AT-8100 Series
Fast Ethernet Switches
AT-8100L/8
AT-8100L/8POE
AT-8100L/8POE-E
AT-8100S/24C
AT-8100S/24
AT-8100S/24POE
AT-8100S/16F8-SC
AT-8100S/16F8-LC
AT-8100S/24F-LC
AT-8100S/48
AT-8100S/48POE










AT-8100S/24POE

25
26R
26
49R
49
50R
50
CONSOLE
AT-8100S/48POE
plus
S1
LINK / ACT S2
CONSOLE
plus
1
3
TX
L/A
RX
5
TX
2
AT-8100S/24F-BiDi
AT-8100S/16F8-SC
25R
L/A
RX
4
TX
L/A
RX
7
TX
L/A
RX
6
TX
L/A
RX
9
TX
L/A
RX
8
TX
L/A
RX
11
TX
L/A
RX
10
TX
L/A
RX
13
TX
L/A
RX
12
TX
L/A
RX
L/A
RX
19
21
23
25R
25
18
20
22
24
26R
26
LINK / ACT S2
CONSOLE
15
TX
L/A
RX
TX
14
TX
17
S1
L/A
RX
16
TX
L/A
RX
TX
L/A
RX
1
3
5
7
9
11
13
15
17
19
21
23
2
4
6
8
10
12
14
16
18
20
22
24
25R
25
26R
26
S1
LINK / ACT S2
CONSOLE
S1
LINK / ACT S2
2056
Management Software
Command Line Interface User’s Guide
AlliedWare Plus Version 2.2.4
613-001749 Rev. A
Copyright
Copyright © 2012, Allied Telesis, Inc.
All rights reserved.
This product includes software licensed under the BSD License. As such, the following language applies for those
portions of the software licensed under the BSD License:
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following
disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided with the distribution.
* Neither the name of Allied Telesis, Inc. nor the names of the respective companies above may be used to endorse or
promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Copyright 1989, 1991, 1992 by Carnegie Mellon University. Derivative Work - 1996, 1998-2000. Copyright 1996, 19982000 by The Regents of the University of California - All rights reserved. Copyright (c) 2001-2003 by Networks
Associates Technology, Inc. - All rights reserved. Copyright (c) 2001-2003 by Cambridge Broadband Ltd. - All rights
reserved. Copyright (c) 2003 by Sun Microsystems, Inc. - All rights reserved. Copyright (c) 2003-2005 by Sparta, Inc. All rights reserved. Copyright (c) 2004 by Cisco, Inc. and Information Network Center of Beijing University of Posts and
Telecommunications. - All rights reserved. Copyright (c) 2003 by Fabasoft R&D Software GmbH & Co KG - All rights
reserved. Copyright (c) 2004-2006 by Internet Systems Consortium, Inc. ("ISC") - All rights reserved. Copyright (c)
1995-2003 by Internet Software Consortium - All rights reserved. Copyright (c) 1992-2003 by David Mills - All rights
reserved. Copyright (c) 1995 by Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - All rights reserved. Copyright (c) 1998
by CORE SDI S.A., Buenos Aires, Argentina - All rights reserved. Copyright 1995, 1996 by David Mazieres - All rights
reserved. Copyright 1983, 1990, 1992, 1993, 1995 by The Regents of the University of California - All rights reserved.
Copyright (c) 1995 Patrick Powell - All rights reserved. Copyright (c) 1998-2005 The OpenSSL Project - All rights
reserved. Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - All rights reserved. Copyright (c) 2008, Henry
Kwok - All rights reserved. Copyright (c) 1995, 1998, 1999, 2000, 2001 by Jef Poskanzer <jef@mail.acme.com>. - All
rights reserved.
Some components of the SSH software are provided under a standard 2-term BSD license with the following names as
copyright holders: Markus Friedl, Theo de Raadt, Niels Provos, Dug Song, Aaron Campbell, Damien Miller, Kevin
Steves, Daniel Kouril, Wesley Griffin, Per Allansson, Nils Nordman, and Simon Wilkinson,
Portable OpenSSH includes code from the following copyright holders, also under the 2-term BSD license: Ben
Lindstrom, Tim Rice, Andre Lucas, Chris Adams, Corinna Vinschen, Cray Inc., Denis Parker, Gert Doering, Jakob
Schlyter, Jason Downs, Juha Yrjola, Michael Stone, Network Associates, Solar Designer, Todd C. Miller, Wayne
Schroeder, William Jones, Darren Tucker, Sun Microsystems, The SCO Group.
Some Portable OpenSSH code is licensed under a 3-term BSD style license to the following copyright holders: Todd C.
Miller, Theo de Raadt, Damien Miller, Eric P. Allman, The Regents of the University of California, and Constantin S.
Svintsoff. Some Portable OpenSSH code is licensed under an ISC-style license to the following copyright holders:
Internet Software Consortium, Todd C. Miller, Reyk Floeter, and Chad Mynhier. Some Portable OpenSSH code is
licensed under a MIT-style license to the following copyright holder: Free Software Foundation, Inc.
This product also includes software licensed under the GNU General Public License available from:
http://www.gnu.org/licenses/gpl2.html
Allied Telesis is committed to meeting the requirements of the open source licenses including the GNU General Public
License (GPL) and will make all required source code available.
If you would like a copy of the GPL source code contained in this product, please send us a request by registered mail
including a check for US$15 to cover production and shipping costs, and a CD with the GPL code will be mailed to you.
GPL Code Request
Allied Telesis, Inc.
3041 Orchard Parkway
San Jose, California 95134
No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc.
Allied Telesis, AlliedWare Plus, and the Allied Telesis logo are trademarks of Allied Telesis, Incorporated. Microsoft and
Internet Explorer are registered trademarks of Microsoft Corporation. All other product names, company names, logos or
other designations mentioned herein are trademarks or registered trademarks of their respective owners.
Allied Telesis, Inc. reserves the right to make changes in specifications and other information contained in this document
without prior written notice. The information provided herein is subject to change without notice. In no event shall Allied
Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited
to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has
been advised of, known, or should have known, the possibility of such damages.
Contents
Preface ........................................................................................................................ 41
Document Conventions .................................................................................................................................... 42
Where to Find Web-based Guides ................................................................................................................... 43
Contacting Allied Telesis .................................................................................................................................. 44
Section I: Getting Started ......................................................................................................................... 45
Chapter 1: AlliedWare Plus™ Command Line Interface ............................................................................ 47
Management Sessions ..................................................................................................................................... 48
Local Management..................................................................................................................................... 48
Remote Management................................................................................................................................. 48
Management Interfaces.................................................................................................................................... 51
Local Manager Account.................................................................................................................................... 52
AlliedWare Plus™ Command Modes ............................................................................................................... 53
Moving Down the Hierarchy ............................................................................................................................. 56
ENABLE Command ................................................................................................................................... 56
CONFIGURE TERMINAL Command......................................................................................................... 56
CLASS-MAP Command............................................................................................................................. 56
LINE CONSOLE 0 Command .................................................................................................................... 57
LINE VTY Command.................................................................................................................................. 57
POLICY-MAP Command ........................................................................................................................... 57
CLASS Command...................................................................................................................................... 57
INTERFACE PORT Command .................................................................................................................. 58
VLAN DATABASE Command .................................................................................................................... 59
INTERFACE VLAN Command................................................................................................................... 59
INTERFACE TRUNK Command................................................................................................................ 59
LOCATION CIVIC-LOCATION Command ................................................................................................. 60
LOCATION COORD-LOCATION Command ............................................................................................. 60
Moving Up the Hierarchy .................................................................................................................................. 61
EXIT and QUIT Commands ....................................................................................................................... 61
END Command .......................................................................................................................................... 61
DISABLE Command .................................................................................................................................. 62
Port Numbers in Commands ............................................................................................................................ 63
Stand-alone Switches ................................................................................................................................ 63
Stacks ........................................................................................................................................................ 64
Command Format............................................................................................................................................. 65
Command Line Interface Features............................................................................................................. 65
Command Formatting Conventions ........................................................................................................... 65
Command Examples.................................................................................................................................. 65
Startup Messages............................................................................................................................................. 66
Chapter 2: Starting a Management Session ............................................................................................... 69
Starting a Local Management Session............................................................................................................. 70
Starting a Remote Telnet or SSH Management Session ................................................................................. 72
VTY Lines................................................................................................................................................... 73
What to Configure First..................................................................................................................................... 74
Creating a Boot Configuration File ............................................................................................................. 74
5
Contents
Changing the Login Password.................................................................................................................... 75
Assigning a Name to the Switch................................................................................................................. 75
Adding a Management IP Address............................................................................................................. 76
Saving Your Changes................................................................................................................................. 78
Ending a Management Session ........................................................................................................................ 79
Chapter 3: Basic Command Line Management ........................................................................................... 81
Clearing the Screen .......................................................................................................................................... 82
Displaying the On-line Help .............................................................................................................................. 83
Saving Your Configuration Changes................................................................................................................. 85
Ending a Management Session ........................................................................................................................ 86
Chapter 4: Basic Command Line Management Commands ...................................................................... 87
? (Question Mark Key) ...................................................................................................................................... 89
CLEAR SCREEN .............................................................................................................................................. 91
CONFIGURE TERMINAL ................................................................................................................................. 92
COPY RUNNING-CONFIG STARTUP-CONFIG ..............................................................................................93
DISABLE ........................................................................................................................................................... 94
DO..................................................................................................................................................................... 95
ENABLE ............................................................................................................................................................ 97
END .................................................................................................................................................................. 98
EXIT .................................................................................................................................................................. 99
LENGTH .........................................................................................................................................................100
LOGOUT .........................................................................................................................................................102
QUIT ...............................................................................................................................................................103
WRITE ............................................................................................................................................................104
Chapter 5: Temperature and Fan Control Overview .................................................................................105
Overview .........................................................................................................................................................106
Displaying the System Environmental Status .................................................................................................107
Controlling Eco-Mode LED .............................................................................................................................108
Chapter 6: Temperature and Fan Control Commands .............................................................................109
ECOFRIENDLY LED ......................................................................................................................................110
NO ECOFRIENDLY LED ................................................................................................................................111
SHOW ECOFRIENDLY ..................................................................................................................................112
SHOW SYSTEM ENVIRONMENT..................................................................................................................113
Section II: Basic Operations ..................................................................................................................117
Chapter 7: Basic Switch Management .......................................................................................................119
Adding a Name to the Switch..........................................................................................................................120
Adding Contact and Location Information .......................................................................................................121
Displaying Parameter Settings........................................................................................................................122
Manually Setting the Date and Time ...............................................................................................................123
Pinging Network Devices ................................................................................................................................124
Resetting the Switch .......................................................................................................................................125
Restoring the Default Settings to the Switch...................................................................................................126
Setting the Baud Rate of the Console Port .....................................................................................................128
Configuring the Management Session Timers ................................................................................................129
Setting the Maximum Number of Manager Sessions......................................................................................131
Configuring the Banners .................................................................................................................................132
Chapter 8: Basic Switch Management Commands ...................................................................................135
BANNER EXEC ..............................................................................................................................................137
6
AT-8100 Switch Command Line User’s Guide
BANNER LOGIN ............................................................................................................................................ 139
BANNER MOTD ............................................................................................................................................. 141
BAUD-RATE SET........................................................................................................................................... 143
CLOCK SET ................................................................................................................................................... 144
ERASE STARTUP-CONFIG .......................................................................................................................... 145
EXEC-TIMEOUT ............................................................................................................................................ 146
HELP .............................................................................................................................................................. 148
HOSTNAME ................................................................................................................................................... 149
LINE CONSOLE ............................................................................................................................................. 150
LINE VTY........................................................................................................................................................ 151
NO HOSTNAME............................................................................................................................................. 152
PING............................................................................................................................................................... 153
PING IPv6....................................................................................................................................................... 155
REBOOT ........................................................................................................................................................ 156
RELOAD......................................................................................................................................................... 157
SERVICE MAXMANAGER............................................................................................................................. 158
SHOW BANNER LOGIN ................................................................................................................................ 159
SHOW BAUD-RATE....................................................................................................................................... 160
SHOW CLOCK ............................................................................................................................................... 161
SHOW RUNNING-CONFIG ........................................................................................................................... 162
SHOW SWITCH ............................................................................................................................................. 163
SHOW SYSTEM............................................................................................................................................. 165
SHOW SYSTEM SERIALNUMBER ............................................................................................................... 166
SHOW USERS ............................................................................................................................................... 167
SHOW VERSION ........................................................................................................................................... 169
SNMP-SERVER CONTACT........................................................................................................................... 170
SNMP-SERVER LOCATION.......................................................................................................................... 171
SYSTEM TERRITORY ................................................................................................................................... 172
Chapter 9: Port Parameters ........................................................................................................................ 175
Adding Descriptions........................................................................................................................................ 176
Setting the Speed and Duplex Mode.............................................................................................................. 177
Setting the MDI/MDI-X Wiring Configuration .................................................................................................. 179
Enabling or Disabling Ports ............................................................................................................................ 180
Enabling or Disabling Backpressure............................................................................................................... 181
Enabling or Disabling Flow Control ................................................................................................................ 182
Resetting Ports ............................................................................................................................................... 185
Configuring Threshold Limits for Ingress Packets .......................................................................................... 186
Displaying Threshold Limit Settings on Ports ................................................................................................. 188
Reinitializing Auto-Negotiation........................................................................................................................ 189
Restoring the Default Settings........................................................................................................................ 190
Displaying Port Settings ................................................................................................................................. 191
Displaying Speed and Duplex Settings .................................................................................................... 191
Displaying Port Status.............................................................................................................................. 191
Displaying Port Configuration................................................................................................................... 192
Displaying or Clearing Port Statistics ............................................................................................................. 193
Displaying SFP Information ........................................................................................................................... 194
Chapter 10: Port Parameter Commands ................................................................................................... 195
BACKPRESSURE .......................................................................................................................................... 198
BPLIMIT.......................................................................................................................................................... 200
CLEAR PORT COUNTER.............................................................................................................................. 201
DESCRIPTION ............................................................................................................................................... 202
DUPLEX ......................................................................................................................................................... 204
EGRESS-RATE-LIMIT ................................................................................................................................... 206
FCTRLLIMIT................................................................................................................................................... 207
7
Contents
FLOWCONTROL ............................................................................................................................................208
HOLBPLIMIT...................................................................................................................................................211
NO EGRESS-RATE-LIMIT .............................................................................................................................214
NO FLOWCONTROL......................................................................................................................................215
NO SHUTDOWN ............................................................................................................................................216
NO SNMP TRAP LINK-STATUS ....................................................................................................................217
NO STORM-CONTROL ..................................................................................................................................218
POLARITY ......................................................................................................................................................219
PURGE ...........................................................................................................................................................221
RENEGOTIATE ..............................................................................................................................................222
RESET ............................................................................................................................................................223
SHOW FLOWCONTROL INTERFACE...........................................................................................................224
SHOW INTERFACE .......................................................................................................................................226
SHOW INTERFACE BRIEF ............................................................................................................................230
SHOW INTERFACE STATUS ........................................................................................................................232
SHOW PLATFORM TABLE PORT COUNTERS............................................................................................234
SHOW RUNNING-CONFIG INTERFACE.......................................................................................................237
SHOW STORM-CONTROL ............................................................................................................................238
SHOW SYSTEM PLUGGABLE ......................................................................................................................240
SHOW SYSTEM PLUGGABLE DETAIL.........................................................................................................241
SHUTDOWN ...................................................................................................................................................242
SNMP TRAP LINK-STATUS...........................................................................................................................243
SPEED ............................................................................................................................................................244
STORM-CONTROL ........................................................................................................................................246
Chapter 11: Power Over Ethernet ...............................................................................................................249
Overview .........................................................................................................................................................250
Power Sourcing Equipment (PSE) ...........................................................................................................250
Powered Device (PD) ...............................................................................................................................250
PD Classes...............................................................................................................................................250
Power Budget ...........................................................................................................................................250
Port Prioritization ......................................................................................................................................251
Enabling and Disabling PoE ...........................................................................................................................252
Adding PD Descriptions to Ports.....................................................................................................................254
Prioritizing Ports ..............................................................................................................................................255
Managing the Maximum Power Limit on Ports................................................................................................256
Managing Legacy PDs ....................................................................................................................................257
Monitoring Power Consumption ......................................................................................................................258
Displaying PoE Information.............................................................................................................................259
Chapter 12: Power Over Ethernet Commands ..........................................................................................261
CLEAR POWER-INLINE COUNTERS INTERFACE ......................................................................................263
NO POWER-INLINE ALLOW-LEGACY ..........................................................................................................264
NO POWER-INLINE DESCRIPTION..............................................................................................................265
NO POWER-INLINE ENABLE ........................................................................................................................266
NO POWER-INLINE MAX ..............................................................................................................................267
NO POWER-INLINE PRIORITY .....................................................................................................................268
NO POWER-INLINE USAGE-THRESHOLD ..................................................................................................269
NO SERVICE POWER-INLINE ......................................................................................................................270
NO SNMP-SERVER ENABLE TRAP POWER-INLINE ..................................................................................271
POWER-INLINE ALLOW-LEGACY ................................................................................................................272
POWER-INLINE DESCRIPTION ....................................................................................................................273
POWER-INLINE ENABLE ..............................................................................................................................274
POWER-INLINE MAX .....................................................................................................................................275
POWER-INLINE PRIORITY............................................................................................................................276
8
AT-8100 Switch Command Line User’s Guide
POWER-INLINE USAGE-THRESHOLD ........................................................................................................ 278
SERVICE POWER-INLINE ............................................................................................................................ 279
SHOW POWER-INLINE ................................................................................................................................. 280
SHOW POWER-INLINE COUNTERS INTERFACE ...................................................................................... 283
SHOW POWER-INLINE INTERFACE............................................................................................................ 285
SHOW POWER-INLINE INTERFACE DETAIL .............................................................................................. 286
SNMP-SERVER ENABLE TRAP POWER-INLINE ........................................................................................ 289
Chapter 13: IPv4 and IPv6 Management Addresses ................................................................................ 291
Overview......................................................................................................................................................... 292
Assigning an IPv4 Management Address and Default Gateway .................................................................... 296
Adding an IPv4 Management Address..................................................................................................... 296
Adding an IPv4 Default Gateway Address ............................................................................................... 298
Deleting an IPv4 Management Address and Default Gateway ................................................................ 299
Displaying an IPv4 Management Address and Default Gateway............................................................. 299
Assigning an IPv6 Management Address and Default Gateway .................................................................... 301
Adding an IPv6 Management Address..................................................................................................... 301
Adding an IPv6 Default Gateway Address ............................................................................................... 302
Deleting an IPv6 Management Address and Default Gateway ................................................................ 303
Displaying an IPv6 Management Address and Default Gateway............................................................. 304
Chapter 14: IPv4 and IPv6 Management Address Commands ................................................................ 305
CLEAR IPV6 NEIGHBORS ............................................................................................................................ 307
IP ADDRESS.................................................................................................................................................. 308
IP ADDRESS DHCP....................................................................................................................................... 310
IP ROUTE....................................................................................................................................................... 312
IPV6 ADDRESS ............................................................................................................................................. 314
IPV6 ROUTE .................................................................................................................................................. 316
NO IP ADDRESS ........................................................................................................................................... 318
NO IP ADDRESS DHCP ................................................................................................................................ 319
NO IP ROUTE ................................................................................................................................................ 320
NO IPV6 ADDRESS ....................................................................................................................................... 321
NO IPV6 ROUTE............................................................................................................................................ 322
SHOW IP INTERFACE................................................................................................................................... 323
SHOW IP ROUTE .......................................................................................................................................... 324
SHOW IPV6 INTERFACE .............................................................................................................................. 326
SHOW IPV6 ROUTE ...................................................................................................................................... 327
Chapter 15: Simple Network Time Protocol (SNTP) Client ...................................................................... 329
Overview......................................................................................................................................................... 330
Activating the SNTP Client and Specifying the IP Address of an NTP or SNTP Server ................................ 331
Configuring Daylight Savings Time and UTC Offset ...................................................................................... 332
Disabling the SNTP Client .............................................................................................................................. 334
Displaying the SNTP Client ............................................................................................................................ 335
Displaying the Date and Time ........................................................................................................................ 336
Chapter 16: SNTP Client Commands ......................................................................................................... 337
CLOCK SUMMER-TIME ................................................................................................................................ 338
CLOCK TIMEZONE........................................................................................................................................ 339
NO CLOCK SUMMER-TIME .......................................................................................................................... 340
NO NTP PEER ............................................................................................................................................... 341
NTP PEER...................................................................................................................................................... 342
PURGE NTP................................................................................................................................................... 343
SHOW CLOCK ............................................................................................................................................... 344
SHOW NTP ASSOCIATIONS ........................................................................................................................ 345
SHOW NTP STATUS ..................................................................................................................................... 347
9
Contents
Chapter 17: Domain Name System (DNS) ..................................................................................................349
Overview .........................................................................................................................................................350
Domain name parts ..................................................................................................................................350
Server Hierarchy.......................................................................................................................................350
DNS Sever List .........................................................................................................................................351
DNS List ...................................................................................................................................................351
Default Domain.........................................................................................................................................351
Adding a DNS Server to the Switch ................................................................................................................352
Enabling or Disabling the DNS Client .............................................................................................................353
Adding a Domain to the DNS List ...................................................................................................................354
Setting a Default Domain Name for the DNS..................................................................................................355
Chapter 18: Domain Name System (DNS) Commands .............................................................................357
IP NAME-SERVER .........................................................................................................................................358
IP DOMAIN-NAME..........................................................................................................................................360
IP DOMAIN-LIST ............................................................................................................................................361
IP DOMAIN-LOOKUP .....................................................................................................................................363
SHOW IP NAME-SERVER .............................................................................................................................364
SHOW IP DOMAIN-NAME .............................................................................................................................365
SHOW HOSTS ...............................................................................................................................................366
Chapter 19: MAC Address Table ................................................................................................................367
Overview .........................................................................................................................................................368
Adding Static MAC Addresses ........................................................................................................................370
Deleting MAC Addresses ................................................................................................................................372
Setting the Aging Timer ..................................................................................................................................374
Displaying the MAC Address Table ................................................................................................................375
Chapter 20: MAC Address Table Commands ............................................................................................377
CLEAR MAC ADDRESS-TABLE ....................................................................................................................378
MAC ADDRESS-TABLE AGEING-TIME ........................................................................................................380
MAC ADDRESS-TABLE STATIC ...................................................................................................................382
NO MAC ADDRESS-TABLE STATIC .............................................................................................................384
SHOW MAC ADDRESS-TABLE .....................................................................................................................386
Chapter 21: Hardware Stacking ..................................................................................................................389
Overview .........................................................................................................................................................390
Master Switch ...........................................................................................................................................390
Stacking Port Topologies..........................................................................................................................390
Active Boot Configuration File ..................................................................................................................392
Initialization Processes .............................................................................................................................393
Stacking Actions .......................................................................................................................................394
Guidelines.................................................................................................................................................395
Configuring the Stack ID Number ...................................................................................................................397
Displaying the Switches of a Stack .................................................................................................................398
Resetting the Switches of a Stack ..................................................................................................................400
Updating the Management Software ..............................................................................................................401
Chapter 22: Stacking Commands ...............................................................................................................403
RELOAD|REBOOT STACK ............................................................................................................................404
SHOW STACK ................................................................................................................................................405
STACK ............................................................................................................................................................406
Chapter 23: Enhanced Stacking .................................................................................................................409
Overview .........................................................................................................................................................410
Command and Member Switches ............................................................................................................410
10
AT-8100 Switch Command Line User’s Guide
Common VLAN ........................................................................................................................................ 410
Guidelines ................................................................................................................................................ 411
General Steps .......................................................................................................................................... 411
Configuring the Command Switch .................................................................................................................. 413
Configuring a Member Switch ........................................................................................................................ 416
Managing the Member Switches of an Enhanced Stack ................................................................................ 418
Changing the Enhanced Stacking Mode ........................................................................................................ 420
Uploading Boot Configuration Files from the Command Switch to Member Switches ................................... 422
Uploading the Management Software from the Command Switch to Member Switches ............................... 429
Disabling Enhanced Stacking......................................................................................................................... 431
Chapter 24: Enhanced Stacking Commands ............................................................................................ 433
ESTACK COMMAND-SWITCH...................................................................................................................... 434
ESTACK RUN ................................................................................................................................................ 435
NO ESTACK COMMAND-SWITCH ............................................................................................................... 436
NO ESTACK RUN .......................................................................................................................................... 437
RCOMMAND .................................................................................................................................................. 438
REBOOT ESTACK MEMBER ........................................................................................................................ 439
SHOW ESTACK ............................................................................................................................................. 441
SHOW ESTACK COMMAND-SWITCH.......................................................................................................... 443
SHOW ESTACK REMOTELIST ..................................................................................................................... 444
UPLOAD CONFIG REMOTELIST.................................................................................................................. 446
UPLOAD IMAGE REMOTELIST .................................................................................................................... 447
Chapter 25: Link-flap Protection ................................................................................................................ 449
Overview......................................................................................................................................................... 450
Guidelines....................................................................................................................................................... 451
Configuring the Feature.................................................................................................................................. 452
Chapter 26: Link-flap Protection Commands ........................................................................................... 453
LINK-FLAP DURATION.................................................................................................................................. 454
LINK-FLAP PROTECTION............................................................................................................................. 455
LINK-FLAP RATE........................................................................................................................................... 456
NO LINK-FLAP PROTECTION ...................................................................................................................... 457
SHOW LINK-FLAP ......................................................................................................................................... 458
Chapter 27: Port Mirror ............................................................................................................................... 459
Overview......................................................................................................................................................... 460
Creating the Port Mirror or Adding New Source Ports.................................................................................... 461
Removing Source Ports or Deleting the Port Mirror ....................................................................................... 462
Combining the Port Mirror with Access Control Lists ..................................................................................... 463
Displaying the Port Mirror ............................................................................................................................... 465
Chapter 28: Port Mirror Commands ........................................................................................................... 467
MIRROR ......................................................................................................................................................... 468
MIRROR INTERFACE.................................................................................................................................... 469
NO MIRROR INTERFACE ............................................................................................................................. 471
SHOW MIRROR............................................................................................................................................. 472
Chapter 29: DHCP Relay Overview ............................................................................................................ 475
Overview......................................................................................................................................................... 476
DHCP Relay Agent Option 82.................................................................................................................. 477
Client Requests with Option 82................................................................................................................ 478
DHCP Relay Agent Option 82 Maximum Message Length...................................................................... 479
Configuring the DHCP Relay Agent ............................................................................................................... 480
Adding the IP Addresses of the DHCP Servers ....................................................................................... 480
11
Contents
Adding DHCP Relay to the VLANs...........................................................................................................481
Configuring the DHCP Relay Option 82 ...................................................................................................483
Configuring the Maximum Hop Count ......................................................................................................485
Activating or Deactivating DHCP Relay on the Switch .............................................................................485
Chapter 30: DHCP Relay Commands .........................................................................................................487
IP DHCP-RELAY ............................................................................................................................................489
IP DHCP-RELAY AGENT-OPTION ................................................................................................................490
IP DHCP-RELAY AGENT-OPTION CHECKING ............................................................................................491
IP DHCP-RELAY INFORMATION POLICY ....................................................................................................492
IP DHCP-RELAY MAX-MESSAGE-LENGTH .................................................................................................494
IP DHCP-RELAY MAXHOPS .........................................................................................................................495
IP DHCP-RELAY SERVER-ADDRESS ..........................................................................................................496
NO IP DHCP-RELAY ......................................................................................................................................497
NO IP DHCP-RELAY AGENT-OPTION..........................................................................................................498
NO IP DHCP-RELAY AGENT-OPTION CHECKING......................................................................................499
NO IP DHCP-RELAY SERVER-ADDRESS....................................................................................................500
NO SERVICE DHCP-RELAY..........................................................................................................................501
SERVICE DHCP-RELAY ................................................................................................................................502
SHOW IP DHCP-RELAY ................................................................................................................................503
Chapter 31: Group Link Control .................................................................................................................505
Overview .........................................................................................................................................................506
Guidelines .......................................................................................................................................................514
Configuration Examples ..................................................................................................................................515
Chapter 32: Group Link Control Commands .............................................................................................519
GROUP-LINK-CONTROL ...............................................................................................................................520
GROUP-LINK-CONTROL DOWNSTREAM....................................................................................................521
GROUP-LINK-CONTROL UPSTREAM ..........................................................................................................523
NO GROUP-LINK-CONTROL.........................................................................................................................524
NO GROUP-LINK-CONTROL DOWNSTREAM .............................................................................................525
NO GROUP-LINK-CONTROL UPSTREAM....................................................................................................526
SHOW GROUP-LINK-CONTROL...................................................................................................................527
Chapter 33: Multicast Commands ..............................................................................................................529
NO SWITCHPORT BLOCK EGRESS-MULTICAST.......................................................................................530
NO SWITCHPORT BLOCK INGRESS-MULTICAST......................................................................................531
SWITCHPORT BLOCK EGRESS-MULTICAST .............................................................................................532
SWITCHPORT BLOCK INGRESS-MULTICAST ............................................................................................533
Section III: File System
.........................................................................................................................535
Chapter 34: File System ..............................................................................................................................537
Overview .........................................................................................................................................................538
Copying Boot Configuration Files ...................................................................................................................539
Renaming Boot Configuration Files ................................................................................................................540
Deleting Boot Configuration Files ...................................................................................................................541
Displaying the Specifications of the File System ............................................................................................542
Listing the Files in the File System .................................................................................................................543
Chapter 35: File System Commands ..........................................................................................................545
COPY ..............................................................................................................................................................546
DELETE ..........................................................................................................................................................547
DELETE FORCE ............................................................................................................................................548
DIR ..................................................................................................................................................................549
12
AT-8100 Switch Command Line User’s Guide
MOVE ............................................................................................................................................................. 550
SHOW FILE SYSTEMS.................................................................................................................................. 551
Chapter 36: Boot Configuration Files ........................................................................................................ 553
Overview......................................................................................................................................................... 554
Specifying the Active Boot Configuration File................................................................................................. 555
Creating a New Boot Configuration File ......................................................................................................... 557
Displaying the Active Boot Configuration File................................................................................................. 558
Chapter 37: Boot Configuration File Commands ..................................................................................... 559
BOOT CONFIG-FILE...................................................................................................................................... 560
COPY RUNNING-CONFIG ............................................................................................................................ 562
COPY RUNNING-CONFIG STARTUP-CONFIG ........................................................................................... 563
ERASE STARTUP-CONFIG .......................................................................................................................... 564
NO BOOT CONFIG-FILE ............................................................................................................................... 565
SHOW BOOT ................................................................................................................................................. 566
SHOW STARTUP-CONFIG ........................................................................................................................... 568
WRITE ............................................................................................................................................................ 569
Chapter 38: File Transfer ............................................................................................................................ 571
Overview......................................................................................................................................................... 572
Uploading or Downloading Files with TFTP ................................................................................................... 573
Downloading New Management Software with TFTP.............................................................................. 573
Downloading Files to the Switch with TFTP............................................................................................. 574
Uploading Files from the Switch with TFTP ............................................................................................. 575
Uploading or Downloading Files with Zmodem .............................................................................................. 577
Downloading Files to the Switch with Zmodem........................................................................................ 577
Uploading Files from the Switch with Zmodem ........................................................................................ 578
Downloading Files with Enhanced Stacking................................................................................................... 580
Chapter 39: File Transfer Commands ........................................................................................................ 583
COPY FILENAME ZMODEM ......................................................................................................................... 584
COPY FLASH TFTP....................................................................................................................................... 585
COPY TFTP FLASH....................................................................................................................................... 586
COPY ZMODEM ............................................................................................................................................ 588
UPLOAD IMAGE REMOTELIST .................................................................................................................... 589
Section IV: Snooping ............................................................................................................................. 591
Chapter 40: Internet Group Management Protocol (IGMP) Snooping .................................................... 593
Overview......................................................................................................................................................... 594
Understanding Multicast Traffic Settings.................................................................................................. 595
Disabling the Suppression of Unknown Multicast Traffic ......................................................................... 595
Host Node Topology....................................................................................................................................... 596
Single-host Per Port ................................................................................................................................. 596
Multiple-hosts Per Port............................................................................................................................. 596
Enabling IGMP Snooping ............................................................................................................................... 597
Configuring the IGMP Snooping Commands ................................................................................................. 598
Disabling IGMP Snooping .............................................................................................................................. 600
Displaying IGMP Snooping............................................................................................................................. 601
Chapter 41: IGMP Snooping Commands .................................................................................................. 603
CLEAR IP IGMP ............................................................................................................................................. 604
IP IGMP LIMIT................................................................................................................................................ 605
IP IGMP QUERIER-TIMEOUT ....................................................................................................................... 606
IP IGMP SNOOPING...................................................................................................................................... 607
IP IGMP SNOOPING FLOOD-UNKNOWN-MCAST ...................................................................................... 608
13
Contents
IP IGMP SNOOPING MROUTER ...................................................................................................................609
IP IGMP STATUS ...........................................................................................................................................610
NO IP IGMP SNOOPING................................................................................................................................611
NO IP IGMP SNOOPING MROUTER.............................................................................................................612
SHOW IP IGMP SNOOPING ..........................................................................................................................613
Chapter 42: IGMP Snooping Querier ..........................................................................................................617
Overview .........................................................................................................................................................618
Assigning Multiple Queriers......................................................................................................................619
Guidelines .......................................................................................................................................................622
Configuring the Feature ..................................................................................................................................623
Configuring One Querier ..........................................................................................................................623
Configuring Multiple Queriers ...................................................................................................................624
Chapter 43: IGMP Snooping Querier Commands .....................................................................................627
IP IGMP QUERY-INTERVAL ..........................................................................................................................628
IP IGMP SNOOPING QUERIER.....................................................................................................................629
NO IP IGMP SNOOPING QUERIER ..............................................................................................................630
SHOW IP IGMP INTERFACE .........................................................................................................................631
Chapter 44: DHCP Snooping Commands ..................................................................................................633
ARP SECURITY .............................................................................................................................................635
ARP SECURITY VIOLATION .........................................................................................................................636
CLEAR ARP SECURITY STATISTICS...........................................................................................................638
CLEAR IP DHCP SNOOPING BINDING ........................................................................................................639
CLEAR IP DHCP SNOOPING STATISTICS ..................................................................................................641
IP DHCP SNOOPING .....................................................................................................................................642
IP DHCP SNOOPING AGENT-OPTION.........................................................................................................643
IP DHCP SNOOPING AGENT-OPTION ALLOW-UNTRUSTED....................................................................644
IP DHCP SNOOPING BINDING .....................................................................................................................645
IP DHCP SNOOPING DELETE-BY-CLIENT ..................................................................................................647
IP DHCP SNOOPING DELETE-BY-LINKDOWN............................................................................................648
IP DHCP SNOOPING MAX-BINDINGS..........................................................................................................649
IP DHCP SNOOPING SUBSCRIBER-ID ........................................................................................................651
IP DHCP SNOOPING TRUST ........................................................................................................................653
IP DHCP VERIFY MAC-ADDRESS ................................................................................................................654
IP DHCP SNOOPING VIOLATION .................................................................................................................656
IP SOURCE BINDING ....................................................................................................................................658
SERVICE DHCP SNOOPING.........................................................................................................................660
SHOW ARP SECURITY .................................................................................................................................662
SHOW ARP SECURITY INTERFACE ............................................................................................................664
SHOW ARP SECURITY STATISTICS............................................................................................................666
SHOW IP DHCP SNOOPING .........................................................................................................................668
SHOW IP DHCP SNOOPING BINDING .........................................................................................................670
SHOW IP DHCP SNOOPING INTERFACE....................................................................................................672
SHOW IP SOURCE BINDING ........................................................................................................................674
Section V: Event Messages ....................................................................................................................677
Chapter 45: Event Log .................................................................................................................................679
Overview .........................................................................................................................................................680
Displaying the Event Log ................................................................................................................................681
Clearing the Event Log ...................................................................................................................................682
14
AT-8100 Switch Command Line User’s Guide
Chapter 46: Event Log Commands ............................................................................................................ 683
CLEAR LOG .................................................................................................................................................. 685
CLEAR LOG BUFFERED............................................................................................................................... 686
CLEAR LOG PERMANENT ........................................................................................................................... 687
LOG BUFFERED............................................................................................................................................ 688
LOG CONSOLE ............................................................................................................................................. 690
LOG PERMANENT ........................................................................................................................................ 692
NO LOG BUFFERED ..................................................................................................................................... 693
NO LOG CONSOLE ....................................................................................................................................... 695
NO LOG PERMANENT .................................................................................................................................. 696
SHOW LOG.................................................................................................................................................... 698
SHOW LOG CONFIG..................................................................................................................................... 701
SHOW LOG PERMANENT ............................................................................................................................ 703
SHOW LOG PERMANENT TAIL.................................................................................................................... 704
SHOW LOG REVERSE.................................................................................................................................. 705
SHOW LOG TAIL ........................................................................................................................................... 706
Chapter 47: Syslog Client ........................................................................................................................... 707
Overview......................................................................................................................................................... 708
Creating Syslog Server Definitions................................................................................................................. 709
Deleting Syslog Server Definitions ................................................................................................................. 712
Displaying the Syslog Server Definitions........................................................................................................ 713
Chapter 48: Syslog Client Commands ...................................................................................................... 715
LOG HOST ..................................................................................................................................................... 716
NO LOG HOST............................................................................................................................................... 718
SHOW LOG CONFIG..................................................................................................................................... 719
Section VI: Port Trunks ......................................................................................................................... 721
Chapter 49: Static Port Trunks ................................................................................................................... 723
Overview......................................................................................................................................................... 724
Load Distribution Methods ....................................................................................................................... 724
Guidelines ................................................................................................................................................ 726
Creating New Static Port Trunks or Adding Ports To Existing Trunks............................................................ 728
Specifying the Load Distribution Method ........................................................................................................ 729
Removing Ports from Static Port Trunks or Deleting Trunks .......................................................................... 730
Displaying Static Port Trunks ......................................................................................................................... 731
Chapter 50: Static Port Trunk Commands ................................................................................................ 733
NO STATIC-CHANNEL-GROUP.................................................................................................................... 734
PORT-CHANNEL LOAD-BALANCE .............................................................................................................. 735
SHOW STATIC-CHANNEL-GROUP.............................................................................................................. 737
STATIC-CHANNEL-GROUP .......................................................................................................................... 738
Chapter 51: Link Aggregation Control Protocol (LACP) .......................................................................... 741
Overview......................................................................................................................................................... 742
LACP System Priority............................................................................................................................... 743
Base Port ................................................................................................................................................. 743
LACP Port Priority Value......................................................................................................................... 743
Load Distribution Methods ....................................................................................................................... 744
Guidelines ................................................................................................................................................ 744
Creating New Aggregators ............................................................................................................................. 746
Setting the Load Distribution Method ............................................................................................................. 747
Adding Ports to Aggregators .......................................................................................................................... 748
15
Contents
Removing Ports from Aggregators..................................................................................................................749
Deleting Aggregators ......................................................................................................................................750
Displaying Aggregators ...................................................................................................................................751
Chapter 52: LACP Commands ....................................................................................................................753
CHANNEL-GROUP ........................................................................................................................................754
LACP SYSTEM-PRIORITY.............................................................................................................................756
NO CHANNEL-GROUP ..................................................................................................................................757
PORT-CHANNEL LOAD-BALANCE ...............................................................................................................758
SHOW ETHERCHANNEL ..............................................................................................................................760
SHOW ETHERCHANNEL DETAIL .................................................................................................................761
SHOW ETHERCHANNEL SUMMARY ...........................................................................................................763
SHOW LACP SYS-ID .....................................................................................................................................764
SHOW PORT ETHERCHANNEL....................................................................................................................765
Section VII: Spanning Tree Protocols
.................................................................................................767
Chapter 53: Spanning Tree and Rapid Spanning Tree Protocols ...........................................................769
Overview .........................................................................................................................................................770
Bridge Priority and the Root Bridge ................................................................................................................771
Path Costs and Port Costs..............................................................................................................................772
Port Priority .....................................................................................................................................................773
Forwarding Delay and Topology Changes......................................................................................................774
Hello Time and Bridge Protocol Data Units (BPDU) .......................................................................................775
Point-to-Point and Edge Ports ........................................................................................................................776
Mixed STP and RSTP Networks .....................................................................................................................779
Spanning Tree and VLANs .............................................................................................................................780
RSTP BPDU Guard ........................................................................................................................................781
RSTP Loop Guard ..........................................................................................................................................783
STP and RSTP Root Guard ............................................................................................................................788
Chapter 54: Spanning Tree Protocol (STP) Procedures ...........................................................................789
Designating STP as the Active Spanning Tree Protocol.................................................................................790
Enabling the Spanning Tree Protocol .............................................................................................................791
Setting the Switch Parameters........................................................................................................................792
Setting the Port Parameters............................................................................................................................794
Disabling the Spanning Tree Protocol ............................................................................................................795
Displaying STP Settings .................................................................................................................................796
Chapter 55: STP Commands .......................................................................................................................797
NO SPANNING-TREE STP ENABLE .............................................................................................................799
SHOW SPANNING-TREE ..............................................................................................................................800
SPANNING-TREE FORWARD-TIME .............................................................................................................801
SPANNING-TREE GUARD ROOT .................................................................................................................802
SPANNING-TREE HELLO-TIME ....................................................................................................................803
SPANNING-TREE MAX-AGE .........................................................................................................................804
SPANNING-TREE MODE STP.......................................................................................................................805
SPANNING-TREE PATH-COST.....................................................................................................................806
SPANNING-TREE PORTFAST ......................................................................................................................807
SPANNING-TREE PORTFAST BPDU-GUARD .............................................................................................808
SPANNING-TREE PRIORITY (Bridge Priority)...............................................................................................809
SPANNING-TREE Priority (Port Priority) ........................................................................................................810
SPANNING-TREE STP ENABLE ...................................................................................................................811
16
AT-8100 Switch Command Line User’s Guide
Chapter 56: Rapid Spanning Tree Protocol (RSTP) Procedures ............................................................ 813
Designating RSTP as the Active Spanning Tree Protocol.............................................................................. 814
Enabling the Rapid Spanning Tree Protocol .................................................................................................. 815
Configuring the Switch Parameters ................................................................................................................ 816
Setting the Forward Time, Hello Time, and Max Age .............................................................................. 816
Setting the Bridge Priority ........................................................................................................................ 817
Enabling or Disabling BPDU Guard ......................................................................................................... 817
Configuring the Port Parameters .................................................................................................................... 819
Configuring Port Costs ............................................................................................................................. 819
Configuring Port Priorities ........................................................................................................................ 820
Designating Point-to-point and Shared Ports........................................................................................... 820
Designating Edge Ports ........................................................................................................................... 820
Enabling or Disabling RSTP Loop-guard ................................................................................................. 821
Enabling or Disabling BPDU Guard ......................................................................................................... 821
Disabling the Rapid Spanning Tree Protocol.................................................................................................. 823
Displaying RSTP Settings .............................................................................................................................. 824
Chapter 57: RSTP Commands .................................................................................................................... 825
NO SPANNING-TREE.................................................................................................................................... 827
NO SPANNING-TREE ERRDISABLE-TIMEOUT ENABLE ........................................................................... 828
NO SPANNING-TREE LOOP-GUARD .......................................................................................................... 829
NO SPANNING-TREE PORTFAST ............................................................................................................... 830
NO SPANNING-TREE PORTFAST BPDU-GUARD ...................................................................................... 831
NO SPANNING-TREE RSTP ENABLE.......................................................................................................... 832
SHOW SPANNING-TREE.............................................................................................................................. 833
SPANNING-TREE ERRDISABLE-TIMEOUT ENABLE.................................................................................. 835
SPANNING-TREE ERRDISABLE-TIMEOUT INTERVAL .............................................................................. 836
SPANNING-TREE FORWARD-TIME............................................................................................................. 837
SPANNING-TREE GUARD ROOT................................................................................................................. 838
SPANNING-TREE HELLO-TIME ................................................................................................................... 839
SPANNING-TREE LINK-TYPE ...................................................................................................................... 840
SPANNING-TREE LOOP-GUARD................................................................................................................. 841
SPANNING-TREE MAX-AGE ........................................................................................................................ 842
SPANNING-TREE MODE RSTP.................................................................................................................... 843
SPANNING-TREE PATH-COST .................................................................................................................... 844
SPANNING-TREE PORTFAST...................................................................................................................... 845
SPANNING-TREE PORTFAST BPDU-GUARD............................................................................................. 846
SPANNING-TREE PRIORITY (Bridge Priority) .............................................................................................. 847
SPANNING-TREE PRIORITY (Port Priority).................................................................................................. 848
SPANNING-TREE RSTP ENABLE ................................................................................................................ 849
Chapter 58: Multiple Spanning Tree Protocol ........................................................................................... 851
Overview......................................................................................................................................................... 852
Multiple Spanning Tree Instance (MSTI) ........................................................................................................ 853
MSTI Guidelines ............................................................................................................................................. 856
VLAN and MSTI Associations ........................................................................................................................ 857
Ports in Multiple MSTIs................................................................................................................................... 858
Multiple Spanning Tree Regions .................................................................................................................... 859
Region Guidelines.................................................................................................................................... 861
Common and Internal Spanning Tree (CIST) .......................................................................................... 862
MSTP with STP and RSTP ...................................................................................................................... 862
Summary of Guidelines .................................................................................................................................. 864
Associating VLANs to MSTIs.......................................................................................................................... 866
Connecting VLANs Across Different Regions ................................................................................................ 868
MSTP Root Guard .......................................................................................................................................... 870
17
Contents
Chapter 59: MSTP Commands ....................................................................................................................871
INSTANCE MSTI-ID PRIORITY......................................................................................................................873
INSTANCE MSTI-ID VLAN .............................................................................................................................875
NO SPANNING-TREE ERRDISABLE-TIMEOUT ENABLE............................................................................876
NO SPANNING-TREE PORTFAST ................................................................................................................877
NO SPANNING-TREE MSTP ENABLE ..........................................................................................................878
SHOW SPANNING-TREE ..............................................................................................................................879
SHOW SPANNING-TREE MST CONFIG.......................................................................................................881
SHOW SPANNING-TREE MST......................................................................................................................882
SHOW SPANNING-TREE MST INSTANCE...................................................................................................883
SPANNING-TREE ERRDISABLE-TIMEOUT ENABLE ..................................................................................884
SPANNING-TREE ERRDISABLE-TIMEOUT INTERVAL...............................................................................885
SPANNING-TREE GUARD ROOT .................................................................................................................886
SPANNING-TREE MODE MSTP....................................................................................................................887
SPANNING-TREE MSTP ENABLE ................................................................................................................888
SPANNING-TREE MST CONFIGURATION...................................................................................................889
SPANNING-TREE MST INSTANCE...............................................................................................................890
SPANNING-TREE PATH-COST.....................................................................................................................891
SPANNING-TREE PORTFAST ......................................................................................................................892
SPANNING-TREE PORTFAST BPDU-GUARD .............................................................................................893
SPANNING-TREE MSTP ENABLE ................................................................................................................894
REGION ..........................................................................................................................................................895
REVISION .......................................................................................................................................................896
Section VIII: Virtual LANs
....................................................................................................................897
Chapter 60: Port-based and Tagged VLANs ..............................................................................................899
Overview .........................................................................................................................................................900
Port-based VLAN Overview ............................................................................................................................902
VLAN Name..............................................................................................................................................902
VLAN Identifier .........................................................................................................................................902
Port VLAN Identifier..................................................................................................................................903
Untagged Ports.........................................................................................................................................903
Guidelines to Creating a Port-based VLAN ..............................................................................................904
Drawbacks of Port-based VLANs .............................................................................................................904
Port-based Example 1 ..............................................................................................................................905
Port-based Example 2 ..............................................................................................................................906
Tagged VLAN Overview .................................................................................................................................908
Tagged and Untagged Ports ....................................................................................................................909
Port VLAN Identifier..................................................................................................................................909
Guidelines to Creating a Tagged VLAN ...................................................................................................909
Tagged VLAN Example ............................................................................................................................910
Creating VLANs ..............................................................................................................................................912
Adding Untagged Ports to VLANs...................................................................................................................913
Adding Tagged Ports to VLANs ......................................................................................................................915
Removing Untagged Ports from VLANs .........................................................................................................917
Removing Tagged Ports from VLANs .............................................................................................................918
Deleting VLANs...............................................................................................................................................919
Displaying the VLANs .....................................................................................................................................920
Chapter 61: Port-based and Tagged VLAN Commands ...........................................................................921
NO SWITCHPORT ACCESS VLAN ...............................................................................................................922
NO SWITCHPORT TRUNK ............................................................................................................................923
NO SWITCHPORT TRUNK NATIVE VLAN....................................................................................................924
NO VLAN ........................................................................................................................................................925
18
AT-8100 Switch Command Line User’s Guide
SHOW VLAN .................................................................................................................................................. 926
SWITCHPORT ACCESS VLAN ..................................................................................................................... 928
SWITCHPORT MODE ACCESS.................................................................................................................... 930
SWITCHPORT MODE TRUNK ...................................................................................................................... 931
SWITCHPORT TRUNK ALLOWED VLAN ..................................................................................................... 933
SWITCHPORT TRUNK NATIVE VLAN.......................................................................................................... 936
VLAN .............................................................................................................................................................. 938
Chapter 62: GARP VLAN Registration Protocol ....................................................................................... 941
Overview......................................................................................................................................................... 942
Guidelines....................................................................................................................................................... 945
GVRP and Network Security .......................................................................................................................... 946
GVRP-inactive Intermediate Switches............................................................................................................ 947
Enabling GVRP on the Switch........................................................................................................................ 948
Enabling GIP on the Switch............................................................................................................................ 949
Enabling GVRP on the Ports .......................................................................................................................... 950
Setting the GVRP Timers ............................................................................................................................... 951
Disabling GVRP on the Ports ......................................................................................................................... 952
Disabling GIP on the Switch ........................................................................................................................... 953
Disabling GVRP on the Switch ....................................................................................................................... 954
Restoring the GVRP Default Settings............................................................................................................. 955
Displaying GVRP............................................................................................................................................ 956
Chapter 63: GARP VLAN Registration Protocol Commands .................................................................. 957
GVRP APPLICANT STATE ACTIVE.............................................................................................................. 959
GVRP APPLICANT STATE NORMAL ........................................................................................................... 960
GVRP ENABLE .............................................................................................................................................. 961
GVRP REGISTRATION ................................................................................................................................. 962
GVRP TIMER JOIN ........................................................................................................................................ 963
GVRP TIMER LEAVE..................................................................................................................................... 964
GVRP TIMER LEAVEALL .............................................................................................................................. 965
NO GVRP ENABLE........................................................................................................................................ 966
PURGE GVRP................................................................................................................................................ 967
SHOW GVRP APPLICANT ............................................................................................................................ 968
SHOW GVRP CONFIGURATION .................................................................................................................. 969
SHOW GVRP MACHINE................................................................................................................................ 970
SHOW GVRP STATISTICS ........................................................................................................................... 971
SHOW GVRP TIMER ..................................................................................................................................... 973
Chapter 64: MAC Address-based VLANs .................................................................................................. 975
Overview......................................................................................................................................................... 976
Egress Ports............................................................................................................................................. 976
VLANs that Span Switches ...................................................................................................................... 979
VLAN Hierarchy ....................................................................................................................................... 980
Guidelines....................................................................................................................................................... 981
General Steps................................................................................................................................................. 982
Creating MAC Address-based VLANs............................................................................................................ 983
Adding MAC Addresses to VLANs and Designating Egress Ports................................................................. 984
Removing MAC Addresses ............................................................................................................................ 985
Deleting VLANs .............................................................................................................................................. 986
Displaying VLANs........................................................................................................................................... 987
Example of Creating a MAC Address-based VLAN ....................................................................................... 988
Chapter 65: MAC Address-based VLAN Commands ............................................................................... 991
NO VLAN........................................................................................................................................................ 992
NO VLAN MACADDRESS (Global Configuration Mode) ............................................................................... 993
19
Contents
NO VLAN MACADDRESS (Port Interface Mode) ...........................................................................................994
SHOW VLAN MACADDRESS ........................................................................................................................996
VLAN MACADDRESS ....................................................................................................................................998
VLAN SET MACADDRESS (Global Configuration Mode) ............................................................................ 1000
VLAN SET MACADDRESS (Port Interface Mode) ....................................................................................... 1002
Chapter 66: Private Port VLANs ............................................................................................................... 1005
Overview ....................................................................................................................................................... 1006
Host Ports............................................................................................................................................... 1006
Uplink Port .............................................................................................................................................. 1006
Guidelines ..................................................................................................................................................... 1007
Creating Private VLANs ................................................................................................................................ 1008
Adding Host and Uplink Ports ....................................................................................................................... 1009
Deleting VLANs............................................................................................................................................. 1010
Displaying Private VLANs ............................................................................................................................. 1011
Chapter 67: Private Port VLAN Commands ............................................................................................. 1013
NO VLAN ...................................................................................................................................................... 1014
PRIVATE-VLAN ............................................................................................................................................ 1015
SHOW VLAN PRIVATE-VLAN ..................................................................................................................... 1016
SWITCHPORT MODE PRIVATE-VLAN HOST ............................................................................................ 1017
SWITCHPORT MODE PRIVATE-VLAN PROMISCUOUS ........................................................................... 1018
Chapter 68: Voice VLAN Commands .......................................................................................................1019
NO SWITCHPORT VOICE VLAN ................................................................................................................. 1020
SWITCHPORT VOICE DSCP....................................................................................................................... 1021
SWITCHPORT VOICE VLAN ....................................................................................................................... 1022
SWITCHPORT VOICE VLAN PRIORITY ..................................................................................................... 1023
Section IX: Port Security
..................................................................................................................... 1025
Chapter 69: MAC Address-based Port Security ...................................................................................... 1027
Overview ....................................................................................................................................................... 1028
Static Versus Dynamic Addresses ......................................................................................................... 1028
Intrusion Actions ..................................................................................................................................... 1028
Guidelines............................................................................................................................................... 1029
Configuring Ports .......................................................................................................................................... 1030
Enabling MAC Address-based Security on Ports ......................................................................................... 1032
Disabling MAC Address-based Security on Ports......................................................................................... 1033
Displaying Port Settings ................................................................................................................................ 1034
Chapter 70: MAC Address-based Port Security Commands ................................................................. 1035
NO SWITCHPORT PORT-SECURITY ......................................................................................................... 1036
NO SWITCHPORT PORT-SECURITY AGING............................................................................................. 1037
SHOW PORT-SECURITY INTERFACE .......................................................................................................1038
SHOW PORT-SECURITY INTRUSION INTERFACE .................................................................................. 1041
SWITCHPORT PORT-SECURITY................................................................................................................ 1042
SWITCHPORT PORT-SECURITY AGING ................................................................................................... 1043
SWITCHPORT PORT-SECURITY MAXIMUM ............................................................................................. 1044
SWITCHPORT PORT-SECURITY VIOLATION ........................................................................................... 1045
Chapter 71: 802.1x Port-based Network Access Control ....................................................................... 1047
Overview ....................................................................................................................................................... 1048
Authentication Process ................................................................................................................................. 1049
Port Roles ..................................................................................................................................................... 1050
20
AT-8100 Switch Command Line User’s Guide
None Role .............................................................................................................................................. 1050
Authenticator Role.................................................................................................................................. 1050
Supplicant Role ...................................................................................................................................... 1050
Authentication Methods for Authenticator Ports ........................................................................................... 1052
Operational Settings for Authenticator Ports ................................................................................................ 1053
Operating Modes for Authenticator Ports ..................................................................................................... 1054
Single Host Mode................................................................................................................................... 1054
Multiple Host Mode ................................................................................................................................ 1054
Multiple Supplicant Mode ....................................................................................................................... 1056
Supplicant and VLAN Associations .............................................................................................................. 1058
Single Host Mode................................................................................................................................... 1059
Multiple Host Mode ................................................................................................................................ 1059
Multiple Supplicant Mode ....................................................................................................................... 1059
Supplicant VLAN Attributes on the RADIUS Server............................................................................... 1059
Guest VLAN.................................................................................................................................................. 1061
RADIUS Accounting ..................................................................................................................................... 1062
General Steps............................................................................................................................................... 1063
Guidelines..................................................................................................................................................... 1064
Enabling 802.1x Port-Based Network Access Control on the Switch........................................................... 1066
Configuring Authenticator Ports.................................................................................................................... 1067
Designating Authenticator Ports............................................................................................................. 1067
Designating the Authentication Methods................................................................................................ 1067
Configuring the Operating Modes .......................................................................................................... 1068
Configuring Reauthentication ....................................................................................................................... 1070
Removing Ports from the Authenticator Role ............................................................................................... 1071
Configuring Supplicant Ports ........................................................................................................................ 1072
Designating Supplicant Ports ................................................................................................................. 1072
Configuring Supplicant Ports.................................................................................................................. 1072
Removing Ports from the Supplicant Role ............................................................................................. 1074
Disabling 802.1x Port-Based Network Access Control on the Switch .......................................................... 1075
Displaying Authenticator Ports ..................................................................................................................... 1076
Displaying EAP Packet Statistics ................................................................................................................. 1077
Chapter 72: 802.1x Port-based Network Access Control Commands .................................................. 1079
AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS................................................................... 1083
AUTH DYNAMIC-VLAN-CREATION............................................................................................................ 1084
AUTH GUEST-VLAN.................................................................................................................................... 1086
AUTH HOST-MODE..................................................................................................................................... 1087
AUTH REAUTHENTICATION ...................................................................................................................... 1089
AUTH TIMEOUT QUIET-PERIOD................................................................................................................ 1090
AUTH TIMEOUT REAUTH-PERIOD............................................................................................................ 1091
AUTH TIMEOUT SERVER-TIMEOUT ......................................................................................................... 1092
AUTH TIMEOUT SUPP-TIMEOUT .............................................................................................................. 1093
AUTH-MAC ENABLE ................................................................................................................................... 1094
AUTH-MAC REAUTH-RELEARNING .......................................................................................................... 1095
DOT1X CONTROL-DIRECTION .................................................................................................................. 1096
DOT1X EAP ................................................................................................................................................. 1098
DOT1X INITIALIZE INTERFACE ................................................................................................................. 1100
DOT1X MAX-REAUTH-REQ........................................................................................................................ 1101
DOT1X PORT-CONTROL AUTO................................................................................................................. 1102
DOT1X PORT-CONTROL FORCE-AUTHORIZED...................................................................................... 1103
DOT1X PORT-CONTROL FORCE-UNAUTHORIZED ................................................................................ 1104
DOT1X PORT-CONTROL SUPPLICANT .................................................................................................... 1105
DOT1X SUPPLICANT-PARAMS AUTH-PERIOD........................................................................................ 1106
DOT1X SUPPLICANT-PARAMS HELD-PERIOD ........................................................................................ 1107
21
Contents
DOT1X SUPPLICANT-PARAMS MAX-START ............................................................................................ 1108
DOT1X SUPPLICANT-PARAMS PASSWORD ............................................................................................ 1109
DOT1X SUPPLICANT-PARAMS USERNAME............................................................................................. 1110
DOT1X TIMEOUT TX-PERIOD .................................................................................................................... 1111
NO AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS.............................................................1112
NO AUTH DYNAMIC-VLAN-CREATION ...................................................................................................... 1113
NO AUTH GUEST-VLAN .............................................................................................................................. 1114
NO AUTH REAUTHENTICATION ................................................................................................................ 1115
NO AUTH-MAC ENABLE ............................................................................................................................. 1116
NO DOT1X PORT-CONTROL ...................................................................................................................... 1117
NO DOT1X PORT-CONTROL SUPPLICANT .............................................................................................. 1118
SHOW AUTH-MAC INTERFACE.................................................................................................................. 1119
SHOW AUTH-MAC SESSIONSTATISTICS INTERFACE............................................................................ 1120
SHOW AUTH-MAC STATISTICS INTERFACE............................................................................................ 1121
SHOW AUTH-MAC SUPPLICANT INTERFACE ..........................................................................................1122
SHOW DOT1X .............................................................................................................................................. 1123
SHOW DOT1X INTERFACE ........................................................................................................................ 1124
SHOW DOT1X SESSIONSTATISTICS INTERFACE................................................................................... 1125
SHOW DOT1X STATISTICS INTERFACE................................................................................................... 1126
SHOW DOT1X SUPPLICANT INTERFACE ................................................................................................. 1127
Section X: Simple Network Management Protocols .......................................................................... 1129
Chapter 73: SNMPv1 and SNMPv2c ......................................................................................................... 1131
Overview ....................................................................................................................................................... 1132
Enabling SNMPv1 and SNMPv2c ................................................................................................................. 1134
Creating Community Strings ......................................................................................................................... 1135
Adding or Removing IP Addresses of Trap or Inform Receivers .................................................................. 1136
Deleting Community Strings ......................................................................................................................... 1138
Disabling SNMPv1 and SNMPv2c ................................................................................................................ 1139
Displaying SNMPv1 and SNMPv2c .............................................................................................................. 1140
Chapter 74: SNMPv1 and SNMPv2c Commands ..................................................................................... 1143
NO SNMP-SERVER ..................................................................................................................................... 1145
NO SNMP-SERVER COMMUNITY .............................................................................................................. 1146
NO SNMP-SERVER ENABLE TRAP............................................................................................................ 1147
NO SNMP-SERVER ENABLE TRAP AUTH................................................................................................. 1148
NO SNMP-SERVER HOST .......................................................................................................................... 1149
NO SNMP-SERVER VIEW ........................................................................................................................... 1151
NO SNMP TRAP LINK-STATUS .................................................................................................................. 1152
SHOW RUNNING-CONFIG SNMP............................................................................................................... 1153
SHOW SNMP-SERVER ............................................................................................................................... 1154
SHOW SNMP-SERVER COMMUNITY ........................................................................................................ 1155
SHOW SNMP-SERVER VIEW ..................................................................................................................... 1157
SNMP-SERVER............................................................................................................................................ 1158
SNMP-SERVER COMMUNITY..................................................................................................................... 1159
SNMP-SERVER ENABLE TRAP .................................................................................................................. 1160
SNMP-SERVER ENABLE TRAP AUTH .......................................................................................................1161
SNMP-SERVER HOST................................................................................................................................. 1162
SNMP-SERVER VIEW ................................................................................................................................. 1164
SNMP TRAP LINK-STATUS......................................................................................................................... 1166
Chapter 75: SNMPv3 Commands ............................................................................................................. 1167
NO SNMP-SERVER ..................................................................................................................................... 1169
NO SNMP-SERVER ENGINEID LOCAL ...................................................................................................... 1170
22
AT-8100 Switch Command Line User’s Guide
NO SNMP-SERVER GROUP....................................................................................................................... 1171
NO SNMP-SERVER HOST.......................................................................................................................... 1172
NO SNMP-SERVER USER.......................................................................................................................... 1174
NO SNMP-SERVER VIEW........................................................................................................................... 1175
SHOW SNMP-SERVER ............................................................................................................................... 1176
SHOW SNMP-SERVER GROUP................................................................................................................. 1177
SHOW SNMP-SERVER HOST .................................................................................................................... 1178
SHOW SNMP-SERVER USER .................................................................................................................... 1179
SHOW SNMP-SERVER VIEW..................................................................................................................... 1180
SNMP-SERVER ........................................................................................................................................... 1181
SNMP-SERVER ENGINEID LOCAL ............................................................................................................ 1182
SNMP-SERVER GROUP ............................................................................................................................. 1183
SNMP-SERVER HOST ................................................................................................................................ 1185
SNMP-SERVER USER ................................................................................................................................ 1187
SNMP-SERVER VIEW ................................................................................................................................. 1189
Section XI: Network Management ...................................................................................................... 1191
Chapter 76: sFlow Agent .......................................................................................................................... 1193
Overview....................................................................................................................................................... 1194
Ingress Packet Samples ........................................................................................................................ 1194
Packet Counters..................................................................................................................................... 1194
Guidelines .............................................................................................................................................. 1195
Configuring the sFlow Agent ........................................................................................................................ 1196
Configuring the Ports.................................................................................................................................... 1197
Configuring the Sampling Rate .............................................................................................................. 1197
Configuring the Polling Interval .............................................................................................................. 1198
Enabling the sFlow Agent............................................................................................................................. 1199
Disabling the sFlow Agent ............................................................................................................................ 1200
Displaying the sFlow Agent .......................................................................................................................... 1201
Configuration Example ................................................................................................................................. 1202
Chapter 77: sFlow Agent Commands ...................................................................................................... 1205
NO SFLOW COLLECTOR IP ....................................................................................................................... 1206
NO SFLOW ENABLE ................................................................................................................................... 1207
SFLOW COLLECTOR IP ............................................................................................................................. 1208
SFLOW ENABLE.......................................................................................................................................... 1209
SFLOW POLLING-INTERVAL ..................................................................................................................... 1210
SFLOW SAMPLING-RATE .......................................................................................................................... 1212
SHOW SFLOW............................................................................................................................................. 1214
Chapter 78: LLDP and LLDP-MED ........................................................................................................... 1217
Overview....................................................................................................................................................... 1218
Mandatory LLDP TLVs........................................................................................................................... 1219
Optional LLDP TLVs .............................................................................................................................. 1219
Optional LLDP-MED TLVs ..................................................................................................................... 1221
Enabling LLDP and LLDP-MED on the Switch............................................................................................. 1223
Configuring Ports to Only Receive LLDP and LLDP-MED TLVs.................................................................. 1224
Configuring Ports to Send Only Mandatory LLDP TLVs............................................................................... 1225
Configuring Ports to Send Optional LLDP TLVs........................................................................................... 1226
Configuring Ports to Send Optional LLDP-MED TLVs ................................................................................. 1228
Configuring Ports to Send LLDP-MED Civic Location TLVs ........................................................................ 1230
Configuring Ports to Send LLDP-MED Coordinate Location TLVs............................................................... 1233
Configuring Ports to Send LLDP-MED ELIN Location TLVs ........................................................................ 1237
Removing LLDP TLVs from Ports ................................................................................................................ 1239
23
Contents
Removing LLDP-MED TLVs from Ports........................................................................................................ 1240
Deleting LLDP-MED Location Entries ........................................................................................................... 1241
Disabling LLDP and LLDP-MED on the Switch ............................................................................................ 1242
Displaying General LLDP Settings................................................................................................................ 1243
Displaying Port Settings ................................................................................................................................ 1244
Displaying or Clearing Neighbor Information ................................................................................................ 1245
Displaying Port TLVs .................................................................................................................................... 1247
Displaying and Clearing Statistics................................................................................................................. 1248
Chapter 79: LLDP and LLDP-MED Commands ....................................................................................... 1249
CLEAR LLDP STATISTICS .......................................................................................................................... 1252
CLEAR LLDP TABLE.................................................................................................................................... 1253
LLDP HOLDTIME-MULTIPLIER ................................................................................................................... 1254
LLDP LOCATION.......................................................................................................................................... 1255
LLDP MANAGEMENT-ADDRESS................................................................................................................ 1257
LLDP MED-NOTIFICATIONS ....................................................................................................................... 1259
LLDP MED-TLV-SELECT ............................................................................................................................. 1260
LLDP NON-STRICT-MED-TLV-ORDER-CHECK ......................................................................................... 1262
LLDP NOTIFICATIONS ................................................................................................................................ 1263
LLDP NOTIFICATION-INTERVAL ................................................................................................................ 1264
LLDP REINIT ................................................................................................................................................ 1265
LLDP RUN .................................................................................................................................................... 1266
LLDP TIMER ................................................................................................................................................. 1267
LLDP TLV-SELECT ...................................................................................................................................... 1268
LLDP TRANSMIT RECEIVE ......................................................................................................................... 1271
LLDP TX-DELAY .......................................................................................................................................... 1272
LOCATION CIVIC-LOCATION ..................................................................................................................... 1273
LOCATION COORD-LOCATION.................................................................................................................. 1276
LOCATION ELIN-LOCATION ....................................................................................................................... 1279
NO LLDP MED-NOTIFICATIONS................................................................................................................. 1280
NO LLDP MED-TLV-SELECT....................................................................................................................... 1281
NO LLDP NOTIFICATIONS .......................................................................................................................... 1283
NO LLDP RUN .............................................................................................................................................. 1284
NO LLDP TLV-SELECT ................................................................................................................................ 1285
NO LLDP TRANSMIT RECEIVE .................................................................................................................. 1286
NO LOCATION ............................................................................................................................................. 1287
SHOW LLDP ................................................................................................................................................. 1289
SHOW LLDP INTERFACE ........................................................................................................................... 1291
SHOW LLDP LOCAL-INFO INTERFACE ..................................................................................................... 1293
SHOW LLDP NEIGHBORS DETAIL............................................................................................................. 1295
SHOW LLDP NEIGHBORS INTERFACE ..................................................................................................... 1300
SHOW LLDP STATISTICS ........................................................................................................................... 1302
SHOW LLDP STATISTICS INTERFACE...................................................................................................... 1304
SHOW LOCATION ....................................................................................................................................... 1306
Chapter 80: Address Resolution Protocol (ARP) .................................................................................... 1309
Overview ....................................................................................................................................................... 1310
Proxy ARP .............................................................................................................................................. 1310
ARP on the Switch.................................................................................................................................. 1310
Dynamic ARP Entries ............................................................................................................................. 1310
Static ARP Entries .................................................................................................................................. 1311
Adding Static ARP Entries ............................................................................................................................ 1312
Deleting Static and Dynamic ARP Entries .................................................................................................... 1313
Enabling and Disabling Proxy ARP............................................................................................................... 1314
Displaying the ARP Table ............................................................................................................................. 1315
24
AT-8100 Switch Command Line User’s Guide
Chapter 81: Address Resolution Protocol (ARP) Commands ............................................................... 1317
ARP ............................................................................................................................................................. 1318
CLEAR ARP-CACHE ................................................................................................................................... 1320
IP PROXY-ARP ............................................................................................................................................ 1321
NO ARP (IP ADDRESS)............................................................................................................................... 1322
NO IP PROXY-ARP...................................................................................................................................... 1323
SHOW ARP .................................................................................................................................................. 1324
Chapter 82: RMON ..................................................................................................................................... 1327
Overview....................................................................................................................................................... 1328
RMON Port Statistics.................................................................................................................................... 1329
Adding Statistics Groups........................................................................................................................ 1329
Viewing Statistics Groups ...................................................................................................................... 1330
Deleting Statistics Groups...................................................................................................................... 1330
RMON Histories............................................................................................................................................ 1331
Adding History Groups ........................................................................................................................... 1331
Displaying History Groups...................................................................................................................... 1332
Deleting History Groups ......................................................................................................................... 1333
RMON Alarms .............................................................................................................................................. 1334
Creating RMON Statistics Groups ......................................................................................................... 1335
Creating RMON Events.......................................................................................................................... 1335
Creating RMON Alarms ......................................................................................................................... 1336
Creating an Alarm - Example 1 .............................................................................................................. 1337
Creating an Alarm - Example 2 .............................................................................................................. 1339
Chapter 83: RMON Commands ................................................................................................................ 1343
NO RMON ALARM....................................................................................................................................... 1345
NO RMON COLLECTION HISTORY ........................................................................................................... 1346
NO RMON COLLECTION STATS................................................................................................................ 1347
NO RMON EVENT ....................................................................................................................................... 1348
RMON ALARM ............................................................................................................................................. 1349
RMON COLLECTION HISTORY.................................................................................................................. 1352
RMON COLLECTION STATS ...................................................................................................................... 1354
RMON EVENT LOG ..................................................................................................................................... 1355
RMON EVENT LOG TRAP .......................................................................................................................... 1356
RMON EVENT TRAP ................................................................................................................................... 1358
SHOW RMON ALARM ................................................................................................................................. 1360
SHOW RMON EVENT ................................................................................................................................. 1362
SHOW RMON HISTORY ............................................................................................................................. 1364
SHOW RMON STATISTICS......................................................................................................................... 1366
Section XII: Management Security .................................................................................................... 1367
Chapter 84: Local Manager Accounts ..................................................................................................... 1369
Overview....................................................................................................................................................... 1370
Privilege Levels ...................................................................................................................................... 1370
Command Mode Restriction................................................................................................................... 1371
Password Encryption ............................................................................................................................. 1371
Creating Local Manager Accounts ............................................................................................................... 1373
Deleting Local Manager Accounts................................................................................................................ 1375
Activating Command Mode Restriction and Creating the Special Password ............................................... 1376
Deactivating Command Mode Restriction and Deleting the Special Password ........................................... 1377
Activating or Deactivating Password Encryption .......................................................................................... 1378
Displaying the Local Manager Accounts ...................................................................................................... 1379
25
Contents
Chapter 85: Local Manager Account Commands ................................................................................... 1381
ENABLE PASSWORD .................................................................................................................................. 1382
NO ENABLE PASSWORD ........................................................................................................................... 1383
NO SERVICE PASSWORD-ENCRYPTION ................................................................................................. 1384
NO USERNAME ........................................................................................................................................... 1385
SERVICE PASSWORD-ENCRYPTION........................................................................................................ 1386
USERNAME.................................................................................................................................................. 1387
Chapter 86: Telnet Server ......................................................................................................................... 1389
Overview ....................................................................................................................................................... 1390
Enabling the Telnet Server ........................................................................................................................... 1391
Disabling the Telnet Server........................................................................................................................... 1392
Displaying the Telnet Server ......................................................................................................................... 1393
Chapter 87: Telnet Server Commands ..................................................................................................... 1395
NO SERVICE TELNET ................................................................................................................................. 1396
SERVICE TELNET ....................................................................................................................................... 1397
SHOW TELNET ............................................................................................................................................ 1398
Chapter 88: Telnet Client ........................................................................................................................... 1399
Overview ....................................................................................................................................................... 1400
Starting a Remote Management Session with the Telnet Client................................................................... 1401
Chapter 89: Telnet Client Commands ...................................................................................................... 1403
TELNET ........................................................................................................................................................ 1404
TELNET IPV6 ............................................................................................................................................... 1405
Chapter 90: Secure Shell (SSH) Server .................................................................................................... 1407
Overview ....................................................................................................................................................... 1408
Algorithms............................................................................................................................................... 1408
Support for SSH ............................................................................................................................................ 1409
Guidelines............................................................................................................................................... 1409
SSH and Enhanced Stacking........................................................................................................................ 1411
Creating the Encryption Key Pair .................................................................................................................. 1413
Enabling the SSH Server .............................................................................................................................. 1414
Disabling the SSH Server ............................................................................................................................. 1415
Deleting Encryption Keys .............................................................................................................................. 1416
Displaying the SSH Server ........................................................................................................................... 1417
Chapter 91: SSH Server Commands ........................................................................................................ 1419
CRYPTO KEY DESTROY HOSTKEY .......................................................................................................... 1420
CRYPTO KEY GENERATE HOSTKEY ........................................................................................................ 1422
NO SERVICE SSH ....................................................................................................................................... 1424
SERVICE SSH .............................................................................................................................................. 1425
SHOW CRYPTO KEY HOSTKEY ................................................................................................................ 1426
SHOW SSH SERVER................................................................................................................................... 1427
Chapter 92: Non-secure HTTP Web Browser Server .............................................................................. 1429
Overview ....................................................................................................................................................... 1430
Enabling the Web Browser Server ................................................................................................................ 1431
Setting the Protocol Port Number ................................................................................................................. 1432
Disabling the Web Browser Server ............................................................................................................... 1433
Displaying the Web Browser Server ............................................................................................................. 1434
Chapter 93: Non-secure HTTP Web Browser Server Commands ......................................................... 1435
SERVICE HTTP ............................................................................................................................................ 1436
IP HTTP PORT ............................................................................................................................................. 1437
26
AT-8100 Switch Command Line User’s Guide
NO SERVICE HTTP ..................................................................................................................................... 1438
SHOW IP HTTP............................................................................................................................................ 1439
Chapter 94: Secure HTTPS Web Browser Server ................................................................................... 1441
Overview....................................................................................................................................................... 1442
Certificates ............................................................................................................................................. 1442
Distinguished Name ............................................................................................................................... 1443
Guidelines .............................................................................................................................................. 1444
Creating a Self-signed Certificate................................................................................................................. 1445
Configuring the HTTPS Web Server for a Certificate Issued by a CA.......................................................... 1448
Enabling the Web Browser Server ............................................................................................................... 1452
Disabling the Web Browser Server............................................................................................................... 1453
Displaying the Web Browser Server............................................................................................................. 1454
Chapter 95: Secure HTTPS Web Browser Server Commands .............................................................. 1455
CRYPTO CERTIFICATE DESTROY............................................................................................................ 1456
CRYPTO CERTIFICATE GENERATE ......................................................................................................... 1457
CRYPTO CERTIFICATE IMPORT ............................................................................................................... 1460
CRYPTO CERTIFICATE REQUEST............................................................................................................ 1461
SERVICE HTTPS ......................................................................................................................................... 1463
IP HTTPS CERTIFICATE............................................................................................................................. 1464
NO SERVICE HTTPS................................................................................................................................... 1465
SHOW CRYPTO CERTIFICATE.................................................................................................................. 1466
SHOW IP HTTPS ......................................................................................................................................... 1467
Chapter 96: RADIUS and TACACS+ Clients ............................................................................................ 1469
Overview....................................................................................................................................................... 1470
Remote Manager Accounts .......................................................................................................................... 1471
Guidelines .............................................................................................................................................. 1473
Managing the RADIUS Client ....................................................................................................................... 1474
Adding IP Addresses of RADIUS Servers.............................................................................................. 1474
Specifying a RADIUS Global Encryption Key ........................................................................................ 1475
Specifying the Server Timeout ............................................................................................................... 1475
Specifying RADIUS Accounting ............................................................................................................. 1476
Removing the Accounting Method List................................................................................................... 1476
Deleting Server IP Addresses ................................................................................................................ 1477
Displaying the RADIUS Client................................................................................................................ 1477
Managing the TACACS+ Client .................................................................................................................... 1478
Adding IP Addresses of TACACS+ Servers .......................................................................................... 1478
Specifying TACACS+ Accounting .......................................................................................................... 1479
Removing the Accounting Method List................................................................................................... 1479
Deleting IP Addresses of TACACS+ Servers ........................................................................................ 1480
Displaying the TACACS+ Client............................................................................................................. 1480
Configuring Remote Authentication of Manager Accounts........................................................................... 1481
Chapter 97: RADIUS and TACACS+ Client Commands ......................................................................... 1485
AAA ACCOUNTING LOGIN ......................................................................................................................... 1487
AAA AUTHENTICATION ENABLE (TACACS+)........................................................................................... 1489
AAA AUTHENTICATION LOGIN.................................................................................................................. 1491
IP RADIUS SOURCE-INTERFACE.............................................................................................................. 1493
LOGIN AUTHENTICATION.......................................................................................................................... 1495
NO LOGIN AUTHENTICATION ................................................................................................................... 1497
NO RADIUS-SERVER HOST....................................................................................................................... 1498
NO TACACS-SERVER HOST...................................................................................................................... 1499
RADIUS-SERVER HOST ............................................................................................................................. 1500
RADIUS-SERVER KEY................................................................................................................................ 1502
27
Contents
RADIUS-SERVER TIMEOUT ....................................................................................................................... 1503
SHOW RADIUS ............................................................................................................................................ 1504
SHOW TACACS ........................................................................................................................................... 1506
TACACS-SERVER HOST ............................................................................................................................ 1508
TACACS-SERVER KEY ............................................................................................................................... 1509
TACACS-SERVER TIMEOUT ...................................................................................................................... 1510
Section XIII: Quality of Service
......................................................................................................... 1511
Chapter 98: Advanced Access Control Lists (ACLs) .............................................................................. 1513
Overview ....................................................................................................................................................... 1514
Filtering Criteria ...................................................................................................................................... 1514
Actions.................................................................................................................................................... 1515
ID Numbers ............................................................................................................................................ 1515
How Ingress Packets are Compared Against ACLs ............................................................................... 1515
Guidelines............................................................................................................................................... 1516
Creating ACLs............................................................................................................................................... 1517
Creating Numbered IPv4 ACLs .............................................................................................................. 1517
Creating Numbered MAC ACLs ............................................................................................................. 1529
Creating Named IPv4 Address ACLs ..................................................................................................... 1531
Creating Named IPv6 Address ACLs ..................................................................................................... 1533
Assigning ACLs to Ports ............................................................................................................................... 1535
Assigning Numbered IPv4 ACLs to a Port.............................................................................................. 1535
Assigning MAC Address ACLs to a Port ................................................................................................ 1536
Assigning Named IPv4 ACLs ................................................................................................................. 1537
Assigning Named IPv6 ACLs ................................................................................................................. 1538
Removing ACLs from Ports .......................................................................................................................... 1539
Removing Numbered IPv4 ACLs............................................................................................................ 1539
Removing MAC Address ACLs .............................................................................................................. 1539
Removing Named IPv4 ACLs................................................................................................................. 1540
Removing Named IPv6 ACLs................................................................................................................. 1540
Deleting ACLs from the Switch ..................................................................................................................... 1542
Deleting Numbered IPv4 and MAC Address ACLs ................................................................................ 1542
Deleting Named IPv4 Address ACLs...................................................................................................... 1543
Deleting Named IPv6 Address ACL .......................................................................................................1543
Setting ACL Time Ranges ............................................................................................................................ 1545
Displaying the ACLs...................................................................................................................................... 1547
Displaying IPv4 ACLs ............................................................................................................................. 1547
Displaying IP ACL Port Assignments ..................................................................................................... 1547
Displaying Named IPv6 ACLs ................................................................................................................ 1548
Displaying Time Range Information .......................................................................................................1548
Chapter 99: ACL Commands .................................................................................................................... 1551
ABSOLUTE START ...................................................................................................................................... 1554
ACCESS-CLASS .......................................................................................................................................... 1556
ACCESS-GROUP ......................................................................................................................................... 1558
ACCESS-LIST (MAC Address) ..................................................................................................................... 1560
ACCESS-LIST ICMP .................................................................................................................................... 1563
ACCESS-LIST IP .......................................................................................................................................... 1566
ACCESS-LIST PROTO................................................................................................................................. 1570
ACCESS-LIST TCP ...................................................................................................................................... 1575
ACCESS-LIST UDP ...................................................................................................................................... 1579
IP ACCESS-LIST .......................................................................................................................................... 1583
IP ACCESS-LIST (ICMP).............................................................................................................................. 1584
IP ACCESS-LIST (IP) ................................................................................................................................... 1587
28
AT-8100 Switch Command Line User’s Guide
IP ACCESS-LIST (MAC) .............................................................................................................................. 1590
IP ACCESS-LIST (PROTO) ......................................................................................................................... 1593
IP ACCESS-LIST (TCP) ............................................................................................................................... 1596
IP ACCESS-LIST (UDP)............................................................................................................................... 1600
IPV6 ACCESS-LIST ..................................................................................................................................... 1604
IPV6 ACCESS-LIST (ICMP)......................................................................................................................... 1605
IPV6 ACCESS-LIST (IP) .............................................................................................................................. 1608
IPV6 ACCESS-LIST (PROTO) ..................................................................................................................... 1611
IPV6 ACCESS-LIST (TCP)........................................................................................................................... 1614
IPV6 ACCESS-LIST (UDP) .......................................................................................................................... 1618
IPV6 TRAFFIC-FILTER ................................................................................................................................ 1622
MAC ACCESS-GROUP ............................................................................................................................... 1623
NO ACCESS-LIST........................................................................................................................................ 1624
NO ACCESS-GROUP .................................................................................................................................. 1625
NO MAC ACCESS-GROUP ......................................................................................................................... 1626
PERIODIC .................................................................................................................................................... 1627
PERIODIC (DAILY) ...................................................................................................................................... 1629
SHOW ACCESS-LIST.................................................................................................................................. 1631
SHOW INTERFACE ACCESS-GROUP....................................................................................................... 1633
SHOW IPV6 ACCESS-LIST ......................................................................................................................... 1634
SHOW TIME-RANGE................................................................................................................................... 1635
TIME-RANGE .............................................................................................................................................. 1636
Chapter 100: Quality of Service (QoS) ..................................................................................................... 1637
Overview....................................................................................................................................................... 1638
Single-rate and Twin-rate Policer........................................................................................................... 1638
Aggregate Policer................................................................................................................................... 1639
Egress Queues ...................................................................................................................................... 1639
Auto-QoS ............................................................................................................................................... 1639
Enabling QoS on the Switch......................................................................................................................... 1640
Creating a Class Map ................................................................................................................................... 1641
Filtering Incoming Traffic........................................................................................................................ 1641
Filtering Procedures ............................................................................................................................... 1642
Creating a Policy Map .................................................................................................................................. 1649
Associating a Class Map With a Policy Map .......................................................................................... 1650
Assigning a Policy Map to a Port ........................................................................................................... 1650
Configuring Default Class Maps ................................................................................................................... 1651
Prioritizing CoS and DSCP........................................................................................................................... 1652
Creating Single-rate and Twin-rate Policers................................................................................................. 1655
Creating an Aggregate Policer ..................................................................................................................... 1658
Configuring the Egress Queues ................................................................................................................... 1661
Determining the Egress Queues ............................................................................................................ 1662
Egress Queue Shaping .......................................................................................................................... 1666
Enabling Auto-QoS Support on the Switch................................................................................................... 1669
Auto-QoS Macro Examples.................................................................................................................... 1670
Auto-QoS-MED Macro Examples .......................................................................................................... 1675
Displaying QoS Settings............................................................................................................................... 1682
Displaying QoS Status ........................................................................................................................... 1683
Displaying a Class Map.......................................................................................................................... 1683
Displaying a Policy Map ......................................................................................................................... 1684
Displaying Aggregate Policiers .............................................................................................................. 1684
Displaying QoS Scheduling Information................................................................................................. 1684
Displaying CoS to Queue Mappings ...................................................................................................... 1685
Displaying DSCP to Queue Mappings ................................................................................................... 1686
Displaying DSCP to Policed-DSCP Values............................................................................................ 1687
29
Contents
Chapter 101: Quality of Service (QoS) Commands ................................................................................. 1689
AUTO-QOS .................................................................................................................................................. 1693
AUTO-QOS-MED.......................................................................................................................................... 1695
CLASS .......................................................................................................................................................... 1697
CLASS-MAP ................................................................................................................................................. 1699
DEFAULT-ACTION ....................................................................................................................................... 1700
DESCRIPTION (Policy Map) ........................................................................................................................ 1702
MATCH ACCESS-GROUP .......................................................................................................................... 1704
MATCH COS ................................................................................................................................................ 1707
MATCH DSCP .............................................................................................................................................. 1709
MATCH INNER-COS .................................................................................................................................... 1710
MATCH INNER-VLAN .................................................................................................................................. 1711
MATCH IP-PRECEDENCE........................................................................................................................... 1712
MATCH MAC-TYPE...................................................................................................................................... 1713
MATCH PROTOCOL .................................................................................................................................... 1715
MATCH TCP-FLAGS .................................................................................................................................... 1720
MATCH VLAN ............................................................................................................................................... 1722
MLS QOS AGGREGATE-POLICE SINGLE-RATE....................................................................................... 1723
MLS QOS AGGREGATE-POLICE TWIN-RATE........................................................................................... 1726
MLS QOS COS ............................................................................................................................................. 1729
MLS QOS ENABLE ...................................................................................................................................... 1731
MLS QOS MAP COS-QUEUE ...................................................................................................................... 1732
MLS QOS MAP DSCP-QUEUE .................................................................................................................... 1734
MLS QOS MAP POLICED-DSCP ................................................................................................................. 1736
NO AUTO-QOS VOICE | TRUST ................................................................................................................. 1738
NO MATCH ACCESS-GROUP..................................................................................................................... 1740
NO MATCH PROTOCOL.............................................................................................................................. 1742
NO MLS QOS AGGREGATE-POLICE ......................................................................................................... 1744
NO MLS QOS ENABLE ................................................................................................................................ 1745
NO POLICE AGGREGATE........................................................................................................................... 1746
POLICE AGGREGATE ................................................................................................................................. 1747
POLICE SINGLE-RATE ACTION ................................................................................................................. 1749
POLICE TWIN-RATE ACTION ..................................................................................................................... 1752
POLICY-MAP ................................................................................................................................................ 1755
SET COS ...................................................................................................................................................... 1756
SET DSCP .................................................................................................................................................... 1758
SET QUEUE ................................................................................................................................................. 1759
SERVICE-POLICY INPUT ............................................................................................................................ 1761
SHOW CLASS-MAP ..................................................................................................................................... 1762
SHOW POLICY-MAP.................................................................................................................................... 1763
SHOW MLS QOS ......................................................................................................................................... 1765
SHOW MLS QOS AGGREGRATE-POLICER .............................................................................................. 1766
SHOW MLS QOS INTERFACE .................................................................................................................... 1768
SHOW MLS QOS MAPS COS-QUEUE........................................................................................................ 1771
SHOW MLS QOS MAPS DSCP-QUEUE ..................................................................................................... 1772
SHOW MLS QOS MAPS POLICED-DSCP .................................................................................................. 1775
TRUST COS ................................................................................................................................................. 1776
TRUST DSCP ............................................................................................................................................... 1778
WRR-QUEUE EGRESS-RATE-LIMIT QUEUES ..........................................................................................1780
WRR-QUEUE WEIGHT ................................................................................................................................ 1782
Chapter 102: QoS Storm Control Protection ........................................................................................... 1785
Overview ....................................................................................................................................................... 1786
Enabling Policy Based QSP.......................................................................................................................... 1789
Setting the Storm Control Action................................................................................................................... 1790
30
AT-8100 Switch Command Line User’s Guide
Disabling a VLAN ................................................................................................................................... 1790
Disabling a Port...................................................................................................................................... 1791
Shutting Down a Port ............................................................................................................................. 1792
Setting Storm Control Down Time ................................................................................................................ 1793
Setting the Storm Control Speed and Sampling Frequency......................................................................... 1794
Displaying Port Storm Status........................................................................................................................ 1795
Chapter 103: QSP Commands .................................................................................................................. 1797
SHOW MLS QOS INTERFACE STORM-STATUS ...................................................................................... 1798
STORM-ACTION.......................................................................................................................................... 1800
STORM-DOWNTIME ................................................................................................................................... 1802
STORM-PROTECTION................................................................................................................................ 1803
STORM-RATE.............................................................................................................................................. 1804
STORM-WINDOW........................................................................................................................................ 1806
Section XIV: Routing .......................................................................................................................... 1809
Chapter 104: Internet Protocol Version 4 Packet Routing ..................................................................... 1811
Overview....................................................................................................................................................... 1812
Routing Interfaces ........................................................................................................................................ 1813
VLAN ID (VID)........................................................................................................................................ 1813
IP Address and Subnet Mask................................................................................................................. 1813
Static Routes ................................................................................................................................................ 1814
Routing Information Protocol (RIP)............................................................................................................... 1815
Default Route................................................................................................................................................ 1817
Routing Table ............................................................................................................................................... 1818
Address Resolution Protocol (ARP) Table ................................................................................................... 1819
Internet Control Message Protocol (ICMP)................................................................................................... 1820
Routing Interfaces and Management Features ............................................................................................ 1822
Example of the Routing Commands............................................................................................................. 1823
Creating the VLANs ............................................................................................................................... 1823
Creating the Routing Interfaces ............................................................................................................. 1824
Adding Static and Default Routes .......................................................................................................... 1826
Activating RIP......................................................................................................................................... 1828
Chapter 105: IPv4 Routing Commands ................................................................................................... 1831
IP ADDRESS................................................................................................................................................ 1833
IP ADDRESS DHCP..................................................................................................................................... 1835
IP ROUTE..................................................................................................................................................... 1836
NO IP ADDRESS ......................................................................................................................................... 1839
NO IP ADDRESS DHCP .............................................................................................................................. 1841
NO IP ROUTE .............................................................................................................................................. 1843
SHOW IP INTERFACE................................................................................................................................. 1845
SHOW IP ROUTE ........................................................................................................................................ 1847
Chapter 106: Routing Information Protocol (RIP) .................................................................................. 1849
Overview....................................................................................................................................................... 1850
Enabling RIP................................................................................................................................................. 1851
Specifying a RIP Version.............................................................................................................................. 1853
Enabling Authentication................................................................................................................................ 1854
Enabling and Disabling Automatic Route Summarization ............................................................................ 1856
Enabling and Disabling Split Horizon ........................................................................................................... 1858
Advertising the Default Route....................................................................................................................... 1859
Displaying Routing Information with RIP ...................................................................................................... 1860
31
Contents
Adjusting Timers ........................................................................................................................................... 1861
Blocking Routing Updates on an Interface.................................................................................................... 1862
Chapter 107: Routing Information Protocol (RIP) Commands .............................................................. 1863
AUTO-SUMMARY ........................................................................................................................................ 1866
DEFAULT-INFORMATION ORIGINATE.......................................................................................................1867
IP RIP AUTHENTICATION STRING............................................................................................................. 1868
IP RIP AUTHENTICATION MODE ............................................................................................................... 1869
IP RIP RECEIVE-PACKET ........................................................................................................................... 1870
IP RIP RECEIVE VERSION.......................................................................................................................... 1871
IP RIP SEND-PACKET ................................................................................................................................. 1873
IP RIP SEND VERSION ............................................................................................................................... 1874
IP RIP SPLIT-HORIZON ............................................................................................................................... 1875
NETWORK.................................................................................................................................................... 1877
NO AUTO-SUMMARY .................................................................................................................................. 1879
NO DEFAULT-INFORMATION ORIGINATE ................................................................................................ 1880
NO IP RIP AUTHENTICATION MODE ......................................................................................................... 1881
NO IP RIP AUTHENTICATION STRING ...................................................................................................... 1882
NO IP RIP RECEIVE-PACKET ..................................................................................................................... 1883
NO IP RIP RECEIVE VERSION ................................................................................................................... 1884
NO IP RIP SEND-PACKET........................................................................................................................... 1885
NO IP RIP SEND VERSION ......................................................................................................................... 1886
NO IP RIP SPLIT-HORIZON ........................................................................................................................ 1887
NO NETWORK ............................................................................................................................................. 1888
NO PASSIVE-INTERFACE........................................................................................................................... 1889
NO ROUTER RIP ......................................................................................................................................... 1890
NO TIMERS BASIC ...................................................................................................................................... 1891
NO VERSION ............................................................................................................................................... 1892
PASSIVE-INTERFACE ................................................................................................................................. 1893
ROUTER RIP ................................................................................................................................................ 1894
SHOW IP RIP ............................................................................................................................................... 1895
SHOW IP RIP COUNTER............................................................................................................................. 1897
SHOW IP RIP INTERFACE .......................................................................................................................... 1899
TIMERS BASIC............................................................................................................................................. 1901
VERSION ...................................................................................................................................................... 1903
Appendix A: System Monitoring Commands ..........................................................................................1905
SHOW CPU .................................................................................................................................................. 1906
SHOW CPU HISTORY ................................................................................................................................. 1907
SHOW CPU USER-THREADS ..................................................................................................................... 1908
SHOW MEMORY.......................................................................................................................................... 1909
SHOW MEMORY ALLOCATION .................................................................................................................. 1910
SHOW MEMORY HISTORY......................................................................................................................... 1911
SHOW MEMORY POOLS ............................................................................................................................ 1912
SHOW PROCESS ........................................................................................................................................ 1913
SHOW SYSTEM SERIALNUMBER.............................................................................................................. 1914
SHOW SYSTEM INTERRUPTS ................................................................................................................... 1915
SHOW TECH-SUPPORT ............................................................................................................................. 1916
Appendix B: Management Software Default Settings ............................................................................ 1919
Boot Configuration File ................................................................................................................................. 1921
Class of Service ............................................................................................................................................ 1922
Console Port ................................................................................................................................................. 1923
DHCP Relay.................................................................................................................................................. 1924
802.1x Port-Based Network Access Control ................................................................................................. 1925
Enhanced Stacking ....................................................................................................................................... 1927
32
AT-8100 Switch Command Line User’s Guide
GVRP ........................................................................................................................................................... 1928
Hardware Stacking ....................................................................................................................................... 1929
IGMP Snooping ............................................................................................................................................ 1930
IGMP Snooping Querier ............................................................................................................................... 1931
Link Layer Discovery Protocol (LLDP and LLDP-MED) ............................................................................... 1932
MAC Address-based Port Security............................................................................................................... 1933
MAC Address Table ..................................................................................................................................... 1934
Management IP Address .............................................................................................................................. 1935
Manager Account ......................................................................................................................................... 1936
Port Settings ................................................................................................................................................. 1937
RADIUS Client.............................................................................................................................................. 1938
Remote Manager Account Authentication .................................................................................................... 1939
RMON........................................................................................................................................................... 1940
Secure Shell Server...................................................................................................................................... 1941
sFlow Agent.................................................................................................................................................. 1942
Simple Network Management Protocol (SNMPv1, SNMPv2c and SNMPv3) .............................................. 1943
Simple Network Time Protocol ..................................................................................................................... 1944
Spanning Tree Protocols (STP and RSTP) .................................................................................................. 1945
Spanning Tree Status ............................................................................................................................ 1945
Spanning Tree Protocol ......................................................................................................................... 1945
Rapid Spanning Tree Protocol ............................................................................................................... 1945
System Name ............................................................................................................................................... 1947
TACACS+ Client........................................................................................................................................... 1948
Telnet Server ................................................................................................................................................ 1949
VLANs .......................................................................................................................................................... 1950
Web Server................................................................................................................................................... 1951
Command Index .................................................................................................... 1953
33
Contents
34
Tables
Table 1. Remote Software Tool Settings ............................................................................................................................ 48
Table 2. AlliedWare Plus Modes ......................................................................................................................................... 54
Table 3. Adding a Management Address: Example 1 ........................................................................................................ 77
Table 4. Adding a Management IP Address: Example 2 .................................................................................................... 77
Table 5. Basic Command Line Commands ........................................................................................................................ 87
Table 6. Temperature and Fan Control Commands ......................................................................................................... 109
Table 7. SHOW SYSTEM ENVIRONMENT Command .................................................................................................... 114
Table 8. Basic Switch Management Commands .............................................................................................................. 135
Table 9. SHOW SWITCH Command ................................................................................................................................ 163
Table 10. SHOW USERS Command ................................................................................................................................ 167
Table 11. Port Parameter Commands .............................................................................................................................. 195
Table 12. SHOW FLOWCONTROL INTERFACE Command ........................................................................................... 224
Table 13. SHOW INTERFACE Command ........................................................................................................................ 227
Table 14. SHOW INTERFACE BRIEF Command ............................................................................................................ 230
Table 15. SHOW INTERFACE STATUS Command ........................................................................................................ 232
Table 16. SHOW PLATFORM TABLE PORT COUNTERS Command ............................................................................ 234
Table 17. SHOW STORM-CONTROL Command ............................................................................................................ 238
Table 18. IEEE Powered Device Classes ......................................................................................................................... 250
Table 19. PoE Switch’s Power Budget ............................................................................................................................. 251
Table 20. PoE Port Priorities ............................................................................................................................................ 251
Table 21. Receiving Power Consumption Notification ...................................................................................................... 258
Table 22. PoE Show Commands ...................................................................................................................................... 259
Table 23. Power over Ethernet Commands ...................................................................................................................... 261
Table 24. SHOW POWER-INLINE Command .................................................................................................................. 281
Table 25. SHOW POWER-INLINE COUNTERS INTERFACE Command ....................................................................... 283
Table 26. SHOW POWER-INLINE INTERFACE DETAIL Command ............................................................................... 286
Table 27. Features Requiring an IP Management Address on the Switch ....................................................................... 292
Table 28. Management IP Address Commands ............................................................................................................... 305
Table 29. SHOW IP INTERFACE Command ................................................................................................................... 323
Table 30. Route Codes in the SHOW IP ROUTE Command ........................................................................................... 324
Table 31. SHOW IPV6 INTERFACE Command ............................................................................................................... 326
Table 32. SNTP Daylight Savings Time and UTC Offset Commands .............................................................................. 332
Table 33. Simple Network Time Protocol Commands ...................................................................................................... 337
Table 34. SHOW NTP ASSOCIATIONS Command ......................................................................................................... 345
Table 35. DNS Commands ............................................................................................................................................... 357
Table 36. MAC Address Table Commands ...................................................................................................................... 377
Table 37. SHOW MAC ADDRESS-TABLE Command - Unicast Addresses .................................................................... 387
Table 38. SHOW MAC ADDRESS-TABLE Command - Multicast Addresses .................................................................. 388
Table 39. SHOW STACK Command ................................................................................................................................ 399
Table 40. Stacking Commands ......................................................................................................................................... 403
Table 41. Enhanced Stacking Commands ....................................................................................................................... 433
Table 42. SHOW ESTACK Command .............................................................................................................................. 441
Table 43. Link-flap Protection Commands ........................................................................................................................ 453
Table 44. Port Mirror Commands ..................................................................................................................................... 467
Table 45. SHOW MIRROR Command ............................................................................................................................. 472
Table 46. DHCP Relay Option 82 Commands ................................................................................................................. 483
Table 47. DHCP Relay Commands .................................................................................................................................. 487
Table 48. SHOW IP DHCP-RELAY Command ................................................................................................................ 503
Table 49. Link Control Groups on Switch 3 in Example 6 ................................................................................................ 511
35
Tables
Table 50. Link Control Groups on Switch 3 in Example 7 .................................................................................................513
Table 51. Group Link Control Commands ........................................................................................................................515
Table 52. Group Link Control Commands ........................................................................................................................519
Table 53. SHOW GROUP-LINK-CONTROL Command ...................................................................................................527
Table 54. Multicast Commands ........................................................................................................................................529
Table 55. File Extensions and File Types .........................................................................................................................538
Table 56. File System Commands ....................................................................................................................................545
Table 57. SHOW FILE SYSTEMS Command ..................................................................................................................551
Table 58. Boot Configuration File Commands ..................................................................................................................559
Table 59. SHOW BOOT Command ..................................................................................................................................566
Table 60. File Transfer Commands ..................................................................................................................................583
Table 61. IGMP Snooping Commands .............................................................................................................................598
Table 62. Internet Group Management Protocol Snooping Commands ...........................................................................603
Table 63. SHOW IP IGMP SNOOPING Command ..........................................................................................................614
Table 64. IGMP Snooping Querier with One Querier .......................................................................................................619
Table 65. IGMP Snooping Querier with Two Queriers ......................................................................................................620
Table 66. IGMP Snooping Querier Commands ................................................................................................................623
Table 67. Configuring One Querier ...................................................................................................................................623
Table 68. Configuring Multiple Queriers ...........................................................................................................................624
Table 69. IGMP Snooping Querier Commands ................................................................................................................627
Table 70. SHOW IP IGMP INTERFACE Command .........................................................................................................631
Table 71. DHCP Commands ............................................................................................................................................633
Table 72. Parameters in SHOW ARP SECURITY Command ..........................................................................................663
Table 73. Parameters in SHOW ARP SECURITY INTERFACE Command .....................................................................665
Table 74. Parameters in SHOW ARP SECURITY STATISTCS Command .....................................................................667
Table 75. SHOW IP DHCP SNOOPING BINDING Command Parameters ......................................................................671
Table 76. Parameters in SHOW IP DHCP SNOOPING INTERFACE Command ............................................................673
Table 77. SHOW IP DHCP SOURCE BINDING Command Parameters ..........................................................................674
Table 78. Event Log Commands ......................................................................................................................................683
Table 79. Event Message Severity Levels ........................................................................................................................688
Table 80. SHOW LOG Command .....................................................................................................................................698
Table 81. Management Software Modules .......................................................................................................................699
Table 82. SHOW LOG CONFIG Command ......................................................................................................................701
Table 83. Event Message Severity Levels ........................................................................................................................709
Table 84. Program Abbreviations .....................................................................................................................................709
Table 85. Syslog Client Commands ..................................................................................................................................715
Table 86. Static Port Trunk Commands ............................................................................................................................733
Table 87. LACP Port Trunk Commands ...........................................................................................................................753
Table 88. STP Switch Parameter Commands ..................................................................................................................792
Table 89. STP Port Parameter Commands ......................................................................................................................794
Table 90. Spanning Tree Protocol Commands .................................................................................................................797
Table 91. RSTP Switch Parameters .................................................................................................................................816
Table 92. RSTP Port Parameters .....................................................................................................................................819
Table 93. Rapid Spanning Tree Protocol Commands ......................................................................................................825
Table 94. MSTP Region ....................................................................................................................................................860
Table 95. Two Region Examples ......................................................................................................................................869
Table 96. Multiple Spanning Tree Protocol Commands ...................................................................................................871
Table 97. MSTP Bridge Priority Value Increments ...........................................................................................................873
Table 98. VLAN Port Assignments ...................................................................................................................................910
Table 99. Port-based and Tagged VLAN Commands ......................................................................................................921
Table 100. SHOW VLAN Command .................................................................................................................................926
Table 101. GARP VLAN Registration Protocol Commands ..............................................................................................957
Table 102. Mappings of MAC Addresses to Egress Ports Example .................................................................................977
Table 103. Revised Example of Mappings of MAC Addresses to Egress Ports ...............................................................978
Table 104. Example of a MAC Address-based VLAN Spanning Switches .......................................................................980
Table 105. MAC Address-based VLAN Commands .........................................................................................................991
Table 106. SHOW VLAN MACADDRESS Command ......................................................................................................997
Table 107. Private Port VLAN Commands .....................................................................................................................1013
Table 108. Voice VLAN Commands ...............................................................................................................................1019
Table 109. MAC Address-based Port Security Commands and Descriptions ................................................................1030
36
AT-8100 Switch Command Line User’s Guide
Table 110. MAC Address-based Port Security Commands ............................................................................................ 1035
Table 111. SHOW PORT-SECURITY INTERFACE Command ..................................................................................... 1038
Table 112. Reauthentication Commands ....................................................................................................................... 1070
Table 113. Username and Password Commands for Supplicant Ports .......................................................................... 1072
Table 114. Commands for Supplicant Port Parameters ................................................................................................. 1073
Table 115. 802.1x Port-based Network Access Control Commands .............................................................................. 1079
Table 116. SNMPv1 and SNMPv2c Commands ............................................................................................................ 1143
Table 117. SHOW SNMP-SERVER COMMUNITY Command ...................................................................................... 1155
Table 118. SHOW SNMP-SERVER VIEW Command ................................................................................................... 1157
Table 119. SNMPv3 Commands .................................................................................................................................... 1167
Table 120. sFlow Agent Commands ............................................................................................................................... 1205
Table 121. SHOW SFLOW Command ........................................................................................................................... 1215
Table 122. Mandatory LLDP TLVs ................................................................................................................................. 1219
Table 123. Optional LLDP TLVs ..................................................................................................................................... 1219
Table 124. Optional LLDP-MED TLVs ............................................................................................................................ 1221
Table 125. Optional LLDP TLVs ..................................................................................................................................... 1226
Table 126. Abbreviated List of LLDP-MED Civic Location Entry Parameters ................................................................ 1230
Table 127. LLDP-MED Coordinate Location Entry Parameters ..................................................................................... 1233
Table 128. LLDP and LLDP-MED Commands ............................................................................................................... 1249
Table 129. Optional TLVs ............................................................................................................................................... 1268
Table 130. LLDP-MED Civic Location Entry Parameters ............................................................................................... 1273
Table 131. LLDP-MED Coordinate Location Entry Parameters ..................................................................................... 1276
Table 132. SHOW LLDP Command ............................................................................................................................... 1289
Table 133. SHOW LLDP NEIGHBORS DETAIL Command ........................................................................................... 1296
Table 134. SHOW LLDP NEIGHBORS INTERFACE Command ................................................................................... 1300
Table 135. SHOW LLDP STATISTICS Command ......................................................................................................... 1302
Table 136. SHOW LLDP STATISTICS INTERFACE Command .................................................................................... 1304
Table 137. SHOW LLDP STATISTICS INTERFACE Command .................................................................................... 1306
Table 138. Deleting ARP Entries .................................................................................................................................... 1313
Table 139. ARP Commands ........................................................................................................................................... 1317
Table 140. SHOW ARP Command ................................................................................................................................. 1324
Table 141. Abbreviated List of MIB Object Names and OID Numbers ........................................................................... 1336
Table 142. RMON Commands ....................................................................................................................................... 1343
Table 143. MIB Object Names and ID Numbers ............................................................................................................ 1350
Table 144. SHOW RMON ALARM Command ................................................................................................................ 1361
Table 145. SHOW RMON EVENT Command ................................................................................................................ 1362
Table 146. SHOW RMON HISTORY Command ............................................................................................................ 1364
Table 147. SHOW RMON STATISTICS Command ....................................................................................................... 1366
Table 148. Local Manager Account Commands ............................................................................................................. 1381
Table 149. Telnet Server Commands ............................................................................................................................. 1395
Table 150. Telnet Client Commands .............................................................................................................................. 1403
Table 151. Secure Shell Server Commands .................................................................................................................. 1419
Table 152. Non-secure HTTP Web Browser Server Commands ................................................................................... 1435
Table 153. Secure HTTPS Web Browser Server Commands ........................................................................................ 1455
Table 154. SHOW IP HTTPS Command ........................................................................................................................ 1467
Table 155. RADIUS and TACACS+ Client Commands .................................................................................................. 1485
Table 156. SHOW RADIUS Command .......................................................................................................................... 1504
Table 157. SHOW TACACS Command ......................................................................................................................... 1506
Table 158. Access Control List ID Number Ranges ....................................................................................................... 1515
Table 159. ACCESS-LIST Commands for Creating Numbered IPv4 ACLs ................................................................... 1517
Table 160. Blocking Ingress Packets Example ............................................................................................................... 1519
Table 161. Blocking Traffic with Two IPv4 Addresses .................................................................................................... 1519
Table 162. Creating a Permit ACL Followed by a Deny ACL Example .......................................................................... 1520
Table 163. Permit ACLs IPv4 Packets Example ............................................................................................................. 1521
Table 164. ACL Filters Tagged IPv4 Packets Example .................................................................................................. 1522
Table 165. Numbered IPv4 ACL with ICMP Packets Example .......................................................................................1523
Table 166. Numbered IPv4 ACL with Protocol Example ................................................................................................ 1525
Table 167. Numbered IPv4 ACL with TCP Port Packets Example ................................................................................. 1527
Table 168. Numbered IPv4 ACL with UDP Port Example .............................................................................................. 1529
Table 169. Numbered MAC ACL Example ..................................................................................................................... 1531
37
Tables
Table 170. IP ACCESS-LIST Commands for Creating Named IPv4 ACLs ....................................................................1531
Table 171. Named IPv4 ACL ICMP Permit Example ......................................................................................................1532
Table 172. Named IPv4 ACL TCP Deny Example ..........................................................................................................1532
Table 173. IPv6 ACCESS-LIST Commands for Creating ACLs .....................................................................................1533
Table 174. Named IPv6 ACL Example ...........................................................................................................................1534
Table 175. Assigning Numbered IPv4 ACLs ..................................................................................................................1536
Table 176. Assigning MAC Address ACLs Example ......................................................................................................1536
Table 177. Assigning Named IPv4 ACLs Example .........................................................................................................1537
Table 178. Assigning Named IPv6 ACLs Example .........................................................................................................1538
Table 179. Removing Numbered IP ACLs Example .......................................................................................................1539
Table 180. Removing MAC Address ACLs Example ......................................................................................................1540
Table 181. Removing Named IPv4 ACLs Example ........................................................................................................1540
Table 182. Removing Named IPv6 ACLs Example ........................................................................................................1541
Table 183. Deleting Numbered IPv4 ACLs Example ......................................................................................................1542
Table 184. Deleting MAC ACL Example .........................................................................................................................1543
Table 185. Deleting Named IPv4 ACLs Example ...........................................................................................................1543
Table 186. Deleting Named IPv6 ACLs Example ...........................................................................................................1544
Table 187. Time Range Commands ...............................................................................................................................1545
Table 188. Absolute Time Range Example ....................................................................................................................1545
Table 189. Periodic Time Range Example .....................................................................................................................1546
Table 190. Access Control List Commands ....................................................................................................................1551
Table 191. Protocol Numbers .........................................................................................................................................1571
Table 192. Enabling QoS on the Switch .........................................................................................................................1640
Table 193. Creating a Class Map ...................................................................................................................................1641
Table 194. Class-Map Metering Commands .................................................................................................................1641
Table 195. Adding an ACL Group Name to a Class Map ...............................................................................................1643
Table 196. Adding an ACL Group Number to a Class Map ............................................................................................1643
Table 197. CoS Traffic Mapping Guidelines ..................................................................................................................1644
Table 198. Adding an CoS Value to a Class Map ...........................................................................................................1644
Table 199. Adding an DSCP Value to a Class Map ........................................................................................................1645
Table 200. Adding an Inner-CoS Value to a Class Map .................................................................................................1645
Table 201. Adding an Inner-VLAN to a Class Map .........................................................................................................1646
Table 202. Adding IPv4 Precedence to a Class Map .....................................................................................................1646
Table 203. Adding a MAC-type to a Class Map ..............................................................................................................1647
Table 204. Adding a Protocol to a Class Map .................................................................................................................1647
Table 205. Adding a TCP Flag to a Class Map ...............................................................................................................1648
Table 206. Adding a VLAN to a Class Map ....................................................................................................................1648
Table 207. Creating a Policy Map ...................................................................................................................................1649
Table 208. Associating a Class Map with a Policy Map ..................................................................................................1650
Table 209. Assigning a Class a Policy Map to a Port .....................................................................................................1650
Table 210. Creating a Default Class Map .......................................................................................................................1651
Table 211. CoS Default Mapping ....................................................................................................................................1652
Table 212. DSCP Default Mapping .................................................................................................................................1652
Table 213. Enabling the Premark-CoS Map Lookup ......................................................................................................1653
Table 214. Enabling the Premark-DSCP Map Lookup ...................................................................................................1654
Table 215. Single-rate and Twin-rate Policer Commands ..............................................................................................1655
Table 216. Configuring a Single-rate Policer ..................................................................................................................1656
Table 217. Configuring a Twin-rate Policer .....................................................................................................................1656
Table 218. Aggregate Policer Commands ......................................................................................................................1658
Table 219. Creating a Police Aggregator ........................................................................................................................1658
Table 220. Egress Queue Commands ............................................................................................................................1662
Table 221. Setting Egress CoS Queues Example ..........................................................................................................1663
Table 222. Setting Egress DSCP Queues Example .......................................................................................................1664
Table 223. Using the SET QUEUE Command ...............................................................................................................1666
Table 224. Egress Queue Shaping Commands .............................................................................................................1667
Table 225. Setting Egress Queue Shaping .....................................................................................................................1667
Table 226. Auto QoS Commands ...................................................................................................................................1669
Table 227. Auto-QoS with Trust CoS Functionality and Voice VLAN Support Example ................................................1670
Table 228. Auto-QoS with Trust DSCP Functionality and Voice VLAN Support Example .............................................1672
Table 229. Auto-QoS with Trust CoS Functionality Example .........................................................................................1673
38
AT-8100 Switch Command Line User’s Guide
Table 230. Auto-QoS Trust DSCP Functionality Example .............................................................................................. 1674
Table 231. Auto-QoS MED with Trust CoS Functionality & Voice VLAN Support Example ........................................... 1676
Table 232. Auto-QoS MED with Trust DSCP Functionality & Voice VLAN Support Example ........................................ 1678
Table 233. Auto-QoS-MED with Trust CoS Traffic Example .......................................................................................... 1679
Table 234. Auto-QoS MED with Trust DSCP Functionality Example ............................................................................. 1680
Table 235. QoS Display Commands .............................................................................................................................. 1682
Table 236. Quality of Service Commands ...................................................................................................................... 1689
Table 237. ACCESS-LIST Commands for Creating Numbered IPv4 ACLs ................................................................... 1705
Table 238. CoS Traffic Mapping Guidelines ................................................................................................................... 1707
Table 239. Layer Two Ethernet Formats ....................................................................................................................... 1715
Table 240. Layer Three Protocol .................................................................................................................................... 1716
Table 241. Police Single Rate-Action Bandwidth Classes .............................................................................................. 1724
Table 242. Police Twin Rate-Action Bandwidth Classes ................................................................................................ 1727
Table 243. Police Single Rate-Action Bandwidth Classes .............................................................................................. 1749
Table 244. SHOW POLICY-MAP Command Description .............................................................................................. 1763
Table 245. SHOW MLS QOS AGGREGATE-POLICER Command Description ...........................................................1767
Table 246. SHOW MLS QOS INTERFACE Command .................................................................................................. 1770
Table 247. Policy Based QoS Storm Protection Concepts ............................................................................................. 1787
Table 248. Policy-Based QSP Commands ..................................................................................................................... 1787
Table 249. Enabling the Storm Protection Feature ......................................................................................................... 1789
Table 250. Setting Storm Control Action: Disabling a VLAN .......................................................................................... 1790
Table 251. Setting Storm Control Action: Disabling a Port ............................................................................................. 1791
Table 252. Setting Storm Control Action: Shutting Down a Port .................................................................................... 1792
Table 253. Setting the Storm Down Time ....................................................................................................................... 1793
Table 254. Setting the Storm Data Rate and Window Size ............................................................................................ 1794
Table 255. Quality of Service Commands ...................................................................................................................... 1797
Table 256. SHOW MLS QOS INTERFACE STORM-STATUS Command Description .................................................. 1798
Table 257. ICMP Messages ........................................................................................................................................... 1820
Table 258. IPv4 Routing Example .................................................................................................................................. 1823
Table 259. IPv4 Routing Commands .............................................................................................................................. 1831
Table 260. SHOW IP INTERFACE Command ............................................................................................................... 1845
Table 261. Route Codes in the SHOW IP ROUTE Command .......................................................................................1847
Table 262. RIP Commands ............................................................................................................................................ 1851
Table 263. TIMERS BASIC Command Parameters ....................................................................................................... 1861
Table 264. RIP Commands ............................................................................................................................................ 1863
Table 265. SHOW IP RIP Command .............................................................................................................................. 1896
Table 266. SHOW IP RIP COUNTER Command ........................................................................................................... 1897
Table 267. SHOW IP RIP INTERFACE Command ........................................................................................................ 1899
Table 268. System Monitoring Commands ..................................................................................................................... 1905
39
Tables
40
Preface
This is the command line management guide for the AT-8100 Series of
Fast Ethernet Switches. The instructions in this guide explain how to start
a management session and how to use the commands in the AlliedWare
Plus™ command line interface to view and configure the features of the
switch.
For hardware installation instructions, refer to the AT-8100L and AT-8100S
Series Fast Ethernet Switches Stand-alone Switch Installation Guide for
installing the switches as stand-alone units and the AT-8100S Fast
Ethernet Switch Stacking Installation Guide for installing the switches as a
unified, virtual switch.
This preface contains the following sections:

“Document Conventions” on page 42

“Where to Find Web-based Guides” on page 43

“Contacting Allied Telesis” on page 44
Caution
The software described in this document may contain certain
encryption/security or cryptographic functionality and for exporting
those products/software, USA export restrictions apply as per 15
C.F.R. Part 730-772 (particularly Part 740.17). At present, as per
United States of America’s export regulations our products/software
cannot be exported to Cuba, Iran, North Korea, North Sudan, or
Syria. If you wish to transfer this software outside the United States
or Canada, please refer to export regulations of USA.
41
Document Conventions
This document uses the following conventions:
Note
Notes provide additional information.
Caution
Cautions inform you that performing or omitting a specific action
may result in equipment damage or loss of data.
Warning
Warnings inform you that performing or omitting a specific action
may result in bodily injury.
42
AT-8100 Switch Command Line User’s Guide
Where to Find Web-based Guides
The installation and user guides for all of the Allied Telesis products are
available for viewing in portable document format (PDF) from our web site
at www.alliedtelesis.com/support/documentation.
43
Contacting Allied Telesis
If you need assistance with this product, you may contact Allied Telesis
technical support by going to the Support & Services section of the Allied
Telesis web site at www.alliedtelesis.com/support. You can find links
for the following services on this page:

24/7 Online Support— Enter our interactive support center to
search for answers to your product questions in our knowledge
database, to check support tickets, to learn about RMAs, and to
contact Allied Telesis experts.

USA and EMEA phone support— Select the phone number that
best fits your location and customer type.

Hardware warranty information— Learn about Allied Telesis
warranties and register your product online.

Replacement Services— Submit a Return Materials Authorization
(RMA) request via our interactive support center.

Documentation— View the most recent installation and user
guides, software release notes, white papers, and data sheets for
your products.

Software Downloads— Download the latest software releases for
your managed products.
For sales or corporate information, go to www.alliedtelesis.com/
purchase and select your region.
44
Section I
Getting Started
This section contains the following chapters:

Chapter 1, “AlliedWare Plus™ Command Line Interface” on page 47

Chapter 2, “Starting a Management Session” on page 69

Chapter 3, “Basic Command Line Management” on page 81

Chapter 4, “Basic Command Line Management Commands” on page
87

Chapter 5, “Temperature and Fan Control Overview” on page 105

Chapter 6, “Temperature and Fan Control Commands” on page 109
45
46
Chapter 1
AlliedWare Plus™ Command Line
Interface
This chapter has the following sections:

“Management Sessions” on page 48

“Management Interfaces” on page 51

“Local Manager Account” on page 52

“AlliedWare Plus™ Command Modes” on page 53

“Moving Down the Hierarchy” on page 56

“Moving Up the Hierarchy” on page 61

“Port Numbers in Commands” on page 63

“Command Format” on page 65

“Startup Messages” on page 66
47
Chapter 1: AlliedWare Plus™ Command Line Interface
Management Sessions
You can manage the switch locally or remotely. Local management is
conducted through the Console port on the switch. Remote management
is possible with a variety of management tools from workstations on your
network.
Local
Management
Local management sessions, which must be performed at the unit, hence
the name “local,” are commonly referred to as out-of-band management
because they are not conducted over your network.
The requirements for local management sessions are a terminal or a PC
with a terminal emulator program and the RS-232 console management
cable that comes with the switch. For modern PC’s without a serial port, a
USB-to-serial adapter and driver software is required.
Note
The initial management session of the switch must be from a local
management session.
Remote
Management
You can manage the switch remotely with the following software tools:

Telnet client

Secure Shell client

Secure (HTTPS) or non-secure (HTTP) web browser

SNMPv1, SNMPv2c, or SNMPv3 application
Management sessions performed with these tools are referred to as inband management because the sessions are conducted over your
network. Remote management sessions are generally more convenient
than local management session because they can be performed from any
workstation that has one of these software tools.
Table 1. Remote Software Tool Settings
Software Tool
48
Default Setting
Telnet
Enabled
Secure Shell Server
Disabled
HTTPS
Disabled
HTTP
Enabled (This tool is disabled by
a factory reset of the switch.)
AT-8100 Switch Command Line User’s Guide
To support remote management, the switch must have a management IP
address. For instructions on how to assign a management IP address to
the switch, refer to “What to Configure First” on page 74 or Chapter 1,
“AlliedWare Plus™ Command Line Interface” on page 47.
Remote Telnet Management
The switch has a Telnet server that you can use to remotely management
the unit from Telnet clients on your management workstations. Remote
Telnet sessions give you access to the same commands and the same
management functions as local management sessions.
Note
Telnet remote management sessions are conducted in clear text,
leaving them vulnerable to snooping. If an intruder captures the
packet with your login name and password, the security of the switch
will be compromised. For secure remote management, Allied Telesis
recommends Secure Shell (SSH) or secure web browser (HTTPS).
Remote Secure Shell Management
The switch has an SSH server for remote management with an SSH client
on a management workstation. This management method is similar to
Telnet management sessions in that it gives you access to the same
command line interface and the same functions, But where they differ is
SSH management sessions are secure against snooping because the
packets are encrypted, rendering them unintelligible to intruders who might
capture them.
For instructions on how to configure the switch for SSH management, refer
to Chapter 90, “Secure Shell (SSH) Server” on page 1407.
Web Browser Windows
The switch comes with a web browser server so that you can manage the
unit using a web browser on a management workstation. The switch
supports both encrypted (HTTPS) and non-encrypted (HTTP) web
browser management sessions.
Simple Network Management Protocol
The switch supports remote SNMPv1, SNMPv2c and SNMPv3
management. This form of management requires an SNMP application,
such as AT-View, and an understanding of management information base
(MIB) objects.
49
Chapter 1: AlliedWare Plus™ Command Line Interface
The switch supports the following MIBs for SNMP management:

SNMP MIB-II (RFC 1213)

Bridge MIB (RFC 1493)

Interface Group MIB (RFC 2863)

Ethernet MIB (RFC 1643)

Remote Network MIB (RFC 1757)

Allied Telesis managed switch MIBs
The Allied Telesis managed switch MIBs (atistackinfo.mib and
atistackswitch.mib) are available from the Allied Telesis web site.
50
AT-8100 Switch Command Line User’s Guide
Management Interfaces
The switch has two management interfaces:

AlliedWare Plus™ command line

Web browser windows
The AlliedWare Plus command line is available from local management
sessions and remote Telnet and Secure Shell management sessions. The
web browser windows are available from remote web browser
management sessions.
51
Chapter 1: AlliedWare Plus™ Command Line Interface
Local Manager Account
You must log on to manage the switch. This requires a valid user name
and password. The switch comes with one local manager account. The
user name of the account is “manager” and the default password is
“friend.” The user name and password are case sensitive. This account
gives you access to all management modes and commands.
The default manager account is referred to as “local” because the switch
authenticates the user name and password itself. If more manager
accounts are needed, you can add up to eight more local manager
accounts. For instructions, refer to Chapter 84, “Local Manager Accounts”
on page 1369.
Another way to create more manager accounts is to transfer the task of
authenticating the accounts to a RADIUS or TACACS+ server on your
network. For instructions, refer to Chapter 96, “RADIUS and TACACS+
Clients” on page 1469.
The initial and default switch configuration supports up to three
management sessions at one time. The number sessions can be
configured using the SERVICE MAXMANAGER command. The maximum
number of sessions is 3. See “SERVICE MAXMANAGER” on page 158.
52
AT-8100 Switch Command Line User’s Guide
AlliedWare Plus™ Command Modes
The AlliedWare Plus™ command line interface consists of a series of
modes that are arranged in the hierarchy shown in Figure 1.
Figure 1. Command Modes
The modes have different commands and support different management
functions. The only exceptions are the User Exec mode and the Privileged
Exec mode. The Privileged Exec mode contains all the same commands
as the User Exec mode, plus many more.
To perform a management function, you first have to move to the mode
that has the appropriate commands. For instance, to configure the speeds
and wiring configurations of the ports, you have to move to the Port
Interface mode because the SPEED and POLARITY commands, which
are used to configure the speed and wiring parameters, are stored in that
mode.
Some management functions require that you perform commands from
more than one mode. For instance, creating a new VLAN requires that you
first go to the VLAN Configuration mode to initially create it and then to the
Port Interface mode to designate the ports.
The modes, their command line prompts, and their functions are listed in
Table 2 on page 54.
53
Chapter 1: AlliedWare Plus™ Command Line Interface
Note
By default, the mode prompts are prefixed with the “awplus” string.
To change this string, use the HOSTNAME command. See “What to
Configure First” on page 74.
Table 2. AlliedWare Plus Modes
Mode
User Exec mode
Privileged Exec mode
Global Configuration mode
Class-map mode
54
Prompt
awplus>
awplus#
awplus (config)#
awplus (config-cmap)#
Function

Displays the switch settings.

Lists the files in the file system.

Pings remote systems.

Displays the switch settings.

Lists the files in the file system.

Pings remote systems.

Sets the date and time.

Saves the current configuration.

Downloads new versions of the
management software.

Restores the default settings.

Renames files in the file system.

Resets the switch.

Creates classifiers and access
control lists.

Creates encryption keys for remote
HTTPS and SSH management.

Activates and deactivates 802.1x
port-based network access control.

Assigns a name to the switch.

Configures IGMP snooping.

Sets the MAC address table aging
timer.

Enters static MAC addresses.

Specifies the IP address of an
SNTP server.

Configures the RADIUS client.

Sets the console timer.

Creates classifiers and flow groups
for Quality of Service policies.
AT-8100 Switch Command Line User’s Guide
Table 2. AlliedWare Plus Modes (Continued)
Mode
Console Line mode
Virtual Terminal Line mode
Prompt
awplus (config-line)#
awplus (config-line)#
Function

Sets the session timer for local
management sessions.

Activates and deactivates remote
manager authentication.

Sets the session timers for remote
Telnet and SSH management
sessions.

Activates and deactivates remote
manager authentication.
Policy Map mode
awplus (config-pmap)#

Maps flow groups to traffic classes
for Quality of Service policies.
Port Interface mode
awplus (config-if)#

Configures port settings.

Disables and enables ports.

Configures the port mirror.

Configures 802.1x port-based
network access control.

Creates static port trunks.

Adds and removes ports from
VLANs.

Creates Quality of Service policies.
Static Port Trunk Interface
mode
awplus (config-if)#

Sets the load distribution method for
static port trunks.
VLAN Configuration mode
awplus (config-vlan)#

Creates VLANs.
Class mode
awplus (config-pmapc)#

Configures traffic classes for Quality
of Service policies.
Civic Location mode
awplus (config_civic)#

Creates optional LLDP-MED civic
location entries.
Coordinate Location mode
awplus (config_coord)#

Creates optional LLDP-MED
coordinate location entries.
Router Configuration mode
awplus (config-router)#

Configures RIP.
55
Chapter 1: AlliedWare Plus™ Command Line Interface
Moving Down the Hierarchy
To move down the mode hierarchy, you have to step through each mode
in sequence. Skipping modes is not permitted.
Each mode has a different command. For instance, to move from the User
Exec mode to the Privileged Exec mode, you use the ENABLE command.
Some commands, like the INTERFACE PORT command, which is used to
enter the Port Interface mode, require a value, such as a port number, a
VLAN ID or a port trunk ID.
ENABLE
Command
You use this command to move from the User Exec mode to the
Privileged Exec mode. The format of the command is:
enable
awplus> enable
awplus#
Figure 2. ENABLE Command
CONFIGURE
TERMINAL
Command
You use this command to move from the Privileged Exec mode to the
Global Configuration mode. The format of the command is:
configure terminal
awplus> enable
awplus# configure terminal
awplus(config)#
Figure 3. CONFIGURE TERMINAL Command
CLASS-MAP
Command
You use this command to move from the Global Configuration mode to the
Class-Map mode in which you create classifiers and flow groups for
Quality of Service policies. The format of the command is:
class-map id_number
awplus(config)# class-map 256
awplus(config-cmap)#
Figure 4. CLASS-MAP Command
56
AT-8100 Switch Command Line User’s Guide
LINE CONSOLE
0 Command
You use this command to move from the Global Configuration mode to the
Console Line mode to set the management session timer and to activate
or deactivate remote authentication for local management sessions. The
mode is also used to set the baud rate of the terminal port. The format of
the command is:
line console 0
awplus(config)# line console 0
awplus(config-line)#
Figure 5. LINE CONSOLE Command
LINE VTY
Command
You use this command to move from the Global Configuration mode to the
Virtual Terminal Line mode to set the management session timer and to
activate or deactivate remote authentication of manager accounts. The
format of the command is:
line vty line_id
The range of the LINE_ID parameter is 0 to 9. For information on the VTY
lines, refer to “VTY Lines” on page 73. This example enters the Virtual
Terminal Line mode for VTY line 2:
awplus(config)# line vty 2
awplus(config-line)#
Figure 6. LINE VTY Command
POLICY-MAP
Command
You use this command to move from the Global Configuration mode to the
Policy Map mode where flow groups for Quality of Service policies are
mapped to traffic classes. The format of the command is:
policy-map id_number
This example enters the Policy Map mode for the traffic class with the ID
number 1:
awplus(config)# policy-map 1
awplus(config-pmap)#
Figure 7. POLICY-MAP Command
CLASS
Command
You use this command to move from the Policy Map mode to the Class
mode, to add flow groups to traffic classes for Quality of Service policies.
The format of the command is:
class id_number
57
Chapter 1: AlliedWare Plus™ Command Line Interface
This example adds to a traffic class a flow group with the ID number 1:
awplus(config-pmap)# class 1
awplus(config-pmap-c)#
Figure 8. CLASS Command
INTERFACE
PORT Command
You use this command to move from the Global Configuration mode to the
Port Interface mode where you configure the parameter settings of the
ports and add ports to VLANs and Quality of Service policies. The format
of the command is:
interface port
This example enters the Port Interface mode for port 21.
awplus(config)# interface port1.0.21
awplus(config-if)#
Figure 9. INTERFACE PORT Command - Single Port
You can configure more than one port at a time. This example enters the
Port Interface mode for ports 11 to 15 and 22.
awplus(config)# interface port1.0.11-port1.0.15,port1.0.22
awplus(config-if)#
Figure 10. INTERFACE PORT Command - Multiple Ports
The INTERFACE PORT command is also located in the Port Interface
mode itself, so that you do not have to return to the Global Configuration
mode to configure different ports. This example moves from the current
Port Interface mode to the Port Interface mode for ports 7 and 10.
awplus(config-if)# interface port1.0.7,port1.0.10
awplus(config-if)#
Figure 11. INTERFACE PORT Command - Moving Between Port
Interface Modes
58
AT-8100 Switch Command Line User’s Guide
VLAN
DATABASE
Command
You use this command to move from the Global Configuration mode to the
VLAN Configuration mode, which has the commands for creating VLANs.
The format of the command is:
vlan database
awplus(config)# vlan database
awplus(config-vlan)#
Figure 12. VLAN DATABASE Command
INTERFACE
VLAN Command
You use this command to move from the Global Configuration mode to the
VLAN Interface mode to assign the switch a management IP address. The
format of the command is:
interface vlanvid
The VID parameter is the ID of an existing VLAN on the switch. This
example enters the VLAN Interface mode for a VLAN that has the VID 12:
awplus(config)# interface vlan12
awplus(config-if)#
Figure 13. INTERFACE VLAN Command
Note
A VLAN must be identified in this command by its VID and not by its
name.
INTERFACE
TRUNK
Command
You use this command to move from the Global Configuration mode to the
Static Port Trunk Interface mode, to change the load distribution methods
of static port trunks. You specify a trunk by its name of “sa” followed by its
ID number. You can specify only one static port trunk at a time. The format
of the command is:
interface trunk_name
This example enters the Static Port Trunk Interface mode for trunk ID 2:
awplus(config)# interface sa2
awplus(config-if)#
Figure 14. INTERFACE TRUNK Command
59
Chapter 1: AlliedWare Plus™ Command Line Interface
LOCATION
CIVICLOCATION
Command
You use this command to move from the Global Configuration mode to the
Civic Location mode, to create LLDP civic location entries. The format of
the command is:
location civic-location id_number
This example assigns the ID number 16 to a new LLDP civic location
entry:
awplus(config)# location civic-location 16
awplus(config-civic)#
Figure 15. LLDP LOCATION CIVIC-LOCATION Command
LOCATION
COORDLOCATION
Command
You use this command to move from the Global Configuration mode to the
Coordinate Location mode, to create LLDP coordinate location entries.
The format of the command is:
location coord-location id_number
This example assigns the ID number 8 to a new LLDP coordinate location
entry:
awplus(config)# location coord-location 8
awplus(config-coord)#
Figure 16. LLDP LOCATION COORD-LOCATION Command
60
AT-8100 Switch Command Line User’s Guide
Moving Up the Hierarchy
There are four commands for moving up the mode hierarchy. They are the
EXIT, QUIT, END and DISABLE commands.
EXIT and QUIT
Commands
These commands, which are functionally identical, are found in nearly all
the modes. They move you up one level in the hierarchy, as illustrated in
Figure 17.
Figure 17. Moving Up One Mode with the EXIT and QUIT Command
END Command
After you have configured a feature, you may want to return to the
Privileged Exec mode to verify your changes with the appropriate SHOW
command. You can step back through the modes one at a time with the
EXIT or QUIT command. However, the END command is more convenient
because it moves you directly to the Privileged Exec mode from any mode
below the Global Configuration mode.
61
Chapter 1: AlliedWare Plus™ Command Line Interface
Figure 18. Returning to the Privileged Exec Mode with the END Command
DISABLE
Command
To return to the User Exec mode from the Privileged Exec mode, use the
DISABLE command.
Figure 19. Returning to the User Exec Mode with the DISABLE Command
62
AT-8100 Switch Command Line User’s Guide
Port Numbers in Commands
The ports on the switch are identified in the commands with the PORT
parameter. The parameter has the format shown in Figure 20.
Figure 20. PORT Parameter in the Command Line Interface
The variables in the parameter are defined here:

Switch ID: When configuring the ports of a stand-alone switch,
always enter 1 as the switch ID. Although stand-alone switches are
assigned the ID number 0 with the STACK command and display
that number on their Stack ID LEDs, you must specify 1 as the
switch ID number in the PORT parameter.
To configure the ports of a switch that is part of a hardware stack,
use this variable to specify its ID number, displayed on the Stack
ID LED. You may specify only one ID number.
Stand-alone
Switches

Module Slot ID: This number is used to identify a slot in a modular
switch. This number should always be 0 for AT-8100 Series
switches because they are not modular switches.

Port number: This is the port number.
The correct format of the PORT parameter for stand-alone AT-8100 Series
switches is PORT1.0.n. This example of the parameter uses the
INTERFACE PORT command to enter the Port Interface mode for ports
12 and 18:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.12,port1.0.18
You can also specify port ranges. This example displays the port settings
for ports 21 to 23:
awplus# show interface port1.0.21-port1.0.23
Note that you must include the prefix “port1.0.” in the last number of a
range.
63
Chapter 1: AlliedWare Plus™ Command Line Interface
You can also combine individual ports and port ranges in the same
command, as illustrated in these commands, which enter the Port
Interface mode for ports 5 to 11 and ports 16 and 18:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5-port1.0.11,port1.0.16,
port1.0.18
Stacks
To configure the ports on a switch in a stack, use the switch ID number in
the PORT parameter to identify the switch that has the port on which you
want to perform the command. The switch ID numbers are displayed on
the Stack ID LEDs and with the SHOW STACK in the Privileged Exec
mode.
This example uses the INTERFACE PORT command to enter the Port
Interface mode for ports 2 and 19 on a switch with ID 2:
awplus> enable
awplus# configure terminal
awplus(config)# interface port2.0.8,port2.0.19
You may use the same command to display or configure ports on different
switches in a stack. This example uses SHOW INTERFACE command to
display the status of port 4 on switch ID 1, port 2 or switch ID 2, and port 1
on switch ID 3:
awplus> enable
awplus# show interface port1.0.4,port2.0.2,port3.0.1
You may use ranges and the ranges may span switches. This example
uses a range in the SHOW SPANNING-TREE command to display the
spanning tree status of ports on two different switches. The range is from
port 11 on switch ID 1 to port 18 on switch ID 2:
awplus> enable
awplus# show spanning-tree interface port1.0.11-port2.0.18
Note
The examples of the PORT parameter in this manual assume a
stand-alone switch. Remember to use the appropriate switch ID
numbers when managing the switches of a stack.
64
AT-8100 Switch Command Line User’s Guide
Command Format
The following sections describe the command line interface features and
the command syntax conventions.
Command Line
Interface
Features
Command
Formatting
Conventions
Command
Examples
The command line interface has these features:

Command history - Use the up and down arrow keys.

Keyword abbreviations - Any keyword can be recognized by typing
an unambiguous prefix, for example, type “sh” and the software
responds with “show.”

Tab key - Pressing the Tab key fills in the rest of a keyword
automatically. For example, typing “sh” and then pressing the Tab
key enters “show” on the command line.
This manual uses the following command format conventions:

screen text font - This font illustrates the format of a command
and command examples.

[ ] - Brackets indicate optional parameters.

| - Vertical line separates parameter options for you to choose
from.

Italics - Italics indicate variables you have to provide.
Most of the command examples in this guide start at the User Exec mode
and include the navigational commands. Here is an example that creates a
new VLAN called Engineering with the VID 5:
awplus> enable
awplus# configure terminal
awplus(config)# vlan database
awplus(config-vlan)# vlan 5 name Engineering
You do not have to return to the User Exec mode when you finish a
management task. But it is a good idea to return to the Privileged Exec
mode to confirm your changes with the appropriate SHOW command,
before performing a new task.
65
Chapter 1: AlliedWare Plus™ Command Line Interface
Startup Messages
The switch generates the following series of status messages whenever it
is powered on or reset. The messages can be view on the Console port
with a terminal or a computer with a terminal emulator program.
awplus# umount: none busy - remounted read-only
umount: cannot remount rootfs read-only
umount: cannot umount /: Device or resource busy
The system is going down NOW !!
Sending SIGTERM to all processes.
Sending SIGKILL to all processes.
Requesting system reboot.
Restarting system.
/usr/bin:/bin:/usr/sbin:/sbin
Starting SNMP...
Starting MainTask...
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
System ............................
Board .............................
Serial Interface ..................
Timer Library .....................
IPC ...............................
Event Log .........................
Switch Models .....................
File System .......................
Database ..........................
Configuration .....................
AW+ CLI ...........................
Drivers ...........................
Port ..............................
Trunk .............................
Port Security .....................
LACP ..............................
PORT VLAN .........................
Port Mirroring ....................
Port Statistics ...................
Snmp Service ......................
Web Service .......................
Monitor ...........................
STP ...............................
SPANNING TREE .....................
L2_MGMT ...........................
LLDP_RX ...........................
LLDP_TX ...........................
GARP ..............................
GARP Post Init Task ...............
IGMPSnoop .........................
Figure 21. Startup Messages
66
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
AT-8100 Switch Command Line User’s Guide
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
Initializing
SYS_MGMT ..........................
SWITCH_MGMT .......................
L2APP_MGMT ........................
SNMP_MGMT .........................
Authentication ....................
TCPIP .............................
Default VLAN .....................
ENCO ..............................
PKI ...............................
PortAccess ........................
PAAcctRcv .........................
SSH ...............................
IFM ...............................
IFMV6 .............................
RTM ...............................
FTAB ..............................
ACM ...............................
DHCP Relay Task ...................
Filter ............................
L3_MGMT ...........................
L3APP_MGMT ........................
SFLOW .............................
CPU_HIST ..........................
EStacking .........................
MGMT_MGMT .........................
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
done!
Loading configuration file "boot.cfg" ....... done!
Figure 22. Startup Messages (continued)
67
Chapter 1: AlliedWare Plus™ Command Line Interface
68
Chapter 2
Starting a Management Session
This chapter has the following sections:

“Starting a Local Management Session” on page 70

“Starting a Remote Telnet or SSH Management Session” on page 72

“What to Configure First” on page 74

“Ending a Management Session” on page 79
Note
You must do the initial configuration of the switch from a local
management session.
69
Chapter 2: Starting a Management Session
Starting a Local Management Session
To start a local management session on the switch, perform the following
procedure:
1. Connect the management cable that comes with the switch to the
Console port with the RJ-45 connector, as shown in Figure 23.
The Console port is located on the front panel of the AT-8100 switch.
Figure 23. Connecting the Management Cable to the Console Port
2. Connect the other end of the cable to an RS-232 port on a terminal or
PC with a terminal emulator program.
3. Configure the terminal or terminal emulator program as follows:

Baud rate: 9600 bps (The baud rate of the Console Port is
adjustable from 1200 to 115200 bps. The default is 9600 bps.)

Data bits: 8

Parity: None

Stop bits: 1

Flow control: None
Note
The port settings are for a DEC VT100 or ANSI terminal, or an
equivalent terminal emulator program.
4. Press Enter.
You are prompted for a user name and password.
5. Enter a user name and password. If this is the initial management
session of the switch, enter “manager” as the user name “friend” as
the password. The user name and password are case sensitive.
70
AT-8100 Switch Command Line User’s Guide
The local management session has started when the AlliedWare
Plus™ command line prompt, shown in Figure 24 is displayed.
awplus>
Figure 24. AlliedWare Plus Command Line Prompt
71
Chapter 2: Starting a Management Session
Starting a Remote Telnet or SSH Management Session
Here are the requirements for remote management of the switch from a
Telnet or SSH client on your network:

You must assign the switch a management IP address. To initially
assign the switch an address, use a local management session.
For instructions, refer to “What to Configure First” on page 74 or
Chapter 13, “IPv4 and IPv6 Management Addresses” on page 291.

The workstation that has the Telnet or SSH client must be a
member of the same subnet as the management IP address on the
switch, or must have access to it through routers or other Layer 3
devices.

If the workstation with the Telnet or SSH client is not a member of
the same subnet as the management IP address, you must also
assign the switch a default gateway. This IP address needs to
specify an interface on a router or other Layer 3 routing device that
is the first hop to the subnet where the client resides. The default
gateway must be a member of the same subnet as the
management IP address. For instructions, refer to “What to
Configure First” on page 74 or Chapter 13, “IPv4 and IPv6
Management Addresses” on page 291.

For remote SSH management, you must create an encryption key
pair and configure the SSH server on the switch. For instructions,
see Chapter 90, “Secure Shell (SSH) Server” on page 1407. The
factory configuration includes a default random key. When you
initially connect to the switch, most SSH clients will flag the new
key and ask you to accept it.
To start a remote Telnet or SSH management session, perform the
following procedure:
1. In the Telnet or SSH client on your remote management workstation,
enter the management IP address of the switch.
Prompts are displayed for a user name and password.
2. Enter a user name and password of a management account on the
switch. The switch comes with one management account. The user
name is “manager” and the password is “friend“. User names and
passwords are case sensitive.
The management session starts and the command line interface
prompt is displayed, as shown in Figure 24 on page 71.
72
AT-8100 Switch Command Line User’s Guide
VTY Lines
The switch has ten VTY (virtual teletypewriter) lines. Each line supports
one remote Telnet or SSH management session. The switch allocates the
lines, which are numbered 0 to 9, in ascending order, beginning with line 0,
as remote sessions are initiated.
The VTY lines cannot be reserved for particular remote workstations
because the switch allocates them as needed. Line 0 is assigned by the
switch to a new remote session if there are no other active remote
sessions. Or, if there is already one active management session, a new
session is assigned line 1, and so on.
You can adjust these three parameters on the individual lines:

Management session timer - This timer is used by the switch to
end inactive management sessions, automatically. This protects
the switch from unauthorized changes to its configuration sessions
should you leave your workstation unattended during a
management session. For instructions on how to set this timer,
refer to “Configuring the Management Session Timers” on
page 129.

Number of SHOW command scroll lines - You can specify the
number of lines that SHOW commands display at one time on your
screen. Refer to “LENGTH” on page 100 to set this parameter.

Remote authentication of management accounts - You can toggle
on or off remote authentication of management accounts on the
individual VTY lines. Lines use local authentication when remote
authentication is turned off. For background information, refer to
Chapter 96, “RADIUS and TACACS+ Clients” on page 1469.
73
Chapter 2: Starting a Management Session
What to Configure First
Here are a few suggestions on what to configure during your initial
management session of the switch. The initial management session must
be a local management session from the Console port on the switch. For
instructions on how to start a local management session, refer to “Starting
a Local Management Session” on page 70.
Creating a Boot
Configuration
File
The first thing you should do is create a boot configuration file in the
switch’s file system and mark it as the active boot configuration file. This
file is used by the switch to store your configuration changes. It should be
noted that a boot configuration file contains only those parameter settings
that have been changed from their default values on the unit. So,
assuming the switch is just out of its shipping container, the file, when you
create it, contains about 20 lines.
The quickest and easiest way to create a new boot configuration file and
to designate it as the active file is with the BOOT CONFIG-FILE
command, located in the Global Configuration mode. Here is the format of
the command:
boot config-file filename.cfg
The name of the new boot configuration file, which is specified with the
FILENAME parameter, can be from 1 to 16 alphanumeric characters, not
including the extension “.cfg.” The filename cannot contain spaces and the
extension must be “.cfg.”
Here is an example that creates a new boot configuration file called
“switch1.cfg:”
awplus> enable
awplus# configure terminal
awplus(config)# boot config-file switch1.cfg
When you see the message “Operation successful,” the switch has
created the file and marked it as the active boot configuration file. To
confirm the creation of the file, return to the Global Configuration mode
and enter the SHOW BOOT command:
awplus(config)# exit
awplus# show boot
Figure 25 on page 75 is an example of the display.
74
AT-8100 Switch Command Line User’s Guide
Current
Current
Default
Current
software: v2.2.1.1
boot image: v2.2.1.1
boot config: boot.cfg
boot config: boot.cfg (file exists)
Figure 25. SHOW BOOT Command
The name of your new active boot configuration file is displayed in the
“Current boot config” field.
Changing the
Login Password
To protect the switch from unauthorized access, you should change the
password of the manager account. The password is set with the
USERNAME command in the Global Configuration. Here is the format of
the command.
username username password password
Both the user name and the password are case sensitive. The password
can consist of 1 to 16 alphanumeric characters including punctuation and
printable special characters. Spaces are not permitted.
This example of the command changes the password of the manager
account to “clearsky2a:
awplus> enable
awplus# configure terminal
awplus(config)# username manager password clearsky2a
Note
Write down the new password and keep it in a safe and secure
location. If you forget the manager password, you cannot manage
the switch if there are no other management accounts on the unit. In
this case, contact Allied Telesis Technical Support for assistance.
For instructions on how to create additional management accounts, refer
to Chapter 84, “Local Manager Accounts” on page 1369.
Assigning a Name
to the Switch
The switch will be easier to identify if you assign it a name. The switch’s
name is displayed in the screen banner when you log on and replaces the
“awplus” in the command line prompt.
A name is assigned to the switch with the HOSTNAME command in the
Global Configuration mode. Here is the format of the command:
hostname name
A name can consist of up to 39 alphanumeric characters. Spaces,
punctuation, special characters, and quotation marks are not permitted.
75
Chapter 2: Starting a Management Session
This example assigns the name “Engineering_sw2” to the switch:
awplus> enable
awplus# configure terminal
awplus(config)# hostname Engineering_sw2
Engineering_sw2(config)#
Adding a
Management IP
Address
You must assign the switch a management IP address to use the features
in Table 27 on page 292. Here are the requirements:

You can assign multiple IPv4 addresses to VLANs on the switch,
including the Default_VLAN. Then you can use any of these IPv4
addresses to manage the switch.

You can assign only one IPv6 address to a VLAN on the switch.
Then you must use this IPv6 address to manage the switch.

A management IP address must be assigned to a VLAN on the
switch. It can be any VLAN, including the Default_VLAN. For
background information on VLANs, refer to Chapter 60, “Portbased and Tagged VLANs” on page 899.

The network devices (that is, syslog servers, TFTP servers, etc.)
must be members of the same subnet as a management IP
address or have access to it through the default gateway.

The switch must also have a default gateway if the network
devices are not members of the same subnet as the management
IP address. The default gateway specifies the IP address of a
router interface that represents the first hop to the subnets or
networks of the network devices.

A default gateway address, if needed, must be a member of the
same subnet as a management IP address.

The switch can have one IPv4 default gateway and one IPv6
gateway.
Note
The following examples illustrate how to assign a management IPv4
address to the switch. For instructions on how to assign an IPv6
address, refer to Chapter 13, “IPv4 and IPv6 Management
Addresses” on page 291.
The IP ADDRESS command in the VLAN Interface mode command adds
a management IPv4 address to the switch. This example of the command
assigns the management IPv4 address 149.82.112.72 and a subnet mask
of 255.255.255.0 to the Default_VLAN, which has the VID 1. The switch is
also assigned the default gateway 149.82.112.18:
76
AT-8100 Switch Command Line User’s Guide
Table 3. Adding a Management Address: Example 1
awplus> enable
Move to the Privileged Exec mode.
awplus# configure terminal
Move to the Global Configuration mode.
awplus(config)# interface vlan1
Use the INTERFACE VLAN command to
move to the VLAN Interface mode of the
Default_VLAN.
awplus(config-if)# ip address
149.82.112.72/24
Assign the management IPv4 address to
the switch using the IP ADDRESS
command. The mask is a decimal number
that represents the number of bits, from
left to right, that constitute the network
portion of the address. For example, the
decimal masks 16 and 24 are equivalent
to masks 255.255.0.0 and 255.255.255.0,
respectively.
awplus(config-if)# exit
Return to the Global Configuration mode.
awplus(config)# ip route 0.0.0.0/0
149.82.112.18
Assign the default gateway to the switch
using the IP ROUTE command.
awplus(config)# exit
Return to the Privileged Exec mode.
awplus# show ip route
Verify the new management IPv4 address
and default gateway with the SHOW IP
ROUTE command.
This example assigns the management IPv4 address to a new VLAN
called Tech_Support, with the VID 5. The VLAN will consist of the
untagged ports 5,6, and 23. The management IPv4 address and default
route of the switch will be assigned by a DHCP server on the network:
Table 4. Adding a Management IP Address: Example 2
awplus> enable
Move to the Privileged Exec mode.
awplus# configure terminal
Move to the Global Configuration mode.
awplus(config)# vlan database
Enter the VLAN Configuration mode.
awplus(config-if)# vlan 5 name Tech_Support
Create the new VLAN with the VLAN
command.
awplus(config-if)# exit
Return to the Global Configuration mode.
awplus(config)# interface port1.0.5,
port1.0.6,port1.0.23
Enter the Port Interface mode for ports 5,
6, and 23.
77
Chapter 2: Starting a Management Session
Table 4. Adding a Management IP Address: Example 2
awplus(config-if)# switchport access vlan 5
Add the ports as untagged ports to the
VLAN with the SWITCHPORT ACCESS
VLAN command.
awplus(config-if)# exit
Return to the Global Configuration mode.
awplus(config)# interface vlan5
Use the INTERFACE VLAN command to
move to the VLAN Interface mode of
VLAN 5.
awplus(config-if)# ip address dhcp
Activate the DHCP client on the switch
with the IP ADDRESS DHCP command.
awplus(config-if)# end
Return to the Global Configuration mode.
awplus# show ip interface
Verify the management IP address on the
switch.
awplus# show ip route
Verify the new management IPv4 address
and default gateway.
Saving Your
Changes
To permanently save your changes in the active boot configuration file,
use the WRITE command in the Privileged Exec mode:
awplus# write
You can also update the active configuration file with the COPY
RUNNING-CONFIG STARTUP-CONFIG command, also located in the
Global Configuration mode. It’s just more to type.
78
AT-8100 Switch Command Line User’s Guide
Ending a Management Session
To end a management session, go to either the Privileged Exec mode or
the User Exec mode. From the Privileged Exec mode, enter either the
EXIT or LOGOUT to end a management session:
awplus# exit
or
awplus# logout
From the User Exec mode, enter either the EXIT or LOGOUT command to
end a management session:
awplus> exit
or
awplus> logout
79
Chapter 2: Starting a Management Session
80
Chapter 3
Basic Command Line Management
This chapter contains the following sections:

“Clearing the Screen” on page 82

“Displaying the On-line Help” on page 83

“Saving Your Configuration Changes” on page 85

“Ending a Management Session” on page 86
81
Chapter 3: Basic Command Line Management
Clearing the Screen
If your screen becomes cluttered with commands, you can start fresh by
entering the CLEAR SCREEN command in the User Exec or Privileged
Exec mode. If you’re in a lower mode, you have to move up the mode
hierarchy to one of these modes to use the command. Here’s an example
of the command from the Port Interface mode:
awplus(config-if)# end
awplus# clear screen
82
AT-8100 Switch Command Line User’s Guide
Displaying the On-line Help
The command line interface has an on-line help system to assist you with
the commands. The help system is displayed by typing a question mark.
Typing a question mark at a command line prompt displays all the
keywords in the current mode. This example displays all the keywords in
the VLAN Configuration mode.
awplus> enable
awplus# configure terminal
awplus(config)# vlan database
awplus(config-vlan)# ?
convert
Convert vlan
do
To run exec commands in config mode
end
End current mode and down to privileged mode
exit
End current mode and down to previous mode
help
Description of the interactive help system
no
Negate a command or set its defaults
private-vlan
Private-vlan
quit
End current mode and down to previous mode
vlan
Add, delete, or modify values associated
with a single VLAN
Figure 26. Displaying the Keywords of a Mode
Typing a question mark after a keyword displays any additional keywords
or parameters. This example displays the available parameters for the
FLOWCONTROL command in the Port Interface mode.
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5
awplus(config-vlan)# flowcontrol ?
both
Flow control on send and receive
receive
Flow control on receive
send
Flow control on send
Figure 27. Displaying Subsequent Keywords of a Keyword
Note
You must type a space between the keyword and the question mark.
Otherwise, the on-line help system simply displays the previous
keyword.
Typing a question mark at the point in a command where a value is
required displays a value’s class (that is, integer, string, etc.). The example
in Figure 28 on page 84 displays the class of the value for the
HOSTNAME command in the Global Configuration mode.
83
Chapter 3: Basic Command Line Management
awplus> enable
awplus# configure terminal
awplus(config)# hostname ?
<STRING:sysName>
Figure 28. Displaying the Class of a Parameter
84
AT-8100 Switch Command Line User’s Guide
Saving Your Configuration Changes
To permanently save your changes to the parameter settings on the
switch, you must update the active boot configuration file. This is
accomplished with either the WRITE command or the COPY RUNNINGCONFIG STARTUP-CONFIG command, both of which are found in the
Privileged Exec mode. When you enter either of these command, the
switch copies its running configuration into the active boot configuration
file for permanent storage.
To update the active configuration file, enter:
awplus# write
or
awplus# copy running-config startup-config
Note
Parameter changes that are not saved in the active boot
configuration file are discarded when the switch is powered off or
reset.
85
Chapter 3: Basic Command Line Management
Ending a Management Session
To end a management session, go to either the Privileged Exec mode or
the User Exec mode. From the Privileged Exec mode, enter either the
EXIT or LOGOUT to end a management session:
awplus# exit
or
awplus# logout
From the User Exec mode, enter either the EXIT or LOGOUT command to
end a management session:
awplus> exit
or
awplus> logout
86
Chapter 4
Basic Command Line Management
Commands
The basic command line commands are summarized in Table 5.
Table 5. Basic Command Line Commands
Command
Mode
Description
“? (Question Mark Key)” on page 89
All modes
Displays the on-line help.
“CLEAR SCREEN” on page 91
User Exec and
Privileged Exec
Clears the screen.
“CONFIGURE TERMINAL” on
page 92
Privileged Exec
Moves you from the Privileged Exec
mode to the Global Configuration
mode.
“COPY RUNNING-CONFIG
STARTUP-CONFIG” on page 93
Privileged Exec
Updates the active boot configuration
file with the current settings from the
switch.
“DISABLE” on page 94
Privileged Exec
Returns you to the User Exec mode
from the Privileged Exec mode.
“DO” on page 95
Global
Configuration
Performs Privileged Exec mode
commands from the Global
Configuration mode.
“ENABLE” on page 97
User Exec
Moves you from the User Exec mode
to the Privileged Exec mode.
“END” on page 98
All modes
below the
Global
Configuration
mode
Returns you to the Privileged Exec
mode.
“EXIT” on page 99
All modes
except the User
Exec and
Privileged Exec
Moves you up one mode.
“LENGTH” on page 100
Console Line
and Virtual
Terminal Line
Specifies the maximum number of
lines the SHOW commands display at
one time on the screen.
“LOGOUT” on page 102
User Exec
Ends a management session.
87
Chapter 4: Basic Command Line Management Commands
Table 5. Basic Command Line Commands (Continued)
Command
Mode
Description
“QUIT” on page 103
All modes
except the User
Exec and
Privileged Exec
Moves you up one mode.
“WRITE” on page 104
Privileged Exec
Updates the active boot configuration
file with the current settings of the
switch.
88
AT-8100 Switch Command Line User’s Guide
? (Question Mark Key)
Syntax
?
Parameters
None
Modes
All modes
Description
Use the question mark key to display on-line help messages. Typing the
key at different points in a command displays different messages:

Typing “?” at a command line prompt displays all the keywords in
the current mode.

Typing “?” after a keyword displays the available parameters.
Note
You must type a space between a keyword and the question mark.
Otherwise, the on-line help returns the previous keyword.

Typing “?” after a keyword or parameter that requires a value
displays a value’s class (i.e. integer, string, etc.).
Examples
This example displays all the keywords in the Port Interface mode for port
4:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.4
awplus(config-if)# ?
This example displays the parameters for the SHOW keyword in the User
Exec mode and the Privileged Exec mode:
awplus> enable
awplus# show ?
89
Chapter 4: Basic Command Line Management Commands
This example displays the class of the value for the SPANNING-TREE
HELLO-TIME command in the Global Configuration mode:
awplus> enable
awplus# configure terminal
awplus(config)# spanning-tree hello-time ?
90
AT-8100 Switch Command Line User’s Guide
CLEAR SCREEN
Syntax
clear screen
Parameters
None
Modes
User Exec and Privileged Exec modes
Description
Use this command to clear the screen.
Example
awplus# clear screen
91
Chapter 4: Basic Command Line Management Commands
CONFIGURE TERMINAL
Syntax
configure terminal
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to move from the Privileged Exec mode to the Global
Configuration mode.
Example
awplus# configure terminal
awplus(config)#
92
AT-8100 Switch Command Line User’s Guide
COPY RUNNING-CONFIG STARTUP-CONFIG
Syntax
copy running-config startup-config
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to update the active boot configuration file with the
switch’s current configuration, for permanent storage. When you enter the
command, the switch copies its parameter settings into the active boot
configuration file. The switch saves only those parameters that are not at
their default settings.
Note
Parameter changes that are not saved in the active boot
configuration file are discarded when the switch is powered off or
reset.
To view the name of the active boot configuration file, see “SHOW BOOT”
on page 566.
This command is equivalent to “WRITE” on page 104.
Example
awplus# copy running-config startup-config
93
Chapter 4: Basic Command Line Management Commands
DISABLE
Syntax
disable
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to return to the User Exec mode from the Privileged
Exec mode.
Example
The following command returns the software to the User Exec mode:
awplus# disable
awplus>
94
AT-8100 Switch Command Line User’s Guide
DO
Syntax
do command
Parameter
command
Specifies the Privileged Exec mode command to perform. Refer to
the Description for the list of supported commands.
Mode
Global Configuration mode
Description
Use this command to perform Privileged Exec mode commands from the
Global Configuration mode. You may use the command to perform some,
but not all, of the Privileged Exec mode commands. Here are the only
Privileged Exec mode commands that are supported with the DO
command:

ERASE STARTUP-CONFIG

PING

REBOOT

RELOAD

SHOW INTERFACE

SHOW INTERFACE STATUS

SHOW IP IGMP

SHOW IP IGMP HOSTLIST

SHOW IP IGMP ROUTERLIST

SHOW IP IGMP SNOOPING

SHOW IP INTERFACE

SHOW IP ROUTE

SHOW IPV6 INTERFACE

SHOW MAC ADDRESS-TABLE

SHOW RUNNING-CONFIG

SHOW SPANNING-TREE
95
Chapter 4: Basic Command Line Management Commands

SHOW SYSTEM

WRITE
Examples
This example performs the SHOW INTERFACE command for port 4 from
the Global Configuration mode:
awplus(config)# do show interface port1.0.4
This example pings a network device:
awplus(config)# do ping 149.11.123.45
96
AT-8100 Switch Command Line User’s Guide
ENABLE
Syntax
enable
Parameters
None
Mode
User Exec mode
Description
Use this command to move from the User Exec mode to the Privileged
Exec mode.
Example
The following command moves the prompt from the User Exec mode to
the Privileged Exec mode:
awplus> enable
awplus#
97
Chapter 4: Basic Command Line Management Commands
END
Syntax
end
Parameters
None
Mode
All modes below the Global Configuration mode.
Description
Use this command to return to the Privileged Exec mode.
Example
The following command returns the prompt to the Privileged Exec mode:
awplus(config-if)# end
awplus#
98
AT-8100 Switch Command Line User’s Guide
EXIT
Syntax
exit
Parameters
None
Mode
All modes
Description
Use this command to move down one mode in the mode hierarchy in all
modes except the User Exec and Privileged Exec modes. Using the EXIT
command in the User Exec and Privileged Exec modes terminates the
management session.
Example
The following example moves the prompt from the Global Configuration
mode to the Privileged Exec mode:
awplus(config)# exit
awplus#
99
Chapter 4: Basic Command Line Management Commands
LENGTH
Syntax
length value
Parameters
value
Specifies the maximum number of lines that the SHOW commands
display at one time on the screen. The range is 0 to 512 lines. Use
the value 0 if you do not want the SHOW commands to pause.
Mode
Console Line and Virtual Terminal Line modes
Description
Use this command to specify the maximum number of lines the SHOW
commands display at one time on the screen during local or remote
management sessions. You can set different values for the local and
remote management methods. To set this parameter for local
management sessions, enter the command in the Console Line mode. To
set this parameter for the ten VTY lines for remote Telnet and SSH
sessions, enter the same command in the Virtual Terminal Line modes.
Each VTY line can have a different setting.
The default value is 20 lines for the console port. For the VTY lines, the
default value is negotiated with the VTY ports.
Examples
This example sets the maximum number of lines to 25 for local
management sessions:
awplus> enable
awplus# configure terminal
awplus(config)# line console 0
awplus(config-line)# length 25
This example sets the maximum number of lines to 15 for VTY line 0:
awplus> enable
awplus# configure terminal
awplus(config)# line vty 0
awplus(config-line)# length 15
100
AT-8100 Switch Command Line User’s Guide
This example returns the number of lines to the default setting for local
management sessions:
awplus> enable
awplus# configure terminal
awplus(config)# line console 0
awplus(config-line)# no length
101
Chapter 4: Basic Command Line Management Commands
LOGOUT
Syntax
logout
Parameters
None
Mode
User Exec and Privileged Exec modes
Description
Use this command to end a management session.
Note
Entering the EXIT command in either the User Exec or Privileged
Exec mode also ends a management session.
Example
This example shows the sequence of commands to logout starting from
the Global Configuration mode:
awplus(config)# exit
awplus# disable
awplus> logout
102
AT-8100 Switch Command Line User’s Guide
QUIT
Syntax
quit
Parameters
None
Mode
All modes except the User Exec and Privileged Exec modes.
Description
Use this command to move up one mode in the mode hierarchy. This
command is almost identical to the EXIT command. The difference is that
unlike the EXIT command, the QUIT command cannot be used to end a
management session.
Example
This example uses the QUIT command to return to the Privileged Exec
mode from the Global Configuration mode:
awplus(config)# quit
awplus#
103
Chapter 4: Basic Command Line Management Commands
WRITE
Syntax
write
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to update the active boot configuration file with the
switch’s current configuration, for permanent storage. When you enter the
command, the switch copies its parameter settings into the active boot
configuration file. The switch saves only those parameters that are not at
their default settings.
Note
Parameter changes that are not saved in the active boot
configuration file are discarded when the switch is powered off or
reset.
To view the name of the active boot configuration file, see “SHOW BOOT”
on page 566.
This command is equivalent to “COPY RUNNING-CONFIG STARTUPCONFIG” on page 93.
Example
awplus# write
104
Chapter 5
Temperature and Fan Control Overview

“Overview” on page 106

“Displaying the System Environmental Status” on page 107

“Controlling Eco-Mode LED” on page 108
105
Chapter 5: Temperature and Fan Control Overview
Overview
The switch monitors the environmental status, such as temperature and
voltage, and the status of fan modules. Checking these information helps
you to identify potential hardware issues before they become problems.
To check the switch’s environmental and saving energy status, and turn
on and off the port LEDs, use the following commands:
106

“ECOFRIENDLY LED” on page 110

“NO ECOFRIENDLY LED” on page 111

“SHOW ECOFRIENDLY” on page 112

“SHOW SYSTEM ENVIRONMENT” on page 113
AT-8100 Switch Command Line User’s Guide
Displaying the System Environmental Status
The switch monitors the environmental status of the switch and any
attached PSU, XEM, or expansion option. The environmental status
covers information about temperatures, fans, and voltage. To display this
information, go to User Exec or Privileged Exec mode and enter the
command:
awplus# show system environment
Figure 29 shows an example of the information the command displays.
The columns are described in “SHOW SYSTEM ENVIRONMENT” on
page 113.
Environment Monitoring Status
-------------------------------------------------------Switch Model: AT-8100S/24POE
-------------------------------------------------------ID Sensor (Units)
Reading Status
-------------------------------------------------------0 Temp (Degrees C)
37
Normal
1
Fan 1 (RPM)
3467
Normal
2
PSU 1
On
Normal
3
PSU 2
Off
Off
--------------------------------------------------------
Figure 29. SHOW SYSTEM ENVIRONMENT Command
Note
Switches that do not contain fan controllers will not display
temperature readings.
107
Chapter 5: Temperature and Fan Control Overview
Controlling Eco-Mode LED
AlliedWare Plus products provide an Eco-Mode LED control to conserve
additional power on the port LEDs. The Eco-Mode LED is an eco-friendly
feature that turns off the port LEDs when they are not necessary. To
enable Eco-Mode LED control, enter the command:
awplus(config)# ecofriendly led
To disable Eco-Mode LED control,
awplus(config)# no ecofriendly led
108
Chapter 6
Temperature and Fan Control
Commands
The temperature and fan control commands are summarized in Table 6.
Table 6. Temperature and Fan Control Commands
Command
Mode
Description
“ECOFRIENDLY LED” on page 110
Global
Configuration
Turns off the port LEDs on the switch
to save power.
“NO ECOFRIENDLY LED” on
page 111
Global
Configuration
Turns on the port LEDs on the switch.
“SHOW ECOFRIENDLY” on page 112
Privileged Exec
Displays the power saving status of
the port LEDs.
“SHOW SYSTEM ENVIRONMENT”
on page 113
Privileged Exec
Displays the environmental
information for the switch, such as
temperatures, voltage, and fan status.
109
Chapter 6: Temperature and Fan Control Commands
ECOFRIENDLY LED
Syntax
ecofriendly led
Parameters
None
Mode
Global Configuration mode
Description
Use this command to turn off the port LEDs on the switch to save power.
Confirmation Command
“SHOW ECOFRIENDLY” on page 112
Example
awplus# ecofriendly led
110
AT-8100 Switch Command Line User’s Guide
NO ECOFRIENDLY LED
Syntax
no ecofriendly led
Parameters
None
Mode
Global Configuration mode
Description
Use this command to turn on the port LEDs on the switch.
Confirmation Command
“SHOW ECOFRIENDLY” on page 112
Example
The following command turns on the port LEDs on the switch:
awplus# no ecofriendly led
111
Chapter 6: Temperature and Fan Control Commands
SHOW ECOFRIENDLY
Syntax
show ecofriendly
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the power saving status of the port LEDs. An
example of the information the command displays is shown in Figure 30.
Front panel port LEDs: on
Figure 30. SHOW ECOFRIENDLY Command
Example
The following example displays the power saving status of the port LEDs:
awplus# show ecofriendly
112
AT-8100 Switch Command Line User’s Guide
SHOW SYSTEM ENVIRONMENT
Syntax
show system environment
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the environmental information for the switch.
When the command is entered on the stack master, it displays the
information for all the stack members.
Figure 31 shows an example of the information that the command displays
when the switch is a stand-alone.
Environment Monitoring Status
-------------------------------------------------------Switch Model: AT-8100S/24POE
-------------------------------------------------------ID Sensor (Units)
Reading Status
-------------------------------------------------------0 Temp (Degrees C)
37
Normal
1
Fan 1 (RPM)
3467
Normal
2
PSU 1
On
Normal
3
PSU 2
Off
Off
--------------------------------------------------------
Figure 31. SHOW SYSTEM ENVIRONMENT Command
113
Chapter 6: Temperature and Fan Control Commands
Figure 32 shows an example of the information that the command displays
when the switch is a stack master.
Environment Monitoring Status
---------------------------------------------------------------Switch Model: AT-8100S/24
Stack Member Type: Master
---------------------------------------------------------------ID Sensor (Units)
Reading
Status
---------------------------------------------------------------0 PSU 1
On
Normal
1 PSU 2
Off
Off
------------------------------------------------------------------------------------------------------------------------------Switch Model: AT-8100S/16F8-SC
Stack Member Type: Slave 3
---------------------------------------------------------------ID Sensor (Units)
Reading
Status
---------------------------------------------------------------0 Temp (Degrees C)
37
Normal
1
Fan 1 (RPM)
3467
Normal
2
PSU 1
On
Normal
3
PSU 2
Off
Off
Figure 32. SHOW SYSTEM ENVIRONMENT Command
The columns in the display are described here:
Table 7. SHOW SYSTEM ENVIRONMENT Command
Parameter
114
Description
Switch Model
Indicates a model name of the switch.
Stack Member Type
Indicates a role of the switch as a stacking
member. This parameter is only
applicable for a stacking member.
ID
Indicates the ID number of an item.
Sensor (Units)
Indicates an item on the switch, such as
temperature, fan, or power supply unit
(PSU).
Reading
Indicates the current reading of the item.
Status
Indicates the status of the item.
AT-8100 Switch Command Line User’s Guide
Example
The following example displays environmental information for the switch:
awplus# show system environment
115
Chapter 6: Temperature and Fan Control Commands
116
Section II
Basic Operations
This section contains the following chapters:

Chapter 7, “Basic Switch Management” on page 119

Chapter 8, “Basic Switch Management Commands” on page 135

Chapter 9, “Port Parameters” on page 175

Chapter 10, “Port Parameter Commands” on page 195

Chapter 11, ”Power Over Ethernet” on page 249

Chapter 12, ”Power Over Ethernet Commands” on page 261

Chapter 13, “IPv4 and IPv6 Management Addresses” on page 291

Chapter 14, “IPv4 and IPv6 Management Address Commands” on
page 305

Chapter 15, “Simple Network Time Protocol (SNTP) Client” on page
329

Chapter 16, “SNTP Client Commands” on page 337

Chapter 17, “Domain Name System (DNS)” on page 349

Chapter 18, “Domain Name System (DNS) Commands” on page 357

Chapter 19, “MAC Address Table” on page 367

Chapter 20, “MAC Address Table Commands” on page 377

Chapter 21, “Hardware Stacking” on page 389

Chapter 22, “Stacking Commands” on page 403

Chapter 23, “Enhanced Stacking” on page 409

Chapter 24, “Enhanced Stacking Commands” on page 433

Chapter 25, “Link-flap Protection” on page 449

Chapter 26, “Link-flap Protection Commands” on page 453

Chapter 27, “Port Mirror” on page 459

Chapter 28, “Port Mirror Commands” on page 467

Chapter 29, “DHCP Relay Overview” on page 475

Chapter 30, “DHCP Relay Commands” on page 487

Chapter 31, “Group Link Control” on page 505

Chapter 32, “Group Link Control Commands” on page 519

Chapter 33, “Multicast Commands” on page 529
117
118
Chapter 7
Basic Switch Management
This chapter contains the following:

“Adding a Name to the Switch” on page 120

“Adding Contact and Location Information” on page 121

“Displaying Parameter Settings” on page 122

“Manually Setting the Date and Time” on page 123

“Pinging Network Devices” on page 124

“Resetting the Switch” on page 125

“Restoring the Default Settings to the Switch” on page 126

“Setting the Baud Rate of the Console Port” on page 128

“Configuring the Management Session Timers” on page 129

“Setting the Maximum Number of Manager Sessions” on page 131

“Configuring the Banners” on page 132
119
Chapter 7: Basic Switch Management
Adding a Name to the Switch
The switch will be easier to identify if you assign it a name. The switch
displays its name in the command line prompt, in place of the default
prefix “awplus.”
To assign the switch a name, use the HOSTNAME command in the Global
Configuration mode. A name can consist of up to 39 alphanumeric
characters. Spaces, punctuation, special characters, and quotation marks
are not permitted.
This example assigns the name Switch12 to the switch:
awplus> enable
awplus# configure terminal
awplus(config)# hostname Switch12
Switch12(config)#
To remove the current name without assigning a new name, use the NO
HOSTNAME command:
Unit2b_bld4> enable
Unit2b_bld4# configure terminal
Unit2b_bld4(config)# no hostname
awplus(config)#
For reference information, refer to “HOSTNAME” on page 149 and “NO
HOSTNAME” on page 152.
120
AT-8100 Switch Command Line User’s Guide
Adding Contact and Location Information
The commands for assigning the switch contact and location information
are the SNMP-SERVER CONTACT and SNMP-SERVER LOCATION
commands, both of which are found in the Global Configuration mode.
Here are the formats of the commands:
snmp-server contact contact
snmp-server location location
The variables can be from 1 to 255 alphanumeric characters in length.
Spaces and special characters are allowed.
To view the information, use the SHOW SYSTEM command in the User
Exec and Privileged Exec modes.
Here is an example that assigns the switch this contact and location
information:

Contact: JordanB

Location: 123_Westside_Dr_room_45
awplus> enable
awplus# configure terminal
awplus(config)# snmp-server contact JordanB
awplus(config)# snmp-server location 123_Westside_Dr_room_45
To remove the contact or location information without adding new
information, use the NO form of the commands. This example removes the
location information:
awplus> enable
awplus# configure terminal
awplus(config)# no snmp-server location
121
Chapter 7: Basic Switch Management
Displaying Parameter Settings
To display the current parameter settings on the switch, use the SHOW
RUNNING-CONFIG command in the Privileged Exec mode. The settings,
which are displayed in their equivalent command line commands, are
limited to just those parameters that have been changed from their default
values. The information includes new settings that have yet to be saved in
the active boot configuration file. Here is the command:
awplus# show running-config
For reference information, refer to “SHOW RUNNING-CONFIG” on
page 162.
122
AT-8100 Switch Command Line User’s Guide
Manually Setting the Date and Time
To manually set the date and time on the switch, use the CLOCK SET
command in the Privileged Exec mode. Here is the format of the
command:
clock set hh:mm:ss dd mmm yyyy
Here are the variables:

hh:mm:ss: Use this variable to specify the hour, minute, and second
for the switch’s time in 24-hour format.

dd: Use this variable to specify the day of the month.

mmm: Use this variable to specify the month. The month is
specified by its first three letters. For example, June is Jun. The
first letter must be uppercase and the second and third letters
lowercase.

yyyy: Use this variable to specify the year. The year must be
specified in four digits (for example, 2011 or 2012).
The command has to include both the date and time. This example sets
the time to 4:11 pm and the date to January 4, 2011:
awplus> enable
awplus# clock set 16:11:0 4 Jan 2011
To display the date and time, use the SHOW CLOCK command in the
User Exec or Privileged Exec mode.
awplus# show clock
For reference information, refer to “CLOCK SET” on page 144 and
“SHOW CLOCK” on page 161.
Note
The date and time, when set manually, are not retained by the
switch when it is reset or power cycled.
123
Chapter 7: Basic Switch Management
Pinging Network Devices
If the switch is unable to communicate with a network device, such as a
syslog server or a TFTP server, you can test for an active link between the
two devices by instructing the switch to send ICMP Echo Requests and to
listen for replies sent back from the other device. This is accomplished
with the PING command in the Privileged Exec mode.
This command instructs the switch to send ICMP Echo Requests to a
network device known by the IP address 149.122.14.15
awplus> enable
awplus# ping 149.122.14.15
The results of the ping are displayed on the screen.
Note
To send ICMP Echo Requests, the switch must have a management
IP address. For instructions, refer to Chapter 13, “IPv4 and IPv6
Management Addresses” on page 291.
Note
The switch sends the ICMP Echo Requests from the ports of the
VLAN assigned the management IP address. The device the switch
is pinging must be a member of that VLAN or must be accessible
through routers or other Layer 3 devices.
For reference information, refer to “PING” on page 153.
124
AT-8100 Switch Command Line User’s Guide
Resetting the Switch
To reset the switch, use either the REBOOT or RELOAD command in the
Privileged Exec mode. You might reset the switch if it is experiencing a problem
or if you want to reconfigure its settings after designating a new active boot
configuration file. The commands display a confirmation prompt.
Caution
The switch will not forward network traffic while it initializes its
management software. Some network traffic may be lost. The reset can
take from thirty seconds to two minutes, depending on the number and
complexity of the commands in the active boot configuration file.
Note
Any configuration changes that have not been saved in the active boot
configuration file are discarded when you reset the switch. To save your
changes, use the WRITE or COPY RUNNING-CONFIG STARTUPCONFIG command in the Privileged Exec mode.
To reset the switch with the REBOOT command:
awplus> enable
awplus# reboot
reboot switch? (y/n): y
To reset the switch with the RELOAD command:
awplus> enable
awplus# reload
reboot switch? (y/n): y
To resume managing the switch, wait for the switch to initialize its management
software and then start a new management session.
For reference information, refer to “REBOOT” on page 156 and “RELOAD” on
page 157.
125
Chapter 7: Basic Switch Management
Restoring the Default Settings to the Switch
To restore the default settings to the switch, delete or rename the active
boot configuration file and then reset the unit. Without an active boot
configuration file, the switch will use the default parameter settings after it
initializes the management software.
Caution
Restoring the default settings requires that you reset the switch. The
unit will not forward network traffic while it initializes the
management software. Some network traffic may be lost.
There are two ways to delete the active boot configuration file. One way is
with the DELETE command in the Privileged Exec mode. Here is the
format of the command:
delete filename.cfg
This example deletes the active boot configuration file “Sales_unit.cfg”
and resets the switch:
awplus> enable
awplus# delete Sales_unit.cfg
awplus# reboot
reboot switch? (y/n): y
If you do not know the name of the active boot configuration file, you can
display it with the SHOW BOOT command in the Privileged Exec mode.
Figure 33 is an example of what is displayed:
Current
Current
Default
Current
software
:
boot image :
boot config:
boot config:
v1.0.0
v1.0.0
/cfg/boot.cfg
/cfg/switch2.cfg (file exists)
Figure 33. SHOW BOOT Command
The active boot configuration file is identified in the “Current boot config”
field.
126
AT-8100 Switch Command Line User’s Guide
Another way to delete the file is with the ERASE STARTUP-CONFIG
command, also in the Privileged Exec mode. The advantage of this
command over the DELETE command is that you don’t have to know the
name of the active boot configuration file. When you enter the command, a
confirmation prompt is displayed. If you enter “Y” for yes, the switch
automatically deletes the active boot configuration file from the file system.
Afterwards, you can reset the switch with the REBOOT command so that it
restores the default settings.
Here is the sequence of commands and messages:
awplus> enable
awplus# erase startup-config
erase start-up config? (y/n):y
Deleting..
Successful Operation
awplus# reboot
reboot switch? (y/n): y
If you prefer to keep the active boot configuration file, you can rename it
with the MOVE command in the Privileged Exec mode, and then reset the
switch. Here is the format of the MOVE command:
move filename1.cfg filename2.cfg
The FILENAME1 parameter is the name of the configuration file you want
to rename. The FILENAME2 parameter is the file’s new name. The
extensions of the files must be “.cfg”. For example, if the name of the
active boot configuration file is “Sales_unit.cfg,” these commands rename
it to “Sales_unit_backup.cfg” and reset the switch:
awplus> enable
awplus# move Sales_unit.cfg Sales_unit_backup.cfg
awplus# reboot
reboot switch? (y/n): y
To resume managing the switch after restoring the default settings, you
must establish a local management session from the Console port.
Remote management is not possible because the switch will not have a
management IP address.
Note
For instructions on how to create a new boot configuration file, refer
to Chapter 36, “Boot Configuration Files” on page 553.
127
Chapter 7: Basic Switch Management
Setting the Baud Rate of the Console Port
The Console port is used for local management of the switch. To set its
baud rate, use the BAUD-RATE SET command in the Global
Configuration mode.
Note
If you change the baud rate of the Console port during a local
management session, your session is interrupted. To resume the
session you must change the speed of the terminal or the terminal
emulator program to match the new speed of the serial terminal port
on the switch.
This example sets the baud rate of the Console port on the switch to
57600 bps:
awplus> enable
awplus# configure terminal
awplus(config-conf)# baud-rate set 57600
To display the current settings of the Console port, use the SHOW BAUDRATE command in the User Exec or Privileged Exec mode. Here is the
command:
awplus# show baud-rate
Here is an example of the information.
Asynchronous Port (Console) Information:
Baud Rate .................... 9600
Parity ....................... User Configured
Data bits .................... 0
Stop bits .................... 1
Figure 34. SHOW BAUD-RATE Command
Note
The baud rate is the only adjustable parameter on the Console port.
For reference information, refer to “BAUD-RATE SET” on page 143 and
“SHOW BAUD-RATE” on page 160.
128
AT-8100 Switch Command Line User’s Guide
Configuring the Management Session Timers
You should always conclude a management session by logging off so that
if you leave your workstation unattended, someone cannot use it to
change the switch’s configuration. If you forget to log off, the switch has
management session timers that detect and log off inactive local and
remote management sessions automatically. A session is deemed inactive
when there is no management activity for the duration of the
corresponding timer.
There are different timers for the different types of management sessions.
There is one timer for local management sessions, which are conducted
through the Console port, and ten timers for each supported VTY line, for
remote Telnet and SSH management sessions.
The command for setting the timers is the EXEC-TIMEOUT command.
You enter this command in different modes depending on the timer you
want to set. The timer for local management sessions is set in the Line
Console mode, which is accessed using the LINE CONSOLE 0 command
from the Global Configuration mode. This example of the commands sets
the timer for local management sessions on the switch to 5 minutes:
awplus> enable
awplus# configure terminal
awplus(config)# line console 0
awplus(config-line)# exec-timeout 5
Note
The default value the EXEC-TIMEOUT command is 10 minutes.
There are ten VTY lines for remote Telnet and SSH sessions. Each
remote management session uses one line. The switch automatically
allocates a line when a remote session is initiated. The first remote Telnet
or SSH session is allocated the VTY 0 line, the second session is allocated
the VTY 1 line, and so forth.
Each VTY line has its own management session timer. The timers are set
in the Virtual Terminal Line mode, which is accessed with the LINE VTY
command. The format of the LINE VTY command is shown here:
line vty first_line_id last_line_id
129
Chapter 7: Basic Switch Management
Both the first_line_id and the last_line_id parameters have value of 0 to 9.
You can specify one VTY line or a range of VTY lines. This example sets
the management session timer to 8 minutes on VTY line 2:
awplus> enable
awplus# configure terminal
awplus(config)# line vty 2
awplus(config-line)# exec-timeout 8
This example sets the management session timer to 3 minutes for all VTY
lines:
awplus> enable
awplus# configure terminal
awplus(config)# line vty 0 9
awplus(config-line)# exec-timeout 3
130
AT-8100 Switch Command Line User’s Guide
Setting the Maximum Number of Manager Sessions
The switch supports up to three manager sessions simultaneously so that
more than one person can manage the unit at a time. You set the
maximum number of sessions with the SERVICE MAXMANAGER
command in the Global Configuration mode. The default is three manager
sessions.
This example sets the maximum number of manager sessions to three:
awplus> enable
awplus# configure terminal
awplus(config)# service maxmanager 3
For reference information, refer to “SERVICE MAXMANAGER” on
page 158.
131
Chapter 7: Basic Switch Management
Configuring the Banners
The switch has four banner messages you may use to identify the switch
or to display other information about the unit. The banners are listed here:
Message-of-the-day
banner
Login banner

Message-of-the-day banner

Login banner

User Exec and Privileged Exec modes banner

Display login banner
This unit was updated to version 2.1.1 today, May 21,
2010.
This switch is located in building 2A, wiring closet 4M.
Login: manager
Password: ******
User Exec and
Privileged Exec
modes banner
Sales Switch 12
awplus>
Figure 35. Banner Messages
The message-of-the-day and login banners are displayed above the login
user name and password prompts of local, Telnet, and SSH management
sessions. The display banner displays the contents of the login banner.
The User Exec and Privileged Exec modes banner is displayed above the
command line prompts of these two modes, after you log on or whenever
you use the CLEAR SCREEN command to clear the screen.
Note
The banners are not displayed in web browser management
sessions.
The banner commands are:
132

banner motd

banner login

banner exec

show banner login
AT-8100 Switch Command Line User’s Guide
The commands for setting the banners are located in the Global
Configuration mode with the exception of the SHOW BANNER LOGIN
command which you access in the Privileged Exec mode.
After you enter the BANNER EXEC, BANNER LOGIN, or BANNER MOTD
command, the “Type CTRL/D to finish” prompt is displayed. When you see
this message, enter the banner message. Both the BANNER MOTD and
BANNER EXEC banners may be up to 256 characters, while the BANNER
LOGIN banner may be up to 4,000 characters. Spaces and special
characters are allowed.
After you finish entering your message, press CTRL D to return to the
command prompt in the Global Configuration mode.
This example of the BANNER MOTD command assigns the switch the
message-of-the-day banner in Figure 35 on page 132:
awplus> enable
awplus# configure terminal
awplus(config)# banner motd
Type CTRL/D to finish
This unit was updated to version 2.1.1 today, May 21, 2010.
awplus(config)#
This example of the BANNER LOGIN command assigns the switch the
login banner in Figure 35:
awplus> enable
awplus# configure terminal
awplus(config)# banner login
Type CTRL/D to finish
This switch is located in building 2A, wiring closet 4M.
awplus(config)#
Here is an example of the BANNER EXEC command:
awplus> enable
awplus# configure terminal
awplus(config)# banner exec
Type CTRL/D to finish
Sales Switch 12
awplus(config)#
This example uses the SHOW BANNER LOGIN command to display the
contents of the BANNER LOGIN file:
awplus> enable
awplus# configure terminal
awplus(config)# show banner login
133
Chapter 7: Basic Switch Management
To remove messages without assigning new messages, use the NO
versions of the commands. This example removes the message-of-theday banner:
awplus> enable
awplus# configure terminal
awplus(config)# no banner motd
This example removes the login banner:
awplus> enable
awplus# configure terminal
awplus(config)# no banner login
This example removes the User Exec and Privileged Exec modes banner:
awplus> enable
awplus# configure terminal
awplus(config)# no banner exec
134
Chapter 8
Basic Switch Management Commands
The basic switch management commands are summarized in Table 8.
Table 8. Basic Switch Management Commands
Command
Mode
Description
“BANNER EXEC” on page 137
Global
Configuration
Creates a User Exec and Privileged
Exec modes banner.
“BANNER LOGIN” on page 139
Global
Configuration
Creates a login banner.
“BANNER MOTD” on page 141
Global
Configuration
Creates a message-of-the-day
banner.
“BAUD-RATE SET” on page 143
Line Console
Configures the baud rate of the serial
terminal port on the switch.
“CLOCK SET” on page 144
Privileged Exec
Manually sets the date and time.
“ERASE STARTUP-CONFIG” on
page 145
Privileged Exec
Restores the default settings to all the
parameter settings on the switch.
“EXEC-TIMEOUT” on page 146
Line Console
Sets the console timer which is used
to end inactive management sessions.
“HELP” on page 148
All
Displays how to use the on-line help
system.
“HOSTNAME” on page 149
Global
Configuration
Assigns a name to the switch.
“LINE CONSOLE” on page 150
Global
Configuration
Enters the Line Console mode.
“LINE VTY” on page 151
Global
Configuration
Enters the Virtual Terminal Line mode
for a VTY line.
“NO HOSTNAME” on page 152
Global
Configuration
Deletes the switch’s name without
assigning a new name.
“PING” on page 153
User Exec and
Privileged Exec
Instructs the switch to ping another
network device.
“PING IPv6” on page 155
User Exec and
Privileged Exec
Instructs the switch to ping another
IPv6 network device.
135
Chapter 8: Basic Switch Management Commands
Table 8. Basic Switch Management Commands
Command
Mode
Description
“REBOOT” on page 156
Privileged Exec
Resets the switch.
“RELOAD” on page 157
Privileged Exec
Resets the switch.
“SERVICE MAXMANAGER” on
page 158
Global
Configuration
Sets the maximum number of
permitted manager sessions.
“SHOW BANNER LOGIN” on
page 159
Privileged Exec
Displays the banner set with the
BANNER LOGIN command.
“SHOW BAUD-RATE” on page 160
Global
Configuration
Displays the settings of the Console
port.
“SHOW CLOCK” on page 161
User Exec and
Privileged Exec
Displays the date and time.
“SHOW RUNNING-CONFIG” on
page 162
Privileged Exec
Displays all of the settings on the
switch, including those that have not
yet been saved in the active boot
configuration file.
“SHOW SWITCH” on page 163
Privileged Exec
Displays general information about
the switch.
“SHOW SYSTEM” on page 165
User Exec
Displays general information about
the switch.
“SHOW SYSTEM SERIALNUMBER”
on page 166
User Exec and
Privileged Exec
Displays the serial number of the
switch.
“SHOW USERS” on page 167
Privileged Exec
Displays the managers who are
currently logged on the switch.
“SHOW VERSION” on page 169
User Exec and
Privileged Exec
Displays the version number and build
date of the management software.
“SNMP-SERVER CONTACT” on
page 170
Global
Configuration
Adds contact information to the
switch.
“SNMP-SERVER LOCATION” on
page 171
Global
Configuration
Adds location information to the
switch.
“SYSTEM TERRITORY” on page 172
Global
Configuration
Specifies the territory of the switch.
136
AT-8100 Switch Command Line User’s Guide
BANNER EXEC
Syntax
banner exec
Parameters
None
Mode
Global Configuration mode
Description
Use this command to create a banner for the User Exec and Privilege
Exec modes. The message is displayed above the command line prompt
when you log on or clear the screen with the CLEAR SCREEN command,
in local, Telnet, and SSH management sessions.
After you enter the command, the “Type CTRL/D to finish” prompt is
displayed. Enter a banner message of up to 256 characters. Spaces and
special characters are allowed. When you are finished, press CTRL D.
To remove the banner, use the NO version of this command, NO BANNER
EXEC.
Note
Web browser management sessions do not display this banner.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Examples
This example creates the banner “Production Switch 1P” for the User Exec
and Privileged Exec modes:
awplus> enable
awplus# configure terminal
awplus(config)# banner exec
Type CNTL/D to finish
Production Switch 1P
137
Chapter 8: Basic Switch Management Commands
This example deletes the banner:
awplus> enable
awplus# configure terminal
awplus(config)# no banner exec
138
AT-8100 Switch Command Line User’s Guide
BANNER LOGIN
Syntax
banner login
Parameters
None
Mode
Global Configuration mode
Description
Use this command to configure the login banner. The message is
displayed prior to the login user name and password prompts for local,
Telnet, and SSH management sessions. If the switch also has a messageof-the-day banner, this message is displayed after the login banner.
After you enter the command, the “Type CTRL/D to finish” prompt is
displayed on your screen. Enter a login message of up to 4,000
characters. Spaces and special characters are allowed. When you are
finished, press CTRL D.
To remove the login banner, use the NO version of this command, NO
BANNER LOGIN.
Note
Web browser management sessions do not display the login banner.
Confirmation Command
“SHOW BANNER LOGIN” on page 159
Examples
This example creates a login banner:
awplus> enable
awplus# configure terminal
awplus(config)# banner login
Type CTRL/D to finish
This switch is located in building B on the second floor,
wiring closet 2B.
awplus(config)#
139
Chapter 8: Basic Switch Management Commands
This example removes the login banner:
awplus> enable
awplus# configure terminal
awplus(config)# no banner login
140
AT-8100 Switch Command Line User’s Guide
BANNER MOTD
Syntax
banner motd
Parameters
None
Mode
Global Configuration mode
Description
Use this command to create a message-of-the-day banner. The message
is displayed prior to the login user name and password prompts for local,
Telnet, and SSH management sessions. If the switch also has a login
banner, this message is displayed before the message-of-the-day banner.
After you enter the command, the “Type CTRL/D to finish” prompt is
displayed. Enter a message-of-the-day banner of up to 256 characters.
Spaces and special characters are allowed. When you are finished, press
CTRL D.
To remove the message-of-the-day banner, use the NO version of this
command, NO BANNER MOTD.
Note
Web browser management sessions do not display the message-ofthe-day banner.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Examples
This example create a message-of-the-day banner:
awplus> enable
awplus# configure terminal
awplus(config)# banner motd
Type CTRL/D to finish
This switch was updated to the latest software on May 23,
2010.
141
Chapter 8: Basic Switch Management Commands
This example removes the message-of-the-day banner:
awplus> enable
awplus# configure terminal
awplus(config)# no banner motd
142
AT-8100 Switch Command Line User’s Guide
BAUD-RATE SET
Syntax
baud-rate set 1200|2400|4800|9600|19200|38400|57600|115200
Parameters
None
Mode
Global Configuration mode
Description
Use this command to set the baud rate of the Console port, which is used
for local management sessions of the switch.
Note
If you change the baud rate of the serial terminal port during a local
management session, your session will be interrupted. To resume
the session you must change the speed of your terminal or the
terminal emulator program to match the new speed of the serial
terminal port on the switch.
Confirmation Command
“SHOW BAUD-RATE” on page 160
Example
This example sets the baud rate of the Console port to 19200 bps:
awplus> enable
awplus# configure terminal
awplus(config)# baud-rate set 19200
143
Chapter 8: Basic Switch Management Commands
CLOCK SET
Syntax
clock set hh:mm:ss dd mmm yyyy
Parameters
hh:mm:ss
Specifies the hour, minute, and second for the switch’s time in 24hour format.
dd
Specifies the day of the month.
mmm
Specifies the month. The month is specified by its first three letters.
For example, June is Jun. The first letter must be uppercase and
the second and third letters lowercase.
year
Specifies the year. The year must be specified in four digits (for
example, 2011 or 2012).
Mode
Privileged Exec mode
Confirmation Command
“SHOW CLOCK” on page 161
Description
Use this command to manually set the date and the time on the switch.
The command must include both the date and the time.
Note
When set manually the date and time are not retained by the switch
when it is reset or powered off.
Example
This example sets the time and date to 2:15 pm, April 7, 2011:
awplus> enable
awplus# clock set 14:15:0 7 Apr 2011
144
AT-8100 Switch Command Line User’s Guide
ERASE STARTUP-CONFIG
Syntax
erase startup-config
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to delete the active boot configuration file to restore the
default settings to all the parameters on the switch. After entering this
command, enter the REBOOT command to reset the switch and restore
the default settings.
Caution
The switch will not forward network traffic while it initializes its
management software. Some network traffic may be lost.
To resume managing the switch after restoring the default settings, you
must establish a local management session from the Console port.
Remote management is not possible because the switch will not have a
management IP address.
Note
For instructions on how to create a new boot configuration file, refer
to Chapter 36, “Boot Configuration Files” on page 553.
Example
The following command deletes the active boot configuration file and
restores the default settings to all the parameters on the switch.
awplus> enable
awplus# erase startup-config
erase start-up config? (y/n):y
Deleting..
Successful Operation
awplus# reboot
145
Chapter 8: Basic Switch Management Commands
EXEC-TIMEOUT
Syntax
exec-timeout value
Parameters
exec-timeout
Specifies the session timer in minutes. The range is 0 to 35,791
minutes. The default value is 10 minutes.
Mode
Line Console and Virtual Terminal Line modes
Description
Use this command to set the management session timers. The timers are
used by the switch to end inactive management sessions to protect
against unauthorized changes should you leave your management station
unattended during a management session. A management session is
deemed inactive by the switch if there is no management activity for the
duration of a timer.
Local management sessions, which are conducted through the Console
port on the switch, and remote Telnet and SSH sessions have different
timers. The timer for local management sessions is set in the Line Console
mode. The timers for remote Telnet and SSH sessions are set in the
Virtual Terminal Line mode. There is a different timer for each of the ten
VTY lines for remote Telnet and SSH sessions.
Confirmation Commands
“SHOW SWITCH” on page 163 and “SHOW RUNNING-CONFIG” on
page 162
Examples
This example sets the session timer for local management sessions to 15
minutes:
awplus> enable
awplus# configure terminal
awplus(config)# line console 0
awplus(config-line)# exec-timeout 15
146
AT-8100 Switch Command Line User’s Guide
This example sets the session timer for the first (vty 0) Telnet or SSH
session to 5 minutes:
awplus> enable
awplus# configure terminal
awplus(config)# line vty 0
awplus(config-line)# exec-timeout 5
147
Chapter 8: Basic Switch Management Commands
HELP
Syntax
help
Parameters
None
Mode
All modes
Description
Use this command to learn how to use on-line help. Entering this
command at a command line displays how to use the on-line help system.
See Figure 36 for the description displayed on the screen.
When you need help at the command line, press “?”.
If nothing matches, the help list will be empty. Delete
characters until entering a ‘?’ shows the available options.
Enter ‘?’ after a complete parameter to show remaining valid
command parameters (e.g. ‘show ?’).
Enter ‘?’ after part of a parameter to show parameters that
complete the typed letters (e.g. ‘show ip?’).
Figure 36. HELP Command
Example
This example displays the HELP command:
awplus# help
148
AT-8100 Switch Command Line User’s Guide
HOSTNAME
Syntax
hostname name
Parameters
name
Specifies a name of up to 39 alphanumeric characters for the
switch. Spaces, punctuation, special characters, and quotation
marks are not permitted.
Mode
Global Configuration mode
Description
Use this command to assign the switch a name. The switch displays the
name in the command line prompt, in place of the default prefix “awplus.”
Example
This example assigns the name “Sw_Sales” to the switch:
awplus> enable
awplus# configure terminal
awplus(config)# hostname Sw_Sales
Sw_Sales(config)#
149
Chapter 8: Basic Switch Management Commands
LINE CONSOLE
Syntax
line console 0
Parameters
None
Mode
Global Configuration mode
Description
Use this command to enter the Line Console mode to set the session
timer and to activate or deactivate remote authentication for local
management sessions.
Example
The following example enters the Line Console mode to set the session
timer and to activate or deactivate remote authentication for local
management sessions:
awplus> enable
awplus# configure terminal
awplus(config)# line console 0
awplus(config-line)#
150
AT-8100 Switch Command Line User’s Guide
LINE VTY
Syntax
line vty first_line_id last_line_id
Parameters
first_line_id
Specifies the number of a VTY line. The range is 0 to 9.
last_line_id
Specifies the number of a VTY line. The range is 0 to 9. This is an
optional parameter.
Mode
Global Configuration mode
Description
Use this command to enter the Virtual Terminal Line mode for a VTY line
or a range of VTY lines, to set the session timer or to activate or deactivate
remote authentication for Telnet or SSH management sessions.
Refer to “EXEC-TIMEOUT” on page 146 to set session timeout values and
“LOGIN AUTHENTICATION” on page 1495 to activate remote
authentication.
Examples
This example enters the Virtual Terminal Line mode for VTY line 0:
awplus> enable
awplus# configure terminal
awplus(config)# line vty 0
awplus(config-line)#
This example enters the Virtual Terminal Line mode for all VTY lines:
awplus> enable
awplus# configure terminal
awplus(config)# line vty 0 9
awplus(config-line)#
151
Chapter 8: Basic Switch Management Commands
NO HOSTNAME
Syntax
no hostname
Parameters
None
Mode
Global Configuration mode
Description
Use this command to delete the switch’s name without assigning a new
name.
Example
This example deletes the current name of the switch without assigning a
new value:
Bld2_Shipping> enable
Bld2_Shipping# configure terminal
Bld2_Shipping(config)# no hostname
awplus#(config)
152
AT-8100 Switch Command Line User’s Guide
PING
Syntax
ping ipaddress|hostname
Parameters
ipaddress
Specifies the IP address of the network device to receive the ICMP
Echo Requests from the switch. You can specify only one IP
address.
hostname
Specifies the host name of the network device to receive the ICMP
Echo Requests from the switch. You can specify only one host
name.
Modes
Privileged Exec mode
Description
Use this command to instruct the switch to send ICMP Echo Requests to a
network device with an IPv4 address. You can use the command to
determine whether there is an active link between the switch and another
network device, such as a RADIUS server or a Telnet client, or to
troubleshoot communication problems. To ping an IPv6 address, see
“PING IPv6” on page 155.
In order to specify the host name parameter, the switch needs a
connection to a name server. There are two ways to accomplish this. You
can define a Domain Name Server (DNS) in the Global Configuration
mode with the IP NAME-SERVER command. See “IP NAME-SERVER” on
page 358. Or, a the switch can obtain a name server automatically with
DHCP. See “IP ADDRESS DHCP” on page 310 for information about how
to set the switch to DHCP.
Note
To send ICMP Echo Requests the switch must be configured with a
management IP address. For background information, refer to
153
Chapter 8: Basic Switch Management Commands
Note
The switch sends the ICMP Echo Requests from the ports of the
VLAN assigned the management IP address. The device the switch
is pinging must be a member of that VLAN or must be accessible
through routers or other Layer 3 devices.
Example
This command instructs the switch to ping a network device with the IP
address 149.122.14.15:
awplus> enable
awplus# ping 149.122.14.15
The results of the ping are displayed on the screen.
154
AT-8100 Switch Command Line User’s Guide
PING IPv6
Syntax
ping ipv6 <ipv6-address> repeat <1-99> size <36-18024>
Parameters
ipv6-address
Indicates the destination IPv6 address. The IPv6 address uses the
format:
nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn
Where N is a hexadecimal digit from 0 to F. The eight groups of
digits have to be separated by colons. Groups where all four digits
are ‘0’ can be omitted. Leading ‘0’s in groups can also be omitted.
For example, the following IPv6 addresses are equivalent:
12c4:421e:09a8:0000:0000:0000:00a4:1c50
12c4:421e:09a8::a4:1c50 X:X::X:X
repeat <1-99>
Specifies the number of times the ping is sent. The default is 4
times.
size <36-18024>
Indicates the packet size, in bytes, that are sent to the destination
IPv6 address. The packet size excludes the 8 byte ICMP header.
The default is 56 bytes. The range is 36 to 18,024 bytes.
Mode
User Exec and Privileged Exec modes
Description
Use this command to instruct the switch to send ICMP Echo Requests to
an IPv6 host.
Example
The following example sends 37 data bytes in an ICMP Echo Request to
IPv6 address 2001:0db8::a2 for a total of 12 times:
awplus> enable
awplus# ping ipv6 2001:0db8::a2 repeat 12 size 37
155
Chapter 8: Basic Switch Management Commands
REBOOT
Syntax
reboot
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to reset the switch. You might reset the unit if it is
experiencing a problem or if you want to reconfigure its settings after you
designate a new active boot configuration file.This command is identical to
“RELOAD” on page 157. The command displays a confirmation prompt.
Caution
The switch does not forward network traffic while it initializes its
management software. Some network traffic may be lost. The reset
can take from 10 seconds to two minutes, depending on the number
and complexity of the commands in the active boot configuration file.
Note
The switch discards any configuration changes that have not been
saved in its active boot configuration file. To save your changes,
enter the WRITE command or the COPY RUNNING-CONFIG
STARTUP-CONFIG command before resetting the switch. For
instructions, refer to “WRITE” on page 104 or “COPY RUNNINGCONFIG STARTUP-CONFIG” on page 93.
To resume managing the switch, wait for the switch to initialize the
management software and then start a new management session.
Example
The following command resets the switch:
awplus> enable
awplus# reboot
reboot switch? (y/n): y
156
AT-8100 Switch Command Line User’s Guide
RELOAD
Syntax
reload
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to reset the switch. You might reset the unit if it is
experiencing a problem or if you want to reconfigure its settings after you
designate a new active boot configuration file. This command is identical
to “REBOOT” on page 156. The command displays a confirmation prompt.
Caution
The switch does not forward network traffic while it initializes its
management software. Some network traffic may be lost. The reset
can take from 10 seconds to two minutes, depending on the number
and complexity of the commands in the active boot configuration file.
Note
The switch discards any configuration changes that have not been
saved in its active boot configuration file. To save your changes,
enter the WRITE command or the COPY RUNNING-CONFIG
STARTUP-CONFIG command before resetting the switch. For
instructions, refer to “WRITE” on page 104 or “COPY RUNNINGCONFIG STARTUP-CONFIG” on page 93.
To resume managing the switch, wait for the switch to initialize the
management software and then start a new management session.
Example
The following example resets the switch:
awplus> enable
awplus# reload
reboot switch? (y/n): y
157
Chapter 8: Basic Switch Management Commands
SERVICE MAXMANAGER
Syntax
service maxmanager value
Parameters
value
Specifies the maximum number of manager sessions the switch
will allow at one time. The range is 1 to 3. The default is 3.
Mode
Global Configuration mode
Description
Use this command to set the maximum number of manager sessions that
can be open on the switch simultaneously. This feature makes it possible
for more than one person to manage the unit at one time. The range is one
to three manager sessions, with the default three manager session.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example sets the maximum number of manager sessions to two:
awplus> enable
awplus# configure terminal
awplus(config)# service maxmanager 2
158
AT-8100 Switch Command Line User’s Guide
SHOW BANNER LOGIN
Syntax
show banner login
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the contents of the banner login file
configured with the BANNER LOGIN command. A sample of the display is
showed below.
This switch is located on the third floor of building 4 in
lab 2B.
Figure 37. SHOW BANNER LOGIN Command
Example
This example displays the contents of the banner login file configured with
the BANNER LOGIN command:
awplus> enable
awplus# show banner login
159
Chapter 8: Basic Switch Management Commands
SHOW BAUD-RATE
Syntax
show baud-rate
Parameters
None
Mode
User Exec mode and Privileged Exec mode
Description
Use this command to display the settings of the Console port, used for
local management sessions of the switch. Here is an example of the
information.
Asynchronous Port (Console) Information:
Baud Rate .................... 9600
Parity ....................... User Configured
Data bits .................... 0
Stop bits .................... 1
Figure 38. SHOW BAUD-RATE Command
To set the baud rate, refer to “BAUD-RATE SET” on page 143.
Note
The baud rate is the only adjustable parameter on the Console port.
Example
This example displays the settings of the console port:
awplus# show baud-rate
160
AT-8100 Switch Command Line User’s Guide
SHOW CLOCK
Syntax
show clock
Parameters
None
Modes
User Exec mode
Description
Use this command to display the system’s current date and time.
Example
This example displays the system’s current date and time:
awplus# show clock
161
Chapter 8: Basic Switch Management Commands
SHOW RUNNING-CONFIG
Syntax
show running-config
Parameters
None
Modes
Privileged Exec mode
Description
Use this command to display the settings of the switch, in their equivalent
command line commands.
The command displays only the settings that have been changed from
their default values and includes those values that have not yet been
saved in the active boot configuration file. Parameters at their default
settings are not included in the running configuration file.
To display the port configuration settings, see “SHOW RUNNINGCONFIG INTERFACE” on page 237.
Example
This example displays the switch settings:
awplus# show running-config
162
AT-8100 Switch Command Line User’s Guide
SHOW SWITCH
Syntax
show switch
Parameters
None
Modes
Privileged Exec mode
Description
Use this command to view the information in Figure 39.
Switch Information:
Application Software Version .........
Application Software Build date ......
MAC Address ..........................
Active Spanning Tree version .........
Console Disconnect Timer Interval ....
Telnet Server status .................
MAC address aging time ...............
v1.0.0
May 2010 10:24:12
00:15:77:CC:E2:42
RSTP
10 minute(s)
Enabled
300 second(s)
Figure 39. SHOW SWITCH Command
The fields are described in Table 9.
Table 9. SHOW SWITCH Command
Parameter
Description
Application Software
Version
The version number of the management
software.
Application Software Build
Date
The date and time when Allied Telesis
released this version of the management
software.
MAC Address
The MAC address of the switch.
163
Chapter 8: Basic Switch Management Commands
Table 9. SHOW SWITCH Command (Continued)
Parameter
Description
Active Spanning Tree
version
The active spanning tree protocol on the
switch. The protocol can be STP, RSTP,
or MSTP. The active spanning tree
protocol is set with “SPANNING-TREE
MODE STP” on page 805, “SPANNINGTREE MODE RSTP” on page 843, and
“SPANNING-TREE MODE MSTP” on
page 887.
Console Disconnect Timer
Interval
The current setting of the console timer.
The switch uses the console timer to end
inactive management session. The switch
ends management sessions if they are
inactive for the length of the timer. To set
the timer, refer to “EXEC-TIMEOUT” on
page 146.
Telnet Server Status
The status of the Telnet server. The switch
can be remotely managed from a Telnet
client on your network when the server is
enabled. When the server is disabled, the
switch cannot be remotely management
with a Telnet client. To configure the
Telnet client, refer to “SERVICE TELNET”
on page 1397 and “NO SERVICE
TELNET” on page 1396.
MAC Address Aging Time
The current setting of the aging timer,
which the switch uses to delete inactive
dynamic MAC addresses from the MAC
address table. To set this value, refer to
“MAC ADDRESS-TABLE AGEING-TIME”
on page 380.
Example
The following example displays the switch information:
awplus# show switch
164
AT-8100 Switch Command Line User’s Guide
SHOW SYSTEM
Syntax
show system
Parameters
None
Modes
User Exec and Privileged Exec modes
Description
Use this command to view general information about the switch. Figure 40
is an example of the information.
Switch System StatusFri, 18 Nov 2011 00:37:26
BoardBoard NameRevSerial Number
---------------------------------------------------------------BaseAT-8100S/24 R1S05525A090200007
---------------------------------------------------------------Environmental Status:Normal
Uptime:0 days 00:37:27
Bootloader version:5.1.2
Bootloader build date:June 01 2010 10:24:05
Software version:2.2.2.0
Build date:Oct 23 2011 01:40:25
Current boot config:/cfg/switch1a.cfg (file exists)
Territory:
System Name:
System Contact:
System Location:
Figure 40. SHOW SYSTEM Command
Example
This example displays general information about the switch:
awplus# show system
165
Chapter 8: Basic Switch Management Commands
SHOW SYSTEM SERIALNUMBER
Syntax
show system serialnumber
Parameters
None
Mode
User Exec and Privileged Exec modes
Description
Use this command to display the serial number of the switch. Figure 41 is
an example of the output.
S05525A023600001
Figure 41. SHOW SYSTEM SERIALNUMBER Command
Example
This example displays the system’s serial number:
awplus# show system serialnumber
166
AT-8100 Switch Command Line User’s Guide
SHOW USERS
Syntax
show users
Parameters
None
Modes
Privileged Exec mode
Description
Use this command to display the managers who are currently managing
the switch locally through the Console port and remotely from Telnet and
SSH sessions. This command does not display managers who are
configuring the device with a web browser application or an SNMP
application. Figure 42 displays an example of the information.
LineUserHost(s)IdleLocationPriv
con0manageridle00:00:00ttyS015
vty0Cassandraidle00:03:11149.112.167.2915
Figure 42. SHOW USERS Command
The columns are described in Table 9.
Table 10. SHOW USERS Command
Parameter
Description
Line
The active management sessions. The
possible designators are “con0” for a local
management session and “vty” for remote
Telnet and SSH sessions.
User
The login user name of the manager
account.
Host(s)
This field is not applicable to the switch.
167
Chapter 8: Basic Switch Management Commands
Table 10. SHOW USERS Command (Continued)
Parameter
Description
Idle
The number of hours, minutes, and
seconds since the manager using the
account entered a command on the
switch. The value is always zero for your
account because you just entered the
SHOW USERS command.
Location
The network device from which the
manager is accessing the switch. A
device connected to the Console port is
identified by “ttys0” while remote Telnet
and SSH devices are identified by their IP
addresses.
Priv
The privilege level of the manager
account. Manager accounts with the
privilege level 1 are restricted to the User
Exec mode while accounts with the level
15 can access all of the command modes.
Example
This example displays the managers who are logged on to the switch:
awplus# show users
168
AT-8100 Switch Command Line User’s Guide
SHOW VERSION
Syntax
show version
Parameters
None
Mode
User Exec and Privileged Exec modes
Description
Use this command to display the software version number and build date
of the management software. Figure 43 displays an example of the
information.
AlliedWare Plus (TM) 2.2.2.0 10/23/10 01:40:25
Application Build name : ats-8100-2.2.2.0.img
Application Build date : Oct 23 2011 01:40:25
Application Build type : RELEASE
Bootloader version
Bootloader build date
: 5.1.2
: Jun 01 2010 10:24:05
Figure 43. SHOW VERSION Command
Example
This example displays the management software version number:
awplus# show version
169
Chapter 8: Basic Switch Management Commands
SNMP-SERVER CONTACT
Syntax
snmp-server contact contact
Parameters
contact
Specifies the name of the person responsible for managing the
switch. The name can be up to 255 alphanumeric characters in
length. Spaces and special characters are allowed.
Mode
Global Configuration mode
Description
Use this command to add contact information to the switch. The contact
information is usually the name of the person who is responsible for
managing the unit.
To remove the current contact information without adding a new contact,
use the NO form of this command.
Confirmation Command
“SHOW SYSTEM” on page 165
Example
This example assigns the contact “JSmith_ex5441” to the switch:
awplus> enable
awplus# configure terminal
awplus(config)# snmp-server contact JSmith_ex5441
This example removes the current contact information:
awplus> enable
awplus# configure terminal
awplus(config)# no snmp-server contact
170
AT-8100 Switch Command Line User’s Guide
SNMP-SERVER LOCATION
Syntax
snmp-server location location
Parameters
location
Specifies the location of the switch. The location can be up to 255
alphanumeric characters. Spaces and special characters are
allowed.
Mode
Global Configuration mode
Description
Use this command to add location information to the switch.
To remove the current location information without adding new
information, use the NO form of this command.
Confirmation Command
“SHOW SYSTEM” on page 165
Examples
This example adds the location “Bldg5_fl2_rm201a” to the switch:
awplus> enable
awplus# configure terminal
awplus(config)# snmp-server location Bldg5_fl2_rm201a
This example removes the current location information:
awplus> enable
awplus# configure terminal
awplus(config)# no snmp-server location
171
Chapter 8: Basic Switch Management Commands
SYSTEM TERRITORY
Syntax
system territory territory
Parameters
territory
Specifies the territory of the switch. The switch can have only one
territory. You may choose from the following:
australia
china
europe
japan
korea
nz (New Zealand)
usa
Mode
Global Configuration mode
Description
Use this command to specify the territory of the switch. The territory
setting is not currently used by any of the features on the switch.
Confirmation Command
“SHOW SYSTEM” on page 165
Examples
This example sets the switch’s territory to Australia:
awplus> enable
awplus# configure terminal
awplus(config)# system territory australia
172
AT-8100 Switch Command Line User’s Guide
This example removes the current territory information:
awplus> enable
awplus# configure terminal
awplus(config)# no system territory
173
Chapter 8: Basic Switch Management Commands
174
Chapter 9
Port Parameters
This chapter contains the following:

“Adding Descriptions” on page 176

“Setting the Speed and Duplex Mode” on page 177

“Setting the MDI/MDI-X Wiring Configuration” on page 179

“Enabling or Disabling Ports” on page 180

“Enabling or Disabling Backpressure” on page 181

“Enabling or Disabling Flow Control” on page 182

“Resetting Ports” on page 185

“Configuring Threshold Limits for Ingress Packets” on page 186

“Displaying Threshold Limit Settings on Ports” on page 188

“Reinitializing Auto-Negotiation” on page 189

“Restoring the Default Settings” on page 190

“Displaying Port Settings” on page 191

“Displaying or Clearing Port Statistics” on page 193

“Displaying SFP Information” on page 194
175
Chapter 9: Port Parameters
Adding Descriptions
The ports will be easier to identify if you give them descriptions. The
descriptions are viewed with the SHOW INTERFACE command in the
Privileged Exec mode.
The command for adding descriptions is the DESCRIPTION command in
the Port Interface mode. Here is the format:
description description
The DESCRIPTION parameter can be up to 80 alphanumeric characters.
Spaces and special characters are allowed.
You can assign a description to more than one port at a time.
To remove the current description from a port without assigning a new
description, use the NO form of this command.
This example assigns the name “printer22” to port 15:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15
awplus(config-if)# description printer22
This example removes the current name from port 16 without assigning a
new description:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.16
awplus(config-if)# no description
For reference information, refer to “DESCRIPTION” on page 202.
Note
The POWER-INLINE DESCRIPTION command is used to describe
powered devices that are connected to the ports. For information
about this command, see “POWER-INLINE DESCRIPTION” on
page 273.
176
AT-8100 Switch Command Line User’s Guide
Setting the Speed and Duplex Mode
The twisted pair ports on the switch can operate at 10, 100, or 1000 Mbps,
in either half-duplex or full-duplex mode. You may set the speeds and
duplex modes yourself or, since the ports support Auto-Negotiation, you
may let the switch configure the ports automatically. The default setting for
the ports is Auto-Negotiation for both speed and duplex mode.
To set the speed manually on a port or to reactivate Auto-Negotiation, use
the SPEED command in the Port Interface mode. The format of the
command is:
speed auto|10|100|1000
The “10” setting is for 10Mbps, the “100” for 100Mbps and the “1000” for
1000Mbps. The “auto” activates Auto-Negotiation for port speed.
The DUPLEX command, for setting the duplex mode, has this format:
duplex auto|half|full
The “half” setting is for half-duplex mode and “full” for full-duplex mode.
The “auto” activates Auto-Negotiation for duplex mode.
You should review the following information before configuring the ports:

Auto-Negotiation may be activated separately for speed and
duplex mode on a port. For instance, you may activate AutoNegotiation for speed on a port, but set the duplex mode manually.

The 1000 Mbps setting in the SPEED command is for fiber optic
modules. The twisted pair ports on the switch must be set to AutoNegotiation to operate at 1000 Mbps.
Note
To avoid a duplex mode mismatch between switch ports and
network devices, do not use duplex mode Auto-Negotiation on ports
that are connected to network devices on which the duplex modes
are set manually. Switch ports that are set to Auto-Negotiation
default to half duplex mode if they detect that the network devices
are not using Auto-Negotiation. This may result in duplex mode
mismatches in which the switch ports use half duplex mode and the
network devices full duplex mode. To prevent this problem, always
manually set the duplex mode on ports that are connected to
network devices that are not using Auto-Negotiation.
177
Chapter 9: Port Parameters
This example sets the speeds of ports 11 and 17 to 100Mbps:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11,port1.0.17
awplus(config-if)# speed 100
This example configures port 1 to half-duplex:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.1
awplus(config-if)# duplex half
This example configures ports 2 to 4 to 10 Mbps, full-duplex:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.2-port1.0.4
awplus(config-if)# speed 10
awplus(config-if)# duplex full
This example sets the speed on port 15 to Auto-Negotiation and the
duplex mode to half duplex:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15
awplus(config-if)# speed auto
awplus(config-if)# duplex half
This example sets the speed on port 23 to 100 Mbps and the duplex mode
to Auto-Negotiation:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.23
awplus(config-if)# speed 100
awplus(config-if)# duplex auto
For reference information, refer to “SPEED” on page 244 and “DUPLEX”
on page 204.
178
AT-8100 Switch Command Line User’s Guide
Setting the MDI/MDI-X Wiring Configuration
The wiring configurations of twisted pair ports that operate at 10 or 100
Mbps are MDI (medium dependent interface) and MDI-X (medium
dependent interface crossover). A port on the switch and a port on a link
partner must have different settings. For instance, a switch port has to be
using the MDI wiring configuration if the port on its link partner is using the
MDIX wiring configuration.
The command for setting the wiring configuration is the POLARITY
command in the Port Interface mode. Here is the format of the command:
polarity auto|mdi|mdix
The AUTO setting activates auto-MDI/MDIX, which enables a port to
detect the wiring configuration of its link partner so that it can set its wiring
configuration to the opposite setting.
This example of the command configures ports 22 and 23 to the MDI
wiring configuration:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.22,port1.0.23
awplus(config-if)# polarity mdi
This example activates auto-MDI/MDIX on ports 7 to 9:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.7-port1.0.9
awplus(config-if)# polarity auto
For reference information, refer to “POLARITY” on page 219.
179
Chapter 9: Port Parameters
Enabling or Disabling Ports
Disabling ports turns off their receivers and transmitters so that they
cannot forward traffic. You might disable unused ports on the switch to
protect them from unauthorized use, or if there is a problem with a cable or
a network device.
To disable ports, use the SHUTDOWN command in the Port Interface
mode. To enable ports again, use the NO SHUTDOWN command.
This example disables ports 1 to 4:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.1-port1.0.4
awplus(config-if)# shutdown
This example enables ports 17 and 22:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.17,port1.0.22
awplus(config-if)# no shutdown
For reference information, refer to “SHUTDOWN” on page 242 and “NO
SHUTDOWN” on page 216.
180
AT-8100 Switch Command Line User’s Guide
Enabling or Disabling Backpressure
Ports use backpressure during periods of packet congestion, to prevent
packet overruns. They use it to stop their link partners from sending any
further packets to enable them to process the packets already in their
buffers.
Backpressure applies to ports that are operating in half-duplex mode at 10
or 100 Mbps. A port that is experiencing packet congestion initiates
backpressure by transmitting a signal on the shared link. When the link
partner detects that its own transmission has become garbled on the link,
it ceases transmission, waits a random period of time, and, if the link is
clear, resumes transmitting.
You can enable or disable backpressure on ports where you disabled
Auto-Negotiation and set the speeds and duplex modes manually. If you
enable backpressure, the default setting, a port initiates backpressure
when it needs to prevent a buffer overrun from packet congestion. If you
disable backpressure, a port does not use backpressure. (Ports that are
set to Auto-Negotiation always use backpressure when operating in halfduplex mode at 10 or 100 Mbps.)
Backpressure is set with the BACKPRESSURE command in the Port
Interface mode. In this example, ports 11 and 12 are manually set to 10
Mbps, half-duplex, with backpressure enabled:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11,port1.0.12
awplus(config-if)# speed 10
awplus(config-if)# duplex half
awplus(config-if)# backpressure on
In this example, port 12 is manually set to 100 Mbps, half-duplex, with
backpressure disabled:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.12
awplus(config-if)# speed 100
awplus(config-if)# duplex half
awplus(config-if)# backpressure off
For reference information, refer to “BACKPRESSURE” on page 198.
181
Chapter 9: Port Parameters
Enabling or Disabling Flow Control
When a port that is operating in full-duplex mode needs to temporarily stop
its local or remote counterpart from sending any further packets, it initiates
flow control by sending what are known as pause packets. Pause packets
instruct the link partner to stop sending packets to allow the sender of the
packets time to process the packets already stored in its buffers.
There are two aspects to flow control on the ports on the switch. The first
is whether or not a port will issue pause packets during periods of buffer
congestion. The other is whether or not a port will stop sending packets
when it receives pause packets from another network device. You can
control both of these aspects of flow control on the ports on the switch.
Flow control is set with the FLOWCONTROL RECEIVE command and the
the FLOWCONTROL SEND command. The formats of the commands
are:
flowcontrol send on|off
flowcontrol receive on|off
The FLOWCONTROL SEND command controls whether or not a port
sends pause packets during periods of packet congestion. If you set it to
ON, the port sends pause packets when it reaches the point of packet
congestion. If you set it to oFF, the port does not send pause packets. At
the default setting, the send portion of flow control is off.
The FLOWCONTROL RECEIVE command is used to control whether or
not a port stops transmitting packets when it receives pause packets from
its local or remote counterpart. If you set it to ON, a port stops transmitting
packets when it receives pause packets. If you set it to OFF, a port does
not stop transmitting packets when it receives pause packets. At the
default setting, the receive portion of flow control is off.
The commands are located in the Port Interface mode. This example
configures ports 12 and 13 to 100Mbps, full-duplex mode. The receive
portion of flow control is disabled so that the ports ignore any pause
packets that they receive from their link partners:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.12,port1.0.13
awplus(config-if)# speed 100
awplus(config-if)# duplex full
awplus(config-if)# flowcontrol receive off
182
AT-8100 Switch Command Line User’s Guide
This example configures port 21 not to send pause packets during periods
of packet congestion:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.21
awplus(config-if)# speed 100
awplus(config-if)# duplex full
awplus(config-if)# flowcontrol send off
This example enables both the receive and send portions of flow control
on port 7:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.7
awplus(config-if)# flowcontrol receive on
awplus(config-if)# flowcontrol send on
For reference information, refer to “FLOWCONTROL” on page 208.
To disable flow control, use the NO FLOWCONTROL command in the
Port Interface mode. This example disables flow control on ports 22 and
23:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.22,port1.0.23
awplus(config-if)# no flowcontrol
To view the flow control settings on ports, use the SHOW
FLOWCONTROL INTERFACE command in the Privilege Exec mode.
Here is the format of the command:
show flowcontrol interface port
You can view just one port at a time. This example displays the flow
control settings for port 4:
awplus# show flowcontrol interface port1.0.4
Here is an example of the information the command displays.
Port
----1.0.4
Send
admin
------yes
Receive
admin
------yes
RxPause
TxPause
------112
------83
Figure 44. SHOW FLOWCONTROL INTERFACE Command
The columns in the table are described in “SHOW FLOWCONTROL
INTERFACE” on page 224.
183
Chapter 9: Port Parameters
If flow control isn’t configured on a port, this message is displayed:
Flow control is not set on interface port1.0.2
184
AT-8100 Switch Command Line User’s Guide
Resetting Ports
If a port is experiencing a problem, you may be able to correct it with the
RESET command in the Port Interface mode. This command performs a
hardware reset. The port parameter settings are retained. The reset takes
just a second or two to complete.
This example resets ports 16 and 17:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.16,port1.0.17
awplus(config-if)# reset
For reference information, refer to “RESET” on page 223.
185
Chapter 9: Port Parameters
Configuring Threshold Limits for Ingress Packets
You can set threshold limits for the ingress packets on the ports. The
threshold limits control the number of packets the ports accept each
second. Packets that exceed the limits are discarded by the ports. You
can set different limits for broadcast, multicast, and unknown unicast
traffic. This feature is useful in preventing bottlenecks from forming in a
network.
To assign a threshold limit on a port, use the STORM-CONTROL
command in the Port Interface mode. The format is:
storm-control broadcast|multicast|dlf level value
The BROADCAST, MULTICAST and DLF parameters specify the packet
type of the threshold limit. (The DLF parameter, the acronym for “database
lookup failure,” is for unknown unicast packets.) The VALUE parameter
specifies the maximum permitted number of ingress packets per second a
port will accept. The range is 0 to 33,554,431 packets.
This example sets a threshold of 5,000 packets per second for ingress
broadcast packets on port 12:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.12
awplus(config-if)# storm-control broadcast level 5000
This example sets a threshold of 100,000 packets per second for ingress
multicast packets on port 4:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.4
awplus(config-if)# storm-control multicast level 100000
This example sets a threshold of 200,000 packets per second for ingress
unknown unicast packets on ports 15 and 17:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15,port1.0.17
awplus(config-if)# storm-control dlf level 200000
186
AT-8100 Switch Command Line User’s Guide
To remove threshold limits from the ports, use the NO STORM-CONTROL
command, also in the Port Interface mode. This example removes the
threshold limit for broadcast packets on port 12:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.12
awplus(config-if)# no storm-control broadcast
This example disables unknown unicast rate limiting on port 5, 6, and 15:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5,port1.0.6,port1.0.15
awplus(config-if)# no storm-control dlf
This example removes the threshold limit for multicast packets on port 23:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.23
awplus(config-if)# no storm-control multicast
For reference information, refer to “STORM-CONTROL” on page 246 and
“NO STORM-CONTROL” on page 218.
187
Chapter 9: Port Parameters
Displaying Threshold Limit Settings on Ports
To display the threshold settings for the ingress packets on the ports, use
the SHOW STORM-CONTROL command in the Privileged Exec mode.
Here is the format:
show storm-control [port]
This example of the command displays the broadcast, multicast and dif
levels on ports 18:
awplus# show storm-control port1.0.18
Here is an example of the information the command displays.
Port
Bcastlevel
port1.0.18
30
Mcastlevel
100
Diflevel
100
Figure 45. SHOW STORM-CONTROL Command
The columns are described in Table 15 on page 232.
If the parameter port is not specified, the command displays the threshold
settings on all the ports on the switch.
If you want to display information on multiple ports at a time, enter:
awplus# show storm-control port1.0.18,port1.0.20,port1.0.21
Here is an example of the information the command displays.
Port
Bcastlevel
port1.0.18
30
Port1.0.20
100
port1.0.21
100
Mcastlevel
100
50
100
Diflevel
100
100
100
Figure 46. SHOW STORM-CONTROL Command
188
AT-8100 Switch Command Line User’s Guide
Reinitializing Auto-Negotiation
If you believe that a port set to Auto-Negotiation is not using the highest
possible common speed and duplex-mode between itself and a network
device, you can instruction it to repeat Auto-Negotiation. This is
accomplished with the RENEGOTIATE command in the Port Interface
mode. The command does not have any parameters. A port must already
be set to Auto-Negotiation before you can use this command.
This example prompts ports 4 and 8 to use Auto-Negotiation to renegotiate
their settings with the ports on their network counterparts:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.4,port1.0.8
awplus(config-if)# renegotiate
For reference information, refer to “RENEGOTIATE” on page 222.
189
Chapter 9: Port Parameters
Restoring the Default Settings
To restore the default settings on a port, use the PURGE command in the
Port Interface mode. This example returns ports 12, 13 and 15 to their
default settings:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.12,port1.0.13,port1.0.15
awplus(config-if)# purge
For reference information, refer to “PURGE” on page 221.
190
AT-8100 Switch Command Line User’s Guide
Displaying Port Settings
There are several ways to display port settings. See the following:
Displaying Speed
and Duplex
Settings

“Displaying Speed and Duplex Settings” on page 191

“Displaying Port Status” on page 191

“Displaying Port Configuration” on page 192
To display the speed and duplex mode settings of the ports, use the
SHOW INTERFACE STATUS command in the Privileged Exec mode.
Here is the format:
show interface [port] status
This example of the command displays the speed and duplex mode
settings for ports 18 and 20:
awplus# show interface port1.0.18,port1.0.20 status
Here is an example of the information the command displays.
Port
port1.0.18
port1.0.20
Name
Port_01
Port_02
Status
down
up
Vlan
3
11
Duplex
half
auto
Speed
100
auto
Type
10/100/1000Base-T
10/100/1000Base-T
Figure 47. SHOW INTERFACE STATUS Command
The columns are described in Table 15 on page 232. For a description of
the command, see “SHOW INTERFACE STATUS” on page 232.
Displaying Port
Status
To display the current status of the ports on the switch, use the SHOW
INTERFACE command in the Privileged Exec mode. Here is the format:
show interface [port]
This example displays the settings for ports 1 and 2:
awplus# show interface port1.0.1,port1.0.2
See Figure 48 on page 192 for an example of the display.
191
Chapter 9: Port Parameters
Interface port1.0.1
Link is UP, administrative state is UP
Address is 0015.77cc.e243
index 1 mtu 9198
SNMP link-status traps: Enabled (Suppressed in 0 sec.)
Bandwidth 1g
input packets 0, bytes 0, dropped 0, multicast packets 0
output packets 0, bytes 0, multicast packets 0 broadcast packets 0
Interface port1.0.2
Link is UP, administrative state is UP
Address is 0015.77cc.e244
index 2 mtu 9198
SNMP link-status traps: Enabled (Suppressed in 0 sec.)
Bandwidth 1g
input packets 0, bytes 0, dropped 0, multicast packets 0
output packets 0, bytes 0, multicast packets 0 broadcast packets 0
Figure 48. SHOW INTERFACE Command
The fields are described in Table 13 on page 227. For a description of the
command, see “SHOW INTERFACE” on page 226.
Displaying Port
Configuration
To display the current port configuration settings, use the SHOW
RUNNING-CONFIG INTERFACE command in the Privileged Exec mode.
Here is the format:
show running-config interface interface-list
This example displays the settings for ports 1 and 2:
awplus# show running-config interface port1.0.7
See Figure 49 for an example of the display.
Interface port1.0.7
switchport
switchport mode access
switchport access vlan 2
Figure 49. SHOW RUNNING-CONFIG INTERFACE Command
For a description of the command, see “SHOW RUNNING-CONFIG
INTERFACE” on page 237.
192
AT-8100 Switch Command Line User’s Guide
Displaying or Clearing Port Statistics
To view packet statistics for the individual ports, use the SHOW
PLATFORM TABLE PORT COUNTERS command in the Privileged Exec
mode. Here is the format of the command:
show platform table port [port] counters
This example displays the statistics for ports 23 and 24:
awplus# show platform table port port1.0.23,port1.0.24
counter
The statistics are described in Table 16 on page 234.
To clear the port counters, use the CLEAR PORT COUNTER command,
which has this format:
clear port counter port
This example clears the counters for ports 1 and 4:
awplus# clear port counter port1.0.1,port1.0.4
193
Chapter 9: Port Parameters
Displaying SFP Information
To view information on a plugged SFP on the switch, use the SHOW
SYSTEM PLUGGABLE command in the Privileged Exec mode. Here is
the format of the command:
show system pluggable
For more information about this command, see “SHOW SYSTEM
PLUGGABLE” on page 240.
To view more detail information on a plugged SFP, use the following
command:
awplus# show system pluggable detail
The fields are described in Table 16 on page 234.
194
Chapter 10
Port Parameter Commands
The port parameter commands are summarized in Table 11.
Table 11. Port Parameter Commands
Command
Mode
Description
“BACKPRESSURE” on page 198
Port Interface
Enables or disables backpressure on
ports that are operating in half-duplex
mode.
“BPLIMIT” on page 200
Port Interface
Specifies threshold levels for
backpressure on ports.
“CLEAR PORT COUNTER” on
page 201
User Exec and
Privileged Exec
Clears the packet counters.
“DESCRIPTION” on page 202
Port Interface
Adds port descriptions.
“DUPLEX” on page 204
Port Interface
Configures the duplex modes.
“EGRESS-RATE-LIMIT” on page 206
Port Interface
Sets a limit on the amount of traffic
that can be transmitted per second
from the port.
“FCTRLLIMIT” on page 207
Port Interface
Specifies threshold levels for flow
control.
“FLOWCONTROL” on page 208
Port Interface
Enables or disables flow control on
ports that are operating in full-duplex
mode.
“HOLBPLIMIT” on page 211
Port Interface
Specifies a threshold for head of line
blocking events.
“NO EGRESS-RATE-LIMIT” on
page 214
Port Interface
Disables egress rate limiting on the
ports.
“NO FLOWCONTROL” on page 215
Port Interface
Disables flow control on ports.
“NO SHUTDOWN” on page 216
Port Interface
Activates disabled ports so that they
resume forwarding network traffic
again.
“NO SNMP TRAP LINK-STATUS” on
page 217
Port Interface
Deactivates link traps.
195
Chapter 10: Port Parameter Commands
Table 11. Port Parameter Commands (Continued)
Command
Mode
Description
“NO STORM-CONTROL” on
page 218
Port Interface
Removes threshold limits for
broadcast, multicast, or unknown
unicast packets.
“POLARITY” on page 219
Port Interface
Sets the MDI/MDI-X settings on
twisted pair ports.
“PURGE” on page 221
Port Interface
Restores the default settings.
“RENEGOTIATE” on page 222
Port Interface
Prompts ports that are using AutoNegotiation to renegotiate their
settings with the network devices.
“RESET” on page 223
Port Interface
Performs software resets on the ports.
“SHOW FLOWCONTROL
INTERFACE” on page 224
Privileged Exec
Displays the current settings for flow
control on the ports.
“SHOW INTERFACE” on page 226
Privileged Exec
Displays port settings.
“SHOW INTERFACE BRIEF” on
page 230
Privileged Exec
Displays administrative and link
statuses.
“SHOW INTERFACE STATUS” on
page 232
Privileged Exec
Displays the speed and duplex mode
settings of the ports.
“SHOW PLATFORM TABLE PORT
COUNTERS” on page 234
Privileged Exec
Displays packet statistics for the
individual ports.
“SHOW RUNNING-CONFIG
INTERFACE” on page 237
Privileged Exec
Displays the settings of the specified
ports.
“SHOW STORM-CONTROL” on
page 238
Privileged Exec
Displays threshold settings for
broadcast, multicast, and unknown
unicast packets.
“SHOW SYSTEM PLUGGABLE” on
page 240
Privileged Exec
Displays information about the SFP
modules in the switch.
“SHOW SYSTEM PLUGGABLE
DETAIL” on page 241
Privileged Exec
Displays information about the SFP
modules in the switch.
“SHUTDOWN” on page 242
Port Interface
Disables ports to stop them from
forwarding network traffic.
“SNMP TRAP LINK-STATUS” on
page 243
Port Interface
Activates link traps.
“SPEED” on page 244
Port Interface
Manually sets port speed or activates
Auto-Negotiation.
196
Table 11. Port Parameter Commands (Continued)
Command
“STORM-CONTROL” on page 246
Mode
Port Interface
Description
Sets a maximum limit of the number of
broadcast, multicast, or unknown
unicast packets forwarded by a port.
197
Chapter 10: Port Parameter Commands
BACKPRESSURE
Syntax
backpressure on|off
Parameters
on
Activates backpressure on the ports.
off
Deactivates backpressure on the ports.
Mode
Port Interface mode
Description
Use this command to enable or disable backpressure on ports that are
operating at 10 or 100 Mbps in half-duplex mode. Backpressure is used by
ports during periods of packet congestion to temporarily stop their network
counterparts from transmitting more packets. This prevents a buffer
overrun and the subsequent loss and retransmission of network packets.
A port initiates backpressure by transmitting on the shared link to cause a
data collision, which causes its link partner to cease transmission.
To set backpressure on a port, you must configure the speed and duplex
mode manually. You cannot set backpressure on a port that is using AutoNegotiation.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Examples
This example configures port 15 to 10 Mbps, half-duplex mode, and
activates backpressure:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15
awplus(config-if)# speed 10
awplus(config-if)# duplex half
awplus(config-if)# backpressure on
198
AT-8100 Switch Command Line User’s Guide
This example configures ports 8 and 21 to 100 Mbps, half-duplex mode,
with backpressure disabled:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.8,port1.0.21
awplus(config-if)# speed 100
awplus(config-if)# duplex half
awplus(config-if)# backpressure off
199
Chapter 10: Port Parameter Commands
BPLIMIT
Syntax
bplimit bplimit
Parameters
bplimit
Specifies the number of cells for backpressure. A cell represents
128 bytes. The range is 1 to 7935 cells. The default value is 7935
cells.
Mode
Port Interface mode
Description
Use this command to specify a threshold level for backpressure on a port.
To cancel the setting and set the default value of 7935 cells, use the NO
BPLIMIT command.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Examples
This example sets the threshold for backpressure on ports 15 and 20 to
7000 cells:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15,port1.0.20
awplus(config-if)# bplimit 7000
This example cancels the settings and sets the default value of 7935 cells
on ports 15 and 20:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15,port1.0.20
awplus(config-if)# no bplimit
200
AT-8100 Switch Command Line User’s Guide
CLEAR PORT COUNTER
Syntax
clear port counter port
Parameters
port
Specifies the port whose packet counters you want to clear. You
can specify more than one port at a time in the command.
Mode
User Exec mode and Privileged Exec mode
Description
Use this command to clear the packet counters of the ports. To display the
counters, refer to “SHOW PLATFORM TABLE PORT COUNTERS” on
page 234.
Example
This example clears the packet counters for ports 4 to 7:
awplus# clear port counter port1.0.4-port1.0.7
201
Chapter 10: Port Parameter Commands
DESCRIPTION
Syntax
description description
Parameters
description
Specifies a description of 1 to 240 alphanumeric characters for a
port. Spaces and special characters are allowed.
Mode
Port Interface mode
Description
Use this command to add descriptions to the ports on the switch. The
ports will be easier to identify if they have descriptions.
Use the NO form of this command to remove descriptions from ports
without assigning new descriptions.
Note
The POWER-INLINE DESCRIPTION command is used to describe
powered devices that are connected to the ports. For information
about this command, see “POWER-INLINE DESCRIPTION” on
page 273.
Confirmation Command
“SHOW INTERFACE” on page 226
Examples
This example assigns the description “printer22” to port 15:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15
awplus(config-if)# description printer22
202
AT-8100 Switch Command Line User’s Guide
This example removes the current name from port 11 without assigning a
new name:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11
awplus(config-if)# no description
203
Chapter 10: Port Parameter Commands
DUPLEX
Syntax
duplex auto|half|full
Parameters
auto
Activates Auto-Negotiation for the duplex mode, so that the duplex
mode is set automatically.
half
Specifies half-duplex mode.
full
Specifies full-duplex mode.
Mode
Port Interface mode
Description
Use this command to set the duplex modes of the twisted pair ports. Ports
operating in half-duplex mode can either receive packets or transmit
packets, but not both at the same time, while ports operating in full-duplex
can both send and receive packets, simultaneously.
Note
To avoid a duplex mode mismatch between switch ports and
network devices, do not select Auto-Negotiation on ports that are
connected to network devices on which the duplex modes are set
manually. Switch ports that are set to Auto-Negotiation default to
half duplex mode if they detect that the network devices are not
using Auto-Negotiation. This may result in duplex mode mismatches
in which the switch ports use half duplex mode and the network
devices full duplex mode. To prevent this problem, always manually
set the duplex mode on ports that are connected to network devices
that are not using Auto-Negotiation.
Confirmation Command
“SHOW INTERFACE STATUS” on page 232
204
AT-8100 Switch Command Line User’s Guide
Examples
This example sets the duplex mode on port 11 half-duplex:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11
awplus(config-if)# duplex half
This example configures the duplex mode with Auto-Negotiation on port
15:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15
awplus(config-if)# duplex auto
205
Chapter 10: Port Parameter Commands
EGRESS-RATE-LIMIT
Syntax
egress-rate-limit value
Parameters
value
Specifies the maximum amount of traffic that can be transmitted
from the port. The value is kilobits per second. The range is 64 to
1,000,000 kilobits per second.
Mode
Port Interface mode
Description
Use this command to set a limit on the amount of traffic that can be
transmitted per second from the port.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example sets the egress rate limit to 1,000,000 kilobits per second on
ports 15, 16 and 21:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15,port1.0.16,port1.0.21
awplus(config-if)# egress-rate-limit 1000000
206
AT-8100 Switch Command Line User’s Guide
FCTRLLIMIT
Syntax
fctrllimit fctrllimit
Parameters
fctrllimit
Specifies the number of cells for flow control. A cell represents 128
bytes. The range is 1 to 7935 cells. The default value is 7935 cells.
Mode
Port Interface mode
Description
Use this command to specify threshold levels for flow control on the ports.
To cancel the setting and set the default value of 7935 cells, use the NO
FCTRLLIMIT command.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Examples
This example sets the threshold level for flow control on port 14 to 5000
cells:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.14
awplus(config-if)# fctrllimit 5000
This example cancels the flow control threshold level setting and sets the
default value of 7935 cells:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.14
awplus(config-if)# no fctrllimit
207
Chapter 10: Port Parameter Commands
FLOWCONTROL
Syntax
flowcontrol send|receive|both on|off
Parameter
send
Controls whether a port sends pause packets during periods of
packet congestion, to initiate flow control.
receive
Controls whether a port, when it receives pause packets from its
network counterpart, stops sending packets.
on
Activates flow control.
off
Deactivates flow control.
Mode
Port Interface mode
Description
Use this command to enable or disable flow control on ports that are
operating in full-duplex mode. Ports use flow control when they are
experiencing traffic congestion and need to temporary stop their link
partners from transmitting any more traffic. This allows them time to
process the packets already in their buffers.
A port that is experiencing traffic congestion initiates flow control by
sending pause packets. These packets instruct the link partner to stop
transmitting packets. A port continues to issue pause packets so long as
the traffic congestion persists. Once the condition has cleared, a port
stops sending pause packets to allow its link partner to resume the
transmission of packets.
The ports on the switch can both send pause packets during periods of
traffic congestion and stop transmitting packets when they receive pause
packets from their link partners. You can control both aspects of flow
control separately on the ports.
The RECEIVE parameter in the command controls the behavior of a port
when it receives pause packets from a network device. If receive is on, a
port stops sending packets in response to pause packets from its link
208
AT-8100 Switch Command Line User’s Guide
partner. If it is off, a port does not respond to pause packets and continues
to transmit packets. At the default setting, the receive portion of flow
control is off.
The SEND parameter determines whether a port sends pause packets
when it experiences traffic congestion. If send is on, a port sends pause
packets to signal its link partner of the condition and to stop the
transmission of more packets. If send is off, a port does not send pause
packets during periods of traffic congestion. At the default setting, the
send portion of flow control is off.
To configure flow control on a port, you must disable Auto-Negotiation and
set the speed and duplex mode manually. A port set to Auto-Negotiation
always uses flow control when operating in full-duplex mode.
Confirmation Command
“SHOW FLOWCONTROL INTERFACE” on page 224
Examples
This example configures port 19 to 100 Mbps, full-duplex mode, with both
the send and receive parts of flow control enabled:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.19
awplus(config-if)# speed 100
awplus(config-if)# duplex full
awplus(config-if)# flowcontrol send on
awplus(config-if)# flowcontrol receive on
This example configures ports 18 to 21 and 24 to 10 Mbps, full-duplex
mode, with both the send and receive portions of flow control disabled.
The ports will neither respond to pause packets from their link partners by
ceasing transmission nor will they issue pause packets during periods of
traffic congestion:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.18-port1.0.21,port1.0.24
awplus(config-if)# speed 10
awplus(config-if)# duplex full
awplus(config-if)# flowcontrol receive off
awplus(config-if)# flowcontrol send off
209
Chapter 10: Port Parameter Commands
This example configures port 1 and 2 to 10 Mbps, full-duplex mode. The
send portion of flow control is disabled so that the ports do not send pause
packets during periods of traffic congestion. But the receive portion is
enabled so that the ports response to pause packets from their network
counterparts by temporary ceasing transmission:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.1,port1.0.2
awplus(config-if)# speed 10
awplus(config-if)# duplex full
awplus(config-if)# flowcontrol send off
awplus(config-if)# flowcontrol receive on
210
AT-8100 Switch Command Line User’s Guide
HOLBPLIMIT
Syntax
holbplimit holbplimit
Parameter
holbplimit
Specifies the threshold at which a port signals a head of line
blocking event. The threshold is specified in cells. A cell is 128
bytes. The range is 1 to 8,191 cells; the default is 7,168 cells.
Mode
Port Interface mode
Description
Use this command to specify a threshold for head of line blocking events
on the ports. Head of line (HOL) blocking is a problem that occurs when a
port on the switch becomes oversubscribed because it is receiving more
packets from other switch ports than it can transmit in a timely manner.
An oversubscribed port can prevent other ports from forwarding packets to
each other because ingress packets on a port are buffered in a First In,
First Out (FIFO) manner. If a port has at the head of its ingress queue a
packet destined for an oversubscribed port, it will not be able to forward
any of its other packets to the egress queues of the other ports.
A simplified version of the problem is illustrated in Figure 50 on page 212.
It shows four ports on the switch. Port D is receiving packets from two
ports— 50% of the egress traffic from port A and 100% of the egress traffic
from port B. Not only is port A unable to forward packets to port D because
port D’s ingress queues are filled with packets from port B, but port A is
also unable to forward traffic to port C because its egress queue has
frames destined to port D that it is unable to forward.
211
Chapter 10: Port Parameter Commands
Figure 50. Head of Line Blocking
The HOL Limit parameter can help prevent this problem from occurring. It
sets a threshold on the utilization of a port’s egress queue. When the
threshold for a port is exceeded, the switch signals other ports to discard
packets to the oversubscribed port.
For example, referring to the figure above, when the utilization of the
storage capacity of port D exceeds the threshold, the switch signals the
other ports to discard packets destined for port D. Port A drops the D
packets, enabling it to once again forward packets to port C.
The number you enter for this value represents cells. A cell is 128 bytes.
The range is 1 to 8,191 cells; the default is 7,168 cells.
To cancel the HOL threshold and set the default value of 682 cells, use the
NO HOLBPLIMIT command.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Examples
This example sets the head of line blocking threshold on port 9 to 5,000
cells:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.9
awplus(config-if)# holbplimit 5000
212
AT-8100 Switch Command Line User’s Guide
This example cancels the setting 5000 and sets the default value of 682
cells on port 9:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.9
awplus(config-if)# no holbplimit
213
Chapter 10: Port Parameter Commands
NO EGRESS-RATE-LIMIT
Syntax
no egress-rate-limit
Parameters
None
Mode
Port Interface mode
Description
Use this command to disable egress rate limiting on the ports.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example disable egress rate limiting on the ports 4 and 5:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.4,port1.0.5
awplus(config-if)# no egress-rate-limit
214
AT-8100 Switch Command Line User’s Guide
NO FLOWCONTROL
Syntax
no flowcontrol
Parameter
None
Mode
Port Interface mode
Description
Use this command to disable flow control on ports.
Confirmation Command
“SHOW FLOWCONTROL INTERFACE” on page 224
Example
This example disables flow control on port 16:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.16
awplus(config-if)# no flowcontrol
215
Chapter 10: Port Parameter Commands
NO SHUTDOWN
Syntax
no shutdown
Parameters
None
Mode
Port Interface mode
Description
Use this command to enable ports so that they forward packets again.
This is the default setting for a port.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example enables port 22:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.22
awplus(config-if)# no shutdown
216
AT-8100 Switch Command Line User’s Guide
NO SNMP TRAP LINK-STATUS
Syntax
no snmp trap link-status
Parameter
None
Mode
Port Interface mode
Description
Use this command to deactivate SNMP link traps on the ports of the
switch. The switch does not send traps when a port on which link trap is
disabled experiences a change in its link state (i.e., goes up or down).
Confirmation Command
“SHOW INTERFACE” on page 226
Example
This example deactivates link traps on ports 18 and 23:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.18,port1.0.23
awplus(config-if)# no snmp trap link-status
217
Chapter 10: Port Parameter Commands
NO STORM-CONTROL
Syntax
no storm-control broadcast|multicast|dlf
Parameters
broadcast
Specifies broadcast packets.
multicast
Specifies multicast packets.
dlf
Specifies unknown unicast packets.
Description
Use this command to remove packet threshold levels that were set on the
ports with “STORM-CONTROL” on page 246.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Examples
This example removes the threshold limit for broadcast packets on port
12:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.12
awplus(config-if)# no storm-control broadcast
This example removes the threshold limit for unknown unicast rate on port
5:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5
awplus(config-if)# no storm-control dlf
This example removes the threshold limit for multicast packets on port 23:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.23
awplus(config-if)# no storm-control multicast
218
AT-8100 Switch Command Line User’s Guide
POLARITY
Syntax
polarity auto|mdi|mdix
Parameters
auto
Activates auto-MDI/MDIX.
mdi
Sets a port’s wiring configuration to MDI.
mdix
Sets a port’s wiring configuration to MDI-X.
Mode
Port Interface mode
Description
Use this command to set the wiring configuration of twisted pair ports that
are operating at 10 or 100 Mbps, in half- or full-duplex mode.
A twisted pair port that is operating at 10 or 100 Mbps can have one of two
wiring configurations, known as MDI (medium dependent interface) and
MDI-X (medium dependent interface crossover). To forward traffic, a port
on the switch and a port on a network device must have different settings.
For instance, the wiring configuration of a switch port has to be MDI if the
wiring configuration on a port on a network device is MDIX.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Examples
This example sets port 28 to the MDI wiring configuration:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.28
awplus(config-if)# polarity mdi
219
Chapter 10: Port Parameter Commands
This example sets ports 4 and 18 to the MDI-X wiring configuration:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.4,port1.0.18
awplus(config-if)# polarity mdix
This example activates auto-MDI/MDIX on ports 1 to 3:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.1-port1.0.3
awplus(config-if)# polarity auto
220
AT-8100 Switch Command Line User’s Guide
PURGE
Syntax
purge
Parameters
None
Mode
Port Interface mode
Description
Use this command to restore the default settings to these port parameters:

Enabled status (NO SHUTDOWN)

Description

Speed

Duplex mode

MDI/MDI-X

Flow control

Backpressure

Head of line blocking threshold

Backpressure cells
Example
This example restores the default settings to ports 5, 6 and 12:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5,port1.0.6,port1.0.12
awplus(config-if)# purge
221
Chapter 10: Port Parameter Commands
RENEGOTIATE
Syntax
renegotiate
Parameters
None
Mode
Port Interface mode
Description
Use this command to prompt a port that is set to Auto-Negotiation to
renegotiate its speed and duplex mode with its network device. You might
use this command if you believe that a port and a network device did not
establish the highest possible common settings during the AutoNegotiation process.
Example
This example prompts port 18 to renegotiate its settings with its network
counterpart:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.18
awplus(config-if)# renegotiate
222
AT-8100 Switch Command Line User’s Guide
RESET
Syntax
reset
Parameters
None
Mode
Port Interface mode
Description
Use this command to perform a hardware reset on the ports. The ports
retain their parameter settings. The reset takes only a second or two to
complete. You might reset a port if it is experiencing a problem.
Example
This example resets port 14:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.14
awplus(config-if)# reset
223
Chapter 10: Port Parameter Commands
SHOW FLOWCONTROL INTERFACE
Syntax
show flowcontrol interface port
Parameter
port
Specifies the port whose flow control setting you want to view. You
can specify just one port at a time.
Modes
Privileged Exec mode
Description
Use this command to display the current settings for flow control on the
ports. An example of the information is shown in Figure 51.
PortSendReceive
RxPause
adminadmin
-------------------------1.0.13yesyes
6520
TxPause
------7823
Figure 51. SHOW FLOWCONTROL INTERFACE Command
The fields are described in Table 12.
Table 12. SHOW FLOWCONTROL INTERFACE Command
Parameter
224
Description
Port
Port number.
Send admin
Whether or not flow control is active on
the transmit side of the port. If yes, the
port transmits pause packets during
periods of packet congestion. If no, the
port does not transmit pause packets.
Receive admin
Whether or not flow control is active on
the receive side of the port. If yes, the port
stops transmitting packets when it
receives pause packets from the other
network device. If no, the port does not
stop transmitting packets.
AT-8100 Switch Command Line User’s Guide
Table 12. SHOW FLOWCONTROL INTERFACE Command (Continued)
Parameter
Description
RxPause
The number of received pause packets.
TxPause
The number of transmitted pause packets.
Example
This command displays the flow control settings for port 2:
awplus# show flowcontrol interface port1.0.2
225
Chapter 10: Port Parameter Commands
SHOW INTERFACE
Syntax
show interface [port]
Parameter
port
Specifies the port whose current status you want to view. You can
display more than one port at a time. To display all the ports, do
not include this parameter.
Modes
Privileged Exec mode
Description
Use this command to display the current operating status of the ports. An
example of the information is shown in Figure 52 on page 227.
226
AT-8100 Switch Command Line User’s Guide
Interface port1.0.1
Link is UP, administrative state is UP
Address is 0015.77cc.e243
Description:
index 1 mtu 9198
Unknown Ingress Multicast Blocking: Disabled
Unknown Egress Multicast Blocking: Disabled
SNMP link-status traps: Enabled (Suppressed in 0 sec.)
Bandwidth 1g
input packets 0, bytes 0, dropped 0, multicast packets 0
output packets 0, bytes 0, multicast packets 0 broadcast packets 0
Interface port1.0.2
Link is UP, administrative state is UP
Address is 0015.77cc.e244
Description:
index 1 mtu 9198
Unknown Ingress Multicast Blocking: Disabled
Unknown Egress Multicast Blocking: Disabled
SNMP link-status traps: Enabled (Suppressed in 0 sec.)
Bandwidth 1g
input packets 0, bytes 0, dropped 0, multicast packets 0
output packets 0, bytes 0, multicast packets 0 broadcast packets 0
Figure 52. SHOW INTERFACE Command
The fields are described in Table 13.
Table 13. SHOW INTERFACE Command
Parameter
Interface
Description
Port number.
227
Chapter 10: Port Parameter Commands
Table 13. SHOW INTERFACE Command (Continued)
Parameter
228
Description
Link is
The status of the link on the port. This
field is UP when the port has a link with a
network device, and DOWN when the port
does not have a link.
Administrative state
The administrative state of the port. The
administrative state will be DOWN if the
port was disabled with the SHUTDOWN
command. Otherwise, the administrative
state of the port will be UP. To disable and
enable ports, refer to “SHUTDOWN” on
page 242 and “NO SHUTDOWN” on
page 216, respectively.
Address is
The MAC address of the port.
Description
The port’s description. To set the
description, refer to “DESCRIPTION” on
page 202.
Index mtu
The maximum packet size of the ports.
The ports have a maximum packet size of
9198 bytes. This is not adjustable.
Unknown Ingress/Egress
Multicast Blocking
The status of multicast blocking on the
port. To set multicast blocking, refer to
Chapter 33, “Multicast Commands” on
page 529.
SNMP link-status traps
The status of SNMP link traps on the port.
The switch sends link traps if the status is
Enabled and does not send link traps if
the status is Disabled. To enable and
disable link traps, refer to “SNMP TRAP
LINK-STATUS” on page 243 and “NO
SNMP TRAP LINK-STATUS” on
page 217, respectively.
Bandwidth
The current operating speed of the port.
The bandwidth will be Unknown if the port
does not have a link to a network device.
Input statistics
Ingress packet statistics.
Output statistics
Egress packet statistics.
AT-8100 Switch Command Line User’s Guide
Examples
This command displays the current operational state of all the ports:
awplus# show interface
This command displays the current operational state of ports 1 to 4:
awplus# show interface port1.0.1-port1.0.4
229
Chapter 10: Port Parameter Commands
SHOW INTERFACE BRIEF
Syntax
show interface brief
Parameter
None
Modes
Privileged Exec mode
Description
Use this command to display the administrative and link statuses of all of
the ports on the switch. An example of the information is shown in
Figure 53.
Interface StatusProtocol
port1.0.1admin up down
port1.0.2admin up down
port1.0.3admin up down
port1.0.4admin up down
port1.0.5admin up down
port1.0.6admin up down
Figure 53. SHOW INTERFACE BRIEF Command
The fields are described in Table 13.
Table 14. SHOW INTERFACE BRIEF Command
Field
230
Description
Interface
Indicates the port number.
Status
Indicates the administrative state of the
port. The administrative state is DOWN if
the port was disabled with the
SHUTDOWN command. Otherwise, the
administrative state of the port is UP. To
disable and enable ports, refer to
“SHUTDOWN” on page 242 and “NO
SHUTDOWN” on page 216, respectively.
AT-8100 Switch Command Line User’s Guide
Table 14. SHOW INTERFACE BRIEF Command (Continued)
Field
Protocol
Description
Indicates the status of the link on the port.
This field is UP when the port has a link
with a network device, and DOWN when
the port does not have a link.
Example
The following example displays the administrative and link statuses of all
of the ports on the switch:
awplus# show interface brief
231
Chapter 10: Port Parameter Commands
SHOW INTERFACE STATUS
Syntax
show interface [port] status
Parameter
port
Specifies the port whose parameter settings you want to view. You
can display more than one port at a time. To display all the ports,
do not include a port number.
Modes
Privileged Exec mode
Description
Use this command to display the speed, duplex mode, and VLAN settings
of the ports. An example of the information is shown in Figure 54.
PortNameStatus
Vlan
port1.0.1Port_01down3
port1.0.2Port_02up11
port1.0.2Port_02up2
port1.0.2Port_02up2
port1.0.2Port_02up2
Duplex
half
auto
auto
full
auto
SpeedType
10010/100/1000Base-T
auto10/100/1000Base-T
auto10/100/1000Base-T
10010/100/1000Base-T
auto10/100/1000Base-T
Figure 54. SHOW INTERFACE STATUS Command
The fields are described in Table 15.
Table 15. SHOW INTERFACE STATUS Command
Parameter
232
Description
Port
Port number.
Name
Description of port. To set the description,
refer to “DESCRIPTION” on page 202.
Status
Link status of the port. The status is Up if
the port has a link to a network device.
The status is Down if the port does not
have a link.
VLAN
The ID of the VLAN in which the port is an
untagged member.
AT-8100 Switch Command Line User’s Guide
Table 15. SHOW INTERFACE STATUS Command (Continued)
Parameter
Description
Duplex
The duplex mode setting of the port. The
setting can be half, full or auto for AutoNegotiation. To set the duplex mode, refer
to “DUPLEX” on page 204.
Speed
The speed of the port. The settings are
10, 100, or 1000 Mbps, or auto for AutoNegotiation.
Type
The Ethernet standard of the port.
Examples
This command displays the settings of all the ports:
awplus# show interface status
This command displays the settings of ports 17 and 18:
awplus# show interface port1.0.17-port1.0.18 status
233
Chapter 10: Port Parameter Commands
SHOW PLATFORM TABLE PORT COUNTERS
Syntax
show platform table port [port] counters
Parameter
port
Specifies the port whose statistics you want to view. You can
specify more than one port at a time in the command. To view all
the ports, omit this parameter.
Modes
Privileged Exec mode
Description
Use this command to display the packet statistics for the individual ports
on the switch. The statistics are described in Table 16. To clear the packet
counters, refer to “CLEAR PORT COUNTER” on page 201.
Table 16. SHOW PLATFORM TABLE PORT COUNTERS Command
Parameter
64
65-127
128-255
256-511
512-1023
1024-1518
1519-1522
Description
Number of frames transmitted by the port,
grouped by size.
General Counters
234
Octets
Number of received and transmitted
octets.
Pkts
Number received and transmitted
packets.
CRCErrors
Number of frames with a cyclic
redundancy check (CRC) error but with
the proper length (64-1518 bytes)
received by the port.
FCSErrors
Number of ingress frames that had frame
check sequence (FCS) errors.
AT-8100 Switch Command Line User’s Guide
Table 16. SHOW PLATFORM TABLE PORT COUNTERS Command
Parameter
Description
MulticastPkts
Number of received and transmitted
multicast packets.
BroadcastPkts
Number of received and transmitted
broadcast packets
PauseMACCtrlFrms
Number of received and transmitted flow
control pause packets.
OversizePkts
Number of received packets that
exceeded the maximum size as specified
by IEEE 802.3 (1518 bytes including the
CRC).
Fragments
Number of undersized frames, frames
with alignment errors, and frames with
frame check sequence (FCS) errors (CRC
errors).
Jabbers
Number of occurrences of corrupted data
or useless signals the port has
encountered.
UnsupportOpcode
Number of MAC Control frames with
unsupported opcode.
UndersizePkts
Number of frames that were less than the
minimum length as specified in the IEEE
802.3 standard (64 bytes including the
CRC).
SingleCollsnFrm
Number of frames that were transmitted
after at least one collision.
MultCollsnFrm
Number of frames that were transmitted
after more than one collision.
LateCollisions
Number of late collisions.
ExcessivCollsns
Number of excessive collisions.
Collisions
Total number of collisions on the port.
Layer 3 Counters
ifInUcastPkts
Number of ingress unicast packets.
ifOutUcastPkts
Number of egress unicast packets.
ifInDiscards
Number of ingress packets that were
discarded.
235
Chapter 10: Port Parameter Commands
Table 16. SHOW PLATFORM TABLE PORT COUNTERS Command
Parameter
Description
ifOutErrors
Number of packets that were discarded
prior to transmission because of an error.
ipInHdrErrors
Number of ingress packets that were
discarded because of a hardware error.
Miscellaneous Counters
MAC TxErr
Number of frames not transmitted
correctly or dropped due to an internal
MAC transmit error.
MAC RxErr
Number of Receive Error events seen by
the receive side of the MAC.
Drop Events
Number of frames successfully received
and buffered by the port, but discarded
and not forwarded.
Examples
This command displays the statistics for ports 21 and 23:
awplus# show platform table port port1.0.21,port1.0.23
counters
This command displays the statistics for all the ports on the switch:
awplus# show platform table port counters
236
AT-8100 Switch Command Line User’s Guide
SHOW RUNNING-CONFIG INTERFACE
Syntax
show running-config interface port
Parameters
port
Specifies a port, multiple ports, or a range of ports. For a detailed
explanation on how to specify ports, see “Port Numbers in
Commands” on page 63.
Modes
Privileged Exec mode
Description
Use this command to display the configuration settings of the ports. The
command displays only the settings that have been changed from their
default values and includes those values that have not yet been saved in
the active boot configuration file. An example of the information is shown
in Figure 55.
interface port1.0.1
dot1x port-control auto
no auth dynamic-vlan-creation
interface port1.0.3-port1.0.4
switchport access vlan 2
Figure 55. SHOW RUNNING-CONFIG INTERFACE Command
Example
This example displays the configuration settings for ports 1, 3, and 4:
awplus# show running-config interface port1.0.1,port1.0.3port1.0.4
237
Chapter 10: Port Parameter Commands
SHOW STORM-CONTROL
Syntax
show storm-control [port]
Parameters
port
Specifies the port whose storm-control, threshold limit settings you
want to view. You can specify more than one port at a time. To
display all the ports, do not include this parameter.
Mode
Privileged Exec mode
Description
Use this command to display information about the threshold limit settings
on the ports. Figure 56 shows an example of the information when you
enter the following command:
awplus# show storm-control port1.0.15
Port
BcastLevel
Mcastlevel
Port1.0.15 30100 100
Dlflevel
Figure 56. SHOW STORM-CONTROL Command
See Table 17 for a description of the table headings.
Table 17. SHOW STORM-CONTROL Command
Column
238
Description
Port
Indicates the port number.
BcastLevel
Indicates the maximum number of ingress broadcast
packets per second for the port. Broadcast packets
beyond this number are discarded.
McastLevel
Indicates the maximum number of ingress multicast
packets per second for the port. Multicast packets
beyond this number are discarded.
AT-8100 Switch Command Line User’s Guide
Table 17. SHOW STORM-CONTROL Command (Continued)
Column
DlfLevel
Description
Indicates the maximum number of unknown unicast
packets, destination lookup failure (DLF) packets per
second for the port. DLF packets beyond this number
are discarded.
Examples
This command displays the settings of all the ports:
awplus# show storm-control
This command displays the settings of ports 15 and 18:
awplus# show storm-control port1.0.15,port1.0.18
239
Chapter 10: Port Parameter Commands
SHOW SYSTEM PLUGGABLE
Syntax
show system pluggable
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display information about the SFP modules in the
switch.
System Pluggable Information
PortVendorDevice Serial NumberDatecode
Type
-------------------------------------------------------------------------1.0.49ATIAT-SPSX A03240R08420074120081018
1000BASE-SX
1.0.51ATIAT-SPSX A03240R08420074920081018
1000BASE-SX
-------------------------------------------------------------------------
Figure 57. SHOW SYSTEM PLUGGABLE Command
Example
This example displays SFP module information:
awplus# show system pluggable
240
AT-8100 Switch Command Line User’s Guide
SHOW SYSTEM PLUGGABLE DETAIL
Syntax
show system pluggable
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display information about the SFP modules in the
switch. See Figure 58. The SHOW SYSTEM PLUGGABLE DETAIL
command provides more detailed information than the SHOW SYSTEM
PLUGGABLE command. See “SHOW SYSTEM PLUGGABLE” on
page 240.
Port1.0.49
==========
Vendor Name:ATI
Device Name:AT-SPSX
Device Type:1000BASE-SX
Serial Number:A03240R084200741
Manufacturing Datecode:20081018
SFP Laser Wavelength:850nm
Link Length Supported
OM1 (62.5um) Fiber:270m
OM2 (50um) Fiber:550m
Figure 58. SHOW SYSTEM PLUGGABLE DETAIL Command
The OM1 field specifies the link length supported by the pluggable
transceiver using 62.5 micron multi-mode fiber. The OM2 field specifies
the link length supported by the pluggable transceiver using 50 micron
multi-mode fiber.
Example
This example displays detailed information about SFP modules:
awplus# show system pluggable detail
241
Chapter 10: Port Parameter Commands
SHUTDOWN
Syntax
shutdown
Parameter
None
Mode
Port Interface mode
Description
Use this command to disable ports. Ports that are disabled do not forward
traffic. You might disable ports that are unused to secure them from
unauthorized use or that are having problems with network cables or their
link partners. The default setting for the ports is enabled.
To reactivate a port, refer to “NO SHUTDOWN” on page 216.
Confirmation Command
“SHOW INTERFACE” on page 226
Example
This example disables ports 15 and 16:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15,port1.0.16
awplus(config-if)# shutdown
242
AT-8100 Switch Command Line User’s Guide
SNMP TRAP LINK-STATUS
Syntax
snmp trap link-status
Parameter
None
Mode
Port Interface mode
Description
Use this command to activate SNMP link traps on the ports. The switch
sends an SNMP trap to an SNMP trap receiver on your network whenever
a port experiences a change in its link state.
To disable link traps on a port, refer to “NO SNMP TRAP LINK-STATUS”
on page 217.
Note
For the switch to send SNMP traps, you must activate SNMP and
specify one or more trap receivers. For instructions, refer to Chapter
74, “SNMPv1 and SNMPv2c Commands” on page 1143 or Chapter
75, “SNMPv3 Commands” on page 1167.
Confirmation Command
“SHOW INTERFACE” on page 226
Example
This example activates link traps on port 22:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.22
awplus(config-if)# snmp trap link-status
243
Chapter 10: Port Parameter Commands
SPEED
Syntax
speed auto|10|100|1000
Parameters
auto
Activates Auto-Negotiation so that the speed is configured
automatically.
10
Specifies 10 Mbps.
100
Specifies 100 Mbps.
1000
Specifies 1000 Mbps. This setting should not be used on twisted
pair ports. For 1000Mbps, full duplex operation, a twisted pair port
must be set to Auto-Negotiation.
Mode
Port Interface mode
Description
Use this command to manually set the speeds of the twisted pair ports or
to activate Auto-Negotiation.
Confirmation Commands

Configured speed: “SHOW INTERFACE STATUS” on page 232

Current operating speed: “SHOW INTERFACE” on page 226
Examples
This example sets the speed on ports 11 and 17 to 100 Mbps:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11,port1.0.17
awplus(config-if)# speed 100
244
AT-8100 Switch Command Line User’s Guide
This example activates Auto-Negotiation on port 15:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15
awplus(config-if)# speed auto
245
Chapter 10: Port Parameter Commands
STORM-CONTROL
Syntax
storm-control broadcast|multicast|dlf level value
Parameters
broadcast
Specifies broadcast packets.
multicast
Specifies multicast packets.
dlf
Specifies unknown unicast packets.
level
Specifies the maximum number of ingress packets per second of
the designated type the port will forward. The range is 0 to
33,554,431 packets.
Mode
Port Interface mode
Description
Use this command to set maximum thresholds for the ingress packets on
the ports. Ingress packets that exceed the thresholds are discarded by the
ports. Thresholds can be set independently for broadcast packets,
multicast packets, and unknown unicast packets. To view the current
thresholds of the ports, refer to “SHOW RUNNING-CONFIG” on
page 162.
To remove threshold levels from the ports, refer to “NO STORMCONTROL” on page 218.
Confirmation Commands
“SHOW STORM-CONTROL” on page 238
“SHOW RUNNING-CONFIG” on page 162
246
AT-8100 Switch Command Line User’s Guide
Examples
This example sets the maximum threshold level of 5,000 packets per
second for ingress broadcast packets on port 12:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.12
awplus(config-if)# storm-control broadcast level 5000
This example sets the maximum threshold level of 100,000 packets per
second for ingress multicast packets on port 4:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.4
awplus(config-if)# storm-control multicast level 100000
This example sets the threshold level of 200,000 packets per second for
ingress unknown unicast packets on ports 15 and 17:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15,port1.0.17
awplus(config-if)# storm-control dlf level 200000
247
Chapter 10: Port Parameter Commands
248
Chapter 11
Power Over Ethernet

“Overview” on page 250

“Enabling and Disabling PoE” on page 252

“Adding PD Descriptions to Ports” on page 254

“Prioritizing Ports” on page 255

“Managing the Maximum Power Limit on Ports” on page 256

“Managing Legacy PDs” on page 257

“Monitoring Power Consumption” on page 258

“Displaying PoE Information” on page 259
249
Chapter 11: Power Over Ethernet
Overview
The AT-8100L/8PoE, AT-8100S/24PoE, and AT-8100S/48PoE switches
feature Power over Ethernet (PoE) on the 10/100Base-Tx ports. PoE is
used to supply power to network devices over the same twisted pair
cables that carry the network traffic.
The main advantage of PoE is that it can make it easier to install a
network. The selection of a location for a network device is often limited by
whether there is a power source nearby. This constraint limits equipment
placement or requires the added time and cost of having additional
electrical sources installed. However, with PoE, you can install PoEcompatible devices whereever they are needed without having to worry
about whether there are power source nearby.
Power Sourcing
Equipment (PSE)
Powered Device
(PD)
PD Classes
A device that provides PoE to other network devices is referred to as
power sourcing equipment (PSE). The AT-8100L/8PoE, AT-8100S/
24PoE, and AT-8100S/48PoE switches are PSE devices providing DC
power to the network cable and functioning as a central power source for
other network devices.
A device that receives power from a PSE device is called a powered
device (PD). Examples include wireless access points, IP phones,
webcams, and even other Ethernet switches.
PDs are grouped into five classes. The classes are based on the amount
of power that PDs require. The AT-8100 PoE switches support all five
classes listed in Table 18.
Table 18. IEEE Powered Device Classes
Class
Power Budget
250
Maximum Power Output
from a Switch Port
Power Ranges of the PDs
0
15.4W
0.44W to 12.95W
1
4.0W
0.44W to 3.84W
2
7.0W
3.84W to 6.49W
3
15.4W
6.49W to 12.95W
4
34.2W
25.5W to 38.9W
Power budget is the maximum amount of power that the PoE switch can
provide at one time to the connected PDs. The AT-8100L/8POE switch
has one power supply. The AT-8100S/24POE and AT-8100S/48POE
switches have two power supplies and can be operated using either one
AT-8100 Switch Command Line User’s Guide
power supply or both power supplies. One power supply is responsible for
providing 192.5 watts of the power budget. Table 19 shows power budget
per model.
Table 19. PoE Switch’s Power Budget
Switch Model
Port
Prioritization
When Using One
Power Supply
When Using Two
Power Supplies
AT-8100L/8POE
192.5W
N/A
AT-8100S/24POE
192.5W
385W
AT-8100S/48POE
192.5W
385W
As long as the total power requirements of the PDs is less than the total
available power of the switch, it can supply power to all of the PDs.
However, when the PD power requirements exceed the total available
power, the switch denies power to some ports based on a process called
port prioritization.
The ports on the PoE switch are assigned to one of three priority levels.
These levels and descriptions are listed in Table 20.
Table 20. PoE Port Priorities
Priority
Level
Description
Critical
This is the highest priority level. Ports set to the Critical
level are guaranteed to receive power before any of the
ports assigned to the other priority levels.
High
Ports set to the High level receive power only when all
the ports assigned to the Critical level are already
receiving power.
Low
This is the lowest priority level. Ports set to the Low level
receive power only when all the ports assigned to the
Critical and High levels are already receiving power. This
level is the default setting.
Without enough power to support all the ports set to the same priority level
at one time, the switch provides power to the ports based on the port
number, in ascending order. For example, when all of the ports in the
switch are set to the low priority level and the power requirements are
exceeded on the switch, port 1 has the highest priority level, port 2 has the
next highest priority level and so forth.
251
Chapter 11: Power Over Ethernet
Enabling and Disabling PoE
Enabling PoE on ports allows the switch to supply power to PDs
connected to the ports. In order for PDs to receive power, PoE must be
enabled on the ports. By default, PoE is enabled on all the ports on the
PoE switch.
The switch detects whether or not a network device connected to the port
is a valid PD. If the device is not a valid PD, the port functions as a regular
Ethernet port even when PoE is enabled on the port. The PoE feature
remains activated on the port, but no power is delivered to the device.
Disabling PoE on the port turns off the power supply to the port. You may
want to disable PoE on the ports used only for data traffic in order to
prevent them from unauthorized power use.
There are two ways to disable and enable PoE:

Globally: all the ports on the switch or switches in the stack at a
time.

Individually: on a port basis.
To enable PoE globally, use the SERVICE POWER-INLINE command in
the Global Configuration mode. See “SERVICE POWER-INLINE” on
page 279. The NO SERVICE POWER-INLINE command disables PoE on
all the ports on the switch, or all switches in the stack. See “NO SERVICE
POWER-INLINE” on page 270.
To enable PoE on an individual port basis, use the POWER-INLINE
ENABLE command in the Port Interface mode. See “POWER-INLINE
ENABLE” on page 274. The NO POWER-INLINE command disables PoE
on a port. See “NO POWER-INLINE ENABLE” on page 266.
This example enables PoE globally:
awplus> enable
awplus# configure terminal
awplus(config)# service power-inline
This example disables PoE globally:
awplus> enable
awplus# configure terminal
awplus(config)# no service power-inline
252
AT-8100 Switch Command Line User’s Guide
This example enables PoE individually on port 6 and port 8:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.6,port1.0.8
awplus(config-if)# power-inline enable
This example disables PoE individually on port 5 to port 8:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5-port1.0.8
awplus(config-if)# no power-inline enable
253
Chapter 11: Power Over Ethernet
Adding PD Descriptions to Ports
PDs connected to the ports are easier to identify if you give them
descriptions. To add descriptions to PDs, use the POWER-INLINE
DESCRIPTION command in the Port Interface mode. Here is the format:
power-inline description description
The description parameter can consist of up to 256 alphanumeric
characters. Spaces and special characters are allowed. You can assign a
description to more than one port at a time. See “POWER-INLINE
DESCRIPTION” on page 273.
To remove the current description from the port without assigning a new
one, use the NO POWER-INLINE DESCRIPTION command. See “NO
POWER-INLINE DESCRIPTION” on page 265.
This example adds PD description of “Desk Phone” to port 1.0.5 and
port1.0.6:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5,port1.0.6
awplus(config-if)# power-inline description Desk Phone
This example removes the description previously added to the port 6:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.6
awplus(config-if)# no power-inline description
Note
To add a general description to a port, use the DESCRIPTION
command. For more information, see “DESCRIPTION” on
page 202.
254
AT-8100 Switch Command Line User’s Guide
Prioritizing Ports
When the total power requirements of the PDs exceed the total available
power of the switch, the switch denies power to one or more ports based
on port prioritization.To guarantee power to the most critical PDs before
any other PDs, the switch allows you to prioritize the ports for power
supply.
You can assign one of three priority levels to a port: Critical, High, and
Low. See “Port Prioritization” on page 251 for details. By default, all ports
are set to the Low priority level. To change the priority level, use the
POWER-INLINE PRIORITY command. Here is the format:
power-inline priority critical | high | low
To guarantee that the most critical PDs receive power, assign the highest
priority level to the PDs. See “POWER-INLINE PRIORITY” on page 276.
To reset the priority level to the default Low level, use the NO POWERINLINE PRIORITY command. See “NO POWER-INLINE PRIORITY” on
page 268.
This example assigns ports 1, 2, and 3 to the Critical priority level to
guarantee these ports receive power before any other ports with the High
or Low priority level:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.1-port1.0.3
awplus(config-if)# power-inline priority critical
This example assigns port 4 to port 10 to the High priority level so that the
ports receive power before any ports with the Low priority level:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.4-port1.0.10
awplus(config-if)# power-inline priority high
This example sets port 8 to the Low priority level:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.8
awplus(config-if)# no power-inline priority
255
Chapter 11: Power Over Ethernet
Managing the Maximum Power Limit on Ports
To manage the switch’s power and optimize its power distribution, the
switch allows you to adjust the power limit that the switch provides to each
port. The switch automatically sets a default power limit to the port where
a PD is connected and allows you to change the default settings.
The switch detects the power class of a PD when the PD is connected to
the port. PDs are assigned one of five classes described in “PD Classes”
on page 250. Each class has the maximum power. The switch sets this
value as a default power limit to the port where the PD is connected.
For example, you connect an IP phone to port 1 on the PoE switch. The
switch detects that the power class of the IP phone is 2. The maximum
power output from the switch for a PD of class 2 is 7.0 watts. Thus, the
switch sets 7.0 watts as the default power limit to port 1.
If a PD connected to the port does not support power classification, a
default class of 0 is assigned to the PD. The maximum power for a PD of
class 0 is 15.4 watts so that the switch sets 15.4 watts to the default power
limit to the port.
To change a default power limit to the port, use the POWER-INLINE MAX
command in the Port Interface mode. Specify the value in milliwatts (mW)
See “POWER-INLINE MAX” on page 275.
This example changes the maximum power that the switch provides port 2
to 4.0 watts (4000 milliwatts):
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.2
awplus(config-if)# power-inline max 4000
256
AT-8100 Switch Command Line User’s Guide
Managing Legacy PDs
The PoE switch automatically detects whether or not a device plugged into
the PoE-enabled port is a valid PD. The switch supports PDs compliant
with the IEEE 802.3af and IEEE 802.3at PoE standards. In addition, the
switch supports legacy PDs that were designed before the IEEE standards
were finalized.
If the switch detects the connected device as an invalid PD, the port
functions as a regular Ethernet port. The PoE feature remains activated on
the port, but no power is delivered to the PD.
To enable the switch to detect legacy PDs as valid PDs, use the POWERINLINE ALLOW-LEGACY command to provide power to legacy PDs. See
“POWER-INLINE ALLOW-LEGACY” on page 272. To disable the switch
to detect legacy PDs as valid PDs, use the NO POWER-INLINE ALLOWLEGACY command not to provide power to legacy PDs. By default, the
switch detects legacy PDs as valid PDs. See “NO POWER-INLINE
ALLOW-LEGACY” on page 264.
This example enables the switch to detect legacy PDs as valid PDs on port
1 to port 3:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.1-port1.0.3
awplus(config-if)# power-inline allow-legacy
This example disables the switch to detect legacy PDs as valid PDs on
ports 1:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.1
awplus(config-if)# no power-inline allow-legacy
257
Chapter 11: Power Over Ethernet
Monitoring Power Consumption
You can monitor the power consumption of the switch and PDs by
configuring the unit to transmit an SNMP power-inline trap if their
combined power requirements exceed a defined threshold. The threshold
is specified as a percentage of the switch’s nominal power, which is the
total available power of the switch. You can view the nominal power with
“SHOW POWER-INLINE” on page 280. The threshold has the range of 1
to 99%. You may specify only one threshold. The commands for setting
the threshold and activating the trap are listed in Table 21.
Table 21. Receiving Power Consumption Notification
To Do This Task
Use This Command
Set the power threshold as a percentage of
the switch’s nominal power.
POWER-INLINE USAGETHRESHOLD
Activate SNMP on the switch.
SNMP-SERVER
Activate the transmission of SNMP trap for
PoE.
SNMP-SERVER ENABLE TRAP
POWER-INLINE
Note
You have to configure SNMP to use the trap. For instructions, refer
to Chapter 73, “SNMPv1 and SNMPv2c” on page 1131 or Chapter
75, “SNMPv3 Commands” on page 1167.
This example configures the switch to send the SNMP power-inline trap if
the power requirements of the switch and PDs exceed 90% of its nominal
power:
awplus> enable
awplus# configure terminal
awplus(config)# power-inline usage-threshold 90
awplus(config)# snmp-server
awplus(config)# snmp-server enable trap power-inline
258
AT-8100 Switch Command Line User’s Guide
Displaying PoE Information
The switch allows you to display PoE information using three commands.
Each command displays a different set of PoE information as described in
Table 22.
Table 22. PoE Show Commands
Command
Description
SHOW POWER-INLINE
Displays PoE information about the switch
and all the ports on the switch.
SHOW POWER-INLINE
COUNTERS
Displays the PoE event counters for the
ports.
SHOW POWER-INLINE
INTERFACE
Displays PoE information of specified ports.
SHOW POWER-INLINE
INTERFACE DETAIL
Displays detailed PoE information of the
specified ports.
This example displays PoE information on both the switch and all the ports
on the switch:
awplus# show power-inline
Figure 59 shows an example of the information the command displays.
The columns are described in Table 24 on page 281.
PoE Status:
Nominal Power: 490W
Power Allocated: 346.0W
Actual Power Consumption: 151.0W
Operational Status: On
Power Usage Threshold: 80% (392W)
PoE Interface:
Interface Admin
Pri Oper
Power(mW) Device
port1.0.1 Enabled Low Powered 3840
Phone#1
port1.0.2 Enabled High Powered 6720
n/a
port1.0.3 Enabled Low Powered 14784
n/a
port1.0.4 Enabled Crit Powered 14784
n/a
port1.0.5 Enabled Crit Powered 3840
Phone#2
port1.0.6 Enabled High Powered 6720
n/a
port1.0.7EnabledLowPowered14784n/a315400 [C]
Class
1
2
3
3
1
2
Max(mW)
4000 [C]
7000 [C]
15400 [C]
15400 [C]
4000 [C]
7000 [C]
Figure 59. SHOW POWER-INLINE Command
259
Chapter 11: Power Over Ethernet
This example displays the PoE information of port 1 through port 4:
awplus# show power inline interface port1.0.1-port1.0.4
Figure 60 shows an example of the information the command displays.
The columns are described in Table 24 on page 281.
Interface
port1.0.1
port1.0.2
port1.0.3
port1.0.4
Admin
Disabled
Enabled
Enabled
Disabled
Pri
Low
High
Crit
Low
Oper
Disabled
Powered
Powered
Disabled
Power
0
3840
6720
0
Device
n/a
Desk Phone
AccessPoint
n/a
Class
0
1
2
0
Max(mW)
15400 [C]
5000 [U]
7000 [C]
15400 [C]
Figure 60. SHOW POWER-INLINE INTERFACE Command
This example displays the detailed PoE information of port 10:
awplus# show power inline interface port1.0.10 detail
Figure 61 shows an example of the information the command displays.
The columns are described in Table 26 on page 286.
Interface port1.0.10
Powered device type: Desk Phone #1
PoE admin enabled
Low Priority
Detection status: Powered
Current power consumption: 00 mW
Powered device class: 1
Power allocated: 5000 mW (from configuration)
Detection of legacy device is disabled
Powered pairs: Data
Figure 61. SHOW POWER-INLINE INTERFACE DETAIL Command
260
Chapter 12
Power Over Ethernet Commands
The Power over Ethernet (PoE) commands are summarized in Table 23.
These commands are only supported on the PoE switches.
Table 23. Power over Ethernet Commands
Command
Mode
Description
“CLEAR POWER-INLINE
COUNTERS INTERFACE” on
page 263
Privileged Exec
Clears the PoE event counters on the
ports.
“NO POWER-INLINE ALLOWLEGACY” on page 264
Port Interface
Configures ports to deny power to
legacy powered devices (PDs).
“NO POWER-INLINE DESCRIPTION”
on page 265
Port Interface
Deletes the PD descriptions.
“NO POWER-INLINE ENABLE” on
page 266
Port Interface
Disables PoE on the ports.
“NO POWER-INLINE MAX” on
page 267
Port Interface
Restores a port’s power limit to the
default value.
“NO POWER-INLINE PRIORITY” on
page 268
Port Interface
Restores a port’s priority setting to the
default Low level.
“NO POWER-INLINE USAGETHRESHOLD” on page 269
Global
Configuration
Resets the power usage threshold to
the default 80%.
“NO SERVICE POWER-INLINE” on
page 270
Global
Configuration
Disables PoE on all of the ports on the
switch.
“NO SNMP-SERVER ENABLE TRAP
POWER-INLINE” on page 271
Global
Configuration
Disables the SNMP power-inline trap.
“POWER-INLINE ALLOW-LEGACY”
on page 272
Port Interface
Configures a port to support legacy
PDs.
“POWER-INLINE DESCRIPTION” on
page 273
Port Interface
Adds a PD description to a port.
“POWER-INLINE ENABLE” on
page 274
Port Interface
Enables PoE on a port.
“POWER-INLINE MAX” on page 275
Port Interface
Specifies the power limit of a port.
261
Chapter 12: Power Over Ethernet Commands
Table 23. Power over Ethernet Commands (Continued)
Command
Mode
Description
“POWER-INLINE PRIORITY” on
page 276
Port Interface
Assigns a PoE priority level to a port.
“POWER-INLINE USAGETHRESHOLD” on page 278
Global
Configuration
Sets the power threshold for the
SNMP power-inline trap.
“SERVICE POWER-INLINE” on
page 279
Global
Configuration
Activates PoE on all of the ports on
the switch.
“SHOW POWER-INLINE” on
page 280
Privileged Exec
Displays switch and port PoE
information.
“SHOW POWER-INLINE COUNTERS
INTERFACE” on page 283
Privileged Exec
Displays the port PoE event counters.
“SHOW POWER-INLINE
INTERFACE” on page 285
Privileged Exec
Displays port PoE information.
“SHOW POWER-INLINE INTERFACE
DETAIL” on page 286
Privileged Exec
Displays additional port PoE
information.
“SNMP-SERVER ENABLE TRAP
POWER-INLINE” on page 289
Global
Configuration
Activates the SNMP power-inline trap
for PoE.
262
AT-8100 Switch Command Line User’s Guide
CLEAR POWER-INLINE COUNTERS INTERFACE
Syntax
clear power-inline counters interface [port]
Parameter
port
Specifies a port. You can specify more than one port and clear
event counters for multiple ports.
Mode
Privileged Exec mode
Description
Use this command to clear the PoE port event counters. To clear all of the
port counters, do not enter a port number.
Confirmation Command
“SHOW POWER-INLINE COUNTERS INTERFACE” on page 283
Examples
This example clears all of the PoE port event counters:
awplus# clear power-inline counters interface
This example clears the event counters on ports 4 to 6:
awplus# clear power-inline counters interface port1.0.4port1.0.6
263
Chapter 12: Power Over Ethernet Commands
NO POWER-INLINE ALLOW-LEGACY
Syntax
no power-inline allow-legacy
Parameters
None
Mode
Port Interface mode
Description
Use this command to configure the ports to deny power to legacy PDs.
Legacy PDs are PoE devices that were designed before the IEEE 802.3af
and IEEE 802.3at PoE standards were finalized. This is the default setting
for the ports.
Confirmation Command
“SHOW POWER-INLINE INTERFACE DETAIL” on page 286
Example
This example configures ports 1 to 12 to deny power to legacy PDs:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.1-port1.0.12
awplus(config-if)# no power-inline allow-legacy
264
AT-8100 Switch Command Line User’s Guide
NO POWER-INLINE DESCRIPTION
Syntax
no power-inline description
Parameters
None
Mode
Port Interface mode
Description
Use this command to delete PD descriptions from the ports.
Confirmation Commands
“SHOW POWER-INLINE” on page 280
“SHOW POWER-INLINE INTERFACE” on page 285
“SHOW POWER-INLINE INTERFACE DETAIL” on page 286
Example
The following example deletes the PD description from port 5:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5
awplus(config-if)# no power-inline description
265
Chapter 12: Power Over Ethernet Commands
NO POWER-INLINE ENABLE
Syntax
no power-inline enable
Parameters
None
Mode
Port Interface mode
Description
Use this command to disable PoE on the ports. Ports do not transmit
power when PoE is disabled, but they do forward network traffic.
Confirmation Commands
“SHOW POWER-INLINE” on page 280
“SHOW POWER-INLINE INTERFACE” on page 285
“SHOW POWER-INLINE INTERFACE DETAIL” on page 286
Example
The following example disables PoE on ports 10, 11 and 12:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.10-port1.0.12
awplus(config-if)# no power-inline enable
266
AT-8100 Switch Command Line User’s Guide
NO POWER-INLINE MAX
Syntax
no power-inline max
Parameters
None
Mode
Port Interface mode
Description
Use this command to restore the default maximum power limits on the
ports. The default power limits are based on the power classes of the PDs.
See “Managing the Maximum Power Limit on Ports” on page 256 for
details.
Confirmation Commands
“SHOW POWER-INLINE” on page 280
“SHOW POWER-INLINE INTERFACE” on page 285
“SHOW POWER-INLINE INTERFACE DETAIL” on page 286
Example
This example restores the default maximum power limit on port 6:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.6
awplus(config-if)# no power-inline max
267
Chapter 12: Power Over Ethernet Commands
NO POWER-INLINE PRIORITY
Syntax
no power-inline priority
Parameters
None
Mode
Port Interface mode
Description
Use this command to restore the default Low priority setting to the ports.
Confirmation Commands
“SHOW POWER-INLINE” on page 280
“SHOW POWER-INLINE INTERFACE” on page 285
“SHOW POWER-INLINE INTERFACE DETAIL” on page 286
Example
This example restores the default Low priority level to port 20:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.20
awplus(config-if)# no power-inline priority
268
AT-8100 Switch Command Line User’s Guide
NO POWER-INLINE USAGE-THRESHOLD
Syntax
no power-inline usage-threshold
Parameters
None
Mode
Global Configuration mode
Description
Use this command to reset the power usage threshold to the default 80%.
The switch sends an SNMP power-inline trap if the power requirements of
the switch and PDs exceed the defined threshold.
Confirmation Command
“SHOW POWER-INLINE” on page 280
Example
This example restores the default power usage threshold of 80%:
awplus> enable
awplus# configure terminal
awplus(config)# no power-inline usage-threshold
269
Chapter 12: Power Over Ethernet Commands
NO SERVICE POWER-INLINE
Syntax
no service power-inline
Parameters
None
Mode
Global Configuration mode
Description
Use this command to disable PoE on the switch. The ports do not transmit
power to the PDs when PoE is disabled, but they do forward network
traffic. The default setting for PoE is enabled. When performed on the
master switch of a stack, the command disables PoE on the ports on all of
the PoE switches in the stack.
Confirmation Commands
“SHOW POWER-INLINE” on page 280
“SHOW POWER-INLINE INTERFACE” on page 285
“SHOW POWER-INLINE INTERFACE DETAIL” on page 286
Example
This example disables PoE on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# no service power-inline
270
AT-8100 Switch Command Line User’s Guide
NO SNMP-SERVER ENABLE TRAP POWER-INLINE
Syntax
no snmp-server enable trap power-inline
Parameters
None
Mode
Global Configuration mode
Description
Use this command to disable the transmission of SNMP power-inline
traps. The switch sends this trap if the power requirements of the switch
and PDs exceed the threshold set with “POWER-INLINE USAGETHRESHOLD” on page 278
Confirmation Command
“SHOW RUNNING-CONFIG SNMP” on page 1153
Example
The following example disables the SNMP power-inline trap:
awplus> enable
awplus# configure terminal
awplus(config)# no snmp-server enable trap power-inline
271
Chapter 12: Power Over Ethernet Commands
POWER-INLINE ALLOW-LEGACY
Syntax
power-inline allow-legacy
Parameters
None
Mode
Port Interface mode
Description
Use this command to configure the ports to support legacy PDs. Legacy
PDs are PoE devices that were designed before the IEEE 802.3af and
IEEE 802.3at PoE standards were finalized. The default setting is no
support for legacy PDs.
Confirmation Commands
“SHOW POWER-INLINE INTERFACE DETAIL” on page 286
Example
This example configures ports 1 to 6 to support legacy PDs:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.1-port1.0.6
awplus(config-if)# power-inline allow-legacy
272
AT-8100 Switch Command Line User’s Guide
POWER-INLINE DESCRIPTION
Syntax
power-inline description description
Parameters
description
Specifies a PD description of up to 256 alphanumeric characters.
Spaces and special characters are allowed.
Mode
Port Interface mode
Description
Use this command to add PD descriptions to the ports to make the ports
and PDs easier to identify.
Note
To add a general description to a port, use the DESCRIPTION
command. For more information, see “DESCRIPTION” on page 202.
Confirmation Commands
“SHOW POWER-INLINE” on page 280
“SHOW POWER-INLINE INTERFACE” on page 285
“SHOW POWER-INLINE INTERFACE DETAIL” on page 286
Example
This example adds the PD description “Surveillance Camera5” to port 5:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5
awplus(config-if)# power-inline description Surveillance
Camera5
273
Chapter 12: Power Over Ethernet Commands
POWER-INLINE ENABLE
Syntax
power-inline enable
Parameters
None
Mode
Port Interface mode
Description
Use this command to enable PoE on the ports. This is the default setting.
Confirmation Commands
“SHOW POWER-INLINE” on page 280
“SHOW POWER-INLINE INTERFACE” on page 285
“SHOW POWER-INLINE INTERFACE DETAIL” on page 286
Example
This example enables PoE on port 12:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.12
awplus(config-if)# power-inline enable
274
AT-8100 Switch Command Line User’s Guide
POWER-INLINE MAX
Syntax
power-inline max max_power
Parameters
max_power
Specifies the maximum power limit of the ports in milliwatts (mW).
The range is 4000 to 30000 mW.
Mode
Port Interface mode
Description
Use this command to set the maximum power limits on the ports. The
maximum power limit is the maximum amount of power a port may
transmit to a PD. Ports can have different limits. The default power limits
are based on the classes of the PDs. See “Managing the Maximum Power
Limit on Ports” on page 256 for details.
Confirmation Commands
“SHOW POWER-INLINE” on page 280
“SHOW POWER-INLINE INTERFACE” on page 285
“SHOW POWER-INLINE INTERFACE DETAIL” on page 286
Example
This example sets the maximum power limits on ports 1 to port 6 to 6.5
watts:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.1-port1.0.6
awplus(config-if)# power-inline max 6500
275
Chapter 12: Power Over Ethernet Commands
POWER-INLINE PRIORITY
Syntax
power-inline priority critical|high|low
Parameters
critical
The highest priority level for PoE ports. Ports set to the critical level
are guaranteed power before any of the ports assigned to the other
priority levels.
high
Ports set to the high level receive power only when all of the ports
assigned to the critical level are already receiving power.
low
The lowest priority level for PoE ports. Ports set to the Low level
receive power only when all of the ports assigned to the critical and
high levels are already receiving power. This level is the default
setting.
Mode
Port Interface mode
Description
Use this command to assign PoE priority levels to the ports. The priority
levels are Low, High, and Critical. Ports connected to the most critical PDs
should be assigned the Critical level to guarantee them power before any
of the other ports in the event the switch does not have enough power for
all of the PDs.
If the switch does not have enough power to support all the ports set to the
same priority level, it allocates power based on port number, in ascending
order. For example, if all of the ports are set to the Low priority level, port 1
has the highest priority level, port 2 has the next highest priority level and
so forth.
Confirmation Commands
“SHOW POWER-INLINE” on page 280
“SHOW POWER-INLINE INTERFACE” on page 285
“SHOW POWER-INLINE INTERFACE DETAIL” on page 286
276
AT-8100 Switch Command Line User’s Guide
Example
This example assigns the Critical priority level to port 5:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5
awplus(config-if)# power-inline priority critical
277
Chapter 12: Power Over Ethernet Commands
POWER-INLINE USAGE-THRESHOLD
Syntax
power-inline usage-threshold threshold
Parameters
threshold
Specifies the power usage threshold in a percentage of the
switch’s total available power. The range is 1 to 99%.
Mode
Global Configuration mode
Description
Use this command to set a threshold of the switch’s total available power.
An SNMP trap is transmitted if the requirements of the switch and the PDs
exceed the threshold. To activate the trap, refer to “SNMP-SERVER
ENABLE TRAP POWER-INLINE” on page 289. The default setting is
80%.
Confirmation Command
“SHOW POWER-INLINE” on page 280
Example
This example sets the threshold to 90% of the switch’s total available
power:
awplus> enable
awplus# configure terminal
awplus(config)# power-inline usage-threshold 90
278
AT-8100 Switch Command Line User’s Guide
SERVICE POWER-INLINE
Syntax
service power-inline
Parameters
None
Mode
Global Configuration mode
Description
Use this command to enable PoE on the switch or stack. This is the default
setting.
Confirmation Commands
“SHOW POWER-INLINE” on page 280
“SHOW POWER-INLINE INTERFACE” on page 285
“SHOW POWER-INLINE INTERFACE DETAIL” on page 286
Example
This example enables PoE on the switch or stack:
awplus> enable
awplus# configure terminal
awplus(config)# service power-inline
279
Chapter 12: Power Over Ethernet Commands
SHOW POWER-INLINE
Syntax
show power-inline
Parameter
None
Mode
Privileged Exec mode
Description
Use this command to display operational information about PoE. An
example is shown in Figure 62. The fields are described in Table 24 on
page 281.
PoE Status:
Nominal Power: 490W
Power Allocated: 346.0W
Actual Power Consumption: 151.0W
Operational Status: On
Power Usage Threshold: 80% (392W)
PoE Interface:
Interface Admin
Pri Oper
Power(mW) DeviceClassMax(mW)
port1.0.1 Enabled Low Powered 3840
n/a1
4000 [C]
port1.0.2 Enabled High Powered 6720
n/a2
7000 [C]
port1.0.3 Enabled Low Powered 14784
n/a3
15400 [C]
port1.0.4 Enabled Crit Powered 14784
n/a3
15400 [C]
port1.0.5 Enabled Crit Powered 3840
n/a1
4000 [C]
port1.0.6 Enabled High Powered 6720
n/a2
7000 [C]
port1.0.7EnabledLowPowered14784n/a315400 [C]
Figure 62. SHOW POWER-INLINE Command
280
AT-8100 Switch Command Line User’s Guide
Table 24. SHOW POWER-INLINE Command
Field
Description
Nominal Power
The switch’s total available power in watts (W).
Power Allocated
The available power in watts (W) for PDs. This
value is updated every 5 seconds.
Actual Power
Consumption
The current power consumption in watts (W) of the
PDs. This value is updated every 5 seconds.
Operational
Status
The operational status of the power supply units
(PSU) in the switch. The status can be one of the
following:

On: The units are powered on.

Fault: One of the power supplies has
encountered a problem.
Power Usage
Threshold
The SNMP power-inline trap threshold. A SNMP
trap is transmitted if the power requirements of the
switch and PDs exceed the threshold. This
parameter is set with “POWER-INLINE USAGETHRESHOLD” on page 278.
PoE Interface
A table of port PoE information.
Interface
The port number.
Admin
The status of PoE on the port. The status can be
one of the following:
Pri

Enabled: PoE is enabled. The port can transmit
power to a PD. PoE is enabled with “POWERINLINE ENABLE” on page 274.

Disabled: PoE is disabled. The port does not
supply power to a PD, but it does forward
network traffic. PoE is disabled with “NO
POWER-INLINE ENABLE” on page 266.
The port’s PoE priority level. This parameter is set
with “POWER-INLINE PRIORITY” on page 276.
The priority level can be one of the following:

Low: The lowest priority level. Default level.

High: The higher priority level.

Crit: Critical, the highest priority level.
281
Chapter 12: Power Over Ethernet Commands
Table 24. SHOW POWER-INLINE Command (Continued)
Field
Oper
Description
The PoE operating status of the port. The possible
status are listed here:

Powered: The port is transmitting power to the
PD.

Denied: The port is not transmitting power to
the PD because the switch has reached its
maximum power capacity.

Off: PoE is disabled on the port.

Fault: The switch is exceeding the total
available power.

Test: The port is in a test mode.
Power
The port’s current power consumption in milliwatts
(mW).
Device
The port’s PD description. This parameter is set
with “POWER-INLINE DESCRIPTION” on
page 273.
Class
The PD’s class PD. See “PD Classes” on page 250
for details.
Max (mW)
The port’s maximum power limit in milliwatts (mW)
and how the limit was set. The methods are listed
here:

[U]: The power limit was set with “POWERINLINE MAX” on page 275.

[L]: The power limit was supplied by LLDP.

[C]: The power limit was set according to the
PD’s class.
Example
This example displays PoE information about the switch and ports:
awplus# show power-inline
282
AT-8100 Switch Command Line User’s Guide
SHOW POWER-INLINE COUNTERS INTERFACE
Syntax
show power-inline counters interface port
Parameter
port
Specifies a port. You can specify and display more than one port at
a time. Omit this parameter to display all of the ports.
Mode
Privileged Exec mode
Description
Use this command to display the PoE event counters for the ports. An
example is shown in Figure 63.
PoE Counters:
Interface MPSAbsent Overload Short Invalid Denied
port1.0.4
0
0
0
0
0
port1.0.5
0
0
0
0
0
port1.0.6
0
0
0
0
0
Figure 63. SHOW POWER-INLINE COUNTERS INTERFACE Command
The fields are described in Table 25.
Table 25. SHOW POWER-INLINE COUNTERS INTERFACE Command
Field
Description
Interface
The port number.
MPSAbsent
This field is not applicable to the AT-8100S Series
switches.
Overload
The number of times the PD exceeded the power limit
set with “POWER-INLINE MAX” on page 275.
Short
The number of short circuits the port has experienced.
283
Chapter 12: Power Over Ethernet Commands
Table 25. SHOW POWER-INLINE COUNTERS INTERFACE Command
Field
Description
Invalid
The number of times the port detected an invalid
signature. An invalid signature indicates an open circuit,
a short circuit, or a legacy PD.
Denied
The number of times the port had to deny power to the
PD because the switch had reached its maximum
power capacity.
Example
This command displays the PoE event counters for ports 4 to 6:
awplus# show power-inline counters interface port1.0.4port1.0.6
284
AT-8100 Switch Command Line User’s Guide
SHOW POWER-INLINE INTERFACE
Syntax
show power-inline interface port
Parameter
port
Specifies a port. You can display more than one port at a time.
Mode
Privileged Exec mode
Description
Use this command to display the PoE information on the ports. An
example is shown in Figure 64.
Interface
port1.0.1
port1.0.2
port1.0.3
port1.0.4
Admin
Disabled
Enabled
Enabled
Disabled
Pri
Low
High
Crit
Low
Oper
Disabled
Powered
Powered
Disabled
Power Device Class
0
0
3840
Phone
1
6720
AccessPt 2
0
0
Max(mW)
15400 [C]
5000 [U]
7000 [C]
15400 [C]
Figure 64. SHOW POWER-INLINE INTERFACE Command
This command displays a subset of the information the SHOW POWERINLINE command displays. The fields are described in Table 24 on
page 281.
Example
This example displays PoE information for ports 1 to 4:
awplus# show power-inline interface port1.0.1-port1.0.4
285
Chapter 12: Power Over Ethernet Commands
SHOW POWER-INLINE INTERFACE DETAIL
Syntax
show power-inline interface port detail
Parameter
port
Specifies a port. You can display more than one port at a time.
Mode
Privileged Exec mode
Description
Use this command to display additional information about the ports. An
example is shown in Figure 65.
Interface port1.0.1
Powered device type: Desk Phone #1
PoE admin enabled
Priority Low
Detection status: Powered
Current power consumption: 00 mW
Powered device class: 1
Power allocated: 5000 mW (from configuration)
Detection of legacy devices is disabled
Figure 65. SHOW POWER-INLINE INTERFACE DETAIL Command
The fields are described in Table 26.
Table 26. SHOW POWER-INLINE INTERFACE DETAIL Command
Field
286
Description
Interface
The port number.
Powered device
type
The PD description. The description is set with
“POWER-INLINE DESCRIPTION” on page 273.
AT-8100 Switch Command Line User’s Guide
Table 26. SHOW POWER-INLINE INTERFACE DETAIL Command
Field
PoE admin
Priority
Detection status
Description
The status of PoE on the port. The status can be
one of the following:

Enabled: PoE is enabled. The port can transmit
power to a PD. PoE is enabled with “POWERINLINE ENABLE” on page 274.

Disabled: PoE is disabled. The port does not
supply power to a PD, but it does forward
network traffic. PoE is disabled with “NO
POWER-INLINE ENABLE” on page 266.
The port’s PoE priority level. The priority level is set
with “POWER-INLINE PRIORITY” on page 276.
The priorities are listed here:

Low: the lowest priority level. This is default
level.

High: the higher priority level.

Crit: the critical, or highest priority level.
The PoE operating status of the port. The possible
status are listed here:

Powered: The port is transmitting power to the
PD.

Denied: The port is not transmitting power to
the PD because the switch has reached its
maximum power capacity.

Off: PoE is disabled on the port.

Fault: The switch is exceeding the total
available power.

Test: The port is in a test mode.
Current power
consumption
The port’s current power consumption in milliwatts
(mW).
Powered device
class
The PD’s class. See “PD Classes” on page 250 for
details.
Power allocated
The port’s power limit in milliwatts (mW).
287
Chapter 12: Power Over Ethernet Commands
Table 26. SHOW POWER-INLINE INTERFACE DETAIL Command
Field
Detection of
legacy devices
Description
The status of support for a legacy PD on the port:

Enabled: The port supports legacy devices.

Disabled: The port does not support legacy
devices.
Support for legacy devices is enabled with
“POWER-INLINE ALLOW-LEGACY” on page 272
and disabled with “NO POWER-INLINE ALLOWLEGACY” on page 264.
Powered pairs
The twisted pairs used to transfer power to the PD.
This parameter is not adjustable. The value is one
of the following:

Data

Spare
Examples
This example displays PoE information for port 1:
awplus# show power-inline interface port1.0.1 detail
This example displays PoE information for ports 7 to 10:
awplus# show power-inline interface port1.0.7-port1.0.10
detail
288
AT-8100 Switch Command Line User’s Guide
SNMP-SERVER ENABLE TRAP POWER-INLINE
Syntax
snmp-server enable trap power-inline
Parameters
None
Mode
Global Configuration mode
Description
Use this command to activate the transmission of the SNMP power-inline
trap. The trap is sent if the power requirements of the switch and PDs
exceed the power limit threshold set with “POWER-INLINE USAGETHRESHOLD” on page 278.
Confirmation Command
“SHOW RUNNING-CONFIG SNMP” on page 1153
Example
This example enables the SNMP power-inline trap:
awplus> enable
awplus# configure terminal
awplus(config)# snmp-server enable trap power-inline
289
Chapter 12: Power Over Ethernet Commands
290
Chapter 13
IPv4 and IPv6 Management Addresses
This chapter contains the following information:

“Overview” on page 292

“Assigning an IPv4 Management Address and Default Gateway” on
page 296

“Assigning an IPv6 Management Address and Default Gateway” on
page 301
291
Chapter 13: IPv4 and IPv6 Management Addresses
Overview
This chapter explains how to assign the switch an IP address. The switch
must have an IP address to perform the features in Table 27. It uses the
address as its source address when it communicates with other network
devices, such as TFTP servers, and Telnet management workstations.
To assign an IP address to the switch, you have to create an IPv4 routing
interface in one of its VLANs. You should assign the routing interface to
the VLAN from which the switch is to access the management devices.
The switch uses the IP address of the routing interface as its source
address.
Routing interfaces are also used to implement the IPv4 packet routing
feature, described in Chapter 104, “Internet Protocol Version 4 Packet
Routing” on page 1811. If you do not plan to use the packet routing
feature, create only one IPv4 routing interface on the switch. The switch
does not route packets if it has only one interface.
You may also assign the switch one IPv6 management address. However,
as the table indicates, the switch does not support all of the features when
assigned only an IPv6 address.
Table 27. Features Requiring an IP Management Address on the Switch
Feature
292
Description
Supported
by IPv4
Address
Supported
by IPv6
Address
802.1x port-based network
access control
Used with a RADIUS server for
port security.
yes
no
Enhanced stacking
Used to manage more than
one switch from the same local
or remote management
session.
yes
no
Ping
Used to test for valid links
between the switch and other
network devices.
yes
yes
RADIUS client
Used for remote management
authentication and for 802.1x
port-based network access
control.
yes
no
AT-8100 Switch Command Line User’s Guide
Table 27. Features Requiring an IP Management Address on the Switch (Continued)
Feature
Description
Supported
by IPv4
Address
Supported
by IPv6
Address
RMON
Used with the RMON portion
of the MIB tree on an SNMP
workstation to remotely
monitor the switch.
yes
no
Secure Shell server
Used to remotely manage the
switch with a Secure Shell
client.
yes
yes
sFlow agent
Used to transmit packet
statistics and port counters to
an sFlow collector on your
network.
yes
no
SNMPv1, v2c, and v3
Used to remotely manage the
switch with SNMP.
yes
yes
SNTP client
Used to set the date and time
on the switch from an NTP or
SNTP server on your network
or the Internet.
yes
no
Static ARP entries
Used to add static ARP entries
to the switch.
yes
no
Syslog client
Used to send the event
messages from the switch to
syslog servers on your
network for storage.
yes
no
TACACS+ client
Used for remote management
authentication using a
TACACS+ server on your
network.
yes
no
Telnet client
Used to manage other network
devices from the switch.
yes
yes
Telnet server
Used to remotely manage the
switch with a Telnet client.
yes
yes
TFTP client
Used to download files to or
upload files from the switch
using a TFTP server.
yes
yes
Non-secure HTTP web
browser server
Used to remotely manage the
switch with a web browser.
yes
yes
293
Chapter 13: IPv4 and IPv6 Management Addresses
Table 27. Features Requiring an IP Management Address on the Switch (Continued)
Feature
Secure HTTPS web browser
server
294
Description
Used to remotely manage the
switch with a web browser,
with encryption.
Supported
by IPv4
Address
Supported
by IPv6
Address
yes
yes
AT-8100 Switch Command Line User’s Guide
Here are the guidelines to assigning the switch management IPv4 and
IPv6 addresses:

You may assign the switch more than one IPv4 address. However,
the switch routes IPv4 packets if it has more than one routing
interface, as explained in Chapter 104, “Internet Protocol Version 4
Packet Routing” on page 1811. If you want the switch to support
the features in Table 27 on page 292 but not route packets, assign
it only one IPv4 routing interface.

The switch supports only one IPv6 address.

A management address can be assigned to a VLAN on the switch.
It can be assigned to any VLAN, including the Default_VLAN. For
background information on VLANs, refer to Chapter 60, “Portbased and Tagged VLANs” on page 899.

If you assign both IPv4 and IPv6 addresses to the switch, they
must be assigned to the same VLAN.

An IPv4 management address can be assigned manually or from a
DHCP server on your network. (To learn the switch’s MAC address
to add to a DHCP server, refer to “SHOW SWITCH” on page 163.)

An IPv6 address must be assigned manually. The switch does not
support the assignment of an IPv6 management address from a
DHCP server or by IPv6 auto assignment.

You must also assign the switch a default gateway if the
management devices (syslog servers, Telnet workstations, etc,)
are not members of the same subnet as the management address.
This IP address designates an interface on a router or other Layer
3 device that represents the first hop to the remote subnets or
networks where the network devices are located.

The default gateway address, if needed, must be a member of the
same subnet as the management address.
295
Chapter 13: IPv4 and IPv6 Management Addresses
Assigning an IPv4 Management Address and Default Gateway
This section covers the following topics:
Adding an IPv4
Management
Address

“Adding an IPv4 Management Address” next

“Adding an IPv4 Default Gateway Address” on page 298

“Deleting an IPv4 Management Address and Default Gateway” on
page 299

“Displaying an IPv4 Management Address and Default Gateway” on
page 299
The command to assign the switch an IPv4 management address is the IP
ADDRESS command. It has to be performed from the VLAN Configuration
mode of the VLAN to which the address is to be assigned. If the VLAN
does not already exist, you have to create it before you can assign the
address. For instructions, refer to Chapter 60, “Port-based and Tagged
VLANs” on page 899.
Here is the format of the command:
ip address ipaddress/mask|dhcp
The IPADDRESS parameter is the IPv4 management address to be
assigned the switch. The address is specified in this format:
nnn.nnn.nnn.nnn
Each NNN is a decimal number from 0 to 255. The numbers must be
separated by periods.
The MASK parameter is a decimal number that represents the number of
bits, from left to right, that constitute the network portion of the address.
Here are a couple basic examples:

The decimal mask 16 is equivalent to the mask 255.255.0.0.

The decimal mask 24 is equivalent to the mask 255.255.255.0.
Here are several examples of the command. The first example assigns the
switch the management IPv4 address 149.121.43.56/24 to the
Default_VLAN, which has the VID number 1. Since the switch comes with
this VLAN, you don’t have to create it. Here are the commands:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan1
awplus(config-vlan)# ip address 149.121.43.56/24
awplus(config-vlan)# exit
296
AT-8100 Switch Command Line User’s Guide
This example assigns the IPv4 management address 143.24.55.67 and
subnet mask 255.255.255.0 to a new VLAN titled Tech_support. The
VLAN is assigned the VID 17 and consists of untagged ports 5 and 6. The
first series of commands create the new VLAN.
awplus> enable
Enter the Privileged Executive
mode from the User Exec mode.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# vlan database
Use the VLAN DATABASE
command to enter the VLAN
Configuration mode.
awplus(config-vlan)# vlan 17 name Tech_support
Use the VLAN command to assign
the VID 17 and the name
Tech_support to the new VLAN.
awplus(config-vlan)# exit
Return to the Global Configuration
mode.
awplus(config)# interface port1.0.5,port1.0.6
Enter the Port Interface mode for
ports 5 and 6.
awplus(config-if)# switchport access vlan 17
Use the SWITCHPORT ACCESS
VLAN command to add the ports
to the new VLAN.
awplus(config-vlan)# end
Return to the Privileged Exec
mode.
awplus# show vlan
Use the SHOW VLAN command
to confirm the configuration of the
new VLAN.
The next series of commands assigns the management address
143.24.55.67 and subnet mask 255.255.255.0 to the new VLAN.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# interface vlan17
Use the INTERFACE VLAN
command to move to the VLAN
Interface.
awplus(config-vlan)# ip address 143.24.55.67/24
Use the IP ADDRESS command
to assign the management
address 143.24.55.67 and subnet
mask 255.255.255.0 to the VLAN.
awplus(config-vlan)# end
Return to the Privileged Exec
mode.
297
Chapter 13: IPv4 and IPv6 Management Addresses
awplus# show ip interface
Use the SHOW IP INTERFACE
command to display the new
management IPv4 address.
This example activates the DHCP client so that the management IPv4
address is assigned to the Default_VLAN:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan1
awplus(config-vlan)# ip address dhcp
Adding an IPv4
Default Gateway
Address
The switch must be assigned a default gateway if the management
devices (for example, syslog servers, TFTP servers, and Telnet clients)
are not members of the same subnet as the management IPv4 address. A
default gateway is an IP address of an interface on a router or other Layer
3 device. It represents the first hop to the networks in which the
management devices reside. The switch can have only one IPv4 default
gateway and the address must be a member of the same subnet as the
management IPv4 address.
The command for assigning the default gateway is the IP ROUTE
command in the Global Configuration mode. Here is the format:
ip route 0.0.0.0/0 ipaddress
The IPADDDRESS parameter is the default gateway to be assigned the
switch.
Note
If an IPv4 default gateway is already assigned to the switch, you
must delete it prior to entering the new address. For instructions,
refer to “Deleting an IPv4 Management Address and Default
Gateway” on page 299.
This example assigns the switch the default gateway address
149.121.43.23:
awplus> enable
awplus# configure terminal
awplus(config)# ip route 0.0.0.0/0 149.121.43.23
To verify the default route, issue these commands:
awplus(config)# exit
awplus# show ip route
For information about how to add static IPv4 routes, see “Adding Static
and Default Routes” on page 1826.
298
AT-8100 Switch Command Line User’s Guide
Deleting an IPv4
Management
Address and
Default Gateway
The switch does not allow you to make any changes to the current
management address on the switch. If you want to change the address or
assign it to a different VLAN, you have to delete it and recreate it, with the
necessary changes.
To delete a static IPv4 management address from the switch, enter the
NO IP ADDRESS command in the VLAN Interface mode in which the
current address is assigned. This example of the command deletes the
address from a VLAN with the VID of 17:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan17
awplus(config-vlan)# no ip address
To delete an IPv4 management address assigned by a DHCP server, use
the NO IP ADDRESS DHCP command. This example of the command
deletes the management address assigned by a DHCP server, from a
VLAN on the switch with the VID of 23:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan23
awplus(config-vlan)# no ip address dhcp
To remove the current default gateway, use the NO form of the IP ROUTE
command. The command must include the current default gateway. This
example removes the default route 149.121.43.23:
awplus> enable
awplus# configure terminal
awplus(config)# no ip route 0.0.0.0/0 149.121.43.23
Displaying an
IPv4
Management
Address and
Default Gateway
The easiest way to view the IPv4 management address and default
gateway address of the switch is with the SHOW IP ROUTE command. It
displays both addresses at the same time. The command is found in the
Privileged Exec mode, as shown here:
awplus# show ip route
See Figure 66 on page 300 for an example of the information. The
management IPv4 address of the switch is displayed in the first entry in the
table and the default gateway address, if assigned to the switch, in the
second entry.
299
Chapter 13: IPv4 and IPv6 Management Addresses
Figure 66 displays an example of the information.
Codes:
C - connected, S - static, R - RIP
* - candidate default
Gateway of last resort is 149.101.23.28 to network 0.0.0.0.
S*
R
R
S
S
S
C
C
0.0.0.0/0 [1/0] via 149.101.23.28, vlan28
149.101.152.0/24 [120/2] via 149.101.23.28, vlan15, 00:05:27
149.101.201.0/24 [120/2] via 149.101.54.109, vlan23 00:39:08
149.101.32.0/24 [1/0] via 149.101.23.28, vlan15
149.101.33.0/24 [1/0] via 149.101.23.28, vlan15
149.101.42.0/24 [1/0] via 149.101.54.109, vlan23
149.101.23.0/24 is directly connected, vlan15
149.101.54.0/24 is directly connected, vlan23
Figure 66. SHOW IP ROUTE Command
The columns in the display are defined in Table 30 on page 324.
To view only the management address, use the SHOW IP INTERFACE
command, also in the Privileged Exec mode:
awplus# show ip interface
Here is an example of the information from the command.
Interface
VLAN14-0
IP Address
123.94.146.72
Status
admin up
Figure 67. SHOW IP INTERFACE Command
The columns are defined in Table 29 on page 323.
300
Protocol
down
AT-8100 Switch Command Line User’s Guide
Assigning an IPv6 Management Address and Default Gateway
This section covers the following topics:
Adding an IPv6
Management
Address

“Adding an IPv6 Management Address” next

“Adding an IPv6 Default Gateway Address” on page 302

“Deleting an IPv6 Management Address and Default Gateway” on
page 303

“Displaying an IPv6 Management Address and Default Gateway” on
page 304
The command to assign the switch an IPv6 management address is the
IPv6 ADDRESS command. As with the IPv4 address command, this
command has to be performed in the VLAN Configuration mode of the
VLAN to which the address is to be assigned. If the VLAN does not
already exist, you have to create it first. For instructions, refer to Chapter
60, “Port-based and Tagged VLANs” on page 899. If the switch already
has an IPv4 address, the IPv6 address must be assigned to the same
VLAN as that address.
Here is the format of the command:
ipv6 address ipaddress/mask
The IPADDRESS parameter is the management IPv6 address for the
switch, entered in this format:
nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn
Where N is a hexadecimal digit from 0 to F. The eight groups of digits are
separated by colons. Groups where all four digits are ‘0’ can be omitted.
Leading ‘0’s in groups can also be omitted. For example, the following
IPv6 addresses are equivalent:
12c4:421e:09a8:0000:0000:0000:00a4:1c50
12c4:421e:9a8::a4:1c50
The MASK parameter is a decimal number that represents the number of
bits, from left to right, that constitute the network portion of the address.
For example, an address whose network designator consists of the first
eight bytes would need a mask of 64 bits.
301
Chapter 13: IPv4 and IPv6 Management Addresses
Note
If there is a management IPv6 address already assigned to the
switch, you must delete it prior to entering the new address. For
instructions, refer to “Deleting an IPv6 Management Address and
Default Gateway” on page 303.
Here are several examples of the command. The first example assigns the
switch this static management IPv6 address to the Default_VLAN, VID
number 1.
90:0a21:091b:0000:0000:0000:09bd:c458
Here are the commands:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan1
awplus(config-vlan)# ipv6 address 90:a21:91b::9bd:c458/64
awplus(config-vlan)# exit
This example assigns a management IPv6 address to a VLAN with the
VID 8:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan8
awplus(config-vlan)# ipv6 address 1857:80cf:d54::1a:8f57/64
awplus(config-vlan)# exit
Note
You cannot use a DHCP server or SLAAC (State Address
Autoconfiguration) to assign the switch a dynamic IPv6 address.
The switch supports only a single static IPv6 address.
Adding an IPv6
Default Gateway
Address
The switch must be assigned a default gateway if the management
devices (for example, TFTP servers, Telnet clients and SSH clients) are
not members of the same subnet as its management IPv6 address. A
default gateway is an IP address of an interface on a router or other Layer
3 device that is the first hop to the networks in which the management
devices are located. The switch can have only one IPv6 default gateway
and the address must be a member of the same subnet as the
management IPv6 address.
The command for assigning the default gateway is the IPV6 ROUTE
command in the Global Configuration mode. Here is the format of the
command:
ipv6 route ::/0 ipaddress
302
AT-8100 Switch Command Line User’s Guide
The IPADDDRESS parameter is the default gateway to be assigned the
switch. The address must be an IPv6 address and it must be a member of
the same subnet as the management IPv6 address.
Note
This configuration is different in the AT-8000GS switch where the
gateway is specified as the Link Local address.
Note
If there is an IPv6 default gateway already assigned to the switch,
you must delete it prior to entering the new default gateway. For
instructions, refer to “Deleting an IPv6 Management Address and
Default Gateway” on page 303.
This example assigns the switch the default gateway address
389c:be45:78::c45:8156:
awplus> enable
awplus# configure terminal
awplus(config)# ipv6 route ::/0 389c:be45:78::c45:8156
To verify the default route, issue these commands:
awplus(config-vlan)# end
awplus# show ipv6 route
Deleting an IPv6
Management
Address and
Default Gateway
To delete a static IPv6 management address, enter the NO IPV6
ADDRESS command in the VLAN Interface mode in which the current
address is assigned. This example of the command deletes the address
from a VLAN with the VID 21:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan21
awplus(config-vlan)# no ipv6 address
To remove the default gateway, use the NO form of the IPV6 ROUTE
command. The command must include the current default gateway. Here
is the format of the command:
no ipv6 route ::/0 ipaddress
The IPADDRESS parameter specifies the default route to be deleted. This
example deletes the default route 389c:be45:78::c45:8156:
awplus> enable
awplus# configure terminal
awplus(config)# no ipv6 route ::/0 389c:be45:78::c45:8156
303
Chapter 13: IPv4 and IPv6 Management Addresses
Displaying an
IPv6
Management
Address and
Default Gateway
There are two commands for displaying a management IPv6 address and
default gateway. If the switch has both an IPv6 address and default
gateway, you can display both of them with the SHOW IPV6 ROUTE
command, in the Privileged Exec mode, as shown here:
awplus# show ipv6 route
Here’s an example of the information. The default route is displayed first
followed by the management address.
IPv6 Routing Table
Codes: C - connected, S - static
S
0:0:0:0:0:0:0:0/0 via 832a:5821:b34a:0:0:0:187:14, vlan4-0
C
832a:5821:b34a:0:0:0:187:95a/64 via ::, vlan4-0
Figure 68. SHOW IPV6 ROUTE Command
Another way to display just the management address is with the SHOW
IPV6 INTERFACE command, shown here:
awplus# show ipv6 interface
Here is an example of the information from the command.
Interface
VLAN3-0
IPv6-Address
832a:5821:b34a:0:0:0:187:95a/64
Status
admin up
Protocol
down
Figure 69. SHOW IPV6 INTERFACE Command
The columns are defined in Table 31 on page 326.
304
Chapter 14
IPv4 and IPv6 Management Address
Commands
The IPv4 and IPv6 management address commands are summarized in
Table 28.
Table 28. Management IP Address Commands
Command
Mode
Description
“CLEAR IPV6 NEIGHBORS” on
page 307
Privileged Exec
Clears all dynamic IPv6 neighbor
entries.
“IP ADDRESS” on page 308
VLAN Interface
Assigns the switch a static IPv4
management address.
“IP ADDRESS DHCP” on page 310
VLAN Interface
Assigns the switch an IPv4
management address from a DHCP
server on your network.
“IP ROUTE” on page 312
Global
Configuration
Assigns the switch an IPv4 default
gateway address.
“IPV6 ADDRESS” on page 314
VLAN Interface
Assigns the switch a static IPv6
management address.
“IPV6 ROUTE” on page 316
Global
Configuration
Assigns the switch an IPv6 default
gateway address.
“NO IP ADDRESS” on page 318
VLAN Interface
Deletes the IPv4 management
address.
“NO IP ADDRESS DHCP” on
page 319
VLAN Interface
Deactivates the IPv4 DHCP client on
the switch.
“NO IP ROUTE” on page 320
Global
Configuration
Deletes the IPv4 default gateway.
“NO IPV6 ADDRESS” on page 321
VLAN Interface
Deletes the IPv6 management
address.
“NO IPV6 ROUTE” on page 322
Global
Configuration
Deletes the IPv6 default gateway.
“SHOW IP INTERFACE” on page 323
Privileged Exec
Displays the IPv4 management
address.
“SHOW IP ROUTE” on page 324
Privileged Exec
Displays the IPv4 management
address and default gateway.
305
Chapter 14: IPv4 and IPv6 Management Address Commands
Table 28. Management IP Address Commands (Continued)
Command
Mode
Description
“SHOW IPV6 INTERFACE” on
page 326
Privileged Exec
Displays the IPv4 management
address.
“SHOW IPV6 ROUTE” on page 327
Privileged Exec
Displays the IPv6 management
address and default gateway.
306
AT-8100 Switch Command Line User’s Guide
CLEAR IPV6 NEIGHBORS
Syntax
clear ipv6 neighbors
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to clear all of the dynamic IPv6 neighbor entries.
Example
This example clears all of the dynamic IPv6 neighbor entries:
awplus> enable
awplus# clear ipv6 neighbors
307
Chapter 14: IPv4 and IPv6 Management Address Commands
IP ADDRESS
Syntax
ip address ipaddress/mask
Parameters
ipaddress
Specifies a management IPv4 address for the switch. The address
is specified in the following format:
nnn.nnn.nnn.nnn
Where each NNN is a decimal number from 0 to 255. The numbers
must be separated by periods.
mask
Specifies the subnet mask for the address. The mask is a decimal
number that represents the number of bits, from left to right, that
constitute the network portion of the address. For example, the
IPv4 decimal masks 16 and 24 are equivalent to masks
255.255.0.0 and 255.255.255.0, respectively.
Mode
VLAN Interface mode
Description
Use this command to manually assign the switch an IPv4 management
address. You must perform this command from the VLAN Interface mode
of the VLAN to which to the address is to be assigned.
To assign the switch an IPv4 address from a DHCP server, refer to “IP
ADDRESS DHCP” on page 310.
An IPv4 management address is required to support the features listed in
Table 27 on page 292. The switch can have only one IPv4 address and it
must be assigned to the VLAN from which the switch is to communicate
with the management devices (such as Telnet workstations and syslog
servers). The VLAN must already exist on the switch before you use this
command.
Confirmation Command
“SHOW IP INTERFACE” on page 323
308
AT-8100 Switch Command Line User’s Guide
Examples
This example assigns the switch the IPv4 management address
142.35.78.21 and subnet mask 255.255.255.0. The address is assigned to
the Default_VLAN, which has the VID 1:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan1
awplus(config-vlan)# ip address 142.35.78.21/24
This example assigns the switch the IPv4 management address
116.152.173.45 and subnet mask 255.255.255.0. The VLAN assigned the
address has the VID 14:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan14
awplus(config-vlan)# ip address 116.152.173.45/24
309
Chapter 14: IPv4 and IPv6 Management Address Commands
IP ADDRESS DHCP
Syntax
ip address dhcp
Parameters
None
Mode
VLAN Interface mode
Description
Use this command to assign the switch an IPv4 management address
from a DHCP server. This command activates the DHCP client, which
automatically queries the network for a DHCP server. The client also
queries for a DHCP server whenever you reset or power cycle the switch.
You must perform this command from the VLAN Interface mode of the
VLAN to which you want to assign the address.
The switch must have a management IPv4 address to support the
features listed in Table 27 on page 292. The switch can have only one
IPv4 address and it must be assigned to the VLAN from which the switch
is to communicate with the management devices (such as Telnet
workstations and syslog servers). The VLAN must already exist on the
switch.
To manually assign the switch an IPv4 address, refer to “IP ADDRESS” on
page 308.
Note
You cannot assign the switch a dynamic IPv6 address from a DHCP
server. An IPv6 management address must be assigned manually
with “IPV6 ADDRESS” on page 314.
Confirmation Commands
“SHOW IP INTERFACE” on page 323 and “SHOW IP ROUTE” on
page 324
310
AT-8100 Switch Command Line User’s Guide
Example
This example activates the DHCP client so that the switch obtains its IPv4
management address from a DHCP server on your network. The address
is applied to a VLAN with the VID 4:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan4
awplus(config-vlan)# ip address dhcp
311
Chapter 14: IPv4 and IPv6 Management Address Commands
IP ROUTE
Syntax
ip route 0.0.0.0/0 ipaddress
Parameters
ipaddress
Specifies an IPv4 default gateway address.
Mode
Global Configuration mode
Description
Use this command to assign the switch an IPv4 default gateway address.
A default gateway is an address of an interface on a router or other Layer
3 device. The switch uses the address as the first hop to reaching remote
subnets or networks when communicating with management network
devices, such as Telnet clients and syslog servers, that are not members
of the same subnet as its IPv4 address.
You must assign the switch a default gateway address if both of the
following are true:

You assigned the switch an IPv4 management address.

The management network devices are not members of the same
subnet as the management IP address.
Review the following guidelines before assigning a default gateway
address to the switch:

The switch can have just one IPv4 default gateway address.

The switch must already have an IPv4 management address.

The management address and the default gateway address must
be members of the same subnet.
Confirmation Command
“SHOW IP ROUTE” on page 324
312
AT-8100 Switch Command Line User’s Guide
Example
This example assigns the switch the IPv4 default gateway address
143.87.132.45:
awplus> enable
awplus# configure terminal
awplus(config)# ip route 0.0.0.0/0 143.87.132.45
313
Chapter 14: IPv4 and IPv6 Management Address Commands
IPV6 ADDRESS
Syntax
ipv6 address ipaddress/mask
Parameters
ipaddress
Specifies an IPv6 management address for the switch. The
address is entered in this format:
nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn
Where N is a hexadecimal digit from 0 to F. The eight groups of
digits have to be separated by colons. Groups where all four digits
are ‘0’ can be omitted. Leading ‘0’s in groups can also be omitted.
For example, the following IPv6 addresses are equivalent:
12c4:421e:09a8:0000:0000:0000:00a4:1c50
12c4:421e:9a8::a4:1c50
mask
Specifies the subnet mask of the address. The mask is a decimal
number that represents the number of bits, from left to right, that
constitute the network portion of the address. For example, an
address whose network designator consists of the first eight bytes
would need a mask of 64 bits.
Mode
VLAN Interface mode
Description
Use this command to manually assign the switch an IPv6 management
address. You must perform this command from the VLAN Interface mode
of the VLAN to which to the address is to be assigned.
Note
An IPv6 management address must be assigned manually. The
switch cannot obtain an IPv6 address from a DHCP server.
The switch must have a management address to support the features
listed in Table 27 on page 292. The switch can have only one IPv6
address and it must be assigned to the VLAN from which the switch is to
communicate with the management devices (such as Telnet workstations
314
AT-8100 Switch Command Line User’s Guide
and syslog servers). The VLAN must already exist on the switch before
you use this command.
Confirmation Commands
“SHOW IPV6 INTERFACE” on page 326 and “SHOW IPV6 ROUTE” on
page 327
Examples
This example assigns the IPv6 management address
4c57:17a9:11::190:a1d4/64 to the Default_VLAN, which has the VID 1:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan1
awplus(config-vlan)# ipv6 address 4c57:17a9:11::190:a1d4/64
This example assigns the switch the IPv6 management IPv4 address
7891:c45b:78::96:24/64 to a VLAN with the VID 4:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan4
awplus(config-vlan)# ipv6 address 7891:c45b:78::96:24/64
315
Chapter 14: IPv4 and IPv6 Management Address Commands
IPV6 ROUTE
Syntax
ipv6 route ::/0 ipaddress
Parameters
ipaddress
Specifies an IPv6 address of a default gateway. The address is
entered in this format:
nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn
Where N is a hexadecimal digit from 0 to F. The eight groups of
digits have to be separated by colons. Groups where all four digits
are ‘0’ can be omitted. Leading ‘0’s in groups can also be omitted.
Mode
Global Configuration mode
Description
Use this command to assign the switch an IPv6 default gateway address.
A default gateway is an address of an interface on a router or other Layer
3 device. It defines the first hop to reaching the remote subnets or
networks where the network devices are located. You must assign the
switch a default gateway address if both of the following are true:

You assigned the switch an IPv6 management address.

The remote management devices (such as Telnet workstations
and TFTP servers) are not members of the same subnet as the
IPv6 management address.
Review the following guidelines before assigning a default gateway
address:

The switch can have just one IPv6 default gateway.

The switch must already have an IPv6 management address.

The IPv6 management address and the default gateway address
must be members of the same subnet.
Confirmation Command
“SHOW IPV6 ROUTE” on page 327
316
AT-8100 Switch Command Line User’s Guide
Example
This example assigns the switch the IPv6 default gateway address
45ab:672:934c::78:17cb:
awplus> enable
awplus# configure terminal
awplus(config)# ipv6 route ::/0 45ab:672:934c::78:17cb
317
Chapter 14: IPv4 and IPv6 Management Address Commands
NO IP ADDRESS
Syntax
no ip address
Parameters
None
Mode
VLAN Interface mode
Description
Use this command to delete the current IPv4 management address from
the switch if the address was assigned manually. If a DHCP server
supplied the address, refer to “NO IP ADDRESS DHCP” on page 319.
You must perform this command from the VLAN Interface mode of the
VLAN to which the address is attached.
Note
The switch uses the IPv4 management address to perform the
features listed Table 27 on page 292. If you delete it, the switch will
not support the features unless it also has an IPv6 management
address.
Confirmation Commands
“SHOW IP INTERFACE” on page 323 and “SHOW IP ROUTE” on
page 324
Example
This example removes the static IPv4 management address from the
VLAN with the VID 15:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan15
awplus(config-vlan)# no ip address
318
AT-8100 Switch Command Line User’s Guide
NO IP ADDRESS DHCP
Syntax
no ip address dhcp
Parameters
None
Mode
VLAN Interface mode
Description
Use this command to delete the current IPv4 management address from
the switch if the address was assigned by a DHCP server. You must
perform this command from the VLAN Interface mode of the VLAN to
which the address is attached. This command also disables the DHCP
client.
Note
The switch uses the IPv4 management address to perform the
features listed Table 27 on page 292. If you delete it, the switch will
not support the features unless it also has an IPv6 management
address.
Confirmation Command
“SHOW IP INTERFACE” on page 323 and “SHOW IP ROUTE” on
page 324
Example
This example removes the IPv4 management address from a VLAN with
the VID 3 and disables the DHCP client:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan3
awplus(config-vlan)# no ip address dhcp
319
Chapter 14: IPv4 and IPv6 Management Address Commands
NO IP ROUTE
Syntax
no ip route 0.0.0.0/0 ipaddress
Parameters
ipaddress
Specifies the current default gateway.
Mode
Global Configuration mode
Description
Use this command to delete the current IPv4 default gateway. The
command must include the current default gateway.
Confirmation Command
“SHOW IP ROUTE” on page 324
Example
This example deletes the default route 121.114.17.28 from the switch:
awplus> enable
awplus# configure terminal
awplus(config)# no ip route 0.0.0.0/0 121.114.17.28
320
AT-8100 Switch Command Line User’s Guide
NO IPV6 ADDRESS
Syntax
no ipv6 address
Parameters
None
Mode
VLAN Interface mode
Description
Use this command to delete the current IPv6 management address from
the switch. You must perform this command from the VLAN Interface
mode of the VLAN to which the address is attached.
Note
The switch uses the IPv6 management address to perform the
features listed Table 27 on page 292. If you delete it, the switch will
not support the features unless it also has an IPv4 management
address.
Confirmation Command
“SHOW IPV6 INTERFACE” on page 326 and “SHOW IPV6 ROUTE” on
page 327
Example
This example removes the static IPv6 management address from the
VLAN with the VID 3:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan3
awplus(config-vlan)# no ipv6 address
321
Chapter 14: IPv4 and IPv6 Management Address Commands
NO IPV6 ROUTE
Syntax
no ipv6 route ::/0 ipaddress
Parameters
ipaddress
Specifies the current IPv6 default gateway.
Mode
Global Configuration mode
Description
Use this command to delete the current IPv6 default gateway from the
switch. The command must include the current default gateway.
Confirmation Command
“SHOW IPV6 ROUTE” on page 327
Example
This example deletes the IPv6 default route 2b45:12:9ac4::5bc7:89 from
the switch:
awplus> enable
awplus# configure terminal
awplus(config)# no ipv6 route ::/0 2b45:12:9ac4::5bc7:89
322
AT-8100 Switch Command Line User’s Guide
SHOW IP INTERFACE
Syntax
show ip interface
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the management IP address on the switch.
Figure 70 is an example of the information.
Interface
VLAN14-0
IP Address
123.94.146.72
Status
admin up
Protocol
down
Figure 70. SHOW IP INTERFACE Command
The fields are described in Table 29.
Table 29. SHOW IP INTERFACE Command
Parameter
Description
Interface
The VID of the VLAN to which the
management IP address is assigned.
IP Address
The management IP address of the switch
Status
Not applicable to the AT-8100 Switch.
Protocol
Not applicable to the AT-8100 Switch.
Example
The following example displays the management IP address assigned to a
switch:
awplus# show ip interface
323
Chapter 14: IPv4 and IPv6 Management Address Commands
SHOW IP ROUTE
Syntax
show ip route
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the routes on the switch. Figure 71 displays
an example of the information.
Codes:
C - connected, S - static, R - RIP
* - candidate default
Gateway of last resort is 149.101.23.28 to network 0.0.0.0.
S*
R
R
S
S
S
C
C
0.0.0.0/0 [1/0] via 149.101.23.28, vlan28
149.101.152.0/24 [120/2] via 149.101.23.28, vlan15, 00:05:27
149.101.201.0/24 [120/2] via 149.101.54.109, vlan23 00:39:08
149.101.32.0/24 [1/0] via 149.101.23.28, vlan15
149.101.33.0/24 [1/0] via 149.101.23.28, vlan15
149.101.42.0/24 [1/0] via 149.101.54.109, vlan23
149.101.23.0/24 is directly connected, vlan15
149.101.54.0/24 is directly connected, vlan23
Figure 71. SHOW IP ROUTE Command
The field “Gateway of last resort is” states the default gateway, which, if
defined on the switch, is also included as the first entry in the table.
The possible codes in the left column in the table are described in Table
30.
Table 30. Route Codes in the SHOW IP ROUTE Command
Code
324
Description
S*
Default gateway.
R
Route to a remote network learned by RIP.
AT-8100 Switch Command Line User’s Guide
Table 30. Route Codes in the SHOW IP ROUTE Command (Continued)
Code
Description
S
Static route to a remote network.
C
Local network of a routing interface.
Note
RIP routes have an additional option which indicates the time lapsed
in hours: minutes: seconds since the RIP entry was added. See
Figure 72.
The elements of the static and RIP routes are identified in Figure 72.
R
S - Static
R - RIP
149.101.33.0/24 [1/0] via 149.101.23.28, vlan15, 00:05:27
Remote Network
Next Hop
Administrative
Distance
Metric/Cost
VLAN of
Next Hop
Elapsed Time
hours:minutes:seconds
(RIP Routes Only)
Figure 72. Static and RIP Route Elements
Example
The following example displays the routes on the switch:
awplus# show ip route
325
Chapter 14: IPv4 and IPv6 Management Address Commands
SHOW IPV6 INTERFACE
Syntax
show ipv6 interface
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the IPv6 management address on the
switch. Figure 73 is an example of the information.
Interface
VLAN3-0
IPv6-Address
832a:5821:b34a:0:0:0:187:95a/64
Status
admin up
Protocol
down
Figure 73. SHOW IPV6 INTERFACE Command
The fields are described in Table 31.
Table 31. SHOW IPV6 INTERFACE Command
Parameter
Description
Interface
The VID of the VLAN to which the
management address is assigned.
IPv6 Address
The IPv6 management address of the
switch.
Status
Not applicable to the AT-8100 Switch.
Protocol
Not applicable to the AT-8100 Switch.
Example
The following example displays the IPv6 management address:
awplus# show ipv6 interface
326
AT-8100 Switch Command Line User’s Guide
SHOW IPV6 ROUTE
Syntax
show ipv6 route
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the IPv6 management address and default
gateway on the switch. Figure 74 is an example of the information. The
default route is display first, followed by the management address.
IPv6 Routing Table
Codes: C - connected, S - static
S
0:0:0:0:0:0:0:0/0 via 832a:5821:b34a:0:0:0:187:14, vlan4-0
C
832a:5821:b34a:0:0:0:187:95a/64 via ::, vlan4-0
Figure 74. SHOW IPV6 ROUTE Command
Example
The following example displays the IPv6 management address and default
gateway:
awplus# show ipv6 route
327
Chapter 14: IPv4 and IPv6 Management Address Commands
328
Chapter 15
Simple Network Time Protocol (SNTP)
Client
This chapter contains the following information:

“Overview” on page 330

“Activating the SNTP Client and Specifying the IP Address of an NTP
or SNTP Server” on page 331

“Configuring Daylight Savings Time and UTC Offset” on page 332

“Disabling the SNTP Client” on page 334

“Displaying the SNTP Client” on page 335

“Displaying the Date and Time” on page 336
329
Chapter 15: Simple Network Time Protocol (SNTP) Client
Overview
The switch has an Simple Network Time Protocol (SNTP) client for setting
its date and time from an SNTP or NTP server on your network or the
Internet. The date and time are added to the event messages that are
stored in the event log and sent to syslog servers.
The switch polls the SNTP or NTP server for the date and time when you
configure the client and when the unit is powered on or reset.
Here are the guidelines to using the SNTP client:
330

You must specify the IP address of the SNTP or NTP server from
which the switch is to obtain the date and time. You can specify
only one IP address. For instructions, refer to “Activating the SNTP
Client and Specifying the IP Address of an NTP or SNTP Server”
on page 331.

You must configure the client by specifying whether the locale of
the switch is in Standard Time or Daylight Savings Time. For
instructions, refer to “Configuring Daylight Savings Time and UTC
Offset” on page 332.

You must specify the offset of the switch from Coordinated
Universal Time (UTC). For instructions, refer to “Configuring
Daylight Savings Time and UTC Offset” on page 332.

The switch must have a management IP address to communicate
with a SNTP or NTP server. For instructions, refer to “Adding a
Management IP Address” on page 76 or Chapter 13, “IPv4 and
IPv6 Management Addresses” on page 291.

The SNTP or NTP server must be a member of the same subnet
as the management IP address of the switch or be able to access it
through routers or other Layer 3 devices.

If the management IP address of the switch and the IP address of
the SNTP or NTP server are members of different subnets or
networks, you must also assign the switch a default gateway. This
is the IP address of a routing interface that represents the first hop
to reaching the remote network of the SNTP or NTP server. For
instructions, refer to “Adding a Management IP Address” on
page 76 or Chapter 13, “IPv4 and IPv6 Management Addresses”
on page 291.
AT-8100 Switch Command Line User’s Guide
Activating the SNTP Client and Specifying the IP Address of an NTP or
SNTP Server
To activate the SNTP client on the switch and to specify the IP address of
an NTP or SNTP server, use the NTP PEER command in the Global
Configuration mode. You can specify the IP address of only one server.
This example of the command specifies 1.77.122.54 as the IP address of
the server:
awplus> enable
awplus# configure terminal
awplus(config)# ntp peer 1.77.122.54
To display the date and time, use the SHOW CLOCK command in the
User Exec and Privileged Exec modes.
awplus# show clock
331
Chapter 15: Simple Network Time Protocol (SNTP) Client
Configuring Daylight Savings Time and UTC Offset
If the time that the NTP or SNTP server provides to the switch is in
Coordinated Universal Time (UTC), it has to be converted into local time.
To do that, the switch needs to know whether to use Standard Time (ST)
or Daylight Savings Time (DST), and the number of hours and minutes it is
ahead of or behind UTC, referred to as the UTC offset.
Note
To set the daylight savings time and UTC offset, you must first
specify the IP address of an NTP server with the NTP PEER
command. For instructions, refer to “Activating the SNTP Client and
Specifying the IP Address of an NTP or SNTP Server” on page 331.
This table lists the commands you use to configure the daylight savings
time and UTC offset.
Table 32. SNTP Daylight Savings Time and UTC Offset Commands
To
Use This Command
Range
Configure the client for Daylight
Savings Time
CLOCK SUMMER-TIME
-
Configure the client for Standard
Time.
NO CLOCK SUMMER-TIME
-
Configure the UTC offset.
CLOCK TIMEZONE +hh:mm|-hh:mm
+12 to -12
hours and 0 to
59 minutes.
(The hours and
minutes must
each have two
digits.)
The commands are located in the Global Configuration mode. This
example configures the client for DST and a UTC offset of -8 hours:
awplus> enable
awplus# configure terminal
awplus(config)# clock summer-time
awplus(config)# clock timezone -08:00
332
AT-8100 Switch Command Line User’s Guide
In this example, the client is configured for ST and a UTC offset of +2
hours and 45 minutes:
awplus> enable
awplus# configure terminal
awplus(config)# no clock summer-time
awplus(config)# clock timezone +02:45
333
Chapter 15: Simple Network Time Protocol (SNTP) Client
Disabling the SNTP Client
To disable the SNTP client so that the switch doesn’t obtain its date and
time from an NTP or SNTP server, use the NO PEER command in the
Global Configuration mode:
awplus> enable
awplus# configure terminal
awplus(config)# no ntp peer
334
AT-8100 Switch Command Line User’s Guide
Displaying the SNTP Client
To display the settings of the SNTP client on the switch, use the SHOW
NTP ASSOCIATIONS command in the Privileged Exec mode.
awplus# show ntp associations
The following is displayed:
SNTP Configuration:
Status ........................
Server ........................
UTC Offset ....................
Daylight Savings Time (DST) ...
Enabled
149.134.23.154
+2
Enabled
Figure 75. SHOW NTP ASSOCIATIONS Command
The fields are described in Table 34 on page 345.
To learn whether the switch has synchronized its time with the designated
NTP or SNTP server, use the SHOW NTP STATUS command. An
example of the information is shown in Figure 76.
Clock is synchronized, reference is 149.154.42.190
Clock offset is -5
Figure 76. SHOW NTP STATUS Command
335
Chapter 15: Simple Network Time Protocol (SNTP) Client
Displaying the Date and Time
To display the date and time, use the SHOW CLOCK command in the
User Exec mode or Privileged Exec mode:
awplus# show clock
336
Chapter 16
SNTP Client Commands
The SNTP commands are summarized in Table 33.
Table 33. Simple Network Time Protocol Commands
Command
Mode
Description
“CLOCK SUMMER-TIME” on
page 338
Global
Configuration
Activates Daylight Savings Time on
the SNTP client.
“CLOCK TIMEZONE” on page 339
Global
Configuration
Sets the UTC offset value, the time
difference in hours and minutes
between local time and Coordinated
Universal Time (UTC).
“NO CLOCK SUMMER-TIME” on
page 340
Global
Configuration
Deactivates Daylight Savings Time
and enables Standard Time.
“NO NTP PEER” on page 341
Global
Configuration
Disables the NTP client.
“NTP PEER” on page 342
Global
Configuration
Specifies the IP address of the NTP or
SNTP server from which the switch is
to obtain the date and time.
“PURGE NTP” on page 343
Global
Configuration
Restores the default settings to the
SNTP client.
“SHOW CLOCK” on page 344
User Exec and
Privilege Exec
Displays the date and time.
“SHOW NTP ASSOCIATIONS” on
page 345
Privilege Exec
Displays the settings of the NTP client
on the switch.
“SHOW NTP STATUS” on page 347
Privilege Exec
Displays whether the switch has
synchronized its time with the
specified NTP or SNTP server.
337
Chapter 16: SNTP Client Commands
CLOCK SUMMER-TIME
Syntax
clock summer-time
Parameters
None
Mode
Global Configuration mode
Description
Use this command to enable Daylight Savings Time (DST) on the SNTP
client.
Note
The switch does not set the DST automatically. If the switch is in a
locale that uses DST, you must remember to enable this in April
when DST begins and disable it in October when DST ends. If the
switch is in a locale that does not use DST, set this option to
disabled all the time. To disable DST on the client, refer to “NO
CLOCK SUMMER-TIME” on page 340.
Confirmation Command
“SHOW NTP ASSOCIATIONS” on page 345
Example
The following example enables DST on the SNTP client:
awplus> enable
awplus# configure terminal
awplus(config)# clock summer-time
338
AT-8100 Switch Command Line User’s Guide
CLOCK TIMEZONE
Syntax
clock timezone +hh:mm|-hh:mm
Parameters
hh:mm
Specifies the number of hours and minutes difference between
Coordinated Universal Time (UTC) and local time. HH are hours in
the range of -12 to +12 and MM are minutes in the range of 00 to
60. The value is specified as ahead of (positive) or behind
(negative) UTC. You must include both the hours and minutes, and
both must have two digits. The default is 00:00.
Mode
Global Configuration mode
Description
Use this command to set the UTC offset, which is used by the switch to
convert the time from an SNTP or NTP server into local time. You must
configure the NTP client with “NTP PEER” on page 342 before setting the
UTC offset.
Confirmation Command
“SHOW NTP ASSOCIATIONS” on page 345
Examples
This example specifies a time difference of -2 hours between UTC and
local time:
awplus> enable
awplus# configure terminal
awplus(config)# clock timezone -02:00
This example specifies a time difference of +4 hours and 15 minutes
between UTC and local time:
awplus> enable
awplus# configure terminal
awplus(config)# clock timezone +04:15
339
Chapter 16: SNTP Client Commands
NO CLOCK SUMMER-TIME
Syntax
no clock summer-time
Parameters
None
Mode
Global Configuration mode
Description
Use this command to disable Daylight Savings Time (DST) and activate
Standard Time (ST) on the SNTP client.
Confirmation Command
“SHOW NTP ASSOCIATIONS” on page 345
Examples
The following example disables Daylight Savings Time (DST) and
activates Standard Time (ST) on the SNTP client:
awplus> enable
awplus# configure terminal
awplus(config)# no clock summer-time
340
AT-8100 Switch Command Line User’s Guide
NO NTP PEER
Syntax
no ntp server
Parameter
None
Mode
Global Configuration mode
Description
Use this command to deactivate the SNTP client on the switch. When the
client is disabled, the switch does not obtain its date and time from an
SNTP or NTP server the next time it is reset or power cycled.
Confirmation Command
“SHOW NTP ASSOCIATIONS” on page 345
Example
The following example deactivates the SNTP client on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# no ntp peer
341
Chapter 16: SNTP Client Commands
NTP PEER
Syntax
ntp peer ipaddress
Parameter
ipaddress
Specifies an IP address of an SNTP or NTP server.
Mode
Global Configuration mode
Description
Use this command to activate the NTP client on the switch and to specify
the IP address of the SNTP or NTP server from which it is to obtain its
date and time. You can specify only one SNTP or NTP server. After you
enter this command, the switch automatically begins to query the network
for the defined server.
Confirmation Command
“SHOW NTP ASSOCIATIONS” on page 345
Example
This example defines the IP address of the SNTP server as 1.77.122.54:
awplus> enable
awplus# configure terminal
awplus(config)# ntp peer 1.77.122.54
342
AT-8100 Switch Command Line User’s Guide
PURGE NTP
Syntax
purge ntp
Parameter
None
Mode
Global Configuration mode
Description
Use this command to disable the SNTP client, delete the IP address of the
SNTP or NTP server, and restore the client settings to the default values.
Confirmation Command
“SHOW NTP ASSOCIATIONS” on page 345
Example
The following example disables the SNTP client, deletes the IP address of
the SNTP or NTP server, and restores the client settings to the default
values:
awplus> enable
awplus# configure terminal
awplus(config)# purge ntp
343
Chapter 16: SNTP Client Commands
SHOW CLOCK
Syntax
show clock
Parameters
None
Modes
User Exec mode and Privileged Exec mode
Description
Use this command to display the switch’s date and time.
Example
The following example displays the switch’s date and time.
awplus# show clock
344
AT-8100 Switch Command Line User’s Guide
SHOW NTP ASSOCIATIONS
Syntax
show ntp associations
Parameters
None
Modes
Privileged Exec mode
Description
Use this command to display the settings of the SNTP client. The
information the command displays is shown in Figure 77.
SNTP Configuration:
Status ........................
Server ........................
UTC Offset ....................
Daylight Savings Time (DST) ...
Enabled
172.17.118.15
+2
Enabled
Figure 77. SHOW NTP ASSOCIATIONS Command
The information is described here:
Table 34. SHOW NTP ASSOCIATIONS Command
Parameter
Status
Description
The status of the SNTP client software on
the switch. The status can be either
enabled or disabled. If enabled, the switch
seeks its date and time from an NTP or
SNTP server. The default is disabled.
To enable the client, use “NTP PEER” on
page 342. To disable the client, refer to
“NO NTP PEER” on page 341.
Server
The IP address of an NTP or SNTP
server. This value is set with “NTP PEER”
on page 342.
345
Chapter 16: SNTP Client Commands
Table 34. SHOW NTP ASSOCIATIONS Command (Continued)
Parameter
Description
UTC Offset
The time difference in hours between
UTC and local time. The range is -12 to
+12 hours. The default is 0 hours. This
value is set with “CLOCK TIMEZONE” on
page 339.
Daylight Savings Time
(DST)
The status of the daylight savings time
setting. The status can be enabled or
disabled. This value is set with “CLOCK
TIMEZONE” on page 339.
Example
The following example displays the settings of the SNTP client:
awplus# show ntp associations
346
AT-8100 Switch Command Line User’s Guide
SHOW NTP STATUS
Syntax
show ntp status
Parameters
None
Modes
Privileged Exec mode
Description
Use this command to display the status of an NTP or SNTP server
assigned to the switch. The display states whether or not the switch has
synchronized its time with an NTP or SNTP server. An example of the
display is shown in Figure 78.
Clock is synchronized, reference is 149.154.42.190
Clock offset is -5
Figure 78. SHOW NTP STATUS Command
The IP address above is the address of the NTP or SNTP server specified
with the NTP PEER command. See “NTP PEER” on page 342. The clock
offset is configured with the CLOCK TIMEZONE command. See “CLOCK
TIMEZONE” on page 339.
Example
The following example displays the status of the NTP or SNTP server
assigned to the switch:
awplus# show ntp status
347
Chapter 16: SNTP Client Commands
348
Chapter 17
Domain Name System (DNS)

“Overview” on page 350

“Adding a DNS Server to the Switch” on page 352

“Enabling or Disabling the DNS Client” on page 353

“Adding a Domain to the DNS List” on page 354

“Setting a Default Domain Name for the DNS” on page 355
349
Chapter 17: Domain Name System (DNS)
Overview
The Domain Name System (DNS) is a naming system that allows you to
access remote systems using host names that consist of text or textbased rather than IP addresses. DNS creates a mapping between a
domain name, such as “www.alliedtelesis.com,” and its IP address, for
example, 207.135.120.89. These mappings are held on DNS servers.
To access remote systems using domain names instead of IP addresses,
you must have a DNS server on your network and configure DNS servers
on the switch.
Domain name
parts
Domain names, such as “www.alliedtelesis.com,” consist of two or more
name segments. The format of a domain name is the same as the host
portion of a URL (Uniform Resource Locator) and each segment is
separated by a period.
The hierarchy of a domain name descends from right to left. The segment
on the far right is a top-level domain name shared by many hosts. For
example, the “alliedtelesis” of “www.alliedtelssis.com” belongs to the toplevel domain “com” and the “www” belongs to the “alliedtelesis”.
The following diagram shows an example of DNS hierarchy.
Figure 79. DNS Hierarchy
Server Hierarchy
350
A network of domain name servers maintains the mappings between
domain names and their IP addresses. This network operates in a
hierarchy that is similar to the structure of the domain names. When a
local DNS server cannot resolve your request, it sends the request to a
higher level DNS server.
AT-8100 Switch Command Line User’s Guide
DNS Sever List
The DNS server list is a set of DNS servers that a DNS client on the switch
sends a request to. When you enter a domain name in the CLI as a part of
the command, for example, ping www.alliedtelesis.com, the DNS
client on the switch sends a DNS query to DNS servers on the DNS server
list to resolve the host name. To use domain names instead of IP
addresses on the switch, you must have at least one server on the DNS
server list. You can add a DNS server using the IP NAME-SERVER
command.
DNS List
You add top-level domains, such as “com” and “net” to the DNS list. The
switch appends a domain to incomplete host names in DNS requests.
Each domain in the DNS list is tried in DNS lookups. For example, when
you use the ping alliedtelesis command, the switch sends a DNS
request for “alliedtelesis.com.” When no match is found, the switch tries
“alliedtelesis.net.” You can create the DNS list using the IP DOMAIN-LIST
command.
Default Domain
The switch can have one default domain. The switch allows you to save
typing of a domain in the CLI by setting a default domain. Once you set a
default domain for the DNS, the DNS client appends this domain to
incomplete host names in DNS requests. For example, you set
“alliedtelesis.com” as a default domain. When you type the command ping
host2 in the CLI, the switch sends a DNS request for
“host2.alliedtelesis.com.”
If a domain exists in the DNS list, the switch does not use the default
domain. The switch uses the default domain only when no domains are
specified in the DNS list.
351
Chapter 17: Domain Name System (DNS)
Adding a DNS Server to the Switch
The switch has a DNS client. When you add a DNS server to the switch,
the DNS client allows you to use domain names instead of IP addresses
when you use commands on the switch.
The switch cannot resolve a host name until you have added at least one
server to the DNS server list on the switch. There is no limit on the number
of servers you can add to the list.
To add the IP address of a DNS server, use the IP NAME-SERVER
command. The following example adds the IP address of a DNS server,
10.8.4.75 to the list of DNS servers:
awplus> enable
awplus# configure terminal
awplus(config)# ip name-server 10.8.4.75
To display the list of DNS servers, use the SHOW IP NAME-SERVER
command in the Privileged Exec mode:
awplus# show ip name-server
Here is an example of the information the command displays.
DNS Name Servers:
10.8.4.75
Figure 80. SHOW IP NAME-SERVER Command Display
352
AT-8100 Switch Command Line User’s Guide
Enabling or Disabling the DNS Client
The DNS client on the switch allows you to use domain names instead of
IP addresses when you enter commands on your switch. The DNS client
on the switch is enable by default.
To disable the DNS client, use the NO IP DOMAIN-LOOKUP command:
awplus# no ip domain-lookup
To enable the DNS client, use the IP DOMAIN-LOOKUP command:
awplus> enable
awplus# ip domain-lookup
353
Chapter 17: Domain Name System (DNS)
Adding a Domain to the DNS List
The switch allows you to create a list of domains to save typing the portion
of a domain name on the CLI. Once you add domains to the DNS list, the
switch appends a domain name to incomplete host names in DNS
request. Each domain in the DNS list is tried in DNS lookups. The first
entry added to the DNS list is checked first. Then the second DNS list
entry is checked and so forth.
For example, to add the top-level domains “.com” and “.net” to the DNS
list, use the following commands:
awplus(config)# ip domain-list com
awplus(config)# ip domain-list net
If you enter the command ping alliedtelesis, the switch sends a DNS
request for “alliedtelesis.com.” When no match was found, the switch tries
“alliedtelesis.net.”
To view the entries in the DNS list, use the command:
awplus# show ip domain-name
Here is an example of the information the command displays.
DNS default domain: alliedtelesis.com
DNS domain list:
domain com
domain net
domain oh.us
Figure 81. SHOW IP DOMAIN-NAME Command Display
Also, the SHOW HOSTS command displays the default domain name, a
list of DNS domain names, and a list of DNS servers:
awplus# show hosts
Here is an example of the information the command displays.
DNS default domain: alliedtelesis.com
DNS domain list:
domain com
domain net
domain oh.us
DNS Name Servers:
192.168.1.85
Figure 82. SHOW HOSTS Command Display
354
AT-8100 Switch Command Line User’s Guide
Setting a Default Domain Name for the DNS
The switch allows you to save typing of the portion of a domain name in
the CLI by setting a default domain. Once you set a default domain for the
DNS, the DNS client appends this domain to incomplete host-names in
DNS requests. For example, you set “alliedtelesis.com” as a default
domain. When you type the command ping host2 in the CLI, the switch
sends a DNS request for “host2.alliedtelesis.com.”
If any domain exists in the DNS list, the switch does not use the default
domain. The switch uses the default domain only when no domains are
specified in the DNS list.
To set “alliedtelesis.com” as a default domain name, use the IP DOMAINNAME command:
awplus> enable
awplus# configure terminal
awplus(config)# ip domain-name alliedtelesis.com
To display the default domain, use the SHOW IP DOMAIN-NAME
command in the Privileged Exec mode:
awplus# show ip domain-name
Here is an example of the information the command displays.
DNS default domain: alliedtelesis.com
Figure 83. Displaying the Default Domain
Also, the SHOW HOSTS command displays the default domain name
among other information:
awplus# show hosts
Here is an example of the information the command displays.
DNS default domain: alliedtelesis.com
Figure 84. SHOW HOSTS Command Display
355
Chapter 17: Domain Name System (DNS)
356
Chapter 18
Domain Name System (DNS)
Commands
The DNS commands are summarized in Table 35.
Table 35. DNS Commands
Command
Mode
Description
“IP NAME-SERVER” on page 358
Global
Configuration
Adds a DNS server to the list of
servers that the switch sends DNS
queries to.
“IP DOMAIN-NAME” on page 360
Global
Configuration
Adds a default domain name that is
appended to DNS requests.
“IP DOMAIN-LIST” on page 361
Global
Configuration
Adds a domain name to the DNS list
that the switch tries starting with the
first entry added.
“IP DOMAIN-LOOKUP” on page 363
Global
Configuration
Enables the DNS client on the switch
to use domain names instead of IP
addresses in commands.
“SHOW IP NAME-SERVER” on
page 364
Privileged Exec
Displays the list of DNS servers on the
switch.
“SHOW IP DOMAIN-NAME” on
page 365
Privileged Exec
Displays a default domain and a list of
domains configured on the switch.
“SHOW HOSTS” on page 366
Privileged Exec
Displays the status of the DNS client,
the configured DNS servers, and the
default domain.
357
Chapter 18: Domain Name System (DNS) Commands
IP NAME-SERVER
Syntax
ip name-server <ip-address>
Parameters
ip-address
Specifies the IP address of a DNS server.
Mode
Global Configuration mode
Description
Use this command to add the IP address of a DNS server to the DNS
server list on the switch. The DNS client on the switch sends DNS queries
to servers on this list when trying to resolve a DNS host name. The switch
cannot resolve a host name until you have added at least one server to
this list. There is a maximum of three servers that you can add to the list.
When the switch is using its DHCP client for an interface, it can receive
Option code 6 from the DHCP server. After a switch receives Option code
6 from a DHCP server, it automatically adds information about the DHCP
server to the end of the existing domain list.
To delete a DNS server from the switch’s server list, use the NO IP NAMESERVER command with the IP address of the DNS server.
Confirmation Command
“SHOW IP NAME-SERVER” on page 364
Examples
To allow the switch to send DNS queries to a DNS server at 10.10.10.5,
use the commands:
awplus> enable
awplus# configure terminal
awplus(config)# ip name-server 10.10.10.5
358
AT-8100 Switch Command Line User’s Guide
To delete a DNS server with an IP address of 10.10.10.5 from the DNS
server list, use the command:
awplus> enable
awplus# configure terminal
awplus(config)# no ip name-server 10.10.10.5
359
Chapter 18: Domain Name System (DNS) Commands
IP DOMAIN-NAME
Syntax
ip domain-name <domain-name>
Parameters
domain-name
Specifies a domain string, for example “alliedtelesis.com.”
Mode
Global Configuration mode
Description
Use this command to set a default domain for the DNS. The DNS client on
the switch appends this domain to incomplete host names in DNS
requests.
If a domain exists in the DNS list, the switch does not use the default
domain you specify with this command. The switch uses the default
domain only when no domains are specified in the DNS list. To view the
DNS list, use the SHOW IP DOMAIN-NAME command.
When the switch is using its DHCP client for an interface, it can receive
DHCP option 15 from the DHCP server.The option 15 replaces the
domain name specified by the IP DOMAIN-NAME command with the
domain name from the DHCP server.
Confirmation Command
“SHOW IP NAME-SERVER” on page 364
Example
The following command configures the domain name, “alliedtelesis.com:”
awplus> enable
awplus# configure terminal
awplus(config)# ip domain-name alliedtelesis.com
360
AT-8100 Switch Command Line User’s Guide
IP DOMAIN-LIST
Syntax
ip domain-list <domain-name>
Parameters
domain-name
Specifies a domain string, for example, “com.”
Mode
Global Configuration mode
Description
Use this command to add a domain name to the DNS list on the switch.
You can add up to three domain names to the list.
The domain is appended to incomplete host names in DNS requests. Each
domain is tried in turn in DNS lookups. The first entry you create is
checked first.
For example, when you add “com” first, then “net” to the DNS list, and
enter the PING ALLIEDTELESIS command in the CLI, the switch appends
“com” to “alliedtelesis” using “.” as a separator and sends a DNS request
for “alliedtelesis.com”. When no match is found, the switch appends the
second entry, “net” in the DNS list and tries “alliedtelesis.net”.
Note
Do not include “.” as a domain. The switch adds “.” when appending
a domain to an incomplete host name.
To delete a domain from the DNS list, use the NO IP DOMAIN-LIST
command.
Confirmation Command
“SHOW IP DOMAIN-NAME” on page 365
361
Chapter 18: Domain Name System (DNS) Commands
Examples
To add the domains com and net to the DNS list, use the following
commands:
awplus> enable
awplus# configure terminal
awplus(config)# ip domain-list com
awplus(config)# ip domain-list net
To delete the domain “net” from the DNS list, use the following command:
awplus> enable
awplus# configure terminal
awplus(config)# no ip domain-list net
362
AT-8100 Switch Command Line User’s Guide
IP DOMAIN-LOOKUP
Syntax
ip domain-lookup
Parameters
None
Mode
Global Configuration mode
Description
Use this command to enable the DNS client on the switch. The command
allows you to use domain names instead of IP addresses in commands.
The DNS client resolves a domain name into an IP address by sending a
DNS query to the DNS server specified with the IP NAME-SERVER
command.
The DNS client is enabled by default. However, it does not attempt DNS
queries unless at least one DNS server is configured.
To disable the DNS client on the switch, use the NO IP DOMAIN-LOOKUP
command.
Example
The following example enables the DNS client on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# ip domain-lookup
The following command disables the DNS client on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# no ip domain-lookup
363
Chapter 18: Domain Name System (DNS) Commands
SHOW IP NAME-SERVER
Syntax
show ip name-server
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the list of DNS servers on the DNS server list
on the switch. This command shows a static list configured using the IP
NAME-SERVER command. An example of the information is shown in
Figure 85.
DNS Name Servers:
10.8.4.75
Figure 85. SHOW IP NAME-SERVER Command
Example
To display the list of DNS servers configured using the IP NAME-SERVER
command:
awplus# show ip name-server
364
AT-8100 Switch Command Line User’s Guide
SHOW IP DOMAIN-NAME
Syntax
show ip domain-name
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the default domain and a list of domains on
the DNS list on the switch. This command shows information configured
using the IP DOMAIN-NAME and IP DOMAIN-LIST commands. An
example of the information is shown in Figure 86.
DNS default domain: alliedtelesis.com
DNS domain list:
domain com
domain net
Figure 86. SHOW IP DOMAIN-NAME Command
Example
This example displays the default domain and the list of domains:
awplus# show ip domain-name
365
Chapter 18: Domain Name System (DNS) Commands
SHOW HOSTS
Syntax
show hosts
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the default domain name, a list of DNS
domain names, and a list of DNS servers. Figure 87 shows an example of
the information.
DNS default domain: alliedtelesis.com
DNS domain list:
domain com
domain net
domain oh.us
DNS Name Servers:
192.168.1.85
Figure 87. SHOW HOSTS Command
Example
To display the information:
awplus# show hosts
366
Chapter 19
MAC Address Table
This chapter discusses the following topics:

“Overview” on page 368

“Adding Static MAC Addresses” on page 370

“Deleting MAC Addresses” on page 372

“Setting the Aging Timer” on page 374

“Displaying the MAC Address Table” on page 375
367
Chapter 19: MAC Address Table
Overview
The MAC address table stores the MAC addresses of all the network
devices that are connected to the switch’s ports. Each entry in the table
consists of a MAC address, a port number where an address was learned
by the switch, and an ID number of a VLAN where a port is a member.
The switch learns the MAC addresses of the network devices by
examining the source addresses in the packets as they arrive on the ports.
When the switch receives a packet that has a source address that is not
already in the table, it adds the address, along with the port number where
the packet was received and the ID number of the VLAN where the port is
a member. The result is a table that contains the MAC addresses of all the
network devices that are connected to the switch’s ports.
The purpose of the table is to allow the switch to forward packets more
efficiently. When a packet arrives on a port, the switch examines the
destination address in the packet and refers to its MAC address table to
determine the port where the destination node of that address is
connected. It then forwards the packet to that port and on to the network
device.
If the switch receives a packet with a destination address that is not in the
MAC address table, it floods the packet to all its ports, excluding the port
where the packet was received. If the ports are grouped into virtual LANs,
the switch floods the packet only to those ports that belong to the same
VLAN from which the packet originated. This prevents packets from being
forwarded to inappropriate LAN segments and increases network security.
When the destination node responds, the switch adds the node’s MAC
address and port number to the MAC address table.
If the switch receives a packet with a destination address that is on the
same port on which the packet was received, it discards the packet
without forwarding it on to any port. Because both the source node and the
destination node for the packet are located on the same port on the
switch, there is no reason for the switch to forward the packet. This too
increases network performance by preventing frames from being
forwarded unnecessarily to other network devices.
MAC addresses learned by the switch are referred to as dynamic
addresses. Dynamic MAC addresses are not stored indefinitely in the
MAC address table. They are automatically deleted when they are
inactive. A MAC address is considered inactive if the switch does not
receive any frames from the network device after a specified period of
time. The switch assumes that the node with that MAC address is no
longer active and that its MAC address can be purged from the table. This
prevents the MAC address table from becoming filled with addresses of
nodes that are no longer active.
368
AT-8100 Switch Command Line User’s Guide
The period of time the switch waits before purging inactive dynamic MAC
addresses is called the aging time. This value is adjustable on the switch.
The default value is 300 seconds (5 minutes).
You can also enter addresses manually into the table. These addresses
are referred to as static addresses. Static MAC addresses remain in the
table indefinitely and are never deleted, even when the network devices
are inactive. Static MAC addresses are useful for addresses that the
switch might not learn through its normal learning process or for addresses
that you want the switch to retain, even when the end nodes are inactive.
369
Chapter 19: MAC Address Table
Adding Static MAC Addresses
The command for adding static unicast MAC addresses to the switch is
MAC ADDRESS-TABLE STATIC in the Global Configuration mode. Here
is the format of the command:
mac address-table static macaddress forward|discard
interface port [vlan vlan-name|vid]
Here are the variables of the command:

macaddress - Use this variable to specify the unicast or multicast
MAC address you want to add to the table. You can add only one
address at a time. In the command, the address must be specified
in either one of the following formats:
xx:xx:xx:xx:xx:xx or xxxx.xxxx.xxxx

forward|discard - Use these variables to specify whether the port is
to forward or discard packets that have the designated source
MAC address.

port - Use this variable to specify the port to which the end node of
an address is connected. You can specify just one port.

vlan-name or VID - Use this variable to specify the name or the ID
number of the VLAN of the port of the address. This information is
optional in the command.
This example adds the static MAC address 00:1B:75:62:10:84 to port 12
in the Support VLAN. The port forwards the packets of the designated
network device:
awplus> enable
awplus# configure terminal
awplus(config)# mac address-table static 00:1b:75:62:10:84
forward interface port1.0.12 vlan Support
This example adds the static MAC address 00:A2:BC:34:D3:67 to port 11
in the VLAN with the ID 4. The port forwards the packets of the designated
network device:
awplus> enable
awplus# configure terminal
awplus(config)# mac address-table static 00:a2:bc:34:d3:67
forward interface port1.0.12 vlan 4
This example adds the static MAC address 00:A0:D2:18:1A:11 to port 7.
The port discards the packets of the designated network device:
370
AT-8100 Switch Command Line User’s Guide
awplus> enable
awplus# configure terminal
awplus(config)# mac address-table static 00:a0:d2:18:1a:11
discard interface port1.0.7
371
Chapter 19: MAC Address Table
Deleting MAC Addresses
To delete MAC addresses from the switch, use the CLEAR MAC
ADDRESS-TABLE command in the Privileged Exec mode. The format of
the command is:
clear mac address-table dynamic|static [address
macaddress]|[interface port]|[vlan vid]
Here are the variables:

dynamic - This variable lets you delete dynamic addresses.

static - This parameter lets you delete static addresses.

address - You can use this parameter to delete specific addresses.
You can delete just one address at a time. In the command, the
address must be specified in either one of the following formats:
xx:xx:xx:xx:xx:xx or xxxx.xxxx.xxxx

interface - You can use this parameter to delete all of the static or
dynamic addresses on a particular port. You can specify more than
one port at a time.

vlan - You can use this parameter to delete all of the static or
dynamic addresses on the ports of a particular VLAN. You can
specify just one VID at a time.
This example of the command deletes all of the dynamic addresses from
the table:
awplus> enable
awplus# clear mac address-table dynamic
This example deletes all of the static addresses:
awplus> enable
awplus# clear mac address-table static
This example deletes a single dynamic address:
awplus> enable
awplus# clear mac address-table dynamic address
00:12:a3:68:79:b2
This example deletes a single static address:
awplus> enable
awplus# clear mac address-table static address
00:12:a3:d4:67:da
372
AT-8100 Switch Command Line User’s Guide
This example deletes all of the dynamic addresses learned on port 20:
awplus> enable
awplus# clear mac address-table dynamic interface port1.0.20
This example deletes all of the static addresses added to ports 2 to 5:
awplus> enable
awplus# clear mac address-table static interface port1.0.2port1.0.5
This example deletes all of the dynamic addresses learned on the ports of
the VLAN with the VID 82:
awplus> enable
awplus# clear mac address-table dynamic vlan 82
This example deletes all of the static addresses added to the ports of the
VLAN with the VID 18:
awplus> enable
awplus# clear mac address-table static vlan 18
373
Chapter 19: MAC Address Table
Setting the Aging Timer
The aging timer defines the length of time that inactive dynamic MAC
addresses remain in the table before they are deleted by the switch. The
switch deletes inactive addresses to insure that the table contains only
active and current addresses.
The aging timer does not apply to static addresses because static
addresses are not deleted by the switch, even when the network devices
are inactive.
To set the aging timer, use the MAC ADDRESS-TABLE AGEING-TIME
command in the Global Configuration mode. Here is the format of the
command:
mac address-table ageing-time value
The aging-time is expressed in seconds and has a range of 0 to 1048575
seconds. The default is 300 seconds (5 minutes). The value 0 disables the
aging timer so that inactive MAC addresses are never deleted from the
table.
To view the current setting for the MAC address aging timer, refer to
“Displaying the MAC Address Table” on page 375.
This example sets the aging timer to 800 seconds:
awplus> enable
awplus# configure terminal
awplus(config)# mac address-table ageing-time 800
374
AT-8100 Switch Command Line User’s Guide
Displaying the MAC Address Table
To view the aging time or the MAC address table, use the SHOW MAC
ADDRESS-TABLE command in the Privileged Exec mode. Here is its
format:
show mac address-table [interface port]|[vlan vid]
An example of the table is show in Figure 88.
Aging Interval: 300 second(s)
Switch Forwarding Database
-----------------------------------------------------------VLAN
Port
MAC
Fwd
-----------------------------------------------------------1
1.0.5
0011.2495.53f8
forward
dynamic
1
1.0.5
0023.6c90.08b9
forward
dynamic
1
1.0.5
0024.36a0.1551
forward
dynamic
1
1.0.5
0025.00d7.8908
forward
dynamic
1
1.0.5
0050.50de.ad01
forward
dynamic
.
.
.
-----------------------------------------------------------Total Number of MAC Addresses: 121
Multicast Switch Forwarding Database
Total Number of MCAST MAC FDB Addresses: 1
--------------------------------------------------------------------VLAN
MAC
Port Maps (U:Untagged T:Tagged)
--------------------------------------------------------------------1
01:00:51:00:00:01
Static
U:18-24
T:
Figure 88. SHOW MAC ADDRESS-TABLE Command
The columns in the window are described in “SHOW MAC ADDRESSTABLE” on page 386.
This example of the command displays the entire MAC address table:
awplus# show mac address-table
This example displays the MAC addresses learned on port 2:
awplus# show mac address-table interface port1.0.2
375
Chapter 19: MAC Address Table
This example displays the addresses learned on the ports in a VLAN with
the VID 8:
awplus# show mac address-table vlan 8
376
Chapter 20
MAC Address Table Commands
The MAC address table commands are summarized in Table 36.
Table 36. MAC Address Table Commands
Command
Mode
Description
“CLEAR MAC ADDRESS-TABLE” on
page 378
Privileged Exec
Deletes MAC addresses from the
MAC address table.
“MAC ADDRESS-TABLE AGEINGTIME” on page 380
Global
Configuration
Sets the aging timer, which is used by
the switch to identify inactive dynamic
MAC addresses for deletion from the
table.
“MAC ADDRESS-TABLE STATIC” on
page 382
Global
Configuration
Adds static unicast MAC addresses to
the table.
“NO MAC ADDRESS-TABLE STATIC”
on page 384
Global
Configuration
Deletes static unicast MAC addresses
from the table.
“SHOW MAC ADDRESS-TABLE” on
page 386
Privileged Exec
Displays the MAC address table and
the aging timer.
377
Chapter 20: MAC Address Table Commands
CLEAR MAC ADDRESS-TABLE
Syntax
clear mac address-table dynamic|static [address
macaddress]|[interface port]|[vlan vid]
Parameters
dynamic
Deletes dynamic MAC addresses.
static
Deletes static addresses.
address
Deletes a specific address.
macaddress
Specifies the address to be deleted. The address must be
specified in either one of the following formats: xx:xx:xx:xx:xx:xx or
xxxx.xxxx.xxxx
interface
Deletes MAC addresses learned on a specific port.
macaddress
Specifies the port the MAC addresses to be deleted was learned
on. You can specify more than one port.
vlan
Deletes MAC addresses learned on a specific VLAN.
vid
Specifies the VID of the VLAN the MAC addresses to be deleted
was learned on. You can specify just one VID.
Mode
Privileged Exec mode
Description
Use this command to delete addresses from the MAC address table.
Confirmation Command
“SHOW MAC ADDRESS-TABLE” on page 386.
378
AT-8100 Switch Command Line User’s Guide
Examples
This example deletes all of the dynamic addresses from the table:
awplus> enable
awplus# clear mac address-table dynamic
This example deletes all of the static addresses:
awplus> enable
awplus# clear mac address-table static
This example deletes a single dynamic address:
awplus> enable
awplus# clear mac address-table dynamic address
00:12:a3:34:8b:32
This example deletes a single static address:
awplus> enable
awplus# clear mac address-table static address
00:12:a3:d4:67:da
This example deletes all of the dynamic addresses learned on ports 17 to
20:
awplus> enable
awplus# clear mac address-table dynamic interface port1.0.17port1.0.20
This example deletes all of the static addresses added to port 19:
awplus> enable
awplus# clear mac address-table static interface port1.0.19
This example deletes all of the dynamic addresses learned on the ports of
the VLAN with the VID 12:
awplus> enable
awplus# clear mac address-table dynamic vlan 12
This example deletes all of the static addresses added to the ports of the
VLAN with the VID 56:
awplus> enable
awplus# clear mac address-table static vlan 56
379
Chapter 20: MAC Address Table Commands
MAC ADDRESS-TABLE AGEING-TIME
Syntax
mac address-table ageing-time value
Parameter
ageing-time
Specifies the aging timer in seconds for the MAC address table.
The range is 0 to 1048575 seconds. The default is 300 seconds (5
minutes).
Mode
Global Configuration mode
Description
Use this command to set the aging timer. The aging timer is used by the
switch to delete inactive dynamic MAC addresses from the MAC address
table, to prevent the table from becoming full of inactive addresses. An
address is considered inactive if no packets are sent to or received from
the corresponding node for the duration of the timer.
Setting the aging timer to 0 disables the timer. No dynamic MAC
addresses are aged out and the table stops learning new addresses after
reaching its maximum capacity.
To return the aging timer to its default value, use the NO form of this
command.
Confirmation Command
“SHOW MAC ADDRESS-TABLE” on page 386.
Examples
This example sets the aging timer to 500 seconds:
awplus> enable
awplus# configure terminal
awplus(config)# mac address-table ageing-time 500
380
AT-8100 Switch Command Line User’s Guide
This example disables the aging timer so that the switch does not delete
inactive dynamic MAC addresses from the table:
awplus> enable
awplus# configure terminal
awplus(config)# mac address-table ageing-time 0
This example returns the aging timer to its default setting of 1048575
seconds:
awplus> enable
awplus# configure terminal
awplus(config)# no mac address-table ageing-time
381
Chapter 20: MAC Address Table Commands
MAC ADDRESS-TABLE STATIC
Syntax
mac address-table static macaddress forward|discard
interface port [vlan vlan-name|vid]
Parameters
macaddress
Specifies the static unicast address you want to add to the switch’s
MAC address table. The address must be specified in either one of
the following formats: xx:xx:xx:xx:xx:xx or xxxx.xxxx.xxxx
forward
Forwards packets containing the designated source MAC address.
discard
Discards packets containing the designated source MAC address.
port
Specifies the port(s) where the MAC address is to be assigned. A
unicast MAC address can be added to only one port.
vlan-name
Specifies the name of the VLAN where the node designated by the
MAC address is a member.
vid
Specifies the ID number of the VLAN where the node designated
by the MAC address is a member. This parameter is optional.
Mode
Global Configuration mode
Description
Use this command to add static unicast MAC addresses to the switch’s
MAC address table. A static MAC address is never timed out from the
MAC address table, even when the end node is inactive. You can add just
one static MAC address at a time with this command.
The FORWARD and DISCARD parameters are used to specify whether
the switch is to forward or discard packets containing the specified source
MAC address.
382
AT-8100 Switch Command Line User’s Guide
Confirmation Command
“SHOW MAC ADDRESS-TABLE” on page 386
Examples
This example adds the static MAC address 44:C3:22:17:62:A4 to port 4 in
the Production VLAN. The port forwards the packets from the specified
node:
awplus> enable
awplus# configure terminal
awplus(config)# mac address-table static 44:c3:22:17:62:a4
forward interface port1.0.4 vlan Production
This example adds the static MAC address 00:A0:D2:18:1A:11 to port 7 in
the Default_VLAN, which has the VID 1. The port discards the packets
from the specified node:
awplus> enable
awplus# configure terminal
awplus(config)# mac address-table static 00:A0:D2:18:1A:11
discard interface port1.0.7 vlan 1
This example adds the static MAC address 78:1A:45:C2:22:32 to port 15
in the Marketing VLAN. The port forwards the packets:
awplus> enable
awplus# configure terminal
awplus(config)# mac address-table static 78:1A:45:C2:22:32
forward interface port1.0.15 vlan Marketing
383
Chapter 20: MAC Address Table Commands
NO MAC ADDRESS-TABLE STATIC
Syntax
no mac address-table static macaddress forward|discard
interface port [vlan vlan-name|vid]
Parameters
macaddress
Specifies the static unicast address you want to delete from the
switch’s MAC address table. The address must be specified in
either one of the following formats: xx:xx:xx:xx:xx:xx or
xxxx.xxxx.xxxx
forward
Forwards packets containing the designated source MAC address.
discard
Discards packets containing the designated source MAC address.
port
Specifies the port(s) where the MAC address is assigned.
vlan-name
Specifies the name of the VLAN where the node of the MAC
address is a member. This parameter is optional.
vid
Specifies the ID number of the VLAN where the node of the MAC
address is a member. You can omit this parameter when removing
addresses from the Default_VLAN.
Mode
Global Configuration mode
Description
Use this command to delete dynamic or static unicast addresses from the
switch’s MAC address table. This command performs the same function
as “CLEAR MAC ADDRESS-TABLE” on page 378.
Note
You cannot delete the switch’s MAC address, an STP BPDU MAC
address, or a broadcast address from the table.
384
AT-8100 Switch Command Line User’s Guide
Confirmation Command
“SHOW MAC ADDRESS-TABLE” on page 386
Examples
This example deletes the MAC address 00:A0:D2:18:1A:11 from port 12 in
the Default_VLAN, which has the VID 1. The port is forwarding packets of
the owner of the address:
awplus> enable
awplus# configure terminal
awplus(config)# no mac address-table static
00:A0:D2:18:1A:11 forward interface port1.0.12 vlan 1
This example deletes the MAC address 86:24:3c:79:52:32 from port 16 in
the Sales VLAN. The port is discarding packets of the owner of the
address:
awplus> enable
awplus# configure terminal
awplus(config)# no mac address-table static
86:24:3c:79:52:32 discard interface port1.0.16 vlan Sales
385
Chapter 20: MAC Address Table Commands
SHOW MAC ADDRESS-TABLE
Syntax
show mac address-table begin|exclude|include [interface
port]|[vlan vid]
Parameters
begin
Specifies the first line that matches the MAC address is displayed.
The address must be specified in either one of the following
formats: xx:xx:xx:xx:xx:xx or xxxx.xxxx.xxxx
exclude
Indicates the specified MAC address is excluded from the display.
The address must be specified in either one of the following
formats: xx:xx:xx:xx:xx:xx or xxxx.xxxx.xxxx
include
Indicates the specified MAC address is included in the display. The
address must be specified in either one of the following formats:
xx:xx:xx:xx:xx:xx or xxxx.xxxx.xxxx
port
Specifies a port. You may specify more than one port.
vid
Specifies a VID. You may specify one VID.
Modes
Privileged Exec mode
Description
Use this command to display the aging timer and the unicast and multicast
MAC addresses the switch has stored in the table. You may view all of the
addresses in the table or only the addresses learned on a particular port or
VLAN.
In addition, the software supports a GREP feature which allows you to
specify a MAC address that is displayed or a MAC address that is not
displayed by this command. You can also display MAC addresses that
begin with a specified value.
386
AT-8100 Switch Command Line User’s Guide
An example of the table is shown in Figure 89.
Aging Interval: 300 second(s)
Switch Forwarding Database
-----------------------------------------------------------VLAN
Port
MAC
Fwd
-----------------------------------------------------------1
1.0.1
00a0.d218.1ac8
Forward
Dynamic
1
1.0.2
00a0.c416.3b80
Forward
Dynamic
1
1.0.3
00a0.12c2.10c6
Forward
Dynamic
1
1.0.4
00a0.c209.10d8
Forward
Dynamic
1
1.0.4
00a0.3343.a187
Forward
Dynamic
1
1.0.4
00a0.12a7.1468
Forward
Dynamic
.
.
.
-----------------------------------------------------------Total Number of MAC Addresses: 121
Multicast Switch Forwarding Database
Total Number of MCAST MAC FDB Addresses: 1
--------------------------------------------------------------------VLAN
MAC
Port Maps (U:Untagged T:Tagged)
--------------------------------------------------------------------1
01:00:51:00:00:01
Static
U:18-24
T:
Figure 89. SHOW MAC ADDRESS-TABLE Command
The Aging Interval field at the top of the table displays the aging timer of
the MAC address table.
The Switch Forwarding Database displays the static and dynamic unicast
MAC addresses the switch has stored in the table. The first address is the
MAC address of the switch. The columns are defined in Table 37.
Table 37. SHOW MAC ADDRESS-TABLE Command - Unicast Addresses
Parameter
Description
VLAN
The ID number of the VLAN where the
port is an untagged member.
Port
The port where the address was learned
or assigned. The MAC address with port 0
is the address of the switch.
MAC
The dynamic or static unicast MAC
address learned on or assigned to the
port.
387
Chapter 20: MAC Address Table Commands
Table 37. SHOW MAC ADDRESS-TABLE Command - Unicast Addresses
Parameter
Description
Fwd
The status of the address. MAC
addresses have the status of Forward,
meaning that they are used by the switch
to forward packets.
(unlabeled)
The type of address: static or dynamic.
The Multicast Switch Forwarding Database contains the multicast
addresses. The columns are defined in this table.
Table 38. SHOW MAC ADDRESS-TABLE Command - Multicast
Addresses
Parameter
Description
VLAN
The ID number of the VLAN where the
port is an untagged member.
MAC
The multicast MAC address.
(unlabeled)
The type of the address: static or
dynamic.
Port Maps
The tagged and untagged ports on the
switch that are members of the multicast
group. This column is useful in
determining which ports belong to
different groups.
Examples
This example displays the entire MAC address table:
awplus# show mac address-table
This example displays the MAC addresses learned on ports 1 through 4:
awplus# show mac address-table interface port1.0.1-port1.0.4
This example displays the addresses learned on the ports in a VLAN with
a VID of 22:
awplus# show mac address-table vlan 22
This example displays the MAC addresses that include a value of
“90:08:B9:”
awplus# show mac address-table include 90:08:B9
388
Chapter 21
Hardware Stacking

“Overview” on page 390

“Configuring the Stack ID Number” on page 397

“Displaying the Switches of a Stack” on page 398

“Resetting the Switches of a Stack” on page 400

“Updating the Management Software” on page 401
Note
This feature is supported on the 8100S Series switches, but not on
the 8100L Series switches.
389
Chapter 21: Hardware Stacking
Overview
A stack is a group of two to eight 8100S Series switches that are linked
together with the S1 and S2 stacking ports. The switches function as a
unified Fast Ethernet switch. They synchronize their actions so that
network operations, such as spanning tree protocols, virtual LANs, and
static port trunks, span across all of the Fast Ethernet ports.
A stack has two principal advantages over stand-alone units:

You can configure all of the switches in a stack simultaneously
from the same management session, rather than individually from
different sessions, thereby simplifying network management.

You have more latitude in how some of the features may be
configured. For instance, when creating a static port trunk on a
stand-alone switch you have to choose ports from the same
switch. In contrast, a static trunk on a stack can have ports from
different switches in the same stack.
Note
For instructions on how to create a stack of 8100S Switches, refer to
the 8100S Series Stacking Installation Guide.
Master Switch
A stack must have a master switch to coordinate and monitor stack
operations. The master switch verifies that the switches are using the
same version of management software, that no two switches have the
same ID number, and that the stacking ports are cabled correctly.
The selection of the master switch is based on the ID numbers. The
master switch is the switch with the lowest ID number of all the switches in
the stack. The selection occurs during the discovery process, described in
“Initialization Processes” on page 393, which the stack performs whenever
you power on or reset it. If the master switch is removed from the stack or
fails, the member switch with the next lowest ID number automatically
becomes the new master switch. If that switch fails or is removed from the
stack, then the switch with the next lowest ID number becomes the new
master switch, and so on.
Stacking Port
Topologies
The switches are connected together with the S1 and S2 ports in the
management panels, and the stacking cables that come with the units.
There are two wiring configurations. The first topology is called the duplexchain topology. This topology connects the switches with a single
pathway. A stacking port on one switch is connected to a stacking port in
the next switch, which is connected to the next switch, and so on. The
connections crossover to different stacking ports on the switches, such
that the S1 port in one switch connects to the S2 port in the next switch.
390
AT-8100 Switch Command Line User’s Guide
The second topology, the duplex-ring topology, is identical to the duplexchain, except that the unused stacking ports on the end switches of the
stack are connected together to form a physical loop, creating two
pathways through the stack. An example of both topologies is shown in
Figure 90.
Although the topologies are the same in terms of network speed and
performance, the duplex-ring topology is the recommended wiring
configuration because of the secondary path it provides through the
stacking ports. The two pathways protect the switches of the stack against
the loss of communications due to a failure of a stacking port, cable, or
switch.
Duplex-chain Configuration
Duplex-ring Configuration
Figure 90. Duplex-chain and Duplex-ring Configurations
391
Chapter 21: Hardware Stacking
Active Boot
Configuration
File
The master switch stores the settings of the stack in a file in its file system.
This file is called the active boot configuration file. The switch updates the
file with the most recent parameter changes whenever you issue the
WRITE or COPY RUNNING-CONFIG STARTUP-CONFIG command.
The switch comes with two boot configuration files in the file system. The
files are identical and have the names BOOT.CFG and QSTART.CFG.
The BOOT.CFG file is the default active boot configuration file for the
switch.
The BOOT.CFG file assigns the switch the factory IP address
169.254.1.1. The address is assigned to the Default VLAN, which contains
all of the ports on the device.
You may use the IP address during the initial management session of the
switch. You may perform the session locally through the Console port or,
using the default IP address, from a remote Telnet client connected to any
of the networking ports.
The BOOT.CFG file is the default active file. You may continue to use that
file to store the parameter settings of the switch or create another boot
configuration file in the file system. There are several ways to do that, the
easiest being the BOOT CONFIG-FILE command, because it both creates
the file and designates it as the active boot configuration file for the switch.
The name of the active boot configuration file of the stack may be up to 16
alphanumeric characters, plus the .CFG extension. For example, you
might name the file STACKBLF2RM4.CFG.
The QSTART.CFG file is identical to the BOOT.CFG file. If you use the
BOOT.CFG to store the parameter settings of the switch, you may restore
the factory settings simply by copying the QSTART.CFG file as the
BOOT.CFG file.
The master switch periodically sends the active boot configuration file over
the stacking ports to the other switches in the stack, which save the file in
their respective file systems. The master switch distributes the file so that
should it stop functioning or be removed from the stack, any of the other
switches can assume the role of master switch. Here are the events that
prompt the master switch to distribute the active boot configuration to the
member switches.
392

When the stack performs the discovery process. The stack
performs the discovery process when it is powered on or reset,
and when a stacking cable is connected or disconnected from a
unit in the stack. At the completion of the discovery process, the
master switch sends its active boot configuration file to the
member switches.

When you enter the WRITE command to save your changes to the
parameter settings, to the active boot configuration file. After
AT-8100 Switch Command Line User’s Guide
updating the file, the master switch sends it to the member
switches.
This is mentioned because the master switch changes the name of the
active boot configuration file to BOOT.CFG as it sends the file to the other
switches during the discovery process or in response to the WRITE
command. Additionally, it instructs the other switches to designate that
filename as the active boot configuration file so that they use that file if
they become the master switch.
Here is an example of how the process works. Let’s assume your stack
has three switches, assigned the ID numbers 1 to 3. The switch with the ID
number 1 is the master switch because it has the lowest ID number of all
the switches in the stack. Now assume that you use the BOOT CONFIGFILE to create a new active boot configuration file for the stack and call it
STACKBLF2RM4.CFG. After configuring some of the stack parameter
settings, you issue the WRITE command. In response, the master switch
updates the STACKBLF2RM4.CFG file with your changes and then
transmits it, with the new name BOOT.CFG, over the stacking ports to the
other switches. They in turn store the file in their file systems and, if they
have not already, designate it as their active boot configuration file, so that
they use that file should they become the master switch.
Now assume that you remove the master switch from the stack. The
switch with the ID number 2 becomes the new master switch because it
has the next lowest ID number. The configuration settings of the two
remaining switches remain the same, even with the removal of the original
master switch, because the new master switch has the same active boot
configuration. The file just happens to have a different name. On the
original master switch it was called STACKBLF2RM4.CFG, but on the new
master unit it is BOOT.CFG.
So does this mean that you should use BOOT.CFG as the filename for the
active boot configuration files on your stacks? It does not really matter so
long as you remember that if you use a different name, the master switch
changes it to BOOT.CFG when it sends the file to the member switches.
To reduce the chance of errors, keep the active boot file as BOOT.CFG on
all switches and use the multiple filename capability to create backup files.
For instance, you can create a time-stamped backup of the current
BOOT.CFG file with the COPY command. To copy the current BOOT.CFG
file to a file called “backup2012-4-1.cfg,” enter the following command:
awplus# COPY boot.cfg back2012-4-1.cfg
Initialization
Processes
The switches of the stack synchronize their operations in a five phase
process whenever they are powered on or reset, and prior to forwarding
network traffic from their ports.
In the first four phases the switches initialize their management software
and features. These phases take a total of approximately 40 seconds.
393
Chapter 21: Hardware Stacking
The fourth phase is called the discovery process. In this phase the
switches determine the number of devices in the stack, the cabling
topology, and, in the case of the duplex-ring topology, the active path
through the stacking ports. It is also in this phase that the master switch of
the stack is identified. The discovery process takes approximately 80
seconds.
In the fifth phase the master switch uses its active boot configuration file in
its file system to configure the settings of all of the switches in the stack.
This phase may take from just a few seconds to up to a minute, depending
on the size of the stack and the number and complexity of the commands
in the file.
The switches of the stack begin to forward network traffic at the
completion of the fifth phase.
The stack performs all of the phases when the switches are powered on or
reset. The discovery phase is repeated if a switch is added or removed
from the stack.
For further information about the initialization processes and instructions
on how to monitor them, refer to the 8100S Series Stacking Installation
Guide.
Stacking Actions
Here are the actions of an active stack when a master or member switch is
removed:

If the stack has only two switches and you remove or power off one
of the units, the remaining switch automatically resets as a standalone device.

If the master switch of a stack of three of more units is removed or
powered off, the member switch with the lowest ID number of the
remaining devices automatically assumes the role as the master
switch of the stack. The remaining switches retain their
configuration settings and there is no interruption of the forwarding
of Layer 2 packets from the remaining switches.
Here are the actions of an active stack when a new switch is added:
394

If the ID number of the new member switch is higher than the
numbers of the existing switches, the master switch waits for the
new unit to initialize its management software and afterwards
checks the version number of the software against its own
software. If the new unit has a different version, the master switch
downloads its software to the new unit.

If the ID number of the new member switch is lower than the ID
number of the current master switch, a message is displayed on all
of the active local and remote management sessions. You may
use the message to designate the new member switch as the new
master switch of the stack. If you respond with yes, the stack
AT-8100 Switch Command Line User’s Guide
resets and the new member becomes the new master switch and
the previous master switch is reassigned the next available ID
number. If you respond with no or if there is no response to the
message after 30 seconds, the new member is reassigned the next
available ID number.
Caution
Designating the new member as the new master switch causes the
stack to lose its configuration unless the new unit has the same
configuration file as the previous master switch.

If the ID number of the new member switch is the same as one of
the existing switches in the stack, the new member is automatically
assigned the next available ID number.
If there is an interruption on the links on the stacking ports such that
switches become isolated from each other, the isolated switches may use
the same IP address, creating an IP address conflict on your network. This
can be minimized by using the duplex-ring topology to cable the switches.
If a stacking link fails in the duplex-ring topology, the stack automatically
reverts to the duplex-chain topology to maintain connectivity between the
switches.
Guidelines
Here are the general guidelines to building a new 8100S Series stack. For
complete installation instructions, refer to the 8100S Series Stacking
Installation Guide:

All 8100S Series switches support stacking.

A stack can have up to eight switches or 208 ports.

The switches of a stack may be the same model or different
models. For instance, a stack can have AT-8100S/24C, AT-8100S/
48, and AT-8100S/16F8-SC Switches, so long as it does not
exceed eight switches or 208 ports.

The 8100L Series switches do not support stacking.

An 8100S Series stack cannot contain other stacking devices, such
as AT-9400Ts Series switches.

The 8100S Series switches do not need any additional modules or
software for stacking.

You have to assign the switches unique stack ID numbers, in the
range or 1 to 8, with the STACK command in the Global
Configuration mode. You have to assign the numbers before
connecting the switches together with the S1 and S2 ports. (A
stack in which two or more switches have the same ID number will
not function properly.)

The stack ID number 0 is reserved for stand-alone switches.
395
Chapter 21: Hardware Stacking

The switch with the lowest ID number is the master switch of the
stack.

The master switch can be any switch in the stack.

If the master unit fails or is removed from the stack, the member
switch with the next lowest ID number takes over as the new
master switch.

The stacking feature described in this chapter is unrelated to the
enhanced stacking feature described in Chapter 23, “Enhanced
Stacking” on page 409. They are completely different features. (At
the time this manual was written, 8100S stacking did not support
enhanced stacking. You have to install the switches as standalone units to use enhanced stacking.)

The 8100L Series switches do not support stacking, but they have
a stack ID LED and an ID number because they use the same
management software as the 8100S Series switches. The correct
ID number of an 8100L Series switch is “0.”
Here are the general guidelines to adding a new switch to an existing
stack:
396

You have to assign the new switch an ID number before you add it
to the stack. The range is 1 to 8.

The ID number for the new switch must be different from the ID
numbers of the existing switches in the stack.

The ID number for the new switch should be greater than the ID
numbers of the existing switches. For example, if the existing
switches are number 1 to 4, you should assign the new switch the
ID number 5.

Do not assign the new switch the ID number 0. That number is
reserved for stand-alone operation.

Power off the new switch before connecting it to the stack. You
should never connect a new switch to an existing stack while it is
powered on.

If you are removing or replacing a member switch, IP connectivity
through the stack is interrupted until the stack reforms. However,
IP traffic is not interrupted.
AT-8100 Switch Command Line User’s Guide
Configuring the Stack ID Number
To set the stack ID number of a switch, use the STACK command in the
Global Configuration mode. The command has this format:
stack old_id renumber new_id
The OLD_ID parameter specifies the current ID number of the switch. This
number is visible on the Stack ID LED and displayed with the SHOW
STACK command, described in “Displaying the Switches of a Stack” on
page 398.
The NEW_ID parameter specifies the switch’s new stack ID number. The
range is 0 to 8. A switch can have only one ID number.
Before assigning the stack ID number to a switch, consider the following
items:

A switch should be assigned a stack ID number before it is
connected to the stack.

Each switch in a stack must have a unique ID number.

The stack ID number 0 is used for stand-alone switches.

A switch can have only one ID number.
Caution
This command causes the switch to reset. The switch does not
forward network traffic while it initializes its management software.
Some network traffic may be lost.
This example of the command changes the stack ID number from 0 to 2:
awplus> enable
awplus# configure terminal
awplus(config)# stack 0 renumber 2
This example changes the ID number from 4 to 0:
awplus> enable
awplus# configure terminal
awplus(config)# stack 4 renumber 0
397
Chapter 21: Hardware Stacking
Displaying the Switches of a Stack
The SHOW STACK command in the Privileged Exec mode displays the
stack ID numbers and MAC addresses of the switches of a stack:
awplus> enable
awplus# show stack
The information the command displays depends on whether the switch is
a stand-alone unit or part of a stack. If the switch is assigned the stack ID
number 0, the ID number for a stand-alone unit, the command displays
this prompt:
% Stacking is disabled on this switch.
If the switch has a stack ID number of 1 to 8 but is not connected to a
stack, the command displays the stack ID number and MAC address of
the switch. Here is an example of the information.
Stacking summary Information:
ID MACADDRESS
SwVer
Model
Operational status
Standalone unit
Local Module ID:
Local MAC Address:
1
00:00:54:55:56:42
Status
Role
Figure 91. SHOW STACK Command for a Stand-alone Switch with a
Stack ID of 1 to 8
It the switch is part of an active stack, the command lists information about
the switches. This example in Figure 92 on page 399 shows a stack of four
switches.
398
AT-8100 Switch Command Line User’s Guide
Stacking summary Information:
ID MACADDRESS
SwVer
Model
Status
Role
1
2
3
4
2.2.1.3
2.2.1.3
2.2.1.3
2.2.1.3
AT-8100S/24
AT-8100S/24C
AT-8100S/24
AT-8100S/48
Ready
Ready
Ready
Ready
Master
Member
Member
Member
00:00:54:55:56:42
00:00:54:55:78:11
00:00:54:55:12:09
00:00:54:55:56:42
Operational status
Ring topology is broken
Master Module ID:
Stack MAC Address:
1
00:00:54:55:56:42
Local Module ID:
Local MAC Address:
1
00:00:54:55:56:42
Figure 92. SHOW STACK Command on an Active Stack
The table lists the switches in the stack. The columns in the table are
defined in Table 39.
Table 39. SHOW STACK Command
Column
Definition
ID
The stack ID number of the switch.
MAC Address
The MAC address of the switch.
SwVer
The version number of the management
software.
Model
The model name of the switch.
Status
The current status of the switch.
Role
The stacking role of the switch, which can be
master or member.
The Operational status field displays the topology of the stacking ports.
The field displays “Ring topology is broken” for the duplex-chain topology
and “Normal operation” for the duplex-ring topology. For more information,
refer to “Stacking Port Topologies” on page 390.
The master module ID and stack MAC address fields display the ID
number and MAC address of the master switch. The local MAC module ID
and MAC address fields display the same information for the switch from
which you are managing the stack. In most situations, the master and local
fields display the same information because a stack should always be
managed through the master switch.
399
Chapter 21: Hardware Stacking
Resetting the Switches of a Stack
You can reset the switches of a stack with the RELOAD|REBOOT STACK
command in the Privileged Exec mode. The command has this format:
reload|reboot stack-member id_number|all
You may use this command to reset individual switches or all of the
switches in a stack. The command display a confirmation prompt.
The RELOAD and REBOOT keywords are equivalent, meaning you can
use either one in the command. The ID_NUMBER parameter specifies the
ID number of the switch in the stack you want to reset. The range is 1 to 8.
You may reset only one switch or all of the switches. To reset the entire
stack, use the ALL option.
Caution
This command resets the switch. The switch does not forward
network traffic while it initializes its management software. Some
network traffic may be lost.
Review the following information before using this command:

Resetting one switch in a stack of two switches causes both
switches to reset because the remaining switch momentarily
changes from stacking mode to stand-alone mode.

If you reset the master switch of a stack that has more than three
switches, the switch with the lowest stack ID number of the
remaining switches becomes the new master unit, until the original
master complete its management software initialization processes,
as explained in “Initialization Processes” on page 393.
This example of the command resets the switch with the ID 5:
awplus> enable
awplus# reload stack-member 5
reboot switch? (y/n): y
This example resets the entire stack:
awplus> enable
awplus# reload stack-member all
reboot switch? (y/n): y
400
AT-8100 Switch Command Line User’s Guide
Updating the Management Software
Allied Telesis may periodically release new versions of the management
software for this product on the company’s web site. For instructions on
how to obtain new software, see “Contacting Allied Telesis” on page 44.
To install new management software on the switches of a stack, you may
update the master switch and let that unit automatically update the
member switches for you. Here are the general steps:
1. Download the management software to the master switch of the stack
using TFTP. For instructions, refer to “Uploading or Downloading Files
with TFTP” on page 573.
2. After the master switch has received the new software from the TFTP
server on your network, it writes the file to flash memory and
automatically begins to download the new management software to
the member switches.
3. After all of the member switches have received and written the file to
their flash memories, the entire stack resets.
At this point, the stack is operating with the new management software.
Caution
This procedure is disruptive to network operations because it resets
the switches. Some network traffic may be lost.
401
Chapter 21: Hardware Stacking
402
Chapter 22
Stacking Commands
The stacking commands are summarized in Table 40.
Table 40. Stacking Commands
Command
Mode
Description
“RELOAD|REBOOT STACK” on
page 404
Global
Configuration
Resets the switches of a stack.
“SHOW STACK” on page 405
Privileged Exec
Displays the stack ID numbers and
MAC addresses of the switches of a
stack.
“STACK” on page 406
Global
Configuration
Sets the stack ID number of the
switch.
Note
For instructions on how to create a stack of 8100S Switches, refer to
the 8100S Series Stack Installation Guide.
403
Chapter 22: Stacking Commands
RELOAD|REBOOT STACK
Syntax
reload|reboot stack-member id_number|all
Parameter
id_number
Specifies the ID number of the switch to reset. This number is
displayed on the Stack ID LED and with “SHOW STACK” on
page 405. You may reset only one switch at a time or all of the
switches by entering the ALL parameter.
Mode
Privileged Exec mode
Description
Use this command to reset the switches of a stack. You may reset
individual units or all of the switches. The commands display a
confirmation prompt.
The RELOAD and RESET keywords are equivalent.
Caution
This command resets the switch. The switch does not forward
network traffic while it initializes its management software. Some
network traffic may be lost.
Examples
This example resets the switch with the ID number 4:
awplus> enable
awplus# reload stack-member 4
reboot switch? (y/n): y
This example resets the entire stack:
awplus> enable
awplus# reload stack-member all
reboot switch? (y/n): y
404
AT-8100 Switch Command Line User’s Guide
SHOW STACK
Syntax
show stack
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the stack ID numbers and MAC addresses of
the switches in a stack. The information the command displays depends
on whether the switch is acting as a stand-alone unit or as part of a stack.
For further information, refer to “Displaying the Switches of a Stack” on
page 398.
Example
The following example displays the stack ID numbers and MAC addresses
of the switches in a stack:
awplus> enable
awplus# show stack
405
Chapter 22: Stacking Commands
STACK
Syntax
stack old_id renumber new_id
Parameters
old_id
Specifies the current ID number of the switch. This number is
displayed on the Stack ID LED and with “SHOW STACK” on
page 405. You can enter only one ID number.
new_id
Specifies the switch’s new stack ID number. The range is 0 to 8.
You can enter only one ID number.
Mode
Global Configuration mode
Description
Use this command to set the stack ID number of the switch. The switch
can have only one ID number. The number should be set before the
switch is connected to the stack. The range is 0 to 8. Assign stand-alone
switches the stack ID number of 0.
This command displays a confirmation prompt. Type Y to renumber the
switch or N to cancel the procedure.
Caution
This command causes the switch to reset. The switch does not
forward network traffic while it initializes its management software.
Some network traffic may be lost.
Confirmation Command
“SHOW STACK” on page 405
Examples
This example assigns the stack ID number 1 to a switch that currently has
the ID number 0:
awplus> enable
awplus# configure terminal
awplus(config)# stack 0 renumber 1
406
AT-8100 Switch Command Line User’s Guide
This example assigns the stack ID number 0 to a switch that currently has
the ID number 4:
awplus> enable
awplus# configure terminal
awplus(config)# stack 4 renumber 0
407
Chapter 22: Stacking Commands
408
Chapter 23
Enhanced Stacking
This chapter discusses the following topics:

“Overview” on page 410

“Configuring the Command Switch” on page 413

“Configuring a Member Switch” on page 416

“Managing the Member Switches of an Enhanced Stack” on page 418

“Changing the Enhanced Stacking Mode” on page 420

“Uploading Boot Configuration Files from the Command Switch to
Member Switches” on page 422

“Uploading the Management Software from the Command Switch to
Member Switches” on page 429

“Disabling Enhanced Stacking” on page 431
409
Chapter 23: Enhanced Stacking
Overview
Enhanced stacking is a management tool that allows you to manage
different AT-8100 Switches from one management session. With
enhanced stacking you can start a management session on one switch
and then redirect the session to any of the other switches in the stack,
without having to start a new session.
It is important to understand that enhanced stacking is simply a
management tool. The switches of an enhanced stack continue to function
as stand-alone devices. As such, the switches operate independently of
each other and must be configured individually. For a description of how
the feature is used, refer to “Managing the Member Switches of an
Enhanced Stack” on page 418.
Note
Enhanced stacking is only supported on standalone switches. A
standalone switch is defined as a switch with a Device ID set to 0.
Command and
Member Switches
An enhanced stack must have one command switch. This switch is your
management access point to the other switches in a stack. To manage the
switches of a stack, you start a local or remote management session on
the command switch and then redirect the session, as needed, to the
other switches.
The other switches in the stack are known as member switches. They can
be managed either through the command switch with enhanced stacking
or from local or remote management sessions.
Common VLAN
410

The switches of an enhanced stack have to be connected together
with a common VLAN. The command switch uses this VLAN to
send out broadcast packets to search for the switches in the stack.
The VLAN also carries your configuration commands to the
switches. Here are several things to keep in mind when planning
the common VLAN of an enhanced stack:

The common VLAN can have any valid VLAN name and VLAN
identifier (VID)

A member switch can be connected indirectly to the command
switch through other switches, so long as there is an uninterrupted
path of the common VLAN to the command switch.

The Default_VLAN can be used as the common VLAN.

The common VLAN of the enhanced stack does not have to be
dedicated solely to that feature. It can be used like any other
VLAN.
AT-8100 Switch Command Line User’s Guide

A member switch can be any distance from the command switch,
so long as the distance adheres to Ethernet cabling standards.
For background information on port-based and tagged virtual LANs, refer
to Chapter 60, “Port-based and Tagged VLANs” on page 899.
Guidelines
General Steps
Here are the enhanced stacking guidelines for the AT-8100 Switch:

A stack can have up to 24 AT-8100 Switches.

The switches of an enhanced stack must be connected together
with a common port-based or tagged VLAN.

The common VLAN must have the same VID on all of the switches.

You can use tagged or untagged twisted pair or fiber optic ports of
the common VLAN to connect the switches together.

A member switch does not have to be connected directly to the
command switch. It can be connected indirectly through other
switches, so long as there is an uninterrupted path of the common
VLAN to the command switch.

There are not any distance limitations between the command
switch and the member switches of a stack, other than those
dictated by the Ethernet cabling standards.

The command switch must be assigned a management IP
address. The member switches do not require IP addresses.

The enhanced stacking feature on the AT-8100 Switch is not
compatible with the same feature on other Allied Telesis switches,
such as the AT-8400, AT-8500, and AT-9400 Switches.

Remote Telnet, SSH, or web browser management of an
enhanced stack must be conducted through the subnet of the
common VLAN. The remote management workstations must be
members of that subnet or have access to it through routers or
other Layer 3 devices.

The IP address 172.16.16.16 is reserved for the enhanced
stacking feature. It must not be assigned to any device on your
network.
Here are the general steps to implementing the enhanced stacking feature
on the switches:
1. Select an AT-8100 Switch to act as the command switch of the stack.
This can be any AT-8100 Switch.
2. On the switch chosen to be the command switch, activate enhanced
stacking and change its stacking status to command switch. The
commands are ESTACK RUN and ESTACK COMMAND-SWITCH,
both in the Global Configuration mode.
411
Chapter 23: Enhanced Stacking
3. On the member switches, activate enhanced stacking. You do not
have to set the enhanced stacking mode on the member switch
because the member mode is the default setting.
4. Create a common port-based or tagged VLAN on the command and
member switches. This step is not necessary if you are using the
Default_VLAN (VID 1) as the common VLAN.
5. Assign the command switch a management IP address in the common
VLAN.
6. If you plan to remotely manage the stack from management
workstations that are not members of the same subnet as the switch,
assign the command switch a default gateway that defines the first hop
to reaching the subnet of the workstations.
Since an enhanced stack is managed through the command switch,
only that switch must have a default gateway, and only if the remote
management workstations are not members of the same subnet as the
common VLAN of the stack.
7. Connect the devices together using twisted pair or fiber optic ports of
the common VLAN.
412
AT-8100 Switch Command Line User’s Guide
Configuring the Command Switch
Here is an example on how to configure the switch as the command switch
of the enhanced stack. The example creates a common VLAN and
assigns it a management IP address. Here are the specifications for this
command switch:

Common VLAN name: Tech_Support

VID: 12

Untagged VLAN ports: 18 to 22

Management IP address and subnet mask: 149.22.88.5 and
255.255.255.0

Default gateway: 149.22.88.27
(A default gateway is optional, but including it allows you to manage the
switch and the enhanced stack from remote workstations that are not in
the same subnet as the command switch.)
1. This step creates the common VLAN.
awplus> enable
Enter the Privileged Exec mode
from the User Exec mode.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# vlan database
From the Global Configuration
mode, enter the VLAN Interface
mode.
awplus(config-vlan)# vlan 12 name Tech_Support
Create the Tech_Support VLAN
and assign it the VID 12.
awplus(config-vlan)# exit
Return to the Global Configuration
mode.
awplus(config)# interface port1.0.18-port1.0.22
Enter the Port Interface mode for
ports 18 to 22.
awplus(config-if)# switchport mode access
Designate the ports as untagged
ports.
awplus(config-if)# switchport access vlan 12
Add the ports to the Tech_Support
VLAN.
awplus(config-if)# end
Return to the Privileged Exec
mode.
awplus# show vlan 12
Verify the new VLAN.
413
Chapter 23: Enhanced Stacking
2. After creating the common VLAN on the switch, assign it the
management IP address and default gateway:
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# interface vlan12
From the Global Configuration
mode, enter the VLAN Interface
mode for the Tech_Support VLAN.
awplus(config-if)# ip address 149.22.88.5/24
Assign the VLAN the management
IP address 149.22.88.5 and the
subnet mask 255.255.255.0.
awplus(config-if)# exit
Return to the Global Configuration
mode.
awplus(config)# ip route 0.0.0.0/0 149.22.88.27
Assign the switch the default
gateway 149.22.88.27
awplus(config)# exit
Return to the Privileged Exec
mode.
awplus# show ip interface
Confirm the IP address.
awplus# show ip route
Confirm the default route.
3. Use the ESTACK RUN command in the Global Configuration mode to
activate enhanced stacking and the ESTACK COMMAND-SWITCH
command to set the enhanced stacking mode of the switch to
command.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# estack run
Activate enhanced stacking on the
switch.
awplus(config)# estack command-switch
Assign the switch the enhanced
stacking status of command
switch.
awplus(config)# exit
Return to the Privileged Exec
mode.
awplus# show estack
Confirm the stack mode of the
switch.
4. To save the configuration, enter the WRITE command in the Privileged
Executive mode.
414
AT-8100 Switch Command Line User’s Guide
awplus# write
Save the configuration.
415
Chapter 23: Enhanced Stacking
Configuring a Member Switch
This example shows you how to configure the switch as a member switch
of an enhanced stack. It configures the switch to be part of the same
enhanced stack with the same common VLAN as the command switch in
the previous example. Here are the specifications for the member switch:

Common VLAN name: Tech_Support

VID: 12

Untagged VLAN ports: 4 and 5
1. This step creates the common VLAN.
awplus> enable
Enter the Privileged Executive
mode from the User Executive
mode.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# vlan database
Enter the VLAN Interface mode.
awplus(config-vlan)# vlan 12 name Tech_Support
Create the Tech_Support VLAN
and assign it the VID 12.
awplus(config-vlan)# exit
Return to the Global Configuration
mode.
awplus(config)# interface port1.0.4-port1.0.5
Enter the Port Interface mode for
ports 4 to 5.
awplus(config-if)# switchport mode access
Designate the ports as untagged
ports.
awplus(config-if)# switchport access vlan 12
Add ports 4 and 5 to the
Tech_Support VLAN.
awplus(config-if)# end
Return to the Privileged Exec
mode.
awplus# show vlan 12
Verify the new VLAN.
2. Use the ESTACK RUN command in the Global Configuration mode to
activate enhanced stacking on the switch. It is not necessary to set the
switch to the member mode because that is the default setting.
awplus# configure terminal
416
Enter the Global Configuration
mode.
AT-8100 Switch Command Line User’s Guide
awplus(config)# estack run
Activate enhanced stacking on the
switch.
awplus(config)# exit
Return to the Privileged Exec
mode.
awplus# show estack
Confirm the stack mode of the
switch.
3. To save the configuration, enter the WRITE command in the Privileged
Executive mode.
awplus# write
Save the configuration.
4. Connect the switches together using ports of the common VLAN.
417
Chapter 23: Enhanced Stacking
Managing the Member Switches of an Enhanced Stack
Here are the steps on how to manage the member switches of an
enhanced stack.
1. Start a local or remote management session on the command switch
of the enhanced stack. After logging on, you can view and configure
the settings of just the command switch.
2. To manage a member switch in the enhanced stack, enter the SHOW
ESTACK REMOTELIST command in the Privileged Exec mode.
awplus> enable
awplus# show estack remotelist
This command displays all of the member switches in the stack. It
does not display any command switches, including the command
switch on which you started the management session. An example is
shown here.
NumMAC AddressNameMode
Version
Model
------------------------------------------------------------------------01 00:21:46:A7:B4:04Production..SlaveAWPLUS 2.1.1AT-8100S/24
02 00:21:46:A7:B4:43MarketingSlaveAWPLUS 2.1.1AT-8100S/24C
03 00:30:84:00:00:02Tech Suppo..SlaveAWPLUS 2.1.1AT-8100S/24C
Figure 93. SHOW ESTACK REMOTELIST Command
3. Use the RCOMMAND command in the Global Configuration mode to
redirect the management session from the command switch to one of
the member switches in the list. The format of the command is shown
here:
rcommand switch_id
For example, to manage the Marketing switch in the list, you would
enter this command:
awplus# configure terminal
awplus(config)# rcommand 2
You can manage just one member switch at a time.
4. When prompted, enter the login name and password of a manager
account on the member switch you are accessing. Once you have
logged on, the command prompt for the member switch is displayed.
5. Configure or view the settings of the member switch, as needed.
418
AT-8100 Switch Command Line User’s Guide
6. When you are finished managing the member switch, enter the EXIT
command from the User Exec mode or Privileged Exec mode to return
the management session to the command switch.
7. To manage another member switch in the enhanced stack, repeat this
procedure starting with step 2.
8. To end the management session, return to the User Exec mode or
Privileged Exec mode on the command switch and enter the EXIT
command.
419
Chapter 23: Enhanced Stacking
Changing the Enhanced Stacking Mode
If you want to change the enhanced stacking mode of a switch from
command to member, all you have to do is enter the NO ESTACK
COMMAND-SWITCH command in the Global Configuration mode, as
shown here:
awplus> enable
awplus# configure terminal
awplus(config)# no estack command-switch
You can enter this command even if the enhanced stack is functional. Of
course, once you’ve changed the mode on the switch to member from
command, you cannot use the switch to manage the member switches in
the stack.
Changing the switch from the member mode to the command mode can
be more problematic, particularly if the enhanced stack is functional. This
is because a member switch will not allow you to change its mode to the
command mode if it is part of an active stack.
The easiest way to determine whether the switch is part of an active stack
is to use the SHOW ESTACK command. An example of the command is
shown here:
Enhanced Stacking modeMember [1]
MAC address00:15:77:CC:E2:42
Model TypeAT-8100S/48
Version NumberAWPLUS 2.1.1
Figure 94. SHOW ESTACK Command
If the brackets following “Member” are empty, the switch is not part of a
stack and you can use the ESTACK COMMMAND-SWITCH command in
the Global Configuration mode to change its mode to command, as shown
here:
awplus> enable
awplus# configure terminal
awplus(config)# estack command-switch
If there is a number in the brackets following “Member,” the switch is a
member of an active enhanced stack and it will not let you change its
mode. Here are the steps to follow in this situation:
1. On the command switch disable enhanced stacking with the NO
ESTACK RUN command.
2. On the member switch change its mode from member to command
with the ESTACK COMMAND-SWITCH command.
420
AT-8100 Switch Command Line User’s Guide
3. On the original command switch, restart enhanced stacking with the
ESTACK RUN command and, if desired, reestablish its command
mode with the ESTACK COMMAND-SWITCH command. (Disabling
enhanced stacking changes the mode on a command switch from
command to member.)
421
Chapter 23: Enhanced Stacking
Uploading Boot Configuration Files from the Command Switch to
Member Switches
You may use the enhanced stacking feature to transfer boot configuration
files from the file system in the command switch of the enhanced stack to
member switches. This allows you to use the command switch as a central
storage device for the configuration files of the member switches in the
stack and to distribute the files to the switches in the event you need to
restore their configuration settings.
There are three situations where you are likely to find this feature useful:

To restore the configuration to an existing member switch that has
lost its configuration or that has the wrong configuration.

To configure a replacement switch for a failed unit.

To configure a new switch that is to have the same configuration
as another switch.
There are several ways to use the feature. If the member switches share
the same basic configuration, you could create a generic configuration file
that contains most of the configuration settings for the switches in the
stack, and store the file on the command switch. To restore the
configuration of a member switch, you could download this file to it from
the command switch and afterwards manually configure whatever other
settings are needed for that specific member switch.
If the switches have different configurations, a generic configuration file
may not be that useful. Instead, you could store each switch’s unique
configuration file on the command switch so that you can fully restore the
configuration of any of the units.
To use the feature, you first have to store the configuration files of the
member switches on the command switch. You can upload the files from
the switches using TFTP or Zmodem and then download them into the file
system of the command switch, again using TFTP or Zmodem.
The command for transferring configuration files is the UPLOAD CONFIG
REMOTELIST command in the Global Configuration mode. The command
itself does not have any parameters. Instead, it displays two prompts for
the necessary information. The first prompt is shown here:
Enter the configuration file name ->
When you see this prompt, enter the name of the boot configuration file
you want to transfer from the command switch to the member switches.
You may specify just one filename and the name must include the
extension .cfg.
422
AT-8100 Switch Command Line User’s Guide
The second prompt is shown here:
Enter the list of switches ->
At the prompt, enter the enhanced stack numbers of the member switches
to receive the file. You may upload a file to more than one member switch
at a time by separating the numbers with commas. The numbers are
viewed with the SHOW ESTACK REMOTELIST command.
There are a couple things to know prior to using this feature:

The transfer works from the command switch to the member
switches. You may not use this feature to transfer configuration
files from member switches to the command switch.

You have to store the configuration files of the member switches in
the file system of the command switch. To do that, you have to
upload the files from the member switches using TFTP or Zmodem
and then download them onto the command switch.

Uploading a configuration file that contains the IP ADDRESS or
IPV6 ADDRESS command to more than one switch may cause an
IP address conflict in your network, in which multiple switches have
the same IP address.

A member switch has to be configured for enhanced stacking
before the command switch can upload a configuration file to it.
This means you have to activate enhanced stacking on it and if the
common VLAN of the enhanced stack is not the Default VLAN, you
have to create the common VLAN on the switch.

When a member switch receives a boot configuration file from the
command switch, it stores the file in its file system as BOOT.CFG.

You may upload any configuration file from the command switch,
even the active boot configuration file.
Here are two examples of the feature. The first example restores a
configuration file to an existing member switch of an enhanced stack. The
example makes the following assumptions:

Enhanced stacking is already activated on the member switch.

The member switch already has the common VLAN that links the
switches of the enhanced stack together.

The name of its configuration file on the command switch is
Eng12c.cfg.

The member switch uses BOOT.CFG as its active boot configuration
file, meaning it will not be necessary to change the name of the
configuration file after is transferred to the member switch.
423
Chapter 23: Enhanced Stacking
Here are the steps to perform on the command switch to upload the
configuration file from its file system to the member switch:
awplus> enable
Enter the Privileged Executive
mode from the User Executive
mode.
awplus# show estack remotelist
Display the member switches of
the enhanced stack with the
SHOW ESTACK REMOTELIST
command to learn the ID number
of the switch to receive the
configuration file.
awplus# dir
List the files in the file system of
the command switch to confirm
that it has the configuration file to
upload to the member switch. In
this example, the filename is
Eng12c.cfg file.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# upload config remotelist
Enter the UPLOAD CONFIG
REMOTELIST command to begin
the file transfer.
Enter the configuration file name -> Eng12c.cfg
At the prompt, enter the name of
the configuration file the command
switch is to upload to the member
switch. The filename in this
example is Eng12c.cfg.
Enter the list of switches -> 3
At the prompt, enter the enhanced
stacking ID number of the member
switch to receive the file. This
number is learned with the SHOW
ESTACK REMOTELIST
command. The example assumes
that the member switch has the ID
number 3.
-
At this point, the command switch
sends the file to the member
switch, which stores it in its file
system as BOOT.CFG.
awplus(config_if)# reboot estack member 3
Reboot the member switch so that
it uses the new configuration file to
set its parameters.
424
AT-8100 Switch Command Line User’s Guide
Here is another example of the feature. This example uploads a
configuration file to a new switch in an enhanced stack, such as a
replacement switch for a failed unit. This example is more complicated
than the previous example because the stack is not using the Default
VLAN as the common VLAN and the new switch will not be using
BOOT.CFG as the name of its active boot configuration file. The example
makes the following assumptions:

The common VLAN of the enhanced stack is called Network5a
with the VID 25.

The common VLAN will initially consist of just untagged port 1 on
the new switch.

The name of the boot configuration file to be downloaded to the
new switch stored for the command switch is called SalesE4.cfg

The name of the active boot configuration file on the new switch is
to be actSalesE4.cfg
The first step is to create the common VLAN on the new switch. This is
necessary because the enhanced stack is not using the Default VLAN as
the common VLAN of the stack. To create the common VLAN and to
activate enhanced stacking, perform these steps:
1. Start a local or remote management session on the new switch.
2. Create the common VLAN on the new switch with these commands.
awplus> enable
Enter the Privileged Executive
mode from the User Executive
mode.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# vlan database
Enter the VLAN Interface mode.
awplus(config-vlan)# vlan 25 name Network5a
Create the Network5a VLAN and
assign it the VID 25.
awplus(config-vlan)# exit
Return to the Global Configuration
mode.
awplus(config)# interface port1.0.1
Enter the Port Interface mode for
port 1.
awplus(config-if)# switchport mode access
Designate the port as an untagged
port.
awplus(config-if)# switchport access vlan 25
Add port 1 to the Network5a
VLAN.
425
Chapter 23: Enhanced Stacking
awplus(config-if)# end
Return to the Privileged Exec
mode.
awplus# show vlan 12
Verify the new VLAN.
3. Use the ESTACK RUN command in the Global Configuration mode to
activate enhanced stacking on the switch. It is not necessary to set the
switch to the member mode because that is the default setting.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# estack run
Activate enhanced stacking on the
new switch.
awplus(config)# exit
Return to the Privileged Exec
mode.
awplus# show estack
Confirm the stack mode of the
switch.
4. To save the configuration, enter the WRITE command in the Privileged
Executive mode.
Save the configuration.
awplus# write
5. Connect port 1 on the new switch to a port on another network device
that is a member of the Network5A VLAN, such as the command
switch.
Now that the replacement member switch is connected to the command
switch through the common VLAN of the enhanced stack, you are ready to
upload the SalesE4.cfg configuration file to it from the command switch
with these steps:
1. Start a local or remote management session on the command switch
of the enhanced stack.
2. Transfer the SalesE4.cfg configuration file from the command switch
to the new member switch by performing these commands:
awplus> enable
Enter the Privileged Executive
mode from the User Executive
mode.
awplus# show estack remotelist
Display the SHOW ESTACK
REMOTELIST command to learn
the stack ID number of the
replacement member switch.
426
AT-8100 Switch Command Line User’s Guide
awplus# dir
List the files in the file system of
the command switch to confirm
that it has the configuration file you
want to upload to the member
switch. In this example, the
filename is Eng12c.cfg file.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# upload config remotelist
Enter the UPLOAD CONFIG
REMOTELIST command to begin
the file transfer.
Enter the configuration file name -> SalesE4.cfg
At the prompt, enter the name of
the configuration file the command
switch is to upload to the member
switch. In this example the
filename is SalesE4.cfg.
Enter the list of switches -> 3
At the prompt, enter the enhanced
stacking ID number, learned with
the SHOW ESTACK
REMOTELIST command, of the
member switch to receive the file.
The example assumes that the ID
number of the replacement
member switch is 3.
-
At this point, the command switch
sends the file to the member
switch, which stores it in its file
system as BOOT.CFG.
3. If the new member switch is to use BOOT.CFG as the name of its
active boot configuration file, you complete the replacement procedure
by resetting the switch to configure its parameters with the settings in
the file. But because this example assumes that the name of the active
boot configuration file has to be actSalesE4.cfg, you have to perform a
few additional steps. You need to rename the BOOT.CFG file with the
MOVE command and designate the file as the active boot
configuration file with the BOOT CONFIG-FILE command. You can
perform these tasks through enhanced stacking from the command
switch, as shown in these steps:
awplus(config)# exit
On the command switch, return to
the Privileged Exec mode.
427
Chapter 23: Enhanced Stacking
awplus# show estack remotelist
Reconfirm the enhanced stacking
ID number of the replacement
member switch.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# rcommand 3
Use the RCOMMAND command
to start a remote management
session on the replacement
member switch. In this example
the ID number of the switch is 3.
Login: manager
Password: ******
Log on the replacement member
switch.
awplus> enable
Enter the Privileged Exec mode.
awplus(config)# move boot.cfg actSalesE4.cfg
Rename the boot.cfg configuration
file to actSalesE4.cfg.
awplus(config)# boot config-file actSalesE4.cfg
Designate the actSalesE4 file as
the active boot configuration file
on the switch.
awplus(config)# exit
Return to the Privileged Exec
mode.
awplus# exit
End your management session of
the replacement member switch to
return the session to the command
switch.
awplus(config)# reboot estack member 3
From the command switch, reboot
the replacement member switch
so that it configures its parameters
with the actSalesE4.cfg
configuration file.
428
AT-8100 Switch Command Line User’s Guide
Uploading the Management Software from the Command Switch to
Member Switches
You may use enhanced stacking to install new releases of the
management software on the member switches from the command switch.
After you update the command switch with the new management software,
you can instruct it to upload the software to the member switches for you.
After you receive a new release of the management software and install it
on the command switch, as explained in “Downloading New Management
Software with TFTP” on page 573, you may use the UPLOAD IMAGE
REMOTELIST command to upload the software to the member switches
from the command switch. You may update specific member switches or
all of the switches. The format of the command is shown here:
upload image remotelist
The command, located in the Global Configuration mode, does not have
any parameters and displays this prompt:
Remote switches will reboot after load is complete...
Enter the list of switches ->
When you see this prompt, enter the enhanced stacking ID numbers of the
member switches to receive the management software from the command
switch. The numbers are viewed with the SHOW ESTACK REMOTELIST
command in the Privileged Exec mode. You may update the management
software on more than one member switch at a time. To specify more than
one switch, separate the numbers with commas. To update all of the
switches in the enhanced stack, enter ALL.
Here are the steps of the file transfer between the command switch and a
member switch:
1. The command switch sends its management software to the member
switch over the Ethernet link of the common VLAN that connects the
switches of the enhanced stack.
2. After the member switch receives the entire file, it compares the
version numbers of the new management software from the command
switch and its current software.
3. If the version numbers are the same, the switch cancels the update
and discards the file.
4. If the version numbers of the programs are different, the switch writes
the new management software from the command switch into its flash
memory. This phase may take up to one minute to complete.
5. After the file is written to flash memory, the member switch resets.
429
Chapter 23: Enhanced Stacking
Caution
A member switch stops forwarding network traffic after it receives
the management software from the command switch and begins
writing it to flash memory. Some network traffic may be lost.
Caution
Do not power off a member switch while it is writing the software to
flash memory.
Here in this example of the command, the command switch uploads its
management software to two member switches that have the ID numbers
5 and 6. The procedure assumes that the new management software is
already installed on the command switch.
awplus> enable
Enter the Privileged Exec mode
from the User Exec mode.
awplus# show estack remotelist
Display the enhanced stacking ID
numbers of the member switches
in the stack. You should perform
this command even if you intend to
update all of the member
switches, to ensure that the
command switch is aware of all of
the member switches that
comprise the stack.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# upload image remotelist
Start the upload with the UPLOAD
IMAGE REMOTELIST command.
Remote switches will reboot after load is
complete ...
Enter the list of switches -> 5,6
At the prompt, enter 5 and 6, the
enhanced stacking ID numbers of
the two member switches to be
upgraded.
430
AT-8100 Switch Command Line User’s Guide
Disabling Enhanced Stacking
The command that disables enhanced stacking on a switch is the NO
ESTACK RUN command in the Global Configuration mode, and the
confirmation command is the SHOW ESTACK command in the Privileged
Exec mode.
You may not use the NO ESTACK RUN command when you are
managing a member switch through enhanced stacking. You may only use
the command when you are managing a switch directly, from a local
management session or a remote Telnet, SSH, or web browser session.
When you disable enhanced stacking on a command switch, you may not
use the switch to manage the member switches of an enhanced stack. It
should be noted that disabling enhanced stacking on a command switch
returns the mode to the member switch mode. So if you reactivate
enhanced stacking, the switch is a member switch, unless you change it
again with the ESTACK COMMAND-STACK command.
Here is the command:
awplus> enable
awplus# configure terminal
awplus(config)# no estack run
431
Chapter 23: Enhanced Stacking
432
Chapter 24
Enhanced Stacking Commands
The enhanced stacking commands are summarized in Table 41.
Table 41. Enhanced Stacking Commands
Command
Mode
Description
“ESTACK COMMAND-SWITCH” on
page 434
Global
Configuration
Designates the switch as the
command switch.
“ESTACK RUN” on page 435
Global
Configuration
Activates enhanced stacking on the
switch.
“NO ESTACK COMMAND-SWITCH”
on page 436
Global
Configuration
Returns the switch to the state of
being a member switch.
“NO ESTACK RUN” on page 437
Global
Configuration
Disables enhanced stacking on the
switch.
“RCOMMAND” on page 438
Global
Configuration
Redirects the management session to
a different switch in the enhanced
stack.
“REBOOT ESTACK MEMBER” on
page 439
Privileged Exec
Reboots member switches of an
enhanced stack from the command
switch.
“SHOW ESTACK” on page 441
Privileged Exec
Displays whether the switch is a
command or member switch and
whether enhanced stacking is enabled
or disabled.
“SHOW ESTACK COMMANDSWITCH” on page 443
Privileged Exec
Displays enhanced stacking
information about the command
switch from a member switch
“SHOW ESTACK REMOTELIST” on
page 444
Privileged Exec
Displays the switches of an enhanced
stack.
“UPLOAD CONFIG REMOTELIST” on
page 446
Global
Configuration
Uploads boot configuration files from
file system in the command switch to
the member switches.
“UPLOAD IMAGE REMOTELIST” on
page 447
Global
Configuration
Uploads the management software on
the command switch of an enhanced
stack to the member switches.
433
Chapter 24: Enhanced Stacking Commands
ESTACK COMMAND-SWITCH
Syntax
estack command-switch
Parameter
None
Mode
Global Configuration mode
Description

Use this command to set the enhanced stacking mode on the
switch to the command mode. This command has the following
guidelines:

Enhanced stacking must be activated on the switch. To activate
enhanced stacking, refer to “ESTACK RUN” on page 435.

A switch that is a member of an active enhanced stack cannot be
changed to the command mode. You must first disable enhanced
stacking on the current command switch in the stack.

You cannot use this command on a switch accessed through
enhanced stacking. This command can only be used from a local
or remote management session of the switch.
Confirmation Command
“SHOW ESTACK” on page 441
Example
This example activates enhanced stacking on the switch and sets the
stacking status to command mode:
awplus> enable
awplus# configure terminal
awplus(config)# estack run
awplus(config)# estack command-switch
434
AT-8100 Switch Command Line User’s Guide
ESTACK RUN
Syntax
estack run
Parameter
None
Mode
Global Configuration mode
Description
Use this command to activate enhanced stacking on the switch.
Confirmation Command
“SHOW ESTACK” on page 441
Example
The following example activates enhanced stacking on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# estack run
435
Chapter 24: Enhanced Stacking Commands
NO ESTACK COMMAND-SWITCH
Syntax
no estack command-switch
Parameter
None
Mode
Global Configuration mode
Description
Use this command to return the enhanced stacking mode on the switch to
member switch from command switch. This command has the following
guidelines:

The default setting for the enhanced stacking mode on the switch
is member. So you would only use this command if you set the
mode to command mode and now want to return it to member
mode.

Enhanced stacking must be activated on the switch for you to use
the command. To activate enhanced stacking, refer to “ESTACK
RUN” on page 435.

You cannot use this command on a switch accessed through
enhanced stacking. This command can only be used from a local
or remote management session of the switch.
To configure the switch as a command switch, refer to “ESTACK
COMMAND-SWITCH” on page 434.
Confirmation Command
“SHOW ESTACK” on page 441
Example
This example returns the switch’s stacking status to member switch:
awplus> enable
awplus# configure terminal
awplus(config)# no estack command-switch
436
AT-8100 Switch Command Line User’s Guide
NO ESTACK RUN
Syntax
no estack run
Parameter
None
Mode
Global Configuration mode
Description
Use this command to disable enhanced stacking on the switch. The switch
cannot use enhanced stacking when the feature is disabled. If you disable
enhanced stacking on the command switch, you cannot use that switch to
manage the switches in the stack.
When you disable enhanced stacking on the command switch, its mode is
reset to member mode. Consequently, you must set it back again to the
command mode if you reactivate enhanced stacking.
Note
You should only use this command from a local or remote
management session of the switch. You should not issue this
command on a member switch that you accessed through enhanced
stacking. Otherwise, your management session will be interrupted.
Confirmation Command
“SHOW ESTACK” on page 441
Example
This example deactivates enhanced stacking on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# no estack run
437
Chapter 24: Enhanced Stacking Commands
RCOMMAND
Syntax
rcommand switch_id
Parameters
switch_id
Specifies the ID number of a member switch you want to manage
in the enhanced stack. This number is displayed with “SHOW
ESTACK REMOTELIST” on page 444. You can enter only one ID
number.
Mode
Global Configuration mode
Description
Use this command to redirect the management session from the
command switch to a member switch in the enhanced stack. The member
switch is identified by its ID number, displayed with “SHOW ESTACK
REMOTELIST” on page 444. You can manage only one member switch at
a time.
Note
You must perform this command from the command switch of the
stack. This command will not work on a member switch.
Note
You should perform the SHOW ESTACK REMOTELIST command
before this command.
When you are finished managing a member switch, use the EXIT
command to return to the command switch.
Example
This example starts a management session on switch number 12:
awplus> enable
awplus# configure terminal
awplus(config)# rcommand 12
438
AT-8100 Switch Command Line User’s Guide
REBOOT ESTACK MEMBER
Syntax
reboot estack member id_number | all
Parameters
id_number
Specifies the enhanced stack ID number of a switch. The number
is displayed with “SHOW ESTACK REMOTELIST” on page 444.
You may specify the ID number of only one switch.
all
Specifies all of the switches of the enhanced stack, except the
command switch.
Mode
Privileged Exec mode
Description
Use this command from the command stack of an enhanced switch to
reboot member switches. You may reboot individual member switches or
all of the member switches of a stack. You must perform “SHOW ESTACK
REMOTELIST” on page 444 prior to this command to determine the ID
numbers of the switches.
Caution
A switch does not forward network traffic when it reboots and
initializes its management software. Some network traffic may be
lost. The reset can take from 10 seconds to two minutes, depending
on the number and complexity of the commands in the active boot
configuration file.
Note
Any configuration changes that are not saved to the active
configuration file with the WRITE command are discarded when a
switch reboots.
Caution
This command does not display a confirmation prompt. A member
switch resets as soon as you enter the command.
439
Chapter 24: Enhanced Stacking Commands
Examples
This example reboots a member switch that has the ID number 3:
awplus> enable
awplus# show estack remotelist
awplus# reboot estack member 3
This example reboots all of the member switches of the enhanced stack:
awplus> enable
awplus# show estack remotelist
awplus# reboot estack member all
440
AT-8100 Switch Command Line User’s Guide
SHOW ESTACK
Syntax
show estack
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display whether enhanced stacking is enabled or
disabled on the switch and whether the switch’s mode is command or
member. Figure 95 is an example of the information the command
displays.
Enhanced Stacking mode
MAC address
Model Type
Version Number
Member [1]
00:15:77:CC:E2:42
AT-8100S/48
AWPLUS 2.1.1
Figure 95. SHOW ESTACK Command
The fields are described in Table 42 on page 441.
Table 42. SHOW ESTACK Command
Parameter
Enhanced Stacking mode
Description
The status of enhanced stacking on the
switch and the mode of the switch. The
possible modes are:

Command - Enhanced stacking is
enabled on the switch and the switch
is set to the command mode.
441
Chapter 24: Enhanced Stacking Commands
Table 42. SHOW ESTACK Command (Continued)
Parameter
Enhanced Stacking mode
(Continued)
Description

Member [1] - Enhanced stacking is
enabled on the switch and the switch
is set to the member mode. If there is
a number in the brackets, the switch
detected a command switch on the
common VLAN of the enhanced stack.
The number is the switch’s stack ID
number. If the brackets are empty, the
switch did not detect a command
switch on the common VLAN and so
does not consider itself part of an
enhanced stack.

Disabled - Enhanced stacking is
disabled on the switch.
MAC address
The switch’s MAC address.
Model Type
The model name of the switch.
Version Number
The name and version number of the
management software on the switch. The
name of the management software for the
AT-8100 Switch is displayed as AWPLUS,
for AlliedWare Plus.
Example
The following example displays whether enhanced stacking is enabled or
disabled on the switch and whether the switch’s mode is command or
member:
awplus> enable
awplus# show estack
442
AT-8100 Switch Command Line User’s Guide
SHOW ESTACK COMMAND-SWITCH
Syntax
show estack command-switch
Parameters
None
Mode
Privileged Exec mode
Description
Use this command on a member switch in an enhanced stack to display
the enhanced stacking information about the command switch. This
command is equivalent to issuing the SHOW ESTACK command on the
command switch. Figure 96 is an example of the information the command
displays.
Enhanced Stacking mode
MAC address
Model Type
Version Number
Command
00:15:77:CC:E2:C4
AT-8100S/48
AWPLUS 2.1.1
Figure 96. SHOW ESTACK COMMAND-SWITCH Command
The fields are described in Table 42 on page 441.
Example
The following example displays the enhanced stacking information about
the command switch:
awplus> enable
awplus# show estack command-switch
443
Chapter 24: Enhanced Stacking Commands
SHOW ESTACK REMOTELIST
Syntax
show estack remotelist [name] [series]
Parameters
name
Sorts the list of switches by the host name.
series
Sorts the list of switches by the model name.
Mode
Privileged Exec mode
Description
Use this command on the command switch to display the member
switches of an enhanced stack. You may sort the names by MAC address,
host name, or model series. The default is MAC address. An example is
shown in Figure 97.
Num
MAC Address
Name
Mode
Version
Model
------------------------------------------------------------------------01
00:21:46:A7:B4:04 Production.. Slave AWPLUS 2.1.1 AT-8100S/24
02
00:21:46:A7:B4:43 Marketing
Slave AWPLUS 2.1.1 AT-8100S/24C
03
00:30:84:00:00:02 Tech Suppo.. Slave AWPLUS 2.1.1 AT-8100S/24C
Figure 97. SHOW ESTACK REMOTELIST Command
The list does not include the command switch on which you entered the
command.
Note
This command only works on the command switch of the stack. It
does not work on member switches.
Examples
This example displays the member switches of an enhanced stack by
MAC address:
awplus> enable
awplus# show estack remotelist
444
AT-8100 Switch Command Line User’s Guide
This example sorts the switches by host name:
awplus> enable
awplus# configure terminal
awplus(config)# show estack remotelist name
This example sorts the switches by model series:
awplus> enable
awplus# configure terminal
awplus(config)# show estack remotelist series
445
Chapter 24: Enhanced Stacking Commands
UPLOAD CONFIG REMOTELIST
Syntax
upload config remotelist
Parameters
None
Mode
Global Configuration mode
Description
Use this command to upload boot configuration files from the file system in
the command switch of an enhanced stack to the member switches. The
member switches store the files in their file systems as BOOT.CFG.
The command displays two prompts. The first prompt is shown here:
Enter the configuration file name ->
When you see this prompt, enter the name of the boot configuration file to
transfer from the command switch to the member switches. You may
specify only one filename and the name must include the extension .cfg.
The second prompt is shown here:
Enter the list of switches ->
At this prompt, enter the enhanced stack numbers of the member switches
to receive the file. If you are uploading a file to more than one switch,
separate the numbers with commas. The numbers are viewed with the
SHOW ESTACK REMOTELIST command.
Example
This example uploads the Sw12a.cfg configuration file from the file system
of the command switch to a member switch that has the ID number 3. The
member switch stores the file as BOOT.CFG in its file system:
awplus> enable
awplus# configure terminal
awplus(config)# upload config remotelist
Enter the configuration file name -> sw12a.cfg
Enter the list of switches -> 3
446
AT-8100 Switch Command Line User’s Guide
UPLOAD IMAGE REMOTELIST
Syntax
upload image remotelist
Parameters
None
Mode
Global Configuration mode
Description
Use this command to upload the management software on the command
switch of an enhanced stack to the member switches. The command
displays the following prompt:
Remote switches will reboot after load is complete...
Enter the list of switches ->
When you see this prompt, enter the enhanced stack numbers of the
member switches to receive the management software from the command
switch. You may update the management software on more than one
member switch at a time. To specify more than one switch, separate the
numbers with commas. To update all of the switches in the enhanced
stack, enter ALL. The numbers are viewed with the SHOW ESTACK
REMOTELIST command in the Privileged Exec mode.
Here are the steps of the file transfer between the command switch and a
member switch:
1. The command switch sends its management software to the member
switch over the Ethernet link of the common VLAN that connects the
switches of the enhanced stack.
2. After the member switch has received the entire file, it compares the
version numbers of the new management software from the command
switch and its current software.
3. If the version numbers are the same, the switch cancels the update
and discards the file.
4. If the version numbers are different, the member switch writes the file
to its flash memory. This phase may take up to one minute to
complete.
5. After the file is written to flash memory, the member switch resets.
447
Chapter 24: Enhanced Stacking Commands
Caution
The member switches stop forwarding network traffic after they
receive the management software from the command switch and as
they write the file to their flash memory. Some network traffic may be
lost.
Caution
Do not power off the member switches while they are writing the
software to their flash memory.
Example
This example uploads the management software on the command switch
to two member switches that have the ID numbers 1 and 5:
awplus> enable
awplus# configure terminal
awplus(config)# upload image remotelist
Remote switches will reboot after load is complete...
Enter the list of switches -> 1,5
...Uploading 13316011 bytes. Please wait...
Upload image to Member Switches complete. <120 sec.>
448
Chapter 25
Link-flap Protection
This chapter explains link-flap protection. The sections in this chapter
include:

“Overview” on page 450

“Guidelines” on page 451

“Configuring the Feature” on page 452
449
Chapter 25: Link-flap Protection
Overview
A port that is unable to maintain a reliable connection to a network node
may experience a condition referred to as link-flapping. This problem,
which is usually caused by intermittent problems with network cables or
network nodes, causes the state of a link on a port to fluctuate up and
down.
A fluctuating link can disrupt more than the connectivity of a single port.
Other switch operations may be affected as well. If, for instance, a
fluctuating link is part of a spanning tree domain or a member of an LACP
trunk, the switch attempts to compensate by redirecting traffic away from
the link when it is down and to the link when it is up. Frequent traffic
redistributions such as this are an inefficient use of the switch’s resources
and can result in the additional loss of traffic.
Link-flap protection minimizes the disruption to your network from this type
of problem. It stabilizes the network topology by automatically disabling
ports that experience link-flap events. A port that is disabled due to linkflap events remains disabled until you enable it again with the
management software, such as with the standard NO SHUTDOWN
command or the LINK-FLAP PROTECTION command. The switch notifies
you of link-flap events by entering messages in the event logs and
transmitting SNMP traps.
You define the rate and duration that constitute link-flap events. These
values are set at the switch level. The rate defines the number of link
changes that have to occur to signal a link-flap event. A link change is
defined as anytime a port loses a link or establishes a link to an end node.
When a port establishes a link to a network node, that represents one link
change. And when a port loses a link, that’s another link change. The rate
has a range of 4 to 65,535 changes.
The duration is the time period in which the changes must occur. It has a
range of 20 to 65,535 seconds.
The default values are ten changes for the rate and 60 seconds for the
duration. At these settings, a link-flap event is signaled when a port
experiences ten link changes in one minute. If, as an example, you set the
rate to five changes and the duration to 120 seconds, a link-flap event
occurs when a port’s link changes five times within two minutes.
While the rate and the duration are set at the switch level, link-flap
protection is activated at the port level. This means you can activate it on
just those ports where you believe the problem is most likely to occur or
that are connected to devices that are critical to the functioning of your
network. This feature requires only minimal processing by the switch and
can be activated on all of the switch’s ports without affecting network
performance.
450
AT-8100 Switch Command Line User’s Guide
Guidelines
Here are the guidelines to link-flap protection:

You can enable this feature on a per-port basis.

The performance of the switch is not affected if you enable it on all
of the ports.

This feature is supported on the base ports and the SFP and XFP
modules in the switches.

Ports that have been disabled by the switch because of link-flap
events do not forward traffic again until you enable them with the
NO SHUTDOWN command or the LINK-FLAP PROTECTION
command.
451
Chapter 25: Link-flap Protection
Configuring the Feature
Here are the commands that are used to configure the link-flap protection
feature. They configure the feature such that link-flap events are defined
as seven link changes in three minutes, and they activate the feature on
ports 11 to 20. To configure this example, enter:
awplus> enable
awplus# configure terminal
awplus(config)# link-flap rate 7
awplus(config)# link-flap duration 180
awplus(config)# interface 1.11-1.20
awplus(config-if)# link-flap protection
awplus(config-if)# end
awplus# show link-flap
452
Chapter 26
Link-flap Protection Commands
The Link-flap protection commands are summarized in following table:
Table 43. Link-flap Protection Commands
Command
Mode
Description
“LINK-FLAP DURATION” on
page 454
Global Configuration
Specifies the time period for link-flap
events.
“LINK-FLAP PROTECTION”
on page 455
Port Interface
Activates link-flap protection on the ports.
“LINK-FLAP RATE” on
page 456
Global Configuration
Specifies the number of link state
changes that constitute link-flap events.
“NO LINK-FLAP
PROTECTION” on
page 457
Port Interface
Disables link-flap protection on the ports.
“SHOW LINK-FLAP” on
page 458
User Exec and
Privileged Exec
Displays the status and settings of linkflap protection on the switch.
453
Chapter 26: Link-flap Protection Commands
LINK-FLAP DURATION
Syntax
link-flap duration <20 - 65535>
Parameters
duration
Indicates the time period that defines a link flap event. The range is
20 to 65535 seconds. The default is 60 seconds.
Mode
Global Configuration mode
Description
Use this command to specify the time period the switch uses to determine
whether a port has experienced a link flap event. A link flap event occurs
on a port when its link state changes a defined number of times in a
defined period of time. The number of link state changes, referred to as
the rate, is set with “LINK-FLAP RATE” on page 456. The duration is set
with this command.
Confirmation Command
“SHOW LINK-FLAP” on page 458
Example
This example sets the link-flap duration to two minutes:
awplus> enable
awplus# configure terminal
awplus(config)# link-flap duration 120
454
AT-8100 Switch Command Line User’s Guide
LINK-FLAP PROTECTION
Syntax
link-flap protection port
Parameter
port
Specifies a port for link-flap protection. You can configure more
than one port at a time.
Mode
Port Interface mode
Description
Use this command to activate link-flap protection on the ports.
Confirmation Command
“SHOW LINK-FLAP” on page 458
Example
This example activates link-flap protection on ports 11 to 15:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11-port1.0.15
awplus(config-if)# link-flap protection
455
Chapter 26: Link-flap Protection Commands
LINK-FLAP RATE
Syntax
link-flap rate <4 - 65535>
Parameters
rate
Specifies the number of link changes that constitute a link flap
event on a port. The range is 4 to 65535 changes. The default is 10
changes.
Mode
Global Configuration mode
Description
Use this command to specify the number of link changes that constitute a
link-flap event on a port. A link change is defined as anytime a port loses a
link to an end node or establishes a link.
You may want to use this command in conjunction with “LINK-FLAP
DURATION” on page 454.
Confirmation Command
“SHOW LINK-FLAP” on page 458
Example
This example defines a link-flap event as eight link changes.
awplus> enable
awplus# configure terminal
awplus(config)# link-flap rate 8
456
AT-8100 Switch Command Line User’s Guide
NO LINK-FLAP PROTECTION
Syntax
no link-flap protection
Parameters
None
Mode
Port Interface mode
Description
Use this command is disable link-flap protection on the ports. Link-flap
protection is disabled on the switch if it is disabled on all of the ports.
Confirmation Command
“SHOW LINK-FLAP” on page 458
Example
This example disables link-flap protection on ports 18 and 24:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.18,port1.0.24
awplus(config-if)# no link-flap protection
457
Chapter 26: Link-flap Protection Commands
SHOW LINK-FLAP
Syntax
show link-flap
Parameters
None
Mode
User Exec and Privileged Exec modes
Description
Use this command to display the status and settings of link-flap protection
on the switch. Here is an example of the information this command
displays.
Link Flap Protection ............
Link Flap Member(s) .............
Duration ........................
Rate ............................
On
port1.0.1-port1.0.17
60
8
Figure 98. SHOW LINK-FLAP Command
Example
This example displays the status and settings of link-flap protection:
awplus> enable
awplus# show link-flap
458
Chapter 27
Port Mirror
This chapter discusses the following topics:

“Overview” on page 460

“Creating the Port Mirror or Adding New Source Ports” on page 461

“Removing Source Ports or Deleting the Port Mirror” on page 462

“Combining the Port Mirror with Access Control Lists” on page 463

“Displaying the Port Mirror” on page 465
459
Chapter 27: Port Mirror
Overview
The port mirror is a management tool that allows you to monitor the traffic
on one or more ports on the switch. It works by copying the traffic from
designated ports to another port where the traffic can be monitored with a
network analyzer. The port mirror can be used to troubleshoot network
problems or to investigate possible unauthorized network access. The
performance and speed of the switch is not affected by the port mirror.
To use this feature, you must designate one or more source ports and the
destination port. The source ports are the ports whose packets are to be
mirrored and monitored. The destination port is the port where the packets
from the source ports are copied and where the network analyzer is
connected. There can be only one destination port on the switch.
Here are the guidelines for the port mirror:
460

The switch supports only one port mirror.

The port mirror can have just one destination port.

The port mirror can have more than one source port. This allows
you to monitor the traffic on multiple ports at the same time. For
example, you might monitor the traffic on all the ports of a
particular VLAN.

You can mirror the ingress traffic, the egress traffic or both on the
source ports.

The destination port should not be a member of a static port trunk
or an LACP trunk.
AT-8100 Switch Command Line User’s Guide
Creating the Port Mirror or Adding New Source Ports
The command to create the port mirror is the MIRROR INTERFACE
command. You must perform this command from the Port Interface mode
of the destination port of the port mirror. The command has this format:
mirror interface source_ports direction
receive|transmit|both
This example configures the port mirror to copy the ingress traffic on the
source port 3 to the destination port 5:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5
awplus(config-if)# mirror interface port1.0.3 direction
receive
The switch immediately begins to copy the monitored traffic from the
source ports to the destination port as soon as you create the port mirror.
To add new source ports to the port mirror, return to the Port Interface
mode of the destination port and enter the same command. For example,
to monitor both the ingress and egress traffic on ports 11 and 12 to the
destination port 5, you enter:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5
awplus(config-if)# mirror interface port1.0.11-port1.0.12
direction both
For reference information, refer to “MIRROR INTERFACE” on page 469.
461
Chapter 27: Port Mirror
Removing Source Ports or Deleting the Port Mirror
To remove source ports from the port mirror, enter the Port Interface mode
of the destination port and issue the NO MIRROR INTERFACE command.
Here is the format of the command:
no mirror interface source_ports
This example removes source port 2 from the port mirror. The destination
port is port 11:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11
awplus(config-if)# no mirror interface port1.0.2
To stop port mirroring and return the destination port to normal network
operations, remove all of the source ports from the port mirror. For
example, if the source ports of the port mirror were ports 1 to 4 and the
destination port was 18, you would enter these commands to stop the port
mirror and reestablish normal network operations on the destination port:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.18
awplus(config-if)# no mirror interface port1.0.1-port1.0.4
For reference information, refer to “NO MIRROR INTERFACE” on
page 471.
462
AT-8100 Switch Command Line User’s Guide
Combining the Port Mirror with Access Control Lists
You may combine the port mirror with an access control list to monitor a
subset of the ingress traffic on a port. The access control list is used to
specify the ingress traffic to be coped to the destination port of the port
mirror. This feature only works on ingress packets because access control
lists are only effective on those types of packets. You cannot use it to copy
a subset of the egress packets on a port.
You first have to specify the destination port of the port mirror. The switch
can have only one destination port. The command for specifying the
destination port is the MIRROR command in the Port Interface mode. The
mode in which to perform the command is the Port Interface mode of the
port to be the destination port for the monitored traffic the access control
list defines.
You then have to create the access control list and assign it to the port
whose packets you want to monitor. When you create the access control
list, you have to specify the copy-to-mirror action.
Here is an example of the feature. It assumes you want to monitor ports 14
and 15 for ingress packets that have the IP address 149.83.124.95 as their
destination address. The traffic is to be copied to port 18, the destination
port for the port mirror. The access control list is given the ID number
3008.
awplus> enable
Enter the Privileged Exec mode
from the User Executive mode.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# interface port1.0.18
Enter the Port Interface mode for
port 18, the destination port for the
port mirror.
awplus(config-if)# mirror
Enter the MIRROR command to
designate port 18 as the
destination port for the copied
packets.
awplus(config-if)# exit
Return to the Global Configuration
mode.
awplus(config)# access-list 3008 copy-to-mirror
ip any 149.83.124.95/32
Create the access control list. The
source address is ANY and the
destination address is
149.83.124.95.
463
Chapter 27: Port Mirror
awplus(config)# interface port1.0.14,port1.0.15
Enter the Port Interface modes for
ports 14 and 15.
awplus(config-if)# access-group 3008
Assign the access control list to
the ports.
awplus(config-if)# end
Return to the Privileged Exec
mode.
awplus# show mirror
Use the SHOW MIRROR
command to confirm that port 18 is
the destination port of the port
mirror.
Mirror-To-Port Name: Port1.0.18
awplus# show access-list
Use the SHOW ACCESS-LIST
command to confirm the
configuration of the access control
list.
Hardware IP access-list 3008
copy-to-mirror ip any 149.83.124.95 mask 255.255.255.255
Total number of access-list = 1
awplus# show interface port1.0.14,port1.0.15
access-group
Interface port1.0.14
access-group 3008
Interface port1.0.15
access-group 3008
464
Use the SHOW INTERFACE
ACCESS-GROUP command to
confirm that the access control list
is assigned to ports 14 and 15.
AT-8100 Switch Command Line User’s Guide
Displaying the Port Mirror
To display the port mirror, go to the Privileged Exec mode and enter the
SHOW MIRROR command:
awplus# show mirror
In this example of the information, the port mirror is enabled and the
ingress and egress packets on ports 1 and 3, as well as the egress traffic
on ports 11 to 13, are being copied to destination port 22.
Destination Port
Source Port
Destination Port
Source Port
Mirror Test Port Name: port1.0.22
Mirror option: Enabled
Mirror direction: both
Monitored Port Name: port1.0.1
Mirror Test Port Name: port1.0.22
Mirror option: Enabled
Mirror direction: receive
Monitored Port Name: port1.0.4
Figure 99. SHOW MIRROR Command
The fields are described in Table 45 on page 472.
If you are using the port mirror with access control lists to copy subsets of
ingress packets on source ports, the SHOW MIRROR command displays
only the destination port of the copied traffic. Here is an example.
Mirror-To-Port Name: port1.0.11
Figure 100. SHOW MIRROR Command and Access Control Lists
To view the access control lists and their port assignments, use “SHOW
ACCESS-LIST” on page 1631 and “SHOW INTERFACE ACCESSGROUP” on page 1633, respectively.
465
Chapter 27: Port Mirror
466
Chapter 28
Port Mirror Commands
The port mirror commands are summarized in Table 44.
Table 44. Port Mirror Commands
Command
Mode
Description
“MIRROR” on page 468
Port Interface
Designates the destination port for
access control lists that use the copyto-mirror action.
“MIRROR INTERFACE” on page 469
Port Interface
Creates the port mirror and adds ports
to the port mirror.
“NO MIRROR INTERFACE” on
page 471
Port Interface
Removes source ports from the port
mirror and deletes the port mirror.
“SHOW MIRROR” on page 472
Privileged Exec
Displays the destination port and
source ports of the port mirror.
467
Chapter 28: Port Mirror Commands
MIRROR
Syntax
mirror
Parameters
None
Mode
Port Interface mode
Description
Use this command to designate the destination port for the copy-to-mirror
action in access control lists. You can designate only one destination port.
Confirmation Command
“SHOW MIRROR” on page 472
Example
This example designates port 21 as the destination port for packets from
the copy-to-mirror action of access control lists:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5
awplus(config-if)# mirror
468
AT-8100 Switch Command Line User’s Guide
MIRROR INTERFACE
Syntax
mirror interface source_ports direction
receive|transmit|both
Parameters
source_ports
Specifies a source port for the port mirror. You can specify more
than one source port.
direction
Specifies the traffic to be mirrored from a source port to the
destination port. The options are:
receive: Copies the ingress packets on a source port.
transmit: Copies the egress packets on a source port.
both: Copies both the ingress and egress packets on a source
port.
Mode
Port Interface mode
Description
Use this command to create the port mirror or to add ports to the port
mirror. You must issue this command from the Port Interface mode of the
destination port of the port mirror. The switch can have only one
destination port.
Confirmation Command
“SHOW MIRROR” on page 472
469
Chapter 28: Port Mirror Commands
Example
This example configures the port mirror to copy the ingress traffic on ports
3 and 4, the source ports, to port 5, the destination port. If port 5 is already
acting as the destination port of the port mirror, the commands add ports 3
and 4 to the port mirror:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5
awplus(config-if)# mirror interface port1.0.3,port1.0.4
direction receive
470
AT-8100 Switch Command Line User’s Guide
NO MIRROR INTERFACE
Syntax
no mirror interface source_ports
Parameters
source_ports
Specifies a source port of the port mirror. You can specify more
than one source port at a time in the command.
Mode
Port Interface mode
Description
Use this command to remove source ports from the port mirror or to delete
the port mirror. You should enter this command in the Port Interface mode
of the destination port of the port mirror.
To delete the port mirror and return the destination port to normal
operations, remove all of the source ports from the port mirror.
Confirmation Command
“SHOW MIRROR” on page 472
Example
These commands remove ports 7 and 8 from the port mirror. If these are
the only source ports of the port mirror, the port mirror is deleted and the
destination port, which in this example is port 11, resumes normal network
operations:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11
awplus(config-if)# no mirror interface port1.0.7,port1.0.8
471
Chapter 28: Port Mirror Commands
SHOW MIRROR
Syntax
show mirror
Parameters
None
Modes
Privileged Exec mode
Description
Use this command to display the source and destination ports of the port
mirror on the switch. An example is shown in Figure 101.
Destination Port
Mirror Test Port Name: port1.0.22
Mirror option: Enabled
Mirror direction: both
Monitored Port Name: port1.0.1
Mirror Test Port Name: port1.0.22
Mirror option: Enabled
Mirror direction: receive
Monitored Port Name: port1.0.4
Source Port
Destination Port
Source Port
Figure 101. SHOW MIRROR Command
The fields are described in Table 45.
Table 45. SHOW MIRROR Command
Parameter
472
Description
Mirror Test Port Name
The destination port of the port mirror. The
switch can have only one destination port.
Mirror option:
The status of the port mirror on the source
port. This is always enabled.
AT-8100 Switch Command Line User’s Guide
Table 45. SHOW MIRROR Command (Continued)
Parameter
Mirror direction
Monitored Port Name
Description
The packets to be mirrored to the
destination port. The states are listed
here:

Receive - The ingress packets of the
source port are mirrored to the
destination port.

Transmit - The egress packets of the
source port are mirrored to the
destination port.

Both - Both the ingress and egress
packets of the source port are
mirrored to the destination port.
A source port of the port mirror.
If you are using the port mirror with access control lists to copy subsets of
ingress packets on source ports, the SHOW MIRROR command displays
only the destination port of the copied traffic. Here is an example.
Mirror-To-Port Name: port1.0.11
Figure 102. SHOW MIRROR Command and Access Control Lists
To view the access control lists and their port assignments, use “SHOW
ACCESS-LIST” on page 1631 and “SHOW INTERFACE ACCESSGROUP” on page 1633, respectively.
Example
The following example displays the source and destination ports of the
port mirror on the switch:
awplus# show mirror
473
Chapter 28: Port Mirror Commands
474
Chapter 29
DHCP Relay Overview

“Overview” on page 476

“Configuring the DHCP Relay Agent” on page 480
475
Chapter 29: DHCP Relay Overview
Overview
The switch has a DHCP relay agent to relay BOOTP messages between
clients and DHCP or BOOTP servers.
A client that transmits a request for an IP configuration to a DHCP or
BOOTP server has to send the request as a broadcast packet because it
does not know the IP address of the server. This can present a problem
when a client and DHCP or BOOTP server reside on different subnets,
because broadcast packets do not cross subnet boundaries. One possible
solution is to have a DHCP or BOOTP server on each subnet where there
are clients, though this could be problematic if there happen to be many
subnets. Another solution is to use a DHCP relay agent, which transfers
client requests across subnet boundaries.
The relay agent does more than simply forward BOOTP requests from
clients to servers. It modifies the requests so that, from the perspective of
the server, it becomes the originator of the request. The responses from
the servers are directed to the agent, which sends the messages on to the
clients as either broadcast or unicast packets, depending on the
requirements of the clients.
To implement the DHCP relay agent on the switch, you need to be familiar
with routing interfaces, which route packets between different local
subnets on the switch in the IPv4 packet routing feature. Each routing
interface functions as the DHCP relay agent for the clients in its subnet,
forwarding BOOTP requests from the clients and responses from the
servers.
If you will be using the IPv4 packet routing feature on all the local subnets,
then, by default, all of the clients will have access to a DHCP relay agent
because each subnet will have a routing interface. However, if IPv4 packet
routing will be limited to some but not all the local subnets of the switch,
then only those BOOTP requests from clients on a subnet with a routing
interface can be forwarded by a DHCP relay agent.
Here is an overview of the process. When a routing interface receives a
BOOTP request with a value of 0.0.0.0 in the gateway (giaddr) field in the
packet, it assumes the request originated from a client on its subnet. In
response, it replaces the value in the field with its IP address and forwards
the packet on to the server. If more than one IP address of DHCP or
BOOTP servers are specified on the switch, the interface sends the same
request to each server. If the client and server reside on the same subnet,
the routing interface does not forward the request.
If an interface receives a BOOTP request with a non-zero value in the
gateway field, it assumes the client who originated the request resides on
another subnet, and so routes the request as a unicast packet without any
change, other than incrementing the hop count.
476
AT-8100 Switch Command Line User’s Guide
A routing interface that receives a BOOTP reply from a server inspects the
broadcast flag field in the packet to determine whether the client, in its
original request to the server, set this flag to signal that the response must
be sent as a broadcast datagram. Some older nodes have this
dependency. If the flag is not set, the routing interface forwards the packet
to the originating client as a unicast packet. If the flag is set, the packet is
forwarded as a broadcast by the interface.
You configure the BOOTP relay agent on the switch by specifying the IP
address of the BOOTP server on your network with the ADD BOOTP
RELAY command. You can enter up to eight BOOTP or DHCP servers.
The IP addresses apply to all the routing interfaces on the switch. BOOTP
requests are forwarded to all the specified servers, simultaneously.
You activate the BOOTP relay agent on the switch with the ENABLE
BOOTP RELAY command. As soon as the agent is enabled the routing
interfaces begin to forward BOOTP requests from the clients. Activating
the client applies to all routing interfaces on the switch. You cannot
activate the agent on some interfaces and not on others. The default
setting for the agent on the switch is disabled.
To view the status of the agent and the IP addresses of the servers, use
the SHOW BOOTP RELAY command.
These guidelines apply to the DHCP relay agent:
DHCP Relay
Agent Option 82

You can specify up to five DHCP or BOOTP servers on the switch.

Because both BOOTP and DHCP use BOOTP messages, the
DHCP relay agents can relay both their packets.

The relay agent supports IPv4 address interfaces, but not IPv6
address interfaces.
The DCHP option-82 feature enables the switch to insert extra information
into the DHCP packets it relays. This information enables more accurate
identification of a subscriber, as it states which switch port on which relay
switch the subscriber is connected to. The information is stored in a
specific optional field in the DHCP packet, namely, the agent-information
field, which has option ID 82.
The DHCP relay agent inserts the option 82 information into the DHCP
packets that it is relaying to a DHCP server. DHCP servers that are
configured to recognize option 82 may use the information to implement IP
addresses, or other parameter assignment policies, based on the network
location of the client device. Alternatively, the server can simply log this
information to create a detailed audit trail of the locations of the clients to
which given addresses were allocated at given times.
To set the DHCP relay option 82, refer to “Configuring the DHCP Relay
Option 82” on page 483
477
Chapter 29: DHCP Relay Overview
Client Requests
with Option 82
The previous discussion deals with cases where DHCP requests do not
already contain option-82 information. However, it is possible that the
requests arriving from the clients to the relay agent could already contain
option-82 information. There are two main circumstances in which this can
occur:
1. A client is maliciously inserting bogus information into the packet in an
attempt to subvert the process of identifying the client’s location
2. A layer-2 DHCP snooping switch, that sits between the clients and the
DCHP relay, is validly inserting the option-82 information into the
packets. The DHCP snooping switch is not acting as a relay agent, so
it is not filling in the giaddr field (the relay IP address field) in the
packet; it is only inserting the option-82 information.
In case 1, you would want to drop the packets that contain the bogus
information (or, at least remove the bogus information). In case 2, you
would want to forward the valid information to the DHCP server.
To configure the switch to check for the presence of option-82 information
in incoming DHCP requests, configure DHCP-relay agent-option
checking, with the command (in interface mode), use “IP DHCP-RELAY
AGENT-OPTION CHECKING” on page 491.
By default, this will cause the switch to act as follows:

If the incoming DHCP request has a null IP address (0.0.0.0) in the
giaddr field, and contains option-82 information, drop the packet.
This assumes that such a packet has been maliciously created by
a client.

If an incoming DHCP request has a non-null in the giaddr field, and
contains option-82 information, then replace the option-82 field
with the current switch’s own information. This assumes that a
non-null giaddr field indicates that the packet has already passed
through a valid DHCP relay device, and so the presence of the
option-82 information is not an indication of malicious intent.
The action taken on packets that have a null giaddr field and an option-82
field present cannot be altered once the agent-option check has been
enabled. But, the action taken on packets with a non-null giaddr field and
an option-82 field can be configured. The command to configure this
action is “IP DHCP-RELAY INFORMATION POLICY” on page 492.
478
AT-8100 Switch Command Line User’s Guide
The possible actions are listed here:
DHCP Relay
Agent Option 82
Maximum
Message Length

Leave the existing option-82 field untouched

Append its own option-82 field after the existing field

Drop the packet

Replace the existing option-82 information with its own (the
default).
When a DHCP relay agent (that has the option 82 insertion enabled)
receives a request packet from a DHCP client, it appends the option 82
component data, and forwards the packet to the DHCP server. The DHCP
client sometimes issues packets containing pad option fields that can be
overwritten with option 82 data. Where there are insufficient pad option
fields to contain all the option 82 data, the DHCP relay increases the
packet size to accommodate the option 82 data. If the new (increased)
packet size exceeds a defined maximum length, the DHCP relay will drop
the packet. To set the maximum packet length, refer to “Configuring the
DHCP Relay Option 82” on page 483.
479
Chapter 29: DHCP Relay Overview
Configuring the DHCP Relay Agent
Here are the procedures to configuring the DHCP relay agent:
Adding the IP
Addresses of the
DHCP Servers

“Adding the IP Addresses of the DHCP Servers” on page 480

“Adding DHCP Relay to the VLANs” on page 481

“Configuring the DHCP Relay Option 82” on page 483

“Configuring the Maximum Hop Count” on page 485

“Activating or Deactivating DHCP Relay on the Switch” on page 485
The first step to configuring the relay agent is to specify the IP addresses
of the DHCP servers on your network, with the IP DHCP-RELAY
SERVER-ADDRESS command in the Global Configuration mode. You
can specify up to five addresses. This example of the command adds the
two DHCP server addresses 149.23.22.143 and 149.23.104.23 to the
relay agent.
awplus> enable
Enter the Privileged Exec mode
from the User Executive mode.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# ip dhcp-relay server-address
149.23.22.143
awplus(config)# ip dhcp-relay server-address
149.23.104.23
Specify the IP addresses of the
DHCP servers with the IP DHCPRELAY SERVER-ADDRESS
command.
awplus(config)# exit
Return to the Privileged Exec
mode.
480
AT-8100 Switch Command Line User’s Guide
awplus# show ip dhcp-relay
Confirm the IP addresses with the
SHOW IP DHCP-RELAY
command.
DHCP Relay Service is disabled
List of Interfaces:
Maximum hop count is 10
Maximum DHCP message length is 576
Insertion of Relay Agent Option is disabled
Checking if Relay Agent Option is disabled
Relay Information policy is to replace existing relay
agent information.
List of servers: 149.23.22.143, 149.23.104.23
Adding DHCP
Relay to the
VLANs
A VLAN has to have an IP address interface before you can add the
DHCP relay agent to it. The agent needs an IP address to add to the
DHCP and BOOTP requests it relays from the VLAN. So if the VLAN does
not already have an IP address interface, you have to create it before
adding the relay agent.
The command for adding an IP address interface to a VLAN is the IP
ADDRESS command in the VLAN Configuration mode. A VLAN may have
only one IP address. The format of the command is shown here:
ip address ipaddress/mask
The IPADDRESS parameter is the IPv4 management address the VLAN
is to be assigned. The address is specified in this format:
nnn.nnn.nnn.nnn
Each NNN is a decimal number from 0 to 255. The numbers must be
separated by periods.
The MASK parameter is a decimal number that represents the number of
bits, from left to right, that constitute the network portion of the address.
Here are a couple basic examples:

The decimal mask 16 is equivalent to the mask 255.255.0.0.

The decimal mask 24 is equivalent to the mask 255.255.255.0.
After assigning the VLAN an IP address interface, you may add the DHCP
relay agent to it with the IP DHCP-RELAY command. The command,
found in the VLAN Configuration mode, does not have any parameters.
Here is an example of the commands. The DHCP relay agent is assigned
to a VLAN with the VID 28 and the IP address 149.23.32.41 and mask
255.255.255.0:
481
Chapter 29: DHCP Relay Overview
awplus> enable
Enter the Privileged Exec mode
from the User Executive mode.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# interface vlan28
Enter the VLAN Configuration
mode for the VLAN.
awplus(config-if)# ip address 149.23.32.41/24
Create the IP address interface
with the IP ADDRESS command.
awplus(config-if)# ip dhcp-relay
Add the DHCP relay agent to the
VLAN.
awplus(config-if)# end
Return to the Privileged Exec
mode.
awplus# show ip interface
Confirm the IP address in the
VLAN with the SHOW IP
INTERFACE command.
Interface
VLAN28-0
IP Address
149.23.32.41
Status
admin up
awplus# show ip dhcp-relay interface vlan28
DHCP Relay on interface VLAN28-0 is enabled.
482
Protocol
down
Confirm the addition of the relay
agent to the VLAN with the SHOW
IP DHCP-RELAY command and
the INTERFACE option.
AT-8100 Switch Command Line User’s Guide
Configuring the
DHCP Relay
Option 82
Table 46 lists the commands that configure DHCP relay option 82. The
commands are located in the Global Configuration mode and apply to the
entire switch.
Table 46. DHCP Relay Option 82 Commands
To Do This Task
Use This Command
Value
Enable the DHCP relay agent to insert
its option 82 information into the
client-request packets it relays to the
DHCP servers.
IP DHCP-RELAY AGENT-OPTION
-
Stop the DHCP relay agent from
inserting its option 82 information into
the client-request packets it relays to
the DHCP servers. This is the default
setting.
NO IP DHCP-RELAY AGENTOPTION
-
Configure the DHCP relay agent to
discard DHCP requests that have
option 82 information and a null IP
address (0.0.0.0) in the giaddr fields.
IP DHCP-RELAY AGENT-OPTION
CHECKING
-
Configure the DHCP relay agent to
forward DHCP requests that have
option 82 information and a null IP
address (0.0.0.0) in the giaddr fields.
This is the default value.
NO IP DHCP-RELAY AGENTOPTION CHECKING
-
483
Chapter 29: DHCP Relay Overview
Table 46. DHCP Relay Option 82 Commands (Continued)
To Do This Task
Set the response of the DHCP relay
agent to client packets containing
option-82 information.
Use This Command
IP DHCP-RELAY INFORMATION
POLICY policy
Value
The policies are
listed here:
append - The
relay agent
appends the
option 82 field
of the packet
with its own
option 82
details.
drop - The relay
agent discards
the packet.
keep - The
relay agent
forwards the
packet without
altering the
option 82 field.
replace - The
relay agent
replaces the
existing relay
agent details in
the option 82
field with its
own details
before
forwarding the
packet. This is
the default
setting.
Specify the maximum length of the
client requests when the policy of the
DHCP relay agent is set to the append
policy.
484
IP DHCP-RELAY MAX-MESSAGELENGTH length
548 to 1472
bytes. The
default is 1400
bytes.
AT-8100 Switch Command Line User’s Guide
This example of the commands configures the DHCP agent to append its
option 82 information to the BOOTP requests, and sets the maximum
length of the client requests to 1220 bytes.
awplus> enable
awplus# configure
awplus(config) ip
awplus(config) ip
awplus(config) ip
Configuring the
Maximum Hop
Count
terminal
dhcp-relay agent-option
dhcp-relay information policy append
dhcp-relay max-message-length 1220
You may set a maximum hop count for DHCP requests. The relay agent
discards DHCP requests that have hop counts that exceed the threshold.
To set the maximum hop count, use the IP DHCP-RELAY MAXHOPS
command in the Global Configuration mode, shown here:
ip dhcp-relay maxhops maxhops
The MAXHOPS parameter specifies the maximum hop count for DHCP
requests. The range is 1 to 255 and the default is 10. This example sets
the hop count to 25:
awplus> enable
awplus# configure terminal
awplus(config) ip dhcp-relay maxhops 25
Activating or
Deactivating
DHCP Relay on
the Switch
To activate DHCP relay on the switch, enter the SERVICE DHCP-RELAY
command in the Global Configuration mode:
awplus> enable
awplus# configure terminal
awplus(config) service dhcp-relay
To disable it, enter the NO SERVICE DHCP-RELAY command:
awplus> enable
awplus# configure terminal
awplus(config) no service dhcp-relay
485
Chapter 29: DHCP Relay Overview
486
Chapter 30
DHCP Relay Commands
The DHCP relay commands are summarized in Table 47.
Table 47. DHCP Relay Commands
Command
Mode
Description
“IP DHCP-RELAY” on page 489
VLAN
Configuration
Adds the DHCP relay agent to VLANs.
“IP DHCP-RELAY AGENT-OPTION”
on page 490
Global
Configuration
Configures the DHCP relay agent to
insert its option 82 information into the
client-request packets it relays to the
DHCP servers.
“IP DHCP-RELAY AGENT-OPTION
CHECKING” on page 491
Global
Configuration
Configures the DHCP relay agent to
discard DHCP requests that have
option 82 information and a null IP
address (0.0.0.0) in the giaddr fields.
“IP DHCP-RELAY INFORMATION
POLICY” on page 492
Global
Configuration
Sets the response of the DHCP relay
agent to client packets containing
option-82 information.
“IP DHCP-RELAY MAX-MESSAGELENGTH” on page 494
Global
Configuration
Sets the maximum permitted length in
bytes of DHCP client requests.
“IP DHCP-RELAY MAXHOPS” on
page 495
Global
Configuration
Sets the hop count for DHCP
requests.
“IP DHCP-RELAY SERVERADDRESS” on page 496
Global
Configuration
Adds IP addresses of DHCP servers
to the relay agent.
“NO IP DHCP-RELAY” on page 497
VLAN
Configuration
Removes the DHCP relay agent from
VLANs to stop them from forwarding
any further DHCP requests.
“NO IP DHCP-RELAY AGENTOPTION” on page 498
Global
Configuration
Stops the DHCP relay agent from
inserting its option 82 information in
the DHCP request packets from
clients.
487
Chapter 30: DHCP Relay Commands
Table 47. DHCP Relay Commands (Continued)
Command
Mode
Description
“NO IP DHCP-RELAY AGENTOPTION CHECKING” on page 499
Global
Configuration
Configures the DHCP relay agent to
forward DHCP requests that have
option 82 information and a null IP
address (0.0.0.0) in the giaddr fields.
“NO IP DHCP-RELAY SERVERADDRESS” on page 500
Global
Configuration
Deletes the IP addresses of DHCP
servers from the relay agent.
“NO SERVICE DHCP-RELAY” on
page 501
Global
Configuration
Disables the DHCP relay agent on the
switch to stop the VLANs from
forwarding any further DHCP
requests.
“SERVICE DHCP-RELAY” on
page 502
Global
Configuration
Activates the DHCP relay agent on
the switch.
“SHOW IP DHCP-RELAY” on
page 503
Privileged Exec
Displays the settings of the DHCP
relay agent.
488
AT-8100 Switch Command Line User’s Guide
IP DHCP-RELAY
Syntax
ip dhcp-relay
Parameters
None
Mode
VLAN Configuration mode
Description
Use this command to activate the DHCP relay agent on VLANs so that
they forward DHCP requests. The VLANs must be assigned IP addresses.
Confirmation Command
“SHOW IP DHCP-RELAY” on page 503
Examples
This example activates the DHCP relay agent on the Default VLAN, which
has the VID 1:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan1
awplus(config-if)# ip dhcp-relay
This example activates DHCP relay on a VLAN with the VID 12:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan12
awplus(config-if)# ip dhcp-relay
489
Chapter 30: DHCP Relay Commands
IP DHCP-RELAY AGENT-OPTION
Syntax
ip dhcp-relay agent-option
Parameters
None
Mode
Global Configuration mode
Description
Use this command to configure the DHCP relay agent to insert its option
82 information into the client-request packets it relays to the DHCP
servers. This command must be used with “IP DHCP-RELAY
INFORMATION POLICY” on page 492.
Confirmation Command
“SHOW IP DHCP-RELAY” on page 503
Example
This example configures the DHCP relay agent to insert its option 82
information in the client-request packets:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp-relay agent-option
490
AT-8100 Switch Command Line User’s Guide
IP DHCP-RELAY AGENT-OPTION CHECKING
Syntax
ip dhcp-relay agent-option checking
Parameters
None
Mode
Global Configuration Mode
Description
Use this command to configure the DHCP relay agent to discard DHCP
requests that have option 82 information and a null IP address (0.0.0.0) in
the giaddr fields. You may use this feature to protect the network from fake
or suspicious DHCP requests.
Confirmation Command
“SHOW IP DHCP-RELAY” on page 503
Example
This example configures the DHCP relay agent to discard DHCP requests
with option 82 information and a null IP address (0.0.0.0) in the giaddr
fields:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp-relay agent-option checking
491
Chapter 30: DHCP Relay Commands
IP DHCP-RELAY INFORMATION POLICY
Syntax
ip dhcp-relay information policy policy
append|drop|keep|replace
Parameters
policy
Specifies one of the following policies:
append
The relay agent appends the option 82 field of the packet with its
own option 82 details.
drop
The relay agent discards the packet.
keep
The relay agent forwards the packet without altering the option 82
field.
replace
The relay agent replaces the existing relay agent details in the
option 82 field with its own details before forwarding the packet.
This is the default setting.
Mode
Global Configuration mode
Description
Use this command to set the response of the DHCP relay agent to client
packets containing option-82 information. This command has to be used in
combination with “IP DHCP-RELAY AGENT-OPTION” on page 490.
If you select the append policy, the relay agent overwrites any pad options
present in the packets before appending its option 82 data and, if
necessary, increases the packet length to accommodate the option 82
data.
To return the policy to the default replace policy, use the NO form of this
command.
Confirmation Command
“SHOW IP DHCP-RELAY” on page 503
492
AT-8100 Switch Command Line User’s Guide
Examples
This example selects the append policy so that the DHCP relay agent
adds its option 82 details to the existing option 82 fields in the packets:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp-relay information policy append
This example selects the keep policy so that the DHCP relay agent does
not modify the option 82 fields in the packets:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp-relay information policy keep
This example returns the policy to the replace policy:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp-relay information policy replace
493
Chapter 30: DHCP Relay Commands
IP DHCP-RELAY MAX-MESSAGE-LENGTH
Syntax
ip dhcp-relay max-message-length length
Parameters
length
Specifies the maximum length in bytes of DHCP client requests.
The range is 548 to 1472 bytes. The default is 1400 bytes.
Mode
Global Configuration
Description
Use this command to set the maximum length in bytes of DHCP client
requests.
This command is used to specify the maximum length of the client
requests when the policy of the DHCP relay agent is set to the append
policy. The append policy adds the switch’s option 82 information to the
option 82 information the clients requests already contain. If adding the
option 82 information creates a request with a length greater than that
specified with this command, the switch deletes the packet.
To return the parameter to its default setting of 1400 bytes, use the NO
form of this command.
Confirmation Command
“SHOW IP DHCP-RELAY” on page 503
Examples
This example sets the maximum DHCP request length to 578 bytes:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp-relay max-message-length 578
This example returns the maximum message length to the default 1400
bytes:
awplus> enable
awplus# configure terminal
awplus(config)# no ip dhcp-relay max-message-length
494
AT-8100 Switch Command Line User’s Guide
IP DHCP-RELAY MAXHOPS
Syntax
ip dhcp-relay maxhops maxhops
Parameters
maxhops
Specifies the maximum hop count for DHCP requests. The range
is 1 to 255.
Mode
Global Configuration Class
Description
Use this command to set the hop count for DHCP requests. The relay
agent discards DHCP requests that have hop counts that exceed the
threshold.
To return the parameter to its default setting of 10 hop counts, use the NO
form of this command.
Confirmation Command
“SHOW IP DHCP-RELAY” on page 503
Examples
This example sets the maximum hop count to 25:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp-relay maxhops 25
This example returns the maximum hop count to the default 10 hops:
awplus> enable
awplus# configure terminal
awplus(config)# no ip dhcp-relay maxhops
495
Chapter 30: DHCP Relay Commands
IP DHCP-RELAY SERVER-ADDRESS
Syntax
ip dhcp-relay server-address ipaddress
Parameters
ipaddress
Specifies the IP address of a DHCP server. You may specify only
one IP address at a time with this command.
Mode
Global Configuration mode
Description
Use this command to add the IP addresses of DHCP servers to the relay
agent. The agent can have up to five addresses, but you may add only
one address at a time with this command.
Confirmation Command
“SHOW IP DHCP-RELAY” on page 503
Example
This example adds the IP address 149.22.12.56 of a DHCP server to the
relay agent:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp-relay server-address 149.22.12.56
496
AT-8100 Switch Command Line User’s Guide
NO IP DHCP-RELAY
Syntax
no ip dhcp-relay
Parameters
None
Mode
VLAN Configuration mode
Description
Use this command to remove the DHCP relay agent from VLANs to stop
them from forwarding any further DHCP requests.
Confirmation Command
“SHOW IP DHCP-RELAY” on page 503
Examples
This example removes the DHCP relay agent from the Default VLAN,
which has the VID 1:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan1
awplus(config-if)# no ip dhcp-relay
This example removes the DHCP relay agent from a VLAN with the VID
23:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan23
awplus(config-if)# no ip dhcp-relay
497
Chapter 30: DHCP Relay Commands
NO IP DHCP-RELAY AGENT-OPTION
Syntax
no ip dhcp-relay agent-option
Parameters
None
Mode
Global Configuration mode
Description
Use this command to stop the DHCP relay agent from inserting its option
82 information into the client-request packets it relays to the DHCP
servers.
Confirmation Command
“SHOW IP DHCP-RELAY” on page 503
Example
This example stops the DHCP relay agent from inserting its option 82
information in the client-request packets:
awplus> enable
awplus# configure terminal
awplus(config)# no ip dhcp-relay agent-option
498
AT-8100 Switch Command Line User’s Guide
NO IP DHCP-RELAY AGENT-OPTION CHECKING
Syntax
no ip dhcp-relay agent-option checking
Parameters
None
Mode
Global Configuration Mode
Description
Use this command to configure the DHCP relay agent to forward DHCP
requests that have option 82 information and a null IP address (0.0.0.0) in
the giaddr fields.
Confirmation Command
“SHOW IP DHCP-RELAY” on page 503
Example
This example configures the DHCP relay agent to forward DHCP requests
with option 82 information and a null IP address (0.0.0.0) in the giaddr
fields:
awplus> enable
awplus# configure terminal
awplus(config)# no ip dhcp-relay agent-option checking
499
Chapter 30: DHCP Relay Commands
NO IP DHCP-RELAY SERVER-ADDRESS
Syntax
no ip dhcp-relay server-address ipaddress
Parameters
ipaddress
Specifies the IP address of a DHCP server. You may specify only
one IP address.
Mode
Global Configuration mode
Description
Use this command to delete the IP addresses of the DHCP servers from
the relay agent. You may delete only one address at a time with this
command. To display the IP addresses, refer to “SHOW IP DHCPRELAY” on page 503.
Confirmation Command
“SHOW IP DHCP-RELAY” on page 503
Example
This example deletes the IP address 214.154.35.78 of a DHCP server
from the relay agent:
awplus> enable
awplus# configure terminal
awplus(config)# no ip dhcp-relay server-address
214.154.35.78
500
AT-8100 Switch Command Line User’s Guide
NO SERVICE DHCP-RELAY
Syntax
no service dhcp-relay
Parameters
None
Mode
Global Configuration mode
Description
Use this command to disable the DHCP relay agent on the switch to stop
the VLANs from forwarding any further DHCP requests.
Confirmation Command
“SHOW IP DHCP-RELAY” on page 503
Example
This example disables the DHCP relay agent:
awplus> enable
awplus# configure terminal
awplus(config)# no service dhcp-relay
501
Chapter 30: DHCP Relay Commands
SERVICE DHCP-RELAY
Syntax
service dhcp-relay
Parameters
None
Mode
Global Configuration mode
Description
Use this command to activate the DHCP relay agent on the switch.
Confirmation Command
“SHOW IP DHCP-RELAY” on page 503
Example
This example activates the DHCP relay agent:
awplus> enable
awplus# configure terminal
awplus(config)# service dhcp-relay
502
AT-8100 Switch Command Line User’s Guide
SHOW IP DHCP-RELAY
Syntax
show ip dhcp-relay [interface vlanid]
Parameters
vlanid
Specifies a VLAN ID number, such as vlan1. You may specify only
one VLAN.
Mode
Privileged Exec mode
Description
Use this command to view the settings of the DHCP relay agent.
Figure 103 is an example of the information.
DHCP Relay Service is enabled
List of Interfaces:
Maximum hop count is 10
Maximum DHCP message length is 576
Insertion of Relay Agent Option is disabled
Checking if Relay Agent Option is disabled
Relay Information policy is to replace existing relay
agent information.
List of servers: 149.187.132.21, 149.187.132.56
Figure 103. SHOW IP DHCP-RELAY Command
The fields are defined in Table 48.
Table 48. SHOW IP DHCP-RELAY Command
Field
Definition
DHCP Relay
Service
The enabled or disabled status of the agent. The
status is controlled with “SERVICE DHCPRELAY” on page 502 and “NO SERVICE DHCPRELAY” on page 501.
Maximum hop
count
The hop count for discarding DHCP request
messages from clients. The parameter is
controlled with “IP DHCP-RELAY MAXHOPS” on
page 495.
503
Chapter 30: DHCP Relay Commands
Table 48. SHOW IP DHCP-RELAY Command (Continued)
Field
Definition
Maximum DHCP
message length
The maximum length permitted for DHCP
requests from clients when the policy is set to the
append policy. This parameter is set with “IP
DHCP-RELAY MAX-MESSAGE-LENGTH” on
page 494
Insertion of Relay
Agent Option
The status of adding the switch’s option 82
information into the client DHCP requests. This
parameter is configured with “IP DHCP-RELAY
AGENT-OPTION” on page 490 and “NO IP
DHCP-RELAY AGENT-OPTION” on page 498.
Checking if Relay
Agent Option
The status of whether or not the switch discards
DHCP requests that have option 82 information
and a null IP address (0.0.0.0) in the giaddr fields.
This is configured with “IP DHCP-RELAY
AGENT-OPTION CHECKING” on page 491 and
“NO IP DHCP-RELAY AGENT-OPTION
CHECKING” on page 499.
Relay Information
policy
The response of the DHCP relay agent to client
packets containing option-82 information. This
parameter is controlled with “IP DHCP-RELAY
INFORMATION POLICY” on page 492.
List of servers
The IP addresses of the DHCP servers. The IP
addresses are added and removed with “IP
DHCP-RELAY SERVER-ADDRESS” on
page 496 and “NO IP DHCP-RELAY SERVERADDRESS” on page 500, respectively.
The INTERFACE option may be used to determine the status of the agent
on the VLANs. The status is either is enabled or disabled. (The agent is
enabled and disabled on the VLANs with “IP DHCP-RELAY” on page 489
and “NO IP DHCP-RELAY” on page 497.)
Examples
This example displays the settings of the DHCP relay agent on the switch:
awplus> enable
awplus# show ip dhcp-relay
This example displays the status of the DHCP relay agent on a VLAN with
the VID 5:
awplus> enable
awplus# show ip dhcp-relay interface vlan5
504
Chapter 31
Group Link Control
This chapter provides the following sections:

“Overview” on page 506

“Guidelines” on page 514

“Configuration Examples” on page 515
505
Chapter 31: Group Link Control
Overview
Group link control is designed to improve the effectiveness of the
redundant systems in a network. It enables the switch to alert network
devices about problems they might not otherwise detect or respond to, so
that they can implement their redundant systems, automatically.
The feature works by duplicating the link states of ports on other ports. If a
port does not have a link or loses a link, the switch duplicates the link state
on one or more other ports by disabling them.
To use the feature, you create groups of ports. The ports in a group are
referred to as upstream and downstream ports. In networking parlance,
the term “upstream” points towards a network core and “downstream”
points towards the edge of a network. So an upstream port would be
connected to a device at or towards the core of a network while a
downstream port would be connected to a device at or leading to the edge
of a network.
These definitions may or may not apply to the ports in the groups you
create with group link control. It all depends on how you use the feature. In
some cases, the upstream port of a group will indeed be connected to a
device that leads to a network core while the downstream port is
connected to a different device at or towards the edge of a network. But in
other cases, this might not be true because the ports are connected to the
same device.
Instead, it might be better to think of the upstream port of a group as the
control port because it determines the possible link states of the
downstream port. The switch allows the downstream port in a group to
establish a link to its network device only if the upstream port already has
a link to a network node. If the upstream port does not have a link or loses
its link, the switch disables the downstream port to prevent it from
establishing a link. This notifies the device connected to the downstream
port that there is no connectivity on the upstream port.
There are two basic approaches to using this feature. One approach is to
create groups of ports that lead to different devices on the switch. This
approach is useful with network servers. The second approach is to group
ports that go to the same device. This is useful with static port trunks and
LACP trunks in a spanning tree topology.
It should be noted that group link control does not control the switching of
packets within the switch. It is just about the link states of the ports and
about transferring the states to other ports. This feature is illustrated in the
following figures.
506
AT-8100 Switch Command Line User’s Guide
In the first diagram a server with two teamed network adapter cards is
connected to different switches, with the active link to switch 3. If there is a
failure on the active link, the server can detect it directly and would
respond by automatically transferring the traffic to the redundant network
interface and the secondary path, which leads to switch 4.
Figure 104. Group Link Control Example 1
But if the failure occurs further upstream between switches 1 and 3, as
shown in Figure 105 on page 508, the server, unaware of the problem,
loses connectivity to the network. It continues to transmit packets to switch
3, which discards the packets.
507
Chapter 31: Group Link Control
Figure 105. Group Link Control Example 2
With group link control you can address this problem by creating on switch
3 a group of the two ports that connect to switch 1 and the server. Thus,
any change to the link state of the port connected to switch 1 is
automatically transferred to the port connected to the server.
Assume that switch 3 is connected to switch 1 with port 17 and to the
server with port 24, as shown in Figure 106 on page 509. If you group the
two ports with group link control such that port 17 is the upstream or
control port of the group and port 24 is the downstream port, a loss of the
link on port 17 causes the switch to disable port 24, dropping the
connection to the server. The server, having lost connectivity to switch 3,
responds by activating its alternate network interface and transferring the
traffic to switch 4.
508
AT-8100 Switch Command Line User’s Guide
Figure 106. Group Link Control Example 3
When a link on an upstream port is reestablished, the switch automatically
reactivates the downstream counterpart. Referring to the example, when
the link on port 17 is reestablished, the switch enables port 24 again.
A link control group can have more than one upstream or downstream
port. This enables it to support static port trunks and LACP trunks. When a
group has two or more upstream ports, all of the upstream ports must lose
connectivity before the switch disables the downstream ports. This is
illustrated in Figure 107 on page 510 where a link control group on switch
3 has two upstream ports, ports 17 and 20, and two downstream ports,
port 24 and 25. If connectivity is lost on just port 17, the downstream ports
are not disabled.
509
Chapter 31: Group Link Control
Figure 107. Group Link Control Example 4
If connectivity is lost on both ports 17 and 20, the downstream ports 24
and 25 are disabled.
Figure 108. Group Link Control Example 5
In the previous examples, the ports of the groups on the switch are
connected to different devices, making it possible for downstream devices
to know whether or not there are links to upstream devices. Another
510
AT-8100 Switch Command Line User’s Guide
approach is to create groups in which the ports are connected to the same
network node. This is useful in network topologies where redundant static
port trunks or LACP trunks are controlled by the spanning tree protocol. If
a primary trunk loses bandwidth capacity because connectivity is lost on
one or more of the links and there is a redundant trunk held in the blocking
state by the spanning tree protocol, it may be advantageous to shut down
an impaired trunk and activate a redundant trunk, to restore full bandwidth.
This is illustrated in this figure. Switch 1 and switch 3 are connected with a
static or LACP trunk of three links. A backup trunk from switch 2 to switch
3 is placed in the blocking state by the spanning tree protocol to prevent a
network loop.
Figure 109. Group Link Control Example 6
Let’s assume you want switch 3 to shutdown the primary trunk to switch 1
if the active trunk loses one link. For this you would create a series of
groups to cover all of the possible combinations. Each port is designated
as an uplink port in one group and a downstream port in the other groups.
There are three possible combinations, as shown in this table. The order
of the groups is unimportant.
Table 49. Link Control Groups on Switch 3 in Example 6
Link Control
Group
Upstream Port
Downstream Ports
1
7
8, 9
2
8
7, 9
511
Chapter 31: Group Link Control
Table 49. Link Control Groups on Switch 3 in Example 6
Link Control
Group
3
Upstream Port
9
Downstream Ports
7, 8
Only one group has to be true for the switch to shut down the ports of the
trunk. If, for instance, port 8 loses connectivity, making group 2 true, the
switch shuts down ports 7 and 9. When connectivity is restored on port 8,
it enables ports 7 and 9 again.
In this example the primary and backup trunks have four links each.
Figure 110. Group Link Control Example 7
If you want switch 3 to shutdown the primary trunk if two links are lost, you
create six groups to cover all of the possible combinations. The groups are
listed in Table 50 on page 513. As mentioned previously, only one of the
groups has to be true for the switch to disable the remaining ports in the
trunk. For instance, a loss of connectivity on ports 8 and 10 makes group 5
true, causing the switch to disable ports 7 and 9, which shuts down the
trunk. If a link is reestablished on either port 8 or 10, the switch activates
ports 7 and 9 again.
512
AT-8100 Switch Command Line User’s Guide
Table 50. Link Control Groups on Switch 3 in Example 7
Link Control
Group
Upstream
Ports
Downstream
Ports
1
7, 8
9, 10
2
8, 9
7, 10
3
9, 10
7, 8
4
7, 9
8, 10
5
8, 10
7, 9
6
7, 10
8, 9
513
Chapter 31: Group Link Control
Guidelines
Here are the guidelines to group link control:
514

The switch or stack can support up to eight groups.

A group can have any number of ports, up to the total number of
ports on the switch.

Ports can be members of more than one group. Ports can also be
upstream and downstream ports in different groups. Ports,
however, cannot be both upstream and downstream ports in the
same group.

When creating a new group, add the upstream ports before the
downstream ports. Otherwise, the switch will disable the
downstream ports.

Group link control passes the link states of the upstream ports to
the downstream ports, but not the reverse. Changes to the states
of the downstream ports are not transferred to the upstream ports.

A group is active as soon as you create it.

The downstream ports of a new group immediately stop forwarding
traffic if the upstream ports do not have links.

When a downstream port is disabled by group link control, it
remains in that state until the upstream port of the group
establishes a link to a network device or you remove the
downstream port from the group, or delete the group, and issue the
NO SHUTDOWN command on the port. For instructions, refer to
“Enabling or Disabling Ports” on page 180 or “NO GROUP-LINKCONTROL” on page 524.

You cannot prioritize the groups on the switch.
AT-8100 Switch Command Line User’s Guide
Configuration Examples
Table 51 lists the group link control commands.
Table 51. Group Link Control Commands
To Do This Task
Use This Command
Range
Create groups.
GROUP-LINK-CONTROL group_id
1 to 8
Add upstream ports.
GROUP-LINK-CONTROL
UPSTREAM group_id
1 to 8
Add downstream ports.
GROUP-LINK-CONTROL
DOWNSTREAM group_id
1 to 8
Remove upstream ports.
NO GROUP-LINK-CONTROL
UPSTREAM group_id
1 to 8
Remove downstream ports.
NO GROUP-LINK-CONTROL
DOWNSTREAM group_id
1 to 8
Display the groups.
SHOW GROUP-LINK-CONTROL
[group_id]
1 to 8
Here are a few examples on how to configure the feature. The first
example configures the group in Figure 106 on page 509 in which port 17
is the upstream port and port 24 is the downstream port. To create the
group and verify the configuration, you enter:
awplus> enable
Enter the Privileged Executive
mode from the User Executive
mode.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# group-link-control 1
Create the new group with the
GROUP-LINK-CONTROL
command.
awplus(config)# interface port1.0.17
Move to the Port Interface mode
for port 17.
awplus(config-if)# group-link-control upstream 1
Add port 17 as the upstream port
to the group. (You should always
add the upstream ports to a new
group before the downstream
ports.)
515
Chapter 31: Group Link Control
awplus(config-if)# interface port1.0.24
Move to the Port Interface mode
for port 24.
awplus(config-if)# group-link-control downstream 1
Add port 24 as the downstream
port to the group.
awplus(config-if)# end
Return to the Privileged Exec
mode.
awplus# show group-link-control
Display the group to verify its
configuration.
This example creates the three groups in Table 49 on page 511, for a
static or LACP trunk. Each port is an upstream port in one group and a
downstream port in the other groups so that the switch shuts down the
trunk if any port loses its link. To create the three groups, you enter:
awplus> enable
Enter the Privileged Executive
mode from the User Executive
mode.
awplus# configure terminal
Enter the Global Configuration
mode.
awplus(config)# group-link-control 1
awplus(config)# group-link-control 2
awplus(config)# group-link-control 3
Create the three groups with the
GROUP-LINK-CONTROL
command.
awplus(config)# interface port1.0.7
Move to the Port Interface mode
for port 7.
awplus(config-if)# group-link-control upstream 1
awplus(config-if)# group-link-control downstream 2
awplus(config-if)# group-link-control downstream 3
Add port 7 as an upstream port
to group 1 and a downstream
port to groups 2 and 3.
awplus(config-if)# interface port1.0.8
Move to the Port Interface mode
for port 8.
awplus(config-if)# group-link-control upstream 2
awplus(config-if)# group-link-control downstream 1
awplus(config-if)# group-link-control downstream 3
Add port 8 as an upstream port
to group 2 and a downstream
port to groups 1 and 3.
awplus(config-if)# interface port1.0.9
Move to the Port Interface mode
for port 9.
awplus(config-if)# group-link-control upstream 3
awplus(config-if)# group-link-control downstream 1
awplus(config-if)# group-link-control downstream 2
Add port 9 as an upstream port
to group 3 and a downstream
port to groups 1 and 2.
awplus(config-if)# end
Return to the Privileged Exec
mode.
516
AT-8100 Switch Command Line User’s Guide
awplus# show group-link-control
Display the groups to verify their
configurations.
ID ...............................
Status ...........................
Downstream (Link) Ports(s) .......
Upstream (Member) Ports(s) .......
1
Down
port1.0.8-port1.0.9
port1.0.7
ID ...............................
Status ...........................
Downstream (Link) Ports(s) .......
Upstream (Member) Ports(s) .......
2
Down
port1.0.7-port1.0.9
port1.0.8
ID ...............................
Status ...........................
Downstream (Link) Ports(s) .......
Upstream (Member) Ports(s) .......
3
Down
port1.0.7-port1.0.8
port1.0.9
517
Chapter 31: Group Link Control
518
Chapter 32
Group Link Control Commands
The group link control commands are summarized in the following table
and described in detail within the chapter.
Table 52. Group Link Control Commands
Command
Mode
Description
“GROUP-LINK-CONTROL” on
page 520
Global
Configuration
Creates groups.
“GROUP-LINK-CONTROL
DOWNSTREAM” on page 521
Port Interface
Adds downstream ports to groups.
“GROUP-LINK-CONTROL
UPSTREAM” on page 523
Port Interface
Adds upstream ports to groups.
“NO GROUP-LINK-CONTROL” on
page 524
Global
Configuration
Deletes groups.
“NO GROUP-LINK-CONTROL
DOWNSTREAM” on page 525
Port Interface
Removes downstream ports from
groups.
“NO GROUP-LINK-CONTROL
UPSTREAM” on page 526
Port Interface
Removes upstream ports from
groups.
“SHOW GROUP-LINK-CONTROL” on
page 527
Privileged Exec
Displays the groups.
519
Chapter 32: Group Link Control Commands
GROUP-LINK-CONTROL
Syntax
group-link-control group_id
Parameter
group_id
Specifies the ID number of a new group. The range is 1 and 8. You
can create only one group at a time.
Mode
Global Configuration mode
Description
Use this command to create new groups for group link control. To add
ports to groups, refer to “GROUP-LINK-CONTROL DOWNSTREAM” on
page 521 and “GROUP-LINK-CONTROL UPSTREAM” on page 523.
Use the NO form of this command to delete groups.
Confirmation Command
“SHOW GROUP-LINK-CONTROL” on page 527
Example
This example creates a group with the ID 1:
awplus> enable
awplus# configure terminal
awplus(config)# group-link-control 1
520
AT-8100 Switch Command Line User’s Guide
GROUP-LINK-CONTROL DOWNSTREAM
Syntax
group-link-control downstream group_id
Parameter
group_id
Specifies a group ID number. The range is 1 and 8. The group
must already exist.
Mode
Port Interface mode
Description
Use this command to add downstream ports to groups in group link
control. You may add more than one port at a time. The group must
already exist. For instructions on how to create groups, refer to “GROUPLINK-CONTROL” on page 520.
Note
When creating a group on an active switch, you should add the
upstream ports first to prevent group link control from disabling the
downstream ports. If you add downstream ports to a group that does
not have any upstream ports or whose upstream ports do not have
links to network devices, group link control immediately disables the
downstream ports.
Use the NO form of this command to remove downstream ports from
groups.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Examples
This example adds port 11 as a downstream port to group ID 2:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11
awplus(config-if)# group-link-control downstream 2
521
Chapter 32: Group Link Control Commands
This example adds ports 15 and 16 as downstream ports to group ID 3:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15-port1.0.16
awplus(config-if)# group-link-control downstream 3
522
AT-8100 Switch Command Line User’s Guide
GROUP-LINK-CONTROL UPSTREAM
Syntax
group-link-control upstream group_id
Parameter
group_id
Specifies a group ID number. The range is 1 and 8. The group
must already exist.
Mode
Port Interface mode
Description
Use this command to add upstream ports to groups in group link control.
You may add more than one port at a time. The group must already exist.
For instructions on how to create groups, refer to “GROUP-LINKCONTROL” on page 520.
Use the NO form of this command, NO GROUP-LINK-CONTROL
UPSTREAM, to remove upstream ports from groups.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Examples
This example adds port 5 as an upstream port to group ID 4:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5
awplus(config-if)# group-link-control upstream 4
This example assigns ports 20 through 22 as upstream ports to group ID
8:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.20-port1.0.22
awplus(config-if)# group-link-control upstream 8
523
Chapter 32: Group Link Control Commands
NO GROUP-LINK-CONTROL
Syntax
no group-link-control group_id
Parameters
group_id
Specifies the ID number of the group to be deleted. The range is 1
and 8. You can delete only one group at a time.
Mode
Global Configuration mode
Description
Use this command to delete groups from group link control.
Note
Downstream ports that group link control has disabled remain
disabled even after a group is deleted. To manually activate them,
use the NO SHUTDOWN command. For instructions, refer to
“Enabling or Disabling Ports” on page 180 or “NO SHUTDOWN” on
page 216.
Confirmation Command
“SHOW GROUP-LINK-CONTROL” on page 527
Example
This example deletes the group with ID 2:
awplus> enable
awplus# configure terminal
awplus(config)# no group-link-control 2
524
AT-8100 Switch Command Line User’s Guide
NO GROUP-LINK-CONTROL DOWNSTREAM
Syntax
no group-link-control group downstream group_id
Parameter
group_id
Specifies a group ID number. The range is 1 and 8. The group
must already exist.
Mode
Port Interface mode
Description
Use this command to remove downstream ports from groups in group link
control. You may remove more than one port at a time from groups.
Note
Downstream ports that group link control has disabled remain
disabled when removed from a group. To manually activate the
ports, use the NO SHUTDOWN command. For instructions, refer to
“Enabling or Disabling Ports” on page 180 or “NO SHUTDOWN” on
page 216.
Confirmation Command
“SHOW GROUP-LINK-CONTROL” on page 527
Examples
This example removes downstream port 3 from group ID 5:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.3
awplus(config-if)# no group-link-control downstream 5
This example removes downstream ports 14 and 15 from group ID 7:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.14,port1.0.15
awplus(config-if)# no group-link-control downstream 7
525
Chapter 32: Group Link Control Commands
NO GROUP-LINK-CONTROL UPSTREAM
Syntax
no group-link-control upstream group_id
Parameter
group_id
Specifies a group ID number. The range is 1 and 8.
Mode
Port Interface mode
Description
Use this command to remove upstream ports from groups.
Note
Removing all of the upstream ports from a group disables the
downstream ports.
Confirmation Command
“SHOW GROUP-LINK-CONTROL” on page 527
Examples
This example removes upstream port 15 from group ID 3:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15
awplus(config-if)# no group-link-control upstream 3
This example removes upstream ports 12 and 13 from group ID 8:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.12-port1.0.13
awplus(config-if)# no group-link-control upstream 8
526
AT-8100 Switch Command Line User’s Guide
SHOW GROUP-LINK-CONTROL
Syntax
show group-link-control [group_id]
Parameters
group_id
Specifies a group ID number. The range is 1 and 8.
Mode
Privileged Exec mode
Description
Use this command to display the groups in group link control. Figure 111 is
an example of the information.
ID...........................................1
Status.......................................Up
Downstream (Link) Port(s)....................port1.0.22-port1.0.24
Upstream (Member) Port(s)....................port1.0.20-port1.0.22
ID...........................................2
Status.......................................Up
Downstream (Link) Port(s)....................port1.0.7
Upstream (Member) Port(s)....................port1.0.9
ID...........................................3
Status.......................................Down
Downstream (Link) Port(s)....................port1.0.11,port1.0.14
Upstream (Member) Port(s)....................port1.0.5
Figure 111. SHOW GROUP-LINK-CONTROL Command
The fields are defined in Table 53.
Table 53. SHOW GROUP-LINK-CONTROL Command
Field
ID
Definition
The group ID number.
527
Chapter 32: Group Link Control Commands
Table 53. SHOW GROUP-LINK-CONTROL Command (Continued)
Field
Status
Definition
The status of the group. The possible states are
listed here:

Suspended - The group has no ports or has
either upstream or downstream ports, but not
both.

Down - The group has upstream and
downstream ports, but they do not have links
to network devices. In the case of
downstream ports, it may be because group
link control disabled them because the
upstream ports do not have links to network
devices.

Up - The upstream and downstream ports
have links to network devices.
Downstream (Link)
Port(s)
The downstream ports.
Upstream
(Member) Port(s)
The upstream ports.
Examples
This example displays all of the groups on the switch:
awplus> enable
awplus# show group-link-control
This example displays group ID 7:
awplus> enable
awplus# show group-link-control 7
528
Chapter 33
Multicast Commands
The multicast commands are summarized in Table 54.
Table 54. Multicast Commands
Command
Mode
Description
“NO SWITCHPORT BLOCK
EGRESS-MULTICAST” on page 530
Port Interface
Resumes forwarding egress multicast
packets on ports.
“NO SWITCHPORT BLOCK
INGRESS-MULTICAST” on page 531
Port Interface
Resumes forwarding ingress multicast
packets on ports.
“SWITCHPORT BLOCK EGRESSMULTICAST” on page 532
Port Interface
Blocks egress multicast packets on
ports.
“SWITCHPORT BLOCK INGRESSMULTICAST” on page 533
Port Interface
Blocks ingress multicast packets on
ports.
529
Chapter 33: Multicast Commands
NO SWITCHPORT BLOCK EGRESS-MULTICAST
Syntax
no switchport block egress-multicast
Parameters
None
Mode
Port Interface mode
Description
Use this command to resume forwarding of egress multicast packets on
ports. By default, this is the default setting on all of the ports on the switch.
Confirmation Command
“SHOW INTERFACE” on page 226
Example
This example resumes forwarding of egress multicast packets on port 19:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.19
awplus(config-if)# no switchport block egress-multicast
530
AT-8100 Switch Command Line User’s Guide
NO SWITCHPORT BLOCK INGRESS-MULTICAST
Syntax
no switchport block ingress-multicast
Parameters
None
Mode
Port Interface mode
Description
Use this command to resume forwarding of ingress multicast packets on
ports.
Confirmation Command
“SHOW INTERFACE” on page 226
Example
This example resumes forwarding of ingress multicast packets on ports 2
and 8:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.2,port1.0.8
awplus(config-if)# no switchport block ingress-multicast
531
Chapter 33: Multicast Commands
SWITCHPORT BLOCK EGRESS-MULTICAST
Syntax
switchport block egress-multicast
Parameters
None
Mode
Port Interface mode
Description
Use this command to block egress multicast packets on ports. By default,
all ports on the switch are set to allow multicast packets.
Note
This feature does not block multicast packets that have reserved
multicast addresses in the range of 01:80:C2:00:00:00 to
01:80:C2:00:00:0F.
Note
If IGMP snooping is disabled on the switch, all reports are
suppressed on a port even if you enable this command. By default,
IGMP snooping is disabled on the switch. For more information
about this feature, see Chapter 40, “Internet Group Management
Protocol (IGMP) Snooping” on page 593.
Confirmation Command
“SHOW INTERFACE” on page 226
Example
This example blocks egress multicast packets on ports 20 and 22:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.20,port1.0.22
awplus(config-if)# switchport block egress-multicast
532
AT-8100 Switch Command Line User’s Guide
SWITCHPORT BLOCK INGRESS-MULTICAST
Syntax
switchport block ingress-multicast
Parameters
None
Mode
Port Interface mode
Description
Use this command to block ingress multicast packets on ports.
Note
This feature does not block multicast packets that have reserved
multicast addresses in the range of 01:80:C2:00:00:00 to
01:80:C2:00:00:0F.
Note
If IGMP snooping is disabled on the switch, all reports are
suppressed on a port even if you enable this command. By default,
IGMP snooping is disabled on the switch. For more information
about this feature, see Chapter 40, “Internet Group Management
Protocol (IGMP) Snooping” on page 593.
Confirmation Command
“SHOW INTERFACE” on page 226.
Example
This example blocks ingress multicast packets on ports 12 to 18:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.12-port1.0.18
awplus(config-if)# switchport block ingress-multicast
533
Chapter 33: Multicast Commands
534
Section III
File System
This section contains the following chapters:

Chapter 34, “File System” on page 537

Chapter 35, “File System Commands” on page 545

Chapter 36, “Boot Configuration Files” on page 553

Chapter 37, “Boot Configuration File Commands” on page 559

Chapter 38, “File Transfer” on page 571

Chapter 39, “File Transfer Commands” on page 583
535
536
Chapter 34
File System
This chapter discusses the following topics:

“Overview” on page 538

“Copying Boot Configuration Files” on page 539

“Renaming Boot Configuration Files” on page 540

“Deleting Boot Configuration Files” on page 541

“Displaying the Specifications of the File System” on page 542

“Listing the Files in the File System” on page 543
537
Chapter 34: File System
Overview
The file system in the switch stores the following types of files:

Boot configuration files

Encryption key pairs
The file system has a flat directory structure. All the files are stored in the
root directory. The file system does not support subdirectories.
Table 55. File Extensions and File Types
Extension
538
File Type
.cfg
Configuration file
.cer
Certificate file
.pem
Certificate enrollment request
.key
Public encryption key
.log
Event log
AT-8100 Switch Command Line User’s Guide
Copying Boot Configuration Files
Maintaining a history of the configuration settings of the switch can prove
useful in the event you need to undo recent changes and return the device
to an earlier configuration. The best way to compile a configuration history
of the unit is by periodically copying the active boot configuration file.
The command for copying boot configuration files is the COPY command
in the Privileged Exec mode. Here is the format:
copy sourcefile.cfg destinationfile.cfg
The SOURCEFILE parameter specifies the name of the boot configuration
file you want to copy. The DESTINATIONFILE parameter specifies the
name of the new copy. The name can be up to 16 alphanumeric
characters and must include the extension “.cfg”. Spaces are not allowed.
This command creates a copy of the configuration file “unit12.cfg” in the
switch’s file system and names the copy “unit24.cfg”:
awplus# copy unit12.cfg unit24.cfg
Note
Allied Telesis recommends that you periodically upload the active
boot configuration file of the switch to a network device, so that if the
switch should fail and become inoperable, the uploaded files will be
available to quickly configure its replacement. For instructions on
how to upload boot configuration files, refer to Chapter 38, “File
Transfer” on page 571.
539
Chapter 34: File System
Renaming Boot Configuration Files
To rename boot configuration files in the file system, use the MOVE
command, found in the Privileged Exec mode. Here is the format:
move filename1.cfg filename2.cfg
The FILENAME1 variable is the name of the file to be renamed and the
FILENAME2 variable is the file’s new name. The filenames cannot contain
spaces or special characters.
This example renames the “Sales2sw.cfg” boot configuration file to
“unit12a.cfg:”
awplus> enable
awplus# move Sales2sw.cfg unit12a.cfg
Note
If you rename the active boot configuration file, you will have to
designate another active boot configuration file before the switch will
allow you to save new parameter settings. For instructions on how to
designate the active boot configuration file, refer to “Specifying the
Active Boot Configuration File” on page 555.
Note
If you rename the active boot configuration file and reset the switch,
the switch restores the default settings to all its parameter settings.
540
AT-8100 Switch Command Line User’s Guide
Deleting Boot Configuration Files
If the file system becomes cluttered with unnecessary configuration files,
you use the DELETE command in the Privileged Exec mode to delete
them. The format of the command is:
delete filename.ext
This example deletes the configuration file “unit2a.cfg”:
awplus# delete unit2a.cfg
Note
If you delete the active boot configuration file, you will have to
designate another active boot configuration file before the switch will
allow you to save new parameter settings. If you delete the active
boot configuration file and reset the switch, the switch returns to its
default settings. For instructions on how to designate the active boot
configuration file, refer to “Specifying the Active Boot Configuration
File” on page 555.
541
Chapter 34: File System
Displaying the Specifications of the File System
The User Exec mode and the Privileged Exec mode have a command that
lets you display the size of the file system, the amount of free space, and
the amount of space used by the files currently stored in the file system. It
is the SHOW FILE SYSTEMS command. Here is an example of the
information.
Flash:
Size(B)
Free(B)
Type
Flags
Prefixes
S/D/V
Lcl/Ntwk
------------------------------------------------------------------------16
8
flash
rw
None
Static
local
Y
Figure 112. SHOW FILE SYSTEMS Command
The fields in the table are described in Table 57 on page 551.
Here is the command from the Privileged Exec mode:
awplus# show file systems
542
AT-8100 Switch Command Line User’s Guide
Listing the Files in the File System
To view the names of the files in the file system of the switch, use the DIR
command in the Privileged Exec mode:
awplus# dir
The command does not accept wildcards.
543
Chapter 34: File System
544
Chapter 35
File System Commands
The file system commands are summarized in Table 56.
Table 56. File System Commands
Command
Mode
Description
“COPY” on page 546
Privileged Exec
Copies boot configuration files.
“DELETE” on page 547
Privileged Exec
Deletes boot configuration files from
the file system.
“DELETE FORCE” on page 548
Privileged Exec
Deletes boot configuration files from
the file system.
“DIR” on page 549
Privileged Exec
Lists the files in the file system.
“MOVE” on page 550
Privileged Exec
Renames files.
“SHOW FILE SYSTEMS” on
page 551
Privileged Exec
Displays the amount of free and used
memory in the file system.
545
Chapter 35: File System Commands
COPY
Syntax
copy sourcefile.cfg destinationfile.cfg
Parameters
sourcefile.cfg
Specifies the name of the boot configuration file you want to copy.
destinationfile.cfg
Specifies the name of the new copy of the file. The filename can be
from 1 to 16 alphanumeric characters. The extension must be
“.cfg”. Spaces and special characters are not allowed.
Mode
Privileged Exec mode
Description
Use this command to create copies of boot configuration files in the file
system of the switch. Creating copies of the active boot configuration file is
an easy way to maintain a history of the configurations of the switch. To
display the name of the active boot configuration file, refer to “SHOW
BOOT” on page 566.
If the destination filename is the same as the name of an existing file in the
file system, the command overwrites the existing file.
Example
This command creates a copy of the boot configuration file “unit12.cfg” in
the switch’s file system and names the copy “unit12backup.cfg”:
awplus# copy unit12.cfg unit12backup.cfg
546
AT-8100 Switch Command Line User’s Guide
DELETE
Syntax
delete filename.cfg
Parameter
filename.cfg
Specifies the name of the boot configuration file to be deleted. You
can use the wildcard “*” to replace any part of a filename to delete
multiple configuration files.
Mode
Privileged Exec mode
Description
Use this command to delete boot configuration files from the file system in
the switch. This command is equivalent to “DELETE FORCE” on
page 548.
Note
If you delete the active configuration file, the switch recreates it the
next time you issue the WRITE command or the COPY RUNNINGCONFIG STARTUP-CONFIG command. To view the name of the
active boot configuration file on the switch, refer to “SHOW BOOT”
on page 566.
To view a list of the files in the file system, refer to “DIR” on page 549.
Examples
This command deletes the boot configuration file “unit12.cfg”:
awplus# delete unit12.cfg
This command deletes all boot configuration files that start with “bldg”:
awplus# delete bldg*.cfg
547
Chapter 35: File System Commands
DELETE FORCE
Syntax
delete force filename.ext
Parameter
filename.ext
Specifies the name of the boot configuration file to be deleted. You
can use the wildcard “*” to replace any part of a filename to delete
multiple configuration files.
Mode
Privileged Exec mode
Description
Use this command to delete boot configuration files from the file system in
the switch. This command is equivalent to “DELETE” on page 547.
Note
If you delete the active configuration file, the switch recreates it the
next time you issue the WRITE command or the COPY RUNNINGCONFIG STARTUP-CONFIG command. To view the name of the
active boot configuration file on the switch, refer to “SHOW BOOT”
on page 566.
To view a list of the files in the file system, refer to “DIR” on page 549.
Examples
This command deletes the boot configuration file “production_sw.cfg”:
awplus# delete force production_sw.cfg
This command deletes all boot configuration files that start with “unit”:
awplus# delete force unit*.cfg
548
AT-8100 Switch Command Line User’s Guide
DIR
Syntax
dir
Parameter
None
Mode
Privileged Exec mode
Description
Use this command to list the names of the files stored in the file system on
the switch.
Example
The following command lists the file names stored in the file system:
awplus# dir
549
Chapter 35: File System Commands
MOVE
Syntax
move filename1.cfg filename2.cfg
Parameters
filename1.cfg
Specifies the name of the boot configuration file to be renamed.
filename2.cfg
Specifies the new name for the file. The filename can be from 1 to
16 alphanumeric characters, not including the filename extension,
which must be “.cfg”. The filename cannot contain spaces or
special characters.
Mode
Privileged Exec mode
Description
Use this command to rename boot configuration files in the switch’s file
system.
Note
If you rename the active boot configuration file, the switch recreates
it the next time you issue the WRITE command or the COPY
RUNNING-CONFIG STARTUP-CONFIG command.
Note
If you rename the active boot configuration file and reset the switch
without specifying a new active boot configuration file or issuing the
WRITE command or the COPY RUNNING-CONFIG STARTUPCONFIG command, the switch returns to its default settings.
Example
This example renames the file “sw12.cfg” to “swrm102.cfg:”
awplus# move sw12.cfg swrm102.cfg
550
AT-8100 Switch Command Line User’s Guide
SHOW FILE SYSTEMS
Syntax
show file systems
Parameter
None
Mode
Privileged Exec mode
Description
Use this command to display the specifications of the file system in the
switch. An example is shown in Figure 113.
Flash:
Size (B)
Free (B) Type
Flags
Prefixes
S/D/V
Lcl/Ntwk
------------------------------------------------------------------------16
8
flash
rw
None
Static
local
Y
Figure 113. SHOW FILE SYSTEMS Command
The fields are described in Figure 57.
Table 57. SHOW FILE SYSTEMS Command
Parameter
Description
Size (B)
The total amount of flash memory in the
switch. The amount is given in megabytes
(M) or kilobytes (k).
Free (B)
The amount of unused flash memory in
the switch. The amount is given in
megabytes (M) or kilobytes (k).
Type
The type of memory. For the AT-8100
Switches this is always “flash” for flash
memory.
Flags
The file setting options. For the AT-8100
Switches this is always “rw” for read-write.
Prefixes
This field does not apply to the AT-8100
Switches.
551
Chapter 35: File System Commands
Table 57. SHOW FILE SYSTEMS Command (Continued)
Parameter
Description
S/D/W
The memory type: static, virtual or
dynamic.
Lcl/Ntwk
Whether the memory is located locally or
via a network connection. For the
AT-8100 Switches this is always Local.
Y/N
Whether the memory is accessible: Y
(yes), N (no), - (not appropriate)
Example
The following example displays the specifications of the file system:
awplus# show file systems
552
Chapter 36
Boot Configuration Files
This chapter discusses the following topics:

“Overview” on page 554

“Specifying the Active Boot Configuration File” on page 555

“Creating a New Boot Configuration File” on page 557

“Displaying the Active Boot Configuration File” on page 558
553
Chapter 36: Boot Configuration Files
Overview
The changes that you make to the parameters settings of the switch are
saved as a series of commands in a special file in the file system. The file
is referred to as the active boot configuration file. This file is updated by
the switch with your latest changes whenever you issue the WRITE
command or the COPY RUNNING-CONFIG STARTUP-CONFIG
command in the Privileged Exec mode.
Once the parameter settings are saved in the active boot configuration file,
they are retained even when the switch is powered off or reset. This saves
you from having to reconfigure the parameter settings every time you
power off or reset the unit. The switch, as part of its initialization process
whenever it is powered on or reset, automatically refers to this file to set its
parameter settings.
You can store more than one boot configuration file in the file system on
the switch, but only one file can be the active file at a time. The active boot
configuration file is specified with the BOOT CONFIG-FILE command, in
the Privileged Exec mode.
There are a couple situations where you might want to specify a different
active boot configuration file on the switch. You might want to reconfigure
the switch with the settings in a new file that you downloaded into the file
system. Or perhaps you want to restore a previous configuration on the
switch, using a copy of an earlier version of the active boot configuration
file.
554
AT-8100 Switch Command Line User’s Guide
Specifying the Active Boot Configuration File
To create or designate a new active boot configuration file for the switch,
use the BOOT CONFIG-FILE command in the Global Configuration mode.
Here is the format of the command;
boot config-file filename.cfg
The FILENAME.CFG parameter is the file name of the configuration file to
act as the active boot configuration file for the switch. This can be the
name of an entirely new file that doesn’t exist yet in the file system, or an
existing file. The filename can be from 1 to 16 alphanumeric characters
and must include the “.cfg” extension. The filename is case sensitive. To
verify the name of an existing file, use the DIR command in the Privileged
Exec mode to display the names of the files in the file system.
The BOOT CONFIG-FILE command is unique from all the other
commands that are used to configure the parameters on the switch. After
you enter the command, the switch permanently remembers the filename
of the new active boot configuration file, without you having to enter the
WRITE command or the COPY RUNNING-CONFIG STARTUP-CONFIG
command. In fact, you probably will not want to enter either of those
commands after you specify a new active boot configuration file, because
that would cause the switch to overwrite the settings in the file with the
current settings.
After you enter the command, it does one of two things, depending on
whether the filename is of a new or an existing file. If the filename is of an
entirely new boot configuration file, the switch automatically creates it,
stores the current parameter settings in it, and finally designates it as the
active boot configuration.
If you specify the filename of an existing boot configuration file in the file
system, the switch marks it as the active boot configuration file, at which
point you need to make a choice.

To reconfigure the switch with the settings in the newly designated
active boot configuration file, reset the switch with the REBOOT
command in the Privileged Exec mode.
Caution
The switch does not forward packets while it is initializing its
management software. Some network traffic may be lost.

To overwrite the settings in the file with the switch’s current
settings, enter the WRITE or COPY RUNNING-CONFIG
STARTUP-CONFIG command in the Privileged Exec mode.
555
Chapter 36: Boot Configuration Files
Here are a couple examples of the command. The first example creates a
new active boot configuration file called “sw_product4.cfg”:
awplus> enable
awplus# configure terminal
awplus(config)# boot config-file sw_product4.cfg
After you enter the command, the switch creates the file in its file system,
updates it with the current parameter settings, and finally marks it as the
active boot configuration file. The file is now ready to store any new
parameter settings you might make to the switch.
In this example, the settings of the switch are configured using a different
boot configuration file in the file system. Perhaps it is an archive copy of an
early configuration of the unit or perhaps a boot configuration file you
downloaded from another switch. In either case, this will require rebooting
the switch. The name of the file is “sw12_eng.cfg”:
awplus> enable
awplus# configure terminal
awplus(config)# boot config-file sw12_eng.cfg
awplus(config)# exit
awplus# reboot
556
AT-8100 Switch Command Line User’s Guide
Creating a New Boot Configuration File
It is a good idea to periodically make copies of the current configuration of
the switch so that you can return the switch to an earlier configuration, if
necessary. For this there is the COPY RUNNING-CONFIG command in
the Privileged Exec mode. The command has this format:
copy running-config filename.cfg
The name of the new boot configuration file, specified with the FILENAME
parameter, can be from 1 to 16 alphanumeric characters, not including the
extension “.cfg”. If you specify the name of an existing file, the new file
overwrites the existing file.
It is important to understand that this command does not change the
switch’s active boot configuration file. That file remains unchanged. All this
command does is create a new boot configuration file of the current
parameter settings in the file system. If you want to change the active boot
configuration file, use the BOOT CONFIG-FILE command, explained in
“Specifying the Active Boot Configuration File” on page 555.
This example of the COPY RUNNING-CONFIG command creates a new
boot configuration file called “sw_sales_archive.cfg” in the file system:
awplus> enable
awplus# copy running-config sw_sales_archive.cfg
557
Chapter 36: Boot Configuration Files
Displaying the Active Boot Configuration File
To display the name of the active boot configuration file on the switch, go
to the Privileged Exec mode and enter the SHOW BOOT command. Here
is the command:
awplus# show boot
Here is an example of the information.
Current software
:
Current boot image :
Backup boot image :
Default boot config:
Current boot config:
v2.1.1
v2.1.1
Not set
/cfg/boot.cfg
/cfg/switch2.cfg (file exists)
Figure 114. SHOW BOOT Command
The “Current boot config” field displays the name of the active boot
configuration file, which for the switch in the example is “switch2.cfg.” The
rest of the fields are defined in Table 59 on page 566.
558
Chapter 37
Boot Configuration File Commands
The boot configuration file commands are summarized in Table 58 and
described in detail within the chapter.
Table 58. Boot Configuration File Commands
Command
Mode
Description
“BOOT CONFIG-FILE” on page 560
Global
Configuration
Designates or creates a new active
boot configuration file for the switch.
“COPY RUNNING-CONFIG” on
page 562
Privileged Exec
Creates new boot configuration files
that contain the current settings of the
switch.
“COPY RUNNING-CONFIG
STARTUP-CONFIG” on page 563
Privileged Exec
Saves the switch’s current
configuration to the active boot
configuration file.
“ERASE STARTUP-CONFIG” on
page 564
Privileged Exec
Returns the switch to its default
settings.
“NO BOOT CONFIG-FILE” on
page 565
Global
Configuration
Designates the default BOOT.CFG file
as the active boot configuration file on
the switch.
“SHOW BOOT” on page 566
Privileged Exec
Displays the names of the active
configuration file and the configuration
file that was used by the switch during
the last reset or power cycle.
“SHOW STARTUP-CONFIG” on
page 568
Privileged Exec
Displays the contents of the active
boot configuration file.
“WRITE” on page 569
Privileged Exec
Saves the switch’s current
configuration to the active boot
configuration file.
559
Chapter 37: Boot Configuration File Commands
BOOT CONFIG-FILE
Syntax
boot config-file filename.cfg
Parameter
filename
Specifies the name of a boot configuration file that is to act as the
active boot configuration file on the switch. The filename can be
from 1 to 16 alphanumeric characters. The extension must be
“.cfg”.
Mode
Global Configuration mode
Description
Use this command to designate the active boot configuration file on the
switch. The switch uses the file to save its parameter settings when you
issue the WRITE or COPY RUNNING-CONFIG STARTUP-CONFIG
command, and to restore its parameter settings when you reset or power
cycle the unit.
To create a new active boot configuration file, enter a new filename in the
command. The command automatically creates the file, updates it with the
current settings of the switch, and designates it as the active boot
configuration file.
To specify an existing boot configuration file as the new active file on the
switch, include the file’s name in the command. The switch marks it as the
active boot configuration file. Afterwards, do one of the following:

To reconfigure the switch with the settings in the newly designated
active boot configuration file, reset the switch with the REBOOT
command in the Privileged Exec mode.
Caution
The switch does not forward packets while it is initializing its
management software. Some network traffic may be lost.

560
To overwrite the settings in the file with the switch’s current
settings, enter the WRITE or COPY RUNNING-CONFIG
STARTUP-CONFIG command in the Privileged Exec mode.
AT-8100 Switch Command Line User’s Guide
Confirmation Command
“SHOW BOOT” on page 566.
Examples
This example designates a file called “region2asw.cfg” as the switch’s
active configuration file. This example assumes that the file is completely
new. The switch creates the file, with its current parameter settings, and
then designates it as the active boot configuration file:
awplus> enable
awplus# configure terminal
awplus(config)# boot config-file region2asw.cfg
This example designates the file “sw12a.cfg” as the switch’s active
configuration file. The example assumes that the file already exists in the
file system of the switch and that you want to reconfigure the switch
according to the settings in the file:
awplus> enable
awplus# configure terminal
awplus(config)# boot config-file sw12a.cfg
awplus(config)# exit
awplus# reboot
This example designates the file “bldg4.cfg” as the active configuration file
on the switch. This example assumes that instead of configuring the switch
with the settings in the file, you want to overwrite the settings in the file with
the current settings on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# boot config-file bldg4.cfg
awplus(config)# exit
awplus# write
561
Chapter 37: Boot Configuration File Commands
COPY RUNNING-CONFIG
Syntax
copy running-config filename.cfg
Parameter
filename
Specifies a name for a new boot configuration file. The name can
be from 1 to 16 alphanumeric characters. The extension must be
“.cfg”.
Mode
Privileged Exec mode
Description
Use this command to create new boot configuration files. Stored in the file
system on the switch, the files contain the current settings of the switch.
You might use this command to create a backup copy of the switch’s
current configuration.
This command does not change the active boot configuration file.To
designate a different file as the active boot configuration file on the switch,
refer to “BOOT CONFIG-FILE” on page 560.
Confirmation Command
“DIR” on page 549
Example
This example create a new boot configuration file called
“salesunit2_archive.cfg
awplus> enable
awplus# copy running-config salesunit2_archive.cfg
562
AT-8100 Switch Command Line User’s Guide
COPY RUNNING-CONFIG STARTUP-CONFIG
Syntax
copy running-config startup-config
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to update the active boot configuration file with the
switch’s current configuration, for permanent storage. When you enter the
command, the switch copies its parameter settings into the active boot
configuration file. The switch saves only those parameters that have been
changed from their default settings.
Note
Parameter changes that are not saved in the active boot
configuration file are discarded when the switch is powered off or
reset.
To view the name of the active boot configuration file, see “SHOW BOOT”
on page 566.
This command is equivalent to “WRITE” on page 569.
Example
The following example updates the active boot configuration with the
switch’s current configuration:
awplus# copy running-config startup-config
563
Chapter 37: Boot Configuration File Commands
ERASE STARTUP-CONFIG
Syntax
erase startup-config
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to restore the default settings to all the parameters on
the switch. Review the following information before using this command:

This command does not delete the files in the switch’s file system
or the encryption keys in the key database. To delete those files,
refer to “DELETE” on page 547 and “CRYPTO KEY DESTROY
HOSTKEY” on page 1420.

This command does not change the settings in the active boot
configuration file. To return the active configuration file to the
default settings, you must enter the WRITE or COPY RUNNINGCONFIG STARTUP-CONFIG command after the switch reboots
and after you have established a local management session.
Otherwise, the switch reverts to the previous configuration the next
time it is reset.

To resume managing the switch, you must use the Console port.
Remote management is not possible because the switch will not
have a management IP address.
Caution
This command causes the switch to reset. The switch will not
forward network traffic while it initializes its management software.
Some network traffic may be lost.
Example
This example restores all the parameters on the switch to their default
values:
awplus> enable
awplus# erase startup-config
564
AT-8100 Switch Command Line User’s Guide
NO BOOT CONFIG-FILE
Syntax
no boot config-file
Parameter
None
Mode
Global Configuration mode
Description
Use this command to configure the switch with the settings in the default
BOOT.CFG file.
Caution
This command causes the switch to reset. It does not forward
network traffic while it initializes the management software. Some
network packets may be lost.
After the switch finishes initializing its management software, it uses the
BOOT.CFG file to configure its parameter settings. To overwrite the
settings in the active boot configuration file with the switch’s current
settings, enter the WRITE or COPY RUNNING-CONFIG STARTUPCONFIG command in the Privileged Exec mode.
This command does not return the switch to its default settings if, at some
earlier time, you used the BOOT.CFG file as the activate boot
configuration file on the switch. To restore the default settings to the
switch, refer to “ERASE STARTUP-CONFIG” on page 564.
Example
This example configures the switch with the settings in the default
BOOT.CFG file:
awplus> enable
awplus# configure terminal
awplus(config)# no boot config-file
565
Chapter 37: Boot Configuration File Commands
SHOW BOOT
Syntax
show boot
Parameter
None
Mode
Privileged Exec mode
Description
Use this command to display the name of the active boot configuration file
and the version numbers of the management software and bootloader.
Figure 115 is an example of the information.
Current
Current
Default
Current
software: v2.1.1
boot image: v2.1.1
boot config: /cfg/boot.cfg
boot config: /cfg/switch2.cfg (file exists)
Figure 115. SHOW BOOT Command
The fields are described in Figure 59.
Table 59. SHOW BOOT Command
Field
566
Description
Current software
The version number of the AlliedWare
Plus Management Software on the switch.
Current boot image
The version number of the bootloader.
Default boot config
The name of the boot configuration file
used by the switch to configure its
parameters after “NO BOOT CONFIGFILE” on page 565. This parameter
cannot be changed.
Current boot config
The name of the active boot configuration
file on the switch.
AT-8100 Switch Command Line User’s Guide
Example
This command displays the name of the active boot configuration file and
the version numbers of the management software and bootloader.
awplus# show boot
567
Chapter 37: Boot Configuration File Commands
SHOW STARTUP-CONFIG
Syntax
show startup-config
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the contents of the active boot configuration
file.
Example
The following example displays the contents of the active boot
configuration file:
awplus# show startup-config
568
AT-8100 Switch Command Line User’s Guide
WRITE
Syntax
write
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to update the active boot configuration file with the
switch’s current configuration, for permanent storage. When you enter the
command, the switch copies its parameter settings into the active boot
configuration file. The switch saves only those parameters that have been
changed from their default settings.
Note
Parameter changes that are not saved in the active boot
configuration file are discarded when the switch is powered off or
reset.
To view the name of the active boot configuration file, see “SHOW BOOT”
on page 566.
This command is equivalent to “COPY RUNNING-CONFIG STARTUPCONFIG” on page 563.
Example
The following example updates the active boot configuration file with the
switch’s current configuration:
awplus# write
569
Chapter 37: Boot Configuration File Commands
570
Chapter 38
File Transfer
This chapter discusses the following topics:

“Overview” on page 572

“Uploading or Downloading Files with TFTP” on page 573

“Uploading or Downloading Files with Zmodem” on page 577

“Downloading Files with Enhanced Stacking” on page 580
571
Chapter 38: File Transfer
Overview
This chapter discusses how to download files onto the switch and upload
files onto the switch. You can download the following file types to the
switch:

New versions of the management software

Boot configuration files (Refer to Chapter 36, “Boot Configuration
Files” on page 553.)

Public or private CA certificates (Refer to Chapter 94, “Secure
HTTPS Web Browser Server” on page 1441.)
You can upload following file types from the switch:

Boot configuration files

CA certificate requests

Technical support text files (Refer to “SHOW TECH-SUPPORT” on
page 1916.)
You can use Zmodem or TFTP to transfer files. You must use local
management sessions of the switch to transfer files using Zmodem. For
TFTP you can use local management sessions or remote Telnet or SSH
sessions. You can also transfer files with enhanced stacking.
572
AT-8100 Switch Command Line User’s Guide
Uploading or Downloading Files with TFTP

“Downloading New Management Software with TFTP” next

“Downloading Files to the Switch with TFTP” on page 574

“Uploading Files from the Switch with TFTP” on page 575
These procedures can be performed from a local management session or
a remote Telnet or SSH session.
Here are the TFTP requirements:
Downloading
New
Management
Software with
TFTP

The switch must have a management IP address. For instructions,
refer to Chapter 13, “IPv4 and IPv6 Management Addresses” on
page 291.

The switch’s management IP address must include a default
gateway if the switch and the TFTP server are members of
different networks. The default gateway must specify the IP
address of the first hop to the network of the TFTP server.

There must be a TFTP server on your network.

The TFTP server must be active.
To use TFTP to download new management software to the switch:
Caution
This procedure causes the switch to reset. The switch does not
forward network traffic while it writes the new software to flash
memory and initializes the software. Some network traffic may be
lost.
1. Obtain the new management software from the Allied Telesis web site
and store it on the TFTP server on your network. For information on
how to obtain management software from Allied Telesis, refer to
“Contacting Allied Telesis” on page 44.
2. Start a local or remote management session on the switch.
3. To view the current version number of the management software on
the unit to determine whether the switch needs the new firmware, use
the SHOW SYSTEM command in the User Exec mode or the SHOW
SWITCH command in the Privileged Exec mode.
4. The command for downloading files to the switch with TFTP is the
COPY TFTP FLASH command in the Privileged Exec mode. Here is
the format of the command:
copy tftp flash ipaddress filename.img
573
Chapter 38: File Transfer
The IPADDRESS parameter is the IP address of the TFTP server and
the FILENAME parameter is the name of the new management
software file to be downloaded to the switch from the TFTP server. The
filename must include the “.img” extension and cannot contain spaces.
In this example of the command, the IP address of the TFTP server is
149.11.124.5 and the filename of the new management software to be
downloaded from the server is “AT-8100_sw.img”:
awplus# copy tftp flash 149.11.124.5 at-8100_sw.img
After receiving the entire file from the TFTP server, the switch
compares the version numbers of the new image file and its current
management software. If the new image file has an earlier or the same
version number as the current management software, the switch
cancels the update procedure. If the new image file has a newer
version number, the switch writes the file into flash memory and then
resets.
5. Wait for the switch to write the new management software to flash
memory.
6. To resume managing the switch, start a new management session
after the switch has reset.
7. To confirm the new management software on the switch, use the
SHOW SYSTEM command in the User Exec mode or the SHOW
SWITCH command in the Privileged Exec mode to check the version
number of the management software on the switch.
Downloading
Files to the
Switch with
TFTP
To use TFTP to download boot configuration files or CA certificates to the
switch:
1. Store the file on the TFTP server on your network.
2. Start a local management session or a remote Telnet or SSH
management session on the switch.
3. The command for downloading files to the switch with TFTP is the
COPY TFTP FLASH command in the Privileged Exec mode. Here is
the format of the command:
copy tftp flash ipaddress filename.exe
The IPADDRESS parameter is the IP address of the TFTP server. The
FILENAME parameter is the name of the file you want to download
from the TFTP server to the switch. The filename extension must be
“.cfg” for boot configuration files and “.pem” for CA certificates. The
filename cannot contain spaces.
574
AT-8100 Switch Command Line User’s Guide
In this example of the command, the IP address of the TFTP server is
152.34.67.8 and the filename of the boot configuration to be
downloaded from the server is “switch2a.cfg”:
awplus# copy tftp flash 152.34.67.8 switch2a.cfg
After receiving the entire file, the switch stores it in the file system.
4. To confirm that the switch received the file, use the DIR command in
the Privileged Exec mode to list the files in the file system.
5. If you downloaded a boot configuration file that you want to designate
as the active boot configuration file on the switch, use the BOOT
CONFIG-FILE command in the Global Configuration mode:
boot config-file filename.cfg
This example of the command designates “switch1a.cfg” as the
switch’s new active boot configuration file:
awplus# configure terminal
awplus(config)# boot config-file switch1a.cfg
6. At this point, do one of the following:

To configure the switch using the settings in the newly designated
active boot configuration file, reset the switch with the REBOOT
command in the Privileged Exec mode.
Caution
The switch does not forward packets while initializing the
management software. Some network traffic may be lost.

Uploading Files
from the Switch
with TFTP
To overwrite the settings in the file with the switch’s current
settings, enter the WRITE or COPY RUNNING-CONFIG
STARTUP-CONFIG command in the Privileged Exec mode.
You can upload three types of files from the file system of the switch:

Boot configuration files (Refer to Chapter 36, “Boot Configuration
Files” on page 553.)

CA certificate requests (Refer to Chapter 94, “Secure HTTPS Web
Browser Server” on page 1441.)

Technical support text files (Refer to “SHOW TECH-SUPPORT” on
page 1916.)
575
Chapter 38: File Transfer
To upload a file from the file system of the switch using TFTP:
1. Start a local or remote management session on the switch.
2. Use the DIR command in the Privileged Exec mode to confirm the
name of the file you want to upload from the file system in the switch.
3. The command for uploading files from the switch with TFTP is the
COPY FLASH TFTP command in the Privileged Exec mode. Here is
the format of the command:
copy flash tftp ipaddress filename
The IPADDRESS parameter is the IP address of the TFTP server
residing on your network. The FILENAME parameter is the name of
the file to be uploaded from the switch to the TFTP server. The
filename can not contain spaces and must include the appropriate
extension.
This example of the command uploads the boot configuration file
“sw_unit_12.cfg” from the file system to a TFTP server that has the IP
address 123.32.45.3:
awplus# copy flash tftp 123.32.45.3 sw_unit_12.cfg
This example uploads the technical support file “tech-support20100601091645.txt” from the file system to a TFTP server that has
the IP address 149.152.201.25:
awplus# copy flash tftp 149.152.201.25 tech-support20100601091645.txt
The upload should take only a few moments. The switch displays the
Privileged Exec prompt again when it is finished uploading the file.
576
AT-8100 Switch Command Line User’s Guide
Uploading or Downloading Files with Zmodem

“Downloading Files to the Switch with Zmodem” next

“Uploading Files from the Switch with Zmodem” on page 578
Note
You may not use Zmodem to download new versions of the
management software to the switch. For that you must use TFTP.
Downloading
Files to the
Switch with
Zmodem
You may use Zmodem to download boot configuration files and encryption
key certificates to the file system in the switch. To download a file using
Zmodem:
1. Store the boot configuration file on the terminal or workstation you
intend to use during the local management session of the switch.
2. Start a local management session on the switch. For instructions, refer
to “Starting a Local Management Session” on page 70.
3. Enter this command in the Privileged Exec mode:
awplus# copy zmodem
You will see this prompt:
Waiting to receive ...
4. Use your terminal or terminal emulator program to begin the download.
The download must be Zmodem.
After receiving the entire file, the switch stores it in the file system.
5. To confirm that the switch received the file, use the DIR command in
the Privileged Exec mode to list the files in the file system.
6. If you downloaded a boot configuration file and want to designate it as
the active boot configuration file on the switch, use the BOOT
CONFIG-FILE command in the Global Configuration mode:
boot config-file filename.cfg
This example of the command designates “switch2a.cfg” as the
switch’s new active boot configuration file:
awplus# configure terminal
awplus(config)# boot config-file switch2a.cfg
577
Chapter 38: File Transfer
7. At this point, do one of the following:

To configure the switch using the settings in the newly designated
active boot configuration file, reset the switch with the REBOOT
command in the Privileged Exec mode.
Caution
The switch does not forward packets while it is initializing its
management software. Some network traffic may be lost.

Uploading Files
from the Switch
with Zmodem
To overwrite the settings in the file with the switch’s current
settings, enter the WRITE or COPY RUNNING-CONFIG
STARTUP-CONFIG command in the Privileged Exec mode.
Here are the three types of files you can upload from the file system of the
switch:

Boot configuration files (Refer to Chapter 36, “Boot Configuration
Files” on page 553.)

CA certificate requests (Refer to Chapter 94, “Secure HTTPS Web
Browser Server” on page 1441.)

Technical support text files (Refer to “SHOW TECH-SUPPORT” on
page 1916.)
To upload a file from the switch using Zmodem:
1. Start a local management session on the switch. For instructions, refer
to “Starting a Local Management Session” on page 70.
2. Use the DIR command in the Privileged Exec mode to confirm the
name of the file you want to upload from the file system of the switch.
3. Enter the COPY command in the Privileged Exec mode to upload the
file. Here is the format of the command:
copy filename zmodem
The FILENAME parameter is the name of the configuration file you
want to upload from the switch. The filename can not contain spaces
and must include the appropriate extension.
This example of the command uploads the configuration file
bldg2_sw.cfg:
awplus# copy bldg2_sw.cfg zmodem
This example of the command uploads the technical support text file
“tech-support-20100718120918.txt:”
awplus# copy tech-support-20100718120918.txt zmodem
578
AT-8100 Switch Command Line User’s Guide
After you enter the command, the switch displays this message:
Waiting to send ...
4. Use your terminal or terminal emulator program to begin the upload.
The upload must be Zmodem. The upload should take only a few
moments. The upload is finished when the Privileged Exec prompt is
displayed again.
579
Chapter 38: File Transfer
Downloading Files with Enhanced Stacking
If you are using the enhanced stacking feature, you can automate the
process of updating the management software in the switches by having
the command switch download its management software to the other
switches in the stack.
Caution
The switch automatically resets when it receives a new version of
the management software. It does not forward network traffic while it
writes the new software to flash memory and initializes the software.
Some network traffic may be lost.
To update the management software of the switches in an enhanced
stack:
1. Update the management software on the command switch of the
enhanced stack by performing one of the previous procedures in this
chapter.
2. After you’ve updated the management software on the command
switch, start a new local or remote session on it.
Issue the SHOW ESTACK REMOTELIST command in the Privileged
Exec mode to display all the switches in the enhanced stack, except
for the command switch. Here is an example of the display.
Searching for slave devices. Please wait...
Num
MAC Address
Name
Mode
Version
Model
------------------------------------------------------------------------01
00:21:46:A7:B4:04 Production..
Slave
v1.0.0
AT-8100S/24
02
00:21:46:A7:B4:43 Marketing
Slave
v1.0.0
AT-8100S/24C
03
00:30:84:00:00:02 Tech Suppo..
Slave
v1.0.0
AT-8100S/24C
Figure 116. SHOW ESTACK REMOTELIST
3. To have the command switch upload its management software to one
or more of the other switches in the stack, enter the UPLOAD IMAGE
REMOTELIST command in the Global Configuration mode. The
command does not have any parameters. After you enter the
command, this prompt is displayed:
Remote switches will reboot after load is complete.
Enter the list of switches ->
580
AT-8100 Switch Command Line User’s Guide
4. Enter the ID numbers of the switches to receive the management
software from the command switch. The ID numbers are the numbers
in the Num column in the SHOW ESTACK REMOTELIST command.
You can update more than one switch at a time. For example, to
update switches 1 and 2 in Figure 116, you would enter:
Remote switches will reboot after load is complete.
Enter the list of switches -> 1,2
The command switch starts the download process with the first switch.
After downloading its management software to that switch, it repeats
the process with the next switch, and so on.
After a switch has received from the command switch the entire
management software file, it compares the version numbers of the new
image file and its current management software. If the new image file
has an earlier or the same version number as the current management
software, it cancels the update procedure. If the new image file has a
newer version number, the switch writes the file into flash memory and
then resets.
581
Chapter 38: File Transfer
582
Chapter 39
File Transfer Commands
The file transfer commands are summarized in Table 60 and described in
detail within the chapter.
Table 60. File Transfer Commands
Command
Mode
Description
“COPY FILENAME ZMODEM” on
page 584
Privileged Exec
Uses Zmodem to upload files from the
file system in the switch.
“COPY FLASH TFTP” on page 585
Privileged Exec
Uses TFTP to upload files from the
switch.
“COPY TFTP FLASH” on page 586
Privileged Exec
Uses TFTP to download new versions
of the management software, boot
configuration files, or CA certificates to
the switch.
“COPY ZMODEM” on page 588
Privileged Exec
Uses Zmodem to download new boot
configuration files or CA certificates to
the switch.
“UPLOAD IMAGE REMOTELIST” on
page 589
Global
Configuration
Uses enhanced stacking to download
the management software on the
command switch to other switches.
583
Chapter 39: File Transfer Commands
COPY FILENAME ZMODEM
Syntax:
copy filename.cfg zmodem
Parameters
filename
Specifies the filename of a configuration file to upload from the file
system in the switch. The filename cannot contain spaces and
include the extension “.cfg”. You can specify one filename.
Mode
Privileged Exec mode
Description
Use this command together with a Zmodem utility to upload boot
configuration files from the file system in the switch to your terminal or
computer. This command must be performed from a local management
session. For instructions on how to use this command, refer to “Uploading
Files from the Switch with Zmodem” on page 578.
Example
This example uploads the configuration file “eng_sw.cfg” from the file
system in the switch:
awplus> enable
awplus# copy eng_sw.cfg zmodem
This message is displayed:
Waiting to send ...
Use your Zmodem utility to transfer the file to your terminal or computer.
The upload method must be Zmodem.
584
AT-8100 Switch Command Line User’s Guide
COPY FLASH TFTP
Syntax
copy flash tftp ipaddress filename
Parameters
ipaddress
Specifies the IP address of a TFTP server on your network.
filename
Specifies the filename of a configuration file to upload from the file
system in the switch to a TFTP server. The filename cannot
contain spaces and must include the extension “.cfg”. You can
specify one filename.
Mode
Privileged Exec mode
Description
Use this command to upload configuration files from the file system in the
switch to a TFTP server on your network. You can perform the command
from a local management session or a remote Telnet or SSH management
session. For instructions on how to use this command, refer to “Uploading
Files from the Switch with TFTP” on page 575.
Example
This example uploads the configuration file “west_unit.cfg” from the file
system in the switch to a TFTP server that has the IP address
149.22.121.45:
awplus> enable
awplus# copy flash tftp 149.22.121.45 west_unit.cfg
585
Chapter 39: File Transfer Commands
COPY TFTP FLASH
Syntax
copy tftp flash ipaddress filename
Parameters
ipaddress
Specifies the IP address of a TFTP server on your network.
filename
Specifies the filename of the file on the TFTP server to download
to the switch. The file can be a new version of the management
software, a boot configuration file or a CA certificate. The filename
extensions are “.img” for management software, “.cfg” for boot
configuration files, and “.pem” for CA certificates. The filename
cannot contain spaces. You can specify one filename.
Mode
Privileged Exec mode
Description
Use this command to download new versions of the management
software, boot configuration files, or CA certificates to the switch, from a
TFTP server on your network. You may perform the command from a local
management session or a remote Telnet or SSH management session.
For instructions on how to use this command, refer to the following
procedures:

“Downloading New Management Software with TFTP” on page 573

“Downloading Files to the Switch with TFTP” on page 574
Caution
Downloading new management software causes the switch to reset.
The switch does not forward network traffic while it writes the new
software to flash memory and initializes the software. Do not
interrupt the process by resetting or power cycling the switch. Some
network traffic may be lost.
586
AT-8100 Switch Command Line User’s Guide
Examples
This example downloads the new management software file
“at8100_app.img” to the switch from a TFTP server that has the IP
address 149.22.121.45:
awplus> enable
awplus# copy tftp flash 149.22.121.45 at8100_app.img
This example downloads the boot configuration file “sw12a.cfg” to the
switch from a TFTP server with the IP address 112.141.72.11:
awplus> enable
awplus# copy tftp flash 112.141.72.11 sw12a.cfg
587
Chapter 39: File Transfer Commands
COPY ZMODEM
Syntax
copy zmodem
Parameters
None
Mode
Privileged Exec mode
Description
Use this command together with a Zmodem utility to download boot
configuration files or CA certificates to the file system in the switch. This
command must be performed from a local management session. For
instructions on how to use this command, refer to “Downloading Files to
the Switch with Zmodem” on page 577.
Note
You may not use Zmodem to download new versions of the
management software to the switch. For that you must use TFTP.
Examples
awplus> enable
awplus# copy zmodem
The source file is not specified when downloading files with Zmodem.
After you enter the command, the management software displays this
message:
Waiting to receive.
Start the transfer by selecting the file with the Zmodem utility on your
terminal or computer.
588
AT-8100 Switch Command Line User’s Guide
UPLOAD IMAGE REMOTELIST
Syntax
upload image remotelist
Parameters
None
Mode
Global Configuration mode
Description
Use this command to download the management software on the
command switch to other switches in an enhanced stack. For background
information on enhanced stacking, refer to Chapter 23, “Enhanced
Stacking” on page 409. For instructions on how to use this command, refer
to “Uploading the Management Software from the Command Switch to
Member Switches” on page 429.
Caution
Downloading new management software causes the switch to reset.
The switch does not forward network traffic while it writes the new
software to flash memory and initializes the software. Do not
interrupt the process by resetting or power cycling the switch. Some
network traffic may be lost.
Example
The following example downloads the management software of the
command switch to other switches:
upload image remotelist
589
Chapter 39: File Transfer Commands
590
Section IV
Snooping
This section contains the following chapters:

Chapter 40, ”Internet Group Management Protocol (IGMP) Snooping”
on page 593

Chapter 41, ”IGMP Snooping Commands” on page 603

Chapter 42, ”IGMP Snooping Querier” on page 617

Chapter 43, ”IGMP Snooping Querier Commands” on page 627

Chapter 44, ”DHCP Snooping Commands” on page 633
591
592
Chapter 40
Internet Group Management Protocol
(IGMP) Snooping
This chapter discusses the following topics:

“Overview” on page 594

“Host Node Topology” on page 596

“Enabling IGMP Snooping” on page 597

“Configuring the IGMP Snooping Commands” on page 598

“Disabling IGMP Snooping” on page 600

“Displaying IGMP Snooping” on page 601
593
Chapter 40: Internet Group Management Protocol (IGMP) Snooping
Overview
IGMP snooping allows the switch to control the flow of multicast packets
from its ports. It enables the switch to forward packets of multicast groups
to only ports that have host nodes that want to join the multicast groups.
IGMP is used by IPv4 routers to create lists of nodes that are members of
multicast groups. (A multicast group is a group of end nodes that want to
receive multicast packets from a multicast application.) The router creates
a multicast membership list by periodically sending out queries to the local
area networks connected to its ports.
A node that wants to become a member of a multicast group responds to a
query by sending a report. A report indicates that an end node wants to
become a member of a multicast group. Nodes that join a multicast group
are referred to as host nodes. After joining a multicast group, a host node
must continue to periodically issue reports to remain a member.
After the router has received a report from a host node, it notes the
multicast group that the host node wants to join and the port on the router
where the node is located. Any multicast packets belonging to that
multicast group are then forwarded by the router out the port. If a particular
port on the router has no nodes that want to be members of multicast
groups, the router does not send multicast packets out the port. This
improves network performance by restricting the multicast packets only to
router ports where host nodes are located.
There are three versions of IGMP— versions 1, 2, and 3. One of the
differences between the versions is how a host node signals that it no
longer wants to be a member of a multicast group. In version 1 it stops
sending reports. If a router does not receive a report from a host node
after a predefined length of time, referred to as a time-out value, it
assumes that the host node no longer wants to receive multicast frames,
and removes it from the membership list of the multicast group.
In version 2, a host node exits from a multicast group by sending a leave
request. After receiving a leave request from a host node, the router
removes the node from appropriate membership list. The router also stops
sending multicast packets out the port to which the node is connected if it
determines there are no further host nodes on the port.
Version 3 adds the ability of host nodes to join or leave specific sources in
a multicast group.
The IGMP snooping feature on the switch supports all three versions of
IGMP. The switch monitors the flow of queries from routers and reports
and leave messages from host nodes to build its own multicast
membership lists. It uses the lists to forward multicast packets only to
switch ports where there are host nodes that are members of multicast
594
AT-8100 Switch Command Line User’s Guide
groups. This improves switch performance and network security by
restricting the flow of multicast packets to only those switch ports that are
connected to host nodes.
If the switch is not using IGMP snooping and receives multicast packets, it
floods the packets out all its ports, except the port on which it received the
packets. Such flooding of packets can negatively impact network
performance.
The switch maintains its list of multicast groups through an adjustable
timeout value, which controls how frequently it expects to see reports from
end nodes that want to remain members of multicast groups, and by
processing leave requests.
Note
The default setting for IGMP snooping on the switch is disabled.
Understanding
Multicast Traffic
Settings
By default, IGMP snooping is disabled on the switch. As a result, this
setting can impact multicast settings on a port. When you block egress or
ingress multicast packets on a port and the switch is set to IGMP snooping
disabled, the result is that all reports are suppressed on the specified
ports. For information about how to block egress and ingress multicast
packets, see “SWITCHPORT BLOCK EGRESS-MULTICAST” on
page 532 and “SWITCHPORT BLOCK INGRESS-MULTICAST” on
page 533.
Disabling the
Suppression of
Unknown
Multicast Traffic
IGMP snooping suppresses all unknown multicast traffic except for IPv4
reserved addresses in the range of 224.0.0.1 to 224.0.0.255 by default. To
counteract this suppression, you can enable the flooding of multicast traffic
with the IP IGMP SNOOPING FLOOD-UNKNOWN-MCAST command.
When you enable this command, all unknown multicast traffic is flooded
prior to a join message. Once a join message is accepted for the specified
multicast destination, it is no longer considered an unknown destination
and, therefore, no longer floods. For more information about this
command, see “IP IGMP SNOOPING FLOOD-UNKNOWN-MCAST” on
page 608.
595
Chapter 40: Internet Group Management Protocol (IGMP) Snooping
Host Node Topology
The switch has a host node topology setting. You use this setting to define
whether there is more than one host node on each port on the switch. The
switch refers to the topology to determine whether or not to continue
transmitting multicast packets from ports that receive leave requests or
where host nodes timeout due to inactivity. The possible topology settings
are:

Single-host per port

Multiple-hosts per port
Single-host Per
Port
This is the appropriate setting when there is only one host node connected
to each port on the switch. When this topology setting is enabled, the
switch immediately stops sending multicast packets from ports on which
host nodes have sent leave requests or have timed out. The switch
responds by immediately ceasing the transmission of additional multicast
packets out the ports.
Multiple-hosts
Per Port
The multiple-hosts per port setting is appropriate when the ports are
connected to more than one host node, such as when ports are connected
to other Ethernet switches where there are multiple host nodes. With this
setting selected, the switch continues sending multicast packets out a port
even after it receives a leave request from a host node. This ensures that
the remaining active host nodes on a port continue to receive the multicast
packets. Only after all the host nodes connected to a switch port have
transmitted leave requests or have timed out does the switch stop sending
multicast packets out a port.
If the switch has a mixture of host nodes, that is, some connected directly
to the switch and others through other Ethernet switches or hubs, you
should select the multiple-hosts per port selection.
596
AT-8100 Switch Command Line User’s Guide
Enabling IGMP Snooping
The command to enable IGMP Snooping on the switch is the IP IGMP
SNOOPING command in the Global Configuration mode. After you enter
the command, the switch begins to build its multicast table as queries from
the multicast router and reports from the host nodes arrive on its ports. To
enable IGMP Snooping:
awplus> enable
awplus# configure terminal
awplus(config)# ip igmp snooping
597
Chapter 40: Internet Group Management Protocol (IGMP) Snooping
Configuring the IGMP Snooping Commands
This table lists the IGMP Snooping commands with the exception of the
enable, disable, and display commands which are described in other
sections of this chapter.
Table 61. IGMP Snooping Commands
To
Use This Command
Range
Clears all IGMP group membership
records.
CLEAR IP IGMP
none
Specifies the maximum number of
multicast groups the switch will
support.
IP IGMP LIMIT multicastgroups
0 to 255
multicast
addresses
Specifies the time period, in seconds,
used by the switch to identify inactive
host nodes and multicast routers.
IP IGMP QUERIER-TIMEOUT timeout
0 to 86,400
seconds (24
hours)
Disables the suppression of unknown
multicast traffic.
IP IGMP SNOOPING FLOODUNKNOWN-MCAST
none
Specify ports that are connected to
multicast routers.
IP IGMP SNOOPING MROUTER
INTERFACE port
none
Specifies the IGMP host node
topology.
IP IGMP STATUS SINGLE|MULTIPLE
none
Removes static multicast router ports
and reactivate auto-detection of router
ports.
NO IP IGMP SNOOPING MROUTER
INTERFACE port
none
All of the commands are found in the Global Configuration mode. The
following examples illustrate the commands. The first example clears all
IGMP group membership records on all VLANs:
awplus> enable
awplus# configure terminal
awplus(config)# clear ip igmp
For more information about this command, see “CLEAR IP IGMP” on
page 604.
598
AT-8100 Switch Command Line User’s Guide
This example limits the switch to two multicast groups and specifies that
there is only one host node per port:
awplus> enable
awplus# configure terminal
awplus(config)# ip igmp limit 2
awplus(config)# ip igmp status single
For more information about these commands, see “IP IGMP LIMIT” on
page 605 and “IP IGMP STATUS” on page 610.
This example configures the switch to timeout inactive host nodes after 50
seconds and designates port 4 as a multicast router port:
awplus> enable
awplus# configure terminal
awplus(config)# ip igmp querier-timeout 50
awplus(config)# ip igmp snooping mrouter interface port1.0.4
For more information about these commands, see “IP IGMP QUERIERTIMEOUT” on page 606 and “IP IGMP SNOOPING MROUTER” on
page 609.
This example disables the suppression of unknown multicast traffic:
awplus> enable
awplus# configure terminal
awplus(config)# ip igmp snooping
awplus(config)# ip igmp snooping flood-unknown-mcast
For more information about this command, see “IP IGMP SNOOPING
FLOOD-UNKNOWN-MCAST” on page 608.
This example reactivates the auto-detection of multicast router ports by
removing the static router port 4:
awplus> enable
awplus# configure terminal
awplus(config)# no ip igmp snooping mrouter interface
port1.0.4
For more information about this command, see “NO IP IGMP SNOOPING
MROUTER” on page 612.
599
Chapter 40: Internet Group Management Protocol (IGMP) Snooping
Disabling IGMP Snooping
The command to disable IGMP Snooping on the switch is the NO IP IGMP
SNOOPING command in the Global Configuration mode. To disable
IGMP Snooping:
awplus> enable
awplus# configure terminal
awplus(config)# no ip igmp snooping
When IGMP Snooping is disabled, the switch floods the multicast packets
on all ports, except on ports that receive the packets.
600
AT-8100 Switch Command Line User’s Guide
Displaying IGMP Snooping
To display the settings of IGMP Snooping and its status, use the SHOW IP
IGMP SNOOPING command in the User Exec mode or Privileged Exec
mode:
awplus# show ip igmp snooping
Here is an example of the information the command displays:
IGMP Snooping Configuration:
IGMP Snooping Status ...............
Host Topology ......................
Host/Router Timeout Interval .......
Maximum IGMP Multicast Groups ......
Router Port(s) .....................
Enabled
Single-Host/Port (Edge)
260 seconds
64
Auto Detect
Router List:
VLAN
Port/
Exp.
ID
Trunk ID
RouterIP
Time
---------------------------------------------------1
12
172.16.01.1
22
Host List:
Number of IGMP Multicast Groups: 4
VLAN Port/
IGMP
Exp.
MulticastGroup
ID
TrunkID HostIP
Ver
Time
-----------------------------------------------------------01:00:5E:00:01:01
01:00:5E:7F:FF:FA
1
1
6/5/-
01:00:5E:00:00:02
01:00:5E:00:00:09
1
1
17/14/-
172.16.10.51
149.35.200.75
149.35.200.65
149.35.200.69
172.16.10.51
v2
v2
v2
v2
v2
21
11
65
34
32
Figure 117. SHOW IP IGMP SNOOPING
The information in the window is described in Table 63 on page 614.
601
Chapter 40: Internet Group Management Protocol (IGMP) Snooping
602
Chapter 41
IGMP Snooping Commands
The IGMP snooping commands are summarized in Table 62 and are
described in detail within the chapter.
Table 62. Internet Group Management Protocol Snooping Commands
Command
Mode
Description
“CLEAR IP IGMP” on page 604
Privileged Exec
Clears all IGMP group membership
records.
“IP IGMP LIMIT” on page 605
Global
Configuration
Specifies the maximum number of
multicast addresses the switch is
allowed to learn.
“IP IGMP QUERIER-TIMEOUT” on
page 606
Global
Configuration
Specifies the time period in seconds
used by the switch to identify inactive
host nodes and multicast routers.
“IP IGMP SNOOPING” on page 607
Global
Configuration
Enables IGMP snooping on the
switch.
“IP IGMP SNOOPING FLOODUNKNOWN-MCAST” on page 608
Global
Configuration
Disables the automatic suppression of
unknown multicast traffic.
“IP IGMP SNOOPING MROUTER” on
page 609
Global
Configuration
Manually identifies the ports where
multicast routers are connected.
“IP IGMP STATUS” on page 610
Global
Configuration
Specifies the IGMP host node
topology, of either single-host per port
or multiple-host per port.
“NO IP IGMP SNOOPING” on
page 611
Global
Configuration
Disables IGMP snooping on the
switch.
“NO IP IGMP SNOOPING
MROUTER” on page 612
Global
Configuration
Removes multicast router ports.
“SHOW IP IGMP SNOOPING” on
page 613
Privileged Exec
Displays the parameter settings and
operational details of IGMP snooping.
603
Chapter 41: IGMP Snooping Commands
CLEAR IP IGMP
Syntax
clear ip igmp
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to clear all IGMP group membership records on all
VLANs.
Example
This example clears all IGMP group membership records on all VLANs:
awplus> enable
awplus# clear ip igmp
604
AT-8100 Switch Command Line User’s Guide
IP IGMP LIMIT
Syntax
ip igmp limit multicastgroups
Parameter
multicastgroups
Specifies the maximum number of multicast addresses the switch
is allowed to learn. The range is 0 to 255 multicast addresses; the
default is 64 addresses.
Mode
Global Configuration mode
Description
Use this command to specify the maximum number of multicast addresses
the switch can learn. If your network has a large number of multicast
groups, you can use this parameter to limit the number of multicast groups
the switch supports.
Confirmation Command
“SHOW IP IGMP SNOOPING” on page 613
Example
This example sets the maximum number of multicast groups on the switch
to 25:
awplus> enable
awplus# configure terminal
awplus(config)# ip igmp limit 25
605
Chapter 41: IGMP Snooping Commands
IP IGMP QUERIER-TIMEOUT
Syntax
ip igmp querier-timeout timeout
Parameters
timeout
Specifies the time period in seconds used by the switch to identify
inactive host nodes and multicast routers. The range is from 0 to
86,400 seconds (24 hours). The default is 260 seconds. Setting
the timeout to zero (0) disables the timer.
Mode
Global Configuration mode
Description
Use this command to specify the time period the switch uses to identify
inactive host nodes and multicast routers. The time period is in seconds.
A host node is deemed inactive if the switch does not receive any IGMP
reports from it for the duration of the timer. The switch stops transmitting
multicast packets from a port of an inactive host node if there are no
additional host nodes.
A multicast router is deemed inactive if the switch does not receive any
queries from it for the duration of the timer.
The actual timeout may be ten seconds less that the specified value. For
example, a setting of 25 seconds can result in the switch classifying a host
node or multicast router as inactive after only 15 seconds. A setting of 10
seconds or less can result in the immediate timeout of inactive host nodes
or routers.
Confirmation Command
“SHOW IP IGMP SNOOPING” on page 613
Example
This example sets the timeout for inactive host nodes and multicast
routers to 400 seconds:
awplus> enable
awplus# configure terminal
awplus(config)# ip igmp querier-timeout 400
606
AT-8100 Switch Command Line User’s Guide
IP IGMP SNOOPING
Syntax
ip igmp snooping
Parameters
None
Mode
Global Configuration mode
Description
Use this command to activate IGMP snooping on the switch.
Confirmation Command
“SHOW IP IGMP SNOOPING” on page 613
Example
This example enables IGMP Snooping on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# ip igmp snooping
607
Chapter 41: IGMP Snooping Commands
IP IGMP SNOOPING FLOOD-UNKNOWN-MCAST
Syntax
ip igmp snooping flood-unknown-mcast
Parameter
None
Mode
Global Configuration mode
Description
This command disables the automatic suppression of unknown multicast
traffic on the switch. By default, IGMP Snooping suppresses all unknown
multicast traffic except for IPv4 reserved addresses 224.0.0.1 through
224.0.0.255. When you enable the IP IGMP SNOOPING FLOODUNKNOWN-MCAST command, all unknown multicast traffic is flooded
before a join message. Once a join message occurs for a particular
multicast destination, it is no longer “unknown” and, therefore, no longer
floods.
Use the no version of this command, NO IP IGMP SNOOPING FLOODUNKNOWN-MCAST, to enable the automatic suppression of unknown
multicast traffic on the switch.
Confirmation Command
“SHOW IP IGMP SNOOPING” on page 613
Examples
This example disables the automatic suppression of unknown multicast
traffic on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# ip igmp snooping
awplus(config)# ip igmp snooping flood-unknown-mcast
This example enables the automatic suppression of unknown multicast
traffic on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# no ip igmp snooping flood-unknown-mcast
608
AT-8100 Switch Command Line User’s Guide
IP IGMP SNOOPING MROUTER
Syntax
ip igmp snooping mrouter interface port
Parameter
port
Specifies a port connected to a multicast router. You can specify
more than one port.
Mode
Global Configuration mode
Description
Use this command to manually specify ports that are connected to
multicast routers. Manually specifying multicast router ports deactivates
auto-detect. To reactivate auto-detect, remove all static multicast router
ports. For instructions, refer to “NO IP IGMP SNOOPING MROUTER” on
page 612.
Confirmation Command
“SHOW IP IGMP SNOOPING” on page 613
Example
This example identifies ports 14 and 15 as multicast router ports:
awplus> enable
awplus# configure terminal
awplus(config)# ip igmp snooping mrouter interface
port1.0.14,port1.0.15
609
Chapter 41: IGMP Snooping Commands
IP IGMP STATUS
Syntax
ip igmp status single | multiple
Parameters
single
Activates the single-host per port setting, which is used when the
ports on the switch have only one host node each.
multiple
Activates the multiple-host per port setting, which is used when the
ports have more than one host node.
Mode
Global Configuration mode
Description
Use this command to specify the IGMP host node topology. For
background information, refer to “Host Node Topology” on page 596.
Confirmation Command
“SHOW IP IGMP SNOOPING” on page 613
Examples
This example sets the host node topology to the single-host per port
setting:
awplus> enable
awplus# configure terminal
awplus(config)# ip igmp status single
This example sets the host node topology to the multiple-host per port
setting:
awplus> enable
awplus# configure terminal
awplus(config)# ip igmp status multiple
610
AT-8100 Switch Command Line User’s Guide
NO IP IGMP SNOOPING
Syntax
no ip igmp snooping
Parameters
None
Mode
Global Configuration mode
Description
Use this command to deactivate IGMP snooping on the switch.
When IGMP snooping is disabled, the switch floods multicast packets on
all ports, except on ports that receive the packets.
Confirmation Command
“SHOW IP IGMP SNOOPING” on page 613
Example
awplus> enable
awplus# configure terminal
awplus(config)# no ip igmp snooping
611
Chapter 41: IGMP Snooping Commands
NO IP IGMP SNOOPING MROUTER
Syntax
no ip igmp snooping mrouter interface port
Parameter
port
Specifies a multicast router port.
Mode
Global Configuration mode
Description
Use this command to remove static multicast router ports. Removing all
multicast router ports activates auto-detect.
Confirmation Command
“SHOW IP IGMP SNOOPING” on page 613
Examples
This example removes port 3 as multicast router ports:
awplus> enable
awplus# configure terminal
awplus(config)# no ip igmp snooping mrouter interface
port1.0.3
612
AT-8100 Switch Command Line User’s Guide
SHOW IP IGMP SNOOPING
Syntax
show ip igmp snooping
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the IGMP snooping parameters. Figure 118
illustrates the information.
IGMP Snooping Configuration:
IGMP Snooping Status ...............
Host Topology ......................
Host/Router Timeout Interval .......
Maximum IGMP Multicast Groups ......
Router Port(s) .....................
Enabled
Single-Host/Port (Edge)
260 seconds
64
Auto Detect
Router List:
VLAN
Port/
Exp.
ID
Trunk ID
RouterIP
Time
---------------------------------------------------1
12
172.16.01.1
22
Host List:
Number of IGMP Multicast Groups: 4
VLAN Port/
IGMP
Exp.
MulticastGroup
ID
TrunkID HostIP
Ver
Time
-----------------------------------------------------------01:00:5E:00:01:01
01:00:5E:7F:FF:FA
1
1
6/5/-
01:00:5E:00:00:02
01:00:5E:00:00:09
1
1
17/14/-
172.16.10.51
149.35.200.75
149.35.200.65
149.35.200.69
172.16.10.51
v2
v2
v2
v2
v2
21
11
65
34
32
Figure 118. SHOW IP IGMP SNOOPING Command
613
Chapter 41: IGMP Snooping Commands
The information the command displays is explained in Table 63.
Table 63. SHOW IP IGMP SNOOPING Command
Parameter
Description
IGMP Snooping Configuration
IGMP Snooping Status
The status of IGMP snooping on the
switch. To enable or disable the feature,
refer to “IP IGMP SNOOPING” on
page 607 and “NO IP IGMP SNOOPING”
on page 611, respectively.
Host Topology
The IGMP host node topology on the
switch. The possible topologies are:
singlehost— This is the single-host per
port topology. This topology is appropriate
when there is only one host node per port
on the switch. This is the default setting.
multihost— This is the multiple-host per
port topology. This topology is appropriate
when there is more than one host node
per port on the switch.
To set this parameter, refer to “IP IGMP
STATUS” on page 610.
Host/Router Timeout
Interval
The amount of time the switch uses to
time out inactive host nodes and multicast
routers. To set this parameter, refer to “IP
IGMP QUERIER-TIMEOUT” on
page 606.
Maximum IGMP Multicast
Groups
The maximum number of multicast groups
the switch supports. To set this parameter,
refer to “IP IGMP LIMIT” on page 605.
Router Port(s)
The ports connected to multicast routers.
The switch can learn the router ports
automatically or you can assign them
manually. To assign the ports manually,
refer to “IP IGMP SNOOPING
MROUTER” on page 609.
Router List
VLAN ID
614
The ID numbers of the VLANs of the
router ports.
AT-8100 Switch Command Line User’s Guide
Table 63. SHOW IP IGMP SNOOPING Command (Continued)
Parameter
Description
Port/Trunk ID
The port of a multicast router. If the switch
learned a router on a port trunk, the trunk
ID number instead of a port number is
displayed.
Router IP
The IP addresses of the multicast routers.
Exp. Time
The number of seconds remaining before
the switch times out a multicast router if
there are no further IGMP queries from it.
Host List
Number of IGMP Multicast
Groups
The number of IGMP multicast groups
that have active host nodes on the switch.
Multicast Group
The multicast addresses of the groups.
ID
The ID numbers of the VLANs of the host
nodes.
Port/Trunk ID
The ports of the host nodes. If the host
nodes are on port trunks, this field
displays the trunk ID numbers instead of
the port numbers.
HostIP
The IP addresses of the host nodes.
IGMP Ver.
The IGMP versions used by the host
nodes.
Exp. Time
The number of seconds remaining before
host nodes are timed out if they do not
send IGMP reports.
Example
The following example displays the IGMP snooping parameters:
awplus# show ip igmp snooping
615
Chapter 41: IGMP Snooping Commands
616
Chapter 42
IGMP Snooping Querier
This chapter covers the following topics:

“Overview” on page 618

“Guidelines” on page 622

“Configuring the Feature” on page 623
617
Chapter 42: IGMP Snooping Querier
Overview
Multicast routers are an essential part of IP multicasting. They send out
queries to the network nodes to determine group memberships, route the
multicast packets across networks, and maintain lists of the multicast
groups and the ports where group members are located.
IGMP snooping querier can be used in place of multicast routers in
situations where IP multicasting is restricted to a single LAN, without the
need for routing. This feature enables the switch to mimic a multicast
router by sending out general IGMP queries to the host nodes.
IGMP snooping querier supports IGMP version 1, version 2, and version
3. By default, the switch sends version 2 messages. If it receives version 1
messages from any of the nodes, the switch sends version 1 queries. If
the switch receives version 3 messages, all nodes respond with version 3
messages. By default, the interval at which the querier sends out IGMP
querier reports is 125 seconds. The switch reverts to version 2 queries if,
after 255 seconds, no additional version 1 or version 3 messages are
received.
The switch must have an IP address to add to the queries as its source
address. In addition, the address must be a member of the same network
as the host nodes and the multicasting source. You assign an IP address
to the switch by creating a routing interface in the VLAN. Then apply the IP
address to the VLAN where it sends its queries, to enable IGMP snooping
querier on the VLAN. Allied Telesis recommends using the Default VLAN
which has a VID of 1.
IGMP snooping querier must be used in conjunction with IGMP snooping.
Activate IGMP snooping on all of the switches in the LAN, including the
switches running the IGMP snooping querier. The switches use IGMP
snooping to monitor the responses of the host nodes to the general IGMP
queries sent by the IGMP snooping querier. From the responses, they
create lists of ports that have host nodes that want to join the various
multicast groups and forward the multicast packets to only those ports. For
background information, refer to Chapter 40, “Internet Group Management
Protocol (IGMP) Snooping” on page 593.
Figure 119 on page 619 provides an example of IGMP snooping querier
on a LAN. It consists of a single switch with one VLAN, the Default VLAN.
Both IGMP snooping and IGMP snooping querier are enabled on the
switch. You assign a routing interface to the VLAN, with an IP address that
belongs to the same subnet as the multicast source and the host nodes.
618
AT-8100 Switch Command Line User’s Guide
Figure 119. IGMP Snooping Querier with One Querier
Table 64 lists the switch settings that are illustrated in Figure 119.
Table 64. IGMP Snooping Querier with One Querier
Switch
1
Assigning
Multiple Queriers
Routing
Address
149.123.48.2
IGMP
Snooping
Enabled
IGMP
Snooping
Querier
Enabled
Querier
Status
Active
IGMP snooping querier supports multiple queriers. A total of three queriers
are supported, one active querier and up to two standby queriers. The
active querier is the querier with the lowest IP address. The standby
querier has the second lowest IP address and the switch with the highest
IP address is the second standby querier.
The difference between the active and standby queriers is that only the
active querier registers IGMP reports. A standby queriers does not update
its MAC tables, so IGMP reports are not registered on the switch.
When you assign multiple queriers to a LAN, the software must decide
which is the active querier and which is the standby querier. This task falls
to a switch in the network that has IGMP snooping enabled, but IGMP
snooping querier disabled. Consequently, a LAN with multiple queriers
requires this extra switch.
For example, to assign two queriers to a network, you need three
switches. First, enable IGMP snooping on all three switches. Then enable
IGMP snooping querier on two switches, for this example, switches 1 and
3. Switch 2 determines which of the querier-enabled switches has the
lowest IP address and deems that switch the active querier. The switch
with the second lowest IP address is made the standby querier, again by
switch 2. In the case where there are three queriers, the switch in the
619
Chapter 42: IGMP Snooping Querier
network with IGMP snooping enabled and IGMP querier disabled
determines the standby querier and then the second standby querier by
comparing their IP addresses.
The following example consists of a LAN with three switches. See
Figure 120. IGMP snooping is enabled on all three switches. However,
IGMP snooping querier is enabled on switches 1 and 3. Switch 2
determines that switch 1 has the lowest IP routing address and forwards
all multicast packets to switch 1, making switch 1 the active querier.
Switch 3 becomes the standby querier in case switch 1 stops transmitting
query packets.
Note
Switches 1 and 3 are only sending queriers. Neither switch detects
nor displays an opposing querier.
Figure 120. IGMP Snooping Querier with Two Queriers
Table 65 lists the switch settings that are illustrated in Figure 120.
Table 65. IGMP Snooping Querier with Two Queriers
Switch
1
620
Routing
Address
149.123.48.2
IGMP
Snooping
Enabled
IGMP
Snooping
Querier
Enabled
Querier
Status
Active
AT-8100 Switch Command Line User’s Guide
Table 65. IGMP Snooping Querier with Two Queriers (Continued)
Switch
Routing
Address
IGMP
Snooping
IGMP
Snooping
Querier
Querier
Status
2
149.123.48.3
Enabled
Disabled
None
3
149.123.48.4
Enabled
Enabled
Standby
621
Chapter 42: IGMP Snooping Querier
Guidelines
The guidelines for IGMP snooping querier are listed here:
622

The network can have only one LAN.

The network can have up to three multicast routers.

You must enable IGMP snooping on all of the switches that you
assign a querier, plus one extra switch that has IGMP snooping
querier disabled.

You must enable IGMP snooping querier on all of the switches that
you assign a querier.

Apply IGMP snooping querier to the VLAN on which the queries
are to be sent.

The VLAN must be assigned a routing interface with an IP address
that is a member of the same network as the host nodes and the
source node of the multicast packets. The switch adds the IP
address to the queries as its source address.

IGMP snooping querier supports up to three queriers. The active
querier has the lowest IP address.

To assign multiple queriers to a LAN, you need one switch in the
network that has IGMP snooping enabled and IGMP snooping
querier disabled. This switch assigns the active querier by
determining which of the IGMP snooping querier enabled switches
has the lowest IP address.

If you want to add or remove ports from the VLAN after activating
IGMP snooping querier, you must disable IGMP snooping querier,
modify the VLAN, and then enable it again.

The switch supports IGMP versions 1, 2, and 3. The switch
typically sends only version 2 messages. If the switch receives a
version 1 message, it sends version 1 messages on all of the
ports. If the switch does not receive any additional version 1 or
version 3 messages for 255 seconds, the switch reverts to sending
version 2 messages.

If the switch receives a query either from a multicast router or from
another switch with IGMP snooping querier, it suspends IGMP
snooping querier and sends no further queries for 125 seconds. If
the switch does not receive any further queries, it reactivates the
feature and resumes sending queries.

IGMP snooping querier is supported on the base ports and SFP
modules.
AT-8100 Switch Command Line User’s Guide
Configuring the Feature
This section lists the IGMP snooping querier commands and describes
how to configure one querier as well as multiple queriers. See the
following procedures:

“Configuring One Querier” on page 623

“Configuring Multiple Queriers” on page 624
Table 66 lists the IGMP snooping querier commands.
Table 66. IGMP Snooping Querier Commands
To
Use This Command
Range
Activate IGMP snooping querier
IP IGMP SNOOPING QUERIER
none
Deactivate IGMP snooping querier
NO IP IGMP SNOOPING QUERIER
none
Set the interval at which IGMP general
query messages are transmitted.
IP IGMP QUERY-INTERVAL interval
2 to 18000
seconds
Display the status of IGMP snooping
querier.
SHOW IP IGMP INTERFACE vlanid
none
Configuring One
Querier
This example configures switch 1 as shown in Figure 119 on page 619,
with an additional step for changing the query interval.
Table 67. Configuring One Querier
Command
Description
awplus> enable
Enter the Privileged Executive mode from
the User Executive mode.
awplus# configure terminal
Enter the Global Configuration mode.
awplus(config)# ip igmp snooping
Activate IGMP snooping on the switch.
(The default setting for IGMP snooping is
disabled.)
awplus(config)# interface vlan1
Enter the VLAN Interface mode for the
Default VLAN.
awplus(config-if)# ip address
149.123.48.2/24
Assign the VLAN the IP address
149.123.48.2/24.
awplus(config-if)# ip igmp snooping
querier
Activate IGMP snooping querier on the
VLAN.
623
Chapter 42: IGMP Snooping Querier
Table 67. Configuring One Querier (Continued)
Command
Description
awplus(config-if)# ip igmp queryinterval 500
Set the interval at which IGMP general
query messages are transmitted to 500
seconds.
awplus(config-if)# end
Return to the Privileged Exec mode.
awplus# show ip interface
Verify the IP address with the SHOW IP
INTERFACE command. The columns are
defined in Table 29 on page 323.
awplus# show ip igmp interface vlan1
Use the SHOW IP IGMP STATISTICS
INTERFACE command to verify that IGMP
snooping and IGMP snooping querier are
active. The fields are defined in Table 70 on
page 631.
Configuring
Multiple Queriers
This example configures two queriers in a LAN that consists of three
switches as shown in Figure 120 on page 620.
Table 68. Configuring Multiple Queriers
Command
Description
Logon to switch 1.
awplus> enable
Enter the Privileged Executive mode from the
User Executive mode of switch 1.
awplus# configure terminal
Enter the Global Configuration mode.
awplus(config)# ip igmp snooping
Activate IGMP snooping on the switch. (The
default setting for IGMP snooping is
disabled.)
awplus(config)# interface vlan1
Enter the VLAN Interface mode for the
Default VLAN.
awplus(config-if)# ip address
149.123.48.2/24
Assign the VLAN the IP address
149.123.48.2/24.
awplus(config-if)# ip igmp snooping
querier
Activate IGMP snooping querier on the
VLAN.
awplus(config-if)# exit
Exit the Global Configuration mode.
awplus(config)# exit
Exit the User Executive mode.
awplus# exit
Exit the Privileged Executive mode and log
out of switch 1.
624
AT-8100 Switch Command Line User’s Guide
Table 68. Configuring Multiple Queriers (Continued)
Command
Description
Log on to switch 2.
awplus> enable
Enter the Privileged Executive mode from the
User Executive mode of switch 2.
awplus# configure terminal
Enter the Global Configuration mode.
awplus(config)# ip igmp snooping
Activate IGMP snooping on the switch.
awplus(config)# interface vlan1
Enter the VLAN Interface mode for the
Default VLAN.
awplus(config-if)# ip address
149.123.48.3/24
Assign the VLAN the IP address
149.123.48.3/24.
awplus(config-if)# exit
Exit the Global Configuration mode.
awplus(config)# exit
Exit the User Executive mode.
awplus# exit
Exit the Privileged Executive mode and log
out of switch 2.
Log on to switch 3
awplus> enable
Enter the Privileged Executive mode from the
User Executive mode of switch 3.
awplus# configure terminal
Enter the Global Configuration mode.
awplus(config)# ip igmp snooping
Activate IGMP snooping on the switch.
awplus(config)# interface vlan1
Enter the VLAN Interface mode for the
Default VLAN.
awplus(config-if)# ip address
149.123.48.4/24
Assign the VLAN the IP address
149.123.48.3/4.
awplus(config-if)# ip igmp snooping
querier
Activate IGMP snooping querier on the
VLAN.
625
Chapter 42: IGMP Snooping Querier
626
Chapter 43
IGMP Snooping Querier Commands
The IGMP snooping querier commands are summarized in Table 69.
Table 69. IGMP Snooping Querier Commands
Command
Mode
Description
“IP IGMP QUERY-INTERVAL” on
page 628
VLAN Interface
Sets the time interval at which the
VLANs send out IGMP General Query
messages.
“IP IGMP SNOOPING QUERIER” on
page 629
VLAN Interface
Activates IGMP snooping querier on
the VLANs.
“NO IP IGMP SNOOPING QUERIER”
on page 630
VLAN Interface
Deactivates IGMP snooping querier
on the VLANs.
“SHOW IP IGMP INTERFACE” on
page 631
Privileged Exec
Displays the status of IGMP snooping
querier in the VLANs.
627
Chapter 43: IGMP Snooping Querier Commands
IP IGMP QUERY-INTERVAL
Syntax
ip igmp query-interval interval
Parameter
interval
Specifies the time interval, in seconds, at which the switch
transmits IGMP General Query messages from the VLANs. The
range is 2 to 18,000 seconds. The default is 125 seconds.
Mode
VLAN Interface mode
Description
Use this command to set the time interval at which the VLAN sends out
IGMP general query messages.
Use the NO form of this command to return the parameter to the default
setting of 125 seconds.
Confirmation Command
“SHOW IP IGMP INTERFACE” on page 631
Examples
This example sets the query interval timer to 400 seconds on the Default
VLAN:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan1
awplus(config-if)# ip igmp query-interval 400
This example returns the query interval timer on an VLAN with an ID of 2
to the default value of 125 seconds:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan2
awplus(config-if)# no ip igmp query-interval
628
AT-8100 Switch Command Line User’s Guide
IP IGMP SNOOPING QUERIER
Syntax
ip igmp snooping querier
Parameters
None
Mode
VLAN Interface mode
Description
Use this command to activate an IGMP snooping querier on an VLAN.
Here are the guidelines:

IGMP snooping must be enabled on the switch.

The VLAN must already exist.

The VLAN must have a routing interface.

The IP address of the interface must be a member of the same subnet
as the multicast source.
Note
You can create up to three queriers in your network. The querier with
the lowest IP address is the active querier. The querier with the next
lowest IP address is the standby querier. The querier with the
highest IP address is the second standby querier.
Confirmation Command
“SHOW IP IGMP INTERFACE” on page 631
Example
This example activates IGMP snooping querier on the Default VLAN,
which has an ID of 1:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan1
awplus(config-if)# ip igmp snooping querier
629
Chapter 43: IGMP Snooping Querier Commands
NO IP IGMP SNOOPING QUERIER
Syntax
no ip igmp snooping querier
Parameters
None
Mode
VLAN Interface mode
Description
Use this command to deactivate an IGMP snooping querier on the VLANs.
Confirmation Command
“SHOW IP IGMP INTERFACE” on page 631
Example
This example deactivates an IGMP snooping querier on the VLAN with an
ID of 18:
awplus> enable
awplus# configure terminal
awplus(config)# interface vlan18
awplus(config-if)# no ip igmp snooping querier
630
AT-8100 Switch Command Line User’s Guide
SHOW IP IGMP INTERFACE
Syntax
show ip igmp interface vlanid
Parameters
vlanid
Specifies a VLAN ID, for example, “vlan3.” You may specify only
one VLAN.
Mode
Privileged Exec mode
Description
Use this command to display the status of IGMP snooping querier on the
VLANs. Here is an example of the display:
Interface vlan1 (Index 0)
IGMP Enabled, Active, Version 2
IGMP query interval is 125 seconds
IGMP Snooping is globally enabled
IGMP Snooping querier is enabled
Figure 121. SHOW IP IGMP INTERFACE Command
Note
This command does not display information about multiple queriers.
The fields are defined in Table 70.
Table 70. SHOW IP IGMP INTERFACE Command
Field
Definition
Interface
The ID number of the selected VLAN.
IGMP
The status of the IGMP agent. The agent is
automatically enabled when IGMP snooping
querier is activated.
IGMP query
interval
The time interval in seconds at which IGMP
General Query messages are transmitted.
631
Chapter 43: IGMP Snooping Querier Commands
Table 70. SHOW IP IGMP INTERFACE Command (Continued)
Field
Definition
IGMP Snooping
The status of IGMP snooping on the switch. The
commands for enabling and disabling this feature
are “IP IGMP SNOOPING” on page 607 and “NO
IP IGMP SNOOPING” on page 611.
IGMP snooping
querier
The status of IGMP snooping querier in the
VLAN. The commands for enabling and disabling
the feature are “IP IGMP SNOOPING QUERIER”
on page 629 and “NO IP IGMP SNOOPING
QUERIER” on page 630, respectively.
Example
This example displays the status of IGMP snooping querier on the Default
VLAN, which has the ID number 1:
awplus> enable
awplus# show ip igmp interface vlan1
632
Chapter 44
DHCP Snooping Commands
The DHCP commands are summarized in Table 71 and are described in
detail within the chapter.
Table 71. DHCP Commands
Command
Mode
Description
“ARP SECURITY” on page 635
Port Interface
mode
Enables ARP security on a port.
“ARP SECURITY VIOLATION” on
page 636
Port Interface
mode
Sets an action if an ARP security
violation occurs.
“CLEAR ARP SECURITY
STATISTICS” on page 638
Privileged Exec
mode
Clears ARP security violations from
the specified ports.
“CLEAR IP DHCP SNOOPING
BINDING” on page 639
Privileged
Executive mode
Removes dynamic entries from the
DHCP snooping binding database.
“CLEAR IP DHCP SNOOPING
STATISTICS” on page 641
Privileged
Executive mode
Clears DHCP snooping statistics from
the specified ports.
“IP DHCP SNOOPING” on page 642
Global
Configuration
mode
Enables DHCP snooping on VLANs.
“IP DHCP SNOOPING AGENTOPTION” on page 643
Global
Configuration
mode
Enables DHCP Option 82 data
insertion on the switch.
“IP DHCP SNOOPING AGENTOPTION ALLOW-UNTRUSTED” on
page 644
Global
Configuration
mode
Enables the switch to forward DHCP
Option 82 data packets to edge
switches.
“IP DHCP SNOOPING BINDING” on
page 645
Privileged Exec
mode
Manually adds a dynamic-like entry to
the DHCP snooping database.
“IP DHCP SNOOPING DELETE-BYCLIENT” on page 647
Global
Configuration
mode
Removes a dynamic entry from the
DHCP database when it receives a
valid DHCP message.
“IP DHCP SNOOPING DELETE-BYLINKDOWN” on page 648
Global
Configuration
mode
Removes a dynamic entry from the
DHCP snooping database when its
port goes down.
633
Chapter 44: DHCP Snooping Commands
Table 71. DHCP Commands (Continued)
Command
Mode
Description
“IP DHCP SNOOPING MAXBINDINGS” on page 649
Port Interface
mode
Sets the maximum number of DHCP
lease entries that can be stored in the
DHCP snooping database for each
port.
“IP DHCP SNOOPING
SUBSCRIBER-ID” on page 651
Port Interface
mode
Sets a subscriber ID for a port.
“IP DHCP SNOOPING TRUST” on
page 653
Port Interface
mode
Sets ports to be DHCP snooping
trusted ports.
“IP DHCP VERIFY MAC-ADDRESS”
on page 654
Global
Configuration
mode
Verifies that the source MAC address
and client hardware address match in
DHCP packets received on untrusted
ports.
“IP DHCP SNOOPING VIOLATION”
on page 656
Port Interface
mode
Specifies the action the switch takes
when it detects a DHCP snooping
violation.
“IP SOURCE BINDING” on page 658
Global
Configuration
mode
Adds or replaces a static entry in the
DHCP snooping database.
“SERVICE DHCP SNOOPING” on
page 660
Global
Configuration
mode
Enables the DHCP snooping service
on the switch globally.
“SHOW ARP SECURITY” on
page 662
Privilege Exec
mode
Displays security configuration on the
switch.
“SHOW ARP SECURITY
INTERFACE” on page 664
Privilege Exec
mode
Displays ARP security configuration
for the ports specified.
“SHOW ARP SECURITY
STATISTICS” on page 666
Privilege Exec
mode
Displays the ARP security statistics for
the specified ports.
“SHOW IP DHCP SNOOPING” on
page 668
Privilege Exec
mode
Displays the global DHCP snooping
configuration on the switch.
“SHOW IP DHCP SNOOPING
BINDING” on page 670
Privilege Exec
mode
Displays all dynamic and static entries
in the DHCP snooping binding
database.
“SHOW IP DHCP SNOOPING
INTERFACE” on page 672
Privilege Exec
mode
Displays DHCP snooping information
for a port or a list of ports.
“SHOW IP SOURCE BINDING” on
page 674
Privilege Exec
mode
Displays static entries in the DHCP
snooping database.
634
AT-8100 Switch Command Line User’s Guide
ARP SECURITY
Syntax
arp security
Parameters
None
Mode
Port Interface mode
Description
Use this command to enable ARP security on untrusted ports in VLANs.
When the ARP SECURITY command is enabled, the port only responds to
and forwards ARP packets with recognized IP and MAC Source
addresses.
Use the no version of this command, NO ARP SECURITY command, to
disable ARP security on a port.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example enables ARP security on port 9:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.9
awplus(config-if)# arp security
635
Chapter 44: DHCP Snooping Commands
ARP SECURITY VIOLATION
Syntax
arp security violation link-down|log|trap
Parameters
violation
Specifies one of the following actions if an ARP security violation
occurs:
link-down: Disables the port.
log: Generates a log message. Use the SHOW LOG command
to display these messages. See “NO LOG BUFFERED” on
page 693.
trap: Generates an SNMP notification or trap. To make this
parameter active, configure SNMP and enable DHCP snooping
notifications with the SNMP-SERVER ENABLE TRAP
command. See “SNMP-SERVER ENABLE TRAP” on
page 1160. Notifications are limited to one per second and to
one per source MAC and violation.
Mode
Port Interface mode
Description
Use this command to set the an action if an ARP security violation occurs
on a port.
Use the no version of this command, NO ARP SECURITY VIOLATION
command, to cancel the ARP security violation action previously
configured.
Confirmation Command
“NO LOG BUFFERED” on page 693
“SHOW RUNNING-CONFIG” on page 162
636
AT-8100 Switch Command Line User’s Guide
Example
This example generates a log message if port 17 experiences an ARP
security violation:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.17
awplus(config-if)# arp security
awplus(config-if)# arp security violation log
637
Chapter 44: DHCP Snooping Commands
CLEAR ARP SECURITY STATISTICS
Syntax
clear arp security statistics interface port-list
Parameters
interface
Specifies a port-list.
Mode
Privileged Exec mode
Description
Use this command to clear ARP security violations from the specified
ports. For information about defining ARP security violations, see “ARP
SECURITY VIOLATION” on page 636.
For instructions about how to specify ports, see “Port Numbers in
Commands” on page 63.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example clears the ARP security violations on ports 20-24:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.20-port1.0.24
awplus(config-if)# clear arp security statistics
638
AT-8100 Switch Command Line User’s Guide
CLEAR IP DHCP SNOOPING BINDING
Syntax
clear ip dhcp snooping binding ipaddr interface <port-list>
vlan <vid-list>
Parameters
ipaddr
Removes the entry for this client IP address.
interface
Specifies a port-list. Removes all entries for the ports specified.
The port list may contain switch ports and static or dynamic link
aggregators (channel groups).
vlan
Removes all entries associated with the specified VLANs.
Mode
Privileged Exec mode
Description
Use this command to remove one or more dynamic entries from the DHCP
snooping binding database. If you do not specify any of the parameters, all
dynamic entries are removed from the database.
Dynamic entries can also be deleted with the NO IP SOURCE BINDING
command. See “IP SOURCE BINDING” on page 658.
For instructions about how to specify ports, see “Port Numbers in
Commands” on page 63.
Caution
If you remove entries from the DHCP snooping binding database for
current clients, they will lose IP connectivity until they request and
receive a new DHCP lease. If you clear all entries, all clients
connected to untrusted ports will lose connectivity.
Confirmation Command
“SHOW IP DHCP SNOOPING BINDING” on page 670
639
Chapter 44: DHCP Snooping Commands
Example
This example removes all of the dynamic lease entries from the DHCP
snooping database for a client with an IP address of 192.168.1.2:
awplus> enable
awplus# clear ip dhcp snooping binding 192.168.1.2
640
AT-8100 Switch Command Line User’s Guide
CLEAR IP DHCP SNOOPING STATISTICS
Syntax
clear dhcp snooping statistics interface port-list
Parameters
interface
Specifies a port-list.
Mode
Privileged Executive mode
Description
Use this command to clear DHCP snooping statistics from the ports
specified.
For instructions about how to specify ports, see “Port Numbers in
Commands” on page 63.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example clears the DHCP statistics from the ports 12 through 16:
awplus> enable
awplus# clear ip dhcp snooping statistics port1.0.12port1.0.16
641
Chapter 44: DHCP Snooping Commands
IP DHCP SNOOPING
Syntax
ip dhcp snooping
Parameters
None
Mode
Global Configuration mode
Description
Use this command to enable DHCP snooping on the VLAN interfaces
specified.
Use the no version of the command, NO IP DHCP SNOOPING command,
to disable DHCP snooping in the VLAN interfaces specified.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example enables DHCP snooping on VLAN interface 25:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp snooping
642
AT-8100 Switch Command Line User’s Guide
IP DHCP SNOOPING AGENT-OPTION
Syntax
ip dhcp snooping agent-option
Parameters
None
Mode
Global Configuration mode
Description
Use this command to enable DHCP Option 82 data insertion on the switch.
When the IP DHCP SNOOPING AGENT-OPTION command is enabled,
the switch:

Inserts DHCP Option 82 into DHCP packets that it receives on
untrusted ports.

Removes DHCP Option 82 from DHCP packets that it sends to
untrusted ports.
To use this command, you must enable DHCP snooping on the switch with
the SERVICE DHCP-SNOOPING command and on the VLANs with the IP
DHCP SNOOPING command. See “SERVICE DHCP SNOOPING” on
page 660 and “IP DHCP SNOOPING” on page 642.
Use the no version of the command, NO IP DHCP SNOOPING AGENTOPTION command, to disable DHCP Option 82 on the switch.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example enables DHCP Option 82 on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp snooping agent-option
643
Chapter 44: DHCP Snooping Commands
IP DHCP SNOOPING AGENT-OPTION ALLOW-UNTRUSTED
Syntax
ip dhcp snooping agent-option allow-untrusted
Parameters
None
Mode
Global Configuration mode
Description
Use this command to enable DHCP Option 82 reception on untrusted
ports. When this command is enabled, the switch accepts incoming DHCP
packets that contain DHCP Option 82 data on untrusted ports. By default,
this command is disabled.
If the switch is connected via untrusted ports to edge switches that insert
DHCP Option 82 data into DHCP packets, you may need to allow these
DHCP packets through the untrusted ports by using the IP DHCP
SNOOPINFG AGENT-OPTION ALLOW-UNTRUSTED command.
When this command is disabled, the switch treats incoming DHCP
packets on untrusted ports that contain DHCP Option 82 as DHCP
snooping violations. The switch drops the packets and applies the
violation action specified by the IP DHCP SNOOPING VIOLATION
command. See “IP DHCP SNOOPING VIOLATION” on page 656.
Use the no version of the command, NO IP DHCP SNOOPING AGENTOPTION ALLOW-UNTRUSTED command, to disable DHCP Option 82
reception on untrusted ports.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example enables DHCP Option 82 data reception on untrusted ports:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp snooping agent-option allowuntrusted
644
AT-8100 Switch Command Line User’s Guide
IP DHCP SNOOPING BINDING
Syntax
ip dhcp snooping binding ipaddr macaddr (vlan vid)
(interface port) (expiry expiry-time)
Parameters
ipaddr
Specifies the client’s IP address.
macaddr
Specifies a client’s MAC address in the HHHH.HHHH.HHHH
format.
vlan
Specifies a VLAN ID for the entry. The range is from 1 to 4094.
interface
Indicates the port the client is connected to. The port can be a
switch port or a static or dynamic link aggregation (a channel
group).
expiry
Specifies the expiry time for the entry. The range is 5 to 21473647
seconds.
Mode
Privileged Exec mode
Description
Use this command to manually add a dynamic-like entry (with an expiry
time) to the DHCP snooping database. After it is added to the database,
this entry is treated as dynamic entry and is stored in the DHCP snooping
database backup file. This command is not stored in the switch’s running
configuration.
Caution
If you remove entries from the database for the current clients, they
lose IP connectivity until they request and receive a new DHCP
lease. If you clear all entries, all clients connected to untrusted ports
lose connectivity.
To add or remove static entries from the database, use the IP SOURCE
BINDING command. See “IP SOURCE BINDING” on page 658.
645
Chapter 44: DHCP Snooping Commands
Use the no version of the command, the NO IP DHCP SNOOPING
BINDING command, to restore the delete a dynamic entry for an IP
address from the DHCP snooping database or to delete all dynamic
entries from the database.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example restores an entry in the DHCP snooping database for a
DHCP client with the IP address of 193.167.1.2, a MAC address of
0001.0002.0003, on port1.0.6 of VLAN 6 with an expiry time of 1 hour:
awplus> enable
awplus# ip dhcp snooping binding 193.167.1.2. 0001.0002.0003
vlan 6 interface port1.0.6 expiry 3600
646
AT-8100 Switch Command Line User’s Guide
IP DHCP SNOOPING DELETE-BY-CLIENT
Syntax
ip dhcp snooping delete-by-client
Parameters
None
Mode
Global Configuration mode
Description
Use this command to set the switch to remove a dynamic entry from the
DHCP snooping database when it receives a valid DHCP message with
matching IP address, VLAN ID, and client hardware on an untrusted port.
In addition, setting this command causes the switch to discard release
messages that do not match an entry in the database. This command is
enabled by default.
DHCP clients send a release message when they no longer wish to use
the IP address they have been allocated by a DHCP server. Use this
command to enable DHCP snooping to use the information in these
messages to remove entries from its database immediately.
Use the no version of the command, the NO DHCP SNOOPING DELETEBY-CLIENT command, to ignore the release messages. Lease entries
corresponding to ignored DHCP release messages eventually time out
when the lease expires.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example sets the switch to delete DHCP snooping lease entries from
the DHCP snooping database when a matching release message is
received:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp snooping delete-by-client
647
Chapter 44: DHCP Snooping Commands
IP DHCP SNOOPING DELETE-BY-LINKDOWN
Syntax
ip dhcp snooping delete-by-linkdown
Parameters
None
Mode
Global Configuration mode
Description
Use this command to set the switch to remove a dynamic entry from the
DHCP snooping database when its port goes down. If the port is part of an
aggregated link, the entries in the database are deleted only when all of
the ports in the aggregated link are down.
If this command is enabled in a stack and the master switch goes down
and is replaced by a new master switch, entries in the DHCP snooping
database for ports on the master are removed. There is one exception. If
is command is enabled in a stack and the master switch goes down and is
replaced by a new master switch, entries in the database for ports on the
master are not removed if they are part of link aggregators that are still up.
By default, this command is disabled. With this setting, the DHCP
snooping bindings are not deleted when an interface goes down.
Use the no version of the command, the NO IP DHCP SNOOPING
DELETE-BY-LINKDOWN command, to set the switch to not delete entries
when ports go down.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example sets the switch to delete DHCP snooping lease entries from
the DHCP snooping database when links go down:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp snooping delete-by-linkdown
648
AT-8100 Switch Command Line User’s Guide
IP DHCP SNOOPING MAX-BINDINGS
Syntax
ip dhcp snooping max-bindings <0 - 520>
Parameters
max-bindings
Specifies the maximum number of bindings that are stored in the
DHCP snooping binding database for the port specified. If 0 is
specified, no entries are stored in the database.
Mode
Port Interface mode
Description
Use this command to set the maximum number of DHCP lease entries that
can be stored in the DHCP snooping database for a port or a range of
ports. After this value is reached, no additional DHCP lease allocations
made to the devices on the port are stored in the database. The default
value for the maximum number of DHCP lease entries is 1.
The maximum number of leases cannot be changed for a port while there
are DHCP snooping Access Control Lists (ACL) associated with the port.
Before using this command, remove any DHCP snooping ACLs
associated with the ports.
In general, the default value of 1 works well on an edge port with a singledirectly-connected-DHCP client. If the port is on an aggregated switch with
multiple DHCP clients connected through it, then use this command to
increase the number of lease entries for the port.
If there are multiple VLANs configured on the port, the limit of DHCP lease
entries is shared between all of the VLANs on the specified port. For
example, the default value only allows one lease to be stored for one
VLAN. To allow connectivity for the other VLANs, use this command to
increase the number of lease entries for the port.
Use the no version of the command, the NO IP DHCP MAX-BINDINGS
command, to reset the maximum number of DHCP lease entries to the
default of 1.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
649
Chapter 44: DHCP Snooping Commands
Example
This example sets the maximum number of bindings that can be stored in
the DHCP snooping database to 10 per port for ports 15 to 19:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15-port1.0.19
awplus(config-if)# ip dhcp snooping max-bindings 10
650
AT-8100 Switch Command Line User’s Guide
IP DHCP SNOOPING SUBSCRIBER-ID
Syntax
ip dhcp snooping subscriber-id <sub-id>
Parameters
sub-id
Specifies a subscriber ID in an alphanumeric (ASCII) string of 1 to
50 characters. Spaces are permitted; however, they must be
enclosed in double quotation marks. Wild cards are not permitted.
Mode
Port Interface mode
Description
Use this command to assign a subscriber ID to a port. By default, no
subscriber IDs are assigned to any port on the switch.
The subscriber ID sub-option is included in the DHCP Option 82 field of
client DHCP packets that are forwarded from a port if all the following
conditions are met:

A subscriber ID is specified for the port using the IP DHCP
SNOOPING SUBSCRIBER-ID command.

DHCP Snooping Option 82 is enabled using “IP DHCP
SNOOPING AGENT-OPTION” on page 643. This command is
enabled by default.

DHCP Snooping is enabled on the switch with the SERVICE
DHCP SNOOPING command and on the VLAN to which the port
belongs using “IP DHCP SNOOPING” on page 642.
Use the no version of the command, NO IP DHCP SNOOPING
SUBSCRIBER-ID command, to remove the subscriber id assigned to a
port.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
“SHOW IP DHCP SNOOPING INTERFACE” on page 672
651
Chapter 44: DHCP Snooping Commands
Examples
This example assigns port 3 a subscriber ID of “room_534:”
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.3
awplus(config-if)# ip dhcp snooping subscriber-id room_534
This example assigns port 17 a subscriber ID of “Campus A Building 3”
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.17
awplus(config-if)# ip dhcp snooping subscriber-id “Campus A
Building 3”
This example assigns removes a subscriber ID from port 21
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.21
awplus(config-if)# no ip dhcp snooping subscriber-id
652
AT-8100 Switch Command Line User’s Guide
IP DHCP SNOOPING TRUST
Syntax
ip dhcp snooping trust
Parameters
None
Mode
Port Interface mode
Description
Use this command to set ports as DHCP-snooping-trusted ports. Typically,
ports connecting the switch to trusted elements in the network (towards
the core) are set as trusted ports while ports connecting untrusted network
elements are set as untrusted. Configure ports connected to DHCP
servers as trusted ports. By default, all switch ports are untrusted.
Use the no version of this command, NO IP DHCP SNOOPING TRUST, to
return a port to its default untrusted state.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
“SHOW IP DHCP SNOOPING INTERFACE” on page 672
Example
This example assigns ports 1 and 2 as trusted ports:
awplus> enable
awplus# configure terminal
awplus(config-if)# interface port1.0.1-port1.0.2
awplus(config)# ip dhcp snooping trust
653
Chapter 44: DHCP Snooping Commands
IP DHCP VERIFY MAC-ADDRESS
Syntax
ip dhcp verify mac-address
Parameters
None
Mode
Global Configuration mode
Description
Use this command to verify that the source MAC address and client
hardware address match in DHCP packets received on untrusted ports.
By default, this command is enabled.
When MAC address verification is enabled, the switch treats DHCP
packets with source MAC address and client hardware addresses that do
not match as DHCP snooping violations. It drops them and applies any
other violation action specified by the IP DHCP SNOOPING VIOLATION
command. See “IP DHCP SNOOPING VIOLATION” on page 656.
Note
To bring the port up after any issues have been resolved, use the
NO SHUTDOWN command. See “NO SHUTDOWN” on page 216.
Use the no version of the command, NO IP DHCP SNOOPNG VERIFY
MAC-ADDRESS command, to disable source MAC address verification.
Confirmation Commands
“IP DHCP SNOOPING VIOLATION” on page 656
“SHOW RUNNING-CONFIG” on page 162
“SHOW IP DHCP SNOOPING” on page 668
Examples
This example enables MAC address verification on untrusted ports:
awplus> enable
awplus# configure terminal
awplus(config)# ip dhcp verify mac-address
654
AT-8100 Switch Command Line User’s Guide
This example disables MAC address verification on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# no ip dhcp verify mac-address
655
Chapter 44: DHCP Snooping Commands
IP DHCP SNOOPING VIOLATION
Syntax
ip dhcp snooping violation log|trap|link-down
Parameters
log
Generates a log message. Use the SHOW LOG command to
display these messages. See “NO LOG BUFFERED” on page 693.
trap
Generates an SNMP notification or trap. To make this parameter
active, configure SNMP and enable DHCP snooping notifications
with the SNMP-SERVER ENABLE TRAP command. See “SNMPSERVER ENABLE TRAP” on page 1160. Notifications are limited
to one per second and to one per source MAC and violation.
link-down
Disables the port.
Mode
Port Interface mode
Description
Use this command to specify the action the switch takes when it detects
an DHCP snooping violation by an DHCP packet on a port (or ports). You
can set to switch to respond with more than one action. By default, DHCP
packets that violate DHCP snooping are dropped, but no other violation
action is taken.
If a port has been shut down in response to a violation, to bring it back up
again after any issues have been resolved, use the NO SHUTDOWN
command. See “NO SHUTDOWN” on page 216.
IP packets dropped by DHCP snooping filers do not result in other DHCP
snooping violation actions.
Use the no version of the command, NO IP DHCP SNOOPING
VIOLATION command, to disable the specified violation actions or all
violation actions.
656
AT-8100 Switch Command Line User’s Guide
Confirmation Command
“NO LOG BUFFERED” on page 693
“SNMP-SERVER ENABLE TRAP” on page 1160.
Example
This example sets the switch to send an SNMP notification and set the link
status to link-down if it detects an DHCP snooping violation on switch ports
1 through 4:
awplus> enable
awplus# configure terminal
awplus(config)# snmp-server enable trap dhcpsnooping
awplus(config)# interface port1.0.1-port1.0.4
awplus(config)# ip dhcp snooping violation trap link-down
657
Chapter 44: DHCP Snooping Commands
IP SOURCE BINDING
Syntax
ip source binding <ipaddr> <macaddr> vlan <vid> interface
<port>
Parameters
ipaddr
Specifies the client’s IP address. If there is already an entry in the
DHCP snooping database for the IP address, then this option
replaces it with the new entry.
macaddr
Specifies a client’s MAC address in the HHHH.HHHH.HHHH
format.
vlan
Specifies a VLAN ID for the entry. The range is from 1 to 4094.
interface
Indicates the port the client is connected to.
Mode
Global Configuration mode
Description
Use this command to add or replace a static entry in the DHCP snooping
database. In addition, you can use this command to delete all of the static
entries in the DHCP snooping database.
Use the no version of the command, NO IP SOURCE BINDING
command, to delete the specified static entry or all static entries from the
database.
To remove dynamic entries from the DHCP snooping database, use the
CLEAR IP DHCP SNOOPING BINDING command (see “IP DHCP
SNOOPING” on page 642) or NO IP DHCP SNOOPING BINDING
command (see “IP DHCP SNOOPING BINDING” on page 645).
Confirmation Commands
“SHOW IP DHCP SNOOPING BINDING” on page 670
“SHOW IP SOURCE BINDING” on page 674
658
AT-8100 Switch Command Line User’s Guide
Examples
This example adds a static entry to the DHCP snooping database for a
client with the IP address of 192.168.1.2 and a MAC address of
0001.0002.0003 on port 6 of VLAN 7:
awplus> enable
awplus# configure terminal
awplus(config)# ip source binding 192.168.1.2 0001.0002.0003
vlan 7 interface port1.0.6
This example removes the static entry for IP address 192.168.1.2 from the
DHCP snooping database:
awplus> enable
awplus# configure terminal
awplus(config)# no ip source binding 192.168.1.2
This example removes all static entries from the DHCP snooping
database:
awplus> enable
awplus# configure terminal
awplus(config)# no ip source binding
659
Chapter 44: DHCP Snooping Commands
SERVICE DHCP SNOOPING
Syntax
service dhcp snooping
Parameters
None
Mode
Global Configuration mode
Description
Use this command to enable the DHCP snooping service on the switch
globally. You must enable the SERVICE DHCP-SNOOPING command
before entering other DHCP snooping commands. By default, DHCP
snooping is disabled on the switch.
For DHCP snooping to operate on a VLAN, it must be enabled on the
switch by using this command and also enabled on the specified VLAN by
using the IP DHCP SNOOPING command. See “IP DHCP SNOOPING”
on page 642.
For DHCP snooping to operate on a VLAN, it must:

Be enabled globally on the switch with this command

Be enabled on the specified VLAN with the IP DHCP SNOOPING
command (see “IP DHCP SNOOPING” on page 642)

Have at least on port connected to a DHCP server that is
configured as a trusted port using the IP DHCP SNOOPING
TRUST command (see “IP DHCP SNOOPING TRUST” on
page 653)
If you disable the DHCP snooping service by using the NO SERVICE
DHCP SNOOPING command, all DHCP snooping configuration (including
ARP security, but excluding maximum bindings and ACLs) is removed
from the running configuration, and the DHCP snooping database is
deleted from active memory. If your reenable the service, the switch
repopulates the DHCP snooping database from the dynamic lease entries
in the database backup file (in NVS by default). The lease expiry times are
updated.
660
AT-8100 Switch Command Line User’s Guide
The DHCP snooping service cannot be enabled on a switch that is
configured with any of the following features:

Web authentication (using the AUTH-WEB ENABLE command)

Guest VLAN authentication (using the AUTH GUEST-VLAN
command)

DHCP relay agent option (using the IP DHCP-RELAY AGENTOPTION command)
In addition, you cannot enable any of the above features if you have
DHCP snooping enabled on the switch.
Any ACLs on a port that permit traffic matching DHCP snooping entries
and block other traffic, will block all traffic if DHCP snooping is disabled on
a port. If you disable DHCP snooping on the switch using this command,
you must also remove any DHCP snooping ACLs from the ports to
maintain connectivity using the NO ACCESS-GROUP command. See “NO
ACCESS-GROUP” on page 1625.
Use the no version, the NO SERVICE DHCP SNOOPING command, to
disable the DHCP snooping service on the switch. This command
removes all of the DHCP snooping configuration from the running
configuration except for any DHCP snooping maximum bindings settings
(set with “IP DHCP SNOOPING MAX-BINDINGS” on page 649) and any
DHCP snooping-based Access Control Lists (ACLs) which are retained
when the service is disabled.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example enables DHCP snooping on a switch:
awplus> enable
awplus# configure terminal
awplus(config)# service dhcp snooping
661
Chapter 44: DHCP Snooping Commands
SHOW ARP SECURITY
Syntax
show arp security
Parameters
None
Mode
Privilege Exec mode
Description
Use this command to display the ARP security configuration for the
specified ports or all ports.
Example
This example displays the ARP security configuration on the switch:
awplus> enable
awplus# show arp security
See Figure 122 for a sample display. See Table 72 on page 663 for an
explanation of the parameters in this display.
awplus# show arp security
Arp Security Information:
Total VLANs enabled...............2
Total VLANs disabled..............10
vlan1...............Disabled
vlan2...............Disabled
vlan3...............Disabled
vlan4...............Disabled
vlan5...............Disabled
vlan100.............Disabled
vlan101.............Disabled
vlan102.............Disabled
vlan103.............Disabled
vlan104.............Disabled
vlan105.............Enabled
vlan1000............Enabled
Figure 122. SHOW ARP SECURITY Command
662
AT-8100 Switch Command Line User’s Guide
Table 72. Parameters in SHOW ARP SECURITY Command
Parameter
Description
Total VLANs enabled
Specifies the number of VLANs that have
ARP security enabled.
Total VLANs disabled
Specifies the number of VLANs that have
ARP security disabled.
663
Chapter 44: DHCP Snooping Commands
SHOW ARP SECURITY INTERFACE
Syntax
show arp security interface <port-list>
Parameters
interface
Indicates the list of ports. If no ports are specified, information for
all ports is displayed.
Mode
Privilege Exec mode
Description
Use this command to display ARP security configuration for the specified
ports or all ports.
Example
This example displays ARP security configuration for ports 1 through 7:
awplus> enable
awplus# show arp security interface port1.0.1-port1.0.7
See Figure 123 for a sample display. See Table 73 on page 665 for an
explanation of the parameters in this display.
awplus# show arp security interface port1.0.1-port1.0.5
Arp Security Port Status and Configuration:
Port: Provisioned ports marked with brackets, e.g. (portx.y.z)
KEY: LG = Log
TR = Trap
LD = Link down
Port
Action
---------------------------------------port1.0.1
LG TR -port1.0.2
-- -- -port1.0.3
LG TR LD
port1.0.4
LG -- -port1.0.5
LG -- LD
Figure 123. SHOW ARP SECURITY INTERFACE Command
664
AT-8100 Switch Command Line User’s Guide
Table 73. Parameters in SHOW ARP SECURITY INTERFACE Command
Parameter
Description
Action
Indicates the action the switch takes when it
detects an ARP security violation on the
port.
Port
Specifies the port name.
LG, Log
Generates a log message.
TR, Trap
Generates an SNMP notification or trap.
LD, Link down
Shuts down the link.
665
Chapter 44: DHCP Snooping Commands
SHOW ARP SECURITY STATISTICS
Syntax
show arp security statistics detail [interface <port-list>]
Parameters
detail
Displays detailed statistics.
interface
Indicates the list of ports.
Mode
Privilege Exec mode
Description
Use this command to display ARP security statistics for the specified ports
or all ports.
Example
This example displays the brief statistics about ARP security:
awplus> enable
awplus# show arp security statistics
See Figure 124 for a sample display. See Table 74 on page 667 for an
explanation of the parameters in this display.
awplus# show arp security statistics
DHCP Snooping ARP Security Statistics:
In
In
Interface
Packets
Discards
----------------------------------------port1.0.3
20
20
port1.0.4
30
30
port1.0.12
120
0
Figure 124. SHOW ARP SECURITY STATISTICS Command
666
AT-8100 Switch Command Line User’s Guide
Table 74. Parameters in SHOW ARP SECURITY STATISTCS Command
Parameter
Description
Interface
Indicates a port name.
In Packets
Specifies the total number of incoming APR
packets that are processed by DHCP
Snooping ARP Security.
In Discards
Specifies the total number of ARP packets
that are dropped by DHCP Snooping ARP
Security.
Figure 125 displays sample output from the SHOW ARP SECURITY
STATISTCS DETAIL command.
awplus# show arp security statistics detail
DHCP Snooping ARP Security Statistics:
Interface.........................port1.0.3
In Packets.....................20
In Discards....................20
No Lease....................20
Bad Vlan....................0
Bad Port....................0
Source IP Not Allocated.....0
Interface.........................port1.0.4
In Packets.....................30
In Discards....................30
No Lease....................30
Bad Vlan....................0
Bad Port....................0
Source IP Not Allocated.....0
Interface.........................port1.0.12
In Packets.....................120
In Discards....................0
No Lease....................0
Bad Vlan....................0
Bad Port....................0
Source IP Not Allocated.....0
Figure 125. SHOW ARP SECURITY STATISTICS DETAIL Command
667
Chapter 44: DHCP Snooping Commands
SHOW IP DHCP SNOOPING
Syntax
show ip dhcp snooping
Parameters
None
Mode
Privilege Exec mode
Description
Use this command to display global DHCP snooping configuration on the
switch.
Example
This example displays entries in the DHCP snooping database:
awplus> enable
awplus# show ip dhcp snooping
See Figure 126 on page 669 for a sample display.
668
AT-8100 Switch Command Line User’s Guide
awplus# show ip dhcp snooping
DHCP Snooping Information:
DHCP Snooping service..................Enabled
Option 82 insertion....................Enabled
Option 82 on untrusted ports...........Not allowed
Binding delete by client...............Disabled
Binding delete by link down............Disabled
Verify MAC address.....................Disabled
SNMP DHCP Snooping trap................Disabled
DHCP Snooping database:
Database location......................nvs
Number of entries in database..........2
DHCP Snooping VLANs:
Total VLANs enabled....................1
Total VLANs disabled...................9
vlan1..................................Enabled
vlan2..................................Disabled
vlan3..................................Disabled
vlan4..................................Disabled
vlan5..................................Disabled
vlan100................................Disabled
vlan101................................Disabled
vlan105................................Disabled
vlan1000...............................Disabled
vlan1001...............................Disabled
Figure 126. SHOW IP DHCP SNOOPING Command
669
Chapter 44: DHCP Snooping Commands
SHOW IP DHCP SNOOPING BINDING
Syntax
show ip dhcp snooping binding
Parameters
None
Mode
Privilege Exec mode
Description
Use this command to display all dynamic and static entries in the DHCP
snooping binding database.
Example
This example displays entries in the DHCP snooping database:
awplus> enable
awplus# show ip dhcp snooping binding
See Figure 127 for a sample display of this command. SeeTable 75 on
page 671 for an explanation of the parameters in this display.
awplus# show ip dhcp snooping binding
DHCP Snooping Bindings:
Client
MAC
Server
Expires
IP Address
Address
IP Address
VLAN Port
(sec)
Type
--------------------------------------------------------------------------1.2.3.4
aaaa.bbbb.cccc -7
1.0.10 Infinite Stat
1.2.3.6
any
-4077 1.0.10 Infinite Stat
1.3.4.5
any
-1
sa1
Infinite Stat
111.111.100.101 0000.0000.0001 111.112.1.1 1
1.0.10 4076
Dyna
111.111.101.108 0000.0000.0108 111.112.1.1 1
1.0.10 4084
Dyna
Total number of bindings in database: 5
Figure 127. SHOW IP DHCP SNOOPING BINDING Command
670
AT-8100 Switch Command Line User’s Guide
Table 75. SHOW IP DHCP SNOOPING BINDING Command Parameters
Parameter
Description
Client IP Address
The IP address of the DHCP client.
MAC Address
The MAC address of the DHCP client.
Server IP Address
The IP address of the DHCP server.
VLAN
The VLAN associated with this entry.
Port
The port the client is connected to.
Expires (sec)
The time, in seconds, until the lease
expires.
Type
The source of the entry is either:
— Dyna: dynamically entered by snooping
DHCP traffic configured with the IP DHCP
SNOOPING BINDING command or loaded
from the database backup file.
— Stat: added statistically by the IP
SOURCE BINDING command.
Total number of
bindings in database
The total number of dynamic and static
lease entries in the DHCP snooping
database.
671
Chapter 44: DHCP Snooping Commands
SHOW IP DHCP SNOOPING INTERFACE
Syntax
show ip dhcp snooping interface port-list
Parameters
port-list
Indicates the list of ports. If no ports are specified, information for
all ports is displayed.
Mode
Privileged Exec mode
Description
Use this command to display DHCP snooping configuration and leases for
a port or a list of ports.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Examples
This example displays DHCP snooping binding information for all of the
ports:
awplus> enable
awplus# show ip dhcp snooping interface
This example displays DHCP snooping interface information for ports 1
through 6:
awplus> enable
awplus# # show ip dhcp snooping interface port1.0.1port1.0.6
See Figure 128 on page 673 for a sample of this display. See Table 76 on
page 673 for an explanation of the parameters in this display.
672
AT-8100 Switch Command Line User’s Guide
awplus# show ip dhcp snooping interface port1.0.1-port1.0.6
DHCP Snooping Port Status and Configuration:
Port: Provisioned ports marked with brackets, e.g. (portx.y.z)
Action: LG = Log
TR = Trap
LD = Link down
DHCP Snooping Bindings:
Full
Max
Port
Status
Leases
Leases
Action
Subscriber-ID
--------------------------------------------------------------------------port1.0.1
Untrusted
1
1
LG -- -port1.0.2
Untrusted
0
50
LG TR LD
Building 1 Level 1
port1.0.3
Untrusted
0
50
LG -- -port1.0.4
Untrusted
0
50
LG -- -Building 1 Level 2
port1.0.5
Trusted
0
1
-- -- LD
Building 2 Level 1
port1.0.6
Trusted
0
1
LG -- --
Figure 128. SHOW IP DHCP SNOOPING INTERFACE Command
Table 76. Parameters in SHOW IP DHCP SNOOPING INTERFACE
Command
Parameter
Description
Port
Specifies the port interface name.
Status
Indicates the port status as either untrusted
(default) or trusted.
Full Leases
Indicates the number of entries in the DHCP
snooping database for the port.
Max Leases
Indicates the maximum number of entries
that can be stored in the DHCP snooping
database for the port.
Action
Specifies the DHCP snooping violation
actions for the port.
Subscriber ID
Indicates the subscriber ID for the port. If
the subscriber ID is longer than 34
characters, only the first 34 characters are
displayed.
673
Chapter 44: DHCP Snooping Commands
SHOW IP SOURCE BINDING
Syntax
show ip source binding
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display static entries in the DHCP snooping
database. The static entries have been added with the IP SOURCE
BINDING command. See “IP SOURCE BINDING” on page 658
Example
This example displays static entries in the DHCP snooping database:
awplus> enable
awplus# show ip source binding
See Figure 129 for a sample of this display. See Table 77 on page 674 for
an explanation of the parameters in this display.
awplus# show ip dhcp source binding
IP Source Bindings:
Client
MAC
Expires
IP Address
Address
VLAN
Port
(sec)
Type
--------------------------------------------------------------------------1.1.1.1
0000.1111.2222
1
port1.0.21
Infinite
Static
Figure 129. SHOW IP DHCP SOURCE BINDING Command
Table 77. SHOW IP DHCP SOURCE BINDING Command Parameters
Parameter
674
Description
Client IP Address
Specifies the IP address of the DHCP client.
MAC Address
Specifies the MAC address of the DHCP
client.
AT-8100 Switch Command Line User’s Guide
Table 77. SHOW IP DHCP SOURCE BINDING Command Parameters
Parameter
Description
VLAN
Indicates the VLAN ID the packet is
received on.
Port
Specifies Layer 2 port name the packet is
received on.
Expires (sec)
Indicates the time, in seconds, until the
lease expires. The time is always infinite for
static bindings, or when the leave time in
the DHCP message is 0xfffffffff (infinite).
Type
Indicates the DHCP snooping binding type
is static.
675
Chapter 44: DHCP Snooping Commands
676
Section V
Event Messages
This section contains the following chapters:

Chapter 45, “Event Log” on page 679

Chapter 46, “Event Log Commands” on page 683

Chapter 47, “Syslog Client” on page 707

Chapter 48, “Syslog Client Commands” on page 715
677
678
Chapter 45
Event Log
This chapter covers the following topics:

“Overview” on page 680

“Displaying the Event Log” on page 681

“Clearing the Event Log” on page 682
679
Chapter 45: Event Log
Overview
A managed switch is a complex piece of computer equipment that
includes both hardware and software components. Multiple software
features operate simultaneously, interoperating with each other and
processing large amounts of network traffic. It is often difficult to determine
exactly what is happening when a switch appears not to be operating
normally, or what happened when a problem occurred.
The operation of the switch can be monitored by viewing the event
messages generated by the device. These events and the vital information
about system activity that they provide can help you identify and solve
system problems.
The event messages are stored or sent in or to the following types of
outputs:

The buffered log

The permanent log

Email addresses

Consoles
The event messages include the following information:

The time and date of the event

The severity of the event

The management module that generated the event

An event description
The event messages can be filtered by:
680

Severity level

Management software modules

Text-string within the message
AT-8100 Switch Command Line User’s Guide
Displaying the Event Log
There are two commands to display the messages stored in the event log.
Both display the same messages and both are found in the Privileged
Exec mode. The only difference is that one displays the messages from
oldest to newest and the other from newest to oldest. The first command is
the SHOW LOG command. If you’re more interested in the older
messages, this is the command to use. Here it is:
awplus# show log
The messages are displayed one screen at a time. To cancel the log, type
‘q’ for quit. Here is an example of the log.
<date> <time> <facility>.<severity> <program[<pid>]>: <message>
------------------------------------------------------------------------2010 Jan 15 14:39:04 user.information awplus stp: Set Configuration succeeded
2010 Jan 15 14:39:04 user.information awplus stp: Set Configuration succeeded
2010 Jan 15 14:39:04 user.information awplus stp: Disabled Spanning Tree
2010 Jan 15 14:39:04 user.information awplus stp: Active protocol changed to STP
Figure 130. SHOW LOG Command
The columns are described in Table 80 on page 698.
If you happen to be interested in the newer messages, use the SHOW
LOG REVERSE command, instead. You will see the same messages, but
the newest are displayed first.
681
Chapter 45: Event Log
Clearing the Event Log
To clear all the messages from the event log, use the CLEAR LOG
BUFFERED command in the Privileged Exec mode. Here is the
command:
awplus# clear log buffered
682
Chapter 46
Event Log Commands
The event log commands are summarized in Table 78 and described in
detail within this chapter.
Table 78. Event Log Commands
Command
Mode
Description
“CLEAR LOG” on page 685
Privileged Exec
Deletes all entries in the buffered and
permanent logs.
“CLEAR LOG BUFFERED” on
page 686
Privileged Exec
Deletes all entries in the buffered log.
“CLEAR LOG PERMANENT” on
page 687
Privileged Exec
Deletes all entries in the permanent
log.
“LOG BUFFERED” on page 688
Global
Configuration
Specifies the types of event messages
to be stored in the buffered log.
“LOG CONSOLE” on page 690
Global
Configuration
Specifies the types of event messages
to be sent to the console.
“LOG PERMANENT” on page 692
Global
Configuration
Specifies the types of event messages
to be stored in the permanent log.
“NO LOG BUFFERED” on page 693
Global
Configuration
Cancels the settings set by the LOG
BUFFERED command.
“NO LOG CONSOLE” on page 695
Global Config
ration
Cancels the settings set by the LOG
CONSOLE command.
“NO LOG PERMANENT” on page 696
Global
Configuration
Cancels the settings set by the LOG
PERMANENT command.
“SHOW LOG” on page 698
Privileged Exec
Displays the event messages in the
buffered log from oldest to newest.
“SHOW LOG CONFIG” on page 701
Privileged Exec
Displays the configuration of the event
logs.
“SHOW LOG PERMANENT” on
page 703
Privileged Exec
Displays the event messages in the
permanent log.
“SHOW LOG PERMANENT TAIL” on
page 704
Privileged Exec
Displays a limited number of the event
messages in the permanent log.
683
Chapter 46: Event Log Commands
Table 78. Event Log Commands (Continued)
Command
Mode
Description
“SHOW LOG REVERSE” on
page 705
Privileged Exec
Displays the event messages in the
buffered log from newest to oldest.
“SHOW LOG TAIL” on page 706
Privileged Exec
Displays a limited number of the event
messages in the buffered log.
684
AT-8100 Switch Command Line User’s Guide
CLEAR LOG
Syntax
clear log
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to delete the event messages in the buffered and
permanent logs.
Confirmation Commands
“SHOW LOG” on page 698 and “SHOW LOG PERMANENT” on page 703
Example
The following example deletes the event messages in the buffered and
permanent logs:
awplus> enable
awplus# clear log
685
Chapter 46: Event Log Commands
CLEAR LOG BUFFERED
Syntax
clear log buffered
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to delete the event messages in the buffered log.
Confirmation Command
“SHOW LOG” on page 698
Example
The following example deletes the event messages in the buffered log:
awplus> enable
awplus# clear log buffered
686
AT-8100 Switch Command Line User’s Guide
CLEAR LOG PERMANENT
Syntax
clear log permanent
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to delete the event messages in the permanent log.
Confirmation Command
“SHOW LOG PERMANENT” on page 703
Example
The following example deletes the event messages in the permanent log:
awplus> enable
awplus# clear log permanent
687
Chapter 46: Event Log Commands
LOG BUFFERED
Syntax
log buffered [level level] [program program] [msgtext
msgtext]]
Parameters
level
Specifies the minimum severity level of the event messages to be
stored in the buffered event log. The log stores the messages of
the specified level and all higher levels. For example, if you specify
level 4, the log stores the messages from levels 0 and 4. The
severity levels are listed in Table 79. At the default level 6, the log
stores messages that have a severity level of 0, 4, or 6.
program
Specifies the event messages of a particular management
software module. The modules are listed in Table 81 on page 699.
To specify more than one module, separate the modules with
commas.
msgtext
Specifies a text string in the event messages. This string is case
sensitive. The text may not contain spaces or special characters
and must not be enclosed in quotation marks. To use this
parameter, you have to include the LEVEL and PROGRAM
parameters in the command and it has to be the last parameter in
the command.
Mode
Global Configuration mode
Description
Use this command to specify the types of event messages the buffered log
should store. You can specify the messages by severity level,
management software module, a text string, or a combination of the
parameters.
The available severity levels are listed in Table 79.
Table 79. Event Message Severity Levels
Severity
0
688
Description
Emergency message
AT-8100 Switch Command Line User’s Guide
Table 79. Event Message Severity Levels (Continued)
Severity
Description
4
Warning message
6
Informational message
7
Debug message
The management software modules are listed in Table 81 on page 699.
Confirmation Command
“SHOW LOG CONFIG” on page 701
Examples
This example configures the buffered log to save only those event
messages that have a severity level of 0 or 4:
awplus> enable
awplus# configure terminal
awplus(config)# log buffered level 4
This example configures the buffered log to save only those event
messages that are generated by IGMP snooping (IGMPSNOOP), LACP
(LACP) and port configuration (PCFG):
awplus> enable
awplus# configure terminal
awplus(config)# log buffered program igmpsnooping,lacp,
pconfig
This example configures the buffered log to save those event messages
that have a severity level of 0 or 4, that are generated by 802.1 port-based
network access control (PACCESS) and GARP (GARP), and that have the
text “port” in the messages:
awplus> enable
awplus# configure terminal
awplus(config)# log buffered level 4 program paccess,garp
msgtext port
689
Chapter 46: Event Log Commands
LOG CONSOLE
Syntax
log console [level level]|[program program]|[msgtext
msgtext]
Parameters
level
Specifies the minimum severity level of the event messages. The
levels are listed in Table 79 on page 688.
program
Specifies the event messages of a particular management
software module. The modules are listed in Table 81 on page 699.
To specify more than one module, separate the modules with
commas.
msgtext
Specifies a text string with double quotations around to match the
event messages. This string is case sensitive and must be the last
text on the command line.
Mode
Global Configuration mode
Description
Use this command to specify the types of event messages to be sent to
the console. You can filter the messages by specifying severity level,
management software module, a text-string within the message or a
combination of some or all of these.
The available severity levels are listed in Table 79 on page 688, and the
management software modules is in Table 81 on page 699.
Confirmation Command
“SHOW LOG CONFIG” on page 701
690
AT-8100 Switch Command Line User’s Guide
Examples
This example configures the switch to send to the console only those
event messages that have the minimum severity level 4:
awplus> enable
awplus# configure terminal
awplus(config)# log console level 4
This example configures the switch to send to the console only those
event messages that are generated by IGMP snooping (IGMPSNOOP)
and LACP (LACP):
awplus> enable
awplus# configure terminal
awplus(config)# log console program igmpsnooping,lacp
This example configures the switch to send to the console only those
event messages that have a minimum severity level of 4 and that are
generated by 802.1 port-based network access control (PACCESS) and
GARP (GARP):
awplus> enable
awplus# configure terminal
awplus(config)# log console level 4 program paccess,garp
691
Chapter 46: Event Log Commands
LOG PERMANENT
Syntax
log permanent [level level]|[program program]|
[msgtext msgtext]
Parameters
level
Specifies the minimum severity level of the event messages to be
stored in the permanent log. The severity levels are listed in
Table 79 on page 688.
program
Specifies the event messages of a particular management
software module. The modules are listed in Table 81 on page 699.
To specify more than one module, separate the modules with
commas.
msgtext
Specifies a text string with double quotations around to match the
event messages. This string is case sensitive and must be the last
text on the command line.
Mode
Global Configuration mode
Description
Use this command to specify the types of event messages to be stored in
the permanent log. You can specify the messages by severity level,
management software module, a text-string within the message or a
combination of some or all of these.
Confirmation Command
“SHOW LOG CONFIG” on page 701
692
AT-8100 Switch Command Line User’s Guide
NO LOG BUFFERED
Syntax
no log buffered [level level]|[program program]|
[msgtext msgtext]
Parameters
level
Specifies the severity level setting.
program
Specifies the management software module setting. To specify
more than one module, separate the modules with commas.
msgtext
Specifies a text string setting.
Mode
Global Configuration mode
Description
Use this command to cancel the settings set by the log buffered
command. You can cancel a setting individually by specifying a parameter.
If you do not specify any parameters, the command cancels all the settings
and restores the default settings for the buffered log.
Confirmation Command
“SHOW LOG CONFIG” on page 701
Example
This example cancels the settings and restores the default settings for the
buffered log:
awplus# no log buffered
This example cancels only the setting of MAC and keeps other settings so
that the switch sends all messages that have a minimum severity level of 4
and that are generated by the IP program:
awplus# show log config
693
Chapter 46: Event Log Commands
OUtputID
Type
Status
1
Temporary Enabled
Details
--------------------------------------------------------------------------------------------------------------------------Wrap on Full. Filter: Level 4 program MAC, IP
awplus# configure terminal
awplus(config)# no log buffered Program mac
694
AT-8100 Switch Command Line User’s Guide
NO LOG CONSOLE
Syntax
no log console [level level]|[program program]|
[msgtext msgtext]
Parameters
level
Specifies the severity level setting.
program
Specifies the management software module setting. To specify
more than one module, separate the modules with commas.
msgtext
Specifies a text string setting.
Mode
Global Configuration mode
Description
Use this command to cancel the settings set by the LOG CONSOLE
command. You can cancel a setting individually by specifying a parameter.
If you do not specify any parameters, the command cancels all the settings
and restores the default settings.
Confirmation Command
“SHOW LOG CONFIG” on page 701
Examples
This example cancels the settings and restores the default settings for the
console:
awplus# no log console
This example cancels only the setting of MAC and keeps other settings:
awplus# configure terminal
awplus(config)# no log console Program mac
695
Chapter 46: Event Log Commands
NO LOG PERMANENT
Syntax
no log permanent [level level]|[program program]|
[msgtext msgtext]
Parameters
level
Specifies the severity level setting.
program
Specifies the management software module setting. To specify
more than one module, separate the modules with commas.
msgtext
Specifies a text string setting.
Mode
Global Configuration mode
Description
Use this command to cancel the settings set by the LOG PERMANENT
command. You can cancel a setting individually by specifying a
parameter. If you do not specify any parameters, the command cancels all
the settings and restores the default settings for the permanent log.
Confirmation Command
“SHOW LOG CONFIG” on page 701
Example
This example cancels the settings and restores the default settings for the
permanent log:
awplus# no log permanent
This example cancels only the setting of MAC and keeps other settings so
that the switch sends all messages that have a minimum severity level of 4
and that are generated by the IP program:
awplus# show log config
696
AT-8100 Switch Command Line User’s Guide
OUtputID
Type
Status
1
Temporary Enabled
Details
--------------------------------------------------------------------------------------------------------------------------Wrap on Full. Filter: Level 4 program MAC, IP
awplus# configure terminal
awplus(config)# no log permanent Program mac
697
Chapter 46: Event Log Commands
SHOW LOG
Syntax
show log
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the messages in the buffered event log. The
event messages are displayed from oldest to newest, one screen at a
time. To cancel the display, type ‘q’ for quit. You cannot filter the log for
specific types of messages. An example of the log is shown in Figure 131.
<date> <time> <facility>.<severity> <program[<pid>]>: <message>
------------------------------------------------------------------------2010 Jan 15 14:39:04 user.information awplus stp: Set Configuration succeeded
2010 Jan 15 14:39:04 user.information awplus stp: Set Configuration succeeded
2010 Jan 15 14:39:04 user.information awplus stp: Disabled Spanning Tree
2010 Jan 15 14:39:04 user.information awplus stp: Active protocol changed to STP
Figure 131. SHOW LOG Command
The columns in the log are described here:
Table 80. SHOW LOG Command
Parameter
698
Description
Date/Time
The date and time the message was
entered in the event log.
Facility
This is always “user.”
Severity
The severity of the message. The severity
levels are:

Information: Useful information that
can be ignored during normal
operation.

Error: Switch operation is severely
impaired.
AT-8100 Switch Command Line User’s Guide
Table 80. SHOW LOG Command (Continued)
Parameter
Severity (continued)
Description

Warning: The issue reported by the
message may require manager
attention.

Debug: Messages intended for
technical support and software
development.
Program
The module listed in Table 81 that
generated the event message.
Message
The event message.
Table 81 lists the modules and their abbreviations.
Table 81. Management Software Modules
Module Name
Description
ALL
All management software modules
ACL
Port access control list
CFG
Switch configuration
CLASSIFIER
Classifiers used by ACL and QoS
CLI
Command line interface commands
ENCO
Encryption keys
ESTACK
Enhanced stacking
EVTLOG
Event log
FILE
File system
GARP
GARP GVRP
HTTP
Web server
IGMPSNOOP
IGMP snooping
IP
System IP configuration
LACP
Link Aggregation Control Protocol
MAC
MAC address table
PACCESS
802.1x port-based access control
PCFG
Port configuration
699
Chapter 46: Event Log Commands
Table 81. Management Software Modules (Continued)
Module Name
Description
PKI
Public Key Infrastructure
PMIRR
Port mirroring
PSEC
MAC address-based port security
PTRUNK
Static port trunking
QOS
Quality of Service
RADIUS
RADIUS authentication protocol
RTC
Real-time clock
SNMP
SNMP
SSH
Secure Shell protocol
SSL
Secure Sockets Layer protocol
STP
Spanning Tree and Rapid Spanning protocols
SYSTEM
Hardware status; manager and operator log in
and log off events.
TACACS
TACACS+ authentication protocol
TELNET
Telnet
TFTP
TFTP
TIME
System time and SNTP
VLAN
Port-based, tagged and MAC address-based
VLANs
WAT
Watchdog timer
Example
The following command displays the messages in the event log:
awplus# show log
700
AT-8100 Switch Command Line User’s Guide
SHOW LOG CONFIG
Syntax
show log config
Parameters
None
Modes
Privileged Exec mode
Description
Use this command to display the configuration of the event log.
Here is an example of the information.
Permanent log:
Status ................
Filter:
Level ..............
Program ............
Message Text .......
Buffered log:
Status ................
Filter:
Level ..............
Program ............
Message Text .......
Enable
Informational
All
Enable
Informational
All
Figure 132. SHOW LOG CONFIG Command
The fields in the display are described here:
Table 82. SHOW LOG CONFIG Command
Field
Level
Description
The severity levels of the messages to be
stored in the log. The default is level 6,
Informational, and higher. The levels are
defined in Table 79 on page 688.
701
Chapter 46: Event Log Commands
Table 82. SHOW LOG CONFIG Command (Continued)
Field
Description
Program
The software module messages to be
stored in the log. The modules are listed
in Table 81 on page 699. The default is all
modules.
Message Text
Text that identifies the messages to be
stored in the log.
This command is also used to view the configuration of the syslog client.
For information, refer to “SHOW LOG CONFIG” on page 719 in Chapter
48, “Syslog Client Commands” on page 715.
Example
The following command displays the configuration of the event log:
awplus# show log config
702
AT-8100 Switch Command Line User’s Guide
SHOW LOG PERMANENT
Syntax
show log permanent
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the messages in the permanent log. The
event messages are displayed from oldest to newest, one screen at a
time. To cancel the display, type ‘q’ for quit. An example of the log is
shown in Figure 133.
<date> <time> <facility>.<severity> <program[<pid>]>: <message>
------------------------------------------------------------------------2010 Jan 15 14:39:04 user.information awplus stp: Set Configuration succeeded
2010 Jan 15 14:39:04 user.information awplus stp: Set Configuration succeeded
2010 Jan 15 14:39:04 user.information awplus stp: Disabled Spanning Tree
2010 Jan 15 14:39:04 user.information awplus stp: Active protocol changed to STP
Figure 133. SHOW LOG PERMANENT Command
Table 80 on page 698 describes the columns in the log and Table 81 on
page 699 lists the modules and their abbreviations.
Example
The following example displays the messages in the permanent log:
awplus# show log permanent
703
Chapter 46: Event Log Commands
SHOW LOG PERMANENT TAIL
Syntax
show log permanent tail [number]
Parameters
number
Specifies the number of log entries to display. The range is 10 to
250 messages. The default is 10 messages.
Mode
Privileged Exec mode
Description
Use this command to display the most recent event messages in the
permanent event log. The NUMBER parameter is used to specify the
number of messages to display. The messages are displayed from oldest
to newest. For an example and description of the log, refer to Figure 133
on page 703 and Table 80 on page 698.
Examples
This example displays the most recent 10 log messages in the permanent
log:
awplus# show log permanent tail
This example displays the most recent 30 log messages in the permanent
log:
awplus# show log permanent tail 30
704
AT-8100 Switch Command Line User’s Guide
SHOW LOG REVERSE
Syntax
show log reverse
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the event messages in the buffered log from
newest to oldest. This command and the SHOW LOG command display
the same messages, but in different order. The SHOW LOG command
displays the messages from oldest to newest. To cancel the display, type
‘q’ for quit. You cannot filter the log for specific types of messages. For an
example and description of the log, refer to Figure 131 on page 698 and
Table 80 on page 698.
Example
This command displays the event messages in the buffered log from
newest to oldest messages:
awplus# show log reverse
705
Chapter 46: Event Log Commands
SHOW LOG TAIL
Syntax
show log tail [number]
Parameter
number
Specifies the number of event messages to display. The range is
10 to 250 messages. The default is 10 messages.
Mode
Privileged Exec mode
Description
Use this command to display the most recent event messages in the
buffered event log. The NUMBER parameter is used to specify the
number of messages to display. The messages are displayed from oldest
to newest. For an example and description of the log, refer to Figure 131
on page 698 and Table 80 on page 698.
Examples
This example displays the 10 most resent event messages in the buffered
log. The messages are displayed from oldest to newest:
awplus# show log tail
This example displays the 30 most recent event messages:
awplus# show log tail 30
706
Chapter 47
Syslog Client
This chapter covers the following topics:

“Overview” on page 708

“Creating Syslog Server Definitions” on page 709

“Deleting Syslog Server Definitions” on page 712

“Displaying the Syslog Server Definitions” on page 713
707
Chapter 47: Syslog Client
Overview
The switch has a syslog client. The client enables the switch to send its
event messages to syslog servers on your network, for permanent
storage.
To store the switch’s event messages on a syslog server, you have to
create a syslog server definition. The contents of a definition consist of an
IP address of a syslog server and other information, such as the types of
event messages the switch is to send.
Here are the guidelines to the syslog client:
708

You can define up to 19 syslog server definitions.

The switch must have a management IP address. For instructions,
refer to “Adding a Management IP Address” on page 76 or Chapter
13, “IPv4 and IPv6 Management Addresses” on page 291.

The syslog servers must be members of the same subnet as the
management IP address of the switch, or must be able to access
the subnet through routers or other Layer 3 devices.

If the syslog servers are not members of the same subnet as the
management IP address of the switch, the switch must have a
default gateway that specifies the first hop to reaching the servers.
For instructions on specifying the default gateway, refer to Chapter
13, “IPv4 and IPv6 Management Addresses” on page 291.

The event messages are transmitted when they are generated.
Any event messages that already exist in the event log are not
transmitted when a new syslog server definition is created.

The syslog client uses UDP port 514. You cannot change the UDP
port.
AT-8100 Switch Command Line User’s Guide
Creating Syslog Server Definitions
To configure the switch to send event messages to a syslog server, create
a syslog server definition with the LOG HOST command in the Global
Configuration mode. Here is the format of the command:
log host ipaddress [level level] [program program]
This command creates just one definition at a time.
The IPADDRESS parameter is the IP address of a syslog server you want
to receive event messages. You can specify just one address.
The LEVEL parameter specifies the minimal severity level of the events to
transmit to the server. The switch supports the four severity levels in
Table 83. Messages of the specified level and all levels below it are
transmitted to the server. For example, specifying level 4 for a syslog
server definition causes the switch to transmit levels 0 and 4 messages. If
you omit this parameter, messages of all severity levels are sent.
Table 83. Event Message Severity Levels
Value
Severity Level
Description
0
Emergency
Switch operation is severely impaired.
4
Warning
An issue may require manager attention.
6
Informational
Useful information that can be ignored
during normal operation.
7
Debug
Messages intended for technical support
and software development.
The PROGRAM parameter is used to restrict the transmitted messages to
just those that are generated by particular programs on the switch. You
designate the programs by entering their abbreviations, listed in Table 84.
Table 84. Program Abbreviations
Abbreviation
Program
ALL
All features
ACL
Port access control list
CFG
Switch configuration
CLASSIFIER
Classifiers used by ACL and QoS
CLI
Command line interface commands
709
Chapter 47: Syslog Client
Table 84. Program Abbreviations (Continued)
Abbreviation
710
Program
ENCO
Encryption keys
ESTACK
Enhanced stacking
EVTLOG
Event log
FILE
File system
GARP
GARP GVRP
HTTP
Web server
IGMPSNOOP
IGMP snooping
IP
System IP configuration
LACP
Link Aggregation Control Protocol
LLDP
LLDP and LLDP-MED
MAC
MAC address table
PACCESS
802.1x port-based access control
PCFG
Port configuration
PKI
Public Key Infrastructure
PMIRR
Port mirroring
PSEC
MAC address-based port security
PTRUNK
Static port trunking
QOS
Quality of Service
RADIUS
RADIUS authentication protocol
RRP
RRP snooping
RTC
Real time clock
SFLOW
sFlow client
SNMP
SNMP
SSH
Secure Shell protocol
SSL
Secure Sockets Layer protocol
STP
Spanning Tree, Rapid Spanning, and Multiple
Spanning Tree protocols
SYSTEM
Hardware status; manager and operator log in
and log off events.
AT-8100 Switch Command Line User’s Guide
Table 84. Program Abbreviations (Continued)
Abbreviation
Program
TACACS
TACACS+ authentication protocol
TELNET
Telnet
TFTP
TFTP
TIME
System time and SNTP
VLAN
Port-based and tagged VLANs, and multiple
VLAN modes
WATCHDOG
Watchdog timer
This example of the command creates a new syslog definition for a syslog
server that has the IP address 149.24.111.23. The definition sends all
event messages to the designated server.
awplus> enable
awplus# configure terminal
awplus(config)# log host 149.24.111.23
This example creates a syslog definition that sends all messages with
severity levels 0, 4 to a syslog server that has the IP address
122.34.152.165:
awplus> enable
awplus# configure terminal
awplus(config)# log host 122.34.152.165 level 4
This example creates a syslog definition that sends messages from the
RADIUS, spanning tree protocols, and static port trunks, to a syslog server
that has the IP address 156.74.134.76:
awplus> enable
awplus# configure terminal
awplus(config)# log host 156.74.134.76 program radius,stp,
ptrunk
This example creates a syslog definition that sends messages with
severity levels 0, 4, and 6 from access control lists and MAC addressbased port security, to a syslog server that has the IP address
118.87.45.72:
awplus> enable
awplus# configure terminal
awplus(config)# log host 118.87.45.72 level 6 program acl,
psec
711
Chapter 47: Syslog Client
Deleting Syslog Server Definitions
To delete syslog server definitions from the switch, use the NO LOG
HOST command in the Global Configuration mode. The format of the
command is:
no log host ipaddress
To view the IP addresses of the syslog servers of the definitions, use the
SHOW LOG CONFIG command. You can delete just one definition at a
time with this command.
The switch stops sending event messages to a syslog server as soon as
you delete a definition.
This example deletes a syslog server definition for the server IP address
124.145.112.61:
awplus> enable
awplus# configure terminal
awplus(config)# no log host 124.145.112.61
712
AT-8100 Switch Command Line User’s Guide
Displaying the Syslog Server Definitions
To view the IP addresses of the syslog servers use the SHOW LOG
CONFIG command in the Privileged Exec mode:
awplus# show log config
Here is an example of the information.
Permanent log:
Status ................
Filter:
Level ..............
Program ............
Message Text .......
Host 149.132.45.75:
Filter:
Level ..............
Program ............
Message Text .......
Host 149.132.101.128:
Filter:
Level ..............
Program ............
Message Text .......
Buffered log:
Status ................
Filter:
Level ..............
Program ............
Message Text .......
Enable
Informational
All
Informational
All
Informational
All
Enable
Informational
All
Figure 134. SHOW LOG CONFIG Command with Syslog Server Entries
The syslog server entries are marked with “Host,” followed by the server IP
addresses. The example display has two syslog server entries that have
the IP addresses 149.132.45.75 and 149.132.101.128.
713
Chapter 47: Syslog Client
714
Chapter 48
Syslog Client Commands
The syslog client commands are summarized in Table 85 and described in
detail within the chapter.
Table 85. Syslog Client Commands
Command
Mode
Description
“LOG HOST” on page 716
Global
Configuration
Creates syslog server definitions.
“NO LOG HOST” on page 718
Global
Configuration
Deletes syslog server definitions.
“SHOW LOG CONFIG” on page 719
Privileged Exec
Displays the syslog server definitions.
715
Chapter 48: Syslog Client Commands
LOG HOST
Syntax
log host ipaddress [level level] [program program]
Parameters
ipaddress
Specifies the IP address of a syslog server. You can specify one
address.
level
Specifies the minimum severity level of the messages to be sent to
the designated syslog server. The severity levels are listed in
Table 83 on page 709. You can specify only one severity level.
Omit this parameter to send messages of severity levels 0, 4, and
6.
program
Specifies that only messages generated by particular management
software modules are sent to the syslog server. The modules are
listed in Table 81 on page 699. You can specify more than one
feature. Separate multiple features with commas. Omit this
parameter to send messages from all features.
Mode
Global Configuration mode
Description
Use this command to create syslog server definitions. The switch uses the
definitions to send event messages to syslog servers on your network.
There can be up to 19 syslog server definitions. You can create only one
definition at a time with this command.
Confirmation Commands
“SHOW LOG CONFIG” on page 719
Examples
This example creates a new syslog definition that sends all event
messages to a syslog server with the IP address 149.24.111.23:
awplus> enable
awplus# configure terminal
awplus(config)# log host 149.24.111.23
716
AT-8100 Switch Command Line User’s Guide
This example creates a new syslog definition for a syslog server that has
the IP address 149.152.122.143. The definition sends only those
messages that have a minimum severity level of 4 and that are generated
by the RADIUS client (RADIUS) and static port trunks (PTRUNK):
awplus> enable
awplus# configure terminal
awplus(config)# log host 149.152.122.143 level 4 program
radius,ptrunk
717
Chapter 48: Syslog Client Commands
NO LOG HOST
Syntax
no log host ipaddress
Parameters
ipaddress
Specifies an IP address of a syslog server.
Mode
Global Configuration mode
Description
Use this command to delete syslog server definitions from the switch.
Confirmation Command
“SHOW LOG CONFIG” on page 719
Example
This example deletes a syslog server definition with the server IP address
149.122.45.78:
awplus> enable
awplus# configure terminal
awplus(config)# no log host 149.122.45.78
718
AT-8100 Switch Command Line User’s Guide
SHOW LOG CONFIG
Syntax
show log config
Parameters
None
Modes
Privileged Exec mode
Description
Use this command to display the syslog server definitions on the switch.
Here is an example of the information.
Permanent log:
Status ................
Filter:
Level ..............
Program ............
Message Text .......
Host 149.132.45.75:
Filter:
Level ..............
Program ............
Message Text .......
Host 149.132.101.128:
Filter:
Level ..............
Program ............
Message Text .......
Buffered log:
Status ................
Filter:
Level ..............
Program ............
Message Text .......
Enable
Informational
All
Informational
All
Informational
All
Enable
Informational
All
Figure 135. SHOW LOG CONFIG Command with Syslog Server Entries
The syslog server entries are marked with “Host,” followed by the server IP
addresses. The example display has two syslog server entries that have
the IP addresses 149.132.45.75 and 149.132.101.128.
719
Chapter 48: Syslog Client Commands
Example
This example displays the configurations of the syslog server entries:
awplus# show log config
720
Section VI
Port Trunks
This section contains the following chapters:

Chapter 49, “Static Port Trunks” on page 723

Chapter 50, “Static Port Trunk Commands” on page 733

Chapter 51, “Link Aggregation Control Protocol (LACP)” on page 741

Chapter 52, “LACP Commands” on page 753
721
722
Chapter 49
Static Port Trunks
This chapter covers the following topics:

“Overview” on page 724

“Creating New Static Port Trunks or Adding Ports To Existing Trunks”
on page 728

“Specifying the Load Distribution Method” on page 729

“Removing Ports from Static Port Trunks or Deleting Trunks” on
page 730

“Displaying Static Port Trunks” on page 731
723
Chapter 49: Static Port Trunks
Overview
Static port trunks are groups of two to eight ports that act as single virtual
links between the switch and other network devices. Static port trunks are
commonly used to improve network performance by increasing the
available bandwidth between the switch and other network devices and to
enhance the reliability of the connections between network devices.
Figure 136 is an example of a static port trunk of four links between two
AT-8100S/24 Switches.
AT-8100S/24 Gigabit
Ethernet Switch
AT-8100S/24 Gigabit
Ethernet Switch
Figure 136. Static Port Trunk Example
When you create a new static port trunk, you can designate the manner in
which the traffic is distributed across the physical links by the switch. This
is explained in “Load Distribution Methods,” next.
Unlike LACP trunks, which are described in Chapter 51, “Link Aggregation
Control Protocol (LACP)” on page 741, static port trunks do not permit
standby ports. If a link is lost on a port in a static port trunk, the trunk’s total
bandwidth is reduced. Although the traffic carried by a lost link is shifted to
one of the remaining ports in the trunk, the bandwidth remains reduced
until a lost link is reestablished or another port is manually added to the
trunk.
Load Distribution
Methods
This section discusses the load distribution methods for static port trunks
and LACP trunks, described in Chapter 51, “Link Aggregation Control
Protocol (LACP)” on page 741.
When you create a static port trunk or an LACP trunk, you have to specify
the manner in which the switch should distribute the packets of the traffic
load across the ports of a trunk. This is referred to as the load distribution
method. The load distribution methods are listed here:
724

Source MAC Address (Layer 2)

Destination MAC Address (Layer 2)

Source MAC Address / Destination MAC Address (Layer 2)
AT-8100 Switch Command Line User’s Guide

Source IP Address (Layer 3)

Destination IP Address (Layer 3)

Source IP Address / Destination IP Address (Layer 3)
The load distribution methods examine the last three bits of a packet’s
MAC or IP address and compare the bits against mappings assigned to
the ports in the trunk. The port mapped to the matching bits is selected as
the transmission port for a packet.
In cases where you select a load distribution that employs either a source
or destination address but not both, only the last three bits of the
designated address are used in the selection process. If you select one of
the two load distribution methods employing both source and destination
addresses, port selection is achieved through an XOR operation of the last
three bits of both addresses.
For example, assume you created a static port trunk or an LACP trunk of
Ports 7 through 14 on the switch. The table below shows the mappings of
the switch ports to the possible values of the last three bits of a MAC or IP
address.
Last 3 Bits
000
(0)
001
(1)
010
(2)
011
(3)
100
(4)
101
(5)
110
(6)
111
(7)
Trunk Ports
7
8
9
10
11
12
13
14
Assume you selected source MAC address as the load distribution method
and that the switch needed to transmit over the trunk a packet with a
source MAC address that ended in 9. The binary equivalent of 9 is 1001,
making the last three bits of the address 001. An examination of the table
above indicates that the switch uses Port 8 to transmit the frame because
that port is mapped to the matching bits.
A similar method is used for the two load distribution methods that employ
both the source and destination addresses. Only here the last three bits of
both addresses are combined by an XOR process to derive a single value
which is then compared against the mappings of the bits to ports. The
XOR rules are as follows:
0 XOR 0 = 0
0 XOR 1 = 1
1 XOR 0 = 1
1 XOR 1 = 0
725
Chapter 49: Static Port Trunks
For example, assume you selected source and destination MAC
addresses for the load distribution method in our previous example, and
that a packet for transmission over the trunk had a source MAC address
that ended in 9 and a destination address that ended in 3. The binary
values are:
9 = 1001
3 = 0011
Applying the XOR rules above on the last three bits result in 010, or 2. A
examination of the table above shows that the packet is transmitted from
port 9.
Port trunk mappings on the switch can consist of up to eight ports. This
corresponds to the maximum number of ports allowed in a static trunk and
the maximum number of active ports in an LACP trunk. Inactive ports in an
LACP trunk are not applied to the mappings until they transition to the
active status.
You can assign different load distribution methods to different static trunks
on the same switch. The same is true for LACP aggregators. However, it
should be noted that all aggregate trunks within an LACP aggregator must
use the same load distribution method.
The load distribution methods assume that the final three bits of the
source and/or destination addresses of the packets from the network
nodes are varied enough to support efficient distribution of the packets
over the trunk ports. A lack of variation can result in one or more ports in a
trunk being used more than others, with the potential loss of a trunk’s
efficiency and performance.
Guidelines
Here are the guidelines to using static port trunks:

726
A static trunk can have up to eight ports.

The switch supports up to a total of 32 static port trunks and LACP
trunks at a time. An LACP trunk is countered against the maximum
number of trunks when it is active.

The ports of a static port trunk can be either all twisted pair ports or
all fiber optic ports. Static port trunks cannot have both types of
ports.

The ports of a trunk can be either consecutive (for example ports
5-9) or nonconsecutive (for example, ports 4, 8, 11, 20).

The ports of static port trunks must be from the same switch.

Static port trunks are compatible with spanning tree protocols
because the switch views them as single virtual links.

Before creating a port trunk, examine the speed, duplex mode,
flow control, and back pressure settings of the lowest number port
the trunk will contain. Verify that its settings are correct for the
AT-8100 Switch Command Line User’s Guide
device to which the trunk will be connected. When you create a
static port trunk, the management software copies the current
settings of the lowest numbered port in the trunk to the other ports,
so that all the ports have the same settings. For example, if you
create a port trunk of ports 5 to 8, the parameter settings for port 5
are copied to ports 6, 7, and 8 so that all the ports of the trunk have
the same settings.

After creating a port trunk, do not change the speed, duplex mode,
flow control, or back pressure of any port in the trunk without also
changing the other ports.

A port can belong to only one static trunk at a time.

A port cannot be a member of a static trunk and an LACP trunk at
the same time.

The ports of a static trunk must be untagged members of the same
VLAN. A trunk cannot consist of untagged ports from different
VLANs.

The switch selects the lowest numbered port in the trunk to handle
broadcast packets and packets of unknown destination. For
example, a trunk of ports 11 to 15 uses port 11 for broadcast
packets.

Because network equipment vendors tend to employ different
techniques for static trunks, a static trunk on one device might not
be compatible with the same feature on a device from a different
manufacturer. For this reason, Allied Telesis recommends using
this feature only between Allied Telesis network devices.
727
Chapter 49: Static Port Trunks
Creating New Static Port Trunks or Adding Ports To Existing Trunks
The command to create new static port trunks or to add ports to existing
trunks is the STATIC-CHANNEL-GROUP command. Here is the format of
the command:
static-channel-group id_number
You perform the command from the Port Interface mode of the ports the
trunk is to contain. Here is an example that creates a new trunk of ports 22
to 23 and the ID number 1:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.22-port1.0.23
awplus(config-if)# static-channel-group 1
If a static port trunk of that ID number already exists, the commands add
ports 22 and 23 to it.
Caution
To prevent the formation of loops in your network topology, do not
connect the network cables to the member ports of a trunk until after
you have created it. Network loops can result in broadcast storms
that can adversely affect network performance.
For reference information, refer to “STATIC-CHANNEL-GROUP” on
page 738.
728
AT-8100 Switch Command Line User’s Guide
Specifying the Load Distribution Method
The load distribution method defines how the switch distributes the traffic
among the ports of a trunk. The command for this is the PORT-CHANNEL
LOAD-BALANCE command, in the Static Port Trunk Interface mode. The
command’s format is shown here:
port-channel load-balance dst-ip|dst-mac|src-dst-ip|
src-dst-mac|src-ip|src-mac
The variables are defined here:
src-mac
Specifies source MAC address as the load distribution
method.
dst-mac
Specifies destination MAC address.
src-dst-mac
Specifies source address/destination MAC address.
src-ip
Specifies source IP address.
dst-ip
Specifies destination IP address.
src-dst-ip
Specifies source address/destination IP address.
To enter the Static Port Trunk Interface mode, you use the INTERFACE
TRUNK command. You enter the INTERFACE keyword followed by the
name of the trunk. The name of the trunk consists of the prefix “sa” (for
static trunk) and the trunk’s ID number. (If you do not know the ID number
of the trunk, refer to “Displaying Static Port Trunks” on page 731.)
This example sets the load distribution method to destination MAC
address for a static port trunk that has the ID number 4:
awplus> enable
awplus# configure terminal
awplus(config)# interface sa4
awplus(config-if)# port-channel load-balance dst-mac
For reference information, refer to “PORT-CHANNEL LOAD-BALANCE”
on page 735.
729
Chapter 49: Static Port Trunks
Removing Ports from Static Port Trunks or Deleting Trunks
To remove ports from a static port trunk, enter the Port Interface mode of
the ports to be removed and issue the NO STATIC-CHANNEL-GROUP
command. This example removes ports 4 and 5 from their current static
port trunk assignment:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.4,port1.0.5
awplus(config-if)# no static-channel-group
To delete a static port trunk, remove all its member ports. This example
deletes a trunk that consists of member ports 15 to 17 and 21:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15-port1.0.17,port1.0.21
awplus(config-if)# no static-channel-group
Caution
To prevent the formation of loops in your network topology, do not
remove ports from a static port trunk without first disconnecting their
network cable. Network loops can result in broadcast storms that
can adversely affect network performance.
730
AT-8100 Switch Command Line User’s Guide
Displaying Static Port Trunks
To display the member ports of static port trunks, use the SHOW STATICCHANNEL-GROUP command in the User Exec mode or Privileged Exec
mode:
awplus# show static-channel-group
Here is an example of the information.
% Static Aggregator: sa1
% Member:
port1.0.5
port1.0.6
port1.0.7
% Static Aggregator: sa2
% Member:
port1.0.19
port1.0.20
port1.0.21
port1.0.22
Figure 137. SHOW STATIC-CHANNEL-GROUP Command
To view the load distribution methods of static port trunks, display the
running configuration with “SHOW RUNNING-CONFIG” on page 162.
731
Chapter 49: Static Port Trunks
732
Chapter 50
Static Port Trunk Commands
The static port trunk commands are summarized in Table 86 and
described in detail within the chapter.
.
Table 86. Static Port Trunk Commands
Command
Mode
Description
“NO STATIC-CHANNEL-GROUP” on
page 734
Port Interface
Removes ports from existing static
port trunks and deletes trunks from
the switch.
“PORT-CHANNEL LOAD-BALANCE”
on page 735
Static Port
Trunk Interface
Sets the load distribution methods of
static port trunks.
“SHOW STATIC-CHANNEL-GROUP”
on page 737
User Exec and
Privileged Exec
Displays the specifications of the
static port trunks.
“STATIC-CHANNEL-GROUP” on
page 738
Port Interface
Creates new static port trunks and
adds ports to existing port trunks.
733
Chapter 50: Static Port Trunk Commands
NO STATIC-CHANNEL-GROUP
Syntax
no static-channel-group
Parameters
None
Mode
Port Interface mode
Description
Use this command to remove ports from static port trunks and to delete
trunks. To delete a trunk, remove all its ports.
Caution
To prevent the formation of loops in your network topology, do not
remove ports from a static port trunk without first disconnecting their
network cable. Network loops can result in broadcast storms that
can adversely affect network performance.
Note
You cannot leave a trunk with just one port. There must be a
minimum of two ports in a trunk.
Example
These commands remove ports 22 and 23 from a static port trunk. If these
are the only ports in the trunk, the trunk is deleted from the switch:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.22-port1.0.23
awplus(config-if)# no static-channel-group
734
AT-8100 Switch Command Line User’s Guide
PORT-CHANNEL LOAD-BALANCE
Syntax
port-channel load-balance src-mac|dst-mac|src-dst-mac|srcip|dst-ip|src-dst-ip
Parameters
src-mac
Specifies source MAC address as the load distribution method.
dst-mac
Specifies destination MAC address.
src-dst-mac
Specifies source address/destination MAC address.
src-ip
Specifies source IP address.
dst-ip
Specifies destination IP address.
src-dst-ip
Specifies source address/destination IP address.
Mode
Static Port Trunk Interface mode
Description
Use this command to specify the load distribution methods of static port
trunks. The load distribution methods determine the manner in which the
switch distributes packets among the ports of a trunk.
This command is found in the Static Port Trunk Interface mode. To enter
the mode, use the INTERFACE TRUNK command. The format of the
command is the keyword INTERFACE followed by name of a trunk you
want to configure. The name of a static port truck consists of “sa” followed
by a trunk’s ID number. You can configure just one trunk at a time.
735
Chapter 50: Static Port Trunk Commands
Example
This example sets the load distribution method to destination MAC
address for a trunk with an ID number 4:
awplus> enable
awplus# configure terminal
awplus(config)# interface sa4
awplus(config-if)# port-channel load-balance dst-mac
736
AT-8100 Switch Command Line User’s Guide
SHOW STATIC-CHANNEL-GROUP
Syntax
show static-channel-group
Parameters
None
Modes
User Exec mode and Privileged Exec mode
Description
Use this command to display the member ports of static port trunks on the
switch. An example of the command is shown in Figure 138.
% Static Aggregator: sa1
% Member:
port1.0.5
port1.0.6
port1.0.7
% Static Aggregator: sa2
% Member:
port1.0.19
port1.0.20
port1.0.21
port1.0.22
Figure 138. SHOW STATIC-CHANNEL-GROUP Command
To view the load distribution methods of static port trunks, display the
running configuration with “SHOW RUNNING-CONFIG” on page 162.
Example
This example displays the member ports of a static port trunk:
awplus# show static-channel-group
737
Chapter 50: Static Port Trunk Commands
STATIC-CHANNEL-GROUP
Syntax
static-channel-group id_number
Parameters
id_number
Specifies an ID number of a static port trunk. The range is 1 to 32.
You can specify just one ID number.
Mode
Port Interface mode
Description
Use this command to create new static port trunks and to add ports to
existing trunks. To create a new trunk, specify an unused ID number. To
add ports to an existing trunk, specify an ID number of an existing trunk.
Caution
Do not connect the network cables to the ports of the static port
trunk until after you have created it. A network loop may result if you
connect the cables beforehand, possibly resulting in a broadcast
storm and poor network performance.
To create a new static port trunk, you have to assign it an ID number, in
the range of 1 to 32. This number is used by the switch to identify trunks
and to assign trunk names. A name of a trunk consists of the prefix “sa”
followed by an ID number. For instance, if you assign a new trunk the ID
number 5, its name will be “sa5.”
You should review the following information before creating a new static
port trunk:
738

When you create a new trunk, the settings of the lowest numbered
port are copied to the other ports so that all the ports have the
same settings. Consequently, you should examine and verify that
the speed, duplex mode, and flow control settings of the lowest
numbered port are correct for the network device to which the
trunk will be connected.

The ports of a trunk must be members of the same VLAN.
AT-8100 Switch Command Line User’s Guide

Ports can be a members of just one static port trunk at a time. A
port that is already a member of a trunk cannot be added to
another trunk until it is first removed from its current trunk
assignment. To remove ports from static port trunks, see “NO
STATIC-CHANNEL-GROUP” on page 734.
You should review the following information if you are adding ports to an
existing trunk:

If the port you are adding will be the lowest numbered port in the
trunk, its parameter settings will overwrite the settings of the
existing ports in the trunk. Consequently, you check to see if its
settings are appropriate prior to adding it to the trunk. If the port will
not be the lowest numbered port, its settings are changed to match
the settings of the existing ports in the trunk.

If the port to be added to a trunk is already a member of another
static trunk, you must first remove it from its current trunk
assignment. To remove ports from a trunk, see “NO STATICCHANNEL-GROUP” on page 734.
Example
This example creates a new static port trunk of ports 11 and 12, with the ID
number 2. If there is already a static port trunk with the same ID number
the commands add the ports to it:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11-port1.0.12
awplus(config-if)# static-channel-group 2
739
Chapter 50: Static Port Trunk Commands
740
Chapter 51
Link Aggregation Control Protocol
(LACP)
This chapter covers the following topics:

“Overview” on page 742

“Creating New Aggregators” on page 746

“Setting the Load Distribution Method” on page 747

“Adding Ports to Aggregators” on page 748

“Removing Ports from Aggregators” on page 749

“Deleting Aggregators” on page 750

“Displaying Aggregators” on page 751
741
Chapter 51: Link Aggregation Control Protocol (LACP)
Overview
The Link Aggregation Control Protocol (LACP) is used to increase the
bandwidth between the switch and other LACP-compatible devices by
grouping ports together to form single virtual links.
LACP trunks are similar in function to static port trunks, but they are more
flexible. The implementations of static trunks tend to be vendor specific
and so may not always be compatible. In contrast, the implementation of
LACP in the switch is compliant with the IEEE 802.3ad standard. It is
interoperable with equipment from other vendors that also comply with the
standard. This makes it possible to create LACP trunks between the
switch and network devices from other manufacturers.
Another advantage is that ports in an LACP trunk can function in a
standby mode, which adds redundancy and resiliency. If a link in a static
trunk goes down, the overall bandwidth of the trunk is reduced until the
link is reestablished or another port is added to the trunk. In contrast,
LACP trunks can automatically activate ports in a standby mode when
active links fail, to maintain the maximum possible bandwidth of the trunk.
For example, assume you create an LACP trunk of ports 11 to 20 on the
switch, with ports 11 to 18 as the active ports and ports 19 and 20 as the
reserve ports. If an active port loses its link, the switch automatically
activates one of the reserve ports to maintain maximum bandwidth of the
trunk.
The main component of an LACP trunk is an aggregator. An aggregator is
a group of ports on the switch. The ports of an aggregator are further
grouped into a trunk, referred to as an aggregate trunk.
An aggregate trunk can consist of any number of ports on the switch, but
only a maximum of eight ports can be active at a time. If an aggregate
trunk contains more ports than can be active at one time, the extra ports
are placed in the standby mode. Ports in the standby mode do not pass
network traffic, but they do transmit and accept LACP data unit (LACPDU)
packets, which the switch uses to search for LACP-compliant devices.
Only ports on the switch that are part of an aggregator transmit LACPDU
packets. If a port that is part of an aggregator does not receive LACPDU
packets from its corresponding port on another device, it assumes that the
other port is not part of an LACP trunk and functions as a normal Ethernet
port by forwarding network traffic. However, it does continue to send
LACPDU packets. If it begins to receive LACPDU packets, it automatically
transitions to an active or standby mode as part of an aggregate trunk.
An aggregator can have only one trunk. You have to create a separate
aggregator for each trunk on the switch.
742
AT-8100 Switch Command Line User’s Guide
LACP System
Priority
When two devices form an aggregate trunk, a conflict may occur if there is
a difference in their LACP implementations. For example, the two devices
might not support the same number of active ports in an aggregate trunk
or might not agree on which ports are to be active and which are to be in
the standby mode.
If a conflict does occur, the two devices must resolve the problem and
decide whose LACP settings are to take precedence. This is
accomplished with the system LACP priority value. A hexadecimal value of
from 1 to FFFF, this parameter is used whenever the devices encounter a
conflict creating a trunk. The lower the number, the higher the priority. The
settings on the device with the higher priority take precedence over the
settings on the other device. If both devices have the same system LACP
priority value, the settings on whichever switch has the lowest MAC
address takes precedence.
This parameter is useful if the switch and the other 802.3ad-compliant
device have different LACP trunking capabilities. You should give the
other device the higher priority if its LACP capability is less than that of the
switch’s. That way, its settings are used by both devices to form the trunk.
For example, a conflict could occur in an aggregate trunk of six links if the
other 802.3ad-compliant device supported just four active links at one
time. The switch would activate all six links because it can handle up to
eight active links in a trunk at one time, while the other device would
activate only four ports. But by giving the other 802.3ad device the higher
priority, the conflict is avoided because the switch would use only four
active links. The other ports would remain in the standby mode.
Base Port
The lowest numbered port in an aggregator is referred to as the base port.
You cannot change the base port of an aggregator. You can neither delete
it from an aggregator nor add any ports that are below it. For example, if
an aggregator consists of ports 5 to 12, you cannot delete port 5 because
it is the base port, and you are not allowed to add ports 1 to 4 to the
aggregator. If you need to change the base port of an aggregator, you
must delete and recreate the aggregator to which it belongs.
LACP Port
Priority Value
The switch uses a port’s LACP priority to determine which ports are to be
active and which in the standby mode in situations where the number of
ports in the aggregate trunk exceeds the highest allowed number of active
ports. This parameter is a hexadecimal value in a range of 1 to FFFF and
is based on the port number. For instance, the priority values for ports 2
and 11 are 0002 and 000B, respectively. The lower the number, the higher
the priority. Ports with the highest priorities are designated as the active
ports in an aggregate trunk.
For example, if both 802.3ad-compliant devices support up to eight active
ports and there are a total of ten ports in the trunk, the eight ports with the
highest priorities (lowest priority values) are designated as the active
743
Chapter 51: Link Aggregation Control Protocol (LACP)
ports, and the others are placed in the standby mode. If an active link goes
down on a active port, the standby port with the next highest priority is
automatically activated to take its place.
The selection of the active links in an aggregate trunk is dynamic and will
change as links are added, removed, lost or reestablished. For example, if
an active port loses its link and is replaced by another port in the standby
mode, the reestablishment of the link on the originally active port causes
the port to return to the active state by virtue of having a higher priority
value than the replacement port, which returns to the standby mode.
A port’s priority value is not adjustable.
Two conditions must be met in order for a port in an aggregate trunk to
function in the standby mode. First, the number of ports in the trunk must
exceed the highest allowed number of active ports and, second, the port
must be receiving LACPDU packets from the other device. A port
functioning in the standby mode does not forward network traffic, but does
continue to send LACPDU packets. If a port that is part of an aggregator
does not receive LACPDU packets, it functions as a normal Ethernet port
and forwards network packets along with LACPDU packets.
Load Distribution
Methods
Guidelines
744
The load distribution method determines the manner in which the switch
distributes the traffic across the active ports of an aggregate trunk. The
method is assigned to an aggregator and applies to the aggregate trunk in
it. For further information, refer to “Load Distribution Methods” on
page 724.
Here are the LACP guidelines:

LACP must be activated on both the switch and the other device.

The other device must be 802.3ad-compliant.

An aggregator can consist of any number of ports.

The switch supports up to eight active ports in an aggregate trunk
at a time.

The switch can support up to a total of 32 static and LACP
aggregate trunks at a time. An LACP trunk is countered against the
maximum number of trunks only when it is active.

The ports of an aggregate trunk must be the same medium type:
all twisted pair ports or all fiber optic ports.

The ports of a trunk can be consecutive (for example ports 5 to 9)
or nonconsecutive (for example, ports 4, 8, 11, 20).

A port can belong to only one aggregator at a time.

A port cannot be a member of an aggregator and a static trunk at
the same time.

The ports of an aggregate trunk must be untagged members of the
same VLAN.
AT-8100 Switch Command Line User’s Guide

10/100/1000Base-TX twisted pair ports must be set to AutoNegotiation or 100 Mbps, full-duplex mode. LACP trunks are not
supported in half-duplex mode.

100Base-FX fiber optic ports must be set to full-duplex mode.

Only those ports that are members of an aggregator transmit
LACPDU packets.

The lowest numbered port in an aggregator is called the base port.
You cannot add ports that are below the base port of an
aggregator. For example, you cannot add ports 1 to 6 to an
aggregator that consists of ports 7 to 12. You must delete and
recreate an aggregator to change its base port.

The load distribution method is applied at the aggregator level. For
further information, refer to “Load Distribution Methods” on
page 724.

To function as a member of an aggregator, a port must receive
LACPDU packets from a remote network device. A port that does
not receive LACPDU packets while it is a member of an aggregate
trunk functions as a regular Ethernet port, forwarding network
traffic while also continuing to transmit LACPDU packets.

The port with the highest priority in an aggregate trunk carries
broadcast packets and packets with an unknown destination.

Prior to creating an aggregate trunk between an Allied Telesis
device and another vendor’s device, refer to the vendor’s
documentation to determine the maximum number of active ports
the device supports. If the number is less than eight, the maximum
number for the switch, you should assign it a higher system LACP
priority than the switch. If it is more than eight, assign the switch
the higher priority. This will avoid a possible conflict between the
devices if some ports are placed in the standby mode when the
devices create the trunk. For background information, refer to
“LACP System Priority” on page 743.

LACPDU packets are transmitted as untagged packets.
745
Chapter 51: Link Aggregation Control Protocol (LACP)
Creating New Aggregators
To create a new aggregator, move to the Port Interface mode of the
aggregator’s member ports and issue the CHANNEL-GROUP command,
which has this format:
channel-group id_number
The ID_NUMBER parameter has a range of 1 to 65535. Each aggregator
must be assigned a unique ID number.
If the ports of a new aggregator are already members of other
aggregators, the switch automatically removes them from their current
assignments before adding them to the new aggregator.
Caution
To avoid creating a loop in your network topology, do not connect
the network cables to the ports until after you have created the
aggregator with the CHANNEL-GOUP command.
These commands create a new aggregator of ports 11 and 12, with the ID
number 4:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11-port1.0.12
awplus(config-if)# channel-group 4
746
AT-8100 Switch Command Line User’s Guide
Setting the Load Distribution Method
The load distribution method determines the manner in which the switch
distributes the egress packets among the active ports of an aggregator.
The packets can be distributed by source MAC or IP address, destination
MAC or IP address, or by both source and destination addresses. The
distribution methods are discussed in “Load Distribution Methods” on
page 724.
The load distribution method of an aggregator is set with the PORTCHANNEL LOAD-BALANCE command in the LACP Port Trunk Interface
mode. To enter the mode, use the INTERFACE PO command from the
Global Configuration mode, in this format:
interface poid_number
You specify the intended aggregator by adding its ID number as a suffix to
PO.
Here is the format of the PORT-CHANNEL LOAD-BALANCE command:
port-channel load-balance src-mac|dst-mac|src-dst-mac|
src-ip|dst-ip|src-dst-ip
In this example, an aggregator with the ID number 5 is assigned the
source MAC address distribution method:
awplus> enable
awplus# configure terminal
awplus(config)# interface po5
awplus(config-if)# port-channel load-balance src-mac
This example assigns an aggregator with the ID number 17 the source
destination MAC address distribution method:
awplus> enable
awplus# configure terminal
awplus(config)# interface po17
awplus(config-if)# port-channel load-balance src-dst-mac
747
Chapter 51: Link Aggregation Control Protocol (LACP)
Adding Ports to Aggregators
The command to add ports to existing aggregators is the same command
to create new aggregators, the CHANNEL-GROUP command in the Port
Interface mode. To use the command, move to the Port Interface mode of
the ports you want to add to an aggregator and issue the command.
Note
You cannot add to an aggregator any ports that are below the base
port. For instance, you cannot add any ports below port 15 to an
aggregator that has ports 15 to 24.
When you enter the command, specify the ID number of the existing
aggregator to which the new ports are to be assigned. If you do not know
the ID number, use the SHOW ETHERCHANNEL DETAIL command.
If the new ports of an aggregator are already members of other
aggregators, you do not have to remove them from their current
assignments before adding them to a different aggregator. The
management software does that automatically.
Caution
To avoid creating a loop in your network topology, do not connect
the network cables to the aggregator ports until you have performed
the CHANNEL-GOUP command.
These commands adds the ports 18 and 23 to the aggregator with the ID
number 5:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.18,port1.0.23
awplus(config-if)# channel-group 5
748
AT-8100 Switch Command Line User’s Guide
Removing Ports from Aggregators
To remove ports from an aggregator, use the NO CHANNEL-GROUP
command, in the Port Interface mode. Move to the Port Interface mode for
those ports you want to remove from an aggregator and enter the
command. You can remove ports from only one aggregator at a time.
Caution
Do not remove a port from an aggregator without first disconnecting
the network cable. Leaving the network cable connected may result
in a network loop, which can cause a broadcast storm.
Note
You cannot remove the base port of an aggregator. The base port is
the lowest numbered port of an aggregator. For example, you
cannot delete port 7 from an aggregator consisting of ports 7 to 12.
Removing the base port requires deleting and recreating the
aggregator to which the base port belongs.
These commands delete ports 11 and 12 from an aggregator:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11-port1.0.12
awplus(config-if)# no channel-group
749
Chapter 51: Link Aggregation Control Protocol (LACP)
Deleting Aggregators
To delete an aggregator, remove all its ports with the NO CHANNELGROUP command, in the Port Interface mode.
Caution
Do not delete an aggregator without first disconnecting the network
cables from its ports. Leaving the network cables connected may
result in a network loop, which can cause a broadcast storm.
These commands delete an aggregator consisting of ports 17, 22 and 23:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.17,port1.0.22,port1.0.23
awplus(config-if)# no channel-group
750
AT-8100 Switch Command Line User’s Guide
Displaying Aggregators
There are five SHOW commands for LACP. Two of them are mentioned
here. For descriptions of all the commands, refer to Chapter 52, “LACP
Commands” on page 753.
The first command is the SHOW ETHERCHANNEL DETAIL command in
the Privileged Exec mode. It displays configuration information and
operation status about the aggregators on the switch. Included are the
ports of the individual aggregators, their link states, and the load
distribution methods of the aggregators. Here is the command:
awplus# show etherchannel detail
Here is an example of the information.
Aggregator # 1 ..... po1
Mac address: (00-15-77-D8-43-60,0000)
Admin Key: 0xff01 - Oper Key: 0x0101
Receive link count: 4 - Transmit link count: 4
Individual: 0 - Ready: 0
Distribution Mode .. MACBoth
Partner LAG: (0080,00-A0-D2-00-94-24,F601)
Link: Port 1.0.1
sync
Link: Port 1.0.2
sync
Link: Port 1.0.3
sync
Link: Port 1.0.4
sync
Aggregator # 22..... po22
Mac address: (00-15-77-D8-43-60,0000)
Admin Key: 0xff16 - Oper Key: 0x1616
Receive link count: 0 - Transmit link count: 0
Individual: 0 - Ready: 0
Distribution Mode .. MACDest
Partner LAG: (0000,00-00-00-00-00-00,0000)
Link: Port 1.0.22 disabled
Link: Port 1.0.23 disabled
Link: Port 1.0.24 disabled
Figure 139. SHOW ETHERCHANNEL DETAIL
The only information the SHOW ETHERCHANNEL DETAIL command
doesn’t include is the LACP system priority value. That value can been
seen with the SHOW LACP SYS-ID command, also in the Privileged Exec
mode. Here is the command:
awplus# show lacp sys-id
751
Chapter 51: Link Aggregation Control Protocol (LACP)
Here is an example of the information.
System Priority: 0x0080
Mac Address: 00-15-77-CC-E2-42
Figure 140. SHOW LACP SYS-ID Command
It should be mentioned that while the system priority value is set as an
integer with the LACP SYSTEM-PRIORITY command, this command
displays it in hexadecimal format.
752
Chapter 52
LACP Commands
The LACP port trunk commands are summarized in Table 87 and
described in detail within the chapter.
Table 87. LACP Port Trunk Commands
Command
Mode
Description
“CHANNEL-GROUP” on page 754
Port Interface
Creates new aggregators and adds
ports to existing aggregators.
“LACP SYSTEM-PRIORITY” on
page 756
Global
Configuration
Sets the LACP system priority value
for the switch.
“NO CHANNEL-GROUP” on
page 757
Port Interface
Removes ports from aggregators and
deletes aggregators.
“PORT-CHANNEL LOAD-BALANCE”
on page 758
LACP Port
Trunk Interface
Sets the load distribution method.
“SHOW ETHERCHANNEL” on
page 760
Privileged Exec
Displays the ports of the aggregators
on the switch.
“SHOW ETHERCHANNEL DETAIL”
on page 761
Privileged Exec
Displays the states of the ports of the
aggregators.
“SHOW ETHERCHANNEL
SUMMARY” on page 763
Privileged Exec
Displays detailed information about
the aggregators.
“SHOW LACP SYS-ID” on page 764
Privileged Exec
Displays the LACP priority value and
MAC address of the switch.
“SHOW PORT ETHERCHANNEL” on
page 765
Privileged Exec
Displays the LACP port information.
753
Chapter 52: LACP Commands
CHANNEL-GROUP
Syntax
channel-group id_number
Parameters
id_number
Specifies the ID number of a new or an existing aggregator. The
range is 1 to 65335.
Mode
Port Interface mode
Description
Use this command to create new aggregators or to add ports to existing
aggregators.
The lowest numbered port in an aggregator is called the base port. When
adding ports to an existing aggregator, you cannot add ports that are
below the base port. For example, you cannot add ports 1 to 6 to an
existing aggregator that consists of ports 7 to 12. You have to delete and
recreate an aggregator to change its base port.
To review the guidelines to creating or modifying aggregators, refer to
“Guidelines” on page 744.
Caution
To prevent creating a loop in your network topology, do not connect
the network cables to the ports until after you’ve created the
aggregator. Network loops can cause broadcast storms that can
lead to poor network performance.
Confirmation Command
“SHOW ETHERCHANNEL” on page 760
754
AT-8100 Switch Command Line User’s Guide
Examples
These commands create a new aggregator consisting of ports 11 to 16.
The ID number of the aggregator is 2.
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11-port1.0.16
awplus(config-if)# channel-group 2
This example adds port 15 to an existing aggregator that has the ID
number 4:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.15
awplus(config-if)# channel-group 4
755
Chapter 52: LACP Commands
LACP SYSTEM-PRIORITY
Syntax
lacp system-priority priority
Parameters
priority
Specifies the LACP system priority value for the switch. The range
is 1 to 65535.
Mode
Global Configuration mode
Description
Use this command to set the LACP priority of the switch. The switch uses
the LACP priority to resolve conflicts with other network devices when it
creates aggregate trunks.
Confirmation Command
“SHOW LACP SYS-ID” on page 764
Note
The value is set as an integer with this command and displayed in
hexadecimal format by the SHOW LACP SYS-ID command.
Example
This example assigns the system priority 200 to the switch:
awplus> enable
awplus# configure terminal
awplus(config)# lacp system-priority 200
756
AT-8100 Switch Command Line User’s Guide
NO CHANNEL-GROUP
Syntax
no channel-group
Parameters
None
Mode
Port Interface mode
Description
Use this command to remove ports from aggregators and to delete
aggregators. To delete an aggregator, remove all its port.
You cannot remove the base port of the aggregator. Changing the base
port requires deleting and recreating the aggregator.
Caution
To prevent creating a loop in your network topology, you should not
remove ports from an aggregator without first disconnecting their
network cables. Network loops can cause broadcast storms that can
lead to poor network performance.
Confirmation Command
“SHOW ETHERCHANNEL” on page 760
Example
These commands delete ports 11 and 12 from an aggregator. The
aggregator is deleted if these are its only ports:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.11-port1.0.12
awplus(config-if)# no channel-group
757
Chapter 52: LACP Commands
PORT-CHANNEL LOAD-BALANCE
Syntax
port-channel load-balance src-mac|dst-mac|src-dst-mac|
src-ip|dst-ip|src-dst-ip
Parameters
src-mac
Specifies source MAC address as the load distribution method.
dst-mac
Specifies destination MAC address.
src-dst-mac
Specifies source address/destination MAC address.
src-ip
Specifies source IP address.
dst-ip
Specifies destination IP address.
src-dst-ip
Specifies source address/destination IP address.
Mode
LACP Port Trunk Interface mode
Description
Use this command to set the load distribution methods of aggregators. An
aggregator can have only one load distribution method. The load
distribution methods are the same as those for static port trunks described
in “Load Distribution Methods” on page 724.
To enter the LACP Port Trunk Interface mode, from the Global
Configuration mode enter the INTERFACE PO command and the ID
number of the aggregator. For example, to enter the mode for the
aggregator that has the ID number 11, you enter:
awplus> enable
awplus# configure terminal
awplus(config)# interface po11
awplus(config-if)#
758
AT-8100 Switch Command Line User’s Guide
Confirmation Command
“SHOW ETHERCHANNEL DETAIL” on page 761
Example
This example sets the load distribution method to source MAC address for
the LACP trunk that has the ID number 22:
awplus> enable
awplus# configure terminal
awplus(config)# interface po22
awplus(config-if)# port-channel load-balance src-mac
759
Chapter 52: LACP Commands
SHOW ETHERCHANNEL
Syntax
show etherchannel id_number
Parameters
id_number
Specifies the ID number of the aggregator.
Mode
Privileged Exec mode
Description
Use this command to display the ports of specific aggregators on the
switch. Figure 141 illustrates the information.
Aggregator #2 .... po2
Admin Key: 0xff01 - Oper Key: 0x0101
Link: Port1.0.2
sync
Link: Port1.0.3
sync
Link: Port1.0.4
sync
Link: Port1.0.5
sync
Link: Port1.0.6
sync
Figure 141. SHOW ETHERCHANNEL Command
Example
This example displays the ports of the aggregator with the ID number 22:
awplus# show etherchannel 22
760
AT-8100 Switch Command Line User’s Guide
SHOW ETHERCHANNEL DETAIL
Syntax
show etherchannel detail
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display detailed information about the aggregators
on the switch. Figure 142 illustrates the information.
Aggregator # 1 ..... po1
Mac address: (00-15-77-D8-43-60,0000)
Admin Key: 0xff01 - Oper Key: 0x0101
Receive link count: 4 - Transmit link count: 4
Individual: 0 - Ready: 0
Distribution Mode .. MACBoth
Partner LAG: (0080,00-A0-D2-00-94-24,F601)
Link: Port 1.0.1
sync
Link: Port 1.0.2
sync
Link: Port 1.0.3
sync
Link: Port 1.0.4
sync
Aggregator # 22..... po22
Mac address: (00-15-77-D8-43-60,0000)
Admin Key: 0xff16 - Oper Key: 0x1616
Receive link count: 0 - Transmit link count: 0
Individual: 0 - Ready: 0
Distribution Mode .. MACDest
Partner LAG: (0000,00-00-00-00-00-00,0000)
Link: Port 1.0.22
disabled
Link: Port 1.0.23
disabled
Link: Port 1.0.24
disabled
Figure 142. SHOW ETHERCHANNEL DETAIL Command
761
Chapter 52: LACP Commands
Example
This example displays detailed information about aggregators:
awplus# show etherchannel detail
762
AT-8100 Switch Command Line User’s Guide
SHOW ETHERCHANNEL SUMMARY
Syntax
show etherchannel summary
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the states of the member ports of the
aggregators. Figure 143 illustrates the information.
Aggregator #2 .... po2
Admin Key: 0xff01 - Oper Key: 0x0101
Link: Port1.0.2
sync
Link: Port1.0.3
sync
Link: Port1.0.4
sync
Link: Port1.0.5
sync
Link: Port1.0.6
sync
Aggregator #21 .... po21
Admin Key: 0xff16 - Oper
Link: Port1.0.21
Link: Port1.0.22
Link: Port1.0.23
Link: Port1.0.24
Link: Port1.0.25
Key: 0x1616
disabled
disabled
disabled
disabled
disabled
Figure 143. SHOW ETHERCHANNEL SUMMARY Command
Example
This example displays the states of the aggregator’s member ports:
awplus# show etherchannel summary
763
Chapter 52: LACP Commands
SHOW LACP SYS-ID
Syntax
show lacp sys-id
Parameters
None
Mode
Privileged Exec mode
Description
Use this command to display the LACP priority value and MAC address of
the switch. Figure 144 provides an example of the display.
System Priority: 0x0080
Mac Address: 00-15-77-CC-E2-42
Figure 144. SHOW LACP SYS-ID Command
Note
The LACP priority value is set as an integer with “LACP SYSTEMPRIORITY” on page 756 and displayed in hexadecimal format by
this command.
Example
This example displays the LACP priority value and MAC address:
awplus# show lacp sys-id
764
AT-8100 Switch Command Line User’s Guide
SHOW PORT ETHERCHANNEL
Syntax
show port etherchannel port
Parameters
port
Specifies the port of an aggregator. You can display more than one
port at a time.
Mode
Privileged Exec mode
Description
Use this command to display the LACP port information. Figure 145
illustrates the information. Refer to the IEEE 802.3ad standard for
definitions of the fields.
Port ............. 05
Aggregator ....... LACP sw22
Receive machine state: Default
Periodic Transmission machine state: Fast periodic
Mux machine state: Detached
ACTOR
PARTNER
============================================
Actor Port ............. 05
Partner Port .........
Selected ............... SELECTED
Partner System .......
Oper Key ............... 0xf705
Oper Key ............
Oper Port Priority .... 0x0005
Oper Port Priority ...
Individual ............. NO
Individual ...........
Synchronized............ YES
Synchronized..........
Collecting ............ YES
Collecting ...........
Distributing ........... YES
Distributing .........
Defaulted .............. NO
Defaulted ............
Expired ................ NO
Expired ..............
Actor Churn
.......... YES
Partner Churn ........
00
00-30-84-AB-EF-CD
0xff07
0x0007
NO
YES
YES
YES
NO
NO
YES
Figure 145. SHOW PORT ETHERCHANNEL Command
Example
This example displays the LACP port information for port 5:
awplus# show port etherchannel port1.0.5
765
Chapter 52: LACP Commands
766
Section VII
Spanning Tree Protocols
This section contains the following chapters:

Chapter 53, “Spanning Tree and Rapid Spanning Tree Protocols” on
page 769

Chapter 54, “Spanning Tree Protocol (STP) Procedures” on page 789

Chapter 55, “STP Commands” on page 797

Chapter 56, “Rapid Spanning Tree Protocol (RSTP) Procedures” on
page 813

Chapter 57, “RSTP Commands” on page 825

Chapter 58, “Multiple Spanning Tree Protocol” on page 851

Chapter 59, “MSTP Commands” on page 871
767
768
Chapter 53
Spanning Tree and Rapid Spanning Tree
Protocols
This chapter covers the following topics:

“Overview” on page 770

“Bridge Priority and the Root Bridge” on page 771

“Path Costs and Port Costs” on page 772

“Port Priority” on page 773

“Forwarding Delay and Topology Changes” on page 774

“Hello Time and Bridge Protocol Data Units (BPDU)” on page 775

“Point-to-Point and Edge Ports” on page 776

“Mixed STP and RSTP Networks” on page 779

“Spanning Tree and VLANs” on page 780

“RSTP BPDU Guard” on page 781

“RSTP Loop Guard” on page 783

“STP and RSTP Root Guard” on page 788
769
Chapter 53: Spanning Tree and Rapid Spanning Tree Protocols
Overview
The Spanning Tree Protocol (STP) and the Rapid Spanning Tree Protocol
(RSTP) guard against the formation of loops in an Ethernet network
topology. A topology has a loop when two or more nodes can transmit
packets to each other over more than one data path. The problem that
data loops pose is that packets can become caught in repeating cycles,
referred to as broadcast storms, that needlessly consume network
bandwidth and that can significantly reduce network performance.
STP and RSTP prevent loops from forming by ensuring that only one path
exists between the end nodes in your network. Where multiple paths exist,
these protocols place the extra paths in a standby or blocking mode.
STP and RSTP can also activate redundant paths if primary paths go
down. So not only do these protocols guard against multiple links between
segments and the risk of broadcast storms, but they can also maintain
network connectivity by activating backup redundant paths.
One of the primary differences between the two protocols is in the time
each takes to complete the process referred to as convergence. When a
change is made to the network topology, such as the addition of a new
bridge, a spanning tree protocol must determine whether there are
redundant paths that must be blocked to prevent data loops, or activated
to maintain communications between the various network segments. This
is the process of convergence.
With STP, convergence can take up to a minute to complete in a large
network. This can result in the loss of communication between various
parts of the network during the convergence process, and the subsequent
lost of data packets.
RSTP is much faster. It can complete a convergence in seconds, and so
greatly diminish the possible impact the process can have on your
network.
Only one spanning tree can be active on the switch at a time. The default
is RSTP.
The STP implementation on the switch complies with the IEEE 802.1d
standard. The RSTP implementation complies with the IEEE 802.1w
standard. The following subsections provide a basic overview on how STP
and RSTP operate and define the different parameters that you can
adjust.
770
AT-8100 Switch Command Line User’s Guide
Bridge Priority and the Root Bridge
The first task that bridges perform when a spanning tree protocol is
activated on a network is the selection of a root bridge. A root bridge
distributes network topology information to the other network bridges and
is used by the other bridges to determine if there are redundant paths in
the network.
A root bridge is selected by the bridge priority number, also referred to as
the bridge identifier. The bridge with the lowest bridge priority number in
the network is selected as the root bridge. If two or more bridges have the
same bridge priority number, of those bridges the one with the lowest MAC
address is designated as the root bridge.
You can change the bridge priority number on the switch. You can
designate which switch on your network you want as the root bridge by
giving it the lowest bridge priority number. You might also consider which
bridge should function as the backup root bridge in the event you need to
take the primary root bridge offline, and assign that bridge the second
lowest bridge identifier number.
The bridge priority has a range 0 to 61,440 in increments of 4,096. A lower
priority number indicates a greater likelihood of the switch becoming the
root bridge. The priority values can be set only in increments of 4,096. The
default value is 32,768.
771
Chapter 53: Spanning Tree and Rapid Spanning Tree Protocols
Path Costs and Port Costs
After the root bridge has been selected, the bridges determine if the
network contains redundant paths and, if one is found, select a preferred
path while placing the redundant paths in a backup or blocking state.
A bridge that has only one path between itself and the root bridge is
referred to as the designated bridge. And the port through which it is
communicating with the root bridge is referred to as the root port.
If redundant paths exist, the bridges that are a part of the paths must
determine which path will be the primary, active path, and which path(s)
will be placed in the standby, blocking mode. This is accomplished by an
determination of path costs. The path offering the lowest cost to the root
bridge becomes the primary path and the redundant paths are placed in
the blocking state.
Path cost is determined by evaluating port costs. Every port on a bridge
participating in STP and RSTP has a cost associated with it. The cost of a
port on a bridge is typically based on port speed. The faster the port, the
lower the port cost. The exception to this is the ports on the root bridge,
where all ports have a port cost of 0.
Path cost is simply the sum of the port costs between a bridge and the root
bridge.
The path cost of a port is adjustable on the switch. The range is 6 to 40.
772
AT-8100 Switch Command Line User’s Guide
Port Priority
If two paths have the same port cost, the bridges must select a preferred
path. In some instances this can involve the use of the port priority
parameter. This parameter is used as a tie breaker when two paths have
the same cost.
The port priority has a range 0 to 240 in increments of 16. The priority
values can be set only in increments of 16. The default value is 128, which
is increment 8.
773
Chapter 53: Spanning Tree and Rapid Spanning Tree Protocols
Forwarding Delay and Topology Changes
If there is a change in the network topology due to a failure, removal, or
addition of any active components, the active topology also changes. This
may trigger a change in the state of some blocked ports. However, a
change in a port state is not activated immediately.
It might take time for the root bridge to notify all bridges that a topology
change has occurred, especially if it is a large network. If a topology
change is made before all the bridges have been notified, a temporary
data loop could occur, and that could adversely impact network
performance.
To forestall the formation of temporary data loops during topology
changes, a port designated to change from blocking to forwarding passes
through two additional states—listening and learning—before beginning to
forward frames. The amount of time a port spends in these states is set by
the forwarding delay value. This value states the amount of time that a
port spends in the listening and learning states prior to changing to the
forwarding state.
The forwarding delay value is adjustable on the switch. The appropriate
value for this parameter depends on a number of variables, with the size
of your network being a primary factor. For large networks, you should
specify a value large enough to allow the root bridge sufficient time to
propagate a topology change throughout the entire network. For small
networks, you should not specify a value so large that a topology change
is needlessly delayed, which could result in the delay or loss of some data
packets.
Note
The forwarding delay parameter applies only to ports on the switch
that are operating STP-compatible mode.
774
AT-8100 Switch Command Line User’s Guide
Hello Time and Bridge Protocol Data Units (BPDU)
The bridges that are part of a spanning tree domain communicate with
each other using a bridge broadcast frame that contains a special section
devoted to carrying STP or RSTP information. This portion of the frame is
referred to as the bridge protocol data unit (BPDU). When a bridge is
brought online, it issues a BPDU in order to determine whether a root
bridge has already been selected in the network, and if not, whether it has
the lowest bridge priority number of all the bridges and should therefore
become the root bridge.
The root bridge periodically transmits a BPDU to determine whether there
have been any changes to the network topology and to inform other
bridges of topology changes. The frequency with which the root bridge
sends out a BPDU is called the hello time. This is a value that you can set
on the switch. The interval is measured in seconds and has a default
setting of two seconds. Consequently, if the switch is selected as the root
bridge of a spanning tree domain, it transmits a BPDU every two seconds.
775
Chapter 53: Spanning Tree and Rapid Spanning Tree Protocols
Point-to-Point and Edge Ports
Part of the task of configuring RSTP is defining the port types on the
switch. This relates to the devices connected to the ports. With the port
types defined, RSTP can reconfigure a network much quicker than STP
when a change in network topology is detected.
Note
This section applies only to RSTP.
There are two possible selections:

Point-to-point port

Edge port
A port that is operating in full-duplex mode is functioning as a point-topoint port. Figure 146 illustrates two switches that are connected with one
data link. With the link operating in full-duplex, the ports are point-to-point
ports.
Figure 146. Point-to-Point Ports
If a port is operating in half-duplex mode and is not connected to any
further bridges that are participating in STP or RSTP, then the port is an
edge port. Figure 147 illustrates an edge port on the switch. The port is
connected to an Ethernet hub, which in turn is connected to a series of
Ethernet workstations. This is an edge port because it is connected to a
device that has no participating STP or RSTP devices.
776
AT-8100 Switch Command Line User’s Guide
Figure 147. Edge Port
A port can be both a point-to-point and an edge port at the same time. It
operates in full-duplex and has no STP or RSTP devices connected to it.
Figure 148 illustrates a port functioning as both a point-to-point and edge
port.
Figure 148. Point-to-Point and Edge Port
777
Chapter 53: Spanning Tree and Rapid Spanning Tree Protocols
Determining whether a bridge port is point-to-point, edge, or both, can be
a bit confusing. For that reason, do not change the default values for this
RSTP feature unless you have a good grasp of the concept. In most
cases, the default values work well.
778
AT-8100 Switch Command Line User’s Guide
Mixed STP and RSTP Networks
RSTP IEEE 802.1w is fully compliant with STP IEEE 802.1d. A network
can have both protocols. If both RSTP and STP are present in a network,
they operate together to create a single spanning tree domain. Given this,
if you decide to activate spanning tree on the switch, there is no reason not
to use RSTP, even if the other switches are running STP. The switch
combines its RSTP with the STP on the other switches by monitoring the
traffic on the ports for BPDU packets. Ports that receive RSTP BPDU
packets operate in RSTP mode while ports receiving STP BPDU packets
operate in STP mode.
779
Chapter 53: Spanning Tree and Rapid Spanning Tree Protocols
Spanning Tree and VLANs
STP and RSTP support a single-instance spanning tree that
encompasses all the ports on the switch. If the ports are divided into
different VLANs, the spanning tree protocol crosses the VLAN boundaries.
This point can pose a problem in networks that contain multiple VLANs
that span different switches and that are connected with untagged ports.
In this situation, STP and RSTP might block a data link if they detect a
data loop, causing fragmentation of your VLANs.
This issue is illustrated in Figure 149. Two VLANs, Sales and Production,
span two switches. Two links consisting of untagged ports connect the
separate parts of each VLAN. If STP or RSTP is activated on the switches,
one of the links is disabled because the links form a loop. In the example,
the port on the top switch that links the two parts of the Production VLAN
is changed to the block state. This leaves the two parts of the Production
VLAN unable to communicate with each other.
Figure 149. VLAN Fragmentation
You can avoid this problem by not activating spanning tree or by
connecting VLANs using tagged instead of untagged ports. (For
information about tagged and untagged ports, refer to Chapter 60, “Portbased and Tagged VLANs” on page 899.)
780
AT-8100 Switch Command Line User’s Guide
RSTP BPDU Guard
This feature monitors the RSTP edge ports on the switch for BPDU
packets. Edge ports that receive BPDU packets are disabled by the
switch. The benefit of this feature is that it prevents the use of edge ports
by RSTP devices and so reduces the possibility of unwanted changes to a
network topology.
When RSTP detects a loop in a network topology, it performs a process
called convergence in which the RSTP devices identify the ports to be
blocked to prevent the loop. The length of time the process requires
depends on a number of factors, including the number of RSTP devices
and ports in the domain. Long convergence processes can affect network
performance because areas of a network may be isolated while the
devices check for loops and enable or disable ports.
You can decrease the amount of time of the convergence process by
designating edge ports on the switches. These ports are connected to
devices that are at the edge of a network, such as workstations and
printers. The advantages of edge ports are that they typically do not
participate in the convergence process and that they immediately
transition to the forwarding state, skipping the intermediate listening and
learning states.
Edge ports, however, can leave a spanning tree domain vulnerable to
unwanted topology changes. This can happen if someone connects a
RSTP device to an edge port, causing the other RSTP devices in the
domain to perform the convergence process to integrate the new device
into the spanning tree domain. If the new device assumes the role of root
bridge, the new topology might be undesirable. In the worst case scenario,
someone could use an edge port to introduce false BPDUs into a network
to deliberately initiate a change.
The BPDU guard feature lets you protect your network from unnecessary
convergences by preventing the use of edge ports by RSTP devices.
When this feature is active on the switch, any edge port that receives
BPDU packets is automatically disabled, preventing the initiation of the
convergence process. You are notified of the event with an SNMP trap. An
edge port remains disabled until you enable it again with the management
software, such as with the ENABLE SWITCH PORT command in the
command line.
Here are the guidelines to this feature:

BPDU guard is set at the switch level and has only two possible
settings: enabled or disabled. When this feature is enabled, those
ports that have been designated as edge ports automatically have
the feature. The default setting is disabled.
781
Chapter 53: Spanning Tree and Rapid Spanning Tree Protocols

This feature is supported on the base ports of the switch and any
fiber optic transceivers installed in the unit.
Note
A port disabled by the BPDU guard feature remains in that state until
you enable it with the management software. If a port is still
receiving BPDUs, you should disconnect the network cable before
enabling it to prevent the feature from disabling the port again.
782
AT-8100 Switch Command Line User’s Guide
RSTP Loop Guard
Although RSTP is designed to detect and prevent the formation of loops in
a network topology, it is possible in certain circumstances for the protocol
to inadvertently create loops. This can happen in the unlikely situation
where a link between two RSTP devices remains active when there is an
cessation of BPDUs because of a hardware or software problem. The
RSTP loop guard feature is designed to prevent the formation of loops in
this situation.
Network devices running RSTP regularly transmit BPDUs to discover the
topology of a network and to the search for loops. These packets are used
by the devices to identify redundant physical paths to the root bridge and,
where loops exist, to determine the ports to be blocked.
The proper operation of RSTP relies on the flow of these packets. If there
is a hardware or software failure that interrupts their transmission or
reception, it is possible the protocol might mistakenly unblock one or more
ports in the spanning tree domain, causing a network loop.
The RSTP loop guard feature protects against this type of failure by
monitoring the ports on the switch for BPDUs from the other RSTP
devices. If a port stops receiving BPDUs without a change to its link state
(that is the link on a port stays up), the switch assumes that there is a
problem with RSTP on the other device and takes action depending on a
port’s role in the spanning tree domain. If the event happens on an
alternate port in the blocking state, the port is kept in that state. If this
occurs on a root or designated port in the forwarding state, the port’s state
is changed to the blocking state.
The switch activates loop guard only when there is a cessation in the flow
of BPDUs on a port whose link state has not changed. A port that never
receives BPDUs will not be affected by this feature.
A port that loop guard has placed in the blocking state remains in that state
until it begins to receive BPDUs again or you reset the switch.
Disconnecting the port, disabling or enabling a port with the management
software, or even disabling loop guard does not change a port’s blocking
state.
If a loop guard event occurs during a local or remote management
session, you will see this message displayed on the screen:
Loop Guard is triggered
If you configured the SNMP community strings on the switch, an SNMP
trap is sent to your management workstations to notify you of the event.
However, this event does not generate an entry in the switch’s log.
783
Chapter 53: Spanning Tree and Rapid Spanning Tree Protocols
This feature is supported on the base ports of the switch as well as on any
fiber optic transceivers installed in the unit.
Note
The RSTP Loop Guard feature is supported in STP, RSTP, and
MSTP.
The following figures illustrate this feature. The first figure shows RSTP
under normal operations in a network of three switches that have been
connected to form a loop. To block the loop, switch 3 designates port 14
as an alternate port and places it in the blocking or discarding state.
Figure 150. Loop Guard Example 1
If port 17 on switch 2 stops transmitting BPDUs, port 14 on switch 3
transitions from the blocking state to the forwarding state because the
switch assumes that the device connected to the port is no longer an
RSTP device. The result is a network loop, as illustrated in Figure 151 on
page 785.
784
AT-8100 Switch Command Line User’s Guide
Figure 151. Loop Guard Example 2
But if loop guard is enabled on port 14 on switch 3, the port, instead of
changing to the forwarding state, stays in the blocking state, preventing
the formation of the loop.
Figure 152. Loop Guard Example 3
785
Chapter 53: Spanning Tree and Rapid Spanning Tree Protocols
The previous example illustrates how loop guard works to maintain a loopfree topology by keeping alternate ports in the blocking state when they
stop receiving BPDUs. Loop guard can also work on root and designated
ports that are in the forwarding state. This is illustrated in the next two
examples.
In the first example the root bridge stops transmitting BPDUs. If switch 3 is
not using loop guard, it continues to forward traffic on port 4. But since no
BPDUs are received on the port, it assumes that the device connected to
the port is not an RSTP device. Since switch 2 becomes the new root
bridge, port 14 on switch 3 transitions to the forwarding state from the
blocking state to become the new root port for the switch. The result is a
network loop.
Figure 153. Loop Guard Example 4
But if loop guard is active on port 4 on switch 3, the port is placed in the
blocking state since the reception of BPDUs is interrupted. This blocks the
loop. The port remains in the blocking state until it again receives BPDUs
or the switch is reset.
786
AT-8100 Switch Command Line User’s Guide
Figure 154. Loop Guard Example 5
787
Chapter 53: Spanning Tree and Rapid Spanning Tree Protocols
STP and RSTP Root Guard
The Root Guard feature enforces the root bridge placement in a network.
It ensures the port that you have configured with the Root Guard feature is
a designated port. Normally, root bridge ports are all designated ports,
unless two or more ports of the root bridge are connected.
If the bridge receives a superior BPDU on a root-designated port, the Root
Guard feature changes the state of the port to a “root inconsistent” STP
state. This state varies depending on the spanning tree designation. For
STP, this is a listening state. For RSTP (and MSTP), this is a discarding
state. For more information about this command, see “SPANNING-TREE
GUARD ROOT” on page 802 in the STP Commands chapter or
“SPANNING-TREE GUARD ROOT” on page 838 in the RSTP Commands
chapter.
Note
This feature is also supported in MSTP.
788
Chapter 54
Spanning Tree Protocol (STP)
Procedures
This chapter provides the following procedures:

“Designating STP as the Active Spanning Tree Protocol” on page 790

“Enabling the Spanning Tree Protocol” on page 791

“Setting the Switch Parameters” on page 792

“Setting the Port Parameters” on page 794

“Disabling the Spanning Tree Protocol” on page 795

“Displaying STP Settings” on page 796
789
Chapter 54: Spanning Tree Protocol (STP) Procedures
Designating STP as the Active Spanning Tree Protocol
Before you can configure the STP parameters or enable the protocol on
the switch, you have to designate STP as the active spanning tree
protocol. The switch supports other spanning tree protocols in addition to
STP, but only one of them can be active at a time on the device.
To designate STP as the active spanning tree protocol on the switch, use
the SPANNING-TREE MODE STP command in the Global Configuration
mode. Here is the command:
awplus> enable
awplus# configure terminal
awplus(config)# spanning-tree mode stp
After you enter the command, you can configure the STP parameters and
enable the protocol so that the switch begins to use the protocol.
790
AT-8100 Switch Command Line User’s Guide
Enabling the Spanning Tree Protocol
To enable STP on the switch, use the SPANNING-TREE STP ENABLE
command in the Global Configuration mode. Here is the command:
awplus> enable
awplus# configure terminal
awplus(config)# spanning-tree stp enable
The switch immediately begins to send BPDUs from its ports to participate
in the spanning tree domain.
791
Chapter 54: Spanning Tree Protocol (STP) Procedures
Setting the Switch Parameters
This table lists the STP functions that are controlled at the switch level.
These commands are located in the Global Configuration mode and apply
to the entire switch.
Table 88. STP Switch Parameter Commands
To
Use This Command
Range
Specify how long the ports remain in
the listening and learning states
before entering the forwarding state.
SPANNING-TREE FORWARD-TIME
forwardtime
4 to 30
seconds
Configure how frequently the switch
sends spanning tree configuration
information when it is functioning as
the root bridge or trying to become the
root bridge.
SPANNING-TREE HELLO-TIME
hellotime
1 to 10 seconds
Configure how long the switch stores
bridge protocol data units (BPDUs)
before deleting them.
SPANNING-TREE MAX-AGE maxage
6 to 40 seconds
Assign the switch a priority number,
which is used to determine the root
bridge in the spanning tree domain.
SPANNING-TREE PRIORITY priority
0 to 61,440, in
increments of
4,096
Unless you are familiar with their functions, you should not change the
forward time, hello time, and max-age parameters from their default
values on the switch. These parameters have to be set in accordance with
the following formulas, as specified in IEEE Standard 802.1d:
max-age <= 2 x (forward time - 1.0 second)
max-age => 2 x (hello time + 1.0 second)
This example changes the forward time to 24 seconds, the hello time to 5
seconds and the max-age to 20:
awplus> enable
awplus# configure terminal
awplus(config)# spanning-tree forward-time 24
awplus(config)# spanning-tree hello-time 5
awplus(config)# spanning-tree max-age 20
If you want the switch to be the root bridge of the spanning tree domain,
assign it a low priority number with the SPANNING-TREE PRIORITY
command. The bridge priority has a range 0 to 61,440 in increments of
4.096. The default value is 32,768.
792
AT-8100 Switch Command Line User’s Guide
This example of the command sets the switch’s priority value to 8,192:
awplus> enable
awplus# configure terminal
awplus(config)# spanning-tree priority 8192
793
Chapter 54: Spanning Tree Protocol (STP) Procedures
Setting the Port Parameters
This table lists the STP functions that are controlled at the port level. You
set these parameters in the Port Interface mode of the individual ports.
Table 89. STP Port Parameter Commands
To
Use This Command
Range
Specify the cost of a port to the root
bridge.
SPANNING-TREE PATH-COST pathcost
6 to 40
Assign a priority value, which is used
as a tie breaker when two or more
ports have equal costs to the root
bridge.
SPANNING-TREE PRIORITY priority
0 to 240 in
increments of
16
This example of the SPANNING-TREE PATH-COST command assigns a
path cost of 40 to ports 4 and 18:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.4,port1.0.18
awplus(config-if)# spanning-tree path-cost 40
This example of the SPANNING-TREE PRIORITY command assigns a
priority value of 32:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.5
awplus(config-if)# spanning-tree priority 32
794
AT-8100 Switch Command Line User’s Guide
Disabling the Spanning Tree Protocol
To disable STP on the switch, use the NO SPANNING-TREE STP
ENABLE command in the Global Configuration mode. Here is the
command:
awplus> enable
awplus# configure terminal
awplus(config)# no spanning-tree stp enable
Note
Before disabling the spanning tree protocol on the switch, display
the STP states of the ports and disconnect the network cables from
any ports that are in the discarding state. Ports that are in the
discarding state begin to forward traffic again when STP is disabled.
Leaving the cables connected may result in broadcast storms from
network loops. To view the states of the ports, refer to “Displaying
STP Settings” on page 796.
795
Chapter 54: Spanning Tree Protocol (STP) Procedures
Displaying STP Settings
To view the STP settings on the switch, use the SHOW SPANNING-TREE
in the Privileged Exec mode. The command has this format:
show spanning-tree [interface port]
Use the INTERFACE parameter to view the settings of the specified ports.
Otherwise, omit the parameter to view all the ports. Here is an example of
the information the command displays:
%
%
%
%
%
%
%
%
%
%
%
%
%
%
Default: Bridge up - Spanning Tree Enabled
Default: Bridge Priority 32768
Default: Forward Delay 15 - Hello Time 2 - Max Age 20
Default: Root Id 001577cce242
Default: Bridge Id 001577cce242
port1.0.1: Port Id 33025 - Role Disabled - State Disabled
port1.0.1: Designated Path Cost 0
port1.0.1: Configured Path Cost 0 - Add type Explicit ref count 1
port1.0.1: Designated Port Id 33025 - Priority 128 port1.0.1: Root 000000000000
port1.0.1: Designated Bridge 000000000000
port1.0.1: Max Age 20
port1.0.1: Hello Time 2 - Forward Delay 15
port1.0.1: Version Spanning Tree Protocol
Figure 155. SHOW SPANNING-TREE Command
796
Chapter 55
STP Commands
The STP commands are summarized in Table 90 and described in detail
within the chapter.
Table 90. Spanning Tree Protocol Commands
Command
Mode
Description
“NO SPANNING-TREE STP
ENABLE” on page 799
Global
Configuration
Disables STP on the switch.
“SHOW SPANNING-TREE” on
page 800
User Exec and
Privileged Exec
Displays the STP settings.
“SPANNING-TREE FORWARD-TIME”
on page 801
Global
Configuration
Sets the forward time, which specifies
how long the ports remain in the
listening and learning states before
they transition to the forwarding state.
“SPANNING-TREE GUARD ROOT”
on page 802
Port Interface
Enables the Root Guard feature on a
port.
“SPANNING-TREE HELLO-TIME” on
page 803
Global
Configuration
Sets the hello time, which defines how
frequently the switch sends spanning
tree configuration information when it
is the root bridge or is trying to
become the root bridge.
“SPANNING-TREE MAX-AGE” on
page 804
Global
Configuration
Sets the maximum age parameter,
which defines how long bridge
protocol data units (BPDUs) are
stored by the switch before they are
deleted.
“SPANNING-TREE MODE STP” on
page 805
Global
Configuration
Designates STP as the active
spanning tree protocol on the switch.
“SPANNING-TREE PATH-COST” on
page 806
Port Interface
Specifies the cost of a port to the root
bridge.
“SPANNING-TREE PORTFAST” on
page 807
Port Interface
Designates edge ports on the
specified port.
797
Chapter 55: STP Commands
Table 90. Spanning Tree Protocol Commands (Continued)
Command
Mode
Description
“SPANNING-TREE PORTFAST
BPDU-GUARD” on page 808
Global
Configuration
Enables the BPDU guard feature so
that the switch monitors edge ports
and disables them if they receive
BPDUs.
“SPANNING-TREE PRIORITY (Bridge
Priority)” on page 809
Global
Configuration
Assigns the switch a priority number.
“SPANNING-TREE Priority (Port
Priority)” on page 810
Port Interface
Assigns a priority value to a port.
“SPANNING-TREE STP ENABLE” on
page 811
Global
Configuration
Enables STP on the switch.
798
AT-8100 Switch Command Line User’s Guide
NO SPANNING-TREE STP ENABLE
Syntax
no spanning-tree stp enable
Parameters
None
Mode
Global Configuration mode
Description
Use this command to disable STP on the switch. To view the current
status of STP, refer to “SHOW SPANNING-TREE” on page 800. The
default setting is disabled.
Note
Before disabling the spanning tree protocol on the switch, display
the STP states of the ports and disconnect the network cables from
any ports that are in the discarding state. Ports that are in the
discarding state begin to forward traffic again when STP is disabled.
Leaving the cables connected may result in broadcast storms from
network loops. To view the states of the ports, refer to “SHOW
SPANNING-TREE” on page 800.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162 or “SHOW SPANNING-TREE”
on page 800
Example
This example disables STP on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# no spanning-tree stp enable
799
Chapter 55: STP Commands
SHOW SPANNING-TREE
Syntax
show spanning-tree [interface port]
Parameters
port
Specifies a port. You can specify more than one port at a time in
the command. The switch displays the STP settings for all the
ports if you omit this parameter.
Modes
Privileged Exec mode
Description
Use this command to display the STP settings on the switch. An example
of the display is shown in Figure 156.
%
%
%
%
%
%
%
%
%
%
%
%
%
%
Default: Bridge up - Spanning Tree Enabled
Default: Bridge Priority 32768
Default: Forward Delay 15 - Hello Time 2 - Max Age 20
Default: Root Id 001577cce242
Default: Bridge Id 001577cce242
port1.0.1: Port Id 33025 - Role Disabled - State Disabled
port1.0.1: Designated Path Cost 0
port1.0.1: Configured Path Cost 0 - Add type Explicit ref count 1
port1.0.1: Designated Port Id 33025 - Priority 128 port1.0.1: Root 000000000000
port1.0.1: Designated Bridge 000000000000
port1.0.1: Max Age 20
port1.0.1: Hello Time 2 - Forward Delay 15
port1.0.1: Version Spanning Tree Protocol
Figure 156. SHOW SPANNING-TREE Command for STP
Examples
This command displays the STP settings for all the ports:
awplus# show spanning-tree
This command displays the STP settings for ports 1 and 4:
awplus# show spanning-tree interface port1.0.1,port1.0.4
800
AT-8100 Switch Command Line User’s Guide
SPANNING-TREE FORWARD-TIME
Syntax
spanning-tree forward-time forwardtime
Parameters
forwardtime
Specifies the forward time. The range is 4 to 30 seconds. The
default is 15 seconds.
Mode
Global Configuration mode
Description
Use this command to set the forward time parameter on the switch. This
parameter specifies how long the ports remain in the listening and learning
states before they transition to the forwarding state.
This parameter is active only if the switch is acting as the root bridge of the
spanning tree domain. Switches that are not acting as the root bridge use
a dynamic value supplied by the root bridge.
The forward time, max-age and hello time parameters should be set
according to the following formulas, as specified in IEEE Standard 802.1d:
max-age <= 2 x (forward time - 1.0 second)
max-age >= 2 x (hello time + 1.0 second)
Use the no version of this command, NO SPANNING-TREE FORWARDTIME, to set the command to its default value of 15 seconds.
Confirmation Command
“SHOW SPANNING-TREE” on page 800
Example
This example set the forward time on the switch to 25 seconds:
awplus> enable
awplus# configure terminal
awplus(config)# spanning-tree forward-time 25
801
Chapter 55: STP Commands
SPANNING-TREE GUARD ROOT
Syntax
spanning-tree guard root
Parameters
None
Mode
Port Interface mode
Description
Use this command to enable the Root Guard feature on the specified port.
The Root Guard feature ensures that the port on which it is enabled is a
designated port. If a Root-Guard-enabled port receives a superior BPDU
that may cause it to become a root port, then the port traffic is placed in a
“root inconsistent” state. For STP, this state is a listening state.
Use the no version of this command, NO SPANNING-TREE GUARD
ROOT, to disable the Root Guard feature on the specified port.
To display the current setting for this parameter, refer to “SHOW
SPANNING-TREE” on page 800.
Confirmation Command
“SHOW SPANNING-TREE” on page 800
Examples
This example enables the Root Guard feature on port 7:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.7
awplus(config-if)# spanning-tree guard root
This example disable the Root Guard feature on port 12:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.12
awplus(config-if)# no spanning-tree guard root
802
AT-8100 Switch Command Line User’s Guide
SPANNING-TREE HELLO-TIME
Syntax
spanning-tree hello-time hellotime
Parameters
hellotime
Specifies the hello time. The range is 1 to 10 seconds. The default
is 2 seconds.
Mode
Global Configuration mode
Description
Use this command to set the hello time parameter on the switch. This
parameter controls how frequently the switch sends spanning tree
configuration information when it is the root bridge or is trying to become
the root bridge.
The forward time, max-age and hello time parameters should be set
according to the following formulas, as specified in IEEE Standard 802.1d:
max-age <= 2 x (forward time - 1.0 second)
max-age >= 2 x (hello time + 1.0 second)
To view the current setting for this parameter, refer to “SHOW
SPANNING-TREE” on page 800.
Use the no version of this command, NO SPANNING-TREE HELLOTIME, to set the command to its default value of 2 seconds.
Confirmation Command
“SHOW SPANNING-TREE” on page 800
Example
This example sets the hello time parameter on the switch to 7 seconds:
awplus> enable
awplus# configure terminal
awplus(config)# spanning-tree hello-time 7
803
Chapter 55: STP Commands
SPANNING-TREE MAX-AGE
Syntax
spanning-tree max-age maxage
Parameters
maxage
Specifies the max-age parameter. The range is 6 to 40 seconds.
The default is 20 seconds.
Mode
Global Configuration mode
Description
Use this command to set the maximum age parameter. This parameter
determines how long bridge protocol data units (BPDUs) are stored by the
switch before they are deleted.
The forward time, max-age and hello time parameters should be set
according to the following formulas, as specified in IEEE Standard 802.1d:
max-age <= 2 x (forward time - 1.0 second)
max-age => 2 x (hello time + 1.0 second)
Use the no form of this command, NO SPANNING-TREE MAX-AGE, to
set the command to its default value of 20 seconds.
Confirmation Command
“SHOW SPANNING-TREE” on page 800
Example
This example sets the maximum age parameter to 35 seconds:
awplus> enable
awplus# configure terminal
awplus(config)# spanning-tree max-age 35
804
AT-8100 Switch Command Line User’s Guide
SPANNING-TREE MODE STP
Syntax
spanning-tree mode stp
Parameters
None
Mode
Global Configuration mode
Description
Use this command to designate STP as the active spanning tree protocol
on the switch. You must select STP as the active spanning tree protocol
before you can enable it or configure its parameters.
Only one spanning tree protocol can be active on the switch at a time.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162
Example
This example designates STP as the active spanning tree protocol on the
switch:
awplus> enable
awplus# configure terminal
awplus(config)# spanning-tree mode stp
805
Chapter 55: STP Commands
SPANNING-TREE PATH-COST
Syntax
spanning-tree path-cost path-cost
Parameters
path-cost
Specifies the cost of a port to the root bridge. The range of 6 to 40.
Mode
Port Interface mode
Description
Use this command to specify the cost of a port to the root bridge. This cost
is combined with the costs of the other ports in the path to the root bridge,
to determine the total path cost. The lower the numeric value, the higher
the priority of the path. The range is 6 to 40.
Confirmation Command
“SHOW SPANNING-TREE” on page 800
Example
This example assigns port 2 a port cost of 15:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.2
awplus(config-if)# spanning-tree path-cost 15
806
AT-8100 Switch Command Line User’s Guide
SPANNING-TREE PORTFAST
Syntax
spanning-tree portfast
Parameters
None
Mode
Port Interface mode
Description
Use this command to designate an edge port on the switch. Edge ports are
not connected to spanning tree devices or to LANs that have spanning
tree devices. As a consequence, edge ports do not receive BPDUs. If an
edge port starts to receive BPDUs, it is no longer considered to be an
edge port.
This command is used in conjunction with the SPANNING-TREE
PORTFAST BPDU-GUARD command.
Confirmation Command
“SHOW SPANNING-TREE” on page 800
Example
This example sets configures port 17 as an edge port:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.17
awplus(config-if)# spanning-tree portfast
807
Chapter 55: STP Commands
SPANNING-TREE PORTFAST BPDU-GUARD
Syntax
spanning-tree portfast bpdu-guard
Parameters
None
Mode
Global Configuration mode
Description
Use this command to enable the BPDU guard feature so that the switch
monitors edge ports and disables them if they receive BPDU packets.
To disable an edge port that was disabled by the BPDU guard feature, use
the NO SPANNING-TREE PORTFAST BPDU-GUARD command.
Confirmation Command
“SHOW SPANNING-TREE” on page 800
Example
This example enables the BPDU guard feature:
awplus> enable
awplus# configure terminal
awplus(config)# spanning-tree portfast bpdu-guard
808
AT-8100 Switch Command Line User’s Guide
SPANNING-TREE PRIORITY (Bridge Priority)
Syntax
spanning-tree priority priority
Parameters
priority
Specifies a priority number for the switch.
Mode
Global Configuration mode
Description
Use this command to assign the switch a priority number. The device that
has the lowest priority number in the spanning tree domain becomes the
root bridge. If two or more devices have the same priority value, the device
with the numerically lowest MAC address becomes the root bridge.
The range is 0 to 61,440, in increments of 4,096. The priority values can
be set only in increments of 4,096. The default value is 32,768.
Use the no form of this command, NO SPANNING-TREE PRIORITY, to
reset the command to its default value of 32,768.
Confirmation Command
“SHOW SPANNING-TREE” on page 800
Example
This example sets the priority value of the switch to 8,192:
awplus> enable
awplus# configure terminal
awplus(config)# spanning-tree priority 8192
809
Chapter 55: STP Commands
SPANNING-TREE Priority (Port Priority)
Syntax
spanning-tree priority priority
Parameters
priority
Specifies the priority value for a port. The range is 0 to 240, in
increments of 16.
Mode
Port Interface mode
Description
Use this command to set the priority value of a port. This parameter is
used as a tie breaker when two or more ports have equal costs to the root
bridge. The range is 0 to 240 in increments of 16. The priority values can
be set only in increments of 16. The default is 128.
Use the no form of this command, NO SPANNING-TREE PRIORITY, to
reset the command to its default value of 128.
Confirmation Command
“SHOW SPANNING-TREE” on page 800
Example
This example assigns ports 16 and 17 a port priority value of 192:
awplus> enable
awplus# configure terminal
awplus(config)# interface port1.0.16,port1.0.17
awplus(config-if)# spanning-tree priority 192
810
AT-8100 Switch Command Line User’s Guide
SPANNING-TREE STP ENABLE
Syntax
spanning-tree stp enable
Parameters
None
Mode
Global Configuration mode
Description
Use this command to enable STP on the switch. You must designate STP
as the active spanning tree protocol on the switch before you can enable it
or configure its parameters. For instructions, refer to “SPANNING-TREE
MODE STP” on page 805.
Confirmation Command
“SHOW RUNNING-CONFIG” on page 162 or “SHOW SPANNING-TREE”
on page 800
Example
This example enables STP on the switch:
awplus> enable
awplus# configure terminal
awplus(config)# spanning-tree stp enable
811
Chapter 55: STP Commands
812
Chapter 56
Rapid Spanning Tree Protocol (RSTP)
Procedures
This chapter provides the following procedures:

“Designating RSTP as the Active Spanning Tree Protocol” on page 814

“Enabling the Rapid Spanning Tree Protocol” on page 815

“Configuring the Switch Parameters” on page 816

“Configuring the Port Parameters” on page 819

“Disabling the Rapid Spanning Tree Protocol” on page 823

“Displaying RSTP Settings” on page 824
813
Chapter 56: Rapid Spanning Tree Protocol (RSTP) Procedures
Designating RSTP as the Active Spanning Tree Protocol
The first step to using RSTP on