User manual | NETGEAR 8800 CLI Manual Chassis Switch CLI Manual
Add to My manuals1393 Pages
Below you will find brief information for Chassis Switch 8800 CLI Manual. The NETGEAR 8800 Chassis Switch CLI Manual provides details of the command syntax for all NETGEAR 8800 Chassis Switch commands as of Software Version 12.4. The guide does not provide feature descriptions, explanations of the technologies, or configuration examples. For information about the various features and technologies supported by NETGEAR switches, see the NETGEAR 8800 User Manual.
advertisement
350 East Plumeria Drive
San Jose, CA 95134
USA
March 2011
202-10802-01 v1.0
NETGEAR 8800
Chassis Switch CLI Manual
Software Version 12.4
NETGEAR 8800 Chassis Switch CLI Manual
© 2011 NETGEAR, Inc. All rights reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of NETGEAR, Inc.
Technical Support
Thank you for choosing NETGEAR. To register your product, get the latest product updates, or get support online, visit us at http://support.netgear.com.
Phone (US and Canada only): 1-888-NETGEAR
Phone (Other Countries): See Support information card.
Trademarks
NETGEAR, the NETGEAR logo, ReadyNAS, ProSafe, Smart Wizard, Auto Uplink, X-RAID2, and NeoTV are trademarks or registered trademarks of NETGEAR, Inc. Microsoft, Windows, Windows NT, and Vista are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders.
Statement of Conditions
To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use, or application of, the product(s) or circuit layout(s) described herein.
Revision History
Publication Part Number
202-10802-01
Version
v1.0
Publish Date
March 2011
Comments
First publication
2 |
Contents
Chapter 1 Command Reference Overview
Understanding the Command Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Command Shortcuts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Chapter 2 Commands for Accessing the Switch
Chapter 3 Commands for Managing the Switch
System Redundancy with Dual Management Modules Installed . . . . . . . . 58
Power Supply Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Simple Network Time Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Chapter 4 Commands for Managing the NETGEAR 8800 Software
Chapter 5 Commands for Configuring Slots and Ports on a
Switch
Chapter 6 Commands for Configuring LLDP
Chapter 7 PoE Commands
Summary of PoE Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Contents | 3
NETGEAR 8800 Chassis Switch CLI Manual
4 | Contents
Chapter 8 Commands for Status Monitoring and Statistics
Event Management System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Chapter 9 VLAN Commands
Chapter 10 FDB Commands
Chapter 11 Commands for Virtual Routers
Chapter 12 Policy Manager Commands
Chapter 13 ACL Commands
Chapter 14 QoS Commands
Chapter 15 Security Commands
Chapter 16 Network Login Commands
Chapter 17 STP Commands
Spanning Tree Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 738
Member VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 738
Encapsulation Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 740
STP Rules and Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 741
Chapter 18 VRRP Commands
Chapter 19 IP Unicast Commands
Chapter 20 IPv6 Unicast Commands
Chapter 21 RIP Commands
NETGEAR 8800 Chassis Switch CLI Manual
Chapter 22 RIPng Commands
Chapter 23 OSPF Commands
Chapter 24 OSPFv3 Commands
Chapter 25 BGP Commands
Chapter 26 IP Multicast Commands
Chapter 27 IPv6 Multicast Commands
Chapter 28 MSDP Commands
Chapter 29 vMAN (PBN) Commands
Appendix A Configuration and Image Commands
Appendix B Troubleshooting Commands
Event Management System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1345
Command List
Contents | 5
1.
Command Reference Overview
1
Introduction
This guide provides details of the command syntax for all NETGEAR 8800 Chassis Switch commands as of Software Version 12.4.
The guide does not provide feature descriptions, explanations of the technologies, or configuration examples. For information about the various features and technologies supported by NETGEAR switches, see the NETGEAR 8800 User Manual.
This chapter includes the following sections:
• Structure of this Guide on page 7
• Understanding the Command Syntax on page 7
• Line-Editing Keys on page 11
Audience
This guide is intended for use by network administrators who are responsible for installing and setting up network equipment. It assumes a basic working knowledge of the following:
•
Local area networks (LANs)
•
Ethernet concepts
•
Ethernet switching and bridging concepts
•
Routing concepts
•
Internet Protocol (IP) concepts
•
Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Intermediate
System-Intermediate System (IS-IS) concepts
•
Border Gateway Protocol (BGP-4) concepts
•
IP Multicast concepts
Chapter 1. Command Reference Overview | 6
NETGEAR 8800 Chassis Switch CLI Manual
•
Protocol Independent Multicast (PIM) concepts
•
Simple Network Management Protocol (SNMP)
Structure of this Guide
This guide documents each NETGEAR 8800 OS command. Related commands are grouped together and organized into chapters based on their most common usage. The chapters reflect the organization of the NETGEAR 8800 User Manual. If a specific command is relevant to a wide variety of functions and could be included in a number of different chapters, we have attempted to place the command in the most logical chapter. Within each chapter, commands appear in alphabetical order. You can use the Index of Commands to locate specific commands if they do not appear where you expect to find them.
For each command, the following information is provided:
•
Command Syntax—The actual syntax of the command. The syntax conventions (the
use of braces, for example) are defined in the section
•
Description—A brief one sentence summary of what the command does.
•
Syntax Description—The definition of any keywords and options used in the command.
•
Default—The defaults, if any, for this command. The default can be the default action of
the command if optional arguments are not provided, or it can be the default state of the switch (such as for an enable/disable command).
•
Usage Guidelines—Information to help you use the command. This may include
prerequisites, prohibitions, and related commands, as well as other information.
•
Example—Examples of the command usage, including output, if relevant.
Understanding the Command Syntax
This section covers the following topics:
• Command Shortcuts on page 10
Access Levels
When entering a command at the prompt, ensure that you have the appropriate privilege level. Most configuration commands require you to have the administrator privilege level.
Chapter 1. Command Reference Overview | 7
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Symbols
You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, but you do not type them as part of the command itself.
summarizes the command syntax symbols.
Note:
NETGEAR 8800 software does not support the ampersand (&), left angle bracket (<), or right angle bracket (>), because they are reserved characters with special meaning in XML.
Table 1. Command Syntax Symbols
Symbol Description
angle brackets < > Enclose a variable or value. You must specify the variable or value. For example, in the syntax configure vlan <vlan_name> ipaddress <ip_address> you must supply a VLAN name for <vlan_name> and an address for <ip_address> when entering the command. Do not type the angle brackets and do not include spaces within angle brackets.
square brackets [ ] Enclose a required value or list of required arguments. One or more values or arguments can be specified. For example, in the syntax use image [primary | secondary] you must specify either the primary or secondary image when entering the command. Do not type the square brackets.
vertical bar | Separates mutually exclusive items in a list, one of which must be entered. For example, in the syntax configure snmp community [readonly | readwrite]
<alphanumeric_string> you must specify either the read or write community string in the command. Do not type the vertical bar.
braces { } Enclose an optional value or a list of optional arguments. One or more values or arguments can be specified. For example, in the syntax
reboot {time <month> <day> <year> <hour> <min> <sec>} {cancel} {msm
<slot_id>} {slot <slot-number> | node-address <node-address> | stack-topology {as-standby} }
you can specify either a particular date and time combination, or the keyword cancel to cancel a previously scheduled reboot. (In this command, if you do not specify an argument, the command will prompt asking if you want to reboot the switch now.) Do not type the braces.
Syntax Helper
The CLI has a built-in syntax helper. If you are unsure of the complete syntax for a particular command, enter as much of the command as possible and press TAB. The syntax helper
8 | Chapter 1. Command Reference Overview
NETGEAR 8800 Chassis Switch CLI Manual
provides a list of options for the remainder of the command, and places the cursor at the end of the command you have entered so far, ready for the next option.
If the command is one where the next option is a named component, such as a VLAN, access profile, or route map, the syntax helper also lists any currently configured names that might be used as the next option. In situations where this list might be very long, the syntax helper lists only one line of names, followed by an ellipses (...) to indicate that there are more names than can be displayed.
Some values (such as the <node-address>) are lengthy, but limited in number. The
NETGEAR 8800 places these values into a “namespace.” This allows command completion on these values.
The syntax helper also provides assistance if you have entered an incorrect command.
Abbreviated Syntax
Abbreviated syntax is the shortest unambiguous allowable abbreviation of a command or parameter. Typically, this is the first three letters of the command. If you do not enter enough letters to allow the switch to determine which command you mean, the syntax helper provides a list of the options based on the portion of the command you have entered.
Note:
When using abbreviated syntax, you must enter enough characters to make the command unambiguous and distinguishable to the switch.
Object Names
All named components within a category of the switch configuration, such as VLAN, must be given a unique object name. Object names must begin with an alphabetical character and may contain alphanumeric characters and underscores (_), but they cannot contain spaces.
The maximum allowed length for a name is 32 characters.
Object names can be reused across categories (for example, STPD and VLAN names). If the software encounters any ambiguity in the components within your command, it generates a message requesting that you clarify the object you specified.
Note:
If you use the same name across categories, NETGEAR recommends that you specify the identifying keyword as well as the actual name. If you do not use the keyword, the system may return an error message.
Chapter 1. Command Reference Overview | 9
NETGEAR 8800 Chassis Switch CLI Manual
Reserved Keywords
Keywords such as vlan
, stp
, and other 2nd level keywords, are determined to be reserved keywords and cannot be used as object names. This restriction applies to the specific word
(vlan) only, while expanded versions (vlan2) can be used.
A complete list of the reserved keywords for NETGEAR 8800 12.4 and later software is displayed in Table 8 of the NETGEAR 8800 User Manual. Any keyword that is not on this list can be used as an object name.
Command Shortcuts
Components are typically named using the create command. When you enter a command to configure a named component, you do not need to use the keyword of the component. For example, to create a VLAN, enter a VLAN name: create vlan engineering
Once you have created the VLAN with a unique name, you can then eliminate the keyword vlan
from all other commands that require the name to be entered (unless you used the same name for another category, such as STPD). For example, instead of entering the command: configure vlan engineering delete port 1:3,4:6 you could enter the following shortcut: configure engineering delete port 1:3,4:6
Port Numbering
Commands that require you to enter one or more port numbers use the parameter
<port_list>
in the syntax.
Note:
The keyword all acts on all possible ports; it continues on all ports even if one port in the sequence fails.
Numerical Ranges
On the NETGEAR 8800, the port number is a combination of the slot number and the port number. The nomenclature for the port number is as follows: slot:port
For example, if an I/O module that has a total of four ports is installed in slot 2 of the chassis, the following ports are valid:
•
2:1
10 | Chapter 1. Command Reference Overview
NETGEAR 8800 Chassis Switch CLI Manual
•
2:2
•
2:3
•
2:4
You can also use wildcard combinations (*) to specify multiple modular slot and port combinations. The following wildcard combinations are allowed:
•
slot:*
—Specifies all ports on a particular I/O module.
•
slot:
x-slot:y—Specifies a contiguous series of ports on a particular I/O module.
•
slot:
x-y—Specifies a contiguous series of ports on a particular I/O module.
•
slot a:x
slot b:y—Specifies a contiguous series of ports that begin on one I/O module or node and end on another node.
Line-Editing Keys
describes the line-editing keys available using the CLI.
Table 2. Line-Editing Keys
Key(s)
Left arrow or [Ctrl] + B
Description
Moves the cursor one character to the left.
Right arrow or [Ctrl] + F Moves the cursor one character to the right.
[Ctrl] + H or Backspace Deletes character to left of cursor and shifts remainder of line to left.
Delete or [Ctrl] + D
[Ctrl] + K
Insert
[Ctrl] + A
[Ctrl] + E
[Ctrl] + L
[Ctrl] + P or
Up Arrow
[Ctrl] + N or
Down Arrow
Deletes character under cursor and shifts remainder of line to left.
Deletes characters from under cursor to end of line.
Toggles on and off. When toggled on, inserts text and shifts previous text to right.
Moves cursor to first character in line.
Moves cursor to last character in line.
Clears screen and movers cursor to beginning of line.
Displays previous command in command history buffer and places cursor at end of command.
Displays next command in command history buffer and places cursor at end of command.
[Ctrl] + U
[Ctrl] + W
[Ctrl] + C
Clears all characters typed from cursor to beginning of line.
Deletes previous word.
Interrupts the current CLI command execution.
Chapter 1. Command Reference Overview | 11
NETGEAR 8800 Chassis Switch CLI Manual
Command History
The NETGEAR 8800 saves the commands you enter. You can display a list of these commands by using the following command:
If you use a command more than once, consecutively, the history will list only the first instance.
12 | Chapter 1. Command Reference Overview
2.
Commands for Accessing the Switch
2
This chapter describes commands used for:
•
Accessing and configuring the switch including how to set up user accounts, passwords, date and time settings, and software licenses
•
Managing passwords
•
Configuring the Domain Name Service (DNS) client
•
Checking basic switch connectivity
•
Enabling and displaying licenses
•
Returning the switch to safe defaults mode
NETGEAR 8800 supports the following two levels of management:
•
User
•
Administrator
A user-level account has viewing access to all manageable parameters, with the exception of:
•
User account database
•
SNMP community strings
A user-level account can change the password assigned to the account name and use the ping
command to test device reachability.
An administrator-level account can view and change all switch parameters. It can also add and delete users and change the password associated with any account name. The administrator can disconnect a management session that has been established by way of a Telnet connection.
If this happens, the user logged on by way of the Telnet connection is notified that the session has been terminated.
The DNS client in NETGEAR 8800 augments certain commands to accept either IP addresses or host names. For example, DNS can be used during a Telnet session when you are accessing a device or when using the ping command to check the connectivity of a device.
The switch offers the following commands for checking basic connectivity:
Chapter 2. Commands for Accessing the Switch | 13
NETGEAR 8800 Chassis Switch CLI Manual
command enables you to send Internet Control Message Protocol (ICMP) echo
messages to a remote IP device. The traceroute
command enables you to trace the routed
path between the switch and a destination endstation.
This chapter describes commands for enabling and displaying software, security, and feature pack licenses.
clear account lockout
clear account [all | <name>] lockout
Description
This command re-enables an account that has been locked out (disabled) for exceeding the
Syntax Description
all name
Specifies all users.
Specifies an account name.
Usage Guidelines
This command applies to sessions at the console port of the switch as well as all other sessions. You can re-enable both user and administrative accounts, once they have been disabled for exceeding the three failed login attempts.
Note:
The failsafe accounts are never locked out.
This command clears only the locked-out (or disabled) condition of the account. The action of locking out accounts following the failed login attempts remains until you turn it off by issuing the configure account [all | <name>] password-policy lockout-on-login failures off command.
Example
The following command re-enables the account finance, which had been locked out
(disabled) for exceeding 3 consecutive failed login attempts: clear account finance lockout
clear license-info
clear license-info
14 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Description
This command, which should be used only in conjunction with a representative from
NETGEAR, clears the licensing information from the switch.
Syntax Description
This command has no variables or parameters.
Default
N/A.
Usage Guidelines
Note:
Use this command only under the guidance of an NETGEAR representative.
This command clears licensing information from the switch. When you issue this command, the system requests a confirmation. If you answer yes, the system sends a Warning message to the log.
Example
The following command removes licensing information from the switch: clear license-info
clear session
clear session [history | <sessId> | all]
Description
Terminates a Telnet and/or SSH2 sessions from the switch.
Syntax Description
?
Default
N/A.
Usage Guidelines
An administrator-level account can disconnect a management session that has been established by way of a Telnet connection. You can determine the session number of the
session you want to terminate by using the show session
output displays information about current Telnet and/or SSH2 sessions including:
Chapter 2. Commands for Accessing the Switch | 15
NETGEAR 8800 Chassis Switch CLI Manual
•
The session number
•
The login date and time
•
The user name
•
The type of Telnet session
•
Authentication information
Depending on the software version running on your switch, additional session information
may be displayed. The session number is the first number displayed in the show session
output.
When invoked to the clear the session history, the command clears the information about all the previous sessions that were logged. The information about the active sessions remains intact.
Example
The following command terminates session 4 from the system: clear session 4
configure account
configure account [all | <name>]
Description
Configures a password for the specified account, either user account or administrative account.
Syntax Description
all name
Specifies all accounts (and future users).
Specifies an account name.
Default
N/A.
Usage Guidelines
You must create a user or administrative account before you can configure that account with
a password. Use the create account
command to create a user account.
The system prompts you to specify a password after you enter this command. You must enter a password for this command; passwords cannot be null and cannot include the following characters: “<“, “>”, and “?”.
16 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Note:
Once you issue this command, you cannot have a null password.
However, if you want to have a null password (that is, no password on the specified account), use the
command.
Passwords can have a minimum of 0 character and can have a maximum of 32 characters.
Both passwords and user names are case-sensitive.
Note:
If the account is configured to require a specific password format, the minimum is 8 characters. See
configure account password-policy char-validation
You must have administrator privileges to change passwords for accounts other than your own.
Example
The following command defines a new password green for the account marketing: configure account marketing
The switch responds with a password prompt: password: green
Your keystrokes will not be echoed as you enter the new password. After you enter the password, the switch will then prompt you to reenter it.
Reenter password: green
Assuming you enter it successfully a second time, the password is now changed.
configure account encrypted
configure account [all | <name>] encrypted <e-password>
Description
Encrypts the password that is entered in plain text for the specified account, either user account or administrative account.
Syntax Description
all name e-password
Specifies all accounts (and future users).
Specifies an account name.
Enter in plain text the string you for an encrypted password. See
for more information.
Chapter 2. Commands for Accessing the Switch | 17
NETGEAR 8800 Chassis Switch CLI Manual
Default
N/A.
Usage Guidelines
You must create a user or administrative account before you can configure that account with
a password. Use the create account
account
command to create a user account.
When you use this command, the following password that you specify in plain text is entered and displayed by the switch in an encrypted format. Administrators should enter the password in plain text. The encrypted password is then used by the switch once it encrypts the plain text password. The encrypted command should be used by the switch only to show, store, and load a system-generated encrypted password in configuration; this applies with the following commands:
,
.
Note:
Once you issue this command, you cannot have a null password.
However, if you want to have a null password (that is, no password
on the specified account), use the create account
command.
Passwords can have a minimum of 0 character and can have a maximum of 32 characters.
Both passwords and user names are case-sensitive.
Note:
If the account is configured to require a specific password format,
the minimum is 8 characters. See configure account password-policy char-validation
You must have administrator privileges to change passwords for accounts other than your own.
Example
The following command encrypts the password red for the account marketing: configure account marketing encrypted red
configure account password-policy char-validation
configure account [all | <name>] password-policy char-validation [none | all-char-groups]
Description
Requires that the user include an upper-case letter, a lower-case letter, a digit, and a symbol in the password.
18 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
all name none all-char-groups
Specifies all users (and future users).
Specifies an account name.
Resets password to accept all formats.
Specifies that the password must contain at least two characters from each of the four groups.
Note:
The password minimum length will be 8 characters if you specify this option.
Default
N/A.
Usage Guidelines
This feature is disabled by default.
Once you issue this command, each password must include at least two characters of each of the following four types:
•
Upper-case A-Z
•
Lower-case a-z
•
0-9
•
!, @, #, $, %, ^, *, (, )
The minimum number of characters for these specifically formatted passwords is 8 characters and the maximum is 32 characters.
Use the none
option to reset the password to accept all formats.
Example
The following command requires all users to use this specified format for all passwords: configure account all password-policy char-validation all-char-groups
configure account password-policy history
configure account [all | <name>] password-policy history [<num_passwords> | none]
Description
Configures the switch to verify the specified number of previous passwords for the account.
The user is prevented from changing the password on a user or administrative account to any of these previously saved passwords.
Chapter 2. Commands for Accessing the Switch | 19
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
all name num_passwords none
Specifies all accounts (and future users).
Specifies an account name.
Specifies the number of previous passwords the system verifies for each account. The range is 1 to 10 passwords.
Resets the system to not remember any previous passwords.
Default
N/A.
Usage Guidelines
Use this command to instruct the system to verify new passwords against a list of all previously used passwords, once an account successfully changes a password. The limit is the number of previous passwords that the system checks against in the record to verify the new password.
If this parameter is configured, the system returns an error message if a user attempts to change the password to one that is saved by the system (up to the configured limit) for that account; this applies to both user and administrative accounts. This also applies to a configured password on the default admin account on the switch.
The limit of previous passwords that the system checks for previous use is configurable from
1 to 10. Using the none
option disables previous password tracking and returns the system to the default state of no record of previous passwords.
Example
The following command instructs the system to verify that the new password has not been used as a password in the previous 5 passwords for the account engineering: configure account engineering password-policy history 5
configure account password-policy lockout-on-login-failures
configure account [all | <name>] password-policy lockout-on-login-failures [on | off]
Description
Disables an account after the user has 3 consecutive failed login attempts.
Syntax Description
all name
Specifies all users (and future users).
Specifies an account name.
20 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
on off
Specifies an account name.
Resets the password to never lockout the user.
Default
N/A.
Usage Guidelines
If you are not working on SSH, you can configure the number of failed logins that trigger lockout, using the
configure cli max-failed-logins <num-of-logins>
command.
This command applies to sessions at the console port of the switch as well as all other sessions and to user-level and administrator-level accounts. This command locks out the user after 3 consecutive failed login attempts; the user’s account must be specifically re-enabled by an administrator.
Using the off
option resets the account to allow innumerable consecutive failed login attempts, which is the system default. The system default is that 3 failed consecutive login attempts terminate the particular session, but the user may launch another session; there is no lockout feature by default.
Note:
The failsafe accounts are never locked out, no matter how many consecutive failed login attempts.
Example
The following command enables the account finance for lockout. After 3 consecutive failed login attempts, the account is subsequently locked out: configure account finance password-policy lockout-on-login-failures on
configure account password-policy max-age
configure account [all | <name>] password-policy max-age [<num_days> | none]
Description
Configures a time limit for the passwords for specified accounts. The passwords for the default admin account and the failsafe account do not age out.
Syntax Description
all name
Specifies all accounts (and future users).
Specifies an account name.
Chapter 2. Commands for Accessing the Switch | 21
NETGEAR 8800 Chassis Switch CLI Manual
num_days none
Specifies the length of time that a password can be used. The range is 1 to
365 days.
Resets the password to never expire.
Default
N/A.
Usage Guidelines
The passwords for the default admin account and the failsafe account never expire.
The time limit is specified in days, from 1 to 365 days. Existing sessions are not closed when the time limit expires; it will not open the next time the user attempts to log in.
When a user logs into an account with an expired password, the system first verifies that the entered password had been valid prior to expiring and then prompts the user to change the password.
Note:
This is the sole time that a user with a user-level (opposed to an administrator-level) account can make any changes to the user-level account.
Using the none option
prevents the password for the specified account from ever expiring (it resets the password to the system default of no time limit).
Example
The following command sets a 3-month time limit for the password for the account marketing: configure account marketing password-policy max-age 90
configure account password-policy min-length
configure account [all | <name>] password-policy min-length [<num_characters> | none]
Description
Requires a minimum number of characters for passwords.
Syntax Description
all name
Specifies all accounts (and future users).
Specifies an account name.
22 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
num_characters none
Specifies the minimum number of characters required for the password. The range is 1 to 32 characters.
Note:
If you configure the
configure account password-policy char-validation
minimum length is 8 characters.
Resets password to accept a minimum of 0 characters.
Note:
If you configure the
parameter, the minimum length is 8 characters.
Default
N/A.
Usage Guidelines
Use this command to configure a minimum length restriction for all passwords for specified accounts. This command affects the minimum allowed length for the next password; the current password is unaffected.
The minimum password length is configurable from 1 to 32 characters. Using the none
option disables the requirement of minimum password length and returns the system to the default state (password minimum is 0 by default).
Note:
If the account is configured to require a specific password format, the minimum is 8 characters. See
configure account password-policy char-validation
Example
The following command requires a minimum of 8 letters for the password for the account management: configure account management password-policy min-length 8
configure banner
configure banner {acknowledge)
Description
Configures the banner string that is displayed at the beginning of each login prompt of each session.
Chapter 2. Commands for Accessing the Switch | 23
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
acknowledge Specifies that the system return the user-defined message after the banner is displayed. The user must then press a key (any key) to accept before the login displays. Certain systems require this configuration (for example, the
U.S. Department of Defense).
Default
N/A.
Usage Guidelines
Press [Return] at the beginning of a line to terminate the command and apply the banner. To clear the banner, press [Return] at the beginning of the first line. You can enter up to 24 rows of 79-column text that is displayed before the login prompt of each session. To disable the acknowledgement feature, use the
command omitting the acknowledge parameter.
Note:
The system does not wait for a keypress when you use SSH for access; this only applies to the serial console login sessions and telnet sessions.
Example
The following command adds a banner, Welcome to the switch, before the login prompt: configure banner [Return]
Welcome to the switch
configure cli max-sessions
configure cli max-sessions <num-of-sessions>
Description
Limits number of simultaneous CLI sessions on the switch.
Syntax Description
num-of-sessions Specifies the maximum number of concurrent sessions permitted. The range is 1 to 16.
Default
The default is eight sessions.
24 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
The value must be greater than 0; the range is 1 to 16.
Example
The following command limits the number of simultaneous CLI sessions to ten: configure cli max-sessions 10
configure cli max-failed-logins
configure cli max-failed-logins <num-of-logins>
Description
Establishes the maximum number of failed logins permitted before the session is terminated.
Syntax Description
num-of-logins Specifies the maximum number of failed logins permitted; the range is 1 to 10.
Default
The default is three logins.
Usage Guidelines
The value must be greater than 0; the range is 1 to 10.
Example
The following command sets the maximum number of failed logins to five: configure cli max-failed-logins 5
configure dns-client add
configure dns-client add [domain-suffix <domain_name> | name-server <ip_address> {vr
<vr_name>}]
Description
Adds a domain suffix to the domain suffix list or a name server to the available server list for the DNS client.
Syntax Description
domain-suffix domain_name
Specifies adding a domain suffix.
Specifies a domain name.
Chapter 2. Commands for Accessing the Switch | 25
NETGEAR 8800 Chassis Switch CLI Manual
name-server ip_address vr vr_name
Specifies adding a name server.
Specifies an IP address for the name server.
Specifies use of a virtual router.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A of the NETGEAR 8800 User Manual.
Specifies a virtual router.
Default
N/A.
Usage Guidelines
The domain suffix list can include up to six items. If the use of all previous names fails to resolve a name, the most recently added entry on the domain suffix list will be the last name used during name resolution. This command will not overwrite any exiting entries. If a null string is used as the last suffix in the list, and all other lookups fail, the name resolver will attempt to look up the name with no suffix.
Up to eight DNS name servers can be configured. The default value for the virtual router used by the DNS client option is VR-Default.
Examples
The following command configures a domain name and adds it to the domain suffix list: configure dns-client add domain-suffix xyz_inc.com
The following command specifies that the switch use the DNS server 10.1.2.1: configure dns-client add name-server 10.1.2.1
The following command specifies that the switch use the virtual router Management: configure dns-client add name-server 10.1.2.1 vr “VR-Mgmt”
configure dns-client default-domain
configure dns-client default-domain <domain_name>
Description
Configures the domain that the DNS client uses if a fully qualified domain name is not entered.
Syntax Description
domain_name Specifies a default domain name.
26 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Default
N/A.
Usage Guidelines
The default domain name will be used to create a fully qualified host name when a domain name is not specified. For example, if the default domain name is set to “ food.com
” then when a command like “ ping dog
” is entered, the ping will actually be executed as “ ping dog.food.com
”.
Example
The following command configures the default domain name for the server: configure dns-client default-domain xyz_inc.com
configure dns-client delete
configure dns-client delete [domain-suffix <domain_name> | name-server <ip_address> {vr
<vr_name>}]
Description
Deletes a domain suffix from the domain suffix list or a name server from the available server list for the DNS client.
Syntax Description
domain-suffix domain_name name-server ip_address vr vr_name
Specifies deleting a domain suffix.
Specifies a domain name.
Specifies deleting a name server.
Specifies an IP address for the name server.
Specifies deleting a virtual router.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A of the NETGEAR 8800 User Manual.
Specifies a virtual router.
Default
N/A.
Usage Guidelines
Specifying a domain suffix removes an entry from the domain suffix list. If the deleted item was not the last entry in the list, all items that had been added later are moved up in the list. If no entries in the list match the domain name specified, an error message will be displayed.
Chapter 2. Commands for Accessing the Switch | 27
NETGEAR 8800 Chassis Switch CLI Manual
The default value for the virtual router used by the DNS client option is VR-Default.
Examples
The following command deletes a domain name from the domain suffix list: configure dns-client delete domain-suffix xyz_inc.com
The following command removes a DNS server from the list: configure dns-client delete name-server 10.1.2.1
configure failsafe-account
configure failsafe-account {[deny | permit]
[all | control | serial | ssh
{vr <vr-name>} | telnet {vr <vr-name>}]}
Description
Configures a name and password for the failsafe account, or restricts access to specified connection types.
Syntax Description
deny permit all control serial ssh telnet
Prohibits failsafe account usage over the specified connection type(s).
Allows a failsafe account to be used over the specified connection type(s).
Specifies all connection types.
Specifies internal access between nodes in a NETGEAR 8800 or between
MSMs/MMs in a chassis.
Specifies access over the switch console port.
Specifies access using SSH on specified or all virtual routers.
Specifies access using Telnet on specified or all virtual routers.
Default
The failsafe account is always configured. The default connection types over which failsafe account access is permitted are the same as if “permit all” is configured.
Usage Guidelines
The failsafe account is the account of last resort to access your switch.
If you use the command with no parameters, you are prompted for the failsafe account name and prompted twice to specify the password for the account. The password does not appear on the display at any time. You are not required to know the current failsafe account and password in order to change it.
28 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
If you use the command with the permit or deny parameter, the permitted connection types are altered as specified.
The failsafe account or permitted connection types are immediately saved to NVRAM on all
MSMs/MMs or active nodes.
Note:
The information that you use to configure the failsafe account cannot be recovered by NETGEAR. Technical support cannot retrieve passwords or account names for this account. Protect this information carefully.
Once you enter the failsafe account name, you are prompted to enter the password. Once you successfully log in to the failsafe account, you are logged in to an admin-level account.
Example
The following command changes the failsafe account: username to blue5green
and the password to red5yellow
.
XCM8806.1 # configure failsafe-account enter failsafe user name: blue5green enter failsafe password: enter password again:
XCM8806.2
The following example restricts usage of the failsafe account to the series console port and to access between MSMs.
XCM8810
.1 # configure failsafe-account deny all
XCM8810
.2 # configure failsafe-account permit serial
XCM8810 .3 # configure failsafe-account permit control
XCM8810 .4 #
configure idletimeout
configure idletimeout <minutes>
Description
Configures the time-out for idle console, SSH2, and Telnet sessions.
Syntax Description
minutes Specifies the time-out interval, in minutes. Range is 1 to 240 (1 minute to 4 hours).
Chapter 2. Commands for Accessing the Switch | 29
NETGEAR 8800 Chassis Switch CLI Manual
Default
The default time-out is 20 minutes.
Usage Guidelines
This command configures the length of time the switch will wait before disconnecting idle console, SSH2, or Telnet sessions. The idletimeout feature must be enabled for this command to have an effect (the idletimeout feature is enabled by default).
Example
The following command sets the time-out for idle login and console sessions to 10 minutes: configure idletimeout 10
configure safe-default-script
configure safe-default-script
Description
Allows you to change management access to your device and to enhance security.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
This command runs an interactive script that prompts you to choose to enable or disable
SNMP, Telnet, and enabled ports. Refer to the “Safe Defaults Setup Method” section in the
NETGEAR 8800 User Manual for complete information on the safe default mode.
Once you issue this command, the system presents you with the following interactive script:
Telnet is enabled by default. Telnet is unencrypted and has been the target of security exploits in the past.
Would you like to disable Telnet? [y/N]:
SNMP access is enabled by default. SNMP uses no encryption, SNMPv3 can be configured to eliminate this problem.
Would you like to disable SNMP? [y/N]:
All ports are enabled by default. In some secure applications, it maybe more
30 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
month day year hour min sec desirable for the ports to be turned off.
Would you like unconfigured ports to be turned off by default? [y/N]:
Changing the default failsafe account username and password is highly recommended. If you choose to do so, please remember the username and password as this information cannot be recovered by NETGEAR.
Would you like to change the failsafe account username and password now? [y/N]:
Would you like to permit failsafe account access via the management port?
[y/N]:
Since you have chosen less secure management methods, please remember to increase the security of your network by taking the following actions:
* change your admin password
* change your failsafe account username and password
* change your SNMP public and private strings
* consider using SNMPv3 to secure network management traffic
Example
The following command reruns the interactive script to configure management access: configure safe-default-script
configure time
configure time <month> <day> <year> <hour> <min> <sec>
Description
Configures the system date and time.
Syntax Description
Specifies the month. The range is 1-12.
Specifies the day of the month. The range is 1-31.
Specifies the year in the YYYY format.The range is 2003 to 2036.
Specifies the hour of the day. The range is 0 (midnight) to 23 (11 pm).
Specifies the minute. The range is 0-59.
Specifies the second. The range is 0-59.
Chapter 2. Commands for Accessing the Switch | 31
NETGEAR 8800 Chassis Switch CLI Manual
Default
N/A.
Usage Guidelines
The format for the system date and time is as follows: mm dd yyyy hh mm ss
The time uses a 24-hour clock format. You cannot set the year earlier than 2003 or past 2036.
You have the choice of inputting the entire time/date string. If you provide one item at a time and press TAB, the screen prompts you for the next item. Press <cr> to complete the input.
Example
The following command configures a system date of February 15, 2002 and a system time of
8:42 AM and 55 seconds: configure time 02 15 2002 08 42 55
configure timezone
configure timezone {name <tz_name>} <GMT_offset>
{autodst {name <dst_timezone_ID>} {<dst_offset>}
{begins [every <floatingday> | on <absoluteday>] {at <time_of_day>}
{ends [every <floatingday> | on <absoluteday>] {at <time_of_day>}}}
| noautodst}
Description
Configures the Greenwich Mean Time (GMT) offset and Daylight Saving Time (DST) preference.
Syntax Description
tz_name
GMT_offset autodst dst-timezone-ID dst_offset
Specifies an optional name for this timezone specification. May be up to six characters in length. The default is an empty string.
Specifies a Greenwich Mean Time (GMT) offset, in + or - minutes.
Enables automatic Daylight Saving Time.
Specifies an optional name for this DST specification. May be up to six characters in length. The default is an empty string.
Specifies an offset from standard time, in minutes. Value is in the range of 1 to 60. Default is 60 minutes.
32 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
floatingday absoluteday time_of_day noautodst
Specifies the day, week, and month of the year to begin or end DST each year. Format is:
<week> <day> <month> where:
• <week> is specified as [first | second | third | fourth | last] or 1-5.
• <day> is specified as [sunday | monday | tuesday | wednesday | thursday
| friday | saturday] or 1-7 (where 1 is Sunday).
• <month> is specified as [january | february | march | april | may | june | july
| august | september | october | november | december] or 1-12.
Default for beginning is second sunday march; default for ending is first sunday november.
Specifies a specific day of a specific year on which to begin or end DST.
Format is:
<month> <day> <year> where:
• <month> is specified as 1-12.
• <day> is specified as 1-31.
• <year> is specified as 2003-2035.
The year must be the same for the begin and end dates.
Specifies the time of day to begin or end Daylight Saving Time. May be specified as an hour (0-23) or as hour:minutes. Default is 2:00.
Disables automatic Daylight Saving Time.
Default
Autodst
, beginning every second Sunday in March, and ending every first Sunday in
November.
Usage Guidelines
Network Time Protocol (NTP) server updates are distributed using GMT time. To properly display the local time in logs and other timestamp information, the switch should be configured with the appropriate offset to GMT based on geographic location.
The gmt_offset
is specified in +/- minutes from the GMT time.
Automatic DST changes can be enabled or disabled. The default configuration, where DST begins on the second Sunday in March at 2:00 AM and ends the first Sunday in November at
2:00 AM, applies to most of North America (beginning in 2007), and can be configured with the following syntax:
configure timezone <gmt_offst> autodst
.
The starting and ending date and time for DST may be specified, as these vary in time zones around the world.
•
Use the every
keyword to specify a year-after-year repeating set of dates (for example, the last Sunday in March every year)
•
Use the on
keyword to specify a non-repeating, specific date for the specified year. If you use this option, you will need to specify the command again every year.
•
The begins
specification defaults to every second sunday march
.
Chapter 2. Commands for Accessing the Switch | 33
NETGEAR 8800 Chassis Switch CLI Manual
•
The ends
specification defaults to every first sunday november
.
•
The ends
date may occur earlier in the year than the begins
date. This will be the case for countries in the Southern Hemisphere.
•
If you specify only the starting or ending time (not both) the one you leave unspecified will be reset to its default.
•
The time_of_day
specification defaults to
2:00.
•
The timezone IDs are optional. They are used only in the display of timezone
configuration information in the show switch
command.
To disable automatic DST changes, re-specify the GMT offset using the noautodst
option:
configure timezone <gmt_offst> noautodst.
NTP updates are distributed using GMT time. To properly display the local time in logs and other timestamp information, the switch should be configured with the appropriate offset to
GMT based on geographical location.
Table 3. Greenwich Mean Time offsets
Cities GMT Offset in Hours
GMT Offset in Minutes
Common Time Zone References
+0:00 +0 GMT - Greenwich Mean
UT or UTC - Universal (Coordinated)
WET - Western European
-1:00
-2:00
-3:00
-4:00
-5:00
-6:00
-7:00
-8:00
-60
-120
-180
-240
-300
-360
-420
-480
WAT - West Africa
AT - Azores
AST - Atlantic Standard
EST - Eastern Standard
CST - Central Standard
MST - Mountain Standard
PST - Pacific Standard
London, England; Dublin, Ireland;
Edinburgh, Scotland; Lisbon, Portugal;
Reykjavik, Iceland; Casablanca,
Morocco
Cape Verde Islands
Azores
Brasilia, Brazil; Buenos Aires,
Argentina; Georgetown, Guyana;
Caracas; La Paz
Bogota, Columbia; Lima, Peru; New
York, NY, Trevor City, MI USA
Mexico City, Mexico
Saskatchewan, Canada
Los Angeles, CA, Cupertino, CA,
Seattle, WA USA
-9:00
-10:00
-11:00
-12:00
-540
-600
-660
-720
YST - Yukon Standard
AHST - Alaska-Hawaii Standard
CAT - Central Alaska
HST - Hawaii Standard
NT - Nome
IDLW - International Date Line West
34 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Table 3. Greenwich Mean Time offsets (Continued)
+5:00
+5:30
+6:00
+7:00
+8:00
+9:00
+10:00
GMT Offset in Hours
GMT Offset in Minutes
Common Time Zone References
+1:00
+2:00
+3:00
+4:00
+60
+120
+180
+240
CET - Central European
FWT - French Winter
MET - Middle European
MEWT - Middle European Winter
SWT - Swedish Winter
Cities
Paris, France; Berlin, Germany;
Amsterdam, The Netherlands;
Brussels, Belgium; Vienna, Austria;
Madrid, Spain; Rome, Italy; Bern,
Switzerland; Stockholm, Sweden; Oslo,
Norway
EET - Eastern European, Russia Zone 1 Athens, Greece; Helsinki, Finland;
Istanbul, Turkey; Jerusalem, Israel;
Harare, Zimbabwe
BT - Baghdad, Russia Zone 2
ZP4 - Russia Zone 3
Kuwait; Nairobi, Kenya; Riyadh, Saudi
Arabia; Moscow, Russia; Tehran, Iran
Abu Dhabi, UAE; Muscat; Tblisi;
Volgograd; Kabul
+300
+330
+360
+420
+480
+540
+600
ZP5 - Russia Zone 4
IST – India Standard Time
ZP6 - Russia Zone 5
WAST - West Australian Standard
CCT - China Coast, Russia Zone 7
JST - Japan Standard, Russia Zone 8
EAST - East Australian Standard
GST - Guam Standard
Russia Zone 9
New Delhi, Pune, Allahabad, India
+11:00
+12:00
+660
+720 IDLE - International Date Line East
NZST - New Zealand Standard
NZT - New Zealand
Wellington, New Zealand; Fiji, Marshall
Islands
For name creation guidelines and a list of reserved names, see the section “Object Names” in the NETGEAR 8800 User Manual.
Example
The following command configures GMT offset for Mexico City, Mexico and disables automatic DST: configure timezone -360 noautodst
The following four commands are equivalent, and configure the GMT offset and automatic
DST adjustment for the US Eastern timezone, with an optional timezone ID of EST:
Chapter 2. Commands for Accessing the Switch | 35
NETGEAR 8800 Chassis Switch CLI Manual
configure timezone name EST -300 autodst name EDT 60 begins every second sunday march at 2:00 ends every first sunday november at 2:00 configure timezone name EST -300 autodst name EDT 60 begins every 1 1 4 at 2:00 ends every 5
1 10 at 2:00 configure timezone name EST -300 autodst name EDT configure timezone -300 autodst
The following command configures the GMT offset and automatic DST adjustment for the
Middle European timezone, with the optional timezone ID of MET: configure timezone name MET 60 autodst name MDT begins every last sunday march at 1 ends every last sunday october at 1
The following command configures the GMT offset and automatic DST adjustment for New
Zealand. The ending date must be configured each year because it occurs on the first
Sunday on or after March 5: configure timezone name NZST 720 autodst name NZDT 60 begins every first sunday october at 2 ends on 3/16/2002 at 2
create account
create account [admin | user] <account-name> {encrypted <password>}
Description
Creates a new user account.
Syntax Description
admin user account-name encrypted password
Specifies an access level for account type admin.
Specifies an access level for account type user.
Specifies a new user account name. See
information.
Specifies the encrypted option.
Specifies a user password. See
for more information.
Default
By default, the switch is configured with two accounts with the access levels shown in
.
36 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Table 4. User account levels
Account Name
admin user
Access Level
This user can access and change all manageable parameters. The admin account cannot be deleted.
This user can view (but not change) all manageable parameters, with the following exceptions:
• This user cannot view the user account database.
• This user cannot view the SNMP community strings.
• This user cannot view SSL settings.
This user has access to the ping command.
You can use the default names (admin and user), or you can create new names and passwords for the accounts. Default accounts do not have passwords assigned to them. For name creation guidelines and a list of reserved names, see the section “Object Names” in the
NETGEAR 8800 User Manual.
Usage Guidelines
The switch can have a total of 16 user accounts. The system must have one administrator account.
When you use the encrypted
keyword, the following password that you specify in plain text is entered and displayed by the switch in an encrypted format. Administrators should not use the encrypted option and should enter the password in plain text. The encrypted option is used by the switch after encrypting the plain text password. The encrypted option should be used by the switch only to show, store, and load a system-generated encrypted password in
configuration; this applies with the following commands: save configuration
The system prompts you to specify a password after you enter this command and to reenter the password. If you do not want a password associated with the specified account, press
Enter twice.
You must have administrator privileges to change passwords for accounts other than your own. User names and passwords are case-sensitive. User account names must have a minimum of 1 character and can have a maximum of 32 characters. Passwords must have a minimum of 0 characters and can have a maximum of 32 characters.
Note:
If the account is configured to require a specific password format, the minimum is 8 characters. See
configure account password-policy char-validation
Example
The following command creates a new account named John2 with administrator privileges:
Chapter 2. Commands for Accessing the Switch | 37
NETGEAR 8800 Chassis Switch CLI Manual
create account admin John2
delete account
delete account <name>
Description
Deletes a specified user account.
Syntax Description
name Specifies a user account name.
Default
N/A.
Usage Guidelines
Use the show accounts
command to determine which account you want to delete from the system. The show accounts output displays the following information in a tabular format:
•
The user name
•
Access information associated with each user
•
User login information
•
Session information
Depending on the software version running on your switch and the type of switch you have, additional account information may be displayed.
You must have administrator privileges to delete a user account. The system must have one administrator account; the command will fail if an attempt is made to delete the last administrator account on the system.
To ensure security, change the password on the default account, but do not delete it. The changed password will remain intact through configuration uploads and downloads.
If you must delete the default account, first create another administrator-level account.
Example
The following command deletes account John2: delete account John2
disable cli space-completion
disable cli space-completion
38 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Description
Disables the NETGEAR 8800 feature that completes a command automatically with the spacebar. If you disable this feature, you can still use the TAB key for auto-completion.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
None.
Example
The following command disables using the spacebar to automatically complete a command: disable cli space-completion
disable clipaging
disable clipaging
Description
Disables pausing at the end of each show screen.
Syntax Description
This command has no arguments or variables.
Default
Enabled.
Usage Guidelines
The command line interface (CLI) is designed for use in a VT100 environment. Most show command output will pause when the display reaches the end of a page. This command disables the pause mechanism and allows the display to print continuously to the screen.
CLI paging is only active on a per-shell session basis. In other words, when you enable or disable CLI paging from within the current configuration, it only affects that session. For new or existing sessions, paging is enabled by default. This setting cannot be saved.
To view the status of CLI paging on the switch, use the show management
command displays information about the switch including the enable/disable
state for CLI paging.
Chapter 2. Commands for Accessing the Switch | 39
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command disables clipaging and allows you to print continuously to the screen: disable clipaging
disable idletimeout
disable idletimeout
Description
Disables the timer that disconnects idle sessions from the switch.
Syntax Description
This command has no arguments or variables.
Default
Enabled. Timeout 20 minutes.
Usage Guidelines
When idle time-outs are disabled, console sessions remain open until the switch is rebooted or until you logoff. Telnet sessions remain open until you close the Telnet client.
If you have an SSH2 session and disable the idle timer, the SSH2 connection times out after
61 minutes of inactivity.
To view the status of idle time-outs on the switch, use the show management
command displays information about the switch including the
enable/disable state for idle time-outs.
Example
The following command disables the timer that disconnects all sessions to the switch: disable idletimeout
enable cli space-completion
enable cli space-completion
Description
Enables the NETGEAR 8800 feature that completes a command automatically with the spacebar. You can also use the TAB key for auto-completion.
Syntax Description
This command has no arguments or variables.
40 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Default
Disabled.
Usage Guidelines
None.
Example
The following command enables using the spacebar to automatically complete a command: enable cli space-completion
enable clipaging
enable clipaging
Description
Enables the pause mechanism and does not allow the display to print continuously to the screen.
Syntax Description
This command has no arguments or variables.
Default
Enabled.
Usage Guidelines
The command line interface (CLI) is designed for use in a VT100 environment. Most show command output will pause when the display reaches the end of a page.
To view the status of CLI paging on the switch, use the show management
command displays information about the switch including the enable/disable
state for CLI paging.
If CLI paging is enabled and you use the show tech
command to diagnose system technical problems, the CLI paging feature is disabled.
CLI paging is only active on a per-shell session basis. In other words, when you enable or disable CLI paging from within the current configuration, it only affects that session. For new or existing sessions, paging is enabled by default. This setting cannot be saved.
Example
The following command enables clipaging and does not allow the display to print continuously to the screen: enable clipaging
Chapter 2. Commands for Accessing the Switch | 41
NETGEAR 8800 Chassis Switch CLI Manual
enable idletimeout
enable idletimeout
Description
Enables a timer that disconnects Telnet, SSH2, and console sessions after a period of inactivity (20 minutes is default).
Syntax Description
This command has no arguments or variables.
Default
Enabled. Timeout 20 minutes.
Usage Guidelines
You can use this command to ensure that a Telnet, Secure Shell (SSH2), or console session is disconnected if it has been idle for the required length of time. This ensures that there are no hanging connections.
To change the period of inactivity that triggers the timeout for a Telnet, SSH2, or console
session, use the configure timezone
To view the status of idle timeouts on the switch, use the show management
command. The
command displays information about the switch including the
enable/disable state for idle timeouts. You can configure the length of the timeout interval.
Example
The following command enables a timer that disconnects any Telnet, SSH2, and console sessions after 20 minutes of inactivity: enable idletimeout
enable license software
enable license {software} <key>
Description
Enables software license or feature pack that allows you to use advanced features.
Syntax Description
key Specifies your hexadecimal license key in format xxxx-xxxx-xxxx-xxxx-xxxx.
42 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Default
N/A
Usage Guidelines
The software license levels that apply to NETGEAR 8800 software are described in Appendix
A of the NETGEAR 8800 User Manual.
To obtain a software license, specify the key in the format xxxx-xxxx-xxxx-xxxx-xxxx.
You obtain the software license key (or feature pack key) either by ordering it from the factory or by obtaining a license voucher from your NETGEAR supplier. You can obtain a regular software license or a trial software license, which allows you use of the license for either 30,
60 or 90 days; you cannot downgrade software licenses.
The voucher contains all the necessary information on the software license, whether regular or trial, and number of days for trial software license.
After you enable the software license or feature pack by entering the software key, the system returns a message that you either successfully or unsuccessfully set the license.
Once you enable the software license (or if you do not use the correct key, attempt to downgrade the license, or already installed the software license) you see one of the following messages:
Enabled license successfully.
Error: Unable to set license using supplied key.
Error: Unable to set license - downgrade of licenses is not supported.
Error: Unable to set license - license is already enabled.
Error: Unable to set license - trial license already enabled.
If you enable a trial license, the system generates a daily message showing the number of days until expiry.
Once installed (or enabled), the software license goes with the switch chassis itself (not with the MSM/MM module). The software license information is stored in EEPROM; the information persists through reboots, software upgrades, power outages, and reconfigurations.
If you attempt to execute a command and you do not either have the required software license or have reached the limits defined by the current software license level, the system returns one of the following messages:
Error: This command cannot be executed at the current license level.
Error: You have reached the maximum limit for this feature at this license level.
If you attempt to execute a command and you do not have the required feature pack, the system also returns a message.
To protect against attacks to install maliciously created license keys, the system has an exponential delay of each failed attempt to install a license.
To view the type of software license you are currently running on the switch, use the show licenses
command. The license key number is not displayed, but the type of software
Chapter 2. Commands for Accessing the Switch | 43
NETGEAR 8800 Chassis Switch CLI Manual
license is displayed in the show licenses
output. This command can be run on any node in a
NETGEAR 8800, regardless of its node role (Master, Standby, or Backup).
Example
The following command enables a software license on the switch: enable license 2d5e-0e84-e87d-c3fe-bfff
enable license file
enable license file <filename>
Description
Enables the text file that applies software licenses and feature packs licenses to more than one switch at a time.
Syntax Description
fileneame Specifies the filename that you download onto the switch using TFTP; the file extension is .xlic.
Default
N/A
Usage Guidelines
You download the license file to the switch using TFTP or SCP. The file name extension for this file is <xlic>; for example, you may see a file named systemlic.xlic.
Using this file, you enable the software and feature pack licenses for more than one switch simultaneously. The file can contain licenses for some or all of the NETGEAR switches that the customer owns. During upload, only those license keys destined for the specific switch are used to attempt enabling the licenses. The license file is a text file that has the switch serial number, software license type, and license key; it is removed from the switch after the licenses are enabled.
After you enable the license file, the system returns one or more of the following messages:
Enabled license successfully.
Error: Unable to set license <license_name> using supplied key.
Error: Unable to set license <license_name> - downgrade of licenses is not supported.
Error: Unable to set license <license_name> - license is already enabled.
Error: Unable to set license <license_name> - trial license already enabled.
To protect against attacks to install maliciously created license keys, the system has an exponential delay of each failed attempt to install a license.
44 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command enables a license file on the specified NETGEAR switches: enable license file santaclara.xlic
history
history
Description
Displays a list of all the commands entered on the switch.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
NETGEAR 8800 saves the commands you entered on the switch. Use the history
command to display a list of these commands.
Example
The following command displays all the commands entered on the switch: history
If you use a command more than once consecutively, the history will list only the first instance.
ping
ping {count <count> {start-size <start-size>} | continuous {start-size <start-size>} |
{start-size <start-size> {end-size <end-size>}}} {udp} {dont-fragment} {ttl <ttl>} {tos
<tos>} {interval <interval>} {vr <vrid>} {ipv4 <host> | ipv6 <host>} {from} {with record-route}
Description
Enables you to send User Datagram Protocol (UDP) or Internet Control Message Protocol
(ICMP) echo messages or to a remote IP device.
Syntax Description
count Specifies the number of ping requests to send.
Chapter 2. Commands for Accessing the Switch | 45
NETGEAR 8800 Chassis Switch CLI Manual
start-size continuous end-size udp dont-fragment ttl tos interval vr ipv4 ipv6 host from with record-route
Specifies the size, in bytes, of the packet to be sent, or the starting size if incremental packets are to be sent.
Specifies that UDP or ICMP echo messages to be sent continuously. This option can be interrupted by pressing [Ctrl} + C.
Specifies an end size for packets to be sent.
Specifies that the ping request should use UDP instead of ICMP.
Sets the IP to not fragment the bit.
Sets the TTL value.
Sets the TOS value.
Sets the time interval between sending out ping requests.
Specifies the virtual route to use for sending out the echo message. If not specified, VR-Default is used.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A of the NETGEAR 8800 User
Manual.
Specifies IPv4 transport.
Specifies IPv6 transport.
Note:
If you are contacting an IPv6 link local address, you must specify the VLAN you are sending the message from: ping
<ipv6> <link-local address> %<vlan_name> <host>
.
Specifies a host name or IP address (either v4 or v6).
Uses the specified source address. If not specified, the address of the transmitting interface is used.
Sets the traceroute information.
Default
N/A.
Usage Guidelines
command is used to test for connectivity to a specific host.
You use the ipv6
variable to ping an IPv6 host by generating an ICMPv6 echo request message and sending the message to the specified address. If you are contacting an IPv6 link local address, you must specify the VLAN you sending the message from, as shown in the following example (you must include the % sign): ping <ipv6> <link-local address>
%<vlan_name> <host>
.
command is available for both the user and administrator privilege level.
46 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command enables continuous ICMP echo messages to be sent to a remote host: ping continuous 123.45.67.8
reboot
reboot {time <month> <day> <year> <hour> <min> <sec>} {cancel} {msm <slot_id>} {slot
<slot-number> | node-address <node-address> | stack-topology {as-standby} }
Description
Reboots the switch or the module in the specified slot at a specified date and time.
Syntax Description
time cancel msm slot_id slot-number node-address stack-topology as-standby
Specifies a reboot date in mm dd yyyy format and reboot time in hh mm ss format.
Cancels a previously scheduled reboot.
Specifies rebooting the MSM module.
Specifies the slot--A or B--for an MSM module.
Specifies the slot number currently being used by the active stack node that is to be rebooted
Specifies the MAC address of the node to be rebooted
Specifies that the entire NETGEAR 8800 is to be rebooted whether or not nodes are active
Specifies that all stack nodes that are to be rebooted are to operate as if configured to not be master-capable
Default
N/A.
Usage Guidelines
If you do not specify a reboot time, the switch will reboot immediately following the command, and any previously scheduled reboots are cancelled. Prior to rebooting, the switch returns the following message:
Do you want to save configuration changes to primary and reboot?
(y - save and reboot, n - reboot without save, <cr> - cancel command)
To cancel a previously scheduled reboot, use the cancel
option.
The modules that can be rebooted are management switch fabric modules
(MSM)/management modules (MM).
Chapter 2. Commands for Accessing the Switch | 47
NETGEAR 8800 Chassis Switch CLI Manual
On the NETGEAR 8800 series switches, if your default BootROM image becomes corrupted, you can force the MSM to boot from an alternate BootROM image by inserting a sharp object into the “A” and “R” holes on the MSM and applying slight pressure. Refer to the hardware documentation for information on the MSM.
The reboot MSM option on the 8800 series switches affects the entire module.
Example
The following command reboots the switch at 8:00 AM on April 15, 2005: reboot time 04 15 2005 08 00 00
show accounts
show accounts
Description
Displays user account information for all users on the switch.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
You need to create a user account using the create account
command before you can display user account information.
To view the accounts that have been created, you must have administrator privileges.
command displays the following information in a tabular format:
•
User Name—The name of the user. This list displays all of the users who have access to
the switch.
•
Access—This may be listed as R/W for read/write or RO for read only.
•
Login OK—The number of logins that are okay.
•
Failed—The number of failed logins.
•
Accounts locked out—Account configured to be locked out after 3 consecutive failed login
attempts (using the configure account password-policy lockout-on-login-failures
command).
Note:
This command does not show the failsafe account.
48 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command displays user account information on the switch: show accounts pppuser
Output from this command looks similar to the following:
User Name Access LoginOK Failed
---------------- ------ ------- ------
admin R/W 3 1
user RO 0 0
dbackman R/W 0 0
ron* RO 0 0
nocteam RO 0 0
----------------------------------------
(*) - Account locked
show accounts password-policy
show accounts password-policy
Description
Displays password policy information for all users on the switch.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
To view the password management information, you must have administrator privileges.
The show accounts password-policy
command displays the following information in a tabular format:
•
Global password management parameters applied to new accounts upon creation:
•
Maximum age—The maximum number of days for the passwords to remain valid.
•
History limit—The number of previous password that the switch scans prior to validating a new password.
•
Minimum length—The minimum number of characters in passwords.
•
Character validation—The passwords must be in the specific format required by the
configure account password-policy char-validation
command.
•
Lockout on login failures—If enabled, the system locks out users after 3 failed login attempts.
Chapter 2. Commands for Accessing the Switch | 49
NETGEAR 8800 Chassis Switch CLI Manual
•
Accounts locked out—Number of accounts locked out.
•
User Name—The name of the user. This list displays all of the users who have access to
the switch.
•
Password Expiry Date—Date the password for this account expires; may be blank.
•
Password Max. age—The number of days originally allowed to passwords on this
account; may show None.
•
Password Min. length—The minimum number of characters required for passwords on
this account; may show None.
•
Password History Limit—The number of previous passwords the system scans to
disallow duplication on this account; may show None.
Example
The following command displays the password management parameters configured for each account on the switch: show accounts password-policy
Output from this command looks similar to the following:
---------------------------------------------------------------------------
Accounts global configuration(applied to new accounts on creation)
---------------------------------------------------------------------------
Password Max. age : None
Password History limit : None
Password Min. length : None
Password Character Validation : Disabled
Accts. lockout on login failures: Disabled
Accounts locked out : No
---------------------------------------------------------------------------
User Name Password Password Password Password Flags
Expiry Max. age Min. len History
Date Limit
---------------------------------------------------------------------------
admin None None None ---
user None None None ---
test Apr-17-2005 12 32 9 C--
---------------------------------------------------------------------------
Flags: (C) Password character validation enabled, (L) Account locked out
(l) Account lockout on login failures enabled
show banner
show banner
Description
Displays the user-configured banner string.
50 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
Use this command to view the banner that is displayed before the login prompt.
Example
The following command displays the switch banner: show banner
Output from this command varies depending on your configuration; the following is one example:
NETGEAR 8800 Switch
#########################################################
Unauthorized Access is strictly prohibited.
Violators will be prosecuted
#########################################################
show dns-client
show dns-client
Description
Displays the DNS configuration.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
None.
Example
The following command displays the DNS configuration: show dns-client
Chapter 2. Commands for Accessing the Switch | 51
NETGEAR 8800 Chassis Switch CLI Manual
Output from this command looks similar to the following:
Number of domain suffixes: 2
Domain Suffix 1: njudah.local
Domain Suffix 2: dbackman.com
Number of name servers: 2
Name Server 1: 172.17.1.104
Name Server 2: 172.17.1.123
show failsafe-account
show failsafe-account
Description
Displays whether the user configured a username and password for the failsafe account or shows the configured connection type access restrictions.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
Use this command to view the failsafe account configuration.
The command shows the access permissions and whether or not the user configured a username and password. It does not show the configured username or password.
Example
The following command displays the failsafe account configuration. show failsafe-account
Output from this command looks similar to the following when a failsafe account username and password have been configured with all connections types permitted for failsafe account access:
BD-8810.7 # show failsafe-account
User-Specified Failsafe Account Username and Password are in effect for these connection types:
- Serial Console
- Control Fabric (inter-node)
- Mgmt VR Telnet
- Mgmt VR SSH
- User VR Telnet
- User VR SSH
BD-8810.8 #
52 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
show licenses
show licenses
Description
Displays current software license level and feature packs enabled on your switches.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
The command displays information on the software license level and feature packs enabled on the switch, including the trial license and days left to expiry.
Note:
Refer to the specific chapter that discusses each feature of the
NETGEAR 8800 User Manual to determine if a license is required for some functionality. If not noted, all functionality is available, and license is not required.
Example
The following command displays the license level configuration: show licenses
Output from this command looks similar to the following:
XCM8806.2 # show license
Enabled License Level:
NETGEAR AdvancedCore
Enabled Feature Packs:
None
XCM8806.3 #
show switch
show switch {detail}
Description
Displays the current switch information.
Chapter 2. Commands for Accessing the Switch | 53
NETGEAR 8800 Chassis Switch CLI Manual
This command displays the Master and Backup node information if executed on the Master, and displays the current node and the Master node information if executed on any other node.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
The show switch
command displays:
•
sysName, sysLocation, sysContact
•
MAC address
•
System type
•
System health check
•
Recovery mode
•
Watchdog state
•
Current date, time, system boot time, and time zone configuration
•
Any scheduled reboot information
•
System up time
•
Master and Backup information
•
Current state (available only on stand-alone switches)
•
OPERATIONAL
•
OPERATIONAL (OverHeat)
•
FAILED
•
Software image information (primary/secondary image and version)
•
Configuration information (primary/secondary configuration and version)
This information may be useful for your technical support representative if you have a problem.
Depending on the software version running on your switch, additional or different switch information may be displayed.
On a stack the following additional information will be available:
•
System Type
•
System UpTime
•
Details of Master and Backup, or current node and Master
54 | Chapter 2. Commands for Accessing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command displays current switch information: show switch
Output from this command looks similar to the following:
SysName: BD-8810Rack3
SysLocation:
SysContact:
System MAC: 00:04:96:1D:00:C0
System Type: BD-8810
SysHealth check: Enabled (Normal)
Recovery Mode: All
System Watchdog: Enabled
Current Time: Fri Feb 13 02:25:24 1925
Timezone: [Auto DST Disabled] GMT Offset: 0 minutes, name is UTC.
Boot Time: Wed Feb 11 21:39:56 1925
Boot Count: 159
Next Reboot: None scheduled
System UpTime: 1 day 4 hours 45 minutes 28 seconds
Slot: MSM-A * MSM-B
------------------------ ------------------------
Current State: MASTER BACKUP (In Sync)
Image Selected: secondary secondary
Image Booted: primary primary
Primary ver: 12.0.0.4 12.0.0.4
Secondary ver: 12.0.0.4 12.0.0.4
Config Selected: primary.cfg primary.cfg
Config Booted: primary.cfg primary.cfg primary.cfg Created by NETGEAR 8800 version 11.6.0.30
574246 bytes saved on Wed Jul 30 19:39:55 1924
The show switch detail command displays the same information shown above.
traceroute
traceroute {vr <vrid>} {ipv4 <host>} {ipv6 <host>} {ttl <number>} {from <from>} {[port
<port>] | icmp}
Description
Enables you to trace the routed path between the switch and a destination endstation.
Chapter 2. Commands for Accessing the Switch | 55
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
vr vrid ipv4 ipv6 host ttl <number> from <from> port <port> icmp
Specifies a virtual router.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A of the NETGEAR 8800 User Manual.
Specifies which virtual router.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A of the NETGEAR 8800 User Manual.
Specifies IPv4 transport.
Specifies IPv6 transport.
Specifies the host of the destination endstation.
Configures the switch to trace up to the time-to-live number of the switch.
Uses the specified source address in the ICMP packet. If not specified, the address of the transmitting interface is used.
Specifies the UDP port number.
Configures the switch to send ICMP echo messages to trace the routed path between the switch and a destination endstation.
Default
N/A.
Usage Guidelines
Use this command to trace the routed path between the switch and a destination endstation.
Each router along the path is displayed.
Example
The following command enables the traceroute function to a destination of 123.45.67.8: traceroute 123.45.67.8
The following is sample output that displays when the traceroute fails: traceroute to 10.209.10.37, 30 hops max
1 0.0.0.0 * !u * !u * !u
--- Packet Response/Error Flags ---
(*) No response, (!N) ICMP network unreachable, (!H) ICMP host unreachable,
(!P) ICMP protocol unreachable, (!F) ICMP fragmentation needed,
(!S) ICMP source route failed, (!u) Transmit error, network unreachable,
(!f) Transmit error, fragmentation needed, (!t) General transmit error
56 | Chapter 2. Commands for Accessing the Switch
3.
Commands for Managing the Switch
3
This chapter describes commands for:
•
Configuring Simple Network Management Protocol (SNMP) parameters on the switch
•
Managing the switch using Telnet
•
Transferring files using the Trivial File Transfer Protocol (TFTP)
•
Configuring system redundancy
•
Displaying power management statistics on the switch
•
Configuring Simple Network Time Protocol (SNTP) parameters on the switch
SNMP
Any network manager running the Simple Network Management Protocol (SNMP) can manage the switch, if the Management Information Base (MIB) is installed correctly on the management station. Each network manager provides its own user interface to the management facilities.
The following SNMP parameters can be configured on the switch:
•
Authorized trap receivers— An authorized trap receiver can be one or more network management stations on your network. The switch sends SNMP traps to all trap receivers. Entries in this list can be created, modified, and deleted using the RMON2 trapDestTable MIB table, as described in RFC 2021, and the SNMPv3 tables.
•
Authorized managers—An authorized manager can be either a single network management station, or a range of addresses (for example, a complete subnet) specified by a prefix and a mask.
•
Community strings—The community strings allow a simple method of authentication between the switch and the remote network manager. The default read-only community string is public. The default read-write community string is private. The community strings for all authorized trap receivers must be configured on the switch for the trap receiver to receive switch-generated traps.
•
System contact (optional)—The system contact is a text field that enables you to enter the name of the person(s) responsible for managing the switch.
•
System name (optional)—The system name enables you to enter a name that you have assigned to this switch. The default name is the model name of the switch (for example,
BD-1.2).
Chapter 3. Commands for Managing the Switch | 57
NETGEAR 8800 Chassis Switch CLI Manual
•
System location (optional)—Using the system location field, you can find the location of the switch.
Note:
If you specify volatile storage when configuring SNMP parameters, that configuration is not saved across a switch reboot.
Telnet
Telnet allows you to access the switch remotely using TCP/IP through one of the switch ports or a workstation with a Telnet facility. If you access the switch via Telnet, you will use the command line interface (CLI) to manage the switch and modify switch configurations.
TFTP
NETGEAR 8800 supports the Trivial File Transfer Protocol (TFTP) based on RFC 1350.
TFTP is a method used to transfer files from one network device to another. The NETGEAR
8800 TFTP client is a command line application used to contact an external TFTP server on the network. For example, the NETGEAR 8800 uses TFTP to download software image files, switch configuration files, and access control lists (ACLs) from a server on the network to the switch.
System Redundancy with Dual Management Modules
Installed
If you install two MSMs/MMs, one assumes the role of primary and the other assumes the role of backup. The primary MSM/MM provides all of the switch management functions including bringing up and programming the I/O modules, running the bridging and routing protocols, and configuring the switch. The primary also keeps synchronized with the backup
MSM/MM in case the backup MSM/MM needs to take over the management functions if the primary MSM/MM fails.
Power Supply Management
On the NETGEAR 8800, the 8800 OS monitors and manages power consumption on the switch by periodically checking the power supply units (PSUs) and testing them for failures.
To determine the health of the PSU, the 8800 OS checks the voltage, current, and temperature of the PSU.
The power management capability of the NETGEAR 8800 OS:
•
Protects the system from overload conditions.
58 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
•
Monitors all installed PSUs, even installed PSUs that are disabled.
•
Enables and disables PSUs as required .
•
Powers up or down I/O modules based on available power and required power resources.
•
Logs power resource changes, including power budget, total available power, redundancy, and so on.
•
Detects and isolates faulty PSUs.
Simple Network Time Protocol
The NETGEAR 8800 supports the client portion of the Simple Network Time Protocol (SNTP)
Version 3 based on RFC1769. SNTP can be used by the switch to update and synchronize its internal clock from a Network Time Protocol (NTP) server. When enabled, the switch sends out a periodic query to the indicated NTP server, or the switch listens to broadcast
NTP updates. In addition, the switch supports the configured setting for Greenwich Mean time (GMT) offset and the use of Daylight Saving Time.
configure node priority
configure node slot <slot_id> priority <node_pri>
Description
Configures the priority of the node.
Syntax Description
slot_id node_pri
Specifies the slot of the node. A is for the MSM/MM installed in slot A. B is for the MSM/MM installed in slot B.
Specifies the priority of the node. The default 0 gives MSM-A a higher priority over MSM-B. The range is 1 to 100; 0 means you have not configured a node priority.
Default
Default node priority is 0.
Usage Guidelines
Use this command to configure the priority of the node. The lower the number, the higher the priority.
The node priority is part of the selection criteria for the primary node. The following list describes the parameters used to determine the primary node:
Chapter 3. Commands for Managing the Switch | 59
NETGEAR 8800 Chassis Switch CLI Manual
•
Node state—The node state must be STANDBY to participate in leader election and to be selected primary. If the node is in the INIT, DOWN, or FAIL states, the node will not participate in leader election.
•
Configuration priority—This is a user assigned priority. The configured priority is compared only after the node meets the minimum thresholds in each category for it to be healthy. Required processes and devices must not fail.
•
Software health—This represents the percent of processes available.
•
Health of secondary hardware components—This represents the health of switch components, such as the power supplies, fans, and so forth.
•
Slot ID—The MSM/MM slot where the node is installed (MSM-A or MSM-B).
If you do not configure any priorities, MSM-A has a higher priority than MSM-B.
Example
The following command configures a priority of 2 for MSM-B: configure node slot B priority 2
configure power supply
configure power supply <ps_num> {auto | on}
Description
Configures a power supply for either automatic power management, or forced on, regardless of the impact to the total available system power.
Syntax Description
ps_num auto on
Specifies the slot number of the installed power supply unit (PSU) to which this command applies.
Specifies that the NETGEAR 8800 determine the enabled or disabled state of the PSU to maximize total system power. This is the default.
Specifies that the PSU be enabled even if the NETGEAR 8800 determines it should be disabled. This action may reduce the total available system power and may result in one or more I/O modules powering down.
Default
The default setting is auto; the NETGEAR 8800 either enables or disables the PSU in order to maximize total system power.
Usage Guidelines
If a switch has PSUs with a mix of both 220V AC and 110V AC inputs, the NETGEAR 8800 maximizes system power by automatically taking one of two possible actions:
60 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
•
If all PSUs are enabled then all PSUs must be budgeted at 110V AC to prevent overload of PSUs with 110V AC inputs.
OR
•
If the PSUs with 110V AC inputs are disabled, then the PSUs with 220V AC inputs can be budgeted with a higher output per PSU.
The NETGEAR 8800 computes the total available power using both methods and automatically uses the PSU configuration that provides the greatest amount of power to the switch.
lists combinations where the NETGEAR 8800 maximizes system power by
disabling the PSUs with 110V AC inputs.
Table 5. PSU Combinations Where 110V PSUs Are Disabled
4
5
3
4
2
3
Number of PSUs with 220V AC
Inputs
2
1
2
1
1
1
Number of PSUs with 110V AC
Inputs
For all other combinations of 220V AC and 110V AC PSUs, the NETGEAR 8800 maximizes system power by enabling all PSUs and budgeting each PSU at 110V AC.
In addition to the PSU, you can specify the following options:
•
auto
—Specifies that the NETGEAR 8800 determine the enabled or disabled state of the
PSU to maximize total system power. This is the default.
•
on
—Specifies that the PSU be enabled even if the NETGEAR 8800 determines it should be disabled. This action may reduce the total available system power and may result in one or more I/O modules powering down.
You can override automatic power supply management to enable a PSU with 110V AC inputs that the NETGEAR 8800 disables if the need arises, such as for a planned maintenance of
220V AC circuits. If the combination of AC inputs represents one of those listed in
, you can turn on a disabled PSU using the
<ps_num> on
command.
Note:
If you override automatic power supply management, you may reduce the available power and cause one or more I/O modules to power down.
Chapter 3. Commands for Managing the Switch | 61
NETGEAR 8800 Chassis Switch CLI Manual
To resume using automatic power supply management on a PSU, use the
<ps_num> auto
command. The setting for each PSU is stored as part of the switch configuration.
To display power supply status and power budget information use the
Example
The following command configures the PSU in slot 1 to be forced on when either 110V AC or
220V AC power input is present, overriding automatic power management: configure power supply 1 on
The switch displays the following message:
In a mixed environment of 110V and 220V AC inputs, power management may automatically disable 110V supplies to maximize the system power budget.
By specifying 'on', you wish to override power management and enable the specified power supply. This may cause the system power budget to decrease and one or more I/O cards may be powered off as a result.
Are you sure you want to continue? (y/n)
Enter y
to continue.
configure snmp access-profile
configure snmp access-profile [<profile_name> | none] {readonly | readwrite}
Description
Configures SNMP to use an ACL policy for access control.
Syntax Description
profile_name none readonly readwrite
Configures SNMP to use an ACL policy.
Cancels a previously configured ACL policy.
Specifies read-only access to the system.
Specifies read and write access to the system.
Default
SNMP access is enabled by default, with no ACL policies.
Usage Guidelines
You must be logged in as administrator to configure SNMP parameters.
62 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
You can restrict SNMP access by using an ACL and implementing an ACL policy. You create an ACL policy file that permits or denies a specific list of IP addresses and subnet masks for
SNMP. You must create the ACL policy file before you can use this command. If the ACL policy file does not exist on the switch, the switch returns an error message indicating that the file does not exist.
Use the none
option to remove a previously configured ACL.
In the ACL policy file for SNMP, the source-address
field is the only supported match condition. Any other match conditions are ignored.
Creating an ACL Policy File
To create an ACL policy file, use the
command. For more information about creating and implementing ACL policy files, see the chapters entitled “Policy Manager” and
“ACLs” in the NETGEAR 8800 User Manual.
If you attempt to implement a policy that does not exist, an error message similar to the following appears:
Error: Policy /config/MyAccessProfile.pol does not exist on file system
If this occurs, make sure the policy you want to implement exists. To confirm the existence of
command. If the policy does not exist, create the ACL policy file.
Viewing SNMP Information
To display the current management configuration, including SNMP access related information, whether SNMP access is enabled or disabled, and whether any ACL policies are configured for SNMP, use the following command:
Example
This example assumes that you already created an ACL to apply to SNMP.
The following command applies the ACL MyAccessProfile_2 to SNMP: configure snmp access-profile MyAccessProfile_2
configure snmp add community
configure snmp add community [readonly | readwrite] <alphanumeric_string>
Description
Adds an SNMP read or read/write community string.
Syntax Description
readonly readwrite
Specifies read-only access to the system.
Specifies read and write access to the system.
Chapter 3. Commands for Managing the Switch | 63
NETGEAR 8800 Chassis Switch CLI Manual
alphanumeric_string Specifies an SNMP community string name. See “Usage Guidelines” for more information.
Default
The default read-only community string is public. The default read/write community string is
private.
Usage Guidelines
Community strings provide a simple method of authentication between a switch and a remote network manager. Read community strings provide read-only access to the switch. The default read-only community string is public. Read-write community strings provide read and write access to the switch. The default read/write community string is private. Sixteen read-only and sixteen read/write community strings can be configured on the switch, including the defaults.
An authorized trap receiver must be configured to use the correct community strings on the switch for the trap receiver to receive switch-generated traps. In some cases, it may be useful to allow multiple community strings so that all switches and trap receivers are not forced to
use identical community strings. The configure snmp add community
command allows you to add multiple community strings in addition to the default community string.
An SNMP community string can contain up to 32 characters.
NETGEAR recommends that you change the defaults of the community strings. To change
Example
The following command adds a read/write community string with the value netgear: configure snmp add community readwrite netgear
configure snmp add trapreceiver
configure snmp add trapreceiver [<ip_address> | <ipv6_address>] community [[hex
<hex_community_name>] | <community_name>] {port <port_number>} {from [<src_ip_address> |
<src_ipv6_address>]} {vr <vr_name>} {mode <trap_mode>}
Description
Adds the IP address of a trap receiver to the trap receiver list and specifies which
SNMPv1/v2c traps are to be sent.
Syntax Description
ip_address ipv6_address
Specifies an SNMP trap receiver IPv4 address.
Specifies an SNMP trap receiver IPv6 address
64 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
hex_community_name community_name port_number src_ip_address src_ipv6_address vr_name trap_mode
Specifies that the trap receiver is to be supplied as a colon separated string of hex octets.
Specifies the community string of the trap receiver to be supplied in ASCII format.
Specifies a UDP port to which the trap should be sent. Default is 162.
Specifies the IPv4 address of a VLAN to be used as the source address for the trap.
Specifies the IPv6 address of a VLAN to be used as the source address for the trap.
Specifies the name of the virtual router.
Specifies the mode of the traps:
• enhanced—Contains extra varbinds at the end.
• standard—Does not contain extra varbinds.
Default
Trap receivers are in enhanced mode by default, and the version is SNMPv2c by default.
Usage Guidelines
The IP address can be unicast, multicast, or broadcast.
An authorized trap receiver can be one or more network management stations on your network. Authorized trap receivers must be configured on the switch for the trap receiver to receive switch-generated traps. The switch sends SNMP traps to all trap receivers configured to receive the specific trap group.
To view the SNMP trap receivers configured on the switch, use the show management
command. The
command displays information about the switch including the destination and community of the SNMP trap receivers configured on the switch.
Example
The following command adds the IP address 10.101.0.100 as a trap receiver with community string purple: configure snmp add trapreceiver 10.101.0.100 community purple
The following command adds the IP address 10.101.0.105 as a trap receiver with community string green, using port 3003: configure snmp add trapreceiver 10.101.0.105 community green port 3003
The following command adds the IP address 10.101.0.105 as a trap receiver with community string blue, and IP address 10.101.0.25 as the source: configure snmp add trapreceiver 10.101.0.105 community blue from 10.101.0.25
Chapter 3. Commands for Managing the Switch | 65
NETGEAR 8800 Chassis Switch CLI Manual
configure snmp delete community
configure snmp delete community [readonly | readwrite] [all | <alphanumeric_string>]
Description
Deletes an SNMP read or read/write community string.
Syntax Description
readonly readwrite all alphanumeric_string
Specifies read-only access to the system.
Specifies read and write access to the system.
Specifies all of the SNMP community stings.
Specifies an SNMP community string name. See “Usage Guidelines” for more information.
Default
The default read-only community string is public. The default read/write community string is
private.
Usage Guidelines
You must have at least one community string for SNMP access. If you delete all of the community strings on your system, you will no longer have SNMP access, even if you have
SNMP enabled.
The community strings allow a simple method of authentication between the switch and the remote network manager. There are two types of community strings on the switch. Read community strings provide read-only access to the switch. The default read-only community string is public. read/write community strings provide read and write access to the switch. The default read/write community string is private. Sixteen read-only and sixteen read-write community strings can be configured on the switch, including the defaults. The community string for all authorized trap receivers must be configured on the switch for the trap receiver to receive switch-generated traps. SNMP community strings can contain up to 32 characters.
For increased security, NETGEAR recommends that you change the defaults of the read/write and read-only community strings.
Use the configure snmp add
commands to configure an authorized SNMP management station.
Example
The following command deletes a read/write community string named netgear: configure snmp delete community readwrite netgear
66 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
configure snmp delete trapreceiver
configure snmp delete trapreceiver [[<ip_address> | <ipv6_address>] {<port_number>} | all]
Description
Deletes a specified trap receiver or all authorized trap receivers.
Syntax Description
ip_address ipv6_address port_number all
Specifies an SNMP trap receiver IPv4 address.
Specifies an SNMP trap receiver IPv6 address.
Specifies the port associated with the receiver.
Specifies all SNMP trap receiver IP addresses.
Default
The default port number is 162.
Usage Guidelines
Use this command to delete a trap receiver of the specified IPv4 or IPv6 address, or all authorized trap receivers.
This command deletes only the first SNMPv1/v2c trap receiver whose IP address and port number match the specified value.
Example
The following command deletes the trap receiver 10.101.0.100 from the trap receiver list: configure snmp delete trapreceiver 10.101.0.100
The following command deletes entries in the trap receiver list for 10.101.0.100, port 9990: configure snmp delete trapreceiver 10.101.0.100 9990
Any entries for this IP address with a different community string will not be affected.
configure snmp sysContact
configure snmp syscontact <sysContact>
Description
Configures the name of the system contact.
Syntax Description
sysContact An alphanumeric string that specifies a system contact name.
Chapter 3. Commands for Managing the Switch | 67
NETGEAR 8800 Chassis Switch CLI Manual
Default
N/A.
Usage Guidelines
The system contact is a text field that enables you to enter the name of the person(s) responsible for managing the switch. A maximum of 255 characters is allowed.
To view the name of the system contact listed on the switch, use the show switch
command.
command displays switch statistics including the name of the system contact.
Example
The following command defines FredJ as the system contact: configure snmp syscontact fredj
The following output from the
command displays FredJ as the system contact:
SysName: engineeringlab
SysLocation: englab
SysContact: FredJ
configure snmp sysLocation
configure snmp syslocation <sysLocation>
Description
Configures the location of the switch.
Syntax Description
sysLocation An alphanumeric string that specifies the switch location.
Default
N/A.
Usage Guidelines
Use this command to indicate the location of the switch. A maximum of 255 characters is allowed.
To view the location of the switch on the switch, use the show switch
command displays switch statistics including the location of the switch.
68 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command configures a switch location name on the system: configure snmp syslocation englab
The following output from the show switch
command displays englab as the location of the switch:
SysName: engineeringlab
SysLocation: englab
SysContact: FredJ
configure snmp sysName
configure snmp sysname <sysName>
Description
Configures the name of the switch.
Syntax Description
sysName An alphanumeric string that specifies a device name.
Default
The default sysname
is the model name of the device (for example,
XCM8806
).
Usage Guidelines
You can use this command to change the name of the switch. A maximum of 32 characters is allowed. The sysname
appears in the switch prompt.
To view the name of the system listed on the switch, use the show switch
command. The
command displays switch statistics including the name of the system.
Example
The following command names the switch: configure snmp sysname engineeringlab
The following output from the
command displays engineeringlab as the name of the switch:
SysName: engineeringlab
SysLocation: englab
SysContact: FredJ
Chapter 3. Commands for Managing the Switch | 69
NETGEAR 8800 Chassis Switch CLI Manual
configure snmpv3 add access
configure snmpv3 add access [[hex <hex_group_name>] | <group_name>] {sec-model [snmpv1 | snmpv2c | usm]} {sec-level [noauth | authnopriv | priv]} {read-view [[hex
<hex_read_view_name>] | <read_view_name>]} {write-view [[hex <hex_write_view_name>]] |
<write_view_name>]} {notify-view [[hex <hex_notify_view_name]] | <notify_view_name>]}
{volatile}
Description
Creates (and modifies) a group and its access rights.
Syntax Description
hex_group_name group_name sec-model snmpv1 snmpv2c usm sec-level noauth authnopriv priv read-view write-view notify-view volatile
Specifies the group name to add or modify. The value is to be supplied as a colon separated string of hex octets.
Specifies the group name to add or modify. The value is to be supplied in
ASCII format.
Specifies the security model to use.
Specifies the SNMPv1 security model.
Specifies the SNMPv2c security model.
Specifies the SNMPv3 User-based Security Model (USM).
Specifies the security level for the group.
Specifies no authentication (and implies no privacy) for the security level.
Specifies authentication and no privacy for the security level.
Specifies authentication and privacy for the security level.
Specifies the read view name:
• hex_read_view_name—Specifies a hex value supplied as a colon separated string of hex octets
• read_view_name—Specifies an ASCII value
Specifies the write view name:
• hex_write_view_name—Specifies a hex value supplied as a colon separated string of hex octets
• write_view_name—Specifies an ASCII value
Specifies the notify view name:
• hex_notify_view_name—Specifies a hex value supplied as a colon separated string of hex octets
• notify_view_name—Specifies an ASCII value
Specifies volatile storage.
Default
The default values are:
70 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
•
sec-model—USM
•
sec-level—noauth
•
read view name—defaultUserView
•
write view name— “”
•
notify view name—defaultNotifyView
•
non-volatile storage
Usage Guidelines
Use this command to configure access rights for a group. All access groups are created with a unique default context, “”, as that is the only supported context.
Use more than one character when creating unique community strings and access group names.
A number of default groups are already defined. These groups are: admin, initial, v1v2c_ro,
v1v2c_rw.
•
The default groups defined are v1v2c_ro for security name v1v2c_ro, v1v2c_rw for security name v1v2c_rw, admin for security name admin, and initial for security names
initial, initialmd5, initialsha, initialmd5Priv and initialshaPriv.
•
The default access defined are admin, initial, v1v2c_ro, v1v2c_rw, and v1v2cNotifyGroup.
Example
In the following command, access for the group defaultROGroup is created with all the default values: security model usm
, security level noauth
, read view defaultUserView, no write view, notify view defaultNotifyView, and storage nonvolatile.
configure snmpv3 add access defaultROGroup
In the following command, access for the group defaultROGroup is created with the values: security model
USM
, security level authnopriv
, read view defaultAdminView, write view
defaultAdminView, notify view defaultAdminView, and storage nonvolatile.
configure snmpv3 add access defaultROGroup sec-model usm sec-level authnopriv read-view defaultAdminView write-view defaultAdminView notify-view defaultAdminView
configure snmpv3 add community
configure snmpv3 add community [[hex <hex_community_index>] | <community_index>] name [[hex
<hex_community_name>] |<community_name>] user [[hex <hex_user_name>] | <user_name>] {tag
[[hex <hex_transport_tag>] | <transport_tag>]} {volatile}
Description
Adds an SNMPv3 community entry.
Chapter 3. Commands for Managing the Switch | 71
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
hex_community_index community_index hex_community_name community_name hex_user_name user_name tag volatile
Specifies the row index in the snmpCommunity table as a hex value supplied as a colon separated string of hex octets.
Specifies the row index in the snmpCommunity Table as an ASCII value.
Specifies the community name as a hex value supplied as a colon separated string of hex octets
Specifies the community name as an ASCII value.
Specifies the USM user name as a hex value supplied as a colon separated string of hex octets.
Specifies the USM user name as an ASCII value.
Specifies the tag used to locate transport endpoints in SnmpTargetAddrTable.
When this community entry is used to authenticate v1/v2c messages, this tag is used to verify the authenticity of the remote entity.
• hex_transport_tag—Specifies a hex value supplied as a colon separated string of hex octets
• transport_tag—Specifies an ASCII value
Specifies volatile storage.
Default
N/A.
Usage Guidelines
Use this command to create or modify an SMMPv3 community in the community MIB.
Example
The following command creates an entry with the community index comm_index, community name comm_public, and user (security) name v1v2c_user: configure snmpv3 add community comm_index name comm_public user v1v2c_user
The following command creates an entry with the community index (hex) of 12:0E, community name (hex) of EA:12:CD:CF:AB:11:3C, user (security) name v1v2c_user, using transport tag 34872 and volatile
storage: configure snmpv3 add community hex 12:0E name hex EA:12:CD:CF:AB:11:3C user v1v2c_user tag
34872 volatile
configure snmpv3 add filter
configure snmpv3 add filter [[hex <hex_profile_name>] | <profile_name>] subtree
<object_identifier> {/<subtree_mask>} type [included | excluded] {volatile}
72 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Description
Adds a filter to a filter profile.
Syntax Description
hex_profile_name profile_name object identifier subtree_mask included excluded volatile
Specifies the filter profile that the current filter is added to. The value is to be supplied as a colon separated string of hex octets.
Specifies the filter profile that the current filter is added to in ASCII format.
Specifies a MIB subtree.
Specifies a hex octet string used to mask the subtree. For example, f7a indicates 1.1.1.1.0.1.1.1.1.0.1.0.
Specifies that the MIB subtree defined by <object identifier>/<mask> is to be included.
Specifies that the MIB subtree defined by <object identifier>/<mask> is to be excluded.
Specifies volatile storage.
Default
The default values are:
•
mask value—empty string (all 1s)
•
type— included
•
storage— non-volatile
Usage Guidelines
Use this command to create a filter entry in the snmpNotifyFilterTable. Each filter includes or excludes a portion of the MIB. Multiple filter entries comprise a filter profile that can eventually be associated with a target address. Other commands are used to associate a filter profile with a parameter name, and the parameter name with a target address.
This command can be used multiple times to configure the exact filter profile desired.
Example
The following command adds a filter to the filter profile prof1 that includes the MIB subtree
1.3.6.1.4.1/f0: configure snmpv3 add filter prof1 subtree 1.3.6.1.4.1/f0 type included
configure snmpv3 add filter-profile
configure snmpv3 add filter-profile [[hex <hex_profile_name>] | <profile_name>] param [[hex
<hex_param_name>]] | <param_name>] {volatile}
Chapter 3. Commands for Managing the Switch | 73
NETGEAR 8800 Chassis Switch CLI Manual
Description
Associates a filter profile with a parameter name.
Syntax Description
hex_profile_name profile_name hex_param_name param_name volatile
Specifies the filter profile name. The value is to be supplied as a colon separated string of hex octets.
Specifies the filter profile name in ASCII format.
Specifies a parameter name to associate with the filter profile. The value to follow is to be supplies as a colon separated string of hex octets.
Specifies a parameter name to associate with the filter profile in ASCII format.
Specifies volatile storage.
Default
The default storage type is non-volatile.
Usage Guidelines
Use this command to add an entry to the snmpNotifyFilterProfileTable. This table associates a filter profile with a parameter name. The parameter name is associated with target addresses, and the filter profile is associated with a series of filters, so, in effect, you are associating a series of filters with a target address.
Example
The following command associates the filter profile prof1 with the parameter name P1: configure snmpv3 add filter-profile prof1 param P1
configure snmpv3 add group user
configure snmpv3 add group [[hex <hex_group_name>] | <group_name>] user [[hex
<hex_user_name>] | <user_name>] {sec-model [snmpv1| snmpv2c | usm]} {volatile}
Description
Adds a user name (security name) to a group.
Syntax Description
hex_group_name group_name
Specifies the group name to add or modify. The value is to be supplied as a colon separated string of hex octets.
Specifies the group name to add or modify in ASCII format.
74 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
hex_user_name user_name sec-model snmpv1 snmpv2c usm volatile
Specifies the user name to add or modify. The value to follow is to be supplies as a colon separated string of hex octets.
Specifies the user name to add or modify in ASCII format.
Specifies the security model to use.
Specifies the SNMPv1 security model.
Specifies the SNMPv2c security model.
Specifies the SNMPv3 User-based Security Model (USM).
Specifies volatile storage.
Default
The default values are:
•
sec-model—USM
•
non-volatile storage
Usage Guidelines
Use this command to associate a user name with a group.
As per the SNMPv3 RFC, a security name is model independent while a username is model dependent. For simplicity, both are assumed to be same here. User names and security names are handled the same. In other words, if a user is created with the user name
username, the security name value is the same, username.
Every group is uniquely identified by a security name and security model. So the same security name can be associated to a group name but with different security models.
Example
The following command associates the user userV1 to the group defaultRoGroup with
SNMPv1 security: configure snmpv3 add group defaultRoGroup user userV1 sec-model snmpv1
The following command associates the user userv3 with security model
USM
and storage type volatile
to the access group defaultRoGroup: configure snmpv3 add group defaultRoGroup user userV3 volatile
configure snmpv3 add mib-view
configure snmpv3 add mib-view [[hex <hex_view_name>] | <view_name>] subtree
<object_identifier> {/<subtree_mask>} {type [included | excluded]} {volatile}
Description
Adds (and modifies) a MIB view.
Chapter 3. Commands for Managing the Switch | 75
Syntax Description
hex_view_name view_name object_identifier subtree_mask included excluded volatile
Specifies the MIB view name to add or modify. The value is to be supplies as a colon separated string of hex octets.
Specifies the MIB view name to add or modify in ASCII format.
Specifies a MIB subtree.
Specifies a hex octet string used to mask the subtree. For example, f7a indicates 1.1.1.1.0.1.1.1.1.0.1.0.
Specifies that the MIB subtree defined by <subtree>/<mask> is to be included.
Specifies that the MIB subtree defined by <subtree>/<mask> is to be excluded.
Specifies volatile storage.
Default
The default mask
value is an empty string (all 1s). The other default values are included
and non-volatile.
Usage Guidelines
Use this command to create a MIB view into a subtree of the MIB. If the view already exists, this command modifies the view to additionally include or exclude the specified subtree.
In addition to the created MIB views, there are three default views. They are:
defaultUserView, defaultAdminView, and defaultNotifyView.
Example
The following command creates the MIB view allMIB with the subtree 1.3 included as non-volatile: configure snmpv3 add mib-view allMIB subtree 1.3
The following command creates the view netgearMib with the subtree 1.3.6.1.4.1.1916 included as non-volatile: configure snmpv3 add mib-view netgearMib subtree 1.3.6.1.4.1.1916
The following command creates a view vrrpTrapNewMaster which excludes VRRP notification .1 and the entry is volatile: configure snmpv3 add mib-view vrrpTrapNewMaster 1.3.6.1.2.1.68.0.1/ff8 type excluded volatile
configure snmpv3 add notify
configure snmpv3 add notify [[hex <hex_notify_name>] | <notify_name>] tag [[hex <hex_tag>] |
<tag>] {volatile}
76 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
NETGEAR 8800 Chassis Switch CLI Manual
Description
Adds an entry to the snmpNotifyTable.
Syntax Description
hex_notify_name notify_name hex_tag tag volatile
Specifies the notify name to add. The value is to be supplied as a colon separated string of hex octets.
Specifies the notify name to add in ASCII format.
Specifies a string identifier for the notifications to be sent to the target. The value is supplied as a colon separated string of octets.
Specifies a string identifier for the notifications to be sent to the target in
ASCII format.
Specifies volatile storage. By specifying volatile storage, the configuration is not saved across a switch reboot.
Default
The default storage type is non-volatile.
Usage Guidelines
Use this command to add an entry to the snmpNotifyTable. When a notification is to be sent, this table is examined. For the target addresses that have been associated with the tags present in the table, notifications are sent based on the filters also associated with the target addresses.
Example
The following command sends notifications to addresses associated with the tag type1: configure snmpv3 add notify N1 tag type1
configure snmpv3 add target-addr
configure snmpv3 add target-addr [[hex <hex_addr_name>] | <addr_name>] param [[hex
<hex_param_name>] | <param_name>] ipaddress [ [ <ip_address> | <ip_and_tmask> ] | [
<ipv6_address> | <ipv6_and_tmask> ]] {transport-port <port_number>} {from [<src_ip_address> |
<src_ipv6_address>]} {vr <vr_name>} {tag-list <tag_list>} {volatile}
Description
Adds and configures an SNMPv3 target address and associates filtering, security, and notifications with that address.
Chapter 3. Commands for Managing the Switch | 77
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
hex_addr_name addr_name hex_param_name param_name ip_address ip_and_tmask ipv6_address ipv6_and_tmask port_number src_ip_address src_ipv6_address vr_name tag-list volatile
Specifies a string identifier for the target address. The value is to be supplied as a colon separated string of hex octets.
Specifies a string identifier for the target address in ASCII format.
Specifies the parameter name associated with the target. The value is to be supplied as a colon separated string of hex octets.
Specifies the parameter name associated with the target in ASCII format.
Specifies an SNMPv3 target IPv4 address.
Specifies the IPv4 address and hexadecimal mask in form A.B.C.D/NN...
Specifies an SNMPv3 target IPv6 address.
Specifies an IPv6 address and hexadecimal mask in form
A:B:C:D:E:F:G:H/NN...
Specifies a UDP port. Default is 162.
Specifies the IPv4 address of a VLAN to be used as the source address for the trap.
Specifies the IPv6 address of a VLAN to be used as the source address for the trap.
Specifies the name of the virtual router.
Specifies a list of comma separated string identifiers for the notifications to be sent to the target.
Specifies volatile storage. By specifying volatile storage, the configuration is not saved across a switch reboot.
Default
The default values are:
•
transport-port—port 162
•
non-volatile storage
If you do not specify tag-list
the single tag defaultNotify, a pre-defined value in the snmpNotifyTable, is used.
Usage Guidelines
Use this command to create an entry in the SNMPv3 snmpTargetAddressTable. The param parameter associates the target address with an entry in the snmpTargetParamsTable, which specifies security and storage parameters for messages to the target address, and an entry in the snmpNotifyFilterProfileTable, which specifies filter profiles to use for notifications to the target address. The filter profiles are associated with the filters in the snmpNotifyFilterTable.
78 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
hex_param_name param_name hex_user_name user_name mp-model sec-model snmpv1 snmpv2c usm sec-level noauth authnopriv priv
The list of tag-lists must match one or more of the tags in the snmpNotifyTable for the trap to be sent out.
Example
The following command specifies a target address of 10.203.0.22 with the name A1, and associates it with the security parameters and target address parameter P1: configure snmpv3 add target-addr A1 param P1 ipaddress 10.203.0.22
The following command specifies a target address of 10.203.0.22 with the name A1, and associates it with the security parameters and target address parameter P1, and the notification tags type1 and type2: configure snmpv3 add target-addr A1 param P1 ipaddress 10.203.0.22 from 10.203.0.23 tag-list type1,type2
configure snmpv3 add target-params
configure snmpv3 add target-params [[hex <hex_param_name>] | <param_name>] user [[hex
<hex_user_name>] | <user_name>] mp-model [snmpv1 | snmpv2c | snmpv3] sec-model [snmpv1 | snmpv2c | usm] {sec-level [noauth | authnopriv | priv]} {volatile}
Description
Adds and configures SNMPv3 target parameters.
Syntax Description
Specifies the parameter name associated with the target. The value is to be supplied as a colon separated string of hex octets.
Specifies the parameter name associated with the target in ASCII format.
Specifies a user name. The value is to be supplied as a colon separated string of hex octets.
Specifies a user name in ASCII format.
Specifies a message processing model; choose from SNMPv1, SNMPv2, or
SNMPv3.
Specifies the security model to use.
Specifies the SNMPv1 security model.
Specifies the SNMPv2c security model.
Specifies the SNMPv3 User-based Security Model (USM).
Specifies the security level for the group.
Specifies no authentication (and implies no privacy) for the security level.
Specifies authentication and no privacy for the security level.
Specifies authentication and privacy for the security level.
Chapter 3. Commands for Managing the Switch | 79
NETGEAR 8800 Chassis Switch CLI Manual
volatile Specifies volatile storage. By specifying volatile storage, the configuration is not saved across a switch reboot.
Default
The default values are:
•
sec-level—noauth
•
non-volatile storage
Usage Guidelines
Use this command to create an entry in the SNMPv3 snmpTargetParamsTable. This table specifies the message processing model, security level, security model, and the storage parameters for messages to any target addresses associated with a particular parameter name.
Example
The following command specifies a target parameters entry named P1, a user name of guest, message processing and security model of SNMPv2c, and a security level of no authentication: configure snmpv3 add target-params P1 user guest mp-model snmpv2c sec-model snmpv2c sec-level noauth
configure snmpv3 add user
configure snmpv3 add user [[hex <hex_user_name>] | <user_name>] {authentication [md5 | sha]
[hex <hex_auth_password> | <auth_password>]} {privacy {des | 3des | aes {128 | 192 | 256}}
[[hex <hex_priv_password>] | <priv_password>]} }{volatile}
Description
Adds (and modifies) an SNMPv3 user.
Syntax Description
hex_user_name user_name
MD5
SHA authentication
Specifies the user name to add or modify. The value is to be supplied as a colon separated string of hex octets.
Specifies the user name to add or modify in ASCII format.
Specifies MD5 authentication.
Specifies SHA authentication.
Specifies the authentication password or hex string to use for generating the authentication key for this user.
80 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
privacy des
3des aes
128
192
256 volatile
Specifies the privacy password or hex string to use for generating the privacy key for this user.
Specifies the use of the 56-bit DES algorithm for encryption. This is the default.
Specifies the use of the 168-bit 3DES algorithm for encryption.
Specifies the use of the AES algorithm for encryption.
Specifies the use of the 128-bit AES algorithm for encryption.
Specifies the use of the 192-bit AES algorithm for encryption.
Specifies the use of the 256-bit AES algorithm for encryption.
Specifies volatile storage. By specifying volatile storage, the configuration is not saved across a switch reboot.
Default
The default values are:
•
authentication—no authentication
•
privacy—no privacy
•
non-volatile storage
Usage Guidelines
Use this command to create or modify an SNMPv3 user configuration.
The default user names are: admin, initial, initialmd5, initialsha, initialmd5Priv, initialshaPriv.
The initial password for admin is password. For the other default users, the initial password is the user name.
If hex is specified, supply a 16 octet hex string for MD5, or a 20 octet hex string for SHA.
You must specify authentication if you want to specify privacy. There is no support for privacy without authentication.
Note:
3DES, AES 192, and AES 256 bit encryptions are proprietary implementations and may not work with some SNMP managers.
Example
The following command configures the user guest on the local SNMP Engine with security level noauth
(no authentication and no privacy): configure snmpv3 add user guest
The following command configures the user authMD5 to use
MD5
authentication with the password palertyu:
Chapter 3. Commands for Managing the Switch | 81
NETGEAR 8800 Chassis Switch CLI Manual
configure snmpv3 add user authMD5 authentication md5 palertyu
The following command configures the user authShapriv to use
SHA
authentication with the hex key shown below, the privacy password palertyu, and volatile
storage: configure snmpv3 add user authShapriv authentication sha hex
01:03:04:05:01:05:02:ff:ef:cd:12:99:34:23:ed:ad:ff:ea:cb:11 privacy palertyu volatile
configure snmpv3 add user clone-from
configure snmpv3 add user [[hex <hex_user_name>] | <user_name>] clone-from [[hex
<hex_user_name>] | <user_name>]
Description
Creates a new user by cloning from an existing SNMPv3 user.
Syntax Description
hex_user_name user_name
Specifies the user name to add or to clone from. The value is to be supplies as a colon separated string of hex octets.
Specifies the user name to add or to clone from in ASCII format.
Default
N/A.
Usage Guidelines
Use this command to create a new user by cloning an existing one. After you have successfully cloned the new user, you can modify its parameters using the following command:
| 256}} [[hex <hex_priv_password>] | <priv_password>]} }{volatile}
Users cloned from the default users will have the storage type of non-volatile. The default names are: admin, initial, initialmd5, initialsha, initialmd5Priv, initialshaPriv.
Example
The following command creates a user cloneMD5 with same properties as the default user
initalmd5. All authorization and privacy keys will initially be the same as with the default user
initialmd5.
configure snmpv3 add user cloneMD5 clone-from initialmd5
configure snmpv3 delete access
configure snmpv3 delete access [all-non-defaults | {[[hex <hex_group_name>] | <group_name>]
{sec-model [snmpv1 | snmpv2c | usm] sec-level [noauth | authnopriv | priv]}}]
82 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Description
Deletes access rights for a group.
Syntax Description
all-non-defaults hex_group_name group_name sec-model snmpv1 snmpv2c usm sec-level noauth authnopriv priv
Specifies that all non-default (non-permanent) security groups are to be deleted.
Specifies the group name to be deleted. The value is to be supplies as a colon separated string of hex octets.
Specifies the group name to be deleted in ASCII format.
Specifies the security model to use.
Specifies the SNMPv1 security model.
Specifies the SNMPv2c security model.
Specifies the SNMPv3 User-based Security Model (USM).
Specifies the security level for the group.
Specifies no authentication (and implies no privacy) for the security level.
Specifies authentication and no privacy for the security level.
Specifies authentication and privacy for the security level.
Default
The default values are:
•
sec-model—USM
•
sec-level—noauth
Usage Guidelines
Use this command to remove access rights for a group. Use the all-non-defaults
keyword to delete all the security groups, except for the default groups. The default groups are: admin,
initial, v1v2c_ro, v1v2c_rw.
Deleting an access will not implicitly remove the related group to user association from the
VACMSecurityToGroupTable. To remove the association, use the following command:
configure snmpv3 delete group {[[hex <hex_group_name>] | <group_name>]} user
[all-non-defaults | {[[hex <hex_user_name>] | <user_name>] {sec-model
Example
The following command deletes all entries with the group name userGroup: configure snmpv3 delete access userGroup
Chapter 3. Commands for Managing the Switch | 83
NETGEAR 8800 Chassis Switch CLI Manual
The following command deletes the group userGroup with the security model snmpv1
and security level of authentication and no privacy ( authnopriv
): configure snmpv3 delete access userGroup sec-model snmpv1 sec-level authnopriv
configure snmpv3 delete community
configure snmpv3 delete community [all-non-defaults | {[[hex <hex_community_index>] |
<community_index>} | {name [[hex <hex_community_name>] | <community_name>}]
Description
Deletes an SNMPv3 community entry.
Syntax Description
all-non-defaults hex_community_index community_index hex_community_name community_name
Specifies that all non-default community entries are to be removed.
Specifies the row index in the snmpCommunityTable. The value is to be supplied as a colon separated string of hex octets.
Specifies the row index in the snmpCommunityTable in ASCII format.
Specifies the community name. The value is to be supplied as a colon separated string of hex octets.
Specifies the community name in ASCII format.
Default
The default entries are public and private.
Usage Guidelines
Use this command to delete an SMMPv3 community in the community MIB.
Example
The following command deletes an entry with the community index comm_index: configure snmpv3 delete community comm_index
The following command creates an entry with the community name (hex) of
EA:12:CD:CF:AB:11:3C: configure snmpv3 delete community name hex EA:12:CD:CF:AB:11:3C
configure snmpv3 delete filter
configure snmpv3 delete filter [all | [[hex <hex_profile_name>] | <profile_name>] {subtree
<object_identifier>}]]
84 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Description
Deletes a filter from a filter profile.
Syntax Description
all hex_profile_name profile_name object_identifier
Specifies all filters.
Specifies the filter profile of the filter to delete. The value is to be supplied as a colon separated string of hex octets.
Specifies the filter profile of the filter to delete in ASCII format.
Specifies the MIB subtree of the filter to delete.
Default
N/A.
Usage Guidelines
Use this command to delete a filter entry from the snmpNotifyFilterTable. Specify all
to remove all entries. Specify a profile name to delete all entries for that profile name. Specify a profile name and a subtree to delete just those entries for that filter profile and subtree.
Example
The following command deletes the filters from the filter profile prof1 that reference the MIB subtree 1.3.6.1.4.1: configure snmpv3 delete filter prof1 subtree 1.3.6.1.4.1
configure snmpv3 delete filter-profile
configure snmpv3 delete filter-profile [all |[[hex <hex_profile_name>] | <profile_name>]
{param [[hex <hex_param_name>] | <param_name>}]]
Description
Removes the association of a filter profile with a parameter name.
Syntax Description
all hex_profile_name profile_name hex_param_name
Specifies all filter profiles.
Specifies the filter profile name to delete. The value is to be supplied as a colon separated string of hex octets.
Specifies the filter profile name to delete in ASCII format.
Specifies to delete the filter profile with the specified profile name and parameter name. The value is to be supplied as a colon separated string of hex octets.
Chapter 3. Commands for Managing the Switch | 85
NETGEAR 8800 Chassis Switch CLI Manual
param_name Specifies to delete the filter profile with the specified profile name and parameter name in ASCII format.
Default
The default storage type is non-volatile.
Usage Guidelines
Use this command to delete entries from the snmpNotifyFilterProfileTable. This table associates a filter profile with a parameter name. Specify all
to remove all entries. Specify a profile name to delete all entries for that profile name. Specify a profile name and a parameter name to delete just those entries for that filter profile and parameter name.
Example
The following command deletes the filter profile prof1 with the parameter name P1: configure snmpv3 delete filter-profile prof1 param P1
configure snmpv3 delete group user
configure snmpv3 delete group {[[hex <hex_group_name>] | <group_name>]} user
[all-non-defaults | {[[hex <hex_user_name>] | <user_name>] {sec-model [snmpv1|snmpv2c|usm]}}]
Description
Deletes a user name (security name) from a group.
Syntax Description
hex_group_name group_name all-non-defaults hex_user_name user_name sec-model snmpv1 snmpv2c usm
Specifies the group name to delete or modify. The value is to be supplied as a colon separated string of hex octets.
Specifies the group name to delete or modify in ASCII format.
Specifies that all non-default (non-permanent) users are to be deleted from the group.
Specifies the user name to delete or modify. The value is to be supplied as a colon separated string of hex octets.
Specifies the user name to delete or modify in ASCII format.
Specifies the security model to use.
Specifies the SNMPv1 security model.
Specifies the SNMPv2c security model.
Specifies the SNMPv3 User-based Security Model (USM).
86 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Default
The default value for sec-model is USM.
Usage Guidelines
Use this command to remove the associate of a user name with a group.
As per the SNMPv3 RFC, a security name is model independent while a username is model dependent. For simplicity, both are assumed to be same here. User names and security names are handled the same. In other words, if a user is created with the user name
username, the security name value is the same, username.
Every group is uniquely identified by a security name and security model. So the same security name can be associated to a group name but with different security models.
The default groups are: admin, initial, v1v2c_ro, v1v2c_rw.
The default users are: admin, initial, initialmd5, initialsha, initialmd5Priv, initialshaPriv.
Example
The following command deletes the user guest from the group UserGroup for the security model snmpv2c
: configure snmpv3 delete group UserGroup user guest sec-model snmpv2c
The following command deletes the user guest from the group userGroup with the security model
USM
: configure snmpv3 delete group userGroup user guest
configure snmpv3 delete mib-view
configure snmpv3 delete mib-view [all-non-defaults | {[[hex <hex_view_name>] | <view_name>]
{subtree <object_identifier>}}]
Description
Deletes a MIB view.
Syntax Description
all-non-defaults hex_view_name view_name object_identifier
Specifies that all non-default (non-permanent) MIB views are to be deleted.
Specifies the MIB view to delete. The value is to be supplied as a colon separated string of hex octets.
Specifies the MIB view name to delete in ASCII format.
Specifies a MIB subtree.
Chapter 3. Commands for Managing the Switch | 87
NETGEAR 8800 Chassis Switch CLI Manual
Default
N/A.
Usage Guidelines
Use this command to delete a MIB view. Views which are being used by security groups cannot be deleted. Use the all-non-defaults
keyword to delete all the MIB views (not being used by security groups) except for the default views. The default views are:
defaultUserView, defaultAdminView, and defaultNotifyView.
Use the
command to remove a MIB view from its security group, by specifying a different view.
Example
The following command deletes all views (only the permanent views will not be deleted): configure snmpv3 delete mib-view all-non-defaults
The following command deletes all subtrees with the view name AdminView: configure snmpv3 delete mib-view AdminView
The following command deletes the view AdminView with subtree 1.3.6.1.2.1.2
configure snmpv3 delete mib-view AdminView subtree 1.3.6.1.2.1.2
configure snmpv3 delete notify
configure snmpv3 delete notify [{[[hex <hex_notify_name>] | <notify_name>]} | all-non-defaults]
Description
Deletes an entry from the snmpNotifyTable.
Syntax Description
hex_notify_name notify_name all-non-defaults
Specifies the notify name to add. The value is to be supplied as a colon separated string of hex octets.
Specifies the notify name to add in ASCII format.
Specifies that all non-default (non-permanent) notifications are to be deleted.
Default
N/A.
88 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
Use this command to delete an entry from the snmpNotifyTable. When a notification is to be sent, this table is examined. For the target addresses that have been associated with the tags present in the table, notifications will be sent, based on the filters also associated with the target addresses.
Example
The following command removes the N1 entry from the table: configure snmpv3 delete notify N1
configure snmpv3 delete target-addr
configure snmpv3 delete target-addr [{[[hex <hex_addr_name>] | <addr_name>]} | all]
Description
Deletes SNMPv3 target addresses.
Syntax Description
hex_addr_name addr_name all
Specifies an identifier for the target address. The value is to be supplied as a colon separated string of hex octets.
Specifies a string identifier for the target address.
Specifies all target addresses.
Default
N/A.
Usage Guidelines
Use this command to delete an entry in the SNMPv3 snmpTargetAddressTable.
Example
The following command deletes target address named A1: configure snmpv3 delete target-addr A1
configure snmpv3 delete target-params
configure snmpv3 delete target-params [{[[hex <hex_param_name>] | <param_name>]} | all]
Description
Deletes SNMPv3 target parameters.
Chapter 3. Commands for Managing the Switch | 89
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
hex_param_name param_name
Specifies the parameter name associated with the target. The value is to be supplied as a colon separated string of hex octets.
Specifies the parameter name associated with the target in ASCII format.
Default
N/A.
Usage Guidelines
Use this command to delete an entry in the SNMPv3 snmpTargetParamsTable. This table specifies the message processing model, security level, security model, and the storage parameters for messages to any target addresses associated with a particular parameter name.
Example
The following command deletes a target parameters entry named P1: configure snmpv3 delete target-params P1
configure snmpv3 delete user
configure snmpv3 delete user [all-non-defaults | [[hex <hex_user_name>] | <user_name>]]
Description
Deletes an existing SNMPv3 user.
Syntax Description
all-non-defaults hex_user_name user_name
Specifies that all non-default (non-permanent) users are to be deleted.
Specifies the user name to delete. The value is to be supplied as a colon separated string of hex octets.
Specifies the user name to delete.
Default
N/A.
Usage Guidelines
Use this command to delete an existing user.
90 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Use the all-non-defaults
keyword to delete all users, except for the default users. The default user names are: admin, initial, initialmd5, initialsha, initialmd5Priv, initialshaPriv.
Deleting a user will not implicitly remove the related group to user association from the
VACMSecurityToGroupTable. To remove the association, use the following command:
configure snmpv3 delete group {[[hex <hex_group_name>] | <group_name>]} user
[all-non-defaults | {[[hex <hex_user_name>] | <user_name>] {sec-model
Example
The following command deletes all non-default users: configure snmpv3 delete user all-non-defaults
The following command deletes the user guest: configure snmpv3 delete user guest
configure snmpv3 engine-boots
configure snmpv3 engine-boots <(1-2147483647)>
Description
Configures the SNMPv3 Engine Boots value.
Syntax Description
(1-2147483647) Specifies the value of engine boots.
Default
N/A.
Usage Guidelines
Use this command if the Engine Boots value needs to be explicitly configured. Engine Boots and Engine Time will be reset to zero if the Engine ID is changed. Engine Boots can be set to any desired value but will latch on its maximum, 2147483647.
Example
The following command configures Engine Boots to 4096: configure snmpv3 engine-boots 4096
configure snmpv3 engine-id
configure snmpv3 engine-id <hex_engine_id>
Chapter 3. Commands for Managing the Switch | 91
NETGEAR 8800 Chassis Switch CLI Manual
Description
Configures the SNMPv3 snmpEngineID.
Syntax Description
hex_engine_id Specifies the colon delimited hex octet that serves as part of the snmpEngineID (5-32 octets).
Default
The default snmpEngineID
is the device MAC address.
Usage Guidelines
Use this command if the snmpEngineID
needs to be explicitly configured. The first four octets of the ID are fixed to 80:00:11:AE,which represents the NETGEAR Vendor ID. Once the snmpEngineID is changed, default users will be reverted back to their original passwords/keys, while non-default users will be reset to the security level of no authorization, no privacy.
In a chassis, the snmpEngineID
will be generated using the MAC address of the MSM/MM with which the switch boots first. For MSM/MM hitless failover, the same snmpEngineID
will be propagated to both of the MSMs/MMs.
Example
The following command configures the snmpEngineID to be 80:00:11:AE:00:0a:1c:3e:11: configure snmpv3 engine-id 00:0a:1c:3e:11
configure sntp-client
configure sntp-client [primary | secondary] <host-name-or-ip> {vr <vr_name>}
Description
Configures an NTP server for the switch to obtain time information.
Syntax Description
primary secondary host-name-or-ip vr
Specifies a primary server name.
Specifies a secondary server name.
Specifies a host name or IPv4 address or IPv6 address.
Specifies use of a virtual router.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A of the NETGEAR 8800 User Manual.
92 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
vr_name Specifies the name of a virtual router.
Default
N/A.
Usage Guidelines
Queries are first sent to the primary server. If the primary server does not respond within 1 second, or if it is not synchronized, the switch queries the second server. If the switch cannot obtain the time, it restarts the query process. Otherwise, the switch waits for the sntp-client update interval
before querying again.
Example
The following command configures a primary NTP server: configure sntp-client primary 10.1.2.2
The following command configures the primary NTP server to use the management virtual router VR-Mgmt: configure sntp-client primary 10.1.2.2 vr VR-Mgmt
configure sntp-client update-interval
configure sntp-client update-interval <update-interval>
Description
Configures the interval between polls for time information from SNTP servers.
Syntax Description
update-interval Specifies an interval in seconds.
Default
64 seconds.
Usage Guidelines
None.
Example
The following command configures the interval timer: configure sntp-client update-interval 30
Chapter 3. Commands for Managing the Switch | 93
NETGEAR 8800 Chassis Switch CLI Manual
configure telnet access-profile
configure telnet access-profile [<access_profile> | none]
Description
Configures Telnet to use an ACL policy for access control.
Syntax Description
access_profile none
Specifies an ACL policy.
Cancels a previously configured ACL policy.
Default
Telnet is enabled with no ACL policies and uses TCP port 23.
Usage Guidelines
You must be logged in as administrator to configure Telnet parameters.
You can restrict Telnet access by using an ACL and implementing an ACL policy. You create an ACL policy file that permits or denies a specific list of IP addresses and subnet masks for the Telnet port. You must create the ACL policy file before you can use this command. If the
ACL policy file does not exist on the switch, the switch returns an error message indicating that the file does not exist.
Use the none
option to remove a previously configured ACL.
Creating an ACL Policy File
To create an ACL policy file, use the
command. For more information about
creating and implementing ACL policy files, see the chapters entitled “Policy Manager” and
“ACLs” in the NETGEAR 8800 User Manual.
In the ACL policy file for telnet, the “source-address” field is the only supported match condition. Any other match conditions are ignored.
If you attempt to implement a policy that does not exist on the switch, an error message similar to the following appears:
Error: Policy /config/MyAccessProfile.pol does not exist on file system
If this occurs, make sure the policy you want to implement exists on the switch. To confirm the
policies on the switch, use the ls
command. If the policy does not exist, create the ACL policy
file.
94 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Viewing Telnet Information
To display the status of Telnet, including the current TCP port, the virtual router used to establish a Telnet session, and whether ACLs are controlling Telnet access, use the following command:
Example
This example assumes that you already created an ACL to apply to Telnet.
The following command applies the ACL MyAccessProfile_2 to Telnet: configure telnet access-profile MyAccessProfile_2
configure telnet port
configure telnet port [<portno> | default]
Description
Configures the TCP port used by Telnet for communication.
Syntax Description
portno default
Specifies a TCP port number. The default is 23. The range is 1 through
65535. The following TCP port numbers are reserved and cannot be used for
Telnet connections: 22, 80, and 1023.
Specifies the default Telnet TCP port number. The default is 23.
Default
The switch listens for Telnet connections on Port 23.
Usage Guidelines
You must be logged in as administrator to configure the Telnet port.
The portno
range is 1 through 65535. The following TCP port numbers are reserved and cannot be used for Telnet connections: 22, 80, and 1023. If you attempt to configure a reserved port, the switch displays an error message similar to the following: configure telnet port 22
Error: port number is a reserved port
If this occurs, select a port number that is not a reserved port.
The switch accepts IPv6 connections.
Example
The following command changes the port used for Telnet to port 85:
Chapter 3. Commands for Managing the Switch | 95
NETGEAR 8800 Chassis Switch CLI Manual
configure telnet port 85
The following command returns the port used for Telnet to the default port of 23: configure telnet port default
configure telnet vr
configure telnet vr [all | default | <vr_name>]
Description
Configures the virtual router used on the switch for listening for Telnet connections.
Syntax Description
all default vr_name
Specifies to use all virtual routers for Telnet connections.
Specifies to use the default virtual router for Telnet connections. The default router is VR-Mgmt.
Specifies the name of the virtual router to use for Telnet connections.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A of the NETGEAR 8800 User
Manual.
Default
The default is all
.
Usage Guidelines
You must be logged in as administrator to configure the virtual router.
The switch accepts IPv6 connections.
If you specify all
, the switch listens on all of the available virtual routers for Telnet connections.
The vr_name
specifies the name of the virtual router to use for Telnet connections.
If you specify a virtual router name that does not exist, the switch displays an error message similar to the following: configure telnet vr vr-ttt
^
%% Invalid input detected at '^' marker.
Example
The following command configures the switch to listen for and receive Telnet requests on all virtual routers:
96 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
configure telnet vr all
create snmp trap
create snmp trap severity <severity> event <EventName> <msg>
Description
Creates and sends an SNMP trap containing the information defined in the command.
Syntax Description
severity
EventName msg
Specifies one of the eight severity levels defined in the NETGEAR 8800 software. Enter one of the following values: critical, error, warning, notice
, info, debug-summary, debug-verbose, debug-data.
Specifies the event name. Enter a name using alphanumeric characters.
Specifies a message. Enter the message using alphanumeric characters.
Default
N/A.
Usage Guidelines
None.
Example
The following example sends a trap of severity info
for event AAA with the message
user
XYZ logged in
: create snmp trap severity info event AAA "user XYZ logged in"
disable dhcp vlan
disable dhcp vlan [<vlan_name> | all]
Description
Disables the generation and processing of DHCP packets on a VLAN to obtain an IP address for the VLAN from a DHCP server.
Syntax Description
vlan_name all
Specifies a VLAN name.
Specifies all VLANs
Chapter 3. Commands for Managing the Switch | 97
NETGEAR 8800 Chassis Switch CLI Manual
Default
Disabled for all VLANs.
Usage Guidelines
None.
Example
The following command disables the generation and processing of DHCP packets on a VLAN named accounting: disable dhcp vlan accounting
disable snmp access
disable snmp access {snmp-v1v2c | snmpv3}
Description
Selectively disables SNMP on the switch.
Syntax Description
snmp-v1v2c snmpv3
Specifies SNMPv1/v2c access only.
Specifies SNMPv3 access only.
Default
Enabled.
Usage Guidelines
Disabling SNMP access does not affect the SNMP configuration (for example, community strings). However, if you disable SNMP access, you will be unable to access the switch using
SNMP.
This command allows you to disable either all SNMP access, v1/v2c access only, or v3 access only.
To allow access, use the following command:
enable snmp access {snmp-v1v2c | snmpv3}
Example
The following command disables all SNMP access on the switch: disable snmp access
98 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
disable snmp access vr
disable snmp access vr [<vr_name> | all]
Description
Selectively disables SNMP access on virtual routers.
Syntax Description
vr_name all
Specifies the virtual router name.
Specifies all virtual routers.
Default
Enabled on all virtual routers.
Usage Guidelines
Use this command to disable SNMP access on any or all virtual routers.
When SNMP access is disabled on a virtual router, the incoming SNMP request is dropped and an EMS message is logged.
To enable SNMP access on virtual routers use the enable snmp access vr
command.
To display the SNMP configuration and statistics on a specified virtual router, use the
command.
Example
The following command disables SNMP access on the virtual router vr-finance: disable snmp access vr vr-finance
disable snmp community
disable snmp community <alphanumeric-community-string>
Description
Disables SNMP community strings on the switch.
Syntax Description
alphanumeric-community-string Specifies the SNMP community string name.
Default
N/A
Chapter 3. Commands for Managing the Switch | 99
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
This command allows the administrator to disable an snmp community. It sets the rowStatus of the community to
NotInService
. When disabled, SNMP access to the switch using the designated community is not allowed.
Example
The following command disables the community string named netgear: disable snmp community netgear
disable snmp traps
disable snmp traps
Description
Prevents SNMP traps from being sent from the switch.
Syntax Description
This command has no arguments or variables.
Default
Enabled.
Usage Guidelines
This command does not clear the SNMP trap receivers that have been configured. The command prevents SNMP traps from being sent from the switch even if trap receivers are configured.
To view if SNMP traps are being sent from the switch, use the
command displays information about the switch including the
enabled/disabled state of SNMP traps being sent.
Example
The following command prevents SNMP traps from being sent from the switch to the trap receivers: disable snmp traps
disable snmpv3
disable snmpv3 [default-group | default-user]
Description
Selectively disables SNMPv3 default-group or default-user access on the switch.
100 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
default-group default-user
Specifies SNMPv3 default-group.
Specifies SNMPv3 default-user.
Default
Enabled
Usage Guidelines
This command is used to disable SNMPv3 default-group or default-user access.
Disabling SNMPv3 default-group access removes access to default-users and user-created users who are part of the default-group. The user-created authenticated SNMPv3 users (who are part of a user-created group) are able to access the switch. By disabling default-users access, the end-user is not able to access the switch/MIBs using SNMPv3 default-user.
The default groups are: admin, initial, v1v2c_ro, v1v2c_rw.
The default users are: admin, initial, initialmd5, initialsha, initialmd5Priv, initialshaPriv.
Example
The following command disables the default group on the switch: disable snmp default-group
disable sntp-client
disable sntp-client
Description
Disables the SNTP client.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
SNTP can be used by the switch to update and synchronize its internal clock from a Network
Time Protocol (NTP) server. After the SNTP client has been enabled, the switch sends out a periodic query to the indicated NTP server, or the switch listens to broadcast NTP updates. In addition, the switch supports the configured setting for Greenwich Mean Time (GMT) offset and the use of Daylight Savings Time (DST).
Chapter 3. Commands for Managing the Switch | 101
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command disables the SNTP client: disable sntp-client
disable telnet
disable telnet
Description
Disables external Telnet services on the system.
Syntax Description
This command has no arguments or variables.
Default
Enabled.
Usage Guidelines
You must be logged in as an administrator to enable or disable Telnet.
Note:
Telnet sessions between MSMs/MMs are not affected by this command.
Example
With administrator privilege, the following command disables external Telnet services on the switch: disable telnet
disable watchdog
disable watchdog
Description
Disables the system watchdog timer.
Syntax Description
This command has no arguments or variables.
102 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Default
Enabled.
Usage Guidelines
The watchdog timer monitors the health of the switch hardware and software events. For example, the watchdog timer reboots the switch if the system cannot reset the watchdog timer. This can be caused by a long CPU processing loop, any unhandled exception, or a hardware problem with the communication channel to the watchdog. In most cases, if the watchdog timer expires, the switch captures the current CPU status and posts it to the console and the system log. In some cases, if the problem is so severe that the switch is unable to perform any action, the switch reboots without logging any system status information prior to reboot.
This command takes affect immediately.
The watchdog settings are saved in the configuration file.
To display the watchdog state of your system, use the
Example
The following command disables the watchdog timer: disable watchdog
enable dhcp vlan
enable dhcp vlan [<vlan_name> | all]
Description
Enables the generation and processing of DHCP packets on a VLAN to obtain an IP address for the VLAN from a DHCP server.
Syntax Description
vlan_name all
Specifies a VLAN name.
Specifies all VLANs.
Default
Disabled for all VLANs.
Usage Guidelines
None.
Chapter 3. Commands for Managing the Switch | 103
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command enables the generation and processing of DHCP packets on a VLAN named accounting: enable dhcp vlan accounting
enable snmp access
enable snmp access {snmp-v1v2c | snmpv3}
Description
Selectively enables SNMP access on the switch.
Syntax Description
snmp-v1v2c snmpv3
Specifies SNMPv1/v2c access only.
Specifies SNMPv3 access only.
Default
Enabled.
Usage Guidelines
To have access to the SNMP agent residing in the switch, at least one VLAN must have an IP address assigned to it.
Any network manager running SNMP can manage the switch for v1/v2c/v3, provided the MIB is installed correctly on the management station. Each network manager provides its own user interface to the management facilities.
For SNMPv3, additional security keys are used to control access, so an SNMPv3 manager is required for this type of access.
This command allows you to enable either all SNMP access, no SNMP access, v1/v2c access only, or v3 access only.
To prevent any SNMP access, use the following command:
disable snmp access {snmp-v1v2c | snmpv3}
The 8800 OS introduced the concept of safe defaults mode. Safe defaults mode runs an interactive script that allows you to enable or disable SNMP, Telnet, and switch ports. When you set up your switch for the first time, you must connect to the console port to access the switch. After logging in to the switch, you enter safe defaults mode. Although SNMP, Telnet, and switch ports are enabled by default, the script prompts you to confirm those settings.
If you choose to keep the default setting for SNMP—the default setting is enabled—the switch returns the following interactive script:
104 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Since you have chosen less secure management methods, please remember to increase the security of your network by taking the following actions:
* change your admin password
* change your SNMP public and private strings
* consider using SNMPv3 to secure network management traffic
In addition, you can return to safe defaults mode by issuing the following command:
If you return to safe defaults mode, you must answer the questions presented during the interactive script.
For more detailed information about safe defaults mode, see the section “Safe Defaults
Setup Method” in the NETGEAR 8800 User Manual.
Example
The following command enables all SNMP access for the switch: enable snmp access
enable snmp access vr
enable snmp access vr [<vr_name> | all]
Description
Selectively enables SNMP access on virtual routers.
Syntax Description
vr_name all
Specifies the virtual router name.
Specifies all virtual routers.
Default
Enabled on all virtual routers.
Usage Guidelines
Use this command to enable SNMP access on any or all virtual routers.
To disable SNMP access on virtual routers, use the disable snmp access vr
command.
To display the SNMP configuration and statistics on a specified virtual router, use the
command.
Example
The following command enables SNMP access on the virtual router vr-finance:
Chapter 3. Commands for Managing the Switch | 105
enable snmp access vr vr-finance
enable snmp community
enable snmp community <alphanumeric-community-string>
Description
Enables SNMP community strings.
Syntax Description
alphanumeric-community-string Specifies the SNMP community string name.
Default
N/A
Usage Guidelines
This command allows the administrator to enable an snmp community that has been disabled. It sets the rowStatus
of the community to
Active
.
Example
The following command enables the community string named netgear: enable snmp community netgear
enable snmp traps
enable snmp traps
Description
Turns on SNMP trap support.
Syntax Description
This command has no arguments or variables.
Default
Enabled.
Usage Guidelines
An authorized trap receiver can be one or more network management stations on your network. The switch sends SNMP traps to all trap receivers.
106 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
NETGEAR 8800 Chassis Switch CLI Manual
To view if SNMP traps are being sent from the switch, use the show management
command displays information about the switch including the enabled/disabled state of SNMP traps being sent.
Example
The following command enables SNMP trap support on the switch: enable snmp traps
enable snmpv3
enable snmpv3 [default-group | default-user]
Description
Selectively enables SNMPv3 default-group or default-user access on the switch.
Syntax Description
default-group default-user
Specifies SNMPv3 default-group.
Specifies SNMPv3 default-user.
Default
Enabled
Usage Guidelines
This command is used to enable SNMPv3 default-group or default-user access.
Enabling SNMPv3 default-group access activates the access to an SNMPv3 default-group and the user- created SNMPv3-user part of default-group. Enabling the SNMPv3 default-user access allows an end user to access the MIBs using SNMPv3 default-user. This command throws an error if the SNMPv3 access is disabled on the switch.
The default groups are: admin, initial, v1v2c_ro, v1v2c_rw.
The default users are: admin, initial, initialmd5, initialsha, initialmd5Priv, initialshaPriv.
Example
The following command enables the default users on the switch: enable snmp default-user
enable sntp-client
enable sntp-client
Chapter 3. Commands for Managing the Switch | 107
NETGEAR 8800 Chassis Switch CLI Manual
Description
Enables the SNTP client.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
SNTP can be used by the switch to update and synchronize its internal clock from a Network
Time Protocol (NTP) server. After the SNTP client has been enabled, the switch sends out a periodic query to the indicated NTP server, or the switch listens to broadcast NTP updates. In addition, the switch supports the configured setting for Greenwich Mean Time (GMT) offset and the use of Daylight Savings Time (DST).
Example
The following command enables the SNTP client: enable sntp-client
enable telnet
enable telnet
Description
Enables external Telnet services on the system.
Syntax Description
This command has no arguments or variables.
Default
Enabled.
Usage Guidelines
You must be logged in as an administrator to enable or disable Telnet.
The 8800 OS introduces the concept of safe defaults mode. Safe defaults mode runs an interactive script that allows you to enable or disable SNMP, Telnet, and switch ports. When you set up your switch for the first time, you must connect to the console port to access the switch. After logging in to the switch, you enter safe defaults mode. Although SNMP, Telnet, and switch ports are enabled by default, the script prompts you to confirm those settings.
108 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
If you choose to keep the default setting for Telnet—the default setting is enabled—the switch returns the following interactive script:
Since you have chosen less secure management methods, please remember to increase the security of your network by taking the following actions:
* change your admin password
* change your SNMP public and private strings
* consider using SNMPv3 to secure network management traffic
In addition, you can return to safe defaults mode by issuing the following command:
If you return to safe defaults mode, you must answer the questions presented during the interactive script.
For more detailed information about safe defaults mode, see the section “Safe Defaults
Setup Method” in the NETGEAR 8800 User Manual.
Example
With administrator privilege, the following command enables Telnet services on the switch: enable telnet
enable watchdog
enable watchdog
Description
Enables the system watchdog timer.
Syntax Description
This command has no arguments or variables.
Default
Enabled.
Usage Guidelines
The watchdog timer monitors the health of the switch hardware and software events. For example, the watchdog timer reboots the switch if the system cannot reset the watchdog timer. This is caused by a long CPU processing loop, any unhandled exception, or a hardware problem with the communication channel to the watchdog. In most cases, if the watchdog timer expires, the switch captures the current CPU status and posts it to the console and the system log. In some cases, if the problem is so severe that the switch is unable to perform any action, the switch reboots without logging any system status information prior to reboot.
This command takes affect immediately.
Chapter 3. Commands for Managing the Switch | 109
The watchdog settings are saved in the configuration file.
To display the watchdog state of your system, use the show switch
Example
The following command enables the watchdog timer: enable watchdog
exit
exit
Description
Logs out the session of a current user for CLI or Telnet.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
Use this command to log out of a CLI or Telnet session.
When you issue this command, you are asked to save your configuration changes to the current, active configuration. Enter y
if you want to save your changes. Enter n
if you do not want to save your changes.
Example
The following command logs out the session of a current user for CLI or Telnet: exit
A message similar to the following is displayed:
Do you wish to save your configuration changes to primary.cfg? (y or n)
Enter y
if you want to save your changes. Enter n
if you do not want to save your changes.
logout
logout
Description
Logs out the session of a current user for CLI or Telnet.
110 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
Use this command to log out of a CLI or Telnet session.
When you issue this command, you are asked to save your configuration changes to the current, active configuration. Enter y
if you want to save your changes. Enter n
if you do not want to save your changes.
Example
The following command logs out the session of a current user for CLI or Telnet: logout
A message similar to the following is displayed:
Do you wish to save your configuration changes to primary.cfg? (y or n)
Enter y
if you want to save your changes. Enter n
if you do not want to save your changes.
quit
quit
Description
Logs out the session of a current user for CLI or Telnet.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
Use this command to log out of a CLI or Telnet session.
When you issue this command, you are asked to save your configuration changes to the current, active configuration. Enter y
if you want to save your changes. Enter n
if you do not want to save your changes.
Chapter 3. Commands for Managing the Switch | 111
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command logs out the session of a current user for CLI or Telnet: quit
A message similar to the following is displayed:
Do you wish to save your configuration changes to primary.cfg? (y or n)
Enter y
if you want to save your changes. Enter n
if you do not want to save your changes.
show checkpoint-data
show checkpoint-data {<process>}
Description
Displays the status of one or more processes being copied from the primary MSM/MM to the backup MSM/MM.
Syntax Description
process Specifies the name of the processes being copied.
Default
N/A.
Usage Guidelines
This command displays, in percentages, the amount of internal state copying completed by each process and the traffic statistics between the process on both the primary and the backup MSMs/MMs.
This command is also helpful in debugging synchronization problems that occur at run-time.
To check the status of synchronizing the MSMs/MMs, use the
Depending on the software version running on your switch and the type of switch you have, additional or different checkpoint status information may be displayed.
Example
The following command displays the checkpointing status and the traffic statics of all of the processes between the primary and the backup MSM: show checkpoint-data
The following is sample output from this command:
Process Tx Rx Errors Sent Total % Chkpt Debug-info
---------------------------------------------------------------------------devmgr 3812 1731 0 3 3 100% ON OK 1 (00008853)
112 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
dirser 0 0 0 0 0 0% ON OK 1 (000008D3) ems 5 0 0 0 0 100% ON OK 1 (000008D3) nodemgr 0 0 0 0 0 0% ON OK 1 (000008D3) snmpSubagent 0 0 0 0 0 0% ON OK 1 (000018D3) snmpMaster 0 0 0 0 0 0% ON OK 1 (000008D3) cli 0 0 0 0 0 0% ON OK 1 (000018D3) cfgmgr 82 82 0 1 1 100% ON OK 1 (000018D3) elrp 0 0 0 0 0 0% ON OK 1 (000008D3) vlan 1047 1 0 0 0 100% ON OK 1 (000008D3) aaa 0 0 0 0 0 0% ON OK 1 (000008D3) fdb 957 2 0 0 0 100% ON OK 1 (000008D3) msgsrv 0 0 0 0 0 100% ON OK 1 (000008D3) stp 1 0 0 0 0 0% ON OK 1 (000008D3) polMgr 0 0 0 0 0 0% ON OK 1 (000008D3) mcmgr 2 2 0 0 0 100% ON OK 1 (000008D3) acl 0 0 0 0 0 100% ON OK 1 (000008D3) netLogin 0 0 0 0 0 0% ON OK 1 (000008D3) ospf 0 0 0 0 0 0% ON OK 1 (000008D3) netTools 1 0 0 0 0 100% ON OK 1 (000008D3) telnetd 0 0 0 0 0 0% ON OK 1 (000008D3) rtmgr 4 4 0 0 0 100% ON OK 1 (000008D3) vrrp 378 0 0 0 0 0% ON OK 1 (000008D3) tftpd 0 0 0 0 0 0% ON OK 1 (000008D3) thttpd 0 0 0 0 0 0% ON OK 1 (000008D3) rip 0 0 0 0 0 0% ON OK 1 (000008D3) dosprotect 0 0 0 0 0 0% ON OK 1 (000008D3) epm 0 0 0 0 0 0% ON OK 1 (000008D3) hal 0 0 0 0 0 0% ON OK 1 (000008D3) bgp 0 0 0 0 0 0% ON OK 1 (000008D3) pim 0 0 0 0 0 0% ON OK 1 (000008D3) etmon 185 185 0 0 0 100% ON OK 1 (000008D3)
To view the output for a specific process, use the process
option. The following command displays detailed information for the STP process: show checkpoint-data stp
The following is sample output from this command:
Process Tx Rx Errors Sent Total % Chkpt Debug-info
---------------------------------------------------------------------------stp 1 0 0 0 0 0% ON OK 1 (000008D3)
show dhcp-client state
show dhcp-client state
Description
Displays the current DHCP/BOOTP client state for each vlan.
Chapter 3. Commands for Managing the Switch | 113
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
This command has no arguments or variables.
Default
Displays the client state for all existing VLANs.
Usage Guidelines
None.
Example
The following command displays the DHCP/BOOTP status for all VLANs: show dhcp-client state
Depending on your configurations, output from this command is similar to the following:
Client VLAN Protocol Server Current State
--------------- -------- --------------- ---------------------------------------
Default BOOTP 10.1.2.3 Received IP address configured on vlan accounting DHCP 10.2.3.4 DHCP state; Requesting
Mgmt None 0.0.0.0
A total of 3 vlan(s) were displayed
show management
show management
Description
Displays the SNMP and CLI settings configured on the switch and the SNMP statistics.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines:
The following management output is displayed:
•
Enable/disable state for Telnet, and SNMP access
•
Login statistics
•
Enable/disable state for idle timeouts
•
Maximum number of CLI sessions
114 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
•
SNMP community strings
•
SNMP trap receiver list
•
SNMP trap receiver source IP address
•
SNMP statistics counter
•
SSH access states of enabled, disabled, and module not loaded
•
CLI configuration logging
•
SNMP access states of v1, v2c disabled and v3 enabled
If all three types of SNMP access are enabled or disabled, SNMP access is displayed as either Enabled or Disabled.
•
Enable/disable state for RMON
•
Access-profile usage configured via Access Control Lists (ACLs) for additional Telnet and
SSH2 security
•
CLI scripting settings
•
Enable/disable state
•
Error message setting
•
Persistence mode
•
Dropped SNMP packet counter.
Example
The following command displays configured SNMP settings on an 8800 switch: show management
The following is sample output from this command:
CLI idle timeout : Enabled (20 minutes)
CLI max number of login attempts : 3
CLI max number of sessions : 8
CLI paging : Enabled (this session only)
CLI space-completion : Disabled (this session only)
CLI configuration logging : Disabled
CLI scripting : Disabled (this session only)
CLI scripting error mode : Ignore-Error (this session only)
CLI persistent mode : Persistent (this session only)
Telnet access : Enabled (tcp port 23 vr all)
: Access Profile : not set
SSH Access : ssh module not loaded.
Web access : Disabled (tcp port 80)
Total Read Only Communities : 1
Total Read Write Communities : 1
RMON : Disabled
SNMP access : Enabled
: Access Profile Name : not set
SNMP Traps : Enabled
Chapter 3. Commands for Managing the Switch | 115
NETGEAR 8800 Chassis Switch CLI Manual
SNMP v1/v2c TrapReceivers :
Destination Source IP Address Flags
10.120.91.89 /10550 2E
Flags: Version: 1=v1 2=v2c
Mode: S=Standard E=Enhanced
SNMP stats: InPkts 582 OutPkts 588 Errors 0 AuthErrors 0
Gets 0 GetNexts 582 Sets 0 Drops 12294
SNMP traps: Sent 6 AuthTraps Enabled
show node
show node {detail}
Description
Displays the status of the nodes in the system as well as the general health of the system.
Syntax Description
detail Displays the information on a per-node basis rather than in a tabular format.
Default
N/A.
Usage Guidelines
Use this command to display the current status of the nodes and the health of the system.
The information displayed shows the node configurations (such as node priority) and the system and hardware health computations. You can use this information to determine which node will be elected primary in case of a failover.
lists the node statistic information collected by the switch.
116 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Table 6. Node States
Node State
BACKUP
DOWN
FAIL
INIT
MASTER
STANDBY
Description
In the backup state, this node becomes the primary node if the primary fails or enters the
DOWN state. The backup node also receives the checkpoint state data from the primary.
In the down state, the node is not available to participate in leader election. The node enters this state during any user action, other than a failure, that makes the node unavailable for management. Examples of user actions are:
• Upgrading the software
• Rebooting the system using the
• Initiating an MSM/MM failover using the run msm-failover
• Synchronizing the MSM’s/MM’s software and configuration in non-volatile storage using the
command
In the fail state, the node has failed and needs to be restarted or repaired. The node reaches this state if the system has a hardware or software failure.
In the initial state, the node is being initialized. A node stays in this state when it is coming up and remains in this state until it has been fully initialized. Being fully initialized means that all of the hardware has been initialized correctly and there are no diagnostic faults.
In the primary state, the node is responsible for all switch management functions.
In the standby state, leader election occurs—the primary and backup nodes are elected. The priority of the node is only significant in the standby state.
Example
The following command displays the status of the node, the priority of the node, and the general health of the system: show node
The following is sample output from this command:
Node State Priority SwHealth HwHealth
-----------------------------------------------
MSM-A MASTER 0 49 7
MSM-B BACKUP 0 49 7
If you specify the detail
option, the same information is displayed on a per node basis rather than in a tabular format.
Node MSM-A information:
Node State: MASTER
Node Priority: 0
Sw Health: 49
Hw Health: 7
Node MSM-B information:
Node State: BACKUP
Node Priority: 0
Chapter 3. Commands for Managing the Switch | 117
NETGEAR 8800 Chassis Switch CLI Manual
Sw Health: 49
Hw Health: 7
show odometers
show odometers
Description
Displays a counter for each component of a switch that shows how long it has been functioning since it was manufactured.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
The output from this command displays how long individual components in the switch have been functioning since it was manufactured. This odometer counter is kept in the EEPROM of each monitored component. This means that even if you plug in the component into a different chassis, the odometer counter is available in the new switch chassis.
Monitored Components
On the 8800, the odometer monitors the following components:
•
Chassis
•
MSMs/MMs
•
I/O modules
•
Power controllers
Recorded Statistics
The following odometer statistics are collected by the switch:
•
Service Days—The amount of days that the component has been running
•
First Recorded Start Date—The date that the component was powered-up and began running
Depending on the software version running on your switch, the modules installed in your switch, and the type of switch you have, additional or different odometer information may be displayed.
118 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command displays how long each component of a switch has been functioning since its manufacture date: show odometers
The following is sample output from the NETGEAR 8800 series switch:
Service First Recorded
Field Replaceable Units Days Start Date
------------------------- ------- --------------
Chassis : BD-8810 209 Dec-07-2004
Slot-1 : G48T 208 Dec-07-2004
Slot-2 : 10G4X 219 Nov-02-2004
Slot-3 : G48T 228 Oct-26-2004
Slot-4 : G24X 226 Oct-19-2004
Slot-5 : G8X 139 Dec-07-2004
Slot-6 :
Slot-7 : 10G4X 160 Dec-16-2004
Slot-8 : 10G4X 133 Dec-14-2004
Slot-9 : G48P 111 Nov-04-2004
Slot-10 :
MSM-A : MSM-G8X 137 Dec-07-2004
MSM-B :
PSUCTRL-1 : 209 Dec-07-2004
PSUCTRL-2 : 208 Dec-07-2004
show power
show power {<ps_num>} {detail}
Description
Displays the current status of the installed power supplies.
Command Syntax
ps_num detail
Specifies the slot number of the installed power supply.
The detail option is reserved for future use.
Default
N/A.
Usage Guidelines
Use this command to view detailed information about the health of the power supplies.
Chapter 3. Commands for Managing the Switch | 119
NETGEAR 8800 Chassis Switch CLI Manual
This status information may be useful for your technical support representative if you have a network problem.
The switch collects the following power supply information:
•
State—Indicates the current state of the power supply. Options are:
•
Empty—There is no power supply installed.
•
Power Failed—The power supply has failed.
•
Powered Off—The power supply is off.
•
Powered On—The power supply is on and working normally.
Located next to the “State” of the power supply, the following information provides more detailed status information. Options are:
•
Disabled for net power gain—Indicates that the power supply is disabled in order to maximize the total available system power
•
Configured ON—Indicates that the user requested to enable a disabled power supply regardless of the affect on the total available system power
•
Configured ON when present—Indicates that the power supply slot is currently empty, but the user requested to enable the power supply regardless of the affect on the total available system power
•
Unsupported—Indicates that a 600/900 W AC PSU is inserted in a chassis other than the XCM8806 and XCM8810.
•
PartInfo—Provides information about the power supply. Depending on your switch, options include:
•
Serial number—A collection of numbers and letters, that make up the serial number of the power supply.
•
Part number—A collection of numbers and letters that make up the part number of the power supply.
•
Revision—Displays the revision number of the power supply.
•
Odometer—Specifies how long the power supply has been operating.
•
Temperature—Specifies, in Celsius, the current temperature of the power supply.
•
Input—Specifies the input voltage and the current requirements of the power supply and whether the input is AC or DC.
•
Output 1 and Output 2—Specifies the output voltage and the current supplied by the power supply. The values are only displayed if known for the platform.
Example
The following command displays the status of the power supply installed in slot 1: show power 1
The following is sample output from this command:
PowerSupply 1 information:
State: Powered On
120 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
PartInfo: PS 2336 5003J-00479 4300-00137
Revision: 2.0
Odometer: 90 days 5 hours
Temperature: 29.0 deg C
Fan 1: 6473 RPM
Fan 2: 6233 RPM
Input: 230.00 V AC
Output 1: 48.50 V, 7.25 A (48V/1104W Max)
Output 2: 12.44 V, 0.62 A (12V/48W Max)
If power management needs to disable a power supply to maximize the total available power, you see
Disabled for net power gain
next to the state of the power supply, as shown in the sample truncated output:
PowerSupply 1 information:
State: Powered Off (Disabled for net power gain)
PartInfo: PS 2336 0413J-00732 4300-00137
...
If you choose to always enable a power supply, regardless of the affect on the total available power, you see
Configured ON
next to the state of the power supply, as shown in the sample truncated output:
PowerSupply 1 information:
State: Powered On (Configured ON)
PartInfo: PS 2336 0413J-00732 4300-00137
If you install the 600/900 W AC PSU in a chassis other than a NETGEAR 8806, you see unsupported next to the state of the power supply, as shown in this sample truncated output:
PowerSupply 3 information:
State: Unsupported
PartInfo: PS 2431 0622J-00013 4300-00161
show power budget
show power budget
Description
Displays the power status and the amount of available and required power.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Chapter 3. Commands for Managing the Switch | 121
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
Use this command to view detailed information about the amount of power available on the switch.
This status information may be useful if the show slot
command displays a state of Powered
OFF for any I/O module, for monitoring power, or for power planning purposes.
The first table of the show power budget
command displays:
•
Slot number of the power supply.
•
Current state of the power supply. Options are:
•
Empty—There is no power supply installed.
•
Power Failed—The power supply has failed.
•
Power Off—The power supply is off.
•
Power On—The power supply is on.
•
Watts and voltage amounts of the power supply.
•
Redundant power information. Redundant power is the amount of power available if power to one PSU is lost. If a switch has PSUs with a mix of both 220V AC and 110V AC inputs, the amount of redundant power shown is based on the worst-case assumption that power to a PSU with 220V AC input is lost.
The second table of the show power budget
•
Slot number and name of the component installed in the slot. Options include:
•
I/O modules
•
MSMs/MMs
•
Fan trays
•
Current state of the module. Options include, among others:
•
Empty: There is no component installed.
•
Operational: The component is installed and operational.
•
Present: The component is installed but not operational.
•
Down: The module is installed, but the administrator has taken the module offline.
•
Power ON: There is sufficient system power to power up the module.
•
Powered OFF: There is insufficient system power to keep the module up and running, or there is a mismatch between the module configured for the slot and the actual module installed in the slot.
•
Booting: The module has completed downloading the software image and is now booting.
•
Initializing: The module is initializing.
•
Watts and voltage amounts of the modules.
•
Power Surplus or Power Shortfall.
•
If the amount of available power meets or exceeds the required port, the excess is displayed as the Power Surplus.
122 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
•
If the available power is insufficient to meet the required power, the deficit is displayed as Power Shortfall.
•
Redundant power information. If the amount of redundant power meets or exceeds the required power, the system has (N+1) power.
•
Yes—The system has redundant (N+1) power.
•
No—The system does not have redundant (N+1) power.
The information contained in this display is for planning purposes since the system operates without redundant power as long as a power surplus is shown. However, if power is lost to a single PSU when the system is not redundant, I/O modules are powered down. Sefer to the section “Understanding Power Supply Management” in
Chapter 2 of the NETGEAR 8800 User Manual.
Depending on the software version running on your switch, the modules installed in your switch, and the type of switch you have, additional or different power information may be displayed.
Example
The following command displays the distribution of power and the available power on the switch: show power budget
The following is sample output of this command from a NETGEAR 8800 series switch:
PS State 48V
-----------------------------------------------
1 Powered On 624.00
2 Powered On 624.00
3 Empty
4 Empty
5 Empty
6 Empty
-----------------------------------------------
Power Available: 1248.00
Redundant (N+1) Power Available: 648.00
Slots Type State Watts
-----------------------------------------------
Slot-1 Empty
Slot-2 GM-20T Operational 149.00
Slot-5 GM-20T Operational 149.00
Slot-6 Empty
MSM-A MSM-5 Operational 185.00
MSM-B Empty 185.00
FanTray Operational 45.00
-----------------------------------------------
Power Required: 713.00
Chapter 3. Commands for Managing the Switch | 123
NETGEAR 8800 Chassis Switch CLI Manual
Power Allocated: 713.00
Power Surplus: 535.00
Redundant Power Supply(s) Present?: NO
show power controller
show power controller {<num>}
Description
Displays the current status of the installed power supply controllers.
Command Syntax
num Specifies the slot number of the installed power supply controller.
Default
N/A.
Usage Guidelines
Use this command to view detailed information about the health of the power supply controllers. Power controllers collect data about the installed power supplies and report the results to the MSM/MM.
This status information may be useful for your technical support representative if you have a network problem.
The switch collects the following power supply controller information:
•
State—Indicates the current state of the power supply controller. Options are:
•
Empty: There is no power supply controller installed.
•
Operational: The power supply controller is installed and operational.
•
Present: The power supply controller is installed.
•
PartInfo—Provides information about the power supply controller including the:
•
Slot number where the power supply controller is installed.
•
Serial number, a collection of numbers and letters, that make up the serial number of the power supply controller.
•
Part number, a collection of numbers and letters that make up the part number of the power supply controller.
•
Revision—Displays the revision number of the power supply controller.
•
FailureCode—Specifies the failure code of the power supply controller.
•
Odometer—Specifies the date and how long the power supply controller has been operating.
124 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
•
Temperature—Specifies, in Celsius, the current temperature of the power supply controller.
•
Status—Specifies the status of the power supply controller.
Example
The following command displays the status of the installed power supply controllers: show power controller
The following is sample output from this command:
PSUCTRL-1 information:
State: Operational
PartInfo: PSUCTRL-1 04334-00021 450117-00-01
Revision: 1.0
FailureCode: 0
Odometer: 337 days 7 hours since Nov-30-2004
Temperature: 32.14 deg C
Status: PSU CTRL Mode: Master
PSUCTRL-2 information:
State: Empty
If you have two power supply controllers installed, the switch displays output about both of the power supply controllers:
PSUCTRL-1 information:
State: Operational
PartInfo: PSUCTRL-1 04334-00021 450117-00-01
Revision: 1.0
FailureCode: 0
Odometer: 17 days 5 hours 30 minutes since Oct-19-2004
Temperature: 35.1 deg C
Status: PSU CTRL Mode: Master
PSUCTRL-2 information:
State: Operational
PartInfo: PSUCTRL-2 04334-00068 450117-00-01
Revision: 1.0
FailureCode: 0
Odometer: 4 days 13 hours since Sep-21-2004
Temperature: 33.56 deg C
Status: PSU CTRL Mode: Backup
show session
show session {{detail} {<sessID>}} {history}
Chapter 3. Commands for Managing the Switch | 125
NETGEAR 8800 Chassis Switch CLI Manual
Description
Displays the currently active Telnet and console sessions communicating with the switch.
Syntax Description
detail sessID history
Specifies more detailed session information.
Specifies a session ID number.
Displays a list of all sessions.
Default
N/A.
Usage Guidelines
command displays the username and IP address of the incoming Telnet
session, whether a console session is currently active, and the login time. Each session is numbered.
The switch accepts IPv6 connections. If the incoming session is from an IPv6 address, the show session
output indicates IPv6.
You can specify the following options to alter the session output:
•
detail
—The output for all current sessions is displayed in a list format.
•
sessID
—The output for the specified session is displayed in a list format.
•
history
—Displays a list of current and previous sessions, including the user, type of session, location, and start and end time of the session.
.
Table 7. Show Command Field Definitions
Field
#
Login Time
User
Type
Auth
CLI Auth
Location
Definition
Indicates session number.
Indicates login time of session.
Indicates the user logged in for each session.
Indicates the type of session, for example: console, telnet, http, https.
Indicates how the user is logged in.
Indicates the type of authentication (RADIUS and TACACS) if enabled.
Indicates the location (IP address) from which the user logged in. The output also indicates if the location is an IPv6 address.
126 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command displays the active sessions on the switch: show session
The following is sample output from this command:
CLI
# Login Time User Type Auth Auth Location
================================================================================
1 Thu Apr 28 20:16:56 2005 admin console local dis serial
*2 Thu Apr 28 23:36:20 2005 admin ssh2 local dis 3001::20d:88ff:fec5:ad40
3 Fri Apr 29 11:14:27 2005 admin telnet local dis 10.255.44.55
The following command displays a list of current and previous sessions on the switch: show session history
The following is sample output from this command:
Session History: admin console serial Mon Jun 21 09:19:
00 2004 Mon Jun 21 10:00:16 2004 admin console serial Tue Jun 22 07:28:
11 2004 Tue Jun 22 11:46:48 2004 admin console serial Wed Jun 23 10:05:
44 2004 Wed Jun 23 14:11:47 2004 admin console serial Thu Jun 24 07:07:
25 2004 Thu Jun 24 07:08:55 2004 admin console serial Thu Jun 24 13:30:
07 2004 Active
show snmp
show snmp [get | get-next] <object_identifier>
Description
Displays the contents of an SNMP MIB object.
Syntax Description
object_identifier Specifies the object identifier for an SNMP MIB object.
Default
N/A.
Chapter 3. Commands for Managing the Switch | 127
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
Use the get
option to establish an index into the SNMP MIB. After the get
option is executed, you can use the get next
option to step through the MIB objects.
Example
The following gets the contents of SNMP object 1.3.6.1.2.1.1.5.0: show snmp get 1.3.6.1.2.1.1.5.0
system.5.0 = BD-12804
show snmp vr_name
show snmp {vr} <vr_name>
Description
Displays the SNMP configuration and statistics on a virtual router.
Syntax Description
vr_name Specifies the virtual router.
Default
N/A.
Usage Guidelines
Use this command to display the SNMP configuration and statistics on a virtual router.
Example
The following command displays configuration and statistics for the virtual router VR-Default: show snmp vr VR-Default
Following is sample output for the command:
SNMP access : Disabled
SNMP Traps : Enabled
SNMP v1/v2c TrapReceivers :
Destination Source IP Address Flags
10.120.91.89 /162 2E
Flags: Version: 1=v1 2=v2c
Mode: S=Standard E=Enhanced
SNMP stats: InPkts 300 OutPkts 300 Errors 0 AuthErrors 0
Gets 0 GetNexts 300 Sets 0 Drops 0
SNMP traps: Sent 0 AuthTraps Enabled
128 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
show snmpv3 access
show snmpv3 access {[[hex <hex_group_name>] | <group_name>]}
Description
Displays SNMPv3 access rights.
Syntax Description
hex group_name
Specifies that the value to follow is to be supplied as a colon separated string of hex octets.
Specifies the name of the group to display.
Default
N/A.
Usage Guidelines
command displays the access rights of a group. If you do not specify a group name, the command will display details for all the groups.
This command displays the SNMPv3 vacmAccessTable entries.
Example
The following command displays all the access details: show snmpv3 access
The following is sample output from this command:
X450a-24t.5 # show snmpv3 access
Group Name : admin
Context Prefix :
Security Model : USM
Security Level : Authentication Privacy
Context Match : Exact
Read View : defaultAdminView
Write View : defaultAdminView
Notify View : defaultNotifyView
Storage Type : NonVolatile
Row Status : Active
Group Name : initial
Context Prefix :
Security Model : USM
Security Level : No-Authentication No-Privacy
Chapter 3. Commands for Managing the Switch | 129
Context Match : Exact
Read View : defaultUserView
Write View :
Notify View : defaultNotifyView
Storage Type : NonVolatile
Row Status : Active
Group Name : initial
Context Prefix :
Security Model : USM
Security Level : Authentication No-Privacy
Context Match : Exact
Read View : defaultUserView
Write View : defaultUserView
Notify View : defaultNotifyView
Storage Type : NonVolatile
Row Status : Active
Group Name : v1v2c_ro
Context Prefix :
Security Model : snmpv1
Security Level : No-Authentication No-Privacy
Context Match : Exact
Read View : defaultUserView
Write View :
Notify View : defaultNotifyView
Storage Type : NonVolatile
Row Status : Active
Group Name : v1v2c_ro
Context Prefix :
Security Model : snmpv2c
Security Level : No-Authentication No-Privacy
Context Match : Exact
Read View : defaultUserView
Write View :
Notify View : defaultNotifyView
Storage Type : NonVolatile
Row Status : Active
Group Name : v1v2c_rw
Context Prefix :
Security Model : snmpv1
Security Level : No-Authentication No-Privacy
Context Match : Exact
Read View : defaultUserView
130 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
NETGEAR 8800 Chassis Switch CLI Manual
Write View : defaultUserView
Notify View : defaultNotifyView
Storage Type : NonVolatile
Row Status : Active
Group Name : v1v2c_rw
Context Prefix :
Security Model : snmpv2c
Security Level : No-Authentication No-Privacy
Context Match : Exact
Read View : defaultUserView
Write View : defaultUserView
Notify View : defaultNotifyView
Storage Type : NonVolatile
Row Status : Active
Group Name : v1v2cNotifyGroup
Context Prefix :
Security Model : snmpv1
Security Level : No-Authentication No-Privacy
Context Match : Exact
Read View :
Write View :
Notify View : defaultNotifyView
Storage Type : NonVolatile
Row Status : Active
Group Name : v1v2cNotifyGroup
Context Prefix :
Security Model : snmpv2c
Security Level : No-Authentication No-Privacy
Context Match : Exact
Read View :
Write View :
Notify View : defaultNotifyView
Storage Type : NonVolatile
Row Status : Active
Total num. of entries in vacmAccessTable : 9
The following command displays the access rights for the group group1: show snmpv3 access group1
show snmpv3 community
show snmpv3 community
Chapter 3. Commands for Managing the Switch | 131
NETGEAR 8800 Chassis Switch CLI Manual
Description
Displays information about SNMP community strings.
Syntax Description
This command has no arguments or variables.
Default
N/A
Usage Guidelines
This command displays information about and status of the SNMP community on the switch.
This information is available to Administrator Accounts.
Example
The following command displays the community: show snmpv3 community
The following is sample output from this command.
X450a-24t.4 # show snmpv3 community
Community Index : private
Community Name : private
Security Name : v1v2c_rw
Context EngineID : 80:00:07:7c:03:00:04:96:27:b6:7b
Context Name :
Transport Tag :
Storage Type : NonVolatile
Row Status : Active
Community Index : public
Community Name : public
Security Name : v1v2c_ro
Context EngineID : 80:00:07:7c:03:00:04:96:27:b6:7b
Context Name :
Transport Tag :
Storage Type : NonVolatile
Row Status : Active
Total num. of entries in snmpCommunityTable : 2
show snmpv3 context
show snmpv3 context
132 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Description
Displays information about the SNMPv3 contexts on the switch.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines:
This command displays the entries in the View-based Access Control Model (VACM) context table (VACMContextTable).
Example
The following command displays information about the SNMPv3 contexts on the switch: show snmpv3 context
The following is sample output from this command:
VACM Context Name :
Note : This Version Supports one global context ("")
show snmpv3 counters
show snmpv3 counters
Description
Displays SNMPv3 counters.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
command displays the following SNMPv3 counters:
•
snmpUnknownSecurityModels
•
snmpInvalidMessages
•
snmpUnknownPDUHandlers
•
usmStatsUnsupportedSecLevels
Chapter 3. Commands for Managing the Switch | 133
NETGEAR 8800 Chassis Switch CLI Manual
•
usmStatsNotInTimeWindows
•
usmStatsUnknownUserNames
•
usmStatsUnknownEngineIDs
•
usmStatsWrongDigests
•
usmStatsDecryptionErrors
Issuing the command
Example
The following command displays all the SNMPv3 counters.
show snmpv3 counters
The following is sample output from this command:
snmpUnknownSecurityModels : 0
snmpInvalidMessages : 0
snmpUnknownPDUHandlers : 0
usmStatsUnsupportedSecLevels : 0
usmStatsNotInTimeWindows : 0
usmStatsUnknownUserNames : 0
usmStatsUnknownEngineIDs : 0
usmStatsWrongDigests : 0
usmStatsDecryptionErrors : 0
show snmpv3 engine-info
show snmpv3 engine-info
Description
Displays information about the SNMPv3 engine on the switch.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines:
The following show engine-info output is displayed:
•
Engine-ID—Either the ID auto generated from MAC address of switch, or the ID manually configured.
•
Engine Boots—Number of times the agent has been rebooted.
•
Engine Time—Time since agent last rebooted, in centiseconds.
134 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
•
Max. Message Size—Maximum SNMP Message size supported by the Engine (8192).
Example
The following command displays information about the SNMPv3 engine on the switch: show snmpv3 engine-info
The following is sample output from this command:
SNMP Engine-ID : 80:0:11:AE:3:0:30:48:41:ed:97 'H'
SNMP Engine Boots : 1
SNMP Engine Time : 866896
SNMP Max. Message Size : 8192
show snmpv3 filter
show snmpv3 filter {[[hex <hex_profile_name>] | <profile_name>] {{subtree}
<object_identifier>}
Description
Displays the filters that belong a filter profile.
Syntax Description
hex_profile_name profile_name object_identifier
Specifies the filter profile to display. The value is to be supplied as a colon separated string of hex octets.
Specifies the filter profile to display in ASCII format.
Specifies a MIB subtree.
Default
N/A.
Usage Guidelines
Use this command to display entries from the snmpNotifyFilterTable. If you specify a profile name and subtree, you will display only the entries with that profile name and subtree. If you specify only the profile name, you will display all entries for that profile name. If you do not specify a profile name, then all the entries are displayed.
Example
The following command displays the part of filter profile prof1 that includes the MIB subtree
1.3.6.1.4.1: show snmpv3 filter prof1 subtree 1.3.6.1.4.1
The following is sample output from this command:
Profile Name : prof1
Chapter 3. Commands for Managing the Switch | 135
NETGEAR 8800 Chassis Switch CLI Manual
Subtree : 1.3.6.1.4.1
Mask :
Type : Included
Storage Type : NonVolatile
Row Status : Active
show snmpv3 filter-profile
show snmpv3 filter-profile {[[hex <hex_profile_name>] | <profile_name>]} {param [[hex
<hex_param_name>] | <param_name>]}
Description
Displays the association between parameter names and filter profiles.
Syntax Description
hex_profile_name profile_name hex_param_name param_name
Specifies the filter profile name. The value is to be supplied as a colon separated string of hex octets.
Specifies the filter profile name in ASCII format.
Specifies the parameter name. The values is to be supplied as a colon separated string of hex octets.
Specifies the parameter name in ASCII format.
Default
N/A.
Usage Guidelines
Use this command to display the snmpNotifyFilterProfileTable. This table associates a filter profile with a parameter name. The parameter name is associated with target addresses, and the filter profile is associated with a series of filters, so, in effect, you are associating a series of filters with a target address.
Example
The following command displays the entry with filter profile prof1 with the parameter name
P1: show snmpv3 filter-profile prof1 param P1
The following is sample output of this command:
Filter Profile Params Name : p1
Name : prof1
Storage Type : NonVolatile
Row Status : Active
136 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
show snmpv3 group
show snmpv3 group {[[hex <hex_group_name>] | <group_name>] {user [[hex <hex_user_name>] |
<user_name>]}}
Description
Displays the user name (security name) and security model association with a group name.
Syntax Description
hex_group_name group_name hex_user_name user_name
Specifies the group name to display. The value is to be supplied as a colon separated string of hex octets.
Specifies the group name to display. The value is to be supplied in ASCII format.
Specifies the user name to display. The value is to be supplied as a colon separated string of hex octets.
Specifies the user name to display. The value is to be supplied in ASCII format.
Default
N/A.
Usage Guidelines
command displays the details of a group with the given group name.
If you do not specify a group name, the command will display details for all the groups.
This command displays the SNMPv3 vacmSecurityToGroupTable.
Example
The following command displays information about all groups for every security model and user name: show snmpv3 group
The following is sample output from this command:
X450a-24t.9 # sh snmpv3 group
Group Name : v1v2c_ro
Security Name : v1v2c_ro
Security Model : snmpv1
Storage Type : NonVolatile
Row Status : Active
Group Name : v1v2c_rw
Security Name : v1v2c_rw
Chapter 3. Commands for Managing the Switch | 137
Security Model : snmpv1
Storage Type : NonVolatile
Row Status : Active
Group Name : v1v2c_ro
Security Name : v1v2c_ro
Security Model : snmpv2c
Storage Type : NonVolatile
Row Status : Active
Group Name : v1v2c_rw
Security Name : v1v2c_rw
Security Model : snmpv2c
Storage Type : NonVolatile
Row Status : Active
Group Name : admin
Security Name : admin
Security Model : USM
Storage Type : NonVolatile
Row Status : Active
Group Name : initial
Security Name : initial
Security Model : USM
Storage Type : NonVolatile
Row Status : Active
Group Name : initial
Security Name : initialmd5
Security Model : USM
Storage Type : NonVolatile
Row Status : Active
Group Name : initial
Security Name : initialsha
Security Model : USM
Storage Type : NonVolatile
Row Status : Active
Group Name : initial
Security Name : initialmd5Priv
Security Model : USM
Storage Type : NonVolatile
Row Status : Active
138 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
NETGEAR 8800 Chassis Switch CLI Manual
Group Name : initial
Security Name : initialshaPriv
Security Model : USM
Storage Type : NonVolatile
Row Status : Active
Total num. of entries in vacmSecurityToGroupTable : 10
The following command shows information about the group testgroup and user name
testuser: show snmpv3 group testgroup user testuser
The following is sample output from this command:
Group Name : testgroup
Security Name : testuser
Security Model : USM
Storage Type : NonVolatile
Row Status : Active
show snmpv3 mib-view
show snmpv3 mib-view {[[hex <hex_view_name>] | <view_name>] {subtree <object_identifier>}}
Description
Displays a MIB view.
Syntax Description
hex_view_name view_name object_identifier
Specifies the name of the MIB view to display. The value is to be supplied as a colon separated string of hex octets.
Specifies the name of the MIB view to display. The value is to be supplied in
ASCII format.
Specifies the object identifier of the view to display.
Default
N/A.
Usage Guidelines
command displays a MIB view. If you do not specify a view name, the command will display details for all the MIB views. If a subtree is not specified, then all subtrees belonging to the view name will be displayed.
This command displays the SNMPv3 vacmViewTreeFamilyTable.
Chapter 3. Commands for Managing the Switch | 139
Example
The following command displays all the view details: show snmpv3 mib-view
The following is sample output from this command:
X450a-24t.10 # sh snmpv3 mib-view
View Name : defaultUserView
MIB Subtree : 1
Mask :
View Type : Included
Storage Type : NonVolatile
Row Status : Active
View Name : defaultUserView
MIB Subtree : 1.3.6.1.6.3.16
Mask :
View Type : Excluded
Storage Type : NonVolatile
Row Status : Active
View Name : defaultUserView
MIB Subtree : 1.3.6.1.6.3.18
Mask :
View Type : Excluded
Storage Type : NonVolatile
Row Status : Active
View Name : defaultUserView
MIB Subtree : 1.3.6.1.6.3.15.1.2.2.1.4
Mask :
View Type : Excluded
Storage Type : NonVolatile
Row Status : Active
View Name : defaultUserView
MIB Subtree : 1.3.6.1.6.3.15.1.2.2.1.6
Mask :
View Type : Excluded
Storage Type : NonVolatile
Row Status : Active
View Name : defaultUserView
MIB Subtree : 1.3.6.1.6.3.15.1.2.2.1.9
Mask :
140 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
NETGEAR 8800 Chassis Switch CLI Manual
View Type : Excluded
Storage Type : NonVolatile
Row Status : Active
View Name : defaultAdminView
MIB Subtree : 1
Mask :
View Type : Included
Storage Type : NonVolatile
Row Status : Active
View Name : defaultNotifyView
MIB Subtree : 1
Mask :
View Type : Included
Storage Type : NonVolatile
Row Status : Active
Total num. of entries in vacmViewTreeFamilyTable : 8
The following command displays a view with the view name Roview and subtree
1.3.6.1.2.1.1: show snmpv3 mib-view Roview subtree 1.3.6.1.2.1.1
show snmpv3 notify
show snmpv3 notify {[[hex <hex_notify_name>] | <notify_name>]}
Description
Displays the notifications that are set. This command displays the snmpNotifyTable.
Syntax Description
hex_notify_name notify_name
Specifies the parameter name associated with the target. The value is to be supplied as a colon separated string of hex octets.
Specifies the parameter name associated with the target. The value is to be supplied in ASCII format.
Default
N/A.
Usage Guidelines
Use this command to display entries from the SNMPv3 snmpNotifyTable. This table lists the notify tags that the agent will use to send notifications (traps).
Chapter 3. Commands for Managing the Switch | 141
NETGEAR 8800 Chassis Switch CLI Manual
If no notify name is specified, all the entries are displayed.
Example
The following command displays the notify table entry for N1: show snmpv3 notify N1
The following is sample output from this command:
Notify Name : N1
Tag : type1
Type : Trap
Storage Type : NonVolatile
Row Status : Active
show snmpv3 target-addr
show snmpv3 target-addr {[[hex <hex_addr_name>] | <addr_name>]}
Description
Displays information about SNMPv3 target addresses.
Syntax Description
hex_addr_name addr_name
Specifies an identifier for the target address. The value is to be supplied as a colon separated string of hex octets.
Specifies a string identifier for the target address.
Default
N/A.
Usage Guidelines
Use this command to display entries in the SNMPv3 snmpTargetAddressTable. If no target address is specified, the entries for all the target addresses will be displayed.
To view the source IP address, use the show management
command.
Example
The following command displays the entry for the target address named A1: show snmpv3 target-addr A1
The following is sample output from this command:
Target Addr Name : A1
TDomain : 1.3.6.1.6.1.1
TAddress : 10.201.31.234, 162
142 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
TMask :
Timeout : 1500
Retry Count : 0
Tag List : defaultNotify
Params : v1v2cNotifyParam1
Storage Type : NonVolatile
Row Status : Active
Storage Type : NonVolatile
Row Status : Active
show snmpv3 target-params
show snmpv3 target-params {[[hex <hex_target_params>] | <target_params>]}
Description
Displays the information about the options associated with the parameter name.
Syntax Description
hex_target_params target_params
Specifies the parameter to display. The value is to be supplied as a colon separated string of hex octets.
Specifies the parameter name to display. The value is to be supplied in ASCII format.
Default
N/A.
Usage Guidelines
Use this command to display entries from the SNMPv3 snmpTargetParamsTable. This table specifies the message processing model, security level, security model, and the storage parameters for messages to any target addresses associated with a particular parameter name.
If no parameter name is specified, all the entries are displayed.
Example
The following command displays the target parameter entry named P1: show snmpv3 target-params P1
The following is sample output from this command:
Target Params Name : p1
MP Model : snmpv2c
Security Model : snmpv2c
User Name : testuser
Chapter 3. Commands for Managing the Switch | 143
NETGEAR 8800 Chassis Switch CLI Manual
Security Level : No-Authentication No-Privacy
Storage Type : NonVolatile
Row Status : Active
show snmpv3 user
show snmpv3 user {[[hex <hex_user_name>] | <user_name>]}
Description
Displays detailed information about the user.
Syntax Description
hex_user_name user_name
Specifies the user name to display. The value is to be supplied as a colon separated string of hex octets.
Specifies the user name to display. The value is to be supplied in ASCII format.
Default
N/A.
Usage Guidelines
command displays the details of a user. If you do not specify a user name, the command will display details for all the users. The authentication and privacy passwords and keys will not be displayed.
The user entries in SNMPv3 are stored in the USMUserTable, so the entries are indexed by
EngineID and user name.
Example
The following command lists all user entries: show snmpv3 user
The following is sample output from this command:
X450a-24t.11 # sh snmpv3 user
Engine-ID : 80:00:07:7c:03:00:04:96:27:b6:7b 'H'
User Name : admin
Security Name : admin
Authentication : HMAC-MD5
Privacy : DES
Storage Type : NonVolatile
Row Status : Active
144 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Engine-ID : 80:00:07:7c:03:00:04:96:27:b6:7b 'H'
User Name : initial
Security Name : initial
Authentication : No-Authentication
Privacy : No-Privacy
Storage Type : NonVolatile
Row Status : Active
Engine-ID : 80:00:07:7c:03:00:04:96:27:b6:7b 'H'
User Name : initialmd5
Security Name : initialmd5
Authentication : HMAC-MD5
Privacy : No-Privacy
Storage Type : NonVolatile
Row Status : Active
Engine-ID : 80:00:07:7c:03:00:04:96:27:b6:7b 'H'
User Name : initialsha
Security Name : initialsha
Authentication : HMAC-SHA
Privacy : No-Privacy
Storage Type : NonVolatile
Row Status : Active
Engine-ID : 80:00:07:7c:03:00:04:96:27:b6:7b 'H'
User Name : initialmd5Priv
Security Name : initialmd5Priv
Authentication : HMAC-MD5
Privacy : DES
Storage Type : NonVolatile
Row Status : Active
Engine-ID : 80:00:07:7c:03:00:04:96:27:b6:7b 'H'
User Name : initialshaPriv
Security Name : initialshaPriv
Authentication : HMAC-SHA
Privacy : DES
Storage Type : NonVolatile
Row Status : Active
Total num. of entries in usmUserTable : 6
The following command lists details for the specified user, testuser: show snmpv3 user testuser
Chapter 3. Commands for Managing the Switch | 145
NETGEAR 8800 Chassis Switch CLI Manual
show sntp-client
show sntp-client
Description
Displays the DNS configuration.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
Displays configuration and statistics information of SNTP client.
Example
The following command displays the SNTP configuration: show sntp-client
The following is sample output from this command:
SNTP client is enabled
SNTP time is valid
Primary server: 172.17.1.104
Secondary server: 172.17.1.104
Query interval: 64
Last valid SNTP update: From server 172.17.1.104, on Wed Oct 30 22:46:03 2003
SNTPC Statistics:
Packets transmitted:
to primary server: 1
to secondary server: 0
Packets received with valid time:
from Primary server: 1
from Secondary server: 0
from Broadcast server: 0
Packets received without valid time:
from Primary server: 0
from Secondary server: 0
from Broadcast server: 0
Replies not received to requests:
from Primary server: 0
from Secondary server: 0
146 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
telnet
telnet {vr <vr_name>} [<host_name> | <remote_ip>] {<port>}
Description
Allows you to Telnet from the current command-line interface session to another host.
Syntax Description
vr vr_name host_name remote_ip port
Specifies use of a virtual router.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A of the NETGEAR 8800 User Manual.
Specifies the name of the virtual router.
Specifies the name of the host.
Specifies the IP address of the host.
Specifies a TCP port number. The default is port 23.
Default
•
Telnet—enabled
•
Virtual router—Uses all virtual routers on the switch for outgoing Telnet requests
•
Port—23
Usage Guidelines
Only VT100 emulation is supported.
Before you can start an outgoing Telnet session, you need to configure the switch IP parameters. To open a Telnet connection, you must specify the host IP address or the host name of the device you want to connect to. Check the user manual supplied with the Telnet facility if you are unsure of how to do this. Although the switch accepts IPv6 connections, you can only Telnet from the switch to another device with an IPv4 address.
You must configure DNS in order to use the host_name
option.
Host Name and Remote IP Address Character Restrictions
This section provides information about the characters supported by the switch for host names and remote IP addresses.
When specifying a host name or remote IP address, the switch permits only the following characters:
•
Alphabetical letters, upper case and lower case (A-Z, a-z)
•
Numerals (0-9)
•
Period ( . )
Chapter 3. Commands for Managing the Switch | 147
NETGEAR 8800 Chassis Switch CLI Manual
a b
•
Dash ( - ) Permitted only for host names
•
Underscore ( _ ) Permitted only for host names
•
Colon ( : )
When naming or configuring an IP address for your network server, remember the requirements listed above.
Virtual Router Requirements
The vr_name
option specifies the name of the virtual router. The valid virtual router names at system boot-up are VR-Mgmt, VR-Control, and VR-Default; however, you can Telnet only on
VR-Mgmt and VR-Default. For more information about virtual routers, see the section “Virtual
Routers” in the NETGEAR 8800 User Manual.
Example
The following command starts a Telnet client communication to the host at IP address
123.45.67.8: telnet 123.45.67.8
The following command starts a Telnet client communication with a host named sales: telnet sales
telnet msm
telnet msm [a | b]
Description
Allows you to Telnet to either the primary or the backup MSM regardless of which console port you are connected to.
Syntax Description
Specifies the MSM installed in slot A.
Specifies the MSM installed in slot B.
Default
N/A.
Usage Guidelines
Use this command to access either the primary or the backup MSM regardless of which console port you are connected to. For example, if MSM A is the primary MSM and you are connected to MSM A via its console port, you can access the backup MSM installed in slot B by issuing the telnet msm b
command.
148 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following example makes the following assumptions:
•
The MSM installed in slot A is the primary
•
The MSM installed in slot B is the backup
•
You have a console connection to MSM B
The following command accesses the primary MSM installed in slot A from the backup MSM installed in slot B:
My8800.6 # telnet msm b
Entering character mode
Escape character is '^]'.
telnet session telnet0 on /dev/ptyb0 login: admin password:
NETGEAR 8800
Copyright (C) 2000-2007 NETGEAR. All rights reserved.
Protected by US Patent Nos: 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438;
6,912,592; 6,954,436; 6,977,891; 6,980,550; 6,981,174; 7,003,705; 7,012,082; 7,046,665;
7,126,923; 7,142,509; 7,149,217; 7,152,124; 7,154,861.
==============================================================================
You are connected to a Backup node. Only a limited command set is supported.
You may use "telnet msm A" to connect to the Master node to access the full set of commands.
Press the <tab> or '?' key at any time for completions.
Remember to save your configuration changes.
My8800.1 >
tftp
tftp [<host-name> | <ip-address>] {-v <vr_name>} [-g | -p] [{-l [internal-memory
<local-file-internal> | memorycard <local-file-memcard> | <local-file>} {-r <remote-file>} |
{-r <remote-file>} {-l [internal-memory <local-file-internal> | memorycard
<local-file-memcard> | <local-file>]}]
Description
Allows you to TFTP from the current command line interface session to a TFTP server.
Chapter 3. Commands for Managing the Switch | 149
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
host-name ip-address vr_name
-g
-p internal-memory local-file-internal memorycard local-file-memcard local-file remote-file
Specifies the name of the remote host.
Specifies the IP address of the TFTP server.
Specifies the name of the virtual router.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A of the NETGEAR 8800 User
Manual.
Gets the specified file from the TFTP server and copies it to the local host.
Puts the specified file from the local host and copies it to the TFTP server.
Specifies the internal memory card.
Specifies the name of the core dump file located on the internal memory card.
Specifies the removable external compact flash card.
Specifies the name of the file on the external compact flash card.
Specifies the name of the file (configuration file, policy file) on the local host.
Specifies the name of the file on the remote host.
Default
If you do not specify a virtual router, VR-Mgmt is used.
Usage Guidelines
NetASCII and mail file type formats are not supported.
TFTP Server Requirements
NETGEAR recommends using a TFTP server that supports blocksize negotiation (as described in RFC 2348, TFTP Blocksize Option), to enable faster file downloads and larger file downloads. If the TFTP server does not support blocksize negotiation, the file size is limited to 32 MB. Older TFTP servers that do not support blocksize negotiation have additional implementation limits that may decrease the maximum file size to only 16 MB, which may be too small to install NETGEAR 8800 images.
If your TFTP server does not support blocksize negotiation, the switch displays a message similar to the following when you attempt a get (
-g
) or put (
-p
) operation:
Note: The blocksize option is not supported by the remote TFTP server.
Without this option, the maximum file transfer size is limted to 32MB.
Some older TFTP servers may be limited to 16MB file.
150 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Using TFTP
Use TFTP to download a previously saved configuration file or policy file from the TFTP server to the switch. When you download a file, this command does not automatically apply it to the switch. You must specify that the downloaded file be applied to the switch. For example, if you download a configuration file, issue the
apply the saved configuration on the next reboot. You must use the reboot
activate the new configuration. If you download a policy file, use the
command to reprocess the text file and update the policy database.
You also use TFTP to upload a saved configuration file or policy file from the switch to the
TFTP server.
If your download from the TFTP server to the switch is successful, the switch displays a message similar to the following:
Downloading megtest2.cfg to switch... done!
If your upload from the switch to the TFTP server is successful, the switch displays a message similar to the following:
Uploading megtest1.cfg to TFTPhost ... done!
Up to eight active TFTP sessions can run on the switch concurrently.
You must configure DNS in order to use the host_name
option.
Host Name and Remote IP Address Character Restrictions
This section provides information about the characters supported by the switch for host names and remote IP addresses.
When specifying a host name or remote IP address, the switch permits only the following characters:
•
Alphabetical letters, upper case and lower case (A-Z, a-z)
•
Numerals (0-9)
•
Period ( . )
•
Dash ( - ) Permitted only for host names
•
Underscore ( _ ) Permitted only for host names
•
Colon ( : )
When naming or configuring an IP address for your network server, remember the requirements listed above.
Local and Remote Filename Character Restrictions
This section provides information about the characters supported by the switch for local and remote filenames.
When specifying a local or remote filename, the switch permits only the following characters:
•
Alphabetical letters, upper case and lower case (A-Z, a-z)
Chapter 3. Commands for Managing the Switch | 151
NETGEAR 8800 Chassis Switch CLI Manual
•
Numerals (0-9)
•
Period ( . )
•
Dash ( - )
•
Underscore ( _ )
•
Slash ( / ) Permitted only for remote files
When naming a local or remote file, remember the requirements listed above.
Virtual Router Requirements
The vr_name
option specifies the name of the virtual router. The valid virtual router names at system boot-up are VR-Mgmt, VR-Control, and VR-Default; however, you can TFTP only on
VR-Mgmt and VR-Default. On the NETGEAR 8800 switch, you can also create and configure your own virtual routers. For more information about virtual routers, see the section “Virtual
Routers” in the NETGEAR 8800 User Manual.
Internal Memory and Core Dump Files
Core dump files have a .gz file extension. The filename format is: core.<process-name.pid>.gz
where process-name
indicates the name of the process that failed and pid
is the numerical identifier of that process. If you save core dump files to an external memory card, the filename also includes the affected MSM/MM: MSM-A or MSM-B.
If you configure and enable the switch to send core dump (debug) information to the internal memory card, specify the internal-memory
option to transfer those files from the internal memory card to a TFTP server. You can also transfer core dump information to and from an external compact flash card.
If the switch has not saved any debug files, you cannot transfer other files to or from the internal memory. For example if you attempt to transfer a configuration file from the switch to the internal memory, the switch displays a message similar to the following:
Error: tftp transfer to internal-memory not allowed.
For information about configuring and sending core dump information to the internal memory
card, see the configure debug core-dumps
save debug tracefiles memorycard
commands.
For more detailed information about core dump files, see the troubleshooting appendix in the
NETGEAR 8800 User Manual.
If you specify the memorycard
option, you can copy and transfer files to and from the external memory card using TFTP.
Other Useful Commands
To upgrade the image, use the
command. This command utilizes TFTP to
transfer the software image file from your TFTP server to the switch. For more information
152 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command downloads the configuration file named XOS1.cfg from the TFTP server with an IP address of 10.123.45.67: tftp 10.123.45.67 -v “VR-Default” -g -r XOS1.cfg
The following command uploads the configuration file named XOS2.cfg to the TFTP server with an IP address of 10.123.45.67: tftp 10.123.45.67 -v “VR-Default” -p -r XOS2.cfg
The following command retrieves and transfers files from an external memory card: tftp 10.1.2.3. -g -l memorycard test.pol -r august23.pol
tftp get
tftp get [<host-name> | <ip-address>] {-vr <vr_name>} [{[internal-memory
<local-file-internal> | memorycard <local-file-memcard> | <local_file>} {<remote_file>} |
{<remote_file>} {[internal-memory <local-file-internal> | memorycard <local-file-memcard> |
<local_file>]}] {force-overwrite}
Description
Allows you to use TFTP from the current command line interface session to copy the file from a TFTP server and copy it to a local host, including the switch, internal memory card, or external compact flash card.
Syntax Description
host-name ip-address vr_name internal-memory local-file-internal memorycard local-file-memcard local_file remote_file force-overwrite
Specifies the name of the remote host.
Specifies the IP address of the TFTP server.
Specifies the name of the virtual router.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A of the NETGEAR 8800 User
Manual.
Specifies the internal memory card.
Specifies the name of the core dump file located on the internal memory card.
Specifies the removable external compact flash card.
Specifies the name of the file on the external compact flash card.
Specifies the name of the file (configuration file, policy file) on the local host.
Specifies the name of the file on the remote host.
Specifies the switch to automatically overwrite an existing file.
Chapter 3. Commands for Managing the Switch | 153
NETGEAR 8800 Chassis Switch CLI Manual
Default
If you do not specify a virtual router, VR-Mgmt is used; if you transfer a file with a name that already exists on the system, the switch prompts you to overwrite the existing file.
Usage Guidelines
NetASCII and mail file type formats are not supported.
By default, the switch prompts you to overwrite an existing file. For example, if you have a file named test.cfg on the switch and download a file named test.cfg from a TFTP server, the switch displays a message similar to the following: test.cfg already exists, do you want to overwrite it? (y/n)
Enter y
to download the file and overwrite the existing file. Enter n
to cancel this action.
If you successfully download the file, the switch displays a message similar to the following:
Downloading test.cfg to switch... done!
If you cancel this action, the switch displays a message similar to the following:
Tftp download aborted.
If you specify the force-overwrite
parameter, the switch automatically overwrites an existing file. For example, if you have a file named test.cfg on the switch and download a file named test.cfg from a TFTP server, the switch automatically overrides the existing file. If you successfully download the file, the switch displays a message similar to the following:
Downloading test.cfg to switch... done!
This command was introduced to simplify using TFTP to transfer configuration, policy, and if configured, core dump files from the switch to the TFTP server. You can continue to use the
For more information about TFTP, including:
•
TFTP server requirements
•
How to use TFTP
•
Host name and remote IP address character restrictions
•
Local and remote filename character restrictions
•
Virtual router requirements
•
Internal memory and core dump files
•
Other useful commands
See the
command
.
Example
The following command retrieves and transfers the file test.pol from a TFTP server with an IP address of 10.1.2.3 and renames the file august23.pol when transferred to an external memory card installed the switch:
154 | Chapter 3. Commands for Managing the Switch
NETGEAR 8800 Chassis Switch CLI Manual
tftp get 10.1.2.3 vr “VR-Mgmt” test.pol memory-card august23.pol
The following command retrieves the configuration file named meg-upload.cfg from a TFTP server with an IP address of 10.10.10.10: tftp get 10.10.10.10 vr “VR-Mgmt” meg_upload.cfg
tftp put
tftp put [<host-name> | <ip-address>] {-vr <vr_name>} [{[internal-memory
<local-file-internal> | memorycard <local-file-memcard> | <local_file>} {<remote_file>} |
{<remote_file>} {[internal-memory <local-file-internal> | memorycard <local-file-memcard> |
<local_file>]}]
Description
Allows you to use TFTP from the current command line interface session to copy the file from the local host, including the switch, internal memory card, or external compact flash card and put it on a TFTP server.
Syntax Description
host-name ip-address vr_name internal-memory local-file-internal memorycard local-file-memcard local_file remote_file
Specifies the name of the remote host.
Specifies the IP address of the TFTP server.
Specifies the name of the virtual router.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A of the NETGEAR 8800 User
Manual.
Specifies the internal memory card.
Specifies the name of the core dump file located on the internal memory card.
Specifies the removable external compact flash card.
Specifies the name of the file on the external compact flash card.
Specifies the name of the file (configuration file, policy file) on the local host.
Specifies the name of the file on the remote host.
Default
If you do not specify a virtual router, VR-Mgmt is used.
Usage Guidelines
NetASCII and mail file type formats are not supported.
This command was introduced to simplify using TFTP to transfer configuration, policy, and if configured, core dump files from the switch to the TFTP server. You can continue to use the original TFTP command.
Chapter 3. Commands for Managing the Switch | 155
NETGEAR 8800 Chassis Switch CLI Manual
For more information about TFTP, including:
•
TFTP server requirements
•
How to use TFTP
•
Host name and remote IP address character restrictions
•
Local and remote filename character restrictions
•
Virtual router requirements
•
Internal memory and core dump files
•
Other useful commands
See the
command
.
Example
The following command transfers a saved, not currently used configuration file named
XOS1.cfg from the switch to the TFTP server: tftp put 10.123.45.67 vr “VR-Mgmt” XOS1.cfg
156 | Chapter 3. Commands for Managing the Switch
4.
Commands for Managing the NETGEAR
8800 Software
4
This chapter describes commands for:
•
Working with the configuration and policy files used by the switch
•
Starting, stopping, and displaying information about processes on the switch
•
Viewing system memory resources
•
Monitoring CPU utilization
Note:
For information about downloading and upgrading a new software image, saving configuration changes, and upgrading the BootROM,
see Appendix A, “Configuration and Image Commands.”
Like any advanced operating system, NETGEAR 8800 OS gives you the tools to manage your switch and create your network configurations. The following enhancements and functionality are included in the switch operating system:
•
File system administration—You can move, copy, and delete files from the switch. The file system structure allows you to keep, save, rename, and maintain multiple copies of configuration files on the switch. In addition, you can manage other entities of the switch such as policies and access control lists (ACLs).
•
Configuration file management—You can oversee and manage multiple configuration files on your switch. In addition, you can upload, download, modify, and name configuration files used by the switch.
•
Process control—You can stop and start processes, restart failed processes, and update the software for a specific process or set of processes.
•
Memory protection—With memory protection, the NETGEAR 8800 protects each process from every other process in the system. If one process experiences a memory fault, that process cannot affect the memory space of another process.
•
CPU monitoring—You can monitor CPU utilization for Management Switch Fabric
Modules (MSMs)/Management Modules (MMs) and the individual processes running on the switch. Monitoring the workload of the CPU allows you to troubleshoot and identify suspect processes.
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 157
NETGEAR 8800 Chassis Switch CLI Manual
Note:
Filenames are case-sensitive.
clear cpu-monitoring
clear cpu-monitoring {process <name>} {slot <slotid>}
Description
Clears, resets the CPU utilization history and statistics stored in the switch.
Syntax Description
name slotid
Specifies the name of the process.
Specifies the slot number of the MSM/MM module:
• A specifies the MSM installed in slot A.
• B specifies the MSM installed in slot B.
Default
N/A.
Usage Guidelines
When you do not specify any keywords, this command clears the CPU utilization history for the entire switch, including processes, and resets the statistics to zero (0). This command also clears the CPU utilization history of the installed MSMs/MMs.
When you specify process
, the switch clears and resets the CPU utilization history for the specified process.
When you specify slot
, the switch clears and resets the CPU utilization history for the specified MSM/MM.
Example
The following command resets the CPU history and resets the statistics to 0 for the TFTP process running on the MSM/MM installed in slot A: clear cpu-monitoring process tftpd slot A
cp
cp [internal-memory <old-name-internal> internal-memory <new-name-internal> | internal-memory
<old-name-internal> memorycard <new-name-memorycard> | memorycard <old-name-memorycard> memorycard <new-name-memorycard> | memorycard <old-name-memorycard> <new-name> | <old-name> memorycard <new-name-memorycard> | <old-name> <new-name>]
158 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
Description
Copies an existing configuration, policy, or if configured, core dump file stored in the system.
Syntax Description
internal-memory old-name-internal new-name-internal memorycard old-name-memorycard new-name-memorycard old-name new-name
Specifies the internal memory card.
Specifies the name of the core dump file located on the internal memory card that you want to copy.
Specifies the name of the newly copied core dump file located on the internal memory card.
Specifies the removable external compact flash memory card.
Specifies the name of the file located on the external compact flash memory card that you want to copy. Depending on your switch configuration, you can have configuration, policy, or core dump files stored in this card.
Specifies the name of the newly copied file located on the external compact flash memory card.
Specifies the name of the configuration or policy file that you want to copy.
Specifies the name of the newly copied configuration or policy file.
Default
N/A.
Usage Guidelines
Use this command to make a copy of an existing file before you alter or edit the file. By making a copy, you can easily go back to the original file if needed.
When you copy a configuration or policy file, remember the following:
•
XML-formatted configuration files have a .cfg file extension. The switch only runs .cfg files.
•
ASCII-formatted configuration files have a .xsf file extension. For more information, see
Appendix B in the NETGEAR 8800 User Manual.
•
Policy files have a .pol file extension.
•
Core dump files have a .gz file extension. See “ Internal Memory and Core Dump Files
” below.
When you copy a configuration or policy file from the system, make sure you specify the appropriate file extension. For example, when you want to copy a policy file, specify the filename and .pol.
When you copy a file on the switch, the switch displays a message similar to the following:
Copy config test.cfg to config test1.cfg on switch? (y/n)
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 159
NETGEAR 8800 Chassis Switch CLI Manual
Enter y
to copy the file. Enter n
to cancel this process and not copy the file.
When you enter y
, the switch copies the file with the new name and keeps a backup of the original file with the original name. After the switch copies the file, use the
command to display a complete list of files. In this example, the switch displays the original file named
test.cfg and the copied file named test_rev2.cfg.
The following is sample output from the
...
-rw-r--r-- 1 root root 100980 Sep 23 09:16 test.cfg
-rw-r--r-- 1 root root 100980 Oct 13 08:47 test_rev2.cfg
...
When you enter n
, the switch displays a message similar to the following:
Copy cancelled.
Case-sensitive Filenames
Filenames are case-sensitive. In this example, you have a configuration file named Test.cfg.
If you attempt to copy the file with the incorrect case, for example test.cfg, the switch displays a message similar to the following:
Error: cp: /config/test.cfg: No such file or directory
Since the switch is unable to locate test.cfg, the file is not copied.
Local Filename Character Restrictions
This section provides information about the characters supported by the switch for local filenames.
When specifying a local filename, the switch permits only the following characters:
•
Alphabetical letters, upper case and lower case (A-Z, a-z)
•
Numerals (0-9)
•
Period ( . )
•
Dash ( - )
•
Underscore ( _ )
When naming a local file, remember the requirements listed above.
Internal Memory and Core Dump Files
Core dump files have a .gz file extension. The filename format is: core.<process-name.pid>.gz
where process-name
indicates the name of the process that failed and pid
is the numerical identifier of that process. If you save core dump files to an external memory card, the filename also includes the affected MSM/MM: MSM-A or MSM-B.
By making a copy of a core dump file, you can easily compare new debug information with the old file if needed.
160 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
When you configure and enable the switch to send core dump (debug) information to the internal memory card, specify the internal-memory
option and associated internal-memory name options to copy an existing core dump file. If your switch has an external compact clash memory card installed, you can copy the core dump file to that card.
For information about configuring and sending core dump information to the internal memory card, see the
and
save debug tracefiles memorycard
commands.
For more detailed information about core dump files, see Appendix D in the NETGEAR 8800
User Manual.
This command also replicates the action from the primary MSM/MM to the backup MSM/MM.
For example, when you copy a file on the primary MSM, the same file is copied to the backup
MSM/MM.
For the memorycard
option, the source and/or destination is the memorycard. You must mount
the memory card for this operation to succeed. The cp
command copies a file from the switch to the external memory card or a file already on the card. If you copy a file from the switch to the external memory card, and the new filename is identical to the source file, you do not need to re-enter the filename.
When you send core dump information to the external memory card, specify the memorycard option and associated memorycard name options to copy an existing core dump file.
Example
The following command makes a copy of a configuration file named test.cfg and gives the copied file a new name of test_rev2.cfg: cp test.cfg test_rev2.cfg
The following command makes a copy of a configuration file named primary.cfg from the switch to an external memory card with the same name, primary.cfg: cp primary.cfg memorycard
The above command performs the same action as entering the following command: cp primary.cfg memorycard primary.cfg
disable cpu-monitoring
disable cpu-monitoring
Description
Disables CPU monitoring on the switch.
Command Syntax
This command has no arguments or variables.
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 161
NETGEAR 8800 Chassis Switch CLI Manual
Default
CPU monitoring is enabled and occurs every 5 seconds.
Usage Guidelines
Use this command to disable CPU monitoring on the switch.
This command does not clear the monitoring interval. Therefore, if you altered the CPU monitoring interval, this command does not return the CPU monitoring interval to 5 seconds.
To return to the default frequency level, use the
enable cpu-monitoring {interval
<seconds>} {threshold <percent>}
and specify 5 for the interval.
Example
The following command disables CPU monitoring on the switch: disable cpu-monitoring
disable xml-mode
disable xml-mode
Description
Disables XML configuration mode on the switch.
Command Syntax
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
Use this command to disable the XML configuration mode on the switch. XML configuration mode is not supported for end users.
See the command:
Example
The following command disables XML configuration mode on the switch: disable xml-mode
enable cpu-monitoring
enable cpu-monitoring {interval <seconds>} {threshold <percent>}
162 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
Description
Enables CPU monitoring on the switch.
Command Syntax
seconds threshold
Specifies the monitoring interval, in seconds. The default is 5 seconds, and the range is 5 to 60 seconds.
Specifies the CPU threshold value. CPU usage is measured in percentages.
The default is 90%, and the range is 0% to 100%.
Default
CPU monitoring is enabled and occurs every 5 seconds. The default CPU threshold value is
90%.
Usage Guidelines
CPU monitoring allows you to monitor the CPU utilization and history for all of the processes running on the switch. By viewing this history on a regular basis, you can see trends emerging and identify processes with peak utilization. Monitoring the workload of the CPU allows you to troubleshoot and identify suspect processes before they become a problem.
To specify the frequency of CPU monitoring, use the interval
keyword. NETGEAR recommends the default setting for most network environments.
CPU usage is measured in percentages. By default, the CPU threshold value is 90%. When
CPU utilization of a process exceeds 90% of the regular operating basis, the switch logs an error message specifying the process name and the current CPU utilization for the process.
To modify the CPU threshold level, use the threshold
keyword. The range is 0% to 100%.
Example
The following command enables CPU monitoring every 30 seconds: enable cpu-monitoring interval 30
enable xml-mode
enable xml-mode
Description
Enables XML configuration mode on the switch.
Command Syntax
This command has no arguments or variables.
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 163
NETGEAR 8800 Chassis Switch CLI Manual
Default
Disabled.
Usage Guidelines
This command enables the XML configuration mode on the switch, however XML configuration mode is not supported for end users, and NETGEAR strongly cautions you not to enable this mode. Use this command only under the direction of NETGEAR.
If you inadvertently issue this command, the switch prompt will be changed by adding the text
(xml) to the front of the prompt. If you see this mode indicator, please disable XML configuration mode by using the following command:
Example
The following command enables XML configuration mode on the switch: enable xml-mode
ls
ls {[internal-memory | memorycard]} {<file-name>}
Description
Lists all configuration, policy, and if configured, core dump files in the system.
Syntax Description
internal-memory memorycard file-name
Lists the core dump (debug) files that are present and saved in the internal memory card.
Lists all of the files on the removable external compact flash memory card.
Lists all the files that match the wildcard.
Default
N/A.
Usage Guidelines
When you use issue this command without any options, the output displays all of the configuration and policy files stored on the switch.
When you configure and enable the switch to send core dump (debug) information to the internal memory card, specify the internal-memory
option to display the core dump files
stored on the internal memory card. For more information, see
164 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
When you specify the memorycard
option, the output displays all of the files stored on the external compact flash memory card, including core dump files if so configured. For more information, see
When you specify the <file-name> option, the output displays all of the files that fit the wildcard criteria.
Understanding the Output
Output from this command includes the following:
•
The first column displays the file permission using the following ten place holders:
•
The first place holder displays - for a file.
•
The next three place holders display r
for read access and w
for write access permission for the file owner.
•
The following three place holders display r
for read access permission for members of the file owner’s group.
•
The last three place holders display r
for read access for every user that is not a member of the file owner’s group.
•
The second column displays how many links the file has to other files or directories.
•
The third column displays the file owner.
•
The remaining columns display the file size, date and time the file was last modified, and the file name.
Core Dump Files
Core dump files have a .gz file extension. The filename format is: core.<process-name.pid>.gz
where process-name
indicates the name of the process that failed and pid
is the numerical identifier of that process. If you save core dump files to an external memory card, the filename also includes the affected MSM/MM: MSM-A or MSM-B.
When the switch has not saved any debug files, no files are displayed. For information about configuring and sending core dump information to the internal memory card or the external memory card, see the
and
save debug tracefiles memorycard
commands.
For more detailed information about core dump files, see Appendix D in the NETGEAR 8800
User Manual.
Example
The following command displays a list of all current configuration and policy files in the system: ls
The following is sample output from this command: total 424
-rw-r--r-- 1 root root 50 Jul 30 14:19 hugh.pol
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 165
NETGEAR 8800 Chassis Switch CLI Manual
-rw-r--r-- 1 root root 94256 Jul 23 14:26 hughtest.cfg
-rw-r--r-- 1 root root 100980 Sep 23 09:16 megtest.cfg
-rw-r--r-- 1 root root 35 Jun 29 06:42 newpolicy.pol
-rw-r--r-- 1 root root 100980 Sep 23 09:17 primary.cfg
-rw-r--r-- 1 root root 94256 Jun 30 17:10 roytest.cfg
The following command displays a list of all current configuration and policy files in an external memory card: ls memorycard
The following is sample output from this command:
-rwxr-xr-x 1 root 0 15401865 Mar 30 00:03 NG8800-12.4.3.5-1-4.xos
-rwxr-xr-x 1 root 0 10 Mar 31 09:41 test-1.pol
-rwxr-xr-x 1 root 0 10 Apr 4 09:15 test.pol
-rwxr-xr-x 1 root 0 10 Mar 31 09:41 test_1.pol
-rwxr-xr-x 1 root 0 223599 Mar 31 10:02 v11_1_3.cfg
The following command displays a list of all configuration and policy files with a filename beginning with the letter “a.”
(debug) BD-12804.1 # ls a*
Following is sample output from this command:
-rw-r--r-- 1 root 0 2062 Jan 6 09:11 abc
-rw-rw-rw- 1 root 0 1922 Jan 7 02:19 abc.xsf
1k-blocks Used Available Use%
16384 496 15888 3%
The following command displays a list of all .tgz files
(debug) BD-12804.24 # ls internal-memory *.tgz
Following is sample output from this command:
-rwxr-xr-x 1 root 0 79076 Jan 6 09:47 old_traces.tgz
1k-blocks Used Available Use%
49038 110 48928 0%
mv
mv [internal-memory <old-name-internal> internal-memory <new-name-internal> | internal-memory
<old-name-internal> memorycard <new-name-memorycard> | memorycard <old-name-memorycard> memorycard <new-name-memorycard> | memorycard <new-name-memorycard> <new-name> | <old-name> memorycard <new-name-memorycard> | <old-name> <new-name>]
Description
Moves or renames an existing configuration, policy, or if configured, core dump file in the system.
166 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
internal-memory old-name-internal new-name-internal memorycard old-name-memorycard new-name-memorycard old-name new-name
Specifies the internal memory card.
Specifies the current name of the core dump file located on the internal memory card.
Specifies the new name of the core dump file located on the internal memory card.
Specifies the removable external compact flash card.
Specifies the current name of the file located on the external compact flash memory card. Depending on your switch configuration, you can have configuration, policy, or cord dump files stored in this card.
Specifies the new name of the file located on the external compact flash memory card.
Specifies the current name of the configuration or policy file on the system.
Specifies the new name of the configuration or policy file on the system.
Default
N/A.
Usage Guidelines
When you rename a file with a given extension, remember the following:
•
XML-formatted configuration files have the .cfg file extension. The switch only runs .cfg files.
•
ASCII-formatted configuration files have the .xsf file extensions. See Appendix B in the
NETGEAR 8800 User Manual for more information.
•
Policy files have the .pol file extension.
•
Core dump files have the .gz file extension. See
Internal Memory and Core Dump Files
on page 168 for more information.
Make sure the renamed file uses the same file extension as the original file. If you change the file extensions, the file may be unrecognized by the system. For example, if you have an existing configuration file named test.cfg, the new filename must include the .cfg file extension.
You cannot rename an active configuration file (the configuration currently selected to boot the switch). To verify the configuration that you are currently using, issue the
command. If you attempt to rename the active configuration file, the switch displays
a message similar to the following:
Error: Cannot rename current selected active configuration file.
When you rename a file, the switch displays a message similar to the following:
Rename config test.cfg to config megtest.cfg on switch? (y/n)
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 167
NETGEAR 8800 Chassis Switch CLI Manual
Enter y to rename the file on your system. Enter n to cancel this process and keep the existing filename.
Case-sensitive Filenames
Filenames are case-sensitive. In this example, you have a configuration file named Test.cfg.
If you attempt to rename the file with the incorrect case, for example test.cfg, the switch displays a message similar to the following:
Error: mv: unable to rename `/config/test.cfg': No such file or directory
Since the switch is unable to locate test.cfg, the file is not renamed.
Local Filename Character Restrictions
This section provides information about the characters supported by the switch for local filenames.
When specifying a local filename, the switch permits only the following characters:
•
Alphabetical letters, upper case and lower case (A-Z, a-z)
•
Numerals (0-9)
•
Period ( . )
•
Dash ( - )
•
Underscore ( _ )
When naming a local or remote file, remember the requirements listed above.
Internal Memory and Core Dump Files
Core dump files have a .gz file extension. The filename format is: core.<process-name.pid>.gz
where process-name
indicates the name of the process that failed and pid
is the numerical identifier of that process. If you save core dump files to an external memory card, the filename also includes the affected MSM/MM: MSM-A or MSM-B.
When you configure the switch to send core dump (debug) information to the internal memory card, specify the internal-memory
option to rename an existing core dump file. If your switch has an external compact clash memory card installed, you can move and rename the core dump file to that card.
For information about configuring and sending core dump information to the internal memory
card, see the configure debug core-dumps
save debug tracefiles memorycard
commands.
This command also replicates the action from the primary MSM/MM to the backup MSM/MM.
For example, when you rename a file on the primary MSM/MM, the same file on the backup
MSM/MM is renamed.
For the memorycard
option, this command moves files between the external memory card and the switch. If you use the memorycard
option for both the old-name
and the new-name
, this command just renames a file on the external memory card.
168 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
For information about core dump files, see the previous section “
.”
Example
The following command renames the configuration file named Testb91.cfg to Activeb91.cfg: mv Testb91.cfg Activeb91.cfg
If the switch has an external memory card installed, the following command moves the configuration file named test1.cfg from the switch to the external memory card: mv test1.cfg memorycard test1.cfg
If you do not change the name of the configuration file, you can also use the following command to move the configuration file test1.cfg from the switch to the external memory card: mv test1.cfg memorycard
If the switch has an external memory card installed, the following command moves the policy file named bgp.pol from the memorycard to the switch: mv memorycard bgp.pol bgp.pol
restart process
restart process [class <cname> | <name> {msm <slot>}]
Description
Terminates and restarts the specified process during a software upgrade on the switch.
Syntax Description
cname Specifies the name of the process to restart. With this parameter, you can terminate and restart all instances of the process associated with a specific routing protocol on all VRs.
You can restart the OSPF routing protocol and associated processes.
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 169
NETGEAR 8800 Chassis Switch CLI Manual
name slot
Specifies the name of the process to terminate and restart. You can use this command with the following processes:
• bgp
• exsshd
• lldp
• netLogin
• netTools
• ospf
• snmpSubagent
• snmpMaster
• telnetd
• thttpd
• tftpd
• vrrp
• xmld
Specifies the MSM/MM where the process should be terminated and restarted. A specifies the
MSM/MM installed in slot A, and B specifies the MSM/MM installed in slot B.
Default
N/A.
Usage Guidelines
Use this command to terminate and restart a process during a software upgrade on the switch. You have the following options:
•
cname
—Specifies that the software terminates and restarts all instances of the process associated with a specific routing protocol on all VRs.
•
name
—Specifies the name of the process.
Depending on the software version running on your switch and the type of switch you have, you can terminate and restart different or additional processes. To see which processes you can restart during a software upgrade, enter restart process
followed by TAB. The switch displays a list of available processes.
You can also use the restart process
command when upgrading a software modular
package. For more information, see the section “Upgrading a Modular Software Package” in
Appendix B of the NETGEAR 8800 User Manual.
Example
The following command stops and restarts the process tftpd during a software upgrade: restart process tftpd
The following command stops and restarts all instances of the OSPF routing protocol for all
VRs during a software upgrade: restart process class ospf
170 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
rm
rm {internal-memory | memorycard} <file-name>
Description
Removes/deletes an existing configuration, policy, or if configured, core dump file from the system.
Syntax Description
internal-memory memorycard file-name
Specifies the internal memory card.
Specifies the removable external compact flash card.
Specifies the name of the configuration, policy file, or if configured, the core dump file.
Default
N/A.
Usage Guidelines
After you remove a configuration or policy file from the system, that file is unavailable to the system. For information about core dump files, see
Internal Memory Card and Core Dump
You cannot remove an active configuration file (the configuration currently selected to boot the switch). To verify the configuration that you are currently using, issue the
command. If you attempt to remove the active configuration file, the switch displays
a message similar to the following:
Error: Cannot remove current selected active configuration file.
When you delete a file from the switch, a message similar to the following appears:
Remove testpolicy.pol from switch? (y/n)
Enter y
to remove the file from your system. Enter n
to cancel the process and keep the file on your system.
Case-sensitive Filenames
Filenames are case-sensitive. In this example, you have a configuration file named Test.cfg.
If you attempt to remove a file with the incorrect case, for example test.cfg, the system is
unable to remove the file. The switch does not display an error message; however, the ls
command continues to display the file Test.cfg. To remove the file, make sure you use the appropriate case.
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 171
NETGEAR 8800 Chassis Switch CLI Manual
Local Filename Character Restrictions
This section provides information about the characters supported by the switch for local filenames.
When specifying a local filename, the switch permits only the following characters:
•
Alphabetical letters, upper case and lower case (A-Z, a-z)
•
Numerals (0-9)
•
Period ( . )
•
Dash ( - )
•
Underscore ( _ )
When naming a local or remote file, remember the requirements listed above.
Internal Memory Card and Core Dump Files
When you delete a core dump file from the system, that file is unavailable.
When you configure the switch to send core dump (debug) information to the internal memory card, specify the internal-memory
option to remove/delete the specified core dump file.
For information about configuring and sending core dump information to the internal memory
card, see the configure debug core-dumps
save debug tracefiles memorycard
commands.
You can use the * wildcard to delete core dump files from the internal memory card.
If you configure the switch to write core dump files to the internal memory card and attempt to download a new software image, you might have insufficient space to complete the image download. When this occurs, you must decide whether to continue the software download or move or delete the core dump files from the internal memory. For example, if your switch has an external memory card installed with space available, transfer the files to the external memory card. Transfer the files from the internal memory card to a TFTP server. This frees up space on the internal memory card while keeping the core dump files.
This command also replicates the action from the primary MSM/MM to the backup MSM/MM.
For example, when you delete a file on the primary MSM/MM, the same file on the backup
MSM/MM is deleted.
For the memorycard
option, this command removes/deletes an existing file on the card, including core dump files if configured. See the section “
Dump Files ” for information about core dump files.
You can use the * wildcard to delete all of a particular file type from the external memory card; currently running and in use files are not deleted.
Example
The following command removes the configuration file named Activeb91.cfg from the system: rm Activeb91.cfg
172 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
The following command removes all of the core dump files stored on the internal memory card: rm internal-memory *
If your switch has an external memory card installed, the following command removes the policy file named test.pol
from the external memory card: rm memorycard test.pol
If your switch has an external memory card installed, the following command removes all of the configuration files from the external memory card: rm memorycard *.cfg
show cpu-monitoring
show cpu-monitoring {process <name>} {slot <slotid>}
Description
Displays the CPU utilization history of one or more processes.
Command Syntax
name slotid
Specifies the name of the process.
Specifies the slot number of the MSM/MM module:
• A specifies the MSM installed in slot A.
• B specifies the MSM installed in slot B.
Default
N/A.
Usage Guidelines
Viewing statistics on a regular basis allows you to see how well your network is performing. If you keep simple daily records, you will see trends emerging and notice problems arising before they cause major network faults. This way, statistics can help you get the best out of your network.
By default, CPU monitoring is enabled and occurs every 20 seconds. The default CPU threshold value is 60%.
This information may be useful for your technical support representative if you experience a problem.
Depending on the software version running on your switch or your switch model, additional or different CPU and process information might be displayed.
When you issue the command without any parameters, the switch displays CPU utilization history for all of the processes running on the MSMs/MMs installed in your system.
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 173
NETGEAR 8800 Chassis Switch CLI Manual
Reading the Output
The show cpu-monitoring
command is helpful for understanding the behavior of a process over an extended period of time. The following information appears in a tabular format:
•
Card—The location (MSM A or MSM B).
•
Process—The name of the process.
•
Range of time (5 seconds, 10 seconds, and so forth)—The CPU utilization history of the process or the system. The CPU utilization history goes back only 1 hour.
•
Total User/System CPU Usage—The amount of time recorded in seconds that the process spends occupying CPU resources. The values are cumulative meaning that the values are displayed as long as the system is running. You can use this information for debugging purposes to see where the process spends the most amount of time: user context or system context.
Example
The following command displays CPU utilization on the switch: show cpu-monitoring
The following is sample truncated output from an 8800 switch:
CPU Utilization Statistics - Monitored every 5 seconds
-------------------------------------------------------------------------------
Card Process 5 10 30 1 5 30 1 Max Total
secs secs secs min mins mins hour User/System
util util util util util util util util CPU Usage
(%) (%) (%) (%) (%) (%) (%) (%) (secs)
-------------------------------------------------------------------------------
MSM-A System 0.0 0.0 0.1 0.0 0.0 0.0 0.0 0.9
MSM-B System 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
MSM-A GNSS_cpuif 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
MSM-A GNSS_ctrlif 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
MSM-A GNSS_esmi 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
MSM-A GNSS_fabric 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
MSM-A GNSS_mac_10g 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
MSM-A GNSS_pbusmux 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
MSM-A GNSS_pktengine 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
MSM-A GNSS_pktif 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
MSM-A GNSS_switch 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
MSM-A aaa 0.0 0.0 0.0 0.0 0.0 0.0 0.0 8.4 0.82 0.56
MSM-A acl 0.0 0.0 0.0 0.0 0.0 0.0 0.0 7.5 0.37 0.33
MSM-A bgp 0.0 0.0 0.0 0.0 0.0 0.0 0.0 5.2 0.27 0.42
MSM-A cfgmgr 0.0 0.9 0.3 3.7 1.2 1.2 1.3 27.3 7.70 7.84
MSM-A cli 0.0 0.0 0.0 48.3 9.6 2.5 2.1 48.3 0.51 0.37
MSM-A devmgr 0.0 0.0 0.0 0.9 0.3 0.2 0.2 17.1 2.22 2.50
174 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
MSM-A dirser 0.0 0.0 0.0 0.0 0.0 0.0 0.0 9.5 0.0 0.0
MSM-A dosprotect 0.0 0.0 0.0 0.0 0.0 0.0 0.0 3.8 0.20 0.26
MSM-A ems 0.0 0.0 0.0 0.0 0.0 0.0 0.0 12.2 1.1 1.16
MSM-A epm 0.0 0.0 0.0 0.9 0.1 0.2 0.2 4.7 2.6 4.18
MSM-A etmon 0.9 0.4 0.6 1.2 1.1 1.0 1.0 23.3 21.84 7.24
...
show heartbeat process
show heartbeat process {<name>}
Description
Displays the health of the NETGEAR 8800 processes.
Command Syntax
name Specifies the name of the process.
Default
N/A.
Usage Guidelines
The software monitors all of the XOS processes running on the switch. This process monitor creates and terminates XOS processes on demand (for example, when you log in or log out of the switch) and restarts processes if an abnormal termination occurs (for example, if your system crashes). The process monitor also ensures that only version-compatible processes and processes with proper licenses are started.
command is a resource for providing background system health information because you can view the health of the processes on the switch.
Use this command to monitor the health of the NETGEAR 8800 processes. The switch uses two algorithms to collect process health information: polling and reporting. Both polling and reporting measure the heartbeat of the process. Polling occurs when a HELLO message is sent and a HELLO_ACK message is received. The two counts are the same. Reporting occurs when a HELLO_ACK message is sent only. Therefore, no HELLO messages are sent and the HELLO count remains at zero.
command displays the following information in a tabular format:
•
Card—The name of the module where the process is running.
•
Process Name—The name of the process.
•
Hello—The number of hello messages sent to the process.
•
HelloAck—The number of hello acknowledgement messages received by the process manager.
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 175
NETGEAR 8800 Chassis Switch CLI Manual
•
Last Heartbeat Time—The timestamp of the last health check received by the process manager. (Unknown specifies kernel modules and they do not participate in heartbeat monitoring.)
This status information may be useful for your technical support representative if you have a network problem.
You may find it useful to capture the process information under normal operating conditions to establish a baseline. By having a baseline, if you experience a problem, you and your technical support representative can more easily identify the problem.
Example
To display the health of all processes on your system, use the following command: show heartbeat process
The following is sample output:
Card Process Name Hello HelloAck Last Heartbeat Time
---------------------------------------------------------------------------
MSM-A aaa 0 180324 Wed Dec 10 15:06:04 2003
MSM-A acl 36069 36069 Wed Dec 10 15:05:57 2003
MSM-A bgp 0 180348 Wed Dec 10 15:06:05 2003
MSM-A cfgmgr 72139 72139 Wed Dec 10 15:06:02 2003
MSM-A cli 60116 60116 Wed Dec 10 15:06:03 2003
MSM-A devmgr 0 180339 Wed Dec 10 15:06:03 2003
MSM-A dirser 0 180324 Wed Dec 10 15:06:03 2003
MSM-A ems 45087 45087 Wed Dec 10 15:06:03 2003
MSM-A epm 0 0 Unknown
MSM-A exacl 0 0 Unknown
....
To display the health of the STP process on your system, use the following command: show heartbeat process stp
The following is sample output:
Card Process Name Hello HelloAck Last Heartbeat Time
---------------------------------------------------------------------------
MSM-A stp 34921 34921 Wed Dec 10 11:54:37 2003
show memory
show memory {slot [slotid | a | b]}
Description
Displays the current system memory information.
176 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
slot a slot b slotid
Specifies the MSM module installed in slot A.
Specifies the MSM module installed in slot B.
Specifies slot number for the node in a stack. The value can be from 1 to 8.
Default
N/A.
Usage Guidelines
Viewing statistics on a regular basis allows you to see how well your network is performing.
When you keep simple daily records, you see trends emerging and notice problems arising before they cause major network faults. This way, statistics can help you get the best out of your network.
This information may be useful for your technical support representative if you experience a problem.
Depending on the software version running on your switch or your switch model, additional or different memory information might be displayed.
You can also use the show memory process <name> {slot <slotid>}
system memory and the memory used by the individual processes.
When you issue the command without any parameters, the switch displays information about all of the MSMs/MMs installed in your system.
Reading the Output
The show memory
command displays the following information in a tabular format:
•
System memory information (both total and free).
•
Current memory used by the individual processes.
The current memory statistics for the individual process also includes the following:
•
The module (MSM A or MSM B) and the slot number of the MSM.
•
The name of the process.
In general, the free
memory count for an MSM/MM decreases when one or more running processes experiences an increase in memory usage.
If you observe a continuous decrease in the free
memory over an extended period of time, and you have not altered your switch configuration, please contact NETGEAR Technical
Support.
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 177
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command displays current system memory information for the MSM installed in slot A of the switch: show memory slot a
The following is sample output from this command:
System Memory Information
-------------------------
MSM-A Total DRAM (KB): 524288
MSM-A System (KB): 45912
MSM-A User (KB): 102264
MSM-A Free (KB): 376112
Memory Utilization Statistics
-----------------------------
Card Slot Process Name Memory (KB)
---------------------------------------
MSM-A 9 aaa 7772
MSM-A 9 acl 6716
MSM-A 9 bgp 16708
MSM-A 9 cfgmgr 3484
MSM-A 9 cli 33964
MSM-A 9 devmgr 3656
MSM-A 9 ems 5832
MSM-A 9 epm 8084
MSM-A 9 etmon 11356
MSM-A 9 exacl 13
MSM-A 9 exosmc 22
MSM-A 9 exosq 29
MSM-A 9 exsflow 8
MSM-A 9 exsnoop 15
MSM-A 9 exvlan 252
MSM-A 9 fdb 8760
MSM-A 9 hal 22624
MSM-A 9 mcmgr 13128
MSM-A 9 msgsrv 2972
MSM-A 9 netLogin 4564
MSM-A 9 netTools 4696
MSM-A 9 nettx 56
MSM-A 9 nodemgr 5388
MSM-A 9 ospf 12476
MSM-A 9 pim 10012
MSM-A 9 polMgr 3272
MSM-A 9 rip 10392
178 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
MSM-A 9 rtmgr 9748
MSM-A 9 snmpMaster 6400
MSM-A 9 snmpSubagent 8104
MSM-A 9 stp 6896
MSM-A 9 telnetd 3236
MSM-A 9 tftpd 3080
MSM-A 9 vlan 5816
MSM-A 9 vrrp 6584
The following command displays current system memory information for a stack, where slot 1 is the master and slot 6 is the backup:
Slot-1 stacK.3 # show memory
System Memory Information
-------------------------
Slot-1 Total DRAM (KB): 262144
Slot-1 System (KB): 25476
Slot-1 User (KB): 132256
Slot-1 Free (KB): 104412
Slot-6 Total DRAM (KB): 262144
Slot-6 System (KB): 25476
Slot-6 User (KB): 122820
Slot-6 Free (KB): 113848
Memory Utilization Statistics
-----------------------------
Card Slot Process Name Memory (KB)
---------------------------------------
Slot-1 1 aaa 2548
Slot-1 1 acl 2960
Slot-1 1 bgp 0
Slot-1 1 brm 2428
Slot-1 1 cfgmgr 3256
Slot-1 1 cli 16932
Slot-1 1 devmgr 2708
Slot-1 1 dirser 1916
Slot-1 1 dosprotect 1972
Slot-1 1 elsm 2592
Slot-1 1 ems 2764
Slot-1 1 epm 3092
Slot-1 1 etmon 16264
...
Slot-6 6 aaa 2440
Slot-6 6 acl 2872
Slot-6 6 bgp 0
Slot-6 6 brm 2396
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 179
NETGEAR 8800 Chassis Switch CLI Manual
Slot-6 6 cfgmgr 2776
Slot-6 6 cli 16292
Slot-6 6 devmgr 2672
Slot-6 6 dirser 1836
Slot-6 6 dosprotect 1944
Slot-6 6 elsm 2564
Slot-6 6 ems 2744
Slot-6 6 epm 2976
Slot-6 6 etmon 10068
...
show memory process
show memory process <name> {slot <slotid>}
Description
Displays the current system memory and that of the specified process.
Command Syntax
name slotid
Specifies the name of the process.
Specifies the slot number of the MSM/MM module:
• A specifies the MSM installed in slot A.
• B specifies the MSM installed in slot B.
Specifies the slot number of the node in the stack topology. The value can be from 1 to 8.
Default
N/A.
Usage Guidelines
Viewing statistics on a regular basis allows you to see how well your network is performing.
When you keep simple daily records, you see trends emerging and notice problems arising before they cause major network faults. This way, statistics can help you get the best out of your network.
This information may be useful for your technical support representative if you experience a problem.
Depending on the software version running on your switch or your switch model, additional or different memory information might be displayed.
You can also use the show memory {slot [slotid | a | b]}
memory and the memory used by the individual processes, even for all processes on all
MSMs/MMs installed in the switch.
180 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
Reading the Output
The show memory process
command displays the following information in a tabular format:
•
System memory information (both total and free).
•
Current memory used by the individual processes.
The current memory statistics for the individual process also includes the following:
•
The module (MSM A or MSM B) and the slot number of the MSM/MM.
•
The name of the process.
Example
The following command displays system memory and VRRP memory usage: show memory process vrrp
The following is sample output:
System Memory Information
-------------------------
MSM-A Total (KB): 512508 KB
MSM-A Free (KB): 395796 KB
Memory Utilization Statistics
-----------------------------
Card Slot Process Name Memory (KB)
---------------------------------------
MSM-A 9 vrrp 6596
show process
show process {<name>} {detail} {description} {slot <slotid>}
Description
Displays the status of the NETGEAR 8800 processes.
Command Syntax
name detail description slotid
Specifies the name of the process.
Specifies more detailed process information.
Describes the name of all of the processes or the specified process running on the switch.
Specifies the slot number of the MSM/MM module:
• A specifies the MSM installed in slot A.
• B specifies the MSM installed in slot B.
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 181
NETGEAR 8800 Chassis Switch CLI Manual
Default
N/A.
Usage Guidelines
The NETGEAR 8800 process manager monitors all processes. The process manager also ensures that only version-compatible processes are started.
Using this command without the optional keywords displays summary process information.
When you specify the slot
keyword, summary information is displayed for that particular slot only.
The show process
and show process slot <slotid>
commands display the following information in a tabular format:
•
Card—The name of the module where the process is running.
•
Process Name—The name of the process.
•
Version—The version number of the process. Options are:
•
Version number—A series of numbers that identify the version number of the process.
This is helpful to ensure that you have version-compatible processes and if you experience a problem.
•
Not Started—The process has not been started. This can be caused by not having the appropriate license or for not starting the process.
•
Restart—The number of times the process has been restarted. This number increments by one each time a process stops and restarts.
•
State—The current state of the process. Options are:
•
No License—The process requires a license level that you do not have. For example, you have not upgraded to that license, or the license is not available for your platform.
•
Ready—The process is running.
•
Stopped—The process has been stopped.
•
Start Time—The current start time of the process. Options are:
•
Day/Month/Date/Time/Year—The date and time the process began. When a process terminates and restarts, the start time is also updated.
•
Not Started—The process has not been started. This can be caused by not having the appropriate license or for not starting the process.
When you specify the detail
keyword, more specific and detailed process information is displayed. The show process detail
and show process slot <slotid> detail
commands display the following information in a multi-tabular format:
•
Detailed process information
•
Memory usage configurations
•
Recovery policies
•
Process statistics
•
Resource usage
182 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
This status information may be useful for your technical support representative if you have a network problem.
Depending on the software version running on your switch or your switch model, additional or different process information might be displayed.
You may find it useful to capture the process information under normal operating conditions to establish a baseline. By having a baseline, if you experience a problem, you and your technical support representative can more easily identify the problem.
Example
To display the processes on your system, use the following command: show process
The following is sample output:
Card Process Name Version Restart State Start Time
------------------------------------------------------------------------------
MSM-A aaa 3.0.0.2 0 Ready Sat Dec 6 10:54:24 2003
MSM-A acl 3.0.0.2 0 Ready Sat Dec 6 10:54:25 2003
MSM-A bgp 3.0.0.2 0 Ready Sat Dec 6 10:54:24 2003
MSM-A cfgmgr 3.0.0.20 0 Ready Sat Dec 6 10:54:23 2003
MSM-A cli 3.0.0.21 0 Ready Sat Dec 6 10:54:23 2003
MSM-A devmgr 3.0.0.2 0 Ready Sat Dec 6 10:54:23 2003
MSM-A dirser 3.0.0.2 0 Ready Sat Dec 6 10:54:21 2003
MSM-A ems 3.0.0.2 0 Ready Sat Dec 6 10:54:23 2003
MSM-A epm 3.0.0.2 0 Ready Sat Dec 6 10:54:21 2003
MSM-A exacl 3.0.0.2 0 Ready Sat Dec 6 10:54:23 2003
MSM-A exosmc 3.0.0.2 0 Ready Sat Dec 6 10:54:23 2003
MSM-A exosq 3.0.0.2 0 Ready Sat Dec 6 10:54:22 2003
MSM-A exsnoop 3.0.0.2 0 Ready Sat Dec 6 10:54:23 2003
MSM-A exvlan 3.0.0.2 0 Ready Sat Dec 6 10:54:22 2003
MSM-A fdb 3.0.0.2 0 Ready Sat Dec 6 10:54:24 2003
....
The following example specifies the process aaa
along with the detail
keyword: show process aaa detail
The following is sample output from this command:
Name PID Path Type Link Date Build By Peer
-------------------------------------------------------------------------------aaa 284 ./aaa App Thu Dec 4 13:23:07 PST 2003 release-manager 2
3
Virtual Router(s):
--------------------------------------------------------------------------------
Configuration:
Start Priority SchedPolicy Stack TTY CoreSize Heartbeat StartSeq
--------------------------------------------------------------------------------
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 183
NETGEAR 8800 Chassis Switch CLI Manual
1 0 0 0 0 0 1 1
Memory Usage Configuration:
Memory(KB) Zones: Green Yellow Orange Red
--------------------------------------------------------------------------------
0 0 0 0 0
Recovery policies
-------------------------------------------------------------------------------failover-reboot
--------------------------------------------------------------------------------
Statistics:
ConnetionLost Timeout Start Restart Kill Register Signal Hello Hello Ack
--------------------------------------------------------------------------------
0 0 0 0 0 1 0 0 173199
Memory Zone Green Yellow Orange Red
--------------------------------------------------------------------------------
Green 0 0 0 0
--------------------------------------------------------------------------------
Commands:
Start Stop Resume Shutdown Kill
--------------------------------------------------------------------------------
0 0 0 0 0
--------------------------------------------------------------------------------
Resource Usage:
UserTime SysTime PageReclaim PageFault Up Since Up Date Up Time
--------------------------------------------------------------------------------
2.160000 0.560000 546 966 Sat Dec 6 10:54:24 2003 00/00/04 00:14:02
--------------------------------------------------------------------------------
Thread Name Pid Tid Delay Timeout Count
--------------------------------------------------------------------------------
tacThread 0 2051 10 0
radiusThread 0 1026 10 1
main 0 1024 2 1
--------------------------------------------------------------------------------
The following example describes the name of all of the processes running on the switch: show process description
The following is sample output from this command:
Process Name Description
--------------------------------------------------------------------------aaa Authentication, Authorization, and Accounting Server acl Access Control List Manager bgp Border Gateway Protocol
184 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
brm Bandwidth Resource Manager cfgmgr Configuration Manager cli Cli Manager devmgr Device Manager dirser Directory Services dosprotect Protection against Denial of Service attacks application elsm NETGEAR Link State Monitor ems Event Management System Server epm NETGEAR Process Manager etmon Traffic monitoring and sampling utility exacl Access Control List Module exdhcpsnoop DHCP snooping module exdos Detection of potential Denial of Service attacks module exfib Routing interface to manage missing routes in ASIC exosipv6 IPv6 Custom Interface Module exosmc Multicast Forwarding Module exosnvram Interface to non-volatile RAM exosq EXOS Queue Module exsflow Sflow interface to gather sflow samples exsnoop IGMP/MLD Snooping Module exvlan Layer 2 configuration module fdb Forwarding Data Base Manager hal Hardware Abstraction Layer ipSecurity IP Security isis Intermediate System to Intermediate System Routing Protocol lacp Link Aggregation Control Protocol lldp 802.1AB; Station and Media Access Control Connectivity Discover mcmgr Multicast Cache Manager msdp Multicast Source Discovery Protocol msgsrv Message Server netLogin Network Login includes MAC, Web-Based and 802.1X authentication netTools Network Toolset includes ping/tracert/bootprelay/dhcp/dns/sntp nettx Layer 2 forwarding engine module nodemgr Fault Tolerance Manager ospf Open Shortest Path First Routing Protocol ospfv3 Open Shortest Path First Routing Protocol for IPv6 pim Protocol Independent Multicast poe Power Over Ethernet Manager polMgr Policy Manager rip Routing Information Protocol ripng Routing Information Protocol for IPv6 rtmgr Route Table Manager snmpMaster Simple Network Management Protocol - Master agent snmpSubagent Simple Network Management Protocol - Subagent stp Spanning Tree Protocol telnetd Telnet server tftpd Tftp server
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 185
NETGEAR 8800 Chassis Switch CLI Manual
thttpd Web Server upm Universal Port Manager vlan VLAN Manager - L2 Switching application vrrp Virtual Router Redundancy Protocol (RFC 3768) xmld XML server
start process
start process <name> {msm <slot>}
Description
Starts the specified process on the switch. (Used to restart a process after it has been terminated.)
Syntax Description
name slot
Specifies the name of the process to start. You can start the following processes:
• bgp
• exsshd
• lldp
• netLogin
• netTools
• ospf
• snmpMaster
• snmpSubagent
• telnetd
• thttpd
• tftpd
• vrrp
• xmld
Specifies the MSM/MM where the process should be started. A specifies the MSM installed in slot A, and B specifies the MSM installed in slot B.
Default
N/A.
Usage Guidelines
Use this command after you have stopped a process and you want to restart it. To stop a
process, use the terminate process
You are unable to start a process that is already running. If you try to start a currently running process, an error message similar to the following appears:
Error: Process telnetd already exists!
186 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
Depending on the software version running on your switch and the type of switch you have, you can restart different or additional processes. To see which processes you can restart, enter start process
followed by TAB. The switch displays a list of available processes.
To display the status of NETGEAR 8800 processes on the switch, including how many times
a process has been restarted, use the show process {<name>} {detail} {description}
command.
You can also use the
command when upgrading a software modular package.
For more information, see the section “Upgrading a Modular Software Package” in Appendix
B of the NETGEAR 8800 User Manual.
Note:
After you stop a process, do not change the configuration on the switch until you start the process again. A new process loads the configuration that was saved prior to stopping the process. Changes made between a process termination and a process start are lost.
Else, error messages can result when you start the new process.
Example
The following restarts the process tftpd: start process tftpd
terminate process
terminate process <name> [forceful | graceful] {msm <slot>}
Description
Terminates the specified process on the switch.
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 187
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
name forceful graceful slot
Specifies the name of the process to terminate. You can terminate the following processes:
• bgp
• exsshd
• lldp
• netLogin
• netTools
• ospf
• snmpMaster
• snmpSubagent
• telnetd
• thttpd
• tftpd
• vrrp
• xmld
Specifies a forceful termination.
Specifies a graceful termination.
For a modular chassis, specifies the MSM/MM where the process should be terminated. A specifies the MSM installed in slot A, and B specifies the MSM installed in slot B.
Default
N/A.
Usage Guidelines
If recommended by NETGEAR Technical Support personnel, you can stop a running process.
The forceful
option quickly terminates a process on demand. Unlike the graceful
option, the process is immediately shutdown without any of the normal process cleanup. The status of the operation is displayed on the console. After a successful forceful termination of a process, a message similar to the following appears:
Forceful termination success for snmpMaster
The graceful
option terminates the process by allowing it to close all opened connections, notify peers on the network, and other types of process cleanup. After this phase, the process is finally terminated. After a successful graceful termination of a process, a message similar to the following appears:
Successful graceful termination for snmpSubagent
188 | Chapter 4. Commands for Managing the NETGEAR 8800 Software
NETGEAR 8800 Chassis Switch CLI Manual
Note:
Do not terminate a process that was installed since the last reboot unless you have saved your configuration. If you have installed a software module and you terminate the newly installed process without saving your configuration, your module may not be loaded
when you attempt to restart the process with the start process
command.
To preserve a process’s configuration during a terminate and
(re)start cycle, save your switch configuration before terminating the process. Do not save the configuration or change the configuration during the process terminate and re(start) cycle. If you save the configuration after terminating a process, and before the process
(re)starts, the configuration for that process is lost.
You can also use the terminate process
command when upgrading a software modular
package. For more information, see the section “Upgrading a Modular Software Package” in
Appendix B of the NETGEAR 8800 User Manual.
Example
The following initiates a graceful termination of the process tftpd: terminate process tftpd graceful
Chapter 4. Commands for Managing the NETGEAR 8800 Software | 189
5.
Commands for Configuring Slots and
Ports on a Switch
5
This chapter describes commands related to:
•
Enabling, disabling, and configuring individual ports
•
Configuring port speed (Fast Ethernet ports only) and half- or full-duplex mode
•
Creating link aggregation groups on multiple ports
•
Displaying port statistics
•
Configuring mirroring
•
Configuring software-controlled redundant ports and Smart Redundancy
By default, all ports on the switch are enabled. After you configure the ports to your specific needs, you can select which ports are enabled or disabled.
Fast Ethernet ports can connect to either 10BASE-T or 100BASE-T networks. By default, the ports autonegotiate (automatically determine) the port speed. You can also configure each port for a particular speed (either 10 Mbps or 100 Mbps). In general Gigabit Ethernet ports with fiber interfaces are statically set, and their speed cannot be modified.
The switch comes configured to use autonegotiation to determine the port speed and duplex setting for each port. You can manually configure the duplex setting and the speed of 10/100
Mbps ports, and you can manually configure the duplex setting on gigabit Ethernet ports.
All ports on the switch (except gigabit Ethernet ports) can be configured for half-duplex or full-duplex operation. The ports are configured to autonegotiate the duplex setting, but you can manually configure the duplex setting for your specific needs.
Flow control is supported only on gigabit Ethernet ports. It is enabled or disabled as part of autonegotiation. If autonegotiation is set to off, flow control is disabled. When autonegotiation is turned on, flow control is enabled. (See the NETGEAR 8800 User Manual for more detailed information on flow control on NETGEAR devices.)
Link aggregation, or load sharing, with NETGEAR switches allows you to increase bandwidth and resilience between switches by using a group of ports to carry traffic in parallel between switches. The sharing algorithm allows the switch to use multiple ports as a single logical port.
For example, VLANs see the link aggregation group (LAG) as a single logical port. The algorithm also guarantees packet sequencing between clients.
NETGEAR 8800 software supports two broad categories of load sharing, or link aggregation: static load sharing and dynamic load sharing.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 190
NETGEAR 8800 Chassis Switch CLI Manual
If a port in a link aggregation group fails, traffic is redistributed to the remaining ports in the
LAG. If the failed port becomes active again, traffic is redistributed to include that port.
You can view port status on the switch using the show ports
commands. These commands, when used with specific keywords and parameters, allow you to view various issues such as collision statistics, link speed, flow control, and packet size. These port information displays show real-time statistics, or you can configure the display to show a snapshot of real-time statistics.
You can configure WAN PHY OAM on those interfaces that connect 10G Ethernet ports to the SONET/SDH network.
Commands that require you to enter one or more port numbers use the parameter
<port_list>
in the syntax. On the 8800, a
<port_list>
can be a list of slots and ports. For a
detailed explanation of port specification, see
clear counters ports
clear counters ports
Description
Clears the counters associated with the ports.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
Note:
If you use the clear counters
command with no keyword, the system clears the counters for all applications.
This command clears the counters for the ports, including the following:
•
Statistics
•
Transmit errors
•
Receive errors
•
Collisions
•
Packets
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 191
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command clears the counters on all ports: clear counters ports
clear lacp counters
clear lacp counters
Description
Clears the counters associated with Link Aggregations Control Protocol (LACP).
Syntax Description
This command has no parameters or variables.
Default
N/A
Usage Guidelines
This command clears the following counters for LACP; it sets these counters back to 0 for every LACP port on the device:
•
LACP PDUs dropped on non_LACP ports
•
Stats
•
Rx - Accepted
•
Rx - Dropped due to error in verifying PDU
•
Rx - Dropped due to LACP not being up on this port
•
Rx - Dropped due to matching own MAC
•
Tx - Sent Successfully
•
Tx - Transmit error
Example
The following command clears the LACP counters on all ports: clear lacp counters
clear slot
clear slot <slot>
Description
Clears a slot of a previously assigned module type.
192 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
slot Specifies the slot number.
Default
N/A.
Usage Guidelines
All configuration information related to the slot and the ports on the module is erased. If a module is present when you issue this command, the module is reset to default settings.
If a slot is configured for one type of module, and a different type of module is inserted, the inserted module is put into a mismatch state (where the inserted module does not match the configured slot), and is not brought online. To use the new module type in a slot, the slot configuration must be cleared or configured for the new module type. Use the enable mirroring to port tagged
command to configure the slot.
Example
The following command clears slot 2 of a previously assigned module type: clear slot 2
The following command clears slot 4 of a previously assigned module type in a stack: clear slot 4
configure ip-mtu vlan
configure ip-mtu <mtu> vlan <vlan_name>
Description
Sets the maximum transmission unit (MTU) for the VLAN.
Syntax Description
mtu vlan_name
Specifies the IP maximum transmission unit (MTU) value. Range is from 1500 to 9194.
Specifies a VLAN name.
Default
The default IP MTU size is 1500.
Usage Guidelines
The 8800 switches support IP fragmentation and path MTU discovery.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 193
NETGEAR 8800 Chassis Switch CLI Manual
Use this command to enable jumbo frame support or for IP fragmentation with jumbo frames.
Jumbo frames are Ethernet frames that are larger than 1522 bytes, including 4 bytes used for
CRC. Both endstations involved in the transfer must be capable of supporting jumbo frames.
The switch does not perform IP fragmentation or participate in MTU negotiation on behalf of devices that do not support jumbo frames.
When enabling jumbo frames and setting the MTU size for the VLAN, keep in mind that some network interface cards (NICs) have a configured maximum MTU size that does not include the additional 4 bytes of CRC included in a jumbo frame configuration. Ensure that the NIC maximum MTU is at or below the maximum MTU size configured on the switch. Frames that are larger than the MTU size configured on the switch are dropped at the ingress port.
If you use IP fragmentation with jumbo frames and you want to set the MTU size greater than
1500, all ports in the VLAN must have jumbo frames enabled.
Example
The following command sets the MTU size to 2000 for VLAN sales: configure ip-mtu 2000 vlan sales
configure jumbo-frame-size
configure jumbo-frame-size <framesize>
Description
Sets the maximum jumbo frame size for the switch.
Syntax Description
framesize Specifies a maximum transmission unit (MTU) size for a jumbo frame. The range is 1523 to 9216; the default is 9216.
Default
Jumbo frames are disabled by default. The default size setting is 9216.
Usage Guidelines
Jumbo frames are used between endstations that support larger frame sizes for more efficient transfers of bulk data. Both endstations involved in the transfer must be capable of supporting jumbo frames.
The framesize
keyword describes the maximum jumbo frame size “on the wire,” and includes
4 bytes of cyclic redundancy check (CRC) plus another 4 bytes if 802.1Q tagging is being used.
To enable jumbo frame support, you must configure the maximum transmission unit (MTU) size of a jumbo frame that will be allowed by the switch.
194 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Note:
NETGEAR recommends that you set the MTU size so that fragmentation does not occur.
Some network interface cards (NICs) have a configured maximum MTU size that does not include the additional 4 bytes of CRC. Ensure that the NIC maximum MTU size is at or below the maximum MTU size configured on the switch. Frames that are larger than the MTU size configured on the switch are dropped at the ingress port.
Example
The following command configures the jumbo frame size to 5500: configure jumbo-frame-size 5500
configure lacp member-port priority
configure lacp member-port <port> priority <port_priority>
Description
Configures the member port of an LACP to ensure the order that ports are added to the aggregator. The lower value you configure for the port’s priority, the higher priority that port has to be added to the aggregator.
Syntax Description
port port_priority
Specifies the LACP member port that you are specifying the priority for.
Specifies the priority you are applying to this member port to be assigned to the LACP aggregator. The range is from 1 to 65535; the default is 0. The lower configured value has higher priority to be added to the aggregator.
Default
The default priority is 0.
Usage Guidelines
The port must be added to the LAG prior to configuring it for LACP. The default value is 0, or highest priority.
You can configure the port priority to ensure the order in which LAG ports join the aggregator.
If you do not configure this parameter, the lowest numbered ports in the LAG are the first to be added to the aggregator; if there are additional ports configured for that LAG, they are put in standby mode.
Use this command to override the default behavior and ensure the order in which LAG ports are selected. Also, if more than one port is configured with the same priority, the lowest numbered port joins the aggregator.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 195
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command sets the port priority for the LAG port 5:1 to be 55 (which will probably put that port in standby initially): configure lacp member-port 5:1 priority 55
configure mirror add ports anomaly
configure mirror add ports <port list> anomaly
Description
Mirrors detected anomaly traffic to the mirror port.
Syntax Description
port list Specifies the list of ports.
Default
N/A.
Usage Guidelines
The command mirrors detected anomaly traffic to the mirror port. You must enable a mirror port and enable protocol anomaly protection on the slot that has the port to be monitored before using this command. After configuration, only detected anomaly traffic from these ports are dropped or mirrored to the mirror port, and legitimate traffic is not affected.
This command takes effect after enabling anomaly-protection.
configure mirroring add
configure mirroring add [vlan <name> {port <port>}| port <port> {vlan <name>}] {ingress | egress | ingress-and-egress}
Description
Adds a particular mirroring filter definition on the switch.
Syntax Description
vlan name port port ingress
Specifies a VLAN.
Specifies a VLAN name.
Specifies a port or slot and port.
Specifies particular ports or slots and ports.
Specifies packets be mirrored as they are received on a port.
196 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
egress ingress-and-egress
Specifies packets be mirrored as they are sent from a port.
Specifies all forwarded packets be mirrored. This is the default setting on the
NETGEAR 8800 series switches for port-based mirroring.
Default
N/A.
Usage Guidelines
You must enable port-mirroring using the
can configure the mirroring filter definitions.
Port mirroring configures the switch to copy all traffic associated with one or more ports to a monitor port on the switch. The switch uses a traffic filter that copies a group of traffic to the monitor port.
Up to 16 mirroring filters and one monitor port can be configured on the switch. Frames that contain errors are not mirrored.
Guidelines for configuring mirroring
This section summarizes the guidelines for configuring mirroring:
•
When you disable mirroring, all the filters are unconfigured.
•
You cannot mirror the monitor port.
•
The mirroring configuration is removed when you:
•
Delete a VLAN (for all VLAN-based filters).
•
Delete a port from a VLAN (for all VLAN-, port-based filters).
•
Unconfigure a slot (for all port-based filters on that slot).
•
Any mirrored port can also be enabled for load sharing (or link aggregation); however, each individual port of the load-sharing group must be explicitly configured for mirroring.
•
The mirroring filters are not confined to a single module; they can have ports that span multiple modules.
•
You cannot use the management port at all in mirroring configurations.
•
You cannot run ELSM and mirroring on the same port. If you attempt to enable mirroring on a port that is already enabled for ELSM, the switch returns a message similar to the following:
Error: Port mirroring cannot be enabled on an ELSM enabled port.
The traffic filter can be defined based on one of the following criteria:
•
Physical port—All data that traverses the port, regardless of VLAN configuration, is
copied to the monitor port(s). You can specify which traffic the port mirrors:
•
Ingress—Mirrors traffic received at the port.
•
Egress—Mirrors traffic sent from the port.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 197
NETGEAR 8800 Chassis Switch CLI Manual
•
Ingress and egress—Mirrors traffic either received at the port or sent from the port.
(If you omit the optional parameters, all traffic is forwarded; the default for port-based mirroring is ingress and egress).
•
VLAN—All data to a particular VLAN, regardless of the physical port configuration, is
copied to the monitor port.
•
Virtual port—All data specific to a VLAN on a specific port is copied to the monitor port.
•
EXOS supports up to 16 mirror filters where each filter can be a port, a VLAN, or a port +
VLAN.
•
EXOS supports up to 16 monitor ports for one-to-many mirroring.
•
Only traffic ingressing a VLAN can be monitored; you cannot specify ingressing or egressing traffic when mirroring VLAN traffic.
•
When routing between VLANs, ingress mirrored traffic is presented to the monitor port as
modified for routing. This is the default behavior and the behavior when you use the command, configure mirroring mode standard
. When you use the command, configure mirroring mode enhanced
, ingress traffic is mirrored as it is received (on the wire).
•
When using standard mode mirroring, a packet which matches both an ingress mirroring filter and an egress mirroring filter can only be ingress mirrored. The behavior depends on the location of the ingress port, egress port and monitor port within the switch as well as the type of module on which the packet ingresses. The behavior also varies depending on the configuration of daisy chain or ring mode stacking. When using enhanced mode mirroring, two packets are mirrored when a packet encounters both an ingress and egress mirroring filter.
•
When traffic is modified by hardware on egress, egress mirrored packets may not be transmitted out of the monitor port as they egressed the port containing the egress mirroring filter. For example, an egress mirrored packet that undergoes VLAN translation is mirrored with the untranslated VLAN ID. In addition, IP multicast packets which are egress mirrored contain the source MAC address and VLAN ID of the unmodified packet.
•
You cannot include the monitor port for a NETGEAR 8800 series switch in a load-sharing group.
•
Tagged and untagged traffic is mirrored slightly differently depending on the module that the mirrored port and the monitor port are on:
•
With a monitor port or ports on an 8800 switch, the mirrored packet is tagged only if the ingress packet is tagged (regardless of what module the ingressing port is on). If the packet arrived at the ingress port as untagged, the packet egress the monitor port(s) as untagged.
•
With the 8800 series switches, you may see a packet mirrored twice. This occurs only if both the ingress mirrored port and the monitor port or ports are on the same one-half of the module and the egress mirrored port is either on the other one-half of that module or on another module.
•
On NETGEAR 8800 series switches, when traffic is modified by hardware on egress, egress mirrored packets may not be transmitted out of the monitor port as they egressed the port containing the egress mirroring filter. For example, an egress mirrored packet that undergoes VLAN translation is mirrored with the untranslated VLAN ID. In addition,
198 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
all port port vlan name
IP multicast packets which are egress mirrored contain the source MAC address and
VLAN ID of the unmodified packet.
•
Enhanced mirroring mode must be configured if you are going to configure a remote mirroring tag. Enhanced mirroring mode is configured using the following command:
enhanced
•
The configuration of remote-tag
does not require the creation of a VLAN with the same tag; on these platforms the existence of a VLAN with the same tag as a configured remote-tag
is prevented. This combination is allowed so that an intermediate remote mirroring switch can configure remote mirroring using the same remote mirroring tag as other source switches in the network. Make sure that VLANs meant to carry normal user traffic are not configured with a tag used for remote mirroring.
•
When a VLAN is created with remote-tag
, that tag is locked and a normal VLAN cannot have that tag. The tag is unique across the switch. Similarly if you try to create a remote-tag
VLAN where remote-tag
already exists in a normal VLAN as a VLAN tag, you cannot use that tag and the VLAN creation fails.
Example
The following example sends all traffic coming into a NETGEAR 8800 series switch on slot 3, port 2 to the mirror port: configure mirroring add port 3:2 ingress
configure mirroring delete
configure mirroring delete [all | port <port> {vlan <name>} |vlan <name> {port <port>}]
Description
Deletes a particular mirroring filter definition on the switch.
Syntax Description
Specifies all mirroring filter definitions.
Specifies a port or a slot and port.
Specifies particular ports or slots and ports.
Specifies a VLAN.
Specifies a VLAN name.
Default
N/A.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 199
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
On the switch,
<port_list>
must be a slot and port in the form
<slot>:<port>
. For a detailed explanation of port specification, see
Example
The following example deletes the mirroring filter on an 8800 series switch defined for slot 7, port 1: configure mirroring delete ports 7:1
configure mirroring mode
configure mirroring mode [enhanced | standard]
Description
Configures the mirroring mode which affects mirroring behavior globally in the system.
Syntax Description
enhanced standard
Specifies the mirroring mode that provides enhanced mirroring operation.
Specifies the standard mirroring mode that is required when the mirroring configuration involves ports or VLANS on 8800 series modules.
Default
Standard mode is the default.
Usage Guidelines
When the mirroring configuration involves only ports of VLANS on 8800 series switches, enhanced mode is recommended since it provides enhanced behavior. (For more information, see Chapter 5 in the NETGEAR 8800 User Manual.)
Example
The following example configures a system to use enhanced mirroring mode: configure mirroring mode enhanced
configure ports auto off
configure ports <port_list> auto off speed <speed> duplex [half | full]
200 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Description
Manually configures port speed and duplex setting configuration on one or more ports on a switch.
Syntax Description
port_list speed duplex [half] duplex [full]
Specifies one or more ports or slots and ports.
Specifies the port speed as either 10, 100, 1000 (1 Gigabit), or 10000 (10
Gigabit) Mbps ports.
Specifies half duplex; transmitting and receiving data one direction at a time.
Specifies full duplex; transmitting and receiving data at the same time.
Default
Auto on for 1G ports.
Usage Guidelines
You can manually configure the duplex setting and the speed on 10/100 and 10/100/1000
Mbps and fiber SFP gigabit Ethernet ports.
In general, SFP gigabit Ethernet ports are statically set to 1 Gbps, and their speed cannot be modified. However, there are GBICs supported by NETGEAR that can have a configured speed:
•
100 FX GBICs, which must have their speed configured to 100 Mbps
•
100FX/1000LX GBICs, which can be configured at either speed
•
SFP+ optics, must have their speed configured to 10G auto off
In certain interoperability situations, it is necessary to turn autonegotiation off on a fiber gigabit Ethernet port. Even though a gigabit Ethernet port runs only at full duplex and gigabit speeds, the command that turns off autonegotiation must still include the duplex setting.
Gigabit Ethernet ports support flow control only when autonegotiation is turned on. When autonegotiation is turned off, flow control is not supported. (See the NETGEAR 8800 User
Manual for more detailed information on flow control on NETGEAR devices.)
Example
The following example turns autonegotiation off for slot 2, port 1 at full duplex: configure ports 2:1 auto off speed 100 duplex full
The following example turns autonegotiation off for port 2 with copper medium and a port speed of 100 Mbps at full duplex: configure ports 2 medium copper auto off speed 100 duplex full
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 201
NETGEAR 8800 Chassis Switch CLI Manual
configure ports auto on
configure ports <port_list> auto on {[{speed <speed>} {duplex [half | full]}] | [{duplex [half
| full]} {speed <speed>}]}
Description
Enables autonegotiation for the particular port type.
Syntax Description
port_list speed duplex [half] duplex [full]
Specifies one or more ports or slots and ports.
Specifies the port speed as either 10, 100, 1000 (1 Gigabit), or 10000 (10
Gigabit) Mbps ports.
Specifies half duplex; transmitting and receiving data one direction at a time.
Specifies full duplex; transmitting and receiving data at the same time.
Default
Auto on for 1 Gbps ports.
Auto off for 10 Gbps ports.
Usage Guidelines
The type of ports enabled for autonegotiation are 802.3u for 10/100 Mbps ports or 802.3z for gigabit Ethernet ports.
Flow control on gigabit Ethernet ports is enabled or disabled as part of autonegotiation. If autonegotiation is set to off, flow control is disabled. When autonegotiation is turned on, flow control is enabled. (See the NETGEAR 8800 User Manual for more detailed information on flow control on NETGEAR devices.)
Example
The following command configures the switch to autonegotiate for slot 1, ports 2 and 4: configure ports 1:2, 1:4 auto on
The following command configures the switch to autonegotiate for port 2, with copper medium at a port speed of 100 Mbps at full duplex: configure ports 2 medium copper auto on speed 100 duplex full
configure ports auto-polarity
configure ports [<port_list> | all] auto-polarity [off | on]
Description
Configures the autopolarity detection feature on the specified Ethernet ports.
202 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
port_list all off on
Specifies one or more ports on the switch.
Specifies all of the ports on the switch.
Disables the autopolarity detection feature on the specified ports.
Enables the autopolarity detection feature on the specified ports.
Default
Enabled.
Usage Guidelines
This feature applies to only the 10/100/1000 BASE-T ports on the switch.
Use the all
keyword to enable or disable the autopolarity detection feature on all of the
Ethernet ports on 8800 series switches.
When autopolarity is disabled on one or more Ethernet ports, you can verify that status by using the command: show ports information detail
Example
The following command disables the autopolarity detection feature on ports 5 to 7 on the
NETGEAR 8800 switch: configure ports 5-7 auto-polarity off
configure ports display-string
configure ports <port_list> display-string <string>
Description
Configures a user-defined string for a port or group of ports.
Syntax Description
port_list string
Specifies one or more ports or slots and ports.
Specifies a user-defined display string.
Default
N/A.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 203
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
The display string can be up to 15 characters. Display strings do not need to be unique for each port—you can assign the same string to multiple ports. For example, you could give all the ports that connected to a particular department a common display string.
The string is displayed in certain commands such as the show ports information
Note:
Do not use a port number as a display string. For example, do not assign the display string “2” to port 2.
Example
The following command configures the user-defined string corporate for port 1 on a stand-alone switch: configure ports 1 display-string corporate
The following command configures the user-defined string corporate for ports 3, 4, and 5 on slot 1: configure ports 1:3-5 display-string corporate
configure ports redundant
configure ports <primaryPort> redundant <secondaryPort> {link [on | off]}
Description
Configures a software-controlled redundant port.
Syntax Description
primaryPort redundantPort
<secondaryPort> link
Specifies one primary port or slot and port.
Specifies one or redundant port or slot and port.
Specifies state of link:
• on—Specifies keeping the redundant port active, but block traffic
• off—Specifies forcing the link down on the redundant port
Note:
The default value is off.
Default
N/A.
204 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
The first port specifies the primary port. The second port specifies the redundant port.
A software-controlled redundant port is configured to back up a specified primary port; both ports are on the same device. The redundant port tracks the link state of the associated primary port, and if the link on the primary port fails, the redundant port establishes a link and becomes active. You can back up a specified Ethernet port with a redundant, dedicated
Ethernet port.
You configure the redundant link to be always physically up but logically blocked or to be always physically down. The default is off, or the redundant link is down.
The following criteria must be considered when configuring a software-controlled redundant port:
•
You can configure only one redundant port for each primary port.
•
You cannot have any Layer 2 protocols configured on any of the VLANs that are present on the ports. (You will see an error message if you attempt to configure software redundant ports on ports with VLANs running Layer 2 protocols.)
•
The primary and redundant port must have identical VLAN memberships.
•
The master port is the only port of a load-sharing group that can be configured as either a primary or redundant port. (The entire trunk must go down before the software-controlled redundant port takes effect.)
•
Only one side of the link should be configured as redundant.
Example
The following command configures a software-controlled redundant port: configure ports 1:3 redundant 2:3
configure sharing add ports
configure sharing <port> add ports <port_list>
Description
Adds ports to a load-sharing, or link aggregation, group. By using link aggregation, you use multiple ports as a single logical port. Link aggregation also provides redundancy because traffic is redistributed to the remaining ports in the link aggregation group (LAG) if one port in the group goes down.
Syntax Description
port port_list
Specifies the logical port for a load-sharing group or link aggregation group
(LAG). This number also functions as the LAG Group ID.
Specifies one or more ports or slots and ports to be grouped in the LAG.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 205
NETGEAR 8800 Chassis Switch CLI Manual
Default
N/A.
Usage Guidelines
Use this command to dynamically add ports to a load-sharing group, or link aggregation group (LAG).
Note:
You must create a LAG (or load-sharing group) before you can
L3_L4 | custom}]} {lacp | health-check}
vMAN ports can belong to LAGs. If any port in the LAG is enabled for vMAN, all ports in the group are automatically enabled to handle jumbo size frames. Also, vMAN is automatically enabled on all ports of the untagged LAG.
To verify your configuration, use the show ports sharing
Note:
All ports that are designated for the LAG must be removed from all
VLANs prior to configuring the LAG.
The following guidelines apply to link aggregation on the NETGEAR 8800 series switch:
•
A static LAG can include a maximum of 8 ports.
•
An LACP LAG can include a maximum of 16 ports; out of these up to 8 can be selected links and the remaining 8 will be standby links.
•
A Health Check LAG can include a maximum of 8 ports.
•
Any broadcast, multicast, or unknown unicast packet is transmitted on a single port in the
LAG.
Note:
You cannot configure port-based load sharing algorithm on the 8800 series switch; you configure only address-based load-sharing algorithms.
•
The available address-based parameters on the 8800 series switch are L2 for Layer 2 and L3 for Layer 3. If the packet is not IP, the switch applies the Layer 2 algorithm, which is the default setting.
206 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following example adds port 3:13 to the LAG with the logical port 3:9 on the switch: configure sharing 3:9 add port 3:13
configure sharing address-based custom
configure sharing address-based custom [ipv4 [L3-and-L4 | source-only | destination-only | source-and-destination] | hash-algorithm [xor | crc-16]]
Description
On NETGEAR 8800 series switches, this command configures the part of the packet examined by the switch when selecting the egress port for transmitting link aggregation, or load-sharing, data.
Syntax Description
ipv4
L3-and-L4 source-only destination-only source-and-destination xor crc-16
Specifies that the user configuration applies to IPv4 traffic.
Indicates that the switch should examine the IP source and destination address and the TCP or UDP source and destination port number.
Indicates that the switch should examine the IP source address only.
Indicates that the switch should examine the IP destination address only.
Indicates that the switch should examine the IP source and destination address.
Use exclusive-OR for load sharing hash computation.
Use CRC-16 for load sharing hash computation.
Default
Algorithm: L3-and-L4
Hash algorithm: xor
Usage Guidelines
This command specifies the part of the packet header that the switch examines to select the egress port for address-based load-sharing trunks. The address-based load-sharing setting is global and applies to all load-sharing trunks, or LAGs, that are address-based and configured with a custom algorithm. You change this setting by issuing the command again with a different option.
The addressing information examined is based on the packet protocol as follows:
•
IPv4 packets—Uses the source and destination IPv4 addresses and Layer 4 port numbers as specified with this command.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 207
NETGEAR 8800 Chassis Switch CLI Manual
•
IPv6 packets—Uses the source and destination IPv6 addresses and Layer 4 port numbers.
•
MPLS packets—Uses the top, second, and reserved labels and the source and destination IP addresses.
•
Non-IP Layer 2—Uses the VLAN ID, the source and destination MAC addresses, and the ethertype.
The xor
hash algorithm guarantees that the same egress port is selected for traffic distribution based on a pair of IP addresses, Layer 4 ports, or both, regardless of which is the source and which is the destination.
For IP-in-IP and GRE tunneled packets, the switch examines the inner header to determine the egress port.
To verify your configuration, use the show ports sharing
Example
The following example configures the switch to examine the source IP address: configure sharing address-based custom ipv4 source-only
configure sharing delete ports
configure sharing <port> delete ports <port_list>
Description
Deletes ports from a link aggregation, or load-sharing, group.
Syntax Description
port port_list
Specifies the logical port for a load-sharing group or a link aggregation group
(LAG). This number also functions as the LAG Group ID.
Specifies one or more ports or slots and ports to be grouped in the LAG.
Default
N/A.
Usage Guidelines
Use this command to dynamically delete ports from a load-sharing group, or link aggregation group (LAG). This command applies to static and dynamic link aggregation.
Example
The following example deletes port 3:12 from the LAG with the logical port, or LAG Group ID,
3:9:
208 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
configure sharing 3:9 delete port 3:12
configure sharing health-check member-port add tcp-tracking
configure sharing health-check member-port <port> add tcp-tracking <IP Address> {tcp-port
<TCP Port> frequency <sec> misses <count>}
Description
Configures monitoring for each member port of a health check LAG.
Syntax Description
port
IP Address
TCP Port sec count
Specifies the member port.
Specifies the IP address to monitor.
Specifies the TCP port to watch. The default is port 80.
Specifies the frequency in seconds at which tracking takes place. The default is 10 seconds.
Specifies the number of misses before a connection loss is reported. The default is 3 misses.
Default
N/A.
Usage Guidelines
To configure a health check LAG, you first create a health check type of LAG using the
command. Then use this command to configure the monitoring for each
member port. You can configure each member port to track a particular IP address, but only one IP address per member port.
To display the monitoring configuration for a health check LAG, use the show sharing health-check
command.
To display the link aggregation configured on a switch, use the show ports sharing
command.
Example
The following commands configure four different member ports:
# configure sharing health-check member-port 10 add track-tcp 10.1.1.1 tcp-port 23
# configure sharing health-check member-port 11 add track-tcp 10.1.1.2 tcp-port 23
# configure sharing health-check member-port 12 add track-tcp 10.1.1.3
# configure sharing health-check member-port 13 add track-tcp 10.1.1.4
When the TCP port, seconds, or counts are not specified, they default to the values described in the Syntax Description.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 209
NETGEAR 8800 Chassis Switch CLI Manual
configure sharing health-check member-port delete tcp-tracking
configure sharing health-check member-port <port> delete tcp-tracking <IP Address> {tcp-port
<TCP Port>}
Description
Unconfigures monitoring for each member port of a health check LAG.
Syntax Description
port
IP Address
TCP Port
Specifies the member port.
Specifies the IP address.
Specifies the TCP port.
Default
N/A.
Usage Guidelines
Use this command to remove the monitoring configuration on the ports of a health check link aggregation group. Each port must be unconfigured separately, specifying the IP address and TCP port.
Example
The following command removes the configuration setting on port 12 that monitors IP address 10.1.1.3:
# configure sharing health-check member-port 12 delete track-tcp 10.1.1.3
configure sharing health-check member-port tcp-tracking
configure sharing health-check member-port <port> [disable | enable] tcp-tracking
Description
Enables or disables configured monitoring on a member port of a health check LAG.
Syntax Description
port Specifies the member port.
Default
N/A.
210 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
This disables/enables monitoring on a particular member port. When monitoring is disabled, the member port is added back to the LAG if it has not already been added. This allows a member port to be added back to LAG even though connectivity to the host is down.
Example
The following command disables port 12: configure sharing health-check member-port 12 disable tcp-tracking
configure sharing lacp activity-mode
configure sharing <port> lacp activity-mode [active | passive]
Description
Configures the whether the switch sends LACPDUs periodically (active) or only in response to LACPDUs sent from the partner on the link (passive).
Syntax Description
port active passive
Specifies the master logical port for the LAG you are setting the activity mode for.
Enter this value to have the switch periodically sent LACPDUs for this LAG.
Enter this value to have the switch only respond to LACPDUs for this LAG.
Default
Active.
Usage Guidelines
You must enable sharing and create the LAG prior to assigning this LACP activity mode.
Note:
One side of the link must be in active mode in order to pass traffic. If you configure your side in the passive mode, ensure that the partner link is in LACP active mode.
To verify the LACP activity mode, use the show lacp lag <group-id> detail
command.
If you attempt to enter a port number that is different that a LAG group ID, the system returns the following error message:
ERROR: LAG group Id does not exist
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 211
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command changes the activity mode to passive for the specified LAG group ID: configure sharing 5:1 lacp activity-mode passive
configure sharing lacp defaulted-state-action
configure sharing <port> lacp defaulted-state-action [add | delete]
Description
Configures whether a defaulted LAG port is removed from the aggregator.
Syntax Description
port add delete
Specifies the master logical port for the LAG you are setting the default action for.
Enter this value to have the switch add defaulted ports to the aggregator for this LAG.
Enter this value to have the switch delete defaulted ports from the aggregator for this
LAG.
Default
Delete.
Usage Guidelines
You must enable sharing and create the LAG prior to configuring this LACP parameter.
You can configure whether you want a defaulted LAG port removed from the aggregator or added back into the aggregator. If you configure the LAG to remove ports that move into the default state, those ports are removed from the aggregator and the port state is set to unselected.
If you configure the LAG to add the defaulted port into the aggregator, the system takes inventory of the number of ports currently in the aggregator:
•
If there are fewer ports in the aggregator than the maximum number allowed, the system adds the defaulted port to the aggregator (port set to selected and collecting-distributing).
•
If the aggregator has the maximum ports, the system adds the defaulted port to the standby list (port set to standby).
Note:
If the defaulted port is assigned to standby, that port automatically has a lower priority than any other port in the LAG (including those already in standby).
To verify the LACP default action, use the show lacp lag <group-id> detail
command.
212 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
If you attempt to enter a port number that is different that a LAG group ID, the system returns the following error message:
ERROR: LAG group Id does not exist
Note:
To force the LACP trunk to behave like a static sharing trunk, use this command to add ports to the aggregator.
Example
The following command deletes defaulted ports from the aggregator for the specified LAG group ID: configure sharing 5:1 lacp defaulted-state-action delete
configure sharing lacp system-priority
configure sharing <port> lacp system-priority <priority>
Description
Configures the system priority used by LACP for each LAG to establish the station on which end assumes priority in determining those LAG ports moved to the collecting/distributing state of the protocol. That end of the LAG with the lowest system priority is the one that assumes control of the determination. This is optional; if you do not configure this parameter,
LACP uses system MAC values to determine priority. If you choose to configure this parameter, enter a value between 1 and 65535.
Syntax Description
port priority
Specifies the master logical port for the LAG you are setting the priority for.
Enter the value you want for the priority of the system for the LACP. The range is 1 to 65535; there is no default.
Default
N/A.
Usage Guidelines
The LACP uses the system MAC values to assign priority to one of the systems, and that system then determines which LAG ports move into the collecting/distributing state and exchange traffic. That end of the LAG with the lowest system priority is the one that assumes control of the determination. If you wish to override the default LACP system priority for a specific LAG, use this command to assign that LAG a specific LACP priority. Enter a value between 1 and 65535.
You must enable sharing and create the LAG prior to assigning this LACP priority.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 213
NETGEAR 8800 Chassis Switch CLI Manual
To verify the LACP system priority, use the show lacp
command.
Example
The following command assigns LAG 10 an LACP system priority of 3: configure sharing 10 lacp system-priority 3
configure sharing lacp timeout
configure sharing <port> lacp timeout [long | short]
Description
Configures the timeout used by each LAG to stop transmitting once LACPDUs are no longer received from the partner link. You can configure this timeout value to be either 90 seconds, long, or 3 seconds, short.
Syntax Description
port long short
Specifies the master logical port for the LAG you are setting the timeout value for.
Enter this value to use 90 seconds as the timeout value.
Enter this value to use 3 seconds as the timeout value.
Default
Long.
Usage Guidelines
You must enable sharing and create the LAG prior to assigning this LACP timeout value.
To verify the LACP timeout value, use the show lacp lag <group-id> detail
command.
If you attempt to enter a port number that is different that a LAG group ID, the system returns the following error message:
ERROR: LAG group Id does not exist
Example
The following command changes the timeout value for the specified LAG group ID to short: configure sharing 5:1 lacp timeout short
214 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
configure slot module
configure slot <slot> module <module_type>
Description
Configures a slot for a particular I/O module card.
On a stack, this command configures a slot for a particular type of node.
Syntax Description
slot module_type
Specifies the slot number.
Specifies the type of module or node for which the slot should be configured. The list of modules you can enter will vary depending on the type of switch and version of the
NETGEAR 8800 you are running. Certain modules are supported only with specific releases.
Default
If a slot has not been configured for a particular type of I/O module, then any type of module is accepted in that slot, and a default port and VLAN configuration is automatically generated.
Usage Guidelines
The command displays different module parameters depending on the type of switch you are configuring and the version of NETGEAR 8800 running on the switch.
You can also preconfigure the slot before inserting the module card. This allows you to begin configuring the module and ports before installing the card in the chassis.
If a slot has not been configured for a particular type of I/O module, then any type of module is accepted in that slot, and a default port and VLAN configuration is automatically generated.
If a slot is configured for one type of module, and a different type of module is inserted, the inserted module is put into a mismatch state, and is not brought online. To use the new module type in a slot, the slot configuration must be cleared or configured for the new module type.
Upon powering up the chassis, or when an I/O module is hot-swapped, the NETGEAR
8800automatically determines the system power budget and protects the switch from any potential overpower configurations. If power is available, the NETGEAR 8800 powers on and initializes the module. When the NETGEAR 8800 detects that a module will cause an overpower condition, the module remains powered down, and is not initialized. An entry is made to the system log indicating the condition.
On a stack, the module type must be a switch that supports NETGEAR 8800.
Example
The following command configures slot 2 for a 10/100/1000, 48-port, copper module: configure slot 2 module XCM8848T
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 215
NETGEAR 8800 Chassis Switch CLI Manual
configure slot restart-limit
configure slot <slot-number> restart-limit <num_restarts>
Description
Configures the number of times a slot can be restarted on a failure before it is shut down.
Syntax Description
slot-number num_restarts
Specifies the slot number
Specifies the number of times the slot can be restarted. The range is from 0 to 10,000.
Default
The default is 5.
Usage Guidelines
This command allows you to configure the number of times a slot can be restarted on a failure before it is shut down. If the number of failures exceeds the restart-limit, the module
goes into a “Failed” state. If that occurs, use the disable slot
restart the module.
Example
The following command configures slot 2 on the switch to be restarted up to 3 times upon a failure: configure slot 2 restart-limit 3
disable flow-control rx-pause ports
disable flow-control rx-pause ports [<port_list> | all]
Description
Disables the processing of received pause flow control messages.
Syntax Description
port_list Specifies one or more ports or slots and ports.
Default
Enabled
216 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
With autonegotiation enabled, the NETGEAR 8800 series switches advertise the ability to support pause frames. This includes receiving and reacting to (stopping transmission) pause frames.
Use this command to disable the processing of IEEE 802.3x pause flow control messages received from the remote partner. Disabling rx-pause processing avoids dropping packets in the switch and allows for better overall network performance in some scenarios where protocols such as TCP handle the retransmission of dropped packets by the remote partner.
To disable RX flow-control, TX flow-control must first be disabled. Refer to the
disable flow-control tx-pause ports
command. If you attempt to disable RX flow-control with TX flow-control enabled, an error message is displayed.
Example
The following command disables the rx flow-control feature on ports 5 through 7 on the
NETGEAR 8800 switch: disable flow-control rx-pause ports 5-7
disable flow-control tx-pause ports
disable flow-control tx-pause ports [<port_list> | all]
Description
Disables the transmission of pause frames.
Syntax Description
port_list Specifies one or more ports or slots and ports.
Default
Disabled
Usage Guidelines
Use this command to stop the transmission of flow control pause frames and revert to the default.
Example
The following command disables the tx flow-control feature on ports 5 through 7 on a
NETGEAR 8800: disable flow-control tx-pause ports 5-7
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 217
NETGEAR 8800 Chassis Switch CLI Manual
disable jumbo-frame ports
disable jumbo-frame ports [all | <port_list>]
Description
Disables jumbo frame support on a port.
Syntax Description
all port_list
Specifies all ports.
Specifies one or more ports or slots and ports.
Default
Disabled.
Usage Guidelines
•
You can enable or disable jumbo frames for the entire module or switch globally only.
•
You can enable and disable jumbo frames on individual ports.
Example
The following command disables jumbo frame support on slot 1, port 2 on a NETGEAR 8800 switch: disable jumbo-frame ports 1:2
The following command disables jumbo frame support on a NETGEAR 8800 switch: disable jumbo-frame ports all
disable learning port
disable learning {drop-packets | forward-packets} port [<port_list> | all]
Description
Disables MAC address learning on one or more ports for security purposes.
Syntax Description
port port_list all drop-packets
Specifies the port.
Specifies one or more ports or slots and ports.
Specifies all ports and slots.
Specifies that packets with unknown source MAC addresses be dropped.
218 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
forward-packets Specifies that packets with unknown source MAC addresses be forwarded.
Default
Enabled.
Usage Guidelines
Use this command in a secure environment where access is granted via permanent forwarding databases (FDBs) per port.
Example
The following command disables MAC address learning on port 4:3: disable learning ports 4:3
disable mirroring
disable mirroring
Description
Disables port mirroring.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
command to stop all configured copied mirroring traffic. Use this
command to unconfigure all the filters on the system.
Example
The following command disables port mirroring: disable mirroring
disable port
disable port [<port_list> | all]
Description
Disables one or more ports on the switch.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 219
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
port_list all
Specifies one or more ports or slots and ports.
Specifies all ports on the switch.
Default
Enabled.
Usage Guidelines
Use this command for security, administration, and troubleshooting purposes.
When a port is disabled, the link is brought down.
Example
The following command disables ports 3, 5, and 12 through 15 on a stand-alone switch: disable ports 3,5,12-15
The following command disables slot 1, ports 3, 5, and 12 through 15: disable port 1:3,1:5,1:12-1:15
disable sharing
disable sharing <port>
Description
Disables a load-sharing group of ports, also known as a link aggregation group (LAG).
Syntax Description
port Specifies the logical port of a load-sharing group or link aggregation group
(LAG). Specifies a port or a combination of the slot and port number.
Default
Disabled.
Usage Guidelines
When sharing is disabled, the logical port retains all configuration including VLAN membership. All other member ports are removed from all VLANs to prevent loops and their configuration is reset to default values.
220 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command disables sharing on master logical port 9 in slot 3, which contains ports 9 through 12: disable sharing 3:9
disable slot
disable slot <slot> {offline}
Description
Disables slot and leaves that module in a power down state.
Syntax Description
slot offline
Specifies the slot to be disabled.
Specifies that the slot be disabled offline.
Note:
This variable is supported only on the NETGEAR 8800 series switches; that is, those switches that support offline diagnostics.
Default
Enabled.
Usage Guidelines
This command allows the user to disable a slot. When the user types this command, the I/O card in that particular slot number is brought down, and the slot is powered down. The LEDs on the card go OFF.
A disabled slot can be re-enabled using the
re-enabled, the software on the I/O module is updated to match the software on the primary
MSM/MM.
command, if invoked after the user disables the slot, shows this slot state as
“Power Off/Disabled.”
If there is no I/O card present in a slot when the user disables the slot, the slot still goes to the
“Disable” state. If a card is inserted in a slot that has been disabled, the card does not come up and stays in the “Power Off/Disabled” state until the slot is enabled by using the
command. below.
If you do not save the configuration before you do a switch reboot, the slot will be re-enabled upon reboot. If you save the configuration after disabling a slot, the slot will remain disabled after a reboot.
On Power over Ethernet (PoE) modules, disabling a slot also disables any inline power that in flowing to that slot.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 221
NETGEAR 8800 Chassis Switch CLI Manual
This command applies only to the data, or I/O ports on slots holding an MSM. The slots holding an MSM on the NETGEAR 8810 switch are 5 and possibly 6; the slots holding an
MSM on the NETGEAR 8806 switch are 3 and possibly 4. Use the offline
parameter to run the diagnostics offline.
Example
The following command disables slot 5 on the switch: disable slot 5
disable smartredundancy
disable smartredundancy <port_list>
Description
Disables the Smart Redundancy feature.
Syntax Description
port_list Specifies one or more ports or slots and ports.
Default
Enabled.
Usage Guidelines
The Smart Redundancy feature works in concert with the software-controlled redundant feature. When Smart Redundancy is disabled, the switch attempts only to reset the primary port to active if the redundant port fails. That is, if you disable Smart Redundancy, the traffic does not automatically return to the primary port once it becomes active again; the traffic continues to flow through the redundant port even after the primary port comes up again.
Example
The following command disables the Smart Redundancy feature on ports 1:1 to 1:4: disable smartredundancy 1:1-4
disable snmp traps port-up-down ports
disable snmp traps port-up-down ports [<port_list> | all]
Description
Disables port up/down trap reception for specified ports.
222 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
port_list all
Specifies one or more ports or slots and ports.
Specifies all ports on the switch.
Default
Enabled.
Usage Guidelines
Use this command to stop receiving SNMP trap messages when a port transitions between being up and down.
Example
The following command stops ports 3, 5, and 12 through 15 on a stand-alone switch from receiving SNMP trap messages when the port goes up/down: disable snmp traps port-up-down ports 3,5,12-15
enable flow-control rx-pause ports
enable flow-control rx-pause ports [<port_list> | all]
Description
Enables the switch to process received pause frames.
Syntax Description
port_list Specifies one or more ports or slots and ports.
Default
Enabled
Usage Guidelines
Use this command to configure the switch to return to the default behavior of processing received pause frames.
Example
The following command enables the tx flow-control feature on ports 5 through 7 on a
NETGEAR 8800: enable flow-control rx-pause ports 5-7
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 223
NETGEAR 8800 Chassis Switch CLI Manual
enable flow-control tx-pause ports
enable flow-control tx-pause ports [<port_list> | all]
Description
Enables the switch to transmit pause frames.
Syntax Description
port_list Specifies one or more ports or slots and ports.
Default
Disabled
Usage Guidelines
With autonegotiation enabled, NETGEAR 8800 series switches advertise the ability to support pause frames. This includes receiving, reacting to (stopping transmission), and transmitting pause frames. However, the switch does not actually transmit pause frames unless it is configured to do so.
IEEE 802.3x flow control provides the ability to configure different modes in the default behaviors. Use this command to configure the switch to transmit link-layer pause frames when congestion is detected.
To enable TX flow-control, RX flow-control must first be enabled. Refer to the
enable flow-control rx-pause ports
command. If you attempt to enable TX flow-control with RX
flow-control disabled, an error message is displayed.
Example
The following command enables the tx flow-control feature on ports 5 through 7 on a
NETGEAR 8800: enable flow-control tx-pause ports 5-7
enable jumbo-frame ports
enable jumbo-frame ports [all | <port_list>]
Description
Enables support on the physical ports that will carry jumbo frames.
Syntax Description
all Specifies ports.
224 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
port_list Specifies one or more slots and ports.
Default
Disabled.
Usage Guidelines
Increases performance to back-end servers or allows for vMAN 802.1Q encapsulations.
You can configure the maximum size of a jumbo frame if you want to use a different size than
the default value of 9216. Use the configure jumbo-frame-size
command to configure the size.
This setting is preserved across reboots.
You can enable and disable jumbo frames on individual ports.
Example
The following command enables jumbo frame support on slot 3, port 5 on a NETGEAR 8800 switch: enable jumbo-frame ports 3:5
The following command enables jumbo frame support on a NETGEAR 8800 switch: enable jumbo-frame ports all
enable learning port
enable learning port [all | <port_list>]
Description
Enables MAC address learning on one or more ports.
Syntax Description
all port_list
Specifies all ports.
Specifies one or more ports or slots and ports.
Default
Enabled.
Usage Guidelines
N/A.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 225
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command enables MAC address learning on slot 1, ports 7 and 8: enable learning ports 1:7-8
enable mirroring to port
enable mirroring to [port <port> | port-list <port-list> loopback-port <port> ] {remote-tag
<vlan tag>}
Description
Dedicates a port on the switch to be the mirror output port, or the monitor port.
Syntax Description
port port-list loopback-port port remote-tag
Specifies the mirror output port.
Specifies the list of ports where traffic is to be mirrored.
Specifies an otherwise unused port required when mirroring to a port-list. The loopback-port is not available for switching user data traffic.
Specifies a single loopback port that is used internally to provide this feature.
Specifies the value of the VLAN ID used by the mirrored packets when egressing the monitor port.
Default
Disabled.
Usage Guidelines
Port mirroring configures the switch to copy all traffic associated with one or more ports,
VLANS or virtual ports. A virtual port is a combination of a VLAN and a port. The monitor port(s) can be connected to a network analyzer or RMON probe for packet analysis. The switch uses a traffic filter that copies a group of traffic to the monitor port.
Up to 16 mirroring filters and one monitor port can be configured on the switch. After a port has been specified as a monitor port, it cannot be used for any other function. Frames that contain errors are not mirrored.
You cannot run ELSM and mirroring on the same port. If you attempt to enable mirroring on a port that is already enabled for ELSM, the switch returns a message similar to the following:
Error: Port mirroring cannot be enabled on an ELSM enabled port.
The traffic filter on NETGEAR 8800 series switches can be defined based on one of the following criteria:
•
Physical port—All data that traverses the port, regardless of VLAN configuration, is
copied to the monitor port. You can specify which traffic the port mirrors:
226 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
•
Ingress—Mirrors traffic received at the port.
•
Egress—Mirrors traffic sent from the port.
•
Ingress and egress—Mirrors all traffic forwarded by the port.
(If you omit the optional parameters, all traffic is forwarded; the default for port-based mirroring is ingress and egress).
•
VLAN—All data to a particular VLAN, regardless of the physical port configuration, is
copied to the monitor port.
•
Virtual port—All data specific to a VLAN on a specific port is copied to the monitor port.
•
Only 8 VLANs can be mirrored on a given physical port.
•
Only traffic ingressing a VLAN can be monitored; you cannot specify ingressing or egressing traffic when mirroring VLAN traffic.
•
When routing between VLANs, ingress mirrored traffic is presented to the monitor port as
modified for routing. This is the default behavior and the behavior when you use the command, configure mirroring mode standard
. When you use the command, configure mirroring mode enhanced
, ingress traffic is mirrored as it is received (on the wire).
•
In standard mode (see configure mirroring mode
command), even if you select ingress and egress traffic, the packet is mirrored only the first time it matches a mirror filter and is not mirrored on subsequent configured filters. In enhanced mode, packets which match both an ingress filter and an egress filter will result in two packets egressing the monitor port or ports.
•
You cannot include the monitor port for the NETGEAR 8800 series switch in a load-sharing group.
•
You can run mirroring and sFlow on the same device when you are running NETGEAR
8800.
•
With a monitor port on a NETGEAR 8800 original-series module, all traffic egressing the monitor port is tagged (regardless of what module the ingressing port is on). Even if some untagged ports send mirrored traffic to the monitor port, that traffic also egresses the monitor port tagged with the internal VLAN ID.
•
When you are using standard mode mirroring on an 8800, a packet that matches both an ingress mirroring filter and an egress mirroring filter may only be ingress mirrored. The behavior depends on the location of the ingress port, egress port and monitor port within the switch as well as the type of switch on which the packet ingresses. When using enhanced mode mirroring, two packets are mirrored when a packet encounters both an ingress and egress mirroring filter.r one-half of that module or on another module.
Enhanced mirroring mode must be configured if you are going to configure a remote mirroring tag. Enhanced mirroring mode is configured using the following command:
enhanced
Note:
This parameter is used for the remote port mirroring feature only.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 227
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following example selects slot 3, port 4 as the mirror, or monitor, port on the NETGEAR
8800 switch: enable mirroring to port 3:4
The following example selects slot 1, port 3 as the tagged mirror, or monitor, port on the
NETGEAR 8800 switch: enable mirroring to port 1:3 tagged
enable port
enable port [<port_list> | all]
Description
Enables a port.
Syntax Description
port_list all
Specifies one or more ports or slots and ports.
Specifies all ports on the switch.
Default
All ports are enabled.
Usage Guidelines
Use this command to enable the port(s) if you disabled the port(s) for security, administration, or troubleshooting purposes.
Example
The following command enables ports 3, 5, and 12 through 15 on the stand-alone switch: enable ports 3,5,12-15
The following command enables slot 1, ports 3, 5, and 12 through 15: enable port 1:3, 1:5, 1:12-1:15
enable sharing grouping
enable sharing <port> grouping <port_list> {algorithm [address-based {L2 | L3 | L3_L4 | custom}]} {lacp | health-check}
228 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Description
Enables the switch to configure port link aggregation, or load sharing. By using link aggregation, you use multiple ports as a single logical port. Link aggregation also provides redundancy because traffic is redistributed to the remaining ports in the LAG if one port in the group goes down. LACP allows the system to dynamically configure the LAGs.
Syntax Description
port port_list address-based
L2
L3
L3_L4 custom lacp health-check
Specifies the master logical port for a load-sharing group or link aggregation group (LAG).
Specifies one or more ports or slots and ports to be grouped to the logical port.
Specifies link aggregation by address-based algorithm.
Specifies address-based link aggregation by Layer 2. This is the default value.
Specifies address-based link aggregation by Layer 3.
Specifies address-based link aggregation by Layer 3 IP plus Layer 4 port.
Selects the custom link aggregation algorithm configured with the following command:
.
The custom option applies to all LAGs on the switch.
Specifies dynamic link aggregation, or load sharing, using the LACP.
Specifies a health check type of link aggregation group.
Default
Disabled.
Usage Guidelines
Link aggregation, or load sharing, allows you to increase bandwidth and availability between switches by using a group of ports to carry traffic in parallel between switches. The aggregation algorithm allows the switch to use multiple ports as a single logical port. For example, VLANs see the link aggregation group (LAG) as a single logical port. Groups can span multiple modules.
Note:
All ports that are designated for the LAG must be removed from all
VLANs prior to configuring the LAG.
You can enable and configure dynamic link aggregation, using LACP or health-check link aggregation. Static link aggregation is the default link aggregation method.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 229
NETGEAR 8800 Chassis Switch CLI Manual
Note:
Always verify the LACP configuration by issuing the show ports sharing
command; look for the ports listed as being in the
aggregator.
If a port in a LAG fails, traffic is redistributed to the remaining ports in the LAG. If the failed port becomes active again, traffic is redistributed to include that port.
Link aggregation must be enabled on both ends of the link, or a network loop will result.
Note:
See NETGEAR 8800 User Manual for information on the interaction of port-based ACLs and LAGs of ports.
LAGs are defined according to the following rules:
•
Although you can reference only the logical port of a LAG to a Spanning Tree Domain
(STPD), all the ports of a load-sharing group actually belong to the specified STPD.
•
When using link aggregation, you should always reference the logical port of the LAG when configuring or viewing VLANs. VLANs configured to use other ports in the LAG will have those ports deleted from the VLAN when link aggregation becomes enabled.
Link aggregation, or load-sharing, algorithms allow you to select the distribution technique used by the LAG to determine the output port selection. Algorithm selection is not intended for use in predictive traffic engineering.
•
Port-based—Uses the ingress port to determine which physical port in the LAG is used
to forward traffic out of the switch.
•
Address-based—Uses addressing information to determine which physical port in the
LAG to use for forwarding traffic out of the switch. Refer to
configure sharing address-based custom
for more information on using addressing information.
The following guidelines apply to link aggregation on the NETGEAR 8800 series switch:
•
A static LAG can include a maximum of 8 ports.
•
An LACP LAG can include a maximum of 16 ports; out of these up to 8 can be selected links and the remaining 8 will be standby links.
•
A Health Check LAG can include a maximum of 8 ports.
•
The available address-based parameters on the NETGEAR 8800 series switch are L2 for
Layer 2 and L3 for Layer 3.
If the packet is not IP, the switch applies the Layer 2 algorithm, which is the default setting. The switch can use IPv6 addresses.
•
Broadcast, multicast, or unknown unicast packets are transmitted differently depending on the device you are using:
230 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
•
On the 8800 original-series modules, these packets are transmitted on a single port of a LAG.
•
On the 8800, these packets are distributed across all members of a LAG. The distribution of these packets depends on the type of the traffic. Broadcast, L2 multicast and unknown unicast traffic distribution is based on the source and destination MAC addresses. IP multicast traffic distribution is based on the source and destination IP addresses. This behavior is not configurable.
•
The custom
keyword is supported only on NETGEAR 8800 switches. If the custom keyword is specified on a NETGEAR 8800 switch that includes a mix of 8800 series modules, the individual modules use algorithms as follows:
•
The XCM8848T, XCM8824F, and XCM8808X I/O modules forward unicast traffic using the L3 algorithm.
•
All other modules forward unicast traffic using the L3_L4 algorithm.
•
All modules forward non-unicast traffic (broadcast, multicast, and unknown unicast packets) using a separate internal hash algorithm.
Example
The following example defines a static link aggregation group (LAG) on a switch that contains ports 9 through 12 on slot 3, ports 7 through 10 on slot 5, and uses the first port on slot 3 as the logical port 9: enable sharing 3:9 grouping 3:9-3:12, 5:7-5:10
In this example, logical port 3:9 represents physical ports 3:9 through 3:12 and 5:7 through
5:10.
The following example defines a dynamic LAG on a stand-alone switch containing ports 10 through 15, with port 10 being the logical port: enable sharing 10 grouping 10-15 lacp
The following example selects the custom option on a NETGEAR 8800 switch:
XCM8810.1 # enable sharing 2:1 grouping 2:1-2 algorithm address-based custom
The following example defines a health check LAG containing ports 10 through 13 with port
10 as the master logical port and specifies address-based link aggregation by Layer 3 IP plus
Layer 4 port: enable sharing 10 grouping 10,11,12,13 algorithm address L3_L4 health-check
enable slot
enable slot <slot>
Description
Enables slots.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 231
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
slot Specifies the slot to be enabled.
Default
Enabled.
Usage Guidelines
This command allows the user to enable a slot that has been previously disabled using the
Note:
On the NETGEAR 8800 series switches, this command applies only to the data or I/O ports on slots holding an MSM.
When the user enters the enable command, the disabled I/O card in the specified slot is brought up, and the slot is made operational, if possible, or goes to the appropriate state as determined by the card state machine. The LEDs on the card are brought ON as usual. When the slot is enabled, the software on the I/O module is updated to match the software on the primary MSM/MM.
After the user enables the slot, the
command shows the state as “Operational” or
will display the appropriate state if the card could not be brought up successfully. Note that there is no card state named “Enable” and the card goes to the appropriate states as determined by the card state machine when the
command is invoked.
Only slots that have their state as “disabled” can be enabled using this command. If this command is used on slots that are in states other than “disabled,” the card state machine takes no action on these slots.
To enable inline power to a slot, the slot must be enabled as well as inline power for that slot.
Use the
command to enable inline power.
Note:
If your chassis has an inline power module and there is not enough power to supply a slot, that slot will not be enabled; the slot will not function in data-only mode without enough power for inline power.
Example
The following command enables slot 5 on the switch: enable slot 5
232 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
enable smartredundancy
enable smartredundancy <port_list>
Description
Enables the Smart Redundancy feature on the primary port.
Syntax Description
portlist Specifies one or more ports or slots and ports.
Default
Enabled.
Usage Guidelines
You must configure the software-controlled redundant port using the configure ports redundant
command prior to enabling Smart Redundancy.
The Smart Redundancy feature works in concert with the software-controlled redundant port feature. With Smart Redundancy enabled on the switch, when the primary port becomes active the switch redirects all traffic to the primary port and blocks the redundant port again.
(If you disable Smart Redundancy, the primary port is blocked because traffic is now flowing through the redundant, port.)
Example
The following command enables the Smart Redundancy feature on slot 1, port 4: enable smartredundancy 1:4
enable snmp traps port-up-down ports
enable snmp traps port-up-down ports [<port_list> | all]
Description
Enables port up/down trap reception for specified ports.
Syntax Description
port_list all
Specifies one or more ports or slots and ports.
Specifies all ports on the switch.
Default
Enabled.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 233
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
Use this command to begin receiving SNMP trap messages when a port transitions between being up and down.
Example
The following command enables ports 3, 5, and 12 through 15 on a stand-alone switch to receive SNMP trap messages when the port goes up/down: enable snmp traps port-up-down ports 3,5,12-15
restart ports
restart ports [all | <port_list>]
Description
Resets autonegotiation for one or more ports by resetting the physical link.
Syntax Description
all port_list
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Default
N/A.
Usage Guidelines
N/A.
Example
The following command resets autonegotiation on slot 1, port 4: restart ports 1:4
run failover
run failover {force}
Description
Causes a user-specified node failover.
234 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
force Force failover to occur.
Default
N/A.
Usage Guidelines
Use this command to cause the primary MSM/MM to failover to the backup MSM/MM, or the
Master node to failover to the Backup node.
Before you initiate failover, use the show switch {detail}
command to confirm that the nodes
are in sync and have identical software and switch configurations. If the output shows
MASTER and BACKUP (InSync), the two MSMs/MMs or nodes are in sync.
If the MSM/MM’s software and configuration are not in sync, use the
to get the two MSMs/MMs or nodes in sync. This command ensures that the backup has the same software in flash as the master.
Example
The following command causes a failover: run failover
run msm-failover
run msm-failover {force}
Description
Causes a user-specified node failover.
Syntax Description
force Force failover to occur.
Default
N/A.
Usage Guidelines
This command is being replaced with the
command. For usage guidelines, see the description for the run failover
command.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 235
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command causes a user-specified MSM failover: run msm-failover
show lacp
show lacp
Description
Displays LACP, or dynamic link aggregation, settings on the switch.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
This command displays the following information about the LACP LAGs configured on the switch:
•
Up or Down
•
Enabled or disabled (not configurable)
•
System MAC
•
MAC address for the system, which is used for LACP priority in the absence of a specifically configured priority.
•
LACP PDUs dropped on non-LACP ports
•
LAG
•
Identifies the particular LAG. This number comes from logical port assigned to the
LAG and is the LAG group ID.
•
Actor Sys-Pri
•
Shows the system priority for that LAG.
•
If this number is lower than the number displayed for the Partner Sys-Pri, the system you are working on is the controlling partner in the LAG.
•
Actor Key
•
Automatically generated LACP key.
•
Partner MAC
•
Identifies the MAC address for the system connecting to the LAG on the remote end.
•
Partner Sys-Pri
•
Shows the system priority for that LAG on the remote end.
236 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
•
If this number is lower than the number displayed for the Actor Sys-Pri, the system at the remote end is the controlling partner in the LAG.
•
Partner Key
•
LACP key automatically generated by the system to which this aggregator is connected.
•
If this number is lower than the number displayed for the Actor Key, the partner system is the controlling partner in the LAG.
•
Agg Count
•
Identifies the number of ports added to the aggregator for that LAG.
Example
The following command displays the LACP LAGs on the switch: show lacp
The following is sample output from this command:
LACP Up : Yes
LACP Enabled : Yes
System MAC : 00:04:96:10:33:60
LACP PDUs dropped on non-LACP ports : 0
Lag Actor Actor Partner Partner Partner Agg
Sys-Pri Key MAC Sys-Pri Key Count
--------------------------------------------------------------------------------
2:1 90 0x07d1 00:01:30:f9:9c:30 601 0x1391 2
4:5 100 0x0fa5 00:01:30:f9:9c:30 321 0x1f47 16
4:9 677 0x0fa9 00:01:30:f9:9c:30 87 0x0fa9 8
show lacp counters
show lacp counters
Description
Displays all LACP, or dynamic link aggregation, counters for all member ports in the system.
Syntax Description
This command has no parameters or variables.
Default
N/A.
Usage Guidelines
This command displays the following information for all link aggregation groups (LAGs):
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 237
NETGEAR 8800 Chassis Switch CLI Manual
•
LACP PDUs dropped on non-LACP ports
•
LACP bulk checkpointed messages sent
•
LACP bulk checkpointed messages received
•
LACP PDUs checkpointed sent
•
LACP PDUs checkpointed received
•
LAG group ID
•
Member port
•
Packets received
•
Packets dropped from PDU error
•
Packets dropped because LACP is not enabled on this port
•
Packets dropped because sender’s system MAC address matches that of receiver
•
Packets successfully transmitted
•
Packets with errors during transmission
Example
The following command displays LACP counters: show lacp counters
The following is sample output from this command:
LACP PDUs dropped on non-LACP ports : 519392
LACP Bulk checkpointed msgs sent : 1
LACP Bulk checkpointed msgs recv : 0
LACP PDUs checkpointed sent : 575616
LACP PDUs checkpointed recv : 0
Lag Member Rx Rx Drop Rx Drop Rx Drop Tx Tx
Group Port Ok PDU Err Not Up Same MAC Sent Ok Xmit Err
--------------------------------------------------------------------------------
1:1 1:1 2169 0 0 0 2170 0
1:2 2169 0 0 0 2170 0
1:3 2169 0 0 0 2170 0
1:4 2169 0 0 0 2170 0
1:5 2169 0 0 0 2170 0
1:6 2169 0 0 0 2170 0
1:7 2169 0 0 0 2170 0
1:8 2168 0 0 0 2169 0
================================================================================
show lacp lag
show lacp lag <group-id> {detail}
238 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Description
Displays LACP, or dynamic link aggregation, settings for the specified LAG.
Syntax Description
group-id detail
Specifies the LAG group ID you want to display. This is the number of the port you configured as the logical port of the LAG.
Show detailed information.
Default
N/A.
Usage Guidelines
This command displays the following information about the specified LACP LAG:
•
LAG
•
Identifies the particular LAG. This number comes from logical port assigned to the
LAG and is the LAG group ID.
•
Actor Sys-Pri
•
Shows the system priority for that LAG.
•
If this number is lower than the number displayed for the Partner Sys-Pri, the system you are working on is the controlling partner in the LAG.
•
Actor Key
•
Automatically generated LACP key.
•
Partner MAC
•
Identifies the MAC address for the system connecting to the LAG on the remote end.
•
Partner Sys-Pri
•
Shows the system priority for that LAG on the remote end.
•
If this number is lower than the number displayed for the Actor Sys-Pri, the system at the remote end is the controlling partner in the LAG.
•
Partner Key
•
LACP key automatically generated by the system to which this aggregator is connected.
•
If this number is lower than the number displayed for the Actor Key, the partner system is the controlling partner in the LAG.
•
Agg Count
•
Identifies the number of ports added to the aggregator for that LAG.
•
Member port
•
Port priority
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 239
NETGEAR 8800 Chassis Switch CLI Manual
•
Rx State—Receiving state of the port
•
Idle
•
Initialized
•
Current—Receiving LACP PDUs
•
Expired
•
Defaulted
•
Sel Logic—Selection state of the port
•
Selected—Ports with a matching admin key on the remote end.
•
Unselected—Ports that failed to meet with a matching admin key on the remote end.
•
Standby—Ports that exceed the number of ports that can be active in the LAG simultaneously. These ports can be moved into selected mode if one of the currently selected ports in the LAG goes down.
•
Mux State—Ability to transmit and collect data of the port
•
Waiting—Selected port that is waiting for LACP to determine if it can join the aggregator.
•
Attached—Ports ready to be added to the aggregator.
•
Collecting-Dist—Ports that are added to the aggregator and are transferring data.
•
Detached—Ports that cannot be added to the aggregator.
•
Actor Flag—Mux state of the port
•
A—Activity
•
T—Timeout
•
G—Aggregation
•
S—Synchronization
•
C—Collecting
•
D—Distributing
•
F—Defaulted
•
E—Expired
•
Partner Port
•
The operational value of the port number assigned to this link by partner.
•
Up—Yes or no
•
Enabled—Yes or no
•
Unack count
•
Wait-for-count
•
Current timeout
•
Activity mode
•
Defaulted action
•
Receive state
240 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
•
Transmit state
•
Selected count—Number of selected ports in the LAG
•
Standby count—Number of standby ports in the LAG
•
LAG Id flag
•
S—Displays information on controlling partner of LAG.
•
T—Displays information on controlled partner of LAG.
Example
The following command displays information on the specified LACP LAG: show lacp lag 4:9
The following is sample output from this command:
Lag Actor Actor Partner Partner Partner Agg
Sys-Pri Key MAC Sys-Pri Key Count
--------------------------------------------------------------------------------
4:9 2110 0x0fa9 00:04:96:10:33:60 2110 0x0fa9 16
Port list:
Member Port Rx Sel Mux Actor Partner
Port Priority State Logic State Flags Port
--------------------------------------------------------------------------------
4:9 300 Current Selected Collect-Dist A-GSCD-- 4009
4:10 301 Current Selected Collect-Dist A-GSCD-- 4010
4:11 302 Current Standby Detached A-G----- 4011
4:12 303 Current Standby Detached A-G----- 4012
4:29 200 Current Selected Collect-Dist A-GSCD-- 4029
4:30 0 Current Selected Collect-Dist A-GSCD-- 4030
4:31 202 Current Selected Collect-Dist A-GSCD-- 4031
4:32 203 Current Selected Collect-Dist A-GSCD-- 4032
8:7 101 Current Selected Collect-Dist A-GSCD-- 8013
8:8 10 Current Selected Collect-Dist A-GSCD-- 8014
8:9 9 Current Selected Collect-Dist A-GSCD-- 8015
8:10 8 Current Selected Collect-Dist A-GSCD-- 8016
8:11 7 Current Selected Collect-Dist A-GSCD-- 8017
8:12 6 Current Selected Collect-Dist A-GSCD-- 8018
8:13 5 Current Selected Collect-Dist A-GSCD-- 8019
8:14 3 Current Selected Collect-Dist A-GSCD-- 8020
8:15 0 Current Selected Collect-Dist A-GSCD-- 8043
8:16 3 Current Selected Collect-Dist A-GSCD-- 8044
8:17 2 Idle Unselected Detached -------- 0
8:18 37 Idle Unselected Detached -------- 0
8:19 36 Idle Unselected Detached -------- 0
8:20 35 Idle Unselected Detached -------- 0
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 241
NETGEAR 8800 Chassis Switch CLI Manual
================================================================================
Actor Flags: A-Activity, T-Timeout, G-Aggregation, S-Synchronization
C-Collecting, D-Distributing, F-Defaulted, E-Expired
The following command displays detailed information on the specified LACP LAG: show lacp lag 4:9 detail
The following is sample output from this command:
Lag Actor Actor Partner Partner Partner Agg
Sys-Pri Key MAC Sys-Pri Key Count
--------------------------------------------------------------------------------
4:9 2110 0x0fa9 00:04:96:10:33:60 2110 0x0fa9 16
Up : Yes
Enabled : Yes
Unack count : 0
Wait-for-count : 0
Current timeout : Long
Activity mode : Active
Defaulted Action : Delete
Receive state : Enabled
Transmit state : Enabled
Selected count : 16
Standby count : 2
LAG Id flag : Yes
S.pri:2110, S.id:00:01:30:f9:9c:30, K:0x0fa9
T.pri:2110, T.id:00:04:96:10:33:60, L:0x0fa9
Port list:
Member Port Rx Sel Mux Actor Partner
Port Priority State Logic State Flags Port
--------------------------------------------------------------------------------
4:9 300 Current Selected Collect-Dist A-GSCD-- 4009
4:10 301 Current Selected Collect-Dist A-GSCD-- 4010
4:11 302 Current Standby Detached A-G----- 4011
4:12 303 Current Standby Detached A-G----- 4012
4:29 200 Current Selected Collect-Dist A-GSCD-- 4029
4:30 0 Current Selected Collect-Dist A-GSCD-- 4030
4:31 202 Current Selected Collect-Dist A-GSCD-- 4031
4:32 203 Current Selected Collect-Dist A-GSCD-- 4032
8:7 101 Current Selected Collect-Dist A-GSCD-- 8013
8:8 10 Current Selected Collect-Dist A-GSCD-- 8014
8:9 9 Current Selected Collect-Dist A-GSCD-- 8015
8:10 8 Current Selected Collect-Dist A-GSCD-- 8016
242 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
8:11 7 Current Selected Collect-Dist A-GSCD-- 8017
8:12 6 Current Selected Collect-Dist A-GSCD-- 8018
8:13 5 Current Selected Collect-Dist A-GSCD-- 8019
8:14 3 Current Selected Collect-Dist A-GSCD-- 8020
8:15 0 Current Selected Collect-Dist A-GSCD-- 8043
8:16 3 Current Selected Collect-Dist A-GSCD-- 8044
8:17 2 Idle Unselected Detached -------- 0
8:18 37 Idle Unselected Detached -------- 0
8:19 36 Idle Unselected Detached -------- 0
8:20 35 Idle Unselected Detached -------- 0
================================================================================
Actor Flags: A-Activity, T-Timeout, G-Aggregation, S-Synchronization
C-Collecting, D-Distributing, F-Defaulted, E-Expired
show lacp member-port
show lacp member-port <port> {detail}
Description
Displays LACP, or dynamic link aggregation, settings for the specified port that is a member of any LAG.
Syntax Description
port detail
Specifies the port number.
Show detailed information.
Default
N/A.
Usage Guidelines
This command displays the following information about the specified port:
•
Member Port
•
Port Priority
•
Rx State—Receiving state of the port
•
Idle
•
Initialized
•
Current—Receiving LACP PDUs
•
Expired
•
Defaulted
•
Sel Logic—Selection state of the port
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 243
NETGEAR 8800 Chassis Switch CLI Manual
•
Selected—Ports with a matching admin key on the remote end.
•
Unselected—Ports that failed to meet with a matching admin key on the remote end.
•
Standby—Ports that exceed the number of ports that can be active in the LAG simultaneously. These ports can be moved into selected mode if one of the currently selected ports in the LAG goes down.
•
Mux State—Ability to transmit and collect data of the port
•
Waiting—Selected port that is waiting for LACP to determine if it can join the aggregator.
•
Attached—Ports ready to be added to the aggregator.
•
Collecting-Dist—Ports that are added to the aggregator and are transferring data.
•
Detached—Ports that cannot be added to the aggregator.
•
Actor Flag
•
A—Activity
•
T—Timeout
•
G—Aggregation
•
S—Synchronization
•
C—Collecting
•
D—Distributing
•
F—Defaulted
•
E—Expired
•
Partner Port
•
The operational value of the port number assigned to this link by partner.
•
Up or Down—LACP protocol running or not on specified port
•
Enabled or disabled (not configurable)
•
Link State—Link state on this port up or down
•
Actor Churn—True or false
•
Partner Churn—True or false
•
Ready_N—Ready to be added to aggregator.
•
Wait pending
•
Ack pending
•
LAG Id
•
S—Displays information on controlling partner of LAG.
•
T—Displays information on controlled partner of LAG.
•
Stats
•
Rx - Accepted
•
Rx - Dropped due to error in verifying PDU
•
Rx - Dropped due to LACP not being up on this port
244 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
•
Rx - Dropped due to matching own MAC
•
Tx - Sent Successfully
•
Tx - Transmit error
Example
The following command displays LACP information on the specified port: show lacp member-port 4:9
The following is sample output from this command:
Member Port Rx Sel Mux Actor Partner
Port Priority State Logic State Flags Port
--------------------------------------------------------------------------------
4:9 300 Current Selected Collect-Dist A-GSCD-- 4009
================================================================================
Actor Flags: A-Activity, T-Timeout, G-Aggregation, S-Synchronization
C-Collecting, D-Distributing, F-Defaulted, E-Expired
The following command displays detailed LACP information on the specified port: show lacp member-port 4:9 detail
The following is sample output from this command:
Member Port Rx Sel Mux Actor Partner
Port Priority State Logic State Flags Port
--------------------------------------------------------------------------------
4:9 300 Current Selected Collect-Dist A-GSCD-- 4009
Up : Yes
Enabled : Yes
Link State : Up
Actor Churn : False
Partner Churn : False
Ready_N : Yes
Wait pending : No
Ack pending : No
LAG Id:
S.pri:2110, S.id:00:01:30:f9:9c:30, K:0x0fa9, P.pri:300 , P.num:4009
T.pri:2110, T.id:00:04:96:10:33:60, L:0x0fa9, Q.pri:300 , Q.num:4009
Stats:
Rx - Accepted : 2174
Rx - Dropped due to error in verifying PDU : 0
Rx - Dropped due to LACP not being up on this port : 0
Rx - Dropped due to matching own MAC : 0
Tx - Sent successfully : 2175
Tx - Transmit error : 0
================================================================================
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 245
NETGEAR 8800 Chassis Switch CLI Manual
Actor Flags: A-Activity, T-Timeout, G-Aggregation, S-Synchronization
C-Collecting, D-Distributing, F-Defaulted, E-Expired
show mirroring
show mirroring
Description
Displays the port-mirroring configuration on the switch.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
You must enable mirroring on the switch prior to configuring mirroring, and you must configure mirroring to display mirroring statistics. Use the
command to enable mirroring and the
mirroring.
You can use this command to display mirroring statistics and determine if mirroring is enabled or disabled on the switch.
Example
The following command displays switch mirroring statistics: show mirroring
Following is sample output from this command for a NETGEAR 8810 switch that is configured for port-based mirroring for single monitor ports:
Mirror port: 3:15 is up
Number of Mirroring filters: 3
Mirror Port configuration:
Port number 3:12 in all vlans ingress only
Port number 5:4 in all vlans egress only
Port number 8:30 in all vlans
show ports
show ports {<port_list>} {no-refresh}
Description
Display port summary statistics.
246 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
port_list no-refresh
Specifies one or more ports or slots and ports.
Specifies a static snapshot of the data.
Default
N/A.
Usage Guidelines
Use this command to display the port number, display string, and some of the port states in tabular form.
The VLAN name is displayed only if that port contains a single VLAN. If the port contains more than one VLAN, then the number of the VLANs are displayed.
Example
The following command displays on slot 2-3 on port 1 and slot 12 on port 10: show ports 1:2-3,10:12
Following is sample output from this command: show ports 1:2-3,10:12
Port Summary Monitor Thu Feb 14 14:19:50 2008
Port Display VLAN Name Port Link Speed Duplex
# String (or # VLANs) State State Actual Actual
==================================================================
1:2 2nd-Floor-Lab Lab-Backbone E A 1000 FULL
1:3 Building2 E A D
10:12 AllBackboneLANs (34) E R FULL
==================================================================
Port State: D-Disabled, E-Enabled
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback,
D-ELSM enabled but not up
U->page up D->page down ESC->exit
show ports anomaly
show ports <port list> anomaly {no-refresh}
Description
Display statistics of anomaly violation events in real time.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 247
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
port_list no-refresh
Specifies one or more ports or slots and ports.
Specifies a static snapshot of data.
Default
N/A.
Usage Guidelines
If you do not specify a port number or range of ports, statistics are displayed for all ports. To
clear the counters, use the clear counters ports
command. The default display is a
constantly refreshing real-time display. If you specify the no-refresh
parameter, the system displays a snapshot of the data at the time you issue the command.
This command takes effect after enabling anomaly-protection.
Example
The following command displays real-time anomaly statistics on slot 2, all ports: show ports 2:* anomaly
Following is sample output from this command:
Port Statistics Thu Nov 9 22:44:31 2006
Port Link Rx Pkt ============ Anomaly Violation =========
State Count L3 Count L4 Count ICMP Count Frag Count
================================================================================
2:1 A 191585 1 2 0 0
2:2 R 0 0 0 0 0
2:3 R 0 0 0 0 0
2:4 R 0 0 0 0 0
2:5 R 0 0 0 0 0
2:6 R 0 0 0 0 0
2:7 R 0 0 0 0 0
2:8 R 0 0 0 0 0
2:9 R 0 0 0 0 0
2:10 R 0 0 0 0 0
2:11 R 0 0 0 0 0
2:12 A 178024 0 0 0 0
2:13 A 196956 0 0 0 0
2:14 R 0 0 0 0 0
2:15 R 0 0 0 0 0
2:16 R 0 0 0 0 0
2:17 R 0 0 0 0 0
================================================================================
248 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
0->Clear Counters U->page up D->page down ESC->exit
show ports collisions
show ports {mgmt | <port_list>} collisions {no-refresh}
Description
Displays real-time collision statistics.
Syntax Description
mgmt port_list no-refresh
Specifies the management port.
Specifies one or more ports or slots and ports.
Specifies a static snapshot of data.
Default
Real-time statistics.
Usage Guidelines
If you do not specify a port number or range of ports, collision statistics are displayed for all
ports. To clear the counters, use the clear counters ports
command. The default display is a constantly refreshing real-time display. If you specify the no-refresh
parameter, the system displays a snapshot of the data at the time you issue the command.
This status information may be useful for your technical support representative if you have a network problem.
Example
The following command displays real-time collision statistics on slot 1, ports 1 and 2: show ports 1:1-2 collisions
Following is sample output from this command:
Port Collision Monitor
Port Link Collision Histogram
State 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
================================================================================
1:1 A 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1:2 R 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
================================================================================
Link State: A-Active R-Ready, NP-Port not present, L-Loopback
The numbers 1 to 16 represent the number of collisions encountered prior to successfully transmitting the packet; this is applicable only for half-duplex links.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 249
NETGEAR 8800 Chassis Switch CLI Manual
show ports configuration
show ports {mgmt | <port_list>} configuration {no-refresh}
Description
Displays port configuration statistics, in real time or snapshot.
Syntax Description
mgmt port_list no-refresh
Specifies the management port.
Specifies one or more ports or slots and ports.
Specifies a static snapshot of data.
Default
Real-time statistics.
Usage Guidelines
If you do not specify a port number or range of ports, configuration statistics are displayed for all ports. If you specify the no-refresh
parameter, the system displays a snapshot of the data at the time you issue the command.
This status information may be useful for your technical support representative if you have a network problem.
This command displays port configuration, which includes:
•
Virtual router
•
Port state
•
Link state
•
Autonegotiation information
•
Link speed
•
Duplex mode
•
Flow control
•
Load sharing information
•
Link media information
Note:
On 10 Gbps ports, the Media Primary column displays NONE when no module is installed, and SR, LR, or ER depending on the module installed when there is one present.
250 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command displays the port configuration for all ports: show ports configuration
Port Configuration Monitor Fri Apr 13 10:22:29 2007
Port Virtual Port Link Auto Speed Duplex Flow Load Media
router State State Neg Cfg Actual Cfg Actual Cntrl Master Pri Red
================================================================================
1 VR-Default E R ON AUTO AUTO NONE UTP
2 VR-Default E R ON AUTO AUTO NONE UTP
3 VR-Default E R ON AUTO AUTO NONE UTP
4 VR-Default E R ON AUTO AUTO NONE UTP
5 VR-Default E R ON AUTO AUTO NONE
6 VR-Default E R ON AUTO AUTO NONE
7 VR-Default E R OFF 100 FULL SX
8 VR-Default E R ON AUTO AUTO NONE
9 VR-Default E R ON AUTO AUTO NONE
10 VR-Default E R ON AUTO AUTO NONE
11 VR-Default E R ON AUTO AUTO NONE
12 VR-Default E R ON AUTO AUTO NONE
13 VR-Default E R ON AUTO AUTO NONE
14 VR-Default E R ON AUTO AUTO NONE
15 VR-Default E R ON AUTO AUTO NONE
================================================================================
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
Port State: D-Disabled, E-Enabled, Media: !-Unsupported Optic Module
Media Red: * - use "show port info detail" for redundant media type
0->Clear Counters U->page up D->page down ESC->exit
The following command displays the port configuration statistics for slot 2, port 2: show ports 2:2 configuration
Following is sample output from this command:
Port Configuration
Port Virtual Port Link Auto Speed Duplex Flow Load Media
router State State Neg Cfg Actual Cfg Actual Cntrl Master Pri Red
================================================================================
2:2 VR-Default E R ON AUTO AUTO UTP
================================================================================
Link State: A-Active, R-Ready, NP-Port not present, L-Loopback
Port State: D-Disabled E-Enabled, Media: !-Unsupported Optic Module
0->Clear Counters U->page up D->page down ESC->exit
show ports information
show ports {mgmt | <port_list>} information {detail}
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 251
NETGEAR 8800 Chassis Switch CLI Manual
Description
Displays detailed system-related information.
Syntax Description
mgmt port_list detail
Specifies the management port.
Specifies one or more ports of slots and ports.
Specifies detailed port information.
Default
N/A.
Usage Guidelines
This command displays information, including the following:
•
Port number
•
Port configuration
•
Virtual router
•
Type of port
•
Admin state
•
Link state and speed
•
Link counter
•
VLAN configuration
•
STP configuration
•
Trunking, or load sharing
•
ELSM (disabled; or if enabled, the ELSM link state is shown as well)
•
Load balancing
•
Learning
•
Egress flooding
•
Jumbo frames
•
Link port up/down traps
•
QoS profiles
•
vMAN status
•
Smart Redundancy status
•
SRP status
•
Additional platform-specific information
252 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
If you do not specify a port number or range of ports, detailed system-related information is displayed for all ports. The data is displayed in a table format.
This status information may be useful for your technical support representative if you have a network problem.
The detail
parameter is used to provided more specific port information. The data is called out with written explanations versus displayed in a table format.
Note:
The keyword detail
displays slightly different information depending on the platform and configuration you are working with.
The link filter counter displayed with the detail
keyword is calculated at the middle layer on receiving an event. The link filter up indicates the number of link transitions from down to up at the middle layer filter.
Example
The following command displays port system-related information on a NETGEAR 8810 switch: show port 1:1 info
Following is sample output from this command:
* XCM8806.1 # show port 1:1 info
Port Flags Link OAM Link Num Num Num Jumbo QOS Load
State UPS STP VLAN Proto Size profile Master
====================================================================================
1:1 Em---------fMB---x ready -/- 0 1 1 1 9216 none
====================================================================================
> indicates Port Display Name truncated past 8 characters
Flags : a - Load Sharing Algorithm address-based, D - Port Disabled,
E - Port Enabled,
g - Egress TOS Enabled, j - Jumbo Frame Enabled,
l - Load Sharing Enabled, m - MACLearning Enabled,
n - Ingress TOS Enabled, o - Dot1p Replacement Enabled,
P - Software redundant port(Primary),
R - Software redundant port(Redundant),
q - Background QOS Monitoring Enabled,
s - diffserv Replacement Enabled,
v - Vman Enabled, f - Unicast Flooding Enabled,
M - Multicast Flooding Enabled, B - Broadcast Flooding Enabled
O - Ethernet OAM Enabled
w - MACLearning Disabled with Forwarding
b - Rx and Tx Flow Control Enabled, x - Rx Flow Control Enabled
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 253
NETGEAR 8800 Chassis Switch CLI Manual
The following command displays detailed port system-related information on the NETGEAR
8800 switch: show ports 3:1 information detail
Following is sample output from this command:
Port: 3:1
Virtual-router: VR-Default
Type: UTP
Random Early drop: Unsupported
Admin state: Enabled with auto-speed sensing (100M Advertised), auto-duplex
(half-duplex Advertised)
ELSM Link State: Up
Link State: Active, 1 Gbps, full-duplex
Link Counter: Up 1 time(s)
VLAN cfg:
Name: Default, Internal Tag = 1 (MAC-Based), MAC-limit = No-limit
STP cfg:
s0(disable), Tag=(none), Mode=802.1D, State=FORWARDING
Protocol:
Name: Default Protocol: ANY Match all protocols.
Trunking: Load sharing is not enabled.
ELSM: Enabled
Learning: Enabled
Unicast Flooding: Enabled
Multicast Flooding: Enabled
Broadcast Flooding: Enabled
Jumbo: Enabled, MTU= 9194
Flow Control: Rx-Pause: Disabled Tx-Pause: Disabled
Link up/down SNMP trap filter setting: Enabled
Egress Port Rate: 128 Kbps, Max Burst Size: 200 Kb
Broadcast Rate: No-limit
Multicast Rate: No-limit
Unknown Dest Mac Rate: No-limit
QoS Profile: QP3 configured by user
Ingress Rate Shaping : Unsupported
Ingress IPTOS Examination: Disabled
Ingress 802.1p Examination: Enabled
Ingress 802.1p Inner Exam: Disabled
Egress IPTOS Replacement: Disabled
Egress 802.1p Replacement: Disabled
NetLogin: Enabled
NetLogin authentication mode: MAC based
NetLogin port mode: MAC based VLANs
Smart redundancy: Enabled
254 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Software redundant port: Disabled
autopolarity: Enabled
show ports packet
show ports {mgmt | <port_list>} packet {no-refresh}
Description
Displays a snapshot or real-time histogram of packet statistics.
Syntax Description
mgmt port_list no-refresh
Specifies the management port.
Specifies one or more ports or slots and ports.
Specifies a static snapshot of data.
Default
Real-time statistics.
Usage Guidelines
If you do not specify a port number or range of ports, the system displays information for all ports; if you specify the no-refresh
parameter, the system displays a snapshot of the data at
the time you issue the command. To clear the counters, use the clear counters ports
command.
This status information may be useful for your technical support representative if you have a network problem.
The following packet statistics are displayed:
•
Port number
•
Link state
•
Packet size
Example
The following command displays packet statistics for slot 1, port 1, slot 2, port 1, and slot 5, ports 1 through 8: show ports 1:1, 2:1, 5:1-5:8 packet
Following is sample output from this command:
Port Link Packet Sizes
State 0-64 65-127 128-255 256-511 512-1023 1024-1518 Jumbo
================================================================================
1:1 A 0 0 0 0 0 0 0
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 255
NETGEAR 8800 Chassis Switch CLI Manual
2:1 R 0 0 0 0 0 0 0
5:1 R 0 0 0 0 0 0 0
5:2 R 0 0 0 0 0 0 0
5:3 R 0 0 0 0 0 0 0
5:4 R 0 0 0 0 0 0 0
5:5 R 0 0 0 0 0 0 0
5:6 R 0 0 0 0 0 0 0
5:7 R 0 0 0 0 0 0 0
5:8 R 0 0 0 0 0 0 0
================================================================================
Link State: A-Active, R-Ready, NP-Port not present, L-Loopback
show ports redundant
show ports redundant
Description
Displays detailed information about redundant ports.
Syntax
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
None.
Example
The following command displays information on software-controlled redundant ports on the switch: show ports redundant
Following is sample output from this command:
Primary: *1:1 Redundant: 3:1, Link on/off option: OFF
Flags: (*)Active, (!) Disabled, (g) Load Share Group
show ports sharing
show ports sharing
Description
Displays port load-sharing groups, or link aggregation groups (LAGs).
256 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
Output from this command displays the following information:
•
Config Master—The port that is configured as the master logical port of the link aggregation group (LAG). This number is also the LAG group ID.
•
Current Master—In LACP, this is the port that is currently the LAG group ID, or master logical port for the LAG.
•
Agg Control—This is the aggregation control for the specified LAG; it can be either static,
LACP or health-check. In LACP, it is the aggregation control for the specified LAG.
•
Ld Share Algorithm—The algorithm used for the link aggregation. The available link aggregation algorithms vary among platforms; see the NETGEAR 8800 User Manual for more information.
•
Ld Share Group—The specific ports that belong to each LAG, or the port numbers in the trunk. A port can belong to only one LAG, either static or dynamic.
•
Agg Mbr—In LACP, this shows whether the port has been added to the aggregator or not; it will be either Y for yes or - for no.
•
Link State—This is the current status of the link
•
Link Up transitions—Number of times the link has cycled through being up, then down, then up.
Example
The following is an example display for an 8800 switch that uses a custom load sharing algorithm
BD-8810.8 # show port sharing
Load Sharing Monitor
Config Current Agg Ld Share Ld Share Agg Link Link Up
Master Master Control Algorithm Group Mbr State Transitions
==============================================================================
2:1 2:1 Static L2 2:1 Y A 1
L2 2:2 Y A 1
3:1 3:1 Static L3_L4 3:1 Y A 1
L3_L4 3:2 Y A 1
4:1 4:1 Static custom 4:1 Y A 1
custom 4:2 Y A 1
==============================================================================
Link State: A-Active, D-Disabled, R-Ready, NP-Port not present, L-Loopback
Load Sharing Algorithm: (L2) Layer 2 address based, (L3) Layer 3 address based
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 257
NETGEAR 8800 Chassis Switch CLI Manual
(L3_L4) Layer 3 address and Layer 4 port based
(custom) User-selected address-based configuration
Custom Algorithm Configuration: ipv4 source-only, xor
Note - Layer 4 ports are not used for distribution for traffic ingressing
MSM-G8X I/O ports and ports on G48T, G48P, G24X, and 10G4X modules.
- The 'custom' algorithm is not used for traffic ingressing on current
slot 1, 2, 3, 5 and 10. Refer to XOS Command Reference.
Number of load sharing trunks: 3
show port transceiver information
show port <port-list> transceiver information
Description
Displays basic information about the optical transceiver.
Syntax Description
port-list Specifies the port number(s).
Default
N/A.
Usage Guidelines
Digital Diagnostic Monitoring Interface (DDMI) provides critical system information about 10G
XFP optical modules. Use this command to monitor the condition of the XFP modules.
If you try to execute this command on one of the ports in the port list that is non-compliant with DDMI, the following error message is displayed and the command does not go through:
Port 3:1 This command is not supported on this port. All ports and transceiver of the ports requested in the command need to support DDMI.
If you try to execute this command on one of the ports in the port list on which the transceiver is non-compliant with DDMI, the following error message is displayed:
Port 3:1 This media/transceiver does not support enhanced digital diagnostic monitoring interface (DDMI). All ports and transceiver of the ports requested in the command need to support DDMI.
For more detailed information, use the show port transceiver information detail
command.
Example
The following display shows output for the command show port 1:1-2 transceiver information
:
BD-8810.2 # sh port 1:1-2 transceiver information
258 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Port Temp TxPower RxPower TxBiasCurrent Voltage-Aux1 Voltage-Aux2
(Celcius) (dBm) (dBm) (mA) (Volts) (Volts)
================================================================================
1:1 30.60 -25.20 -18.70 0.40 5.09 5.07
1:2 30.60 -25.20 -18.70 0.40 5.09 N/A
================================================================================
N/A indicates that the parameter is not applicable
to the optics connected to the port
show port transceiver information detail
show port <port-list> transceiver information detail
Description
Displays detailed information about the optical transceiver.
Syntax Description
port-list Specifies the port number(s).
Default
N/A.
Usage Guidelines
Digital Diagnostic Monitoring Interface (DDMI) provides critical system information about 10G
XFP optical modules. Use this command to monitor the condition of the XFP modules.
If you try to execute this command on one of the ports in the port list that is non-compliant with DDMI, the following error message is displayed and the command does not go through:
Port 3:1 This command is not supported on this port. All ports and transceiver of the ports requested in the command need to support DDMI.
If you try to execute this command on one of the ports in the port list on which the transceiver is non-compliant with DDMI, the following error message is displayed:
Port 3:1 This media/transceiver does not support enhanced digital diagnostic monitoring interface (DDMI). All ports and transceiver of the ports requested in the command need to support DDMI.
Example
The following display shows output for the command show port 1:1-2 transceiver information detail
:
BD-8810.2 # sh port 1:1 transceiver information detail
Port : 1:1
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 259
NETGEAR 8800 Chassis Switch CLI Manual
Media Type : XFP_LR
Part Number : 1234567890
Serial Number : A12345B78
Temp (Celsius) : 30.60
Low Warn Threshold : 20.60 High Warn Threshold : 45.60
Low Alarm Threshold : 10.60 High Alarm Threshold : 50.60
Status : Normal
Tx Power (dBm) : -25.20
Low Warn Threshold : -35.20 High Warn Threshold : 15.20
Low Alarm Threshold : -40.20 High Alarm Threshold : 25.20
Status : Normal
Rx Power (dBm) : -18.70
Low Warn Threshold : -35.20 High Warn Threshold : 15.20
Low Alarm Threshold : -40.20 High Alarm Threshold : 25.20
Status : Normal
Tx Bias Current (mA) : 0.40
Low Warn Threshold : -35.20 High Warn Threshold : 15.20
Low Alarm Threshold : -40.20 High Alarm Threshold : 25.20
Status : Normal
Voltage AUX-1 (Volts) : 5.09
Low Warn Threshold : 5.01 High Warn Threshold : 6.30
Low Alarm Threshold : 5.00 High Alarm Threshold : 6.50
Status : Normal
Voltage AUX-2 (Volts) : 5.07
Low Warn Threshold : 5.01 High Warn Threshold : 6.30
Low Alarm Threshold : 5.00 High Alarm Threshold : 6.50
Status : Normal
Port : 1:2
Media Type : XFP_LR
Part Number : 1234567890
Serial Number : A12345B78
Temp (Celsius) : 30.60
Low Warn Threshold : 20.60 High Warn Threshold : 45.60
Low Alarm Threshold : 10.60 High Alarm Threshold : 50.60
Status : Normal
260 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Tx Power (dBm) : -25.20
Low Warn Threshold : -35.20 High Warn Threshold : 15.20
Low Alarm Threshold : -40.20 High Alarm Threshold : 25.20
Status : Normal
Rx Power (dBm) : -18.70
Low Warn Threshold : -35.20 High Warn Threshold : 15.20
Low Alarm Threshold : -40.20 High Alarm Threshold : 25.20
Status : Normal
Tx Bias Current (mA) : 0.40
Low Warn Threshold : -35.20 High Warn Threshold : 15.20
Low Alarm Threshold : -40.20 High Alarm Threshold : 25.20
Status : Normal
Voltage AUX-1 (Volts) : 5.09
Low Warn Threshold : 5.01 High Warn Threshold : 6.30
Low Alarm Threshold : 5.00 High Alarm Threshold : 6.50
Status : Normal
Voltage AUX-2 (Volts) : N/A
Low Warn Threshold : N/A High Warn Threshold : N/A
Low Alarm Threshold : N/A High Alarm Threshold : N/A
Status : N/A
show ports utilization
show ports {mgmt | <port_list> | stack-ports <stacking-port-list>} utilization {bandwidth | bytes | packets}
Description
Displays real-time port utilization information. The total utilization displays as real-time information, constantly refreshing. and the parameter displays show a snapshot of the activity on the port when you issue the command.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 261
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
mgmt port_list stacking-port-list bandwidth bytes packets
Specifies the management port.
Specifies one or more ports or slots and ports.
Specifies one or more stacking slots and ports.
Specifies port utilization as percentage of bandwidth.
Specifies port utilization in bytes per second.
Specifies port utilization in packets per second.
Default
N/A.
Usage Guidelines
The software continuously monitors port utilization and calculates bandwidth as a function of each port’s maximum link capacity.
The total utilization display presents real-time statistics. Use the <spacebar> to toggle the real-time displayed information for packets, bytes, and bandwidth in that order. When you use a parameter (packets, bytes, or bandwidth) with the command, the display for the specified type shows a snapshot per port when you issued the command. When the show ports utilization
command is run with the bandwidth
, bytes
, or packets
options, the command may need to be repeated a few times in order for the NETGEAR 8800 software to gather enough statistics to calculate appropriate values.
If you do not specify a port number or range of ports, port utilization information is displayed for all ports.
This status information may be useful for your technical support representative if you have a network problem.
Example
The following command displays utilization statistics for port 1 on a stand-alone switch: show ports 1 utilization
The following command displays utilization statistics for slot 3, port 1: show ports 3:1 utilization
The following example shows sample output from the show ports utilization packets command:
Link Utilization Averages Mon Oct 6 22:38:25 2008
Port Link Rx Peak Rx Tx Peak Tx
State pkts/sec pkts/sec pkts/sec pkts/sec
================================================================================
1:1 A 47 191 0 0
262 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
1:2 A 0 0 0 0
2:1 R 0 0 0 0
2:2 R 0 0 0 0
3:1 R 0 0 0 0
3:2 R 0 0 0 0
4:1 R 0 0 0 0
4:2 R 0 0 0 0
5:1 R 0 0 0 0
5:2 R 0 0 0 0
6:1 R 0 0 0 0
6:2 R 0 0 0 0
7:1 R 0 0 0 0
7:2 R 0 0 0 0
================================================================================
> indicates Port Display Name truncated past 8 characters
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
Spacebar->toggle screen U->page up D->page down ESC->exit
Note:
Use the <spacebar> to toggle this real-time display for all ports from packets to bytes to bandwidth, in that order.
The following example shows sample output from the show ports utilization bytes command:
Link Utilization Averages Mon Oct 6 22:39:22 2008
Port Link Rx Peak Rx Tx Peak Tx
State bytes/sec bytes/sec bytes/sec bytes/sec
================================================================================
1:1 A 0 0 0 63
1:2 A 0 63 63 63
2:1 R 0 0 0 0
2:2 R 0 0 0 0
3:1 R 0 0 0 0
3:2 R 0 0 0 0
4:1 R 0 0 0 0
4:2 R 0 0 0 0
5:1 R 0 0 0 0
5:2 R 0 0 0 0
6:1 R 0 0 0 0
6:2 R 0 0 0 0
7:1 R 0 0 0 0
7:2 R 0 0 0 0
================================================================================
> indicates Port Display Name truncated past 8 characters
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 263
NETGEAR 8800 Chassis Switch CLI Manual
Spacebar->toggle screen U->page up D->page down ESC->exit
The following example shows sample output of the show ports utilization bandwidth command:
Link Utilization Averages Mon Oct 6 22:39:46 2008
Port Link Link Rx Peak Rx Tx Peak Tx
State Speed % bandwidth % bandwidth % bandwidth % bandwidth
================================================================================
1:1 A 100 0.00 0.03 0.00 0.00
1:2 A 100 0.00 0.00 0.00 0.00
2:1 R 0 0.00 0.00 0.00 0.00
2:2 R 0 0.00 0.00 0.00 0.00
3:1 R 0 0.00 0.00 0.00 0.00
3:2 R 0 0.00 0.00 0.00 0.00
4:1 R 0 0.00 0.00 0.00 0.00
4:2 R 0 0.00 0.00 0.00 0.00
5:1 R 0 0.00 0.00 0.00 0.00
5:2 R 0 0.00 0.00 0.00 0.00
6:1 R 0 0.00 0.00 0.00 0.00
6:2 R 0 0.00 0.00 0.00 0.00
7:1 R 0 0.00 0.00 0.00 0.00
7:2 R 0 0.00 0.00 0.00 0.00
================================================================================
> indicates Port Display Name truncated past 8 characters
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
Spacebar->toggle screen U->page up D->page down ESC->exit
show sharing health-check
show sharing health-check
Description
Displays the configured health check LAGs on a switch.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
Use this command to display the health-check LAGs that have been configured on the switch.
264 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following is sample output from this command:
(debug) BD-8810.1 # show sharing health-check
Member Agg Admin Track Track
Group Port Mbr State IP Addr TCP Port Miss Freq State Dn Up
================================================================================
2:8 2:1* Y En 30.1.1.1 23 3 3 Up 0 1
2:2* Y En 30.1.1.2 23 3 3 Up 0 1
2:3* Y En 30.1.1.3 23 3 3 Up 0 1
2:8* - En 30.1.1.8 80 3 10 Down 0 0
2:11* Y - - - - - - - -
2:12* - En 44.1.3.2 80 3 4 Down 0 0
2:16 - En 30.1.1.16 80 3 10 Dis 0 0
2:20 2:20* Y En 192.1.1.1 80 10 3 Up 0 1
2:21* Y En 192.1.1.2 80 10 3 Up 0 1
================================================================================
Member Port Flags: (*)Active, (!) Disabled
show slot
show slot {<slot> {detail} | detail }
Description
Displays the slot-specific information.
Syntax Description
slot detail
Specifies a slot on the switch.
Specifies detailed port information.
Default
N/A.
Usage Guidelines
command displays the following information:
•
The slot number
•
The type of module installed in the slot
•
The type of module configured for the slot
•
The state of the module, whether the power is down, if the module is operational, if a diagnostic being run, if there is a mismatch between the slot configuration and the module in the slot
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 265
NETGEAR 8800 Chassis Switch CLI Manual
•
The number of ports on the module
•
The current number of times the module has been restarted after a failure and the configured restart-limit.
Note:
You may see slightly different information displayed depending on the platform and configuration you are using.
If you do not specify a slot number, information for all slots is displayed.
The display also includes a notice of insufficient power, should that arise.
command displays the following states, among others:
•
Empty (This is also displayed if you have a module in the chassis that is unsupported by the current software you are running.)
•
Down
•
Power ON
•
Powered OFF
•
Booting
•
Initializing
•
VLAN sync
•
FDB sync
•
ACL sync
•
RT sync
•
Operational
The following example displays module information for all slots:
Slots Type Configured State Ports Flags
-------------------------------------------------------------------------------
Slot-1 Empty 0
Slot-2 XCM8824F XCM8824F Operational 24 M S
Slot-3 Empty 0
Slot-4 Empty 0
Slot-5 XCM8808X XCM8808X Operational 8 M S
Slot-6 Empty 0
Slot-7 XCM8848T Empty 48
Slot-8 XCM8848T Operational 48 M S
Slot-9 XCM8808X XCM8808X Powered OFF 8 SI
Slot-10 Empty 0
MSM-A XCM88S1 Operational 0 S
MSM-B Empty 0
Flags : M - Backplane link to Master MSM is Active
266 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
NETGEAR 8800 Chassis Switch CLI Manual
B - Backplane link to Backup MSM is also Active
D - Slot Disabled, S - Slot Secured
I - Insufficient Power (refer to "show power budget")
The following example displays module information for a specified slot on a NETGEAR 8810 switch:
XCM8810.3 # show slot 2
Slot-2 information:
State: Operational
Download %: 100
Flags: MB
Restart count: 0 (limit 5)
Serial number: 800114-00-04 04364-00013
Hw Module Type: xcm8848T
SW Version: 12.1.0.56
SW Build: v1210b56
Configured Type: G48P
Ports available: 48
Recovery Mode: Reset
Flags : M - Backplane link to Master is Active
B - Backplane link to Backup is also Active
D - Slot Disabled, S - Slot Secured
I - Insufficient Power (refer to "show power budget")
unconfigure ports display string
unconfigure ports <port_list> display-string
Description
Clears the user-defined display string from one or more ports.
Syntax Description
port_list Specifies one or more ports or slots and ports.
Default
N/A.
Usage Guidelines
This command removes the display string that you configured using the
configure ports display-string
command.
Chapter 5. Commands for Configuring Slots and Ports on a Switch | 267
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command clears the user-defined display string from slot 2, port 4: unconfigure ports 2:4 display-string
unconfigure ports redundant
unconfigure ports <port_list> redundant
Description
Clears a previously configured software-controlled redundant port.
Syntax Description
port_list This refers to the primary port of the redundant pair and specifies one or more ports or slots and ports.
Default
N/A.
Usage Guidelines
The list of port numbers or the port display string specifies the primary port(s).
Example
The following command unconfigures a software-controlled redundant port: unconfigure ports 2:3 redundant
268 | Chapter 5. Commands for Configuring Slots and Ports on a Switch
6.
Commands for Configuring LLDP
6
This chapter describes commands for doing the following:
•
Configuring LLDP
•
Managing LLDP
•
Displaying LLDP information
For an introduction to LLDP, see the NETGEAR 8800 User Manual.
configure lldp med fast-start repeat-count
configure lldp med fast-start repeat-count <count>
Description
The fast-start feature is automatically enabled when you enable the LLDP MED capabilities
TLV. This command configures how many times, from 1 to 10, the switch sends out an LLDP
MED packet with an interval of 1 second.
Syntax Description
count Specifies the number of times the switch transmits LLDP MED TLVs each second
(once it detects a neighbor transmitting LLDP MED TLVs). The range is 1 to 10.
Default
3.
Usage Guidelines
When the switch detects a MED-capable device, this count determines how many times the switch sends a LLDP MED TLVs with an interval of 1 second. The fast-start feature enables the MED-capable device to quickly learn information; this command changes the value from the default 3. The fast-start feature is automatically enabled when you enable the LLDP MED capabilities TLV.
Chapter 6. Commands for Configuring LLDP | 269
NETGEAR 8800 Chassis Switch CLI Manual
Note:
After you configure the LLDP MED capability TLV, the fast-start feature automatically runs. To configure the LLDP MED capability
TLV, use the
configure lldp ports [all | <port_list>]
[advertise | no-advertise] vendor-specific med capabilities
command.
Example
The following command configures fast learning on the switch to a value of 2: configure lldp med fast-start repeat-count 2
configure lldp ports management-address
configure lldp ports [all | <port_list>] [advertise | no-advertise] management-address
Description
Configures the LLDP port to advertise or not to advertise management address information to its neighbors.
Syntax Description
all port_list advertise no-advertise
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Default
No advertise.
Usage Guidelines
You can add only one management address TLV per LLDPDU and the information must be the IP address configured on the management VLAN. If no IP address is assigned to the management VLAN, the system sends the system MAC address. LLDP does not send out
IPv6 addresses in this field.
Example
The following command advertises the management address information for port 1:5: configure lldp ports 1:5 advertise management-address
270 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
configure lldp ports port-description
configure lldp ports [all | <port_list>] [advertise | no-advertise] port-description
Description
Configures the LLDP port to advertise or not advertise port description information to its neighbors.
Syntax Description
all port_list advertise no-advertise
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Default
No advertise.
Usage Guidelines
N/A.
Example
The following command configures port 1:7 to not advertise the port description information to neighbors: configure lldp ports 1:7 no-advertise port-description
configure lldp ports system-capabilities
configure lldp ports [all | <port_list>] [advertise | no-advertise] system-capabilities
Description
Configures the LLDP port to advertise or not to advertise its system capabilities to its neighbors.
Syntax Description
all port_list advertise no-advertise
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Chapter 6. Commands for Configuring LLDP | 271
NETGEAR 8800 Chassis Switch CLI Manual
Default
No advertise.
Usage Guidelines
When at least one VLAN exists with more than two ports, bridging is sent to enabled.
When at least one VLAN on the switch has IP forwarding enabled, the system automatically sets the router bit.
Example
The following command configures all ports to advertise system capability information to neighbors: configure lldp ports all advertise system-capabilities
configure lldp ports system-description
configure lldp ports [all | <port_list>] [advertise | no-advertise] system-description
Description
Configures the LLDP port to advertise or not to advertise its system description to its neighbors.
Syntax Description
all port_list advertise no-advertise
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Default
Advertise.
Usage Guidelines
Although not mandatory according to the standard, this TLV is included in the LLDPU by default when you enable LLDP.
When enabled, the system sends the following image (from the show version command) in the system description TLV:
NETGEAR 8800 version 11.2.0.12 v1120b12 by release-manager on Fri Mar 18 16:01:08 PST 2005
272 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command configures port 1:4 through port 1:8 to not advertise the system description information to neighbors: configure lldp ports 1:4 - 1:8 no-advertise system-description
configure lldp ports system-name
configure lldp ports [all | <port_list>] [advertise | no-advertise] system-name
Description
Configures the LLDP port to advertise or not to advertise its system name to its neighbors.
Syntax Description
all port_list advertise no-advertise
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Default
No advertise.
Usage Guidelines
N/A.
Example
The following command configures port 1:6 to advertise the system name to neighbors: configure lldp ports 1:4 - 1:8 advertise system-name
configure lldp ports vendor-specific dot1 port-vlan-ID
configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot1 port-vlan-ID
Description
Configures the LLDP port to advertise or not advertise port vlan ID information to its neighbors. This allows a VLAN bridge port to advertise the port VLAN identifier that is associated with untagged or priority-tagged frames.
Chapter 6. Commands for Configuring LLDP | 273
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
all port_list advertise no-advertise
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Default
No advertise.
Usage Guidelines
The port VLAN ID TLV allows the port to transmit the VLAN ID associated with untagged
VLANs. There can be only one port VLAN ID in each LLPDU.
If no untagged VLANs are configured on the specified port, the TLV is not added to the
LLPDU, even if you configured this to advertise.
Example
The following command configures all ports to advertise port vlan ID information to neighbors: configure lldp ports all advertise vendor-specific dot1 port-vlan-ID
configure lldp ports vendor-specific dot1 port-protocol-vlan-ID
configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot1 port-protocol-vlan-ID {vlan [all | <vlan_name>]}
Description
Configures the LLDP port to advertise or not advertise port VLAN information to its neighbors.
Syntax Description
all port_list advertise no-advertise all vlan_name
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Specifies all VLANs on the port.
Specifies the VLAN on the port that you want to advertise.
274 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
Default
No advertise.
Usage Guidelines
When configured to advertise, the switch inserts a port and protocol VLAN ID TLV for each
VLAN configured on the ports. The port and protocol VLAN ID TLV allows the port to advertise if it supports protocol and/or tagged VLANs, along with the associated tagged values. A separate TLV is sent for each VLAN that you want to advertise.
By default, once you configure this TLV, the system sends all protocol-based VLANs on the port. However, the LLDPDU cannot exceed 1500 bytes, so you should configure the port to advertise only the specified VLANs.
Note:
The total LLPDU size is 1500 bytes; any TLVs after that limit are dropped.
This TLV does not send information on the type of protocol that the VLAN has enabled; it just says whether the port is enabled or disabled for protocol-based VLANs. As NETGEAR devices are always capable of supporting protocol-based VLANs, once you configure this
TLV, the system always advertises support these VLANs.
Example
The following command configures all ports to advertise port and protocol VLAN information to neighbors for all VLANs on all ports: configure lldp ports all advertise vendor-specific dot1 port-protocol-vlan-id
configure lldp ports vendor-specific dot1 vlan-name
configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot1 vlan-name {vlan [all | <vlan_name>]}
Description
Configures the LLDP port to advertise or not advertise VLAN name information to its neighbors. Use this TLV to advertise information for the tagged VLANs you want to specify on the port. This allows an IEEE 802.1Q-compatible 802 LAN station to advertise the assigned name of any VLAN with which it is configured.
Syntax Description
all port_list advertise
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Chapter 6. Commands for Configuring LLDP | 275
NETGEAR 8800 Chassis Switch CLI Manual
no-advertise vlan vlan_name
Specifies not to send the information to neighbors.
Specifies all VLANs on the port.
Specifies the VLAN on the port that you want to advertise.
Default
No advertise.
Usage Guidelines
The VLAN name TLV sends the VLAN name and the tag used; it associates a name to a tag for the specified VLAN. This allows an IEEE 802.1Q-compatible 802 LAN station to advertise the assigned name of any VLAN with which it is configured.
You can enable this TLV for tagged and untagged VLANs. When you enable this TLV for tagged VLANs, the TLV advertises the IEEE 802.1Q tag for that VLAN. (For untagged
VLANs, the internal tag is advertised.) You can specify exactly which VLANs to advertise.
When configured to advertise, the switch inserts a VLAN name TLV for every VLAN configured on the ports. By default, once you configure this TLV, the system sends all VLAN names on the port. However, each VLAN name can require up to 32 bytes and the LLDPDU cannot exceed 1500 bytes, so you should configure the port to advertise only the specified
VLANs, using the keyword vlan_name
.
Note:
The total LLPDU size is 1500 bytes; any TLVs after that limit are dropped.
Example
The following command configures all ports to not advertise VLAN name information to neighbors: configure lldp ports all no-advertise vendor-specific dot1 vlan-name
configure lldp ports vendor-specific dot3 link-aggregation
configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot3 link-aggregation
Description
Configures the LLDP port to advertise or not advertise link-aggregation capabilities to its neighbors.
276 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
all port_list advertise no-advertise
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Default
No advertise.
Usage Guidelines
When configured, this TLV is added to each LLDP port LLDPDU indicating the link-aggregation capabilities, status, and value of the master port of the load-sharing group.
Example
The following command configures port 1:12 to not advertise link-aggregation capabilities to neighbors: configure lldp ports 1:12 no-advertise vendor-specific dot3 link-aggregation
configure lldp ports vendor-specific dot3 mac-phy
configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot3 mac-phy
Description
Configures the LLDP port to advertise or not advertise MAC and physical layer capabilities to its neighbors. The capabilities include duplex and bit rate.
Syntax Description
all port_list advertise no-advertise
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Default
No advertise.
Chapter 6. Commands for Configuring LLDP | 277
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
When configured, the system add information about the speed capabilities, as well as autonegotiation support and status, of the LLDP port.
Example
The following command configures all ports to advertise MAC/PHY capabilities to neighbors: configure lldp ports all advertise vendor-specific dot3 mac-phy
configure lldp ports vendor-specific dot3 max-frame-size
configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot3 max-frame-size
Description
Configures the LLDP port to advertise or not advertise its maximum frame size to its neighbors.
Syntax Description
all port_list advertise no-advertise
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Default
No advertise.
Usage Guidelines
When jumbo frames are not enabled on the specified port, the TLV reports a value of 1518 once you configure it to advertise. If jumbo frames are enabled, the TLV inserts the configured value for the jumbo frames.
Example
The following command configures ports 1:12 and 1:13 to advertise the maximum frame size to neighbors: configure lldp ports 1:12 - 1:13 advertise vendor-specific dot3 max-frame-size
configure lldp ports vendor-specific dot3 power-via-mdi
configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific dot3 power-via-mdi
278 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
Description
Configures the LLDP port to advertise or not advertise Power over Ethernet (PoE) capabilities to its neighbors.
Syntax Description
all port_list advertise no-advertise
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Default
No advertise.
Usage Guidelines
When configured, the system includes this TLV. NETGEAR recommends enabling this TLV only on PoE-capable ports.
The following information is transmitted for LLDP ports with this TLV:
•
Support PoE or not
•
Port class
•
Power sourcing equipment (PSE)
•
Powered device (PD)
•
Power pairs used to supply power
•
Signal
•
Spare
•
Power status
•
Support pairs control or not
•
Power class
•
Class0
•
Class1
•
Class2
•
Class2
•
Class3
•
Class4
Chapter 6. Commands for Configuring LLDP | 279
NETGEAR 8800 Chassis Switch CLI Manual
Note:
For more information on advertising power support, see the
configure lldp ports vendor-specific med power-via-mdi
command.
Example
The following command configures all ports to advertise power capabilities to neighbors: configure lldp ports all advertise vendor-specific dot3 power-via-mdi
configure lldp ports vendor-specific med capabilities
configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific med capabilities
Description
Configures the LLDP port to advertise or not advertise MED capabilities. This TLV must be enabled before any of the other MED TLVs can be enabled. Also, this TLV must be set to no-advertise after all other MED TLVs are set to no-advertise.
Syntax Description
all port_list advertise no-advertise
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Default
No advertise.
Usage Guidelines
This command enables the LLDP media endpoint discovery (MED) capabilities TLV, which allows LLDP-MED network connectivity devices to definitively determine that particular endpoints support LLDP MED, and if so, to discover which LLDP MED TLVs the particular endpoint devices are capable of supporting and to which specific device class the device belongs to.
This TLV must be enabled before any of the other MED TLVs can be enabled; and this TLV must be set to no-advertise after all other MED TLVs are set to no-advertise.
As with all the LLDP MED TLVs, the switch sends this TLV only after it detects a
MED-capable device on the port. The switch does not automatically send this TLV after it is enabled; the switch must first detect a MED-capable device on the port.
280 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
Note:
Network connectivity devices wait to detect LLDP MED TLVs from endpoints before they send out LLDP MED TLVs; so L2 network connectivity devices do not exchange LLDP MED messages.
The following information is included in the LLDP MED capabilities TLV when it is transmitted:
•
The supported LLDP MED TLVs—For NETGEAR 8800 devices, these are capabilities, network policy, location, and extended power (extended power only advertised only on
PoE-capable ports).
•
The MED device type—For NETGEAR 8800 devices, this is advertised as a network connectivity device (set to 4).
Example
The following command configures all ports to advertise MED capabilities to neighbors: configure lldp ports all advertise vendor-specific med capabilities
configure lldp ports vendor-specific med location-identification
configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific med location-identification [coordinate-based <hex_value> | civic-based <hex_value> | ecs-elin
<elin>]
Description
Configures the LLDP port to advertise or not advertise MED location information. You configure up to 3 different location identifiers.
Syntax Description
all port_list advertise advertise coordinate-based hex_value civic-based
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies to send the information to neighbors.
Specifies using the coordinate-based location identifier. This value is exactly
16 bytes long; see RFC 3825 for details.
Enter a hexadecimal value with each byte separated by a colon. Or, you can obtain this value from a network management application.
Note:
This parameter is not used when the no-advertise parameter is configured.
Specifies using the civic-based location identifier. This value must have a minimum length of 6 bytes; see RFC3825 for details.
Chapter 6. Commands for Configuring LLDP | 281
NETGEAR 8800 Chassis Switch CLI Manual
ecs-elin elin
Specifies using the ecs location identifier. (Emergency Call Service, as defined in the TIA-TSB-146.)
Enter a numerical string; the range is 10 to 25 characters. Or, you can obtain this value from a network management application. (See the TIA-TSB-146 standard for a definition of these numbers; also, the network management application must be able to handle the LLDP MED MIB.)
Note:
This parameter is not used when the no-advertise parameter is configured.
Default
No advertise.
Usage Guidelines
You might need to use a specific format for your specific VoIP implementation; see the VoIP manufacturer’s manual for details.
You must configure the LLDP MED capabilities TLV before configuring this TLV. Configure the LLDP MED capabilities TLV using the
configure lldp ports [all | <port_list>]
[advertise | no-advertise] vendor-specific med capabilities
As with all the LLDP MED TLVs, the switch sends this TLV only after it detects a
MED-capable device on the port. The switch does not automatically send this TLV after it is enabled; the switch must first detect a MED-capable device on the port.
Example
The following command configures all ports to advertise MED location information to neighbors using the ECS format: configure lldp ports all advertise vendor-specific med location-identification ecs-elin
423233455676
configure lldp ports vendor-specific med policy application
configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific med policy application [voice | voice-signaling |guest-voice | guest-voice-signaling | softphone-voice | video-conferencing | streaming-video | video-signaling] vlan <vlan_name> dscp <dscp_value>
{priority-tagged}
Description
Configures the LLDP port to advertise or not advertise MED network policy TLVs. This TLV advertises VLAN configuration and associated Layer 2 and Layer 3 attributes that apply for a set of specific applications on that port. You can advertise up to 8 TLVs, each for a specific application, per port/VLAN. Each application type can exist only once per port. This TLV tells the endpoint the specific VLAN to use for the specific application, along with its unique priority.
282 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
all port_list advertise no-advertise advertise voice voice-signaling
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Specifies to send the information to neighbors.
Specifies voice application on specified port/VLAN(s).
Specifies voice signaling application on specified port/VLAN(s).
guest-voice Specifies guest voice application on specified port/VLAN(s).
guest-voice-signaling Specifies guest voice signaling application on specified port/VLAN(s).
softphone-voice video-conferencing
Specifies soft phone voice application on specified port/VLAN(s).
Specifies videoconferencing application on specified port/VLAN(s).
streaming-video video-signaling vlan_name
Specifies streaming video application on specified port/VLAN(s).
Specifies video signaling application on specified port/VLAN(s).
Specifies the VLAN the specified application is using.
dscp_value priority-tagged
Note:
This parameter does not apply when the no-advertise parameter is configured.
Specifies the DSCP value for the specified application. This is a 6-bit value from 0 to 63.
Note:
This parameter does not apply when the no-advertise parameter is configured.
Use this if you want priority tagging, and the VLAN is configured as untagged on the port. (The endpoint sends out frames for the specified application with a tag of 0.)
Note:
This parameter does not apply when the no-advertise parameter is configured.
Default
No advertise.
Usage Guidelines
This command enables the LLDP MED network policy TLV, which allows network connectivity devices and endpoint devices to advertise VLAN configuration and associated
Layer 2 and Layer 3 attributes that apply for a set of specific application on that port. This
TLV can be enabled on a per port/VLAN basis. Each application type can exist only once on a port.
You can enable the transmission of a TLV policy for each application. A maximum of 8 TLVs can be enabled, and each can have a unique DSCP value and/or priority tagging.
Chapter 6. Commands for Configuring LLDP | 283
NETGEAR 8800 Chassis Switch CLI Manual
You must configure the LLDP MED capabilities TLV before configuring this TLV. Configure the LLDP MED capabilities TLV using the
configure lldp ports [all | <port_list>]
[advertise | no-advertise] vendor-specific med capabilities
As with all the LLDP MED TLVs, the switch sends this TLV only after it detects a
MED-capable device on the port. The switch does not automatically send this TLV after it is enabled; the switch must first detect a MED-capable device on the port.
The following information is transmitted for LLDP ports with this TLV:
•
Application type
Used as configured.
•
Unknown policy flag
Set to 0.
•
Tagged flag
Set to tagged for tagged VLANs; set to untagged for untagged VLANs. By default, set to 0.
•
VLAN ID
Copied from the VLAN. However, if you configure the priority-tagged parameter, this value is set to 0.
•
Layer 2 priority
Copied from the VLAN priority.
•
DSCP value
Uses the value configured in the dscp
parameter.
Note:
See the documentation provided by the manufacturer of connected devices regarding values.
Example
The following command configures all ports to advertise videoconferencing on the VLAN video with a DSCP of 7 to neighbors: configure lldp ports all advertise vendor-specific med policy application video-conferencing vlan video dscp 7
configure lldp ports vendor-specific med power-via-mdi
configure lldp ports [all | <port_list>] [advertise | no-advertise] vendor-specific med power-via-mdi
284 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
Description
Configures the LLDP port to advertise or not advertise MED power requirement details. This
TLV can only be enabled on a PoE-capable port and is used for advanced power management between the MED network connectivity and endpoint devices.
Syntax Description
all port_list advertise no-advertise
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies to send the information to neighbors.
Specifies not to send the information to neighbors.
Default
No advertise.
Usage Guidelines
When enabled, this LLDP MED TLV advertises fine-grained power requirement details about
PoE settings and support. This TLV can be enabled only on a PoE-capable port; the switch returns an error message if this TLV is configured for a non-PoE-capable port.
You must configure the LLDP MED capabilities TLV before configuring this TLV. Configure
the LLDP MED capabilities TLV using the configure lldp ports [all | <port_list>]
[advertise | no-advertise] vendor-specific med capabilities
command.
As with all the LLDP MED TLVs, the switch sends this TLV only after it detects a
MED-capable device on the port. The switch does not automatically send this TLV after it is enabled; the switch must first detect a MED-capable device on the port.
Note:
The following information is transmitted for LLDP MED PoE-capable ports with this TLV:
•
Power type
Set to PSE.
•
Power source
Set to primary power source.
•
Power priority
Taken from PoE port configuration.
•
Power value
Chapter 6. Commands for Configuring LLDP | 285
NETGEAR 8800 Chassis Switch CLI Manual
Taken from PoE port configuration.
Example
The following command configures all ports to advertise MED power information to neighbors: configure lldp ports all advertise vendor-specific med power-via-mdi
configure lldp reinitialize-delay
configure lldp reinitialize-delay <seconds>
Description
Configures the delay before the receive state machine is reinstalled once the LLDP transmit mode has been disabled.
Syntax Description
seconds Specifies the delay that applies to the reinitialization attempt. The range is 1 to 10 seconds.
Default
2 seconds.
Usage Guidelines
N/A.
Example
The following command configures a reinitialization delay of 10 seconds: configure lldp reinitialize-delay 10
configure lldp snmp-notification-interval
configure lldp snmp-notification-interval <seconds>
Description
Configures the allowed interval at which Simple Network Management Protocol (SNMP) notifications are sent.
Syntax Description
seconds Specifies the interval at which LLDP SNMP notifications are sent. The range is 5 to 3600 seconds.
286 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
Default
5 seconds.
Usage Guidelines
This is a global timer. If one port sends a notification, no notifications for other ports go out for the configured interval.
Example
The following command configures an interval of 60 seconds for LLDP SNMP notifications: configure lldp snmp-notification-interval 60
configure lldp transmit-delay
configure lldp transmit-delay [ auto | <seconds>]
Description
Configures the delay time between successive frame transmissions initiated by a value change or status change in any of the LLDP local systems Management Information Base
(MIB). The auto
option uses a formula (0.25 * transmit-interval) to calculate the number of seconds.
Syntax Description
auto seconds
Uses the formula (0.25 * transmit-interval) to calculate the seconds.
Specifies the interval at which LLDP notifications are sent. The range is 1 to
8291.
Default
2 seconds.
Usage Guidelines
This is the timer between triggered updates.
Example
The following command configures the delay between LLDP frame transmissions for triggered updates to be automatically calculated: configure lldp transmit-delay auto
configure lldp transmit-hold
configure lldp transmit-hold <hold>
Chapter 6. Commands for Configuring LLDP | 287
NETGEAR 8800 Chassis Switch CLI Manual
Description
Calculates the actual time-to-live (TTL) value used in the LLDPDU messages. The formula is transmit-interval * transmit-hold
; by default the TTL value is (30*4) 120 seconds.
Syntax Description
hold Used to calculate the TTL value; the range is 2 to 10.
Default
4.
Usage Guidelines
N/A.
Example
The following command configures the transmit-hold value (which is used to calculate the
TTL of the LLDP packets) to 5: configure lldp transmit-hold 5
configure lldp transmit-interval
configure lldp transmit-interval <seconds>
Description
Configures the periodic transmittal interval for LLDPDUs.
Syntax Description
seconds Specifies the time between LLDPDU transmissions. The range is 5 to 32768.
Default
30 seconds.
Usage Guidelines
N/A.
Example
The following command configures a transmittal interval of 20 seconds for LLDPDUs.
configure lldp transmit-interval 20
288 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
disable lldp ports
disable lldp ports [all | <port_list>] {receive-only | transmit-only}
Description
Disables LLDP transmit mode, receive mode, or transmit and receive mode on the specified port or ports.
Syntax Description
all port_list receive-only transmit-only
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies that only the receive mode for LLDP is disabled.
Specifies that only the transmit mode for LLDP is disabled.
Default
Disabled.
Usage Guidelines
If you do not specify an option, both LLDP modes (transmit and receive) are disabled.
Example
The following example disables the LLDP receive mode on ports 1:2 to 1:6.
disable lldp ports 1:2-1:6 receive-only
disable snmp traps lldp
disable snmp traps lldp {ports [all | <port_list>]}
Description
Disables the sending of LLDP-specific SNMP traps on the specified port or ports.
Syntax Description
all port_list
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Default
Disabled.
Chapter 6. Commands for Configuring LLDP | 289
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
If you do not specify any ports, the system stops sending LLDP traps from all ports on the switch.
Example
The following example disables sending LLDP SNMP traps on all switch ports: disable snmp traps lldp ports all
disable snmp traps lldp-med
disable snmp traps lldp-med {ports [all | <port_list>]}
Description
Disables the sending of LLDP MED-specific SNMP traps on the specified port or ports.
Syntax Description
all port_list
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Default
Disabled.
Usage Guidelines
If you do not specify any ports, the system stops sending LLDP MED traps from all ports on the switch.
Example
The following example disables sending LLDP MED SNMP traps on all switch ports: disable snmp traps lldp-med ports all
enable lldp ports
enable lldp ports [all | <port_list>] {receive-only | transmit-only}
Description
Enables LLDP transmit mode, receive mode, or transmit and receive mode. If the transmit-only or receive-only option is not specified, both transmit and receive modes are enabled.
290 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
all port_list receive-only transmit-only
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Specifies that the port only receives LLDP messages.
Specifies that the port only transmits LLDP messages.
Default
Disabled.
Usage Guidelines
If you do not specify an option, the port is enabled to both transmit and receive LLDP messages.
Once the port is enabled for LLDP in one mode and you issue another
command for another mode, that second mode replaces the original mode. For example, you might originally enable several ports to only receive LLDP messages and then want those
ports to both receive and transmit LLDP messages. In that case, you issue the enable lldp ports
command with no variables (and the receive-and-transmit mode replaces the
receive-only mode).
To verify the port setting for LLDP, use the show lldp {port [all | <port_list>]}
Example
The following example enables LLDP transmit and receive mode on port 1:4.
enable lldp port 1:4
enable snmp traps lldp
enable snmp traps lldp {ports [all | <port_list>]}
Description
Enables the transmission of LLDP SNMP trap notifications.
Syntax Description
all port_list
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Chapter 6. Commands for Configuring LLDP | 291
NETGEAR 8800 Chassis Switch CLI Manual
Default
Disabled.
Usage Guidelines
Note:
To enable SNMP traps for LLDP MED TLVs, you must issue a separate command; use the
enable snmp traps lldp-med {ports
.
If you do not specify any ports, the system sends LLDP traps for all ports.
Example
The following command enables LLDP SNMP traps for all ports: enable snmp traps lldp ports all
enable snmp traps lldp-med
enable snmp traps lldp-med {ports [all | <port_list>]}
Description
Enables the transmission of LLDP SNMP trap notifications related to LLDP MED extension
TLVs.
Syntax Description
all port_list
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Default
Disabled.
Usage Guidelines
If you do not specify any ports, the system sends LLDP-MED traps for all ports.
Example
The following command enables LLDP-MED SNMP traps for all ports: enable snmp traps lldp-med ports all
292 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
show lldp
show lldp {port [all | <port_list>]} {detailed}
Description
Displays LLDP configuration information for the specified port or ports. Use the detailed keyword to display the configured VLANs on the port and the enabled VLAN-specific TLVs.
Syntax Description
all port_list detailed
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Shows information on the configured VLANs on the port.
Default
N/A.
Usage Guidelines
Use the detailed variable to display information regarding configured VLANs on the ports and any enabled VLAN-specific TLVs.
Example
The following example displays LLDP configuration information for the switch:
# show lldp
LLDP transmit interval : 30 seconds
LLDP transmit hold multiplier : 4 (used TTL = 120 seconds)
LLDP transmit delay : 2 seconds
LLDP SNMP notification interval : 5 seconds
LLDP reinitialize delay : 2 seconds
LLDP-MED fast start repeat count : 4
LLDP Port Configuration:
Port Rx Tx SNMP Optional enabled transmit TLVs
Mode Mode Notification LLDP 802.1 802.3 MED AvEx
============================================================================
1:1 Enabled Enabled -- --D-- --- ---- CLP- ----
1:2 Enabled Enabled L- --D-- --- ---- C-P- ----
7:1 Enabled Enabled LM --D-- --- ---- CLP- ----
============================================================================
Notification: (L) lldpRemTablesChange, (M) lldpXMedTopologyChangeDetected
Chapter 6. Commands for Configuring LLDP | 293
NETGEAR 8800 Chassis Switch CLI Manual
LLDP Flags : (P) Port Description, (N) System Name, (D) System Description
(C) System Capabilities, (M) Mgmt Address
802.1 Flags : (P) Port VLAN ID, (p) Port & Protocol VLAN ID, (N) VLAN Name
802.3 Flags : (M) MAC/PHY Configuration/Status, (P) Power via MDI
(L) Link Aggregation, (F) Frame Size
MED Flags : (C) MED Capabilities, (P) Network Policy,
(L) Location Identification, (p) Extended Power-via-MDI
AvEx Flags : (P) PoE Conservation Request, (C) Call Server, (F) File Server
(Q) 802.1Q Framing
The following example includes detailed information on the LLDP configuration for port 1:1:
# show lldp port 1:1 detailed
LLDP transmit interval : 30 seconds
LLDP transmit hold multiplier : 4 (used TTL = 120 seconds)
LLDP transmit delay : 2 seconds
LLDP SNMP notification interval : 5 seconds
LLDP reinitialize delay : 2 seconds
LLDP-MED fast start repeat count : 4
LLDP Port Configuration:
Port Rx Tx SNMP Optional enabled transmit TLVs
Mode Mode Notification LLDP 802.1 802.3 MED AvEx
============================================================================
1:1 Enabled Enabled -- --D-- --- ---- CLP- ----
VLAN: Default ----- --- ---- ---- ----
VLAN: voice ----- --- ---- ---- ----
AvEx Call-Server: IP Address(es)=10.0.0.20, 10.0.0.21
AvEx File-Server: IP Address(es)=10.0.0.20, 10.0.0.21, 10.0.0.22
AvEx 802.1Q Framing: Mode=tagged
MED LCI: Location Format=ECS ELIN based
1234567890
MED Policy: Application=voice
VLAN=voice, DSCP=40
============================================================================
Notification: (L) lldpRemTablesChange, (M) lldpXMedTopologyChangeDetected
LLDP Flags : (P) Port Description, (N) System Name, (D) System Description
(C) System Capabilities, (M) Mgmt Address
802.1 Flags : (P) Port VLAN ID, (p) Port & Protocol VLAN ID, (N) VLAN Name
802.3 Flags : (M) MAC/PHY Configuration/Status, (P) Power via MDI
(L) Link Aggregation, (F) Frame Size
MED Flags : (C) MED Capabilities, (P) Network Policy,
(L) Location Identification, (p) Extended Power-via-MDI
AvEx Flags : (P) PoE Conservation Request, (C) Call Server, (F) File Server
294 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
(Q) 802.1Q Framing
show lldp neighbors
show lldp {port [all | <port_list>]} neighbors {detailed}
Description
Displays the information related to the LLDP neighbors detected on the specified port or ports.
Syntax Description
all port_list detailed
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Shows detailed information on the neighbors.
Default
N/A.
Usage Guidelines
You must use the detailed
parameter to display detailed information about the received
LLDP TLVs.
Example
The following example displays LLDP neighbor information for all switch ports:
# show lldp port all neighbors
Port Neighbor Chassis ID Neighbor Port ID TTL Age
=============================================================================
1:2 00:04:96:26:A4:70 1:1 120 7
2:6 (5.1)10.201.41.146 00:04:0D:EC:EA:5C 120 3
2:7 (5.1)10.201.41.147 00:04:0D:ED:41:9B 120 3
2:10 00:01:30:F9:9E:80 8:10 120 15
=============================================================================
NOTE: The Chassis ID and/or Port ID might be truncated to fit the screen.
The following command lists detailed LLDP neighbor information for all switch ports:
# show lldp all neighbors detailed
-----------------------------------------------------------------------------
LLDP Port 1:2 detected 1 neighbor
Neighbor: 00:04:96:26:A4:70/1:1, age 12 seconds
- Chassis ID type: MAC address (4)
Chapter 6. Commands for Configuring LLDP | 295
NETGEAR 8800 Chassis Switch CLI Manual
Chassis ID : 00:04:96:26:A4:70
- Port ID type: ifName (5)
Port ID : "1:1"
- Time To Live: 120 seconds
- System Description: "NETGEAR 8800 version 12.0.0.6 v1200b6 by release-ma\
nager on Mon Mar 19 00:37:59 PDT 2007"
-----------------------------------------------------------------------------
LLDP Port 2:6 detected 1 neighbor
Neighbor: (5.1)10.201.41.146/00:04:0D:EC:EA:5C, age 8 seconds
- Chassis ID type: Network address (5); Address type: IPv4 (1)
Chassis ID : 10.201.41.146
- Port ID type: MAC address (3)
Port ID : 00:04:0D:EC:EA:5C
- Time To Live: 120 seconds
- System Name: "AVAECEA5C"
- System Capabilities : "Bridge, Telephone"
Enabled Capabilities: "Bridge, Telephone"
- Management Address Subtype: IPv4 (1)
Management Address : 10.201.41.146
Interface Number Subtype : System Port Number (3)
Interface Number : 1
Object ID String : "1.3.6.1.4.1.6889.1.69.2.3"
- IEEE802.3 MAC/PHY Configuration/Status
Auto-negotiation : Supported, Enabled (0x03)
Operational MAU Type : 100BaseTXFD (16)
- MED Capabilities: "MED Capabilities, Network Policy, Inventory"
MED Device Type : Endpoint Class III (3)
- MED Network Policy
Application Type : Voice (1)
Policy Flags : Known Policy, Tagged (0x1)
VLAN ID : 0
L2 Priority : 6
DSCP Value : 46
- MED Hardware Revision: "9650D01A"
- MED Firmware Revision: "hb96xxua1_20r30s.bin"
- MED Software Revision: "ha96xxua1_20r30s.bin"
- MED Serial Number: "06N537900335"
- MED Manufacturer Name: "Avaya"
- MED Model Name: "9650"
-----------------------------------------------------------------------------
LLDP Port 2:7 detected 1 neighbor
Neighbor: (5.1)10.201.41.147/00:04:0D:ED:41:9B, age 8 seconds
- Chassis ID type: Network address (5); Address type: IPv4 (1)
Chassis ID : 10.201.41.147
- Port ID type: MAC address (3)
Port ID : 00:04:0D:ED:41:9B
296 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
- Time To Live: 120 seconds
- System Name: "AVAED419B"
- System Capabilities : "Telephone"
Enabled Capabilities: "Telephone"
- Management Address Subtype: IPv4 (1)
Management Address : 10.201.41.147
Interface Number Subtype : System Port Number (3)
Interface Number : 1
Object ID String : "1.3.6.1.4.1.6889.1.69.2.5"
- IEEE802.3 MAC/PHY Configuration/Status
Auto-negotiation : Supported, Enabled (0x03)
Operational MAU Type : 100BaseTXFD (16)
- MED Capabilities: "MED Capabilities, Network Policy, Inventory"
MED Device Type : Endpoint Class III (3)
- MED Network Policy
Application Type : Voice (1)
Policy Flags : Known Policy, Tagged (0x1)
VLAN ID : 0
L2 Priority : 6
DSCP Value : 46
- MED Hardware Revision: "9610D01A"
- MED Firmware Revision: "hb96xxua1_20r30s.bin"
- MED Software Revision: "ha96xxua1_20r30s.bin"
- MED Serial Number: "06N538825133"
- MED Manufacturer Name: "Avaya"
- MED Model Name: "9610"
-----------------------------------------------------------------------------
LLDP Port 2:10 detected 1 neighbor
Neighbor: 00:01:30:F9:9E:80/8:10, age 20 seconds
- Chassis ID type: MAC address (4)
Chassis ID : 00:01:30:F9:9E:80
- Port ID type: ifName (5)
Port ID : "8:10"
- Time To Live: 120 seconds
- System Description: "NETGEAR 8800 version 12.0.0.6 v1200b6 by release-ma\
nager on Mon Mar 19 00:43:19 PDT 2007"
show lldp statistics
show lldp {port [all | <port_list>]} statistics
Description
Displays statistical counters related to the specified port or ports.
Chapter 6. Commands for Configuring LLDP | 297
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
all port_list
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Default
N/A.
Usage Guidelines
The following counters are presented with the standard command (taken from the IEEE
802.1ab MIB definition):
•
Last table change time: Last time an entry in the LLDP database was added, changed or deleted.
•
Number of table inserts: The number of times the complete set of information advertised by a particular neighbor has been inserted into tables.
•
Number of table deletes: The number of times the complete set of information advertised by a particular neighbor has been deleted from tables.
•
Number of table drops: The number of times the complete set of information advertised by a particular neighbor could not be stored in memory because of insufficient resources.
•
Number of table age outs: The number of times the complete set of information advertised by a particular neighbor has been deleted from tables because the information timeliness interval has expired.
•
Tx Total: The number of LLDP frames transmitted by this switch on the indicated port.
•
Tx Total Length Exceeded: The number of LLDP frames sent out on this port that could not hold all the information configured because the total frame length would exceed the maximum LDDPDU size of 1500 bytes.
•
Rx Total: The number of valid LLDP frames received by this switch on the indicated port, while this LLDP agent is enabled.
•
Rx Discarded: The number of LLDP frames received by this switch on the indicated port, and then discarded for any reason.
•
Rx Errors: The number of invalid LLDP frames received by this switch on the indicated port, while this LLDP agent is enabled.
•
TLVs Discarded: The number of LLDP TLVs discarded for any reason by this switch on the indicated port.
•
TLVs Unrecognized: The number of LLDP TLVs received on the given port that are not recognized by the switch.
Example
The following example lists statistical counters for all ports on the switch:
# show lldp port all statistics
298 | Chapter 6. Commands for Configuring LLDP
NETGEAR 8800 Chassis Switch CLI Manual
Last table change time : Fri Dec 17 10:42:33 2004
Number of Table Inserts : 3
Number of Table Deletes : 0
Number of Table Drops : 0
Number of Table Age Outs : 0
Port Tx Tx Length Rx Rx Rx TLVs TLVs
Total Exceeded Total Discarded Errors Discarded Unrecogn.
===================================================================================
1:1 189 0 5654 0 0 0 0
2:2 188 0 565 0 0 0 0
unconfigure lldp
unconfigure lldp {ports [all | <port_list>]}
Description
Leaves LLDP enabled and configured; restores the LLDP timer default values.
Syntax Description
all port_list
Specifies all ports on the switch.
Specifies one or more ports or slots and ports.
Default
N/A.
Usage Guidelines
When you issue the global
, only the LLDP timers are reset to default values. All the configured TLVs remain on the ports remain, and LLDP remains enabled.
When you use the keyword ports
, the TLVs for each port are returned to the five default
TLVs. LLDP remains enabled.
Example
The following command restores LLDP factory default TLVs for ports 1:4 to 1:8: unconfigure lldp ports 1:4 - 1:8
Chapter 6. Commands for Configuring LLDP | 299
7.
PoE Commands
7
Power over Ethernet (PoE) is an effective method of supplying 48 VDC power to certain types of powered devices (PDs) through Category 5 or Category 3 twisted pair Ethernet cables. PDs include wireless access points, IP telephones, laptop computers, web cameras, and other devices. With PoE, a single Ethernet cable supplies power and the data connection, reducing costs associated with separate power cabling and supply. PoE for NETGEAR 8800 includes a method of detection to assure that power is delivered to devices that meet the IEEE 802.3af specification for PoE, as well as to many legacy devices.
Summary of PoE Software Features
The NETGEAR 8800 PoE devices support the following PoE software features:
•
Configuration and control of the power distribution for PoE at the system, slot, and port levels
•
Real-time discovery and classification of 802.3af-compliant PDs and many legacy
(non-standard) devices
•
Monitor and control of PoE fault conditions
•
Support for configuring and monitoring PoE status at the system, slot, and port levels
•
LED control for indicating the port’s PoE inline power state
•
Management of an over-subscribed power budget
For more information about configuring and managing PoE, see the NETGEAR 8800 User
Manual.
clear inline-power stats ports
clear inline-power stats ports [all | <port_list>]
Description
Clears the inline statistics for the selected port to zero.
Syntax Description
all Specifies all ports.
Chapter 7. PoE Commands | 300
NETGEAR 8800 Chassis Switch CLI Manual
port_list slot
Specifies one or more ports or slots and ports.
Default
N/A.
Usage Guidelines
Example
The following command clears the inline statistics for ports 1-8 on slot 3: clear inline-power stats ports 3:1-3:8
The following command displays cleared inline power configuration information for ports 1-8 in slot 3: show inline-power stats ports 3:1-3:8
Following is sample output from this command:
STATISTICS COUNTERS
Port State Class Absent InvSig Denied OverCurrent Short
3:1 delivering class3 0 0 0 0 0
3:2 delivering class3 0 0 0 0 0
3:3 searching class0 0 0 0 0 0
3:4 searching class0 0 0 0 0 0
3:5 searching class0 0 0 0 0 0
3:6 searching class0 0 0 0 0 0
3:7 searching class0 0 0 0 0 0
3:8 searching class0 0 0 0 0 0
configure inline-power budget
configure inline-power budget <num_watts> {slot <slot>}
Description
Sets the reserved power on the switch or specified slot to the specified watts.
Syntax Description
num_watts Specifies the number of watts to reserve for specified switch or slot for inline power. Enter an integer. The minimum value is 37, or 0 if the slot is disabled; the maximum is 768; and the default value is 50.
Specifies a slot. The slot must be configured to hold a PoE module.
Chapter 7. PoE Commands | 301
NETGEAR 8800 Chassis Switch CLI Manual
Default
50 W.
Usage Guidelines
This command sets the budgeted power reserved for all PDs connected to the switch or specified slot in Watts. None of the power budget on a specified slot can be used to power other slots or PDs on other slots.
If you specify a slot that is not configured to hold a PoE module, the system returns the following error message:
Error: Slot 2 is not capable of inline-power.
You can modify the power budget without disabling the switch or slot.
If the power consumption of the PDs on the switch or a specified slot exceeds this configured
for information on configuring this parameter.)
If you attempt to configure this power budget for a value that the system cannot safely provide, the system returns an error message. To display inline power settings, use the
; to display the power for the entire switch, use the command
Note:
You must disable inline power for the switch or the specified slot using the
budget to 0.
To reduce the chances of ports fluctuating between powered and non-powered states, newly inserted PDs are not powered when the actual delivered power for the module is within approximately 19 W of the configured inline power budget for that switch or slot. However, actual aggregate power can be delivered up to the configured inline power budget for the switch or slot (for example, when delivered power from ports increases or when the configured inline power budget for the switch or slot is reduced).
Example
The following command sets the power for slot 4 to 150 W on NETGEAR 8800 switches: configure inline-power budget 150 slot 4
configure inline-power disconnect-precedence
configure inline-power disconnect-precedence [deny-port | lowest-priority]
302 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
Description
Configures the disconnect precedence priority for the switch when a new PD is detected and the measured inline power for that switch or specified slot is within 19 W of the switch’s or slot’s PoE power budget.
Syntax Description
deny-port lowest-priority
Specifies power be denied to PD requesting power, regardless of priority.
Specifies power be withdrawn from lowest-priority port(s) when next PD requesting power connects.
Default
Deny-port.
Usage Guidelines
You configure this parameter for the switch; you cannot configure this per slot or per port.
If the power supplied to the PDs on a switch or specified slot exceeds the power that was budgeted for that switch or specified slot, the system disconnects power to one or more ports to prevent power overload. Refer to
configuring and modifying the power budgeted for each switch or specified slot.
You configure the switch to either deny power to the next PD that requests power on that switch or slot, regardless of the priority, or to disconnect those PDs on ports with lower priorities until there is enough power for the new PD. If you select this last argument and you did not configure port priorities or if several ports have the same priority, the switch withdraws
for information on configuring the PoE priority for the ports.
The default value is deny-port. So, if you do not change the default value and the switch’s or slot’s power is exceeded, the next PD requesting power will not be connected.
When the setting is lowest priority, the switch continues dropping ports with the lowest configured PoE port priorities, or the highest port number in the case of equal PoE port priorities, until there is enough power for the requesting PD.
Example
The following command sets the switch to withdraw power from the lowest-priority port(s): configure inline-power disconnect-precedence lowest-priority
configure inline-power label ports
configure inline-power label <string> ports <port_list>
Chapter 7. PoE Commands | 303
NETGEAR 8800 Chassis Switch CLI Manual
Description
Lets you create your own label for a specified PoE port or group of PoE ports.
Syntax Description
string port_list
Specifies a name up to 15 characters in length to identify the specified power port(s).
Specifies one or more ports or slots and ports.
Default
No label.
Usage Guidelines
Use the
show inline-power configuration ports
command, as shown in the following example, to display inline power configuration information, including the label (if any) for each port: show inline-power configuration port 3:1-10
Following is sample output from this command on a NETGEAR 8800:
Port Config Operator Limit Priority Label
3:1 Enabled 16000 mW Low finance
3:2 Enabled 15000 mW Low finance
3:3 Enabled 15000 mW Low
3:4 Enabled 15000 mW Low
3:5 Enabled 15000 mW Low
3:6 Enabled 15000 mW Low marketing
3:7 Enabled 15000 mW Low marketing
3:8 Enabled 15000 mW Low marketing
3:9 Enabled 15000 mW Low
3:10 Enabled 15000 mW Low
Example
The following command assigns the name “alpha-test_1” to port 1 on slot 4: config inline-power label alpha-test_1 ports 4:1
configure inline-power operator-limit ports
configure inline-power operator-limit <milliwatts> ports [all |<port_list>]
Description
Sets the power limit allowed for PDs connected to the specified ports.
304 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
milliwatts port_list
Default
15400 mW.
Usage Guidelines
This command sets the power limit that a PD can draw on the specified ports. Range is 3000 to 16800 mW; the default value is 15400 mW.
If the measured power for a specified port exceeds the port’s operator limit, the power is withdrawn from that port and the port moves into a fault state.
If you try to set an operator-limit outside the accepted range, the system returns the following error message:
Error: Invalid operator-limit value. Must be in the range of 3000-16800 mW
Example
The following command sets the limit for legacy PDs on ports 3 – 6 of slot 5 to 10000 mW: configure inline-power operator-limit 10000 ports 5:3-5:6
configure inline-power priority ports
configure inline-power priority [critical | high | low] ports <port_list>
Description
Sets the PoE priority on the specified ports.
Syntax Description
critical | high | low port_list
Sets the PoE priority for the specified ports.
Specifies one or more ports or slots and ports.
Default
Low.
An integer specifying the maximum allowed power in milliwatts; the range is
3000 to 16800 mW.
Note:
If you attempt to enter a higher value, the switch returns an error message.
Specifies one or more ports or slots and ports.
Chapter 7. PoE Commands | 305
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
The system allocates power to those ports with the highest priorities first. This command can
also be used in conjunction with the configure inline-power disconnect-precedence
command. If you configure the disconnect precedence as lowest priority, then newly detected
PDs will be powered if that port has higher priority than the existing powered ports.
If there are multiple ports at the same priority level (either configured or by default) and one of the ports must have power withdrawn because of excessive power demands, those ports with the lower port number are powered first. The higher port numbers have power withdrawn first in the case of equal PoE port priorities.
Example
The following command assigns a critical PoE priority on ports 4 – 6 on slot 3: configure inline-power priority critical ports 3:4-3:6
configure inline-power usage-threshold
configure inline-power usage-threshold <threshold>
Description
Sets the inline power usage SNMP event threshold.
Syntax Description
threshold Specifies the percentage of budgeted power used on any PoE module or stand-alone switch that causes the system to send an SNMP event and create a log message. The range 1 to 99; the default value is 70.
Default
70.
Usage Guidelines
This command sets the threshold for generating an SNMP event and an Event Management
System (EMS) message. This threshold is reached when the measured power for a PoE module compared to the budgeted power for that slot exceeds a certain value. On stand-alone switches, this threshold applies to the total power available to the entire switch.
The configured threshold value initiates the event and message once that percentage of the budgeted power is being used.
On the NETGEAR 8800, the PoE threshold applies only to the percentage per slot of measured to budgeted power use; it does not apply systemwide.
The system generates an additional SNMP event and EMS message once the power usage falls below the threshold again; once the condition clears.
306 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command sets the inline power usage alarm threshold at 75%: configure inline-power usage-threshold 75
disable inline-power
disable inline-power
Description
Shuts down PoE power currently provided on all ports on all slots.
Syntax Description
This command has no arguments or variables
Default
Enable.
Usage Guidelines
You can control whether inline power is provided to the system by using the
command and the enable inline-power
command. Using the disable inline-power
command shuts down inline power currently provided on the entire switch or to specified ports and slots. Disabling inline power to a switch, port, or slot immediately removes power to any connected PDs. By default, inline power provided to all ports is enabled.
Note:
Disabling inline power using the
does not affect the data traffic traversing the port. And, disabling the
command does not affect the inline power supplied to the port.
On the 8800, disabling inline power does not allow PoE power reserved for slots to be allocated to other slots that may be needing more power to become operational. However, when you issue the command
on a slot holding a PoE module, the inline power
is also disabled; that slot is totally offline.
Note:
Inline power cannot be delivered to connected PDs unless the
NETGEAR 8800 chassis and module are powered on.
Example
The following command shuts down inline power currently provided to all ports and all slots:
Chapter 7. PoE Commands | 307
NETGEAR 8800 Chassis Switch CLI Manual
disable inline-power
disable inline-power legacy
disable inline-power legacy
Description
Disables the non-standard (or capacitance) power detection mechanism for the switch.
Syntax Description
This command has no arguments or variables
Default
Disable.
Usage Guidelines
This command disables the non-standard power-detection mechanism on the switch. Legacy
PDs do not conform to the IEEE 802.3af standard but may be detected by the switch through a capacitance measurement.
However, measuring the power through capacitance is used only if this parameter is enabled and after an unsuccessful attempt to discover the PD using the standard resistance measurement method. The default for legacy is disabled.
The reason legacy detection is configurable is that it is possible for a normal (non-PoE) device to have a capacitance signature that causes the device to be detected as a legacy
PoE device and have power delivered to it, potentially causing damage to the device.
Example
The following command disables capacitance detection of PDs on the switch: disable inline-power legacy
disable inline-power legacy slot
disable inline-power legacy slot <slot>
Description
Disables the non-standard (or capacitance) power detection mechanism for the specified slot.
Syntax Description
slot Disables non-standard power detection for specified slot.
308 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
Default
Disable.
Usage Guidelines
This command disables the non-standard power-detection mechanism on the switch or specified slot. Legacy PDs do not conform to the IEEE 802.3af standard but may be detected by the switch through a capacitance measurement.
However, measuring the power through capacitance is used only if this parameter is enabled and after an unsuccessful attempt to discover the PD using the standard resistance measurement method. The default for legacy is disabled.
The reason legacy detection is configurable is that it is possible for a normal (non-PoE) device to have a capacitance signature that causes the device to be detected as a legacy
PoE device and have power delivered to it, potentially causing damage to the device.
On a stack if you do not specify a slot number, the command operates on all active nodes.
This command operates only on nodes in the active topology.
Example
The following command disables capacitance detection of PDs on slot 3 of the NETGEAR
8800: disable inline-power legacy slot 3
disable inline-power ports
disable inline-power ports [all | <port_list>]
Description
Shuts down PoE power currently provided to all ports or to specified ports.
Syntax Description
all port_list
Disables inline power to all ports on the switch.
Disables inline power to the specified ports.
Default
Enable.
Usage Guidelines
Disabling inline power to ports immediately removes power to any connected PDs. By default, the capability to provide inline power to all ports is enabled.
Chapter 7. PoE Commands | 309
NETGEAR 8800 Chassis Switch CLI Manual
Note:
Disabling inline power using the disable inline-power
command does not affect the data traffic traversing the port. And, disabling the port using the
command does not affect the inline
power supplied to the port.
Disabling inline power to a port providing power to a PD immediately removes power to the
PD.
Note:
On the NETGEAR 8800, PoE power removed from ports using this command can be used by other ports on the same module.
Example
The following command shuts down inline power currently provided to ports 4 and 5 on slot 3 on the NETGEAR 8800: disable inline-power ports 3:4-5
disable inline-power slot
disable inline-power slot <slot>
Description
Shuts down PoE power currently provided to the specified slot.
Syntax Description
slot Disables inline power to specified slot.
Default
Enable.
Usage Guidelines
Disabling inline power to a slot immediately removes power to any connected PDs. By default, the capability to provide inline power to a slot is enabled.
Disabling a slot using this command does not change the power budgeted to a specified slot using the
command; nor can that power be used by PDs
connected to any other slot.
310 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
Note:
You can set the reserved power budget to 0 for a slot if, and only if, you first issue this command.
On a stack if you do not specify a slot number, the command operates on all active nodes.
This command operates only on nodes in the active topology.
Example
The following command removes power to all PDs on slot 3: disable inline-power slot 3
enable inline-power
enable inline-power
Description
Enables PoE power to all ports on all slots.
Syntax Description
This command has no arguments or variables.
Default
Enable.
Usage Guidelines
You can control whether inline power is provided to the system by using the
command and the enable inline-power
command. By default, inline power
provided to all ports is enabled.
Enabling inline power starts the PoE detection process used to discover, classify, and power remote PDs.
Note:
If your chassis has an inline power module and there is not enough power to supply a slot, that slot will not be powered on; the slot will not function in data-only mode without enough power for inline power.
Disabling inline power using the disable inline-power
command does not affect the data traffic traversing the port. And, disabling the port using the
affect the inline power supplied to the port.
Chapter 7. PoE Commands | 311
NETGEAR 8800 Chassis Switch CLI Manual
However, when you issue the command disable slot
for the switch on a slot holding a PoE module, the inline power is also disabled; that slot is totally offline.
Note:
Inline power cannot be delivered to connected PDs unless the
NETGEAR 8800 chassis and module are powered on.
Example
The following command enables inline power currently provided to all ports and all slots: enable inline-power
enable inline-power legacy
enable inline-power legacy
Description
Enables the non-standard (or capacitance) power detection mechanism for the switch.
Syntax Description
This command has no arguments or variables
Default
Disable.
Usage Guidelines
This command disables the non-standard power-detection mechanism on the switch. Legacy
PDs do not conform to the IEEE 802.3af standard but may be detected by the switch through a capacitance measurement.
However, measuring the power through capacitance is used only if this parameter is enabled and after an unsuccessful attempt to discover the PD using the standard resistance measurement method. The default for legacy is disabled.
CAUTION:
A normal (non-PoE) device may have a capacitance signature that causes the device to be detected as a legacy PoE device (and have power supplied), potentially causing damage to the device.
Example
The following command enables capacitance detection of PDs on the switch:
312 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
enable inline-power legacy
enable inline-power legacy slot
enable inline-power legacy slot <slot>
Description
Enables non-standard (or capacitance) power detection mechanism for the specified slot on the switch.
Syntax Description
slot Enables non-standard power detection for specified slot.
Default
Disable.
Usage Guidelines
This command enables the non-standard power-detection mechanism on the specified slot.
Legacy PDs do not conform to the IEEE 802.3af standard but may be detected by the switch through a capacitance measurement.
However, measuring the power through capacitance is used only if this parameter is enabled and after an unsuccessful attempt to discover the PD using the standard resistance measurement method. The default for legacy is disabled.
CAUTION:
A normal (non-PoE) device may have a capacitance signature that causes the device to be detected as a legacy PoE device (and have power supplied), potentially causing damage to the device.
On stack, if you do not specify a slot number, the command operates on all active nodes. The command operates only on nodes in the active topology.
Example
The following command enables capacitance detection of PDs on slot 3 on the switch: enable inline-power legacy slot 3
enable inline-power ports
enable inline-power ports [all | <port_list>]
Chapter 7. PoE Commands | 313
NETGEAR 8800 Chassis Switch CLI Manual
Description
Enables PoE power currently provided to all ports or to specified ports.
Syntax Description
all port_list
Enables inline power to all ports on the switch.
Enables inline power to the specified ports.
Default
Enable.
Usage Guidelines
Disabling inline power to a port immediately removes power to any connected PD. By default, inline power provided to all ports is enabled.
To deliver inline power to ports with connected PDs, you must also reserve power for the slot
with the PDs using the configure inline-power budget
command. If you do not have enough
reserved power for the port, that port moves into a Denied state.
Note:
If your chassis has an inline power module and there is not enough power to supply a slot, that slot will not be powered on; the slot will not function in data-only mode without enough power for inline power.
Disabling inline power using the
command does not affect the data
traffic traversing the port. And, disabling the port using the disable port
command does not affect the inline power supplied to the port.
Example
The following command enables inline power to ports 4 and 5 on slot 3 on the switch: enable inline-power ports 3:4-5
enable inline-power slot
enable inline-power slot <slot>
Description
Enables PoE power to the specified slot on the switch.
314 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
slot Enables inline power to specified slot.
Default
Enable.
Usage Guidelines
Disabling inline power to a slot immediately removes power to any connected PDs. By default, inline power provided to all slots is enabled.
To deliver inline power to slots, you must reserve power for that slot using the
command. By default, each PoE module has 50 W of power reserved
for inline power.
Note:
If your chassis has an inline power module and there is not enough power to supply a slot, that slot will not be powered on; the slot will not function in data-only mode without enough power for inline power.
Disabling inline power using the disable inline-power
command does not affect the data
traffic traversing the slot. And, disabling the slot using the disable slot
command does not affect the inline power supplied to the slot.
On a stack, if you do not specify a slot number, the command operates on all active nodes.
This command operates only on nodes in the active topology.
Example
The following command makes inline power available to slot 3: enable inline-power slot 3
reset inline-power ports
reset inline-power ports <port_list>
Description
Power cycles the specified ports.
Syntax Description
port_list Specifies one or more ports or slots and ports for which power is to be reset.
Chapter 7. PoE Commands | 315
NETGEAR 8800 Chassis Switch CLI Manual
Default
N/A.
Usage Guidelines
This command power cycles the specified ports. Ports are immediately disabled and then re-enabled, allowing remote PDs to be power-cycled.
This command affects only inline power; it does not affect network connectivity for the port(s).
Example
The following command resets power for port 4 on slot 3 on the switch: reset inline-power ports 3:4
show inline-power
show inline-power
Description
Displays inline power status information for the specified PoE switch.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
The output varies depending on the PoE device you are using.
•
Inline power status—The status of inline power. The status conditions are:
•
Enabled
•
Disabled
•
Power usage threshold
•
Disconnect precedence
•
Firmware status—The operational status of the slot. The status conditions are:
•
Operational
•
Not operational
•
Disabled
•
Subsystem failure
•
Measured power—The amount of power, in watts, that currently being used by the switch.
316 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
•
Legacy—The status of the legacy mode, which allows detection of many non-standard
PDs.
Note:
For additional information on inline power parameters, refer to the
command.
Example
The following command displays inline power status for the switch: show inline-power
(Demo) XCM8806.2 # show inline-power
Inline Power System Information
Configured : Enabled
System Power Surplus : 2473 Watts available for budgeting
Redundant Power Surplus : 1438 Watts available for budgeting to maintain N+1
Power Usage Threshold : 70 percent (per slot)
Disconnect Precedence : deny-port
Budgeted Measured
Slot Inline-Power Firmware Status Power (Watts) Power (Watts) Legacy
6 Enabled Operational 50 W 0 W Disabled
show inline-power configuration ports
show inline-power configuration ports <port_list>
Description
Displays inline power configuration information for the specified ports.
Syntax Description
port_list Specifies one or more ports.
Default
N/A.
Usage Guidelines
The output displays the following inline power configuration information for the specified ports:
•
Config—Indicates whether the port is enabled to provide inline power:
•
Enabled: The port can provide inline power.
Chapter 7. PoE Commands | 317
NETGEAR 8800 Chassis Switch CLI Manual
•
Disabled: The port cannot provide inline power.
•
Operator Limit—Displays the configured limit, in milliwatts, for inline power on the port.
•
Label—Displays a text string, if any, associated with the port.
The following also displays for this command on modular PoE devices:
•
Priority—Displays inline power priority of the port, which is used when the disconnect precedence is set to lowest priority:
•
Low
•
High
•
Critical
Example
The following command displays inline power configuration information for ports 1 to 10 in slot 3 on the switch: show inline-power configuration port 3:1-10
Following is sample output from this command:
Port Config Operator Limit Priority Label
3:1 Enabled 15000 mW Low
3:2 Enabled 15000 mW Low
3:3 Enabled 15000 mW Low
3:4 Enabled 15000 mW Low
3:5 Enabled 15000 mW Low
3:6 Enabled 15000 mW Low
3:7 Enabled 15000 mW Low
3:8 Enabled 15000 mW Low
3:9 Enabled 15000 mW Low
3:10 Enabled 15000 mW Low
show inline-power info ports
show inline-power info {detail} ports <port_list>
Description
Displays inline power information for the specified ports.
Syntax Description
port_list Specifies one or more ports.
Default
N/A.
318 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
Note:
Ports in the denied
or faulted
state periodically display the searching
state as the hardware retests the PD state.
You can use this command to generate a summary report or a detailed report.
Summary output displays the following inline power information for the specified ports:
•
State—Displays the port power state:
•
Disabled
•
Searching
•
Delivering
•
Faulted
•
Disconnected
•
Other
•
Denied
•
PD’s power class—Displays the class type of the connected PD:
•
“-----”: disabled or searching
•
“class0”: class 0 device
•
“class1”: class 1 device
•
“class2”: class 2 device
•
“class3”: class 3 device
•
“class4”: class 4 device
•
Volts—Displays the measured voltage. A value from 0 to 2 is valid for ports that are in a searching state.
•
Curr—Displays the measured current, in milliamperes, drawn by the PD.
•
Power—Displays the measured power, in watts, supplied to the PD.
•
Fault—Displays the fault value:
•
None
•
UV/OV fault
•
UV/OV spike
•
Over current
•
Overload
•
Undefined
•
Underload
•
HW fault
•
Discovery resistance fail
Chapter 7. PoE Commands | 319
NETGEAR 8800 Chassis Switch CLI Manual
•
Operator limit violation
•
Disconnect
•
Discovery resistance, A2D failure
•
Classify, A2D failure
•
Sample, A2D failure
•
Device fault, A2D failure
•
Force on error
The detail command lists all inline power information for the selected ports. Detail output displays the following information:
•
Configured Admin State—Displays the port’s configured state; Enabled or Disabled.
•
Inline Power State—Displays the port power state.
•
MIB Detect Status—Displays the port state as reported by SNMP; valid values are as follows:
•
disabled
•
searching
•
delivering
•
fault
•
test
•
otherFault
•
denyLowPriority
•
Label—Displays the port’s configured label.
•
Operator Limit—Displays the port’s configured operator limit value.
•
PD Class—Displays the class type of connected PD:
•
Max Allowed Power—Displays the amount of maximum allowed power for a device of this class.
•
Measured Power—Displays the measured power, in watts, supplied to the PD.
•
Line Voltage—Displays the measured voltage. A value from 0 to 2 is valid for ports in a searching state.
•
Current—Displays the measured current, in milliamperes, drawn by the PD.
•
Fault Status—Displays the fault value.
•
Detailed Status
The following information displays only with modular PoE devices:
•
Priority—Displays the port’s configured PoE priority value, as follows:
•
Critical
•
High
•
Low
320 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command displays summary inline power information for ports 1 to 3 on slot 3 on the switch: show inline-power info ports 3:1-3
Following is sample output from this command:
Port State Class Volts Curr Power Fault
(mA) (Watts)
3:1 delivering class3 48.3 192 9.300 None
3:2 delivering class3 48.3 192 9.300 None
3:3 searching ------ 0.0 0 0.0 None
The following command displays detail inline power information for port 1 on slot 3: show inline-power info detail port 3:1
Following is sample output from this command:
Port 3:1
Configured Admin State: enabled
Inline Power State : delivering
MIB Detect Status : delivering
Label :
Operator Limit : 16800 milliwatts
PD Class : class3
Max Allowed Power : 15.400 W
Measured Power : 9.400 W
Line Voltage : 48.3 Volts
Current : 193 mA
Fault Status : None
Detailed Status :
show inline-power slot
show inline-power slot <slot>
Description
Displays inline power information for the specified slot on the switch.
Syntax Description
slot Specifies the slot.
Default
N/A.
Chapter 7. PoE Commands | 321
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
The output indicates the following inline power status for each system:
•
Configured power
•
Enabled
•
Disabled
•
System power surplus
•
Redundant power surplus
•
Power usage threshold
•
Disconnect precedence
•
Legacy—The status of the legacy mode, which allows detection of many non-standard
PDs.
The output indicates the following inline power status information for each slot:
•
Inline power status—The status of inline power. The status conditions are:
•
Enabled
•
Disabled
•
Firmware status—The operational status of the slot. The status conditions are:
•
Operational
•
Not operational
•
Disabled
•
Subsystem failure
•
Card not present
•
Slot disabled
•
Budgeted power—The amount of power, in watts, that is available to the slot.
•
Measured power—The amount of power, in watts, that currently being used by the slot.
On a stack, if you do not specify a slot number, the command operates on all active nodes.
This command operates only on nodes in the active topology.
Example
The following command displays inline power information for slot 3 on the switch: show inline-power slot 3
Following is sample output from this command:
Inline Power System Information
Configured : Enabled
System Power Surplus : 1500 Watts available for budgeting
Redundant Power Surplus : 465 Watts available for budgeting to maintain N+1
Power Usage Threshold : 70 percent (per slot)
Disconnect Precedence : lowest-priority
322 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
Legacy Mode : Disabled
Budgeted Measured
Slot Inline-Power Firmware Status Power (Watts) Power (Watts)
3 Enabled Operational 50 W 9 W
4 Enabled Card Not Present ( 50 W) n/a
7 Enabled Operational 50 W 0 W
Note: A budget value in parentheses is not allocated from the system power
show inline-power stats
show inline-power stats
Description
Displays inline power statistics for the specified switch.
Syntax Description
There are no variables or parameters for this command.
Default
N/A.
Usage Guidelines
Use this command to produce a report that shows the firmware status and version plus how many ports are currently faulted, powered, and waiting for power for the switch. Unlike the values displayed with the
command, these values are current readings, not cumulative counters.
Example
The following command displays inline power statistics information for the NETGEAR 8800 switch:
Following is sample output from this command:
Inline-Power Slot Statistics
Firmware status : Operational
Firmware revision : 292b1
Total ports powered : 7
Total ports awaiting power : 17
Total ports faulted : 0
Total ports disabled : 0
show inline-power stats ports
show inline-power stats ports <port_list>
Chapter 7. PoE Commands | 323
NETGEAR 8800 Chassis Switch CLI Manual
Description
Displays inline power statistics for the specified ports.
Syntax Description
port_list Specifies one or more slots and ports.
Default
N/A.
Usage Guidelines
The output displays the following inline power statistics for the specified ports:
•
State—Displays the port power state:
•
Disabled
•
Searching
•
Delivering
•
Faulted
•
Disconnected
•
Other
•
Denied
•
PD’s power class—Displays the class type of the connected PD:
•
“-----”: disabled or searching
•
“class0”: class 0 device
•
“class1”: class 1 device
•
“class2”: class 2 device
•
“class3”: class 3 device
•
“class4”: class 4 device
•
Absent—Displays the number of times the port was disconnected.
•
InvSig—Displays the number of times the port had an invalid signature.
•
Denied—Displays the number of times the port was denied.
•
Over-current—Displays the number of times the port entered an overcurrent state.
•
Short—Displays the number of times the port entered undercurrent state.
Example
The following command displays inline power configuration information for ports 1 to 10 in slot 3 on the switch: show inline-power stats ports 3:1-10
324 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
Following is sample output from this command:
STATISTICS COUNTERS
Port State Class Absent InvSig Denied OverCurrent Short
3:1 delivering class3 0 0 0 18 0
3:2 delivering class3 0 0 0 0 0
3:3 searching class0 0 0 0 0 0
3:4 searching class0 0 0 0 0 0
3:5 searching class0 0 0 0 0 0
3:6 searching class0 0 0 0 0 0
3:7 searching class0 0 0 0 0 0
3:8 searching class0 0 0 0 0 0
3:9 searching class0 0 0 0 0 0
3:10 searching class0 0 0 0 0 0
show inline-power stats slot
show inline-power stats slot <slot>
Description
Displays inline power statistics for the specified slot on the switch.
Syntax Description
slot Specifies the slot.
Default
N/A.
Usage Guidelines
Use this command to produce a report that shows the firmware status and version plus how many ports are currently faulted, powered, and waiting for power for the selected slots. Unlike
the values displayed with the show inline-power stats ports
(displayed with the show inline-power stats slot
command) are current readings; not
cumulative counters.
On a stack, if you do not specify a slot number, the command operates on all active nodes.
This command operates only on nodes in the active topology.
Example
The following command displays inline power statistics information for slot 3 on the switch: show inline-power stats slot 3
Following is sample output from this command:
Inline-Power Slot Statistics
Chapter 7. PoE Commands | 325
NETGEAR 8800 Chassis Switch CLI Manual
Slot: 3
Firmware status : Operational
Firmware revision : 292b1
Total ports powered : 7
Total ports awaiting power : 41
Total ports faulted : 0
Total ports disabled : 0
unconfigure inline-power budget slot
unconfigure inline-power budget slot <slot>
Description
Unconfigures the inline reserved power on the 8800 on the specified slot and returns the power budget on that slot to the default value of 50 W.
Syntax Description
slot Specifies the slot.
Default
50 W.
Usage Guidelines
This command unconfigures any previously configured power budget for the specified slot and resets the budgeted power reserved for all PDs connected to this slot to 50 W. The rest of the previously configured power budget on this slot cannot be used to power other slots or
PDs on other slots (unless you explicitly reconfigure the power budget for other slots).
If you specify a slot that does not have a PoE module, the system returns the following error message:
Error: Slot 2 is not capable of inline-power.
Example
The following command resets the power for slot 4 to 50 W: unconfigure inline-power budget slot 4
unconfigure inline-power disconnect-precedence
unconfigure inline-power disconnect-precedence
326 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
Description
On a NETGEAR 8800 switch, unconfigures the disconnect precedence setting and returns the switch to the default disconnect precedence value of deny port.
Syntax Description
This command has no arguments or variables.
Default
Deny-port.
Usage Guidelines
You configure this parameter for the entire switch; you cannot configure this per slot or per port.
Unconfigures the PoE disconnect precedence previously set for the NETGEAR 8800 switch and returns the disconnect precedence to the default value of deny port. Deny port denies power to the next PD that requests inline power from the slot when the inline power budget for the switch or slot is reached, regardless of the inline power port priority.
Example
The following command resets the switch to the PoE disconnect precedence value, which is deny port: unconfigure inline-power disconnect-precedence
unconfigure inline-power operator-limit ports
unconfigure inline-power operator-limit ports [all |<port_list>]
Description
Unconfigures the PoE operator limit setting and resets the power limit allowed for PDs connected to the specified ports to the default value of 15400 mW.
Syntax Description
all port_list
Specifies all ports.
Specifies one or more slots and ports.
Default
15400 mW.
Chapter 7. PoE Commands | 327
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
This command unconfigures any previously configured operator limit for the specified ports. It resets the maximum power that any PD can draw to 15400 mW.
Example
The following command resets the limit on ports 3 to 6 of slot 5 on the switch to the default value of 15400 mW: unconfigure inline-power operator-limit ports 5:3-5:6
unconfigure inline-power priority ports
unconfigure inline-power priority ports [all | <port_list>]
Description
On NETGEAR 8800 switches, unconfigures the PoE priority on the specified ports and returns the ports to the default PoE port priority value of low.
Syntax Description
all port_list
Specifies all ports.
Specifies one or more ports or slots and ports.
Default
Low.
Usage Guidelines
Use this to reset the PoE port priority on specified ports on the NETGEAR 8800 switch to the default value of low.
If there are multiple ports on the NETGEAR 8800 switch at the same priority level (either configured or by default), and one of the ports must have power withdrawn because of excessive power demands, those ports with the lower port number are powered first. The higher port numbers have power withdrawn first in the case of equal PoE port priorities.
Example
The following command resets the PoE priority on ports 4 – 6 on slot 3 to low: unconfigure inline-power priority ports 3:4-3:6
unconfigure inline-power usage-threshold
unconfigure inline-power usage-threshold
328 | Chapter 7. PoE Commands
NETGEAR 8800 Chassis Switch CLI Manual
Description
Unconfigures the inline power usage alarm threshold and returns threshold to the default value of 70%.
Syntax Description
This command has no arguments or variables.
Default
70.
Usage Guidelines
This command unconfigures the PoE usage threshold setting for initiating SNMP event and
EMS messages and returns the switch’s inline power usage threshold for to 70%. The system initiates an event and message once that percentage of the budgeted power is being used.
The system generates an additional SNMP event and EMS message once the power usage falls below the threshold again; once the condition clears.
Example
The following command resets the inline power usage alarm threshold to 70%: unconfigure inline-power usage-threshold
Chapter 7. PoE Commands | 329
8.
Commands for Status Monitoring and
Statistics
8
This chapter describes commands for:
•
Configuring and managing the Event Management System/Logging
•
Configuring and monitoring system health and statistics
•
Enabling and disabling the collection of remote monitoring (RMON) statistics on the switch
•
Enabling, disabling, and configuring sFlow
®
statistics collection
Event Management System
When an event occurs on a switch, the Event Management System (EMS) allows you to send messages generated by these events to a specified log target. You can send messages to the memory buffer, NVRAM, the console display, the current session, to a syslog host, or to the other
Management Switch Fabric Module (MSM) or Management Module (MM). The log messages contain configuration and fault information pertaining to the device. You can format the log messages to contain various items of information, but typically a message consists of:
•
Timestamp—The timestamp records when the event occurred.
•
Severity level:
•
Critical—A desired switch function is inoperable. The switch may need to be reset.
•
Error—A problem is interfering with normal operation.
•
Warning—An abnormal condition exists that may lead to a function failure.
•
Notice—A normal but significant condition has been detected; the system is functioning as expected.
•
Info—Actions and events that are consistent with expected behavior.
•
Debug-Summary, Debug-Verbose, and Debug-Data—Information that is useful when performing detailed trouble shooting procedures.
By default, log entries that are assigned a critical, error, or warning level are considered static entries and remain in the NVRAM log target after a switch reboot.
•
Component—The component refers to the specific functional area to which the error refers.
Chapter 8. Commands for Status Monitoring and Statistics | 330
NETGEAR 8800 Chassis Switch CLI Manual
•
Message—The message contains the log information with text that is specific to the problem.
The switch maintains a configurable number of messages in its internal (memory-buffer) log
(1000 by default). You can display a snapshot of the log at any time. In addition to viewing a snapshot of the log, you can configure the system to maintain a running real-time display of log messages on the console display or telnet session. In addition to maintaining an internal log, the switch supports remote logging by way of the UNIX syslog host facility.
EMS supports IPv6 as a parameter for filtering events.
sFlow Statistics
sFlow
®
is a technology for monitoring traffic in data networks containing switches and routers.
It relies on statistical sampling of packets from high-speed networks, plus periodic gathering of the statistics. A User Datagram Protocol (UDP) datagram format is defined to send the information to an external entity for analysis. sFlow consists of a (Management Information
Base) MIB and a specification of the packet format for forwarding information to a remote agent. Details of sFlow specifications can be found in RFC 3176 and at the following website: http://www.sflow.org
NETGEAR 8800 allows you to collect sFlow statistics on a per port basis. An agent, residing locally on the switch, sends data to a collector that resides on another machine. You configure the local agent, the address of the remote collector, and the ports of interest for sFlow statistics gathering. You can also modify default values for how frequently on average a sample is taken, how often the data is sent to the collector, and the maximum load allowed on the CPU before throttling the statistics gathering.
For information about software licensing, including how to obtain and upgrade your license, see Appendix A in the NETGEAR 8800 User Manual.
RMON
RMON is the common abbreviation for the Remote Monitoring Management Information
Base (MIB) system defined by the Internet Engineering Task Force (IETF) documents RFC
1757 and RFC 2021, which allows you to monitor LANs remotely.
Using the RMON capabilities of the switch allows network administrators to improve system efficiency and reduce the load on the network.
The IETF defines nine groups of Ethernet RMON statistics. The switch supports the following four of these groups, as defined in RFC 1757:
•
Statistics
•
History
•
Alarms
•
Events
Chapter 8. Commands for Status Monitoring and Statistics | 331
NETGEAR 8800 Chassis Switch CLI Manual
The switch also supports the following parameters for configuring the RMON probe and the trap destination table, as defined in RFC 2021:
•
probeCapabilities
•
probeSoftwareRev
•
probeHardwareRev
•
probeDateTime
•
probeResetControl
•
trapDestTable
clear counters
clear counters
Description
Clears all switch statistics and port counters, including port packet statistics, bridging statistics, IP statistics, and log event counters.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
You should view the switch statistics and port counters before you clear them. Use the show ports
command to view port statistics. Use the
command to show event statistics.
The CLI also provides a number of options that you can specify with the clear counters command. If you specify an option, the switch only clears the statistics for that option. For
command. Please refer to the specific chapter in this guide for more detailed
information about those commands.
Viewing and maintaining statistics on a regular basis allows you to see how well your network is performing. If you keep simple daily records, you will see trends emerging and notice problems arising before they cause major network faults. By clearing the counters, you can see fresh statistics for the time period you are monitoring.
Example
The following command clears all switch statistics and port counters: clear counters
332 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
clear log
clear log {error-led | static | messages [memory-buffer | nvram]}
Description
Clears the log messages in memory and NVRAM, and clears the ERR LED on the MSM/MM.
Syntax Description
error-led static memory-buffer nvram
Clears the ERR LED on the MSM/MM.
Specifies that the messages in the NVRAM and memory-buffer targets are cleared, and the ERR LED on the MSM/MM is cleared.
Clears entries from the memory buffer.
Clears entries from NVRAM.
Default
N/A.
Usage Guidelines
The switch log tracks configuration and fault information pertaining to the device.
By default, log entries that are sent to the NVRAM remain in the log after a switch reboot. The
and clear log messages memory-buffer
commands remove entries in the memory buffer target; the clear log static
and clear log messages nvram commands remove messages from the NVRAM target. In addition, the clear log static
command will also clear the memory buffer target.
There are three ways to clear the ERR LED: clear the log, reboot the switch, or use the clear log error-led
command. To clear the ERR LED without rebooting the switch or clearing the log messages, use the clear log error-led
command.
Example
The following command clears all log messages, from the NVRAM: clear log static
clear log counters
clear log counters [<event-condition> | [all | <event-component>] {severity <severity>
{only}}]
Description
Clears the incident counters for events.
Chapter 8. Commands for Status Monitoring and Statistics | 333
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
event-condition all event-component severity only
Specifies the event condition counter to clear.
Specifies that all events counters are to be cleared.
Specifies that all the event counters associated with a particular component should be cleared.
Specifies the minimum severity level of event counters to clear (if the keyword only is omitted).
Specifies that only event counters of the specified severity level are to be cleared.
Default
If severity is not specified, then the event counters of any severity are cleared in the specified component.
Usage Guidelines
This command sets the incident counters to zero for each event specified. To display event counters, use the following command:
See the command
show log on page 387 for more information about severity levels.
To get a listing of the event conditions in the system, use the following command: show log events {detail}
To get a listing of the components present in the system, use the following command:
Execution of these commands on a backup or standby node results in the clearing of that node’s information only. Execution of these commands on the master node results in the clearing of information on all nodes in the system.
Example
The following command clears the event counters for event conditions of severity error or greater in the component BGP: clear log counters "BGP" severity error
clear sys-recovery-level
clear sys-recovery-level
334 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Description
If configured and the switch detects a hardware fault and enters the shutdown state, this command clears the shutdown state and renders the switch, I/O, or MSM/MM module(s) operational.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
If you configure the switch or one or more modules to shutdown upon detecting a hardware fault, and the switch or module enters the shutdown state, you must explicitly clear the shutdown state and reset the switch or the affected modules for the switch to become operational.
To clear the shutdown state, use the following command:
The switch prompts you to confirm this action. The following is a sample confirmation message:
Are you sure you want to clear sys-recovery-level? (y/n)
Enter y
to confirm this action and clear the shutdown state. Enter n
or press [Enter] to cancel this action.
On the NETGEAR 8800, after using the
command, you must reset each affected module.
If you configured only a few I/O modules to shutdown, reset each affected I/O module as follows:
1.
Disable the slot using the disable slot
<slot>
command.
2.
Re-enable the slot using the enable slot
<slot>
command.
Note:
You must complete this procedure for each module that enters the shutdown state.
If you configured all I/O modules or one or more MSMs/MMs to shut down, use the reboot
command to reboot the switch and reset all affected modules.
After you clear the shutdown state and reset the affected module, each port is brought offline and then back online before the module and the entire system is operational.
Chapter 8. Commands for Status Monitoring and Statistics | 335
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command clears the shutdown state: clear sys-recovery-level
configure log display
configure log display <severity> {only}
Description
Configures the real-time log-level message to display.
Syntax Description
severity only
Specifies a message severity. Severities include critical, error, warning, notice, info, debug-summary, debug-verbose, and debug-data.
Specifies only log messages of the specified severity level.
Default
If not specified, messages of all severities are displayed on the console display.
Usage Guidelines
You must enable the log display before messages are displayed on the log display. Use the
command to enable the log display. This allows you to configure the system to maintain a running real-time display of log messages on the console.
Severity filters the log to display messages with the selected severity or higher (more critical).
Severities include critical, error, warning, info, notice, debug-summary, debug-verbose, and debug-data.
You can also control log data to different targets. The command equivalent to
is the following: configure log target console-display severity <severity>
To display the current configuration of the log display, use the following command: show log configuration target console-display
In a stack, this command is applicable only to Master and Backup nodes and not applicable to the standby nodes.
Example
The following command configures the system log to maintain a running real-time display of log messages of critical severity or higher: configure log display critical
336 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
The following command configures the system log to maintain a running real-time display of only log messages of critical severity: configure log display critical only
configure log filter events
configure log filter <name> [add | delete] {exclude} events [<event-condition> | [all |
<event-component>] {severity <severity> {only}}]
Description
Configures a log filter to add or delete detailed feature messages based on a specified set of events.
In a stack, this command is applicable only to Master and Backup nodes and not applicable to the standby nodes.
Syntax Description
name add delete exclude event-condition all event-component severity only
Specifies the filter to configure.
Add the specified events to the filter
Remove the specified events from the filter
Events matching the specified events will be excluded
Specifies an individual event.
Specifies all components and subcomponents.
Specifies all the events associated with a particular component.
Specifies the minimum severity level of events (if the keyword only is omitted).
Specifies only events of the specified severity level.
Default
If the exclude
keyword is not used, the events will be included by the filter. If severity
is not specified, then the filter will use the component default severity threshold (see the note
delete
or exclude
is specified).
Usage Guidelines
This command controls the incidents that pass a filter by adding, or deleting, a specified set of events. If you want to configure a filter to include or exclude incidents based on event parameter values (for example, MAC address or BGP Neighbor) see the command
configure log filter events match on page 340 .
Chapter 8. Commands for Status Monitoring and Statistics | 337
NETGEAR 8800 Chassis Switch CLI Manual
When the add
keyword is used, the specified event name is added to the beginning of the filter item list maintained for this filter. The new filter item either includes the events specified, or if the exclude
keyword is present, excludes the events specified.
The delete
keyword is used to remove events from the filter item list that were previously added using the add command. All filter items currently in the filter item list that are identical to, or a subset of, the set of events specified in the delete command will be removed.
Event Filtering Process
From a logical standpoint, the filter associated with each enabled log target is examined to determine whether a message should be logged to that particular target. The determination is made for a given filter by comparing the incident with the most recently configured filter item first. If the incident matches this filter item, the incident is either included or excluded, depending on whether the exclude
keyword was used. Subsequent filter items on the list are compared if necessary. If the list of filter items has been exhausted with no match, the incident is excluded.
Events, Components, and Subcomponents
As mentioned, a single event can be included or excluded by specifying the event’s name.
Multiple events can be added or removed by specifying a NETGEAR 8800 component name plus an optional severity. Some components, such as BGP, contain subcomponents, such as
Keepalive, which is specified as BGP.Keepalive. Either components or subcomponents can be specified. The keyword all
in place of a component name can be used to indicate all
NETGEAR 8800 components.
Severity Levels
When an individual event name is specified following the events keyword, no severity value is needed since each event has pre-assigned severity. When a component, subcomponent, or the all
keyword is specified following the events
keyword, a severity value is optional. If no severity is specified, the severity used for each applicable subcomponent is obtained from the pre-assigned severity threshold levels for those subcomponents. For example, if STP were specified as the component, and no severity is specified for the add of an include item, then only messages with severity of error
and greater would be passed, since the threshold severity for the STP component is error
. If STP.InBPDU were specified as the component, and no severity is specified, then only messages with severity of warning
and greater would be passed, since the threshold severity for the STP.InPBDU subcomponent is warning
. Use the
command to see this information.
The severity keyword all
can be used as a convenience when delete
or exclude
is specified.
The use of delete
(or exclude
) with severity all
deletes (or excludes) previously added events of the same component of all severity values.
Note:
If no severity is specified when delete or exclude is specified, severity all is used
338 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
If the only
keyword is present following the severity value, then only the events in the specified component at that exact severity are included. Without the only
keyword, events in the specified component at that severity or more urgent are included. For example, using the option severity warning
implies critical, error, or warning events, whereas the option severity warning only
implies warning events only. Severity all only
is not a valid choice.
Any EMS events with severity debug-summary
, debug-verbose
, or debug-data
will not be
logged unless debug mode is enabled. See the command enable log debug-mode on page 1350 .
Filter Optimization
Each time a configure log filter
command is issued for a given filter name, the events specified are compared against the current configuration of the filter to try to logically simplify the configuration.
For example, if the command: configure log filter bgpFilter1 add events bgp.keepalive severity error only were to be followed by the command: configure log filter bgpFilter1 add events bgp severity info the filter item in the first command is automatically deleted since all events in the
BGP.Keepalive subcomponent at severity error
would be also included as part of the second command, making the first command redundant.
More Information
See the command show log on page 387
for more information about severity levels.
To get a listing of the components present in the system, use the following command:
To get a listing of event condition definitions, use the following command:
To see the current configuration of a filter, use the following command:
show log configuration filter {<filter name>}
Example
The following command adds all STP component events at severity info
to the filter
mySTPFilter: configure log filter myStpFilter add events stp severity info
The following command adds the STP.OutBPDU subcomponent, at the pre-defined severity level for that component, to the filter myStpFilter: configure log filter myStpFilter add events stp.outbpdu
The following command excludes one particular event, STP.InBPDU.Drop, from the filter:
Chapter 8. Commands for Status Monitoring and Statistics | 339
NETGEAR 8800 Chassis Switch CLI Manual
name add delete exclude event-condition all event-component severity only match strict-match type value configure log filter myStpFilter add exclude events stp.inbpdu.drop
configure log filter events match
configure log filter <name> [add | delete] {exclude} events [<event-condition> | [all |
<event-component>] {severity <severity> {only}}] [match | strict-match] <type> <value>
Description
Configures a log filter to add or delete detailed feature messages based on a specified set of events and match parameter values.
In a stack, this command is applicable only to Master and Backup nodes and not applicable to the standby nodes.
Syntax Description
Specifies the filter to configure.
Add the specified events to the filter.
Remove the specified events from the filter.
Events matching the filter will be excluded.
Specifies the event condition.
Specifies all events.
Specifies all the events associated with a particular component.
Specifies the minimum severity level of events (if the keyword only is omitted).
Specifies only events of the specified severity level.
Specifies events whose parameter values match the <type> <value> pair.
Specifies events whose parameter values match the <type> <value> pair, and possess all the parameters specified.
Specifies the type of parameter to match. For more information about types and values see
Specifies the value of the parameter to match. For more information about types and values see
Default
If the exclude
keyword is not used, the events will be included by the filter. If severity
is not
delete
or exclude
is specified).
340 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
This command controls the incidents that pass a filter by adding, or deleting, a specified set of events that match a list of
<type> <value>
pairs. This command is an extension of the command
, and adds the ability to filter incidents based on matching specified event parameter values to the event.
See the configure log filter events
command on page 337 for more information on
specifying and using filters, on event conditions and components, and on the details of the filtering process. The discussion here is about the concepts of matching
<type> <value>
pairs to more narrowly define filters.
Types and Values
Each event in NETGEAR 8800 is defined with a message format and zero or more parameter types. The
command on page 401 can be used to display event definitions
(the event text and parameter types). The syntax for the parameter types (represented by
<type>
in the command syntax above) is:
[address-family [ipv4-multicast | ipv4-unicast | ipv6-multicast | ipv6-unicast]
| bgp-neighbor <ip address>
| bgp-routerid <ip address>
| {destination | source} [ipaddress <ip address> | L4-port | mac-address ]
| {egress | ingress} [slot <slot number> | ports <portlist>]
| ipaddress <ip address>
| L4-port <L4-port>
| mac-address <mac_address>
| netmask <netmask>
| number <number>
| port <portlist>
| process <process name>
| slot <slotid>
| string <exact string to be matched>
| vlan <vlan name>
| vlan tag <vlan tag>]
You can specify the ipaddress
type as IPv4 or IPv6, depending on the IP version. The following examples show how to configure IPv4 addresses and IPv6 addresses:
•
IPv4 address
To configure an IP address, with a mask of 32 assumed, use the following command: configure log filter myFilter add events all match ipaddress 12.0.0.1
To configure a range of IP addresses with a mask of 8, use the following command: configure log filter myFilter add events all match ipaddress 12.0.0.0/8
•
IPv6 address
To configure an IPv6 address, with a mask of 128 assumed, use the following command: configure log filter myFilter add events all match ipaddress 3ffe::1
To configure a range of IPv6 addresses with a mask of 16, use the following command:
Chapter 8. Commands for Status Monitoring and Statistics | 341
NETGEAR 8800 Chassis Switch CLI Manual
configure log filter myFilter add events all match ipaddress 3ffe::/16
•
IPv6 scoped address
IPv6 scoped addresses consist of an IPv6 address and a VLAN. The following examples identify a link local IPv6 address.
To configure a scoped IPv6 address, with a mask of 128 assumed, use the following command: configure log filter myFilter add events all match ipaddress 3ffe::1%Default
To configure a range of scoped IPv6 addresses with a mask of 16, use the following command: configure log filter myFilter add events all match ipaddress
3ffe::/16%Default
To configure a scoped IPv6 address with any VLAN, use the following command: configure log filter myFilter add events all match ipaddress 3ffe::/16%*
To configure any scoped IPv6 address with a specific VLAN, use the following command: configure log filter myFilter add events all match ipaddress ::/0%Default
Note:
In the previous example, if you specify the VLAN name, it must be a full match; wild cards are not allowed.
The
<value>
depends on the parameter type specified. As an example, an event may contain a physical port number, a source MAC address, and a destination MAC address. To allow only those incidents with a specific source MAC address, use the following in the command: configure log filter myFilter add events aaa.radius.requestInit secerity notice match source mac-address 00:01:30:23:C1:00 configure log filter myFilter add events bridge severity notice match source mac-address
00:01:30:23:C1:00
The string type is used to match a specific string value of an event parameter, such as a user name. The exact string is matched with the given parameter and no regular expression is supported.
Match Versus Strict-Match
The match and
strict-match
keywords control the filter behavior for incidents whose event definition does not contain all the parameters specified in a configure log filter events match
command. This is best explained with an example. Suppose an event in the XYZ component, named XYZ.event5, contains a physical port number, a source MAC address, but no destination MAC address. If you configure a filter to match a source MAC address and a destination MAC address, XYZ.event5 will match the filter when the source MAC address matches regardless of the destination MAC address, since the event contains no destination
342 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
MAC address. If you specify the strict-match keyword, then the filter will never match, since
XYZ.event5 does not contain the destination MAC address.
In other words, if the match
keyword is specified, an incident will pass a filter so long as all parameter values in the incident match those in the match criteria, but all parameter types in the match criteria need not be present in the event definition.
More Information
See the command show log on page 387
for more information about severity levels.
To get a listing of the components present in the system, use the following command:
To get a listing of event condition definitions, use the following command:
To see the current configuration of a filter, use the following command:
show log configuration filter {<filter name>}
Example
By default, all log targets are associated with the built-in filter, DefaultFilter. Therefore, the most straightforward way to send additional messages to a log target is to modify
DefaultFilter. In the following example, the command modifies the built-in filter to allow incidents in the STP component, and all subcomponents of STP, of severity critical, error, warning, notice and info. For any of these events containing a physical port number as a match parameter, limit the incidents to only those occurring on physical ports 3, 4 and 5 on slot 1, and all ports on slot 2: configure log filter DefaultFilter add events stp severity info match ports 1:3-1:5, 2:*
If desired, issue the unconfigure log DefaultFilter
command to restore the DefaultFilter back to its original configuration.
configure log target filter
configure log target [console | memory-buffer | primary-msm | primary-node | backup-msm | backup-node | nvram | session | syslog [all | <ipaddress> | <ipPort> {vr <vr_name>} [local0
... local7]]] filter <filter-name> {severity <severity> {only}}
Description
Associates a filter to a target.
In a stack, this command is applicable only to Master and Backup nodes. This command is not applicable to standby nodes.
Syntax Description
target Specifies the device to send the log entries.
Chapter 8. Commands for Status Monitoring and Statistics | 343
NETGEAR 8800 Chassis Switch CLI Manual
console memory-buffer primary-msm primary-node backup-msm backup-node nvram session syslog all ipaddress ipPort vr_name local0 ... local7 filter-name severity only
Specifies the console display.
Specifies the switch memory buffer.
Specifies the primary MSM.
Specifies the primary node in a stack.
Specifies the backup MSM.
Specifies the backup node in a stack.
Specifies the switch NVRAM.
Specifies the current session (including console display).
Specifies a syslog remote server.
Specifies all of the syslog remote servers.
Specifies the syslog IP address.
Specifies the UDP port number for the syslog target.
Specifies the virtual router that can reach the server IP address.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual.
Specifies the local syslog facility.
Specifies the filter to associate with the target.
Specifies the minimum severity level to send (if the keyword only is omitted).
Specifies that only the specified severity level is to be sent.
Default
If severity is not specified, the severity level for the target is left unchanged. If a virtual router is not specified, VR-Mgmt is used.
Usage Guidelines
This command associates the specified filter and severity with the specified target. A filter limits messages sent to a target.
Although each target can be configured with its own filter, by default, all targets are associated with the built-in filter, DefaultFilter. Each target can also be configured with its own severity level. This provides the ability to associate multiple targets with the same filter, while having a configurable severity level for each target.
A message is sent to a target if the target has been enabled, the message passes the associated filter, the message is at least as severe as the configured severity level, and the message output matches the regular expression specified. By default, the memory buffer,
NVRAM, primary MSM/MM, and backup MSM/MM targets are enabled. For other targets, use
344 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
the command enable log target on page 380 .
describes the default characteristics
of each type of target.
Table 8. Default target log characteristics
Target
console display memory buffer
NVRAM primary MSM/MM backup MSM/MM session syslog yes yes no no
Enabled Severity Level
no info yes yes debug-data warning warning warning info debug-data
The built-in filter, DefaultFilter, and a severity level of info
are used for each new telnet session. These values may be overridden on a per-session basis using the
command and specify the target as session
. Use the following form of the command for per-session configuration changes: configure log target session filter <filter name> {severity <severity> {only}}
Configuration changes to the current session target are in effect only for the duration of the session, and are not saved in FLASH memory. The session
option can also be used on the console display, if the changes are desired to be temporary. If changes to the console-display are to be permanent (saved to FLASH memory), use the following form of the command: configure log target console filter <filter name> {severity <severity> {only}}
If the condition for the backup-msm
target is met by a message generated on the primary, the event is sent to the backup MSM/MM. When the backup MSM/MM receives the event, it will see if any of the local targets (nvram, memory, or console) are matched. If so it gets processed. The session
and syslog
targets are disabled on the backup MSM/MM, as they are handled on the primary. If the condition for the primary-msm
target is met by a message generated on the backup, the event is sent to the primary MSM.
Note that the
backup-msm
target is only active on the primary MSM/MM, and the primary-msm target is only active on the backup MSM/MM.
Example
The following command sends log messages to the previously syslog host at 10.31.8.25, port
8993, and facility local3
, that pass the filter myFilter and are of severity warning
and above: configure log target syslog 10.31.8.25:8993 local3 filter myFilter severity warning
The following command sends log messages to the current session, that pass the filter
myFilter and are of severity warning
and above: configure log target session filter myFilter severity warning
Chapter 8. Commands for Status Monitoring and Statistics | 345
NETGEAR 8800 Chassis Switch CLI Manual
configure log target format
configure log target [console | memory-buffer | nvram | session | syslog [all | <ipaddress> |
<ipPort>] {vr <vr_name>} {local0 ... local7}]]
format [timestamp [seconds | hundredths | none]
| date [dd-mm-yyyy | dd-Mmm-yyyy | mm-dd-yyyy | Mmm-dd | yyyy-mm-dd | none] | severity
| event-name [component | condition | none | subcomponent]
| host-name
| priority
| process-name
| process-slot
| source-line
Description
Configures the formats of the displayed message, on a per-target basis.
In a stack, this command is applicable only to Master and Backup nodes and not applicable to the standby nodes.
Syntax Description
console memory-buffer nvram session syslog all ipaddress ipPort vr_name local0 ... local7 timestamp date severity event-name host-name priority process-name
Specifies the console display.
Specifies the switch memory buffer.
Specifies the switch NVRAM.
Specifies the current session (including console display).
Specifies a syslog target.
Specifies all remote syslog servers.
Specifies the syslog IP address.
Specifies the UDP port number for the syslog target.
Specifies the virtual router that can reach the server IP address.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual.
Specifies the local syslog facility.
Specifies a timestamp formatted to display seconds, hundredths, or none.
Specifies a date formatted as specified, or none.
Specifies whether to include the severity.
Specifies how detailed the event description will be. Choose from none, component, subcomponent, or condition.
Specifies whether to include the syslog host name.
Specifies whether to include the priority.
Specifies whether to include the internal process name.
346 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
process-slot source-line
Specifies which slot number the message was generated.
Specifies whether to include the source file name and line number.
Default
The following defaults apply to console display, memory buffer, NVRAM, and session targets:
•
timestamp—hundredths
•
date—mm-dd-yyyy
•
severity—on
•
event-name—condition
•
host-name—off
•
priority—off
•
process-name—off
•
process-slot—off
•
source-line—off
The following defaults apply to syslog targets (per RFC 3164):
•
timestamp—seconds
•
date—mmm-dd
•
severity—on
•
event-name—none
•
host-name—off
•
priority—on
•
process-name—off
•
process-slot—off
•
source-line—off
If a virtual router is not specified, VR-Mgmt is used.
Usage Guidelines
This command configures the format of the items that make up log messages. You can choose to include or exclude items and set the format for those items, but you cannot vary the order in which the items are assembled.
When applied to the targets console
or session
, the format specified is used for the messages sent to the console display or telnet session. Configuration changes to the session target, be it either a telnet or console display target session, are in effect only for the duration of the session, and are not saved in FLASH.
When this command is applied to the target memory-buffer
, the format specified is used in subsequent
commands. The format configured for the internal
Chapter 8. Commands for Status Monitoring and Statistics | 347
NETGEAR 8800 Chassis Switch CLI Manual
memory buffer can be overridden by specifying a format on the
and
commands.
When this command is applied to the target syslog
, the format specified is used for the messages sent to the specified syslog host.
Timestamps
Timestamps refer to the time an event occurred, and can be output in either seconds as described in RFC 3164 (for example, “13:42:56”), hundredths of a second (for example,
“13:42:56.98”), or suppressed altogether. To display timestamps as hh:mm:ss, use the seconds
keyword, to display as hh:mm:ss.HH, use the hundredths
keyword, or to suppress timestamps altogether, use the none
keyword. Timestamps are displayed in hundredths by default.
Date
The date an event occurred can be output as described in RFC 3164. Dates are output in different formats, depending on the keyword chosen. The following lists the date
keyword options, and how the date “March 26, 2005” would be output:
•
Mmm-dd
—Mar 26
•
mm-dd-yyyy
—03/26/2005
•
dd-mm-yyyy
—26-03-2005
•
yyyy-mm-dd
—2005-03-26
•
dd-Mmm-yyyy
—26-Mar-2005
Dates are suppressed altogether by specifying none
. Dates are displayed as mm-dd-yyyy
by default.
Severity
A four-letter abbreviation of the severity of the event can be output by specifying severity on or suppressed by specifying severity off
. The default setting is severity on
. The abbreviations are: Crit, Erro, Warn, Noti, Info, Summ, Verb, and Data. These correspond to:
Critical, Error, Warning, Notice, Informational, Debug-Summary, Debug-Verbose, and
Debug-Data.
Event Names
Event names can be output as the component name only by specifying e vent-name component
and as component and subcomponent name with condition mnemonic by specifying event-name condition
, or suppressed by specifying event-name none
. The default setting is event-name condition
to specify the complete name of the events.
Host Name
The configured SNMP name of the switch can be output as HOSTNAME described in RFC
3164 by specifying
host-name
. The default setting is off.
348 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Process Name
For providing detailed information to technical support, the (internal) NETGEAR 8800 task names of the applications detecting the events can be displayed by specifying process-name. The default setting is off.
Process Slot
For providing detailed information to technical support, the slot from which the logged message was generated can be displayed by specifying process-slot
. The default setting is off.
Process ID
For providing detailed information to technical support, the (internal) NETGEAR 8800 task identifiers of the applications detecting the events can be displayed by specifying process-id.
The default setting is off.
Source Line
For providing detailed information to technical support, the application source file names and line numbers detecting the events can be displayed by specifying source-line
. The default
setting is off. You must enable debug mode using the enable log debug-mode
command to view the source line information. For messages generated prior to enabling debug mode, the source line information is not displayed.
Example
In the following example, the switch generates the identical event from the component SNTP, using three different formats.
Using the default format for the session target, an example log message might appear as:
05/29/2005 12:15:25.00 <Warn:SNTP.RslvSrvrFail> The SNTP server parameter value
(TheWrongServer.example.com) can not be resolved.
If you set the current session format using the following command: configure log target session format timestamp seconds date mm-dd-yyyy event-name component
The same example would appear as:
05/29/2005 12:16:36 <Warn:SNTP> The SNTP server parameter value (TheWrongServer.example.com) can not be resolved.
To provide some detailed information to technical support, you set the current session format using the following command: configure log target session format timestamp hundredths date mmm-dd event-name condition source-line process-name
The same example would appear as:
May 29 12:17:20.11 SNTP: <Warn:SNTP.RslvSrvrFail> tSntpc: (sntpcLib.c:606) The SNTP server parameter value (TheWrongServer.example.com) can not be resolved.
Chapter 8. Commands for Status Monitoring and Statistics | 349
NETGEAR 8800 Chassis Switch CLI Manual
configure log target match
configure log target [console | memory-buffer | nvram | primary-msm | primary-node| backup-msm
| backp-node | session | syslog [all | <ipaddress> | <ipPort> {vr <vr_name>} [local0 ... local7]]] match [any |<match-expression>]
Description
Associates a match expression to a target.
In a stack, this command is applicable only on a Master and Backup nodes. This command is not applicable for standby nodes.
Syntax Description
console memory-buffer nvram primary-msm primary-node backup-msm backup-node session syslog all ipaddress ipPort vr_name local0 ... local7 any match-expression
Specifies the console display.
Specifies the switch memory buffer.
Specifies the switch NVRAM.
Specifies the primary MSM.
Specifies the primary node in a stack.
Specifies the backup MSM.
Specifies the backup-node in a stack.
Specifies the current session (including console display).
Specifies a syslog target.
Specifies all of the remote syslog servers.
Specifies the syslog IP address.
Specifies the UDP port number for the syslog target.
Specifies the virtual router that can reach the server IP address.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual.
Specifies the local syslog facility.
Specifies that any messages will match. This effectively removes a previously configured match expression.
Specifies a regular expression. Only messages that match the regular expression will be sent.
Default
By default, targets do not have a match expression. If a virtual router is not specified,
VR-Mgmt is used.
350 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
This command configures the specified target with a match expression. The filter associated with the target is not affected. A message is sent to a target if the target has been enabled, the message passes the associated filter, the message is at least as severe as the configured severity level, and the message output matches the regular expression specified.
See the command show log on page 387
for a detailed description of simple regular expressions. By default, targets do not have a match expression.
Specifying any
instead of match-expression
effectively removes a match expression that had been previously configured, causing any message to be sent that has satisfied all of the other requirements.
To see the configuration of a target, use the following command:
<vr_name>} {[local0 ... local7]}}
To see the current configuration of a filter, use the following command:
show log configuration filter {<filter name>}
Example
The following command sends log messages to the current session, that pass the current filter and severity level, and contain the string user5: configure log target session match user5
configure log target severity
configure log target [console | memory-buffer | nvram | primary-msm | primayr-node | backup-msm | backup-node | session | syslog [all | <ipaddress> | <ipPort> {vr <vr_name>}
[local0 ... local7]]] {severity <severity> {only}}
Description
Sets the severity level of messages sent to the target.
In a stack, this command is applicable only to Master and Backup nodes. You cannot run this command on standby nodes.
Syntax Description
console memory-buffer nvram primary-msm primary-node
Specifies the console display.
Specifies the switch memory buffer.
Specifies the switch NVRAM.
Specifies the primary MSM.
Specifies the primary node in a stack.
Chapter 8. Commands for Status Monitoring and Statistics | 351
NETGEAR 8800 Chassis Switch CLI Manual
backup-msm backup-node session syslog all ipaddress ipPort vr_name local0 ... local7 severity only
Specifies the backup MSM.
Specifies the backup node in a stack.
Specifies the current session (including console display).
Specifies a syslog target.
Specifies all of the remote syslog servers.
Specifies the syslog IP address.
Specifies the UDP port number for the syslog target.
Specifies the virtual router that can reach the server IP address.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual.
Specifies the local syslog facility.
Specifies the least severe level to send (if the keyword only is omitted).
Specifies that only the specified severity level is to be sent.
Default
By default, targets are sent messages of the following severity level and above:
•
console display—info
•
memory buffer—debug-data
•
NVRAM—warning
•
session—info
•
syslog—debug-data
•
primary MSM/MM—warning
•
backup MSM/MM—warning
•
primary node—warning (stack only)
•
backup node—warning (stack only)
If a virtual router is not specified, VR-Mgmt is used.
Usage Guidelines
This command configures the specified target with a severity level. The filter associated with the target is not affected. A message is sent to a target if the target has been enabled, the message passes the associated filter, the message is at least as severe as the configured severity level, and the message output matches the regular expression specified.
See the command
show log on page 387 for a detailed description of severity levels.
To see the current configuration of a target, use the following command:
352 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
<vr_name>} {[local0 ... local7]}}
To see the current configuration of a filter, use the following command:
show log configuration filter {<filter name>}
Example
The following command sends log messages to the current session, that pass the current filter at a severity level of info or greater, and contain the string user5: configure log target session severity info
configure log target syslog
configure log target syslog [all | <ipaddress> | <ipPort>] {vr <vr_name>} {local0 ... local7} from <source-ip-address>
Description
Configures the syslog server’s IP address for one or all syslog targets.
Syntax Description
syslog all ipaddress ipPort vr_name local0 ... local7 source-ip-address
Specifies a syslog target.
Specifies all of the remote syslog servers.
Specifies the syslog server’s IP address.
Specifies the UDP port number for the syslog target.
Specifies the virtual router that can reach the server IP address.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual.
Specifies the local syslog facility.
Specifies the local source IP address to use.
Default
If a virtual router is not specified, the VR-Mgmt virtual router is used.
Usage Guidelines
Use this command to identify and configure the syslog server’s IP address. By configuring a source IP address, the syslog server can identify from which switch it received the log message.
Options for configuring the remote syslog server include:
•
all
—Specifies all of the remote syslog server hosts.
Chapter 8. Commands for Status Monitoring and Statistics | 353
NETGEAR 8800 Chassis Switch CLI Manual
•
ipaddress
—The IP address of the remote syslog server host.
•
ipPort
—The UDP port.
•
vr_name
—The virtual router that can reach the syslog host.
•
local0-local7
—The syslog facility level for local use.
•
from
—The local source IP address.
If you do not configure a source IP address for the syslog target, the switch uses the IP address in the configured VR that has the closed route to the destination.
Example
The following command configures the IP address for the specified syslog target named
orange: configure log target syslog orange from 10.234.56.78
configure sflow agent ipaddress
configure sflow agent {ipaddress} <ip-address>
Description
Configures the sFlow agent’s IP address.
Syntax Description
ip-address Specifies the IP address from which sFlow data is sent on the switch.
Default
The default configured IP address is 0.0.0.0, but the effective IP address is the management port IP address.
Usage Guidelines
This command allows you to configure the IP address of the sFlow agent. Typically, you would set this to the IP address used to identify the switch in the network management tools that you use. The agent address is stored in the payload of the sFlow data, and is used by the sFlow collector to identify each agent uniquely. The default configured value is 0.0.0.0, but the switch will use the management port IP address if it exists.
command will reset the agent parameter to the default.
Example
The following command sets the sFlow agent’s IP address to 10.2.0.1: configure sflow agent ipaddress 10.2.0.1
354 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
configure sflow collector ipaddress
configure sflow collector {ipaddress} <ip-address> {port <udp-port-number>} {vr <vrname>}
Description
Configures the sFlow collector IP address.
Syntax Description
ip-address udp-port-number vrname
Specifies the IP address to send the sFlow data.
Specifies the UDP port to send the sFlow data.
Specifies from which virtual router to send the sFlow data.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual.
Default
The following values are the defaults for this command:
•
UDP port number—6343
•
Virtual router—VR-Mgmt (previously called VR-0).
Usage Guidelines
This command allows you to configure where to send the sFlow data. You must specify an IP address for the sFlow data collector, and you may specify a particular UDP port, if your collector uses a non-standard port. You may also need to specify from which virtual router to send the data.
You can configure up to four sFlow collectors. Each unique IP address/UDP port/virtual router combination identifies a collector.
The unconfigure sflow collector
command will reset the collector parameters to the default.
Example
The following command specifies that sFlow data should be sent to port 6343 at IP address
192.168.57.1 using the virtual router VR-Mgmt: configure sflow collector ipaddress 192.168.57.1
configure sflow max-cpu-sample-limit
configure sflow max-cpu-sample-limit <rate>
Description
Configures the maximum number of sFlow samples handled by the CPU per second.
Chapter 8. Commands for Status Monitoring and Statistics | 355
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
rate Specifies the maximum sFlow samples per second.
Default
The default value is 2000 samples per second.
Usage Guidelines
This command configures the maximum number of samples sent to the CPU per second. If this rate is exceeded, the internal sFlow CPU throttling mechanism kicks in to limit the load on the CPU.
Every time the limit is reached, the sample rate is halved (the value of number
in the
configure sflow sample-rate <number>
or
configure sflow ports <portlist> sample-rate
command is doubled) on the slot (modular switch) or ports (stand-alone switch) on which maximum number of packets were received during the last snapshot.
This effectively halves the sampling frequency of all the ports on that slot or stand-alone switch with a sub-sampling factor of 1. The sampling frequency of ports on that slot or stand-alone switch with a sub-sampling factor greater than 1 will not change; the sub-sampling factor is also halved so the that the same rate of samples are sent from that port.
The maximum CPU sample rate is based on the total number of samples received from all the sources. The valid range is 100 to 5000 samples per second.
Example
The following command specifies that the sFlow maximum CPU sample rate should be set to
4000 samples per second: configure sflow max-cpu-sample-limit 4000
configure sflow poll-interval
configure sflow poll-interval <seconds>
Description
Configures the sFlow counter polling interval.
Syntax Description
seconds Specifies the number of seconds between polling each counter. The value can range from 0 to 3600 seconds.
356 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Default
The default polling interval is 20 seconds.
Usage Guidelines
Each sFlow statistics counter is polled at regular intervals, and this data is then sent to the sFlow collector. This command is used to set the polling interval. To manage CPU load, polling for sFlow enabled ports are distributed over the polling interval, so that all ports are not polled at the same instant. For example, if the polling interval is 20 seconds and there are twenty counters, data is collected successively every second.
Specifying a poll interval of 0 (zero) seconds disables polling.
Example
The following command sets the polling interval to 60 seconds: configure sflow poll-interval 60
configure sflow ports sample-rate
configure sflow ports <portlist> sample-rate <number>
Description
Configures the sFlow per-port sampling rate.
Syntax Description
portlist number
Specifies a list of ports.
Specifies the fraction (1/number) of packets to be sampled.
Default
The default number is 8192, unless modified by the
Usage Guidelines
This command configures the sampling rate on a particular set of ports and overrides the system-wide value set in the
command. The rate is rounded off to the next power of two, so if 400 is specified, the sample rate is configured as 512. The valid range is 1 to 536870912.
All ports on the switch or same I/O module are sampled individually.
Example
The following command sets the sample rate for the ports 4:6 to 4:10 to one packet out of every 16384:
Chapter 8. Commands for Status Monitoring and Statistics | 357
NETGEAR 8800 Chassis Switch CLI Manual
configure sflow ports 4:6-4:10 sample-rate 16384
configure sflow sample-rate
configure sflow sample-rate <number>
Description
Configures the sFlow default sampling rate.
Syntax Description
number Specifies the fraction (1/number) of packets to be sampled.
Default
The default number is 8192.
Usage Guidelines
This command configures the default sampling rate. This is the rate that newly enabled sFlow ports will have their sample rate set to. Changing this rate will not affect currently enabled sFlow ports. The rate is rounded off to the next power of two, so if 400 is specified, the sample rate is configured as 512. The valid range is 1 to 536870912.
Configuring a lower number for the sample rate means that more samples will be taken, increasing the load on the switch. Do not configure the sample rate to a number lower than the default unless you are sure that the traffic rate on the source is low.
The minimum rate that these platforms sample is 1 out of every 256 packets. If you configure a rate to be less than 256, the switch automatically rounds up the sample rate to 256.
Example
The following command sets the sample rate to one packet out of every 16384: configure sflow sample-rate 16384
configure sys-health-check all level
configure sys-health-check all level [normal | strict]
Description
Configures how the NETGEAR 8800 software handles faults.
Syntax Description
normal Upon a fault detection, the switch only sends a message to the syslog. This is the default setting.
358 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
strict Upon a fault detection, the switch takes the action configured by the
configure sys-recovery-level slot
Default
The default setting is normal.
Usage Guidelines
command to implement your network's fault handling strategy.
If you configure the strict
parameter, the switch takes the action configured by the
configure sys-recovery-level slot
command, which can include logging only or restarting, rebooting, or shutting down the suspect device.
System Behavior for the NETGEAR 8800 Series Switches
Depending on your switch configuration,
shows how the 8800 series switches behave when the 8800 OS software detects a fault:
Table 9. System behavior for the NETGEAR 8800 series switches
Fault Handling Configuration
configure sys-health-check all level
normal
Module Recovery Configuration Behavior
configure sys-recovery-level slot
none
The switch sends messages to the syslog.
Same as above.
Same as above.
configure sys-recovery-level slot
reset
Same as above.
Same as above.
configure sys-recovery-level slot
shutdown
Same as above.
configure sys-health-check all level
strict
configure sys-recovery-level slot
none
Same as above.
configure sys-recovery-level slot
reset
Same as above.
configure sys-recovery-level slot
shutdown
8800 OS reboots the affected switch or module.
8800 OS shuts down the affected switch or module.
Chapter 8. Commands for Status Monitoring and Statistics | 359
NETGEAR 8800 Chassis Switch CLI Manual
Displaying the System Health Check Setting
To display the system health check setting, including polling and how the 8800 OS handles faults on the switch, use the following command:
The system health check setting, displayed as
SysHealth check
, shows the polling setting and how NETGEAR 8800 handles faults. The polling setting appears as Enabled, and the fault handling setting appears in parenthesis next to the polling setting. In the following truncated output from a NETGEAR 8800 switch, the system health check setting appears as
SysHealth check: Enabled (Normal)
:
SysName: TechPubs Lab
SysName: BD-8810Rack3
SysLocation:
SysContact: [email protected]
System MAC: 00:04:96:1F:A2:60
SysHealth check: Enabled (Normal)
Recovery Mode: None
System Watchdog: Enabled
If you use the strict
parameter, which configures the switch to take the action configured by the
configure sys-recovery-level slot
command,
(Strict) would appear next to
Enabled
.
Example
On a NETGEAR 8800 series switch, the following command configures the switch to forward faults to be handled by the level set by the
configure sys-recovery-level slot
configure sys-health-check all level strict
configure sys-health-check interval
configure sys-health-check interval <interval>
Description
Configures the frequency of sending backplane diagnostic packets and the polling interval.
Syntax Description
interval NETGEAR 8800 series switches—Specifies the frequency of sending backplane diagnostic packets.
• If backplane diagnostic packets are enabled on a particular slot, the default value for sending diagnostic packets is 5 seconds on that slot.
• If only polling occurs (this is the system default), the default value is
5 seconds. (The polling interval is not a user-configured parameter, and polling always occurs.)
360 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Default
Depending upon your platform, the following defaults apply:
•
If backplane diagnostics are enabled on a particular slot, the default for sending packets is 5 seconds on that slot.
•
The polling interval is always 5 seconds (this is a not a user-configured parameter).
Usage Guidelines
Use this command with the guidance of NETGEAR Technical Support personnel.
The system health checker tests I/O modules and the backplane by forwarding backplane diagnostic packets. Use this command to configure the amount of time it takes for the packets to be forwarded and returned to the MSM.
To enable backplane diagnostic packets, use the
enable sys-health-check slot <slot>
command. With backplane diagnostic packets enabled on a specific slot, the interval
option of the
configure sys-health-check interval
command specifies the frequency of sending
backplane diagnostic packets. For example, if you specify an interval of 9, backplane diagnostic packets are sent every 9 seconds on only the enabled slot.
Note:
NETGEAR does not recommend configuring an interval of less than the default interval. Doing this can cause excessive CPU utilization.
By default, the system health checker always polls the control plane health between MSMs and I/O modules, monitors memory levels on the I/O module, monitors the health of the I/O module, and checks the health of applications and processes running on the I/O module. If the system health checker detects an error, the health checker notifies the MSM.
You must enable the backplane diagnostic packets feature to send backplane diagnostic packets. If you enable this feature, the system health checker tests the data link for a specific
I/O module every 5 seconds by default. The MSM sends and receives diagnostic packets from the I/O module to determine the state and connectivity. If you disable backplane diagnostics, the system health checker stops sending backplane diagnostic packets.
Example
The following examples assume that you enabled backplane diagnostic packets on a specific
I/O slot.
On the NETGEAR 8800 series switches, the following command configures the backplane diagnostic packet interval to 8 seconds: configure sys-health-check interval 8
configure sys-recovery-level
configure sys-recovery-level [all | none]
Chapter 8. Commands for Status Monitoring and Statistics | 361
NETGEAR 8800 Chassis Switch CLI Manual
Description
Configures a recovery option for instances where a software exception occurs in NETGEAR
8800.
Syntax Description
all none
Configures the NETGEAR 8800 to log an error into the syslog and reboot the system after any software task exception occurs.
Configures the recovery level to none. No action is taken when a software task exception occurs; there is no system reboot, which can cause unexpected switch behavior.
Note:
Use this parameter only under the guidance of NETGEAR
Technical Support personnel.
Default
The default setting is all
.
Usage Guidelines
If the software fails, the switch automatically reboots or leaves the system in its current state.
You must specify one of the following parameters for the system to respond to software failures:
•
all
—The system will send error messages to the syslog and reboot if any software task exception occurs.
This command sets the recovery level only for the MSMs/MMs. The MSM/MM should reboot only if there is a software exception that occurs on the MSM/MM. The MSM/MM should not reboot if a software exception occurs on an I/O module.
To set the recovery level for all slots (MSM/MM and I/O) use the configure sys-recovery-level slot
command.
•
none
—No action is taken when a software task exception occurs. The system does not reboot, which can cause unexpected switch behavior.
Note:
Use the none
parameter only under the guidance of NETGEAR
Technical Support personnel.
The default setting and behavior is all
. NETGEAR strongly recommends using the default setting.
362 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Displaying the System Recovery Setting
To display the software recovery setting on the switch, use the following command: show switch
This command displays general switch information, including the software recovery level.
The following truncated output displays the software recovery setting (displayed as
Recovery
Mode
):
SysName: TechPubs Lab
SysLocation:
SysContact: [email protected]
System MAC: 00:04:96:20:B4:13
SysHealth check: Enabled (Normal)
Recovery Mode: All
System Watchdog: Enabled
Note:
All platforms display the software recovery setting as
Recovery Mode
.
Example
The following command configures a switch to not take an action when any software task exception occurs: configure sys-recovery-level none
configure sys-recovery-level slot
configure sys-recovery-level slot [all | <slot_number>] [none | reset | shutdown]
Description
Configures a recovery option for instances where an exception occurs on the specified
MSM/MM or I/O module.
Syntax Description
all slot_number none
Specifies all slots of the MSM/MM and I/O module.
Specifies the slot of the MSM/MM or I/O module.
• A and B—Indicate an MSM/MM
• 1 through 10—Indicate an I/O module
Configures the MSM/MM or I/O module to maintain its current state regardless of the detected hardware fault. The offending MSM/MM or I/O module is not reset. For more information about the states of an MSM/MM or
command.
Chapter 8. Commands for Status Monitoring and Statistics | 363
NETGEAR 8800 Chassis Switch CLI Manual
reset shutdown
Configures the offending MSM/MM or I/O module to reset upon a hardware fault detection. For more detailed information, see the
described below.
Configures the switch to shut down all slots/modules configured for shutdown upon fault detection. On the modules configured for shutdown, all ports in the slot are taken offline in response to the reported errors; however, the
MSMs/MMs remain operational for debugging purposes only. NETGEAR
8800 logs fault, error, system reset, system reboot, and system shutdown messages to the syslog.
Default
The default setting is reset
.
Usage Guidelines
Use this command for system auto-recovery upon detection of hardware problems. You can configure the MSMs/MMs or I/O modules to take no action, automatically reset, shutdown, or if dual MSMs/MMs are installed, failover to the other MSM/MM if the switch detects a faulty
MSM/MM or I/O module. This enhanced level of recovery detects faults in the ASICs as well as packet buses.
You must specify one of the following parameters for the system to respond to MSM/MM or
I/O module failures:
•
none
—Configures the MSM/MM or I/O module to maintain its current state regardless of the detected fault. The offending MSM/MM or I/O module is not reset. NETGEAR 8800 logs fault and error messages to the syslog and notifies you that the errors are ignored.
This does not guarantee that the module remains operational; however, the switch does not reboot the module.
•
reset
—Configures the offending MSM/MM or I/O module to reset upon fault detection.
NETGEAR 8800 logs fault, error, system reset, and system reboot messages to the syslog.
•
shutdown
—Configures the switch to shut down all slots/modules configured for shutdown upon fault detection. On the modules configured for shutdown, all ports in the slot are taken offline in response to the reported errors; however, the MSMs/MMs remain
command, for it to take effect. NETGEAR 8800 logs fault, error, system
reset, system reboot, and system shutdown messages to the syslog.
Depending on your configuration, the switch resets the offending MSM/MM or I/O module if fault detection occurs. An offending MSM/MM is reset any number of times, and the
MSM/MM is not permanently taken offline. An offending I/O module is reset a maximum of five times. After the maximum number of resets, the I/O module is permanently taken offline.
Messages Displayed
If you configure the hardware recovery setting to either none (ignore) or shutdown, the switch prompts you to confirm this action. The following is a sample shutdown message:
364 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Are you sure you want to shutdown on errors? (y/n)
Enter y
to confirm this action and configure the hardware recovery level. Enter n
or press
[Enter] to cancel this action.
Taking Ports Offline
You can configure the switch to shut down one or more modules upon fault detection by specifying the shutdown
option. If you configure one or more slots to shut down and the switch detects a hardware fault, all ports in all of the configured shut down slots are taken offline in response to the reported errors. (MSMs are available for debugging purposes only.)
The affected module remains in the shutdown state across additional reboots or power cycles until you explicitly clear the shutdown state. If a module enters the shutdown state, the module actually reboots and the show slot
command displays the state of the slot as
Initialized; however, the ports are shut down and taken offline. For more information about
clearing the shutdown state, see the clear sys-recovery-level
command.
Module Recovery Actions
describes the actions module recovery takes based on your module recovery
setting. For example, if you configure a module recovery setting of reset
for an I/O module, the module is reset a maximum of five times before it is taken permanently offline.
From left to right, the columns display the following information:
•
Module Recovery Setting—This is the parameter used by the configure sys-recovery-level slot
command to distinguish the module recovery behavior.
•
Hardware—This indicates the hardware that you may have in your switch.
•
Action Taken—This describes the action the hardware takes based on the module recovery setting.
Table 10. Module Recovery Actions for the NETGEAR 8800 Series Switches
Action Taken Module Recovery Setting Hardware
none
Single MSM
Dual MSM
I/O Module
The MSM remains powered on in its current state.
This does not guarantee that the module remains operational; however, the switch does not reboot the module.
The MSM remains powered on in its current state.
This does not guarantee that the module remains operational; however, the switch does not reboot the module.
The I/O module remains powered on in its current state. The switch sends error messages to the log and notifies you that the errors are ignored.
This does not guarantee that the module remains operational; however, the switch does not reboot the module.
reset
Chapter 8. Commands for Status Monitoring and Statistics | 365
NETGEAR 8800 Chassis Switch CLI Manual
Table 10. Module Recovery Actions for the NETGEAR 8800 Series Switches (Continued)
Module Recovery Setting Hardware
Single MSM
Dual MSM
I/O Module
Action Taken
Resets the MSM.
Resets the primary MSM and fails over to the backup MSM.
Resets the I/O module a maximum of five times. After the fifth time, the I/O module is permanently taken offline.
shutdown
Single MSM
Dual MSM
I/O Module
The MSM is available for debugging purposes only (the I/O ports also go down); however, you must clear the shutdown state using the
command for the
MSM to become operational.
After you clear the shutdown state, you must reboot the switch.
For more information see the clear sys-recovery-level
command.
The MSM is available for debugging purposes only (the I/O ports also go down); however, you must clear the shutdown state using the
command for the
MSM to become operational.
After you clear the shutdown state, you must reboot the switch.
For more information see the clear sys-recovery-level
command.
Reboots the I/O module. When the module comes up, the ports remain inactive because you must clear the shutdown state using the
command for the I/O module to become operational.
After you clear the shutdown state, you must reset each affected
I/O module or reboot the switch.
For more information see the clear sys-recovery-level
command.
Displaying the Module Recovery Setting
To display the module recovery setting, use the following command:
output has been modified to include the shutdown configuration. If you configure the module recovery setting to shutdown, the output displays an “E” flag that indicates any errors detected on the slot disables all ports on the slot. The “E” flag appears only if you configure the module recovery setting to shutdown.
366 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Note:
If you configure one or more slots for shut down and the switch detects a hardware fault on one of those slots, all of the configured slots enter the shutdown state and remain in that state until explicitly cleared.
If you configure the module recovery setting to none, the output displays an “e” flag that indicates no corrective actions will occur for the specified MSM/MM or I/O module. The “e” flag appears only if you configure the module recovery setting to none.
The following sample output displays the module recovery action. In this example, notice the flags identified for slot 10:
Slots Type Configured State Ports Flags
-------------------------------------------------------------------------------
Slot-1 XCM88P XCM88P Operational 48 MB S
Slot-2 XCM8824F XCM8824F Operational 24 MB S
Slot-3 XCM8848T XCM8848T Operational 48 MB S
Slot-4 Empty 0
Slot-5 XCM8808X XCM8808X Operational 8 MB S
Slot-6 XCM8808X XCM8808X Operational 8 MB S
Slot-7 Empty 0
Slot-8 XCM8848T XCM8848T Operational 48 MB S
Slot-9 XCM8848T Operational 48 MB S
Slot-10 XCM8848T XCM8848T Operational 48 MB S E
MSM-A XCM88S1 Operational 0 S
MSM-B XCM88S1 Operational 0 S
Flags : M - Backplane link to Master MSM is Active
B - Backplane link to Backup MSM is also Active
D - Slot Disabled, S - Slot Secured
I - Insufficient Power (refer to "show power budget")
e - Errors on slot will be ignored (no corrective action initiated)
E - Errors on slot will disable all ports on slot
Displaying Detailed Module Recovery Information
To display the module recovery setting for a specific port on a module, including the current recovery mode, use the following command:
<slot>
In addition to the information displayed with show slot, this command displays the module recovery setting configured on the slot. The following truncated output displays the module recovery setting (displayed as
Recovery Mode
) for the specified slot:
Slot-6 information:
State: Operational
Download %: 100
Chapter 8. Commands for Status Monitoring and Statistics | 367
NETGEAR 8800 Chassis Switch CLI Manual
Flags: M
Restart count: 0 (limit 5)
Serial number: 800421-00 00000000000
Hw Module Type: XCM8848T(P)
SW Version: 12.4.4.0
SW Build: v1244b0-br-SR3-1
Configured Type: XCM8848T(P)
Ports available: 48
Recovery Mode: Reset
Flags : M - Backplane link to Master is Active
B - Backplane link to Backup is also Active
D - Slot Disabled, S - Slot Secured
I - Insufficient Power (refer to "show power budget")
Troubleshooting Module Failures
If you experience an I/O module failure, use the following troubleshooting methods when you can bring the switch offline to solve or learn more about the problem:
•
Restarting the I/O module—Use the
command followed by the
<slot>
command to restart the offending I/O module. By issuing these commands, the I/O module and its associated fail counter is reset. If the module does not restart, or you continue to experience I/O module failure, please contact NETGEAR
Technical Support.
•
Running diagnostics—Use the run diagnostics normal <slot>
command to run operational diagnostics on the offending I/O module to ensure that you are not experiencing a hardware issue. If the module continues to enter the failed state, please contact NETGEAR Technical Support.
If you experience an MSM/MM failure, please contact NETGEAR Technical Support.
Example
The following command configures a switch to not take an action if a hardware fault occurs: configure sys-recovery-level slot none
configure syslog add
configure syslog add [<ipaddress> | <ipPort>] {vr <vr_name>} [local0 ... local7] {<severity>}
Description
Configures the remote syslog server host address, and filters messages to be sent to the remote syslog target.
368 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
ipaddress ipPort vr_name local0 ... local7 severity
Specifies the remote syslog server IP address.
Specifies the UDP port number for the syslog target.
Specifies the virtual router that can reach the server IP address.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual.
Specifies the local syslog facility.
Specifies a message severity. Severities include critical, error, warning, notice, info, debug-summary, debug-verbose, and debug-data.
Default
If a severity level is not specified, all messages are sent to the remote syslog server target. If a virtual router is not specified, VR-Mgmt is used. If UDP port is not specified, 514 is used.
Usage Guidelines
Options for configuring the remote syslog server include:
•
ipaddress—The IP address of the remote syslog server host.
•
ipPort—The UDP port.
•
local0-local7—The syslog facility level for local use.
•
vr_name—The virtual router that can reach the syslog host.
•
severity—Filters the messages sent to the remote syslog server target to have the selected severity or higher (more critical). Severities include critical, error, warning, notice, info, debug-summary, debug-verbose, and debug-data.
The switch log overwrites existing log messages in a wrap-around memory buffer, which may cause you to lose valuable information once the buffer becomes full. The remote syslog server does not overwrite log information, and can store messages in non-volatile files (disks, for example).
command must be issued in order for messages to be sent to the remote
syslog server(s). Syslog is disabled by default. A total of four syslog servers can be configured at one time.
command to associate a different filter.
The syslog facility level is defined as local0 – local7. The facility level is used to group syslog data.
Example
The following command configures the remote syslog server target with a critical severity:
Chapter 8. Commands for Status Monitoring and Statistics | 369
NETGEAR 8800 Chassis Switch CLI Manual
configure syslog 123.45.67.78 local1 critical
configure syslog delete
configure syslog delete [all | <ipaddress> | <ipPort>] {vr <vr_name>} {local0 ... local7} configure syslog delete <host name/ip> {: <udp-port>} [local0 ... local7]
Description
Deletes a remote syslog server address.
Syntax Description
all ipaddress ipPort vr_name local0 ... local7
Specifies all remote syslog servers.
Specifies the remote syslog server IP address.
Specifies the UDP port number for the syslog target.
Specifies the virtual router that can reach the server IP address.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual.
Specifies the local syslog facility.
Default
If a virtual router is not specified, VR-Mgmt is used.
If a UDP port number is not specified, 514 is used.
Usage Guidelines
This command is used to delete a remote syslog server target.
Example
The following command deletes the remote syslog server with an IP address of 10.0.0.1: configure syslog delete 10.0.0.1 local1
create log filter
create log filter <name> {copy <filter name>}
Description
Creates a log filter with the specified name.
370 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
name copy filter name
Specifies the name of the filter to create.
Specifies that the new filter is to be copied from an existing one.
Specifies the existing filter to copy.
Default
N/A.
Usage Guidelines
This command creates a filter with the name specified. A filter is a customizable list of events to include or exclude, and optional parameter values. The list of events can be configured by component or subcomponent with optional severity, or individual condition, each with optional parameter values. See the commands
and
configure log filter events match
for details on how to add items to the filter.
The filter can be associated with one or more targets using the configure log target filter
command to control the messages sent to those targets. The system has one built-in filter
named DefaultFilter, which itself may be customized. Therefore, the create log filter
command can be used if a filter other than DefaultFilter is desired. As its name implies,
DefaultFilter initially contains the default level of logging in which every NETGEAR 8800 component and subcomponent has a pre-assigned severity level.
If another filter needs to be created that will be similar to an existing filter, use the copy
option to populate the new filter with the configuration of the existing filter. If the copy
option is not specified, the new filter will have no events configured and therefore no incidents will pass through it.
The total number of supported filters, including DefaultFilter, is 20.
Example
The following command creates the filter named fdb2, copying its configuration from the filter
DefaultFilter: create log filter fdb2 copy DefaultFilter
delete log filter
delete log filter [<filter name> | all]
Description
Deletes a log filter with the specified name.
Chapter 8. Commands for Status Monitoring and Statistics | 371
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
filter name all
Specifies the filter to delete.
Specifies that all filters, except DefaultFilter, are to be deleted
Default
N/A.
Usage Guidelines
This command deletes the specified filter, or all filters except for the filter DefaultFilter. The specified filter must not be associated with a target. To remove that association, associate the target with DefaultFilter instead of the filter to be deleted, using the following command: configure log target <target> filter DefaultFilter
Example
The following command deletes the filter named fdb2: delete log filter fdb2
disable cli-config-logging
disable cli-config-logging
Description
Disables the logging of CLI configuration commands to the switch Syslog.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
Every command is displayed in the log window which allows you to view every command executed on the switch.
The disable cli-config-logging
command discontinues the recording of all switch
configuration changes and their sources that are made using the CLI via Telnet or the local console. After you disable configuration logging, no further changes are logged to the system log.
372 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
To view the status of configuration logging on the switch, use the
command.
command displays information about the switch including the enable/disable state for configuration logging.
Example
The following command disables the logging of CLI configuration command to the Syslog: disable cli-config-logging
disable log display
disable log display
Description
Disables the sending of messages to the console display.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
If the log display is disabled, log information is no longer written to the serial console.
This command setting is saved to FLASH and determines the initial setting of the console display at boot up.
You can also use the following command to control logging to different targets:
disable log target console-display command.
Example
The following command disables the log display: disable log display
disable log target
disable log target [console | memory-buffer | nvram | primary-msm | primary-node | backup-msm
| backup-node | session | syslog [all | <ipaddress> | <ipPort>] {vr <vr_name>} [local0 ... local7]]]
Description
Stops sending log messages to the specified target.
Chapter 8. Commands for Status Monitoring and Statistics | 373
NETGEAR 8800 Chassis Switch CLI Manual
In a stack, this command is applicable only to Master and Backup nodes and not applicable to the standby nodes.
Syntax Description
console memory-buffer nvram primary-msm primary-node backup-msm backup-node session syslog all ipaddress ipPort vr_name local0 ... local7
Specifies the console display.
Specifies the switch memory buffer.
Specifies the switch NVRAM.
Specifies the primary MSM.
Specifies the primary node in a stack.
Specifies the backup MSM.
Specifies the backup node in a stack.
Specifies the current session (including console display).
Specifies a syslog target.
Specifies all of the remote syslog servers.
Specifies the syslog host name or IP address.
Specifies the UDP port number for the syslog target.
Specifies the virtual router that can reach the server IP address.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual.
Specifies the local syslog facility.
Default
Enabled, for memory buffer, NVRAM, primary MSM, and backup MSM/MM; all other targets are disabled by default.
Usage Guidelines
This command stops sending messages to the specified target. By default, the memory buffer, NVRAM, primary MSM/MM, and backup MSM/MM targets are enabled. Other targets must be enabled before messages are sent to those targets.
Configuration changes to the session
target are in effect only for the duration of the console display or telnet session, and are not saved in FLASH. Changes to the other targets are saved to FLASH.
You can also use the following command to disable displaying the log on the console:
command is equivalent to disable log target console-display command.
374 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Note that the backup-msm
target is only active on the primary MSM/MM, and the primary-msm target is only active on the backup MSM/MM.
Example
The following command disables log messages to the current session: disable log target session
disable rmon
disable rmon
Description
Disables the collection of RMON statistics on the switch.
Syntax Description
This command has no arguments or variables.
Default
By default, RMON is disabled. However, even in the disabled state, the switch responds to
RMON queries and sets for alarms and events.
Usage Guidelines
The switch supports four out of nine groups of Ethernet RMON statistics. In a disabled state, the switch continues to respond queries of statistics. Collecting of history, alarms, and events is stopped; however, the switch still queries old data.
To view the status of RMON polling on the switch, use the
command. The
command displays information about the switch including the enable/disable state for RMON polling.
To view the RMON memory usage statistics for a specific memory type (for example, statistics, events, logs, history, or alarms) or for all memory types, use the following command:
show rmon memory {detail | <memoryType>}
Example
The following command disables the collection of RMON statistics on the switch: disable rmon
disable sflow
disable sflow
Chapter 8. Commands for Status Monitoring and Statistics | 375
NETGEAR 8800 Chassis Switch CLI Manual
Description
Globally disables sFlow statistical packet sampling.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
This command disables sFlow globally on the switch. When you disable sFlow globally, the individual ports are also put into the disabled state. If you later enable the global sFlow state, individual ports return to their previous state.
Example
The following command disables sFlow sampling globally: disable sflow
disable sflow ports
disable sflow ports <portlist>
Description
Disables sFlow statistical packet sampling and statistics gathering on a particular list of ports.
Syntax Description
portlist Specifies a list of ports.
Default
Disabled.
Usage Guidelines
This command disables sFlow on a particular list of ports. Once sFlow is disabled on a port, sampling and polling will stops. If sFlow is disabled globally, all sampling and polling stops
Use the following command to disable sFlow globally:
376 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command disables sFlow sampling on port 3:1: disable sflow ports 3:1
disable sys-health-check
disable sys-health-check slot <slot>
Description
Discontinues sending backplane diagnostic packets.
Syntax Description
slot Specifies the slot to disable sending backplane diagnostic packets.
Default
Polling is enabled, backplane diagnostic packets are disabled.
Depending upon your platform, when disabling backplane diagnostic packets, note that by default the system health checker discontinues sending backplane diagnostic packets to the specified slot. Only polling is enabled.
Usage Guidelines
When you use this command, backplane diagnostic packets are disabled and no longer sent by the system health checker.
If you modify the interval
in the
configure sys-health-check interval <interval>
command and later disable backplane diagnostics, the configured interval for sending backplane diagnostic packets remains. The next time you enable backplane diagnostic packets, the health checker sends backplane diagnostics packets at the configured interval.
For example, if you configure an interval of 8 seconds, the system health checker sends backplane diagnostic packets every 8 seconds.
To return to the "default" interval of 5 seconds, configure the frequency of sending backplane diagnostic packets to 5 seconds using the following command: configure sys-health-check interval 5
Example
On the NETGEAR 8800 series switches, the following example assumes that you did not modify the interval
option in the configure sys-health-check interval <interval>
command.
The following command disables backplane diagnostics on slot 3, polling is always enabled and occurs every 5 seconds.
Chapter 8. Commands for Status Monitoring and Statistics | 377
NETGEAR 8800 Chassis Switch CLI Manual
disable sys-health-check slot 3
disable syslog
disable syslog
Description
Disables logging to all remote syslog server targets.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
Disables logging to all remote syslog server targets, not to the switch targets. This setting is saved in FLASH, and will be in effect upon boot up.
Example
The following command disables logging to all remote syslog server targets: disable syslog
enable cli-config-logging
enable cli-config-logging
Description
Enables the logging of CLI configuration commands to the Syslog for auditing purposes.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
NETGEAR 8800 allows you to record all configuration changes and their sources that are made using the CLI by way of Telnet or the local console. The changes are logged to the system log. Each log entry includes the user account name that performed the changes and the source IP address of the client (if Telnet was used). Configuration logging applies only to commands that result in a configuration change.
378 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
To view the status of configuration logging on the switch, use the
command.
command displays information about the switch including the enable/disable state for configuration logging.
Example
The following command enables the logging of CLI configuration commands to the Syslog: enable cli-config-logging
enable log display
enable log display
Description
Enables a running real-time display of log messages on the console display.
In a stack, this command is applicable only to Master and Backup nodes. You cannot run this command on standby nodes.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
If you enable the log display on a terminal connected to the console port, your settings will remain in effect even after your console session is ended (unless you explicitly disable the log display).
You configure the messages displayed in the log using the configure log display
configure log target console-display
commands.
You can also use the following command to control logging to different targets:
enable log target console-display command.
To change the log filter association, severity threshold, or match expression for messages sent to the console display, use the configure log target console-display
command
Example
The following command enables a real-time display of log messages: enable log display
Chapter 8. Commands for Status Monitoring and Statistics | 379
NETGEAR 8800 Chassis Switch CLI Manual
enable log target
enable log target [console | memory-buffer | nvram | primary-msm |primary-node| backup-msm | backup-node| session | syslog [all | <ipaddress> | <ipPort>] {vr <vr_name>} [local0 ... local7]]]
Description
Starts sending log messages to the specified target.
Syntax Description
console memory-buffer nvram primary-msm primary-node backup-msm backup-node session syslog all ipaddress ipPort vr_name local0 ... local7
Specifies the console display.
Specifies the switch memory buffer.
Specifies the switch NVRAM.
Specifies the primary MSM.
Specifies the primary node of a stack.
Specifies the backup MSM.
Specifies the backup node of a stack.
Specifies the current session (including console display).
Specifies a syslog target.
Specifies all of the remote syslog servers.
Specifies the syslog IP address.
Specifies the UDP port number for the syslog target.
Specifies the virtual router that can reach the server IP address.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual.
Specifies the local syslog facility.
Default
Enabled for memory buffer and NVRAM; all other targets are disabled by default.
Usage Guidelines
This command starts sending messages to the specified target. By default, the memory-buffer, NVRAM, primary MSM/MM, and backup MSM/MM targets are enabled.
Other targets must be enabled before messages are sent to those targets.
Configuration changes to the session
target are in effect only for the duration of the console display or Telnet session, and are not saved in FLASH. Others are saved in FLASH.
You can also use the following command to enable displaying the log on the console:
380 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
enable log target console-display command.
Note that the backup-msm
target is only active on the primary MSM/MM, and the primary-msm target is only active on the backup MSM/MM.
Example
The following command enables log messages on the current session: enable log target session
enable rmon
enable rmon
Description
Enables the collection of RMON statistics on the switch.
Syntax Description
This command has no arguments or variables.
Default
By default, RMON is disabled. However, even in the disabled state, the switch responds to
RMON queries and sets for alarms and events. By enabling RMON, the switch begins the processes necessary for collecting switch statistics.
Usage Guidelines
The switch supports four out of nine groups of Ethernet RMON statistics. In an enabled state, the switch responds to the following four groups:
•
Statistics—The RMON Ethernet Statistics group provides traffic and error statistics showing packets, bytes, broadcasts, multicasts, and errors on a LAN segment or VLAN.
•
History—The History group provides historical views of network performance by taking periodic samples of the counters supplied by the Statistics group. The group features user-defined sample intervals and bucket counters for complete customization of trend analysis.
•
Alarms—The Alarms group provides a versatile, general mechanism for setting threshold and sampling intervals to generate events on any RMON variable. Both rising and falling thresholds are supported, and thresholds can be on the absolute value of a variable or its delta value. In addition, alarm thresholds may be auto calibrated or set manually.
•
Events—The Events group creates entries in an event log and/or sends SNMP traps to the management workstation. An event is triggered by an RMON alarm. The action taken can be configured to ignore it, to log the event, to send an SNMP trap to the receivers
Chapter 8. Commands for Status Monitoring and Statistics | 381
NETGEAR 8800 Chassis Switch CLI Manual
listed in the trap receiver table, or to both log and send a trap. The RMON traps are defined in RFC 1757 for rising and falling thresholds.
The switch also supports the following parameters for configuring the RMON agent, as defined in RFC 2021:
•
probeCapabilities—If you configure the probeCapabilities object, you can view the RMON
MIB groups supported on at least one interface by the probe.
•
probeSoftwareRev—If you configure the probeSoftwareRev object, you can view the current software version of the monitored device.
•
probeHardwareRev—If you configure the probeHardwareRev object, you can view the current hardware version of the monitored device.
•
probeDateTime—If you configure the probeDateTime object, you can view the current date and time of the probe.
•
probeResetControl—If you configure the probeResetControl object, you can restart a managed device that is not running normally. Depending on your configuration, you can do one of the following:
•
Warm boot—A warm boot restarts the device using the current configuration saved in non-volatile memory.
•
Cold boot—A cold boot causes the device to reset the configuration parameters stored in non-volatile memory to the factory defaults and then restarts the device using the restored factory default configuration.
Note:
You can only use the RMON features of the system if you have an
RMON management application and have enabled RMON on the switch.
RMON requires one probe per LAN segment, and stand-alone RMON probes have traditionally been expensive. Therefore, the approach taken by NETGEAR has been to build an inexpensive RMON probe into the agent of each system. This allows RMON to be widely deployed around the network without costing more than traditional network management.
The switch accurately maintains RMON statistics at the maximum line rate of all of its ports.
For example, statistics can be related to individual ports. Also, because a probe must be able to see all traffic, a stand-alone probe must be attached to a nonsecure port. Implementing
RMON in the switch means that all ports can have security features enabled.
To view the status of RMON polling on the switch, use the show management
command displays information about the switch including the
enable/disable state for RMON polling.
To view the RMON memory usage statistics for a specific memory type (for example, statistics, events, logs, history, or alarms) or for all memory types, use the following command:
show rmon memory {detail | <memoryType>}
382 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command enables the collection of RMON statistics on the switch: enable rmon
enable sflow
enable sflow
Description
Globally enables sFlow statistical packet sampling.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
This command enables sFlow globally on the switch.
Example
The following command enables sFlow sampling globally: enable sflow
enable sflow ports
enable sflow ports <port_list>
Description
Enables sFlow statistical packet sampling on a particular list of ports.
Syntax Description
port_list Specifies a list of ports.
Default
Disabled.
Chapter 8. Commands for Status Monitoring and Statistics | 383
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
This command enables sFlow on a particular list of ports. You also need to enable sFlow globally in order to gather statistics and send the data to the collector. Once sFlow is enabled globally, and on the ports of interest, sampling and polling begins.
Use the following command to enable sFlow globally:
Example
The following command enables sFlow sampling on the port 3:1: enable sflow ports 3:1
enable sys-health-check
enable sys-health-check slot <slot>
Description
Enables backplane diagnostic packets on the specified slot.
Syntax Description
slot Specifies the slot to participate in sending backplane diagnostic packets.
Default
Polling is enabled, backplane diagnostic packets are disabled.
Depending upon your platform, when you enable diagnostic packets, the system health checker tests the data link every 5 seconds for the specified slot.
Usage Guidelines
Configure the system health checker with guidance from NETGEAR Technical Support personnel.
The system health checker tests I/O modules and the backplane by sending diagnostic packets. By isolating faults to a specific module or backplane connection, the system health checker notifies you of a possible hardware failure.
System health check errors are reported to the syslog. Syslog output includes the slot number where the problem occurred, the loopback packet ID number, and a notification that the MSM/MM did not receive the last packet. If you see an error, please contact NETGEAR
Technical Support.
384 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Note:
Enabling backplane diagnostic packets increases CPU utilization and competes with network traffic for resources.
The system health checker continues to periodically forward test packets to failed components.
To configure the frequency of the backplane diagnostic packets on the NETGEAR 8800 series switches, use the
configure sys-health-check interval
Displaying the System Health Check Setting
To display the system health check polling setting on the switch, use the following command:
As previously described, polling is always enabled on the switch, which is why you see the system health check setting as Enabled. The following truncated output from a NETGEAR
8810 switch displays the system health check setting (displayed as
SysHealth check
):
SysName: XCM8810
SysLocation:
SysContact: [email protected]
System MAC: 00:04:96:1F:A2:60
SysHealth check: Enabled
Recovery Mode: None
System Watchdog: Enabled
Example
The following command enables backplane diagnostic packets on slot 6: enable sys-health-check slot 6
enable syslog
enable syslog
Description
Enables logging to all remote syslog host targets.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Chapter 8. Commands for Status Monitoring and Statistics | 385
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
To enable remote logging, you must do the following:
•
Configure the syslog host to accept and log messages.
•
Enable remote logging by using the enable syslog
command.
•
Configure remote logging by using the configure syslog
command.
When you use the enable syslog
command, the exporting process of the syslog begins. This
command also determines the initial state of an added remote syslog target.
Example
The following command enables logging to all remote syslog hosts: enable syslog
show fans
show fans {detail}
Description
Displays the status of the fans in the system.
Syntax Description
detail The detail option is reserved for future use.
Default
N/A.
Usage Guidelines
Use this command to view detailed information about the health of the fans.
This status information may be useful for your technical support representative if you have a network problem.
The switch collects and displays the following fan information:
•
State—The current state of the fan. Options are:
•
Empty: There is no fan installed.
•
Failed: The fan failed.
•
Operational: The fan is installed and working normally.
•
NumFan—The number of fans in the fan tray.
386 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
•
Fan Name, displayed as Fan-1, Fan-2, and so on (and a description of the location, for example, Upper or Upper-Right)—Specifies the individual state for each fan in a fan tray and its current speed in revolutions per minute (rpm).
The output also includes the following information:
•
PartInfo—Information about the fan tray, including the:
•
Serial number—A collection of numbers and letters, that make up the serial number of the fan. This is the first series of numbers and letters in the display.
•
Part number—A collection of numbers and letters, that make up the part number of the fan. This is the second series of numbers and letters in the display.
•
Revision—The revision number of the fan.
•
Odometer—Specifies the power-on date and how long the fan tray has been operating since it was first powered-on.
Example
The following command displays the status of the installed fans. If a fan is not installed, the state of the fan is
Empty
.
show fans
The following is sample output from a NETGEAR 8800 series switch:
FanTray information:
State: Operational
NumFan: 9
PartInfo: 0404X-00015 450102-00-01
Revision: 1.0
Odometer: 111 days 16 hours 30 minutes since Oct-13-2004
Upper-Left Fan-1: Operational at 2880 RPM
Middle-Left Fan-2: Operational at 2820 RPM
Lower-Left Fan-3: Operational at 2820 RPM
Upper-Center Fan-4: Operational at 2820 RPM
Center Fan-5: Operational at 2820 RPM
Lower-Center Fan-6: Operational at 2880 RPM
Upper-Right Fan-7: Operational at 2880 RPM
Middle-Right Fan-8: Operational at 2820 RPM
Lower-Right Fan-9: Operational at 2880 RPM
show log
show log {messages [memory-buffer | nvram]} {events {<event-condition> | <event-component>]}
{severity <severity> {only}} {starting [date <date> time <time> | date <date> | time <time>]}
{ending [date <date> time <time> | date <date> | time <time>]} {match <regex>} {chronological}
Description
Displays the current log messages.
Chapter 8. Commands for Status Monitoring and Statistics | 387
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
messages memory-buffer nvram events event-condition event-component severity only starting date time ending regex chronological
Specifies the target location from which to display the log messages.
Show messages stored in volatile memory (default).
Show messages stored in NVRAM.
Show event messages.
Specifies the event condition to display.
Specifies the event component to display.
Specifies the minimum severity level to display (if the keyword only is omitted).
Specifies that only the specified severity level is to be displayed
Show messages with timestamps equal to or greater than that specified
Specifies the date, where date is <month (1-12)> / <day (1-31)> {/ <year
(yyyy)>}.
Specifies the time, where time is <hour (0-23)> {: <minute (0-59)> {:
<seconds (0-59)> {. <hundredths>}}}
Show messages with timestamps equal to or less than that specified.
Specifies a regular expression. Only messages that match the regular expression will be displayed.
Specifies displaying log messages in ascending chronological order (oldest to newest).
Default
The following defaults apply:
•
messages—memory buffer
•
event—no restriction (displays user-specified event)
•
severity—none (displays everything stored in the target)
•
starting, ending—if not specified, no timestamp restriction
•
match—no restriction
•
chronological—if not specified, show messages in order from newest to oldest
Usage Guidelines
Switch configuration and fault information is filtered and saved to target logs, in a memory buffer, and in NVRAM. Each entry in the log contains the following information:
•
Timestamp—records the month and day of the event, along with the time (hours, minutes, seconds, and hundredths).
388 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
•
Severity Level—indicates the urgency of a condition reported in the log.
describes the severity levels assigned to events.
•
Component, Subcomponent, and Condition Name—describes the subsystem in the software that generates the event. This provides a good indication of where a fault might lie.
•
Message—a description of the event occurrence. If the event was caused by a user, the user name is also provided.
This command displays the messages stored in either the internal memory buffer or in
NVRAM. The messages shown can be limited by specifying a severity level, a time range, or a match expression. Messages stored in the target have already been filtered as events occurred, and specifying a severity or match expression on the show log
command can only further limit the messages shown.
If the messages
keyword is not present, the messages stored in the memory-buffer target are displayed. Otherwise, the messages stored in the specified target are displayed.
If the only
keyword is present following the severity value, then only the events at that exact severity are included. Without the only
keyword, events at that severity or more urgent are displayed. For example, severity warning
implies critical, error, or warning, whereas severity warning only
implies only warning.
Messages whose timestamps are equal or later than the starting time and are equal or earlier than the specified ending time will be shown if they also pass the severity requirements and match expression, if specified.
If a match
phrase is specified, the formatted message must match the simple regular expression specified by match-expression
for it to be shown.
A simple regular expression is a string of single characters including the dot character (.), which are optionally combined with quantifiers and constraints. A dot matches any single character while other characters match only themselves (case is significant). Quantifiers include the star character (*) that matches zero or more occurrences of the immediately preceding character or dot. Constraints include the caret character (^) that matches at the beginning of a message, and the currency character ($) that matches at the end of a message. Bracket expressions are not supported. There are a number of sources available on the Internet and in various language references describing the operation of regular expressions.
If the chronological
keyword is specified, messages are shown from oldest to newest; otherwise, messages are displayed newest to oldest.
Severity Level
The severity levels are critical
, error
, warning
, notice
, and info
, plus three severity levels for extended debugging, debug-summary
, debug-verbose
, and debug-data
. In log messages, the severity levels are shown by four letter abbreviations. The abbreviated forms are:
•
Critical—Crit
•
Error—Erro
•
Warning—Warn
Chapter 8. Commands for Status Monitoring and Statistics | 389
NETGEAR 8800 Chassis Switch CLI Manual
•
Notice—Noti
•
Info—Info
•
Debug-Summary—Summ
•
Debug-Verbose—Verb
•
Debug-Data—Data
The three severity levels for extended debugging, debug-summary
, debug-verbose
, and debug-data
, require that debug mode be enabled (which may cause a performance
degradation). See the command enable log debug-mode on page 1350 .
the security levels.
Table 11. Severity Levels Assigned by the Switch
Level
Critical
Error
Warning
Notice
Info (Informational)
Debug-Summary
Debug-Verbose
Debug-Data
Description
A serious problem has been detected that is compromising the operation of the system and that the system cannot function as expected unless the situation is remedied. The switch may need to be reset.
A problem has been detected that is interfering with the normal operation of the system and that the system is not functioning as expected.
An abnormal condition, not interfering with the normal operation of the system, has been detected that may indicate that the system or the network in general may not be functioning as expected.
A normal but significant condition has been detected, which signals that the system is functioning as expected.
A normal but potentially interesting condition has been detected, which signals that the system is functioning as expected and simply provides information or confirmation about the condition.
A condition has been detected that may interest a developer determining the reason underlying some system behavior.
A condition has been detected that may interest a developer analyzing some system behavior at a more verbose level than provided by the debug summary information.
A condition has been detected that may interest a developer inspecting the data underlying some system behavior.
Messages stored in NVRAM are in encoded format. To restore the ASCII text of a message, the version of the NETGEAR 8800 loaded must be able to interpret the data written prior to reboot. When the encoded format for a particular message cannot be interpreted by the version of the NETGEAR 8800 currently loaded, the messages are displayed in the following format:
03/21/2005 17:15:37.36 : NO MESSAGE DECODE; Missing component "epm" v24.2
DUMP-10: 00 14 C3 C1 00 11 00 1C 01 FF 00 08 65 70 6D 00 '............epm.'
DUMP-20: 08 FF 00 0C 00 18 00 02 65 70 6D 00 '........epm.'
390 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Log entries remain in the NVRAM log after a switch reboot. Issuing a clear log
command does not remove these static entries. To remove log entries from NVRAM, use the following command: clear log messages nvram
Example
The following command displays messages with a critical severity: show log severity critical
The following command displays messages with warning, error, or critical severity: show log severity warning
The following is sample output:
11/12/2004 00:38:10.30 <Warn:dm.Warn> MSM-A: Insufficient Power to power-on Slot-7
11/12/2004 00:38:08.77 <Warn:dm.Warn> MSM-A: Slot-7 being Powered OFF due to insuf ficient power
11/12/2004 00:36:23.77 <Warn:dm.Warn> MSM-A: Slot-7 being Powered OFF due to insuf ficient power
...
A total of 83 log messages were displayed.
The following command displays messages containing the string “slot 2”: show log match "slot 2"
show log components
show log components {<event component>} {version}
Description
Displays the name, description and default severity for all components.
Syntax Description
event component version
Specifies the component to display.
Specifies the version number of the component.
Default
N/A.
Chapter 8. Commands for Status Monitoring and Statistics | 391
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
This command displays the name, description, and default severity defined for the specified components or subcomponents.
Depending on the software version running on your switch or your switch model, additional or different component information might be displayed.
Example
The following command displays the log components: show log components
The following is sample output from this command:
Severity
Component Title Threshold
------------------- ---------------------------------------------- -------------
AAA Authentication, Authorization, Accounting Info
RADIUS Remote Authentication Dial In User Service Error
TACACS Terminal Access Controller Access Control Syst Info
ACL ACL Info
CLEARFlow CLEARFlow Info
Policy Policy actions Info bgp Border Gateway Protocol Info
damp BGP Route Flap Dampening related debug message Error
event BGP FSM related events Error
inUpdt Incoming Update related debug msgs Warning
keepalive BGP keepalive message Warning
misc Miscellenous debug (Import, Aggregate, NextHop Warning
msgs Debug for BGP messages (OPEN, Update, Notifica Warning
outUpdt Transmit Update related debug Warning bootp BOOTP, DHCP Component Error
relay BOOTP Relay trace component Error
server DHCP Server subcomponent Info cli Command Line Interface Info
shell CLI configuration shell. Error
subagent CLI application subagent Error cm Configuration Manager Warning
file CM file operation events Warning
sys CM system events Warning
DM Device Manager Info
Card Device Manager Card State Machine Info dosprot dosprot Info ds Directory Services Error fdb fdb module event Error
HAL Hardware Abstraction Layer Error
Card Card State Driver Info
392 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
FDB Forwarding Database Driver Info
IPv4ACL IPv4 Access Control List Driver Info
IPv4Adj IPv4 Adjacency Driver Info
IPv4FIB IPv4 FIB Driver Info
IPv4Mc IPv4 Multicast Driver Info
Mirror Mirroring Driver Error
Msg Message Handler Info
Port I/O Port Driver Info
SM Switch Manager Info
Sys System Driver Info
VLAN VLAN Driver Info
IPMC IP Multicast Main Module Info
Snoop IP Multicast Snooping Module Error
VLAN IP Multicast VLAN Module Error
Kern Kernel messages Error
LACP Link Aggregation Control Protocol Info lldp Link Layer Discovery Protocol (IEEE 802.1AB) Warning log Log server messages Warning netTool netTools framework Error
dnsclient Dns Client Error
dnsproxy Dns Proxy Error
routeradv IPv6 Router Advertisements Warning
sntp Sntp client Warning nl Network Login Info
dot1x 802.1x-based Network Login Warning
mac MAC-based Network Login Warning
web Web-based Network Login Warning
NM Node Manager Info ospf open shortest path first Error
event ospf events Info
hello ospf hello Error
lsa ospf link-state advertisement Error
neighbor ospf neighbor Error
spf ospf shortest path first Error ospfv3 OSPFv3 related EMS messages Warning
events OSPF6 events related messages Error
lsa LSA related messages Warning
nbr OSPF6 neighbor related EMS messages Warning
pkt OSPF6 Packet receive/transmit/processing relat Warning
route OSPF6 route add/delete related messages Warning
spf SPF computation related messages Error pim Pim Protocol Events Warning
cache PIM cache maintenance. Warning
debug PIM debug messages Notice
hello Hello messages Warning
mcdbg multicast forwarding engine Warning
msg Trace for pim control packtes Notice
Chapter 8. Commands for Status Monitoring and Statistics | 393
NETGEAR 8800 Chassis Switch CLI Manual
nbr Neighbor creation/deletion etc Warning
rpm RP message exchange. Warning pm Policy Manager Error
config Policy file events Info
POE Inline Power Notice rip RIP routing Error
cfg rip configuration Warning
event rip events Warning
inUpdt rip - inbound route updates Warning
msgs rip - socket messages in and out Warning
outUpdt rip - outbound route updates Warning
sys rip - exos kernel interface Warning ripng RIPng Protocol Events Warning
debug RIPng debug messages Notice
external RIPng external interface related messages Warning
message RIPng control messages Warning
route Hello messages Warning rmon RMON general info Error
alarm RMON alarm info Error
estat RMON statistics info Error
event RMON event info Error
history RMON history Error
RtMgr Route Manager Info
VLAN rtmgr vlan interface Info sflow Sflow Protocol Events Warning
debug SFLOW debug messages Notice
extended SFLOW extended data collection Notice
msg SFLOW process initializaion related message Warning
sample SFLOW sample collection related messages Warning
statistics SFLOW port statistics related message Warning
STP Spanning-Tree Protocol Error
InBPDU STP In Bridge Protocol Data Unit Warning
OutBPDU STP Out Bridge Protocol Data Unit Warning
System STP System Error
System XOS system related log messages Info telnetd telnet server Info tftpd tftp server Info thttpd thttp server Info trace Debug trace messages Warning vlan Vlan mgr Info
ack vlan ack Error
dbg Debug information Info
err errors Error
mac Virtual MAC Debugging Info
msgs Messages Info
VRRP Config/State messages Warning
394 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Advert Subsystem description Warning
System System/Library messages Warning
A total of 143 component(s) were displayed.
The following command displays the version number of the VRRP component: show log components vrrp version
The following is sample output from this command:
Component Title Version
------------------- ---------------------------------------------- -------
VRRP Config/State messages 2.4
Advert Subsystem description 3.1
System System/Library messages 3.2
A total of 3 component(s) were displayed.
show log configuration
show log configuration
Description
Displays the log configuration for switch log settings, and for certain targets.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
This command displays the log configuration for all targets. The state of the target, enabled or disabled is displayed. For the enabled targets, the associated filter, severity, match expression, and format is displayed. The debug mode state of the switch is also displayed.
Example
The following command displays the configuration of all the log targets and all existing filters: show log configuration
The following is sample output from this command:
Debug-Mode: Enabled
Log Target : memory-buffer
Enabled ? : yes
Filter Name : DefaultFilter
Chapter 8. Commands for Status Monitoring and Statistics | 395
NETGEAR 8800 Chassis Switch CLI Manual
Match regex : Any
Severity : Debug-Data (through Critical)
Format : MM/DD/YYYY HH:MM:SS.hh <Severity:Component.SubComponent.Condit
ion>
Buffer size : 1000 messages
Log Target : nvram
Enabled ? : yes
Filter Name : DefaultFilter
Match regex : Any
Severity : Warning (through Critical)
Format : MM/DD/YYYY HH:MM:SS.hh <Severity:Component.SubComponent.Condit
ion>
Log Target : console
Enabled ? : no
Filter Name : DefaultFilter
Match regex : Any
Severity : Info (through Critical)
Format : MM/DD/YYYY HH:MM:SS.hh <Severity:Component.SubComponent.Condition>
Log Filter Name: DefaultFilter
I/ Severity
E Comp. Sub-comp. Condition CEWNISVD
- ------- ----------- ----------------------- --------
I All --------
Log Filter Name: myFilter
I/ Severity
E Comp. Sub-comp. Condition CEWNISVD
- ------- ----------- ----------------------- --------
I STP --------
Include/Exclude: I - Include, E - Exclude
Component Unreg: * - Component/Subcomponent is not currently registered
Severity Values: C - Critical, E - Error, W - Warning, N - Notice, I - Info
Debug Severity : S - Debug-Summary, V - Debug-Verbose, D - Debug-Data
+ - Debug Severities, but log debug-mode not enabled
If Match parameters present:
Parameter Flags: S - Source, D - Destination, (as applicable)
I - Ingress, E - Egress, B - BGP
Parameter Types: Port - Physical Port list, Slot - Physical Slot #
MAC - MAC address, IP - IP Address/netmask, Mask - Netmask
VID - Virtual LAN ID (tag), VLAN - Virtual LAN name
L4 - Layer-4 Port #, Num - Number, Str - String
396 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Nbr - Neighbor, Rtr - Routerid
Proc - Process Name
Strict Match : Y - every match parameter entered must be present in the event
N - match parameters need not be present in the event
show log configuration filter
show log configuration filter {<filter name>}
Description
Displays the log configuration for the specified filter.
Syntax Description
filter name Specifies the filter to display.
Default
If no options are specified, the command displays the configuration for all filters.
Usage Guidelines
This command displays the configuration for filters.
Example
The following command displays the configuration for the filter, myFilter: show log configuration filter myFilter
The following is sample output from this command:
Log Filter Name: myFilter
I/ Severity
E Comp. Sub-comp. Condition CEWNISVD
- ------- ----------- ----------------------- --------
I STP --------
I aaa --------
Include/Exclude: I - Include, E - Exclude
Component Unreg: * - Component/Subcomponent is not currently registered
Severity Values: C - Critical, E - Error, W - Warning, N - Notice, I - Info
* - Pre-assigned severities in effect for specified component
Debug Severity : S - Debug-Summary, V - Debug-Verbose, D - Debug-Data
+ - Debug Severities, but log debug-mode not enabled
If Match parameters present:
Parameter Flags: S - Source, D - Destination, (as applicable)
I - Ingress, E - Egress, B - BGP
Parameter Types: Port - Physical Port list, Slot - Physical Slot #
Chapter 8. Commands for Status Monitoring and Statistics | 397
NETGEAR 8800 Chassis Switch CLI Manual
MAC - MAC address, IP - IP Address/netmask, Mask - Netmask
VID - Virtual LAN ID (tag), VLAN - Virtual LAN name
L4 - Layer-4 Port #, Num - Number, Str - String
Nbr - Neighbor, Rtr - Routerid
Proc - Process Name
Strict Match : Y - every match parameter entered must be present in the event
N - match parameters need not be present in the event
show log configuration target
show log configuration target {console | memory-buffer | nvram | primary-msm | primary-node | backup-msm | backup-node | session | syslog {<ipaddress> | <ipPort> | vr <vr_name>} {[local0
... local7]}}
Description
Displays the log configuration for the specified target.
Syntax Description
console memory-buffer nvram primary-msm primary-node backup-msm backup-node session syslog ipaddress ipPort vr_name
Show the log configuration for the console display.
Show the log configuration for volatile memory.
Show the log configuration for NVRAM.
Specifies the primary MSM.
Specifies the primary node in a stack.
Specifies the backup MSM.
Specifies the backup-node in a stack.
Show the log configuration for the current session (including console display).
Show the configuration for the specified syslog target.
Specifies the syslog IP address.
Specifies the UDP port number for the syslog target.
Specifies the virtual router that can reach the server IP address.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual.
Specifies the local syslog facility.
local0 ... local7
Default
If no options are specified, the command displays the configuration for the current session and console display.
If a virtual router is not specified, VR-Mgmt is used.
398 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
This command displays the log configuration for the specified target. The associated filter, severity, match expression, and format is displayed.
Example
The following command displays the log configuration: show log configuration target
The following is sample output from this command:
Log Target : memory-buffer
Enabled ? : yes
Filter Name : DefaultFilter
Match regex : Any
Severity : Debug-Data (through Critical)
Format : MM/DD/YYYY HH:MM:SS.hh <Severity:Component.SubComponent.Condit
ion>
Buffer size : 1000 messages
Log Target : nvram
Enabled ? : yes
Filter Name : DefaultFilter
Match regex : Any
Severity : Warning (through Critical)
Format : MM/DD/YYYY HH:MM:SS.hh <Severity:Component.SubComponent.Condit
ion>
Log Target : console
Enabled ? : no
Filter Name : DefaultFilter
Match regex : Any
Severity : Info (through Critical)
Format : MM/DD/YYYY HH:MM:SS.hh <Severity:Component.SubComponent.Condit
ion>
Log Target : primary-msm
Enabled : yes
Filter Name : DefaultFilter
Match regex : Any
Severity : Warning (through Critical)
Log Target : backup-msm
Enabled : yes
Filter Name : DefaultFilter
Match regex : Any
Severity : Warning (through Critical)
Chapter 8. Commands for Status Monitoring and Statistics | 399
NETGEAR 8800 Chassis Switch CLI Manual
show log counters
show log counters {<event condition> | [all | <event component>]} {include | notified | occurred} {severity <severity> {only}}}
Description
Displays the incident counters for events.
Syntax Description
event condition all event component include notified occurred severity only
Specifies the event condition to display.
Specifies that all events are to be displayed.
Specifies that all the events associated with a particular component or subcomponent should be displayed.
Specifies if one or more targets should be included in this event.
Specifies the number of times this event has occurred.
Specifies the number of times this event has occurred since the last clear or reboot.
Specifies the minimum severity level of events to display (if the keyword only is omitted).
Specifies that only events of the specified severity level are to be displayed
Default
If severity
is not specified, then events of all severity are displayed.
Usage Guidelines
This command displays the incident counters for each event specified. Two incident counters are displayed. One counter displays the number of times an event has occurred, and the other displays the number of times that notification for the event was made to the system (an incident record was injected into the system for further processing). Both incident counters reflect totals accumulated since reboot or since the counters were cleared using the
command, regardless of whether it was filtered or not.
The keywords include
, notified
, and occurred
only display events with non-zero counter values for the corresponding counter.
This command also displays a reference count (the column titled
Rf in the output). The reference count is the number of enabled targets receiving notifications of this event.
See the command
show log on page 387 for more information about severity levels.
To get a listing of the event conditions in the system, use the following command:
400 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
To get a listing of the components present in the system, use the following command:
Example
The following command displays the event counters for event conditions of severity debug-summary or greater in the component STP.InBPDU: show log counters stp.inbpdu severity debug-summary
The following is sample output from this command:
Comp SubComp Condition Severity Occurred In Notified
------- ----------- ----------------------- ------------- -------- -- --------
STP InBPDU Drop Error 0 Y 0
STP InBPDU Ign Debug-Summary 0 N 0
STP InBPDU Mismatch Warning 0 Y 0
Occurred : # of times this event has occurred since last clear or reboot
Flags : (*) Not all applications responded in time with there count values
In(cluded): Set to Y(es) if one or more targets filter includes this event
Notified : # of times this event has occurred when 'Included' was Y(es)
The following command displays the event counters for the event condition PDUDrop in the component STP.InBPDU: show log counters "STP.InBPDU.Drop"
The following is sample output from this command:
Comp SubComp Condition Severity Occurred In Notified
------- ----------- ----------------------- ------------- -------- -- --------
STP InBPDU Drop Error 0 Y 0
Occurred : # of times this event has occurred since last clear or reboot
Flags : (*) Not all applications responded in time with there count values
In(cluded): Set to Y(es) if one or more targets filter includes this event
Notified : # of times this event has occurred when 'Included' was Y(es)
show log events
show log events [<event condition> | [all | <event component>] {severity <severity> {only}}]
{details}
Description
Displays information about the individual events (conditions) that can be logged.
Syntax Description
event condition Specifies the event condition to display.
Chapter 8. Commands for Status Monitoring and Statistics | 401
NETGEAR 8800 Chassis Switch CLI Manual
all event component severity only details
Specifies that all events are to be displayed.
Specifies that all the events associated with a particular component should be displayed.
Specifies the minimum severity level of events to display (if the keyword only is omitted).
Specifies that only events of the specified severity level are to be displayed.
Specifies that detailed information, including the message format and parameter types, be displayed.
Default
If severity is not specified, then events of all severity are displayed. If detail is not specified, then summary only information is displayed.
Usage Guidelines
This command displays the mnemonic, message format, severity, and parameter types defined for each condition in the event set specified.
See the command
show log on page 387 for more information about severity levels.
When the detail
option is specified, the message format is displayed for the event conditions specified. The message format parameters are replaced by the value of the parameters when the message is generated.
To get a listing of the components present in the system, use the following command:
Example
The following command displays the event conditions of severity debug-summary or greater in the component STP.InBPDU: show log events stp.inbpdu severity debug-summary
The following is sample output from this command:
Comp SubComp Condition Severity Parameters
------- ----------- ----------------------- ------------- ----------
STP InBPDU Drop Error 2 total
STP InBPDU Ign Debug-Summary 2 total
STP InBPDU Mismatch Warning 2 total
The following command displays the details of the event condition PDUTrace in the component STP.InBPDU: show log events stp.inbpdu.pdutrace details
The following is sample output from this command:
Comp SubComp Condition Severity Parameters
402 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
------- ----------- ----------------------- ------------- ----------
STP InBPDU Trace Debug-Verbose 2 total
0 - string
1 - string (printf)
Port=%0%: %1%
show ports rxerrors
show ports {<port_list>} rxerrors {no-refresh}
Description
Displays real-time receive error statistics. The switch automatically refreshes the output unless otherwise specified.
Syntax Description
port_list no-refresh
Specifies one or more ports or slots and ports.
Specifies that auto-refresh is disabled. The output provides a real-time snapshot of the receive errors at the time the command is issued. This setting is not saved.
Default
The switch automatically refreshes the output.
Usage Guidelines
If you do not specify a port number or range of ports, receive error statistics are displayed for all ports.
If you do not specify the no-refresh
parameter, the switch automatically refreshes the output
(this is the default behavior).
If you specify the no-refresh
parameter, the output provides a snapshot of the real-time receive error statistics at the time you issue the command and displays the output in page-by-page mode. This setting is not saved; therefore you must specify the no-refresh parameter each time you want a snapshot of the port receive errors.
This status information may be useful for your technical support representative if you have a network problem.
Collected Port Receive Error Information
The switch collects the following port receive error information:
•
Port Number
•
Link State—The current state of the link. Options are:
•
Active (A)—The link is present at this port.
Chapter 8. Commands for Status Monitoring and Statistics | 403
NETGEAR 8800 Chassis Switch CLI Manual
•
Ready (R)—The port is ready to accept a link.
•
Not Present (NP)—The port is configured, but the module is not installed in the slot.
•
Loopback (L)—The port is in Loopback mode.
•
Receive Bad CRC Frames (RX CRC)—The total number of frames received by the port that were of the correct length, but contained a bad FCS value.
•
Receive Oversize Frames (RX Over)—The total number of good frames received by the port greater than the supported maximum length of 1,522 bytes.
•
Receive Undersize Frames (RX Under)—The total number of frames received by the port that were less than 64 bytes long.
•
Receive Fragmented Frames (RX Frag)—The total number of frames received by the port were of incorrect length and contained a bad FCS value.
•
Receive Jabber Frames (RX Jabber)—The total number of frames received by the port that was of greater than the support maximum length and had a Cyclic Redundancy
Check (CRC) error.
•
Receive Alignment Errors (RX Align)—The total number of frames received by the port that occurs if a frame has a CRC error and does not contain an integral number of octets.
•
Receive Frames Lost (RX Lost)—The total number of frames received by the port that were lost because of buffer overflow in the switch.
Port Monitoring Display Keys
For information about the available port monitoring display keys, see the
command.
Example
The following command displays receive error statistics for slot 5, ports 4 through 7, on the switch with auto-refresh disabled: show ports 5:4-5:7 rxerrors no-refresh
The following is sample output from this command:
Port Rx Error monitor
Port Link Rx Rx Rx Rx Rx Rx Rx
State Crc Over Under Frag Jabber Align Lost
================================================================================
5:4 R 0 0 0 0 0 0 0
5:5 R 0 0 0 0 0 0 0
5:6 R 0 0 0 0 0 0 0
5:7 R 0 0 0 0 0 0 0
================================================================================
Link State: A-Active, R-Ready, NP-Port not present, L-Loopback
show ports statistics
show ports {<port_list>} statistics {no-refresh}
404 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Description
Displays real-time port statistic information. The switch automatically refreshes the output unless otherwise specified.
Syntax Description
stacking-port-list port_list no-refresh
Specifies one or more stacking slots and ports.
Specifies one or more ports or slots and ports.
Specifies that auto-refresh is disabled. The output provides a real-time snapshot of the port statistics at the time the command is issued. This setting is not saved.
Default
The switch automatically refreshes the output.
Usage Guidelines
If you do not specify a port number or range of ports, statistics are displayed for all ports.
If you do not specify the no-refresh
parameter, the switch automatically refreshes the output
(this is the default behavior).
If you specify the no-refresh
parameter, the output provides a snapshot of the real-time port statistics at the time you issue the command and displays the output in page-by-page mode.
This setting is not saved; therefore you must specify the no-refresh
parameter each time you want a snapshot of the port statistics.
Jumbo frame statistics are displayed for switches only that are configured for jumbo frame support.
This status information may be useful for your technical support representative if you have a network problem.
Collected Port Statistics
The switch collects the following port statistic information:
•
Port Number
•
Link State—The current state of the link. Options are:
•
Active (A)—The link is present at this port.
•
Ready (R)—The port is ready to accept a link.
•
Not Present (NP)—The port is configured, but the module is not installed in the slot.
•
Loopback (L)—The port is in Loopback mode.
•
Transmitted Packet Count (Tx Pkt Count)—The number of packets that have been successfully transmitted by the port.
Chapter 8. Commands for Status Monitoring and Statistics | 405
NETGEAR 8800 Chassis Switch CLI Manual
•
Transmitted Byte Count (Tx Byte Count)—The total number of data bytes successfully transmitted by the port.
•
Received Packet Count (RX Pkt Count)—The total number of good packets that have been received by the port.
•
Received Byte Count (RX Byte Count)—The total number of bytes that were received by the port, including bad or lost frames. This number includes bytes contained in the Frame
Check Sequence (FCS), but excludes bytes in the preamble.
•
Received Broadcast (RX Bcast)—The total number of frames received by the port that are addressed to a broadcast address.
•
Received Multicast (RX Mcast)—The total number of frames received by the port that are addressed to a multicast address.
Port Monitoring Display Keys
describes the keys used to control the display that appears if auto-refresh is enabled (the default behavior).
Table 12. Port Monitoring Display Keys with Auto-Refresh Enabled
Key(s)
U
D
[Esc]
0
Description
Displays the previous page of ports.
Displays the next page of ports.
Exits from the screen.
Clears all counters.
describes the keys used to control the display that appears if you auto-refresh is disabled.
Table 13. Port Monitoring Displays Keys with Auto-Refresh Disabled
Key
Q
[Space]
Description
Exits from the screen.
Displays the next page of ports.
Example
The following command displays port statistics for slot 1, ports 1 through 2, on the switch with auto-refresh disabled: show ports 1:1-1:2 statistics no-refresh
The following is sample output from this command:
Port Statistics
Port Link Tx Pkt Tx Byte Rx Pkt Rx Byte Rx Rx
406 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
State Count Count Count Count Bcast Mcast
================================================================================
1:1 A 7241 2722608 14482 3968068 0 0
1:2 R 0 0 0 0 0 0
================================================================================
Link State: A-Active, R-Ready, NP-Port not present, L-Loopback
show ports txerrors
show ports {<port_list> | stack-ports <stacking-port-list>} txerrors {no-refresh}
Description
Displays real-time transmit error statistics. The switch automatically refreshes the output unless otherwise specified.
Syntax Description
port_list no-refresh
Specifies one or more ports or slots and ports.
Specifies that auto-refresh is disabled. The output provides a real-time snapshot of the transmit errors at the time the command is issued. This setting is not saved.
Default
The switch automatically refreshes the output.
Usage Guidelines
If you do not specify a port number or range of ports, error statistics are displayed for all ports.
If you do not specify the no-refresh
parameter, the switch automatically refreshes the output
(this is the default behavior).
If you specify the no-refresh
parameter, the output provides a snapshot of the real-time transmit error statistics at the time you issue the command and displays the output in page-by-page mode. This setting is not saved; therefore, you must specify the no-refresh parameter each time you want a snapshot of the port transmit errors.
This status information may be useful for your technical support representative if you have a network problem.
Collected Port Transmit Error Information
The switch collects the following port transmit error information:
•
Port Number
•
Link State—The current state of the link. Options are:
•
Active (A)—The link is present at this port.
Chapter 8. Commands for Status Monitoring and Statistics | 407
NETGEAR 8800 Chassis Switch CLI Manual
•
Ready (R)—The port is ready to accept a link.
•
Not Present (NP)—The port is configured, but the module is not installed in the slot.
•
Loopback (L)—The port is in Loopback mode.
•
Transmit Collisions (TX Coll)—The total number of collisions seen by the port, regardless of whether a device connected to the port participated in any of the collisions.
•
Transmit Late Collisions (TX Late Coll)—The total number of collisions that have occurred after the port’s transmit window has expired.
•
Transmit Deferred Frames (TX Deferred)—The total number of frames that were transmitted by the port after the first transmission attempt was deferred by other network traffic.
•
Transmit Errored Frames (TX Errors)—The total number of frames that were not completely transmitted by the port because of network errors (such as late collisions or excessive collisions).
•
Transmit Lost Frames (TX Lost)—The total number of transmit frames that do not get completely transmitted because of buffer problems (FIFO underflow).
•
Transmit Parity Frames (TX Parity)—The bit summation has a parity mismatch.
Port Monitoring Display Keys
For information about the available port monitoring display keys, see the
command.
Example
The following command displays transmit error statistics for slot 5, ports 4 through 7, on the switch with auto-refresh disabled: show ports 5:4-5:7 txerrors no-refresh
The following is sample output from this command:
Port Transmission errors
Port Link Tx Tx Tx Tx Tx Tx
State Coll Late coll Deferred Errors Lost Parity
================================================================================
5:4 R 0 0 0 0 0 0
5:5 R 0 0 0 0 0 0
5:6 R 0 0 0 0 0 0
5:7 R 0 0 0 0 0 0
================================================================================
Link State: A-Active, R-Ready, NP-Port not present, L-Loopback
show rmon memory
show rmon memory {detail | <memoryType>}
408 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Description
Displays RMON specific memory usage and statistics.
Syntax Description
detail memoryType
Displays detailed information.
Specifies the type of memory usage and statistics to display.
Default
N/A.
Usage Guidelines
If you do not specify the detailed
keyword or a enter a specific RMON memory type, the output contains usage information for all memory types.
Example
The following command displays RMON memory statistics: show rmon memory
The following is sample output from this command:
RMON Memory Information
----------------------
Bytes Allocated: 14298032 AllocFailed: 0
Current Memory Utilization Level: GREEN
Memory Utilization Statistics
-----------------------------
Size 16 32 48 64 80 96 112 128 144 176 208
256 384 5
12 768 1024 2048 4096 8192 16384 18432 40960 64000
--------- ------ ------ ------ ------ ------ ------ ------ ------ ------ ------ ------
------ ------ ----
-- ------ ------ ------ ------ ------ ------ ------ ------ ------
Used Blocks 1558 3 2490 1 0 0 0 1 1 0 63444
1 1869
0 311 0 0 0 0 0 0 0 0
rmonEstat 0 0 0 0 0 0 0 0 0 0 0
0 311
0 0 0 0 0 0 0 0 0 0
rmonOwner 1555 0 0 0 0 0 0 0 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0
Chapter 8. Commands for Status Monitoring and Statistics | 409
NETGEAR 8800 Chassis Switch CLI Manual
rmonHisc 0 0 0 0 0 0 0 0 0 0 0
0 1244
0 0 0 0 0 0 0 0 0 0
rmonHist 0 0 0 0 0 0 0 0 0 0 63444
0 0
0 0 0 0 0 0 0 0 0 0
rmonAlarm 0 0 0 0 0 0 0 0 0 0 0
0 3
0 0 0 0 0 0 0 0 0 0 rmonLogDescription 0 0 0 0 0 0 0 0 1 0 0
0 0
0 0 0 0 0 0 0 0 0 0
rmonLog 0 1 0 0 0 0 0 0 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0
rmonEvent 0 0 0 0 0 0 0 1 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0 rmonEventDescription 0 1 0 0 0 0 0 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0 0 rmonEventCommunity 0 1 0 0 0 0 0 0 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0
rmonCommunity 1 0 0 0 0 0 0 0 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0
rmonDs 0 0 0 0 0 0 0 0 0 0 0
0 0
0 311 0 0 0 0 0 0 0 0
rmonDbx 0 0 2490 0 0 0 0 0 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0
rmonOid 0 0 0 0 0 0 0 0 0 0 0
0 311
0 0 0 0 0 0 0 0 0 0 rmonMdbIndexOid 2 0 0 1 0 0 0 0 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0
rmonMdbString 0 0 0 0 0 0 0 0 0 0 0
1 0
0 0 0 0 0 0 0 0 0 0
The following command displays RMON event statistics: show rmon memory rmonEvent
The following is sample output from this command:
RMON Memory Information
----------------------
410 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Bytes Allocated: 14298032 AllocFailed: 0
Current Memory Utilization Level: GREEN
Memory Utilization Statistics
-----------------------------
Memory Statistics for rmonEvent
--------------------------------
Size 16 32 48 64 80 96 112 128 144 176 208
256 384 512 768 1024 2048 4096 8192 16384 18432 40960 64000
--------- ------ ------ ------ ------ ------ ------ ------ ------ ------ ------ ------
------ ------ ----
-- ------ ------ ------ ------ ------ ------ ------ ------ ------
Alloced 0 0 0 0 0 0 0 1 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0
AllocedPeak 0 0 0 0 0 0 0 1 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0
AllocSuccess 0 0 0 0 0 0 0 1 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0
FreeSuccess 0 0 0 0 0 0 0 0 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0
AllocFail 0 0 0 0 0 0 0 0 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0
FreeFail 0 0 0 0 0 0 0 0 0 0 0
0 0
0 0 0 0 0 0 0 0 0 0
show sflow configuration
show sflow {configuration}
Description
Displays the current sFlow configuration.
Syntax Description
This command has no arguments or variables
Default
N/A.
Usage Guidelines
This command displays the sFlow configuration of your system.
Chapter 8. Commands for Status Monitoring and Statistics | 411
NETGEAR 8800 Chassis Switch CLI Manual
The following fields are displayed:
•
Global Status—sFlow is globally enabled or disabled
•
Polling interval—How often the hardware is polled for statistics, in seconds
•
Sampling rate—Packets are sampled, on average, once for every rate-number of packets
•
Maximum cpu sample limit—Maximum number of packets per second sampled before sample throttling takes effect
•
Agent IP—IP address inserted into the sFlow data packets to identify the sFlow switch
•
Collectors—To which IP address and port, and from which virtual router, the sFlow packets are sent
•
Port Status—Enabled or disabled for statistics gathering
•
Port Sample-rate—Shows the sampling rate configured for the port and the actual rate if
CPU throttling has taken effect
•
Port Subsampling factor—See the command
configure sflow ports sample-rate
details
Example
To display the sFlow configuration on your system, use the following command: show sflow
The output from this command is similar to the following:
SFLOW Global Configuration
Global Status: enabled
Polling interval: 20
Sampling rate: 8192
Maximum cpu sample limit: 2000
SFLOW Configured Agent IP: 10.203.2.38 Operational Agent IP: 10.203.2.38
Collectors
Collector IP 10.201.6.250, Port 6343, VR "VR-Mgmt"
SFLOW Port Configuration
Port Status Sample-rate Subsampling
Config / Actual factor
1:41 enabled 8192 / 8192 1
2:40 enabled 1024 / 1024 1
2:58 enabled 8192 / 8192 8
2:59 enabled 8192 / 8192 8
show sflow statistics
show sflow statistics
Description
Displays sFlow statistics.
Syntax Description
This command has no arguments or variables
412 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Default
N/A.
Usage Guidelines
This command displays sFlow statistics for your system.
The following fields are displayed:
•
Received frames—Number of frames received on sFlow enabled ports
•
Sampled Frames—Number of packets that have been sampled by sFlow
•
Transmitted Frames—Number of UDP packets sent to remote collector(s)
•
Broadcast Frames—Number of broadcast frames received on sFlow enabled ports
•
Multicast Frames—Number of multicast frames received on sFlow enabled ports
•
Packet Drops—Number of samples dropped
Example
To display sFlow statistics for your system, use the following command: show sflow statistics
The output from this command is similar to the following:
SFLOW Statistics
Received frames : 1159044921
Sampled Frames : 104944
Transmitted Frames : 10518
Broadcast Frames : 0
Multicast Frames : 1055652
Packet Drops : 0
show temperature
show temperature
Description
Depending on the platform, this command displays the current temperature of the I/O modules, management modules, power supply controllers, XGM-2xn card, and the switch.
On a stack, the command displays the current temperature of the modules in each slot.
Syntax Description
This command has no arguments or variables
Default
N/A.
Chapter 8. Commands for Status Monitoring and Statistics | 413
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
Depending on the software version running on your switch or your switch model, additional or different temperature information might be displayed.
Use this command to display the temperature in Celsius and the current status of the following installed components in the switch:
•
Management modules (MSM/MM)
•
I/O modules
•
Power controllers
The switch monitors the temperature of each component and generates a warning if the temperature exceeds the normal operating range. If the temperature exceeds the minimum/maximum limits, the switch shuts down the overheated module.
Displaying the Temperature of Other Installed Components
You can also view the temperature of the power supplies and the fan trays in the switch.
To view the temperature of the power supplies installed in the switch, use the following command:
show power {<ps_num>} {detail}
Example
Depending on the platform, the following command displays the temperature of various switch components: show temperature
The following is sample output from a NETGEAR 8806 switch:
XCM8806.8 # show temperature
Field Replaceable Units Temp (C) Status Min Normal Max
--------------------------------------------------------------------------
Slot-1 : XCM8824F 30.00 Normal -10 0-50 60
Slot-2 :
Slot-3 : XCM888F 32.50 Normal -10 0-50 60
Slot-4 :
Slot-5 : XCM8808X 37.00 Normal -10 0-50 60
Slot-6 : XCM8848T(P) 34.50 Normal -10 0-50 60
MSM-A : XCM88S1 37.50 Normal -10 0-50 60
MSM-B :
PSUCTRL-1 : 38.38 Normal -10 0-50 60
PSUCTRL-2 : 42.40 Normal -10 0-50 60
(Demo)*XCM8806.9 #
show version
show version {detail | process <name> | images {partition <partition>} {slot <slotid>} }
414 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Description
Displays the hardware serial and version numbers, the software version currently running on the switch, and (if applicable) the software version running on the modules and power controllers.
Syntax Description
detail process name images partition slotid
Specifies display of slot board name and chassis or platform name.
Specifies display of all of the processes on the switch.
Specifies display of a specific process on the switch.
Specifies the display of installed images.
Specifies display of a specific partition (primary or secondary).
Specifies display of an MSM/MM in a specific slot (A or B).
Default
N/A.
Usage Guidelines
The following describes the information displayed when you execute the show version
or show version detail
commands:
•
Part Number—A collection of numbers and letters that make up the part number of the switch and when applicable the hardware components installed in the switch.
•
Serial Number—A collection of numbers and letters that make up the serial number of the switch and when applicable the hardware components installed in the switch.
Note:
For information about the physical location of the serial number on your switch, refer to the section that describes your specific switch model in the hardware documentation.
•
Image—The NETGEAR 8800 software version currently running on the switch. If you have two software images downloaded on the switch, only the currently running
NETGEAR 8800 version information is displayed. The information displayed includes the major version number, minor version number, a specific patch release, and the build number. The software build date is also displayed.
•
BootROM—The BootROM version currently running on the switch.
•
Diagnostics—A number that corresponds to the version of the I/O module diagnostics included in the particular version of NETGEAR 8800 OS.
Chapter 8. Commands for Status Monitoring and Statistics | 415
NETGEAR 8800 Chassis Switch CLI Manual
Depending on the model of your switch and the software running on your switch, different version information may be displayed.
Note:
The information displayed does not include the I/O version number on the NETGEAR 8800 series switch. The I/O version number includes the major, minor, and I/O version number, not the patch and build numbers.
If you use the process
option, you will see the following information about the processes running on the switch:
•
Card—The location (MSM/MM) where the process is running on the switch.
•
Process Name—The name of the process.
•
Version—The version number of the process.
•
BuiltBy—The name of the software build manager.
•
Link Date—The date the executable was linked.
Example
The following command displays the hardware and software versions currently running on the switch: show version
The following is sample output from a NETGEAR 8806 switch (the output from the
NETGEAR 8810 is similar):
(Demo)*XCM8806.9#show version
Chassis ESN Number : 1102G-00001
Chassis : 800418-00 1102G-00001 Rev 0.0
Slot-1 : 800423-00 00000000000 Rev 0.0 BootROM: 1.0.4.0 IMG: 12.4.4.0
Slot-2 :
Slot-3 : 800426-00 00000000000 Rev 0.0 BootROM: 1.0.4.0 IMG: 12.4.4.0
Slot-4 :
Slot-5 : 800229-00-05 1027G-00178 Rev 5.0 BootROM: 1.0.4.0 IMG: 12.4.4.0
Slot-6 : 800421-00 00000000000 Rev 0.0 BootROM: 1.0.4.0 IMG: 12.4.4.0
MSM-A : 800420-00 00000000000 Rev 0.0 BootROM: 1.0.4.4 IMG: 12.4.4.0
MSM-B :
PSUCTRL-1 : 450352-00 1107G-0002 Rev 0.0 BootROM: 2.18
PSUCTRL-2 : 450352-00 1107G-0002 Rev 0.0 BootROM: 2.18
PSU-1 : PS 2336 4300-00145 1049J-00188 Rev 11.0
PSU-2 : PS 2336 4300-00145 1049J-00177 Rev 11.0
PSU-3 : PS 2336 4300-00145 1049J-00176 Rev 11.0
PSU-4 :
416 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
PSU-5 :
PSU-6 :
Image : NETGEAR version 12.4.4.0 v1244b0-br-SR3-1 by release-manager
on Tue Feb 8 07:22:38 PST 2011
BootROM : 1.0.4.4
Diagnostics : 1.13
Using the process
option of the show version
command produces output similar to the following:
Card Process Name Version BuiltBy Link Date
---------------------------------------------------------------------------
MSM-A aaa 3.0.0.2 release-manager Thu Mar 31 09:23:54 PST 2005
MSM-A acl 3.0.0.2 release-manager Thu Mar 31 09:26:46 PST 2005
MSM-A bgp 3.0.0.2 release-manager Thu Mar 31 09:27:54 PST 2005
MSM-A cfgmgr 3.0.0.21 release-manager Thu Mar 31 09:23:42 PST 2005
MSM-A cli 3.0.0.22 release-manager Thu Mar 31 09:23:34 PST 2005
MSM-A devmgr 3.0.0.2 release-manager Thu Mar 31 09:23:22 PST 2005
MSM-A dirser 3.0.0.2 release-manager Thu Mar 31 09:24:02 PST 2005
MSM-A ems 3.0.0.2 release-manager Thu Mar 31 09:35:08 PST 2005
MSM-A epm 3.0.0.3 release-manager Thu Mar 31 09:23:11 PST 2005
....
If you specify the name
option, only the process you select is displayed.
Using the images
option in the show version
command produces output similar to the following:
Card Partition Installation Date Version Name
--------------------------------------------------------------------
MSM-A primary Wed Jun 30 22:30:22 UTC 2004 11.0.0.24 NG8800-12.4.3.5-1-4.xos
MSM-A primary Thu Jul 1 03:29:41 UTC 2004 11.0.0.24 NG8800-12.4.3.5-1-4-ssh.xmod
MSM-A secondary Tue Jun 29 06:09:26 UTC 2004 11.0.0.23 NG8800-12.4.3.5-1-4.xos
MSM-A secondary Tue Jun 29 06:29:14 UTC 2004 11.0.0.23 NG8800-12.4.3.5-1-4-ssh.xmod
If you specify the partition
option, only images on the specified partition is shown.
unconfigure log filter
unconfigure log filter <filter name>
Description
Resets the log filter to its default values; removes all filter items.
Syntax Description
filter name Specifies the log filter to unconfigure.
Chapter 8. Commands for Status Monitoring and Statistics | 417
NETGEAR 8800 Chassis Switch CLI Manual
Default
N/A.
Usage Guidelines
If the filter name specified is DefaultFilter, this command restores the configuration of
DefaultFilter back to its original settings.
If the filter name specified is not DefaultFilter, this command sets the filter to have no events configured and therefore, no incidents will pass. This is the configuration of a newly created filter that was not copied from an existing one.
See the
command for information about deleting a filter.
Example
The following command sets the log filter myFilter to stop passing any events: unconfigure log filter myFilter
unconfigure log target format
unconfigure log target [console | memory-buffer | nvram | session | syslog [all | <ipaddress>
| <ipPort> {vr <vr_name>} [local0 ... local7]]] format
Description
Resets the log target format to its default values.
Syntax Description
console memory-buffer nvram session syslog all ipaddress ipPort vr_name local0 ... local7 format
Specifies the console display format.
Specifies the switch memory buffer format.
Specifies the switch NVRAM format.
Specifies the current session (including console display) format.
Specifies a syslog target format.
Specifies all remote syslog servers.
Specifies the syslog IP address.
Specifies the UDP port number for the syslog target.
Specifies the virtual router that can reach the server IP address.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual.
Specifies the local syslog facility.
Specifies that the format for the target will be reset to the default value.
418 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Default
When a target format is unconfigured, it is reset to the default values.
The following defaults apply to console display, memory buffer, NVRAM, and session targets:
•
timestamp—hundredths
•
date—mm-dd-yyyy
•
severity—on
•
event-name—condition
•
host-name—off
•
sequence-number—off
•
process-name—off
•
process-slot—on
•
process-id—off
•
source-line—off
The following defaults apply to syslog targets (per RFC 3164):
•
timestamp—seconds
•
date—mmm-dd
•
severity—on
•
event-name—none
•
host-name—off
•
sequence-number—off
•
process-name—off
•
process-slot—on
•
process-id—off
•
source-line—off
Usage Guidelines
Use this command to reset the target format to the default format.
Example
The following command sets the log format for the target session
(the current session) to the default: unconfigure log target session format
unconfigure sflow
unconfigure sflow
Chapter 8. Commands for Status Monitoring and Statistics | 419
NETGEAR 8800 Chassis Switch CLI Manual
Description
Resets all the sFlow values to the default values.
Syntax Description
This command has no arguments or variables
Default
The default values for sFlow are as follows:
•
sFlow agent IP address—0.0.0.0
•
sampling frequency—sample one every 8196 packets
•
polling interval—20 seconds
•
maximum CPU sample limit—2000 samples per second sFlow is unconfigured and disabled on all ports.
Usage Guidelines
This command resets sFlow values to the default values, and removes any port configurations, and any sFlow collectors configured on the switch.
Example
The following command unconfigures sFlow: unconfigure sflow
unconfigure sflow agent
unconfigure sflow agent
Description
Resets the sFlow agent’s IP address to the default value.
Syntax Description
This command has no arguments or variables.
Default
The default IP address is 0.0.0.0.
Usage Guidelines
This command resets the sFlow agent IP address to its default value.
420 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command resets the agent IP back to the management IP address: unconfigure sflow agent
unconfigure sflow collector
unconfigure sflow collector {ipaddress} <ip-address> {port <udp-port-number>} {vr <vrname>}
Description
Unconfigures the sFlow collector.
Syntax Description
ip-address Specifies the IP address of the collector to reset.
udp-port-number Specifies the UDP port. vrname Specifies which virtual router.
Note:
User-created VRs are supported only on the platforms listed for this feature in
Appendix A in the NETGEAR 8800 User Manual.
Default
The following values are the defaults for this command:
•
UDP port number—6343
•
Virtual router—VR-Mgmt (previously called VR-0).
Usage Guidelines
This command allows you to reset the specified sFlow collector parameters to the default values.
The unconfigure sflow collector
command will reset the collector parameters to the default.
Example
The following command removes the collector at IP address 192.168.57.1: unconfigure sflow collector ipaddress 192.168.57.1
unconfigure sflow ports
unconfigure sflow ports <port_list>
Description
Removes the specified ports from the sFlow configuration, and stops sampling them.
Chapter 8. Commands for Status Monitoring and Statistics | 421
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
port_list Specifies one or more ports or slots and ports.
Default
N/A.
Usage Guidelines
This command removes the specified ports from the sFlow configuration, and stops sampling them.
Example
The following command unconfigures sFlow on the ports 2:5-2:7: unconfigure sflow ports 2:5-2:7
upload log
upload log <ipaddress> {vr <vr_name>} <filename> {messages [memory-buffer | nvram] {events
{<event-condition> | <event_component>}}} {severity <severity> {only}} {match <regex>}
{chronological}
Description
Uploads the current log messages to a TFTP server.
Syntax Description
ipaddress vr_name
Specifies the ipaddress of the TFTP server.
Specifies the virtual router that can reach the TFTP server.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix
A in the NETGEAR 8800 User Manual.
Specifies the file name for the log stored on the TFTP server.
filename messages Specifies the location from which to display the log messages.
memory-buffer Show messages stored in volatile memory.
nvram events
Show messages stored in NVRAM
Show event messages.
event-condition Specifies the event condition to display.
event-compone nt
Specifies the event component to display.
severity Specifies the minimum severity level to display (if the keyword only is omitted).
422 | Chapter 8. Commands for Status Monitoring and Statistics
NETGEAR 8800 Chassis Switch CLI Manual
only regex chronological
Specifies that only the specified severity level is to be displayed.
Specifies a regular expression. Only messages that match the regular expression will be displayed.
Specifies uploading log messages in ascending chronological order (oldest to newest).
Default
The following defaults apply:
•
messages—memory buffer
•
severity—none (displays everything stored in the target)
•
match—no restriction
•
chronological—if not specified, show messages in order from newest to oldest
Usage Guidelines
This command is similar to the show log
command, but instead of displaying the log contents on the command line, this command saves the log to a file on the TFTP server you specify.
For more details on most of the options of this command, see the command
Host Name and Remote IP Address Character Restrictions
This section provides information about the characters supported by the switch for host names and remote IP addresses.
When specifying a host name or remote IP address, the switch permits only the following characters:
•
Alphabetical letters, upper case and lower case (A-Z, a-z)
•
Numerals (0-9)
•
Period ( . )
•
Dash ( - ) Permitted only for host names
•
Underscore ( _ ) Permitted only for host names
•
Colon ( : )
When naming or configuring an IP address for your network server, remember the requirements listed above.
Remote Filename Character Restrictions
This section provides information about the characters supported by the switch for remote filenames.
When specifying a remote filename, the switch permits only the following characters:
•
Alphabetical letters, upper case and lower case (A-Z, a-z)
Chapter 8. Commands for Status Monitoring and Statistics | 423
NETGEAR 8800 Chassis Switch CLI Manual
•
Numerals (0-9)
•
Period ( . )
•
Dash ( - )
•
Underscore ( _ )
•
Slash ( / )
When naming a local or remote file, remember the requirements listed above.
Example
The following command uploads messages with a critical severity to the filename
switch4critical.log on TFTP server at 10.31.8.25: upload log 10.31.8.25 switch4critical.log critical
The following command uploads messages with warning, error, or critical severity to the filename switch4warn.log on TFTP server at 10.31.8.25: upload log 10.31.8.25 switch4warn.log warning
424 | Chapter 8. Commands for Status Monitoring and Statistics
9.
VLAN Commands
9
This chapter describes commands for configuring and managing:
•
VLANs
•
Private VLANs (PVLANs)
•
VLAN translation
For an introduction to VLAN features, see the NETGEAR 8800 User Manual.
configure private-vlan add network
configure private-vlan <name> add network <vlan_name>
Description
Adds the specified VLAN as the network VLAN on the specified PVLAN.
Syntax Description
name vlan_name
Specifies the name of the PVLAN to which the VLAN is added.
Specifies a VLAN to add to the PVLAN.
Default
N/A.
Usage Guidelines
The VLAN must be created and configured with a tag before it is added to the PVLAN.
Example
The following command adds VLAN sharednet as the network VLAN for the PVLAN named
companyx: configure private-vlan companyx add network sharednet
Chapter 9. VLAN Commands | 425
NETGEAR 8800 Chassis Switch CLI Manual
configure private-vlan add subscriber
configure private-vlan <name> add subscriber <vlan_name> {non-isolated} {loopback-port
<port>}
Description
Adds the specified VLAN as a subscriber VLAN on the specified PVLAN.
Syntax Description
name vlan_name non-isolated port
Specifies the name of the PVLAN to which the VLAN is added.
Specifies a VLAN to add to the PVLAN.
Configures the subscriber VLAN as a non-isolated subscriber VLAN.
Specifies the port that serves as the loopback port.
Default
If the non-isolated
option is omitted, this command adds the specified VLAN as an isolated subscriber VLAN.
Usage Guidelines
The VLAN must be created and configured with a tag before it is added to the PVLAN. If the non-isolated
option is omitted, the VLAN is added as an isolated subscriber VLAN. If the non-isolated
option is included, the VLAN is added as an non-isolated subscriber VLAN.
If two or more subscriber VLANs have overlapping ports (where the same ports are assigned to both VLANs), each of the subscriber VLANs with overlapping ports must have a dedicated loopback port.
Example
The following command adds VLAN restricted as a subscriber VLAN for the PVLAN named
companyx: configure private-vlan companyx add subscriber restricted isolated
configure private-vlan delete
configure private-vlan <name> delete [network | subscriber] <vlan_name>
Description
Deletes the specified VLAN from the specified PVLAN.
426 | Chapter 9. VLAN Commands
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
name network subscriber vlan_name
Specifies the name of the PVLAN from which the VLAN is deleted.
Specifies that the VLAN to be deleted is a network VLAN.
Specifies that the VLAN to be deleted is a subscriber VLAN.
Specifies the VLAN to delete from the PVLAN.
Default
N/A.
Usage Guidelines
This command deletes a VLAN from a PVLAN, but it does not delete the VLAN from the system—it just breaks the link between the VLAN and the PVLAN. You can use this command to delete both network and subscriber VLANs.
Example
The following command deletes network VLAN sharednet from the PVLAN named
companyx: configure private-vlan companyx delete network sharednet
configure protocol add
configure protocol <name> add [etype | llc | snap] <hex> {[etype | llc | snap] <hex>}
Description
Configures a user-defined protocol filter.
Syntax Description
name hex
Specifies a protocol filter name.
Specifies a four-digit hexadecimal number between 0 and FFFF that represents:
• The Ethernet protocol type taken from a list maintained by the IEEE.
• The DSAP/SSAP combination created by concatenating a two-digit LLC
Destination SAP (DSAP) and a two-digit LLC Source SAP (SSAP).
• The SNAP-encoded Ethernet protocol type.
Default
N/A.
Chapter 9. VLAN Commands | 427
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
Supported protocol types include:
•
etype – IEEE Ethertype.
•
llc – LLC Service Advertising Protocol.
•
snap – Ethertype inside an IEEE SNAP packet encapsulation.
A maximum of 15 protocol filters, each containing a maximum of six protocols, can be defined.
The protocol filter must already exist before you can use this command. Use the
command to create the protocol filter.
No more than seven protocols can be active and configured for use.
Example
The following command configures a protocol named Fred by adding protocol type LLC SAP with a value of FFEF: configure protocol fred add llc 0xfeff
configure protocol delete
configure protocol <name> delete [etype | llc | snap] <hex> {[etype | llc | snap] <hex>} ...
Description
Deletes the specified protocol type from a protocol filter.
Syntax Description
name hex
Specifies a protocol filter name.
Specifies a four-digit hexadecimal number between 0 and FFFF that represents:
• The Ethernet protocol type taken from a list maintained by the IEEE.
• The DSAP/SSAP combination created by concatenating a two-digit LLC
Destination SAP (DSAP) and a two-digit LLC Source SAP (SSAP).
• The SNAP-encoded Ethernet protocol type.
Default
N/A.
Usage Guidelines
Supported protocol types include:
•
etype – IEEE Ethertype.
428 | Chapter 9. VLAN Commands
NETGEAR 8800 Chassis Switch CLI Manual
•
llc – LLC Service Advertising Protocol.
•
snap – Ethertype inside an IEEE SNAP packet encapsulation.
Example
The following command deletes protocol type LLC SAP with a value of FEFF from protocol
fred: configure protocol fred delete llc feff
configure vlan add ports
configure {vlan} <vlan_name> add ports [<port_list> | all] {tagged | untagged} {{stpd}
<stpd_name>} {dot1d | emistp | pvst-plus}}
Description
Adds one or more ports in a VLAN.
Syntax Description
vlan_name port_list all tagged untagged stpd_name dot1d | emistp | pvst-plus
Specifies a VLAN name.
Specifies a list of ports or slots and ports.
Specifies all ports.
Specifies the ports should be configured as tagged.
Specifies the ports should be configured as untagged.
Specifies an STP domain name.
Specifies the BPDU encapsulation mode for these STP ports.
Default
Untagged.
Usage Guidelines
The VLAN must already exist before you can add (or delete) ports: use the
command to create the VLAN.
If the VLAN uses 802.1Q tagging, you can specify tagged or untagged port(s). If the VLAN is untagged, the ports cannot be tagged.
Untagged ports can only be a member of a single VLAN. By default, they are members of the default VLAN (named Default). In order to add untagged ports to a different VLAN, you must first remove them from the default VLAN. You do not need to do this to add them to another
VLAN as tagged ports. if you attempt to add an untagged port to a VLAN prior to removing it from the default VLAN, you see the following error message:
Chapter 9. VLAN Commands | 429
NETGEAR 8800 Chassis Switch CLI Manual
Error: Protocol conflict when adding untagged port 1:2. Either add this port as tagged or assign another protocol to this VLAN.
The ports that you add to a VLAN and the VLAN itself cannot be explicitly assigned to different virtual routers. When multiple virtual routers are defined, consider the following guidelines while adding ports to a VLAN:
•
A VLAN can belong (either through explicit or implicit assignment) to only one VR.
•
If a VLAN is not explicitly assigned to a VR, then the ports added to the VLAN must be explicitly assigned to a single VR.
•
If a VLAN is explicitly assigned to a VR, then the ports added to the VLAN must be explicitly assigned to the same VR or to no VR.
•
If a port is added to VLANs that are explicitly assigned to different VRs, the port must be explicitly assigned to no VR.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual. On switches that do not support user-created VRs, all VLANs are created in VR-Default and cannot be moved.
For more information on configuring Spanning Tree Domains, see
Note:
If you use the same name across categories (for example, STPD names), NETGEAR recommends that you specify the identifying keyword as well as the actual name. If you do not use the keyword, the system may return an error message.
Example
The following command assigns tagged ports 1:1, 1:2, 1:3, and 1:6 to a VLAN named
accounting: configure vlan accounting add ports 1:1, 1:2, 1:3, 1:6 tagged
configure vlan add ports private-vlan translated
configure {vlan} <vlan_name> add ports <port_list> private-vlan translated
Description
Adds the specified ports to the specified network VLAN and enables tag translation for all subscriber VLAN tags to the network VLAN tag. Translation from network VLAN tag to each subscriber VLAN tag is done by default in a private VLAN.
430 | Chapter 9. VLAN Commands
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
vlan_name port_list
Specifies the network VLAN to which the ports are added.
Specifies the ports to be added to the network VLAN.
Default
N/A.
Usage Guidelines
This command is allowed only when the specified VLAN is configured as a network VLAN on a PVLAN.
Example
The following command adds port 2:1 to VLAN sharednet and enables VLAN translation on that port: configure sharednet add ports 2:1 private-vlan translated
configure vlan add ports tagged private-vlan end-point
configure {vlan} <vlan_name> add ports <port_list> tagged private-vlan end-point
Description
Adds the specified ports as tagged end points on the specified network VLAN.
Syntax Description
vlan_name port_list
Specifies the network VLAN to which the ports are added.
Specifies the ports to be added to the network VLAN.
Default
N/A.
Usage Guidelines
This command is allowed only when the specified VLAN is configured as a network VLAN on a PVLAN.
An end point port defines the PVLAN boundary. The end point port can connect to other devices, but cannot be used to extend the PVLAN to other switches.
Chapter 9. VLAN Commands | 431
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command adds port 2:1 as a tagged end point on VLAN sharednet: configure sharednet add ports 2:1 tagged private-vlan end-point
configure vlan delete ports
configure {vlan} <vlan_name> delete ports [all | <port_list>]
Description
Deletes one or more ports in a VLAN.
Syntax Description
vlan_name all port_list
Specifies a VLAN name.
Specifies all ports.
A list of ports or slots and ports.
Default
N/A.
Usage Guidelines
None.
Example
The following command removes ports 1:1, 1:2, 4:3, and 5:6 on the switch from a VLAN named accounting: configure accounting delete port 1:1, 1:2, 4:3, 5:6
configure vlan ipaddress
configure {vlan} <vlan_name> ipaddress [<ipaddress> {<ipNetmask>} |
ipv6-link-local | {eui64} <ipv6_address_mask>]
Description
Assigns an IPv4 address and an optional subnet mask or an IPv6 address to the VLAN. You can assign either an IPv4 address, and IPv6 address, or both to the VLAN. You can use this command to assign an IP address to a specified vMAN and enable multicasting on that vMAN.
432 | Chapter 9. VLAN Commands
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
vlan_name ipaddress ipNetmask ipv6-link-local eui64 ipv6_address_mask
Specifies a VLAN name.
Specifies an IPv4 address.
Specifies an IPv4 subnet mask in dotted-quad notation (for example, 255.255.255.0).
Specifies IPv6 and configures a link-local address generated by combining the standard link-local prefix with the automatically generated interface in the EUI-64 format. Using this option automatically generates an entire IPv6 address; this address is only a link-local, or VLAN-based, IPv6 address, that is, ports on the same segment can communicate using this IP address and do not have to pass through a gateway.
Specifies IPv6 and automatically generates the interface ID in the EUI-64 format using the interface’s MAC address. Once you enter this parameter, you must add the following variables: <ipv6_address_mask>. Use this option when you want to enter the 64-bit prefix and use a EUI-64 address for the rest of the IPv6 address.
Specify the IPv6 address in the following format: x:x:x:x:x:x:x:x/prefix length, where each x is the hexadecimal value of one of the 8 16-bit pieces of the 128-bit wide address.
Default
N/A.
Usage Guidelines
Note:
You can also use this command to assign an IP address to a vMAN on any NETGEAR 8800 that supports the vMAN feature. For information on which software licenses and platforms support the vMAN feature, see Appendix A in the NETGEAR 8800 User Manual.
The VLAN must already exist before you can assign an IP address: use the create vlan
command to create the VLAN (also the vMAN must already exist).
Note:
See
Chapter 19, “IP Unicast Commands,”
for information on adding secondary IP addresses to VLANs.
You can specify IPv6 addresses. See Chapter 20, “IPv6 Unicast Commands,” for information
on IPv6 addresses.
Example
The following commands are equivalent; both assign an IPv4 address of 10.12.123.1 to a
VLAN named accounting:
Chapter 9. VLAN Commands | 433
NETGEAR 8800 Chassis Switch CLI Manual
configure vlan accounting ipaddress 10.12.123.1/24 configure vlan accounting ipaddress 10.12.123.1 255.255.255.0
The following command assigns a link local IPv6 address to a VLAN named management: configure vlan accounting ipaddress ipv6-link-local
configure vlan name
configure {vlan} <vlan_name> name <name>
Description
Renames a previously configured VLAN.
Syntax Description
vlan_name name
Specifies the current (old) VLAN name.
Specifies a new name for the VLAN.
Default
N/A.
Usage Guidelines
You cannot change the name of the default VLAN “Default.”
For information on VLAN name requirements and a list of reserved keywords, see the section on “Object Names” of the NETGEAR 8800 User Manual.
Note:
If you use the same name across categories (for example, STPD names), NETGEAR recommends that you specify the identifying keyword as well as the actual name. If you do not use the keyword, the system may return an error message.
Example
The following command renames VLAN vlan1 to engineering: configure vlan vlan1 name engineering
configure vlan protocol
configure {vlan} <vlan_name> protocol <protocol_name>
434 | Chapter 9. VLAN Commands
NETGEAR 8800 Chassis Switch CLI Manual
Description
Configures a VLAN to use a specific protocol filter.
Syntax Description
vlan_name protocol_name
Specifies a VLAN name.
Specifies a protocol filter name. This can be the name of a predefined protocol filter, or one you have defined.
The following protocol filters are predefined:
• IP
• IPv6
• IPX
• NetBIOS
• DECNet
• IPX_8022
• IPX_SNAP
• AppleTalk any
indicates that this VLAN should act as the default VLAN for its member ports.
Default
Protocol any
.
Usage Guidelines
If the keyword any
is specified, all packets that cannot be classified into another protocol-based VLAN are assigned to this VLAN as the default for its member ports.
Use the configure protocol
command to define your own protocol filter.
The NETGEAR 8800 does not forward packets with a protocol-based VLAN set to AppleTalk.
To ensure that AppleTalk packets are forwarded on the device, create a protocol-based
VLAN set to “any” and define other protocol-based VLANs for other traffic, such as IP traffic.
The AppleTalk packets pass on the “any” VLAN, and the other protocols pass traffic on their specific protocol-based VLANs.
Example
The following command configures a VLAN named accounting as an IP protocol-based
VLAN: configure accounting protocol ip
configure vlan tag
configure {vlan} <vlan_name> tag <tag> {remote-mirroring}
Chapter 9. VLAN Commands | 435
NETGEAR 8800 Chassis Switch CLI Manual
Description
Assigns a unique 802.1Q tag to the VLAN.
Syntax Description
vlan_name tag remote-mirroring
Specifies a VLAN name.
Specifies a value to use as an 802.1Q tag. The valid range is from 2 to 4095.
Specifies that the tagged VLAN is for remote mirroring.
Default
The default VLAN uses an 802.1Q tag (and an internal VLANid) of 1.
Usage Guidelines
If any of the ports in the VLAN use an 802.1Q tag, a tag must be assigned to the VLAN. The valid range is from 2 to 4094 (tag 1 is assigned to the default VLAN, and tag 4095 is assigned to the management VLAN).
The 802.1Q tag is also used as the internal VLANid by the switch.
You can specify a value that is currently used as an internal VLANid on another VLAN; it becomes the VLANid for the VLAN you specify, and a new VLANid is automatically assigned to the other untagged VLAN.
Example
The following command assigns a tag (and internal VLANid) of 120 to a VLAN named
accounting: configure accounting tag 120
create private-vlan
create private-vlan <name> {vr <vr_name>}
Description
Creates a PVLAN framework with the specified name.
Syntax Description
name vr_name
Specifies a name for the new PVLAN.
Specifies the virtual router in which the PVLAN is created.
436 | Chapter 9. VLAN Commands
NETGEAR 8800 Chassis Switch CLI Manual
Default
N/A.
Usage Guidelines
The PVLAN is a framework that links network and subscriber VLANs; it is not an actual
VLAN.
A private VLAN name must begin with an alphabetical character and may contain alphanumeric characters and underscores (_), but it cannot contain spaces. The maximum allowed length for a name is 32 characters. For private VLAN naming guidelines and a list of reserved names, see the section on “Object Names” in the NETGEAR 8800 User Manual.
If no virtual router is specified, the PVLAN is created in the default VR context.
Example
The following command creates a PVLAN named companyx: create private-vlan companyx
create protocol
create protocol <name>
Description
Creates a user-defined protocol filter.
Syntax Description
name Specifies a protocol filter name. The protocol filter name can have a maximum of 31 characters.
Default
N/A.
Usage Guidelines
Protocol-based VLANs enable you to define packet filters that the switch can use as the matching criteria to determine if a particular packet belongs to a particular VLAN.
After you create the protocol, you must configure it using the configure protocol
command.
To assign it to a VLAN, use the configure {vlan} <vlan_name> protocol <protocol_name>
command.
Example
The following command creates a protocol named fred:
Chapter 9. VLAN Commands | 437
NETGEAR 8800 Chassis Switch CLI Manual
create protocol fred
create vlan
create vlan <vlan_name> {vr <vr-name>}
Description
Creates a named VLAN.
Syntax Description
vlan_name vr vr-name
Specifies a VLAN name (up to 32 characters).
Specifies a virtual router.
Specifies in which virtual router to create the VLAN.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix
A in the NETGEAR 8800 User Manual. On switches that do not support user-created VRs, all
VLANs are created in VR-Default and cannot be moved.
Default
A VLAN named Default exists on all new or initialized NETGEAR 8800 switches:
•
It initially contains all ports on a new or initialized switch, except for the management port(s), if there are any.
•
It has an 802.1Q tag of 1.
•
The default VLAN is untagged on all ports.
•
It uses protocol filter any
.
A VLAN named Mgmt exists on switches that have management modules or management ports:
•
It initially contains the management port(s) the switch.
•
It is assigned the next available internal VLANid as an 802.1Q tag.
If you do not specify the virtual router, the VLAN is created in the current virtual router.
Usage Guidelines
A newly-created VLAN has no member ports, is untagged, and uses protocol filter
any
until you configure it otherwise. Use the various configure vlan commands to configure the
VLAN to your needs.
Internal VLANids are assigned automatically using the next available VLANid starting from the high end (4094) of the range.
The VLAN name can include up to 32 characters. VLAN names must begin with an alphabetical letter, and only alphanumeric, underscore (_), and hyphen (-) characters are
438 | Chapter 9. VLAN Commands
NETGEAR 8800 Chassis Switch CLI Manual
allowed in the remainder of the name. VLAN names cannot match reserved keywords. For more information on VLAN name requirements and a list of reserved keywords, see the section “Object Names” in the NETGEAR 8800 User Manual.
Note:
If you use the same name across categories (for example, STPD names), NETGEAR recommends that you specify the identifying keyword as well as the actual name. If you do not use the keyword, the system may return an error message.
VLAN names are locally significant. That is, VLAN names used on one switch are only meaningful to that switch. If another switch is connected to it, the VLAN names have no significance to the other switch.
You must use mutually exclusive names for:
•
VLANs
•
vMANs
•
Ipv6 tunnels
•
BVLANs
•
SVLANs
•
CVLANs
If you do not specify a virtual router when you create a VLAN, the system creates that VLAN in the default virtual router (VR-Default). The management VLAN is always in the management virtual router (VR-Mgmt).
Once you create virtual routers, NETGEAR 8800 software allows you to designate one of these as the domain in which all your subsequent configuration commands, including VLAN commands, are applied. If you create virtual routers, ensure that you are creating the VLANs in the desired virtual-router domain.
Note:
User-created VRs are supported only on the platforms listed for this feature in the NETGEAR 8800 User Manual, Appendix A,
“NETGEAR 8800 Software Licenses.” On switches that do not support user-created VRs, all VLANs are created in VR-Default and cannot be moved.
Example
The following command creates a VLAN named accounting on the current virtual router: create vlan accounting
Chapter 9. VLAN Commands | 439
NETGEAR 8800 Chassis Switch CLI Manual
delete private-vlan
delete private-vlan <name>
Description
Deletes the PVLAN framework with the specified name.
Syntax Description
name Specifies the name of the PVLAN to be deleted.
Default
N/A.
Usage Guidelines
The PVLAN is a framework that links network and subscriber VLANs; it is not an actual
VLAN.
This command deletes the PVLAN framework, but it does not delete the associated VLANs. If the ports in the network VLAN were set to translate, they are changed to tagged.
Example
The following command deletes the PVLAN named companyx: delete private-vlan companyx
delete protocol
delete protocol <name>
Description
Deletes a user-defined protocol.
Syntax Description
name Specifies a protocol name.
Default
N/A.
440 | Chapter 9. VLAN Commands
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
If you delete a protocol that is in use by a VLAN, the protocol associated with than VLAN becomes none
.
Example
The following command deletes a protocol named fred: delete protocol fred
delete vlan
delete vlan <vlan_name>
Description
Deletes a VLAN.
Syntax Description
vlan_name Specifies a VLAN name.
Default
N/A.
Usage Guidelines
If you delete a VLAN that has untagged port members and you want those ports to be returned to the default VLAN, you must add them back explicitly using the configure svlan delete ports
command.
Note:
The default VLAN cannot be deleted.
Example
The following command deletes the VLAN accounting: delete accounting
disable loopback-mode vlan
disable loopback-mode vlan <vlan_name>
Description
Disallows a VLAN to be placed in the UP state without an external active port. This allows
(disallows) the VLANs routing interface to become active.
Chapter 9. VLAN Commands | 441
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
vlan_name Specifies a VLAN name.
Default
N/A.
Usage Guidelines
Use this command to specify a stable interface as a source interface for routing protocols.
This decreases the possibility of route flapping, which can disrupt connectivity.
Example
The following command disallows the VLAN accounting to be placed in the UP state without an external active port: disable loopback-mode vlan accounting
disable vlan
disable vlan <vlan_name>
Description
Use this command to disable the specified VLAN.
Syntax Description
vlan_name Specifies the VLAN you want to disable.
Default
Enabled.
Usage Guidelines
This command allows you to administratively disable specified VLANs. The following guidelines apply to working with disabling VLANs:
•
Disabling a VLAN stops all traffic on all ports associated with the specified VLAN.
•
You cannot disable a VLAN that is running Layer 2 protocol control traffic for protocols such as STP.
When you attempt to disable a VLAN running Layer 2 protocol control traffic, the system returns a message similar to the following:
VLAN accounting cannot be disabled because it is actively use by an L2 Protocol
442 | Chapter 9. VLAN Commands
NETGEAR 8800 Chassis Switch CLI Manual
•
You can disable the default VLAN; ensure that this is necessary prior to disabling the default VLAN.
•
You cannot disable the management VLAN.
•
Although you can remove ports from a disabled VLAN, you cannot add ports to a disabled
VLAN or bind Layer 2 protocols to that VLAN.
When you attempt to disable a VLAN running Layer 2 protocol traffic, the system returns a message similar to the following:
VLAN accounting is disabled. Enable VLAN before adding ports.
Example
The following command disables the VLAN named accounting: disable vlan accounting
enable loopback-mode vlan
enable loopback-mode vlan <vlan_name>
Description
Allows a VLAN to be placed in the UP state without an external active port. This allows
(disallows) the VLANs routing interface to become active.
Syntax Description
vlan_name Specifies a VLAN name.
Default
N/A.
Usage Guidelines
Use this command to specify a stable interface as a source interface for routing protocols.
This decreases the possibility of route flapping, which can disrupt connectivity.
Example
The following command allows the VLAN accounting to be placed in the UP state without an external active port: enable loopback-mode vlan accounting
enable vlan
enable vlan <vlan_name>
Chapter 9. VLAN Commands | 443
NETGEAR 8800 Chassis Switch CLI Manual
Description
Use this command to re-enable a VLAN that you previously disabled.
Syntax Description
vlan_name Specifies the VLAN you want to disable.
Default
Enabled.
Usage Guidelines
This command allows you to administratively enable specified VLANs that you previously disabled.
Example
The following command enables the VLAN named accounting: enable vlan accounting
show private-vlan
show private-vlan
Description
Displays information about all the PVLANs on the switch.
Syntax Description
This command has no arguments or variables.
Default
N/A.
Usage Guidelines
If the PVLAN is incomplete because it does not have a network or any subscriber VLAN configured,
[INCOMPLETE]
appears next to the PVLAN name.
Example
The following command displays all the PVLANs on the switch:
XCM8810.1 # show private-vlan
--------------------------------------------------------------------------------------
444 | Chapter 9. VLAN Commands
NETGEAR 8800 Chassis Switch CLI Manual
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------
Engineering
Network VLAN:
-Engr1 10 -------------------------------------- ANY 4 /5 VR-Default
Non-Isolated Subscriber VLAN:
-ni1 400 -------------------------------------- ANY 1 /1 VR-Default
-ni2 401 ------------------------------------- ANY 1 /1 VR-Default
Isolated Subscriber VLAN:
-i1 500 ------------------------------------- ANY 1 /1 VR-Default
Ops
Network VLAN:
-Ops 20 ------------------------------------- ANY 2 /2 VR-Default
Non-Isolated Subscriber VLAN:
-OpsNi1 901 ------------------------------------- ANY 1 /1 VR-Default
-OpsNi2 902 ------------------------------------- ANY 1 /1 VR-Default
-OpsNi3 903 ------------------------------------- ANY 1 /1 VR-Default
-OpsNi4 904 ------------------------------------- ANY 1 /1 VR-Default
Isolated Subscriber VLAN:
-OpsI0 600 ------------------------------------- ANY 1 /1 VR-Default
-OpsI1 601 ------------------------------------- ANY 1 /1 VR-Default
-OpsI2 602 ------------------------------------- ANY 1 /1 VR-Default
-OpsI3 603 ------------------------------------- ANY 1 /1 VR-Default
-OpsI4 604 ------------------------------------- ANY 1 /1 VR-Default
Sales [INCOMPLETE]
Network VLAN:
-NONE
Non-Isolated Subscriber VLAN:
-SalesNi1 701 ------------------------------------- ANY 1 /1 VR-Default
-SalesNi2 702 ------------------------------------- ANY 1 /1 VR-Default
Isolated Subscriber VLAN:
-SalesI0 800 ------------------------------------- ANY 1 /1 VR-Default
--------------------------------------------------------------------------------------
Flags : (d) NetLogin Dynamically created VLAN,
(D) VLAN Admin Disabled, (f) IP Forwarding Enabled,
(i) ISIS Enabled, (I) IP Forwarding lpm-routing Enabled, (L) Loopback Enabled,
(l) MPLS Enabled, (m) IPmc Forwarding Enabled, (n) IP Multinetting Enabled,
(N) Network LogIn vlan, (o) OSPF Enabled, (p) PIM Enabled,
(r) RIP Enabled, (T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled
Total number of PVLAN(s) : 3
Chapter 9. VLAN Commands | 445
NETGEAR 8800 Chassis Switch CLI Manual
show private-vlan <name>
show {private-vlan} <name>
Description
Displays information about the specified PVLAN.
Syntax Description
name Specifies the name of the PVLAN to display.
Default
N/A.
Usage Guidelines
If the PVLAN is incomplete because it does not have a network or any subscriber VLAN configured,
[INCOMPLETE]
appears next to the PVLAN name.
Example
The following command displays information for the companyx PVLAN:
XCM8810.1 # show private-vlan "Engineering"
--------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------
Engineering
Network VLAN:
-Engr1 10 -------------------------------------- ANY 4 /5 VR-Default
Non-Isolated Subscriber VLAN:
-ni1 400 -------------------------------------- ANY 1 /1 VR-Default
-ni2 401 ------------------------------------- ANY 1 /1 VR-Default
Isolated Subscriber VLAN:
-i1 500 ------------------------------------- ANY 1 /1 VR-Default
--------------------------------------------------------------------------------------
Flags : (d) NetLogin Dynamically created VLAN,
(D) VLAN Admin Disabled, (f) IP Forwarding Enabled,
(i) ISIS Enabled, (I) IP Forwarding lpm-routing Enabled, (L) Loopback Enabled,
(l) MPLS Enabled, (m) IPmc Forwarding Enabled, (n) IP Multinetting Enabled,
(N) Network LogIn vlan, (o) OSPF Enabled, (p) PIM Enabled,
(r) RIP Enabled, (T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled
446 | Chapter 9. VLAN Commands
NETGEAR 8800 Chassis Switch CLI Manual
show protocol
show protocol {<name>}
Description
Displays protocol filter definitions.
Syntax Description
name Specifies a protocol filter name.
Default
Displays all protocol filters.
Usage Guidelines
Displays the defined protocol filter(s) with the types and values of its component protocols.
Example
The following is an example of the show protocol
command:
Protocol Name Type Value
------------------------------------------------
IP etype 0x0800
etype 0x0806
ANY ANY 0xffff ipx etype 0x8137 decnet etype 0x6003
etype 0x6004 netbios llc 0xf0f0
llc 0xf0f1 ipx_8022 llc 0xe0e0 ipx_snap snap 0x8137 appletalk snap 0x809b
snap 0x80f3
show vlan
show vlan {detail {ipv4 | ipv6} | <vlan_name> {ipv4 | ipv6} | virtual-router <vr-router> |
<vlan_name> stpd | security}
Description
Displays information about VLANs.
Chapter 9. VLAN Commands | 447
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
detail vlan_name ipv4 ipv6 vr-name stpd security
Specifies that detailed information should be displayed for each VLAN.
Specifies a VLAN name.
Specifies IPv4.
Specifies IPv6.
Specifies a virtual router name.
Note:
User-created VRs are supported only on the platforms listed for this feature in Appendix A in the NETGEAR 8800 User Manual. On switches that do not support user-created VRs, all VLANs are created in VR-Default and cannot be moved.
Specifies that STP domains displays for each VLAN.
Enables security checking
Default
Summary information for all VLANs on the device.
Usage Guidelines
Note:
To display IPv6 information, you must issue either the show vlan detail command or show vlan
command with the name of the specified VLAN.
Unlike many other VLAN-related commands, the keyword vlan is required in all forms of this command except when requesting information for a specific vlan.
Use the command show vlan
to display summary information for all VLANs. It shows various configuration options as a series of flags (see the example below). VLAN and protocol names may be abbreviated in this display.
Use the command show vlan detail
to display detailed information for all VLANs. This displays the same information as for an individual VLAN, but shows every VLAN, one-by-one.
After each VLAN display you can elect to continue or quit.
Protocol none
indicates that this VLAN was configured with a user-defined protocol that has subsequently been deleted.
Note:
The NETGEAR 8800 series switches display the Mgmt VLAN in
VR-Mgmt.
448 | Chapter 9. VLAN Commands
NETGEAR 8800 Chassis Switch CLI Manual
When an IPv6 address is configured for the VLAN, the system may display one of the following two address types in parentheses after the IPv6 address:
•
Tentative
•
Duplicate
Note:
See the NETGEAR 8800 User Manual for information on IPv6 address types.
You can display additional useful information on VLANs configured with IPv6 addresses by issuing the show ipconfig ipv6 vlan <vlan_name>
. The following is sample output from this command:
# show ipconfig ipv6 my_ipv6_100
Router Interface on my_ipv6_100 is enabled and up. MTU: 1500
Locally registered unicast addresses:
2001:db8::8:802:200c:417a/64
fe80::230:48ff:fe41:ed97%my_ipv6_100/64
Flags:
IPv6 Forwarding: YES Accept recvd RA: NO
Send redirects: NO Accept redirects: NO
When a displayed VLAN is part of a PVLAN, the display includes the PVLAN name and type
(which is network, non-isolated subscriber, or isolated subscriber).
When the displayed VLAN is configured for VLAN translation, the display provides translation
VLAN information. If the displayed VLAN is a translation VLAN, a list of translation VLAN members appears. If the displayed VLAN is a member VLAN, the display indicates the translation VLAN to which the member VLAN belongs.
Example
The following is an example of the show vlan command on the NETGEAR 8806 switch:
XCM8806.4 # show vlan
---------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
--------------------------------------------------------------------------------------alan1 4094 192.18.1.1 /24 -f-----mop-------------- ANY 0 /1 VR-Default alan2 4093 192.18.2.1 /24 -f-----mop-------------- ANY 0 /1 VR-Default alan3 4092 192.18.3.1 /24 -f-----mop-------------- ANY 0 /1 VR-Default alan4 4091 192.18.4.1 /24 -f-----mop-------------- ANY 0 /1 VR-Default
CISCO-OSPF 4090 111.1.1.2 /24 -f------o--------------- ANY 0 /1 VR-Default
Default 1 -------------------------------T------------ ANY 3 /90 VR-Default
Mgmt 4095 172.26.2.145 /24 ------------------------ ANY 1 /1 VR-Mgmt
VLANRIP 4088 123.1.1.1 /24 -f--------r------------- ANY 0 /1 VR-Default
---------------------------------------------------------------------------------------
Chapter 9. VLAN Commands | 449
NETGEAR 8800 Chassis Switch CLI Manual
Flags : (c) 802.1ad customer VLAN (d) NetLogin Dynamically created VLAN,
(D) VLAN Admin Disabled,
(f) IP Forwarding Enabled, (F) Learning Disabled,
(L) Loopback Enabled, (m) IPmc Forwarding Enabled,
(M) Subscriber VLAN, (n) IP Multinetting Enabled,
(N) Network Login VLAN, (o) OSPF Enabled,
(O) Flooding Disabled, (p) PIM Enabled,
(r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
(s) Sub-VLAN, (S) Super-VLAN, (t) Network VLAN,
(T) Member of STP Domain, (v) VRRP Enabled,
Total number of VLAN(s) : 9
The following is an example of the show vlan Default
command:
* XCM8806.5 # show vlan "Default"
VLAN Interface with name Default created by user
Admin State: Enabled Tagging: 802.1Q Tag 1
Virtual router: VR-Default
IPv6: None
STPD: s0(Disabled,Auto-bind)
Protocol: Match all unfiltered protocols
Loopback: Disabled
NetLogin: Disabled
QosProfile: None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile: None configured
Ports: 90. (Number of active ports=3)
Untag: 1:1, 1:2, 1:7, 1:8, 1:9, 1:10, 1:11,
1:12, 1:13, 1:14, 1:15, 1:16, 1:17, 1:18,
1:19, 1:20, 1:21, 1:22, 1:23, 1:24, 3:1,
3:2, 3:3, 3:4, 3:5, 3:6, 3:7, 3:8,
4:1, 4:2, 4:3, 4:4, 4:5, 4:6, 4:7,
4:8, 5:1, 5:2, 5:3, *5:4, 5:5, 5:6,
5:7, 5:8, 6:1, 6:2, 6:3, 6:5, 6:6,
6:7, 6:8, 6:9, 6:10, 6:12, 6:13, 6:14,
6:15, 6:16, 6:17, 6:18, 6:19, 6:20, 6:21,
6:22, 6:23, *6:24, 6:25, 6:26, 6:27, 6:28,
6:29, 6:30, 6:31, 6:32, 6:33, 6:34, 6:35,
6:36, 6:37, 6:38, 6:39, 6:40, 6:41, 6:42,
6:43, 6:44, 6:45, 6:46, 6:47, *6:48
Flags: (*) Active, (!) Disabled, (g) Load Sharing port
(b) Port blocked on the vlan, (m) Mac-Based port
(a) Egress traffic allowed for NetLogin
(u) Egress traffic unallowed for NetLogin
(t) Translate VLAN tag for Private-VLAN
(s) Private-VLAN System Port, (L) Loopback port
(e) Private-VLAN End Point Port
450 | Chapter 9. VLAN Commands
NETGEAR 8800 Chassis Switch CLI Manual
(x) VMAN Tag Translated port
Note:
The m
flag for MAC-based ports represents network login information.
Note:
The number of active ports
line displays the number of ports presently in forwarding state on this VLAN.
The output for the show vlan detail
command displays the same information for all VLANs configured on the switch.
Note:
See
Chapter 19, “IP Unicast Commands,”
for information on adding secondary IP addresses to VLANs.
unconfigure vlan ipaddress
unconfigure {vlan} <vlan_name> ipaddress {<ipv6_address_mask>}
Description
Removes the IP address of the VLAN or a vMAN. With no parameters, the command removes the primary IPv4 address on the specified VLAN. Using the IPv6 parameters, you can remove specified IPv6 addresses from the specified VLAN.
Syntax Description
vlan_name ipv6_address_mask
Specifies a VLAN name.
Specifies an IPv6 address using the format of IPv6-address/prefix-length, where IPv6 is the 128-bit address and the prefix length specifies the number of leftmost bits that comprise the prefix.
Default
Removes the primary IPv4 address from the specified VLAN.
Usage Guidelines
Note:
You need an Advanced license to use vMANs.
Chapter 9. VLAN Commands | 451
NETGEAR 8800 Chassis Switch CLI Manual
If you do not specify any parameters, this command removes the primary IPv4 address from the VLAN.
Note:
With IPv6, you cannot remove the last link local IPv6 address until all global IPv6 addresses are removed.
Example
The following command removes the primary IPv4 address from the VLAN accounting: unconfigure vlan accounting ipaddress
The following command removes an IPv6 addresses from the VLAN finance: unconfigure vlan finance ipaddress 3ffe::1
452 | Chapter 9. VLAN Commands
10.
FDB Commands
10
This chapter describes commands for:
•
Configuring FDB entries
•
Displaying FDB entries
For an introduction to FDB features, see the NETGEAR 8800 User Manual.
clear counters fdb mac-tracking
clear counters fdb mac-tracking [<mac_addr> | all]
Description
Clears the event counters for the FDB MAC-tracking feature.
Syntax Description
mac_addr all
Specifies a MAC address, using colon-separated bytes.
Clears the counters for all tracked MAC addresses.
Default
N/A.
Usage Guidelines
The clear counters
command also clears the counters for all tracked MAC addresses.
Example
The following command example clears the counters for all entries in the MAC address tracking table:
XCM8806.1 # clear counters fdb mac-tracking all
clear fdb
clear fdb {<mac_addr> | ports <port_list> | vlan <vlan_name> | blackhole}
Chapter 10. FDB Commands | 453
NETGEAR 8800 Chassis Switch CLI Manual
Description
Clears dynamic FDB entries that match the filter.
Syntax Description
mac_addr port_list vlan_name blackhole
Specifies a MAC address, using colon-separated bytes.
Specifies one or more ports or slots and ports.
Specifies a VLAN name.
Specifies the blackhole entries.
Default
Clears all dynamic FDB entries.
Usage Guidelines
This command clears FDB entries based on the specified criteria. When no options are specified, the command clears all dynamic FDB entries.
Examples
The following command clears any FDB entries associated with ports 4:3-4:5 on the switch: clear fdb ports 4:3-4:5
The following command clears any FDB entries associated with VLAN corporate: clear fdb vlan corporate
configure fdb agingtime
configure fdb agingtime <seconds>
Description
Configures the FDB aging time for dynamic entries.
Syntax Description
seconds Specifies the FDB aging time in seconds. A value of 0 indicates that the entry should never be aged out.
The NETGEAR 8800 can support the value 0 (no aging) and a range of 15 to
1,000,000 seconds.
Default
300 seconds.
454 | Chapter 10. FDB Commands
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
If the aging time is set to zero, all dynamic entries in the database become static, nonaging entries. This means that they do not age out, but non-permanent static entries can be deleted if the switch is reset.
On NETGEAR 8800 switches, the software flushes the FDB table once the aging timeout parameter is reached, even if the switch is running traffic and populating addresses in the
FDB table.
Example
The following command sets the FDB aging time to 3,000 seconds: configure fdb agingtime 3000
configure fdb mac-tracking ports
configure fdb mac-tracking {[add|delete]} ports [<port_list>|all]
Description
Enables or disables MAC address tracking for all MAC addresses on the specified ports.
Syntax Description
add delete port_list all
Enables MAC address tracking for the specified ports.
Disables MAC address tracking for the specified ports.
Specifies a list of ports on which MAC address tracking is to be enabled or disabled.
Specifies that MAC address tracking is to be enabled or disabled on all ports.
Default
No ports are enabled for MAC address tracking.
Usage Guidelines
MAC address tracking events on enabled ports generate EMS messages and can optionally generate SNMP traps.
Note:
When a MAC address is configured in the tracking table, but detected on a MAC tracking enabled port, the per MAC address statistical counters are not updated.
Chapter 10. FDB Commands | 455
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command enables MAC address tracking for all MAC addresses on port 2:1: configure fdb mac-tracking add ports 2:1
create fdb mac-tracking entry
create fdb mac-tracking entry <mac_addr>
Description
Adds a MAC address to the MAC address tracking table.
Syntax Description
mac_addr Specifies a device MAC address, using colon-separated bytes.
Default
The MAC address tracking table is empty.
Usage Guidelines
None.
Example
The following command adds a MAC address to the MAC address tracking table: create fdb mac-tracking entry 00:E0:2B:12:34:56
create fdbentry vlan ports
create fdbentry <mac_addr> vlan <vlan_name> [ports <port_list> | blackhole]
Description
Creates a permanent static FDB entry.
Syntax Description
mac_addr vlan_name port_list interface-list
Specifies a device MAC address, using colon-separated bytes.
Specifies a VLAN name associated with a MAC address.
Specifies one or more ports or slots and ports associated with the MAC address.
Specifies one or more interfaces to associate with the MAC address.
456 | Chapter 10. FDB Commands
NETGEAR 8800 Chassis Switch CLI Manual
blackhole Enables the blackhole option. Any packets with either a source MAC address or a destination MAC address matching the FDB entry are dropped.
Default
N/A.
Usage Guidelines
Permanent entries are retained in the database if the switch is reset or a power off/on cycle occurs. A permanent static entry can either be a unicast or multicast MAC address. After they have been created, permanent static entries stay the same as when they were created. If the same MAC address and VLAN is encountered on another virtual port that is not included in the permanent MAC entry, it is handled as a blackhole entry. The static entry is not updated when any of the following take place:
•
A VLAN identifier (VLANid) is changed.
•
A port is disabled.
•
A port enters blocking state.
•
A port goes down (link down).
A permanent static FDB entry is deleted when any of the following take place:
•
A VLAN is deleted.
•
A port mode is changed (tagged/untagged).
•
A port is deleted from a VLAN.
Permanent static entries are designated by spm in the flags field of the show fdb
output. You can use the
command to display permanent FDB entries.
If the static entry is for a PVLAN VLAN that requires more than one underlying entry, the system automatically adds the required entries. For example, if the static entry is for a
PVLAN network VLAN, the system automatically adds all required extra entries for the subscriber VLANs.
You can create FDB entries to multicast MAC addresses and list one or more ports. If more than one port number is associated with a permanent MAC entry, packets are multicast to the multiple destinations.
IGMP snooping rules take precedence over static multicast MAC addresses in the IP multicast range (01:00:5e:xx:xx:xx) unless IGMP snooping is disabled.
Note:
When a multiport list is assigned to a unicast MAC address, load sharing is not supported on the ports in the multiport list.
Chapter 10. FDB Commands | 457
NETGEAR 8800 Chassis Switch CLI Manual
Examples
The following command adds a permanent, static entry to the FDB for MAC address 00 E0
2B 12 34 56, in VLAN marketing on slot 2, port 4 on the switch: create fdbentry 00:E0:2B:12:34:56 vlan marketing port 2:4
The following example creates a multicast FDB entry, in VLAN black, on slot 1, ports 1, 2, and
4, on the NETGEAR 8800 switches: create fdbentry 01:00:00:00:00:01 vlan black port 1:1, 1:2, 1:4
delete fdb mac-tracking entry
delete fdb mac-tracking entry [<mac_addr> | all]
Description
Deletes a MAC address from the MAC address tracking table.
Syntax Description
mac_addr all
Specifies a device MAC address, using colon-separated bytes.
Specifies that all MAC addresses are to be deleted from the MAC address tracking table.
Default
The MAC address tracking table is empty.
Usage Guidelines
None.
Example
The following command deletes a MAC address from the MAC address tracking table: delete fdb mac-tracking entry 00:E0:2B:12:34:56
delete fdbentry
delete fdbentry [all | <mac_address> [vlan <vlan name>]
Description
Deletes one or all permanent FDB entries.
458 | Chapter 10. FDB Commands
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
all mac_address vlan_name
Specifies all FDB entries.
Specifies a device MAC address, using colon-separated bytes.
Specifies the specific VLAN name.
Default
N/A.
Usage Guidelines
None.
Examples
The following example deletes a permanent entry from the FDB: delete fdbentry 00:E0:2B:12:34:56 vlan marketing
The following example deletes all permanent entries from the FDB: delete fdbentry all
disable flooding ports
disable flooding [all_cast | broadcast | multicast | unicast] ports [<port_list> | all]
Description
Disables Layer 2 egress flooding on one or more ports. With the NETGEAR 8800 family of switches, you can further identify the type of packets for which to block flooding.
Syntax Description
all_cast broadcast multicast unicast port_list all
Specifies disabling egress flooding for all packets on specified ports.
Specifies disabling egress flooding only for broadcast packets.
Specifies disabling egress flooding only for multicast packets.
Specifies disabling egress flooding only for unknown unicast packets.
Specifies one or more ports or slots and ports.
Specifies all ports on the switch.
Default
Enabled for all packet types.
Chapter 10. FDB Commands | 459
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
Note:
If an application requests specific packets on a specific port, those
packets are not affected by the disable flooding ports
command.
You might want to disable egress flooding to do the following:
•
enhance security
•
enhance privacy
•
improve network performance
This is particularly useful when you are working on an edge device in the network. The practice of limiting flooded egress packets to selected interfaces is also known as upstream forwarding.
Note:
If you disable egress flooding with static MAC addresses, this can affect many protocols, such as IP and ARP.
The following guidelines apply to enabling and disabling egress flooding:
•
Disabling multicasting egress flooding does not affect those packets within an IGMP membership group at all; those packets are still forwarded out. If IGMP snooping is disabled, multicast packets are not flooded.
•
Egress flooding can be disabled on ports that are in a load-sharing group. In a load-sharing group, the ports in the group take on the egress flooding state of the master port; each member port of the load-sharing group has the same state as the master port.
•
FDB learning takes place on ingress ports and is independent of egress flooding; either can be enabled or disabled independently.
•
Disabling unicast or all egress flooding to a port also stops packets with unknown MAC addresses to be flooded to that port.
•
Disabling broadcast or all egress flooding to a port also stops broadcast packets to be flooded to that port.
You can disable egress flooding for unicast, multicast, or broadcast MAC addresses, as well as for all packets on the ports of the NETGEAR 8800 family of switches. The default behavior for the NETGEAR 8800 family of switches is enabled egress flooding for all packet types.
Example
The following command disables egress flooding on slot 4, ports 5 and 6 on a NETGEAR
8800 switch: disable flooding all_cast port 4:5-4:6
460 | Chapter 10. FDB Commands
NETGEAR 8800 Chassis Switch CLI Manual
disable learning iparp sender-mac
disable learning iparp {vr <vr_name>} sender-mac
Description
Disables MAC address learning from the payload of IP ARP packets.
Syntax Description
vr_name Specifies a virtual router.
Default
Disabled.
Usage Guidelines
To view the configuration for this feature, use the following command:
Example
The following command disables MAC address learning from the payload of IP ARP packets: disable learning iparp sender-mac
disable learning port
disable learning {drop-packets | forward-packets} port [<port_list> | all]
Description
Disables MAC address learning on one or more ports for security purposes.
Syntax Description
port port_list all drop-packets forward-packets
Specifies the port.
Specifies one or more ports or slots and ports.
Specifies all ports and slots.
Specifies that packets with unknown source MAC addresses be dropped. If you do not specify the forward-packets option, this option is used.
Specifies that packets with unknown source MAC addresses be forwarded.
Default
Enabled.
Chapter 10. FDB Commands | 461
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
Use this command in a secure environment where access is granted via permanent forwarding database (FDB) entries per port.
Example
The following command disables MAC address learning on port 4:3: disable learning ports 4:3
disable snmp traps fdb mac-tracking
disable snmp traps fdb mac-tracking
Description
Disables SNMP trap generation when MAC-tracking events occur for a tracked MAC address.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
None.
Example
The following command disables SNMP traps for MAC-tracking events: disable snmp traps fdb mac-tracking
enable flooding ports
enable flooding [all_cast | broadcast | multicast | unicast] ports [<port_list> | all]
Description
Enables egress flooding on one or more ports. With the NETGEAR 8800 series switches, you can further identify the type of packets to flood on the specified ports.
Syntax Description
all_cast broadcast
Specifies enabling egress flooding for all packets on specified ports.
Specifies enabling egress flooding only for broadcast packets.
462 | Chapter 10. FDB Commands
NETGEAR 8800 Chassis Switch CLI Manual
multicast unicast port_list all
Specifies enabling egress flooding only for multicast packets.
Specifies enabling egress flooding only for unknown unicast packets.
Specifies one or more ports or slots and ports.
Specifies all ports on the switch.
Default
Enabled for all packet types.
Usage Guidelines
Use this command to re-enable egress flooding that you previously disabled using the
command.
The following guidelines apply to enabling and disabling egress flooding:
•
Disabling multicasting egress flooding does not affect those packets within an IGMP membership group at all; those packets are still forwarded out. If IGMP snooping is disabled, multicast packets are not flooded.
•
Egress flooding can be disabled on ports that are in a load-sharing group. If that is the situation, the ports in the group take on the egress flooding state of the master port; each member port of the load-sharing group has the same state as the master port.
•
FDB learning is independent of egress flooding. FDB learning and egress flooding can be enabled or disabled independently.
•
Disabling unicast or all egress flooding to a port also stops packets with unknown MAC addresses to be flooded to that port.
•
Disabling broadcast or all egress flooding to a port also stops broadcast packets to be flooded to that port.
You can disable egress flooding for unicast, multicast, or broadcast MAC addresses, as well as for all packets on the ports of the NETGEAR 8800 series switches. The default behavior for the NETGEAR 8800 series switches is enabled egress flooding for all packet types.
Example
The following command enables egress flooding on slot 1, ports 1 and 2 on a NETGEAR
8800 switch: enable flooding all_cast port 1:1-1:2
enable learning iparp sender-mac
enable learning iparp {request | reply | both-request-and-reply} {vr <vr_name>} sender-mac
Description
Enables MAC address learning from the payload of IP ARP packets.
Chapter 10. FDB Commands | 463
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
request reply both-request-and-reply vr_name
Enables learning only for IP ARP request packets.
Enables learning only for IP ARP reply packets.
Enables learning for both request and reply packets.
Specifies a virtual router.
Default
Disabled.
Usage Guidelines
To view the configuration for this feature, use the following command:
Example
The following command enables MAC address learning from the payload of reply IP ARP packets: enable learning iparp reply sender-mac
enable learning port
enable learning ports [all | <port_list>]
Description
Enables MAC address learning on one or more ports.
Syntax Description
all port_list
Specifies all ports.
Specifies one or more ports or slots and ports.
Default
Enabled.
Example
The following command enables MAC address learning on slot 1, ports 7 and 8 on the switch: enable learning ports 1:7-8
464 | Chapter 10. FDB Commands
NETGEAR 8800 Chassis Switch CLI Manual
enable snmp traps fdb mac-tracking
enable snmp traps fdb mac-tracking
Description
Enables SNMP trap generation when MAC-tracking events occur for a tracked MAC address.
Syntax Description
This command has no arguments or variables.
Default
Disabled.
Usage Guidelines
None.
Example
The following command enables SNMP traps for MAC-tracking events: enable snmp traps fdb mac-tracking
show fdb
show fdb {blackhole {netlogin [all | mac-based-vlans]} | netlogin [all | mac-based-vlans] | permanent {netlogin [all | mac-based-vlans]} | <mac_addr> {netlogin [all | mac-based-vlans]}
| ports <port_list> {netlogin [all | mac-based-vlans]} | vlan <vlan_name> {netlogin [all | mac-based-vlans]}}
Description
Displays FDB entries.
Syntax Description
blackhole slot num_entries netlogin all netlogin mac-based-vlans permanent
Displays the blackhole entries. (All packets addressed to these entries are dropped.)
Specifies a slot in the switch.
Specifies the maximum number of hardware entries to display. The range is 1 to 25.
Displays all FDBs created as a result of the netlogin process.
Displays all netlogin MAC-based VLAN FDB entries. See
16, “Network Login Commands,” for more information on netlogin.
Displays all permanent entries, including the ingress and egress QoS profiles.
Chapter 10. FDB Commands | 465
NETGEAR 8800 Chassis Switch CLI Manual
mac_addr port_list vlan_name
Specifies a MAC address, using colon-separated bytes, for which FDB entries should be displayed.
Displays the entries for one or more ports or ports and slots.
Displays the entries for a specific VLAN.
Default
All.
Usage Guidelines
The show fdb
command output displays the following information:
Mac
Vlan
Age
Flags
Port List
The MAC address that defines the entry.
The PVLAN or VLAN for the entry.
The age of the entry, in seconds (does not appear if the keyword permanent is specified). The age parameter does not display for the backup MSM/MM on the switch.
Flags that define the type of entry:
• b - Ingress Blackhole
• B - Egress Blackhole
• D - Drop entry for an isolated subscriber VLAN
• d - Dynamic
• h - Aged in hardware
• i - an entry also exists in the IP FDB
• l - lockdown MAC
• L - lockdown-timeout MAC
• m - MAC
• M - Mirror
• n - NetLogin
• o - IEEE 802.1ah backbone MAC
• P - PVLAN created entry
• p - Permanent
• s - Static
• v - NetLogin MAC-Based VLAN
• x - an entry also exists in the IPX FDBs
The ports on which the MAC address has been learned.
Examples
The following command example shows how the FDB entries appear for all options except the hardware
option:
# show fdb
466 | Chapter 10. FDB Commands
NETGEAR 8800 Chassis Switch CLI Manual
Mac Vlan Age Flags Port / Virtual Port List
-----------------------------------------------------------------------------
00:0c:29:4b:34:cf v101(0101) 0041 d m D 1:2
00:0c:29:4b:34:cf v100(0100) 0041 d m P 1:2
00:0c:29:d2:2d:48 v102(0102) 0045 d m 1:3
00:0c:29:d2:2d:48 v100(0100) 0045 d m P 1:3
00:0c:29:f1:f2:f5 v100(0100) 0045 d m 1:1
00:0c:29:f1:f2:f5 v102(0102) 0045 d m P 1:1
00:0c:29:f1:f2:f5 v101(0101) 0045 d m P 1:1
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,
x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress
Blackhole,
b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN
translation,
D - drop packet, h - Hardware Aging, o - IEEE 802.1ah Backbone MAC.
Total: 3 Static: 0 Perm: 0 Dyn: 3 Dropped: 0 Locked: 0 Locked with Timeout: 0
FDB Aging time: 300
FDB VPLS Aging time: 300
The following example shows the display format when a PVLAN is configured. Note that
VLAN translation is configured on some ports (as indicated by the t flag).
XCM8806.9 # show fdb
Mac Vlan Age Flags Port / Virtual Port List
-----------------------------------------------------------------------------
00:04:0d:f3:9b:84 Default(0001) 0048 d m 6:48
00:1a:b9:33:f8:68 Default(0001) 0000 d m 6:48
00:23:ac:da:4c:0b Default(0001) 0044 d m 6:48
00:d0:b0:10:c7:00 Default(0001) 0028 d m 6:24
00:d0:b0:10:cb:00 Default(0001) 0005 d m 6:48 e0:91:f5:06:2c:2a Default(0001) 0050 d m 6:48
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP, x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole, b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,
D - drop packet, h - Hardware Aging, o - IEEE 802.1ah Backbone MAC.
Total: 6 Static: 0 Perm: 0 Dyn: 6 Dropped: 0 Locked: 0 Locked with Timeout: 0
FDB Aging time: 300
FDB VPLS Aging time: 300
show fdb mac-tracking configuration
show fdb mac-tracking configuration
Description
Displays configuration information for the MAC address tracking feature.
Chapter 10. FDB Commands | 467
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
This command has no arguments or variables.
Default
The MAC address tracking table is empty.
Usage Guidelines
None.
Example
The following command example displays the contents of the MAC address tracking table:
Switch.8 # show fdb mac-tracking configuration
MAC-Tracking enabled ports: 1-3,10,20
SNMP trap notification : Enabled
MAC address tracking table (4 entries):
00:30:48:72:ee:88
00:21:9b:0e:ca:32
00:12:48:82:9c:56
00:30:48:84:d4:16
show fdb mac-tracking statistics
show fdb mac-tracking statistics {<mac_addr>} {no-refresh}
Description
Displays statistics for the MAC addresses that are being tracked.
Syntax Description
mac_addr no-refresh
Specifies a MAC address, using colon-separated bytes, for which FDB entries should be displayed.
Specifies a static snapshot of data instead of the default dynamic display.
Default
N/A.
Usage Guidelines
Use the keys listed below the display to clear the statistics counters or page up or down through the table entries.
468 | Chapter 10. FDB Commands
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command example displays statistics for the entries in the MAC address tracking table:
XCM8810.3 # show fdb mac-tracking statistics
MAC Tracking Statistics Fri Mar 20 15:25:01 2009
Add Move Delete
MAC Address events events events
=====================================================
00:00:00:00:00:01 0 0 0
00:00:00:00:00:02 0 0 0
00:00:00:00:00:03 0 0 0
00:00:00:00:00:04 0 0 0
00:00:00:00:00:05 0 0 0
00:00:00:00:00:06 0 0 0
00:00:00:00:00:07 0 0 0
00:00:00:00:00:08 0 0 0
00:00:00:00:00:09 0 0 0
00:00:00:00:00:10 0 0 0
00:00:00:00:00:11 0 0 0
00:00:00:00:00:12 0 0 0
00:00:00:00:00:13 0 0 0
00:00:00:00:00:14 0 0 0
00:00:00:00:00:15 0 0 0
00:00:00:00:00:16 0 0 0
00:00:00:00:00:17 0 0 0
00:00:00:00:00:18 0 0 0
=====================================================
0->Clear Counters U->page up D->page down ESC->exit
show fdb stats
show fdb stats {{ports {all | <port_list>} | vlan {all} | {vlan} <vlan_name> } {no-refresh}}
Description
Displays FDB entry statistics for the specified ports or VLANs in either a dynamic or a static report.
Syntax Description
all port_list vlan_name no-refresh
Requests statistics for all ports or all VLANs.
Specifies which ports are to be included in the statistics display.
Specifies a single VLAN to be included in the statistics display.
Specifies a static display, which is not automatically updated.
Chapter 10. FDB Commands | 469
NETGEAR 8800 Chassis Switch CLI Manual
Default
Summary FDB statistics for the switch.
Usage Guidelines
The dynamic display remains visible and continues to update until you press <Esc>.
The show fdb stats
command output displays the following information:
Port
Link State
VLAN
MAC Addresses
Dynamic
Static
Dropped
When you chose to display statistics for ports, this column displays port numbers.
When you chose to display statistics for ports, this column displays the link states, which are described at the bottom of the display.
When you chose to display statistics for VLANs, this column displays VLAN names.
This column displays the total number of MAC addresses for each port or
VLAN.
This column displays the total number of MAC addresses that were learned dynamically for each port or VLAN.
This column displays the total number of MAC addresses that are configured on this switch for each port or VLAN.
This column displays the total number of dynamic MAC addresses that were discovered, but not stored in the FDB. Discovered MAC addresses might be dropped because a configured learning limit is reached, the FDB is in lockdown, or a port forwarding state is in transition. Some conditions that lead to dropped MAC addresses can produce log messages or SNMP traps.
Examples
The following command example displays summary FDB statistics for the switch: torino1.1 # show fdb stats
Total: 4 Static: 3 Perm: 3 Dyn: 1 Dropped: 0
FDB Aging time: 300
FDB VPLS Aging time: 300
(pacman debug) torino1.2 #
The following command example displays FDB statistics for ports 1 to 16 on slot 1:
# show fdb stats ports 1:1-1:16
FDB Stats Mon Mar 15 15:30:49 2010
Port Link MAC
State Addresses Dynamic Static Dropped
=======================================================================
1:1 A 2394 2389 5 2
470 | Chapter 10. FDB Commands
NETGEAR 8800 Chassis Switch CLI Manual
1:2 A 37 37 0 0
1:3 A 122 121 1 452
1:4 R 0 0 0 0
1:5 R 0 0 0 0
1:6 A 43 43 0 0
1:7 A 118 118 0 0
1:8 R 0 0 0 0
1:9 R 0 0 0 0
1:10 A 8 8 0 0
1:11 A 2998 2990 8 1
1:12 A 486 486 0 0
1:13 R 0 0 0 0
1:14 A 42 42 0 0
1:15 A 795 795 0 0
1:16 A 23 23 0 2
=======================================================================
Link State: A-Active, R-Ready, NP-Port Not Present, L-Loopback
U->page up D->page down ESC->exit
The following command example displays FDB statistics for all VLANs:
# show fdb stats vlan all
FDB Stats Mon Mar 15 15:30:49 2010
VLAN MAC Addresses Dynamic Static Dropped
=============================================================================
SV_PPPOE 2394 2389 5 2
NV_PPPOE 122 121 1 452
=============================================================================
U->page up D->page down ESC->exit
Chapter 10. FDB Commands | 471
11.
Commands for Virtual Routers
11
This chapter describes commands for:
•
Creating and deleting virtual routers
•
Configuring and managing virtual routers
•
Displaying information about virtual routers
For an introduction to virtual routers, see the NETGEAR 8800 User Manual.
configure vr add ports
configure vr <vr-name> add ports <portlist>
Description
Assigns a list of ports to the virtual router specified.
Syntax Description
vr-name portlist
Specifies the name of the virtual router.
Specifies the ports to add to the virtual router.
Default
By default, all ports are assigned to the virtual router, VR-Default.
Usage Guidelines
When a new virtual router is created, by default, no ports are assigned, no VLAN interface is created, and no support for any roYPuting protocols is added. Use this command to assign ports to a virtual router. Since all ports are initially assigned to VR-Default, you might need to delete the desired ports first from the virtual router where they reside, before you add them to the desired virtual router.
Chapter 11. Commands for Virtual Routers | 472
NETGEAR 8800 Chassis Switch CLI Manual
If you plan to assign VR ports to a VLAN, be aware that the ports that you add to a VLAN and the VLAN itself cannot be explicitly assigned to different virtual routers. When multiple virtual routers are defined, consider the following guidelines while adding ports to a VR:
•
A VLAN can belong (either through explicit or implicit assignment) to only one VR.
•
If a VLAN is not explicitly assigned to a VR, then the ports added to the VLAN must be explicitly assigned to a single VR.
•
If a VLAN is explicitly assigned to a VR, then the ports added to the VLAN must be explicitly assigned to the same VR or to no VR.
•
If a port is added to VLANs that are explicitly assigned to different VRs, the port must be explicitly assigned to no VR.
Example
The following command adds all the ports on slot 2 to the virtual router vr-acme: configure vr vr-acme add ports 2:*
configure vr add protocol
configure vr <vr-name> add protocol <protocol-name>
Description
Starts a Layer 3 protocol on a virtual router.
Syntax Description
vr-name protocol-name
Specifies the name of the virtual router.
Specifies the Layer 3 protocol.
Default
N/A.
Usage Guidelines
When a new virtual router is created, by default, no ports are assigned, no VLAN interface is created, and no support for any routing protocols is added. Use this command to start the
Layer 3 protocol specified on the virtual router. The choices for protocol-name
are:
•
RIP
•
OSPF
•
BGP
•
PIM
Chapter 11. Commands for Virtual Routers | 473
NETGEAR 8800 Chassis Switch CLI Manual
MPLS is the only protocol that you can add to or delete from the VR-Default virtual router. You cannot add or delete any other protocols from VR-Default, and you cannot add or delete any protocols from the other system virtual routers, VR-Mgmt and VR-Control.
Example
The following command starts RIP on the virtual router vr-acme: configure vr vr-acme add protocol rip
configure vr delete ports
configure vr <vr-name> delete ports <portlist>
Description
Removes a list of ports from the virtual router specified.
Syntax Description
vr-name portlist
Specifies the name of the virtual router.
Specifies the ports to remove from the virtual router.
Default
By default, all ports are assigned to the virtual router, VR-Default.
Usage Guidelines
When a new virtual router is created, by default, no ports are assigned, no VLAN interface is created, and no support for any routing protocols is added. Use this command to remove ports from a virtual router. Since all ports are initially assigned to VR-Default, you might need to delete the desired ports first from the virtual router where they reside, before you add them to the desired virtual router.
Example
The following command removes all the ports on slot 2 from the virtual router vr-acme: configure vr vr-acme delete ports 2:*
configure vr delete protocol
configure vr <vr-name> delete protocol <protocol-name>
Description
Stops and removes a Layer 3 protocol on a virtual router.
474 | Chapter 11. Commands for Virtual Routers
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
vr-name protocol-name
Specifies the name of the virtual router.
Specifies the Layer 3 protocol.
Default
N/A.
Usage Guidelines
The choices for protocol-name
are:
•
RIP
•
OSPF
•
BGP
•
PIM
You cannot add or delete any other protocols from VR-Default, and you cannot add or delete any protocols from the other system virtual routers, VR-Mgmt and VR-Control.
Example
The following command shutdowns and removes RIP from the virtual router vr-acme: configure vr vr-acme delete protocol rip
create virtual-router
create virtual-router <vr-name>
Description
Creates a user virtual router.
Syntax Description
vr-name Specifies the name of the user virtual router.
Default
N/A.
Usage Guidelines
This command creates a new user virtual router. The three default system virtual routers,
VR-Mgmt, VR-Control, and VR-Default always exist and cannot be deleted or renamed. For
Chapter 11. Commands for Virtual Routers | 475
NETGEAR 8800 Chassis Switch CLI Manual
backward compatibility, you cannot name a virtual router VR-0, VR-1, or VR-2, as they were the original names of the system virtual routers.
A virtual router name must begin with an alphabetical character and may contain alphanumeric characters and underscores (_), but it cannot contain spaces. The maximum allowed length for a name is 32 characters. The name must be unique among the VLAN and virtual router names on the switch. Virtual router names are case insensitive. For information on virtual router name guidelines and a list of reserved names, see the section “Object
Names” in the NETGEAR 8800 User Manual.
When a new virtual router is created, by default, no ports are assigned, no VLAN interface is created, and no support for any routing protocols is added.-
Example
The following command creates the virtual router vr-acme: create virtual-router vr-acme
delete virtual-router
delete virtual-router <vr-name>
Description
Deletes a virtual router.
Syntax Description
vr-name Specifies the name of the virtual router.
Default
N/A.
Usage Guidelines
Only user virtual routers can be deleted. When a virtual router gets deleted, all of the VLANs in the virtual router are deleted. All of the ports assigned to this virtual router are deleted and made available to assign to other virtual routers. Any routing protocol that is running on the virtual router is shut down and deleted gracefully.
Example
The following command creates the virtual router vr-acme: delete virtual-router vr-acme
show virtual-router
show virtual-router {<vr-name>}
476 | Chapter 11. Commands for Virtual Routers
NETGEAR 8800 Chassis Switch CLI Manual
Description
Displays information about the virtual routers.
Syntax Description
vr-name Specifies the name of the virtual router.
Default
N/A.
Usage Guidelines
During system boot up, the NETGEAR 8800 creates three system virtual routers: VR-Mgmt,
VR-Control, and VR-Default (previous to release 11.0 these virtual routers were named VR-0,
VR-1, and VR-2, respectively). The following defines each system virtual router:
•
The management port on both the primary and backup MSMs/MMs and the VLAN mgmt belong to VR-Mgmt.
•
Internal system operations use VR-Control.
•
The default VLAN belongs to VR-Default.
Beginning with release 11.0, you can create additional virtual routers, called user virtual routers. User virtual routers are created without any routing protocols, so the protocols must be added. The protocols on the system virtual routers are predefined and cannot be changed.
The output displays, in tabular format, the:
•
Name of the virtual router
•
Number of VLANs that belong to that virtual router
•
Number of ports that belong to that virtual router
•
Which routing protocols have been added to that virtual router
When you specify a particular virtual router, the output displays:
•
The number of ports
•
A list of ports
•
The protocols configured
•
The name of the process supporting the protocol on that virtual router
Examples
The following command displays the virtual router configurations on the switch:
Switch.19 # show virtual-router
---------------------------------------------------------
Virtual Router Number of Number of Flags
Chapter 11. Commands for Virtual Routers | 477
NETGEAR 8800 Chassis Switch CLI Manual
Vlans Ports
--------------------------------------------------------region1 7 0 --------
VR-Control 0 0 --------
VR-Default 1 20 boprimOR
VR-Mgmt 1 0 --------
---------------------------------------------------------
Flags : Routing protocols configured on the virtual router
(b) BGP, (i) ISIS, (m) MPLS, (o) OSPF, (p) PIM, (r) RIP,
(O) OSPFv3, (R) RIPng
System Totals :
Total Virtual Routers : 4 Max Virtual Routers : 67
Total Protocols : 8 Max Protocols : 48
The following command displays the virtual router VR-Default:
Switch.20 # show virtual-router "VR-Default"
Virtual router : VR-Default
No of vlans : 1
No of ports : 20
Port List : 1:1-20
Protocols Configured:
Protocol: BGP, Process Name: bgp
Protocol: OSPF, Process Name: ospf
Protocol: RIP, Process Name: rip
Protocol: PIM, Process Name: pim
Protocol: ISIS, Process Name: isis
Protocol: MPLS, Process Name: mpls
Protocol: OSPFv3, Process Name: ospfv3
Protocol: RIPng, Process Name: ripng
VLANs : Default
Virtual Router Totals :
Total Protocols : 8 Max Protocols : 8
The following command displays information for user virtual router region1:
Switch.21 # show virtual-router region1
Virtual router : region1
No of vlans : 7
Protocols Configured:
Protocol: BGP, Process Name: bgp-3
Protocol: OSPF, Process Name: ospf-3
VLANs : zone1, zone2, zone3,
zone4, zone5, zone6,
zone7
Virtual Router Totals :
Total Protocols : 2 Max Protocols : 6
478 | Chapter 11. Commands for Virtual Routers
NETGEAR 8800 Chassis Switch CLI Manual
virtual-router
virtual-router {<vr-name>}
Description
Changes the virtual router context.
Syntax Description
vr-name Specifies the name of the virtual router.
Default
N/A.
Usage Guidelines
Use this command to change the virtual router context for subsequent commands. When you issue the command, the prompt changes to reflect the virtual router domain. Configuration commands for Layer 3 routing protocols, creating VLANs, and deleting VLANs apply only to the current virtual router context.
Under a virtual router configuration domain, any virtual router commands are applied only to that virtual router. The virtual router commands consist of all the BGP, OSPF, PIM and RIP
commands, and the commands listed in
Table 14. Virtual Router Commands
[enable | disable] ipforwarding clear iparp * clear counters iparp * configure iparp * configure iparp [add | delete] *
[enable | disable] iparp * show iparp * configure iproute [add | delete] * show iproute * show ipstats * rtlookup create [vlan | vman] <vlan-name>
[enable | disable] igmp
Chapter 11. Commands for Virtual Routers | 479
NETGEAR 8800 Chassis Switch CLI Manual
Table 14. Virtual Router Commands (Continued)
[enable | disable] igmp snooping *
[enable | disable] ipmcforwarding show igmp show igmp snooping show igmp group show igmp snooping cache
* Indicates that other commands are available with these listed.
The virtual router context simplifies configuration because you do not have to specify the virtual router for each individual protocol configuration command. The current VR context is indicated in the command line interface (CLI) prompt.
For example, if you wish to configure OSPF for the user virtual router vr-manufacturing, you would change the virtual router context to that of vr-manufacturing. All the subsequent OSPF commands would apply to that virtual router, unless the context is changed again.
A virtual router is identified by a name (up to 32 characters long). The name must be unique among the VLAN and virtual router names on the switch. For backward compatibility, you cannot name a virtual router VR-0, VR-1, or VR-2. Virtual router names are case insensitive.
When a new virtual router is created, by default, no ports are assigned, no VLAN interface is created, and no support for any routing protocols is added.
Example
The following command changes the virtual router context to vr-acme: virtual-router vr-acme
480 | Chapter 11. Commands for Virtual Routers
12.
Policy Manager Commands
12
This chapter describes commands for:
•
Creating and configuring policy files for IP access lists (ACLs)
•
Creating and configuring policy files for routing policies
Policies are a generalized category of features that impact forwarding and route forwarding decisions. Access policies are used primarily for security and quality of service (QoS) purposes.
IP access lists (also referred to as Access Lists or ACLs) consist of IP access rules and are used to perform packet filtering and forwarding decisions on traffic traversing the switch. Each packet on an interface is compared to the access list in sequential order and is either forwarded to a specified QoS profile or dropped. Additionally, packets can be metered using ACLs. Using access lists has no impact on switch performance.
Access lists are typically applied to traffic that crosses Layer 3 router boundaries, but it is possible to use access lists within a Layer 2 VLAN. NETGEAR products are capable of performing this function with no additional configuration.
Routing policies are used to control the advertisement or recognition of routes from routing protocols, such as RIP, OSPF, or BGP. Routing policies can be used to ‘hide’ entire networks or to trust only specific sources for routes or ranges of routes. The capabilities of routing policies are specific to the type of routing protocol involved, but are sometimes more efficient and easier to implement than access lists.
Note:
Although the NETGEAR 8800 does not prohibit mixing ACL and routing type entries in a policy file, it is strongly recommended that you do not mix the entries, and you use separate policy files for ACL and routing policies.
check policy
check policy <policy-name> {access-list}
Description
Checks the syntax of the specified policy.
Chapter 12. Policy Manager Commands | 481
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
policy-name access-list
Specifies the policy to check.
Specifies that an access list specific check is performed.
Default
N/A.
Usage Guidelines
Use this command to check the policy syntax before applying it. If any errors are found, the line number and a description of the syntax error are displayed. A policy that contains syntax errors will not be applied.
This command can only determine if the syntax of the policy file is correct and can be loaded into the policy manager database. Since a policy can be used by multiple applications, a particular application may have additional constraints on allowable policies.
Example
The following example checks the syntax of the policy zone5: check policy zone5
If no syntax errors are discovered, the following message is displayed:
Policy file check successful.
check policy attribute
check policy attribute {<attr>}
Description
Displays the syntax of the specified policy attribute.
Syntax Description
attr Specifies the attribute check.
Default
N/A.
Usage Guidelines
Use this command to display the syntax of policy attributes. The command displays any additional keywords to use with this attribute, and the types of values expected.
482 | Chapter 12. Policy Manager Commands
NETGEAR 8800 Chassis Switch CLI Manual
Policy attributes are used in the rule entries that make up a policy file.
For each attribute, this command displays which applications use the attribute, and whether the attribute is a match condition or a set (action, action modifier) condition.
The current applications are:
•
ACL—access-lists
•
RT—routing profiles, route maps
•
CLF—CLEAR-Flow
The syntax display does not show the text synonyms for numeric entries. For example, the icmp-type
match condition allows you to specify either an integer or a text synonym for the condition. Specifying icmp-type 8
or icmp-type echo-request
are equivalent, but the syntax display shows only the numeric option.
Note:
The syntax displayed is used by the policy manager to verify the syntax of policy files. The individual applications are responsible for implementing the individual attributes. Inclusion of a particular policy attribute in this command output does not imply that the attribute has been implemented by the application. See the documentation of the particular application for detailed lists of supported attributes.
Example
The following example displays the syntax of the policy attribute icmp-type: check policy attribute icmp-type
The following is sample output for this command:
( match ) ( ACL ) icmp-type <uint32 val>
edit policy
edit policy <filename>
Description
Edits a policy text file.
Syntax Description
filename Specifies the filename of the policy text file.
Chapter 12. Policy Manager Commands | 483
NETGEAR 8800 Chassis Switch CLI Manual
Default
N/A.
Usage Guidelines
This command edits policy text files that are on the switch. All policy files use “
.pol
” as the filename extension, so to edit the text file for the policy boundary use boundary.pol
as the filename. If you specify the name of a file that does not exist, you will be informed and the file will be created.
This command spawns a VI-like editor to edit the named file. For information on using VI, if you are not familiar with it, do a web search for “VI editor basic information”, and you should find many resources. The following is only a short introduction to the editor.
Edit operates in one of two modes; command and input. When a file first opens, you are in the command mode. To write in the file, use the keyboard arrow keys to position your cursor within the file, then press one of the following keys to enter input mode:
•
i - To insert text ahead of the initial cursor position
•
a- To append text after the initial cursor position
To escape the input mode and return to the command mode, press the Escape key.
There are several commands that can be used from the command mode. The following are the most commonly used:
•
dd - To delete the current line
•
yy - To copy the current line
•
p - To paste the line copied
•
:w - To write (save) the file
•
:q - To quit the file if no changes were made
•
:q! - To forcefully quit the file without saving changes
•
:wq - To write and quit the file
Refresh Policy
After you have edited the text file for a policy that is currently active, you will need to refresh the policy if you want the changes to be reflected in the policy database. When you refresh the policy, the text file is read, the syntax is checked, the policy information is added to the policy manager database, and the policy then takes effect. Use the following command to refresh a policy:
If you just want to check to be sure the policy contains no syntax errors, use the following command:
check policy <policy-name> {access-list}
484 | Chapter 12. Policy Manager Commands
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command allows you to begin editing the text file for the policy boundary: edit policy boundary.pol
refresh policy
refresh policy <policy-name>
Description
Refreshes the specified policy.
Syntax Description
policy-name Specifies the policy to refresh.
Default
N/A.
Usage Guidelines
Use this command when a new policy file for a currently active policy has been downloaded to the switch, or when the policy file for an active policy has been edited. This command reprocesses the text file and updates the policy database.
The policy manager uses Smart Refresh to update the ACLs. When a change is detected, only the ACL changes needed to modify the ACLs are sent to the hardware, and the unchanged entries remain. This behavior avoids having to blackhole packets because the
ACLs have been momentarily cleared. Smart Refresh works well for minor changes, however, if the changes are too great, the refresh reverts to the earlier behavior. To take advantage of Smart Refresh, disable access-list refresh blackholing by using the command:
disable access-list refresh blackhole
If you attempt to refresh a policy that cannot take advantage of Smart Refresh, you will receive a message similar to the following if blackholing is enabled:
Incremental refresh is not possible given the configuration of policy <name>. Note, the current setting for Access-list Refresh Blackhole is Enabled.
Would you like to perform a full refresh? (Yes/No) [No]: and if blackholing is not enabled:
Incremental refresh is not possible given the configuration of policy <name>. Note, the current setting for Access-list Refresh Blackhole is Disabled.
WARNING: If a full refresh is performed, it is possible packets that should be denied may be forwarded through the switch during the time the access list is being installed.
Would you like to perform a full refresh? (Yes/No) [No]:
Chapter 12. Policy Manager Commands | 485
NETGEAR 8800 Chassis Switch CLI Manual
If you attempt to refresh a policy that is not currently active, you will receive an error message.
For an ACL policy, the command is rejected if there is a configuration error or hardware resources are not available.
Example
The following example refreshes the policy zone5: refresh policy zone5
show policy
show policy {<policy-name> | detail}
Description
Displays the specified policy.
Syntax Description
policy-name detail
Specifies the policy to display.
Show the policy in detail.
Default
If no policy name is specified, all policies are shown
Usage Guidelines
Use this command to display which clients are using the specified policy. The detail option displays the rules that make up the policy.
Example
The following example displays the policy zone5: show policy zone5
486 | Chapter 12. Policy Manager Commands
13.
ACL Commands
13
This chapter describes commands for creating and configuring IP access lists (ACLs).
IP access lists (also referred to as Access Lists or ACLs) consist of IP access rules and are used to perform packet filtering and forwarding decisions on traffic traversing the switch. Each packet on an interface is compared to the access list in sequential order and is either forwarded to a specified QoS profile or dropped. Additionally, for the NETGEAR 8800 series switches, packets can be metered using ACLs. Using access lists has no impact on switch performance.
Access lists are typically applied to traffic that crosses Layer 3 router boundaries, but it is possible to use access lists within a Layer 2 VLAN. NETGEAR products are capable of performing this function with no additional configuration.
Note:
Although the NETGEAR 8800 does not prohibit mixing ACL and routing type entries in a policy file, it is strongly recommended that you do not mix the entries, and you use separate policy files for ACL and routing policies.
clear access-list counter
clear access-list {dynamic} counter {<countername>} {any | ports <portlist> | vlan
<vlanname>} {ingress | egress}
Description
Clears the specified access list counters.
Syntax Description
dynamic countername any portlist vlanname
Specifies that the counter is from a dynamic ACL.
Specifies the ACL counter to clear.
Specifies the wildcard ACL.
Specifies to clear the counters on these ports.
Specifies to clear the counters on the VLAN.
Chapter 13. ACL Commands | 487
NETGEAR 8800 Chassis Switch CLI Manual
ingress egress
Clear the ACL counter for packets entering the switch on this interface.
Clear the ACL counter for packets leaving the switch from this interface.
Default
The default direction is ingress; the default ACL type is non-dynamic.
Usage Guidelines
Use this command to clear the ACL counters. If you do not specify an interface, or the any option, you will clear all the counters.
Example
The following example clears all the counters of the ACL on port 2:1: clear access-list counter port 2:1
The following example clears the counter counter2 of the ACL on port 2:1 clear access-list counter counter2 port 2:1
clear access-list meter
clear access-list meter {<metername>} [any | ports <portlist> | vlan <vlanname>]
Description
Clears the specified access list meters.
Syntax Description
metername portlist vlanname
Specifies the ACL meter to clear.
Specifies to clear the counters on these ports.
Specifies to clear the counters on the VLAN.
Default
N/A.
Usage Guidelines
Use this command to clear the out-of-profile counters associated with the meter configuration.
488 | Chapter 13. ACL Commands
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following example clears all the out-of-profile counters for the meters of the ACL on port
2:1: clear access-list meter port 2:1
The following example clears the out-of-profile counters for the meter meter2 of the ACL on port 2:1 clear access-list meter meter2 port 2:1
configure access-list
configure access-list <aclname> [any | ports <portlist> | vlan <vlanname>] {ingress | egress}
Description
Configures an access list to the specified interface.
Syntax Description
policy-name aclname any portlist port_list vlanname ingress egress
Specifies the ACL policy name. The name can be from 1-32 characters long.
Specifies the ACL name.
Specifies that this ACL is applied to all interfaces as the lowest precedence
ACL.
Specifies the ingress port list on which the ACL is applied.
Specifies the egress port list.
Specifies the VLAN on which the ACL is applied.
Apply the ACL to packets entering the switch on this interface.
Apply the ACL to packets leaving the switch from this interface.
Default
The default direction is ingress.
Usage Guidelines
The access list applied in this command is contained in a text file created either externally to the switch or using the
command. The file is transferred to the switch using
TFTP before it is applied to the ports. The ACL name is the file name without its “.pol” extension. For example, the ACL blocknetfour would be in the file blocknetfour.pol. For more information on policy files, see the NETGEAR 8800 User Manual.
Specifying the keyword any
applies the ACL to all the ports, and is referred to as the wildcard
ACL. This ACL is evaluated for ports without a specific ACL applied to it, and is also applied to packets that do not match the ACL applied to the interface.
Chapter 13. ACL Commands | 489
NETGEAR 8800 Chassis Switch CLI Manual
Example
The following command configures the ACL policy test to port 1:2 at ingress: configure access-list test ports 1:2
The following command configures the ACL mydefault as the wildcard ACL: configure access-list mydefault any
The following command configures the ACL policy border as the wildcard egress ACL: configure access-list border any egress
configure access-list add
configure access-list add <dynamic_rule> [ [[first | last] {priority <p_number>} {zone <zone>}
] | [[before | after] <rule>] | [ priority <p_number> {zone <zone>} ]] [ any | vlan
<vlanname> | ports <portlist> ] {ingress | egress}
Description
Configures a dynamic ACL rule to the specified interface and sets the priority and zone for the ACL.
Syntax Description
dynamic_rule first last zone p_number before <rule> after <rule> any vlanname portlist ingress egress
Specifies a dynamic ACL rule.
Specifies that the new dynamic rule is to be added as the first rule.
Specifies that the new dynamic rule is to be added as the last rule.
Specifies the ACL zone for the rule.
Specifies the priority number of the rule within a zone. The range is from 0
(highest priority) to 7 (lowest priority).
Specifies that the new dynamic rule is to be added before an existing dynamic rule.
Specifies that the new dynamic rule is to be added after an existing dynamic rule.
Specifies that this ACL is applied to all interfaces.
Specifies the VLAN on which this ACL is applied.
Specifies the ports on which this ACL is applied.
Apply the ACL to packets entering the switch on this interface.
Apply the ACL to packets leaving the switch from this interface.
Default
The default direction is ingress.
490 | Chapter 13. ACL Commands
NETGEAR 8800 Chassis Switch CLI Manual
Usage Guidelines
The dynamic rule must first be created before it can be applied to an interface. Use the following command to create a dynamic rule:
create access-list <dynamic-rule> <conditions> <actions> {non-permanent}
When a dynamic ACL rule is applied to an interface, you will specify its precedence among any previously applied dynamic ACLs. All dynamic ACLs have a higher precedence than any
ACLs applied through ACL policy files.
Specifying the keyword any
applies the ACL to all the ports, and is referred to as the wildcard
ACL. This ACL is evaluated for ports without a specific ACL applied to them, and is also applied to packets that do not match the ACL applied to the interface.
The priority
keyword can be used to specify a sub-zone within an application’s space. For example, to place ACLs into three sub-zones within the CLI application, you can use three priority numbers, such as 2, 4, and 7.
Configuring priority number 1 is the same as configuring first priority. Configuring priority number 8 is the same as configuring last priority.
Example
The following command applies the dynamic ACL icmp-echo as the first (highest precedence) dynamic ACL to port 1:2 at ingress: configure access-list add icmp-echo first ports 1:2
The following command applies the dynamic ACL udpdacl to port 1:2, with a higher precedence than rule icmp-echo: configure access-list add udpacl before icmp-echo ports 1:2
configure access-list delete
configure access-list delete <ruleName> [ any | vlan <vlanname> | ports <portlist> | all]
{ingress | egress}
Description
Removes a dynamic ACL rule from the specified interface.
Syntax Description
ruleName any vlanname portlist all ingress
Specifies a dynamic ACL rule name.
Deletes this ACL as the wildcard ACL.
Specifies the VLAN on which this ACL is deleted.
Specifies the ports on which this ACL is deleted.
Deletes this ACL from all interfaces.
Deletes the ACL for packets entering the switch on this interface.
Chapter 13. ACL Commands | 491
NETGEAR 8800 Chassis Switch CLI Manual
egress Deletes the ACL for packets leaving the switch from this interface.
Default
The default direction is ingress.
Usage Guidelines
Specifying the keyword all
removes the ACL from all interfaces it is used on.
Example
The following command removes the dynamic ACL icmp-echo from the port 1:2: configure access-list delete icmp-echo ports 1:2
configure access-list rule-compression port-counters
configure access-list rule-compression port-counters [shared | dedicated]
Description
Switches between ACL configuration modes.
Syntax Description
shared dedicated
Sharing is “on” for counter rules.
Sharing is “off” for counter rules.
Default
Dedicated
Usage Guidelines
Use this command to switch between two ACL configuration modes. In the first mode,
“port-counters shared”, similar port-based ACL rules with counters are allowed to share the same hardware entry. This uses less space but provides an inaccurate counter value. In the second mode, “port-counters dedicated”, similar port-based ACL rules with counters are not allowed to share the same hardware entry, thereby consuming more entries but providing a precise count.
Only ACLs that are entered after this command is entered are affected. The command does not affect any ACLs that are already configured.
To configure all ACLs in shared mode, configure access-list rule-compression port-counters shared must be entered before any ACLs are configured or have been saved in the configuration when a switch is booted.
492 | Chapter 13. ACL Commands
NETGEAR 8800 Chassis Switch CLI Manual
This is a global setting for the switch; that is, the option does not support setting some ACL rules with shared counters and some with dedicated counters.
To view the results of the configuration use the show access-list configuration
Example
The following command configures ACL rules with counters to share the same hardware entry: configure access-list rule-compression port-counters shared
configure access-list vlan-acl-precedence
configure access-list vlan-acl-precedence [dedicated | shared]
Description
Configures precedence mode for policy-file based ACLs that are applied on a VLAN.
Syntax Description
dedicated shared
Allocates exclusive precedence for VLAN-based ACLs.
VLAN-based ACLs share the precedence with other ACLs.
Default
Shared
Usage Guidelines
The following feature applies to only policy-file based ACLs that are applied on a VLAN. Use this command to switch between two VLAN-based ACL configuration modes. In the shared vlan-acl-precedence mode, VLAN-based ACL rules share the same precedence with other types of ACL rules. This is the default mode and provides the same behavior as in the previous software releases. In the dedicated vlan-acl-precedence mode, VLAN-based ACL rules have different precedence compared to other types of ACL rules. The dedicated mode yields improved installation performance for VLAN-based access-lists but may affect hardware rule utilization in some configurations.
After configuring, you are prompted to reboot the system for the changes to take effect.
Example
The following command allocates exclusive precedence for VLAN-based static ACL rules: configure access-list vlan-acl-precedence dedicated
configure access-list zone
configure access-list zone <name> zone-priority <number>
Chapter 13. ACL Commands | 493
NETGEAR 8800 Chassis Switch CLI Manual
configure access-list zone <name> move-application <appl-name> to-zone <name> application-priority <number> configure access-list zone <name> {add} application <appl-name> application_priority <number> configure access-list zone <name> delete application <appl-name>
Description
Configures the priority of a zone; moves an application from one zone to another at a specified priority; adds an application to a zone with a specified priority, or changes the priority of an application within a zone; deletes an application from a zone.
Syntax Description
name Specifies a a zone name.
zone-priority <number> Sets the priority of the zone.
move-application <appl-name> Specifies the name of an application to be moved. to-zone <name> application-priority <number> add application <appl_name> application_priority <number>
Specifies the zone to which the application is moved.
Sets the priority of the application within the zone. The range is from 0
(highest priority) to 7 (lowest priority).
Adds an application to a zone at a specified priority.
Specifies the application to be added to the zone.
Sets the priority of a new or existing application within a zone. The range is from 0 (highest priority) to 7 (lowest priority).
Default
N/A.
Usage Guidelines
To configure the priority of a specific zone, use the syntax: configure access-list zone <name> zone-priority <number>
To move an application from one zone to another, and set its priority in the new zone, use the syntax: configure access-list zone <name> move-application <appl-name> to-zone <name> application-priority <number>
To add an application to a zone and specify its priority or to change the priority of an application within a zone, use the syntax: configure access-list zone <name> {add} application <appl-name> application_priority <number>
494 | Chapter 13. ACL Commands
NETGEAR 8800 Chassis Switch CLI Manual
To delete an application from a zone, use the syntax: configure access-list zone <name> delete application <appl-name>
Example
The following command adds the CLI application to the zone myzone at a priority of 6: configure access-list zone myzone add cli application-priority 6
configure flow-redirect add nexthop
configure flow-redirect <flow-redirect-name> add nexthop <ipaddress> priority <number>
Description
Adds a nexthop for the named flow redirection policy.
Syntax Description
flow-redirect-name ipaddress number
Specifies the name of the flow redirection policy.
Specifies the IP address of a new nexthop
Specifies the priority value for the nexthop.
Default
N/A.
Usage Guidelines
Use this command to add a new nexthop for the named flow redirection policy with a priority value. The priority value can range from a low of “1” to a high of “254.” The nexthop with the highest priority among multiple ones is preferred as the working nexthop. When each added nexthop has the same priority, the first one configured is preferred.
Example
The following command adds a nexthop 10.1.1.1 for the flow redirection policy flow10 with a priority of 100: configure flow-redirect flow10 add nexthop 10.1.1.1 priority 100.
configure flow-redirect delete nexthop
configure flow-redirect <flow-redirect-name> delete nexthop <ipaddress>
Description
Deletes a nexthop for the named flow redirection policy.
Chapter 13. ACL Commands | 495
NETGEAR 8800 Chassis Switch CLI Manual
Syntax Description
flow-redirect-name ip address
Specifies the name of the flow redirection policy.
Specifies the IP address of the nexthop
Default
N/A.
Usage Guidelines
Use this command to delete a nexthop for the named flow redirection policy. If the deleted nexthop is the working nexthop for the policy-based routing entry, another is selected from the remaining active next hops, based on priority.
Example
The following command deletes the nexthop 10.1.1.1 from the flow redirection policy flow10: configure flow-redirect flow10 delete nexthop 10.1.1.1
configure flow-redirect health-check
configure flow-redirect <flow-redirect-name> health-check [ping | arp]
Description
Configures health checking for a specific flow redirection policy.
Syntax Description
flow-redirect-name ping arp
Specifies the name of the flow redirection policy.
Specifies ping health checking. This includes ARP.
Specifies ARP health checking.
Default
Ping is the default
Usage Guidelines
Use this command to configure health checking for a specific named flow redirection policy.
Ping includes ARP.
Example
The following command specifies arp health checking for the flow redirection policy flow10
496 | Chapter 13. ACL Commands
NETGEAR 8800 Chassis Switch CLI Manual
configure flow-redirect flow10 health-check arp
configure flow-redirect nexthop
configure flow-redirect <flow-redirect-name> nexthop <ipaddress> ping interval <interval> miss <miss>
Description
Configures the ping interval and miss count for a nexthop in the flow redirection policy.
Syntax Description
flow-redirect-name ip address interval miss
Specifies the name of the flow redirection policy.
Specifies the IP address of the nexthop
Specifies the number of seconds between pings. The default is “2”.
Specifies the number of misses allowed. The default is “2”.
Default
N/A.
Usage Guidelines
Use this command to set a ping interval and miss count. When the ping response is not received with the interval * (miss +1), the nexthop is considered to be dead and a new candidate is selected from the remaining active nexthops.
Example
The following command configures a ping interval of 3 and miss count of 3 for the nexthop
10.1.1.1 in the flow redirection policy flow 3: configure flow-redirect flow3 nexthop 10.1.1.1 ping interval 3 miss 3
configure flow-redirect no-active
configure flow-redirect <flow-redirect-name> no-active [drop|forward]
Description
Configures packets to either follow the normal routing table or be dropped.
Syntax Description
flow-redirect-name drop
Specifies the name of the flow redirection policy.
Specifies that the packets are to be dropped.
Chapter 13. ACL Commands | 497
NETGEAR 8800 Chassis Switch CLI Manual
forward Specifies that the packets are to follow the normal routing table.
Default
The default is forward
.
Usage Guidelines
Use this command to set a drop or forward configuration for packets to be applied when all configured next hops become unreachable.
Example
The following command configures packets of the flow redirection policy flow3 to be dropped when all configured next hops become unreachable: configure flow-redirect flow3 no-active drop
configure flow-redirect vr
configure flow-redirect <flow-redirect-name> vr <vr-name>
Description
Configures a virtual router for a flow redirection policy.
Syntax Description
flow-redirect-name vr-name
Specifies the name of the flow redirection policy.
Specifies the name of the virtual router
Default
The default virtual router is VR-Default.
Usage Guidelines
Because ACLs do not recognize the virtual router concept, one policy-based routing can be used for multiple virtual routing entries when a VLAN-based virtual router is used for one port.
This configuration of a VR into a flow-redirect makes a policy-based routing work for a specific VR.
Example
The following command configures virtual router mgmt for flow redirection policy flow3: configure flow-redirect flow3 vr mgmt
498 | Chapter 13. ACL Commands
NETGEAR 8800 Chassis Switch CLI Manual
create access-list
create access-list <dynamic-rule> <conditions> <actions> {non-permanent}
Description
Creates a dynamic ACL
Syntax Description
dynamic-rule conditions actions non-permanent
Specifies the dynamic ACL name. The name can be from 1-32 characters long.
Specifies the match conditions for the dynamic ACL.
Specifies the actions for the dynamic ACLs.
Specifies that the ACL is not to be saved.
Default
By default, ACLs are permanent.
Usage Guidelines
This command creates a dynamic ACL rule. Use the
to apply the ACL to an interface.
The conditions
parameter is a quoted string of match conditions, and the actions
parameter is a quoted string of actions. Multiple match conditions or actions are separated by semi-colons. A complete listing of the match conditions and actions is in Chapter 17 in the
NETGEAR 8800 User Manual.
Dynamic ACL rule names must be unique, but can be the same as used in a policy-file based
ACL. Any dynamic rule counter names must be unique. For name creation guidelines and a list of reserved names, see the section “Object Names” in the NETGEAR 8800 User Manual.
By default, ACL rules are saved when the save command is executed, and persist across system reboots. Configuring the optional keyword non-permanent
means the ACL will not be saved.
Example
The following command creates a dynamic ACL that drops all ICMP echo-request packets on the interface: create access-list icmp-echo “protocol icmp;icmp-type echo-request” “deny”
The created dynamic ACL will take effect after it has been configured on the interface. The previous example creates a dynamic ACL named icmp-echo that is equivalent to the following ACL policy file entry: entry icmp-echo {
if {
Chapter 13. ACL Commands | 499
NETGEAR 8800 Chassis Switch CLI Manual
protocol icmp;
icmp-type echo-request;
} then {
deny;
}
}
The following command creates a dynamic ACL that accepts all the UDP packets from the
10.203.134.0/24 subnet that are destined for the host 140.158.18.16, with source port 190 and a destination port in the range of 1200 to 1250: create access-list udpacl “source-address 10.203.134.0/24;destination-address
140.158.18.16/32;protocol udp;source-port 190;destination-port 1200 - 1250;” “permit”
The previous example creates a dynamic ACL entry named udpacl that is equivalent to the following ACL policy file entry: entry udpacl {
if {
source-address 10.203.134.0/24;
destination-address 140.158.18.16/32;
protocol udp;
source-port 190;
destination-port 1200 - 1250;
} then {
permit;
}
}
create access-list zone
create access-list zone <name> zone-priority <number>
Description
Creates a dynamic ACL zone, and sets the priority of the zone.
Syntax Description
name zone-priority <number>
Specifies the dynamic ACL zone name. The name can be from 1-32 characters long.
Specifies priority of the zone. The range is from 1 (highest priority) to
4294967295 (lowest priority).
Default
The denial of service, system, and security zones are configure