768
80:00:00:10:18:48:FC:07
8 day 3 hr 47 min 7 sec
0
FALSE
80:00:00:10:18:48:FC:07
0
00:00
Associated VLANs
----------------
CLI Command Reference
Page 290
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
show spanning-tree mst port detailed
This command displays the detailed settings and parameters for a specific switch port within a particular
multiple spanning tree instance. The parameter mstid is a number that corresponds to the desired existing
multiple spanning tree instance. The unit/slot/port is the desired switch port. Instead of unit/slot/port, lag
lag-intf-num can be used as an alternate way to specify the LAG interface. lag lag-intf-num can also be used
to specify the LAG interface where lag-intf-num is the LAG port number.
Format
show spanning-tree mst port detailed mstid unit/slot/port|lag lag-intf-num
Mode
• Privileged EXEC
• User EXEC
Term
Definition
MST Instance ID
The ID of the existing multiple spanning tree (MST) instance identifier. The value is
0–4094.
Port Identifier
The port identifier for the specified port within the selected MST instance. It is
made up from the port priority and the interface number of the port.
Port Priority
The priority for a particular port within the selected MST instance. The port priority
is displayed in multiples of 16.
Port Forwarding State
Current spanning tree state of this port.
Port Role
Each enabled MST Bridge Port receives a Port Role for each spanning tree. The port
role is one of the following values: Root Port, Designated Port, Alternate Port,
Backup Port, Master Port or Disabled Port
Auto-Calculate Port Path Indicates whether auto calculation for port path cost is enabled.
Cost
Port Path Cost
Configured value of the Internal Port Path Cost parameter.
Designated Root
The Identifier of the designated root for this port.
Designated Port Cost
The path cost to get to the root bridge for this instance. The root path cost is zero if
the bridge is the root bridge for that instance.
Designated Bridge
Bridge Identifier of the bridge with the Designated Port.
Designated Port
Port on the Designated Bridge that offers the lowest cost to the LAN.
Identifier
Loop Inconsistent State The current loop inconsistent state of this port in this MST instance. When in loop
inconsistent state, the port has failed to receive BPDUs while configured with loop
guard enabled. Loop inconsistent state maintains the port in a blocking state until
a subsequent BPDU is received.
Transitions Into Loop
The number of times this interface has transitioned into loop inconsistent state.
Inconsistent State
Transitions Out of Loop The number of times this interface has transitioned out of loop inconsistent state.
Inconsistent State
September 2014
CLI Command Reference
Page 291
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
If you specify 0 (defined as the default CIST ID) as the mstid, this command displays the settings and parameters
for a specific switch port within the common and internal spanning tree. The unit/slot/port is the desired
switch port. In this case, the following are displayed.
Term
Definition
Port Identifier
Port Priority
Port Forwarding State
Port Role
Auto-Calculate Port Path
Cost
Port Path Cost
Auto-Calculate External
Port Path Cost
External Port Path Cost
The port identifier for this port within the CST.
The priority of the port within the CST.
The forwarding state of the port within the CST.
The role of the specified interface within the CST.
Indicates whether auto calculation for port path cost is enabled or not (disabled).
The configured path cost for the specified interface.
Indicates whether auto calculation for external port path cost is enabled.
The cost to get to the root bridge of the CIST across the boundary of the region.
This means that if the port is a boundary port for an MSTP region, then the
external path cost is used.
Designated Root
Identifier of the designated root for this port within the CST.
Root Path Cost
The root path cost to the LAN by the port.
Designated Bridge
The bridge containing the designated port.
Designated Port Identifier Port on the Designated Bridge that offers the lowest cost to the LAN.
Topology Change
Value of flag in next Configuration Bridge Protocol Data Unit (BPDU) transmission
Acknowledgement
indicating if a topology change is in progress for this port.
Hello Time
The hello time in use for this port.
Edge Port
The configured value indicating if this port is an edge port.
Edge Port Status
The derived value of the edge port status. True if operating as an edge port; false
otherwise.
Point To Point MAC Status Derived value indicating if this port is part of a point to point link.
CST Regional Root
The regional root identifier in use for this port.
CST Internal Root Path
The internal root path cost to the LAN by the designated external port.
Cost
Loop Inconsistent State The current loop inconsistent state of this port in this MST instance. When in loop
inconsistent state, the port has failed to receive BPDUs while configured with loop
guard enabled. Loop inconsistent state maintains the port in a blocking state until
a subsequent BPDU is received.
Transitions Into Loop
The number of times this interface has transitioned into loop inconsistent state.
Inconsistent State
Transitions Out of Loop The number of times this interface has transitioned out of loop inconsistent state.
Inconsistent State
September 2014
CLI Command Reference
Page 292
Spanning Tree Protocol Commands
HP Moonshot Switch Module CLI Command Reference
Example: The following shows example CLI display output for the command in unit/slot/port format.
(Routing) >show spanning-tree mst port detailed 0 1/0/1
Port Identifier................................
Port Priority..................................
Port Forwarding State..........................
Port Role......................................
Auto-calculate Port Path Cost..................
Port Path Cost.................................
Auto-Calculate External Port Path Cost.........
External Port Path Cost........................
Designated Root................................
Root Path Cost.................................
Designated Bridge..............................
Designated Port Identifier.....................
Topology Change Acknowledge....................
Hello Time.....................................
Edge Port......................................
Edge Port Status...............................
Point to Point MAC Status......................
CST Regional Root..............................
CST Internal Root Path Cost....................
Loop Inconsistent State........................
Transitions Into Loop Inconsistent State.......
Transitions Out Of Loop Inconsistent State.....
80:01
128
Disabled
Disabled
Enabled
0
Enabled
0
80:00:00:10:18:48:FC:07
0
80:00:00:10:18:48:FC:07
00:00
FALSE
2
FALSE
FALSE
TRUE
80:00:00:10:18:48:FC:07
0
FALSE
0
0
Example: The following shows example CLI display output for the command using MST ID 1 and a LAG
interface number.
(Routing) #show spanning-tree mst port detailed 1 lag 1
MST Instance ID................................
Port Identifier................................
Port Priority..................................
Port Forwarding State..........................
Port Role......................................
Auto-calculate Port Path Cost..................
Port Path Cost.................................
Designated Root................................
Designated Port Cost...........................
Designated Bridge..............................
Designated Port Identifier.....................
Loop Inconsistent State........................
Transitions Into Loop Inconsistent State.......
Transitions Out Of Loop Inconsistent State.....
September 2014
1
61:CD
96
Disabled
Disabled
Enabled
0
80:01:00:24:81:D0:1D:96
0
80:01:00:24:81:D0:1D:96
00:00
FALSE
0
0
CLI Command Reference
Page 293
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
show spanning-tree mst port summary
This command displays the settings of one or all ports within the specified multiple spanning tree instance. The
parameter mstid indicates a particular MST instance. The parameter {unit/slot/port|all} indicates the
desired switch port or all ports. Instead of unit/slot/port, lag lag-intf-num can be used as an alternate way
to specify the LAG interface. lag lag-intf-num can also be used to specify the LAG interface where lag-intfnum is the LAG port number.
If you specify 0 (defined as the default CIST ID) as the mstid, the status summary displays for one or all ports
within the common and internal spanning tree.
Format
show spanning-tree mst port summary mstid {unit/slot/port |lag lag-intf-num| all}
Mode
• Privileged EXEC
• User EXEC
Term
Definition
MST Instance ID
Interface
STP Mode
Type
STP State
Port Role
Desc
The MST instance associated with this port.
unit/slot/port
Indicates whether spanning tree is enabled or disabled on the port.
Currently not used.
The forwarding state of the port in the specified spanning tree instance.
The role of the specified port within the spanning tree.
Indicates whether the port is in loop inconsistent state or not. This field is blank if the loop
guard feature is not available.
Example: The following shows example CLI display output for the command in unit/slot/port format.
(Routing) >show spanning-tree mst port summary 0 1/0/1
MST Instance ID................................ CST
STP
STP
Port
Interface
Mode
Type
State
Role
Desc
--------- -------- ------- ----------------- ---------- ---------1/0/1
Enabled
Disabled
Disabled
Example: The following shows example CLI display output for the command using a LAG interface number.
(Routing) >show spanning-tree mst port summary 0 lag 1
MST Instance ID................................ CST
STP
STP
Port
Interface
Mode
Type
State
Role
Desc
--------- -------- ------- ----------------- ---------- ---------0/3/1
Enabled
Disabled
Disabled
September 2014
CLI Command Reference
Page 294
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
show spanning-tree mst port summary active
This command displays settings for the ports within the specified multiple spanning tree instance that are
active links.
Format
show spanning-tree mst port summary mstid active
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Interface
STP Mode
Type
STP State
Port Role
Desc
unit/slot/port
Indicates whether spanning tree is enabled or disabled on the port.
Currently not used.
The forwarding state of the port in the specified spanning tree instance.
The role of the specified port within the spanning tree.
Indicates whether the port is in loop inconsistent state or not. This field is blank if the loop
guard feature is not available.
Example: The following shows example CLI display output for the command.
(Routing) >show spanning-tree mst port summary 0 active
STP
STP
Port
Interface
Mode
Type
State
Role
Desc
--------- -------- ------- ----------------- ---------- ---------
show spanning-tree mst summary
This command displays summary information about all multiple spanning tree instances in the switch. On
execution, the following details are displayed.
Format
show spanning-tree mst summary
Mode
• Privileged EXEC
• User EXEC
Term
Definition
MST Instance ID List
For each MSTID:
• Associated FIDs
• Associated VLANs
List of multiple spanning trees IDs currently configured.
• List of forwarding database identifiers associated with this instance.
• List of VLAN IDs associated with this instance.
September 2014
CLI Command Reference
Page 295
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
show spanning-tree summary
This command displays spanning tree settings and parameters for the switch. The following details are
displayed on execution of the command.
show spanning-tree summary
Format
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Spanning Tree Adminmode
Spanning Tree Version
Enabled or disabled.
Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE
802.1d) based upon the Force Protocol Version parameter.
BPDU Guard Mode
Enabled or disabled.
BPDU Filter Mode
Enabled or disabled.
Configuration Name
Identifier used to identify the configuration currently being used.
Configuration Revision Level Identifier used to identify the configuration currently being used.
Configuration Digest Key
A generated Key used in the exchange of the BPDUs.
Configuration Format Selector Specifies the version of the configuration format being used in the exchange
of BPDUs. The default value is zero.
MST Instances
List of all multiple spanning tree instances configured on the switch.
Example: The following shows example CLI display output for the command.
(Routing) >show spanning-tree summary
Spanning Tree Adminmode...........
Spanning Tree Version.............
BPDU Guard Mode...................
BPDU Filter Mode..................
Configuration Name................
Configuration Revision Level......
Configuration Digest Key..........
Configuration Format Selector.....
No MST instances to display.
September 2014
Enabled
IEEE 802.1w
Disabled
Disabled
****
****
****
0
CLI Command Reference
Page 296
HP Moonshot Switch Module CLI Command Reference
Spanning Tree Protocol Commands
show spanning-tree vlan
This command displays the association between a VLAN and a multiple spanning tree instance. The vlanid
corresponds to an existing VLAN ID.
Format
show spanning-tree vlan vlanid
Mode
• Privileged EXEC
• User EXEC
Term
Definition
VLAN Identifier
Associated
Instance
The VLANs associated with the selected MST instance.
Identifier for the associated multiple spanning tree instance or “CST” if associated with the
common and internal spanning tree.
Example: The following shows example CLI display output for the command.
(Routing) >show spanning-tree vlan 1
VLAN Identifier................................ 1
Associated Instance............................ CST
September 2014
CLI Command Reference
Page 297
HP Moonshot Switch Module CLI Command Reference
VLAN Commands
VLAN Commands
This section describes the commands you use to configure VLAN settings.
vlan database
This command gives you access to the VLAN Config mode, which allows you to configure VLAN characteristics.
Format
vlan database
Mode
Privileged EXEC
network mgmt_vlan
This command configures the Management VLAN ID.
Default
1
Format
network mgmt_vlan 1-4093
Mode
Privileged EXEC
no network mgmt_vlan
This command sets the Management VLAN ID to the default.
Format
no network mgmt_vlan
Mode
Privileged EXEC
vlan
This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is
reserved for the default VLAN). VLAN range is 2-4093.
Format
vlan 2-4093
Mode
VLAN Config
no vlan
This command deletes an existing VLAN. The ID is a valid VLAN identification number (ID 1 is reserved for the
default VLAN). The VLAN range is 2-4093.
Format
no vlan 2-4093
Mode
VLAN Config
September 2014
CLI Command Reference
Page 298
HP Moonshot Switch Module CLI Command Reference
VLAN Commands
vlan acceptframe
This command sets the frame acceptance mode on an interface or range of interfaces. For vlanonly mode,
untagged frames or priority frames received on this interface are discarded. For all mode, untagged frames or
priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this
port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN
Specification. For the admituntaggedonly option, the interface discards any tagged frames it receives.
Default
all
Format
vlan acceptframe {admituntaggedonly | vlanonly | all}
Mode
Interface Config
no vlan acceptframe
This command resets the frame acceptance mode for the interface or range of interfaces to the default value.
Format
no vlan acceptframe
Mode
Interface Config
vlan ingressfilter
This command enables ingress filtering on an interface or range of interfaces. If ingress filtering is disabled,
frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted
and forwarded to ports that are members of that VLAN.
Default
disabled
Format
vlan ingressfilter
Mode
Interface Config
no vlan ingressfilter
This command disables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do
not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are
members of that VLAN.
Format
no vlan ingressfilter
Mode
Interface Config
September 2014
CLI Command Reference
Page 299
HP Moonshot Switch Module CLI Command Reference
VLAN Commands
vlan internal allocation
Use this command to configure which VLAN IDs to use for port-based routing interfaces. When a port-based
routing interface is created, an unused VLAN ID is assigned internally.
Format
vlan internal allocation {base vlan-id | policy ascending | policy decending}
Mode
Global Config
Parameter
Description
base vlan-id
policy ascending
The first VLAN ID to be assigned to a port-based routing interface.
VLAN IDs assigned to port-based routing interfaces start at the base and
increase in value
VLAN IDs assigned to port-based routing interfaces start at the base and
decrease in value
policy descending
vlan makestatic
This command changes a dynamically created VLAN (created by GVRP registration) to a static VLAN (one that
is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2-4093.
Format
vlan makestatic 2-4093
Mode
VLAN Config
vlan name
This command changes the name of a VLAN. The name is an alphanumeric string of up to 32 characters, and
the ID is a valid VLAN identification number. ID range is 1-4093.
Default
• VLAN ID 1 - default
• other VLANS - blank string
Format
vlan name 1-4093 name
Mode
VLAN Config
no vlan name
This command sets the name of a VLAN to a blank string.
Format
no vlan name 1-4093
Mode
VLAN Config
September 2014
CLI Command Reference
Page 300
HP Moonshot Switch Module CLI Command Reference
VLAN Commands
vlan participation
This command configures the degree of participation for a specific interface or range of interfaces in a VLAN.
The ID is a valid VLAN identification number, and the interface is a valid interface number.
Format
vlan participation {exclude | include | auto} 1-4093
Mode
Interface Config
Participation options are:
Options
Definition
include
exclude
auto
The interface is always a member of this VLAN. This is equivalent to registration fixed.
The interface is never a member of this VLAN. This is equivalent to registration forbidden.
The interface is dynamically registered in this VLAN by GVRP and will not participate in this VLAN
unless a join request is received on this interface. This is equivalent to registration normal.
vlan participation all
This command configures the degree of participation for all interfaces in a VLAN. The ID is a valid VLAN
identification number.
Format
vlan participation all {exclude | include | auto} 1-4093
Mode
Global Config
You can use the following participation options:
Participation
Options
include
exclude
auto
September 2014
Definition
The interface is always a member of this VLAN. This is equivalent to registration fixed.
The interface is never a member of this VLAN. This is equivalent to registration forbidden.
The interface is dynamically registered in this VLAN by GVRP. The interface will not
participate in this VLAN unless a join request is received on this interface. This is equivalent
to registration normal.
CLI Command Reference
Page 301
VLAN Commands
HP Moonshot Switch Module CLI Command Reference
vlan port acceptframe all
This command sets the frame acceptance mode for all interfaces.
Default
all
Format
vlan port acceptframe all { admituntaggedonly | all | vlanonly}
Mode
Global Config
The modes are defined as follows:
Mode
Definition
admituntaggedonly
all
VLAN-tagged and priority tagged frames received on this interface are discarded.
Untagged frames or priority frames received on this interface are accepted and
assigned the value of the interface VLAN ID for this port.
Untagged frames or priority frames received on this interface are discarded.
vlanonly
With both the all and vlanonly options, VLAN tagged frames are forwarded in accordance with the IEEE
802.1Q VLAN Specification.
no vlan port acceptframe all
This command sets the frame acceptance mode for all interfaces to Admit All. For Admit All mode, untagged
frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN
ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q
VLAN Specification
.
Format
no vlan port acceptframe all
Mode
Global Config
vlan port ingressfilter all
This command enables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN
IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports
that are members of that VLAN.
Default
disabled
Format
vlan port ingressfilter all
Mode
Global Config
September 2014
CLI Command Reference
Page 302
HP Moonshot Switch Module CLI Command Reference
VLAN Commands
no vlan port ingressfilter all
This command disables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN
IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports
that are members of that VLAN.
Format
no vlan port ingressfilter all
Mode
Global Config
vlan port priority all
This command configures the default 802.1p priority assigned to untagged packets arriving at the interface
(Interface Config mode) or on all interfaces (Global Config mode). The priority value range is 0–7.
Default
0
Format
vlan port priority all priority
Mode
Global Config
Interface Config
no vlan port priority all
This command sets the VLAN ID to the default value.
Format
no vlan port priority all
Mode
Global Config
Interface Config
vlan port pvid all
This command changes the VLAN ID for all interface.
Default
1
Format
vlan port pvid all 1-4093
Mode
Global Config
no vlan port pvid all
This command sets the VLAN ID for all interfaces to 1.
Format
no vlan port pvid all
Mode
Global Config
September 2014
CLI Command Reference
Page 303
HP Moonshot Switch Module CLI Command Reference
VLAN Commands
vlan port tagging all
This command configures the tagging behavior for all interfaces in a VLAN to enabled. If tagging is enabled,
traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID
is a valid VLAN identification number.
Format
vlan port tagging all 1-4093
Mode
Global Config
no vlan port tagging all
This command configures the tagging behavior for all interfaces in a VLAN to disabled. If tagging is disabled,
traffic is transmitted as untagged frames. The ID is a valid VLAN identification number.
Format
no vlan port tagging all
Mode
Global Config
vlan protocol group
This command adds protocol-based VLAN groups to the system. The groupid is a unique number from 1–128
that is used to identify the group in subsequent commands.
Format
vlan protocol group groupid
Mode
Global Config
vlan protocol group name
This command assigns a name to a protocol-based VLAN groups. The groupname variable can be a character
string of 0 to 16 characters.
Format
vlan protocol group name groupid groupname
Mode
Global Config
no vlan protocol group name
This command removes the name from the group identified by groupid.
Format
no vlan protocol group name groupid
Mode
Global Config
September 2014
CLI Command Reference
Page 304
VLAN Commands
HP Moonshot Switch Module CLI Command Reference
vlan protocol group add protocol
This command adds the protocol to the protocol-based VLAN identified by groupid. A group may have more
than one protocol associated with it. Each interface and protocol combination can only be associated with one
group. If adding a protocol to a group causes any conflicts with interfaces currently associated with the group,
this command fails and the protocol is not added to the group. The possible values for protocol are The
possible values for protocol-list includes the keywords ip, arp, and ipx and hexadecimal or decimal values
ranging from 0x0600 (1536) to 0xFFFF (65535). The protocol list can accept up to 16 protocols separated by a
comma.
Default
none
Format
vlan protocol group add protocol groupid ethertype protocol-list
Mode
Global Config
no vlan protocol group add protocol
This command removes the protocols specified in the protocol-list from this protocol-based VLAN group
that is identified by this groupid.
Format
no vlan protocol group add protocol groupid ethertype protocol-list
Mode
Global Config
protocol group
This command attaches a vlanid to the protocol-based VLAN identified by groupid. A group may only be
associated with one VLAN at a time, however the VLAN association can be changed.
Default
none
Format
protocol group groupid vlanid
Mode
VLAN Config
no protocol group
This command removes the vlanid from this protocol-based VLAN group that is identified by this groupid.
Format
no protocol group groupid vlanid
Mode
VLAN Config
September 2014
CLI Command Reference
Page 305
HP Moonshot Switch Module CLI Command Reference
VLAN Commands
protocol vlan group
This command adds a physical interface or a range of interfaces to the protocol-based VLAN identified by
groupid. You can associate multiple interfaces with a group, but you can only associate each interface and
protocol combination with one group. If adding an interface to a group causes any conflicts with protocols
currently associated with the group, this command fails and the interface(s) are not added to the group.
Default
none
Format
protocol vlan group groupid
Mode
Interface Config
no protocol vlan group
This command removes the interface from this protocol-based VLAN group that is identified by this groupid.
Format
no protocol vlan group groupid
Mode
Interface Config
protocol vlan group all
This command adds all physical interfaces to the protocol-based VLAN identified by groupid. You can associate
multiple interfaces with a group, but you can only associate each interface and protocol combination with one
group. If adding an interface to a group causes any conflicts with protocols currently associated with the group,
this command will fail and the interface(s) will not be added to the group.
Default
none
Format
protocol vlan group all groupid
Mode
Global Config
no protocol vlan group all
This command removes all interfaces from this protocol-based VLAN group that is identified by this groupid.
Format
no protocol vlan group all groupid
Mode
Global Config
September 2014
CLI Command Reference
Page 306
HP Moonshot Switch Module CLI Command Reference
VLAN Commands
show port protocol
This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated
group.
Format
show port protocol {groupid | all}
Mode
Privileged EXEC
Term
Definition
Group Name
Group ID
VLAN
Protocol(s)
Interface(s)
The group name of an entry in the Protocol-based VLAN table.
The group identifier of the protocol group.
The VLAN associated with this Protocol Group.
The type of protocol(s) for this group.
Lists the unit/slot/port interface(s) that are associated with this Protocol Group.
vlan pvid
This command changes the VLAN ID on an interface or range of interfaces.
Default
1
Format
vlan pvid 1-4093
Mode
Interface Config
Interface Range Config
no vlan pvid
This command sets the VLAN ID on an interface or range of interfaces to 1.
Format
no vlan pvid
Mode
Interface Config
vlan tagging
This command configures the tagging behavior for a specific interface or range of interfaces in a VLAN to
enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted
as untagged frames. The ID is a valid VLAN identification number.
Format
vlan tagging 1-4093
Mode
• Interface Config
September 2014
CLI Command Reference
Page 307
HP Moonshot Switch Module CLI Command Reference
VLAN Commands
no vlan tagging
This command configures the tagging behavior for a specific interface or range of interfaces in a VLAN to
disabled. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification
number.
Format
no vlan tagging 1-4093
Mode
• Interface Config
vlan association subnet
This command associates a VLAN to a specific IP-subnet.
Format
vlan association subnet ipaddr netmask vlanid
Mode
VLAN Config
no vlan association subnet
This command removes association of a specific IP-subnet to a VLAN.
Format
no vlan association subnet ipaddr netmask
Mode
VLAN Config
vlan association mac
This command associates a MAC address to a VLAN.
Format
vlan association mac macaddr vlanid
Mode
VLAN database
no vlan association mac
This command removes the association of a MAC address to a VLAN.
Format
no vlan association mac macaddr
Mode
VLAN database
September 2014
CLI Command Reference
Page 308
HP Moonshot Switch Module CLI Command Reference
VLAN Commands
remote-span
This command configures a VLAN as the Remote Switched Port Analyzer (RSPAN) VLAN. RSPAN allows you to
mirror traffic from multiple source ports (or from all ports that are members of a VLAN) from different network
devices and send the mirrored traffic to a destination port (a probe port connected to a network analyzer) on
a remote device. The mirrored traffic is tagged with the RSPAN VLAN ID and transmitted over trunk ports in the
RSPAN VLAN..
Default
None
Format
remote-span
Mode
VLAN configuration
Example:
The following command sequence configures VLAN 100 as the RSPAN VLAN.
(Routing) #configure
(Routing) (Config)#vlan 100
(Routing) (Config)(Vlan 1)#remote-span
show vlan
This command displays information about the VLANs configured on the device. When you include the VLAN ID,
the command shows information about the VLAN member ports and their tagging.
Format
show vlan [vlanid]
Mode
• Privileged EXEC
• User EXEC
The following table shows the fields that display when you issue the show vlan command without any
parameters.
Term
Definition
Maximum VLAN
Entries
VLAN Entries
Currently in Use
VLAN ID
VLAN Name
The maximum number of VLANs that can exist on the device.
VLAN Type
September 2014
The number of VLANs that are the switch is using.
The VLAN identifier (VID) associated with each VLAN.
A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric
characters long, including blanks. The default is blank. VLAN ID 1 always has a name of
Default. This field is optional.
Type of VLAN, which can be Default (VLAN ID = 1) or static (one that is configured and
permanently defined), or Dynamic. A dynamic VLAN can be created by GVRP registration
or during the 802.1X authentication process (DOT1X) if a RADIUS-assigned VLAN does not
exist on the switch.
CLI Command Reference
Page 309
VLAN Commands
HP Moonshot Switch Module CLI Command Reference
The following table shows the fields that display when you issue the show vlan command and include the VLAN
ID.
Term
Definition
VLAN ID
VLAN Name
The VLAN identifier (VID) associated with each VLAN. The range of the VLAN ID is 1 to 4093.
A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric
characters long, including blanks. The default is blank. VLAN ID 1 always has a name of
Default. This field is optional.
Type of VLAN, which can be Default (VLAN ID = 1) or static (one that is configured and
permanently defined), or Dynamic. A dynamic VLAN can be created by GVRP registration
or during the 802.1X authentication process (DOT1X) if a RADIUS-assigned VLAN does not
exist on the switch.
unit/slot/port. It is possible to set the parameters for all ports by using the selectors on the
top line.
The degree of participation of this port in this VLAN. The permissible values are:
• Include - This port is always a member of this VLAN. This is equivalent to registration
fixed in the IEEE 802.1Q standard.
• Exclude - This port is never a member of this VLAN. This is equivalent to registration
forbidden in the IEEE 802.1Q standard.
• Autodetect - To allow the port to be dynamically registered in this VLAN via GVRP. The
port will not participate in this VLAN unless a join request is received on this port. This
is equivalent to registration normal in the IEEE 802.1Q standard.
The configured degree of participation of this port in this VLAN. The permissible values are:
• Include - This port is always a member of this VLAN. This is equivalent to registration
fixed in the IEEE 802.1Q standard.
• Exclude - This port is never a member of this VLAN. This is equivalent to registration
forbidden in the IEEE 802.1Q standard.
• Autodetect - To allow the port to be dynamically registered in this VLAN via GVRP. The
port will not participate in this VLAN unless a join request is received on this port. This
is equivalent to registration normal in the IEEE 802.1Q standard.
The tagging behavior for this port in this VLAN.
• Tagged - Transmit traffic for this VLAN as tagged frames.
• Untagged - Transmit traffic for this VLAN as untagged frames.
VLAN Type
Interface
Current
Configured
Tagging
Example: The following shows examples of the CLI display output for the commands.
(Routing) #show vlan 1
VLAN ID: 1
VLAN Name: default
VLAN Type: Default
Interface
---------1/0/1
1/0/2
1/0/3
1/0/4
1/0/5
Current
-------Include
Include
Include
Include
Include
September 2014
Configured
----------Include
Include
Include
Include
Include
Tagging
-------Untagged
Untagged
Untagged
Untagged
Untagged
CLI Command Reference
Page 310
HP Moonshot Switch Module CLI Command Reference
VLAN Commands
show vlan internal usage
This command displays information about the VLAN ID allocation on the switch.
Format
show vlan internal usage
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Base VLAN ID
Identifies the base VLAN ID for Internal allocation of VLANs to the routing interface.
Allocation policy Identifies whether the system allocates VLAN IDs in ascending or descending order.
show vlan brief
This command displays a list of all configured VLANs.
Format
show vlan brief
Mode
• Privileged EXEC
• User EXEC
Term
Definition
VLAN ID
There is a VLAN Identifier (vlanid) associated with each VLAN. The range of the VLAN ID is
1 to 4093.
A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric
characters long, including blanks. The default is blank. VLAN ID 1 always has a name of
“Default.” This field is optional.
Type of VLAN, which can be Default (VLAN ID = 1) or static (one that is configured and
permanently defined), or a Dynamic (one that is created by GVRP registration).
VLAN Name
VLAN Type
show vlan port
This command displays VLAN port information.
Format
show vlan port {unit/slot/port | all}
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Interface
Port VLAN ID
The interface associated with the desired information.
The VLAN ID that this port will assign to untagged frames or priority tagged frames received
on this port. The value must be for an existing VLAN. The factory default is 1.
September 2014
CLI Command Reference
Page 311
HP Moonshot Switch Module CLI Command Reference
Term
VLAN Commands
Definition
Acceptable Frame The types of frames that may be received on this port. The options are 'VLAN only' and
Types
'Admit All'. When set to 'VLAN only', untagged frames or priority tagged frames received
on this port are discarded. When set to 'Admit All', untagged frames or priority tagged
frames received on this port are accepted and assigned the value of the Port VLAN ID for
this port. With either option, VLAN tagged frames are forwarded in accordance to the
802.1Q VLAN specification.
Ingress Filtering May be enabled or disabled. When enabled, the frame is discarded if this port is not a
member of the VLAN with which this frame is associated. In a tagged frame, the VLAN is
identified by the VLAN ID in the tag. In an untagged frame, the VLAN is the Port VLAN ID
specified for the port that received this frame. When disabled, all frames are forwarded in
accordance with the 802.1Q VLAN bridge specification. The factory default is disabled.
GVRP
May be enabled or disabled.
Default Priority The 802.1p priority assigned to tagged packets arriving on the port.
show vlan association subnet
This command displays the VLAN associated with a specific configured IP-Address and net mask. If no IP
address and net mask are specified, the VLAN associations of all the configured IP-subnets are displayed.
Format
show vlan association subnet [ipaddr netmask]
Mode
Privileged EXEC
Term
Definition
IP Address
Net Mask
VLAN ID
The IP address assigned to each interface.
The subnet mask.
There is a VLAN Identifier (VID) associated with each VLAN.
show vlan association mac
This command displays the VLAN associated with a specific configured MAC address. If no MAC address is
specified, the VLAN associations of all the configured MAC addresses are displayed.
Format
show vlan association mac [macaddr]
Mode
Privileged EXEC
Term
Definition
Mac Address
A MAC address for which the switch has forwarding and or filtering information. The format
is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes.
There is a VLAN Identifier (VID) associated with each VLAN.
VLAN ID
September 2014
CLI Command Reference
Page 312
HP Moonshot Switch Module CLI Command Reference
Double VLAN Commands
Double VLAN Commands
This section describes the commands you use to configure double VLAN (DVLAN). Double VLAN tagging is a way
to pass VLAN traffic from one customer domain to another through a Metro Core in a simple and cost effective
manner. The additional tag on the traffic helps differentiate between customers in the MAN while preserving
the VLAN identification of the individual customers when they enter their own 802.1Q domain.
dvlan-tunnel ethertype (Global Config)
This command configures the EtherType for all interfaces. The two-byte hex ethertype is used EtherType the
first 16 bits of the DVLAN tag. The EtherType may have the values of EtherType.1Q , vman, or custom. If the
ethertype has an optional value of custom, then it is a custom tunnel value, and EtherType must be set to a
value in the range of 1 to 65535.
Default
vman
Format
dvlan-tunnel ethertype {802.1Q | custom 1-65535 | vman }
Mode
Global Config
Parameter
Description
802.1Q
custom
vman
Configure the ethertype as 0x8100.
Configure the value of the custom tag in the range from 1 to 65535.
Represents the commonly used value of 0x88A8.
dvlan-tunnel ethertype primary-tpid
Use this command to create a new TPID and associate it with the next available TPID register. If no TPID
registers are empty, the system returns an error to the user. Specifying the optional keyword [primary–tpid]
forces the TPID value to be configured as the default TPID at index 0.
Format
dvlan-tunnel ethertype {802.1Q | vman | custom 0–65535} [primary-tpid]
Mode
Global Config
Parameter
Description
802.1Q
custom
vman
Configure the ethertype as 0x8100.
Configure the value of the custom tag in the range from 0 to 65535.
Represents the commonly used value of 0x88A8.
September 2014
CLI Command Reference
Page 313
HP Moonshot Switch Module CLI Command Reference
Double VLAN Commands
no dvlan-tunnel ethertype default–tpid
Use the no form of the command to set the TPID register to 0. (At initialization, all TPID registers will be set to
their default values.)
Format
no dvlan-tunnel ethertype {802.1Q | vman | custom 0–65535} [default-tpid]
Mode
Global Config
mode dot1q-tunnel
This command is used to enable Double VLAN Tunneling on the specified interface.
Default
disabled
Format
mode dot1q-tunnel
Mode
Interface Config
no mode dot1q-tunnel
This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN
Tunneling is disabled.
Format
no mode dot1q-tunnel
Mode
Interface Config
mode dvlan-tunnel
Use this command to enable Double VLAN Tunneling on the specified interface.
Note: When you use the mode dvlan-tunnel command on an interface, it becomes a service provider
port. Ports that do not have double VLAN tunneling enabled are customer ports.
Default
disabled
Format
mode dvlan-tunnel
Mode
Interface Config
no mode dvlan-tunnel
This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN
Tunneling is disabled.
Format
no mode dvlan-tunnel
Mode
Interface Config
September 2014
CLI Command Reference
Page 314
HP Moonshot Switch Module CLI Command Reference
Double VLAN Commands
show dot1q-tunnel
Use this command without the optional parameters to display all interfaces enabled for Double VLAN
Tunneling. Use the optional parameters to display detailed information about Double VLAN Tunneling for the
specified interface or all interfaces.
Format
show dot1q-tunnel [interface {unit/slot/port | all}]
Mode
• Privileged EXEC
• User EXEC
If you do not use the optional interface parameter, the information in the following table displays.
Term
Definition
Primary TPID
The two-byte hex EtherType value to be used as the first 16 bits of the DVLAN tag. The
value configured in this field is used as the primary TPID for all interfaces that are
enabled for DVLAN tagging.
Secondary TPIDs
The two-byte hex EtherType values available to be configured as secondary TPIDs.
configured
Only the options you configure as Secondary TPIDs can be selected as the Primary
TPID.
Interfaces Enabled for The interface number of each interface configured for DVLAN tunneling.
DVLAN Tunneling
If you use the optional interface parameter, the following information displays for the specified interface or
for all interfaces.
Term
Definition
Interface
Mode
unit/slot/port
The administrative mode through which Double VLAN Tunneling can be enabled or
disabled. The default value for this field is disabled.
A 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are three
different EtherType tags. The first is 802.1Q, which represents the commonly used value of
0x8100. The second is vMAN, which represents the commonly used value of 0x88A8. If
EtherType is not one of these two values, then it is a custom tunnel value, representing any
value in the range of 0 to 65535.
EtherType
September 2014
CLI Command Reference
Page 315
HP Moonshot Switch Module CLI Command Reference
Double VLAN Commands
show dvlan-tunnel
Use this command without the optional parameters to display all interfaces enabled for Double VLAN
Tunneling. Use the optional parameters to display detailed information about Double VLAN Tunneling for the
specified interface or all interfaces.
Format
show dvlan-tunnel [interface {unit/slot/port| all | lag lag-intf-num}]
Mode
• Privileged EXEC
• User EXEC
If you do not use the optional interface parameter, the information in the following table displays.
Term
Definition
Primary TPID
The two-byte hex EtherType value to be used as the first 16 bits of the DVLAN tag. The
value configured in this field is used as the primary TPID for all interfaces that are
enabled for DVLAN tagging.
Secondary TPIDs
The two-byte hex EtherType values available to be configured as secondary TPIDs.
configured
Only the options you configure as Secondary TPIDs can be selected as the Primary
TPID.
Interfaces Enabled for The interface number of each interface configured for DVLAN tunneling.
DVLAN Tunneling
If you use the optional interface parameter, the following information displays for the specified interface or
for all interfaces.
Term
Definition
Interface
Mode
unit/slot/port
The administrative mode through which Double VLAN Tunneling can be enabled or
disabled. The default value for this field is disabled.
A 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are three
different EtherType tags. The first is 802.1Q, which represents the commonly used value of
0x8100. The second is vMAN, which represents the commonly used value of 0x88A8. If
EtherType is not one of these two values, then it is a custom tunnel value, representing any
value in the range of 0 to 65535.
EtherType
Example: The following shows examples of the CLI display output for the commands.
(Routing) #show dvlan-tunnel
TPIDs Configured............................... 0x88a8
Default TPID................................... 0x88a8
Interfaces Enabled for DVLAN Tunneling......... None
(Routing)#show dvlan-tunnel interface 1/0/1
Interface Mode
EtherType
--------- ------- -----------1/0/1
Disable 0x88a8
September 2014
CLI Command Reference
Page 316
HP Moonshot Switch Module CLI Command Reference
Private VLAN Commands
Private VLAN Commands
This section describes the commands you use for private VLANs. Private VLANs provides Layer 2 isolation
between ports that share the same broadcast domain. In other words, it allows a VLAN broadcast domain to
be partitioned into smaller point-to-multipoint sub-domains. The ports participating in a private VLAN can be
located anywhere in the Layer 2 network.
switchport private-vlan
This command defines a private-VLAN association for an isolated or community port or a mapping for a
promiscuous port.
Format
switchport private-vlan {host-association primary-vlan-id secondary-vlan-id | mapping
primary-vlan-id {add | remove} secondary-vlan-list}
Mode
Interface Config
Parameter
Description
host-association Defines the VLAN association for community or host ports.
mapping
Defines the private VLAN mapping for promiscuous ports.
primary-vlan-id Primary VLAN ID of a private VLAN.
secondary-vlan-id Secondary (isolated or community) VLAN ID of a private VLAN.
add
Associates the secondary VLAN with the primary one.
remove
Deletes the secondary VLANs from the primary VLAN association.
secondary-vlan- A list of secondary VLANs to be mapped to a primary VLAN.
list
no switchport private-vlan
This command removes the private-VLAN association or mapping from the port.
Format
no switchport private-vlan {host-association|mapping}
Mode
Interface Config
September 2014
CLI Command Reference
Page 317
HP Moonshot Switch Module CLI Command Reference
Private VLAN Commands
switchport mode private-vlan
This command configures a port as a promiscuous or host private VLAN port. Note that the properties of each
mode can be configured even when the switch is not in that mode. However, they will only be applicable once
the switch is in that particular mode.
Default
general
Format
switchport mode private-vlan {host|promiscuous}
Mode
Interface Config
Parameter
Description
host
Configures an interface as a private VLAN host port. It can be either isolated or community
port depending on the secondary VLAN it is associated with.
Configures an interface as a private VLAN promiscuous port. The promiscuous ports are
members of the primary VLAN.
promiscuous
no switchport mode private-vlan
This command removes the private-VLAN association or mapping from the port.
Format
no switchport mode private-vlan
Mode
Interface Config
private-vlan
This command configures the private VLANs and configures the association between the primary private VLAN
and secondary VLANs.
Format
private-vlan {association [add|remove] secondary-vlanlist|community|isolated|primary}
Mode
VLAN Config
Parameter
Description
association
secondary-vlan-list
community
isolated
primary
Associates the primary and secondary VLAN.
A list of secondary VLANs to be mapped to a primary VLAN.
Designates a VLAN as a community VLAN.
Designates a VLAN as the isolated VLAN.
Designates a VLAN as the primary VLAN.
September 2014
CLI Command Reference
Page 318
HP Moonshot Switch Module CLI Command Reference
Private VLAN Commands
no private-vlan
This command restores normal VLAN configuration.
Format
no private-vlan {association}
Mode
VLAN Config
show vlan private-vlan
This command displays information about the configured private VLANs, including primary and secondary
VLAN IDs, type (community, isolated, or primary) and the ports which belong to a private VLAN.
Format
show vlan private-vlan [type]
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Primary
Secondary
Type
Ports
Primary VLAN identifier. The range of the VLAN ID is 1 to 4093.
Secondary VLAN identifier.
Secondary VLAN type (community, isolated, or primary).
Ports which are associated with a private VLAN.
September 2014
CLI Command Reference
Page 319
HP Moonshot Switch Module CLI Command Reference
Provisioning (IEEE 802.1p) Commands
Provisioning (IEEE 802.1p) Commands
This section describes the commands you use to configure provisioning (IEEE 802.1p,) which allows you to
prioritize ports.
vlan port priority all
This command configures the port priority assigned for untagged packets for all ports presently plugged into
the device. The range for the priority is 0-7. Any subsequent per port configuration will override this
configuration setting.
Format
vlan port priority all priority
Mode
Global Config
vlan priority
This command configures the default 802.1p port priority assigned for untagged packets for a specific interface.
The range for the priority is 0–7.
Default
0
Format
vlan priority priority
Mode
Interface Config
September 2014
CLI Command Reference
Page 320
HP Moonshot Switch Module CLI Command Reference
Cut-Through (ASF) Commands
Cut-Through (ASF) Commands
The Cut-through Mode (or Alternative Store and Forward Mode, ASF) feature allows the switch to operate in a
mode such that the egress pipeline begins transmitting a packet before the ingress pipeline has completely
received the entire packet. Enabling this mode decreases latency for large packets.
Alternate Store and forward (ASF) reduces latency for larger packets. In this mode, the MMU is allowed to
forward a packet to the egress port before it has been entirely received in the Cell Buffer Pool (CBP) memory.
These switch devices provide a threshold to define how many cells must be received before the MMU is
allowed to dispatch a packet to the egress.
cut-through mode
Use this command to enable or disable cut-through mode on the switch. If you change the mode, you must
reload the switch for the mode to take effect.
Default
Disabled
Format
cut-through mode
Mode
Global Config
no cut-through mode
This command resets the cut-through mode to the default value.
Format
no cut-through mode
Mode
Global Config
show cut-through mode
Use this command to view the current and configured status of cut-through mode.
Format
show cut-through mode
Mode
Global Config
Term
Definition
Current mode
The current administrative mode of the cut-through feature.
Configured mode The mode that will become the current mode the next time the switch boots.
Example: The following shows example CLI display output for the command.
(Routing) #show cut-through mode
Current mode
:Disable
Configured mode :Enable (This mode is effective on next reload)
September 2014
CLI Command Reference
Page 321
HP Moonshot Switch Module CLI Command Reference
Asymmetric Flow Control
Asymmetric Flow Control
Note: Asymmetric Flow Control can only be configured globally for all ports.
When in asymmetric flow control mode, the switch responds to PAUSE frames received from a peer by stopping
packet transmission, but the switch does not initiate MAC control PAUSE frames.
When you configure the switch in asymmetric flow control (or no flow control mode), the device is placed in
egress drop mode. Egress drop mode maximizes the throughput of the system at the expense of packet loss in
a heavily congested system, and this mode avoids head-of-line blocking.
flowcontrol {symmetric|asymmetric}
Use this command to enable or disable the symmetric or asymmetric flow control on the switch. Asymmetric
here means that Tx Pause can never be enabled. Only Rx Pause can be enabled.
Default
Flow control is disabled.
Format
flowcontrol {symmetric|asymmetric}
Mode
Global Config
no flowcontrol {symmetric|asymmetric}
Use the no form of this command to disable symmetric or asymmetric flow control.
Format
no flowcontrol {symmetric|asymmetric}
Mode
Global Config
September 2014
CLI Command Reference
Page 322
Asymmetric Flow Control
HP Moonshot Switch Module CLI Command Reference
show flowcontrol
Use this command to display the IEEE 802.3 Annex 31B flow control settings and status for a specific interface
or all interfaces. The command also displays 802.3 Tx and Rx pause counts. Priority Flow Control frames counts
are not displayed. If the port is enabled for priority flow control, operational flow control status is displayed as
Inactive. Operational flow control status for stacking ports is always displayed as N/A.
Format
show flowcontrol [unit/slot/port]
Mode
Privileged Exec
Term
Definition
Admin Flow Control
Intf
Flow Control Oper
The administrative mode of 802.3 flow control on the switch.
The interface associated with the rest of the data in the row.
The operational mode of 802.3 flow control on the interface, which is either active or
inactive.
The administrative mode of 802.3 flow control on the interface.
The number of pause frames received by the interface.
The number of pause frames the interface has transmitted.
Flow Control Mode
RxPause
TxPause
Example: The following shows example CLI display output for the command.
(Routing) #show flowcontrol
Admin Flow Control:
Intf
------1/0/1
1/0/2
1/0/3
1/0/4
1/0/5
1/0/6
1/0/7
1/0/8
Flow Control
Oper
-----------Inactive
Inactive
Inactive
Inactive
Inactive
Inactive
Inactive
Inactive
September 2014
Inactive
Flow Control
Mode
-----------Disable
Disable
Disable
Disable
Disable
Disable
Disable
Disable
RxPause
TxPause
-------0
0
0
0
0
0
0
0
-------0
0
0
0
0
0
0
0
CLI Command Reference
Page 323
HP Moonshot Switch Module CLI Command Reference
Protected Ports Commands
Protected Ports Commands
This section describes commands you use to configure and view protected ports on a switch. Protected ports
do not forward traffic to each other, even if they are on the same VLAN. However, protected ports can forward
traffic to all unprotected ports in their group. Unprotected ports can forward traffic to both protected and
unprotected ports. Ports are unprotected by default.
If an interface is configured as a protected port, and you add that interface to a Port Channel or Link
Aggregation Group (LAG), the protected port status becomes operationally disabled on the interface, and the
interface follows the configuration of the LAG port. However, the protected port configuration for the interface
remains unchanged. Once the interface is no longer a member of a LAG, the current configuration for that
interface automatically becomes effective.
switchport protected (Global Config)
Use this command to create a protected port group. The groupid parameter (range 0–2) identifies the set of
protected ports. Use the name name pair to assign a name to the protected port group. The name can be up to
32 alphanumeric characters long, including blanks. The default is blank.
Note: Port protection occurs within a single switch. Protected port configuration does not affect
traffic between ports on two different switches. No traffic forwarding is possible between two
protected ports.
Default
unprotected
Format
switchport protected groupid name name
Mode
Global Config
no switchport protected (Global Config)
Use this command to remove a protected port group. The groupid parameter identifies the set of protected
ports. The name keyword specifies the name to remove from the group.
Format
no switchport protected groupid name
Mode
Global Config
September 2014
CLI Command Reference
Page 324
HP Moonshot Switch Module CLI Command Reference
Protected Ports Commands
switchport protected (Interface Config)
Use this command to add an interface to a protected port group. The groupid parameter identifies the set of
protected ports to which this interface is assigned. You can only configure an interface as protected in one
group.
Note: Port protection occurs within a single switch. Protected port configuration does not affect
traffic between ports on two different switches. No traffic forwarding is possible between two
protected ports.
Default
unprotected
Format
switchport protected groupid
Mode
Interface Config
no switchport protected (Interface Config)
Use this command to configure a port as unprotected. The groupid parameter identifies the set of protected
ports to which this interface is assigned.
Format
no switchport protected groupid
Mode
Interface Config
show switchport protected
This command displays the status of the interfaces configured as members of the protected port group
specified by the groupid.
Format
show switchport protected groupid
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Name
An optional name of the protected port group. The name can be up to 32 alphanumeric
characters long, including blanks. The default is blank.
The ports that are configured as protected for the group identified with groupid. If no port
is configured as protected for this group, this field is blank.
Member Ports
September 2014
CLI Command Reference
Page 325
HP Moonshot Switch Module CLI Command Reference
GARP Commands
show interfaces switchport
This command displays the status of the interface (protected/unprotected) under the groupid.
Format
show interfaces switchport unit/slot/port groupid
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Protected Port
Indicates whether the interface is protected or not. It shows TRUE or FALSE. If the group is
a multiple groups then it shows TRUE in Group groupid.
GARP Commands
This section describes the commands you use to configure Generic Attribute Registration Protocol (GARP) and
view GARP status. The commands in this section affect both GARP VLAN Registration Protocol (GVRP) and
GARP Multicast Registration Protocol (GMRP). GARP is a protocol that allows client stations to register with the
switch for membership in VLANS (by using GVMP) or multicast groups (by using GVMP).
set garp timer join
This command sets the GVRP join time per GARP for one interface, a range of interfaces, or all interfaces. Join
time is the interval between the transmission of GARP Protocol Data Units (PDUs) registering (or re-registering)
membership for a VLAN or multicast group. This command has an effect only when GVRP is enabled. The time
is from 10 to 100 (centiseconds). The value 20 centiseconds is 0.2 seconds.
Default
20
Format
set garp timer join 10-100
Mode
• Interface Config
• Global Config
no set garp timer join
This command sets the GVRP join time to the default and only has an effect when GVRP is enabled.
Format
no set garp timer join
Mode
• Interface Config
• Global Config
September 2014
CLI Command Reference
Page 326
HP Moonshot Switch Module CLI Command Reference
GARP Commands
set garp timer leave
This command sets the GVRP leave time for one interface, a range of interfaces, or all interfaces or all ports and
only has an effect when GVRP is enabled. Leave time is the time to wait after receiving an unregister request
for a VLAN or a multicast group before deleting the VLAN entry. This can be considered a buffer time for
another station to assert registration for the same attribute in order to maintain uninterrupted service. The
leave time is 20 to 600 (centiseconds). The value 60 centiseconds is 0.6 seconds. The leave time must be greater
than or equal to three times the join time.
Default
60
Format
set garp timer leave 20-600
Mode
• Interface Config
• Global Config
no set garp timer leave
This command sets the GVRP leave time on all ports or a single port to the default and only has an effect when
GVRP is enabled.
Format
no set garp timer leave
Mode
• Interface Config
• Global Config
set garp timer leaveall
This command sets how frequently Leave All PDUs are generated. A Leave All PDU indicates that all
registrations will be unregistered. Participants would need to rejoin in order to maintain registration. The value
applies per port and per GARP participation. The time may range from 200 to 6000 (centiseconds). The value
1000 centiseconds is 10 seconds. You can use this command on all ports (Global Config mode), or on a single
port or a range of ports (Interface Config mode) and it only has an effect only when GVRP is enabled. The leave
all time must be greater than the leave time.
Default
1000
Format
set garp timer leaveall 200-6000
Mode
• Interface Config
• Global Config
no set garp timer leaveall
This command sets how frequently Leave All PDUs are generated the default and only has an effect when GVRP
is enabled.
no set garp timer leaveall
Format
Mode
September 2014
• Interface Config
• Global Config
CLI Command Reference
Page 327
HP Moonshot Switch Module CLI Command Reference
GVRP Commands
show garp
This command displays GARP information.
Format
show garp
Mode
• Privileged EXEC
• User EXEC
Term
Definition
GMRP Admin
Mode
GVRP Admin
Mode
The administrative mode of GARP Multicast Registration Protocol (GMRP) for the system.
The administrative mode of GARP VLAN Registration Protocol (GVRP) for the system.
GVRP Commands
This section describes the commands you use to configure and view GARP VLAN Registration Protocol (GVRP)
information. GVRP-enabled switches exchange VLAN configuration information, which allows GVRP to provide
dynamic VLAN creation on trunk ports and automatic VLAN pruning.
Note: If GVRP is disabled, the system does not forward GVRP messages.
set gvrp adminmode
This command enables GVRP on the system.
Default
disabled
Format
set gvrp adminmode
Mode
Privileged EXEC
no set gvrp adminmode
This command disables GVRP.
Format
no set gvrp adminmode
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 328
HP Moonshot Switch Module CLI Command Reference
GVRP Commands
set gvrp interfacemode
This command enables GVRP on a single port (Interface Config mode), a range of ports (Interface Range mode),
or all ports (Global Config mode).
Default
disabled
Format
set gvrp interfacemode
Mode
• Interface Config
• Interface Range
• Global Config
no set gvrp interfacemode
This command disables GVRP on a single port (Interface Config mode) or all ports (Global Config mode). If GVRP
is disabled, Join Time, Leave Time and Leave All Time have no effect.
Format
no set gvrp interfacemode
Mode
• Interface Config
• Global Config
show gvrp configuration
This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces.
Format
show gvrp configuration {unit/slot/port | all}
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Interface
Join Timer
unit/slot/port
The interval between the transmission of GARP PDUs registering (or re-registering)
membership for an attribute. Current attributes are a VLAN or multicast group. There is an
instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 10
to 100 centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds (0.2
seconds). The finest granularity of specification is one centisecond (0.01 seconds).
The period of time to wait after receiving an unregister request for an attribute before
deleting the attribute. Current attributes are a VLAN or multicast group. This may be
considered a buffer time for another station to assert registration for the same attribute in
order to maintain uninterrupted service. There is an instance of this timer on a per-Port,
per-GARP participant basis. Permissible values are 20 to 600 centiseconds (0.2 to 6.0
seconds). The factory default is 60 centiseconds (0.6 seconds).
Leave Timer
September 2014
CLI Command Reference
Page 329
HP Moonshot Switch Module CLI Command Reference
Term
GMRP Commands
Definition
LeaveAll Timer
This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU
indicates that all registrations will shortly be deregistered. Participants will need to rejoin
in order to maintain registration. There is an instance of this timer on a per-Port, per-GARP
participant basis. The Leave All Period Timer is set to a random value in the range of
LeaveAllTime to 1.5*LeaveAllTime. Permissible values are 200 to 6000 centiseconds (2 to
60 seconds). The factory default is 1000 centiseconds (10 seconds).
Port GMRP Mode The GMRP administrative mode for the port, which is enabled or disabled (default). If this
parameter is disabled, Join Time, Leave Time and Leave All Time have no effect.
GMRP Commands
This section describes the commands you use to configure and view GARP Multicast Registration Protocol
(GMRP) information. Like IGMP snooping, GMRP helps control the flooding of multicast packets.GMRPenabled switches dynamically register and de-register group membership information with the MAC
networking devices attached to the same segment. GMRP also allows group membership information to
propagate across all networking devices in the bridged LAN that support Extended Filtering Services.
Note: If GMRP is disabled, the system does not forward GMRP messages.
set gmrp adminmode
This command enables GARP Multicast Registration Protocol (GMRP) on the system.
Default
disabled
Format
set gmrp adminmode
Mode
Privileged EXEC
no set gmrp adminmode
This command disables GARP Multicast Registration Protocol (GMRP) on the system.
Format
no set gmrp adminmode
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 330
HP Moonshot Switch Module CLI Command Reference
GMRP Commands
set gmrp interfacemode
This command enables GARP Multicast Registration Protocol on a single interface (Interface Config mode), a
range of interfaces, or all interfaces (Global Config mode). If an interface which has GARP enabled is enabled
for routing or is enlisted as a member of a port-channel (LAG), GARP functionality is disabled on that interface.
GARP functionality is subsequently re-enabled if routing is disabled and port-channel (LAG) membership is
removed from an interface that has GARP enabled.
Default
disabled
Format
set gmrp interfacemode
Mode
• Interface Config
• Global Config
no set gmrp interfacemode
This command disables GARP Multicast Registration Protocol on a single interface or all interfaces. If an
interface which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG),
GARP functionality is disabled. GARP functionality is subsequently re-enabled if routing is disabled and portchannel (LAG) membership is removed from an interface that has GARP enabled.
Format
no set gmrp interfacemode
Mode
• Interface Config
• Global Config
show gmrp configuration
This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces.
Format
show gmrp configuration {unit/slot/port | all}
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Interface
Join Timer
The unit/slot/port of the interface that this row in the table describes.
The interval between the transmission of GARP PDUs registering (or re-registering)
membership for an attribute. Current attributes are a VLAN or multicast group. There is an
instance of this timer on a per-port, per-GARP participant basis. Permissible values are 10
to 100 centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds (0.2
seconds). The finest granularity of specification is 1 centisecond (0.01 seconds).
The period of time to wait after receiving an unregister request for an attribute before
deleting the attribute. Current attributes are a VLAN or multicast group. This may be
considered a buffer time for another station to assert registration for the same attribute in
order to maintain uninterrupted service. There is an instance of this timer on a per-Port,
per-GARP participant basis. Permissible values are 20 to 600 centiseconds (0.2 to 6.0
seconds). The factory default is 60 centiseconds (0.6 seconds).
Leave Timer
September 2014
CLI Command Reference
Page 331
HP Moonshot Switch Module CLI Command Reference
Term
GMRP Commands
Definition
LeaveAll Timer
This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU
indicates that all registrations will shortly be deregistered. Participants will need to rejoin
in order to maintain registration. There is an instance of this timer on a per-Port, per-GARP
participant basis. The Leave All Period Timer is set to a random value in the range of
LeaveAllTime to 1.5*LeaveAllTime. Permissible values are 200 to 6000 centiseconds (2 to
60 seconds). The factory default is 1000 centiseconds (10 seconds).
Port GMRP Mode The GMRP administrative mode for the port. It may be enabled or disabled. If this
parameter is disabled, Join Time, Leave Time and Leave All Time have no effect.
show mac-address-table gmrp
This command displays the GMRP entries in the Multicast Forwarding Database (MFDB) table.
Format
show mac-address-table gmrp
Mode
Privileged EXEC
Term
Definition
VLAN ID
MAC Address
The VLAN in which the MAC Address is learned.
A unicast MAC address for which the switch has forwarding and or filtering information.
The format is 6 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB.
The type of the entry. Static entries are those that are configured by the end user. Dynamic
entries are added to the table as a result of a learning process or protocol.
The text description of this multicast table entry.
The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
Type
Description
Interfaces
September 2014
CLI Command Reference
Page 332
HP Moonshot Switch Module CLI Command Reference
Port-Based Network Access Control Commands
Port-Based Network Access Control Commands
This section describes the commands you use to configure port-based network access control (IEEE 802.1X).
Port-based network access control allows you to permit access to network services only to and devices that are
authorized and authenticated.
aaa authentication dot1x default
Use this command to configure the authentication method for port-based access to the switch. The possible
methods are as follows:
• ias. Uses the internal authentication server users database for authentication. This method can be used in
conjunction with any one of the existing methods like local, radius, etc.
• local. Uses the local username database for authentication.
• none. Uses no authentication.
• radius. Uses the list of all RADIUS servers for authentication.
Format
aaa authentication dot1x default {ias| local | none | radius}
Mode
Global Config
Example: The following is an example of the command.
(Routing) #
(Routing) #configure
(Routing) (Config)#aaa authentication dot1x default ias
clear dot1x statistics
This command resets the 802.1X statistics for the specified port or for all ports.
Format
clear dot1x statistics {unit/slot/port | all}
Mode
Privileged EXEC
clear dot1x authentication-history
This command clears the authentication history table captured during successful and unsuccessful
authentication on all interface or the specified interface.
Format
clear dot1x authentication-history [unit/slot/port]
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 333
HP Moonshot Switch Module CLI Command Reference
Port-Based Network Access Control Commands
clear radius statistics
This command is used to clear all RADIUS statistics.
Format
clear radius statistics
Mode
Privileged EXEC
dot1x eapolflood
Use this command to enable EAPOL flood support on the switch.
Default
disabled
Format
dot1x eapolflood
Mode
Global Config
no dot1x eapolflood
This command disables EAPOL flooding on the switch.
Format
no dot1x eapolflood
Mode
Global Config
dot1x dynamic-vlan enable
Use this command to enable the switch to create VLANs dynamically when a RADIUS-assigned VLAN does not
exist in the switch.
Default
Disabled
Format
dot1x dynamic-vlan enable
Mode
Global Config
no dot1x dynamic-vlan enable
Use this command to prevent the switch from creating VLANs when a RADIUS-assigned VLAN does not exist in
the switch.
no dot1x dynamic-vlan enable
Format
Mode
September 2014
Global Config
CLI Command Reference
Page 334
HP Moonshot Switch Module CLI Command Reference
Port-Based Network Access Control Commands
dot1x guest-vlan
This command configures VLAN as guest vlan on an interface or a range of interfaces. The command specifies
an active VLAN as an IEEE 802.1X guest VLAN. The range is 1 to the maximum VLAN ID supported by the
platform.
Default
disabled
Format
dot1x guest-vlan vlan-id
Mode
Interface Config
no dot1x guest-vlan
This command disables Guest VLAN on the interface.
Default
disabled
Format
no dot1x guest-vlan
Mode
Interface Config
dot1x initialize
This command begins the initialization sequence on the specified port. This command is only valid if the control
mode for the specified port is auto or mac-based. If the control mode is not auto or mac-based, an error will
be returned.
Format
dot1x initialize unit/slot/port
Mode
Privileged EXEC
dot1x max-req
This command sets the maximum number of times the authenticator state machine on an interface or range
of interfaces will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. The count
value must be in the range 1 - 10.
Default
2
Format
dot1x max-req count
Mode
Interface Config
no dot1x max-req
This command sets the maximum number of times the authenticator state machine on this port will transmit
an EAPOL EAP Request/Identity frame before timing out the supplicant.
Format
no dot1x max-req
Mode
Interface Config
September 2014
CLI Command Reference
Page 335
HP Moonshot Switch Module CLI Command Reference
Port-Based Network Access Control Commands
dot1x max-users
Use this command to set the maximum number of clients supported on an interface or range of interfaces
when MAC-based dot1x authentication is enabled on the port. The maximum users supported per port is
dependent on the product. The count value is in the range 1 - 48.
Default
48
Format
dot1x max-users count
Mode
Interface Config
no dot1x max-users
This command resets the maximum number of clients allowed per port to its default value.
Format
no dot1x max-users
Mode
Interface Config
dot1x port-control
This command sets the authentication mode to use on the specified interface or range of interfaces. Use the
force-unauthorized parameter to specify that the authenticator PAE unconditionally sets the controlled port
to unauthorized. Use the force-authorized parameter to specify that the authenticator PAE unconditionally
sets the controlled port to authorized. Use the auto parameter to specify that the authenticator PAE sets the
controlled port mode to reflect the outcome of the authentication exchanges between the supplicant,
authenticator and the authentication server. If the mac-based option is specified, then MAC-based dot1x
authentication is enabled on the port.
Default
auto
Format
dot1x port-control {force-unauthorized | force-authorized | auto | mac-based}
Mode
Interface Config
no dot1x port-control
This command sets the 802.1X port control mode on the specified port to the default value.
Format
no dot1x port-control
Mode
Interface Config
September 2014
CLI Command Reference
Page 336
HP Moonshot Switch Module CLI Command Reference
Port-Based Network Access Control Commands
dot1x port-control all
This command sets the authentication mode to use on all ports. Select force-unauthorized to specify that the
authenticator PAE unconditionally sets the controlled port to unauthorized. Select force-authorized to specify
that the authenticator PAE unconditionally sets the controlled port to authorized. Select auto to specify that
the authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges
between the supplicant, authenticator and the authentication server. If the mac-based option is specified, then
MAC-based dot1x authentication is enabled on the port.
Default
auto
Format
dot1x port-control all {force-unauthorized | force-authorized | auto | mac-based}
Mode
Global Config
no dot1x port-control all
This command sets the authentication mode on all ports to the default value.
Format
no dot1x port-control all
Mode
Global Config
dot1x mac-auth-bypass
If the 802.1X mode on the interface is mac-based, you can optionally use this command to enable MAC
Authentication Bypass (MAB) on an interface. MAB is a supplemental authentication mechanism that allows
802.1X unaware clients – such as printers, fax machines, and some IP phones — to authenticate to the network
using the client MAC address as an identifier.
Default
disabled
Format
dot1x mac-auth-bypass
Mode
Interface Config
no dot1x mac-auth-bypass
This command sets the MAB mode on the ports to the default value.
Format
no dot1x mac-auth-bypass
Mode
Interface Config
September 2014
CLI Command Reference
Page 337
HP Moonshot Switch Module CLI Command Reference
Port-Based Network Access Control Commands
dot1x re-authenticate
This command begins the re-authentication sequence on the specified port. This command is only valid if the
control mode for the specified port is auto or mac-based. If the control mode is not auto or mac-based, an
error will be returned.
Format
dot1x re-authenticate unit/slot/port
Mode
Privileged EXEC
dot1x re-authentication
This command enables re-authentication of the supplicant for the specified interface or range of interfaces.
Default
disabled
Format
dot1x re-authentication
Mode
Interface Config
no dot1x re-authentication
This command disables re-authentication of the supplicant for the specified port.
Format
no dot1x re-authentication
Mode
Interface Config
dot1x system-auth-control
Use this command to enable the dot1x authentication support on the switch. While disabled, the dot1x
configuration is retained and can be changed, but is not activated.
Default
disabled
Format
dot1x system-auth-control
Mode
Global Config
no dot1x system-auth-control
This command is used to disable the dot1x authentication support on the switch.
Format
no dot1x system-auth-control
Mode
Global Config
September 2014
CLI Command Reference
Page 338
HP Moonshot Switch Module CLI Command Reference
Port-Based Network Access Control Commands
dot1x system-auth-control monitor
Use this command to enable the 802.1X monitor mode on the switch. The purpose of Monitor mode is to help
troubleshoot port-based authentication configuration issues without disrupting network access for hosts
connected to the switch. In Monitor mode, a host is granted network access to an 802.1X-enabled port even if
it fails the authentication process. The results of the process are logged for diagnostic purposes.
Default
disabled
Format
dot1x system-auth-control monitor
Mode
Global Config
no dot1x system-auth-control monitor
This command disables the 802.1X Monitor mode on the switch.
Format
no dot1x system-auth-control monitor
Mode
Global Config
dot1x timeout
This command sets the value, in seconds, of the timer used by the authenticator state machine on an interface
or range of interfaces. Depending on the token used and the value (in seconds) passed, various timeout
configurable parameters are set. The following tokens are supported:
Tokens
Definition
guest-vlan-period The time, in seconds, for which the authenticator waits to see if any EAPOL packets are
received on a port before authorizing the port and placing the port in the guest vlan (if
configured). The guest vlan timer is only relevant when guest vlan has been configured on
that specific port.
reauth-period
The value, in seconds, of the timer used by the authenticator state machine on this port to
determine when re-authentication of the supplicant takes place. The reauth-period must
be a value in the range 1 - 65535.
quiet-period
The value, in seconds, of the timer used by the authenticator state machine on this port to
define periods of time in which it will not attempt to acquire a supplicant. The quiet-period
must be a value in the range 0 - 65535.
tx-period
The value, in seconds, of the timer used by the authenticator state machine on this port to
determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The
quiet-period must be a value in the range 1 - 65535.
supp-timeout
The value, in seconds, of the timer used by the authenticator state machine on this port to
timeout the supplicant. The supp-timeout must be a value in the range 1 - 65535.
server-timeout The value, in seconds, of the timer used by the authenticator state machine on this port to
timeout the authentication server. The supp-timeout must be a value in the range 1 65535.
September 2014
CLI Command Reference
Page 339
HP Moonshot Switch Module CLI Command Reference
Port-Based Network Access Control Commands
Default
•
•
•
•
•
•
guest-vlan-period: 90 seconds
reauth-period: 3600 seconds
quiet-period: 60 seconds
tx-period: 30 seconds
supp-timeout: 30 seconds
server-timeout: 30 seconds
Format
dot1x timeout {{guest-vlan-period seconds} |{reauth-period seconds} | {quiet-period
seconds} | {tx-period seconds} | {supp-timeout seconds} | {server-timeout seconds}}
Mode
Interface Config
no dot1x timeout
This command sets the value, in seconds, of the timer used by the authenticator state machine on this port to
the default values. Depending on the token used, the corresponding default values are set.
Format
no dot1x timeout {guest-vlan-period | reauth-period | quiet-period | tx-period | supptimeout | server-timeout}
Mode
Interface Config
dot1x unauthenticated-vlan
Use this command to configure the unauthenticated VLAN associated with the specified interface or range of
interfaces. The unauthenticated VLAN ID can be a valid VLAN ID from 0-Maximum supported VLAN ID (4093 for
HP Moonshot Switch Module). The unauthenticated VLAN must be statically configured in the VLAN database
to be operational. By default, the unauthenticated VLAN is 0, i.e. invalid and not operational.
Default
0
Format
dot1x unauthenticated-vlan vlan id
Mode
Interface Config
no dot1x unauthenticated-vlan
This command resets the unauthenticated-vlan associated with the port to its default value.
Format
no dot1x unauthenticated-vlan
Mode
Interface Config
dot1x user
This command adds the specified user to the list of users with access to the specified port or all ports. The user
parameter must be a configured user.
Format
dot1x user user {unit/slot/port | all}
Mode
Global Config
September 2014
CLI Command Reference
Page 340
HP Moonshot Switch Module CLI Command Reference
Port-Based Network Access Control Commands
no dot1x user
This command removes the user from the list of users with access to the specified port or all ports.
Format
no dot1x user user {unit/slot/port | all}
Mode
Global Config
show authentication methods
Use this command to display information about the authentication methods.
Format
show authentication methods
Mode
Privileged EXEC
Term
Definition
Authentication Login List
Method 1
Method 2
Method 3
The authentication login listname.
The first method in the specified authentication login list, if any.
The second method in the specified authentication login list, if any.
The third method in the specified authentication login list, if any.
Example: The following example displays the authentication configuration.
(Routing) #show authentication methods
Login Authentication Method Lists
--------------------------------defaultList
: local
networkList
: local
Enable Authentication Method Lists
---------------------------------enableList
: enable
none
enableNetList
: enable
deny
Line
------Console
Telnet
SSH
DOT1X
Login Method List
----------------defaultList
networkList
networkList
Enable Method List
-----------------enableList
enableList
enableNetList
:
September 2014
CLI Command Reference
Page 341
HP Moonshot Switch Module CLI Command Reference
Port-Based Network Access Control Commands
show dot1x
This command is used to show a summary of the global dot1x configuration, summary information of the dot1x
configuration for a specified port or all ports, the detailed dot1x configuration for a specified port and the dot1x
statistics for a specified port - depending on the tokens used.
Format
show dot1x [{summary {unit/slot/port | all} | detail unit/slot/port | statistics unit/
slot/port]
Mode
Privileged EXEC
If you do not use the optional parameters unit/slot/port or vlanid, the command displays the global dot1x
mode, the VLAN Assignment mode, and the Dynamic VLAN Creation mode.
Term
Definition
Administrative
Mode
VLAN Assignment
Mode
Dynamic VLAN
Creation Mode
Monitor Mode
EAPOL Flood
Mode
Indicates whether authentication control on the switch is enabled or disabled.
Indicates whether assignment of an authorized port to a RADIUS-assigned VLAN is allowed
(enabled) or not (disabled).
Indicates whether the switch can dynamically create a RADIUS-assigned VLAN if it does not
currently exist on the switch.
Indicates whether the Dot1x Monitor mode on the switch is enabled or disabled.
Indicates the administrative mode of EAPOL flood support on the switch.
If you use the optional parameter summary {unit/slot/port | all}, the dot1x configuration for the specified
port or all ports are displayed.
Term
Definition
Interface
Control Mode
The interface whose configuration is displayed.
The configured control mode for this port. Possible values are force-unauthorized | forceauthorized | auto | mac-based | authorized | unauthorized.
Operating
The control mode under which this port is operating. Possible values are authorized |
Control Mode
unauthorized.
Reauthentication Indicates whether re-authentication is enabled on this port.
Enabled
Port Status
Indicates whether the port is authorized or unauthorized. Possible values are authorized |
unauthorized.
September 2014
CLI Command Reference
Page 342
HP Moonshot Switch Module CLI Command Reference
Port-Based Network Access Control Commands
Example: The following shows example CLI display output for the command show dot1x
summary 1/0/1.
Interface
--------1/0/1
Control Mode
-----------auto
Operating
Control Mode
-----------auto
Port Status
-----------Authorized
If you use the optional parameter detail unit/slot/port, the detailed dot1x configuration for the specified
port is displayed.
Term
Definition
Port
The interface whose configuration is displayed.
Protocol Version The protocol version associated with this port. The only possible value is 1, corresponding
to the first version of the dot1x specification.
PAE Capabilities The port access entity (PAE) functionality of this port. Possible values are Authenticator or
Supplicant.
Control Mode
The configured control mode for this port. Possible values are force-unauthorized | forceauthorized | auto | mac-based.
Authenticator
Current state of the authenticator PAE state machine. Possible values are Initialize,
PAE State
Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held,
ForceAuthorized, and ForceUnauthorized. When MAC-based authentication is enabled on
the port, this parameter is deprecated.
Backend
Current state of the backend authentication state machine. Possible values are Request,
Authentication Response, Success, Fail, Timeout, Idle, and Initialize. When MAC-based authentication is
State
enabled on the port, this parameter is deprecated.
Quiet Period
The timer used by the authenticator state machine on this port to define periods of time in
which it will not attempt to acquire a supplicant. The value is expressed in seconds and will
be in the range 0 and 65535.
Transmit Period The timer used by the authenticator state machine on the specified port to determine
when to send an EAPOL EAP Request/Identity frame to the supplicant. The value is
expressed in seconds and will be in the range of 1 and 65535.
Guest-VLAN ID
The guest VLAN identifier configured on the interface.
Guest VLAN
Period
The time in seconds for which the authenticator waits before authorizing and placing the
port in the Guest VLAN, if no EAPOL packets are detected on that port.
Supplicant
Timeout
Server Timeout
The timer used by the authenticator state machine on this port to timeout the supplicant.
The value is expressed in seconds and will be in the range of 1 and 65535.
The timer used by the authenticator on this port to timeout the authentication server. The
value is expressed in seconds and will be in the range of 1 and 65535.
Maximum
The maximum number of times the authenticator state machine on this port will
Requests
retransmit an EAPOL EAP Request/Identity before timing out the supplicant. The value will
be in the range of 1 and 10.
Configured MAB The administrative mode of the MAC authentication bypass feature on the switch.
Mode
Operational MAB The operational mode of the MAC authentication bypass feature on the switch. MAB might
Mode
be administratively enabled but not operational if the control mode is not MAC based.
September 2014
CLI Command Reference
Page 343
HP Moonshot Switch Module CLI Command Reference
Term
Port-Based Network Access Control Commands
Definition
VLAN-ID
The VLAN assigned to the port by the radius server. This is only valid when the port control
mode is not Mac-based.
VLAN Assigned The reason the VLAN identified in the VLAN-assigned field has been assigned to the port.
Reason
Possible values are RADIUS, Unauthenticated VLAN, Guest VLAN, default, and Not
Assigned. When the VLAN Assigned Reason is Not Assigned, it means that the port has not
been assigned to any VLAN by dot1x. This only valid when the port control mode is not
MAC-based.
Reauthentication The timer used by the authenticator state machine on this port to determine when
Period
reauthentication of the supplicant takes place. The value is expressed in seconds and will
be in the range of 1 and 65535.
Reauthentication Indicates if reauthentication is enabled on this port. Possible values are ‘True” or “False”.
Enabled
Key Transmission Indicates if the key is transmitted to the supplicant for the specified port. Possible values
Enabled
are True or False.
Control Direction The control direction for the specified port or ports. Possible values are both or in.
Maximum Users The maximum number of clients that can get authenticated on the port in the MAC-based
dot1x authentication mode. This value is used only when the port control mode is not
MAC-based.
Unauthenticated Indicates the unauthenticated VLAN configured for this port. This value is valid for the port
VLAN ID
only when the port control mode is not MAC-based.
Session Timeout Indicates the time for which the given session is valid. The time period in seconds is
returned by the RADIUS server on authentication of the port. This value is valid for the port
only when the port control mode is not MAC-based.
Session
This value indicates the action to be taken once the session timeout expires. Possible values
Termination
are Default, Radius-Request. If the value is Default, the session is terminated the port goes
Action
into unauthorized state. If the value is Radius-Request, then a reauthentication of the client
authenticated on the port is performed. This value is valid for the port only when the port
control mode is not MAC-based.
Example: The following shows example CLI display output for the command.
(Routing) #show dot1x detail 1/0/1
Port...........................................
Protocol Version...............................
PAE Capabilities...............................
Control Mode...................................
Authenticator PAE State........................
Backend Authentication State...................
Quiet Period (secs)............................
Transmit Period (secs).........................
Guest VLAN ID..................................
Guest VLAN Period (secs).......................
Supplicant Timeout (secs)......................
Server Timeout (secs)..........................
Maximum Requests...............................
Configured MAB Mode............................
Operational MAB Mode...........................
VLAN Id........................................
VLAN Assigned Reason...........................
Reauthentication Period (secs).................
September 2014
1/0/1
1
Authenticator
auto
Initialize
Initialize
60
30
0
90
30
30
2
Enabled
Disabled
0
Not Assigned
3600
CLI Command Reference
Page 344
Port-Based Network Access Control Commands
HP Moonshot Switch Module CLI Command Reference
Reauthentication Enabled.......................
Key Transmission Enabled.......................
Control Direction..............................
Maximum Users..................................
Unauthenticated VLAN ID........................
Session Timeout................................
Session Termination Action.....................
FALSE
FALSE
both
48
0
0
Default
For each client authenticated on the port, the show dot1x detail unit/slot/port command will display the
following MAC-based dot1x parameters if the port-control mode for that specific port is MAC-based.
Term
Definition
Supplicant MAC- The MAC-address of the supplicant.
Address
Authenticator
Current state of the authenticator PAE state machine. Possible values are Initialize,
PAE State
Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held,
ForceAuthorized, and ForceUnauthorized.
Backend
Current state of the backend authentication state machine. Possible values are Request,
Authentication Response, Success, Fail, Timeout, Idle, and Initialize.
State
VLAN-Assigned The VLAN assigned to the client by the radius server.
Logical Port
The logical port number associated with the client.
If you use the optional parameter statistics unit/slot/port, the following dot1x statistics for the specified
port appear.
Term
Definition
Port
EAPOL Frames
Received
EAPOL Frames
Transmitted
EAPOL Start
Frames Received
EAPOL Logoff
Frames Received
Last EAPOL Frame
Version
Last EAPOL Frame
Source
EAP Response/Id
Frames Received
EAP Response
Frames Received
The interface whose statistics are displayed.
The number of valid EAPOL frames of any type that have been received by this
authenticator.
The number of EAPOL frames of any type that have been transmitted by this authenticator.
September 2014
The number of EAPOL start frames that have been received by this authenticator.
The number of EAPOL logoff frames that have been received by this authenticator.
The protocol version number carried in the most recently received EAPOL frame.
The source MAC address carried in the most recently received EAPOL frame.
The number of EAP response/identity frames that have been received by this
authenticator.
The number of valid EAP response frames (other than resp/id frames) that have been
received by this authenticator.
CLI Command Reference
Page 345
HP Moonshot Switch Module CLI Command Reference
Port-Based Network Access Control Commands
Term
Definition
EAP Request/Id
Frames
Transmitted
EAP Request
Frames
Transmitted
Invalid EAPOL
Frames Received
EAP Length Error
Frames Received
The number of EAP request/identity frames that have been transmitted by this
authenticator.
The number of EAP request frames (other than request/identity frames) that have been
transmitted by this authenticator.
The number of EAPOL frames that have been received by this authenticator in which the
frame type is not recognized.
The number of EAPOL frames that have been received by this authenticator in which the
frame type is not recognized.
show dot1x authentication-history
This command displays 802.1X authentication events and information during successful and unsuccessful
Dot1x authentication process for all interfaces or the specified interface. Use the optional keywords to display
only failure authentication events in summary or in detail.
Format
show dot1x authentication-history {unit/slot/port | all} [failed-auth-only] [detail]
Mode
Privileged EXEC
Term
Definition
Time Stamp
Interface
Mac-Address
VLAN assigned
VLAN assigned
Reason
Auth Status
Reason
The exact time at which the event occurs.
Physical Port on which the event occurs.
The supplicant/client MAC address.
The VLAN assigned to the client/port on authentication.
The type of VLAN ID assigned, which can be Guest VLAN, Unauth, Default, RADIUS
Assigned, or Monitor Mode VLAN ID.
The authentication status.
The actual reason behind the successful or failed authentication.
September 2014
CLI Command Reference
Page 346
HP Moonshot Switch Module CLI Command Reference
Port-Based Network Access Control Commands
show dot1x clients
This command displays 802.1X client information. This command also displays information about the number
of clients that are authenticated using Monitor mode and using 802.1X.
Format
show dot1x clients {unit/slot/port | all} [detail]
Mode
Privileged EXEC
Term
Definition
Clients Authenticated
using Monitor Mode
Clients Authenticated
using Dot1x
Logical Interface
Interface
User Name
Supplicant MAC
Address
Session Time
Filter ID
Indicates the number of the Dot1x clients authenticated using Monitor mode.
VLAN ID
VLAN Assigned
Session Timeout
Session Termination
Action
Indicates the number of Dot1x clients authenticated using 802.1x authentication
process.
The logical port number associated with a client.
The physical port to which the supplicant is associated.
The user name used by the client to authenticate to the server.
The supplicant device MAC address.
The time since the supplicant is logged on.
Identifies the Filter ID returned by the RADIUS server when the client was
authenticated. This is a configured DiffServ policy name on the switch.
The VLAN assigned to the port.
The reason the VLAN identified in the VLAN ID field has been assigned to the port.
Possible values are RADIUS, Unauthenticated VLAN, Monitor Mode, or Default. When
the VLAN Assigned reason is Default, it means that the VLAN was assigned to the port
because the P-VID of the port was that VLAN ID.
This value indicates the time for which the given session is valid. The time period in
seconds is returned by the RADIUS server on authentication of the port. This value is
valid for the port only when the port-control mode is not MAC-based.
This value indicates the action to be taken once the session timeout expires. Possible
values are Default and Radius-Request. If the value is Default, the session is
terminated and client details are cleared. If the value is Radius-Request, then a
reauthentication of the client is performed.
show dot1x users
This command displays 802.1X port security user information for locally configured users.
Format
show dot1x users unit/slot/port
Mode
Privileged EXEC
Term
Definition
Users
Users configured locally to have access to the specified port.
September 2014
CLI Command Reference
Page 347
HP Moonshot Switch Module CLI Command Reference
802.1X Supplicant Commands
802.1X Supplicant Commands
HP Moonshot Switch Module supports 802.1X (“dot1x”) supplicant functionality on point-to-point ports. The
administrator can configure the user name and password used in authentication and capabilities of the
supplicant port.
dot1x pae
This command sets the port’s dot1x role. The port can serve as either a supplicant or an authenticator.
Format
dot1x pae {supplicant | authenticator}
Mode
Interface Config
dot1x supplicant port-control
This command sets the ports authorization state (Authorized or Unauthorized) either manually or by setting
the port to auto-authorize upon startup. By default all the ports are authenticators. If the port’s attribute needs
to be moved from <authenticator to supplicant> or <supplicant to authenticator>, use this command.
Format
dot1x supplicant port-control {auto | force-authorized | force_unauthorized}
Mode
Interface Config
Parameter
Description
auto
The port is in the Unauthorized state until it presents its user name and password
credentials to an authenticator. If the authenticator authorizes the port, then it is placed in
the Authorized state.
force-authorized Sets the authorization state of the port to Authorized, bypassing the authentication
process.
forceSets the authorization state of the port to Unauthorized, bypassing the authentication
unauthorized
process.
no dot1x supplicant port-control
This command sets the port-control mode to the default, auto.
Default
auto
Format
no dot1x supplicant port-control
Mode
Interface Config
September 2014
CLI Command Reference
Page 348
HP Moonshot Switch Module CLI Command Reference
802.1X Supplicant Commands
dot1x supplicant max-start
This command configures the number of attempts that the supplicant makes to find the authenticator before
the supplicant assumes that there is no authenticator.
Default
3
Format
dot1x supplicant max-start <1-10>
Mode
Interface Config
no dot1x supplicant max-start
This command sets the max-start value to the default.
Format
no dot1x supplicant max-start
Mode
Interface Config
dot1x supplicant timeout start-period
This command configures the start period timer interval to wait for the EAP identity request from the
authenticator.
Default
30 seconds
Format
dot1x supplicant timeout start-period <1-65535 seconds>
Mode
Interface Config
no dot1x supplicant timeout start-period
This command sets the start-period value to the default.
Format
no dot1x supplicant timeout start-period
Mode
Interface Config
dot1x supplicant timeout held-period
This command configures the held period timer interval to wait for the next authentication on previous
authentication fail.
Default
60 seconds
Format
dot1x supplicant timeout held-period <1-65535 seconds>
Mode
Interface Config
September 2014
CLI Command Reference
Page 349
HP Moonshot Switch Module CLI Command Reference
802.1X Supplicant Commands
no dot1x supplicant timeout held-period
This command sets the held-period value to the default value.
Format
no dot1x supplicant timeout held-period
Mode
Interface Config
dot1x supplicant timeout auth-period
This command configures the authentication period timer interval to wait for the next EAP request challenge
from the authenticator.
Default
30 seconds
Format
dot1x supplicant timeout auth-period <1-65535 seconds>
Mode
Interface Config
no dot1x supplicant timeout auth-period
This command sets the auth-period value to the default value.
Format
no dot1x supplicant timeout auth-period
Mode
Interface Config
dot1x supplicant user
Use this command to map the given user to the port.
Format
dot1x supplicant user
Mode
Interface Config
September 2014
CLI Command Reference
Page 350
802.1X Supplicant Commands
HP Moonshot Switch Module CLI Command Reference
show dot1x statistics
This command displays the dot1x port statistics in detail.
Format
show dot1x statistics unit/slot/port
Mode
User EXEC
Term
Definition
Port
PAE Capabilities
EAPOL Frames Received
EAPOL Frames Transmitted
EAPOL Start Frames Transmitted
EAPOL Logoff Frames Received
Displays the port associated with the rest of the data
Displays the Port Access Entity (PAE) role of the port.
Displays the number of valid EAPOL frames received on the port.
Displays the number of EAPOL frames transmitted via the port.
Displays the number of EAPOL Start frames transmitted via the port.
Displays the number of EAPOL Log off frames that have been received on
the port.
EAP Resp/ID Frames Received
Displays the number of EAP Respond ID frames that have been received
on the port.
EAP Response Frames Received
Displays the number of valid EAP Respond frames received on the port.
EAP Req/ID Frames Transmitted Displays the number of EAP Requested ID frames transmitted via the port.
EAP Req Frames Transmitted
Displays the number of EAP Request frames transmitted via the port.
Invalid EAPOL Frames Received
Displays the number of unrecognized EAPOL frames received on this port.
EAP Length Error Frames Received Displays the number of EAPOL frames with an invalid Packet Body Length
received on this port.
Last EAPOL Frames Version
Displays the protocol version number attached to the most recently
received EAPOL frame.
Last EAPOL Frames Source
Displays the source MAC Address attached to the most recently received
EAPOL frame.
Example: The following shows example CLI display output for the command.
(Routing) #show dot1x statistics 1/0/1
Port...........................................
PAE Capabilities...............................
EAPOL Frames Received..........................
EAPOL Frames Transmitted.......................
EAPOL Start Frames Received....................
EAPOL Logoff Frames Received...................
Last EAPOL Frame Version.......................
Last EAPOL Frame Source........................
EAP Response/Id Frames Received................
EAP Response Frames Received...................
EAP Request/Id Frames Transmitted..............
EAP Request Frames Transmitted.................
Invalid EAPOL Frames Received..................
EAPOL Length Error Frames Received.............
September 2014
1/0/1
Authenticator
0
0
0
0
0
00:00:00:00:00:00
0
0
0
0
0
0
CLI Command Reference
Page 351
HP Moonshot Switch Module CLI Command Reference
Storm-Control Commands
Storm-Control Commands
This section describes commands you use to configure storm-control and view storm-control configuration
information. A traffic storm is a condition that occurs when incoming packets flood the LAN, which creates
performance degradation in the network. The Storm-Control feature protects against this condition.
HP Moonshot Switch Module provides broadcast, multicast, and unicast story recovery for individual
interfaces. Unicast Storm-Control protects against traffic whose MAC addresses are not known by the system.
For broadcast, multicast, and unicast storm-control, if the rate of traffic ingressing on an interface increases
beyond the configured threshold for that type, the traffic is dropped.
To configure storm-control, you will enable the feature for all interfaces or for individual interfaces, and you
will set the threshold (storm-control level) beyond which the broadcast, multicast, or unicast traffic will be
dropped. The Storm-Control feature allows you to limit the rate of specific types of packets through the switch
on a per-port, per-type, basis.
Configuring a storm-control level also enables that form of storm-control. Disabling a storm-control level (using
the “no” version of the command) sets the storm-control level back to the default value and disables that form
of storm-control. Using the “no” version of the “storm-control” command (not stating a “level”) disables that
form of storm-control but maintains the configured “level” (to be active the next time that form of stormcontrol is enabled.)
Note: The actual rate of ingress traffic required to activate storm-control is based on the size of
incoming packets and the hard-coded average packet size of 512 bytes - used to calculate a packetper-second (pps) rate - as the forwarding-plane requires pps versus an absolute rate kbps. For
example, if the configured limit is 10%, this is converted to ~25000 pps, and this pps limit is set in
forwarding plane (hardware). You get the approximate desired output when 512bytes packets are
used.
storm-control broadcast
Use this command to enable broadcast storm recovery mode for all interfaces (Global Config mode) or one or
more interfaces (Interface Config mode). If the mode is enabled, broadcast storm recovery is active and, if the
rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will
be dropped. Therefore, the rate of broadcast traffic will be limited to the configured threshold.
Default
disabled
Format
storm-control broadcast
Mode
• Global Config
• Interface Config
September 2014
CLI Command Reference
Page 352
HP Moonshot Switch Module CLI Command Reference
Storm-Control Commands
no storm-control broadcast
Use this command to disable broadcast storm recovery mode for all interfaces (Global Config mode) or one or
more interfaces (Interface Config mode).
Format
no storm-control broadcast
Mode
• Global Config
• Interface Config
storm-control broadcast level
Use this command to configure the broadcast storm recovery threshold for all interfaces (Global Config mode)
or one or more interfaces (Interface Config mode) as a percentage of link speed and enable broadcast storm
recovery. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic
ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate
of broadcast traffic is limited to the configured threshold.
Default
5
Format
storm-control broadcast level 0-100
Mode
• Global Config
• Interface Config
no storm-control broadcast level
This command sets the broadcast storm recovery threshold to the default value for all interfaces (Global Config
mode) or one or more interfaces (Interface Config mode) and disables broadcast storm recovery.
Format
no storm-control broadcast level
Mode
• Global Config
• Interface Config
storm-control broadcast rate
Use this command to configure the broadcast storm recovery threshold for all interfaces (Global Config mode)
or one or more interfaces (Interface Config mode) in packets per second. If the mode is enabled, broadcast
storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the
configured threshold, the traffic is dropped. Therefore, the rate of broadcast traffic is limited to the configured
threshold.
Default
5%
Format
storm-control broadcast rate 0-14880000
Mode
• Global Config
• Interface Config
September 2014
CLI Command Reference
Page 353
HP Moonshot Switch Module CLI Command Reference
Storm-Control Commands
no storm-control broadcast rate
This command sets the broadcast storm recovery threshold to the default value for all interfaces (Global Config
mode) or one or more interfaces (Interface Config mode) and disables broadcast storm recovery.
Format
no storm-control broadcast rate
Mode
• Global Config
• Interface Config
storm-control multicast
This command enables multicast storm recovery mode for all interfaces (Global Config mode) or one or more
interfaces (Interface Config mode). If the mode is enabled, multicast storm recovery is active, and if the rate of
L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be
dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold.
Default
disabled
Format
storm-control multicast
Mode
• Global Config
• Interface Config
no storm-control multicast
This command disables multicast storm recovery mode for all interfaces (Global Config mode) or one or more
interfaces (Interface Config mode).
Format
no storm-control multicast
Mode
• Global Config
• Interface Config
storm-control multicast level
This command configures the multicast storm recovery threshold for all interfaces (Global Config mode) or one
or more interfaces (Interface Config mode) as a percentage of link speed and enables multicast storm recovery
mode. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing
on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of
multicast traffic will be limited to the configured threshold.
Default
5
Format
storm-control multicast level 0-100
Mode
• Global Config
• Interface Config
September 2014
CLI Command Reference
Page 354
HP Moonshot Switch Module CLI Command Reference
Storm-Control Commands
no storm-control multicast level
This command sets the multicast storm recovery threshold to the default value for all interfaces (Global Config
mode) or one or more interfaces (Interface Config mode) and disables multicast storm recovery.
Format
no storm-control multicast level 0-100
Mode
• Global Config
• Interface Config
storm-control multicast rate
Use this command to configure the multicast storm recovery threshold for all interfaces (Global Config mode)
or one or more interfaces (Interface Config mode) in packets per second. If the mode is enabled, multicast
storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the
configured threshold, the traffic is dropped. Therefore, the rate of multicast traffic is limited to the configured
threshold.
Default
0
Format
storm-control multicast rate 0-14880000
Mode
• Global Config
• Interface Config
no storm-control multicast rate
This command sets the multicast storm recovery threshold to the default value for all interfaces (Global Config
mode) or one or more interfaces (Interface Config mode) and disables multicast storm recovery.
Format
no storm-control multicast rate
Mode
• Global Config
• Interface Config
storm-control unicast
This command enables unicast storm recovery mode for all interfaces (Global Config mode) or one or more
interfaces (Interface Config mode). If the mode is enabled, unicast storm recovery is active, and if the rate of
unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the
configured threshold, the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be limited
to the configured threshold.
Default
disabled
Format
storm-control unicast
Mode
• Global Config
• Interface Config
September 2014
CLI Command Reference
Page 355
HP Moonshot Switch Module CLI Command Reference
Storm-Control Commands
no storm-control unicast
This command disables unicast storm recovery mode for all interfaces (Global Config mode) or one or more
interfaces (Interface Config mode).
Format
no storm-control unicast
Mode
• Global Config
• Interface Config
storm-control unicast level
This command configures the unicast storm recovery threshold for all interfaces (Global Config mode) or one
or more interfaces (Interface Config mode) as a percentage of link speed, and enables unicast storm recovery.
If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination
lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be
dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured threshold.This
command also enables unicast storm recovery mode for an interface.
Default
5
Format
storm-control unicast level 0-100
Mode
• Global Config
• Interface Config
no storm-control unicast level
This command sets the unicast storm recovery threshold to the default value for all interfaces (Global Config
mode) or one or more interfaces (Interface Config mode) and disables unicast storm recovery.
Format
no storm-control unicast level
Mode
• Global Config
• Interface Config
storm-control unicast rate
Use this command to configure the unicast storm recovery threshold for all interfaces (Global Config mode) or
one or more interfaces (Interface Config mode) in packets per second. If the mode is enabled, unicast storm
recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the
configured threshold, the traffic is dropped. Therefore, the rate of unicast traffic is limited to the configured
threshold.
Default
0
Format
storm-control unicast rate 0-14880000
Mode
• Global Config
• Interface Config
September 2014
CLI Command Reference
Page 356
Storm-Control Commands
HP Moonshot Switch Module CLI Command Reference
no storm-control unicast rate
This command sets the unicast storm recovery threshold to the default value for all interfaces (Global Config
mode) or one or more interfaces (Interface Config mode) and disables unicast storm recovery.
Format
no storm-control unicast rate
Mode
• Global Config
• Interface Config
show storm-control
This command displays switch configuration information. If you do not use any of the optional parameters, this
command displays global storm control configuration parameters:
• Broadcast Storm Recovery Mode may be enabled or disabled. The factory default is disabled.
• 802.3x Flow Control Mode may be enabled or disabled. The factory default is disabled.
Use the all keyword to display the per-port configuration parameters for all interfaces, or specify the unit/
slot/port to display information about a specific interface.
show storm-control [all | unit/slot/port]
Format
Mode
Privileged EXEC
Parameter
Definition
Bcast Mode
Shows whether the broadcast storm control mode is enabled or disabled. The factory
default is disabled.
The broadcast storm control level.
Shows whether the multicast storm control mode is enabled or disabled.
The multicast storm control level.
Shows whether the Unknown Unicast or DLF (Destination Lookup Failure) storm control
mode is enabled or disabled.
The Unknown Unicast or DLF (Destination Lookup Failure) storm control level.
Bcast Level
Mcast Mode
Mcast Level
Ucast Mode
Ucast Level
Example: The following shows example CLI display output for the command.
(Routing) #show storm-control
(Routing) #show storm-control
Broadcast Storm Control Mode...................
Broadcast Storm Control Level..................
Multicast Storm Control Mode...................
Multicast Storm Control Level..................
Unicast Storm Control Mode.....................
Unicast Storm Control Level....................
September 2014
Disable
5 percent
Disable
5 percent
Disable
5 percent
CLI Command Reference
Page 357
HP Moonshot Switch Module CLI Command Reference
Storm-Control Commands
Example: The following shows example CLI display output for the command.
(Routing) #show storm-control 0/1
Bcast
Bcast
Mcast
Mcast
Ucast
Ucast
Intf
Mode
Level
Mode
Level
Mode
Level
------ ------- -------- ------- -------- ------- -------1/0/1 Disable
5% Disable
5% Disable
5%
Example: The following shows an example of part of the CLI display output for the command.
(Routing) #show storm-control all
Intf
-----1/0/1
1/0/2
1/0/3
1/0/4
1/0/5
Bcast
Bcast
Mcast
Mcast
Ucast
Ucast
Mode
Level
Mode
Level
Mode
Level
------- -------- ------- -------- ------- -------Disable
5% Disable
5% Disable
5%
Disable
5% Disable
5% Disable
5%
Disable
5% Disable
5% Disable
5%
Disable
5% Disable
5% Disable
5%
Disable
5% Disable
5% Disable
5%
September 2014
CLI Command Reference
Page 358
Link Local Protocol Filtering Commands
HP Moonshot Switch Module CLI Command Reference
Link Local Protocol Filtering Commands
Link Local Protocol Filtering (LLPF) allows the switch to filter out multiple proprietary protocol PDUs, such as
Port Aggregation Protocol (PAgP), if the problems occur with proprietary protocols running on standards-based
switches. If certain protocol PDUs cause unexpected results, LLPF can be enabled to prevent those protocol
PDUs from being processed by the switch.
llpf
Use this command to block LLPF protocol(s) on a port.
Default
disable
Format
llpf {blockall | blockdtp | blockisdp | blockpagp| blocksstp | blockudld| blockvtp}
Mode
Interface Config
no llpf
Use this command to unblock LLPF protocol(s) on a port.
Format
no llpf {blockall | blockdtp | blockisdp | blockpagp| blocksstp | blockudld| blockvtp}
Mode
Interface Config
show llpf interface
Use this command to display the status of LLPF rules configured on a particular port or on all ports.
.
Format
show llpf interface unit/slot/port
Mode
Privileged EXEC
Term
Definition
Block ISDP
Block VTP
Block DTP
Block UDLD
Block PAGP
Block SSTP
Block All
Shows whether the port blocks ISDP PDUs.
Shows whether the port blocks VTP PDUs.
Shows whether the port blocks DTP PDUs.
Shows whether the port blocks UDLD PDUs.
Shows whether the port blocks PAgP PDUs.
Shows whether the port blocks SSTP PDUs.
Shows whether the port blocks all proprietary PDUs available for the LLDP feature.
September 2014
CLI Command Reference
Page 359
HP Moonshot Switch Module CLI Command Reference
MMRP Commands
MMRP Commands
mmrp (Global Config)
Use the mmrp command in Global Config mode to enable MMRP. MMRP must also be enabled on the individual
interfaces.
Default
disabled
Format
mmrp
Mode
Global Config
no mmrp (Global Config)
Use the no mmrp command in Global Config mode to disable MMRP.
Format
no mmrp
Mode
Global Config
mmrp periodic state machine
Use the mmrp periodic state machine command in Global Config mode to enable MMRP periodic state
machine.
Default
disabled
Format
mmrp periodic state machine
Mode
Global Config
no mmrp periodic state machine
Use the no mmrp periodic state machine command in Global Config mode to disable MMRP periodic state
machine.
Format
no mmrp periodic state machine
Mode
Global Config
September 2014
CLI Command Reference
Page 360
HP Moonshot Switch Module CLI Command Reference
MMRP Commands
mmrp (Interface Config)
Use the mmrp command in Interface Config mode on the interface. MMRP can be enabled on physical interfaces
or LAG interfaces. When configured on a LAG member port, MMRP is operationally disabled. Enabling MMRP
on an interface automatically enables dynamic MFDB entries creation.
Default
disabled
Format
mmrp
Mode
Interface Config
no mmrp (Interface Config)
Use the no mmrp command in Interface Config mode to disable MMRP mode on the interface.
Format
no mmrp
Mode
Interface Config
clear mmrp statistics
Use the clear mmrp command in Privileged EXEC mode to clear MMRP statistics of one or all interfaces.
Format
clear mmrp statistics [unit/slot/port|all]
Mode
Privileged EXEC
Parameter
Description
unit/slot/port
If used with unit/slot/port parameter, the command clears MMRP statistics for the given
interface.
If the all parameter is specified, the command clears MMRP statistics for all the interfaces.
all
September 2014
CLI Command Reference
Page 361
HP Moonshot Switch Module CLI Command Reference
MMRP Commands
show mmrp
Use the show mmrp command in Privileged EXEC mode to display the status of the MMRP mode on the switch,
on a specified interface, or on all interfaces.
Format
show mmrp {interface [unit/slot/port [summary] | summary]}
Mode
Privileged EXEC
When the command is issued with the interface keyword and an interface is specified, the administrative
mode of MMRP for the interface displays. If the interface summary keywords are used, the administrative
mode for all interfaces is displayed.
The following table shows the fields that display when the command is issued with the summary keyword.
Parameter
Description
MMRP Global Admin Mode
The administrative mode of MMRP on the switch.
MMRP Periodic State Machine Indicates whether the MMRP periodic state machine on the switch is
currently enabled or disabled.
The following shows example CLI display output for the command.
(Routing) #show mmrp summary
MMRP Global Admin Mode......................... Disabled
MMRP Periodic State Machine.................... Disabled
(Routing) #show mmrp interface 1/0/12
MMRP Interface Admin Mode...................... Disabled
(Routing) #show mmrp interface summary
Intf
--------0/1
0/2
0/3
0/4
0/5
0/6
0/7
0/8
0/9
0/10
0/11
0/12
0/13
0/14
Mode
--------Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
September 2014
CLI Command Reference
Page 362
MMRP Commands
HP Moonshot Switch Module CLI Command Reference
show mmrp statistics
Use the show mmrp statistics command in Privileged EXEC mode to display statistical information about the
MMRP PDUs sent and received on the interface.
Format
show mmrp statistics {unit/slot/port | all | summary}
Mode
Privileged EXEC
The following statistics display when the summary or unit/slot/port keywords are used. Using the summary
keyword displays global statistics, and using the unit/slot/port keyword displays per-interface statistics.
Parameter
Description
MMRP messages received
MMRP messages received
with bad header
MMRP messages received
with bad format
MMRP messages transmitted
MMRP messages failed to
transmit
Total number of MMRP messages received.
Total number of MMRP frames with bad headers received
Total number of MMRP frames with bad PDUs body formats received
Total number of MMRP frames that sent
Total number of MMRP frames that failed to be transmitted
The following statistics display when the all keyword is used.
Parameter
Description
Intf
Rx
Bad Header
Bad Format
Tx
Tx Failed
The interface associated with the rest of the data in the row.
Total number of MMRP messages received.
Total number of MMRP frames with bad headers received
Total number of MMRP frames with bad PDUs body formats received
Total number of MMRP frames that sent
Total number of MMRP frames that failed to be transmitted
September 2014
CLI Command Reference
Page 363
HP Moonshot Switch Module CLI Command Reference
MVRP Commands
MVRP Commands
mvrp (Global Config)
Use the mvrp command in Global Configuration mode to enable MVRP. MVRP must also be enabled on the
individual interfaces.
Default
enabled
Format
mvrp
Mode
Global Config
no mvrp (Global Config)
Use the no mvrp command in Global Configuration mode to disable MVRP.
Format
no mvrp
Mode
Global Config
mvrp periodic state machine
Use the mvrp periodic state machine command in Global Configuration mode to enable the MVRP periodic
state machine.
Default
disabled
Format
mvrp periodic state machine
Mode
Global Config
no mvrp periodic state machine
Use the no mvrp periodic state machine command in Global Configuration mode to disable the MVRP
periodic state machine.
Format
no mvrp periodic state machine
Mode
Global Config
September 2014
CLI Command Reference
Page 364
HP Moonshot Switch Module CLI Command Reference
MVRP Commands
mvrp (Interface Config)
Use the mvrp command in Interface Configuration mode to enable MVRP mode on the interface. The port
should be configured in trunk or general mode. MVRP can be enabled on physical interfaces or LAG interfaces.
When configured on a LAG member port, MVRP is operationally disabled. Enabling MVRP on an interface
automatically enabled dynamic VLAN creation.
Default
enabled
Format
mvrp
Mode
Interface Config
no mvrp (Interface Config)
Use the no mvrp command in Interface Configuration mode to disable MVRP mode on the interface.
Format
no mvrp
Mode
Interface Config
clear mvrp
Use the clear mvrp command in Privileged EXEC mode to clear the MVRP statistics of one or all interfaces.
Format
clear mvrp statistics [unit/slot/port | all]
Mode
Privileged EXEC
Parameter
Description
unit/slot/port
If used with the unit/slot/port parameter, the command clears MVRP statistics for the given
interface.
If the all parameter is specified, the command clears MVRP statistics for all the interfaces.
all
September 2014
CLI Command Reference
Page 365
HP Moonshot Switch Module CLI Command Reference
MVRP Commands
show mvrp
Use the show mvrp command in Privileged EXEC mode to display the status of the MVRP mode.
Format
show mvrp {interface {unit/slot/port | all} | summary}
Mode
Privileged EXEC
When the interface all keywords are used, the administrative mode of MVRP on all interfaces is displayed.
When the command is issued with the interface keyword and an interface is specified, the information in the
following table is displayed.
Parameter
Description
MVRP interface state
VLANs declared
VLANs registered
The administrative mode of MVRP on the interface.
The number of VLANs that have been declared by the MVRP protocol.
The number of VLANs that have been registered by the MVRP protocol.
The following table shows the fields that display when the command is issued with the summary keyword.
Parameter
Description
MVRP global state
The administrative mode of MVRP on the switch.
MVRP Periodic State Machine The administrative mode of the MVRP periodic state machine on the switch.
State
VLANs created via MVRP
The number of VLANs that have been created on the switch by the MVRP
protocol.
Example: The following shows example CLI display output for the command.
(Routing) #show mvrp summary
MVRP global state.............................. Disabled
MVRP Periodic State Machine state.............. Disabled
VLANs created via MVRP......................... 20-45, 3001-3050
Example: The following shows example CLI display output for the command.
(Routing) #show mvrp interface 1/0/12
MVRP interface state........................... Enabled
VLANs declared................................. 20-45, 3001-3050
VLANs registered............................... none
September 2014
CLI Command Reference
Page 366
MVRP Commands
HP Moonshot Switch Module CLI Command Reference
show mvrp statistics
Use the show mvrp statistics command in Privileged EXEC mode to display MVRP statistics.
Format
show mvrp statistics {unit/slot/port | all | summary
Mode
Privileged EXEC
The following statistics display when the summary or unit/slot/port keywords are used. Using the summary
keyword displays global statistics, and using the unit/slot/port keyword displays per-interface statistics.
Parameter
Description
MVRP messages received
Total number of MVRP messages received.
MVRP messages received with Total number of MVRP frames with bad headers received
bad header
MVRP messages received with Total number of MVRP frames with bad PDUs body formats received
bad format
MVRP messages transmitted Total number of MVRP frames that sent
MVRP messages failed to
Total number of MVRP frames that failed to be transmitted
transmit
MVRP Message Queue Failures Total number of MVRP frames that were in a message queue and failed to be
transmitted.
The following statistics display when the all keyword is used.
Parameter
Description
Intf
Rx
Bad Header
Bad Format
Tx
Tx Failed
RegFails
The interface associated with the rest of the data in the row.
Total number of MVRP messages received.
Total number of MVRP frames with bad headers received
Total number of MVRP frames with bad PDUs body formats received
Total number of MVRP frames that sent
Total number of MVRP frames that failed to be transmitted
Total number of MVRP registration failures.
Example: The following shows example CLI display output for the command.
(Routing) #show mvrp statistics summary
MVRP
MVRP
MVRP
MVRP
MVRP
MVRP
messages received.........................
messages received with bad header.........
messages received with bad format.........
messages transmitted......................
messages failed to transmit...............
Message Queue Failures....................
September 2014
45
0
0
16
0
0
CLI Command Reference
Page 367
Port-Channel/LAG (802.3ad) Commands
HP Moonshot Switch Module CLI Command Reference
Example: The following shows example CLI display output for the command.
(Routing) #show mvrp statistics 0/12
Port...........................................
MVRP messages received.........................
MVRP messages received with bad header.........
MVRP messages received with bad format.........
MVRP messages transmitted......................
MVRP messages failed to transmit...............
MVRP failed reservations.......................
0/12
21
0
0
8
0
0
Port-Channel/LAG (802.3ad) Commands
This section describes the commands you use to configure port-channels, which is defined in the 802.3ad
specification, and that are also known as link aggregation groups (LAGs). Link aggregation allows you to
combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as
if it were a single link, which increases fault tolerance and provides load sharing. The LAG feature initially load
shares traffic based upon the source and destination MAC address. Assign the port-channel (LAG) VLAN
membership after you create a port-channel. If you do not assign VLAN membership, the port-channel might
become a member of the management VLAN which can result in learning and switching issues.
A port-channel (LAG) interface can be either static or dynamic, but not both. All members of a port channel
must participate in the same protocols.) A static port-channel interface does not require a partner system to
be able to aggregate its member ports.
Note: If you configure the maximum number of supported dynamic port-channels (LAGs), additional
port-channels that you configure are automatically static.
port-channel name
This command configures a name to identify the port channel. The name field is a character string which allows
the dash “-” character as well as alphanumeric characters. Use the show port-channel command to display the
unit/slot/port number for the logical interface. Instead of unit/slot/port, lag lag-group-id can be used as
an alternate way to specify the LAG interface. lag lag-group-id can also be used to specify the LAG interface
where lag-group-id is the LAG port number.
Note: Before you include a port in a port-channel, set the port physical mode. For more information,
see “speed” on page 272.
Format
port-channel name {unit/slot/port | lag lag-group-id} name
Mode
Global Config
September 2014
CLI Command Reference
Page 368
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
addport
This command adds one port to the port-channel (LAG). The first interface is a logical unit/slot/port number
of a configured port-channel. You can add a range of ports by specifying the port range when you enter
Interface Config mode (for example: interface 1/0/1-1/0/4. Instead of unit/slot/port, lag lag-group-id can
be used as an alternate way to specify the LAG interface. lag lag-group-id can also be used to specify the LAG
interface where lag-intf-num is the LAG port number.
Note: Before adding a port to a port-channel, set the physical mode of the port. For more
information, see “speed” on page 272.
Format
addport {unit/slot/port | lag lag-group-id}
Mode
Interface Config
deleteport (Interface Config)
This command deletes a port or a range of ports from the port-channel (LAG). The interface is a logical unit/
slot/port number of a configured port-channel (or range of port-channels). Instead of unit/slot/port, lag
lag-intf-num can be used as an alternate way to specify the LAG interface. lag lag-intf-num can also be used
to specify the LAG interface where lag-intf-num is the LAG port number.
Format
deleteport {unit/slot/port | lag lag-group-id}
Mode
Interface Config
deleteport (Global Config)
This command deletes all configured ports from the port-channel (LAG). The interface is a logical unit/slot/
port number of a configured port-channel. Instead of unit/slot/port, lag lag-intf-num can be used as an
alternate way to specify the LAG interface. lag lag-intf-num can also be used to specify the LAG interface
where lag-intf-num is the LAG port number.
Format
deleteport {unit/slot/port | all}
Mode
Global Config
September 2014
CLI Command Reference
Page 369
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
lacp admin key
Use this command to configure the administrative value of the key for the port-channel. The value range of key
is 0 to 65535. This command can be used to configure a single interface or a range of interfaces.
Default
0x8000
Format
lacp admin key key
Mode
Interface Config
Note: This command is applicable only to port-channel interfaces.
no lacp admin key
Use this command to configure the default administrative value of the key for the port-channel.
no lacp admin key
Format
Mode
Interface Config
lacp collector max-delay
Use this command to configure the port-channel collector max delay. This command can be used to configure
a single interface or a range of interfaces.The valid range of delay is 0-65535.
Default
0x8000
Format
lacp collector max delay delay
Mode
Interface Config
Note: This command is applicable only to port-channel interfaces.
no lacp collector max delay
Use this command to configure the default port-channel collector max delay.
no lacp collector max delay
Format
Mode
September 2014
Interface Config
CLI Command Reference
Page 370
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
lacp actor admin key
Use this command to configure the administrative value of the LACP actor admin key on an interface or range
of interfaces. The valid range for key is 0-65535.
Default
Internal Interface Number of this Physical Port
Format
lacp actor admin key key
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
no lacp actor admin key
Use this command to configure the default administrative value of the key.
Format
no lacp actor admin key
Mode
Interface Config
lacp actor admin state individual
Use this command to set LACP actor admin state to individual.
Format
lacp actor admin state individual
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
no lacp actor admin state individual
Use this command to set the LACP actor admin state to aggregation.
Format
no lacp actor admin state individual
Mode
Interface Config
September 2014
CLI Command Reference
Page 371
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
lacp actor admin state longtimeout
Use this command to set LACP actor admin state to long timeout.
Format
lacp actor admin state longtimeout
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
no lacp actor admin state longtimeout
Use this command to set the LACP actor admin state to short timeout.
Format
no lacp actor admin state longtimeout
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
lacp actor admin state passive
Use this command to set the LACP actor admin state to passive.
Format
lacp actor admin state passive
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
no lacp actor admin state passive
Use this command to set the LACP actor admin state to active.
Format
no lacp actor admin state passive
Mode
Interface Config
September 2014
CLI Command Reference
Page 372
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
lacp actor port priority
Use this command to configure the priority value assigned to the Aggregation Port for an interface or range of
interfaces. The valid range for priority is 0 to 65535.
Default
0x80
Format
lacp actor port priority 0-65535
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
no lacp actor port priority
Use this command to configure the default priority value assigned to the Aggregation Port.
Format
no lacp actor port priority
Mode
Interface Config
lacp partner admin key
Use this command to configure the administrative value of the Key for the protocol partner. This command can
be used to configure a single interface or a range of interfaces. The valid range for key is 0 to 65535.
Default
0x0
Format
lacp partner admin key key
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
no lacp partner admin key
Use this command to set the administrative value of the Key for the protocol partner to the default.
Format
no lacp partner admin key
Mode
Interface Config
September 2014
CLI Command Reference
Page 373
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
lacp partner admin state individual
Use this command to set LACP partner admin state to individual.
Format
lacp partner admin state individual
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
no lacp partner admin state individual
Use this command to set the LACP partner admin state to aggregation.
Format
no lacp partner admin state individual
Mode
Interface Config
lacp partner admin state longtimeout
Use this command to set LACP partner admin state to longtimeout.
Format
lacp partner admin state longtimeout
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
no lacp partner admin state longtimeout
Use this command to set the LACP partner admin state to short timeout
Format
.
no lacp partner admin state longtimeout
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
September 2014
CLI Command Reference
Page 374
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
lacp partner admin state passive
Use this command to set the LACP partner admin state to passive.
Format
lacp partner admin state passive
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
no lacp partner admin state passive
Use this command to set the LACP partner admin state to active.
Format
no lacp partner admin state passive
Mode
Interface Config
lacp partner port id
Use this command to configure the LACP partner port id. This command can be used to configure a single
interface or a range of interfaces. The valid range for port-id is 0 to 65535.
Default
0x80
Format
lacp partner port-id port-id
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
no lacp partner port id
Use this command to set the LACP partner port id to the default.
Format
no lacp partner port-id
Mode
Interface Config
September 2014
CLI Command Reference
Page 375
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
lacp partner port priority
Use this command to configure the LACP partner port priority. This command can be used to configure a single
interface or a range of interfaces. The valid range for priority is 0 to 65535.
Default
0x0
Format
lacp partner port priority priority
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
no lacp partner port priority
Use this command to configure the default LACP partner port priority.
Format
no lacp partner port priority
Mode
Interface Config
lacp partner system-id
Use this command to configure the 6-octet MAC Address value representing the administrative value of the
Aggregation Port’s protocol Partner’s System ID. This command can be used to configure a single interface or
a range of interfaces. The valid range of system-id is 00:00:00:00:00:00 - FF:FF:FF:FF:FF.
Default
00:00:00:00:00:00
Format
lacp partner system-id system-id
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
no lacp partner system-id
Use this command to configure the default value representing the administrative value of the Aggregation
Port’s protocol Partner’s System ID.
Format
no lacp partner system-id
Mode
Interface Config
September 2014
CLI Command Reference
Page 376
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
lacp partner system priority
Use this command to configure the administrative value of the priority associated with the Partner’s System ID.
This command can be used to configure a single interface or a range of interfaces. The valid range for priority
is 0 to 65535.
Default
0x0
Format
lacp partner system priority 0-65535
Mode
Interface Config
Note: This command is applicable only to physical interfaces.
no lacp partner system priority
Use this command to configure the default administrative value of priority associated with the Partner’s System
ID.
Format
no lacp partner system priority
Mode
Interface Config
interface lag
Use this command to enter Interface configuration mode for the specified LAG.
Format
interface lag lag-interface-number
Mode
Global Config
port-channel static
This command enables the static mode on a port-channel (LAG) interface or range of interfaces. By default the
static mode for a new port-channel is enabled, which means the port-channel is static. If the maximum number
of allowable dynamic port-channels are already present in the system, the static mode for a new port-channel
is enabled, which means the port-channel is static. You can only use this command on port-channel interfaces.
Default
enabled
Format
port-channel static
Mode
Interface Config
September 2014
CLI Command Reference
Page 377
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
no port-channel static
This command sets the static mode on a particular port-channel (LAG) interface to the default value. This
command will be executed only for interfaces of type port-channel (LAG).
Format
no port-channel static
Mode
Interface Config
port lacpmode
This command enables Link Aggregation Control Protocol (LACP) on a port or range of ports.
Default
enabled
Format
port lacpmode
Mode
Interface Config
no port lacpmode
This command disables Link Aggregation Control Protocol (LACP) on a port.
Format
no port lacpmode
Mode
Interface Config
port lacpmode enable all
This command enables Link Aggregation Control Protocol (LACP) on all ports.
Format
port lacpmode enable all
Mode
Global Config
no port lacpmode enable all
This command disables Link Aggregation Control Protocol (LACP) on all ports.
Format
no port lacpmode enable all
Mode
Global Config
September 2014
CLI Command Reference
Page 378
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
port lacptimeout (Interface Config)
This command sets the timeout on a physical interface or range of interfaces of a particular device type (actor
or partner) to either long or short timeout.
Default
long
Format
port lacptimeout {actor | partner} {long | short}
Mode
Interface Config
no port lacptimeout
This command sets the timeout back to its default value on a physical interface of a particular device type
(actor or partner).
Format
no port lacptimeout {actor | partner}
Mode
Interface Config
port lacptimeout (Global Config)
This command sets the timeout for all interfaces of a particular device type (actor or partner) to either long or
short timeout.
Default
long
Format
port lacptimeout {actor | partner} {long | short}
Mode
Global Config
no port lacptimeout
This command sets the timeout for all physical interfaces of a particular device type (actor or partner) back to
their default values.
Format
no port lacptimeout {actor | partner}
Mode
Global Config
port-channel adminmode
This command enables a port-channel (LAG). The option all sets every configured port-channel with the same
administrative mode setting.
Format
port-channel adminmode [all]
Mode
Global Config
September 2014
CLI Command Reference
Page 379
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
no port-channel adminmode
This command disables a port-channel (LAG). The option all sets every configured port-channel with the same
administrative mode setting.
Format
no port-channel adminmode [all]
Mode
Global Config
port-channel linktrap
This command enables link trap notifications for the port-channel (LAG). The interface is a logical unit/slot/
port for a configured port-channel. The option all sets every configured port-channel with the same
administrative mode setting. Instead of unit/slot/port, lag lag-intf-num can be used as an alternate way to
specify the LAG interface. lag lag-intf-num can also be used to specify the LAG interface where lag-intf-num
is the LAG port number.
Default
enabled
Format
port-channel linktrap {unit/slot/port | all | lag lag-intf-num}
Mode
Global Config
no port-channel linktrap
This command disables link trap notifications for the port-channel (LAG). The interface is a logical slot and port
for a configured port-channel. The option all sets every configured port-channel with the same administrative
mode setting.
Format
no port-channel linktrap {logical unit/slot/port | all}
Mode
Global Config
September 2014
CLI Command Reference
Page 380
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
port-channel load-balance
This command selects the load-balancing option used on a port-channel (LAG). Traffic is balanced on a portchannel (LAG) by selecting one of the links in the channel over which to transmit specific packets. The link is
selected by creating a binary pattern from selected fields in a packet, and associating that pattern with a
particular link.
Load-balancing is not supported on every device. The range of options for load-balancing may vary per device.
The unit/slot/port parameter configures a LAG interface, and the all parameter configures all LAGs.
Default
3
Format
port-channel load-balance {1 | 2 | 3 | 4 | 5 | 6 | 7} {unit/slot/port | all}
Mode
Global Config
Term
Definition
1
2
3
Source MAC, VLAN, EtherType, and incoming port associated with the packet
Destination MAC, VLAN, EtherType, and incoming port associated with the packet
Source/Destination MAC, VLAN, EtherType, and incoming port associated with the
packet
4
Source IP and Source TCP/UDP fields of the packet
5
Destination IP and Destination TCP/UDP Port fields of the packet
6
Source/Destination IP and source/destination TCP/UDP Port fields of the packet
7
Enhanced hashing mode
unit/slot/port| all The interface is a logical unit/slot/port number of a configured port-channel. all applies
the command to all currently configured port-channels.
no port-channel load-balance
This command reverts to the default load balancing configuration.
Format
no port-channel load-balance {unit/slot/port | all}
Mode
Global Config
Term
Definition
unit/slot/
port| all
Global Config Mode only: The interface is a logical unit/slot/port number of a configured
port-channel. All applies the command to all currently configured port-channels.
September 2014
CLI Command Reference
Page 381
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
port-channel local-preference
This command enables the local-preference mode on a port-channel (LAG) interface or range of interfaces. By
default, the local-preference mode for a port-channel is disabled. This command can be used only on portchannel interfaces.
Default
disable
Format
port-channel local-preference
Mode
Interface Config
no port-channel local-preference
This command disables the local-preference mode on a port-channel.
Format
no port-channel local-preference
Mode
Interface Config
port-channel min-links
This command configures the port-channel’s minimum links for LAG interfaces.
Default
1
Format
port-channel min-links 1-32
Mode
Interface Config
port-channel system priority
Use this command to configure port-channel system priority. The valid range of priority is 0-65535. A lower
value indicates a higher system priority
Default
32768
Format
port-channel system priority priority
Mode
Global Config
no port-channel system priority
Use this command to configure the default port-channel system priority value.
Format
no port-channel system priority
Mode
Global Config
September 2014
CLI Command Reference
Page 382
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
show lacp actor
Use this command to display LACP actor attributes. Instead of unit/slot/port, lag lag-intf-num can be used
as an alternate way to specify the LAG interface. lag lag-intf-num can also be used to specify the LAG
interface where lag-intf-num is the LAG port number.
Format
show lacp actor {unit/slot/port|all}
Mode
Global Config
The following output parameters are displayed.
Parameter
Description
System Priority
Actor Admin Key
Port Priority
Admin State
The administrative value of the Key.
The administrative value of the Key.
The priority value assigned to the Aggregation Port.
The administrative values of the actor state as transmitted by the Actor in LACPDUs.
show lacp partner
Use this command to display LACP partner attributes. Instead of unit/slot/port, lag lag-intf-num can be used
as an alternate way to specify the LAG interface. lag lag-intf-num can also be used to specify the LAG
interface where lag-intf-num is the LAG port number.
Format
show lacp actor {unit/slot/port|all}
Mode
Privileged EXEC
The following output parameters are displayed.
Parameter
Description
System Priority
System-ID
Admin Key
Port Priority
Port-ID
Admin State
The administrative value of priority associated with the Partner’s System ID.
Represents the administrative value of the Aggregation Port’s protocol Partner’s System ID.
The administrative value of the Key for the protocol Partner.
The administrative value of the Key for protocol Partner.
The administrative value of the port number for the protocol Partner.
The administrative values of the actor state for the protocol Partner.
September 2014
CLI Command Reference
Page 383
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
show port-channel brief
This command displays the static capability of all port-channel (LAG) interfaces on the device as well as a
summary of individual port-channel interfaces. Instead of unit/slot/port, lag lag-intf-num can be used as an
alternate way to specify the LAG interface. lag lag-intf-num can also be used to specify the LAG interface
where lag-intf-num is the LAG port number.
Format
show port-channel brief
Mode
• Privileged EXEC
• User EXEC
For each port-channel the following information is displayed:
Term
Definition
Logical Interface
Port-channel Name
Min
Link-State
Trap Flag
Type
Mbr Ports
Active Ports
The unit/slot/port of the logical interface.
The name of port-channel (LAG) interface.
The minimum number of links that must be up for the port channel to be up.
Shows whether the link is up or down.
Shows whether trap flags are enabled or disabled.
Shows whether the port-channel is statically or dynamically maintained.
The members of this port-channel.
The ports that are actively participating in the port-channel.
show port-channel
This command displays an overview of all port-channels (LAGs) on the switch. Instead of unit/slot/port, lag
lag-intf-num can be used as an alternate way to specify the LAG interface. lag lag-intf-num can also be used
to specify the LAG interface where lag-intf-num is the LAG port number.
Format
show port-channel {unit/slot/port | lag-intf-num | all}
Mode
• Privileged EXEC
• User EXEC
September 2014
CLI Command Reference
Page 384
HP Moonshot Switch Module CLI Command Reference
Port-Channel/LAG (802.3ad) Commands
The following table describes the information that displays when the port-channel is specified.
Term
Definition
Local Interface
Channel Name
The unit/slot/port number associated with the port channel.
The name of this port-channel (LAG). You may enter any string of up to 15 alphanumeric
characters.
Indicates whether the Link is up or down.
May be enabled or disabled. The factory default is enabled.
The status designating whether a particular port-channel (LAG) is statically or dynamically
maintained.
• Static - The port-channel is statically maintained.
• Dynamic - The port-channel is dynamically maintained.
The minimum number of links that must be up for the port channel to be up.
Link State
Admin Mode
Type
Port-channel
Min-links
Load Balance
Option
Local Preference
Mode
Mbr Ports
Device Timeout
Port Speed
Port Active
The load balance option associated with this LAG. See “port-channel load-balance” on
page 381.
Indicates whether the local preference mode is enabled or disabled.
A listing of the ports that are members of this port-channel (LAG), in unit/slot/port
notation. There can be a maximum of eight ports assigned to a given port-channel (LAG).
For each port, lists the timeout (long or short) for Device Type (actor or partner).
Speed of the port-channel port.
This field lists ports that are actively participating in the port-channel (LAG).
The following table describes the information that displays when the all keyword is specified.
Term
Definition
Log. Interface
Channel Name
The unit/slot/port number associated with the port channel.
The name of this port-channel (LAG). You may enter any string of up to 15 alphanumeric
characters.
The minimum number of links that must be up for the port channel to be up.
The link state for the port channel, which is either up or down.
May be enabled or disabled. The factory default is enabled.
The status designating whether a particular port-channel (LAG) is statically or dynamically
maintained.
• Static - The port-channel is statically maintained.
• Dynamic - The port-channel is dynamically maintained.
A listing of the ports that are members of this port-channel (LAG), in unit/slot/port
notation. There can be a maximum of eight ports assigned to a given port-channel (LAG).
For each port, lists the timeout (long or short) for Device Type (actor or partner).
Speed of the port-channel port.
This field lists ports that are actively participating in the port-channel (LAG).
Min
Link
Admin Mode
Type
Mbr Ports
Device Timeout
Port Speed
Port Active
September 2014
CLI Command Reference
Page 385
Port-Channel/LAG (802.3ad) Commands
HP Moonshot Switch Module CLI Command Reference
Example: The following shows example CLI display output for the command.
(Routing) #show port-channel 1
Local Interface................................
Channel Name...................................
Link State.....................................
Admin Mode.....................................
Type...........................................
Port-channel Min-links.........................
Load Balance Option............................
(Src/Dest MAC, VLAN, EType, incoming port)
0/3/1
ch1
Down
Enabled
Static
1
3
Mbr
Device/
Port
Port
Ports Timeout
Speed
Active
------ ------------- --------- ------1/0/10
actor/long
10G Full False
partner/long
show port-channel system priority
Use this command to display the port-channel system priority.
Format
show port-channel system priority
Mode
Privileged EXEC
Term
Definition
System Priority
The LACP system priority of the switch. This value is used in negotiations with the partner
device.
show port-channel counters
Use this command to display port-channel counters for the specified port.
Format
show port-channel lag-intf-num counters
Mode
Privileged EXEC
Term
Definition
Local Interface
Channel Name
Link State
Admin Mode
Port Channel Flap
Count
The valid slot/port number.
The name of this port-channel (LAG).
Indicates whether the Link is up or down.
May be enabled or disabled. The factory default is enabled.
The number of times the port-channel was inactive.
September 2014
CLI Command Reference
Page 386
Port-Channel/LAG (802.3ad) Commands
HP Moonshot Switch Module CLI Command Reference
Term
Definition
Mbr Ports
Mbr Flap
Counters
The slot/port for the port member.
The number of times a port member is inactive, either because the link is down, or the
admin state is disabled.
Example: The following shows example CLI display output for the command.
(Routing) #show port-channel 1 counters
Local Interface................................
Channel Name...................................
Link State.....................................
Admin Mode.....................................
Port Channel Flap Count........................
0/3/1
ch1
Down
Enabled
0
Mbr
Mbr Flap
Ports Counters
------ --------1/0/1
0
1/0/2
0
1/0/3
1
1/0/4
0
1/0/5
0
1/0/6
0
1/0/7
0
1/0/8
0
clear port-channel counters
Use this command to clear and reset specified port-channel and member flap counters for the specified
interface.
Format
clear port-channel {lag-intf-num | unit/slot/port} counters
Mode
Privileged EXEC
clear port-channel all counters
Use this command to clear and reset all port-channel and member flap counters for the specified interface.
Format
clear port-channel all counters
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 387
HP Moonshot Switch Module CLI Command Reference
Port Mirroring Commands
Port Mirroring Commands
Port mirroring, which is also known as port monitoring, selects network traffic that you can analyze with a
network analyzer, such as a SwitchProbe device or other Remote Monitoring (RMON) probe.
monitor session source
This command configures the monitored interface or interfaces for a monitor session (port monitoring). Use rx
to monitor only ingress packets, or use tx to monitor only egress packets. If you do not specify an {rx | tx}
option, the destination port monitors both ingress and egress packets.
A VLAN can be configured as the source to a session (all member ports of that VLAN are monitored). Remote
port mirroring is configured by adding the RSPAN VLAN ID. At the source switch, the destination is configured
as the RSPAN VLAN and at the destination switch, the source is configured as the RSPAN VLAN.
Note: The source and destination cannot be configured as remote on the same device.
The reflector-port is configured at the source switch. The reflector-port forwards the mirrored traffic
towards the destination switch.
Note: This port must be configured with RSPAN VLAN membership.
IP/MAC ACL can be attached to a session by giving the access list number/name.
Use the destination interface unit/slot/port to specify the interface to receive the monitored traffic.
Use the mode parameter to enable the administrative mode of the session. If enabled, the probe port monitors
all the traffic received and transmitted on the physical monitored port.
Use the filter parameter to filter a specified access group either by IP address or MAC address.
Format
monitor session session-id source {interface {unit/slot/port | cpu | lag lag-num}
[{rx | tx}] | vlan vlan-id | remote vlan vlan-id }
Mode
Global Config
no monitor session source
Use this command to remove the specified source interfaces or VLANs from the monitored session.
Format
.
no monitor session session-id source {interface {unit/slot/port | cpu | lag lag-num}
| vlan | remote vlan}
Mode
Global Config
September 2014
CLI Command Reference
Page 388
Port Mirroring Commands
HP Moonshot Switch Module CLI Command Reference
monitor session destination
This command configures a probe port or reflector port for a monitor session (port monitoring). The
destination port usually has a network analyzer attached. The reflector-port is configured at the source
switch and forwards the mirrored traffic towards the destination switch.
Note: The source and destination cannot be configured as remote on the same device.
Note: The reflector port must be configured with RSPAN VLAN membership.
Use the destination interface unit/slot/port to specify the interface to receive the monitored traffic.
Format
monitor session session-id destination {interface unit/slot/port |remote vlan vlan-id
reflector-port unit/slot/port}
Mode
Global Config
no monitor session destination
Use this command to remove the specified interface or reflector port from the port monitoring session.
Format
.
no monitor session session-id destination {interface |remote vlan}
Mode
Global Config
monitor session mode
This command to enable the administrative mode of the session. If enabled, the probe port monitors all the
traffic received and transmitted on the physical monitored port.
Format
monitor session session-id mode
Mode
Global Config
no monitor session mode
Use this command to disable the port monitoring session.
.
Note: Since the current version of HP Moonshot software only supports one session, the behavior of
this command is similar to the behavior of the no monitor command.
Format
no monitor session session-id mode
Mode
Global Config
September 2014
CLI Command Reference
Page 389
HP Moonshot Switch Module CLI Command Reference
Port Mirroring Commands
monitor session filter
Use this command to filter the traffic that is monitored. The ACL that is used to filter the traffic must already
exist on the system before it can be attached to the port monitoring session.
Format
monitor session session-id filter {ip access-group acl-id/aclname |mac access-group
acl-name}
Mode
Global Config
no monitor session
Use this command to remove the MAC or IP ACL filter from the port mirroring session.
Format
no monitor session session-id filter {ip access-group | mac access-group}
Mode
Global Config
no monitor
This command removes all the source ports and a destination port for the and restores the default value for
mirroring session mode for all the configured sessions.
Note: This is a stand-alone “no” command. This command does not have a “normal” form.
Default
enabled
Format
no monitor
Mode
Global Config
September 2014
CLI Command Reference
Page 390
HP Moonshot Switch Module CLI Command Reference
Port Mirroring Commands
show monitor session
This command displays the Port monitoring information for a particular mirroring session.
Note: The session-id parameter is an integer value used to identify the session. In the current
version of the software, the session-id parameter is always one (1).
Format
show monitor session session-id
Mode
Privileged EXEC
Term
Definition
Session ID
An integer value used to identify the session. Its value can be anything between 1 and the
maximum number of mirroring sessions allowed on the platform.
Indicates whether the Port Mirroring feature is enabled or disabled for the session
identified with session-id. The possible values are Enabled and Disabled.
Probe port (destination port) for the session identified with session-id. If probe port is not
set then this field is blank.
All member ports of this VLAN are mirrored. If the source VLAN is not configured, this field
is blank.
The ports that are configured as the mirrored ports (source ports) for the session identified
with session-id. If no source port is configured for the session then this field is blank.
The reflector port, which is the port that carries all the mirrored traffic from the source
switch toward the destination switch.
The source VLAN is configured at the destination switch. If the remote VLAN is not
configured, this field is blank.
The destination VLAN is configured at the source switch. If the remote VLAN is not
configured, this field is blank.
Direction in which source port configured for port mirroring.Types are tx for transmitted
packets and rx for receiving packets.
The IP access-list id or name attached to the port mirroring session.
The MAC access-list name attached to the port mirroring session.
Admin Mode
Probe Port
Src VLAN
Mirrored Port
Ref. Port
Src RVLAN
Dst RVLAN
Type
IP ACL
MAC ACL
September 2014
CLI Command Reference
Page 391
HP Moonshot Switch Module CLI Command Reference
Static MAC Filtering Commands
show vlan remote-span
This command displays the configured RSPAN VLAN.
Format
show vlan remote-span
Mode
Privileged Exec Mode
Example: The following shows example output for the command.
(Routing)# show vlan remote-span
Remote SPAN VLAN
-----------------------------------------------------------------------100
Static MAC Filtering Commands
The commands in this section describe how to configure static MAC filtering. Static MAC filtering allows you to
configure destination ports for a static multicast MAC filter irrespective of the platform.
macfilter
This command adds a static MAC filter entry for the MAC address macaddr on the VLAN vlanid. The value of
the macaddr parameter is a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The restricted MAC
Addresses are: 00:00:00:00:00:00, 01:80:C2:00:00:00 to 01:80:C2:00:00:0F, 01:80:C2:00:00:20 to
01:80:C2:00:00:21, and FF:FF:FF:FF:FF:FF. The vlanid parameter must identify a valid VLAN.
The number of static mac filters supported on the system is different for MAC filters where source ports are
configured and MAC filters where destination ports are configured.
• For unicast MAC address filters and multicast MAC address filters with source port lists, the maximum
number of static MAC filters supported is 20.
• For multicast MAC address filters with destination ports configured, the maximum number of static filters
supported is 256. You can configure the following combinations:
– Unicast MAC and source port (max = 20)
– Multicast MAC and source port (max = 20)
– Multicast MAC and destination port (only) (max = 256)
– Multicast MAC and source ports and destination ports (max = 20)
Format
macfilter macaddr vlanid
Mode
Global Config
September 2014
CLI Command Reference
Page 392
HP Moonshot Switch Module CLI Command Reference
Static MAC Filtering Commands
no macfilter
This command removes all filtering restrictions and the static MAC filter entry for the MAC address macaddr on
the VLAN vlanid. The macaddr parameter must be specified as a 6-byte hexadecimal number in the format of
b1:b2:b3:b4:b5:b6.
The vlanid parameter must identify a valid VLAN.
Format
no macfilter macaddr vlanid
Mode
Global Config
macfilter adddest
Use this command to add the interface or range of interfaces to the destination filter set for the MAC filter with
the given macaddr and VLAN of vlanid. The macaddr parameter must be specified as a 6-byte hexadecimal
number in the format of b1:b2:b3:b4:b5:b6. The vlanid parameter must identify a valid VLAN.
Note: Configuring a destination port list is only valid for multicast MAC addresses.
Format
macfilter adddest macaddr
Mode
Interface Config
no macfilter adddest
This command removes a port from the destination filter set for the MAC filter with the given macaddr and
VLAN of vlanid. The macaddr parameter must be specified as a 6-byte hexadecimal number in the format of
b1:b2:b3:b4:b5:b6. The vlanid parameter must identify a valid VLAN.
Format
no macfilter adddest macaddr
Mode
Interface Config
macfilter adddest all
This command adds all interfaces to the destination filter set for the MAC filter with the given macaddr and
VLAN of vlanid. The macaddr parameter must be specified as a 6-byte hexadecimal number in the format of
b1:b2:b3:b4:b5:b6. The vlanid parameter must identify a valid VLAN.
Note: Configuring a destination port list is only valid for multicast MAC addresses.
Format
macfilter adddest all macaddr
Mode
Global Config
September 2014
CLI Command Reference
Page 393
HP Moonshot Switch Module CLI Command Reference
Static MAC Filtering Commands
no macfilter adddest all
This command removes all ports from the destination filter set for the MAC filter with the given macaddr and
VLAN of vlanid. The macaddr parameter must be specified as a 6-byte hexadecimal number in the format of
b1:b2:b3:b4:b5:b6. The vlanid parameter must identify a valid VLAN.
Format
no macfilter adddest all macaddr
Mode
Global Config
macfilter addsrc
This command adds the interface or range of interfaces to the source filter set for the MAC filter with the MAC
address of macaddr and VLAN of vlanid. The macaddr parameter must be specified as a 6-byte hexadecimal
number in the format of b1:b2:b3:b4:b5:b6. The vlanid parameter must identify a valid VLAN.
Format
macfilter addsrc macaddr vlanid
Mode
Interface Config
no macfilter addsrc
This command removes a port from the source filter set for the MAC filter with the MAC address of macaddr
and VLAN of vlanid. The macaddr parameter must be specified as a 6-byte hexadecimal number in the format
of b1:b2:b3:b4:b5:b6. The vlanid parameter must identify a valid VLAN.
Format
no macfilter addsrc macaddr vlanid
Mode
Interface Config
macfilter addsrc all
This command adds all interfaces to the source filter set for the MAC filter with the MAC address of macaddr
and vlanid. You must specify the macaddr parameter as a 6-byte hexadecimal number in the format of
b1:b2:b3:b4:b5:b6. The vlanid parameter must identify a valid VLAN.
Format
macfilter addsrc all macaddr vlanid
Mode
Global Config
September 2014
CLI Command Reference
Page 394
HP Moonshot Switch Module CLI Command Reference
Static MAC Filtering Commands
no macfilter addsrc all
This command removes all interfaces to the source filter set for the MAC filter with the MAC address of macaddr
and VLAN of vlanid. You must specify the macaddr parameter as a 6-byte hexadecimal number in the format of
b1:b2:b3:b4:b5:b6.
The vlanid parameter must identify a valid VLAN.
Format
no macfilter addsrc all macaddr vlanid
Mode
Global Config
show mac-address-table static
This command displays the Static MAC Filtering information for all Static MAC Filters. If you specify all, all the
Static MAC Filters in the system are displayed. If you supply a value for macaddr, you must also enter a value for
vlanid, and the system displays Static MAC Filter information only for that MAC address and VLAN.
Format
show mac-address-table static {macaddr vlanid | all}
Mode
Privileged EXEC
Term
Definition
MAC Address
VLAN ID
Source Port(s)
The MAC Address of the static MAC filter entry.
The VLAN ID of the static MAC filter entry.
The source port filter set's slot and port(s).
Note: Only multicast address filters will have destination port lists.
show mac-address-table staticfiltering
This command displays the Static Filtering entries in the Multicast Forwarding Database (MFDB) table.
Format
show mac-address-table staticfiltering
Mode
Privileged EXEC
Term
Definition
VLAN ID
MAC Address
The VLAN in which the MAC Address is learned.
A unicast MAC address for which the switch has forwarding and or filtering information. As
the data is gleaned from the MFDB, the address will be a multicast address. The format is
6 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB.
The type of the entry. Static entries are those that are configured by the end user. Dynamic
entries are added to the table as a result of a learning process or protocol.
Type
September 2014
CLI Command Reference
Page 395
HP Moonshot Switch Module CLI Command Reference
DHCP L2 Relay Agent Commands
Term
Definition
Description
Interfaces
The text description of this multicast table entry.
The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
DHCP L2 Relay Agent Commands
You can enable the switch to operate as a DHCP Layer 2 relay agent to relay DHCP requests from clients to a
Layer 3 relay agent or server. The Circuit ID and Remote ID can be added to DHCP requests relayed from clients
to a DHCP server. This information is included in DHCP Option 82, as specified in sections 3.1 and 3.2 of
RFC3046.
dhcp l2relay
This command enables the DHCP Layer 2 Relay agent for an interface a range of interfaces in, or all interfaces.
The subsequent commands mentioned in this section can only be used when the DHCP L2 relay is enabled.
Format
dhcp l2relay
Mode
• Global Config
• Interface Config
no dhcp l2relay
This command disables DHCP Layer 2 relay agent for an interface or range of interfaces.
Format
no dhcp l2relay
Mode
• Global Config
• Interface Config
dhcp l2relay circuit-id vlan
This parameter sets the DHCP Option-82 Circuit ID for a VLAN. When enabled, the interface number is added
as the Circuit ID in DHCP option 82.
Format
dhcp l2relay circuit-id vlan vlan-list
Mode
Global Config
Parameter
Description
vlan–list
The VLAN ID. The range is 1–4093. Separate non-consecutive IDs with a comma (,) no
spaces and no zeros in between the range. Use a dash (–) for the range.
September 2014
CLI Command Reference
Page 396
HP Moonshot Switch Module CLI Command Reference
DHCP L2 Relay Agent Commands
no dhcp l2relay circuit-id vlan
This parameter clears the DHCP Option-82 Circuit ID for a VLAN.
Format
no dhcp l2relay circuit-id vlan vlan-list
Mode
Global Config
dhcp l2relay remote-id vlan
This parameter sets the DHCP Option-82 Remote ID for a VLAN and subscribed service (based on subscriptionname).
Format
dhcp l2relay remote-id remote-id-string vlan vlan-list
Mode
Global Config
Parameter
Description
vlan–list
The VLAN ID. The range is 1–4093. Separate non-consecutive IDs with a comma (,) no
spaces and no zeros in between the range. Use a dash (–) for the range.
no dhcp l2relay remote-id vlan
This parameter clears the DHCP Option-82 Remote ID for a VLAN and subscribed service (based on
subscription-name).
Format
no dhcp l2relay remote-id vlan vlan-list
Mode
Global Config
dhcp l2relay trust
Use this command to configure an interface or range of interfaces as trusted for Option-82 reception.
Default
untrusted
Format
dhcp l2relay trust
Mode
Interface Config
no dhcp l2relay trust
Use this command to configure an interface to the default untrusted for Option-82 reception.
Format
no dhcp l2relay trust
Mode
Interface Config
September 2014
CLI Command Reference
Page 397
HP Moonshot Switch Module CLI Command Reference
DHCP L2 Relay Agent Commands
dhcp l2relay vlan
Use this command to enable the DHCP L2 Relay agent for a set of VLANs. All DHCP packets which arrive on
interfaces in the configured VLAN are subject to L2 Relay processing.
Default
disable
Format
dhcp l2relay vlan vlan-list
Mode
Global Config
Parameter
Description
vlan–list
The VLAN ID. The range is 1–4093. Separate non-consecutive IDs with a comma (,) no
spaces and no zeros in between the range. Use a dash (–) for the range.
no dhcp l2relay vlan
Use this command to disable the DHCP L2 Relay agent for a set of VLANs.
Format
no dhcp l2relay vlan vlan-list
Mode
Global Config
show dhcp l2relay all
This command displays the summary of DHCP L2 Relay configuration.
Format
show dhcp l2relay all
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show dhcp l2relay all
DHCP L2 Relay is Enabled.
Interface L2RelayMode
---------- ----------1/0/2
Enabled
1/0/4
Disabled
TrustMode
-------------untrusted
trusted
VLAN Id
L2 Relay CircuitId RemoteId
--------- ---------- ----------- -----------3
Disabled
Enabled
--NULL-5
Enabled
Enabled
--NULL-6
Enabled
Enabled
hp
7
Enabled
Disabled
--NULL-8
Enabled
Disabled
--NULL-9
Enabled
Disabled
--NULL-10
Enabled
Disabled
--NULL--
September 2014
CLI Command Reference
Page 398
HP Moonshot Switch Module CLI Command Reference
DHCP L2 Relay Agent Commands
show dhcp l2relay circuit-id vlan
This command displays DHCP circuit-id vlan configuration.
Format
show dhcp l2relay circuit-id vlan vlan-list
Mode
Privileged EXEC
Parameter
Description
vlan-list
Enter VLAN IDs in the range 1–4093. Use a dash (–) to specify a range or a comma (,) to
separate VLAN IDs in a list. Spaces and zeros are not permitted.
show dhcp l2relay interface
This command displays DHCP L2 relay configuration specific to interfaces.
Format
show dhcp l2relay interface {all | interface-num}
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show dhcp l2relay interface all
DHCP L2 Relay is
Enabled.
Interface L2RelayMode
---------- ----------1/0/2
Enabled
1/0/4
Disabled
TrustMode
-------------untrusted
trusted
show dhcp l2relay remote-id vlan
This command displays DHCP Remote-id vlan configuration.
Format
show dhcp l2relay remote-id vlan vlan-list
Mode
Privileged EXEC
Parameter
Description
vlan-list
Enter VLAN IDs in the range 1–4093. Use a dash (–) to specify a range or a comma (,) to
separate VLAN IDs in a list. Spaces and zeros are not permitted.
September 2014
CLI Command Reference
Page 399
HP Moonshot Switch Module CLI Command Reference
DHCP L2 Relay Agent Commands
show dhcp l2relay stats interface
This command displays statistics specific to DHCP L2 Relay configured interface.
Format
show dhcp l2relay stats interface {all | interface-num}
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show dhcp l2relay stats interface all
DHCP L2 Relay is
Interface
--------1/0/1
1/0/2
1/0/3
Enabled.
UntrustedServer
UntrustedClient TrustedServer
TrustedClient
MsgsWithOpt82
MsgsWithOpt82
MsgsWithoutOpt82 MsgsWithoutOpt82
--------------- ----------------- ----------------- -------------0
0
0
0
0
0
3
7
0
0
0
0
show dhcp l2relay agent-option vlan
This command displays the DHCP L2 Relay Option-82 configuration specific to VLAN.
Format
show dhcp l2relay agent-option vlan vlan-range
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show dhcp l2relay agent-option vlan 5-10
DHCP L2 Relay is
Enabled.
VLAN Id
L2 Relay
--------- ---------5
Enabled
6
Enabled
7
Enabled
8
Enabled
9
Enabled
10
Enabled
September 2014
CircuitId RemoteId
----------- -----------Enabled
--NULL-Enabled
hp
Disabled
--NULL-Disabled
--NULL-Disabled
--NULL-Disabled
--NULL--
CLI Command Reference
Page 400
HP Moonshot Switch Module CLI Command Reference
DHCP Client Commands
show dhcp l2relay vlan
This command displays DHCP vlan configuration.
Format
show dhcp l2relay vlan vlan-list
Mode
Privileged EXEC
Parameter
Description
vlan-list
Enter VLAN IDs in the range 1–4093. Use a dash (–) to specify a range or a comma (,) to
separate VLAN IDs in a list. Spaces and zeros are not permitted.
clear dhcp l2relay statistics interface
Use this command to reset the DHCP L2 relay counters to zero. Specify the port with the counters to clear, or
use the all keyword to clear the counters on all ports.
Format
clear dhcp l2relay statistics interface {unit/slot/port | all}
Mode
Privileged EXEC
DHCP Client Commands
The HP Moonshot Switch Module can include vendor and configuration information in DHCP client requests
relayed to a DHCP server. This information is included in DHCP Option 60, Vendor Class Identifier. The
information is a string of 128 octets.
dhcp client vendor-id-option
This command enables the inclusion of DHCP Option-60, Vendor Class Identifier included in the requests
transmitted to the DHCP server by the DHCP client operating in the HP Moonshot Switch Module.
Format
dhcp client vendor-id-option
Mode
Global Config
no dhcp client vendor-id-option
This command disables the inclusion of DHCP Option-60, Vendor Class Identifier included in the requests
transmitted to the DHCP server by the DHCP client operating in the HP Moonshot Switch Module.
Format
no dhcp client vendor-id-option
Mode
Global Config
September 2014
CLI Command Reference
Page 401
HP Moonshot Switch Module CLI Command Reference
DHCP Client Commands
dhcp client vendor-id-option-string
This parameter sets the DHCP Vendor Option-60 string to be included in the requests transmitted to the DHCP
server by the DHCP client operating in the HP Moonshot Switch Module. The string is the vendor ID suboption
string, which can be 0–128 characters.
Format
dhcp client vendor-id-option-string string
Mode
Global Config
no dhcp client vendor-id-option-string
This parameter clears the DHCP Vendor Option-60 string.
Format
no dhcp client vendor-id-option-string
Mode
Global Config
show dhcp client vendor-id-option
This command displays the configured administration mode of the vendor-id-option and the vendor-id string
to be included in Option-43 in DHCP requests.
Format
show dhcp client vendor-id-option
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show dhcp client vendor-id-option
DHCP Client Vendor Identifier Option is Enabled
DHCP Client Vendor Identifier Option string is HPClient.
September 2014
CLI Command Reference
Page 402
HP Moonshot Switch Module CLI Command Reference
DHCP Snooping Configuration Commands
DHCP Snooping Configuration Commands
This section describes commands you use to configure DHCP Snooping.
ip dhcp snooping
Use this command to enable DHCP Snooping globally.
Default
disabled
Format
ip dhcp snooping
Mode
Global Config
no ip dhcp snooping
Use this command to disable DHCP Snooping globally.
Format
no ip dhcp snooping
Mode
Global Config
ip dhcp snooping vlan
Use this command to enable DHCP Snooping on a list of comma-separated VLAN ranges.
Default
disabled
Format
ip dhcp snooping vlan vlan-list
Mode
Global Config
no ip dhcp snooping vlan
Use this command to disable DHCP Snooping on VLANs.
Format
no ip dhcp snooping vlan vlan-list
Mode
Global Config
ip dhcp snooping verify mac-address
Use this command to enable verification of the source MAC address with the client hardware address in the
received DCHP message.
Default
enabled
Format
ip dhcp snooping verify mac-address
Mode
Global Config
September 2014
CLI Command Reference
Page 403
HP Moonshot Switch Module CLI Command Reference
DHCP Snooping Configuration Commands
no ip dhcp snooping verify mac-address
Use this command to disable verification of the source MAC address with the client hardware address.
Format
no ip dhcp snooping verify mac-address
Mode
Global Config
ip dhcp snooping database
Use this command to configure the persistent location of the DHCP Snooping database. This can be local or a
remote file on a given IP machine.
Default
local
Format
ip dhcp snooping database {local|tftp://hostIP/filename}
Mode
Global Config
ip dhcp snooping database write-delay
Use this command to configure the interval in seconds at which the DHCP Snooping database will be persisted.
The interval value ranges from 15 to 86400 seconds.
Default
300 seconds
Format
ip dhcp snooping database write-delay in seconds
Mode
Global Config
no ip dhcp snooping database write-delay
Use this command to set the write delay value to the default value.
Format
no ip dhcp snooping database write-delay
Mode
Global Config
ip dhcp snooping binding
Use this command to configure static DHCP Snooping binding.
Format
ip dhcp snooping binding mac-address vlan vlan_id ip_address interface {interface_id
| lag lag-group-id}
Mode
Global Config
September 2014
CLI Command Reference
Page 404
HP Moonshot Switch Module CLI Command Reference
DHCP Snooping Configuration Commands
no ip dhcp snooping binding
Use this command to remove the DHCP static entry from the DHCP Snooping database.
Format
no ip dhcp snooping binding mac-address
Mode
Global Config
ip verify binding
Use this command to configure static IP source guard (IPSG) entries.
Format
ip verify binding mac-address vlan vlan id ip address interface interface id
Mode
Global Config
no ip verify binding
Use this command to remove the IPSG static entry from the IPSG database.
Format
no ip verify binding mac-address vlan vlan id ip address interface interface id
Mode
Global Config
ip dhcp snooping limit
Use this command to control the rate at which the DHCP Snooping messages come on an interface or range of
interfaces. By default, rate limiting is disabled. When enabled, the rate can range from 0 to 300 packets per
second. The burst level range is 1 to 15 seconds.
Default
disabled (no limit)
Format
ip dhcp snooping limit {rate 0–300 [burst interval 1–15]}
Mode
Interface Config
no ip dhcp snooping limit
Use this command to set the rate at which the DHCP Snooping messages come, and the burst level, to the
defaults.
Format
no ip dhcp snooping limit
Mode
Interface Config
September 2014
CLI Command Reference
Page 405
HP Moonshot Switch Module CLI Command Reference
DHCP Snooping Configuration Commands
ip dhcp snooping log-invalid
Use this command to control the logging DHCP messages filtration by the DHCP Snooping application. This
command can be used to configure a single interface or a range of interfaces.
Default
disabled
Format
ip dhcp snooping log-invalid
Mode
Interface Config
no ip dhcp snooping log-invalid
Use this command to disable the logging DHCP messages filtration by the DHCP Snooping application.
Format
no ip dhcp snooping log-invalid
Mode
Interface Config
ip dhcp snooping trust
Use this command to configure an interface or range of interfaces as trusted.
Default
disabled
Format
ip dhcp snooping trust
Mode
Interface Config
no ip dhcp snooping trust
Use this command to configure the port as untrusted.
Format
no ip dhcp snooping trust
Mode
Interface Config
ip verify source
Use this command to configure the IPSG source ID attribute to filter the data traffic in the hardware. Source ID
is the combination of IP address and MAC address. Normal command allows data traffic filtration based on the
IP address. With the “port-security” option, the data traffic will be filtered based on the IP and MAC addresses.
This command can be used to configure a single interface or a range of interfaces.
Default
the source ID is the IP address
Format
ip verify source {port-security}
Mode
Interface Config
September 2014
CLI Command Reference
Page 406
HP Moonshot Switch Module CLI Command Reference
DHCP Snooping Configuration Commands
no ip verify source
Use this command to disable the IPSG configuration in the hardware. You cannot disable port-security alone if
it is configured.
Format
no ip verify source
Mode
Interface Config
show ip dhcp snooping
Use this command to display the DHCP Snooping global configurations and per port configurations.
Format
show ip dhcp snooping
Mode
Privileged EXEC
Term
Definition
Interface
Trusted
Log Invalid Pkts
The interface for which data is displayed.
If it is enabled, DHCP snooping considers the port as trusted. The factory default is disabled.
If it is enabled, DHCP snooping application logs invalid packets on the specified interface.
Example: The following shows example CLI display output for the command.
(Routing) #show ip dhcp snooping
DHCP
DHCP
DHCP
11 -
snooping is Disabled
snooping source MAC verification is enabled
snooping is enabled on the following VLANs:
30, 40
Interface
--------1/0/1
1/0/2
1/0/3
1/0/4
1/0/6
Trusted
-------Yes
No
No
No
No
September 2014
Log Invalid Pkts
---------------No
Yes
Yes
No
No
CLI Command Reference
Page 407
HP Moonshot Switch Module CLI Command Reference
DHCP Snooping Configuration Commands
show ip dhcp snooping binding
Use this command to display the DHCP Snooping binding entries. To restrict the output, use the following
options:
• Dynamic: Restrict the output based on DCHP snooping.
• Interface: Restrict the output based on a specific interface.
• Static: Restrict the output based on static entries.
• VLAN: Restrict the output based on VLAN.
Format
show ip dhcp snooping binding [dynamic] [interface unit/slot/port] [vlan id]
Mode
Privileged EXEC
Term
Definition
MAC Address
Displays the MAC address for the binding that was added. The MAC address is the key to
the binding database.
Displays the valid IP address for the binding rule.
The VLAN for the binding rule.
The interface to add a binding into the DHCP snooping interface.
Binding type; statically configured from the CLI or dynamically learned.
The remaining lease time for the entry.
IP Address
VLAN
Interface
Type
Lease (sec)
Example: The following shows example CLI display output for the command.
(Routing) #show ip dhcp snooping binding
Total number of bindings: 2
MAC Address
-----------------00:02:B3:06:60:80
00:0F:FE:00:13:04
September 2014
IP Address
-----------210.1.1.3
210.1.1.4
VLAN
---10
10
Interface
--------1/0/1
1/0/1
Type Lease time (Secs)
---- -----------------86400
86400
CLI Command Reference
Page 408
HP Moonshot Switch Module CLI Command Reference
DHCP Snooping Configuration Commands
show ip dhcp snooping database
Use this command to display the DHCP Snooping configuration related to the database persistency.
Format
show ip dhcp snooping database
Mode
Privileged EXEC
Term
Definition
Agent URL
Write Delay
Bindings database agent URL.
The maximum write time to write the database into local or remote.
Example: The following shows example CLI display output for the command.
(Routing) #show ip dhcp snooping database
agent url:
/10.131.13.79:/sai1.txt
write-delay:
5000
show ip dhcp snooping interfaces
Use this command to show the DHCP Snooping status of the interfaces.
Format
show ip dhcp snooping interfaces
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show ip dhcp snooping interfaces
Interface
Trust State
----------1/0/1
1/0/2
1/0/3
---------No
No
No
Rate Limit
Burst Interval
(pps)
(seconds)
----------------------15
1
15
1
15
1
(Routing) #show ip dhcp snooping interfaces ethernet 1/0/15
Interface
Trust State
----------1/0/15
---------Yes
September 2014
Rate Limit
Burst Interval
(pps)
(seconds)
----------------------15
1
CLI Command Reference
Page 409
HP Moonshot Switch Module CLI Command Reference
DHCP Snooping Configuration Commands
show ip dhcp snooping statistics
Use this command to list statistics for DHCP Snooping security violations on untrusted ports.
Format
show ip dhcp snooping statistics
Mode
Privileged EXEC
Term
Definition
Interface
MAC Verify
Failures
Client Ifc
Mismatch
DHCP Server
Msgs Rec’d
The IP address of the interface in unit/slot/port format.
Represents the number of DHCP messages that were filtered on an untrusted interface
because of source MAC address and client HW address mismatch.
Represents the number of DHCP release and Deny messages received on the different ports
than learned previously.
Represents the number of DHCP server messages received on Untrusted ports.
Example: The following shows example CLI display output for the command.
(Routing) #show ip dhcp snooping statistics
Interface
----------1/0/2
1/0/3
1/0/4
1/0/5
1/0/6
1/0/7
1/0/8
1/0/9
1/0/10
1/0/11
1/0/12
1/0/13
1/0/14
1/0/15
1/0/16
1/0/17
1/0/18
1/0/19
1/0/20
September 2014
MAC Verify
Failures
---------0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Client Ifc
Mismatch
---------0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
DHCP Server
Msgs Rec'd
----------0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
CLI Command Reference
Page 410
HP Moonshot Switch Module CLI Command Reference
DHCP Snooping Configuration Commands
clear ip dhcp snooping binding
Use this command to clear all DHCP Snooping bindings on all interfaces or on a specific interface.
Format
clear ip dhcp snooping binding [interface unit/slot/port]
Mode
Privileged EXEC
clear ip dhcp snooping statistics
Use this command to clear all DHCP Snooping statistics.
Format
clear ip dhcp snooping statistics
Mode
Privileged EXEC
show ip verify source
Use this command to display the IPSG configurations on all ports.
Format
show ip verify source
Mode
Privileged EXEC
Term
Definition
Interface
Filter Type
Interface address in unit/slot/port format.
Is one of two values:
• ip-mac: User has configured MAC address filtering on this interface.
• ip: Only IP address filtering on this interface.
IP Address
MAC Address
IP address of the interface
If MAC address filtering is not configured on the interface, the MAC Address field is empty.
If port security is disabled on the interface, then the MAC Address field displays “permitall.”
The VLAN for the binding rule.
VLAN
Example: The following shows example CLI display output for the command.
(Routing) #show ip verify source
Interface
--------0/1
0/1
Filter Type
----------ip-mac
ip-mac
September 2014
IP Address
--------------210.1.1.3
210.1.1.4
MAC Address
----------------00:02:B3:06:60:80
00:0F:FE:00:13:04
Vlan
----10
10
CLI Command Reference
Page 411
HP Moonshot Switch Module CLI Command Reference
DHCP Snooping Configuration Commands
show ip verify interface
Use this command to display the IPSG filter type for a specific interface.
Format
show ip verify interface unit/slot/port
Mode
Privileged EXEC
Term
Definition
Interface
Filter Type
Interface address in unit/slot/port format.
Is one of two values:
• ip-mac: User has configured MAC address filtering on this interface.
• ip: Only IP address filtering on this interface.
show ip source binding
Use this command to display the IPSG bindings.
Format
show ip source binding [{static/dynamic}] [interface unit/slot/port] [vlan id]
Mode
Privileged EXEC
Term
Definition
MAC Address
IP Address
Type
VLAN
Interface
The MAC address for the entry that is added.
The IP address of the entry that is added.
Entry type; statically configured from CLI or dynamically learned from DHCP Snooping.
VLAN for the entry.
IP address of the interface in unit/slot/port format.
Example: The following shows example CLI display output for the command.
(Routing) #show ip source binding
MAC Address
IP Address
Type
Vlan
Interface
----------------- --------------- ------------- ----- ------------00:00:00:00:00:08
1.2.3.4 dhcp-snooping
2
1/0/1
00:00:00:00:00:09
1.2.3.4 dhcp-snooping
3
1/0/1
00:00:00:00:00:0A
1.2.3.4 dhcp-snooping
4
1/0/1
September 2014
CLI Command Reference
Page 412
HP Moonshot Switch Module CLI Command Reference
Dynamic ARP Inspection Commands
Dynamic ARP Inspection Commands
Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI prevents
a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by
poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP requests or responses
mapping another station’s IP address to its own MAC address.
DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a binding database
of valid {MAC address, IP address, VLAN, and interface} tuples.
When DAI is enabled, the switch drops ARP packets whose sender MAC address and sender IP address do not
match an entry in the DHCP snooping bindings database. You can optionally configure additional ARP packet
validation.
ip arp inspection vlan
Use this command to enable Dynamic ARP Inspection on a list of comma-separated VLAN ranges.
Default
disabled
Format
ip arp inspection vlan vlan-list
Mode
Global Config
no ip arp inspection vlan
Use this command to disable Dynamic ARP Inspection on a list of comma-separated VLAN ranges.
Format
no ip arp inspection vlan vlan-list
Mode
Global Config
ip arp inspection validate
Use this command to enable additional validation checks like source-mac validation, destination-mac
validation, and IP address validation on the received ARP packets. Each command overrides the configuration
of the previous command. For example, if a command enables src-mac and dst-mac validations, and a second
command enables IP validation only, the src-mac and dst-mac validations are disabled as a result of the second
command.
Default
disabled
Format
ip arp inspection validate {src-mac [dst-mac] [ip] | dst-mac [ip] | ip}
Mode
Global Config
September 2014
CLI Command Reference
Page 413
HP Moonshot Switch Module CLI Command Reference
Dynamic ARP Inspection Commands
no ip arp inspection validate
Use this command to disable the additional validation checks on the received ARP packets.
Format
no ip arp inspection validate {src-mac [dst-mac] [ip] | dst-mac [ip] | ip}
Mode
Global Config
ip arp inspection vlan logging
Use this command to enable logging of invalid ARP packets on a list of comma-separated VLAN ranges.
Default
enabled
Format
ip arp inspection vlan vlan-list logging
Mode
Global Config
no ip arp inspection vlan logging
Use this command to disable logging of invalid ARP packets on a list of comma-separated VLAN ranges.
Format
no ip arp inspection vlan vlan-list logging
Mode
Global Config
ip arp inspection trust
Use this command to configure an interface or range of interfaces as trusted for Dynamic ARP Inspection.
Default
enabled
Format
ip arp inspection trust
Mode
Interface Config
no ip arp inspection trust
Use this command to configure an interface as untrusted for Dynamic ARP Inspection.
Format
no ip arp inspection trust
Mode
Interface Config
September 2014
CLI Command Reference
Page 414
HP Moonshot Switch Module CLI Command Reference
Dynamic ARP Inspection Commands
ip arp inspection limit
Use this command to configure the rate limit and burst interval values for an interface or range of interfaces.
Configuring none for the limit means the interface is not rate limited for Dynamic ARP Inspections. The
maximum pps value shown in the range for the rate option might be more than the hardware allowable limit.
Therefore you need to understand the switch performance and configure the maximum rate pps accordingly.
Note: The user interface will accept a rate limit for a trusted interface, but the limit will not be
enforced unless the interface is configured to be untrusted.
Default
15 pps for rate and 1 second for burst-interval
Format
ip arp inspection limit {rate pps [burst interval seconds] | none}
Mode
Interface Config
no ip arp inspection limit
Use this command to set the rate limit and burst interval values for an interface to the default values of 15 pps
and 1 second, respectively.
Format
no ip arp inspection limit
Mode
Interface Config
ip arp inspection filter
Use this command to configure the ARP ACL used to filter invalid ARP packets on a list of comma-separated
VLAN ranges. If the static keyword is given, packets that do not match a permit statement are dropped without
consulting the DHCP snooping bindings.
Default
No ARP ACL is configured on a VLAN
Format
ip arp inspection filter acl-name vlan vlan-list [static]
Mode
Global Config
no ip arp inspection filter
Use this command to unconfigure the ARP ACL used to filter invalid ARP packets on a list of comma-separated
VLAN ranges.
Format
no ip arp inspection filter acl-name vlan vlan-list [static]
Mode
Global Config
September 2014
CLI Command Reference
Page 415
HP Moonshot Switch Module CLI Command Reference
Dynamic ARP Inspection Commands
arp access-list
Use this command to create an ARP ACL.
Format
arp access-list acl-name
Mode
Global Config
no arp access-list
Use this command to delete a configured ARP ACL.
Format
no arp access-list acl-name
Mode
Global Config
permit ip host mac host
Use this command to configure a rule for a valid IP address and MAC address combination used in ARP packet
validation.
Format
permit ip host sender-ip mac host sender-mac
Mode
ARP Access-list Config
no permit ip host mac host
Use this command to delete a rule for a valid IP and MAC combination.
Format
no permit ip host sender-ip mac host sender-mac
Mode
ARP Access-list Config
September 2014
CLI Command Reference
Page 416
Dynamic ARP Inspection Commands
HP Moonshot Switch Module CLI Command Reference
show ip arp inspection
Use this command to display the Dynamic ARP Inspection global configuration and configuration on all the
VLANs. With the vlan-list argument (i.e. comma separated VLAN ranges), the command displays the global
configuration and configuration on all the VLANs in the given VLAN list. The global configuration includes the
source mac validation, destination mac validation and invalid IP validation information.
Format
show ip arp inspection [vlan vlan-list]
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Source MAC
Validation
Destination MAC
Validation
IP Address
Validation
VLAN
Configuration
Log Invalid
ACL Name
Static Flag
Displays whether Source MAC Validation of ARP frame is enabled or disabled.
Displays whether Destination MAC Validation is enabled or disabled.
Displays whether IP Address Validation is enabled or disabled.
The VLAN ID for each displayed row.
Displays whether DAI is enabled or disabled on the VLAN.
Displays whether logging of invalid ARP packets is enabled on the VLAN.
The ARP ACL Name, if configured on the VLAN.
If the ARP ACL is configured static on the VLAN.
Example: The following shows example CLI display output for the command.
(Routing) #show ip arp inspection vlan 10-12
Source Mac Validation
: Disabled
Destination Mac Validation : Disabled
IP Address Validation
: Disabled
Vlan
---10
11
12
September 2014
Configuration
------------Enabled
Disabled
Enabled
Log Invalid
----------Enabled
Enabled
Disabled
ACL Name
--------H2
Static flag
---------Enabled
CLI Command Reference
Page 417
HP Moonshot Switch Module CLI Command Reference
Dynamic ARP Inspection Commands
show ip arp inspection statistics
Use this command to display the statistics of the ARP packets processed by Dynamic ARP Inspection. Give the
vlan-list argument and the command displays the statistics on all DAI-enabled VLANs in that list. Give the single
vlan argument and the command displays the statistics on that VLAN. If no argument is included, the command
lists a summary of the forwarded and dropped ARP packets.
Format
show ip arp inspection statistics [vlan vlan-list]
Mode
• Privileged EXEC
• User EXEC
Term
Definition
VLAN
Forwarded
Dropped
DHCP Drops
ACL Drops
DHCP Permits
ACL Permits
Bad Src MAC
Bad Dest MAC
Invalid IP
The VLAN ID for each displayed row.
The total number of valid ARP packets forwarded in this VLAN.
The total number of not valid ARP packets dropped in this VLAN.
The number of packets dropped due to DHCP snooping binding database match failure.
The number of packets dropped due to ARP ACL rule match failure.
The number of packets permitted due to DHCP snooping binding database match.
The number of packets permitted due to ARP ACL rule match.
The number of packets dropped due to Source MAC validation failure.
The number of packets dropped due to Destination MAC validation failure.
The number of packets dropped due to invalid IP checks.
Example: The following shows example CLI display output for the command show ip arp inspection
statistics which lists the summary of forwarded and dropped ARP packets on all DAI-enabled VLANs.
VLAN
---10
20
Forwarded
--------90
10
Dropped
------14
3
Example: The following shows example CLI display output for the command show ip arp inspection
statistics vlan vlan-list.
VLAN
DHCP
ACL
DHCP
ACL
Bad Src
Bad Dest
Invalid
Drops
Drops
Permits
Permits
MAC
MAC
IP
----- -------- --------- ----------- --------- ---------- ----------- --------10
11
1
65
25
1
1
0
20
1
0
8
2
0
1
1
September 2014
CLI Command Reference
Page 418
HP Moonshot Switch Module CLI Command Reference
Dynamic ARP Inspection Commands
clear ip arp inspection statistics
Use this command to reset the statistics for Dynamic ARP Inspection on all VLANs.
Default
none
Format
clear ip arp inspection statistics
Mode
Privileged EXEC
show ip arp inspection interfaces
Use this command to display the Dynamic ARP Inspection configuration on all the DAI-enabled interfaces. An
interface is said to be enabled for DAI if at least one VLAN, that the interface is a member of, is enabled for DAI.
Given a unit/slot/port interface argument, the command displays the values for that interface whether the
interface is enabled for DAI or not.
Format
show ip arp inspection interfaces [unit/slot/port]
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Interface
Trust State
Rate Limit
Burst Interval
The interface ID for each displayed row.
Whether the interface is trusted or untrusted for DAI.
The configured rate limit value in packets per second.
The configured burst interval value in seconds.
Example: The following shows example CLI display output for the command.
(Routing) #show ip arp inspection interfaces
Interface
--------------1/0/1
1/0/2
September 2014
Trust State
----------Untrusted
Untrusted
Rate Limit
Burst Interval
(pps)
(seconds)
---------- --------------15
1
10
10
CLI Command Reference
Page 419
HP Moonshot Switch Module CLI Command Reference
Dynamic ARP Inspection Commands
show arp access-list
Use this command to display the configured ARP ACLs with the rules. Giving an ARP ACL name as the argument
will display only the rules in that ARP ACL.
Format
show arp access-list [acl-name]
Mode
• Privileged EXEC
• User EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show arp access-list
ARP access
permit
permit
ARP access
ARP access
permit
list H2
ip host 1.1.1.1 mac host 00:01:02:03:04:05
ip host 1.1.1.2 mac host 00:03:04:05:06:07
list H3
list H4
ip host 2.1.1.2 mac host 00:03:04:05:06:08
September 2014
CLI Command Reference
Page 420
HP Moonshot Switch Module CLI Command Reference
IGMP Snooping Configuration Commands
IGMP Snooping Configuration Commands
This section describes the commands you use to configure IGMP snooping. HP Moonshot Switch Module
software supports IGMP Versions 1, 2, and 3. The IGMP snooping feature can help conserve bandwidth
because it allows the switch to forward IP multicast traffic only to connected hosts that request multicast
traffic. IGMPv3 adds source filtering capabilities to IGMP versions 1 and 2.
Note: This note clarifies the prioritization of MGMD Snooping Configurations. Many of the IGMP/
MLD Snooping commands are available both in the Interface and VLAN modes. Operationally the
system chooses or prefers the VLAN configured values over the Interface configured values for most
configurations when the interface participates in the VLAN.
set igmp
This command enables IGMP Snooping on the system (Global Config Mode), an interface, or a range of
interfaces. This command also enables IGMP snooping on a particular VLAN (VLAN Config Mode) and can
enable IGMP snooping on all interfaces participating in a VLAN.
If an interface has IGMP Snooping enabled and you enable this interface for routing or enlist it as a member of
a port-channel (LAG), IGMP Snooping functionality is disabled on that interface. IGMP Snooping functionality
is re-enabled if you disable routing or remove port-channel (LAG) membership from an interface that has IGMP
Snooping enabled.
The IGMP application supports the following activities:
• Validation of the IP header checksum (as well as the IGMP header checksum) and discarding of the frame
upon checksum error.
• Maintenance of the forwarding table entries based on the MAC address versus the IP address.
• Flooding of unregistered multicast data packets to all ports in the VLAN.
Default
disabled
Format
set igmp vlan_id
Mode
VLAN Config
Default
disabled
Format
set igmp
Mode
• Global Config
• Interface Config
September 2014
CLI Command Reference
Page 421
HP Moonshot Switch Module CLI Command Reference
IGMP Snooping Configuration Commands
no set igmp
This command disables IGMP Snooping on the system, an interface, a range of interfaces, or a VLAN.
Format
no set igmp vlan_id
Mode
VLAN Config
Format
no set igmp [vlan_id]
Mode
• Global Config
• Interface Config
set igmp interfacemode
This command enables IGMP Snooping on all interfaces. If an interface has IGMP Snooping enabled and you
enable this interface for routing or enlist it as a member of a port-channel (LAG), IGMP Snooping functionality
is disabled on that interface. IGMP Snooping functionality is re-enabled if you disable routing or remove portchannel (LAG) membership from an interface that has IGMP Snooping enabled.
Default
disabled
Format
set igmp interfacemode
Mode
Global Config
no set igmp interfacemode
This command disables IGMP Snooping on all interfaces.
Format
no set igmp interfacemode
Mode
Global Config
set igmp fast-leave
This command enables or disables IGMP Snooping fast-leave admin mode on a selected interface, a range of
interfaces, or a VLAN. Enabling fast-leave allows the switch to immediately remove the layer 2 LAN interface
from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first
sending out MAC-based general queries to the interface.
You should enable fast-leave admin mode only on VLANs where only one host is connected to each layer 2 LAN
port. This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN
port but were still interested in receiving multicast traffic directed to that group. Also, fast-leave processing is
supported only with IGMP version 2 hosts.
Default
disabled
Format
set igmp fast-leave vlan_id
Mode
VLAN Config
September 2014
CLI Command Reference
Page 422
HP Moonshot Switch Module CLI Command Reference
Default
disabled
Format
set igmp fast-leave
Mode
Interface Config
IGMP Snooping Configuration Commands
no set igmp fast-leave
This command disables IGMP Snooping fast-leave admin mode on a selected interface.
Format
no set igmp fast-leave vlan_id
Mode
VLAN Config
Format
no set igmp fast-leave
Mode
Interface Config
set igmp groupmembership-interval
This command sets the IGMP Group Membership Interval time on a VLAN, one interface, a range of interfaces,
or all interfaces. The Group Membership Interval time is the amount of time in seconds that a switch waits for
a report from a particular group on a particular interface before deleting the interface from the entry. This
value must be greater than the IGMPv3 Maximum Response time value. The range is 2 to 3600 seconds.
Default
260 seconds
Format
set igmp groupmembership-interval vlan_id 2-3600
Mode
VLAN Config
Default
260 seconds
Format
set igmp groupmembership-interval 2-3600
Mode
• Interface Config
• Global Config
no set igmp groupmembership-interval
This command sets the IGMPv3 Group Membership Interval time to the default value.
Format
no set igmp groupmembership-interval [vlan_id]
Mode
VLAN Config
Format
no set igmp groupmembership-interval
Mode
• Interface Config
• Global Config
September 2014
CLI Command Reference
Page 423
HP Moonshot Switch Module CLI Command Reference
IGMP Snooping Configuration Commands
set igmp header-validation
This command administratively enables IGMP header validation. When enabled, the switch validates the IP
header checksum and the IGMP header checksum. If checksum errors exist, the frame is discarded.
Default
Enabled
Format
set igmp header-validation
Mode
Global Config
no set igmp header-validation
This command administratively disables IGMP header validation.
Format
no set igmp header-validation
Mode
Global Config
set igmp maxresponse
This command sets the IGMP Maximum Response time for the system, on a particular interface or VLAN, or on
a range of interfaces. The Maximum Response time is the amount of time in seconds that a switch will wait
after sending a query on an interface because it did not receive a report for a particular group in that interface.
This value must be less than the IGMP Query Interval time value. The range is 1 to 25 seconds.
Default
10 seconds
Format
set igmp maxresponse vlan_id 1-25
Mode
VLAN Config
Default
10 seconds
Format
set igmp maxresponse 1-25
Mode
• Global Config
• Interface Config
no set igmp maxresponse
This command sets the max response time (on the interface or VLAN) to the default value.
Format
no set igmp maxresponse vlan_id
Mode
VLAN Config
Format
no set igmp maxresponse
Mode
• Global Config
• Interface Config
September 2014
CLI Command Reference
Page 424
HP Moonshot Switch Module CLI Command Reference
IGMP Snooping Configuration Commands
set igmp mcrtrexpiretime
This command sets the Multicast Router Present Expiration time. The time is set for the system, on a particular
interface or VLAN, or on a range of interfaces. This is the amount of time in seconds that a switch waits for a
query to be received on an interface before the interface is removed from the list of interfaces with multicast
routers attached. The range is 0 to 3600 seconds. A value of 0 indicates an infinite time-out, i.e. no expiration.
Default
0
Format
set igmp mcrtrexpiretime vlan_id 0-3600
Mode
VLAN Config
Default
0
Format
set igmp mcrtrexpiretime 0-3600
Mode
• Global Config
• Interface Config
no set igmp mcrtrexpiretime
This command sets the Multicast Router Present Expiration time to 0. The time is set for the system, on a
particular interface or a VLAN.
Format
no set igmp mcrtrexpiretime vlan_id
Mode
VLAN Config
Format
no set igmp mcrtrexpiretime
Mode
• Global Config
• Interface Config
set igmp mrouter
This command configures the VLAN ID (vlan_id) that has the multicast router mode enabled.
Format
set igmp mrouter vlan_id
Mode
Interface Config
no set igmp mrouter
This command disables multicast router mode for a particular VLAN ID (vlan_id).
Format
no set igmp mrouter vlan_id
Mode
Interface Config
September 2014
CLI Command Reference
Page 425
HP Moonshot Switch Module CLI Command Reference
IGMP Snooping Configuration Commands
set igmp mrouter interface
This command configures the interface or range of interfaces as a multicast router interface. When configured
as a multicast router interface, the interface is treated as a multicast router interface in all VLANs.
Default
disabled
Format
set igmp mrouter interface
Mode
Interface Config
no set igmp mrouter interface
This command disables the status of the interface as a statically configured multicast router interface.
Format
no set igmp mrouter interface
Mode
Interface Config
set igmp report-suppression
Use this command to suppress the IGMP reports on a given VLAN ID. In order to optimize the number of reports
traversing the network with no added benefits, a Report Suppression mechanism is implemented. When more
than one client responds to an MGMD query for the same Multicast Group address within the max-responsetime, only the first response is forwarded to the query and others are suppressed at the switch.
Default
Disabled
Format
set igmp report-suppression vlan-id
Mode
VLAN Config
Parameter
Description
vlan-id
A valid VLAN ID. Range is 1 to 4093.
Example: The following shows an example of the command.
(Routing) #vlan database
(Routing) (Vlan)#set igmp report-suppression ?
<1-4093>
Enter VLAN ID.
(Routing) (Vlan)#set igmp report-suppression 1
September 2014
CLI Command Reference
Page 426
HP Moonshot Switch Module CLI Command Reference
IGMP Snooping Configuration Commands
no set igmp report-suppression
Use this command to return the system to the default.
Format
no set igmp report-suppression
Mode
VLAN Config
show igmpsnooping
This command displays IGMP Snooping information for a given unit/slot/port or VLAN. Configured
information is displayed whether or not IGMP Snooping is enabled.
Format
show igmpsnooping [unit/slot/port | vlan_id]
Mode
Privileged EXEC
When the optional arguments unit/slot/port or vlan_id are not used, the command displays the following
information:
Term
Definition
Admin Mode
Multicast Control Frame Count
Indicates whether or not IGMP Snooping is active on the switch.
The number of multicast control frames that are processed by the
CPU.
IGMP Header Validation
The administrative mode of IGMP header validation. If validation is
enabled, the switch validates the IP header checksum and the IGMP
header checksum. If checksum errors exist, the frame is discarded.
Interface Enabled for IGMP Snooping The list of interfaces on which IGMP Snooping is enabled.
VLANS Enabled for IGMP Snooping
The list of VLANS on which IGMP Snooping is enabled.
When you specify the unit/slot/port values, the following information appears:
Term
Definition
IGMP Snooping
Admin Mode
Fast Leave Mode
Group
Membership
Interval
Maximum
Response Time
Multicast Router
Expiry Time
Indicates whether IGMP Snooping is active on the interface.
September 2014
Indicates whether IGMP Snooping Fast-leave is active on the interface.
The amount of time in seconds that a switch will wait for a report from a particular group
on a particular interface before deleting the interface from the entry.This value may be
configured.
The amount of time the switch waits after it sends a query on an interface because it did
not receive a report for a particular group on that interface. This value may be configured.
The amount of time to wait before removing an interface from the list of interfaces with
multicast routers attached. The interface is removed if a query is not received. This value
may be configured.
CLI Command Reference
Page 427
IGMP Snooping Configuration Commands
HP Moonshot Switch Module CLI Command Reference
When you specify a value for vlan_id, the following information appears:
Term
Definition
VLAN ID
IGMP Snooping Admin
Mode
Fast Leave Mode
Group Membership
Interval (secs)
The VLAN ID.
Indicates whether IGMP Snooping is active on the VLAN.
Indicates whether IGMP Snooping Fast-leave is active on the VLAN.
The amount of time in seconds that a switch will wait for a report from a particular
group on a particular interface, which is participating in the VLAN, before deleting the
interface from the entry.This value may be configured.
Maximum Response
The amount of time the switch waits after it sends a query on an interface,
Time (secs)
participating in the VLAN, because it did not receive a report for a particular group
on that interface. This value may be configured.
Multicast Router Expiry The amount of time to wait before removing an interface that is participating in the
Time (secs)
VLAN from the list of interfaces with multicast routers attached. The interface is
removed if a query is not received. This value may be configured.
Report Suppression
Indicates whether IGMP reports (set by the command “set igmp report-suppression”
Mode
on page 426) in enabled or not.
Example: The following shows example CLI display output for the command.
(Routing) #show igmpsnooping 1
VLAN ID........................................
IGMP Snooping Admin Mode.......................
Fast Leave Mode................................
Group Membership Interval (secs)...............
Max Response Time (secs).......................
Multicast Router Expiry Time (secs)............
Report Suppression Mode........................
1
Disabled
Disabled
260
10
0
Enabled
show igmpsnooping mrouter interface
This command displays information about statically configured ports.
Format
show igmpsnooping mrouter interface unit/slot/port
Mode
Privileged EXEC
Term
Definition
Slot/Port
The port on which multicast router information is being displayed.
Multicast Router Indicates whether multicast router is statically enabled on the interface.
Attached
September 2014
CLI Command Reference
Page 428
HP Moonshot Switch Module CLI Command Reference
IGMP Snooping Configuration Commands
show igmpsnooping mrouter vlan
This command displays information about statically configured ports.
Format
show igmpsnooping mrouter vlan unit/slot/port
Mode
Privileged EXEC
Term
Definition
Interface
VLAN ID
The port on which multicast router information is being displayed.
The list of VLANs of which the interface is a member.
show igmpsnooping ssm
This command displays information about Source Specific Multicasting (SSM) by entry, group, or statistics. SSM
delivers multicast packets to receivers that originated from a source address specified by the receiver. SSM is
only available with IGMPv3 and MLDv2.
Format
show igmpsnooping ssm {entries | groups | stats}
Mode
Privileged EXEC
show mac-address-table igmpsnooping
This command displays the IGMP Snooping entries in the MFDB table.
Format
show mac-address-table igmpsnooping
Mode
Privileged EXEC
Term
Definition
VLAN ID
MAC Address
The VLAN in which the MAC address is learned.
A multicast MAC address for which the switch has forwarding or filtering information. The
format is 6 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB.
The type of the entry, which is either static (added by the user) or dynamic (added to the
table as a result of a learning process or protocol).
The text description of this multicast table entry.
The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
Type
Description
Interfaces
September 2014
CLI Command Reference
Page 429
HP Moonshot Switch Module CLI Command Reference
IGMP Snooping Querier Commands
IGMP Snooping Querier Commands
IGMP Snooping requires that one central switch or router periodically query all end-devices on the network to
announce their multicast memberships. This central device is the “IGMP Querier”. The IGMP query responses,
known as IGMP reports, keep the switch updated with the current multicast group membership on a port-byport basis. If the switch does not receive updated membership information in a timely fashion, it will stop
forwarding multicasts to the port where the end device is located.
This section describes commands used to configure and display information on IGMP Snooping Queriers on the
network and, separately, on VLANs.
Note: This note clarifies the prioritization of MGMD Snooping Configurations. Many of the IGMP/
MLD Snooping commands are available both in the Interface and VLAN modes. Operationally the
system chooses or prefers the VLAN configured values over the Interface configured values for most
configurations when the interface participates in the VLAN.
set igmp querier
Use this command to enable IGMP Snooping Querier on the system, using Global Config mode, or on a VLAN.
Using this command, you can specify the IP address that the Snooping Querier switch should use as the source
address while generating periodic queries.
If a VLAN has IGMP Snooping Querier enabled and IGMP Snooping is operationally disabled on it, IGMP
Snooping Querier functionality is disabled on that VLAN. IGMP Snooping functionality is re-enabled if IGMP
Snooping is operational on the VLAN.
Note: The Querier IP address assigned for a VLAN takes preference over global configuration.
The IGMP Snooping Querier application supports sending periodic general queries on the VLAN to solicit
membership reports.
Default
disabled
Format
set igmp querier vlan-id [address ipv4_address]
Mode
VLAN Database
Default
disabled
Format
set igmp querier [address ipv4_address]
Mode
Global Config
September 2014
CLI Command Reference
Page 430
HP Moonshot Switch Module CLI Command Reference
IGMP Snooping Querier Commands
no set igmp querier
Use this command to disable IGMP Snooping Querier on the system.
Format
no set igmp querier [vlan-id]
Mode
VLAN Database
Format
no set igmp querier
Mode
Global Config
set igmp querier query-interval
Use this command to set the IGMP Querier Query Interval time. It is the amount of time in seconds that the
switch waits before sending another general query.
Default
disabled
Format
set igmp querier query-interval 1-1800
Mode
Global Config
no set igmp querier query-interval
Use this command to set the IGMP Querier Query Interval time to its default value.
Format
no set igmp querier query-interval
Mode
Global Config
set igmp querier timer expiry
Use this command to set the IGMP Querier timer expiration period. It is the time period that the switch remains
in Non-Querier mode once it has discovered that there is a Multicast Querier in the network.
Default
60 seconds
Format
set igmp querier timer expiry 60-300
Mode
Global Config
no set igmp querier timer expiry
Use this command to set the IGMP Querier timer expiration period to its default value.
Format
no set igmp querier timer expiry
Mode
Global Config
September 2014
CLI Command Reference
Page 431
HP Moonshot Switch Module CLI Command Reference
IGMP Snooping Querier Commands
set igmp querier version
Use this command to set the IGMP version of the query that the snooping switch is going to send periodically.
Default
1
Format
set igmp querier version 1-2
Mode
Global Config
no set igmp querier version
Use this command to set the IGMP Querier version to its default value.
Format
no set igmp querier version
Mode
Global Config
set igmp querier election participate
Use this command to enable the Snooping Querier to participate in the Querier Election process when it
discovers the presence of another Querier in the VLAN. When this mode is enabled, if the Snooping Querier
finds that the other Querier’s source address is better (less) than the Snooping Querier’s address, it stops
sending periodic queries. If the Snooping Querier wins the election, then it will continue sending periodic
queries.
Default
disabled
Format
set igmp querier election participate vlan-id
Mode
VLAN Config
no set igmp querier election participate
Use this command to set the Snooping Querier not to participate in querier election but go into non-querier
mode as soon as it discovers the presence of another querier in the same VLAN.
Format
no set igmp querier election participate vlan-id
Mode
VLAN Config
show igmpsnooping querier
Use this command to display IGMP Snooping Querier information. Configured information is displayed
whether or not IGMP Snooping Querier is enabled.
Format
show igmpsnooping querier [{detail | vlan vlanid}]
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 432
HP Moonshot Switch Module CLI Command Reference
IGMP Snooping Querier Commands
When the optional parameters are not used, the command displays the following information.
Field
Description
IGMP Snooping The administrative mode of IGMP Snooping Querier on the switch.
Querier Mode
Querier Address The IP address which will be used in the IPv4 header while sending out IGMP queries. It can
be configured using the appropriate command.
IGMP Version
The version of IGMP that will be used while sending out the queries.
Querier Query
The amount of time in seconds that a Snooping Querier waits before sending out the
Interval
periodic general query.
Querier Expiry
The amount of time to wait in the non-querier operational state before moving to a Querier
Timeout
state.
When you specify a value for vlanid, the following information is displayed.
Field
Description
IGMP Snooping
Querier VLAN
Mode
Querier Election
Participate Mode
Querier VLAN
Address
Operational State
Operational
Version
The administrative mode of IGMP Snooping Querier on the VLAN.
Indicates whether the IGMP Snooping Querier participates in querier election if it discovers
the presence of a querier in the VLAN.
The IP address will be used in the IPv4 header while sending out IGMP queries on this
VLAN. It can be configured using the appropriate command.
The operational mode of IGMP Snooping Querier on the VLAN.
The IGMP version that will be used while sending out IGMP queries on this VLAN.
When the optional argument detail is used, the command shows the global information and the information
for all Querier-enabled VLANs.
September 2014
CLI Command Reference
Page 433
HP Moonshot Switch Module CLI Command Reference
MLD Snooping Commands
MLD Snooping Commands
This section describes commands used for MLD Snooping. In IPv4, Layer 2 switches can use IGMP Snooping to
limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is
forwarded only to those interfaces associated with IP multicast addresses. In IPv6, MLD Snooping performs a
similar function. With MLD Snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to
receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6
multicast control packets.
Note: This note clarifies the prioritization of MGMD Snooping Configurations. Many of the IGMP/
MLD Snooping commands are available both in the Interface and VLAN modes. Operationally the
system chooses or prefers the VLAN configured values over the Interface configured values for most
configurations when the interface participates in the VLAN.
set mld
This command enables MLD Snooping on the system (Global Config Mode) or an Interface (Interface Config
Mode). This command also enables MLD Snooping on a particular VLAN and enables MLD Snooping on all
interfaces participating in a VLAN.
If an interface has MLD Snooping enabled and you enable this interface for routing or enlist it as a member of
a port-channel (LAG), MLD Snooping functionality is disabled on that interface. MLD Snooping functionality is
re-enabled if you disable routing or remove port channel (LAG) membership from an interface that has MLD
Snooping enabled.
MLD Snooping supports the following activities:
• Validation of address version, payload length consistencies and discarding of the frame upon error.
• Maintenance of the forwarding table entries based on the MAC address versus the IPv6 address.
• Flooding of unregistered multicast data packets to all ports in the VLAN.
Default
disabled
Format
set mld vlanid
Mode
VLAN Mode
Default
disabled
Format
set mld
Mode
• Global Config
• Interface Config
September 2014
CLI Command Reference
Page 434
HP Moonshot Switch Module CLI Command Reference
MLD Snooping Commands
no set mld
Use this command to disable MLD Snooping on the system.
Format
no set mld vlanid
Mode
VLAN Mode
Format
no set mld
Mode
• Global Config
• Interface Config
set mld interfacemode
Use this command to enable MLD Snooping on all interfaces. If an interface has MLD Snooping enabled and
you enable this interface for routing or enlist it as a member of a port-channel (LAG), MLD Snooping
functionality is disabled on that interface. MLD Snooping functionality is re-enabled if you disable routing or
remove port-channel (LAG) membership from an interface that has MLD Snooping enabled.
Default
disabled
Format
set mld interfacemode
Mode
Global Config
no set mld interfacemode
Use this command to disable MLD Snooping on all interfaces.
Format
no set mld interfacemode
Mode
Global Config
set mld fast-leave
Use this command to enable MLD Snooping fast-leave admin mode on a selected interface or VLAN. Enabling
fast-leave allows the switch to immediately remove the Layer 2 LAN interface from its forwarding table entry
upon receiving and MLD done message for that multicast group without first sending out MAC-based general
queries to the interface.
Note: You should enable fast-leave admin mode only on VLANs where only one host is connected to
each Layer 2 LAN port. This prevents the inadvertent dropping of the other hosts that were connected
to the same layer 2 LAN port but were still interested in receiving multicast traffic directed to that
group.
September 2014
CLI Command Reference
Page 435
HP Moonshot Switch Module CLI Command Reference
MLD Snooping Commands
Note: Fast-leave processing is supported only with MLD version 1 hosts.
Default
disabled
Format
set mld fast-leave vlanid
Mode
VLAN Mode
Default
disabled
Format
set mld fast-leave
Mode
Interface Config
no set mld fast-leave
Use this command to disable MLD Snooping fast-leave admin mode on a selected interface.
Format
no set mld fast-leave vlanid
Mode
VLAN Mode
Format
no set mld fast-leave
Mode
Interface Config
set mld groupmembership-interval
Use this command to set the MLD Group Membership Interval time on a VLAN, one interface or all interfaces.
The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a
particular group on a particular interface before deleting the interface from the entry. This value must be
greater than the MLDv2 Maximum Response time value. The range is 2 to 3600 seconds.
Default
260 seconds
Format
set mld groupmembership-interval vlanid 2-3600
Mode
VLAN Mode
Default
260 seconds
Format
set mld groupmembership-interval 2-3600
Mode
• Interface Config
• Global Config
September 2014
CLI Command Reference
Page 436
HP Moonshot Switch Module CLI Command Reference
MLD Snooping Commands
no set groupmembership-interval
Use this command to set the MLDv2 Group Membership Interval time to the default value.
Format
no set mld groupmembership-interval vlanid
Mode
VLAN Mode
Format
no set mld groupmembership-interval
Mode
• Interface Config
• Global Config
set mld maxresponse
Use this command to set the MLD Maximum Response time for the system, on a particular interface or VLAN.
The Maximum Response time is the amount of time in seconds that a switch will wait after sending a query on
an interface because it did not receive a report for a particular group in that interface. This value must be less
than the MLD Query Interval time value. The range is 1 to 65 seconds.
Default
10 seconds
Format
set mld maxresponse vlanid 1-65
Mode
VLAN Mode
Default
10 seconds
Format
set mld maxresponse 1-65
Mode
• Global Config
• Interface Config
no set mld maxresponse
Use this command to set the max response time (on the interface or VLAN) to the default value.
Format
no set mld maxresponse vlanid
Mode
VLAN Mode
Format
no set mld maxresponse
Mode
• Global Config
• Interface Config
September 2014
CLI Command Reference
Page 437
HP Moonshot Switch Module CLI Command Reference
MLD Snooping Commands
set mld mcrtexpiretime
Use this command to set the Multicast Router Present Expiration time. The time is set for the system, on a
particular interface or VLAN. This is the amount of time in seconds that a switch waits for a query to be received
on an interface before the interface is removed from the list of interfaces with multicast routers attached. The
range is 0 to 3600 seconds. A value of 0 indicates an infinite timeout, i.e. no expiration.
Default
0
Format
set mld mcrtexpiretime vlanid 0-3600
Mode
VLAN Mode
Default
0
Format
set mld mcrtexpiretime 0-3600
Mode
• Global Config
• Interface Config
no set mld mcrtexpiretime
Use this command to set the Multicast Router Present Expiration time to 0. The time is set for the system, on
a particular interface or a VLAN.
Format
no set mld mcrtexpiretime vlanid
Mode
VLAN Mode
Format
no set mld mcrtexpiretime
Mode
• Global Config
• Interface Config
set mld mrouter
Use this command to configure the VLAN ID for the VLAN that has the multicast router attached mode enabled.
Format
set mld mrouter vlanid
Mode
Interface Config
no set mld mrouter
Use this command to disable multicast router attached mode for a VLAN with a particular VLAN ID.
Format
no set mld mrouter vlanid
Mode
Interface Config
September 2014
CLI Command Reference
Page 438
HP Moonshot Switch Module CLI Command Reference
MLD Snooping Commands
set mld mrouter interface
Use this command to configure the interface as a multicast router-attached interface. When configured as a
multicast router interface, the interface is treated as a multicast router-attached interface in all VLANs.
Default
disabled
Format
set mld mrouter interface
Mode
Interface Config
no set mld mrouter interface
Use this command to disable the status of the interface as a statically configured multicast router-attached
interface.
Format
no set mld mrouter interface
Mode
Interface Config
show mldsnooping
Use this command to display MLD Snooping information. Configured information is displayed whether or not
MLD Snooping is enabled.
Format
show mldsnooping [unit/slot/port | vlanid]
Mode
Privileged EXEC
When the optional arguments unit/slot/port or vlanid are not used, the command displays the following
information.
Term
Definition
Admin Mode
Multicast Control Frame
Count
Interfaces Enabled for MLD
Snooping
VLANs Enabled for MLD
Snooping
Indicates whether or not MLD Snooping is active on the switch.
The number of MLD Control frames that are processed by the CPU.
Interfaces on which MLD Snooping is enabled.
VLANs on which MLD Snooping is enabled.
When you specify the unit/slot/port value, the following information displays.
Term
Definition
MLD Snooping Admin Mode Indicates whether MLD Snooping is active on the interface.
Fast Leave Mode
Indicates whether MLD Snooping Fast Leave is active on the VLAN.
September 2014
CLI Command Reference
Page 439
HP Moonshot Switch Module CLI Command Reference
Term
MLD Snooping Commands
Definition
Group Membership Interval Shows the amount of time in seconds that a switch will wait for a report from
a particular group on a particular interface, which is participating in the VLAN,
before deleting the interface from the entry. This value may be configured.
Max Response Time
Displays the amount of time the switch waits after it sends a query on an
interface, participating in the VLAN, because it did not receive a report for a
particular group on that interface. This value may be configured.
Multicast Router Expiry Time Displays the amount of time to wait before removing an interface that is
participating in the VLAN from the list of interfaces with multicast routers
attached. The interface is removed if a query is not received. This value may be
configured.
When you specify a value for vlanid, the information that is displayed for an interface displays as well as the
two fields in the following table.
Term
Definition
VLAN ID
Report Suppression Mode
The VLAN for which MLD snooping data is displayed.
The administrative mode of MLD report suppression.
show mldsnooping mrouter interface
Use this command to display information about statically configured multicast router attached interfaces.
Format
show mldsnooping mrouter interface unit/slot/port
Mode
Privileged EXEC
Term
Definition
Slot/Port
The interface on which multicast router information is being displayed.
Multicast Router Indicates whether multicast router is statically enabled on the interface.
Attached
show mldsnooping mrouter vlan
Use this command to display information about statically configured multicast router-attached interfaces.
Format
show mldsnooping mrouter vlan unit/slot/port
Mode
Privileged EXEC
Term
Definition
Slot/Port
VLAN ID
The interface on which multicast router information is being displayed.
Displays the list of VLANs of which the interface is a member.
September 2014
CLI Command Reference
Page 440
HP Moonshot Switch Module CLI Command Reference
MLD Snooping Commands
show mldsnooping ssm entries
Use this command to display the source specific multicast forwarding database built by MLD snooping.
A given {Source, Group, VLAN} combination can have few interfaces in INCLUDE mode and few interfaces in
EXCLUDE mode. In such instances, two rows for the same {Source, Group, VLAN} combinations are displayed.
Format
show mldsnooping ssm entries
Mode
Privileged EXEC
Term
Definition
VLAN ID
Group
Source IP
Source Filter
Mode
Interfaces
The VLAN on which the entry is learned.
The IPv6 multicast group address.
The IPv6 source address.
The source filter mode (Include/Exclude) for the specified group.
If Source Filter Mode is “Include,” specifies the list of interfaces on which a incoming packet
is forwarded. If it’s source IP address is equal to the current entry’s Source, the destination
IP address is equal to the current entry’s Group and the VLAN ID on which it arrived is
current entry’s VLAN.
If Source Filter Mode is “Exclude,” specifies the list of interfaces on which a incoming packet
is forwarded. If it’s source IP address is *not* equal to the current entry’s Source, the
destination IP address is equal to current entry’s Group and VLAN ID on which it arrived is
current entry’s VLAN.
show mldsnooping ssm stats
Use this command to display the statistics of MLD snooping’s SSMFDB. This command takes no options.
Format
show mldsnooping ssm stats
Mode
Privileged EXEC
Term
Definition
Total Entries
The total number of entries that can possibly be in the MLD snooping’s SSMFDB.
Most SSM FDB
The largest number of entries that have been present in the MLD snooping’s SSMFDB.
Entries Ever Used
Current Entries The current number of entries in the MLD snooping’s SSMFDB.
September 2014
CLI Command Reference
Page 441
HP Moonshot Switch Module CLI Command Reference
MLD Snooping Commands
show mldsnooping ssm groups
Use this command to display the MLD SSM group membership information.
Format
show mldsnooping ssm groups
Mode
Privileged EXEC
Term
Definition
VLAN
Group
Interface
Reporter
Source Filter Mode
Source Address List
VLAN on which the MLD v2 report is received.
The IPv6 multicast group address.
The interface on which the MLD v2 report is received.
The IPv6 address of the host that sent the MLDv2 report.
The source filter mode (Include/Exclude) for the specified group.
List of source IP addresses for which source filtering is requested.
show mac-address-table mldsnooping
Use this command to display the MLD Snooping entries in the Multicast Forwarding Database (MFDB) table.
Format
show mac-address-table mldsnooping
Mode
Privileged EXEC
Term
Definition
VLAN ID
MAC Address
The VLAN in which the MAC address is learned.
A multicast MAC address for which the switch has forwarding or filtering information. The
format is 6 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB.
The type of entry, which is either static (added by the user) or dynamic (added to the table
as a result of a learning process or protocol.)
The text description of this multicast table entry.
The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
Type
Description
Interfaces
clear mldsnooping
Use this command to delete all MLD snooping entries from the MFDB table.
Format
clear mldsnooping
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 442
HP Moonshot Switch Module CLI Command Reference
MLD Snooping Querier Commands
MLD Snooping Querier Commands
In an IPv6 environment, MLD Snooping requires that one central switch or router periodically query all enddevices on the network to announce their multicast memberships. This central device is the MLD Querier. The
MLD query responses, known as MLD reports, keep the switch updated with the current multicast group
membership on a port-by-port basis. If the switch does not receive updated membership information in a
timely fashion, it will stop forwarding multicasts to the port where the end device is located.
This section describes the commands you use to configure and display information on MLD Snooping queries
on the network and, separately, on VLANs.
Note: This note clarifies the prioritization of MGMD Snooping Configurations. Many of the IGMP/
MLD Snooping commands are available both in the Interface and VLAN modes. Operationally the
system chooses or prefers the VLAN configured values over the Interface configured values for most
configurations when the interface participates in the VLAN.
set mld querier
Use this command to enable MLD Snooping Querier on the system (Global Config Mode) or on a VLAN. Using
this command, you can specify the IP address that the snooping querier switch should use as a source address
while generating periodic queries.
If a VLAN has MLD Snooping Querier enabled and MLD Snooping is operationally disabled on it, MLD Snooping
Querier functionality is disabled on that VLAN. MLD Snooping functionality is re-enabled if MLD Snooping is
operational on the VLAN.
The MLD Snooping Querier sends periodic general queries on the VLAN to solicit membership reports.
Default
disabled
Format
set mld querier vlan-id [address ipv6_address]
Mode
VLAN Mode
Default
disabled
Format
set mld querier [address ipv6_address]
Mode
Global Config
no set mld querier
Use this command to disable MLD Snooping Querier on the system. Use the optional parameter address to
reset the querier address.
Format
no set mld querier [vlan-id][address]
Mode
VLAN Mode
September 2014
CLI Command Reference
Page 443
HP Moonshot Switch Module CLI Command Reference
Format
no set mld querier [address]
Mode
Global Config
MLD Snooping Querier Commands
set mld querier query_interval
Use this command to set the MLD Querier Query Interval time. It is the amount of time in seconds that the
switch waits before sending another general query.
Default
disabled
Format
set mld querier query_interval 1-1800
Mode
Global Config
no set mld querier query_interval
Use this command to set the MLD Querier Query Interval time to its default value.
Format
no set mld querier query_interval
Mode
Global Config
set mld querier timer expiry
Use this command to set the MLD Querier timer expiration period. It is the time period that the switch remains
in Non-Querier mode once it has discovered that there is a Multicast Querier in the network.
Default
60 seconds
Format
set mld querier timer expiry 60-300
Mode
Global Config
no set mld querier timer expiry
Use this command to set the MLD Querier timer expiration period to its default value.
Format
no set mld querier timer expiry
Mode
Global Config
September 2014
CLI Command Reference
Page 444
HP Moonshot Switch Module CLI Command Reference
MLD Snooping Querier Commands
set mld querier election participate
Use this command to enable the Snooping Querier to participate in the Querier Election process when it
discovers the presence of another Querier in the VLAN. When this mode is enabled, if the Snooping Querier
finds that the other Querier’s source address is better (less) than the Snooping Querier’s address, it stops
sending periodic queries. If the Snooping Querier wins the election, then it will continue sending periodic
queries.
Default
disabled
Format
set mld querier election participate vlanid
Mode
VLAN Config
no set mld querier election participate
Use this command to set the snooping querier not to participate in querier election but go into a non-querier
mode as soon as it discovers the presence of another querier in the same VLAN.
Format
no set mld querier election participate vlanid
Mode
VLAN Config
show mldsnooping querier
Use this command to display MLD Snooping Querier information. Configured information is displayed whether
or not MLD Snooping Querier is enabled.
Format
show mldsnooping querier [{detail | vlan vlanid}]
Mode
Privileged EXEC
When the optional arguments vlandid are not used, the command displays the following information.
Field
Description
MLD Snooping
The administrative mode of the MLD snooping querier on the switch.
Qurerier Mode
Querier Address The IPv6 address which will be used in the IPv6 header while sending out MLD queries. It
can be configured using the appropriate command.
MLD Version
The version of MLD that will be used while sending out the queries. This is defaulted to MLD
v1 and it cannot be changed.
Querier Query
Shows the amount of time in seconds that a Snooping Querier waits before sending out the
Interval
periodic general query.
Querier Expiry
Displays the amount of time to wait in the Non-Querier operational state before moving to
Interval
a Querier state.
September 2014
CLI Command Reference
Page 445
HP Moonshot Switch Module CLI Command Reference
MLD Snooping Querier Commands
When you specify a value for vlanid, the following information appears.
Field
Description
MLD Snooping
Qurerier VLAN
Mode
Querier Election
Participate Mode
Querier VLAN
Address
Operational State
Operational
Version
The administrative mode of the MLD snooping querier on the VLAN.
Indicates whether the MLD Snooping Querier participates in querier election if it discovers
the presence of a querier in the VLAN.
The IP address will be used in the IPv6 header while sending out MLD queries on this VLAN.
It can be configured using the appropriate command.
The operational mode of the MLD snooping querier on the VLAN.
This version of IPv6 will be used while sending out MLD queriers on this VLAN.
When the optional argument detail is used, the command shows the global information and the information
for all Querier-enabled VLANs. Additionally, the detailed command shows the information in the following
table.
Field
Description
VLAN ID
Last Querier Address
The ID of the VLAN for which MLD snooping querier information is displayed.
Indicates the IP address of the most recent Querier from which a Query was
received.
Indicates the MLD version of the most recent Querier from which a Query
was received on this VLAN.
Last Querier Version
September 2014
CLI Command Reference
Page 446
HP Moonshot Switch Module CLI Command Reference
Port Security Commands
Port Security Commands
This section describes the command you use to configure Port Security on the switch. Port security, which is
also known as port MAC locking, allows you to secure the network by locking allowable MAC addresses on a
given port. Packets with a matching source MAC address are forwarded normally, and all other packets are
discarded.
Note: To enable the SNMP trap specific to port security, see “snmp-server enable traps violation” on
page 101.
port-security
This command enables port locking on an interface, a range of interfaces, or at the system level.
Default
disabled
Format
port-security
Mode
• Global Config (to enable port locking globally)
• Interface Config (to enable port locking on an interface or range of interfaces)
no port-security
This command disables port locking for one (Interface Config) or all (Global Config) ports.
Format
no port-security
Mode
• Global Config
• Interface Config
port-security max-dynamic
This command sets the maximum number of dynamically locked MAC addresses allowed on a specific port. The
valid range is 0–600.
Default
600
Format
port-security max-dynamic maxvalue
Mode
Interface Config
September 2014
CLI Command Reference
Page 447
HP Moonshot Switch Module CLI Command Reference
Port Security Commands
no port-security max-dynamic
This command resets the maximum number of dynamically locked MAC addresses allowed on a specific port
to its default value.
Format
no port-security max-dynamic
Mode
Interface Config
port-security max-static
This command sets the maximum number of statically locked MAC addresses allowed on a port. The valid range
is 0–20.
Default
1
Format
port-security max-static maxvalue
Mode
Interface Config
no port-security max-static
This command sets maximum number of statically locked MAC addresses to the default value.
Format
no port-security max-static
Mode
Interface Config
port-security mac-address
This command adds a MAC address to the list of statically locked MAC addresses for an interface or range of
interfaces. The vid is the VLAN ID.
Format
port-security mac-address mac-address vid
Mode
Interface Config
no port-security mac-address
This command removes a MAC address from the list of statically locked MAC addresses.
Format
no port-security mac-address mac-address vid
Mode
Interface Config
September 2014
CLI Command Reference
Page 448
HP Moonshot Switch Module CLI Command Reference
Port Security Commands
port-security mac-address move
This command converts dynamically locked MAC addresses to statically locked addresses for an interface or
range of interfaces.
Format
port-security mac-address move
Mode
Interface Config
port-security mac-address sticky
This command enables sticky mode Port MAC Locking on a port. If accompanied by a MAC address and a VLAN
ID (for interface config mode only), it adds a sticky MAC address to the list of statically locked MAC addresses.
These sticky addresses are converted back to dynamically locked addresses if sticky mode is disabled on the
port. The vid is the VLAN ID. The Global command applies the “sticky” mode to all valid interfaces (physical and
LAG). There is no global sticky mode as such.
Sticky addresses that are dynamically learned will appear in show running config as port-security macentries. This distinguishes them from static entries.
address sticky mac-address vid
Format
port-security mac-address sticky
Mode
Global Config
Format
port-security mac-address sticky [mac-address vlanid]
Mode
Interface Config
Example: The following shows an example of the command.
(Routing)(Config)# port-security mac-address sticky
(Routing)(Interface)# port-security mac-address sticky
(Routing)(Interface)# port-security mac-address sticky 00:00:00:00:00:01 2
no port-security mac-address sticky
The no form removes the sticky mode. The sticky MAC address can be deleted by using the command no portsecurity mac-address mac-address vid.
Format
no port-security mac-address sticky
Mode
Global Config
Format
no port-security mac-address sticky [mac-address vlanid]
Mode
Interface Config
September 2014
CLI Command Reference
Page 449
Port Security Commands
HP Moonshot Switch Module CLI Command Reference
show port-security
This command displays the port-security settings for the port(s). If you do not use a parameter, the command
displays the Port Security Administrative mode. Use the optional parameters to display the settings on a
specific interface or on all interfaces. Instead of unit/slot/port, lag lag-intf-num can be used as an alternate
way to specify the LAG interface. lag lag-intf-num can also be used to specify the LAG interface where lagintf-num is the LAG port number.
Format
show port-security [{unit/slot/port | all}]
Mode
Privileged EXEC
Term
Definition
Admin Mode
Port Locking mode for the entire system. This field displays if you do not supply any
parameters.
For each interface, or for the interface you specify, the following information appears
:
Term
Definition
Intf
Admin Mode
Dynamic Limit
Static Limit
Violation Trap Mode
Sticky Mode
The interface associated with the rest of the data in the row.
Port Locking mode for the Interface.
Maximum dynamically allocated MAC Addresses.
Maximum statically allocated MAC Addresses.
Whether violation traps are enabled.
The administrative mode of the port security Sticky Mode feature on the interface.
Example: The following shows example CLI display output for the command.
(Routing) #show port-security 0/1
Intf
-----1/0/1
Admin
Dynamic
Mode
Limit
------- ---------Disabled 1
September 2014
Static
Limit
--------1
Violation Sticky
Trap Mode Mode
--------- -------Disabled
Enabled
CLI Command Reference
Page 450
Port Security Commands
HP Moonshot Switch Module CLI Command Reference
show port-security dynamic
This command displays the dynamically locked MAC addresses for the port. Instead of unit/slot/port, lag
lag-intf-num can be used as an alternate way to specify the LAG interface. lag lag-intf-num can also be used
to specify the LAG interface where lag-intf-num is the LAG port number.
Format
show port-security dynamic {unit/slot/port | lag lag-intf-num}
Mode
Privileged EXEC
Term
Definition
MAC Address
VLAN ID
MAC Address of dynamically learned MAC address.
The VLAN ID specified in the Ethernet frame received by the interface.
show port-security static
This command displays the statically locked MAC addresses for port. Instead of unit/slot/port, lag lag-intfnum can be used as an alternate way to specify the LAG interface. lag lag-intf-num can also be used to specify
the LAG interface where lag-intf-num is the LAG port number.
Format
show port-security static
Mode
Privileged EXEC
{unit/slot/port | lag lag-intf-num}
Term
Definition
Statically Configured MAC
Address
VLAN ID
Sticky
The statically configured MAC address.
The ID of the VLAN that includes the host with the specified MAC address.
Indicates whether the static MAC address entry is added in sticky mode.
Example: The following shows example CLI display output for the command.
(Routing) #show port-security static 1/0/1
Number of static MAC addresses configured: 2
Statically configured MAC Address
--------------------------------00:00:00:00:00:01
00:00:00:00:00:02
September 2014
VLAN ID
------2
2
Sticky
-----Yes
No
CLI Command Reference
Page 451
HP Moonshot Switch Module CLI Command Reference
Port Security Commands
show port-security violation
This command displays the source MAC address of the last packet discarded on a locked port. Instead of unit/
slot/port, lag lag-intf-num can be used as an alternate way to specify the LAG interface. lag lag-intf-num
can also be used to specify the LAG interface where lag-intf-num is the LAG port number.
Format
show port-security violation {unit/slot/port | lag lag-intf-num}
Mode
Privileged EXEC
Term
Definition
MAC Address
VLAN ID
The source MAC address of the last frame that was discarded at a locked port.
The VLAN ID, if applicable, associated with the MAC address of the last frame that was
discarded at a locked port.
September 2014
CLI Command Reference
Page 452
LLDP (802.1AB) Commands
HP Moonshot Switch Module CLI Command Reference
LLDP (802.1AB) Commands
This section describes the command you use to configure Link Layer Discovery Protocol (LLDP), which is defined
in the IEEE 802.1AB specification. LLDP allows stations on an 802 LAN to advertise major capabilities and
physical descriptions. The advertisements allow a network management system (NMS) to access and display
this information.
lldp transmit
Use this command to enable the LLDP advertise capability on an interface or a range of interfaces.
Default
disabled
Format
lldp transmit
Mode
Interface Config
no lldp transmit
Use this command to return the local data transmission capability to the default
.
Format
no lldp transmit
Mode
Interface Config
lldp receive
Use this command to enable the LLDP receive capability on an interface or a range of interfaces.
Default
disabled
Format
lldp receive
Mode
Interface Config
no lldp receive
Use this command to return the reception of LLDPDUs to the default value.
Format
no lldp receive
Mode
Interface Config
September 2014
CLI Command Reference
Page 453
HP Moonshot Switch Module CLI Command Reference
LLDP (802.1AB) Commands
lldp timers
Use this command to set the timing parameters for local data transmission on ports enabled for LLDP. The
interval-seconds determines the number of seconds to wait between transmitting local data LLDPDUs. The
range is 1-32768 seconds. The hold-value is the multiplier on the transmit interval that sets the TTL in local
data LLDPDUs. The multiplier range is 2-10. The reinit-seconds is the delay before re-initialization, and the
range is 1-0 seconds.
Default
• interval—30 seconds
• hold—4
• reinit—2 seconds
Format
lldp timers [interval interval-seconds] [hold hold-value] [reinit reinit-seconds]
Mode
Global Config
no lldp timers
Use this command to return any or all timing parameters for local data transmission on ports enabled for LLDP
to the default values.
Format
no lldp timers [interval] [hold] [reinit]
Mode
Global Config
lldp transmit-tlv
Use this command to specify which optional type length values (TLVs) in the 802.1AB basic management set
are transmitted in the LLDPDUs from an interface or range of interfaces. Use sys-name to transmit the system
name TLV. To configure the system name, see “snmp-server” on page 100. Use sys-desc to transmit the system
description TLV. Use sys-cap to transmit the system capabilities TLV. Use port-desc to transmit the port
description TLV. To configure the port description, see See “description” on page 270.
Default
no optional TLVs are included
Format
lldp transmit-tlv [sys-desc] [sys-name] [sys-cap] [port-desc]
Mode
Interface Config
no lldp transmit-tlv
Use this command to remove an optional TLV from the LLDPDUs. Use the command without parameters to
remove all optional TLVs from the LLDPDU.
Format
no lldp transmit-tlv [sys-desc] [sys-name] [sys-cap] [port-desc]
Mode
Interface Config
September 2014
CLI Command Reference
Page 454
LLDP (802.1AB) Commands
HP Moonshot Switch Module CLI Command Reference
lldp transmit-mgmt
Use this command to include transmission of the local system management address information in the
LLDPDUs. This command ca be used to configure a single interface or a range of interfaces.
Format
lldp transmit-mgmt
Mode
Interface Config
no lldp transmit-mgmt
Use this command to include transmission of the local system management address information in the
LLDPDUs. Use this command to cancel inclusion of the management information in LLDPDUs.
Format
no lldp transmit-mgmt
Mode
Interface Config
lldp notification
Use this command to enable remote data change notifications on an interface or a range of interfaces
.
Default
disabled
Format
lldp notification
Mode
Interface Config
no lldp notification
Use this command to disable notifications.
Default
disabled
Format
no lldp notification
Mode
Interface Config
lldp notification-interval
Use this command to configure how frequently the system sends remote data change notifications. The
interval parameter is the number of seconds to wait between sending notifications. The valid interval range
is 5-3600 seconds.
Default
5
Format
lldp notification-interval interval
Mode
Global Config
September 2014
CLI Command Reference
Page 455
HP Moonshot Switch Module CLI Command Reference
LLDP (802.1AB) Commands
no lldp notification-interval
Use this command to return the notification interval to the default value.
Format
no lldp notification-interval
Mode
Global Config
clear lldp statistics
Use this command to reset all LLDP statistics, including MED-related information.
Format
clear lldp statistics
Mode
Privileged Exec
clear lldp remote-data
Use this command to delete all information from the LLDP remote data table, including MED-related
information.
Format
clear lldp remote-data
Mode
Global Config
show lldp
Use this command to display a summary of the current LLDP configuration.
Format
show lldp
Mode
Privileged Exec
Term
Definition
Transmit Interval
Transmit Hold
Multiplier
Re-initialization
Delay
Notification
Interval
How frequently the system transmits local data LLDPDUs, in seconds.
The multiplier on the transmit interval that sets the TTL in local data LLDPDUs.
September 2014
The delay before re-initialization, in seconds.
How frequently the system sends remote data change notifications, in seconds.
CLI Command Reference
Page 456
HP Moonshot Switch Module CLI Command Reference
LLDP (802.1AB) Commands
show lldp interface
Use this command to display a summary of the current LLDP configuration for a specific interface or for all
interfaces.
Format
show lldp interface {unit/slot/port | all}
Mode
Privileged Exec
Term
Definition
Interface
Link
Transmit
Receive
Notify
TLVs
The interface in a unit/slot/port format.
Shows whether the link is up or down.
Shows whether the interface transmits LLDPDUs.
Shows whether the interface receives LLDPDUs.
Shows whether the interface sends remote data change notifications.
Shows whether the interface sends optional TLVs in the LLDPDUs. The TLV codes can be 0
(Port Description), 1 (System Name), 2 (System Description), or 3 (System Capability).
Shows whether the interface transmits system management address information in the
LLDPDUs.
Mgmt
show lldp statistics
Use this command to display the current LLDP traffic and remote table statistics for a specific interface or for
all interfaces.
Format
show lldp statistics {unit/slot/port | all}
Mode
Privileged Exec
Term
Definition
Last Update
The amount of time since the last update to the remote table in days, hours, minutes, and
seconds.
Total number of inserts to the remote data table.
Total number of deletes from the remote data table.
Total number of times the complete remote data received was not inserted due to
insufficient resources.
Total number of times a complete remote data entry was deleted because the Time to Live
interval expired.
Total Inserts
Total Deletes
Total Drops
Total Ageouts
September 2014
CLI Command Reference
Page 457
HP Moonshot Switch Module CLI Command Reference
LLDP (802.1AB) Commands
The table contains the following column headings:
Term
Definition
Interface
Transmit Total
Receive Total
Discards
Errors
Ageouts
The interface in unit/slot/port format.
Total number of LLDP packets transmitted on the port.
Total number of LLDP packets received on the port.
Total number of LLDP frames discarded on the port for any reason.
The number of invalid LLDP frames received on the port.
Total number of times a complete remote data entry was deleted for the port because the
Time to Live interval expired.
The number of TLVs discarded.
Total number of LLDP TLVs received on the port where the type value is in the reserved
range, and not recognized.
The total number of LLDP-MED TLVs received on the interface.
The total number of LLDP TLVs received on the interface which are of type 802.1.
The total number of LLDP TLVs received on the interface which are of type 802.3.
TVL Discards
TVL Unknowns
TLV MED
TLV 802.1
TLV 802.3
show lldp remote-device
Use this command to display summary information about remote devices that transmit current LLDP data to
the system. You can show information about LLDP remote data received on all ports or on a specific port
Format
.
show lldp remote-device {unit/slot/port | all}
Mode
Privileged EXEC
Term
Definition
Local Interface
RemID
Chassis ID
The interface that received the LLDPDU from the remote device.
An internal identifier to the switch to mark each remote device to the system.
The ID that is sent by a remote device as part of the LLDP message, it is usually a MAC
address of the device.
The port number that transmitted the LLDPDU.
The system name of the remote device.
Port ID
System Name
September 2014
CLI Command Reference
Page 458
LLDP (802.1AB) Commands
HP Moonshot Switch Module CLI Command Reference
Example: The following shows example CLI display output for the command.
(Routing) #show lldp remote-device all
LLDP Remote Device Summary
Local
Interface RemID
Chassis ID
------- -------------------------1/0/1
1/0/2
1/0/3
1/0/4
1/0/5
1/0/6
1/0/7
2
00:FC:E3:90:01:0F
1/0/7
3
00:FC:E3:90:01:0F
1/0/7
4
00:FC:E3:90:01:0F
1/0/7
5
00:FC:E3:90:01:0F
1/0/7
1
00:FC:E3:90:01:0F
1/0/7
6
00:FC:E3:90:01:0F
1/0/8
--More-- or (q)uit
Port ID
------------------
System Name
------------------
00:FC:E3:90:01:11
00:FC:E3:90:01:12
00:FC:E3:90:01:13
00:FC:E3:90:01:14
00:FC:E3:90:03:11
00:FC:E3:90:04:11
show lldp remote-device detail
Use this command to display detailed information about remote devices that transmit current LLDP data to an
interface on the system.
Format
show lldp remote-device detail unit/slot/port
Mode
Privileged EXEC
Term
Definition
Local Interface
Remote Identifier
Chassis ID Subtype
Chassis ID
Port ID Subtype
Port ID
System Name
System Description
The interface that received the LLDPDU from the remote device.
An internal identifier to the switch to mark each remote device to the system.
The type of identification used in the Chassis ID field.
The chassis of the remote device.
The type of port on the remote device.
The port number that transmitted the LLDPDU.
The system name of the remote device.
Describes the remote system by identifying the system name and versions of
hardware, operating system, and networking software supported in the device.
Describes the port in an alpha-numeric format. The port description is configurable.
Indicates the primary function(s) of the device.
Port Description
System Capabilities
Supported
System Capabilities
Enabled
September 2014
Shows which of the supported system capabilities are enabled.
CLI Command Reference
Page 459
HP Moonshot Switch Module CLI Command Reference
LLDP (802.1AB) Commands
Term
Definition
Management Address
For each interface on the remote device with an LLDP agent, lists the type of
address the remote LLDP agent uses and specifies the address used to obtain
information related to the device.
The amount of time (in seconds) the remote device's information received in the
LLDPDU should be treated as valid information.
Time To Live
Example: The following shows example CLI display output for the command.
(Routing) #show lldp remote-device detail 1/0/7
LLDP Remote Device Detail
Local Interface: 1/0/7
Remote Identifier: 2
Chassis ID Subtype: MAC Address
Chassis ID: 00:FC:E3:90:01:0F
Port ID Subtype: MAC Address
Port ID: 00:FC:E3:90:01:11
System Name:
System Description:
Port Description:
System Capabilities Supported:
System Capabilities Enabled:
Time to Live: 24 seconds
show lldp local-device
Use this command to display summary information about the advertised LLDP local data. This command can
display summary information or detail for each interface.
Format
show lldp local-device {unit/slot/port | all}
Mode
Privileged EXEC
Term
Definition
Interface
The interface in a unit/slot/port format.
Port ID
The port ID associated with this interface.
Port Description The port description associated with the interface.
September 2014
CLI Command Reference
Page 460
HP Moonshot Switch Module CLI Command Reference
LLDP (802.1AB) Commands
show lldp local-device detail
Use this command to display detailed information about the LLDP data a specific interface transmits.
Format
show lldp local-device detail unit/slot/port
Mode
Privileged EXEC
Term
Definition
Interface
Chassis ID Subtype
Chassis ID
Port ID Subtype
Port ID
System Name
System Description
The interface that sends the LLDPDU.
The type of identification used in the Chassis ID field.
The chassis of the local device.
The type of port on the local device.
The port number that transmitted the LLDPDU.
The system name of the local device.
Describes the local system by identifying the system name and versions of hardware,
operating system, and networking software supported in the device.
Describes the port in an alpha-numeric format.
Indicates the primary function(s) of the device.
Port Description
System Capabilities
Supported
System Capabilities
Shows which of the supported system capabilities are enabled.
Enabled
Management Address The type of address and the specific address the local LLDP agent uses to send and
receive information.
September 2014
CLI Command Reference
Page 461
HP Moonshot Switch Module CLI Command Reference
LLDP-MED Commands
LLDP-MED Commands
Link Layer Discovery Protocol - Media Endpoint Discovery (LLDP-MED) (ANSI-TIA-1057) provides an extension
to the LLDP standard. Specifically, LLDP-MED provides extensions for network configuration and policy, device
location, Power over Ethernet (PoE) management and inventory management.
lldp med
Use this command to enable MED on an interface or a range of interfaces. By enabling MED, you will be
effectively enabling the transmit and receive function of LLDP.
Default
disabled
Format
lldp med
Mode
Interface Config
no lldp med
Use this command to disable MED.
Format
no lldp med
Mode
Interface Config
lldp med confignotification
Use this command to configure an interface or a range of interfaces to send the topology change notification.
Default
disabled
Format
lldp med confignotification
Mode
Interface Config
no ldp med confignotification
Use this command to disable notifications.
Format
no lldp med confignotification
Mode
Interface Config
September 2014
CLI Command Reference
Page 462
HP Moonshot Switch Module CLI Command Reference
LLDP-MED Commands
lldp med transmit-tlv
Use this command to specify which optional Type Length Values (TLVs) in the LLDP MED set will be transmitted
in the Link Layer Discovery Protocol Data Units (LLDPDUs) from this interface or a range of interfaces.
Default
By default, the capabilities and network policy TLVs are included.
Format
lldp med transmit-tlv [capabilities] [ex-pd] [ex-pse] [network-policy]
Mode
Interface Config
Term
Definition
capabilities
ex-pd
ex-pse
network-policy
Transmit the LLDP capabilities TLV.
Transmit the LLDP extended PD TLV.
Transmit the LLDP extended PSE TLV.
Transmit the LLDP network policy TLV.
no lldp med transmit-tlv
Use this command to remove a TLV.
Format
no lldp med transmit-tlv [capabilities] [network-policy] [ex-pse] [ex-pd]
Mode
Interface Config
lldp med all
Use this command to configure LLDP-MED on all the ports.
Format
lldp med all
Mode
Global Config
lldp med confignotification all
Use this command to configure all the ports to send the topology change notification.
Format
lldp med confignotification all
Mode
Global Config
September 2014
CLI Command Reference
Page 463
LLDP-MED Commands
HP Moonshot Switch Module CLI Command Reference
lldp med faststartrepeatcount
Use this command to set the value of the fast start repeat count. [count] is the number of LLDP PDUs that will
be transmitted when the product is enabled. The range is 1 to 10.
Default
3
Format
lldp med faststartrepeatcount [count]
Mode
Global Config
no lldp med faststartrepeatcount
Use this command to return to the factory default value.
Format
no lldp med faststartrepeatcount
Mode
Global Config
lldp med transmit-tlv all
Use this command to specify which optional Type Length Values (TLVs) in the LLDP MED set will be transmitted
in the Link Layer Discovery Protocol Data Units (LLDPDUs)
.
Default
By default, the capabilities and network policy TLVs are included.
Format
lldp med transmit-tlv all [capabilities] [ex-pd] [ex-pse] [network-policy]
Mode
Global Config
Term
Definition
capabilities
ex-pd
ex-pse
network-policy
Transmit the LLDP capabilities TLV.
Transmit the LLDP extended PD TLV.
Transmit the LLDP extended PSE TLV.
Transmit the LLDP network policy TLV.
no lldp med transmit-tlv
Use this command to remove a TLV.
Format
no lldp med transmit-tlv [capabilities] [network-policy] [ex-pse] [ex-pd]
Mode
Global Config
September 2014
CLI Command Reference
Page 464
LLDP-MED Commands
HP Moonshot Switch Module CLI Command Reference
show lldp med
Use this command to display a summary of the current LLDP MED configuration.
Format
show lldp med
Mode
Privileged Exec
Example: The following shows example CLI display output for the command.
(Routing) #show lldp med
LLDP MED Global Configuration
Fast Start Repeat Count: 3
Device Class: Network Connectivity
(Routing) #
show lldp med interface
Use this command to display a summary of the current LLDP MED configuration for a specific interface. unit/
slot/port indicates a specific physical interface. all indicates all valid LLDP interfaces
Format
.
show lldp med interface {unit/slot/port | all}
Mode
Privileged Exec
Example: The following shows example CLI display output for the command.
(Routing) #show lldp med interface all
Interface
--------1/0/1
1/0/2
1/0/3
1/0/4
1/0/5
1/0/6
1/0/7
1/0/8
1/0/9
1/0/10
1/0/11
1/0/12
1/0/13
1/0/14
Link
-----Down
Up
Down
Down
Down
Down
Down
Down
Down
Down
Down
Down
Down
Down
configMED
--------Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
operMED
-------Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
ConfigNotify
-----------Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
TLVsTx
----------0,1
0,1
0,1
0,1
0,1
0,1
0,1
0,1
0,1
0,1
0,1
0,1
0,1
0,1
TLV Codes: 0- Capabilities,
1- Network Policy
2- Location,
3- Extended PSE
4- Extended Pd,
5- Inventory
--More-- or (q)uit
(Routing) #show lldp med interface 1/0/2
September 2014
CLI Command Reference
Page 465
HP Moonshot Switch Module CLI Command Reference
Interface
--------1/0/2
Link
-----Up
configMED operMED
--------- -------Disabled Disabled
TLV Codes: 0- Capabilities,
2- Location,
4- Extended Pd,
LLDP-MED Commands
ConfigNotify TLVsTx
------------ ----------Disabled
0,1
1- Network Policy
3- Extended PSE
5- Inventory
(Routing) #
show lldp med local-device detail
Use this command to display detailed information about the LLDP MED data that a specific interface transmits.
unit/slot/port indicates a specific physical interface.
Format
show lldp med local-device detail unit/slot/port
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show lldp med local-device detail 1/0/8
LLDP MED Local Device Detail
Interface: 1/0/8
Network Policies
Media Policy Application Type : voice
Vlan ID: 10
Priority: 5
DSCP: 1
Unknown: False
Tagged: True
Media Policy Application Type : streamingvideo
Vlan ID: 20
Priority: 1
DSCP: 2
Unknown: False
Tagged: True
Inventory
Hardware Rev: xxx xxx xxx
Firmware Rev: xxx xxx xxx
Software Rev: xxx xxx xxx
Serial Num: xxx xxx xxx
Mfg Name: xxx xxx xxx
Model Name: xxx xxx xxx
Asset ID: xxx xxx xxx
Location
Subtype: elin
Info: xxx xxx xxx
September 2014
CLI Command Reference
Page 466
HP Moonshot Switch Module CLI Command Reference
LLDP-MED Commands
Extended POE
Device Type: pseDevice
Extended POE PSE
Available: 0.3 Watts
Source: primary
Priority: critical
Extended POE PD
Required: 0.2 Watts
Source: local
Priority: low
show lldp med remote-device
Use this command to display the summary information about remote devices that transmit current LLDP MED
data to the system. You can show information about LLDP MED remote data received on all valid LLDP
interfaces or on a specific physical interface.
Format
show lldp med remote-device {unit/slot/port | all}
Mode
Privileged EXEC
Term
Definition
Local Interface
Remote ID
Device Class
The interface that received the LLDPDU from the remote device.
An internal identifier to the switch to mark each remote device to the system.
Device classification of the remote device.
Example: The following shows example CLI display output for the command.
(Routing) #show lldp med remote-device all
LLDP MED Remote Device Summary
Local
Interface
--------1/0/8
1/0/9
1/0/10
1/0/11
1/0/12
Remote ID
--------1
2
3
4
5
September 2014
Device Class
-----------Class I
Not Defined
Class II
Class III
Network Con
CLI Command Reference
Page 467
HP Moonshot Switch Module CLI Command Reference
LLDP-MED Commands
show lldp med remote-device detail
Use this command to display detailed information about remote devices that transmit current LLDP MED data
to an interface on the system.
Format
show lldp med remote-device detail unit/slot/port
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Routing) #show lldp med remote-device detail 1/0/8
LLDP MED Remote Device Detail
Local Interface: 1/0/8
Remote Identifier: 18
Capabilities
MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse
MED Capabilities Enabled: capabilities, networkpolicy
Device Class: Endpoint Class I
Network Policies
Media Policy Application Type : voice
Vlan ID: 10
Priority: 5
DSCP: 1
Unknown: False
Tagged: True
Media Policy Application Type : streamingvideo
Vlan ID: 20
Priority: 1
DSCP: 2
Unknown: False
Tagged: True
Inventory
Hardware Rev: xxx xxx xxx
Firmware Rev: xxx xxx xxx
Software Rev: xxx xxx xxx
Serial Num: xxx xxx xxx
Mfg Name: xxx xxx xxx
Model Name: xxx xxx xxx
Asset ID: xxx xxx xxx
Location
Subtype: elin
Info: xxx xxx xxx
Extended POE
Device Type: pseDevice
Extended POE PSE
Available: 0.3 Watts
September 2014
CLI Command Reference
Page 468
HP Moonshot Switch Module CLI Command Reference
Denial of Service Commands
Source: primary
Priority: critical
Extended POE PD
Required: 0.2 Watts
Source: local
Priority: low
Denial of Service Commands
This section describes the commands you use to configure Denial of Service (DoS) Control. HP Moonshot
Switch Module software provides support for classifying and blocking specific types of Denial of Service
attacks. You can configure your system to monitor and block these types of attacks:
• SIP = DIP: Source IP address = Destination IP address.
• First Fragment:TCP Header size smaller then configured value.
• TCP Fragment: IP Fragment Offset = 1.
• TCP Flag: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP Sequence Number = 0
or TCP Flags FIN, URG, and PSH set and TCP Sequence Number = 0 or TCP Flags SYN and FIN set.
• L4 Port: Source TCP/UDP Port = Destination TCP/UDP Port.
• ICMPv4: Limiting the size of ICMP Ping packets.
• SMAC = DMAC: Source MAC address = Destination MAC address.
• TCP Port: Source TCP Port = Destination TCP Port.
• UDP Port: Source UDP Port = Destination UDP Port.
• TCP Flag & Sequence: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP Sequence
Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence Number = 0 or TCP Flags SYN and FIN
set.
• TCP Offset: TCP Header Offset = 1.
• TCP SYN: TCP Flag SYN set.
• TCP SYN & FIN: TCP Flags SYN and FIN set.
• TCP FIN & URG & PSH: TCP Flags FIN and URG and PSH set and TCP Sequence Number = 0.
• ICMPv6: Limiting the size of ICMPv6 Ping packets.
• ICMP Fragment: Checks for fragmented ICMP packets.
September 2014
CLI Command Reference
Page 469
HP Moonshot Switch Module CLI Command Reference
Denial of Service Commands
dos-control all
This command enables Denial of Service protection checks globally.
Default
disabled
Format
dos-control all
Mode
Global Config
no dos-control all
This command disables Denial of Service prevention checks globally.
Format
no dos-control all
Mode
Global Config
dos-control firstfrag
This command enables Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial
of Service prevention is active for this type of attack. If packets ingress having a TCP Header Size smaller then
the configured value, the packets will be dropped if the mode is enabled.The default is disabled. If you enable
dos-control firstfrag, but do not provide a Minimum TCP Header Size, the system sets that value to 20.
Default
disabled (20)
Format
dos-control firstfrag [0-255]
Mode
Global Config
no dos-control firstfrag
This command sets Minimum TCP Header Size Denial of Service protection to the default value of disabled.
Format
no dos-control firstfrag
Mode
Global Config
September 2014
CLI Command Reference
Page 470
HP Moonshot Switch Module CLI Command Reference
Denial of Service Commands
dos-control icmpv4
This command enables Maximum ICMP Packet Size Denial of Service protections and allows you to set a
maximum size for ingress ICMP Echo Request (PING) packets. If the mode is enabled, Denial of Service
prevention is active for this type of attack. If ping packets ingress having a size greater than the configured
value, the packets will be dropped if the mode is enabled.
Default
disabled (512)
Format
dos-control icmpv4 [0-16376]
Mode
Global Config
no dos-control icmpv4
This command disables Maximum ICMP Packet Size Denial of Service protections.
Format
no dos-control icmpv4
Mode
Global Config
dos-control icmpv6
This command enables Maximum ICMPv6 Packet Size Denial of Service protections. If the mode is enabled,
Denial of Service prevention is active for this type of attack. If ICMPv6 Echo Request (PING) packets ingress
having a size greater than the configured value, the packets will be dropped if the mode is enabled.
Default
disabled (512)
Format
dos-control icmpv6 [0-16376]
Mode
Global Config
no dos-control icmpv6
This command disables Maximum ICMP Packet Size Denial of Service protections.
Format
no dos-control icmpv6
Mode
Global Config
September 2014
CLI Command Reference
Page 471
HP Moonshot Switch Module CLI Command Reference
Denial of Service Commands
dos-control icmpfrag
This command enables ICMP Fragment Denial of Service protection. If the mode is enabled, Denial of Service
prevention is active for this type of attack. If packets ingress having fragmented ICMP packets, the packets will
be dropped if the mode is enabled.
Default
disabled
Format
dos-control icmpfrag
Mode
Global Config
no dos-control icmpfrag
This command disabled ICMP Fragment Denial of Service protection.
Format
no dos-control icmpfrag
Mode
Global Config
dos-control l4port
This command enables L4 Port Denial of Service protections. If the mode is enabled, Denial of Service
prevention is active for this type of attack. If packets ingress having Source TCP/UDP Port Number equal to
Destination TCP/UDP Port Number, the packets will be dropped if the mode is enabled.
Note: Some applications mirror source and destination L4 ports - RIP for example uses 520 for both.
If you enable dos-control l4port, applications such as RIP may experience packet loss which would
render the application inoperable.
Default
disabled
Format
dos-control l4port
Mode
Global Config
no dos-control l4port
This command disables L4 Port Denial of Service protections.
Format
no dos-control l4port
Mode
Global Config
September 2014
CLI Command Reference
Page 472
Denial of Service Commands
HP Moonshot Switch Module CLI Command Reference
dos-control sipdip
This command enables Source IP address = Destination IP address (SIP = DIP) Denial of Service protection. If
the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress with SIP =
DIP, the packets will be dropped if the mode is enabled
.
Default
disabled
Format
dos-control sipdip
Mode
Global Config
no dos-control sipdip
This command disables Source IP address = Destination IP address (SIP = DIP) Denial of Service prevention.
Format
no dos-control sipdip
Mode
Global Config
dos-control smacdmac
This command enables Source MAC address = Destination MAC address (SMAC = DMAC) Denial of Service
protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets
ingress with SMAC = DMAC, the packets will be dropped if the mode is enabled.
Default
disabled
Format
dos-control smacdmac
Mode
Global Config
no dos-control smacdmac
This command disables Source MAC address = Destination MAC address (SMAC = DMAC) DoS protection.
Format
no dos-control smacdmac
Mode
Global Config
September 2014
CLI Command Reference
Page 473
HP Moonshot Switch Module CLI Command Reference
Denial of Service Commands
dos-control tcpfrag
This command enables TCP Fragment Denial of Service protection. If the mode is enabled, Denial of Service
prevention is active for this type of attack. If packets ingress having IP Fragment Offset equal to one (1), the
packets will be dropped if the mode is enabled.
Default
disabled
Format
dos-control tcpfrag
Mode
Global Config
no dos-control tcpfrag
This command disabled TCP Fragment Denial of Service protection.
Format
no dos-control tcpfrag
Mode
Global Config
dos-control tcpflag
This command enables TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service
prevention is active for this type of attacks. If packets ingress having TCP Flag SYN set and a source port less
than 1024 or having TCP Control Flags set to 0 and TCP Sequence Number set to 0 or having TCP Flags FIN, URG,
and PSH set and TCP Sequence Number set to 0 or having TCP Flags SYN and FIN both set, the packets will be
dropped if the mode is enabled.
Default
disabled
Format
dos-control tcpflag
Mode
Global Config
no dos-control tcpflag
This command sets disables TCP Flag Denial of Service protections.
Format
no dos-control tcpflag
Mode
Global Config
September 2014
CLI Command Reference
Page 474
HP Moonshot Switch Module CLI Command Reference
Denial of Service Commands
dos-control tcpport
This command enables TCP L4 source = destination port number (Source TCP Port = Destination TCP Port)
Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of
attack. If packets ingress with Source TCP Port = Destination TCP Port, the packets will be dropped if the mode
is enabled.
Default
disabled
Format
dos-control tcpport
Mode
Global Config
no dos-control tcpport
This command disables TCP L4 source = destination port number (Source TCP Port = Destination TCP Port)
Denial of Service protection.
Format
no dos-control tcpport
Mode
Global Config
dos-control udpport
This command enables UDP L4 source = destination port number (Source UDP Port = Destination UDP Port)
DoS protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets
ingress with Source UDP Port = Destination UDP Port, the packets will be dropped if the mode is enabled.
Default
disabled
Format
dos-control udpport
Mode
Global Config
no dos-control udpport
This command disables UDP L4 source = destination port number (Source UDP Port = Destination UDP Port)
Denial of Service protection.
Format
no dos-control udpport
Mode
Global Config
September 2014
CLI Command Reference
Page 475
HP Moonshot Switch Module CLI Command Reference
Denial of Service Commands
dos-control tcpflagseq
This command enables TCP Flag and Sequence Denial of Service protections. If the mode is enabled, Denial of
Service prevention is active for this type of attack. If packets ingress having TCP Flag SYN set and a source port
less than 1024 or having TCP Control Flags set to 0 and TCP Sequence Number set to 0 or having TCP Flags FIN,
URG, and PSH set and TCP Sequence Number set to 0 or having TCP Flags SYN and FIN both set, the packets will
be dropped if the mode is enabled.
Default
disabled
Format
dos-control tcpflagseq
Mode
Global Config
no dos-control tcpflagseq
This command sets disables TCP Flag and Sequence Denial of Service protection.
Format
no dos-control tcpflagseq
Mode
Global Config
dos-control tcpoffset
This command enables TCP Offset Denial of Service protection. If the mode is enabled, Denial of Service
prevention is active for this type of attack. If packets ingress having TCP Header Offset equal to one (1), the
packets will be dropped if the mode is enabled.
Default
disabled
Format
dos-control tcpoffset
Mode
Global Config
no dos-control tcpoffset
This command disabled TCP Offset Denial of Service protection.
Format
no dos-control tcpoffset
Mode
Global Config
September 2014
CLI Command Reference
Page 476
HP Moonshot Switch Module CLI Command Reference
Denial of Service Commands
dos-control tcpsyn
This command enables TCP SYN and L4 source = 0-1023 Denial of Service protection. If the mode is enabled,
Denial of Service prevention is active for this type of attack. If packets ingress having TCP flag SYN set and an
L4 source port from 0 to 1023, the packets will be dropped if the mode is enabled.
Default
disabled
Format
dos-control tcpsyn
Mode
Global Config
no dos-control tcpsyn
This command sets disables TCP SYN and L4 source = 0-1023 Denial of Service protection.
Format
no dos-control tcpsyn
Mode
Global Config
dos-control tcpsynfin
This command enables TCP SYN and FIN Denial of Service protection. If the mode is enabled, Denial of Service
prevention is active for this type of attack. If packets ingress having TCP flags SYN and FIN set, the packets will
be dropped if the mode is enabled.
Default
disabled
Format
dos-control tcpsynfin
Mode
Global Config
no dos-control tcpsynfin
This command sets disables TCP SYN & FIN Denial of Service protection.
Format
no dos-control tcpsynfin
Mode
Global Config
September 2014
CLI Command Reference
Page 477
HP Moonshot Switch Module CLI Command Reference
Denial of Service Commands
dos-control tcpfinurgpsh
This command enables TCP FIN and URG and PSH and SEQ = 0 checking Denial of Service protections. If the
mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP FIN,
URG, and PSH all set and TCP Sequence Number set to 0, the packets will be dropped if the mode is enabled.
Default
disabled
Format
dos-control tcpfinurgpsh
Mode
Global Config
no dos-control tcpfinurgpsh
This command sets disables TCP FIN and URG and PSH and SEQ = 0 checking Denial of Service protections.
Format
no dos-control tcpfinurgpsh
Mode
Global Config
show dos-control
This command displays Denial of Service configuration information.
Format
show dos-control
Mode
Privileged EXEC
Term
Definition
First Fragment Mode
The administrative mode of First Fragment DoS prevention. When
enabled, this causes the switch to drop packets that have a TCP header
smaller then the configured Min TCP Hdr Size.
The minimum TCP header size the switch will accept if First Fragment
DoS prevention is enabled.
The administrative mode of ICMPv4 DoS prevention. When enabled,
this causes the switch to drop ICMP packets that have a type set to
ECHO_REQ (ping) and a size greater than the configured ICMPv4
Payload Size.
The maximum ICMPv4 payload size to accept when ICMPv4 DoS
protection is enabled.
The administrative mode of ICMPv6 DoS prevention. When enabled,
this causes the switch to drop ICMP packets that have a type set to
ECHO_REQ (ping) and a size greater than the configured ICMPv6
Payload Size.
The maximum ICMPv6 payload size to accept when ICMPv6 DoS
protection is enabled.
The administrative mode of ICMPv4 Fragment DoS prevention. When
enabled, this causes the switch to drop fragmented ICMPv4 packets.
Min TCP Hdr Size
ICMPv4 Mode
Max ICMPv4 Payload Size
ICMPv6 Mode
Max ICMPv6 Payload Size
ICMPv4 Fragment Mode
September 2014
CLI Command Reference
Page 478
HP Moonshot Switch Module CLI Command Reference
Denial of Service Commands
Term
Definition
TCP Port Mode
The administrative mode of TCP Port DoS prevention. When enabled,
this causes the switch to drop packets that have the TCP source port
equal to the TCP destination port.
The administrative mode of UDP Port DoS prevention. When enabled,
this causes the switch to drop packets that have the UDP source port
equal to the UDP destination port.
The administrative mode of SIP=DIP DoS prevention. Enabling this
causes the switch to drop packets that have a source IP address equal
to the destination IP address. The factory default is disabled.
The administrative mode of SMAC=DMAC DoS prevention. Enabling
this causes the switch to drop packets that have a source MAC address
equal to the destination MAC address.
The administrative mode of TCP FIN & URG & PSH DoS prevention.
Enabling this causes the switch to drop packets that have TCP flags FIN,
URG, and PSH set and TCP Sequence Number = 0.
The administrative mode of TCP Flag DoS prevention. Enabling this
causes the switch to drop packets that have TCP control flags set to 0
and TCP sequence number set to 0.
The administrative mode of TCP SYN DoS prevention. Enabling this
causes the switch to drop packets that have TCP Flags SYN set.
The administrative mode of TCP SYN & FIN DoS prevention. Enabling
this causes the switch to drop packets that have TCP Flags SYN and FIN
set.
The administrative mode of TCP Fragment DoS prevention. Enabling
this causes the switch to drop packets that have an IP fragment offset
equal to 1.
The administrative mode of TCP Offset DoS prevention. Enabling this
causes the switch to drop packets that have a TCP header Offset equal
to 1.
UDP Port Mode
SIPDIP Mode
SMACDMAC Mode
TCP FIN&URG& PSH Mode
TCP Flag & Sequence Mode
TCP SYN Mode
TCP SYN & FIN Mode
TCP Fragment Mode
TCP Offset Mode
September 2014
CLI Command Reference
Page 479
HP Moonshot Switch Module CLI Command Reference
MAC Database Commands
MAC Database Commands
This section describes the commands you use to configure and view information about the MAC databases.
bridge aging-time
This command configures the forwarding database address aging timeout in seconds. The seconds parameter
must be within the range of 10 to 1,000,000 seconds.
Default
300
Format
bridge aging-time seconds
Mode
Global Config
no bridge aging-time
This command sets the forwarding database address aging timeout to the default value.
Format
no bridge aging-time
Mode
Global Config
show forwardingdb agetime
This command displays the timeout for address aging.
Default
all
Format
show forwardingdb agetime
Mode
Privileged EXEC
Term
Definition
Address Aging
Timeout
Displays the system's address aging timeout value in seconds.
September 2014
CLI Command Reference
Page 480
HP Moonshot Switch Module CLI Command Reference
MAC Database Commands
show mac-address-table multicast
This command displays the Multicast Forwarding Database (MFDB) information. If you enter the command
with no parameter, the entire table is displayed. You can display the table entry for one MAC Address by
specifying the MAC address as an optional parameter.
Format
show mac-address-table multicast macaddr
Mode
Privileged EXEC
Term
Definition
VLAN ID
MAC Address
The VLAN in which the MAC address is learned.
A multicast MAC address for which the switch has forwarding or filtering information. The
format is 6 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB.
The component that is responsible for this entry in the Multicast Forwarding Database. The
source can be IGMP Snooping, GMRP, and Static Filtering.
The type of the entry. Static entries are those that are configured by the end user. Dynamic
entries are added to the table as a result of a learning process or protocol.
The text description of this multicast table entry.
The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
The resultant forwarding list is derived from combining all the component’s forwarding
interfaces and removing the interfaces that are listed as the static filtering interfaces.
Source
Type
Description
Interfaces
Fwd Interface
Example: If one or more entries exist in the multicast forwarding table, the command output looks similar
to the following:
(Routing) #show mac-address-table multicast
Fwd
VLAN ID MAC Address
Source Type
Description
Interface Interface
------- ----------------- ------- ------- --------------- --------- --------1
01:00:5E:01:02:03 Filter Static Mgmt Config
Fwd:
Fwd:
1/0/1,
1/0/1,
1/0/2,
1/0/2,
1/0/3,
1/0/3,
1/0/4,
1/0/4,
1/0/5,
1/0/5,
1/0/6,
1/0/6,
1/0/7,
1/0/7,
1/0/8,
1/0/8,
1/0/9,
1/0/9,
1/0/10,
1/0/10,
--More-- or (q)uit
September 2014
CLI Command Reference
Page 481
HP Moonshot Switch Module CLI Command Reference
MAC Database Commands
show mac-address-table stats
This command displays the Multicast Forwarding Database (MFDB) statistics.
Format
show mac-address-table stats
Mode
Privileged EXEC
Term
Definition
Total Entries
The total number of entries that can possibly be in the Multicast Forwarding Database
table.
Most MFDB
The largest number of entries that have been present in the Multicast Forwarding Database
Entries Ever Used table. This value is also known as the MFDB high-water mark.
Current Entries The current number of entries in the MFDB.
Example: If one or more entries exist in the multicast forwarding table, the command output looks similar
to the following:
(Routing) #show mac-address-table stats
Max MFDB Table Entries......................... 1024
Most MFDB Entries Since Last Reset............. 542
Current Entries................................ 109
September 2014
CLI Command Reference
Page 482
HP Moonshot Switch Module CLI Command Reference
ISDP Commands
ISDP Commands
This section describes the commands you use to configure the industry standard Discovery Protocol (ISDP).
isdp run
This command enables ISDP on the switch.
Default
Enabled
Format
isdp run
Mode
Global Config
no isdp run
This command disables ISDP on the switch.
Format
no isdp run
Mode
Global Config
isdp holdtime
This command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how
long a receiving device should store information sent in the ISDP packet before discarding it. The range is given
in seconds.
Default
180 seconds
Format
isdp holdtime 10-255
Mode
Global Config
isdp timer
This command sets the period of time between sending new ISDP packets. The range is given in seconds.
Default
30 seconds
Format
isdp timer 5-254
Mode
Global Config
September 2014
CLI Command Reference
Page 483
HP Moonshot Switch Module CLI Command Reference
ISDP Commands
isdp advertise-v2
This command enables the sending of ISDP version 2 packets from the device.
Default
Enabled
Format
isdp advertise-v2
Mode
Global Config
no isdp advertise-v2
This command disables the sending of ISDP version 2 packets from the device.
Format
no isdp advertise-v2
Mode
Global Config
isdp enable
This command enables ISDP on an interface or range of interfaces.
Note: ISDP must be enabled both globally and on the interface in order for the interface to transmit
ISDP packets. If ISDP is globally disabled on the switch, the interface will not transmit ISDP packets,
regardless of the ISDP status on the interface. To enable ISDP globally, use the command “isdp run”
on page 483.
Default
Enabled
Format
isdp enable
Mode
Interface Config
no isdp enable
This command disables ISDP on the interface.
Format
no isdp enable
Mode
Interface Config
clear isdp counters
This command clears ISDP counters.
Format
clear isdp counters
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 484
HP Moonshot Switch Module CLI Command Reference
ISDP Commands
clear isdp table
This command clears entries in the ISDP table.
Format
clear isdp table
Mode
Privileged EXEC
show isdp
This command displays global ISDP settings.
Format
show isdp
Mode
Privileged EXEC
Term
Definition
Timer
Hold Time
The frequency with which this device sends ISDP packets. This value is given in seconds.
The length of time the receiving device should save information sent by this device. This
value is given in seconds.
The setting for sending ISDPv2 packets. If disabled, version 1 packets are transmitted.
Version 2
Advertisements
Neighbors table time The amount of time that has passed since the ISPD neighbor table changed.
since last change
Device ID
The Device ID advertised by this device. The format of this Device ID is characterized by
the value of the Device ID Format object.
Device ID Format
Indicates the Device ID format capability of the device.
Capability
• serialNumber indicates that the device uses a serial number as the format for its
Device ID.
• macAddress indicates that the device uses a Layer 2 MAC address as the format for
its Device ID.
• other indicates that the device uses its platform-specific format as the format for its
Device ID.
Device ID Format
Indicates the Device ID format of the device.
• serialNumber indicates that the value is in the form of an ASCII string containing the
device serial number.
• macAddress indicates that the value is in the form of a Layer 2 MAC address.
• other indicates that the value is in the form of a platform specific ASCII string
containing info that identifies the device. For example, ASCII string contains
serialNumber appended/prepended with system name.
Example: The following shows example CLI display output for the command.
(Routing) #show isdp
Timer.......................................... 30
Hold Time...................................... 180
Version 2 Advertisements....................... Enabled
September 2014
CLI Command Reference
Page 485
ISDP Commands
HP Moonshot Switch Module CLI Command Reference
Neighbors table time since last change.........
Device ID......................................
Device ID format capability....................
Device ID format...............................
0 days 00:00:00
1114728
Serial Number, Host Name
Serial Number
show isdp interface
This command displays ISDP settings for the specified interface.
Format
show isdp interface {all | unit/slot/port}
Mode
Privileged EXEC
Term
Definition
Interface
Mode
The unit/slot/port of the specified interface.
ISDP mode enabled/disabled status for the interface(s).
Example: The following shows example CLI display output for the command.
(Routing) #show isdp interface 1/0/1
Interface
--------------1/0/1
Mode
---------Enabled
Example: The following shows example CLI display output for the command.
(Routing) #show isdp interface all
Interface
--------------1/0/1
1/0/2
1/0/3
1/0/4
1/0/5
1/0/6
1/0/7
1/0/8
September 2014
Mode
---------Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
CLI Command Reference
Page 486
HP Moonshot Switch Module CLI Command Reference
ISDP Commands
show isdp entry
This command displays ISDP entries. If the device id is specified, then only entries for that device are shown.
Format
show isdp entry {all | deviceid}
Mode
Privileged EXEC
Term
Definition
Device ID
IP Addresses
Capability
Platform
Interface
Port ID
Hold Time
Version
Advertisement
Version
Entry Last
Changed Time
The device ID associated with the neighbor which advertised the information.
The IP address(es) associated with the neighbor.
ISDP Functional Capabilities advertised by the neighbor.
The hardware platform advertised by the neighbor.
The interface (unit/slot/port) on which the neighbor's advertisement was received.
The port ID of the interface from which the neighbor sent the advertisement.
The hold time advertised by the neighbor.
The software version that the neighbor is running.
The version of the advertisement packet received from the neighbor.
The time when the entry was last changed.
Example: The following shows example CLI display output for the command.
(Routing) #show isdp entry Switch
Device ID
Switch
Address(es):
IP Address:
IP Address:
Capability
172.20.1.18
172.20.1.18
Router IGMP
Platform
cisco WS-C4948
Interface
1/0/1
Port ID
GigabitEthernet1/1
Holdtime
64
Advertisement Version
2
Entry last changed time
0 days 00:13:50
September 2014
CLI Command Reference
Page 487
ISDP Commands
HP Moonshot Switch Module CLI Command Reference
show isdp neighbors
This command displays the list of neighboring devices.
Format
show isdp neighbors [{unit/slot/port | detail}]
Mode
Privileged EXEC
Term
Definition
Device ID
IP Addresses
Capability
Platform
Interface
Port ID
Hold Time
Advertisement
Version
Entry Last
Changed Time
Version
The device ID associated with the neighbor which advertised the information.
The IP addresses associated with the neighbor.
ISDP functional capabilities advertised by the neighbor.
The hardware platform advertised by the neighbor.
The interface (unit/slot/port) on which the neighbor's advertisement was received.
The port ID of the interface from which the neighbor sent the advertisement.
The hold time advertised by the neighbor.
The version of the advertisement packet received from the neighbor.
Time when the entry was last modified.
The software version that the neighbor is running.
Example: The following shows example CLI display output for the command.
(Routing) #show isdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge,
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID
Intf
Holdtime Capability
Platform
---------------------- ------------ --------- ------------ ----------------------none
1/0/1
163
R
BCM-56844
none
1/0/2
163
R
BCM-56844
none
1/0/3
163
R
BCM-56844
Port ID
-----------------1/0/44
1/0/41
1/0/45
Example: The following shows example CLI display output for the command.
(Routing) #show isdp neighbors detail
Device ID
Address(es):
Capability
Platform
Interface
Port ID
Holdtime
Advertisement Version
Time when last changed
Version :
8.6.5.4
September 2014
none
Router
BCM-56844
1/0/1
1/0/44
155
2
0 days 03:18:35
CLI Command Reference
Page 488
ISDP Commands
HP Moonshot Switch Module CLI Command Reference
show isdp traffic
This command displays ISDP statistics.
Format
show isdp traffic
Mode
Privileged EXEC
Term
Definition
ISDP Packets Received
ISDP Packets Transmitted
ISDPv1 Packets Received
ISDPv1 Packets Transmitted
ISDPv2 Packets Received
ISDPv2 Packets Transmitted
ISDP Bad Header
ISDP Checksum Error
ISDP Transmission Failure
ISDP Invalid Format
ISDP Table Full
Total number of ISDP packets received
Total number of ISDP packets transmitted
Total number of ISDPv1 packets received
Total number of ISDPv1 packets transmitted
Total number of ISDPv2 packets received
Total number of ISDPv2 packets transmitted
Number of packets received with a bad header
Number of packets received with a checksum error
Number of packets which failed to transmit
Number of invalid packets received
Number of times a neighbor entry was not added to the table due to a full
database
Displays the number of times a neighbor entry was added to the table without
an IP address.
ISDP IP Address Table Full
Example: The following shows example CLI display output for the command.
(Routing) #show isdp traffic
ISDP Packets Received..........................
ISDP Packets Transmitted.......................
ISDPv1 Packets Received........................
ISDPv1 Packets Transmitted.....................
ISDPv2 Packets Received........................
ISDPv2 Packets Transmitted.....................
ISDP Bad Header................................
ISDP Checksum Error............................
ISDP Transmission Failure......................
ISDP Invalid Format............................
ISDP Table Full................................
ISDP IP Address Table Full.....................
September 2014
4253
127
0
0
4253
4351
0
0
0
0
392
737
CLI Command Reference
Page 489
HP Moonshot Switch Module CLI Command Reference
UniDirectional Link Detection Commands
UniDirectional Link Detection Commands
The purpose of the UniDirectional Link Detection (UDLD) feature is to detect and avoid unidirectional links. A
unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bi-directional link
stops passing traffic in one direction. Use the UDLD commands to detect unidirectional links’ physical ports.
UDLD must be enabled on both sides of the link in order to detect a unidirectional link. The UDLD protocol
operates by exchanging packets containing information about neighboring devices.
udld enable (Global Config)
This command enables UDLD globally on the switch.
Default
disable
Format
udld enable
Mode
Global Config
no udld enable (Global Config)
This command disables udld globally on the switch.
Format
no udld enable
Mode
Global Config
udld message time
This command configures the interval between UDLD probe messages on ports that are in the advertisement
phase. The range is from 7 to 90 seconds.
Default
15 seconds
Format
udld message time interval
Mode
Global Config
udld timeout interval
This command configures the time interval after which UDLD link is considered to be unidirectional. The range
is from 5 to 60 seconds.
Default
5 seconds
Format
udld timeout interval interval
Mode
Global Config
September 2014
CLI Command Reference
Page 490
HP Moonshot Switch Module CLI Command Reference
UniDirectional Link Detection Commands
udld reset
This command resets all interfaces that have been shutdown by UDLD.
Default
None
Format
udld reset
Mode
Privileged EXEC
udld enable (Interface Config)
This command enables UDLD on the specified interface.
Default
disable
Format
udld enable
Mode
Interface Config
no udld enable (Interface Config)
This command disables UDLD on the specified interface.
Format
no udld enable
Mode
Interface Config
udld port
This command selects the UDLD mode operating on this interface. If the keyword aggressive is not entered,
the port operates in normal mode.
Default
normal
Format
udld port [aggressive]
Mode
Interface Config
September 2014
CLI Command Reference
Page 491
HP Moonshot Switch Module CLI Command Reference
UniDirectional Link Detection Commands
show udld
This command displays the global settings of UDLD.
Format
show udld
Mode
• User EXEC
• Privileged EXEC
If no optional parameters are entered, the information in the following table displays.
Parameter
Description
Admin Mode
The global administrative mode of UDLD.
Message Interval The time period (in seconds) between the transmission of UDLD probe packets.
Timeout Interval The time period (in seconds) before making a decision that the link is unidirectional.
Example: The following shows example CLI display output for the command after the feature was enabled
and non-default interval values were configured.
(Routing) #show udld
Admin Mode..................................... Enabled
Message Interval............................... 13
Timeout Interval............................... 31
September 2014
CLI Command Reference
Page 492
HP Moonshot Switch Module CLI Command Reference
UniDirectional Link Detection Commands
show udld unit/slot/port
This command displays the UDLD settings for the specified unit/slot/port. If the all keyword is entered, it
displays information for all ports.
Format
show udld {unit/slot/port | all}
Mode
• User EXEC
• Privileged EXEC
Parameter
Description
Port
Admin Mode
UDLD Mode
The port for which UDLD information is displayed.
The administrative mode of UDLD on the port.
The UDLD mode for the port, which is one of the following:
• Normal – The state of the port is classified as Undetermined if an anomaly exists. An
anomaly might be the absence of its own information in received UDLD messages or the
failure to receive UDLD messages. An Undetermined state has no effect on the
operation of the port. The port is not disabled and continues operating. When
operating in UDLD normal mode, a port will be put into a disabled (Shutdown) state
only in the following situations:
– The UDLD PDU received from a partner does not have its own details (echo).
– When there is a loopback, and information sent out on a port is received back
exactly as it was sent.
• Aggressive – The port is put into a disabled state for the same reasons that it occurs in
normal mode. Additionally, a port in UDLD aggressive mode can be disabled if the port
does not receive any UDLD echo packets even after bidirectional connection was
established. If a bidirectional link is established, and packets suddenly stop coming from
partner device, the UDLD aggressive-mode port assumes that link has become
unidirectional.
The UDLD status on the port, which is one of the following:
• Not Applicable – The administrative status of UDLD is globally disabled or disabled on
the interface.
• Bidirectional – UDLD has detected a bidirectional link.
• Shutdown – UDLD has detected a unidirectional link, and the port is in a disabled state.
To clear the disabled state, click UDLD Port Reset.
• Undetermined – UDLD has not collected enough information to determine the state of
the port.
• Unknown – The port link has physically gone down, but it is not because it was put in a
disabled state by the UDLD feature
UDLD Status
Example: The following shows example CLI display output for the command.
(Routing) #show udld 1/0/1
Port
----1/0/1
Admin Mode
---------Enabled
September 2014
UDLD Mode
----------Normal
UDLD Status
-------------Not Applicable
CLI Command Reference
Page 493
HP Moonshot Switch Module CLI Command Reference
UniDirectional Link Detection Commands
Example: The following shows example CLI display output for the command.
(Routing) #show udld all
Port
Admin Mode
-------------1/0/1
Enabled
1/0/2
Enabled
1/0/3
Enabled
1/0/4
Enabled
1/0/5
Enabled
1/0/6
Enabled
1/0/7
Enabled
1/0/8
Enabled
1/0/9
Enabled
--More-- or (q)uit
September 2014
UDLD Mode
----------Normal
Normal
Normal
Normal
Normal
Normal
Normal
Normal
Normal
UDLD Status
-------------Shutdown
Undetermined
Bidirectional
Not Applicable
Not Applicable
Not Applicable
Not Applicable
Shutdown
Not Applicable
CLI Command Reference
Page 494
HP Moonshot Switch Module CLI Command Reference
Priority-Based Flow Control Commands
Priority-Based Flow Control Commands
Ordinarily, when flow control is enabled on a physical link, it applies to all traffic on the link. When congestion
occurs, the hardware sends pause frames that temporarily suspend traffic flow. Pausing traffic helps prevent
buffer overflow and dropped frames.
Priority-based flow control (PFC) provides a way to distinguish which traffic on physical link is paused when
congestion occurs, based on the priority of the traffic. An interface can be configured to pause only high priority
(i.e., loss-sensitive) traffic when necessary prevent dropped frames, while allowing traffic that has greater loss
tolerance to continue to flow on the interface.
Priorities are differentiated by the priority field of the IEEE 802.1Q VLAN header, which identifies an IEEE
802.1p priority value. In the HP Moonshot Switch Module, these priority values must be mapped to internal
class-of-service (CoS) values.
To enable priority-based flow control for a particular CoS value on an interface:
1. Ensure that VLAN tagging is enabled on the interface so that the 802.1p priority values are carried through
the network (see “Provisioning (IEEE 802.1p) Commands” on page 320).
2. Ensure that 802.1p priority values are mapped to HP Moonshot Switch Module CoS values (see
“classofservice dot1p-mapping” on page 619).
3. Use the datacenter-bridging priority-flow-control mode on command to enable priority-based flow
control on the interface.
4. Use the datacenter-bridging priority-flow-control priority command to specify the CoS values that
should be paused (“no-drop”) due to greater loss sensitivity. Unless configured as “no-drop”, all CoS
priorities are considered non-pausable (“drop”) when priority-based flow control is enabled.
When priority-flow-control is disabled, the interface defaults to the IEEE 802.3x flow control setting for the
interface. When priority-based flow control is enabled, the interface will not pause any CoS unless there is at
least one no-drop priority.
priority-flow-control mode
Use the priority-flow-control mode on command in Datacenter-Bridging Config mode to enable Priority-FlowControl (PFC) on the given interface.
PFC must be enabled before FIP snooping can operate over the interface. Use the no form of the command to
return the mode to the default (off). VLAN tagging (trunk or general mode) must be enabled on the interface
in order to carry the dot1p value through the network. Additionally, the dot1mapping to class-of-service must
be set to one-to-one.
When PFC is enabled on an interface, the normal PAUSE control mechanism is operationally disabled.
Default
Priority-flow-control mode is off (disabled) by default.
Format
priority-flow-control mode
Mode
Datacenter-Bridging Config mode
September 2014
{ on | off }
CLI Command Reference
Page 495
HP Moonshot Switch Module CLI Command Reference
Parameter
Description
on
off
Enable PFC on the interface.
Disable PFC on the interface.
Priority-Based Flow Control Commands
Example: The following example enables PFC on an interface.
(Routing) (Config)#interface 1/0/3
(Routing) (Interface 1/0/3)#datacenter-bridging
(Routing) (config-if-dcb)#priority-flow-control mode on
no priority-flow-control mode
Use the no priority-flow-control mode command to return the PFC mode to the default (off).
Format
no priority-flow-control mode
Mode
Datacenter-Bridging Config mode
priority-flow-control priority
Use the priority-flow-control priority command in Datacenter-Bridging Config mode to enable the priority
group for lossless (no-drop) or lossy (drop) behavior on the selected interface. Up to two lossless priorities can
be enabled on an interface. The administrator must configure the same no-drop priorities across the network
in order to ensure end-to-end lossless behavior.
The command has no effect on interfaces not enabled for PFC. VLAN tagging needs to be turned on in order to
carry the dot1p value through the network. Additionally, the dot1pmapping to class of service must be set to
one to one.
Default
The default behavior for all priorities is drop.
Format
priority-flow-control priority priority-list {drop | no-drop}
Mode
Datacenter-Bridging Config mode
Parameter
Description
drop
no-drop
Disable lossless behavior on the selected priorities.
Enable lossless behavior on the selected priorities.
Example: The following example sets priority 3 to no drop behavior.
(Routing)
(Routing)
(Routing)
(Routing)
(Config)#interface 1/0/3
(Interface 1/0/3)#datacenter-bridging
(config-if-dcb)#priority-flow-control mode on
(config-if-dcb)#priority-flow-control priority 1 no-drop
September 2014
CLI Command Reference
Page 496
HP Moonshot Switch Module CLI Command Reference
Priority-Based Flow Control Commands
no priority-flow-control priority
Use the no priority-flow-control priority command in Datacenter-Bridging Config mode to enable lossy
behavior on all priorities on the interface. This has no effect on interfaces not enabled for PFC or with no
lossless priorities configured.
Format
no priority-flow-control priority
Mode
Datacenter-Bridging Config mode
clear priority-flow-control statistics
Use the clear priority-flow-control statistics command to clear all global and interface PFC statistics.
Format
clear priority-flow-control statistics
Mode
Privileged EXEC
Example: The following shows examples of the commands.
console#clear priority-flow-control statistics
show interface priority-flow-control
Use the show interface priority-flow-control command in Privileged EXEC mode to display the PFC information
of a given interface or all interfaces.
Format
show interface [unit/slot/port] priority-flow-control
Mode
Privileged EXEC
When no interface number is provide, the following information displays for all interfaces.
Parameter
Description
Port
Drop Priorities
The port associated with the rest of the data in the row.
The 802.1p priority values that are configured with a drop priority. Drop priorities do not
participate in pause.
The 802.1p priority values that are configured with a no-drop priority. If an 802.1p priority
that is designated as no-drop is congested, the priority is paused.
The operational status of the interface.
No-Drop
Priorities
Operational
Status
September 2014
CLI Command Reference
Page 497
HP Moonshot Switch Module CLI Command Reference
Priority-Based Flow Control Commands
When no interface number is provide, the following information displays for all interfaces.
Parameter
Description
Interface Detail
Operational Status
Configured State
Configured Drop
Priorities
Configured No-Drop
Priorities
The port for which data is displayed.
The operational status of the interface.
The administrative mode of PFC on the interface.
The 802.1p priority values that are configured with a drop priority on the interface.
Drop priorities do not participate in pause.
The 802.1p priority values that are configured with a no-drop priority on the
interface. If an 802.1p priority that is designated as no-drop is congested, the priority
is paused.
The 802.1p priority values that the switch is using with a drop priority. The
operational drop priorities might not be the same as the configured priorities if the
interface has accepted different priorities from a peer device
The 802.1p priority values that the switch is using with a no-drop priority. The
operational drop priorities might not be the same as the configured priorities if the
interface has accepted different priorities from a peer device
The operational status of the interface.
Indicates whether the local switch has accepted a compatible configuration from a
peer switch.
The number of received configurations accepted and processed as valid. This number
does not include duplicate configurations.
The number of received configurations that were not accepted from a peer device
because they were incompatible.
The 802.1p priority value.
The number of PFC frames received by the interface with the associated 802.1p
priority.
The number of PFC frames transmitted by the interface with the associated 802.1p
priority.
Operational Drop
Priorities
Configured No-Drop
Priorities
Delay Allowance
Peer Configuration
Compatible
Compatible
Configuration Count
Incompatible
Configuration Count
Priority
Received PFC Frames
Transmitted PFC
Frames
Example: The following examples show the priority flow control status and statistics.
(Routing) #show interface 1/0/3 priority-flow-control
Interface Detail:
Operational State:
Configured State:
Configured Drop Priorities:
Configured No-Drop Priorities:
Operational Drop Priorities:
Operational No-Drop Priorities:
Delay Allowance:
Peer Configuration Compatible:
Compatible Configuration Count:
Incompatible Configuration Count:
September 2014
1/0/3
Active
Enabled
0,2-7
1
0,2-7
1
36432 bit times
N/A
0
0
CLI Command Reference
Page 498
HP Moonshot Switch Module CLI Command Reference
Priority
-------0
1
2
3
4
5
6
7
Received PFC frames
------------------0
0
0
0
0
0
0
0
Received PFC Frames:
Transmitted PFC Frames:
September 2014
Priority-Based Flow Control Commands
Transmitted PFC Frames
---------------------0
0
0
0
0
0
0
0
0
0
CLI Command Reference
Page 499
Routing Commands
HP Moonshot Switch Module CLI Command Reference
Section 7: Routing Commands
This chapter describes the routing commands available in the HP Moonshot Switch Module CLI.
The Routing Commands chapter contains the following sections:
• “Address Resolution Protocol Commands” on page 501
• “IP Routing Commands” on page 508
• “Router Discovery Protocol Commands” on page 528
• “Virtual LAN Routing Commands” on page 532
• “Virtual Router Redundancy Protocol Commands” on page 535
• “DHCP and BOOTP Relay Commands” on page 544
• “IP Helper Commands” on page 546
• “Open Shortest Path First Commands” on page 555
• “Routing Information Protocol Commands” on page 607
• “ICMP Throttling Commands” on page 614
• “Loopback Interface Commands” on page 616
September 2014
CLI Command Reference
Page 500
HP Moonshot Switch Module CLI Command Reference
Address Resolution Protocol Commands
Address Resolution Protocol Commands
This section describes the commands you use to configure Address Resolution Protocol (ARP) and to view ARP
information on the switch. ARP associates IP addresses with MAC addresses and stores the information as ARP
entries in the ARP cache.
arp
This command creates an ARP entry. The value for ipaddress is the IP address of a device on a subnet attached
to an existing routing interface. The parameter macaddr is a unicast MAC address for that device.
The format of the MAC address is 6 two-digit hexadecimal numbers that are separated by colons, for example
00:06:29:32:81:40.
Format
arp ipaddress macaddr
Mode
Global Config
no arp
This command deletes an ARP entry. The value for arpentry is the IP address of the interface. The value for
ipaddress is the IP address of a device on a subnet attached to an existing routing interface. The parameter
macaddr is a unicast MAC address for that device.
Format
no arp ipaddress macaddr
Mode
Global Config
ip proxy-arp
This command enables proxy ARP on a router interface or range of interfaces. Without proxy ARP, a device only
responds to an ARP request if the target IP address is an address configured on the interface where the ARP
request arrived. With proxy ARP, the device may also respond if the target IP address is reachable. The device
only responds if all next hops in its route to the destination are through interfaces other than the interface that
received the ARP request.
Default
enabled
Format
ip proxy-arp
Mode
Interface Config
September 2014
CLI Command Reference
Page 501
HP Moonshot Switch Module CLI Command Reference
Address Resolution Protocol Commands
no ip proxy-arp
This command disables proxy ARP on a router interface.
Format
no ip proxy-arp
Mode
Interface Config
ip local-proxy-arp
Use this command to allow an interface to respond to ARP requests for IP addresses within the subnet and to
forward traffic between hosts in the subnet.
Default
disabled
Format
ip local-proxy-arp
Mode
Interface Config
no ip local-proxy-arp
This command resets the local proxy ARP mode on the interface to the default value.
Format
no ip local-proxy-arp
Mode
Interface Config
arp cachesize
This command configures the ARP cache size. The ARP cache size range is 384–6144.
Default
6144
Format
arp cachesize cache-size
Mode
Global Config
no arp cachesize
This command configures the default ARP cache size.
Format
no arp cachesize
Mode
Global Config
September 2014
CLI Command Reference
Page 502
HP Moonshot Switch Module CLI Command Reference
Address Resolution Protocol Commands
arp dynamicrenew
This command enables the ARP component to automatically renew dynamic ARP entries when they age out.
When an ARP entry reaches its maximum age, the system must decide whether to retain or delete the entry.
If the entry has recently been used to forward data packets, the system will renew the entry by sending an ARP
request to the neighbor. If the neighbor responds, the age of the ARP cache entry is reset to 0 without removing
the entry from the hardware. Traffic to the host continues to be forwarded in hardware without interruption.
If the entry is not being used to forward data packets, then the entry is deleted from the ARP cache, unless the
dynamic renew option is enabled. If the dynamic renew option is enabled, the system sends an ARP request to
renew the entry. When an entry is not renewed, it is removed from the hardware and subsequent data packets
to the host trigger an ARP request. Traffic to the host may be lost until the router receives an ARP reply from
the host. Gateway entries, entries for a neighbor router, are always renewed. The dynamic renew option
applies only to host entries.
The disadvantage of enabling dynamic renew is that once an ARP cache entry is created, that cache entry
continues to take space in the ARP cache as long as the neighbor continues to respond to ARP requests, even
if no traffic is being forwarded to the neighbor. In a network where the number of potential neighbors is greater
than the ARP cache capacity, enabling dynamic renew could prevent some neighbors from communicating
because the ARP cache is full.
Default
disabled
Format
arp dynamicrenew
Mode
Privileged EXEC
no arp dynamicrenew
This command prevents dynamic ARP entries from renewing when they age out.
Format
no arp dynamicrenew
Mode
Privileged EXEC
arp purge
This command causes the specified IP address to be removed from the ARP cache. Only entries of type dynamic
or gateway are affected by this command.
Format
arp purge ipaddr
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 503
HP Moonshot Switch Module CLI Command Reference
Address Resolution Protocol Commands
arp resptime
This command configures the ARP request response timeout.
The value for seconds is a valid positive integer, which represents the IP ARP entry response timeout time in
seconds. The range for seconds is between 1-10 seconds.
Default
1
Format
arp resptime 1-10
Mode
Global Config
no arp resptime
This command configures the default ARP request response timeout.
Format
no arp resptime
Mode
Global Config
arp retries
This command configures the ARP count of maximum request for retries.
The value for retries is an integer, which represents the maximum number of request for retries. The range
for retries is an integer between 0-10 retries.
Default
4
Format
arp retries 0-10
Mode
Global Config
no arp retries
This command configures the default ARP count of maximum request for retries.
Format
no arp retries
Mode
Global Config
September 2014
CLI Command Reference
Page 504
Address Resolution Protocol Commands
HP Moonshot Switch Module CLI Command Reference
arp timeout
This command configures the ARP entry ageout time.
The value for seconds is a valid positive integer, which represents the IP ARP entry ageout time in seconds. The
range for seconds is between 15-21600 seconds.
Default
1200
Format
arp timeout 15-21600
Mode
Global Config
no arp timeout
This command configures the default ARP entry ageout time.
Format
no arp timeout
Mode
Global Config
clear arp-cache
This command causes all ARP entries of type dynamic to be removed from the ARP cache. If the gateway
keyword is specified, the dynamic entries of type gateway are purged as well
.
Format
clear arp-cache [gateway]
Mode
Privileged EXEC
clear arp-switch
Use this command to clear the contents of the switch’s Address Resolution Protocol (ARP) table that contains
entries learned through the Management port. To observe whether this command is successful, ping from the
remote system to the DUT. Issue the show arp switch command to see the ARP entries. Then issue the clear
arp-switch command and check the show arp switch entries. There will be no more arp entries.
Format
clear arp-switch
Mode
Privileged EXEC
show arp
This command displays the Address Resolution Protocol (ARP) cache. The displayed results are not the total
ARP entries. To view the total ARP entries, the operator should view the show arp results in conjunction with
the show arp switch results.
Format
show arp
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 505
HP Moonshot Switch Module CLI Command Reference
Address Resolution Protocol Commands
Term
Definition
Age Time
(seconds)
Response Time
(seconds)
Retries
Cache Size
Dynamic Renew
Mode
Total Entry Count
Current / Peak
Static Entry Count
Current / Max
The time it takes for an ARP entry to age out. This is configurable. Age time is measured
in seconds.
The time it takes for an ARP request timeout. This value is configurable. Response time is
measured in seconds.
The maximum number of times an ARP request is retried. This value is configurable.
The maximum number of entries in the ARP table. This value is configurable.
Displays whether the ARP component automatically attempts to renew dynamic ARP
entries when they age out.
The total entries in the ARP table and the peak entry count in the ARP table.
The static entry count in the ARP table and maximum static entry count in the ARP table.
The following are displayed for each ARP entry:
Term
Definition
IP Address
MAC Address
Interface
Type
Age
The IP address of a device on a subnet attached to an existing routing interface.
The hardware MAC address of that device.
The routing unit/slot/port associated with the device ARP entry.
The type that is configurable. The possible values are Local, Gateway, Dynamic and Static.
The current age of the ARP entry since last refresh (in hh:mm:ss format)
show arp brief
This command displays the brief Address Resolution Protocol (ARP) table information.
Format
show arp brief
Mode
Privileged EXEC
Term
Definition
Age Time
(seconds)
Response Time
(seconds)
Retries
Cache Size
Dynamic Renew
Mode
The time it takes for an ARP entry to age out. This value is configurable. Age time is
measured in seconds.
The time it takes for an ARP request timeout. This value is configurable. Response time is
measured in seconds.
The maximum number of times an ARP request is retried. This value is configurable.
The maximum number of entries in the ARP table. This value is configurable.
Displays whether the ARP component automatically attempts to renew dynamic ARP
entries when they age out.
September 2014
CLI Command Reference
Page 506
HP Moonshot Switch Module CLI Command Reference
Term
Address Resolution Protocol Commands
Definition
Total Entry Count The total entries in the ARP table and the peak entry count in the ARP table.
Current / Peak
Static Entry Count The static entry count in the ARP table and maximum static entry count in the ARP table.
Current / Max
show arp switch
This command displays the contents of the switch’s Address Resolution Protocol (ARP) table.
Format
show arp switch
Mode
Privileged EXEC
Term
Definition
IP Address
MAC Address
Interface
The IP address of a device on a subnet attached to the switch.
The hardware MAC address of that device.
The routing unit/slot/port associated with the device’s ARP entry.
September 2014
CLI Command Reference
Page 507
HP Moonshot Switch Module CLI Command Reference
IP Routing Commands
IP Routing Commands
This section describes the commands you use to enable and configure IP routing on the switch.
routing
This command enables IPv4 and IPv6 routing for an interface or range of interfaces. You can view the current
value for this function with the show ip brief command. The value is labeled as “Routing Mode.”
Default
disabled
Format
routing
Mode
Interface Config
no routing
This command disables routing for an interface.
You can view the current value for this function with the show ip brief command. The value is labeled as
“Routing Mode.”
Format
no routing
Mode
Interface Config
ip routing
This command enables the IP Router Admin Mode for the master switch.
Format
ip routing
Mode
Global Config
no ip routing
This command disables the IP Router Admin Mode for the master switch.
Format
no ip routing
Mode
Global Config
September 2014
CLI Command Reference
Page 508
HP Moonshot Switch Module CLI Command Reference
IP Routing Commands
ip address
This command configures an IP address on an interface or range of interfaces. You can also use this command
to configure one or more secondary IP addresses on the interface. The command supports RFC 3021 and
accepts using 31-bit prefixes on IPv4 point-to-point links. This command adds the label IP address in the
command “show ip interface” on page 516.
Note: The 31-bit subnet mask is only supported on routing interfaces. The feature is not supported
on network port and service port interfaces because HP Moonshot Switch Module acts as a host, not
a router, on these management interfaces.
Format
ip address ipaddr {subnetmask | /masklen} [secondary]
Mode
Interface Config
Parameter
Description
ipaddr
subnetmask
masklen
The IP address of the interface.
A 4-digit dotted-decimal number which represents the subnet mask of the interface.
Implements RFC 3021. Using the / notation of the subnet mask, this is an integer that
indicates the length of the subnet mask. Range is 5 to 32 bits.
Example: The following example of the command shows the configuration of the subnet mask with an IP
address in the dotted decimal format on interface 0/4/1.
(router1) #config
(router1) (Config)#interface 0/4/1
(router1) (Interface 0/4/1)#ip address 192.168.10.1 255.255.255.254
Example: The next example of the command shows the configuration of the subnet mask with an IP address
in the / notation on interface 0/4/1.
(router1) #config
(router1) (Config)#interface 0/4/1
(router1) (Interface 0/4/1)#ip address 192.168.10.1 /31
no ip address
This command deletes an IP address from an interface. The value for ipaddr is the IP address of the interface
in a.b.c.d format where the range for a, b, c, and d is 1-255. The value for subnetmask is a 4-digit dotted-decimal
number which represents the Subnet Mask of the interface. To remove all of the IP addresses (primary and
secondary) configured on the interface, enter the command no ip address.
Format
no ip address [{ipaddr subnetmask [secondary]}]
Mode
Interface Config
September 2014
CLI Command Reference
Page 509
HP Moonshot Switch Module CLI Command Reference
IP Routing Commands
ip address dhcp
This command enables the DHCPv4 client on an in-band interface so that it can acquire network information,
such as the IP address, subnet mask, and default gateway, from a network DHCP server. When DHCP is enabled
on the interface, the system automatically deletes all manually configured IPv4 addresses on the interface.
To enable the DHCPv4 client on an in-band interface and send DHCP client messages with the client identifier
option, use the ip address dhcp client-id configuration command in interface configuration mode.
Default
disabled
Format
ip address dhcp [client-id]
Mode
Interface Config
Example: In the following example, DHCPv4 is enabled on interface 0/4/1.
(router1) #config
(router1) (Config)#interface 0/4/1
(router1) (Interface 0/4/1)#ip address dhcp
no ip address dhcp
The no ip address dhcp command releases a leased address and disables DHCPv4 on an interface. The no form
of the ip address dhcp client-id command removes the client-id option and also disables the DHCP client on
the in-band interface.
Format
no ip address dhcp [client-id]
Mode
Interface Config
ip default-gateway
This command manually configures a default gateway for the switch. Only one default gateway can be
configured. If you invoke this command multiple times, each command replaces the previous value.
When the system does not have a more specific route to a packet’s destination, it sends the packet to the
default gateway. The system installs a default IPv4 route with the gateway address as the next hop address. The
route preference is 253. A default gateway configured with this command is more preferred than a default
gateway learned from a DHCP server.
Format
ip default-gateway ipaddr
Mode
Global Config
Parameter
Description
ipaddr
The IPv4 address of an attached router.
September 2014
CLI Command Reference
Page 510
HP Moonshot Switch Module CLI Command Reference
IP Routing Commands
no ip default-gateway
This command removes the default gateway address from the configuration.
Format
no ip default-gateway ipaddr
Mode
Interface Config
release dhcp
Use this command to force the DHCPv4 client to release the leased address from the specified interface. The
DHCP client sends a DHCP Release message telling the DHCP server that it no longer needs the IP address, and
that the IP address can be reassigned to another
renew dhcp
Use this command to force the DHCPv4 client to immediately renew an IPv4 address lease on the specified
interface.
Note: This command can be used on in-band ports as well as the service or network (out-of-band)
port.
Format
renew dhcp unit/slot/port
Mode
Privileged EXEC
renew dhcp network-port
Use this command to renew an IP address on a network port.
Format
renew dhcp network-port
Mode
Privileged EXEC
renew dhcp service-port
Use this command to renew an IP address on a service port.
Format
renew dhcp service-port
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 511
HP Moonshot Switch Module CLI Command Reference
IP Routing Commands
ip route
This command configures a static route. The ipaddr parameter is a valid IP address, and subnetmask is a valid
subnet mask. The nexthopip parameter is a valid IP address of the next hop router. Specifying Null0 as nexthop
parameter adds a static reject route. The optional preference parameter is an integer (value from 1 to 255) that
allows you to specify the preference value (sometimes called “administrative distance”) of an individual static
route. Among routes to the same destination, the route with the lowest preference value is the route entered
into the forwarding database. By specifying the preference of a static route, you control whether a static route
is more or less preferred than routes from dynamic routing protocols. The preference also controls whether a
static route is more or less preferred than other static routes to the same destination. A route with a preference
of 255 cannot be used to forward traffic.
For the static routes to be visible, you must perform the following steps:
• Enable ip routing globally.
• Enable ip routing for the interface.
• Confirm that the associated link is also up.
Default
preference—1
Format
ip route ipaddr subnetmask [nexthopip | Null0] [preference]
Mode
Global Config
no ip route
This command deletes a single next hop to a destination static route. If you use the nexthopip parameter, the
next hop is deleted. If you use the preference value, the preference value of the static route is reset to its
default.
Format
no ip route ipaddr subnetmask [{nexthopip [preference] | Null0}]
Mode
Global Config
ip route default
This command configures the default route. The value for nexthopip is a valid IP address of the next hop router.
The preference is an integer value from 1 to 255. A route with a preference of 255 cannot be used to forward
traffic.
Default
preference—1
Format
ip route default nexthopip [preference]
Mode
Global Config
September 2014
CLI Command Reference
Page 512
HP Moonshot Switch Module CLI Command Reference
IP Routing Commands
no ip route default
This command deletes all configured default routes. If the optional nexthopip parameter is designated, the
specific next hop is deleted from the configured default route and if the optional preference value is
designated, the preference of the configured default route is reset to its default.
Format
no ip route default [{nexthopip | preference}]
Mode
Global Config
ip route distance
This command sets the default distance (preference) for static routes. Lower route distance values are
preferred when determining the best route. The ip route and ip route default commands allow you to
optionally set the distance (preference) of an individual static route. The default distance is used when no
distance is specified in these commands. Changing the default distance does not update the distance of
existing static routes, even if they were assigned the original default distance. The new default distance will
only be applied to static routes created after invoking the ip route distance command.
Default
1
Format
ip route distance 1-255
Mode
Global Config
no ip route distance
This command sets the default static route preference value in the router. Lower route preference values are
preferred when determining the best route.
Format
no ip route distance
Mode
Global Config
ip netdirbcast
This command enables the forwarding of network-directed broadcasts on an interface or range of interfaces.
When enabled, network directed broadcasts are forwarded. When disabled they are dropped.
Default
disabled
Format
ip netdirbcast
Mode
Interface Config
September 2014
CLI Command Reference
Page 513
HP Moonshot Switch Module CLI Command Reference
IP Routing Commands
no ip netdirbcast
This command disables the forwarding of network-directed broadcasts. When disabled, network directed
broadcasts are dropped.
Format
no ip netdirbcast
Mode
Interface Config
ip mtu
This command sets the IP Maximum Transmission Unit (MTU) on a routing interface or range of interfaces. The
IP MTU is the size of the largest IP packet that can be transmitted on the interface without fragmentation.
Forwarded packets are dropped if they exceed the IP MTU of the outgoing interface.
Packets originated on the router, such as OSPF packets, may be fragmented by the IP stack.
OSPF advertises the IP MTU in the Database Description packets it sends to its neighbors during database
exchange. If two OSPF neighbors advertise different IP MTUs, they will not form an adjacency. (unless OSPF has
been instructed to ignore differences in IP MTU with the ip ospf mtu-ignore command.)
Note: The IP MTU size refers to the maximum size of the IP packet (IP Header + IP payload). It does
not include any extra bytes that may be required for Layer-2 headers. To receive and process packets,
the Ethernet MTU (see “mtu” on page 270) must take into account the size of the Ethernet header.
Default
1500 bytes
Format
ip mtu 68-12270
Mode
Interface Config
no ip mtu
This command resets the ip mtu to the default value.
Format
no ip mtu
Mode
Interface Config
encapsulation
This command configures the link layer encapsulation type for the packet on an interface or range of interfaces.
The encapsulation type can be ethernet or snap.
Default
ethernet
Format
encapsulation {ethernet | snap}
Mode
Interface Config
September 2014
CLI Command Reference
Page 514
HP Moonshot Switch Module CLI Command Reference
IP Routing Commands
Note: Routed frames are always ethernet encapsulated when a frame is routed to a VLAN.
show dhcp lease
This command displays a list of IPv4 addresses currently leased from a DHCP server on a specific in-band
interface or all in-band interfaces. This command does not apply to service or network ports.
Format
show dhcp lease [interface unit/slot/port]
Modes
Privileged EXEC
Term
Definition
IP address, Subnet mask
DHCP Lease server
State
DHCP transaction ID
Lease
Renewal
The IP address and network mask leased from the DHCP server
The IPv4 address of the DHCP server that leased the address.
State of the DHCPv4 Client on this interface
The transaction ID of the DHCPv4 Client
The time (in seconds) that the IP address was leased by the server
The time (in seconds) when the next DHCP renew Request is sent by DHCPv4
Client to renew the leased IP address
The time (in seconds) when the DHCP Rebind process starts
Number of times the DHCPv4 client sends a DHCP REQUEST message before the
server responds
Rebind
Retry count
show ip brief
This command displays all the summary information of the IP, including the ICMP rate limit configuration and
the global ICMP Redirect configuration.
Format
show ip brief
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Default Time to Live
The computed TTL (Time to Live) of forwarding a packet from the local router to the
final destination.
Shows whether the routing mode is enabled or disabled.
The maximum number of next hops the packet can travel.
The maximum number of routes the packet can travel.
Shows how often the token bucket is initialized with burst-size tokens. Burst-interval
is from 0 to 2147483647 milliseconds. The default burst-interval is 1000 msec.
Routing Mode
Maximum Next Hops
Maximum Routes
ICMP Rate Limit
Interval
September 2014
CLI Command Reference
Page 515
IP Routing Commands
HP Moonshot Switch Module CLI Command Reference
Term
Definition
ICMP Rate Limit Burst
Size
ICMP Echo Replies
ICMP Redirects
Shows the number of ICMPv4 error messages that can be sent during one burstinterval. The range is from 1 to 200 messages. The default value is 100 messages.
Shows whether ICMP Echo Replies are enabled or disabled.
Shows whether ICMP Redirects are enabled or disabled.
Example: The following shows example CLI display output for the command.
(Routing) #show ip brief
Default Time to Live...........................
Routing Mode...................................
Maximum Next Hops..............................
Maximum Routes.................................
ICMP Rate Limit Interval.......................
ICMP Rate Limit Burst Size.....................
ICMP Echo Replies..............................
ICMP Redirects.................................
64
Disabled
4
128
1000 msec
100 messages
Enabled
Enabled
show ip interface
This command displays all pertinent information about the IP interface. The argument unit/slot/port
corresponds to a physical routing interface or VLAN routing interface. The keyword vlan is used to specify the
VLAN ID of the routing VLAN directly instead of in a unit/slot/port format.
Format
show ip interface {unit/slot/port|vlan 1-4093|loopback 0-7}
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Routing Interface
Status
Primary IP
Address
Method
Secondary IP
Address
Helper IP Address
Determine the operational status of IPv4 routing Interface. The possible values are Up or
Down.
The primary IP address and subnet masks for the interface. This value appears only if you
configure it.
Shows whether the IP address was configured manually or acquired from a DHCP server.
One or more secondary IP addresses and subnet masks for the interface. This value appears
only if you configure it.
The helper IP addresses configured by the command “ip helper-address (Interface Config)”
on page 549.
The administrative mode of router interface participation. The possible values are enable
or disable. This value is configurable.
The administrative mode of the specified interface. The possible values of this field are
enable or disable. This value is configurable.
Displays whether forwarding of network-directed broadcasts is enabled or disabled. This
value is configurable.
Routing Mode
Administrative
Mode
Forward Net
Directed
Broadcasts
September 2014
CLI Command Reference
Page 516
IP Routing Commands
HP Moonshot Switch Module CLI Command Reference
Term
Definition
Proxy ARP
Local Proxy ARP
Active State
Displays whether Proxy ARP is enabled or disabled on the system.
Displays whether Local Proxy ARP is enabled or disabled on the interface.
Displays whether the interface is active or inactive. An interface is considered active if its
link is up and it is in forwarding state.
An integer representing the physical link data rate of the specified interface. This is
measured in Megabits per second (Mbps).
The burned in physical address of the specified interface. The format is 6 two-digit
hexadecimal numbers that are separated by colons.
The encapsulation type for the specified interface. The types are: Ethernet or SNAP.
Link Speed Data
Rate
MAC Address
Encapsulation
Type
IP MTU
Bandwidth
Destination
Unreachables
ICMP Redirects
DHCP Client
Identifier
The maximum transmission unit (MTU) size of a frame, in bytes.
Shows the bandwidth of the interface.
Displays whether ICMP Destination Unreachables may be sent (enabled or disabled).
Displays whether ICMP Redirects may be sent (enabled or disabled).
The client identifier is displayed in the output of the command only if DHCP is enabled with
the client-id option on the in-band interface. See “ip address dhcp” on page 510.
Example: The following shows example CLI display output for the command.
(Routing)#show ip interface 1/0/2
Routing Interface Status.......................
Primary IP Address.............................
Method.........................................
Secondary IP Address(es).......................
...............................................
Helper IP Address..............................
...............................................
Routing Mode...................................
Administrative Mode............................
Forward Net Directed Broadcasts................
Proxy ARP......................................
Local Proxy ARP................................
Active State...................................
Link Speed Data Rate...........................
MAC Address....................................
Encapsulation Type.............................
IP MTU.........................................
Bandwidth......................................
Destination Unreachables.......................
ICMP Redirects.................................
Down
1.2.3.4/255.255.255.0
Manual
21.2.3.4/255.255.255.0
22.2.3.4/255.255.255.0
1.2.3.4
1.2.3.5
Disable
Enable
Disable
Enable
Disable
Inactive
Inactive
00:10:18:82:0C:68
Ethernet
1500
100000 kbps
Enabled
Enabled
Example: In the following example the DHCP client is enabled on a VLAN routing interface.
(Routing) #show ip interface vlan 10
Routing Interface Status.................
Method...................................
Routing Mode.............................
Administrative Mode......................
September 2014
Up
DHCP
Enable
Enable
CLI Command Reference
Page 517
HP Moonshot Switch Module CLI Command Reference
Forward Net Directed Broadcasts..........
Active State.............................
Link Speed Data Rate.....................
MAC address..............................
Encapsulation Type.......................
IP MTU...................................
Bandwidth................................
Destination Unreachables.................
ICMP Redirects...........................
Interface Suppress Status................
DHCP Client Identifier...................
IP Routing Commands
Disable
Inactive
10 Half
00:10:18:82:16:0E
Ethernet
1500
10000 kbps
Enabled
Enabled
Unsuppressed
0Moonshot-0010.1882.160E-vl10
show ip interface brief
This command displays summary information about IP configuration settings for all ports in the router, and
indicates how each IP address was assigned.
Format
show ip interface brief
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Interface
State
IP Address
IP Mask
Method
The physical or logical interface.
Routing operational state of the interface.
The IP address of the routing interface in 32-bit dotted decimal format.
The IP mask of the routing interface in 32-bit dotted decimal format.
Indicates how each IP address was assigned. The field contains one of the following values:
• DHCP - The address is leased from a DHCP server.
• Manual - The address is manually configured.
Example: The following shows example CLI display output for the command.
(alpha1) #show ip interface brief
Interface
---------1/0/17
State
----Up
IP Address
IP Mask
Method
--------------- --------------- -------192.168.75.1
255.255.255.0
DHCP
show ip protocols
This command lists a summary of the configuration and status for each unicast routing protocol. The command
lists routing protocols which are configured and enabled. If a protocol is selected on the command line, the
display will be limited to that protocol.
Format
show ip protocols [ospf | rip]
Mode
Privileged Exec
September 2014
CLI Command Reference
Page 518
HP Moonshot Switch Module CLI Command Reference
Parameter
IP Routing Commands
Description
OSPFv2 Section:
Routing Protocol
Router ID
OSPF Admin
Mode
Maximum Paths
Routing for
Networks
Distance
Default Route
Advertise
Always
OSPFv2.
The router ID configured for OSPFv2.
Whether OSPF is enabled or disabled globally.
The maximum number of next hops in an OSPF route.
The address ranges configured with an OSPF network command.
The administrative distance (or “route preference”) for intra-area, inter-area, and external
routes.
Whether OSPF is configured to originate a default route.
Whether default advertisement depends on having a default route in the common routing
table.
Metric
The metric configured to be advertised with the default route.
Metric Type
The metric type for the default route.
Redist Source
A type of routes that OSPF is redistributing.
Metric
The metric to advertise for redistributed routes of this type.
Metric Type
The metric type to advertise for redistributed routes of this type.
Subnets
Whether OSPF redistributes subnets of classful addresses, or only classful prefixes.
Dist List
A distribute list used to filter routes of this type. Only routes that pass the distribute list are
redistributed.
Number of Active The number of OSPF areas with at least one interface running on this router. Also broken
Areas
down by area type.
ABR Status
Whether the router is currently an area border router. A router is an area border router if
it has interfaces that are up in more than one area.
ASBR Status
Whether the router is an autonomous system boundary router. The router is an ASBR if it
is redistributing any routes or originating a default route.
RIP Section
RIP Admin Mode
Split Horizon
Mode
Default Metric
Default Route
Advertise
Distance
Redistribution
Interface
September 2014
Whether RIP is globally enabled.
Whether RIP advertises routes on the interface where they were received.
The metric assigned to redistributed routes.
Whether this router is originating a default route.
The administrative distance for RIP routes.
A table showing information for each source protocol (connected, static, and ospf). For
each of these source the distribution list and metric are shown. Fields which are not
configured are left blank. For ospf, configured ospf match parameters are also shown.
The interfaces where RIP is enabled and the version sent and accepted on each interface.
CLI Command Reference
Page 519
IP Routing Commands
HP Moonshot Switch Module CLI Command Reference
Example: The following shows example CLI display output for the command.
(Router) #show ip protocols
Routing Protocol..........................
Router ID.................................
OSPF Admin Mode...........................
Maximum Paths.............................
Routing for Networks......................
OSPFv2
6.6.6.6
Enable
32
172.24.0.0 0.0.255.255 area 0
10.0.0.0 0.255.255.255 area 1
192.168.75.0 0.0.0.255 area 2
Distance.................................. Intra 110 Inter 110 Ext 110
Default Route Advertise...................
Always....................................
Metric....................................
Metric Type...............................
Redist
Source
--------static
connected
Metric
------default
10
Metric Type
----------2
2
Disabled
FALSE
Not configured
External Type 2
Subnets
------Yes
Yes
Dist List
--------None
1
Number of Active Areas.................... 3 (3 normal, 0 stub, 0 nssa)
ABR Status................................ Yes
ASBR Status............................... Yes
Routing Protocol..........................
RIP Admin Mode............................
Split Horizon Mode........................
Default Metric............................
Default Route Advertise...................
Distance..................................
RIP
Enable
Simple
Not configured
Disable
120
Redistribution:
Source
Metric Dist List Match
--------- ------ --------- -------------------------------------connected
6
static
10
15
ospf
20 int ext1 ext2 nssa-ext1
Interface
--------0/25
September 2014
Send
---RIPv2
Recv
---RIPv2
CLI Command Reference
Page 520
HP Moonshot Switch Module CLI Command Reference
IP Routing Commands
show ip route
This command displays the routing table. The ip-address specifies the network for which the route is to be
displayed and displays the best matching best-route for the address. The mask specifies the subnet mask for the
given ip-address. When you use the longer-prefixes keyword, the ip-address and mask pair becomes the
prefix, and the command displays the routes to the addresses that match that prefix. Use the protocol
parameter to specify the protocol that installed the routes. The value for protocol can be connected, ospf, rip,
or static. Use the all parameter to display all routes including best and non-best routes. If you do not use the
all parameter, the command displays only the best route.
Note: If you use the connected keyword for protocol, the all option is not available because there
are no best or non-best connected routes.
Note: If you use the static keyword for protocol, the description option is also available, for
example: show ip route ip-address static description. This command shows the description
configured with the specified static route(s).
Format
show ip route [{ip-address [protocol] | {ip-address mask [longer-prefixes] [protocol]
| protocol} [all] | all}]
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Route Codes
The key for the routing protocol codes that might appear in the routing table output.
The show ip route command displays the routing tables in the following format:
Code
IP-Address/Mask [Preference/Metric] via Next-Hop, Route-Timestamp, Interface, Truncated
The columns for the routing table display the following information:
Term
Definition
Code
The codes for the routing protocols that created the routes.
Default Gateway The IP address of the default gateway. When the system does not have a more specific
route to a packet's destination, it sends the packet to the default gateway.
IP-Address/Mask The IP-Address and mask of the destination network corresponding to this route.
Preference
The administrative distance associated with this route. Routes with low values are
preferred over routes with higher values.
Metric
The cost associated with this route.
via Next-Hop
The outgoing router IP address to use when forwarding traffic to the next router (if any) in
the path toward the destination.
September 2014
CLI Command Reference
Page 521
IP Routing Commands
HP Moonshot Switch Module CLI Command Reference
Term
Definition
RouteTimestamp
The last updated time for dynamic routes. The format of Route-Timestamp will be
• Days:Hours:Minutes if days > = 1
• Hours:Minutes:Seconds if days < 1
The outgoing router interface to use when forwarding traffic to the next destination. For
reject routes, the next hop interface would be Null0 interface.
A flag appended to a route to indicate that it is an ECMP route, but only one of its next hops
has been installed in the forwarding table. The forwarding table may limit the number of
ECMP routes or the number of ECMP groups. When an ECMP route cannot be installed
because such a limit is reached, the route is installed with a single next hop. Such truncated
routes are identified by a T after the interface name.
Interface
T
To administratively control the traffic destined to a particular network and prevent it from being forwarded
through the router, you can configure a static reject route on the router. Such traffic would be discarded and
the ICMP destination unreachable message is sent back to the source. This is typically used for preventing
routing loops. The reject route added in the RTO is of the type OSPF Inter-Area. Reject routes (routes of REJECT
type installed by any protocol) are not redistributed by OSPF/RIP. Reject routes are supported in both OSPFv2
and OSPFv3.
Example: The following shows example CLI display output for the command.
(Routing) #show ip route
Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static
B - BGP Derived, IA - OSPF Inter Area
E1 - OSPF External Type 1, E2 - OSPF External Type 2
N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2
Default gateway is 1.1.1.2
C 1.1.1.0/24 [0/1] directly connected, 0/11
C 2.2.2.0/24 [0/1] directly connected, 0/1
C 5.5.5.0/24 [0/1] directly connected, 0/5
S 7.0.0.0/8 [1/0] directly connected, Null0
OIA 10.10.10.0/24 [110/6] via 5.5.5.2,
00h:00m:01s,
C 11.11.11.0/24 [0/1] directly connected,
0/11
S 12.0.0.0/8 [5/0] directly connected, Null0
S 23.0.0.0/8 [3/0] directly connected, Null0
0/5
Example: The following shows example CLI display output for the command to indicate a truncated route.
(router) #show ip route
Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static
B - BGP Derived, IA - OSPF Inter Area
E1 - OSPF External Type 1, E2 - OSPF External Type 2
N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2
O E1
O E1
O E1
100.1.161.0/24 [110/10] via 172.20.11.100,
100.1.162.0/24 [110/10] via 172.20.11.100,
100.1.163.0/24 [110/10] via 172.20.11.100,
September 2014
00h:00m:13s,
00h:00m:13s,
00h:00m:13s,
2/11 T
2/11 T
2/11 T
CLI Command Reference
Page 522
HP Moonshot Switch Module CLI Command Reference
IP Routing Commands
show ip route ecmp-groups
This command reports all current ECMP groups in the IPv4 routing table. An ECMP group is a set of two or more
next hops used in one or more routes. The groups are numbered arbitrarily from 1 to n. The output indicates
the number of next hops in the group and the number of routes that use the set of next hops. The output lists
the IPv4 address and outgoing interface of each next hop in each group.
Format
show ip route ecmp-groups
Mode
Privileged Exec
Example: The following shows example CLI display output for the command.
(router) #show ip route ecmp-groups
ECMP Group 1 with 2 next hops (used by 1 route)
172.20.33.100 on interface 2/33
172.20.34.100 on interface 2/34
ECMP Group 2 with 3 next hops (used by 1 route)
172.20.32.100 on interface 2/32
172.20.33.100 on interface 2/33
172.20.34.100 on interface 2/34
ECMP Group 3 with 4 next hops (used by 1 route)
172.20.31.100 on interface 2/31
172.20.32.100 on interface 2/32
172.20.33.100 on interface 2/33
172.20.34.100 on interface 2/34
September 2014
CLI Command Reference
Page 523
HP Moonshot Switch Module CLI Command Reference
IP Routing Commands
show ip route summary
This command displays a summary of the state of the routing table. When the optional all keyword is given,
some statistics, such as the number of routes from each source, include counts for alternate routes. An
alternate route is a route that is not the most preferred route to its destination and therefore is not installed
in the forwarding table. To include only the number of best routes, do not use the optional keyword.
Format
show ip route summary [all]
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Connected
Routes
Static Routes
RIP Routes
OSPF Routes
Intra Area Routes
Inter Area Routes
External Type-1
Routes
External Type-2
Routes
Reject Routes
Total Routes
Best Routes
(High)
The total number of connected routes in the routing table.
Total number of static routes in the routing table.
Total number of routes installed by RIP protocol.
Total number of routes installed by OSPF protocol.
Total number of Intra Area routes installed by OSPF protocol.
Total number of Inter Area routes installed by OSPF protocol.
Total number of External Type-1 routes installed by OSPF protocol.
Total number of External Type-2 routes installed by OSPF protocol.
Total number of reject routes installed by all protocols.
Total number of routes in the routing table.
The number of best routes currently in the routing table. This number only counts the best
route to each destination. The value in parentheses indicates the highest count of unique
best routes since counters were last cleared.
Alternate Routes The number of alternate routes currently in the routing table. An alternate route is a route
that was not selected as the best route to its destination.
Route Adds
The number of routes that have been added to the routing table.
Route Modifies The number of routes that have been changed after they were initially added to the routing
table.
Route Deletes
The number of routes that have been deleted from the routing table.
Unresolved Route The number of route adds that failed because none of the route’s next hops were on a local
Adds
subnet. Note that static routes can fail to be added to the routing table at startup because
the routing interfaces are not yet up. This counter gets incremented in this case. The static
routes are added to the routing table when the routing interfaces come up.
Invalid Route
The number of routes that failed to be added to the routing table because the route was
Adds
invalid. A log message is written for each of these failures.
Failed Route Adds The number of routes that failed to be added to the routing table because of a resource
limitation in the routing table.
September 2014
CLI Command Reference
Page 524
IP Routing Commands
HP Moonshot Switch Module CLI Command Reference
Term
Definition
Reserved Locals
The number of routing table entries reserved for a local subnet on a routing interface that
is down. Space for local routes is always reserved so that local routes can be installed when
a routing interface bounces.
Unique Next
The number of distinct next hops used among all routes currently in the routing table.
Hops (High)
These include local interfaces for local routes and neighbors for indirect routes. The value
in parentheses indicates the highest count of unique next hops since counters were last
cleared.
Next Hop Groups The current number of next hop groups in use by one or more routes. Each next hop group
(High)
includes one or more next hops. The value in parentheses indicates the highest count of
next hop groups since counters were last cleared.
ECMP Groups
The number of next hop groups with multiple next hops. The value in parentheses indicates
(High)
the highest count of next hop groups since counters were last cleared.
ECMP Routes
The number of routes with multiple next hops currently in the routing table.
Truncated ECMP The number of ECMP routes that are currently installed in the forwarding table with just
Routes
one next hop. The forwarding table may limit the number of ECMP routes or the number
of ECMP groups. When an ECMP route cannot be installed because such a limit is reached,
the route is installed with a single next hop.
ECMP Retries
The number of ECMP routes that have been installed in the forwarding table after initially
being installed with a single next hop.
Routes with n
The current number of routes with each number of next hops.
Next Hops
Example: The following shows example CLI display output for the command.
(Routing) #show ip route summary
Connected Routes...............................
Static Routes..................................
RIP Routes.....................................
OSPF Routes....................................
Intra Area Routes............................
Inter Area Routes............................
External Type-1 Routes.......................
External Type-2 Routes.......................
Reject Routes..................................
Total routes...................................
7
1
20
1004
4
1000
0
0
0
1032
Best Routes (High).............................
Alternate Routes...............................
Route Adds.....................................
Route Modifies.................................
Route Deletes..................................
Unresolved Route Adds..........................
Invalid Route Adds.............................
Failed Route Adds..............................
Reserved Locals................................
1032 (1032)
0
1010
1
10
0
0
0
0
Unique Next Hops (High)........................
Next Hop Groups (High).........................
ECMP Groups (High).............................
ECMP Routes....................................
Truncated ECMP Routes..........................
13 (13)
13 (14)
2 (3)
1001
0
September 2014
CLI Command Reference
Page 525
IP Routing Commands
HP Moonshot Switch Module CLI Command Reference
ECMP Retries...................................
Routes with 1 Next Hop.........................
Routes with 2 Next Hops........................
Routes with 4 Next Hops........................
0
31
1
1000
clear ip route counters
The command resets to zero the IPv4 routing table counters reported in the command “show ip route
summary” on page 524. The command only resets event counters. Counters that report the current state of
the routing table, such as the number of routes of each type, are not reset.
Format
clear ip route counters
Mode
Privileged Exec
show ip route preferences
This command displays detailed information about the route preferences for each type of route. Route
preferences are used in determining the best route. Lower route preference values are preferred over higher
route preference values. A route with a preference of 255 cannot be used to forward traffic.
Format
show ip route preferences
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Local
Static
OSPF Intra
OSPF Inter
OSPF External
RIP
Configured Default Gateway
DHCP Default Gateway
The local route preference value.
The static route preference value.
The OSPF Intra route preference value.
The OSPF Inter route preference value.
The OSPF External route preference value.
The RIP route preference value.
The route preference value of the statically-configured default gateway
The route preference value of the default gateway learned from the DHCP
server.
Example: The following shows example CLI display output for the command.
(Routing) #show ip route preferences
Local..........................................
Static.........................................
OSPF Intra.....................................
OSPF Inter.....................................
OSPF External..................................
RIP............................................
Configured Default Gateway.....................
DHCP Default Gateway...........................
September 2014
0
1
110
110
110
120
253
254
CLI Command Reference
Page 526
IP Routing Commands
HP Moonshot Switch Module CLI Command Reference
show ip stats
This command displays IP statistical information. Refer to RFC 1213 for more information about the fields that
are displayed.
Format
show ip stats
Modes
• Privileged EXEC
• User EXEC
show routing heap summary
This command displays a summary of the memory allocation from the routing heap. The routing heap is a
chunk of memory set aside when the system boots for use by the routing applications.
Format
show routing heap summary
Mode
Privileged Exec
Parameter
Description
Heap Size
Memory In Use
Memory on Free
List
Memory
Available in Heap
In Use High Water
Mark
The amount of memory, in bytes, allocated at startup for the routing heap.
The number of bytes currently allocated.
The number of bytes currently on the free list. When a chunk of memory from the routing
heap is freed, it is placed on a free list for future reuse.
The number of bytes in the original heap that have never been allocated.
The maximum memory in use since the system last rebooted.
Example: The following shows example CLI display output for the command.
(Routing) #show routing heap summary
Heap Size .....................................
Memory In Use .................................
Memory on Free List ...........................
Memory Available in Heap ......................
In Use High Water Mark ........................
September 2014
41584640
54802 ( 0% )
47 ( 0% )
41529822 ( 99% )
54802 ( 0% )
CLI Command Reference
Page 527
HP Moonshot Switch Module CLI Command Reference
Router Discovery Protocol Commands
Router Discovery Protocol Commands
This section describes the commands you use to view and configure Router Discovery Protocol settings on the
switch. The Router Discovery Protocol enables a host to discover the IP address of routers on the subnet.
ip irdp
This command enables Router Discovery on an interface or range of interfaces.
Default
disabled
Format
ip irdp
Mode
Interface Config
no ip irdp
This command disables Router Discovery on an interface.
Format
no ip irdp
Mode
Interface Config
ip irdp address
This command configures the address that the interface uses to send the router discovery advertisements. The
valid values for ipaddr are 224.0.0.1, which is the all-hosts IP multicast address, and 255.255.255.255, which is
the limited broadcast address.
Default
224.0.0.1
Format
ip irdp address ipaddr
Mode
Interface Config
no ip irdp address
This command configures the default address used to advertise the router for the interface.
Format
no ip irdp address
Mode
Interface Config
September 2014
CLI Command Reference
Page 528
HP Moonshot Switch Module CLI Command Reference
Router Discovery Protocol Commands
ip irdp holdtime
This command configures the value, in seconds, of the holdtime field of the router advertisement sent from
this interface. The holdtime range is the value of 4 to 9000 seconds.
Default
1800
Format
ip irdp holdtime 4-9000
Mode
Interface Config
no ip irdp holdtime
This command configures the default value, in seconds, of the holdtime field of the router advertisement sent
from this interface.
Format
no ip irdp holdtime
Mode
Interface Config
ip irdp maxadvertinterval
This command configures the maximum time, in seconds, allowed between sending router advertisements
from the interface. The range for maxadvertinterval is 4 to 1800 seconds.
Default
600
Format
ip irdp maxadvertinterval 4-1800
Mode
Interface Config
no ip irdp maxadvertinterval
This command configures the default maximum time, in seconds.
Format
no ip irdp maxadvertinterval
Mode
Interface Config
ip irdp minadvertinterval
This command configures the minimum time, in seconds, allowed between sending router advertisements
from the interface. The range for minadvertinterval is 3–1800.
Default
0.75 * maxadvertinterval
Format
ip irdp minadvertinterval 3-1800
Mode
Interface Config
September 2014
CLI Command Reference
Page 529
HP Moonshot Switch Module CLI Command Reference
Router Discovery Protocol Commands
no ip irdp minadvertinterval
This command sets the default minimum time to the default.
Format
no ip irdp minadvertinterval
Mode
Interface Config
ip irdp multicast
This command configures the destination IP address for router advertisements as 224.0.0.1, which is the
default address. The no form of the command configures the IP address as 255.255.255.255 to instead send
router advertisements to the limited broadcast address.
Format
ip irdp multicast
Mode
Interface Config
no ip irdp multicast
By default, router advertisements are sent to 224.0.0.1. To instead send router advertisements to the limited
broadcast address, 255.255.255.255, use the no form of this command.
Format
no ip irdp multicast
Mode
Interface Config
ip irdp preference
This command configures the preferability of the address as a default router address, relative to other router
addresses on the same subnet.
Default
0
Format
ip irdp preference -2147483648 to 2147483647
Mode
Interface Config
no ip irdp preference
This command configures the default preferability of the address as a default router address, relative to other
router addresses on the same subnet.
Format
no ip irdp preference
Mode
Interface Config
September 2014
CLI Command Reference
Page 530
HP Moonshot Switch Module CLI Command Reference
Router Discovery Protocol Commands
show ip irdp
This command displays the router discovery information for all interfaces, a specified interface, or specified
VLAN. The argument unit/slot/port corresponds to a physical routing interface or VLAN routing interface. The
keyword vlan is used to specify the VLAN ID of the routing VLAN directly instead of in a unit/slot/port format.
Format
show ip irdp {unit/slot/port|vlan 1-4093|all}
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Interface
The unit/slot/port that corresponds to a physical routing interface or vlan routing
interface.
Use this keyword to specify the VLAN ID of the routing VLAN directly instead of in a unit/
slot/port format.
The advertise mode, which indicates whether router discovery is enabled or disabled on
this interface.
The destination IP address for router advertisements.
The maximum advertise interval, which is the maximum time, in seconds, allowed between
sending router advertisements from the interface.
The minimum advertise interval, which is the minimum time, in seconds, allowed between
sending router advertisements from the interface.
The amount of time, in seconds, that a system should keep the router advertisement
before discarding it.
The preference of the address as a default router address, relative to other router
addresses on the same subnet.
vlan
Ad Mode
Dest Address
Max Int
Min Int
Hold Time
Preference
September 2014
CLI Command Reference
Page 531
HP Moonshot Switch Module CLI Command Reference
Virtual LAN Routing Commands
Virtual LAN Routing Commands
This section describes the commands you use to view and configure VLAN routing and to view VLAN routing
status information.
vlan routing
This command enables routing on a VLAN. The vlanid value has a range from 1 to 4093. The [interface ID]
value has a range from 1 to 128. Typically, you will not supply the interface ID argument, and the system
automatically selects the interface ID. However, if you specify an interface ID, the interface ID becomes the port
number in the unit/slot/port for the VLAN routing interface. If you select an interface ID that is already in use,
the CLI displays an error message and does not create the VLAN interface. For products that use text-based
configuration, including the interface ID in the vlan routing command for the text configuration ensures that
the unit/slot/port for the VLAN interface stays the same across a restart. Keeping the unit/slot/port the
same ensures that the correct interface configuration is applied to each interface when the system restarts.
To view the unit/slot/port designation associated with a VLAN routing interface, use the show ip vlan
command.
Format
vlan routing vlanid [interface ID]
Mode
VLAN Config
no vlan routing
This command deletes routing on a VLAN.
Format
no vlan routing vlanid
Mode
VLAN Config
Example: Example 1 shows the command specifying a vlanid value. The interface ID argument is not used.
(Routing) #vlan database
(Routing) (Vlan)#vlan 222
(Routing) (Vlan)#vlan routing 222 ?
<cr>
Press enter to execute the command.
<1-128>
Enter interface ID
Typically, you press <Enter> without supplying the Interface ID value; the system automatically selects the
interface ID.
Example: In Example 2, a new VLAN with the VLAN ID 144 is created, and the VLAN routing command
specifies interface ID 44 for VLAN 144 interface. The interface ID becomes the port number in the unit/
slot/port for the VLAN routing interface. In this example, unit/slot/port is 0/4/44 for VLAN 144 interface.
(Routing)(Vlan)#vlan 144 44
(Routing)(Vlan)#exit
(Routing) #show ip vlan
MAC Address used by Routing VLANs:
September 2014
00:24:81:D0:1D:99
CLI Command Reference
Page 532
HP Moonshot Switch Module CLI Command Reference
VLAN ID
------144
222
Logical
Interface
-------------0/4/44
0/4/1
IP Address
--------------0.0.0.0
0.0.0.0
Virtual LAN Routing Commands
Subnet Mask
--------------0.0.0.0
0.0.0.0
Example: In Example 3, you select an interface ID that is already in use. In this case, the CLI displays an error
message and does not create the VLAN interface.
(Routing)#vlan database
(Routing)(Vlan)#vlan 15
(Routing)(Vlan)#vlan routing 15 1
Interface ID 1 is already assigned to another interface
Example: The show running configuration command always lists the interface ID for each routing VLAN, as
shown in Example 4 below.
(Routing) #show running-config
!Current Configuration:
!
!System Description "Moonshot-180G Switch, 2.0.0.5, Linux 2.6.34.6"
!System Software Version "2.0.0.5"
!System Up Time
"0 days 0 hrs 17 mins 30 secs"
!Cut-through mode is configured as disabled
!Additional Packages
QOS,IPv6 Management,Stacking,Routing
!Current SNTP Synchronized Time: SNTP Client Mode Is Disabled
!
vlan database
vlan 144,222
vlan routing 222 1
vlan routing 144 44
exit
interface vlan
Use this command to enter Interface configuration mode for the specified VLAN. The vlan-id range is 1 to 4093.
Format
interface vlan vlan-id
Mode
Global Config
show ip vlan
This command displays the VLAN routing information for all VLANs with routing enabled.
Format
show ip vlan
Modes
• Privileged EXEC
• User EXEC
September 2014
CLI Command Reference
Page 533
HP Moonshot Switch Module CLI Command Reference
Virtual LAN Routing Commands
Term
Definition
MAC Address
used by Routing
VLANs
VLAN ID
Logical Interface
IP Address
Subnet Mask
The MAC Address associated with the internal bridge-router interface (IBRI). The same
MAC Address is used by all VLAN routing interfaces. It will be displayed above the per-VLAN
information.
The identifier of the VLAN.
The logical unit/slot/port associated with the VLAN routing interface.
The IP address associated with this VLAN.
The subnet mask that is associated with this VLAN.
September 2014
CLI Command Reference
Page 534
HP Moonshot Switch Module CLI Command Reference
Virtual Router Redundancy Protocol Commands
Virtual Router Redundancy Protocol Commands
This section describes the commands you use to view and configure Virtual Router Redundancy Protocol
(VRRP) and to view VRRP status information. VRRP helps provide failover and load balancing when you
configure two devices as a VRRP pair.
ip vrrp (Global Config)
Use this command in Global Config mode to enable the administrative mode of VRRP on the router.
Default
none
Format
ip vrrp
Mode
Global Config
no ip vrrp
Use this command in Global Config mode to disable the default administrative mode of VRRP on the router.
Format
no ip vrrp
Mode
Global Config
ip vrrp (Interface Config)
Use this command in Interface Config mode to create a virtual router associated with the interface or range of
interfaces. The parameter vrid is the virtual router ID, which has an integer value range from 1 to 255.
Format
ip vrrp vrid
Mode
Interface Config
no ip vrrp
Use this command in Interface Config mode to delete the virtual router associated with the interface. The
virtual Router ID, vrid, is an integer value that ranges from 1 to 255.
Format
no ip vrrp vrid
Mode
Interface Config
September 2014
CLI Command Reference
Page 535
HP Moonshot Switch Module CLI Command Reference
Virtual Router Redundancy Protocol Commands
ip vrrp mode
This command enables the virtual router configured on the specified interface. Enabling the status field starts
a virtual router. The parameter vrid is the virtual router ID which has an integer value ranging from 1 to 255.
Default
disabled
Format
ip vrrp vrid mode
Mode
Interface Config
no ip vrrp mode
This command disables the virtual router configured on the specified interface. Disabling the status field stops
a virtual router.
Format
no ip vrrp vrid mode
Mode
Interface Config
ip vrrp ip
This command sets the virtual router IP address value for an interface or range of interfaces. The value for
ipaddr is the IP address which is to be configured on that interface for VRRP. The parameter vrid is the virtual
router ID which has an integer value range from 1 to 255. You can use the optional [secondary] parameter to
designate the IP address as a secondary IP address.
Default
none
Format
ip vrrp vrid ip ipaddr [secondary]
Mode
Interface Config
no ip vrrp ip
Use this command in Interface Config mode to delete a secondary IP address value from the interface. To delete
the primary IP address, you must delete the virtual router on the interface.
Format
no ip vrrp vrid ipaddress secondary
Mode
Interface Config
September 2014
CLI Command Reference
Page 536
HP Moonshot Switch Module CLI Command Reference
Virtual Router Redundancy Protocol Commands
ip vrrp accept-mode
Use this command to allow the VRRP Master to accept ping packets sent to one of the virtual router's IP
addresses.
Note: VRRP accept-mode allows only ICMP Echo Request packets. No other type of packet is allowed
to be delivered to a VRRP address.
Default
disabled
Format
ip vrrp vrid accept-mode
Mode
Interface Config
no ip vrrp accept-mode
Use this command to prevent the VRRP Master from accepting ping packets sent to one of the virtual router's
IP addresses.
Format
no ip vrrp vrid accept-mode
Mode
Interface Config
ip vrrp authentication
This command sets the authorization details value for the virtual router configured on a specified interface or
range of interfaces. The parameter {none | simple} specifies the authorization type for virtual router
configured on the specified interface. The parameter [key] is optional, it is only required when authorization
type is simple text password. The parameter vrid is the virtual router ID which has an integer value ranges from
1 to 255.
Default
no authorization
Format
ip vrrp vrid authentication {none | simple key}
Mode
• Interface Config
no ip vrrp authentication
This command sets the default authorization details value for the virtual router configured on a specified
interface or range of interfaces.
Format
no ip vrrp vrid authentication
Mode
• Interface Config
September 2014
CLI Command Reference
Page 537
HP Moonshot Switch Module CLI Command Reference
Virtual Router Redundancy Protocol Commands
ip vrrp preempt
This command sets the preemption mode value for the virtual router configured on a specified interface or
range of interfaces. The parameter vrid is the virtual router ID, which is an integer from 1 to 255.
Default
enabled
Format
ip vrrp vrid preempt
Mode
• Interface Config
no ip vrrp preempt
This command sets the default preemption mode value for the virtual router configured on a specified
interface or range of interfaces.
Format
no ip vrrp vrid preempt
Mode
• Interface Config
ip vrrp priority
This command sets the priority of a router within a VRRP group. It can be used to configure an interface or a
range of interfaces. Higher values equal higher priority. The range is from 1 to 254. The parameter vrid is the
virtual router ID, whose range is from 1 to 255.
The router with the highest priority is elected master. If a router is configured with the address used as the
address of the virtual router, the router is called the “address owner.” The priority of the address owner is
always 255 so that the address owner is always master. If the master has a priority less than 255 (it is not the
address owner) and you configure the priority of another router in the group higher than the master’s priority,
the router will take over as master only if preempt mode is enabled.
Default
100 unless the router is the address owner, in which case its priority is automatically set to 255.
Format
ip vrrp vrid priority 1-254
Mode
• Interface Config
no ip vrrp priority
This command sets the default priority value for the virtual router configured on a specified interface or range
of interfaces.
Format
no ip vrrp vrid priority
Mode
Interface Config
September 2014
CLI Command Reference
Page 538
HP Moonshot Switch Module CLI Command Reference
Virtual Router Redundancy Protocol Commands
ip vrrp timers advertise
This command sets the frequency, in seconds, that an interface or range of interfaces on the specified virtual
router sends a virtual router advertisement.
Default
1
Format
ip vrrp vrid timers advertise 1-255
Mode
Interface Config
no ip vrrp timers advertise
This command sets the default virtual router advertisement value for an interface or range of interfaces.
Format
no ip vrrp vrid timers advertise
Mode
Interface Config
ip vrrp track interface
Use this command to alter the priority of the VRRP router based on the availability of its interfaces. This
command is useful for tracking interfaces that are not configured for VRRP. Only IP interfaces are tracked. A
tracked interface is up if the IP on that interface is up. Otherwise, the tracked interface is down. You can use
this command to configure a single interface or range of interfaces. The argument unit/slot/port corresponds
to a physical routing interface or VLAN routing interface. The keyword vlan is used to specify the VLAN ID of
the routing VLAN directly instead of in a unit/slot/port format.
When the tracked interface is down or the interface has been removed from the router, the priority of the VRRP
router will be decremented by the value specified in the priority argument. When the interface is up for IP
protocol, the priority will be incremented by the priority value.
A VRRP configured interface can track more than one interface. When a tracked interface goes down, then the
priority of the router will be decreased by 10 (the default priority decrement) for each downed interface. The
default priority decrement is changed using the priority argument. The default priority of the virtual router is
100, and the default decrement priority is 10. By default, no interfaces are tracked. If you specify just the
interface to be tracked, without giving the optional priority, then the default priority will be set. The default
priority decrement is 10.
Default
priority: 10
Format
ip vrrp vrid track interface {unit/slot/port|vlan 1-4093} [decrement priority]
Mode
Interface Config
September 2014
CLI Command Reference
Page 539
HP Moonshot Switch Module CLI Command Reference
Virtual Router Redundancy Protocol Commands
no ip vrrp track interface
Use this command to remove the interface or range of interfaces from the tracked list or to restore the priority
decrement to its default.
Format
no ip vrrp vrid track interface {unit/slot/port|vlan 1-4093} [decrement]
Mode
Interface Config
ip vrrp track ip route
Use this command to track the route reachability on an interface or range of interfaces. When the tracked route
is deleted, the priority of the VRRP router will be decremented by the value specified in the priority argument.
When the tracked route is added, the priority will be incremented by the same.
A VRRP configured interface can track more than one route. When a tracked route goes down, then the priority
of the router will be decreased by 10 (the default priority decrement) for each downed route. By default no
routes are tracked. If you specify just the route to be tracked, without giving the optional priority, then the
default priority will be set. The default priority decrement is 10. The default priority decrement is changed
using the priority argument.
Default
priority: 10
Format
ip vrrp vrid track ip route ip-address/prefix-length [decrement priority]
Mode
Interface Config
no ip vrrp track ip route
Use this command to remove the route from the tracked list or to restore the priority decrement to its default.
When removing a tracked IP route from the tracked list, the priority should be incremented by the decrement
value if the route is not reachable.
Format
no ip vrrp vrid track interface unit/slot/port [decrement]
Mode
Interface Config
September 2014
CLI Command Reference
Page 540
HP Moonshot Switch Module CLI Command Reference
Virtual Router Redundancy Protocol Commands
show ip vrrp interface stats
This command displays the statistical information about each virtual router configured on the switch. The
argument unit/slot/port corresponds to a physical routing interface or VLAN routing interface. The keyword
vlan is used to specify the VLAN ID of the routing VLAN directly instead of a unit/slot/port format.
Format
show ip vrrp interface stats {unit/slot/port|vlan 1-4093} vrid
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Uptime
Protocol
State Transitioned to
Master
Advertisement
Received
Advertisement
Interval Errors
Authentication
Failure
IP TTL errors
The time that the virtual router has been up, in days, hours, minutes and seconds.
The protocol configured on the interface.
The total number of times virtual router state has changed to MASTER.
The total number of VRRP advertisements received by this virtual router.
The total number of VRRP advertisements received for which advertisement interval is
different than the configured value for this virtual router.
The total number of VRRP packets received that don't pass the authentication check.
The total number of VRRP packets received by the virtual router with IP TTL (time to
live) not equal to 255.
Zero Priority Packets The total number of VRRP packets received by virtual router with a priority of '0'.
Received
Zero Priority Packets The total number of VRRP packets sent by the virtual router with a priority of '0'.
Sent
Invalid Type Packets The total number of VRRP packets received by the virtual router with invalid 'type'
Received
field.
Address List Errors
The total number of VRRP packets received for which address list does not match the
locally configured list for the virtual router.
Invalid
The total number of VRRP packets received with unknown authentication type.
Authentication Type
Authentication Type The total number of VRRP advertisements received for which 'auth type' not equal to
Mismatch
locally configured one for this virtual router.
Packet Length Errors The total number of VRRP packets received with packet length less than length of VRRP
header.
September 2014
CLI Command Reference
Page 541
HP Moonshot Switch Module CLI Command Reference
Virtual Router Redundancy Protocol Commands
show ip vrrp
This command displays whether VRRP functionality is enabled or disabled on the switch. It also displays some
global parameters which are required for monitoring. This command takes no options.
Format
show ip vrrp
Modes
• Privileged EXEC
• User EXEC
Term
Definition
VRRP Admin Mode
Router Checksum Errors
Router Version Errors
The administrative mode for VRRP functionality on the switch.
The total number of VRRP packets received with an invalid VRRP checksum value.
The total number of VRRP packets received with Unknown or unsupported version
number.
The total number of VRRP packets received with invalid VRID for this virtual router.
Router VRID Errors
show ip vrrp interface
This command displays all configuration information and VRRP router statistics of a virtual router configured
on a specific interface. The argument unit/slot/port corresponds to a physical routing interface or VLAN routing
interface. The keyword vlan is the VLAN ID of the routing VLAN instead of in a unit/slot/port format. Use the
output of the command to verify the track interface and track IP route configurations.
Format
show ip vrrp interface {unit/slot/port|vlan 1-4093} vrid
Modes
• Privileged EXEC
• User EXEC
Term
Definition
IP Address
VMAC address
Authentication type
Priority
The configured IP address for the Virtual router.
The VMAC address of the specified router.
The authentication type for the specific virtual router.
The priority value for the specific virtual router, taking into account any priority
decrements for tracked interfaces or routes.
The priority configured through the ip vrrp vrid priority 1-254 command.
The advertisement interval in seconds for the specific virtual router.
The preemption mode configured on the specified virtual router.
The status (Enable or Disable) of the specific router.
When enabled, the VRRP Master can accept ping packets sent to one of the
virtual router’s IP addresses.
The state (Master/backup) of the virtual router.
Configured Priority
Advertisement interval
Pre-Empt Mode
Administrative Mode
Accept Mode
State
September 2014
CLI Command Reference
Page 542
HP Moonshot Switch Module CLI Command Reference
Virtual Router Redundancy Protocol Commands
Example: The following shows example CLI display output for the command.
show ip vrrp interface <u/s/p> vrid
Primary IP Address............................. 1.1.1.5
VMAC Address................................... 00:00:5e:00:01:01
Authentication Type............................ None
Priority....................................... 80
Configured priority.......................... 100
Advertisement Interval (secs).................. 1
Pre-empt Mode.................................. Enable
Administrative Mode............................ Enable
Accept Mode.................................... Enable
State.......................................... Initialized
Track Interface
State
DecrementPriority
------------------------------------<1/0/1>
down
TrackRoute (pfx/len)
State
----------------------------10.10.10.1/255.255.255.0
down
10
DecrementPriority
-----------------10
show ip vrrp interface brief
This command displays information about each virtual router configured on the switch. This command takes
no options. It displays information about each virtual router.
Format
show ip vrrp interface brief
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Interface
VRID
IP Address
Mode
State
unit/slot/port
The router ID of the virtual router.
The virtual router IP address.
Indicates whether the virtual router is enabled or disabled.
The state (Master/backup) of the virtual router.
September 2014
CLI Command Reference
Page 543
HP Moonshot Switch Module CLI Command Reference
DHCP and BOOTP Relay Commands
DHCP and BOOTP Relay Commands
This section describes the commands you use to configure BootP/DHCP Relay on the switch. A DHCP relay
agent operates at Layer 3 and forwards DHCP requests and replies between clients and servers when they are
not on the same physical subnet.
bootpdhcprelay cidoptmode
This command enables the circuit ID option mode for BootP/DHCP Relay on the system.
Default
disabled
Format
bootpdhcprelay cidoptmode
Mode
Global Config
no bootpdhcprelay cidoptmode
This command disables the circuit ID option mode for BootP/DHCP Relay on the system.
Format
no bootpdhcprelay cidoptmode
Mode
Global Config
bootpdhcprelay maxhopcount
This command configures the maximum allowable relay agent hops for BootP/DHCP Relay on the system. The
hops parameter has a range of 1 to 16.
Default
4
Format
bootpdhcprelay maxhopcount 1-16
Mode
Global Config
no bootpdhcprelay maxhopcount
This command configures the default maximum allowable relay agent hops for BootP/DHCP Relay on the
system.
Format
no bootpdhcprelay maxhopcount
Mode
Global Config
September 2014
CLI Command Reference
Page 544
HP Moonshot Switch Module CLI Command Reference
DHCP and BOOTP Relay Commands
bootpdhcprelay minwaittime
This command configures the minimum wait time in seconds for BootP/DHCP Relay on the system. When the
BOOTP relay agent receives a BOOTREQUEST message, it MAY use the seconds-since-client-began-booting field
of the request as a factor in deciding whether to relay the request or not. The parameter has a range of 0 to
100 seconds.
Default
0
Format
bootpdhcprelay minwaittime 0-100
Mode
Global Config
no bootpdhcprelay minwaittime
This command configures the default minimum wait time in seconds for BootP/DHCP Relay on the system.
Format
no bootpdhcprelay minwaittime
Mode
Global Config
show bootpdhcprelay
This command displays the BootP/DHCP Relay information.
Format
show bootpdhcprelay
Modes
• Privileged EXEC
• User EXEC
Term
Definition
Maximum Hop Count
Minimum Wait Time (Seconds)
Admin Mode
Circuit Id Option Mode
The maximum allowable relay agent hops.
The minimum wait time.
Indicates whether relaying of requests is enabled or disabled.
The DHCP circuit Id option which may be enabled or disabled.
September 2014
CLI Command Reference
Page 545
IP Helper Commands
HP Moonshot Switch Module CLI Command Reference
IP Helper Commands
This section describes the commands to configure and monitor the IP Helper agent. IP Helper relays DHCP and
other broadcast UDP packets from a local client to one or more servers which are not on the same network at
the client.
The IP Helper feature provides a mechanism that allows a router to forward certain configured UDP broadcast
packets to a particular IP address. This allows various applications to reach servers on non-local subnets, even
if the application was designed to assume a server is always on a local subnet and uses broadcast packets (with
either the limited broadcast address 255.255.255.255, or a network directed broadcast address) to reach the
server.
The network administrator can configure relay entries both globally and on routing interfaces. Each relay entry
maps an ingress interface and destination UDP port number to a single IPv4 address (the helper address). The
network administrator may configure multiple relay entries for the same interface and UDP port, in which case
the relay agent relays matching packets to each server address. Interface configuration takes priority over
global configuration. That is, if a packet’s destination UDP port matches any entry on the ingress interface, the
packet is handled according to the interface configuration. If the packet does not match any entry on the
ingress interface, the packet is handled according to the global IP helper configuration.
The network administrator can configure discard relay entries, which direct the system to discard matching
packets. Discard entries are used to discard packets received on a specific interface when those packets would
otherwise be relayed according to a global relay entry. Discard relay entries may be configured on interfaces,
but are not configured globally.
In addition to configuring the server addresses, the network administrator also configures which UDP ports are
forwarded. Certain UDP port numbers can be specified by name in the UI as a convenience, but the network
administrator can configure a relay entry with any UDP port number. The network administrator may configure
relay entries that do not specify a destination UDP port. The relay agent relays assumes these entries match
packets with the UDP destination ports listed in Table 10. This is the list of default ports.
Table 10: Default Ports - UDP Port Numbers Implied by Wildcard
Protocol
UDP Port Number
IEN-116 Name Service
DNS
NetBIOS Name Server
NetBIOS Datagram Server
TACACS Server
Time Service
DHCP
Trivial File Transfer Protocol (TFTP)
42
53
137
138
49
37
67
69
The system limits the number of relay entries to four times the maximum number of routing interfaces. The
network administrator can allocate the relay entries as he likes. There is no limit to the number of relay entries
on an individual interface, and no limit to the number of servers for a given {interface, UDP port} pair.
September 2014
CLI Command Reference
Page 546
HP Moonshot Switch Module CLI Command Reference
IP Helper Commands
The relay agent relays DHCP packets in both directions. It relays broadcast packets from the client to one or
more DHCP servers, and relays to the client packets that the DHCP server unicasts back to the relay agent. For
other protocols, the relay agent only relays broadcast packets from the client to the server. Packets from the
server back to the client are assumed to be unicast directly to the client. Because there is no relay in the return
direction for protocols other than DHCP, the relay agent retains the source IP address from the original client
packet. The relay agent uses a local IP address as the source IP address of relayed DHCP client packets.
When a switch receives a broadcast UDP packet on a routing interface, the relay agent checks if the interface
is configured to relay the destination UDP port. If so, the relay agent unicasts the packet to the configured
server IP addresses. Otherwise, the relay agent checks if there is a global configuration for the destination UDP
port. If so, the relay agent unicasts the packet to the configured server IP addresses. Otherwise the packet is
not relayed. Note that if the packet matches a discard relay entry on the ingress interface, then the packet is
not forwarded, regardless of the global configuration.
The relay agent only relays packets that meet the following conditions:
• The destination MAC address must be the all-ones broadcast address (FF:FF:FF:FF:FF:FF)
• The destination IP address must be the limited broadcast address (255.255.255.255) or a directed
broadcast address for the receive interface.
• The IP time-to-live (TTL) must be greater than 1.
• The protocol field in the IP header must be UDP (17).
• The destination UDP port must match a configured relay entry.
clear ip helper statistics
Use this command to reset to zero the statistics displayed in the show ip helper statistics command.
Format
clear ip helper statistics
Mode
Privileged EXEC
Example: The following shows an example of the command.
(Routing) #clear ip helper statistics
September 2014
CLI Command Reference
Page 547
HP Moonshot Switch Module CLI Command Reference
IP Helper Commands
ip helper-address (Global Config)
Use this command to configure the relay of certain UDP broadcast packets received on any interface. This
command can be invoked multiple times, either to specify multiple server addresses for a given UDP port
number or to specify multiple UDP port numbers handled by a specific server.
Default
No helper addresses are configured.
Format
ip helper-address server-address [dest-udp-port | dhcp | domain | isakmp | mobile-ip
| nameserver | netbios-dgm | netbios-ns | ntp | pim-auto-rp | rip | tacacs | tftp |
time]
Mode
Global Config
Parameter
Description
server-address
The IPv4 unicast or directed broadcast address to which relayed UDP broadcast packets are
sent. The server address cannot be an IP address configured on any interface of the local
router.
A destination UDP port number from 0 to 65535.
The destination UDP port may be optionally specified by its name. Whether a port is
specified by its number or its name has no effect on behavior. The names recognized are as
follows:
• dhcp (port 67)
• domain (port 53)
• isakmp (port 500)
• mobile-ip (port 434)
• nameserver (port 42)
• netbios-dgm (port 138)
• netbios-ns (port 137)
• ntp (port 123)
• pim-auto-rp (port 496)
• rip (port 520)
• tacacs (port 49)
• tftp (port 69)
• time (port 37)
Other ports must be specified by number.
dest-udp-port
port-name
Example: To relay DHCP packets received on any interface to two DHCP servers, 10.1.1.1 and 10.1.2.1, use
the following commands:
(Routing)#config
(Routing)(config)#ip helper-address 10.1.1.1 dhcp
(Routing)(config)#ip helper-address 10.1.2.1 dhcp
Example: To relay UDP packets received on any interface for all default ports to the server at 20.1.1.1, use
the following commands:
(Routing)#config
(Routing)(config)#ip helper-address 20.1.1.1
September 2014
CLI Command Reference
Page 548
HP Moonshot Switch Module CLI Command Reference
IP Helper Commands
no ip helper-address (Global Config)
Use the no form of the command to delete an IP helper entry. The command no ip helper-address with no
arguments clears all global IP helper addresses.
Format
no ip helper-address [server-address [dest-udp-port | dhcp | domain | isakmp | mobileip | nameserver | netbios-dgm | netbios-ns | ntp | pim-auto-rp | rip | tacacs | tftp
| time]
Mode
Global Config
ip helper-address (Interface Config)
Use this command to configure the relay of certain UDP broadcast packets received on a specific interface or
range of interfaces. This command can be invoked multiple times on a routing interface, either to specify
multiple server addresses for a given port number or to specify multiple port numbers handled by a specific
server.
Default
No helper addresses are configured.
Format
ip helper-address {server-address | discard} [dest-udp-port | dhcp | domain | isakmp
| mobile ip | nameserver | netbios-dgm | netbios-ns | ntp | pim-auto-rp | rip | tacacs
| tftp | time]
Mode
Interface Config
Parameter
Description
server-address
The IPv4 unicast or directed broadcast address to which relayed UDP broadcast packets are
sent. The server address cannot be in a subnet on the interface where the relay entry is
configured, and cannot be an IP address configured on any interface of the local router.
Matching packets should be discarded rather than relayed, even if a global ip helperaddress configuration matches the packet.
A destination UDP port number from 0 to 65535.
discard
dest-udp-port
September 2014
CLI Command Reference
Page 549
HP Moonshot Switch Module CLI Command Reference
IP Helper Commands
Parameter
Description
port-name
The destination UDP port may be optionally specified by its name. Whether a port is
specified by its number or its name has no effect on behavior. The names recognized are as
follows:
• dhcp (port 67)
• domain (port 53)
• isakmp (port 500)
• mobile-ip (port 434)
• nameserver (port 42)
• netbios-dgm (port 138)
• netbios-ns (port 137)
• ntp (port 123)
• pim-auto-rp (port 496)
• rip (port 520)
• tacacs (port 49)
• tftp (port 69)
• time (port 37)
Other ports must be specified by number.
Example: To relay DHCP packets received on interface 1/0/2 to two DHCP servers, 192.168.10.1 and
192.168.20.1, use the following commands:
(Routing)#config
(Routing)(config)#interface 1/0/2
(Routing)(interface 1/0/2)#ip helper-address 192.168.10.1 dhcp
(Routing)(interface 1/0/2)#ip helper-address 192.168.20.1 dhcp
Example: To relay both DHCP and DNS packets to 192.168.30.1, use the following commands:
(Routing)#config
(Routing)(config)#interface 1/0/2
(Routing)(interface 1/0/2)#ip helper-address 192.168.30.1 dhcp
(Routing)(interface 1/0/2)#ip helper-address 192.168.30.1 dns
Example: This command takes precedence over an ip helper-address command given in global
configuration mode. With the following configuration, the relay agent relays DHCP packets received on any
interface other than 1/0/2 and 1/0/17 to 192.168.40.1, relays DHCP and DNS packets received on 1/0/2 to
192.168.40.2, relays SNMP traps (port 162) received on interface 1/0/17 to 192.168.23.1, and drops DHCP
packets received on 1/0/17:
(Routing)#config
(Routing)(config)#ip helper-address 192.168.40.1 dhcp
(Routing)(config)#interface 1/0/2
(Routing)(interface 1/0/2)#ip helper-address 192.168.40.2 dhcp
(Routing)(interface 1/0/2)#ip helper-address 192.168.40.2 domain
(Routing)(interface 1/0/2)#exit
(Routing)(config)#interface 1/0/17
(Routing)(interface 1/0/17)#ip helper-address 192.168.23.1 162
(Routing)(interface 1/0/17)#ip helper-address discard dhcp
September 2014
CLI Command Reference
Page 550
HP Moonshot Switch Module CLI Command Reference
IP Helper Commands
no ip helper-address (Interface Config)
Use this command to delete a relay entry on an interface. The no command with no arguments clears all helper
addresses on the interface.
Format
no ip helper-address [server-address | discard ][dest-udp-port | dhcp | domain |
isakmp | mobile ip | nameserver | netbios-dgm | netbios-ns | ntp | pim-auto-rp | rip
| tacacs | tftp | time]
Mode
Interface Config
ip helper enable
Use this command to enable relay of UDP packets. This command can be used to temporarily disable IP helper
without deleting all IP helper addresses. This command replaces the bootpdhcprelay enable command, but
affects not only relay of DHCP packets, but also relay of any other protocols for which an IP helper address has
been configured.
Default
disabled
Format
ip helper enable
Mode
Global Config
Example: The following shows an example of the command.
(Routing)(config)#ip helper enable
no ip helper enable
Use the no form of this command to disable relay of all UDP packets.
Format
no ip helper enable
Mode
Global Config
September 2014
CLI Command Reference
Page 551
HP Moonshot Switch Module CLI Command Reference
IP Helper Commands
show ip helper-address
Use this command to display the IP helper address configuration. The argument unit/slot/port corresponds
to a physical routing interface or VLAN routing interface. The keyword vlan is used to specify the VLAN ID of
the routing VLAN directly instead of a unit/slot/port format.
Format
show ip helper-address [{unit/slot/port|vlan 1-4093}]
Mode
Privileged EXEC
Parameter
Description
interface
The relay configuration is applied to packets that arrive on this interface. This field is set to
any for global IP helper entries.
The relay configuration is applied to packets whose destination UDP port is this port.
Entries whose UDP port is identified as any are applied to packets with the destination UDP
ports listed in Table 4.
If Yes, packets arriving on the given interface with the given destination UDP port are
discarded rather than relayed. Discard entries are used to override global IP helper address
entries which otherwise might apply to a packet.
The number of times the IP helper entry has been used to relay or discard a packet.
The IPv4 address of the server to which packets are relayed.
UDP Port
Discard
Hit Count
Server Address
Example: The following shows example CLI display output for the command.
(Routing) #show ip helper-address
IP helper is enabled
Interface
UDP Port
Discard
Hit Count
Server Address
--------------- ----------- -------- ---------- --------------1/0/1
dhcp
No
10
10.100.1.254
10.100.2.254
1/0/17
any
Yes
2
any
dhcp
No
0
10.200.1.254
September 2014
CLI Command Reference
Page 552
HP Moonshot Switch Module CLI Command Reference
IP Helper Commands
show ip helper statistics
Use this command to display the number of DHCP and other UDP packets processed and relayed by the UDP
relay agent.
Format
show ip helper statistics
Mode
Privileged EXEC
Parameter
Description
DHCP client messages The number of valid messages received from a DHCP client. The count is only
received
incremented if IP helper is enabled globally, the ingress routing interface is up, and the
packet passes a number of validity checks, such as having a TTL>1 and having valid
source and destination IP addresses.
DHCP client messages The number of DHCP client messages relayed to a server. If a message is relayed to
relayed
multiple servers, the count is incremented once for each server.
DHCP server messages The number of DHCP responses received from the DHCP server. This count only
received
includes messages that the DHCP server unicasts to the relay agent for relay to the
client.
DHCP server messages The number of DHCP server messages relayed to a client.
relayed
UDP clients messages The number of valid UDP packets received. This count includes DHCP messages and
received
all other protocols relayed. Conditions are similar to those for the first statistic in this
table.
UDP clients messages The number of UDP packets relayed. This count includes DHCP messages relayed as
relayed
well as all other protocols. The count is incremented for each server to which a packet
is sent.
DHCP message hop
The number of DHCP client messages received whose hop count is larger than the
count exceeded max maximum allowed. The maximum hop count is a configurable value listed in show
bootpdhcprelay. A log message is written for each such failure. The DHCP relay agent
does not relay these packets.
DHCP message with
The number of DHCP client messages received whose secs field is less than the
secs field below min minimum value. The minimum secs value is a configurable value and is displayed in
show bootpdhcprelay. A log message is written for each such failure. The DHCP relay
agent does not relay these packets.
DHCP message with
The number of DHCP client messages received whose gateway address, giaddr, is
giaddr set to local
already set to an IP address configured on one of the relay agent’s own IP addresses.
address
In this case, another device is attempting to spoof the relay agent’s address. The relay
agent does not relay such packets. A log message gives details for each occurrence.
Packets with expired The number of packets received with TTL of 0 or 1 that might otherwise have been
TTL
relayed.
Packets that matched The number of packets ignored by the relay agent because they match a discard relay
a discard entry
entry.
September 2014
CLI Command Reference
Page 553
IP Helper Commands
HP Moonshot Switch Module CLI Command Reference
Example: The following shows example CLI display output for the command.
(Routing)#show ip helper statistics
DHCP client messages received..................
DHCP client messages relayed...................
DHCP server messages received..................
DHCP server messages relayed...................
UDP client messages received...................
UDP client messages relayed....................
DHCP message hop count exceeded max............
DHCP message with secs field below min.........
DHCP message with giaddr set to local address..
Packets with expired TTL.......................
Packets that matched a discard entry...........
September 2014
8
2
2
2
8
2
0
0
0
0
0
CLI Command Reference
Page 554
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
Open Shortest Path First Commands
This section describes the commands you use to view and configure Open Shortest Path First (OSPF), which is
a link-state routing protocol that you use to route traffic within a network. This section contains the following
subsections:
• “General OSPF Commands” on page 555
• “OSPF Interface Commands” on page 575
• “IP Event Dampening Commands” on page 581
• “OSPFv2 Stub Router Commands” on page 586
• “OSPF Show Commands” on page 587
General OSPF Commands
router ospf
Use this command to enter Router OSPF mode.
Format
router ospf
Mode
Global Config
enable (OSPF)
This command resets the default administrative mode of OSPF in the router (active).
Default
enabled
Format
enable
Mode
Router OSPF Config
no enable (OSPF)
This command sets the administrative mode of OSPF in the router to inactive.
Format
no enable
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 555
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
network area (OSPF)
Use this command to enable OSPFv2 on an interface and set its area ID if the IP address of an interface is
covered by this network command.
Default
disabled
Format
network ip-address wildcard-mask area area-id
Mode
Router OSPF Config
no network area (OSPF)
Use this command to disable the OSPFv2 on a interface if the IP address of an interface was earlier covered by
this network command.
Format
no network ip-address wildcard-mask area area-id
Mode
Router OSPF Config
1583compatibility
This command enables OSPF 1583 compatibility.
Note: 1583 compatibility mode is enabled by default. If all OSPF routers in the routing domain are
capable of operating according to RFC 2328, OSPF 1583 compatibility mode should be disabled.
Default
enabled
Format
1583compatibility
Mode
Router OSPF Config
no 1583compatibility
This command disables OSPF 1583 compatibility.
Format
no 1583compatibility
Mode
Router OSPF Config
area default-cost (OSPF)
This command configures the default cost for the stub area. You must specify the area ID and an integer value
between 1-16777215.
Format
area areaid default-cost 1-16777215
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 556
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
area nssa (OSPF)
This command configures the specified areaid to function as an NSSA.
Format
area areaid nssa
Mode
Router OSPF Config
no area nssa
This command disables nssa from the specified area id.
Format
no area areaid nssa
Mode
Router OSPF Config
area nssa default-info-originate (OSPF)
This command configures the metric value and type for the default route advertised into the NSSA. The
optional metric parameter specifies the metric of the default route and is to be in a range of 1-16777214. If no
metric is specified, the default value is ****. The metric type can be comparable (nssa-external 1) or noncomparable (nssa-external 2).
Format
area areaid nssa default-info-originate [metric] [{comparable | non-comparable}]
Mode
Router OSPF Config
no area nssa default-info-originate (OSPF)
This command disables the default route advertised into the NSSA.
Format
no area areaid nssa default-info-originate [metric] [{comparable | non-comparable}]
Mode
Router OSPF Config
area nssa no-redistribute (OSPF)
This command configures the NSSA Area Border router (ABR) so that learned external routes will not be
redistributed to the NSSA.
Format
area areaid nssa no-redistribute
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 557
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
no area nssa no-redistribute (OSPF)
This command disables the NSSA ABR so that learned external routes are redistributed to the NSSA.
Format
no area areaid nssa no-redistribute
Mode
Router OSPF Config
area nssa no-summary (OSPF)
This command configures the NSSA so that summary LSAs are not advertised into the NSSA.
Format
area areaid nssa no-summary
Mode
Router OSPF Config
no area nssa no-summary (OSPF)
This command disables nssa from the summary LSAs.
Format
no area areaid nssa no-summary
Mode
Router OSPF Config
area nssa translator-role (OSPF)
This command configures the translator role of the NSSA. A value of always causes the router to assume the
role of the translator the instant it becomes a border router and a value of candidate causes the router to
participate in the translator election process when it attains border router status.
Format
area areaid nssa translator-role {always | candidate}
Mode
Router OSPF Config
no area nssa translator-role (OSPF)
This command disables the nssa translator role from the specified area id.
Format
no area areaid nssa translator-role {always | candidate}
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 558
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
area nssa translator-stab-intv (OSPF)
This command configures the translator stabilityinterval of the NSSA. The stabilityinterval is the period
of time that an elected translator continues to perform its duties after it determines that its translator status
has been deposed by another router.
Format
area areaid nssa translator-stab-intv stabilityinterval
Mode
Router OSPF Config
no area nssa translator-stab-intv (OSPF)
This command disables the nssa translator’s stabilityinterval from the specified area id.
Format
no area areaid nssa translator-stab-intv stabilityinterval
Mode
Router OSPF Config
area range (OSPF)
Use the area range command in Router Configuration mode to configure a summary prefix that an area border
router advertises for a specific area.
Default
No area ranges are configured by default. No cost is configured by default.
Format
area areaid range ip-address netmask {summarylink | nssaexternallink} [advertise |
not-advertise] [cost cost]
Mode
OSPFv2 Router Configuration
Parameter
Description
area-id
prefix netmask
The area identifier for the area whose networks are to be summarized.
The summary prefix to be advertised when the ABR computes a route to one or more
networks within this prefix in this area.
summarylink
When this keyword is given, the area range is used when summarizing prefixes advertised
in type 3 summary LSAs.
nssaexternallink When this keyword is given, the area range is used when translating type 7 LSAs to type 5
LSAs.
advertise
[Optional] When this keyword is given, the summary prefix is advertised when the area
range is active. This is the default.
not-advertise
[Optional] When this keyword is given, neither the summary prefix nor the contained
prefixes are advertised when the area range is active. When the not-advertise option is
given, any static cost previously configured is removed from the system configuration.
September 2014
CLI Command Reference
Page 559
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
Parameter
Description
cost
[Optional] If an optional cost is given, OSPF sets the metric field in the summary LSA to the
configured value rather than setting the metric to the largest cost among the networks
covered by the area range. A static cost may only be configured if the area range is
configured to advertise the summary. The range is 0 to 16,777,215. If the cost is set to
16,777,215 for type 3 summarization, a type 3 summary LSA is not advertised, but
contained networks are suppressed. This behavior is equivalent to specifying the notadvertise option. If the range is configured for type 7 to type 5 translation, a type 5 LSA is
sent if the metric is set to 16,777,215; however, other routers will not compute a route
from a type 5 LSA with this metric.
no area range
The no form of this command deletes a specified area range or reverts an option to its default.
Format
no area areaid range ip-address netmask {summarylink | nssaexternallink} [advertise |
not-advertise] [cost]
Mode
OSPFv2 Router Configuration
Example: The following shows an example of the command.
!! Create area range
(Router) (Config-router)#area 1 range 10.0.0.0 255.0.0.0 summarylink
!! Delete area range
(Router) (Config-router)#no area 1 range 10.0.0.0 255.0.0.0 summarylink
The no form may be used to revert the [advertise | not-advertise] option to its default without deleting the
area range. Deleting and recreating the area range would cause OSPF to temporarily advertise the prefixes
contained within the range. Note that using either the advertise or not-advertise keyword reverts the
configuration to the default. For example:
!! Create area range. Suppress summary.
(Router) (Config-router)#area 1 range 10.0.0.0 255.0.0.0 summarylink not-advertise
!! Advertise summary.
(Router) (Config-router)#no area 1 range 10.0.0.0 255.0.0.0 summarylink not-advertise
The no form may be use to remove a static area range cost, so that OSPF sets the cost to the largest cost among
the contained routes.
!! Create area range with static cost.
(Router) (Config-router)#area 1 range 10.0.0.0 255.0.0.0 summarylink cost 1000
!! Remove static cost.
(Router) (Config-router)#no area 1 range 10.0.0.0 255.0.0.0 summarylink cost
September 2014
CLI Command Reference
Page 560
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
area stub (OSPF)
This command creates a stub area for the specified area ID. A stub area is characterized by the fact that AS
External LSAs are not propagated into the area. Removing AS External LSAs and Summary LSAs can significantly
reduce the link state database of routers within the stub area.
Format
area areaid stub
Mode
Router OSPF Config
no area stub
This command deletes a stub area for the specified area ID.
Format
no area areaid stub
Mode
Router OSPF Config
area stub no-summary (OSPF)
This command configures the Summary LSA mode for the stub area identified by areaid. Use this command to
prevent LSA Summaries from being sent.
Default
disabled
Format
area areaid stub no-summary
Mode
Router OSPF Config
no area stub no-summary
This command configures the default Summary LSA mode for the stub area identified by areaid.
Format
no area areaid stub no-summary
Mode
Router OSPF Config
area virtual-link (OSPF)
This command creates the OSPF virtual interface for the specified areaid and neighbor. The neighbor
parameter is the Router ID of the neighbor.
Format
area areaid virtual-link neighbor
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 561
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
no area virtual-link
This command deletes the OSPF virtual interface from the given interface, identified by areaid and neighbor.
The neighbor parameter is the Router ID of the neighbor.
Format
no area areaid virtual-link neighbor
Mode
Router OSPF Config
area virtual-link authentication
This command configures the authentication type and key for the OSPF virtual interface identified by areaid
and neighbor. The neighbor parameter is the Router ID of the neighbor. The value for type is either none,
simple, or encrypt. The key is composed of standard displayable, non-control keystrokes from a Standard 101/
102-key keyboard. The authentication key must be 8 bytes or less if the authentication type is simple. If the
type is encrypt, the key may be up to 16 bytes. Unauthenticated interfaces do not need an authentication key.
If the type is encrypt, a key id in the range of 0 and 255 must be specified.The default value for authentication
type is none. Neither the default password key nor the default key id are configured.
Default
none
Format
area areaid virtual-link neighbor authentication {none | {simple key} | {encrypt key
keyid}}
Mode
Router OSPF Config
no area virtual-link authentication
This command configures the default authentication type for the OSPF virtual interface identified by areaid
and neighbor. The neighbor parameter is the Router ID of the neighbor.
Format
no area areaid virtual-link neighbor authentication
Mode
Router OSPF Config
area virtual-link dead-interval (OSPF)
This command configures the dead interval for the OSPF virtual interface on the virtual interface identified by
areaid and neighbor. The neighbor parameter is the Router ID of the neighbor. The range for seconds is 1 to
65535.
Default
40
Format
area areaid virtual-link neighbor dead-interval seconds
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 562
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
no area virtual-link dead-interval
This command configures the default dead interval for the OSPF virtual interface on the virtual interface
identified by areaid and neighbor. The neighbor parameter is the Router ID of the neighbor.
Format
no area areaid virtual-link neighbor dead-interval
Mode
Router OSPF Config
area virtual-link hello-interval (OSPF)
This command configures the hello interval for the OSPF virtual interface on the virtual interface identified by
areaid and neighbor. The neighbor parameter is the Router ID of the neighbor. The range for seconds is 1 to
65535.
Default
10
Format
area areaid virtual-link neighbor hello-interval 1-65535
Mode
Router OSPF Config
no area virtual-link hello-interval
This command configures the default hello interval for the OSPF virtual interface on the virtual interface
identified by areaid and neighbor. The neighbor parameter is the Router ID of the neighbor.
Format
no area areaid virtual-link neighbor hello-interval
Mode
Router OSPF Config
area virtual-link retransmit-interval (OSPF)
This command configures the retransmit interval for the OSPF virtual interface on the virtual interface
identified by areaid and neighbor. The neighbor parameter is the Router ID of the neighbor. The range for
seconds is 0 to 3600.
Default
5
Format
area areaid virtual-link neighbor retransmit-interval seconds
Mode
Router OSPF Config
no area virtual-link retransmit-interval
This command configures the default retransmit interval for the OSPF virtual interface on the virtual interface
identified by areaid and neighbor. The neighbor parameter is the Router ID of the neighbor.
Format
no area areaid virtual-link neighbor retransmit-interval
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 563
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
area virtual-link transmit-delay (OSPF)
This command configures the transmit delay for the OSPF virtual interface on the virtual interface identified by
areaid and neighbor. The neighbor parameter is the Router ID of the neighbor. The range for seconds is 0 to
3600 (1 hour).
Default
1
Format
area areaid virtual-link neighbor transmit-delay seconds
Mode
Router OSPF Config
no area virtual-link transmit-delay
This command resets the default transmit delay for the OSPF virtual interface to the default value.
Format
no area areaid virtual-link neighbor transmit-delay
Mode
Router OSPF Config
auto-cost (OSPF)
By default, OSPF computes the link cost of each interface from the interface bandwidth. Faster links have lower
metrics, making them more attractive in route selection. The configuration parameters in the auto-cost
reference bandwidth and bandwidth commands give you control over the default link cost. You can configure
for OSPF an interface bandwidth that is independent of the actual link speed. A second configuration
parameter allows you to control the ratio of interface bandwidth to link cost. The link cost is computed as the
ratio of a reference bandwidth to the interface bandwidth (ref_bw / interface bandwidth), where interface
bandwidth is defined by the bandwidth command. Because the default reference bandwidth is 100 Mbps, OSPF
uses the same default link cost for all interfaces whose bandwidth is 100 Mbps or greater. Use the auto-cost
command to change the reference bandwidth, specifying the reference bandwidth in megabits per second
(Mbps). The reference bandwidth range is 1-4294967 Mbps.
Default
100 Mbps
Format
auto-cost reference-bandwidth 1-4294967
Mode
Router OSPF Config
no auto-cost reference-bandwidth (OSPF)
Use this command to set the reference bandwidth to the default value.
Format
no auto-cost reference-bandwidth
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 564
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
capability opaque
Use this command to enable Opaque Capability on the Router. The information contained in Opaque LSAs may
be used directly by OSPF or indirectly by an application wishing to distribute information throughout the OSPF
domain. The HP Moonshot Switch Module supports the storing and flooding of Opaque LSAs of different
scopes. The default value of enabled means that OSPF will forward opaque LSAs by default. If you want to
upgrade from a previous release, where the default was disabled, opaque LSA forwarding will be enabled. If
you want to disable opaque LSA forwarding, then you should enter the command no capability opaque in OSPF
router configuration mode after the software upgrade.
Default
enabled
Format
capability opaque
Mode
Router Config
no capability opaque
Use this command to disable opaque capability on the router.
Format
no capability opaque
Mode
Router Config
clear ip ospf
Use this command to disable and re-enable OSPF.
Format
clear ip ospf
Mode
Privileged EXEC
clear ip ospf configuration
Use this command to reset the OSPF configuration to factory defaults.
Format
clear ip ospf configuration
Mode
Privileged EXEC
clear ip ospf counters
Use this command to reset global and interface statistics.
Format
clear ip ospf counters
Mode
Privileged EXEC
September 2014
CLI Command Reference
Page 565
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
clear ip ospf neighbor
Use this command to drop the adjacency with all OSPF neighbors. On each neighbor’s interface, send a oneway hello. Adjacencies may then be re-established. To drop all adjacencies with a specific router ID, specify the
neighbor’s Router ID using the optional parameter [neighbor-id].
Format
clear ip ospf neighbor [neighbor-id]
Mode
Privileged EXEC
clear ip ospf neighbor interface
To drop adjacency with all neighbors on a specific interface, use the optional parameter [unit/slot/port]. To
drop adjacency with a specific router ID on a specific interface, use the optional parameter [neighbor-id].
Format
clear ip ospf neighbor interface [unit/slot/port] [neighbor-id]
Mode
Privileged EXEC
clear ip ospf redistribution
Use this command to flush all self-originated external LSAs. Reapply the redistribution configuration and reoriginate prefixes as necessary.
Format
clear ip ospf redistribution
Mode
Privileged EXEC
default-information originate (OSPF)
This command is used to control the advertisement of default routes.
Default
• metric—unspecified
• type—2
Format
default-information originate [always] [metric 0-16777214] [metric-type {1 | 2}]
Mode
Router OSPF Config
no default-information originate (OSPF)
This command is used to control the advertisement of default routes.
Format
no default-information originate [metric] [metric-type]
Mode
Router OSPF Config
default-metric (OSPF)
This command is used to set a default for the metric of distributed routes.
September 2014
CLI Command Reference
Page 566
HP Moonshot Switch Module CLI Command Reference
Format
default-metric 1-16777214
Mode
Router OSPF Config
Open Shortest Path First Commands
no default-metric (OSPF)
This command is used to set a default for the metric of distributed routes.
Format
no default-metric
Mode
Router OSPF Config
distance ospf (OSPF)
This command sets the route preference value of OSPF in the router. Lower route preference values are
preferred when determining the best route. The type of OSPF route can be intra, inter, or external. All the
external type routes are given the same preference value. The range of preference value is 1 to 255.
Default
110
Format
distance ospf {intra-area 1-255 | inter-area 1-255 | external 1-255}
Mode
Router OSPF Config
no distance ospf
This command sets the default route preference value of OSPF routes in the router. The type of OSPF can be
intra, inter, or external. All the external type routes are given the same preference value.
Format
no distance ospf {intra-area | inter-area | external}
Mode
Router OSPF Config
distribute-list out (OSPF)
Use this command to specify the access list to filter routes received from the source protocol.
Format
distribute-list 1-199 out {rip | static | connected}
Mode
Router OSPF Config
no distribute-list out
Use this command to specify the access list to filter routes received from the source protocol.
Format
no distribute-list 1-199 out {rip | static | connected}
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 567
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
exit-overflow-interval (OSPF)
This command configures the exit overflow interval for OSPF. It describes the number of seconds after entering
overflow state that a router will wait before attempting to leave the overflow state. This allows the router to
again originate non-default AS-external-LSAs. When set to 0, the router will not leave overflow state until
restarted. The range for seconds is 0 to 2147483647 seconds.
Default
0
Format
exit-overflow-interval seconds
Mode
Router OSPF Config
no exit-overflow-interval
This command configures the default exit overflow interval for OSPF.
Format
no exit-overflow-interval
Mode
Router OSPF Config
external-lsdb-limit (OSPF)
This command configures the external LSDB limit for OSPF. If the value is -1, then there is no limit. When the
number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the
router enters overflow state. The router never holds more than the external LSDB limit non-default ASexternal-LSAs in it database. The external LSDB limit MUST be set identically in all routers attached to the OSPF
backbone and/or any regular OSPF area. The range for limit is -1 to 2147483647.
Default
-1
Format
external-lsdb-limit limit
Mode
Router OSPF Config
no external-lsdb-limit
This command configures the default external LSDB limit for OSPF.
Format
no external-lsdb-limit
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 568
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
log-adjacency-changes
To enable logging of OSPFv2 neighbor state changes, use the log-adjacency-changes command in router
configuration mode. State changes are logged with INFORMATIONAL severity.
Default
Adjacency state changes are logged, but without the detail option.
Format
log-adjacency-changes [detail]
Mode
OSPFv2 Router Configuration
Parameter
Description
detail
(Optional) When this keyword is specified, all adjacency state changes are logged.
Otherwise, OSPF only logs transitions to FULL state and when a backwards transition
occurs.
no log-adjacency-changes
Use the no form of the command to disable state change logging.
Format
no log-adjacency-changes [detail]
Mode
OSPFv2 Router Configuration
router-id (OSPF)
This command sets a 4-digit dotted-decimal number uniquely identifying the router ospf id. The ipaddress is a
configured value.
Format
router-id ipaddress
Mode
Router OSPF Config
redistribute (OSPF)
This command configures OSPF protocol to allow redistribution of routes from the specified source protocol/
routers.
Default
• metric—unspecified
• type—2
• tag—0
Format
redistribute {rip | static | connected} [metric 0-16777214] [metric-type {1 | 2}] [tag
0-4294967295] [subnets]
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 569
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
no redistribute
This command configures OSPF protocol to prohibit redistribution of routes from the specified source
protocol/routers.
Format
no redistribute {rip | static | connected} [metric] [metric-type] [tag] [subnets]
Mode
Router OSPF Config
maximum-paths (OSPF)
This command sets the number of paths that OSPF can report for a given destination where maxpaths is 1–4.
Default
4
Format
maximum-paths maxpaths
Mode
Router OSPF Config
no maximum-paths
This command resets the number of paths that OSPF can report for a given destination back to its default value.
Format
no maximum-paths
Mode
Router OSPF Config
passive-interface default (OSPF)
Use this command to enable global passive mode by default for all interfaces. It overrides any interface level
passive mode. OSPF will not form adjacencies over a passive interface.
Default
disabled
Format
passive-interface default
Mode
Router OSPF Config
no passive-interface default
Use this command to disable the global passive mode by default for all interfaces. Any interface previously
configured to be passive reverts to non-passive mode.
Format
no passive-interface default
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 570
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
passive-interface (OSPF)
Use this command to set the interface as passive. It overrides the global passive mode that is currently effective
on the interface. The argument unit/slot/port corresponds to a physical routing interface or VLAN routing
interface. The keyword vlan is used to specify the VLAN ID of the routing VLAN directly instead of a unit/slot/
port format.
Default
disabled
Format
passive-interface {unit/slot/port|vlan 1-4093}
Mode
Router OSPF Config
no passive-interface
Use this command to set the interface as non-passive. It overrides the global passive mode that is currently
effective on the interface.
Format
no passive-interface {unit/slot/port|vlan 1-4093}
Mode
Router OSPF Config
timers pacing flood
To adjust the rate at which OSPFv2 sends LS Update packets, use the timers pacing flood command in router
OSPFv2 global configuration mode. OSPF distributes routing information in Link State Advertisements (LSAs),
which are bundled into Link State Update (LS Update) packets. To reduce the likelihood of sending a neighbor
more packets than it can buffer, OSPF rate limits the transmission of LS Update packets. By default, OSPF sends
up to 30 updates per second on each interface (1/the pacing interval). Use this command to adjust this packet
rate.
Default
33 milliseconds
Format
timers pacing flood milliseconds
Mode
OSPFv2 Router Configuration
Parameter
Description
milliseconds
The average time between transmission of LS Update packets. The range is from 5 ms to
100 ms. The default is 33 ms.
no timers pacing flood
To revert LSA transmit pacing to the default rate, use the no timers pacing flood command.
Format
no timers pacing flood
Mode
OSPFv2 Router Configuration
September 2014
CLI Command Reference
Page 571
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
timers pacing lsa-group
To adjust how OSPF groups LSAs for periodic refresh, use the timers pacing lsa-group command in OSPFv2
Router Configuration mode. OSPF refreshes self-originated LSAs approximately once every 30 minutes. When
OSPF refreshes LSAs, it considers all self-originated LSAs whose age is from 1800 to 1800 plus the pacing group
size. Grouping LSAs for refresh allows OSPF to combine refreshed LSAs into a minimal number of LS Update
packets. Minimizing the number of Update packets makes LSA distribution more efficient.
When OSPF originates a new or changed LSA, it selects a random refresh delay for the LSA. When the refresh
delay expires, OSPF refreshes the LSA. By selecting a random refresh delay, OSPF avoids refreshing a large
number of LSAs at one time, even if a large number of LSAs are originated at one time.
Default
60 seconds
Format
timers pacing lsa-group seconds
Mode
OSPFv2 Router Configuration
Parameter
Description
seconds
Width of the window in which LSAs are refreshed. The range for the pacing group window
is from 10 to 1800 seconds.
timers spf
Use this command to configure the SPF delay time and hold time. The valid range for both parameters is 065535 seconds.
Default
• delay-time—5
• hold-time—10
Format
timers spf delay-time hold-time
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 572
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
trapflags (OSPF)
Use this command to enable individual OSPF traps, enable a group of trap flags at a time, or enable all the trap
flags at a time. The different groups of trapflags, and each group’s specific trapflags to enable or disable, are
listed in Table 11.
Table 11: Trapflags Groups
Group
Flags
errors
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
lsa
overflow
retransmit
state-change
authentication-failure
bad-packet
config-error
virt-authentication-failure
virt-bad-packet
virt-config-error
lsa-maxage
lsa-originate
lsdb-overflow
lsdb-approaching-overflow
packets
virt-packets
if-state-change
neighbor-state-change
virtif-state-change
virtneighbor-state-change
• To enable the individual flag, enter the group name followed by that particular flag.
• To enable all the flags in that group, give the group name followed by all.
• To enable all the flags, give the command as trapflags all.
Default
disabled
Format
trapflags {
all | errors {all | authentication-failure | bad-packet | config-error |
virt-authentication-failure | virt-bad-packet | virt-config-error} |
lsa {all | lsa-maxage | lsa-originate} |
overflow {all | lsdb-overflow | lsdb-approaching-overflow} |
retransmit {all | packets | virt-packets} |
state-change {all | if-state-change | neighbor-state-change | virtif-state-change |
virtneighbor-state-change}
}
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 573
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
no trapflags
Use this command to revert to the default reference bandwidth.
• To disable the individual flag, enter the group name followed by that particular flag.
• To disable all the flags in that group, give the group name followed by all.
• To disable all the flags, give the command as trapflags all.
Format
no trapflags {
all |
errors {all | authentication-failure | bad-packet | config-error | virtauthentication-failure | virt-bad-packet | virt-config-error} |
lsa {all | lsa-maxage | lsa-originate} |
overflow {all | lsdb-overflow | lsdb-approaching-overflow} |
retransmit {all | packets | virt-packets} |
state-change {all | if-state-change | neighbor-state-change | virtif-statechange | virtneighbor-state-change}
}
Mode
Router OSPF Config
September 2014
CLI Command Reference
Page 574
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
OSPF Interface Commands
ip ospf area
Use this command to enable OSPFv2 and set the area ID of an interface or range of interfaces. The area-id is
an IP address formatted as a 4-digit dotted-decimal number or a decimal value in the range of 0-4294967295.
This command supersedes the effects of the network area command.
Default
disabled
Format
ip ospf area area-id
Mode
Interface Config
no ip ospf area
Use this command to disable OSPF on an interface.
Format
no ip ospf area
Mode
Interface Config
bandwidth
By default, OSPF computes the link cost of an interface as the ratio of the reference bandwidth to the interface
bandwidth. Reference bandwidth is specified with the auto-cost command. For the purpose of the OSPF link
cost calculation, use the bandwidth command to specify the interface bandwidth. The bandwidth is specified
in kilobits per second. If no bandwidth is configured, the bandwidth defaults to the actual interface bandwidth
for port-based routing interfaces and to 10 Mbps for VLAN routing interfaces. This command does not affect
the actual speed of an interface. You can use this command to configure a single interface or a range of
interfaces.
Default
actual interface bandwidth
Format
bandwidth 1-10000000
Mode
Interface Config
no bandwidth
Use this command to set the interface bandwidth to its default value.
Format
no bandwidth
Mode
Interface Config
September 2014
CLI Command Reference
Page 575
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
ip ospf authentication
This command sets the OSPF Authentication Type and Key for the specified interface or range of interfaces. The
value of type is either none, simple or encrypt. The key is composed of standard displayable, non-control
keystrokes from a Standard 101/102-key keyboard. The authentication key must be 8 bytes or less if the
authentication type is simple. If the type is encrypt, the key may be up to 16 bytes. If the type is encrypt a keyid
in the range of 0 and 255 must be specified. Unauthenticated interfaces do not need an authentication key or
authentication key ID. There is no default value for this command.
Format
ip ospf authentication {none | {simple key} | {encrypt key keyid}}
Mode
Interface Config
no ip ospf authentication
This command sets the default OSPF Authentication Type for the specified interface.
Format
no ip ospf authentication
Mode
Interface Config
ip ospf cost
This command configures the cost on an OSPF interface or range of interfaces. The cost parameter has a range
of 1 to 65535.
Default
10
Format
ip ospf cost 1-65535
Mode
Interface Config
no ip ospf cost
This command configures the default cost on an OSPF interface.
Format
no ip ospf cost
Mode
Interface Config
ip ospf database-filter all out
Use the ip ospf database-filter all out command in Interface Configuration mode to disable OSPFv2 LSA
flooding on an interface.
Default
Disabled
Format
ip ospf database-filter all out
Mode
Interface Configuration
September 2014
CLI Command Reference
Page 576
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
no ip ospf database-filter all out
Use the no ip ospf database-filter all out command in Interface Configuration mode to enable OSPFv2 LSA
flooding on an interface.
Default
Disabled
Format
ip ospf database-filter all out
Mode
Interface Configuration
ip ospf dead-interval
This command sets the OSPF dead interval for the specified interface or range of interfaces. The value for
seconds (range: 1–65535), which represents the length of time in seconds that a router's Hello packets have
not been seen before its neighbor routers declare that the router is down. The value for the length of time must
be the same for all routers attached to a common network. This value should be some multiple of the Hello
Interval (i.e. 4).
Default
40
Format
ip ospf dead-interval seconds
Mode
Interface Config
no ip ospf dead-interval
This command sets the default OSPF dead interval for the specified interface.
Format
no ip ospf dead-interval
Mode
Interface Config
ip ospf hello-interval
This command sets the OSPF hello interval for the specified interface or range of interfaces. The value for
seconds is a valid positive integer, which represents the length of time in seconds. The value for the length of
time must be the same for all routers attached to a network. Valid values range from 1 to 65535.
Default
10
Format
ip ospf hello-interval seconds
Mode
Interface Config
no ip ospf hello-interval
This command sets the default OSPF hello interval for the specified interface.
Format
no ip ospf hello-interval
Mode
Interface Config
September 2014
CLI Command Reference
Page 577
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
ip ospf network
Use this command to configure OSPF to treat an interface or range of interfaces as a point-to-point rather than
broadcast interface. The broadcast option sets the OSPF network type to broadcast. The point-to-point
option sets the OSPF network type to point-to-point. OSPF treats interfaces as broadcast interfaces by default.
(Loopback interfaces have a special loopback network type, which cannot be changed.) When there are only
two routers on the network, OSPF can operate more efficiently by treating the network as a point-to-point
network. For point-to-point networks, OSPF does not elect a designated router or generate a network link state
advertisement (LSA). Both endpoints of the link must be configured to operate in point-to-point mode.
Default
broadcast
Format
ip ospf network {broadcast | point-to-point}
Mode
Interface Config
no ip ospf network
Use this command to return the OSPF network type to the default.
Format
no ip ospf network
Mode
Interface Config
ip ospf priority
This command sets the OSPF priority for the specified router interface or range of interfaces. The priority of
the interface is a priority integer from 0 to 255. A value of 0 indicates that the router is not eligible to become
the designated router on this network.
Default
1, which is the highest router priority
Format
ip ospf priority 0-255
Mode
Interface Config
no ip ospf priority
This command sets the default OSPF priority for the specified router interface.
Format
no ip ospf priority
Mode
Interface Config
September 2014
CLI Command Reference
Page 578
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
ip ospf retransmit-interval
This command sets the OSPF retransmit Interval for the specified interface or range of interfaces. The
retransmit interval is specified in seconds. The value for seconds is the number of seconds between link-state
advertisement retransmissions for adjacencies belonging to this router interface. This value is also used when
retransmitting database description and link-state request packets. Valid values range from 0 to 3600 (1 hour).
Default
5
Format
ip ospf retransmit-interval 0-3600
Mode
Interface Config
no ip ospf retransmit-interval
This command sets the default OSPF retransmit Interval for the specified interface.
Format
no ip ospf retransmit-interval
Mode
Interface Config
ip ospf transmit-delay
This command sets the OSPF Transit Delay for the specified interface or range of interfaces. The transmit delay
is specified in seconds. In addition, it sets the estimated number of seconds it takes to transmit a link state
update packet over this interface. Valid values for seconds range from 1 to 3600 (1 hour).
Default
1
Format
ip ospf transmit-delay 1-3600
Mode
Interface Config
no ip ospf transmit-delay
This command sets the default OSPF Transit Delay for the specified interface.
Format
no ip ospf transmit-delay
Mode
Interface Config
September 2014
CLI Command Reference
Page 579
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
ip ospf mtu-ignore
This command disables OSPF maximum transmission unit (MTU) mismatch detection on an interface or range
of interfaces. OSPF Database Description packets specify the size of the largest IP packet that can be sent
without fragmentation on the interface. When a router receives a Database Description packet, it examines the
MTU advertised by the neighbor. By default, if the MTU is larger than the router can accept, the Database
Description packet is rejected and the OSPF adjacency is not established.
Default
enabled
Format
ip ospf mtu-ignore
Mode
Interface Config
no ip ospf mtu-ignore
This command enables the OSPF MTU mismatch detection.
Format
no ip ospf mtu-ignore
Mode
Interface Config
September 2014
CLI Command Reference
Page 580
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
IP Event Dampening Commands
dampening
Use this command to enable IP event dampening on a routing interface.
Format
dampening [half-life period] [reuse-threshold suppress-threshold max-suppress-time
[restart restart-penalty]]
Mode
Interface Config
Parameter
Description
Half-life period
The number of seconds it takes for the penalty to reduce by half. The configurable range is
1-30 seconds. Default value is 5 seconds.
Reuse Threshold The value of the penalty at which the dampened interface is restored. The configurable
range is 1-20,000. Default value is 1000.
Suppress
The value of the penalty at which the interface is dampened. The configurable range is 1Threshold
20,000. Default value is 2000.
Max Suppress
The maximum amount of time (in seconds) an interface can be in suppressed state after it
Time
stops flapping. The configurable range is 1-255 seconds. The default value is four times of
half-life period. If half-period value is allowed to default, the maximum suppress time
defaults to 20 seconds.
Restart Penalty Penalty applied to the interface after the device reloads. The configurable range is 120,000. Default value is 2000.
no dampening
This command disables IP event dampening on a routing interface.
Format
no dampening
Mode
Interface Config
show dampening interface
This command summarizes the number of interfaces configured with dampening and the number of interfaces
being suppressed.
Format
show dampening interface
Mode
Privileged EXEC
Example: The following shows example CLI display output for the command.
(Router)# show dampening interface
2 interfaces are configured with dampening.
1 interface is being suppressed.
September 2014
CLI Command Reference
Page 581
Open Shortest Path First Commands
HP Moonshot Switch Module CLI Command Reference
show interface dampening
This command displays the status and configured parameters of the interfaces configured with dampening.
Format
show interface dampening
Mode
Privileged EXEC
Parameter
Description
Flaps
The number times the link state of an interface changed from UP to DOWN.
Penalty
Accumulated Penalty.
Supp
Indicates if the interface is suppressed or not.
ReuseTm
Number of seconds until the interface is allowed to come up again.
HalfL
Configured half-life period.
ReuseV
Configured reuse-threshold.
SuppV
Configured suppress threshold.
MaxSTm
Configured maximum suppress time in seconds.
MaxP
Maximum possible penalty.
Restart
Configured restart penalty.
Note:
1. The CLI command “clear counters” on page 193 resets the flap count to zero.
2. The interface CLI command “no shutdown” on page 271 resets the suppressed state to False.
3. Any change in the dampening configuration resets the current penalty, reuse time and suppressed state to
their default values, meaning 0, 0, and FALSE respectively.
Example: The following shows example CLI display output for the command.
Router# show interface dampening
Interface 1/0/2
Flaps
Penalty
0
0
Interface 1/0/3
Flaps
Penalty
6
1865
September 2014
Supp
ReuseTm
FALSE
0
HalfL
Supp
ReuseTm
TRUE
18
HalfL
ReuseV
5
SuppV
1000
ReuseV
SuppV
20
1000
MaxSTm
MaxP
2000
MaxSTm
2001
Restart
20
MaxP
16000
0
Restart
30
2828
1500
CLI Command Reference
Page 582
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
OSPF Graceful Restart Commands
The OSPF protocol can be configured to participate in the checkpointing service, so that these protocols can
execute a “graceful restart” when the management unit fails. In a graceful restart, the hardware to continues
forwarding IPv4 packets using OSPF routes while a backup switch takes over management unit responsibility
Graceful restart uses the concept of “helpful neighbors”. A fully adjacent router enters helper mode when it
receives a link state announcement (LSA) from the restarting management unit indicating its intention of
performing a graceful restart. In helper mode, a switch continues to advertise to the rest of the network that
they have full adjacencies with the restarting router, thereby avoiding announcement of a topology change and
the potential for flooding of LSAs and shortest-path-first (SPF) runs (which determine OSPF routes). Helpful
neighbors continue to forward packets through the restarting router. The restarting router relearns the
network topology from its helpful neighbors.
Graceful restart can be enabled for either planned or unplanned restarts, or both. A planned restart is initiated
by the operator through the management command initiate failover. The operator may initiate a failover
in order to take the management unit out of service (for example, to address a partial hardware failure), to
correct faulty system behavior which cannot be corrected through less severe management actions, or other
reasons. An unplanned restart is an unexpected failover caused by a fatal hardware failure of the management
unit or a software hang or crash on the management unit.
nsf
Use this command to enable the OSPF graceful restart functionality on an interface. To disable graceful restart,
use the no form of the command.
Default
Disabled
Format
nsf [ietf] [planned-only]
Modes
OSPF Router Configuration
Parameter
Description
ietf
planned-only
This keyword is accepted but not required.
This optional keyword indicates that OSPF should only perform a graceful restart when the
restart is planned (i.e., when the restart is a result of the initiate failover command).
no nsf
Use this command to disable graceful restart for all restarts.
September 2014
CLI Command Reference
Page 583
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
nsf restart-interval
Use this command to configure the number of seconds that the restarting router asks its neighbors to wait
before exiting helper mode. This is referred to as the grace period. The restarting router includes the grace
period in its grace LSAs. For planned restarts (using the initiate failover command), the grace LSAs are sent
prior to restarting the management unit, whereas for unplanned restarts, they are sent after reboot begins.
The grace period must be set long enough to allow the restarting router to reestablish all of its adjacencies and
complete a full database exchange with each of those neighbors.
Default
120 seconds
Format
nsf [ietf] restart-interval 1-1800
Modes
OSPF Router Configuration
Parameter
Description
ietf
seconds
This keyword is accepted but not required.
The number of seconds that the restarting router asks its neighbors to wait before exiting
helper mode. The range is from 1 to 1800 seconds.
no nsfrestart-interval
Use this command to revert the grace period to its default value.
Format
no [ietf] nsf restart-interval
Modes
OSPF Router Configuration
nsf helper
Use this command to enable helpful neighbor functionality for the OSPF protocol. You can enable this
functionality for planned or unplanned restarts, or both.
Default
OSPF may act as a helpful neighbor for both planned and unplanned restarts
Format
nsf helper [planned-only]
Modes
OSPF Router Configuration
Parameter
Description
planned-only
This optional keyword indicates that OSPF should only help a restarting router performing
a planned restart.
September 2014
CLI Command Reference
Page 584
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
no nsf helper
Use this command to disable helpful neighbor functionality for OSPF.
Format
no nsf helper
Modes
OSPF Router Configuration
nsf ietf helper disable
Use this command to disable helpful neighbor functionality for OSPF.
Note: The commands no nsf helper and nsf ietf helper disable are functionally equivalent. The
command nsf ietf helper disable is supported solely for compatibility with other network software
CLI.
Format
nsf ietf helper disable
Modes
OSPF Router Configuration
nsf helper strict-lsa-checking
The restarting router is unable to react to topology changes. In particular, the restarting router will not
immediately update its forwarding table; therefore, a topology change may introduce forwarding loops or
black holes that persist until the graceful restart completes. By exiting the graceful restart on a topology
change, a router tries to eliminate the loops or black holes as quickly as possible by routing around the
restarting router. A helpful neighbor considers a link down with the restarting router to be a topology change,
regardless of the strict LSA checking configuration.
Use this command to require that an OSPF helpful neighbor exit helper mode whenever a topology change
occurs.
Default
Enabled.
Format
nsf [ietf] helper strict-lsa-checking
Modes
OSPF Router Configuration
Parameter
Description
ietf
This keyword is accepted but not required.
September 2014
CLI Command Reference
Page 585
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
no nsf [ietf] helper strict-lsa-checking
Use this command to allow OSPF to continue as a helpful neighbor in spite of topology changes.
Default
Enabled.
Format
nsf [ietf] helper strict-lsa-checking
Modes
OSPF Router Configuration
OSPFv2 Stub Router Commands
max-metric router-lsa
To configure OSPF to enter stub router mode, use this command in Router OSPF Global Configuration mode.
When OSPF is in stub router mode, as defined by RFC 3137, OSPF sets the metric in the non-stub links in its
router LSA to LsInfinity. Other routers therefore compute very long paths through the stub router, and prefer
any alternate path. Doing so eliminates all transit traffic through the stub router, when alternate routes are
available. Stub router mode is useful when adding or removing a router from a network or to avoid transient
routes when a router reloads.
You can administratively force OSPF into stub router mode. OSPF remains in stub router mode until you take
OSPF out of stub router mode. Alternatively, you can configure OSPF to start in stub router mode for a
configurable period of time after the router boots up.
If you set the summary LSA metric to 16,777,215, other routers will skip the summary LSA when they compute
routes.
If you have configured the router to enter stub router mode on startup (max-metric router-lsa on-startup), and
then enter max-metric router lsa, there is no change. If OSPF is administratively in stub router mode (the maxmetric router-lsa command has been given), and you configure OSPF to enter stub router mode on startup
(max-metric router-lsa on-startup), OSPF exits stub router mode (assuming the startup period has expired) and
the configuration is updated.
Default
OSPF is not in stub router mode by default
Format
max-metric router-lsa [on-startup seconds] [summary-lsa {metric}]
Mode
OSPFv2 Router Configuration
Parameter
Description
on-startup
seconds
(Optional) OSPF starts in stub router mode after a reboot.
(Required if on-startup) The number of seconds that OSPF remains in stub router mode
after a reboot. The range is 5 to 86,400 seconds. There is no default value.
(Optional) Set the metric in type 3 and type 4 summary LSAs to LsInfinity (0xFFFFFF).
(Optional) Metric to send in summary LSAs when in stub router mode. The range is 1 to
16,777,215. The default is 16,711,680 (0xFF0000).
summary-lsa
metric
September 2014
CLI Command Reference
Page 586
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
no max-metric router-lsa
Use this command in OSPFv2 Router Configuration mode to disable stub router mode. The command clears
either type of stub router mode (always or on-startup) and resets the summary-lsa option. If OSPF is
configured to enter global configuration mode on startup, and during normal operation you want to
immediately place OSPF in stub router mode, issue the command no max-metric router-lsa on-startup. The
command no max-metric router-lsa summary-lsa causes OSPF to send summary LSAs with metrics computed
using normal procedures defined in RFC 2328.
Format
no max-metric router-lsa [on-startup] [summary-lsa]
Mode
OSPFv2 Router Configuration
clear ip ospf stub-router
Use the clear ip ospf stub-router command in Privileged EXEC mode to force OSPF to exit stub router mode
when it has automatically entered stub router mode because of a resource limitation. OSPF only exits stub
router mode if it entered stub router mode because of a resource limitation or it if is in stub router mode at
startup. This command has no effect if OSPF is configured to be in stub router mode permanently.
Format
clear ip ospf stub-router
Mode
Privileged EXEC
OSPF Show Commands
show ip ospf
This command displays information relevant to the OSPF router.
Format
show ip ospf
Mode
Privileged EXEC
Note: Some of the information below displays only if you enable OSPF and configure certain features.
Term
Definition
Router ID
A 32-bit integer in dotted decimal format identifying the router, about which information
is displayed. This is a configured value.
Shows whether the administrative mode of OSPF in the router is enabled or disabled. This
is a configured value.
Indicates whether 1583 compatibility is enabled or disabled. This is a configured value.
OSPF Admin
Mode
RFC 1583
Compatibility
External LSDB
Limit
September 2014
The maximum number of non-default AS-external-LSA (link state advertisement) entries
that can be stored in the link-state database.
CLI Command Reference
Page 587
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
Term
Definition
Exit Overflow
Interval
Spf Delay Time
The number of seconds that, after entering overflow state, a router will attempt to leave
overflow state.
The number of seconds between two subsequent changes of LSAs, during which time the
routing table calculation is delayed.
The number of seconds between two consecutive spf calculations.
The average time, in milliseconds, between LS Update packet transmissions on an
interface. This is the value configured with the command “timers pacing flood” on
page 571.
The size in seconds of the LSA refresh group window. This is the value configured with the
command “timers pacing lsa-group” on page 572.
Spf Hold Time
Flood Pacing
Interval
LSA Refresh
Group Pacing
Time
Opaque
Capability
Autocost Ref BW
Default Passive
Setting
Maximum Paths
Default Metric
Stub Router
Configuration
Shows whether the router is capable of sending Opaque LSAs. This is a configured value.
Shows the value of auto-cost reference bandwidth configured on the router.
Shows whether the interfaces are passive by default.
The maximum number of paths that OSPF can report for a given destination.
Default value for redistributed routes.
When OSPF runs out of resources to store the entire link state database, or any other state
information, OSPF goes into stub router mode. As a stub router, OSPF re-originates its own
router LSAs, setting the cost of all non-stub interfaces to infinity. Use this field to set stub
router configuration to one of Always, Startup, None.
Stub Router
Configured value in seconds. This row is only listed if OSPF is configured to be a stub router
Startup Time
at startup.
Summary LSA
One of Enabled (met), Disabled, where met is the metric to be sent in summary LSAs when
Metric Override in stub router mode.
Default Route
Indicates whether the default routes received from other source protocols are advertised
Advertise
or not.
Always
Shows whether default routes are always advertised.
Metric
The metric of the routes being redistributed. If the metric is not configured, this field is
blank.
Metric Type
Shows whether the routes are External Type 1 or External Type 2.
Number of Active The number of active OSPF areas. An “active” OSPF area is an area with at least one
Areas
interface up.
ABR Status
Shows whether the router is an OSPF Area Border Router.
ASBR Status
Reflects whether the ASBR mode is enabled or disabled. Enable implies that the router is
an autonomous system border router. The router automatically becomes an ASBR when it
is configured to redistribute routes learnt from other protocols. The possible values for the
ASBR status is enabled (if the router is configured to redistribute routes learned by other
protocols) or disabled (if the router is not configured for the same).
Stub Router
One of Active, Inactive.
Status
Stub Router
One of Configured, Startup, Resource Limitation.
Reason
Note: The row is only listed if stub router is active.
September 2014
CLI Command Reference
Page 588
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
Term
Definition
Stub Router
Startup Time
Remaining
Stub Router
Duration
The remaining time, in seconds, until OSPF exits stub router mode. This row is only listed if
OSPF is in startup stub router mode.
External LSDB
Overflow
External LSA
Count
External LSA
Checksum
AS_OPAQUE LSA
Count
AS_OPAQUE LSA
Checksum
New LSAs
Originated
LSAs Received
LSA Count
Maximum
Number of LSAs
LSA High Water
Mark
AS Scope LSA
Flood List Length
Retransmit List
Entries
Maximum
Number of
Retransmit
Entries
Retransmit
Entries High
Water Mark
NSF Support
NSF Restart
Interval
NSF Restart
Status
September 2014
The time elapsed since the router last entered the stub router mode. The row is only listed
if stub router is active and the router entered stub mode because of a resource limitation.
The duration is displayed in DD:HH:MM:SS format.
When the number of non-default external LSAs exceeds the configured limit, External LSDB
Limit, OSPF goes into LSDB overflow state. In this state, OSPF withdraws all of its selforiginated non-default external LSAs. After the Exit Overflow Interval, OSPF leaves the
overflow state, if the number of external LSAs has been reduced.
The number of external (LS type 5) link-state advertisements in the link-state database.
The sum of the LS checksums of external link-state advertisements contained in the linkstate database.
Shows the number of AS Opaque LSAs in the link-state database.
Shows the sum of the LS Checksums of AS Opaque LSAs contained in the link-state
database.
The number of new link-state advertisements that have been originated.
The number of link-state advertisements received determined to be new instantiations.
The total number of link state advertisements currently in the link state database.
The maximum number of LSAs that OSPF can store.
The maximum size of the link state database since the system started.
The number of LSAs currently in the global flood queue waiting to be flooded through the
OSPF domain. LSAs with AS flooding scope, such as type 5 external LSAs and type 11
Opaque LSAs.
The total number of LSAs waiting to be acknowledged by all neighbors. An LSA may be
pending acknowledgment from more than one neighbor.
The maximum number of LSAs that can be waiting for acknowledgment at any given time.
The maximum number of LSAs on all neighbors’ retransmit lists at any given time.
Indicates whether nonstop forwarding (NSF) is enabled for the OSPF protocol for planned
restarts, unplanned restarts or both (“Always”).
The user-configurable grace period during which a neighboring router will be in the helper
state after receiving notice that the management unit is performing a graceful restart.
The current graceful restart status of the router.
• Not Restarting
• Planned Restart
• Unplanned Restart
CLI Command Reference
Page 589
Open Shortest Path First Commands
HP Moonshot Switch Module CLI Command Reference
Term
Definition
NSF Restart Age
NSF Restart Exit
Reason
Number of seconds until the graceful restart grace period expires.
Indicates why the router last exited the last restart:
• None—Graceful restart has not been attempted.
• In Progress—Restart is in progress.
• Completed—The previous graceful restart completed successfully.
• Timed Out—The previous graceful restart timed out.
• Topology Changed—The previous graceful restart terminated prematurely because of
a topology change.
NSF Help Support Indicates whether helpful neighbor functionality has been enabled for OSPF for planned
restarts, unplanned restarts, or both (Always).
NSF help Strict
Indicates whether strict LSA checking has been enabled. If enabled, then an OSPF helpful
LSA checking
neighbor will exit helper mode whenever a topology change occurs. If disabled, an OSPF
neighbor will continue as a helpful neighbor in spite of topology changes.
Example: The following shows example CLI display output for the command.
(alpha3) #show ip ospf
Router ID......................................
OSPF Admin Mode................................
RFC 1583 Compatibility.........................
External LSDB Limit............................
Exit Overflow Interval.........................
Spf Delay Time.................................
Spf Hold Time..................................
Flood Pacing Interval..........................
LSA Refresh Group Pacing Time..................
Opaque Capability..............................
AutoCost Ref BW................................
Default Passive Setting........................
Maximum Paths..................................
Default Metric.................................
Stub Router Configuration......................
Stub Router Startup Time.......................
Summary LSA Metric Override....................
3.3.3.3
Enable
Enable
No Limit
0
5
10
33 ms
60 sec
Enable
100 Mbps
Disabled
4
Not configured
<val>
<val> seconds
Enabled (<met>)
Default Route Advertise........................
Always.........................................
Metric.........................................
Metric Type....................................
Disabled
FALSE
Not configured
External Type 2
Number of Active Areas.........................
ABR Status.....................................
ASBR Status....................................
Stub Router....................................
Stub Router Status.............................
Stub Router Reason.............................
Stub Router Startup Time Remaining.............
Stub Router Duration...........................
External LSDB Overflow.........................
1 (1 normal, 0 stub, 0 nssa)
Disable
Disable
FALSE
Inactive
<reason>
<duration> seconds
<duration>
FALSE
September 2014
CLI Command Reference
Page 590
Open Shortest Path First Commands
HP Moonshot Switch Module CLI Command Reference
External LSA Count.............................
External LSA Checksum..........................
AS_OPAQUE LSA Count............................
AS_OPAQUE LSA Checksum.........................
New LSAs Originated............................
LSAs Received..................................
LSA Count......................................
Maximum Number of LSAs.........................
LSA High Water Mark............................
AS Scope LSA Flood List Length.................
Retransmit List Entries........................
Maximum Number of Retransmit Entries...........
Retransmit Entries High Water Mark.............
NSF Helper Support.............................
NSF Helper Strict LSA Checking.................
0
0
0
0
55
82
1
24200
9
0
0
96800
1
Always
Enabled
show ip ospf abr
This command displays the internal OSPF routing table entries to Area Border Routers (ABR). This command
takes no options.
Format
show ip ospf abr
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Type
The type of the route to the destination. It can be either:
• intra — Intra-area route
• inter — Inter-area route
Router ID of the destination.
Cost of using this route.
The area ID of the area from which this route is learned.
Next hop toward the destination.
The outgoing router interface to use when forwarding traffic to the next hop.
Router ID
Cost
Area ID
Next Hop
Next Hop Intf
September 2014
CLI Command Reference
Page 591
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
show ip ospf area
This command displays information about the area. The areaid identifies the OSPF area that is being displayed.
Format
show ip ospf area areaid
Modes
• Privileged EXEC
• User EXEC
Term
Definition
AreaID
The area id of the requested OSPF area.
External Routing A number representing the external routing capabilities for this area.
Spf Runs
The number of times that the intra-area route table has been calculated using this area's
link-state database.
Area Border
The total number of area border routers reachable within this area.
Router Count
Area LSA Count Total number of link-state advertisements in this area's link-state database, excluding AS
External LSA's.
Area LSA
A number representing the Area LSA Checksum for the specified AreaID excluding the
Checksum
external (LS type 5) link-state advertisements.
Flood List Length The number of LSAs waiting to be flooded within the area.
Import Summary Shows whether to import summary LSAs.
LSAs
OSPF Stub Metric The metric value of the stub area. This field displays only if the area is a configured as a stub
Value
area.
The following OSPF NSSA specific information displays only if the area is configured as an NSSA:
Term
Definition
Import Summary
LSAs
Redistribute into
NSSA
Default
Information
Originate
Default Metric
Default Metric
Type
Translator Role
Translator
Stability Interval
Translator State
Shows whether to import summary LSAs into the NSSA.
September 2014
Shows whether to redistribute information into the NSSA.
Shows whether to advertise a default route into the NSSA.
The metric value for the default route advertised into the NSSA.
The metric type for the default route advertised into the NSSA.
The NSSA translator role of the ABR, which is always or candidate.
The amount of time that an elected translator continues to perform its duties after it
determines that its translator status has been deposed by another router.
Shows whether the ABR translator state is disabled, always, or elected.
CLI Command Reference
Page 592
Open Shortest Path First Commands
HP Moonshot Switch Module CLI Command Reference
Example: The following shows example CLI display output for the command.
(R1) #show ip ospf area 1
AreaID.........................................
External Routing...............................
Spf Runs.......................................
Area Border Router Count.......................
Area LSA Count.................................
Area LSA Checksum..............................
Flood List Length..............................
Import Summary LSAs............................
0.0.0.1
Import External LSAs
10
0
3004
0x5e0abed
0
Enable
show ip ospf asbr
This command displays the internal OSPF routing table entries to Autonomous System Boundary Routers
(ASBR). This command takes no options.
Format
show ip ospf asbr
Mode
• Privileged EXEC
• User EXEC
Term
Definition
Type
The type of the route to the destination. It can be one of the following values:
intra — Intra-area route
inter — Inter-area route
Router ID of the destination.
Cost of using this route.
The area ID of the area from which this route is learned.
Next hop toward the destination.
The outgoing router interface to use when forwarding traffic to the next hop.
Router ID
Cost
Area ID
Next Hop
Next Hop Intf
show ip ospf database
This command displays information about the link state database when OSPF is enabled. If you do not enter
any parameters, the command displays the LSA headers for all areas. Use the optional areaid parameter to
display database information about a specific area. Use the optional parameters to specify the type of link state
advertisements to display.
Parameter
Description
asbr-summary
external
network
nssa-external
Use asbr-summary to show the autonomous system boundary router (ASBR) summary LSAs.
Use external to display the external LSAs.
Use network to display the network LSAs.
Use nssa-external to display NSSA external LSAs.
September 2014
CLI Command Reference
Page 593
HP Moonshot Switch Module CLI Command Reference
Open Shortest Path First Commands
Parameter
Description
opaque-area
opaque-as
opaque-link
router
summary
lsid
Use opaque-area to display area opaque LSAs.
Use opaque-as to display AS opaque LSAs.
Use opaque-link to display link opaque LSAs.
Use router to display router LSAs.
Use summary to show the LSA database summary information.
Use lsid to specify the link state ID (LSID). The value of lsid can be an IP address or an
integer in the range of 0-4294967295.
Use adv-router to show the LSAs that are restricted by the advertising router.
Use self-orig