D-Link xStack DGS-3620 DGS-3620 Layer 3 Managed Gigabit Switch CLI Reference Guide

D-Link xStack DGS-3620 DGS-3620 Layer 3 Managed Gigabit Switch CLI Reference Guide
Add to My manuals

Below you will find brief information for Layer 3 Managed Gigabit Switch xStack DGS-3620. The xStack DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch is a member of the D-Link xStack family. It provides a stacking architecture with fault tolerance, flexibility, port density, robust security and maximum throughput with a user-friendly management interface for the networking professional.

advertisement

Assistant Bot

Need help? Our chatbot has already read the manual and is ready to assist you. Feel free to ask any questions about the device, but providing details will make the conversation more productive.

D-Link xStack DGS-3620 Series CLI Reference Guide | Manualzz

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 16

Chapter 17

Chapter 18

Chapter 19

Chapter 20

Chapter 21

Chapter 22

Chapter 23

Chapter 24

Chapter 25

Chapter 26

Chapter 27

Chapter 28

Chapter 29

Chapter 30

Chapter 31

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

Chapter 7

Chapter 8

Chapter 9

Chapter 10

Chapter 11

Chapter 12

Chapter 13

Chapter 14

Chapter 15

Chapter 32

Chapter 33

Chapter 34

Chapter 35

Chapter 36

Chapter 37

Table of Contents

Using the Command Line Interface............................................................................. 1

Basic Management Commands .................................................................................. 9

802.1X Commands.................................................................................................... 32

Access Authentication Control (AAC) Commands .................................................... 57

Access Control List (ACL) Commands.................................................................... 100

Access Control List (ACL) Egress Commands ....................................................... 128

ARP Commands...................................................................................................... 147

ARP Spoofing Prevention Commands .................................................................... 154

Asymmetric VLAN Commands ................................................................................ 156

Auto Configuration Commands ............................................................................... 158

Bidirectional Forwarding Detection (BFD) Commands ........................................... 160

Border Gateway Protocol (BGP) Commands ......................................................... 165

BPDU Attack Protection Commands....................................................................... 224

Cable Diagnostics Commands ................................................................................ 229

CFM Commands ..................................................................................................... 232

Command List History Commands ......................................................................... 268

Command Logging Commands .............................................................................. 271

Common Unicast Routing Commands .................................................................... 273

Compound Authentication Commands ................................................................... 287

Debug Software Commands ................................................................................... 297

DHCP Local Relay Commands ............................................................................... 368

DHCP Relay Commands ........................................................................................ 372

DHCP Server Commands ....................................................................................... 390

DHCP Server Screening Commands ...................................................................... 413

DHCPv6 Relay Commands ..................................................................................... 425

DHCPv6 Server Commands ................................................................................... 432

Digital Diagnostic Monitoring (DDM) Commands ................................................... 447

Distance Vector Multicast Routing Protocol (DVMRP) Commands ........................ 454

D-Link License Management System (DLMS) Commands .................................... 460

Domain Name System (DNS) Relay Commands ................................................... 462

Domain Name System (DNS) Resolver Commands .............................................. 467

DoS Attack Prevention Commands......................................................................... 474

D-Link Unidirectional Link Detection (DULD) Commands ...................................... 478

Ethernet Ring Protection Switching (ERPS) Commands ........................................ 480

Energy Efficient Ethernet (EEE) Commands .......................................................... 489

External Alarm Commands ..................................................................................... 491

FDB Commands ...................................................................................................... 493

II

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 53

Chapter 54

Chapter 55

Chapter 56

Chapter 57

Chapter 58

Chapter 59

Chapter 60

Chapter 61

Chapter 62

Chapter 63

Chapter 64

Chapter 65

Chapter 66

Chapter 67

Chapter 68

Chapter 38

Chapter 39

Chapter 40

Chapter 41

Chapter 42

Chapter 43

Chapter 44

Chapter 45

Chapter 46

Chapter 47

Chapter 48

Chapter 49

Chapter 50

Chapter 51

Chapter 52

Chapter 69

Chapter 70

Chapter 71

Chapter 72

Chapter 73

Chapter 74

Chapter 75

Chapter 76

Chapter 77

File System Management Commands .................................................................... 502

Filter Commands ..................................................................................................... 512

FTP Client Commands ............................................................................................ 515

Gratuitous ARP Commands .................................................................................... 523

Internet Group Management Protocol (IGMP) Commands..................................... 528

IGMP Proxy Commands ......................................................................................... 536

IGMP Snooping Commands ................................................................................... 541

IGMP Snooping Multicast (ISM) VLAN Commands ................................................ 560

IP Interface Commands .......................................................................................... 571

IP Multicasting Commands ..................................................................................... 581

IP Route Filter Commands ...................................................................................... 586

IP Routing Commands ............................................................................................ 605

IP Tunnel Commands ............................................................................................. 618

IPv6 NDP Commands ............................................................................................. 628

IP-MAC-Port Binding (IMPB) Commands ............................................................... 636

Japanese Web-based Access Control (JWAC) Commands ................................... 666

Jumbo Frame Commands ....................................................................................... 690

LACP Configuration Commands ............................................................................. 693

Layer 2 Protocol Tunneling (L2PT) Commands ...................................................... 695

Limited Multicast IP Address Commands ............................................................... 699

Link Aggregation Commands .................................................................................. 708

LLDP Commands .................................................................................................... 713

LLDP Data Center Bridging Exchange Protocol (LLDP-DCBX) Commands .......... 736

Loopback Detection Commands ............................................................................. 740

Loopback Interface Commands .............................................................................. 747

MAC Notification Commands .................................................................................. 750

MAC-based Access Control Commands ................................................................ 755

MD5 Configuration Commands ............................................................................... 771

Mirror Commands.................................................................................................... 774

MLD Proxy Commands ........................................................................................... 780

MLD Snooping Commands ..................................................................................... 785

MLD Snooping Multicast (MSM) VLAN Commands ............................................... 802

Modify Login Banner and Prompt Commands ........................................................ 813

Multicast Listener Discovery (MLD) Commands ..................................................... 817

Network Load Balancing (NLB) Commands ........................................................... 822

Network Management Commands .......................................................................... 828

Network Monitoring Commands .............................................................................. 845

OAM Commands ..................................................................................................... 866

Open Shortest Path First (OSPF) Command List ................................................... 873

OSPFv3 Commands ............................................................................................... 895

III

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 78

Chapter 79

Chapter 80

Chapter 81

Chapter 82

Chapter 83

Chapter 84

Chapter 85

Chapter 86

Chapter 87

Chapter 88

Chapter 89

Chapter 90

Chapter 91

Chapter 92

Packet Storm Commands ....................................................................................... 914

Password Recovery Commands ............................................................................. 920

Protocol Independent Multicast (PIM) Commands ................................................. 923

PIM6-SM Commands .............................................................................................. 941

Policy Route Commands ......................................................................................... 965

Port Security Commands ........................................................................................ 969

Power over Ethernet (PoE) Commands .................................................................. 977

Power Saving Commands ....................................................................................... 982

Precision Time Protocol (PTP) Commands ............................................................ 988

Priority Flow Control (PFC) Commands ................................................................ 1006

Protocol VLAN Commands ................................................................................... 1010

Quality of Service (QoS) Commands .................................................................... 1016

Q-in-Q Commands ................................................................................................ 1034

Reboot Schedule Commands ............................................................................... 1047

Routing Information Protocol (RIP) Commands .................................................... 1050

Chapter 93

Chapter 94

Chapter 95

Chapter 96

RIPng Commands ................................................................................................. 1055

RSPAN Commands............................................................................................... 1060

Safeguard Engine Commands .............................................................................. 1066

Secure File Transfer Protocol (SFTP) Commands ............................................... 1068

Chapter 97

Chapter 98

sFlow Commands.................................................................................................. 1071

Single IP Management Commands ...................................................................... 1082

Chapter 99 SNMPv1/v2/v3 Commands ................................................................................... 1091

Chapter 100 Spanning Tree Protocol (STP) commands ........................................................... 1110

Chapter 101 SSH Commands.................................................................................................... 1123

Chapter 102 SSL Commands .................................................................................................... 1135

Chapter 103 Stacking Commands ............................................................................................. 1142

Chapter 104 Static MAC-based VLAN Commands ................................................................... 1150

Chapter 105 Static Multicast Route Commands ........................................................................ 1153

Chapter 106 Subnet VLAN Commands ..................................................................................... 1156

Chapter 107 Super VLAN and Sub-VLAN Commands .............................................................. 1161

Chapter 108 Surveillance VLAN Commands ............................................................................. 1166

Chapter 109 Switch Port Commands ......................................................................................... 1172

Chapter 110 System Severity Commands ................................................................................. 1176

Chapter 111 Tech Support Commands ..................................................................................... 1178

Chapter 112 Time and SNTP Commands ................................................................................. 1181

Chapter 113 Traffic Segmentation Commands .......................................................................... 1188

Chapter 114 UDP Helper Commands ........................................................................................ 1190

Chapter 115 Unicast Reverse Path Forwarding (URPF) Commands ........................................ 1196

Chapter 116 Utility Commands .................................................................................................. 1201

Chapter 117 Virtual Router Redundancy Protocol (VRRP) Commands .................................... 1227

IV

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 118 Voice VLAN Commands ....................................................................................... 1235

Chapter 119 VLAN Commands.................................................................................................. 1245

Chapter 120 VLAN Trunking Commands .................................................................................. 1262

Chapter 121 Web-based Access Control (WAC) Commands ................................................... 1266

Chapter 122 Weighted Random Early Detection (WRED) Commands ..................................... 1281

Appendix A

Appendix B

Password Recovery Procedure ............................................................................. 1288

System Log Entries ............................................................................................... 1290

Appendix C

Appendix D

Appendix E

Trap Entries ........................................................................................................... 1316

RADIUS Attributes Assignment ............................................................................. 1324

IETF RADIUS Attributes Support .......................................................................... 1327

V

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 1 Using the Command

Line Interface

The DGS-3620 Layer 3 stackable Gigabit Ethernet switch series are members of the D-Link xStack® family. Ranging from 10/100/1000Mbps edge switches to core gigabit switches, the xStack

®

switch family has been future-proof designed to provide a stacking architecture with fault tolerance, flexibility, port density, robust security and maximum throughput with a user-friendly management interface for the networking professional.

The Switch can be managed through the Switch’s serial port, Telnet, SNMP or the Web-based management agent. The Command Line Interface (CLI) can be used to configure and manage the

Switch via the serial port or Telnet interfaces.

This manual provides a reference for all of the commands contained in the CLI. Every command will be introduced in terms of purpose, format, description, parameters, and examples.

Configuration and management of the Switch via the Web-based management agent are discussed in the Web UI Reference Guide. For detailed information on installing hardware please also refer to the Harware Installation Guide.

1-1 Accessing the Switch via the Serial Port

The Switch’s serial port’s default settings are as follows:

• 115200 baud

• no parity

• 8 data bits

• 1 stop bit

A computer running a terminal emulation program capable of emulating a VT-100 terminal and a serial port configured as above is then connected to the Switch’s serial port via an RJ-45 to RS-

232 DB-9 convertor cable.

With the serial port properly connected to a management computer, the following screen should be visible.

DGS-3620-28PC Gigabit Ethernet Switch

Command Line Interface

Firmware: Build 2.60.016

Copyright(C) 2013 D-Link Corporation. All rights reserved.

UserName:

There is no initial username or password. Just press the Enter key twice to display the CLI input cursor

DGS-3620-28PC:admin#. This is the command line where all commands are input.

1

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

1-2 Setting the Switch’s IP Address

Each Switch must be assigned its own IP Address, which is used for communication with an

SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The Switch’s default IP address is 10.90.90.90. You can change the default Switch IP address to meet the specification of your networking address scheme.

The Switch is also assigned a unique MAC address by the factory. This MAC address cannot be changed, and can be found on the initial boot console screen – shown below.

Boot Procedure V1.00.016

-------------------------------------------------------------------------------

Power On Self Test ........................................ 100 %

MAC Address : 00-01-02-03-04-00

H/W Version : B1

Please Wait, Loading V2.60.016 Runtime Image .............. 100 %

UART init ................................................. 100 %

Starting runtime image

Device Discovery .......................................... 100 %

Configuration init ........................................ 100 %

Press any key to login...

The Switch’s MAC address can also be found in the Web management program on the Device

Information (Basic Settings) window on the Configuration menu.

The IP address for the Switch must be set before it can be managed with the Web-based manager.

The Switch IP address can be automatically set using BOOTP or DHCP protocols, in which case the actual address assigned to the Switch must be known.

Starting at the command line prompt, enter the commands config ipif System ipaddress

xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy. Where the x’s represent the IP address to be assigned to the

IP interface named System and the y’s represent the corresponding subnet mask.

Alternatively, you can enter config ipif System ipaddress xxx.xxx.xxx.xxx/z. Where the x’s represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation.

The IP interface named System on the Switch can be assigned an IP address and subnet mask which can then be used to connect a management station to the Switch’s Telnet or Web-based management agent

DGS-3620-28PC:admin# config ipif System ipaddress 10.24.22.100/255.0.0.0

Command: config ipif System ipaddress 10.24.22.100/8

Success.

DGS-3620-28PC:admin#

2

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

In the above example, the Switch was assigned an IP address of 10.24.22.100 with a subnet mask of 255.0.0.0. The system message Success indicates that the command was executed successfully. The Switch can now be configured and managed via Telnet, SNMP MIB browser and the CLI or via the Web-based management agent using the above IP address to connect to the

Switch.

There are a number of helpful features included in the CLI. Entering the ? command will display a list of all of the top-level commands.

DGS-3620-28PC:admin#?

Command: ?

..

? cable_diag ports cd cfm dm cfm linktrace cfm lm cfm lock md cfm loopback change drive clear clear address_binding dhcp_snoop binding_entry ports clear address_binding nd_snoop binding_entry ports clear arptable clear attack_log clear bgp clear bgp dampening clear bgp flap_statistics clear cfm dm clear cfm lm clear cfm pkt_cnt clear counters

CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All

When entering a command without its required parameters, the CLI will prompt you with a Next

possible completions: message.

DGS-3620-28PC:admin#config account

Command: config account

Next possible completions:

<username 15>

DGS-3620-28PC:admin#

In this case, the command config account was entered with the parameter <username>. The CLI will then prompt to enter the <username> with the message, Next possible completions:. Every

3

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

command in the CLI has this feature, and complex commands have several layers of parameter prompting.

In addition, after typing any given command plus one space, users can see all of the next possible sub-commands, in sequential order, by repeatedly pressing the Tab key.

To re-enter the previous command at the command prompt, press the up arrow cursor key. The previous command will appear at the command prompt.

DGS-3620-28PC:admin#config account

Command: config account

Next possible completions:

<username 15>

DGS-3620-28PC:admin#

In the above example, the command config account was entered without the required parameter

<username>, the CLI returned the Next possible completions: <username> prompt. The up arrow cursor control key was pressed to re-enter the previous command (config account) at the command prompt. Now the appropriate username can be entered and the config account command re-executed.

All commands in the CLI function in this way. In addition, the syntax of the help prompts are the same as presented in this manual

− angle brackets < > indicate a numerical value or character string, braces { } indicate optional parameters or a choice of parameters, and brackets [ ] indicate required parameters.

If a command is entered that is unrecognized by the CLI, the top-level commands will be displayed under the Available commands: prompt.

DGS-3620-28PC:admin#the

Available commands:

.. ? cable_diag cd cfm change clear config copy create debug del delete dir disable download enable erase format install login logout md move no ping ping6 rd reboot reconfig rename reset save show telnet traceroute traceroute6 upload

DGS-3620-28PC:admin#

The top-level commands consist of commands such as show or config. Most of these commands require one or more parameters to narrow the top-level command. This is equivalent to show what? or config what? Where the what? is the next parameter.

For example, entering the show command with no additional parameters, the CLI will then display all of the possible next parameters.

4

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#show

Command: show

Next possible completions:

802.1p 802.1x aaa access_profile account accounting acct_client address_binding arp_spoofing_prevention arpentry asymmetric_vlan attack_log auth_client auth_diagnostics auth_session_statistics auth_statistics authen authen_enable authen_login authen_policy authentication authorization autoconfig bandwidth_control bfd bgp boot_file bpdu_protection broadcast_ping_reply cfm command command_history community_encryption config cpu current_config ddm device_status dhcp dhcp_local_relay dhcp_relay dhcp_server dhcpv6 dhcpv6_relay dhcpv6_server dlms dnsr dos_prevention dot1v_protocol_group dscp duld dvmrp ecmp egress_access_profile egress_flow_meter environment erps error ethernet_oam external_alarm fdb filter flow_meter gratuitous_arp greeting_message gvrp hol_prevention host_name igmp igmp_proxy igmp_snooping ip ip_tunnel ipfdb ipif ipif_ipv6_link_local_auto ipmc ipmroute iproute ipv6 ipv6route jumbo_frame jwac l2protocol_tunnel lacp_port led limited_multicast_addr link_aggregation lldp lldp_dcbx lldp_med log log_save_timing log_software_module loopback loopdetect mac_based_access_control mac_based_access_control_local mac_based_vlan mac_notification max_mcast_group mcast_filter_profile md5 mirror mld mld_proxy mld_snooping multicast multicast_fdb name_server nlb ospf ospfv3 out_band_ipif packet password_recovery per_queue pfc pim pim-ssm pim6 poe policy_route port port_group port_security port_security_entry port_vlan ports power_saving private_vlan ptp pvid qinq radius rcp reboot rip ripng rmon route route_map router_ports rspan safeguard_engine scheduling scheduling_mechanism serial_port session sflow sftp sim snmp sntp ssh ssl stack_device stack_information stacking_mode storage_media_info stp sub_vlan subnet_vlan super_vlan surveillance_vlan switch syslog system_severity

5

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

tacacs tech_support telnet terminal tftp time time_range traffic traffic_segmentation trap trusted_host udp_helper utilization vlan vlan_precedence vlan_translation vlan_translation_profile vlan_trunk voice_vlan vrrp wac wred

DGS-3620-28PC:admin#

In the above example, all of the possible next parameters for the show command are displayed. At the next command prompt, the up arrow was used to re-enter the show command, followed by the

account parameter. The CLI then displays the user accounts configured on the Switch.

1-3 Command Syntax Symbols

The following symbols are used to describe how command entries are made and values and arguments are specified in this manual. The online help contained in the CLI and available through the console interface uses the same syntax.

Note: All commands are case-sensitive. Be sure to disable Caps Lock or any other unwanted function that changes text case.

Syntax

angle brackets < > square brackets [ ] vertical bar | braces { }

Description

Encloses a variable or value. Users must specify the variable or value.

For example, in the syntax

create ipif <ipif_name 12> {<network_address>} <vlan_name 32>

{secondary | state [enable | disable] | proxy_arp [enable | disable]

{local [enable | disable]}}

users must supply an IP interface name for <ipif_name 12> and a

VLAN name for <vlan_name 32> when entering the command. DO

NOT TYPE THE ANGLE BRACKETS.

Encloses a required value or list of required arguments. Only one value or argument must be specified. For example, in the syntax

create account [admin | operator | power_user | user] <username

15> {encrypt [plain_text | sha_1] <password>}

users must specify either the admin-, operator-, power_user-level or user-level account when entering the command. DO NOT TYPE THE

SQUARE BRACKETS.

Separates mutually exclusive items in a list. For example, in the syntax

reset {[config | system]} {force_agree}

users may choose config or system in the command. DO NOT TYPE

THE VERTICAL BAR.

Encloses an optional value or a list of optional arguments. One or more values or arguments can be specified. For example, in the syntax

reset {[config | system]} {force_agree} users may choose config or system in the command. DO NOT TYPE

THE BRACES.

6

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

parentheses ( ) ipif <ipif_name 12> metric <value 1-31>

Indicates at least one or more of the values or arguments in the preceding syntax enclosed by braces must be specified. For example, in the syntax

config dhcp_relay {hops <int 1-16> | time <sec 0-65535>}(1)

users have the option to specify hops or time or both of them. The "(1)" following the set of braces indicates at least one argument or value within the braces must be specified. DO NOT TYPE THE

PARENTHESES.

12 means the maximum length of the IP interface name.

1-31 means the legal range of the metric value.

1-4

Keys

Delete

Line Editing Keys

Description

Delete character under cursor and shift remainder of line to left.

Backspace

CTRL+R

Up Arrow

Down Arrow

Left Arrow

Right Arrow

Tab

Delete character to left of cursor and shift remainder of line to left.

Toggle on and off. When toggled on, inserts text and shifts previous text to right.

Repeats the previously entered command. Each time the up arrow is pressed, the command previous to that displayed appears. This way it is possible to review the command history for the current session. Use the down arrow to progress sequentially forward through the command history list.

The down arrow will display the next command in the command history entered in the current session. This displays each command sequentially as it was entered. Use the up arrow to review previous commands.

Move cursor to left.

Move cursor to right

Help user to select appropriate token.

The screen display pauses when the show command output reaches the end of the page.

1-5

Keys

Space

Multiple Page Display Control Keys

Description

Displays the next page.

CTRL+C

ESC n p

Stops the display of remaining pages when multiple pages are to be displayed.

Stops the display of remaining pages when multiple pages are to be displayed.

Displays the next page.

Displays the previous page.

7

q r a

Enter

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Stops the display of remaining pages when multiple pages are to be displayed.

Refreshes the pages currently displayed.

Displays the remaining pages without pausing between pages.

Displays the next line or table entry.

8

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 2 Basic Management

Commands

create account [admin | operator | power_user | user] <username 15> {encrypt [plain_text | sha_1] <password>}

enable password encryption disable password encryption

config account <username 15> {encrypt [plain_text | sha_1] <password>}

show account

delete account <username 15>

show session show switch show environment

config temperature [trap | log] state [enable | disable]

config temperature threshold {high <temperature -500-500> | low <temperature -500-500>}(1)

show serial_port

config serial_port {baud_rate [9600 | 19200 | 38400 | 115200] | auto_logout [never | 2_minutes |

5_minutes | 10_minutes | 15_minutes]}(1)

enable clipaging disable clipaging

enable telnet {<tcp_port_number 1-65535>}

disable telnet

enable web {<tcp_port_number 1-65535>}

disable web

save {[config <pathname> | log | all]}

reboot {force_agree}

reset {[config | system]} {force_agree}

login logout clear

config terminal width [default | <value 80-200>]

show terminal width show device_status

config out_band_ipif {ipaddress <network_address> | state [enable | disable] | gateway

<ipaddr>}

show out_band_ipif

2-1 create account

Description

This command creates user accounts. The username is between 1 and 15 characters, the password is between 0 and 15 characters. The number of accounts (including admin, operator, and user) is up to eight.

Format create account [admin | operator | power_user | user] <username 15> {encrypt [plain_text | sha_1] <password>}

9

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

admin - Specifies the name of the admin account.

operator - Specifies the name of the operator account.

power_user - Specifies a power user level account. The power user level is lower than the operator level and higher than the user level.

user - Specifies the name of the user account.

<username 15> - Enter a username of up to 15 characters.

encrypt - Specifies the encryption used.

plain_text - Specifies the password in plain text form.

sha_1 - Specifies the password in SHA-1 encrypted form.

<password> - The password for the user account. The length of a password in plain-text form and encrypted form are different. For a plain-text form password, the password must be a minimum of 0 characters and a maximum of 15 characters. For an encrypted form password, the length is fixed to 35 bytes long. The password is case-sensitive.

Restrictions

Only Administrator-level users can issue this command.

Example

To create the Administrator-level user “dlink”:

DGS-3620-28PC:admin#create account admin dlink

Command: create account admin dlink

Enter a case-sensitive new password:****

Enter the new password again for confirmation:****

Success.

DGS-3620-28PC:admin#

To create the Operator-level user “Sales”:

DGS-3620-28PC:admin##create account operator Sales

Command: create account operator Sales

Enter a case-sensitive new password:****

Enter the new password again for confirmation:****

Success.

DGS-3620-28PC:admin#

To create the User-level user “System”:

DGS-3620-28PC:admin##create account user System

Command: create account user System

Enter a case-sensitive new password:****

Enter the new password again for confirmation:****

Success.

DGS-3620-28PC:admin#

10

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

2-2 enable password encryption

Description

The user account configuration information will be stored in the configuration file, and can be applied to the system later. If the password encryption is enabled, the password will be in encrypted form when it is stored in the configuration file. When password encryption is disabled, the password will be in plain text form when it is stored in the configuration file. However, if the created user account directly uses the encrypted password, the password will still be in the encrypted form.

Format enable password encryption

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To enable password encryption:

2-3

DGS-3620-28PC:admin#enable password encryption

Command: enable password encryption

Success.

DGS-3620-28PC:admin#

disable password encryption

Description

The user account configuration information will be stored in the configuration file, and can be applied to the system later. If the password encryption is enabled, the password will be in encrypted form when it is stored in the configuration file. When password encryption is disabled, the password will be in plain text form when it is stored in the configuration file. However, if the created user account directly uses the encrypted password, the password will still be in the encrypted form.

Format disable password encryption

Parameters

None.

11

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator-level users can issue this command.

Example

To disable password encryption:

2-4

DGS-3620-28PC:admin#disable password encryption

Command: disable password encryption

Success.

DGS-3620-28PC:admin#

config account

Description

When the password information is not specified in the command, the system will prompt the user to input the password interactively. For this case, the user can only input the plain text password.

If the password is present in the command, the user can select to input the password in the plain text form or in the encrypted form. The encryption algorithm is based on SHA-1.

Format config account <username 15> {encrypt [plain_text | sha_1] <password>}

Parameters

<username 15> - Enter the name of the account. The account must already be defined.

encrypt - (Optional) Specifies the encryption type, plain_text or sha_1.

plain_text - Specifies the password in plain text form. For the plain text form, passwords must have a minimum of 0 and a maximum of 15 characters. The password is case-sensitive

sha_1 - Specifies the password in the SHA-1 encrypted form. For the encrypted form password, the length is fixed to 35 bytes long. The password is case-sensitive.

<password> - Enter the password.

Restrictions

Only Administrator-level users can issue this command.

Example

To configure the user password of the “dlink” account:

DGS-3620-28PC:admin#config account dlink

Command: config account dlink

Enter a old password:****

Enter a case-sensitive new password:****

Enter the new password again for confirmation:****

12

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Success.

DGS-3620-28PC:admin#

To configure the user password of the “administrator” account:

2-5

DGS-3620-28PC:admin#config account administrator encrypt sha_1

*@&NWoZK3kTsExUV00Ywo1G5jlUKKv+toYg

Command: config account administrator encrypt sha_1

*@&NWoZK3kTsExUV00Ywo1G5jlUKKv+toYg

Success.

DGS-3620-28PC:admin#

show account

Description

This command is used to display user accounts that have been created.

Format show account

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To display accounts that have been created:

2-6

DGS-3620-28PC:admin#show account

Command: show account

Current Accounts:

Username Access Level

--------------- ------------

System User

Sales Operator dlink Admin

DGS-3620-28PC:admin#

delete account

Description

This command is used to delete an existing account.

13

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format delete account <username 15>

Parameters

Restrictions

Only Administrator-level users can issue this command. One active admin user must exist.

<username 15> - Enter the name of the user who will be deleted.

Example

To delete the user account “System”:

2-7

DGS-3620-28PC:admin#delete account System

Command: delete account System

Success.

DGS-3620-28PC:admin#

show session

Description

This command is used to display a list of current users which are logged in to CLI sessions.

Format show session

Parameters

None.

Restrictions

Only Administrators and Operators can issue this command.

Example

To display accounts a list of currently logged-in users:

DGS-3620-28PC:admin#show session

Command: show session

ID Live Time From Level User

-- ------------ ------------ ----- --------------------

8 23:37:42.270 Serial Port admin Anonymous

14

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

2-8

Total Entries: 1

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

show switch

Description

This command is used to display the switch information.

Format show switch

Parameters

None.

Restrictions

None.

Example

To display the switch information:

DGS-3620-28PC:admin#show switch

Command: show switch

Device Type : DGS-3620-28PC Gigabit Ethernet Switch

MAC Address : 00-01-02-03-04-00

IP Address : 10.90.90.90 (Manual)

VLAN Name : default

Subnet Mask : 255.0.0.0

Default Gateway : 0.0.0.0

Boot PROM Version : Build 1.00.016

Firmware Version : Build 2.60.016

Hardware Version : B1

Firmware Type : EI

Serial Number : D1234567890

System Name :

System Location :

System Uptime : 0 days, 0 hours, 7 minutes, 13 seconds

System Contact :

Spanning Tree : Disabled

GVRP : Disabled

IGMP Snooping : Disabled

MLD Snooping : Disabled

RIP : Disabled

RIPng : Disabled

DVMRP : Disabled

15

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

PIM : Disabled

PIM6 : Disabled

PIM6 : Disabled

OSPFv3 : Disabled

BGP : Disabled

VLAN Trunk : Disabled

Telnet : Enabled (TCP 23)

Web : Enabled (TCP 80)

SNMP : Disabled

SSL Status : Disabled

SSH Status : Disabled

802.1X : Disabled

Jumbo Frame : Off

CLI Paging : Enabled

MAC Notification : Disabled

Port Mirror : Disabled

SNTP : Disabled

DHCP Relay : Disabled

DNSR Status : Disabled

VRRP : Disabled

HOL Prevention State : Enabled

Syslog Global State : Disabled

Single IP Management : Disabled

Password Encryption Status : Disabled

DNS Resolver : Disabled

DGS-3620-28PC:admin#

2-9 show environment

Description

This command is used to display the device’s internal and external power, internal temperature, and fan status.

Format show environment

Parameters

None.

Restrictions

None.

Example

To display the switch hardware and fan status:

16

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show environment

Command: show environment

High Warning Temperature Threshold(Celsius) : 79

Low Warning Temperature Threshold(Celsius) : 11

Unit 1

Internal Power : Active

External Power : Fail

Right Fan 1 : Speed Low (3000 RPM)

Right Fan 2 : Speed Low (3000 RPM)

Right Fan 3 : Speed Low (3000 RPM)

Right Fan 4 : Speed Low (3000 RPM)

Current Temperature(Celsius) : 28

Fan High Temperature Threshold(Celsius) : 40

Fan Low Temperature Threshold(Celsius) : 35

DGS-3620-28PC:admin#

2-10 config temperature

Description

This command is used to configure the warning trap or log state of the system internal temperature.

Format config temperature [trap | log] state [enable | disable]

Parameters

Restrictions

Only Administrators and Operators can issue this command.

trap - Specifies to configure the warning temperature trap.

log - Specifies to configure the warning temperature log.

state - Enable or disable either the trap or log state for a warning temperature event. The default is enable.

enable - Enable either the trap or log state for a warning temperature event.

disable - Disable either the trap or log state for a warning temperature event.

Example

To enable the warning temperature trap state:

DGS-3620-28PC:admin#config temperature trap state enable

Command: config temperature trap state enable

Success.

DGS-3620-28PC:admin#

17

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

To enable the warning temperature log state:

DGS-3620-28PC:admin#config temperature log state enable

Command: config temperature log state enable

Success.

DGS-3620-28PC:admin#

2-11 config temperature threshold

Description

This command is used to configure the warning temperature high threshold or low threshold. When temperature is above the high threshold or below the low threshold, SW will send alarm traps or keep the logs.

Format config temperature threshold {high <temperature -500-500> | low <temperature -500-500>}(1)

Parameters

high - Specifies the high threshold value. The high threshold must bigger than the low threshold.

<temperature -500-500> - Enter the high threshold value. This value must be between -500 and 500.

low - Specifies the low threshold value.

<temperature -500-500> - Enter the low threshold value. This value must be between -500 and 500.

Restrictions

Only Administrators and Operators can issue this command.

Example

To configure a warming temperature threshold high of 80:

DGS-3620-28PC:admin#config temperature threshold high 80

Command: config temperature threshold high 80

Success.

DGS-3620-28PC:admin#

2-12 show serial_port

Description

This command is used to display the current console port setting.

18

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format show serial_port

Parameters

None.

Restrictions

None.

Example

To display the console port setting:

DGS-3620-28PC:admin#show serial_port

Command: show serial_port

Baud Rate : 115200

Data Bits : 8

Parity Bits : None

Stop Bits : 1

Auto-Logout : 10 mins

DGS-3620-28PC:admin#

2-13 config serial_port

Description

This command is used to configure the serial bit rate that will be used to communicate with the management host and the auto logout time for idle connections.

Format config serial_port {baud_rate [9600 | 19200 | 38400 | 115200] | auto_logout [never |

2_minutes | 5_minutes | 10_minutes | 15_minutes]}(1)

Parameters

baud_rate - Specifies the baud rate value. The default baud rate is 115200.

9600 - Specifies a baud rate of 9600.

19200 - Specifies a baud rate of 19200.

38400 - Specifies a baud rate of 38400.

115200 - Specifies a baud rate of 115200.

auto_logout - Specifies the timeout value. The default timeout is 10_minutes.

never - Specifies to never timeout.

2_minutes - Specifies when the idle value is over 2 minutes, the device will auto logout.

5_minutes - Specifies when the idle value over 5 minutes, the device will auto logout.

10_minutes - Specifies when the idle value is over 10 minutes, the device will auto logout.

15_minutes - Specifies when the idle value is over 15 minutes, the device will auto logout.

19

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators and Operators can issue this command.

Example

To configure the baud rate:

DGS-3620-28PC:admin# config serial_port baud_rate 9600

Command: config serial_port baud_rate 9600

Success.

DGS-3620-28PC:admin#

2-14 enable clipaging

Description

This command is used to enable pausing of the screen display when show command output reaches the end of the page. The default setting is enabled.

Format enable clipaging

Parameters

None.

Restrictions

Only Administrators and Operators can issue this command.

Example

To enable pausing of the screen display when show command output reaches the end of the page:

DGS-3620-28PC:admin#enable clipaging

Command: enable clipaging

Success.

DGS-3620-28PC:admin#

2-15 disable clipaging

Description

This command is used to disable pausing of the screen display when show command output reaches the end of the page. The default setting is enabled.

20

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format disable clipaging

Parameters

None.

Restrictions

Only Administrators and Operators can issue this command.

Example

To disable pausing of the screen display when show command output reaches the end of the page:

DGS-3620-28PC:admin#disable clipaging

Command: disable clipaging

Success.

DGS-3620-28PC:admin#

2-16 enable telnet

Description

This command is used to enable Telnet and configure a port number. The default setting is enabled and the port number is 23.

Format enable telnet {<tcp_port_number 1-65535>}

Parameters

<tcp_port_number 1-65535> - (Optional) Specifies the TCP port number. TCP ports are numbered between 1 and 65535. The “well-known” TCP port for the Telnet protocol is 23.

Restrictions

Only Administrators and Operators can issue this command.

Example

To enable Telnet and configure a port number:

DGS-3620-28PC:admin#enable telnet 23

Command: enable telnet 23

Success.

DGS-3620-28PC:admin#

21

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

2-17 disable telnet

Description

This command is used to disable Telnet.

Format disable telnet

Parameters

None.

Restrictions

Only Administrators and Operators can issue this command.

Example

To disable Telnet:

DGS-3620-28PC:admin#disable telnet

Command: disable telnet

Success.

DGS-3620-28PC:admin#

2-18 enable web

Description

This command is used to enable Web UI and configure the port number. The default setting is enabled and the port number is 80.

Format enable web {<tcp_port_number 1-65535>}

Parameters

Restrictions

Only Administrators and Operators can issue this command.

<tcp_port_number 1-65535> - (Optional) Specifies the TCP port number. TCP ports are numbered between 1 and 65535. The “well-know” TCP port for the Web protocol is 80.

22

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To enable HTTP and configure port number:

DGS-3620-28PC:admin#enable web 80

Command: enable web 80

Note: SSL will be disabled if web is enabled.

Success.

DGS-3620-28PC:admin#

2-19 disable web

Description

This command is used to disable Web UI.

Format disable web

Parameters

None.

Restrictions

Only Administrators and Operators can issue this command.

Example

To disable HTTP:

DGS-3620-28PC:admin#disable web

Command: disable web

Success.

DGS-3620-28PC:admin#

2-20 save

Description

This command is used to save the current configuration or log in non-volatile RAM.

Format save {[config <pathname> | log | all]}

23

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

config - (Optional) Specifies to save configuration.

<pathname> - Enter the path name of the indicated configuration

log - (Optional) Specifies to save log.

all - (Optional) Specifies to save changes to currently active configuration and save logs.

Note: If no keyword is specified, all changes will be saved to bootup configuration file.

Restrictions

Only Administrators and Operators can issue this command.

Example

To save the current configuration to the bootup configuration file:

DGS-3620-28PC:admin#save

Command: save

Saving all configurations to NV-RAM.......... Done.

DGS-3620-28PC:admin#

To save the current configuration to destination file, named 1:

DGS-3620-28PC:admin#save config 1

Command: save config 1

Saving all configurations to NV-RAM.......... Done.

DGS-3620-28PC:admin#

To save a log to NV-RAM:

DGS-3620-28PC:admin#save log

Command: save log

Saving all system logs to NV-RAM............. Done.

DGS-3620-28PC:admin#

To save all the configurations and logs to NV-RAM:

DGS-3620-28PC:admin#save all

Command: save all

Saving configuration and logs to NV-RAM...... Done.

DGS-3620-28PC:admin#

24

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

2-21 reboot

Description

This command is used to restart the switch.

Format reboot {force_agree}

Parameters

force_agree (Optional) Specify to immediately execute the reboot command without further confirmation.

Restrictions

Only Administrator-level users can issue this command.

Example

To restart the switch:

DGS-3620-28PC:admin#reboot

Command: reboot

Are you sure you want to proceed with the system reboot?(y/n)

Please wait, the switch is rebooting…

2-22 reset

Description

This command is used to reset all switch parameters to the factory defaults.

Format reset {[config | system]} {force_agree}

Parameters

config - (Optional) Specifies this keyword and all parameters are reset to default settings.

However, the device will neither save nor reboot.

system - (Optional) Specifies this keyword and all parameters are reset to default settings. Then the switch will do factory reset, save, and reboot.

force_agree - (Optional) Specifies and the reset command will be executed immediately without further confirmation.

Note: If no keyword is specified, all parameters will be reset to default settings except IP address, user account, and history log, but the device will neither save nor reboot.

25

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator-level users can issue this command.

Example

To reset all the switch parameters except the IP address:

DGS-3620-28PC:admin#reset

Command: reset

Are you sure to proceed with system reset except IP address?(y/n)

Success.

DGS-3620-28PC:admin#

To reset the system configuration settings:

DGS-3620-28PC:admin#reset config

Command: reset config

Are you sure to proceed with system reset?(y/n)

Success.

DGS-3620-28PC:admin#

To reset all system parameters, save, and restart the switch:

DGS-3620-28PC:admin#reset system

Command: reset system

Are you sure to proceed with system reset, save and reboot?(y/n)

Loading factory default configuration… Done.

Saving all configuration to NV-RAM… Done.

Please wait, the switch is rebooting…

2-23 login

Description

This command is used to log in to the switch.

Format login

Parameters

None.

Restrictions

None.

26

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To login to the switch:

DGS-3620-28PC:admin#login

Command: login

UserName:

2-24 logout

Description

This command is used to log out of the switch.

Format logout

Parameters

None.

Restrictions

None.

Example

To logout of the switch:

DGS-3620-28PC:admin#logout

Command: logout

***********

* Logout *

***********

DGS-3620-28PC Gigabit Ethernet Switch

Command Line Interface

Firmware: Build 2.60.016

Copyright(C) 2013 D-Link Corporation. All rights reserved.

UserName:

27

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

2-25 clear

Description

This command is used to clear the terminal screen.

Format clear

Parameters

None.

Restrictions

None.

Example

To clear the terminal screan:

DGS-3620-28PC:admin#clear

Command: clear

2-26 config terminal width

Description

This command is used to configure the terminal width.

Format config terminal width [default | <value 80-200>]

Parameters

Restrictions

None.

default - Specifies the default terminal width value.

<value 80-200> - Enter a terminal width value between 80 and 200 characters. The default value is 80.

Example

To configure the terminal width:

DGS-3620-28PC:admin#config terminal width 90

Command: config terminal width 90

28

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Success.

DGS-3620-28PC:admin#

2-27 show terminal width

Description

This command is used to display the configuration of the current terminal width.

Format show terminal width

Parameters

None.

Restrictions

None.

Example

To display the configuration of the current terminal width:

DGS-3620-28PC:admin#show terminal width

Command: show terminal width

Global terminal width : 80

Current terminal width : 80

DGS-3620-28PC:admin#

2-28 show device_status

Description

This command displays current status of power(s) and fan(s) on the system.

Within fan(s) status display, for example, there are three fans on the left of the switch, if three fans is working normally, there will display “OK” in the Left Fan field. If some fans work failed, such as fan 1,3 , there will only display the failed fans in the Left Fan field, such as “1,3 Fail”.

In the same way, the Right Fan, Back Fan is same to Left Fan. Because there is only one CPU

Fan, if it is working failed, display “Fail”, otherwise display “OK”.

Format show device_status

29

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

None.

Restrictions

None.

Example

To show device status, the number 1, 2, 3 etc represent the fan number:

DGS-3620-28PC:admin# show device_status

Command: show device_status

Unit 1:

Internal Power: Active

External Power: Fail

Left Fan : 1, 3 Fail

Right Fan : 2 Fail

Back Fan : OK

CPU Fan : Fail

Unit 2:

Internal Power: Active

External Power: Fail

Left Fan : 1 Fail

Right Fan : OK

Back Fan : 2, 4 Fail

CPU Fan : OK

DGS-3620-28PC:admin#

2-29 config out_band_ipif

Description

This command is used to configure the out of band management port settings.

Format config out_band_ipif {ipaddress <network_address> | state [enable | disable] | gateway

<ipaddr>} (1)

Parameters

ipaddress - Specifies the IP address of the interface. The parameter must include the mask.

<network_address> - Enter the IP address of the interface. The parameter must include the mask.

state – Specify the interface status.

enable - Specifies to enable the interface.

disable - Specifies to disable the interface.

gateway - Specifies the gateway IP address of the out-of-band management network.

30

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<ipaddr> - Enter the gateway IP address.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To disable the out-of-band management state:

DGS-3620-28PC:admin#config out_band_ipif state disable

Command: config out_band_ipif state disable

Success.

DGS-3620-28PC:admin#

2-30 show out_band_ipif

Description

This command is used to display the current configurations of special out-of-band management interfaces.

Format show out_band_ipif

Parameters

None.

Restrictions

None.

Example

To display the configuration of out-of-band management interfaces:

DGS-3620-28PC:admin#show out_band_ipif

Command: show out_band_ipif

Status : Enable

IP Address : 192.168.0.1

Subnet Mask : 255.255.255.0

Gateway : 0.0.0.0

Link Status : LinkDown

DGS-3620-28PC:admin#

31

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 3 802.1X Commands

enable 802.1x disable 802.1x

create 802.1x user <username 15>

delete 802.1x user <username 15>

show 802.1x user

config 802.1x auth_protocol [local | radius_eap]

show 802.1x {[auth_state | auth_configuration] ports {<portlist>}}

config 802.1x capability ports [<portlist> | all] [authenticator | none]

config 802.1x fwd_pdu ports [<portlist> | all] [enable | disable]

config 802.1x fwd_pdu system [enable | disable]

config 802.1x auth_parameter ports [<portlist> | all] [default | {direction [both | in] | port_control

[force_unauth | auto | force_auth] | quiet_period <sec 0-65535> | tx_period <sec 1-65535> | supp_timeout <sec 1-65535> | server_timeout <sec 1-65535> | max_req <value 1-10> | reauth_period <sec 1-65535> | max_users [<value 1-448> | no_limit] | enable_reauth [enable

| disable]}(1)]

config 802.1x authorization attributes radius [enable | disable]

config 802.1x init [port_based ports [<portlist> | all] | mac_based ports [<portlist> | all]

{mac_address <macaddr>}]

config 802.1x max_users [<value 1-448> | no_limit]

config 802.1x reauth [port_based ports [<portlist> | all] |mac_based ports [<portlist> | all]

{mac_address <macaddr>}]

create 802.1x guest_vlan <vlan_name 32>

delete 802.1x guest_vlan <vlan_name 32>

config 802.1x guest_vlan ports [<portlist> | all] state [enable | disable]

show 802.1x guest_vlan

config 802.1x trap state [enable | disable]

config radius add <server_index 1-3> [<server_ip> |<ipv6addr>] [key <password 32> | encryption_key <password 56>] [default | {auth_port <udp_port_number 1-65535> | acct_port

<udp_port_number 1-65535> | timeout <sec 1-255> | retransmit <int 1-20>}]

config radius delete <server_index 1-3>

config radius <server_index 1-3> {ipaddress [<server_ip> |<ipv6addr>] | [key <password 32> | encryption_key <password 56>] | auth_port [<udp_port_number 1-65535> | default] | acct_port [<udp_port_number 1-65535> | default] | timeout [<sec 1-255> | default] | retransmit

[<int 1-20> | default]}

show radius

show auth_statistics {ports <portlist>}

show auth_diagnostics {ports <portlist>}

show auth_session_statistics {ports <portlist>}

show auth_client show acct_client

3-1 enable 802.1x

Description

This command is used to enable the 802.1X function.

Format enable 802.1x

32

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable the 802.1X function:

3-2

DGS-3620-28PC:admin#enable 802.1x

Command: enable 802.1x

Success.

DGS-3620-28PC:admin#

disable 802.1x

Description

This command is used to disable the 802.1X function.

Format disable 802.1x

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To disable the 802.1Xfunction:

DGS-3620-28PC:admin#disable 802.1x

Command: disable 802.1x

Success.

DGS-3620-28PC:admin#

33

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

3-3 create 802.1x user

Description

This command is used to create an 802.1X user.

Format create 802.1x user <username 15>

Parameters

<username 15> - Enter to add a user name.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To create a user named “ctsnow”:

3-4

DGS-3620-28PC:admin#create 802.1x user ctsnow

Command: create 802.1x user ctsnow

Enter a case-sensitive new password:

Enter the new password again for confirmation:

Success.

DGS-3620-28PC:admin#

delete 802.1x user

Description

This command is used to delete a specified user.

Format delete 802.1x user <username 15>

Parameters

<username 15> - Enter to delete a user name.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

34

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To delete the user named “Tiberius”:

3-5

DGS-3620-28PC:admin#delete 802.1x user Tiberius

Command: delete 802.1x user Tiberius

Success.

DGS-3620-28PC:admin#

show 802.1x user

Description

This command is used to display 802.1X local user account information.

Format show 802.1x user

Parameters

None.

Restrictions

None.

Example

To display 802.1X user information:

DGS-3620-28PC:admin#show 802.1x user

Command: show 802.1x user

Current Accounts:

Username Password

--------------- ------------ ctsnow gallinari

Total Entries : 1

DGS-3620-28PC:admin#

3-6 config 802.1x auth_protocol

Description

This command is used to configure the 802.1X authentication protocol.

35

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config 802.1x auth_protocol [local | radius_eap]

Parameters

local - Specifiy the authentication protocol as local.

radius_eap - Specifies the authentication protocol as RADIUS EAP.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the 802.1X RADIUS EAP:

3-7

DGS-3620-28PC:admin#config 802.1x auth_protocol radius_eap

Command: config 802.1x auth_protocol radius_eap

Success.

DGS-3620-28PC:admin#

show 802.1x

Description

This command is used to display the 802.1X state or configurations.

Format show 802.1x {[auth_state | auth_configuration] ports {<portlist>}}

Parameters

auth_state - (Optional) Specifies to display the 802.1X authentication state of some or all ports.

auth_configuration - (Optional) Specifies to display 802.1X configuration of some or all ports.

ports - (Optional) Specifies a range of ports to be displayed.

<portlist> - Enter a range of ports to be displayed.

Restrictions

None.

Example

To display 802.1X information:

DGS-3620-28PC:admin#show 802.1x

Command: show 802.1x

802.1X : Disabled

36

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Authentication Protocol : RADIUS_EAP

Forward EAPOL PDU : Disabled

Max User : 448

RADIUS Authorization : Enabled

DGS-3620-28PC:admin#

To display the 802.1x state for ports 1 to 5:

DGS-3620-28PC:admin# show 802.1x auth_state ports 1-4

Command: show 802.1x auth_state ports 1-4

Status: A – Authorized; U – Unauthorized; (P): Port-Based 802.1X Pri: Priority

Port MAC Address Auth PAE State Backend Status VID Pri

VID State

----- -------------------- ------- -------------- ---------- ------ ----- -----

1 00-00-00-00-00-01 10 Authenticated Idle A 4004 3

1 00-00-00-00-00-02 10 Authenticated Idle A 1234 -

1 00-00-00-00-00-04 30 Authenticating Response U - -

2 - (P) - Authenticating Request U - -

3 - (P) - Connecting Idle U - -

4 - (P) - Held Fail U - -

Total Authenticating Hosts: 3

Total Authenticated Hosts : 2

DGS-3620-28PC:admin#

To display the 802.1x configuration for port 1:

DGS-3620-28PC:admin# show 802.1x auth_configuration ports 1:1

Command: show 802.1x auth_configuration ports 1:1

Port number : 1:1

Capability : None

AdminCrlDir : Both

OpenCrlDir : Both

Port Control : Auto

QuietPeriod : 60 Seconds

TxPeriod : 30 Seconds

SuppTimeout : 30 Seconds

ServerTimeout : 30 Seconds

MaxReq : 2 Times

ReAuthPeriod : 3600 Seconds

ReAuthenticate : Disabled

Forward EAPOL PDU On Port

Max User On Port

DGS-3620-28PC:admin#

: Enabled

: 10

37

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

3-8 config 802.1x capability ports

Description

This command is used to configure port capability.

Format config 802.1x capability ports [<portlist> | all] [authenticator | none]

Parameters

<portlist> - Enter a range of ports to be configured.

all - Specifies to configure all ports.

authenticator - The port that wishes to enforce authentication before allowing access to services that are accessible via that port adopts the authenticator role.

none – Disable authentication on specified port.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure port capability for ports 1 to 10:

DGS-3620-28PC:admin#config 802.1x capability ports 1-10 authenticator

Command: config 802.1x capability ports 1-10 authenticator

Success.

DGS-3620-28PC:admin#

3-9 config 802.1x fwd_pdu ports

Description

This command is used to configure the 802.1X PDU forwarding state on specific ports of the switch.

Format config 802.1x fwd_pdu ports [<portlist> | all] [enable | disable]

Parameters

<portlist> - Enter a range of ports to be configured.

all - Specifies all ports.

enable - Enable the 802.1X PDU forwarding state.

disable - Disable the 802.1X PDU forwarding state.

38

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the 802.1X PDU forwarding state on ports 1 to 2:

DGS-3620-28PC:admin#config 802.1x fwd_pdu ports 1-2 enable

Command: config 802.1x fwd_pdu ports 1-2 enable

Success.

DGS-3620-28PC:admin#

3-10 config 802.1x fwd_pdu system

Description

This command is used to configure the 802.1X PDU forwarding state.

Format config 802.1x fwd_pdu system [enable | disable]

Parameters

enable - Enable the 802.1X PDU forwarding state.

disable - Disable the 802.1X PDU forwarding state.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the 802.1X PDU forwarding state:

DGS-3620-28PC:admin#config 802.1x fwd_pdu system enable

Command: config 802.1x fwd_pdu system enable

Success.

DGS-3620-28PC:admin#

3-11 config 802.1x auth_parameter ports

Description

This command is used to configure the parameters that control the operation of the authenticator associated with a port.

39

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config 802.1x auth_parameter ports [<portlist> | all] [default | {direction [both | in] | port_control [force_unauth | auto | force_auth] | quiet_period <sec 0-65535> | tx_period

<sec 1-65535> | supp_timeout <sec 1-65535> | server_timeout <sec 1-65535> | max_req

<value 1-10> | reauth_period <sec 1-65535> | max_users [<value 1-448> | no_limit] | enable_reauth [enable | disable]}(1)]

Parameters

<portlist> - Enter a range of ports to be configured.

all - Specifies to configure all ports.

default - Set all parameters to the default value.

direction - (Optional) Set the direction of access control.

both - For bidirectional access control.

in - For ingress access control.

port_control - (Optional) Force a specific port to be unconditionally authorized or unauthorized by setting the parameter of port_control to be force_authorized or force_unauthorized.

Besides, the controlled port will reflect the outcome of authentication if port_control is auto.

force_auth - The port transmits and receives normal traffic without 802.1X-based authentication of the client.

auto - The port begins in the unauthorized state, and relays authentication messages between the client and the authentication server.

force_unauth - The port will remain in the unauthorized state, ignoring all attempts by the client to authenticate.

quiet_period - (Optional) The initialization value of the quietWhile timer. The default value is 60 s and can be any value from 0 to 65535.

<sec 0-65535> - The quiet period value must be between 0 an 65535 seconds.

tx_period - (Optional) The initialization value of the txWhen timer. The default value is 30 s and can be any value from 1 to 65535.

<sec 1-65535> - The transmit period value must be between 1 an 65535 seconds.

supp_timeout - (Optional) The initialization value of the aWhile timer when timing out the supplicant. Its default value is 30 s and can be any value from 1 to 65535.

<sec 1-65535> - The timeout value must be between 1 an 65535 seconds.

server_timeout - (Optional) The initialization value of the aWhile timer when timing out the authentication server. Its default value is 30 and can be any value from 1 to 65535.

<sec 1-65535> - The server timeout value must be between 1 an 65535 seconds.

max_req - (Optional) The maximum number of times that the authenitcation PAE state machine will retransmit an EAP Request packet to the supplicant. Its default value is 2 and can be any number from 1 to 10.

<value 1-10> - The maximum require number must be between 1 and 10.

reauth_period - (Optional) It's a non-zero number of seconds, which is used to be the reauthentication timer. The default value is 3600.

<sec 1-65535> - The reauthentication period value must be between 1 an 65535 seconds.

max_users - (Optional) Set the maximum number of users between 1 and 448.

<value 1-448> - The maximum users value must be between 1 and 448.

no_limit - Set an unlimited number of users.

enable_reauth - (Optional) Enable or disable the re-authentication mechanism for a specific port.

enable - Enable the re-authentication mechanism for a specific port.

disable - Disable the re-authentication mechanism for a specific port.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

40

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure the parameters that control the operation of the authenticator associated with a port:

DGS-3620-28PC:admin# config 802.1x auth_parameter ports 1-20 direction both

Command: config 802.1x auth_parameter ports 1-20 direction both

Success.

DGS-3620-28PC:admin#

3-12 config 802.1x authorization attributes radius

Description

This command is used to enable or disable the acceptation of an authorized configuration. (To configure that attributes, regarding VLAN, 802.1p, ACL and Ingress/Egress Bandwidth, please refer to the Appendix section at the end of this document.)

Format config 802.1x authorization attributes radius [enable | disable]

Parameters

enable - The authorization attributes such as VLAN, 802.1p default priority, and ACL assigned by the RADUIS server will be accepted if the global authorization status is enabled. The default state is enabled.

disable - The authorization attributes assigned by the RADUIS server will not be accepted.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the 802.1X state of acceptation of an authorized configuration:

DGS-3620-28PC:admin#config 802.1x authorization attributes radius enable

Command: config 802.1x authorization attributes radius enable

Success.

DGS-3620-28PC:admin#

3-13 config 802.1x init

Description

This command is used to initialize the authentication state machine of some or all.

41

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config 802.1x init [port_based ports [<portlist> | all] | mac_based ports [<portlist> | all]

{mac_address <macaddr>}]

Parameters

port_based ports - Used to configure authentication in port-based mode.

<portlist> - Enter a range of ports to be configured.

all - Specifies to configure all ports.

mac_based ports - To configure authentication in host-based 802.1X mode.

<portlist> - Enter a range of ports to be configured.

all - Specifies to configure all ports.

mac_address - (Optional) Specifies the MAC address of the host.

<macaddr> - Enter the MAC address here.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To initialize the authentication state machine of some or all:

DGS-3620-28PC:admin# config 802.1x init port_based ports all

Command: config 802.1x init port_based ports all

Success.

DGS-3620-28PC:admin#

3-14 config 802.1x max_users

Description

This command is used to configure the 802.1X maximum number of users of the system.

Format config 802.1x max_users [<value 1-448> | no_limit]

Parameters

<value 1-448> - Enter the maximum number of users.

no_limit - Specifies an unlimited number of users.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the 820.1X maximum numbers of the system:

42

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# config 802.1x max_users 2

Command: config 802.1x max_users 2

Success.

DGS-3620-28PC:admin#

3-15 config 802.1x reauth

Description

This command is used to reauthenticate the device connected with the port. During the reauthentication period, the port status remains authorized until failed reauthentication.

Format config 802.1x reauth [port_based ports [<portlist> | all] |mac_based ports [<portlist> | all]

{mac_address <macaddr>}]

Parameters

port_based ports - The switch passes data based on its authenticated port.

<portlist> - Enter a range of ports to be configured.

all - Specifies to configure all ports.

mac_based ports - The switch passes data based on the MAC address of authenticated

RADIUS client.

<portlist> - Enter a range of ports to be configured.

all - Specifies to configure all ports.

mac_address - (Optional) Specifies the MAC address of the authenticated RADIUS client.

<macaddr> - Enter the MAC address here.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To reauthenticate the device connected with the port:

DGS-3620-28PC:admin# config 802.1x reauth port_based ports all

Command: config 802.1x reauth port_based ports all

Success.

DGS-3620-28PC:admin#

3-16 create 802.1x guest_vlan

Description

This command is used to assign a static VLAN to be a guest VLAN. The specific VLAN which is assigned to a guest VLAN must already exist. The specific VLAN which is assigned to the guest

VLAN can’t be deleted.

43

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format create 802.1x guest_vlan <vlan_name 32>

Parameters

<vlan_name 32> - Enter the static VLAN to be a guest VLAN.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To assign a static VLAN to be a guest VLAN:

DGS-3620-28PC:admin# create 802.1x guest_vlan guestVLAN

Command: create 802.1x guest_vlan guestVLAN

Success.

DGS-3620-28PC:admin#

3-17 delete 802.1x guest_vlan

Description

This command is used to delete a guest VLAN setting, but not to delete the static VLAN itself.

Format delete 802.1x guest_vlan <vlan_name 32>

Parameters

<vlan_name 32> - Enter the guest VLAN name.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete a guest VLAN configuration:

DGS-3620-28PC:admin# delete 802.1x guest_vlan guestVLAN

Command: delete 802.1x guest_vlan guestVLAN

Success.

DGS-3620-28PC:admin#

44

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

3-18 config 802.1x guest_vlan ports

Description

This command is used to configure a guest VLAN setting.

Format config 802.1x guest_vlan ports [<portlist> | all] state [enable | disable]

Parameters

<portlist> - Enter a range of ports to be configured.

all - Specifies to configure all ports.

state - Specifies the guest VLAN port state of the configured ports.

enable - Join the guest VLAN.

disable - Remove from guest VLAN.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure a guest VLAN setting for ports 1 to 8:

DGS-3620-28PC:admin# config 802.1x guest_vlan ports 1-8 state enable

Command: config 802.1x guest_vlan ports 1-8 state enable

Warning, The ports are moved to Guest VLAN.

Success.

DGS-3620-28PC:admin#

3-19 show 802.1x guest_vlan

Description

This command is used to display guest VLAN information.

Format show 802.1x guest_vlan

Parameters

None.

45

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

None.

Example

To display guest VLAN information:

DGS-3620-28PC:admin#show 802.1x guest_vlan

Command: show 802.1x guest_vlan

Guest Vlan Setting

-----------------------------------------------------------

Guest vlan : guest

Enable guest vlan ports : 1-10

DGS-3620-28PC:admin#

3-20 config radius add

Description

This command is used to add a new RADIUS server. The server with a lower index has higher authenticative priority.

Format config radius add <server_index 1-3> [<server_ip> |<ipv6addr>] [key <password 32> | encryption_key <password 56>] [default | {auth_port <udp_port_number 1-65535> | acct_port <udp_port_number 1-65535> | timeout <sec 1-255> | retransmit <int 1-20>}]

Parameters

<server_index 1-3> - Enter the RADIUS server index.

<server_ip> - Enter the IP address of the RADIUS server.

<ipv6add> - Specifies the IPv6 address used.

key - Specifies the key pre-negotiated between switch and the RADIUS server. It is used to encrypt user’s authentication data before being transmitted over the Internet. The maximum length of the key is 32.

<passwd 32> - The maximum length of the password is 32 characters long.

encryption_key - (Optional) Specifies the key pre-negotiated between the switch and the

RADIUS server. It is used to encrypt the user’s authentication data before being transmitted over the Internet.

<password 56> - Enter the enryption key.

default - Sets the auth_port to be 1812 and acct_port to be 1813.

auth_port - Specifies the UDP port number which is used to transmit RADIUS authentication data between the switch and the RADIUS server.The range is 1 to 65535.

<udp_port_number 1-65535> - The authentication port value must be between 1 and 65535.

acct_port - Specifies the UDP port number which is used to transmit RADIUS accounting statistics between the switch and the RADIUS server. The range is 1 to 65535.

<udp_port_number 1-65535> - The accounting statistics value must be between 1 and

65535.

timeout - Specifies the time, in seconds ,for waiting server reply. The default value is 5 seconds.

<int 1-255> - The timeout value must be between 1 and 255.

retransmit - Specifies the count for re-transmit. The default value is 2.

46

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<int 1-20> - The re-transmit value must be between 1 and 20.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To add a new RADIUS server:

DGS-3620-28PC:admin#config radius add 1 10.48.74.121 key dlink default

Command: config radius add 1 10.48.74.121 key dlink default

Success.

DGS-3620-28PC:admin#

3-21 config 802.1x trap state

Description

This command is used to enable or disable the sending of 802.1X traps.

Format config 802.1x trap state [enable | disable]

Parameters

enable - Specifies to enable the sending of 802.1X traps.

disable - Specifies to disable the sending of 802.1X traps.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

This example shows how to enable the trap state for 802.1X.

DGS-3620-28PC:admin# config 802.1x trap state enable

Command: config 802.1x trap state enable

Success.

DGS-3620-28PC:admin#

3-22 config radius delete

Description

This command is used to delete a RADIUS server.

47

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config radius delete <server_index 1-3>

Parameters

<server_index 1-3> - Enter the RADIUS server index. The range is from 1 to 3.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete a RADIUS server:

DGS-3620-28PC:admin#config radius delete 1

Command: config radius delete 1

Success.

DGS-3620-28PC:admin#

3-23 config radius

Description

This command is used to configure a RADIUS server.

Format config radius <server_index 1-3> {ipaddress [<server_ip> |<ipv6addr>] | [key <password

32> | encryption_key <password 56>] | auth_port [<udp_port_number 1-65535> | default] | acct_port [<udp_port_number 1-65535> | default] | timeout [<sec 1-255> | default] | retransmit [<int 1-20> | default]}

Parameters

<server_index 1-3> - Enter the RADIUS server index.

ipaddress - Specifies the IP address of the RADIUS server.

<server_ip> - Enter the RADIUS server IP address here.

<ipv6addr> - Enter the IPv6 address here.

key - Specifies the key pre-negotiated between the switch and the RADIUS server. It is used to encrypt user’s authentication data before being transmitted over the Internet. The maximum length of the key is 32.

<passwd 32> - Enter the key pre-negotiated between the switch and the RADIUS server. It is used to encrypt user’s authentication data before being transmitted over the Internet. The maximum length of the key is 32.

encryption_key - (Optional) Specifies the key pre-negotiated between the switch and the

RADIUS server. It is used to encrypt the user’s authentication data before being transmitted over the Internet.

<password 56> - Enter the enryption key.

auth_port - Specifies the UDP port number which is used to transmit RADIUS authentication data between the switch and the RADIUS server. The default is 1812.

48

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<udp_port_number 1-65535> - The authentication port value must be between 1 and 65535.

default - Specifies to use the default value.

acct_port - Specifies the UDP port number which is used to transmit RADIUS accounting statistics between the switch and the RADIUS server. The default is 1813.

<udp_port_number 1-65535> - The accounting statistics value must be between 1 and

65535.

default - Specifies to use the default value.

timeout - Specifies the time in seconds for waiting for a server reply. The default value is 5 seconds.

<int 1-255> - Enter the time in seconds for waiting for a server reply. The timeout value must be between 1 and 255. The default value is 5 seconds.

default - Specifies to use the default value.

retransmit - Specifies the count for re-transmission. The default value is 2.

<int 1-20> - The re-transmit value must be between 1 and 20.

default - Specifies to use the default value.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure a RADIUS server:

DGS-3620-28PC:admin#config radius 1 ipaddress 10.48.74.121 key dlink

Command: config radius 1 ipaddress 10.48.74.121 key dlink

Success.

DGS-3620-28PC:admin#

3-24 show radius

Description

This command is used to display RADIUS server configurations.

Format show radius

Parameters

None.

Restrictions

None.

Example

To display RADIUS server configurations:

DGS-3620-28PC:admin#show radius

49

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Command: show radius

Index 1

IP Address : 192.168.69.1

Auth-Port : 1812

Acct-Port : 1813

Timeout : 5

Retransmit : 2

Key : 123456

Total Entries : 1

DGS-3620-28PC:admin#

3-25 show auth_statistics

Description

This command is used to display authenticator statistics information

Format show auth_statistics {ports <portlist>}

Parameters

ports - (Optional) Specifies a range of ports to be displayed.

<portlist> - Enter a range of ports to be displayed.

Restrictions

None.

Example

To display authenticator statistics information for port 3:

DGS-3620-28PC:admin# show auth_statistics ports 3

Command: show auth_statistics ports 3

Auth VID :100

MAC Address :00-00-00-00-00-03

Port number : 3

EapolFramesRx 0

EapolFramesTx 6

EapolStartFramesRx 0

EapolReqIdFramesTx 6

EapolLogoffFramesRx 0

EapolReqFramesTx 0

EapolRespIdFramesRx 0

EapolRespFramesRx 0

50

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

InvalidEapolFramesRx 0

EapLengthErrorFramesRx 0

LastEapolFrameVersion 0

LastEapolFrameSource 00-00-00-00-00-03

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

3-26 show auth_diagnostics

Description

This command is used to display authenticator diagnostics information.

Format show auth_diagnostics {ports <portlist>}

Parameters

ports - (Optional) Specifies a range of ports to be displayed.

<portlist> - Enter a range of ports to be displayed.

Restrictions

None.

Example

To display authenticator diagnostics information for port 3:

DGS-3620-28PC:admin# show auth_diagnostics ports 3

Command: show auth_diagnostics ports 3

Auth VID 100

MAC Address 00-00-00-00-00-03

Port number : 1

EntersConnecting 20

EapLogoffsWhileConnecting 0

EntersAuthenticating 0

SuccessWhileAuthenticating 0

TimeoutsWhileAuthenticating 0

FailWhileAuthenticating 0

ReauthsWhileAuthenticating 0

EapStartsWhileAuthenticating 0

EapLogoffWhileAuthenticating 0

ReauthsWhileAuthenticated 0

EapStartsWhileAuthenticated 0

EapLogoffWhileAuthenticated 0

BackendResponses 0

BackendAccessChallenges 0

BackendOtherRequestsToSupplicant 0

51

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

BackendNonNakResponsesFromSupplicant 0

BackendAuthSuccesses 0

BackendAuthFails 0

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

3-27 show auth_session_statistics

Description

This command is used to display authenticator session statistics information.

Format show auth_session_statistics {ports <portlist>}

Parameters

ports - (Optional) Specifies a range of ports to be displayed.

<portlist> - Enter a range of ports to be displayed.

Restrictions

None.

Example

To display authenticator session statistics information for port 1:

DGS-3620-28PC:admin# show auth_session_statistics ports 3

Command: show auth_session_statistics ports 3

Auth VID : 100

MAC Address : 00-00-00-00-00-03

Port number : 3

SessionOctetsRx

SessionOctetsTx

SessionFramesRx

0

0

0

0 SessionFramesTx

SessionId

SessionAuthenticMethod

SessionTime

SessionTerminateCause

Remote Authentication Server

0

SupplicantLogoff

SessionUserName

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

3-28 show auth_client

Description

This command is used to display authentication client information.

52

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format show auth_client

Parameters

None.

Restrictions

None.

Example

To display authentication client information:

DGS-3620-28PC:admin# show auth_client

Command: show auth_client radiusAuthClient ==> radiusAuthClientInvalidServerAddresses 0 radiusAuthClientIdentifier D-Link radiusAuthServerEntry ==> radiusAuthServerIndex :1 radiusAuthServerAddress 0.0.0.0 radiusAuthClientServerPortNumber X radiusAuthClientRoundTripTime 0 radiusAuthClientAccessRequests 0 radiusAuthClientAccessRetransmissions 0 radiusAuthClientAccessAccepts 0 radiusAuthClientAccessRejects 0 radiusAuthClientAccessChallenges 0 radiusAuthClientMalformedAccessResponses 0 radiusAuthClientBadAuthenticators 0 radiusAuthClientPendingRequests 0 radiusAuthClientTimeouts 0 radiusAuthClientUnknownTypes 0 radiusAuthClientPacketsDropped 0 radiusAuthClient ==> radiusAuthClientInvalidServerAddresses 0 radiusAuthClientIdentifier D-Link radiusAuthServerEntry ==> radiusAuthServerIndex :2 radiusAuthServerAddress 0.0.0.0

53

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

radiusAuthClientServerPortNumber X radiusAuthClientRoundTripTime 0 radiusAuthClientAccessRequests 0 radiusAuthClientAccessRetransmissions 0 radiusAuthClientAccessAccepts 0 radiusAuthClientAccessRejects 0 radiusAuthClientAccessChallenges 0 radiusAuthClientMalformedAccessResponses 0 radiusAuthClientBadAuthenticators 0 radiusAuthClientPendingRequests 0 radiusAuthClientTimeouts 0 radiusAuthClientUnknownTypes 0 radiusAuthClientPacketsDropped 0 radiusAuthClient ==> radiusAuthClientInvalidServerAddresses 0 radiusAuthClientIdentifier D-Link radiusAuthServerEntry ==> radiusAuthServerIndex :3 radiusAuthServerAddress 0.0.0.0 radiusAuthClientServerPortNumber X radiusAuthClientRoundTripTime 0 radiusAuthClientAccessRequests 0 radiusAuthClientAccessRetransmissions 0 radiusAuthClientAccessAccepts 0 radiusAuthClientAccessRejects 0 radiusAuthClientAccessChallenges 0 radiusAuthClientMalformedAccessResponses 0 radiusAuthClientBadAuthenticators 0 radiusAuthClientPendingRequests 0 radiusAuthClientTimeouts 0 radiusAuthClientUnknownTypes 0 radiusAuthClientPacketsDropped 0

DGS-3620-28PC:admin#

3-29 show acct_client

Description

This command is used to display account client information

Format show acct_client

Parameters

None.

54

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

None.

Example

To display account client information:

DGS-3620-28PC:admin# show acct_client

Command: show acct_client radiusAcctClient ==> radiusAcctClientInvalidServerAddresses 0 radiusAcctClientIdentifier D-Link radiusAuthServerEntry ==> radiusAccServerIndex : 1 radiusAccServerAddress 0.0.0.0 radiusAccClientServerPortNumber X radiusAccClientRoundTripTime 0 radiusAccClientRequests 0 radiusAccClientRetransmissions 0 radiusAccClientResponses 0 radiusAccClientMalformedResponses 0 radiusAccClientBadAuthenticators 0 radiusAccClientPendingRequests 0 radiusAccClientTimeouts 0 radiusAccClientUnknownTypes 0 radiusAccClientPacketsDropped 0 radiusAcctClient ==> radiusAcctClientInvalidServerAddresses 0 radiusAcctClientIdentifier D-Link radiusAuthServerEntry ==> radiusAccServerIndex : 2 radiusAccServerAddress 0.0.0.0 radiusAccClientServerPortNumber X radiusAccClientRoundTripTime 0 radiusAccClientRequests 0 radiusAccClientRetransmissions 0 radiusAccClientResponses 0 radiusAccClientMalformedResponses 0 radiusAccClientBadAuthenticators 0 radiusAccClientPendingRequests 0 radiusAccClientTimeouts 0 radiusAccClientUnknownTypes 0 radiusAccClientPacketsDropped 0

55

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

radiusAcctClient ==> radiusAcctClientInvalidServerAddresses 0 radiusAcctClientIdentifier D-Link radiusAuthServerEntry ==> radiusAccServerIndex : 3 radiusAccServerAddress 0.0.0.0 radiusAccClientServerPortNumber X radiusAccClientRoundTripTime 0 radiusAccClientRequests 0 radiusAccClientRetransmissions 0 radiusAccClientResponses 0 radiusAccClientMalformedResponses 0 radiusAccClientBadAuthenticators 0 radiusAccClientPendingRequests 0 radiusAccClientTimeouts 0 radiusAccClientUnknownTypes 0 radiusAccClientPacketsDropped 0

DGS-3620-28PC:admin#

56

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 4 Access Authentication

Control (AAC)

Commands

enable authen_policy disable authen_policy show authen_policy enable authen_policy_encryption disable authen_policy_encryption

create authen_login method_list_name <string 15>

config authen_login [default | method_list_name <string 15>] method {tacacs | xtacacs | tacacs+

| radius | server_group <string 15> | local | none}(1)

delete authen_login method_list_name <string 15>

show authen_login [default | method_list_name <string 15> | all]

create authen_enable method_list_name <string 15>

config authen_enable [default | method_list_name <string 15>] method {tacacs | xtacacs | tacacs+ | radius | server_group <string 15> | local_enable | none}(1)

delete authen_enable method_list_name <string 15>

show authen_enable [default | method_list_name <string 15> | all]

config authen application [console | telnet | ssh | http | all] [login | enable] [default | method_list_name <string 15>]

show authen application

create authen server_group <string 15>

config authen server_group [tacacs | xtacacs | tacacs+ | radius | <string 15>] [add | delete] server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]

delete authen server_group <string 15>

show authen server_group {<string 15>}

create authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int 1-

65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-

255> | retransmit <int 1-20>}

config authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int 1-

65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-

255> | retransmit <int 1-20>}(1)

delete authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]

show authen server_host

config authen parameter response_timeout <int 0-255>

config authen parameter attempt <int 1-255>

show authen parameter enable admin

config admin local_enable {encrypt [plain_text | sha_1] <password>}

create aaa server_group <string 15>

config aaa server_group [tacacs | xtacacs | tacacs+ | radius | group_name <string 15>] [add | delete] server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]

delete aaa server_group <string 15>

delete aaa server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]

show aaa

show aaa server_group {<string 15>}

show aaa server_host enable aaa_server_password_encryption disable aaa_server_password_encryption

config accounting [default | method_list_name <string 15>] method {tacacs+ | radius |

57

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

server_group <string 15> | none}

config accounting service [network | shell | system] state [enable {[radius_only | method_list_name <string 15> | default_method_list]} | disable]

config accounting service command {administrator | operator | power_user | user}

[method_list_name <string> | none]

create accounting method_list_name <string 15>

delete accounting method_list_name <string 15>

show accounting [default | method_list_name <string 15> | all]

show accounting service

create radius server_host <ipaddr> {auth_port <int 1-65535> | acct_port <int 1-65535> | [key

[<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255> | retransmit <int 1-20>}

config radius server_host <ipaddr> {auth_port <int 1-65535> | acct_port <int 1-65535> | [key

[<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255> | retransmit <int 1-20>}

config radius source_ipif [<ipif_name 12> {<ipaddr> | <ipv6addr>} | none]

show radius source_ipif

create tacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit <int 1-

20>}

config tacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit <int 1-

20>}

create tacacs+ server_host <ipaddr> {port <int 1-65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255>}

config tacacs+ server_host <ipaddr> {port <int 1-65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255>}

create xtacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit <int 1-

20>}

config xtacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit <int 1-

20>}

config tacacs source_ipif [<ipif_name 12> {<ipaddr>} | none]

show tacacs source_ipif

The TACACS / XTACACS / TACACS+ / RADIUS commands allows secure access to the Switch using the TACACS / XTACACS / TACACS+ / RADIUS protocols. When a user logs in to the

Switch or tries to access the administrator level privilege, he or she is prompted for a password. If

TACACS / XTACACS / TACACS+ / RADIUS authentication is enabled on the Switch, it will contact a TACACS / XTACACS / TACACS+ / RADIUS server to verify the user. If the user is verified, he or she is granted access to the Switch.

There are currently three versions of the TACACS security protocol, each a separate entity. The

Switch’s software supports the following versions of TACACS:

1. TACACS (Terminal Access Controller Access Control System) —Provides password checking and authentication, and notification of user actions for security purposes utilizing via one or more centralized TACACS servers, utilizing the UDP protocol for packet transmission.

2. Extended TACACS (XTACACS) — An extension of the TACACS protocol with the ability to provide more types of authentication requests and more types of response codes than

TACACS. This protocol also uses UDP to transmit packets.

3. TACACS+ (Terminal Access Controller Access Control System plus) — Provides detailed access control for authentication for network devices. TACACS+ is facilitated through Authentication commands via one or more centralized servers. The TACACS+ protocol encrypts all traffic between the Switch and the TACACS+ daemon, using the TCP protocol to ensure reliable delivery.

58

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

The Switch also supports the RADIUS protocol for authentication using the Access Authentication

Control commands. RADIUS or Remote Authentication Dial In User Server also uses a remote server for authentication and can be responsible for receiving user connection requests, authenticating the user and returning all configuration information necessary for the client to deliver service through the user. RADIUS may be facilitated on this Switch using the commands listed in this section.

In order for the TACACS / XTACACS / TACACS+ / RADIUS security function to work properly, a

TACACS / XTACACS / TACACS+ / RADIUS server must be configured on a device other than the

Switch, called a server host and it must include usernames and passwords for authentication.

When the user is prompted by the Switch to enter usernames and passwords for authentication, the Switch contacts the TACACS / XTACACS / TACACS+ / RADIUS server to verify, and the server will respond with one of three messages:

The server verifies the username and password, and the user is granted normal user privileges on the Switch. The server will not accept the username and password and the user is denied access to the Switch.

The server doesn’t respond to the verification query. At this point, the Switch receives the timeout from the server and then moves to the next method of verification configured in the method list.

The Switch has four built-in server groups, one for each of the TACACS, XTACACS, TACACS+ and RADIUS protocols. These built-in server groups are used to authenticate users trying to access the Switch. The users will set server hosts in a preferable order in the built-in server group and when a user tries to gain access to the Switch, the Switch will ask the first server host for authentication. If no authentication is made, the second server host in the list will be queried, and so on. The built-in server group can only have hosts that are running the specified protocol. For example, the TACACS server group can only have TACACS server hosts.

The administrator for the Switch may set up five different authentication techniques per userdefined method list (TACACS / XTACACS / TACACS+ / RADIUS / local / none) for authentication.

These techniques will be listed in an order preferable, and defined by the user for normal user authentication on the Switch, and may contain up to eight authentication techniques. When a user attempts to access the Switch, the Switch will select the first technique listed for authentication. If the first technique goes through its server hosts and no authentication is returned, the Switch will then go to the next technique listed in the server group for authentication, until the authentication has been verified or denied, or the list is exhausted.

Note: User granted access to the Switch will be granted normal user privileges on the

Switch. To gain access to admin level privileges, the user must enter the enable admin command and then enter a password, which was previously configured by the administrator of the Switch.

Note: TACACS, XTACACS and TACACS+ are separate entities and are not compatible.

The Switch and the server must be configured exactly the same, using the same protocol. (For example, if the Switch is set up for TACACS authentication, so must be the host server.)

4-1 enable authen_policy

Description

This command is used to enable system access authentication policy. When enabled, the device will adopt the login authentication method list to authenticate the user for login, and adopt the enable authentication mothod list to authenticate the enable password for promoting the user‘s privilege to Administrator level.

59

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format enable authen_policy

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To enable system access authentication policy:

DGS-3620-28PC:admin#enable authen_policy

Command: enable authen_policy

Success.

DGS-3620-28PC:admin#

4-2 disable authen_policy

Description

This command is used to disable system access authentication policy. When authentication is disabled, the device will adopt the local user account database to authenticate the user for login, and adopt the local enable password to authenticate the enable password for promoting the user‘s privilege to Administrator level.

Format disable authen_policy

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To disable system access authentication policy:

DGS-3620-28PC:admin#disable authen_policy

Command: disable authen_policy

60

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Success.

DGS-3620-28PC:admin#

4-3 show authen_policy

Description

This command is used to display whether system access authentication policy is enabled or disabled.

Format show authen_policy

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To display system access authentication policy:

4-4

DGS-3620-28PC:admin#show authen_policy

Command: show authen_policy

Authentication Policy : Disabled

Authentication Policy Encryption: Disabled

DGS-3620-28PC:admin#

enable authen_policy_encryption

Description

This command is used to enable the authentication policy encryption. When enabled, TACACS+ and RADIUS key will be in the encrypted form.

Format enable authen_policy_encryption

Parameters

None.

61

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator-level users can issue this command.

Example

To enable the authentication policy encryption:

DGS-3620-28PC:admin#enable authen_policy_encryption

Command: enable authen_policy_encryption

Success.

DGS-3620-28PC:admin#

4-5 disable authen_policy_encryption

Description

This command is used to disable the authentication policy encryption. When disabled, TACACS+ and RADIUS key will be in the plain text form.

Format disable authen_policy_encryption

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To disable the authentication policy encryption:

4-6

DGS-3620-28PC:admin#disable authen_policy_encryption

Command: disable authen_policy_encryption

Success.

DGS-3620-28PC:admin#

create authen_login method_list_name

Description

This command is used to create a user-defined method list of authentication methods for user login. The maximum supported number of the login method lists is eight.

62

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format create authen_login method_list_name <string 15>

Parameters

<string 15> - Enter the user-defined method list name.

Restrictions

Only Administrator-level users can issue this command.

Example

To create a user-defined method list for user login:

DGS-3620-28PC:admin#create authen_login method_list_name login_list_1

Command: create authen_login method_list_name login_list_1

Success.

DGS-3620-28PC:admin#

4-7 config authen_login

Description

This command is used to configure a user-defined or default method list of authentication methods for user login. The sequence of methods will affect the authentication result. For example, if the sequence is TACACS+ first, then TACACS and local, when a user trys to login, the authentication request will be sent to the first server host in the TACACS+ built-in server group. If the first server host in the TACACS+ group is missing, the authentication request will be sent to the second server host in the TACACS+ group, and so on. If all server hosts in the TACACS+ group are missing, the authentication request will be sent to the first server host in the TACACS group. If all server hosts in a TACACS group are missing, the local account database in the device is used to authenticate this user. When a user logs in to the device successfully while using methods like

TACACS/XTACACS/TACACS+/RADIUS built-in or user-defined server groups or none, the “user” privilege level is assigned only. If a user wants to get admin privilege level, the user must use the

“enable admin” command to promote his privilege level. But when the local method is used, the privilege level will depend on this account privilege level stored in the local device.

Format config authen_login [default | method_list_name <string 15>] method {tacacs | xtacacs | tacacs+ | radius | server_group <string 15> | local | none}(1)

Parameters

default – Specify the default method list of authentication methods.

method_list_name - Specifies the user-defined method list of authentication methods.

<string 15> - Enter the user-defined method list of authentication methods. The method list name can be up to 15 characters long.

method - Choose the desired authentication method:

63

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

tacacs - Specifies authentication by the built-in server group TACACS.

xtacacs - Specifies authentication by the built-in server group XTACACS.

tacacs+ - Specifies authentication by the built-in server group TACACS+.

radius - Specifies authentication by the built-in server group RADIUS.

server_group - Specifies authentication by the user-defined server group.

<string 15> - Enter authentication by the user-defined server group. The server group value can be up to 15 characters long.

local - Specifies authentication by local user account database in the device.

none - Specifies no authentication.

Restrictions

Only Administrator-level users can issue this command.

Example

To configure a user-defined method list for user login:

DGS-3620-28PC:admin#config authen_login method_list_name login_list_1 method tacacs+ tacacs local

Command: config authen_login method_list_name login_list_1 method tacacs+ tacacs local

Success.

DGS-3620-28PC:admin#

4-8 delete authen_login method_list_name

Description

This command is used to delete a user-defined method list of authentication methods for user login.

Format delete authen_login method_list_name <string 15>

Parameters

<string 15> - Enter the user-defined method list name.

Restrictions

Only Administrator-level users can issue this command.

Example

To delete a user-defined method list for user login:

DGS-3620-28PC:admin#delete authen_login method_list_name login_list_1

Command: delete authen_login method_list_name login_list_1

Success.

64

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

4-9

DGS-3620-28PC:admin#

show authen_login

Description

This command is used to display the method list of authentication methods for user login.

Format show authen_login [default | method_list_name <string 15> | all]

Parameters

default – Specify to display the default method list for user login.

method_list_name - Specifies the user-defined method list for user login.

<string 15> - Enter the user-defined method list for user login. The method list name can be up to 15 characters long.

all – Specify to display all method lists for user login.

Restrictions

Only Administrator-level users can issue this command.

Example

To display a user-defined method list for user login:

DGS-3620-28PC:admin#show authen_login method_list_name login_list_1

Command: show authen_login method_list_name login_list_1

Method List Name Priority Method Name Comment

---------------- -------- --------------- ------------------ login_list_1 1 tacacs+ Built-in Group

2 tacacs Built-in Group

3 mix_1 User-defined Group

4 local Keyword

DGS-3620-28PC:admin#

4-10 create authen_enable method_list_name

Description

This command is used to create a user-defined method list of authentication methods for promoting a user's privilege to Admin level. The maximum supported number of the enable method lists is eight.

Format create authen_enable method_list_name <string 15>

65

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<string 15> - Enter the user-defined method list name.

Restrictions

Only Administrator-level users can issue this command.

Example

To create a user-defined method list for promoting a user's privilege to Admin level:

DGS-3620-28PC:admin#create authen_enable method_list_name enable_list_1

Command: create authen_enable method_list_name enable_list_1

Success.

DGS-3620-28PC:admin#

4-11 config authen_enable

Description

This command is used to configure a user-defined or default method list of authentication methods for promoting a user's privilege to Admin level. The sequence of methods will effect the authencation result. For example, if the sequence is TACACS+ first, then TACACS and local_enable, when a user tries to promote a user's privilege to Admin level, the authentication request will be sent to the first server host in the TACACS+ built-in server group. If the first server host in the TACACS+ group is missing, the authentication request will be sent to the second server host in the TACACS+ group, and so on. If all server hosts in the TACACS+ group are missing, the authentication request will be sent to the first server host in the TACACS group. If all server hosts in the TACACS group are missing, the local enable password in the device is used to authenticate this user’s password. The local enable password in the device can be configured by the CLI command config admin local_enable.

Format config authen_enable [default | method_list_name <string 15>] method {tacacs | xtacacs | tacacs+ | radius | server_group <string 15> | local_enable | none}(1)

Parameters

default - Specifies the default method list of authentication methods.

method_list_name - Specifies the user-defined method list of authentication methods.

<string 15> - Enter the user-defined method list of authentication methods. The method list name can be up to 15 characters long.

method - Choose the desired authentication method:

tacacs - Specifies authentication by the built-in server group TACACS.

xtacacs - Specifies authentication by the built-in server group XTACACS.

tacacs+ - Specifies authentication by the built-in server group TACACS+.

radius - Specifies authentication by the built-in server group RADIUS.

server_group - Specifies authentication by the user-defined server group.

<string 15> - Enter authentication by the user-defined server group. The server group value can be up to 15 characters long.

66

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

local_enable - Specifies authentication by local enable password in the device.

none - Specifies no authentication.

Restrictions

Only Administrator-level users can issue this command.

Example

To configure a user-defined method list for promoting a user's privilege to Admin level:

DGS-3620-28PC:admin#config authen_enable method_list_name enable_list_1 method tacacs+ tacacs local_enable

Command: config authen_ enable method_list_name enable_list_1 method tacacs+ tacacs local_enable

Success.

DGS-3620-28PC:admin#

4-12 delete authen_enable method_list_name

Description

This command is used to delete a user-defined method list of authentication methods for promoting a user's privilege to Administrator level.

Format delete authen_enable method_list_name <string 15>

Parameters

<string 15> - Enter the user-defined method list name.

Restrictions

Only Administrator-level users can issue this command.

Example

To delete a user-defined method list for promoting a user's privilege to Admin level:

DGS-3620-28PC:admin#delete authen_enable method_list_name enable_list_1

Command: delete authen_enable method_list_name enable_list_1

Success.

DGS-3620-28PC:admin#

67

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

4-13 show authen_enable

Description

This command is used to display the method list of authentication methods for promoting a user's privilege to Administrator level.

Format show authen_enable [default | method_list_name <string 15> | all]

Parameters

default - Specifies to display the default method list for promoting a user's privilege to

Administrator level.

method_list_name - Specifies the user-defined method list for promoting a user's privilege to

Administrator level.

<string 15> - Enter the user-defined method list for a promoting a user's privilege to

Administrator level . The method list name value can be up to 15 characters long.

all - Specifies to display all method lists for promoting a user's privilege to Administrator level.

Restrictions

Only Administrator-level users can issue this command.

Example

To display all method lists for promoting a user's privilege to Administrator level:

DGS-3620-28PC:admin#show authen_enable all

Command: show authen_enable all

Method List Name Priority Method Name Comment

---------------- -------- --------------- ------------------ default 1 local_enable Keyword enable_list_1 1 tacacs+ Built-in Group

2 tacacs Built-in Group

3 mix_1 User-defined Group

4 loca_enable Keyword enable_list_2 1 tacacs+ Built-in Group

2 radius Built-in Group

Total Entries : 3

DGS-3620-28PC:admin#

4-14 config authen application

Description

This command is used to configure login or enable method list for all or the specified application.

68

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config authen application [console | telnet | ssh | http | all] [login | enable] [default | method_list_name <string 15>]

Parameters

console - Specifies an application: console.

telnet - Specifies an application: Telnet.

ssh - Specifies an application: SSH.

http - Specifies an application: Web.

all - Specifies all applications: console, Telnet, SSH, and Web.

login - Specifies the method list of authentication methods for user login.

enable - Specifies the method list of authentication methods for promoting user privilege to

Administrator level.

default - Specifies the default method list.

method_list_name - Specifies the user-defined method list name.

<string 15> - Enter the user-defined method list name. The method list name value can be up to 15 characters long.

Restrictions

Only Administrator-level users can issue this command.

Example

To configure the login method list for Telnet:

DGS-3620-28PC:admin#config authen application telnet login method_list_name login_list_1

Command: config authen application telnet login method_list_name login_list_1

Success.

DGS-3620-28PC:admin#

4-15 show authen application

Description

This command is used to display the login/enable method list for all applications.

Format show authen application

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

69

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To display the login and enable method list for all applications:

DGS-3620-28PC:admin#show authen application

Command: show authen application

Application Login Method List Enable Method List

----------- ----------------- ------------------

Console default default

Telnet login_list_1 default

SSH default default

HTTP default default

DGS-3620-28PC:admin#

4-16 create authen server_group

Description

This command is used to create a user-defined authentication server group. The maximum supported number of server groups including built-in server groups is eight. Each group consists of eight server hosts as maximum.

Format create authen server_group <string 15>

Parameters

<string 15> - Enter the user-defined server group name.

Restrictions

Only Administrator-level users can issue this command.

Example

To create a user-defined authentication server group:

DGS-3620-28PC:admin#create authen server_group mix_1

Command: create authen server_group mix_1

Success.

DGS-3620-28PC:admin#

4-17 config authen server_group

Description

This command is used to add or remove an authentication server host to or from the specified server group. Built-in server group tacacs, xtacacs, tacacs+, and RADIUS accept the server host with the same protocol only, but user-defined server group can accept server hosts with different

70

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

protocols. The server host must be created first by using the CLI command create authen

server_host.

Format config authen server_group [tacacs | xtacacs | tacacs+ | radius | <string 15>] [add | delete] server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]

Parameters

tacacs - Specifies the built-in server group TACACS.

xtacacs - Specifies the built-in server group XTACACS.

tacacs+ - Specifies the built-in server group TACACS+.

radius – Specify the built-in server group RADIUS.

<string 15> - Enter a user-defined server group.

add - Specifies to add a server host to a server group.

delete - Specifies to remove a server host from a server group.

server_host - Specifies the server host’s IP address.

<ipaddr> - Enter the server host’s IP address.

protocol - Specifies the server host’s type of authentication protocol.

tacacs - Specifies the server host’s authentication protocol TACACS.

xtacacs - Specifies the server host’s authentication protocol XTACACS.

tacacs+ - Specifies the server host’s authentication protocol TACACS+.

radius - Specifies the server host’s authentication protocol RADIUS.

Restrictions

Only Administrator-level users can issue this command.

Example

To add an authentication server host to a server group:

DGS-3620-28PC:admin#config authen server_group mix_1 add server_host 10.1.1.222 protocol tacacs+

Command: config authen server_group mix_1 add server_host 10.1.1.222 protocol tacacs+

Success.

DGS-3620-28PC:admin#

4-18 delete authen server_group

Description

This command is used to delete a user-defined authentication server group.

Format delete authen server_group <string 15>

71

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<string 15> - Enter the user-defined server group name.

Restrictions

Only Administrator-level users can issue this command.

Example

To delete a user-defined authentication server group:

DGS-3620-28PC:admin#delete authen server_group mix_1

Command: delete authen server_group mix_1

Success.

DGS-3620-28PC:admin#

4-19 show authen server_group

Description

This command is used to display the authentication server groups.

Format show authen server_group {<string 15>}

Parameters

<string 15> - (Optional) Specifies the built-in or user-defined server group name.

Restrictions

Only Administrator-level users can issue this command.

Example

To display all authentication server groups:

DGS-3620-28PC:admin#show authen server_group

Command: show authen server_group

Group Name IP Address Protocol

--------------- --------------- -------- mix_1 10.1.1.222 TACACS+ radius 10.1.1.224 RADIUS tacacs 10.1.1.225 TACACS tacacs+ 10.1.1.226 TACACS+ xtacacs 10.1.1.227 XTACACS

Total Entries : 5

72

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#

4-20 create authen server_host

Description

This command is used to create an authentication server host. When an authentication server host is created, the IP address and protocol are the index. That means more than one authentication protocol service can be run on the same physical host. The maximum supported number of server hosts is 16.

Format create authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int

1-65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int

1-255> | retransmit <int 1-20>}

Parameters

<ipaddr> - Enter the server host’s IP address.

protocol - Specifies the server host’s type of authentication protocol.

tacacs - Specifies the server host’s authentication protocol TACACS.

xtacacs - Specifies the server host’s authentication protocol XTACACS.

tacacs+ - Specifies the server host’s authentication protocol TACACS+.

radius - Specifies the server host’s authentication protocol RADIUS.

port - (Optional) Specifies the port number of the authentication protocol for the server host. The default value for TACACS/XTACACS/TACACS+ is 49. The default value for RADIUS is 1812.

<int 1-65535> - Enter the port number of the authentication protocol for the server host. The default value for TACACS/XTACACS/TACACS+ is 49. The default value for RADIUS is

1812. The port number must be between 1 and 65535.

key - (Optional) Specifies the key for TACACS+ and RADIUS authentication.

<key_string 254> - Enter the key for TACACS+ and RADIUS authenticaiton. If the value is null, no encryption will apply. This value is meaningless for TACACS and XTACACS.

none - No encryption for TACACS+ and RADIUS authenticaiton. This value is meaningless for TACACS and XTACACS.

encryption_key - (Optional) Specifies the encrypted form key string for TACACS+ and RADIUS authentication. This value is meaningless for TACACS and XTACACS. The encryption algorithm is based on DES.

<key_string 344> - Enter the encrypted form key string for TACACS+ and RADIUS authentication.

timeout - (Optional) Specifies the time in seconds for waiting for a server reply. The default value is 5 seconds.

<int 1-255> - Enter the time in seconds for waiting for a server reply. The default value is 5 seconds. The timeout value must be between 1 and 255 seconds.

retransmit - (Optional) Specifies the count for re-transmit. This value is meaningless for

TACACS+. The default value is 2.

<int 1-20> - Enter the count for re-transmit. This value is meaningless for TACACS+. The default value is 2. The re-transmit value must be between 1 and 20.

Restrictions

Only Administrator-level users can issue this command.

73

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To create a TACACS+ authentication server host with a listening port number of 15555 and a timeout value of 10 seconds:

DGS-3620-28PC:admin#create authen server_host 10.1.1.222 protocol tacacs+ port

15555 key "123" timeout 10

Command: create authen server_host 10.1.1.222 protocol tacacs+ port 15555 key

"123" timeout 10

Success.

DGS-3620-28PC:admin#

4-21 config authen server_host

Description

This command is used to configure an authentication server host.

Format config authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int

1-65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int

1-255> | retransmit <int 1-20>}(1)

Parameters

<ipaddr> - Enter the server host’s IP address.

protocol - Specifies the server host’s type of authentication protocol.

tacacs - Specifies the server host’s authentication protocol TACACS.

xtacacs - Specifies the server host’s authentication protocol XTACACS.

tacacs+ - Specifies the server host’s authentication protocol TACACS+.

radius - Specifies the server host’s authentication protocol RADIUS.

port - Specifies the port number of the authentication protocol for the server host. The default value for TACACS/XTACACS/TACACS+ is 49. The default value for RADIUS is 1812.

<int 1-65535> - Enter the port number of the authentication protocol for the server host. The default value for TACACS/XTACACS/TACACS+ is 49. The default value for RADIUS is

1812. The port number must be between 1 and 65535.

key - Specifies the key for TACACS+ and RADIUS authentication.

<key_string 254> - Enter the key for TACACS+ and RADIUS authentication. If the value is null, no encryption will apply. This value is meaningless for TACACS and XTACACS.

none - Specifies no encryption for TACACS+ and RADIUS authentication. This value is meaningless for TACACS and XTACACS.

encryption_key - (Optional) Specifies the encrypted form key string for TACACS+ and RADIUS authentication. This value is meaningless for TACACS and XTACACS. The encryption algorithm is based on DES.

<key_string 344> - Enter the encrypted form key string for TACACS+ and RADIUS authentication.

timeout - Specifies the time in seconds for waiting for a server reply. The default value is 5 seconds.

<int 1-255> - Enter the time in seconds for waiting for a server reply. The default value is 5 seconds. The timeout value must be between 1 and 255 seconds.

retransmit - Specifies the count for re-transmit. This value is meaningless for TACACS+. The default value is 2.

<int 1-20> - Enter the count for re-transmit. This value is meaningless for TACACS+. The default value is 2. The re-transmit value must be between 1 and 20.

74

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator-level users can issue this command.

Example

To configure a TACACS+ authentication server host’s key value:

DGS-3620-28PC:admin#config authen server_host 10.1.1.222 protocol tacacs+ key

"abc123"

Command: config authen server_host 10.1.1.222 protocol tacacs+ key "abc123"

Success.

DGS-3620-28PC:admin#

4-22 delete authen server_host

Description

This command is used to delete an authentication server host.

Format delete authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]

Parameters

<ipaddr> - Enter the server host’s IP address.

protocol - Specifies the server host’s type of authentication protocol.

tacacs - Specifies the server host’s authentication protocol TACACS.

xtacacs - Specifies the server host’s authentication protocol XTACACS.

tacacs+ - Specifies the server host’s authentication protocol TACACS+.

radius - Specifies the server host’s authentication protocol RADIUS.

Restrictions

Only Administrator-level users can issue this command.

Example

To delete an authentication server host:

DGS-3620-28PC:admin#delete authen server_host 10.1.1.222 protocol tacacs+

Command: delete authen server_host 10.1.1.222 protocol tacacs+

Success.

DGS-3620-28PC:admin#

75

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

4-23 show authen server_host

Description

This command is used to display authentication server hosts.

Format show authen server_host

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To display all authentication server hosts:

DGS-3620-28PC:admin#show authen server_host

Command: show authen server_host

IP Address Protocol Port Timeout Retransmit Key

--------------- -------- ----- ------- ---------- -----------------------

10.1.1.222 TACACS+ 15555 10 ------ 123

Total Entries : 1

DGS-3620-28PC:admin#

4-24 config authen parameter response_timeout

Description

This command is used to configure the amount of time waiting for users to input on the console and Telnet applications.

Format config authen parameter response_timeout <int 0-255>

Parameters

<int 0-255> - Enter the amount of time for user input on console or Telnet. 0 means there is no time out. The default value is 30 seconds.

Restrictions

Only Administrator-level users can issue this command.

76

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure 60 seconds for user to input:

DGS-3620-28PC:admin#config authen parameter response_timeout 60

Command: config authen parameter response_timeout 60

Success.

DGS-3620-28PC:admin#

4-25 config authen parameter attempt

Description

This command is used to configure the maximum attempts for users trying to login or promote the privilege on console or Telnet applications. If the failure value is exceeded, connection or access will be locked.

Format config authen parameter attempt <int 1-255>

Parameters

<int 1-255> - Enter the amount of attempts for users trying to login or promote the privilege on console or Telnet. The default value is 3.

Restrictions

Only Administrator-level users can issue this command.

Example

To configure the maximum attempts for users trying to login or promote the privilege to be 9:

DGS-3620-28PC:admin#config authen parameter attempt 9

Command: config authen parameter attempt 9

Success.

DGS-3620-28PC:admin#

4-26 show authen parameter

Description

This command is used to display the authentication parameters.

Format show authen parameter

77

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To display the authentication parameters:

DGS-3620-28PC:admin# show authen parameter

Command: show authen parameter

Response Timeout : 60 seconds

User Attempts : 9

DGS-3620-28PC:admin#

4-27 enable admin

Description

This command is used to promote the "user" privilege level to "admin" level. When the user enters this command, the authentication method RADIUS, TACACS, XTACAS, TACACS+, user-defined server groups, local enable, or none will be used to authenticate the user. Because TACACS,

XTACACS and RADIUS don't support the enable function by themselves, if a user wants to use either one of these three protocols to enable authentication, the user must create a special account on the server host first, which has a username enable and then configure its password as the enable password to support the "enable" function. This command cannot be used when authentication policy is disabled.

Format enable admin

Parameters

None.

Restrictions

None.

Example

To enable administrator lever privilege:

DGS-3620-28PC:admin# enable admin

Password:********

78

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#

4-28 config admin local_enable

Description

This command is used to configure the local enable password for the enable command. When the user chooses the local_enable method to promote the privilege level, the enable password of the local device is needed.

Format config admin local_enable {encrypt [plain_text | sha_1] <password>}

Parameters

encrypt - (Optional) Specifies the encryption method used.

plain_text - Specifies that the password will be in the plain text form.

sha_1 - Specifies that the password will be in the SHA-1 encrypted form.

<password> - Enter the password. Plain text password must be between 0 and 15 characters. The length of SHA-1 encrypted passwords are fixed to 35 bytes long and the password is case-sensitive.

Restrictions

Only Administrator-level users can issue this command.

Example

To configure the administrator password:

DGS-3620-28PC:admin#config admin local_enable

Command: config admin local_ebable

Enter the old password:

Enter the case-sensitive new password:******

Enter the new password again for confirmation:******

Success.

DGS-3620-28PC:admin#

4-29 create aaa server_group

Description

This command is used to create a group of user-defined AAA servers. The maximum number of supported server groups, including the built-in server groups, is 8. Each group can have a maximum of 8 server hosts.

Format create aaa server_group <string 15>

79

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<string 15> - Enter the user-defined server group name.

Restrictions

Only Administrator level can issue this command.

Example

To create a user-defined AAA server group called “mix_1”:

DGS-3620-28PC:admin#create aaa server_group mix_1

Command: create aaa server_group mix_1

Success.

DGS-3620-28PC:admin#

4-30 config aaa server_group

Description

This command is used to add or remove an AAA server host to or from the specified server group.

The built-in TACACS, XTACACS, TACACS+, and RADIUS server groups only accept server hosts with the same protocol, but a user-defined server group can accept server hosts with different protocols.

Format config aaa server_group [tacacs | xtacacs | tacacs+ | radius | group_name <string 15>] [add

| delete] server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]

Parameters

tacacs - Specifies the built-in TACACS server group.

xtacacs - Specifies the built-in XTACACS server group.

tacacs+ - Specifies the built-in TACACS+ server group.

radius - Specifies the built-in RADIUS server group.

group_name - Specifies a user-defined server group.

<string 15> - Enter the name of the server group.

add - Add a server host to the server group.

delete - Remove a server host to the server group.

server_host - Specifies the server host.

<ipaddr> - Enter the IP address of the server host.

protocol - Specifies the server host protocol.

tacacs - Specifies the server host using TACACS protocol.

xtacacs - Specifies the server host using XTACACS protocol.

tacacs+ - Specifies the server host using TACACS+ protocol.

radius - Specifies the server host using RADIUS protocol.

80

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator level can issue this command.

Example

To To add an AAA server host with an IP address of 10.1.1.222 to server group “mix_1”, specifying the TACACS+ protocol:

DGS-3620-28PC:admin#config aaa server_group group_name mix_1 add server_host

10.1.1.222 protocol tacacs+

Command: config aaa server_group group_name mix_1 add server_host 10.1.1.222 protocol tacacs+

Success.

DGS-3620-28PC:admin#

4-31 delete aaa server_group

Description

This command is used to delete a group of user-defined AAA servers.

Format delete aaa server_group <string 15>

Parameters

<string 15> - Enter the server group name to be deleted.

Restrictions

Only Administrator level can issue this command.

Example

To delete a user-defined AAA server group called “mix_1”:

DGS-3620-28PC:admin#delete aaa server_group mix_1

Command: delete aaa server_group mix_1

Success.

DGS-3620-28PC:admin#

4-32 delete aaa server_host

Description

This command is used to delete an AAA server host.

81

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format delete aaa server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]

Parameters

Restrictions

Only Administrator level can issue this command.

<ipaddr> - Enter the IP address of the server host.

protocol – Specify the protocol.

tacacs – Specify TACACS server host.

xtacacs - Specifies XTACACS server host.

tacacs+ - Specifies TACACS+ server host.

radius - Specifies RADIUS server host.

Example

To tacacs | xtacacs | tacacs+| delete an AAA server host, with an IP address of 10.1.1.222, that is running the TACACS+ protocol:

DGS-3620-28PC:admin#delete aaa server_host 10.1.1.222 protocol tacacs+

Command: delete aaa server_host 10.1.1.222 protocol tacacs+

Success.

DGS-3620-28PC:admin#

4-33 show aaa

Description

This command is used to display AAA global configuration.

Format show aaa

Parameters

None.

Restrictions

None.

Example

To display AAA global configuration:

82

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#show aaa

Command: show aaa

Authentication Policy: Enabled

Accounting Network Service State: AAA Method

Accounting Network Service Method: acc_telnet

Accounting Shell Service State: RADIUS Only

Accounting Shell Service Method:

Accounting System Service State: Disabled

Accounting System Service Method:

Accounting Admin Command Service Method:

Accounting Operator Command Service Method:

Accounting PowerUser Command Service Method:

Accounting User Command Service Method:

Authentication Policy Encryption: Enabled

DGS-3620-28PC:admin#

4-34 show aaa server_group

Description

This command is used to display the groups of AAA servers groups.

Format show aaa server_group {<string 15>}

Parameters

<string 15> - (Optional) Specifies the built-in or user-defined server group name.

Restrictions

Only Administrator level can issue this command.

Example

To display all AAA server groups:

83

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#show aaa server_group

Command: show aaa server_group

Group Name IP Address Protocol

--------------- --------------------------------------- -------- mix_1 --------------------------------------- -------- radius --------------------------------------- -------- tacacs --------------------------------------- -------- tacacs+ --------------------------------------- -------- xtacacs --------------------------------------- --------

Total Entries : 5

DGS-3620-28PC:admin#

4-35 show aaa server_host

Description

This command is used to display the AAA server hosts.

Format show aaa server_host

Parameters

None.

Restrictions

Only Administrator level can issue this command.

Example

To display all AAA server hosts:

DGS-3620-28PC:admin#show aaa server_host

Command: show aaa server_host

IP Address Protocl Port Acct Time Retry Key

Port out

-------------------- ------- ----- ----- ---- ----- ---------------------------

10.1.1.222 RADIUS 15555 1813 10 2 ******

Total Entries : 1

DGS-3620-28PC:admin#

84

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

4-36 enable aaa_server_password_encryption

Description

This command is used to enable AAA server password encryption.

Format enable aaa_server_password_encryption

Parameters

None.

Restrictions

Only Administrator level can issue this command.

Example

To enable AAA server password encryption:

DGS-3620-28PC:admin#enable aaa_server_password_encryption

Command: enable aaa_server_password_encryption

Success.

DGS-3620-28PC:admin#

4-37 disable aaa_server_password_encryption

Description

This command is used to disable AAA server password encryption.

Format disable aaa_server_password_encryption

Parameters

None.

Restrictions

Only Administrator level can issue this command.

Example

To disable AAA server password encryption:

85

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#disable aaa_server_password_encryption

Command: disable aaa_server_password_encryption

Success.

DGS-3620-28PC:admin#

4-38 config accounting

Description

This command is used to configure a user-defined or default method list of accounting methods.

Format config accounting [default | method_list_name <string 15>] method {tacacs+ | radius | server_group <string 15> | none}

Parameters

Restrictions

Only Administrator level users can issue this command.

default - Specifies the default method list of accounting methods.

method_list_name - Specifies the user-defined method list of accounting methods.

<string 15> - Enter the user-defined method list name here. This name can be up to 15 characters long.

method - Specifies the accounting method used.

tacacs+ - Specifies to use the built-in server group 'tacacs+'.

radius - Specifies to use the built-in server group 'radius'.

server_group - Specifies the user-defined server group. If the group contains 'tacacs' or

'xtacacs' server, it will be skipped in accounting.

<string 15> - Enter the user-defined server group name here. This name can be up to 15 characters long.

none - Specifies no accounting.

Example

To configure a user-defined method list called “shell_acct”, that specifies a sequence of the built-in

“tacacs+” server group, followed by the “radius” server group for accounting service on switch:

DGS-3620-28PC:admin#config accounting method_list_name shell_acct method tacacs+ radius

Command: config accounting method_list_name shell_acct method tacacs+ radius

Success.

DGS-3620-28PC:admin#

86

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

4-39 config accounting service

Description

This command is used to configure the state of the specified RADIUS accounting service.

Format config accounting service [network | shell | system] state [enable {[radius_only | method_list_name <string 15> | default_method_list]} | disable]

Parameters

network - Specifies that when enabled, the Switch will send informational packets to a remote

RADIUS server when 802.1X, WAC and JWAC port access control events occur on the

Switch. By default, the service is disabled.

shell - Specifies that when enabled, the Switch will send informational packets to a remote

RADIUS server when a user either logs in, logs out or times out on the Switch, using the console, Telnet, or SSH. By default, the service is disabled.

system - Specifies that when enabled, the Switch will send informational packets to a remote

RADIUS server when system events occur on the Switch, such as a system reset or system boot. By default, the service is disabled.

state - Specifies the state of the accounting service.

enable - Enable the specified accounting service.

radius_only - Specifies that the accounting service should only use the RADIUS group specified by the config radius add <server_index 1-3> [<server_ip> | <ipv6addr>]” command.

method_list_name - Specifies that the accounting service should use the AAA userdefined method list specified by the “create accounting method_list_name <string 15>” command.

<string 15> - Enter the method list name used here. This name can be up to 15 characters long.

default_method_list - Specifies that the accounting service should use the AAA default method list.

disable - Disable the specified accounting service.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the state of the RADIUS accounting service shell to enable:

DGS-3620-28PC:admin# config accounting service shell state enable

Command: config accounting service shell state enable

Success

DGS-3620-28PC:admin#

4-40 config accounting service command

Description

This command is used to configure the state of the specified accounting service.

87

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config accounting service command {administrator | operator | power_user | user}

[method_list_name <string> | none]

Parameters

administrator - (Optional) Specifies the accounting service for all administrator level commands.

operator - (Optional) Specifies the accounting service for all operator level commands.

power_user - (Optional) Specifies the accounting service for all power-user level commands.

user - (Optional) Specifies the accounting service for all user level commands.

method_list_name - Specifies the accounting service by the AAA user-defined method list.

Note: The accounting command only supports the TACACS+ server. The other servers that exist in the method list will be skipped.

<string> - Enter the method list name used here.

none - Specifies to disable accounting services for the specified command level.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the AAA accounting methodlist “admin_acct” for accounting to all administrator commands:

DGS-3620-28PC:admin#config accounting service command administrator method_list_name admin_acct

Command: config accounting service command administrator method_list_name admin_acct

Success.

DGS-3620-28PC:admin#

4-41 create accounting method_list_name

Description

This command is used to create a user-defined method list of accounting methods.

Format create accounting method_list_name <string 15>

Parameters

<string 15> - Enter the name of the user-defined method list here. This name can be up to 15 characters long.

Restrictions

Only Administrator level users can issue this command.

88

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To create a user-defined accounting method list called “shell_acct”:

DGS-3620-28PC:admin#create accounting method_list_name shell_acct

Command: create accounting method_list_name shell_acct

Success.

DGS-3620-28PC:admin#

4-42 delete accounting method_list_name

Description

This command is used to delete a user-defined method list of accounting methods.

Format delete accounting method_list_name <string 15>

Parameters

<string 15> - Enter the name of the user-defined method list here. This name can be up to 15 characters long.

Restrictions

Only Administrator level users can issue this command.

Example

To delete the user-defined accounting method list called “shell_acct” from switch:

DGS-3620-28PC:admin#delete accounting method_list_name shell_acct

Command: delete accounting method_list_name shell_acct

Success.

DGS-3620-28PC:admin#

4-43 show accounting

Description

This command is used to display the method list of accounting methods on switch.

Format show accounting [default | method_list_name <string 15> | all]

89

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

default - Displays the user-defined list of default accounting methods.

method_list_name - Displays the user-defined list of specific accounting methods.

<string 15> - Enter the user-defined method list name here. This name can be up to 15 characters long.

all - Displays all accounting method lists on switch.

Restrictions

Only Administrator level users can issue this command.

Example

To display the user-defined accounting method list called “shell_acct”:

DGS-3620-28PC:admin#show accounting method_list_name shell_acct

Command: show accounting method_list_name shell_acct

Method List Name Priority Method Name Comment

---------------- -------- --------------- ------------------ shell_acct 1 none Keyword

DGS-3620-28PC:admin#

4-44 show accounting service

Description

This command is used to display RADIUS accounting service information.

Format show accounting service

Parameters

None.

Restrictions

None.

Example

To display accounting service information:

DGS-3620-28PC:admin#show accounting service

Command: show accounting service

Accounting State

-------------------

Network : Disabled

90

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Shell : Disabled

System : Disabled

DGS-3620-28PC:admin#

4-45 create radius server_host

Description

This command is used to create an RADIUS server host.

Format create radius server_host <ipaddr> {auth_port <int 1-65535> | acct_port <int 1-65535> | [key

[<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255> | retransmit <int 1-20>}

Parameters

<ipaddr> - Enter the IP address of the server host.

auth_port - (Optional) Specifies the port of the RADIUS authentication.

<int 1-65535> - Enter the value between 1 and 65535. The default value is 1812.

acct_port - (Optional) Specifies the port of the RAIDUS accounting.

<int 1-65535> - Enter the value between 1 and 65535. The default value is 1813.

key - (Optional) Specifies the key for RADIUS.

<key_string 254> - Enter the plain text key string for RADIUS.

none - No encryption for RADIUS.

encryption_key - (Optional) The encrypted form key string for RADIUS. The encryption algorithm is based on DES.

<key_string 344> - Etner the string with maximum 344 characters.

timeout - (Optional) Specifies the time in second to wait for the server to reply.

<int 1-255> - Enter the value between 1 and 255. The default value is 5.

retransmit - (Optional) Specifies the count for re-transmissions.

<int 1-20> - Enter the value between 1 and 20. The default value is 2.

Restrictions

Only Administrator level can issue this command.

Example

To create an RADIUS server host:

DGS-3620-28PC:admin#create radius server_host 10.1.1.222 auth_port 15555 timeout 10

Command: create radius server_host 10.1.1.222 auth_port 15555 timeout 10

Key is empty for TACACS+ or RADIUS.

Success.

DGS-3620-28PC:admin#

91

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

4-46 config radius server_host

Description

This command is used to configure the RADIUS server host.

Format config radius server_host <ipaddr> {auth_port <int 1-65535> | acct_port <int 1-65535> | [key

[<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255> | retransmit <int 1-20>}

Parameters

<ipaddr> - Enter the IP address of the server host.

auth_port - (Optional) Specifies the port of the RADIUS authentication.

<int 1-65535> - Enter the value between 1 and 65535. The default value is 1812.

acct_port - (Optional) Specifies the port of the RAIDUS accounting.

<int 1-65535> - Enter the value between 1 and 65535. The default value is 1813.

key - (Optional) Specifies the key for RADIUS.

<key_string 254> - Enter the plain text key string for RADIUS.

none - No encryption for RADIUS.

encryption_key - (Optional) The encrypted form key string for RADIUS. The encryption algorithm is based on DES.

<key_string 344> - Etner the string with maximum 344 characters.

timeout - (Optional) Specifies the time in second to wait for the server to reply.

<int 1-255> - Enter the value between 1 and 255. The default value is 5.

retransmit - (Optional) Specifies the count for re-transmissions.

<int 1-20> - Enter the value between 1 and 20. The default value is 2.

Restrictions

Only Administrator level can issue this command.

Example

To configure the RADIUS server host:

DGS-3620-28PC:admin#config radius server_host 10.1.1.222 key "abc123"

Command: config radius server_host 10.1.1.222 key "abc123"

Success.

DGS-3620-28PC:admin#

4-47 config radius source_ipif

Description

This command is used to specify source interface for all outgoing RADIUS packets.

Format config radius source_ipif [<ipif_name 12> {<ipaddr> | <ipv6addr>} | none]

92

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<ipif_name 12> - Enter the IP interface name used here.

<ipaddr> - Enter the IPv4 address used here.

<ipv6addr> - Enter the IPv6 address used here.

none - Specifies to revert to the default route table for all outgoing RADIUS packet.

Restrictions

Only Administrator level can issue this command.

Example

To specify an interface as the source interface for all outgoing RADIUS packets.

DGS-3620-28PC:admin#config radius source_ipif if_v200

Command: config radius source_ipif if_v200

Success.

DGS-3620-28PC:admin#

4-48 show radius source_ipif

Description

This command is used to display specified source interface for all outgoing RADIUS packets.

Format show radius source_ipif

Parameters

None.

Restrictions

Only Administrator level can issue this command.

Example

To display specified source interface for all outgoing RADIUS packets.

DGS-3620-28PC:admin#show radius source_ipif

Command: show radius source_ipif

IP Interface : if_v200

IPv4 Address : None

IPv6 Address : None

DGS-3620-28PC:admin#

93

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

4-49 create tacacs server_host

Description

This command is used to create a TACACS server host.

Format create tacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit

<int 1-20>}

Parameters

<ipaddr> - Enter the IP address of the server host.

port - (Optional) The port number of the TACACS server host.

<int 1-65535> - Enter the value between 1 and 65535. The default value is 49.

timeout - (Optional) Specifies the time in second to wait for the server to reply.

<int 1-255> - Enter the value between 1 and 255. The default value is 5.

retransmit - (Optional) Specifies the count for re-transmissions.

<int 1-20> - Enter the value between 1 and 20. The default value is 2.

Restrictions

Only Administrator level can issue this command.

Example

To create a TACACS server host:

DGS-3620-28PC:admin#create tacacs server_host 10.1.1.223 port 15555 timeout 10

Command: create tacacs server_host 10.1.1.223 port 15555 timeout 10

Success.

DGS-3620-28PC:admin#

4-50 config tacacs server_host

Description

This command is used to configure a TACACS server host.

Format config tacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit

<int 1-20>}

Parameters

<ipaddr> - Enter the IP address of the server host.

port - (Optional) The port number of the TACACS server host.

<int 1-65535> - Enter the value between 1 and 65535. The default value is 49.

94

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator level can issue this command.

timeout - (Optional) Specifies the time in second to wait for the server to reply.

<int 1-255> - Enter the value between 1 and 255. The default value is 5.

retransmit - (Optional) Specifies the count for re-transmissions.

<int 1-20> - Enter the value between 1 and 20. The default value is 2.

Example

To configure the TACACS server host:

DGS-3620-28PC:admin#config tacacs server_host 10.1.1.223 retransmit 5

Command: config tacacs server_host 10.1.1.223 retransmit 5

Key is meaningless for TACACS and XTACACS.

Success.

DGS-3620-28PC:admin#

4-51 create tacacs+ server_host

Description

This command is used to create a TACACS+ server host.

Format create tacacs+ server_host <ipaddr> {port <int 1-65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255>}

Parameters

Restrictions

Only Administrator level can issue this command.

<ipaddr> - Enter the IP address of the server host.

port - (Optional) The port number of the TACACS+ server host.

<int 1-65535> - Enter the value between 1 and 65535. The default value is 49.

key - (Optional) Specifies the key for TACACS+.

<key_string 254> - Enter the plain text key string for TACACS+.

none - No encryption for RADIUS.

encryption_key - (Optional) The encrypted form key string for TACACS+. The encryption algorithm is based on DES.

<key_string 344> - Etner the string with maximum 344 characters.

timeout - (Optional) Specifies the time in second to wait for the server to reply.

<int 1-255> - Enter the value between 1 and 255. The default value is 5.

Example

To create a TACACS+ server host:

95

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#create tacacs+ server_host 10.1.1.211 port 15555 timeout 10 key "abc123"

Command: create tacacs+ server_host 10.1.1.211 port 15555 timeout 10 key

"abc123"

Success.

DGS-3620-28PC:admin#

4-52 config tacacs+ server_host

Description

This command is used to configure the TACACS+ server host.

Format config tacacs+ server_host <ipaddr> {port <int 1-65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255>}

Parameters

<ipaddr> - Enter the IP address of the server host.

port - (Optional) The port number of the TACACS+ server host.

<int 1-65535> - Enter the value between 1 and 65535. The default value is 49.

key - (Optional) Specifies the key for TACACS+.

<key_string 254> - Enter the plain text key string for TACACS+.

none - No encryption for RADIUS.

encryption_key - (Optional) The encrypted form key string for TACACS+. The encryption algorithm is based on DES.

<key_string 344> - Etner the string with maximum 344 characters.

timeout - (Optional) Specifies the time in second to wait for the server to reply.

<int 1-255> - Enter the value between 1 and 255. The default value is 5.

Restrictions

Only Administrator level can issue this command.

Example

To configure the TACACS+ server host:

DGS-3620-28PC:admin#config tacacs+ server_host 10.1.1.211 key "abcd123"

Command: config tacacs+ server_host 10.1.1.211 key "abcd123"

Success.

DGS-3620-28PC:admin#

4-53 create xtacacs server_host

Description

This command is used to

96

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format create xtacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit

<int 1-20>}

Parameters

<ipaddr> - Enter the IP address of the server host.

port - (Optional) The port number of the XTACACS server host.

<int 1-65535> - Enter the value between 1 and 65535. The default value is 49.

timeout - (Optional) Specifies the time in second to wait for the server to reply.

<int 1-255> - Enter the value between 1 and 255. The default value is 5.

retransmit - (Optional) Specifies the count for re-transmissions.

<int 1-20> - Enter the value between 1 and 20. The default value is 2.

Restrictions

Only Administrator level can issue this command.

Example

To create a XTACACS server host:

DGS-3620-28PC:admin#create xtacacs server_host 10.1.1.224 port 15555 timeout 10

Command: create xtacacs server_host 10.1.1.224 port 15555 timeout 10

Success.

DGS-3620-28PC:admin#

4-54 config xtacacs server_host

Description

This command is used to configure a XTACACS server host.

Format config xtacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit

<int 1-20>}

Parameters

<ipaddr> - Enter the IP address of the server host.

port - (Optional) The port number of the XTACACS server host.

<int 1-65535> - Enter the value between 1 and 65535. The default value is 49.

timeout - (Optional) Specifies the time in second to wait for the server to reply.

<int 1-255> - Enter the value between 1 and 255. The default value is 5.

retransmit - (Optional) Specifies the count for re-transmissions.

<int 1-20> - Enter the value between 1 and 20. The default value is 2.

97

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator level can issue this command.

Example

To configure the XTACACS server host:

DGS-3620-28PC:admin#config xtacacs server_host 10.1.1.224 retransmit 5

Command: config xtacacs server_host 10.1.1.224 retransmit 5

Key is meaningless for TACACS and XTACACS.

Success.

DGS-3620-28PC:admin#

4-55 config tacacs source_ipif

Description

This command is used to specify the source interface for all outgoing TACACS packets.

Format config tacacs source_ipif [<ipif_name 12> {<ipaddr>} | none]

Parameters

<ipif_name 12> - Enter the interface name as source interface for all outgoing TACACS packets.

<ipaddr> - (Optional) Enter the IP address as source IPv4 address for all outgoing TACACS packets.

none - Specifies to revert to the default route table for all outgoing TACACS packet.

Restrictions

Only Administrator level can issue this command.

Example

To specify a source interface for all outgoing TACACS packets:

DGS-3620-28PC:admin#config tacacs source_ipif if_v200

Command: config tacacs source_ipif if_v200

Success.

DGS-3620-28PC:admin#

4-56 show tacacs source_ipif

Description

This command is used to display the specified source interface for all outgoing TACACS packets.

98

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format show tacacs source_ipif

Parameters

None.

Restrictions

Only Administrator level can issue this command.

Example

To display the specified source interface for all outgoing TACACS packets.

DGS-3620-28PC:admin#show tacacs source_ipif

Command: show tacacs source_ipif

IP Interface : if_v200

IPv4 Address : None

DGS-3620-28PC:admin#

99

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 5 Access Control List

(ACL) Commands

create access_profile profile_id <value 1-6> profile_name <name 1-32> [ethernet {vlan {<hex

0x0-0x0fff>} | source_mac <macmask 000000000000-ffffffffffff> | destination_mac <macmask

000000000000-ffffffffffff> | 802.1p | ethernet_type}(1) | ip {vlan {<hex 0x0-0x0fff>} | source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff> {user_define_mask <hex

0x0-0xffffffff>}]}(1) | packet_content_mask {offset_chunk_1 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_2 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_3 <value 0-31> <hex 0x0-

0xffffffff> | offset_chunk_4 <value 0-31> <hex 0x0-0xffffffff>}(1) | ipv6 {class | flowlabel | source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask> | [tcp {src_port_mask

<hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | icmp {type | code}]}(1)]

delete access_profile [profile_id <value 1-6> | profile_name <name 1-32> | all]

config access_profile [profile_id <value 1-6> | profile_name <name 1-32>] [add access_id

[auto_assign | <value 1-256>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>]

{mask <hex 0x0-0x0fff>} | source_mac <macaddr> {mask <macmask>} | destination_mac

<macaddr> {mask <macmask>} | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>}(1) | ip

{[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-0x0fff>} | source_ip

<ipaddr> {mask <netmask>} | destination_ip <ipaddr> {mask <netmask>} | dscp<value 0-63> |

[icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-255>} | tcp {src_port

<value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}

| flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-65535> {mask <hex 0x0-

0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | protocol_id <value 0-255>

{user_define <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}]}(1) | packet_content

{offset_chunk_1 <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_2 <hex 0x0-

0xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_3 <hex 0x0-0xffffffff> {mask <hex 0x0-

0xffffffff>} | offset_chunk_4 <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}(1) | ipv6 {class

<value 0-255> | flowlabel <hex 0x0-0xfffff> | source_ipv6 <ipv6addr> {mask<ipv6mask>} | destination_ipv6 <ipv6addr> {mask <ipv6mask>} | [tcp {src_port<value 0-65535> {mask <hex

0x0-0xffff>} | dst_port <value 0-65535> {mask <hex0x0-0xffff>}} | udp {src_port <value 0-

65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | icmp

{type<value 0-255> | code <value 0-255>}]}(1)] [port [<portlist> | all] | vlan_based [vlan

<vlan_name 32> | vlan_id <vlanid 1-4094>]] [permit {priority <value 0-7> {replace_priority} |

[replace_dscp_with <value 0-63> | replace_tos_precedence_with <value 0-7>] | counter

[enable | disable] | urpf_state_check [enable | disable]} | mirror {group_id <value 1-4>} | deny]

{time_range <range_name 32>} | delete access_id <value 1-256>]

show access_profile {[profile_id <value 1-6> | profile_name <name 1-32>]}

config time_range <range_name 32> [hours start_time <time hh:mm:ss> end_time <time hh:mm:ss> weekdays <daylist> | delete]

show time_range show current_config access_profile

delete cpu access_profile [profile_id <value 1-5> | all]

create cpu access_profile profile_id <value 1-5> [ethernet {vlan | source_mac <macmask

000000000000-ffffffffffff> | destination_mac <macmask 000000000000-ffffffffffff> | 802.1p | ethernet_type}(1) | ip {vlan | source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask

<hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex

0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff>

{user_define_mask <hex 0x0-0xffffffff>}]}(1) | packet_content_mask {offset_0-15 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-

100

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}(1) | ipv6 {class | flowlabel

| source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask>}(1)]

config cpu access_profile profile_id <value 1-5> [add access_id [auto_assign | <value 1-100>]

[ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] | source_mac <macaddr> | destination_mac <macaddr> | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>} | ip {[vlan

<vlan_name 32> | vlan_id <vlanid 1-4094>] | source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-

255>} | tcp {src_port <value 0-65535> | dst_port <value 0-65535> | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-65535> | dst_port <value 0-65535>} | protocol_id

<value 0-255> {user_define <hex 0x0-0xffffffff>}]} | packet_content {offset_0-15 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>} | ipv6 {class <value 0-

255> | flowlabel <hex 0x0-0xfffff> | source_ipv6 <ipv6addr> | destination_ipv6 <ipv6addr>}] port [<portlist> | all] [permit | deny] {time_range <range_name 32>} | delete access_id <value

1-100>]

show cpu access_profile {profile_id <value 1-5>}

enable cpu_interface_filtering disable cpu_interface_filtering

config flow_meter [profile_id <value 1-6> | profile_name <name 1-32>] access_id <value 1-256>

[rate [<value 0-1048576>] {burst_size [<value 0-131072>]} rate_exceed [drop_packet | remark_dscp <value 0-63>] | tr_tcm cir <value 0-1048576> {cbs <value 0-131072>} pir <value

0-1048576> {pbs <value 0-131072>} {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit {replace_dscp <value

0-63>} | drop] {counter [enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop]

{counter [enable | disable]} | sr_tcm cir <value 0-1048576> cbs <value 0-131072> ebs <value

0-131072> {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>]

{counter [enable | disable]}} exceed [permit {replace_dscp <value 0-63>} | drop] {counter

[enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop] {counter [enable | disable]} | delete]

show flow_meter {[profile_id <value 1-6> | profile_name <name 1-32>] {access_id <value 1-

256>}}

5-1 create access_profile profile_id

Description

This command is used to create access list profiles.

Format create access_profile profile_id <value 1-6> profile_name <name 1-32> [ethernet {vlan

{<hex 0x0-0x0fff>} | source_mac <macmask 000000000000-ffffffffffff> | destination_mac

<macmask 000000000000-ffffffffffff> | 802.1p | ethernet_type}(1) | ip {vlan {<hex 0x0-0x0fff>}

| source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff> {user_define_mask

<hex 0x0-0xffffffff>}]}(1) | packet_content_mask {offset_chunk_1 <value 0-31> <hex 0x0-

0xffffffff> | offset_chunk_2 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_3 <value 0-31>

<hex 0x0-0xffffffff> | offset_chunk_4 <value 0-31> <hex 0x0-0xffffffff>}(1) | ipv6 {class |

101

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

flowlabel | source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask> | [tcp

{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | udp {src_port_mask

<hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | icmp {type | code}]}(1)]

Parameters

<value 1-6> - Enter the profile ID between 1 and 6. The lower the profile ID, the higher the priority.

profile_name - Specifies a profile name.

<name 1-32> - The maximum length is 32 characters.

ethernet - Specifies an Ethernet access control list rule.

vlan - Specifies a VLAN mask. Only the last 12 bits of the mask will be considered.

<hex 0x0-0x0fff> - (Optional) Specifies a VLAN mask.

source_mac - Specifies the source MAC mask.

<macmask 000000000000-ffffffffffff> - Enter the source MAC mask.

destination_mac - Specifies the destination MAC mask.

<macmask 000000000000-ffffffffffff> - Enter the destination MAC mask.

802.1p - Speciy the 802.1p priority tag mask.

ethernet_type - Specifies the Ethernet type.

ip - Specifies an IP access control list rule.

vlan - Specifies a VLAN mask. Only the last 12 bits of the mask will be considered.

<hex 0x0-0x0fff> - (Optional) Specifies a VLAN mask.

source_ip_mask - Specifies an IP source submask.

<netmask> - Enter an IP source submask.

destination_ip_mask - Specifies an IP destination submask.

<netmask> - Enter an IP destination submask.

dscp - Specifies the DSCP mask.

icmp - Specifies that the rule applies to ICMP traffic.

type - (Optional) Specifies the ICMP packet type.

code - (Optional) Specifies the ICMP code.

igmp - Specifies that the rule applies to IGMP traffic.

type - (Optional) Specifies the IGMP packet type.

tcp - Specifies that the rule applies to TCP traffic.

src_port_mask - (Optional) Specifies the TCP source port mask.

<hex 0x0-0xffff> - Enter the TCP source port mask.

dst_port_mask - (Optional) Specifies the TCP destination port mask.

<hex 0x0-0xffff> - Enter the TCP destination port mask.

flag_mask - (Optional) Specifies the TCP flag field mask.

all – Specify to check all paramenters below.

urg - (Optional) Specifies Urgent Pointer field significant.

ack - (Optional) Specifies Acknowledgment field significant.

psh - (Optional) Specifies Push Function.

rst - (Optional) Specifies to reset the connection.

syn - (Optional) Specifies to synchronize sequence numbers.

fin - (Optional) No more data from sender.

udp - Specifies that the rule applies to UDP traffic.

src_port_mask - (Optional) Specifies the TCP source port mask.

<hex 0x0-0xffff> - Enter the TCP source port mask.

dst_port_mask - (Optional) Specifies the TCP destination port mask.

<hex 0x0-0xffff> - Enter the TCP destination port mask.

protocol_id_mask - Specifies that the rule applies to the IP protocol ID traffic.

<hex 0x0-0xff> - Enter that the rule applies to the IP protocol ID traffic.

user_define_mask - (Optional) Specifies the L4 part mask.

<hex 0x0-0xffffffff> - Enter the L4 part mask.

packet_content_mask - A maximum of six offsets can be specified. Each offset defines one byte of data which is identified as a single UDF field. The offset reference is also configurable. It can be defined to start at the end of the tag, the end of the Ethernet type, or the end of the IP header.

offset_chunk_1 - Specifies the offset chunk 1 that allows users to examine the specified

102

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

offset_chunks within a packet at one time and specifies the frame content offset and mask.

<value 0-31> - Enter the offset chunk 1 value here. This value must be between 0 and 31.

<hex 0x0-0xffffffff> - Enter the offset chunk 1 mask value here.

offset_chunk_2 - Specifies the offset chunk 2 that allows users to examine the specified offset_chunks within a packet at one time and specifies the frame content offset and mask.

<value 0-31> - Enter the offset chunk 2 value here. This value must be between 0 and 31.

<hex 0x0-0xffffffff> - Enter the offset chunk 2 mask value here.

offset_chunk_3 - Specifies the offset chunk 3 that allows users to examine the specified offset_chunks within a packet at one time and specifies the frame content offset and mask.

<value 0-31> - Enter the offset chunk 3 value here. This value must be between 0 and 31.

<hex 0x0-0xffffffff> - Enter the offset chunk 3 mask value here.

offset_chunk_4 - Specifies the offset chunk 4 that allows users to examine the specified offset_chunks within a packet at one time and specifies the frame content offset and mask.

<value 0-31> - Enter the offset chunk 4 value here. This value must be between 0 and 31.

<hex 0x0-0xffffffff> - Enter the offset chunk 4 mask value here.

ipv6 - Specifies the IPv6 filtering mask.

class - Specifies the IPv6 class mask.

flowlabel - Specifies the IPv6 flow label mask.

source_ipv6_mask - Specifies the IPv6 source IP mask.

<ipv6mask> - Enter the IPv6 source IP mask.

destination_ipv6_mask - Specifies the IPv6 destination IP mask.

<ipv6mask> - Enter the IPv6 destination IP mask.

tcp - Specifies that the rule applies to TCP traffic.

src_port_mask - (Optional) Specifies the TCP source port mask.

<hex 0x0-0xffff> - Enter the TCP source port mask.

dst_port_mask - (Optional) Specifies the TCP destination port mask.

<hex 0x0-0xffff> - Enter the TCP destination port mask.

udp - Specifies that the rule applies to UDP traffic.

src_port_mask - (Optional) Specifies the TCP source port mask.

<hex 0x0-0xffff> - Enter the TCP source port mask.

dst_port_mask - (Optional) Specifies the TCP destination port mask.

<hex 0x0-0xffff> - Enter the TCP destination port mask.

icmp - Specifies that the rule applies to ICMP traffic.

type - (Optional) Specifies the ICMP packet type.

code - (Optional) Specifies the ICMP code.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To create access list profiles:

DGS-3620-28PC:admin#create access_profile profile_id 1 profile_name 1 ethernet vlan source_mac FF-FF-FF-FF-FF-FF destination_mac 00-00-00-FF-FF-FF 802.1p ethernet_type

Command: create access_profile profile_id 1 profile_name 1 ethernet vlan source_mac FF-FF-FF-FF-FF-FF destination_mac 00-00-00-FF-FF-FF 802.1p ethernet_type

Success.

DGS-3620-28PC:admin#

DGS-3620-28PC:admin#create access_profile profile_id 2 profile_name 2 ip vlan source_ip_mask 255.255.255.255 destination_ip_mask 255.255.255.0 dscp icmp

Command: create access_profile profile_id 2 profile_name 2 ip vlan

103

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

5-2

source_ip_mask 255.255.255.255 destination_ip_mask 255.255.255.0 dscp icmp

Success.

DGS-3620-28PC:admin#

delete access_profile

Description

This command is used to delete access list profiles.

Format delete access_profile [profile_id <value 1-6> | profile_name <name 1-32> | all]

Parameters

profile_id - Specifies the index of the access list profile.

<value 1-6> - Enter the index of the access list profile. Enter a value between 1 and 6.

profile_name - Specifies the profile name.

<name 1-32> - Enter the profile name. The maximum length is 32 characters.

all - Specifies the whole access list profile to delete.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete access list profiles:

5-3

DGS-3620-28PC:admin#delete access_profile profile_id 1

Command: delete access_profile profile_id 1

Success.

DGS-3620-28PC:admin#

config access_profile

Description

This command is used to configure access list entries.

Format config access_profile [profile_id <value 1-6> | profile_name <name 1-32>] [add access_id

[auto_assign | <value 1-256>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>]

{mask <hex 0x0-0x0fff>} | source_mac <macaddr> {mask <macmask>} | destination_mac

<macaddr> {mask <macmask>} | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>}(1) | ip

{[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-0x0fff>} | source_ip

<ipaddr> {mask <netmask>} | destination_ip <ipaddr> {mask <netmask>} | dscp<value 0-

104

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

63> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-255>} | tcp

{src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex

0x0-0xffff>} | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-65535>

{mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | protocol_id

<value 0-255> {user_define <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}]}(1) | packet_content {offset_chunk_1 <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_2 <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_3 <hex 0x0-

0xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_4 <hex 0x0-0xffffffff> {mask <hex 0x0-

0xffffffff>}}(1) | ipv6 {class <value 0-255> | flowlabel <hex 0x0-0xfffff> | source_ipv6

<ipv6addr> {mask<ipv6mask>} | destination_ipv6 <ipv6addr> {mask <ipv6mask>} | [tcp

{src_port<value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask

<hex0x0-0xffff>}} | udp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value

0-65535> {mask <hex 0x0-0xffff>}} | icmp {type<value 0-255> | code <value 0-255>}]}(1)]

[port [<portlist> | all] | vlan_based [vlan <vlan_name 32> | vlan_id <vlanid 1-4094>]] [permit

{priority <value 0-7> {replace_priority} | [replace_dscp_with <value 0-63> | replace_tos_precedence_with <value 0-7>] | counter [enable | disable] | urpf_state_check

[enable | disable]} | mirror {group_id <value 1-4>} | deny] {time_range <range_name 32>} | delete access_id <value 1-256>]

Parameters

profile_id - Specifies the index of the access list profile.

<value 1-6> - Enter the value between 1 and 6.

profile_name - Specifies the profile name.

<name 1-32> - Enter the profile name. The maximum length is 32 characters.

add access_id - Specifies the index of the access list entry. The lower the access ID, the higher the priority.

auto_assign - Specifies to automatically assign the access ID.

<value 1-256> - Enter a value between 1 and 256.

ethernet - Specifies an Ethernet access control list rule.

vlan - Specifies the VLAN name.

<vlan_name 32> -Specify the VLAN name. The maximum length is 32 characters.

vlanid - Specifies the VLAN ID.

<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.

mask - (Optional) Specifies the mask.

<hex 0x0-0x0fff> - Enter the mask.

source_mac - Specifies the source MAC address.

<macaddr> - Enter the source MAC address.

mask - (Optional) Specifies the mask.

<macmask> - Enter the mask.

destination_mac - Specifies the destination MAC address.

<macaddr> - Enter the destination MAC address.

mask - (Optional) Specifies the mask.

<macmask> - Enter the mask.

802.1p - Specifies the value of the 802.1p priority tag.

<value 0-7> - Enter the value of the 802.1p priority tag. The priority tag ranges from 1 to 7.

ethernet_type - Specifies the Ethernet type.

<hex 0x0-0xffff> - Enter the Ethernet type.

ip - Specifies an IP access control list rule.

vlan - Specifies the VLAN name.

<vlan_name 32> -Specify the VLAN name. The maximum length is 32 characters.

vlanid - Specifies the VLAN ID.

<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.

mask - (Optional)Specify the mask.

<hex 0x0-0x0fff> - Enter the mask.

source_ip - Specifies an IP source address.

105

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<ipaddr> - Enter an IP source address.

mask - (Optional) Specifies the mask.

<netmask> - Enter the mask.

destination_ip - Specifies an IP destination address.

<ipaddr> - Enter an IP destination address.

mask - (Optional) Specifies the mask.

<netmask> - Enter the mask.

dscp - Specifies the value of DSCP.

<value 0-63> - Enter the value of DSCP. The DSCP value ranges from 0 to 63.

icmp - Specifies the ICMP.

type - (Optional) Specifies that the rule will apply to the ICMP Type traffic value.

<value 0-255> - Enter the value between 0 and 255.

code - (Optional) Specifies that the rule will apply to the ICMP Code traffic value.

<value 0-255> - Enter the value between 0 and 255.

igmp - Specifies the IGMP.

type - (Optional) Specifies that the rule will apply to the IGMP Type traffic value.

<value 0-255> - Enter the value between 0 and 255.

tcp - Specifies TCP.

src_port - (Optional) Specifies that the rule will apply to a range of TCP source ports.

<value 0-65535> - Enter the value between 0 and 65535.

mask - (Optional) Specifies the mask.

<hex 0x0-0xffff> - Enter the mask.

dst_port - (Optional) Specifies that the rule will apply to a range of TCP destination ports.

<value 0-65535> - Enter the value between 0 and 65535.

mask - (Optional) Specifies the mask.

<hex 0x0-0xffff> - Enter the mask.

flag - Specifies the TCP flag field value.

all – Specify to check all paramenters below.

urg - (Optional) Specifies Urgent Pointer field significant.

ack - (Optional) Specifies Acknowledgment field significant.

psh - (Optional) Specifies Push Function.

rst - (Optional) Specifies to reset the connection.

syn - (Optional) Specifies to synchronize sequence numbers.

fin - (Optional) No more data from sender.

udp - Specifies UDP.

src_port - (Optional) Specifies the UDP source port range.

<value 0-65535> - Enter the value between 0 and 65535.

mask - (Optional) Specifies the mask.

<hex 0x0-0xffff> - Enter the mask.

dst_port - (Optional) Specifies the UDP destination port range.

<value 0-65535> - Enter the value between 0 and 65535.

mask - (Optional) Specifies the mask.

<hex 0x0-0xffff> - Enter the mask.

protocol_id - Specifies that the rule will apply to the value of IP protocol ID traffic.

<value 0-255> - Enter the value between 0 and 255.

user_define - (Optional) Specifies that the rule will apply to the IP protocol ID and that the mask options behind the IP header, which has a length of 4 bytes.

<hex 0x0-0xffffffff> - Enter that the rule will apply to the IP protocol ID and that the mask options behind the IP header, which has a length of 4 bytes.

mask - (Optional) Specifies the mask.

<hex 0x0-0xffffffff> - Enter the mask.

packet_content - Specifies the packet content for the user defined mask.

offset_chunk_1 - Specifies the contents of the offset trunk 1 to be monitored.

<hex 0x0-0xffffffff> - Enter the contents of the offset trunk 1 to be monitored here.

mask - Specifies an additional mask for each field.

<hex 0x0-0xffffffff> - Enter the additional mask value used here.

offset_chunk_2 - Specifies the contents of the offset trunk 2 to be monitored.

<hex 0x0-0xffffffff> - Enter the contents of the offset trunk 2 to be monitored here.

mask - Specifies an additional mask for each field.

<hex 0x0-0xffffffff> - Enter the additional mask value used here.

106

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

offset_chunk_3 - Specifies the contents of the offset trunk 3 to be monitored.

<hex 0x0-0xffffffff> - Enter the contents of the offset trunk 3 to be monitored here.

mask - Specifies an additional mask for each field.

<hex 0x0-0xffffffff> - Enter the additional mask value used here.

offset_chunk_4 - Specifies the contents of the offset trunk 4 to be monitored.

<hex 0x0-0xffffffff> - Enter the contents of the offset trunk 4 to be monitored here.

mask - Specifies an additional mask for each field.

<hex 0x0-0xffffffff> - Enter the additional mask value used here.

ipv6 - Specifies that the rule applies to IPv6 fields.

class - Specifies the value of the IPv6 class.

<value 0-255> - Enter the value between 0 and 255.

flowlabel - Specifies the value of the IPv6 flow label.

<hex 0x0-0xfffff> - Enter the value of the IPv6 flow label.

source_ipv6 - Specifies the value of the IPv6 source address.

<ipv6addr> - Enter the value of the IPv6 source address.

mask - (Optional) Specifies the mask.

<ipv6mask> - Enter the mask.

destination_ipv6 - Specifies the value of the IPv6 destination address.

<ipv6addr> - Enter the value of the IPv6 destination address.

mask - (Optional) Specifies the mask.

<ipv6mask> - Enter the mask.

tcp - Specifies TCP.

src_port - (Optional) Specifies the TCP source port range.

<value 0-65535> - Enter the value between 0 and 65535.

mask - (Optional) Specifies the mask.

<hex 0x0-0xffff> - Enter the mask.

dst_port - (Optional) Specifies the TCP destination port range.

<value 0-65535> - Enter the value between 0 and 65535.

mask - (Optional) Specifies the mask.

<hex 0x0-0xffff> - Enter the mask.

udp - Specifies UDP.

src_port - (Optional) Specifies the UDP source port range.

<value 0-65535> - Enter the value between 0 and 65535.

mask - (Optional) Specifies the mask.

<hex 0x0-0xffff> - Enter the mask.

dst_port - (Optional) Specifies the UDP destination port range.

<value 0-65535> - Enter the value between 0 and 65535.

mask - Specifies the mask.

<hex 0x0-0xffff> - Enter the mask.

icmp - Specifies that the rule applies to the value of ICMP traffic.

type - Specifies that the rule applies to the value of ICMP type traffic.

<value 0-255> - Enter the ICMP type value used here. This value must be between 0 and 255.

code - Specifies that the rule applies to the value of ICMP code traffic.

<value 0-255> - Enter the ICMP code value used here. This value must be between 0 and 255.

port - The access profile rule may be defined for each port on the switch. The port list is specified by listing the lowest switch number and the beginning port number on that switch, separated by a colon.

<portlist> - Enter a list of ports.

all - Specifies that the access rule will apply to all ports.

vlan_based - Specifies the VLAN-based ACL rule. There are two conditions: this rule will apply to all ports and packets must belong to the configured VLAN. It can be specified by VLAN name or VLAN ID.

vlan - Specifies the VLAN name.

<vlan_name 32> - Enter the VLAN name. The maximum length is 32 characters.

vlan_id - Specifies the VLAN ID.

<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.

permit - Specifies the packets that match the access profile are permit by the switch.

priority - (Optional) Specifies the packets that match the access profile are remap the 802.1p

107

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

priority tag field by the switch.

<value 0-7> - Enter the value between 0 and 7.

replace_priority - (Optional) Specifies the packets that match the access profile remarking the

802.1p priority tag field by the switch.

replace_dscp_with - (Optional) Specifies the DSCP of the packets that match the access profile are modified according to the value.

<value 0-63> - Enter the value between 0 and 63.

replace_tos_precedence_with - (Optional) Specifies that the IP precedence of the outgoing packet is changed with the new value. If used without an action priority, the packet is sent to the default TC.

<value 0-7> - Enter the value between 0 and 7.

counter - (Optional) Specifies whether the ACL counter feature will be enabled or disabled.

enable - Specifies whether the ACL counter feature is enabled. If the rule is not bound with the flow meter, all matching packets are counted. If the rule is bound with the flow meter, then the “counter” is overridden.

disable - Specifies whether the ACL counter feature is disabled. The default option is disabled.

urpf_state_check - (Optional) Specifies if the incoming packet is determined to be dropped by the URPF and ACL check option.

enable - Specifies to match the permit entry in ACL. The URPF action to drop the packet is ignored. This is the default option.

disable - Specifies to match the permit entry in ACL. The URPF action to drop the packet is honored.

mirror - Specifies that packets matching the access profile are copied to the mirror port.

group_id - Specifies the group ID used.

<value 1-4> - Enter the group ID used here. This value must be between 1 and 4.

deny - Specifies the packets that match the access profile are filtered by the switch.

time_range - (Optional) Specifies the name of this time range entry.

<range_name 32> - Enter the name of this time range entry. The maximum length is 32 characters.

delete access_id - Specifies to delete the access ID.

<value 1-256> - Enter the value between 1 and 256.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure an access list entry:

DGS-3620-28PC:admin#config access_profile profile_id 1 add access_id 1 ip vlan default source_ip 20.2.2.3 destination_ip 10.1.1.252 dscp 3 icmp port 1 permit

Command: config access_profile profile_id 1 add access_id 1 ip vlan default source_ip 20.2.2.3 destination_ip 10.1.1.252 dscp 3 icmp port 1 permit

Success.

DGS-3620-28PC:admin#

108

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

5-4 show access_profile

Description

This command is used to display the current access list table.

Format show access_profile {[profile_id <value 1-6> | profile_name <name 1-32>]}

Parameters

profile_id - (Optional) Specifies the index of the access list profile.

<value 1-6> - Enter the profile ID between 1 and 6.

profile_name - (Optional) Specifies the name of the access list profile.

<name 1-32> - Enter the profile name between 1 and 32.

Restrictions

None.

Example

To display the current access list table:

DGS-3620-28PC:admin#show access_profile

Command: show access_profile

Access Profile Table

Total User Set Rule Entries : 2

Total Used HW Entries : 3

Total Available HW Entries : 1533

==============================================================================

Profile ID: 1 Profile name: EtherACL Type: Ethernet

Mask on

VLAN : 0xFFF

802.1p

Ethernet Type

Available HW Entries : 255

------------------------------------------------------------------------------

Rule ID : 1 Ports: 1

Match on

VLAN ID : 1

802.1p : 7

Ethernet Type : 0xFFFF

Action:

Permit

109

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

URPF State Check: Enabled

(Replaced)Priority : 7

Replace ToS Precedence : 7

==============================================================================

==============================================================================

Profile ID: 2 Profile name: IPv4ACL Type: IPv4

Mask on

VLAN : 0xFFF

DSCP

ICMP

Type

Code

Available HW Entries : 254

------------------------------------------------------------------------------

Rule ID : 1 Ports: 1

Match on

VLAN ID : 1

DSCP : 63

ICMP

Type : 255

Code : 255

Action:

Permit

URPF State Check: Enabled

(Replaced)Priority : 7

Replace ToS Precedence : 7

==============================================================================

DGS-3620-28PC:admin#

Note: “Total User Set Entries” indicates the total number of ACL rules created by the user. “Total Used HW Entries” indicates the total number of hardware entries used in the device. “Available HW Entries” indicates the total number of available hardware entries in the device.

To display an access profile that supports an entry mask for each rule:

DGS-3620-28PC:admin#show access_profile profile_id 3

Command: show access_profile profile_id 3

Access Profile Table

==============================================================================

Profile ID: 3 Profile name: IPv6ACL Type: IPv6

110

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Mask on

Class

Flow Label

TCP

Available HW Entries : 255

------------------------------------------------------------------------------

Rule ID : 1 Ports: 1

Match on

Class : 255

Flow Label : 0xFFFFF

TCP

Action:

Permit

URPF State Check: Enabled

(Replaced)Priority : 7

Replace ToS Precedence : 7

==============================================================================

DGS-3620-28PC:admin#

To display the packet content mask profile for the profile with an ID of 4:

DGS-3620-28PC:admin#show access_profile profile_id 4

Command: show access_profile profile_id 4

Access Profile Table

==============================================================================

Profile ID: 4 Profile name: PCACL Type: User Defined

Mask on

offset_chunk_1 : 1 value : 0x00000000

offset_chunk_2 : 2 value : 0x00000000

offset_chunk_3 : 3 value : 0x00000000

offset_chunk_4 : 4 value : 0x00000000

Available HW Entries : 254

------------------------------------------------------------------------------

Rule ID : 1 Ports: 1

Match on

offset_chunk_1 : 1 value : 0x00000001 Mask : 0x00000005

offset_chunk_2 : 2 value : 0x00000002 Mask : 0x00000006

offset_chunk_3 : 3 value : 0x00000003 Mask : 0x00000007

offset_chunk_4 : 4 value : 0x00000000 Mask : 0x00000008

Action:

Permit

111

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

URPF State Check: Enabled

(Replaced)Priority : 7

Replace ToS Precedence : 7

==============================================================================

DGS-3620-28PC:admin#

5-5 config time_range

Description

This command is used to define a specific range of time to activate a function on the Switch by specifying which time range in a day and which days in a week are covered in the time range. Note that the specified time range is based on SNTP time or configured time. If this time is not available, then the time range will not be met.

Format config time_range <range_name 32> [ hours start_time < hh:mm:ss> end_time< hh:mm:ss> weekdays <daylist> | delete]

Parameters

<range_name 32> - Enter the name of the time range settings.

hours start_time - Specifies the starting time in a day. (24-hr time). For example, 19:00 means

7PM. 19 is also acceptable. The start_time must be smaller than the end_time.

< hh:mm:ss> - Enter the time.

end_time - Specifies the ending time in a day. (24-hr time)

< hh:mm:ss> - Enter the time.

weekdays - Specifies the list of days contained in the time range. Use a dash to define a period of days. Use a comma to separate specific days. For example, mon-fri (Monday to Friday) sun, mon, fri (Sunday, Monday, and Friday)

<daylist> - Enter a list of days.

delete - Delete a time range profile. When a time range profile has been associated with ACL entries, the deletion of this time range profile will fail.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the range of time to activate a function on the switch:

DGS-3620-28PC:admin#config time_range testdaily hours start_time 12:0:0 end_time 13:0:0 weekdays mon,fri

Command: config time_range testdaily hours start_time 12:0:0 end_time 13:0:0 weekdays mon,fri

Success.

DGS-3620-28PC:admin#

112

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

5-6 show time_range

Description

This command is used to display current time range settings.

Format show time_range

Parameters

None.

Restrictions

None.

Example

To display current time range setting:

5-7

DGS-3620-28PC:admin#show time_range

Command: show time_range

Time Range Information

-------------------------

Range Name : testdaily

Weekdays : Mon,Fri

Start Time : 12:00:00

End Time : 13:00:00

Total Entries :1

DGS-3620-28PC:admin#

show current_config access_profile

Description

This command is used to display the ACL part of the current configuration, when logged in with user level privileges. The overall current configuration can be displayed by using the show config command, which is accessible with administrator level privileges.

Format show current_config access_profile

Parameters

None.

113

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

None.

Example

To display the ACL part of the current configuration:

5-8

DGS-3620-28PC:admin#show current_config access_profile

Command: show current_config access_profile

#-----------------------------------------------------------------------------

# ACL create access_profile profile_id 1 profile_name EtherACL ethernet vlan 0xFFF

802.1p ethernet_type config access_profile profile_id 1 add access_id 1 ethernet vlan_id 1 802.1p 7 ethernet_type 0xFFFF port 1 permit priority 7 replace_priority replace_tos 7 urpf_state_check enable create access_profile profile_id 2 profile_name IPv4ACL ip vlan dscp icmp type code config access_profile profile_id 2 add access_id 1 ip vlan_id 1 dscp 63 icmp type 255 code 255 port 1 permit priority 7 replace_priority replace_tos 7 urpf_state_check enable create access_profile profile_id 3 profile_name IPv6ACL ipv6 class flowlabel tcp config access_profile profile_id 3 add access_id 1 ipv6 class 255 flowlabel

0xFFFFF tcp port 1 permit priority 7 replace_priority replace_tos 7 urpf_state_check enable create access_profile profile_id 4 profile_name PCACL packet_content_mask offset_chunk_1 1 0x0 offset_chunk_2 2 0x0 offset_chunk_3 3 0x0 offset_chunk_4 4

0x0 config access_profile profile_id 4 add access_id 1 packet_content offset_chunk_1 0x1 mask 0x5 offset_chunk_2 0x2 mask 0x6 offset_chunk_3 0x3 mask

0x7 offset_chunk_4 0x4 mask 0x8 port 1 permit priority 7 replace_priority replace_tos 7 urpf_state_check enable

#-----------------------------------------------------------------------------

DGS-3620-28PC:admin#

delete cpu access_profile

Description

This command is used to delete CPU access list profiles.

Format delete cpu access_profile [profile_id <value 1-5> | all]

Parameters

profile_id - Specifies the index of the access list profile.

<value 1-5> - Enter the value between 1 and 5.

114

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

all - Specifies to delete all the access list profiles.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete access list rules:

5-9

DGS-3620-28PC:admin#delete cpu access_profile profile_id 3

Command: delete cpu access_profile profile_id 3

Success.

DGS-3620-28PC:admin#

create cpu access_profile profile_id

Description

This command is used to create CPU access list profiles.

Format create cpu access_profile profile_id <value 1-5> [ethernet {vlan | source_mac <macmask

000000000000-ffffffffffff> | destination_mac <macmask 000000000000-ffffffffffff> | 802.1p | ethernet_type}(1) | ip {vlan | source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp

{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex

0x0-0xff> {user_define_mask <hex 0x0-0xffffffff>}]}(1) | packet_content_mask {offset_0-15

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79

<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}(1) | ipv6

{class | flowlabel | source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask>}(1)]

Parameters

<value 1-5> - Enter a value between 1 and 5.

ethernet - Specifies an Ethernet CPU access control list rule.

vlan - Specifies a VLAN mask.

source_mac - Specifies the source MAC mask.

<macmask000000000000-ffffffffffff> - Enter the source MAC mask.

destination_mac - Specifies the destination MAC mask.

<macmask 000000000000-ffffffffffff> - Enter the destination MAC mask.

802.1p - Specifies the 802.1p priority tag mask.

ethernet_type - Specifies the Ethernet type mask.

ip - Specifies an IP CPU access control list rule.

vlan - Specifies a VLAN mask.

source_ip_mask - Specifies an IP source submask.

<netmask> - Enter an IP source submask.

115

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

destination_ip_mask - Specifies an IP destination submask.

<netmask> - Enter an IP destination submask.

dscp - Specifies the DSCP mask.

icmp - Specifies that the rule applies to ICMP traffic.

type - (Optional) Specifies the ICMP packet type.

code - (Optional) Specifies the ICMP code.

igmp - Specifies that the rule applies to IGMP traffic.

type - (Optional) Specifies the IGMP packet type.

tcp - Specifies that the rule applies to TCP traffic.

src_port_mask - (Optional) Specifies the TCP source port mask.

<hex 0x0-0xffff> - Enter the TCP source port mask.

dst_port_mask - (Optional) Specifies the TCP destination port mask.

<hex 0x0-0xffff> - Enter the TCP destination port mask.

flag_mask - (Optional) Specifies the TCP flag field mask.

all – Specify to check all paramenters below.

urg - (Optional) Specifies Urgent Pointer field significant.

ack - (Optional) Specifies Acknowledgment field significant.

psh - (Optional) Specifies Push Function.

rst - (Optional) Specifies to reset the connection.

syn - (Optional) Specifies to synchronize sequence numbers.

fin - (Optional) No more data from sender.

udp - Specifies that the rule applies to UDP traffic.

src_port_mask - (Optional) Specifies the UDP source port mask.

<hex 0x0-0xffff> - Enter the UDP source port mask.

dst_port_mask - (Optional) Specifies the UDP destination port mask.

<hex 0x0-0xffff> - Enter the UDP destination port mask.

protocol_id_mask - Specifies that the rule applies to the IP protocol ID traffic.

<hex 0x0-0xff> - Enter that the rule applies to the IP protocol ID traffic.

user_define_mask - (Optional) Specifies the L4 part mask

<hex 0x0-0xffffffff> - Enter the L4 part mask

packet_content_mask - Specifies the packet content mask.

offset_0-15 - Specifies the mask for packet bytes 0-15.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 0-3.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 4-7.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 8-11.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 12-15.

offset_16-31 - Specifies the mask for packet bytes 16-31.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 16-19.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 20-23.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 24-27.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 28-31.

offset_32-47 - Specifies the mask for packet bytes 32-47

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 32-35.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 36-39.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 40-43.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 44-47.

offset_48-63 - Specifies the mask for packet bytes 48-63.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 48-51.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 52-55.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 56-59.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 60-63.

offset_64-79 - Specifies the mask for packet bytes 64-79.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 64-67.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 68-71.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 72-75.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 76-79.

ipv6 - Specifies the IPv6 mask.

class - Specifies the IPv6 class mask.

flowlabel - Specifies the IPv6 flow label mask.

source_ipv6_mask - Specifies the IPv6 source IP mask.

116

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<ipv6mask> - Enter the IPv6 source IP mask.

destination_ipv6_mask - Specifies the IPv6 destination IP mask.

<ipv6mask> - Enter the IPv6 destination IP mask.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To create CPU access list profiles:

DGS-3620-28PC:admin#create cpu access_profile profile_id 1 ethernet vlan

Command: create cpu access_profile profile_id 1 ethernet vlan

Success.

DGS-3620-28PC:admin#create cpu access_profile profile_id 2 ip source_ip_mask

255.255.255.255

Command: create cpu access_profile profile_id 2 ip source_ip_mask

255.255.255.25

5

Success.

DGS-3620-28PC:admin#

5-10 config cpu access_profile profile_id

Description

This command is used to configure CPU access list entries.

Format config cpu access_profile profile_id <value 1-5> [add access_id [auto_assign | <value 1-

100>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] | source_mac <macaddr> | destination_mac <macaddr> | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>} | ip {[vlan

<vlan_name 32> | vlan_id <vlanid 1-4094>] | source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-

255>} | tcp {src_port <value 0-65535> | dst_port <value 0-65535> | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-65535> | dst_port <value 0-65535>} | protocol_id

<value 0-255> {user_define <hex 0x0-0xffffffff>}]} | packet_content {offset_0-15 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-

0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>} | ipv6 {class <value 0-

255> | flowlabel <hex 0x0-0xfffff> | source_ipv6 <ipv6addr> | destination_ipv6 <ipv6addr>}] port [<portlist> | all] [permit | deny] {time_range <range_name 32>} | delete access_id

<value 1-100>]

117

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<value 1-5> - Enter the index of the CPU access list profile.

add access_id - Specifies the index of an access list entry to add. The range of this value is 1 to

100.

auto_assign - Specifies to automatically assign the access ID.

<value 1-100> - Enter an access ID between 1 and 100.

ethernet - Specifies an Ethernet CPU access control list rule.

vlan - Specifies the VLAN name.

<vlan_name 32> -Specify the VLAN name. The maximum length is 32 characters.

vlanid - Specifies the VLAN ID.

<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.

source_mac - Specifies the source MAC address.

<macaddr> - Enter the source MAC address.

destination_mac - Specifies the destination MAC address.

<macaddr> - Enter the destination MAC address.

802.1p - Specifies the value of the 802.1p priority tag.

<value 0-7> - Enter the value of the 802.1p priority tag. The priority tag ranges from 1 to 7.

ethernet_type - Specifies the Ethernet type.

<hex 0x0-0xffff> - Enter the Ethernet type.

ip - Specifies an IP access control list rule.

vlan - Specifies the VLAN name.

<vlan_name 32> -Specify the VLAN name. The maximum length is 32 characters.

vlanid - Specifies the VLAN ID.

<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.

source_ip - Specifies an IP source address.

<ipaddr> - Enter an IP source address.

destination_ip - Specifies an IP destination address.

<ipaddr> - Enter an IP destination address.

dscp - Specifies the value of DSCP.

<value 0-63> - Enter the value of DSCP. The DSCP value ranges from 0 to 63.

icmp - Specifies the ICMP.

type - (Optional) Specifies that the rule will apply to the ICMP Type traffic value.

<value 0-255> - Enter the value between 0 and 255.

code - (Optional) Specifies that the rule will apply to the ICMP Code traffic value.

<value 0-255> - Enter the value between 0 and 255.

igmp - Specifies the IGMP.

type - (Optional) Specifies that the rule will apply to the IGMP Type traffic value.

<value 0-255> - Enter the value between 0 and 255.

tcp - Specifies TCP.

src_port - (Optional) Specifies that the rule will apply to a range of TCP source ports.

<value 0-65535> - Enter the value between 0 and 65535.

dst_port - (Optional) Specifies that the rule will apply to a range of TCP destination ports.

<value 0-65535> - Enter the value between 0 and 65535.

flag - Specifies the TCP flag field value.

all – Specify to check all paramenters below.

urg - (Optional) Specifies Urgent Pointer field significant.

ack - (Optional) Specifies Acknowledgment field significant.

psh - (Optional) Specifies Push Function.

rst - (Optional) Specifies to reset the connection.

syn - (Optional) Specifies to synchronize sequence numbers.

fin - (Optional) No more data from sender.

udp - Specifies UDP.

src_port - (Optional) Specifies the UDP source port range.

<value 0-65535> - Enter the value between 0 and 65535.

dst_port - (Optional) Specifies the UDP destination port range.

<value 0-65535> - Enter the value between 0 and 65535.

protocol_id - Specifies that the rule will apply to the value of IP protocol ID traffic.

<value 0-255> - Enter the value between 0 and 255.

user_define - (Optional) Specifies that the rule will apply to the IP protocol ID and that the

118

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

mask options behind the IP header, which has a length of 4 bytes.

<hex 0x0-0xffffffff> - Enter that the rule will apply to the IP protocol ID and that the mask options behind the IP header , which has a length of 4 bytes.

packet_content - Specifies that the access control list rule will be set to packet content.

offset_0-15 - Specifies the mask for packet bytes 0-15.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 0-3.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 4-7.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 8-11.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 12-15.

offset_16-31 - Specifies the mask for packet bytes 16-31.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 16-19.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 20-23.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 24-27.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 28-31.

offset_32-47 - Specifies the mask for packet bytes 32-47

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 32-35.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 36-39.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 40-43.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 44-47.

offset_48-63 - Specifies the mask for packet bytes 48-63.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 48-51.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 52-55.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 56-59.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 60-63.

offset_64-79 - Specifies the mask for packet bytes 64-79.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 64-67.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 68-71.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 72-75.

<hex 0x0-0xffffffff> - Enter the mask for packet bytes 76-79.

ipv6 - Specifies that the rule applies to IPv6 fields.

class - Specifies the value of the IPv6 class.

<value 0-255> - Enter the value between 0 and 255.

flowlabel - Specifies the value of the IPv6 flow label.

<hex 0x0-0xfffff> - Enter the value of the IPv6 flow label.

source_ipv6 - Specifies the value of the IPv6 source address.

<ipv6addr> - Enter the value of the IPv6 source address.

destination_ipv6 - Specifies the value of the IPv6 destination address.

<ipv6addr> - Enter the value of the IPv6 destination address.

port - Specifies the port number to configure.

<portlist> - Enter a list of ports.

all - Specifies to configure all ports.

permit - Specifies the packets that match the access profile are permitted by the switch.

deny - Specifies the packets that match the access profile are filtered by the switch.

time_range - (Optional) Specifies the name of this time range entry.

<range_name 32> - Enter the name of this time range entry. The maximum length is 32 characters.

delete access_id - Specifies to delete the access ID.

<value 1-100> - Enter the value between 1 and 100.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure access list entry:

DGS-3620-28PC:admin#config cpu access_profile profile_id 1 add access_id 1 ethernet vlan default port 1-3 deny

119

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Command: config cpu access_profile profile_id 1 add access_id 1 ethernet vlan default port 1-3 deny

Success.

DGS-3620-28PC:admin#

5-11 show cpu access_profile

Description

This command is used to display the current CPU access list table.

Format show cpu access_profile {profile_id <value 1-5>}

Parameters

profile_id - (Optional) Specifies the index of an access list profile.

<value 1-5> - Enter value between 1 and 5.

Restrictions

None.

Example

To display the current CPU access list table:

DGS-3620-28PC:admin#show cpu access_profile

Command: show cpu access_profile

CPU Interface Filtering State: Disabled

CPU Interface Access Profile Table

Total Unused Rule Entries : 496

Total Used Rule Entries : 4

==============================================================================

Profile ID: 1 Type: Ethernet

Mask on

VLAN : 0xFFF

802.1p

Ethernet Type

Unused Rule Entries: 99

------------------------------------------------------------------------------

Rule ID : 1 Ports: 1

Match on

120

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

VLAN ID : 1

802.1p : 7

Ethernet Type : 0xFFFF

Action:

Permit

==============================================================================

==============================================================================

Profile ID: 2 Type: IPv4

Mask on

VLAN : 0xFFF

DSCP

ICMP

Type

Code

Unused Rule Entries: 99

------------------------------------------------------------------------------

Rule ID : 1 Ports: 1

Match on

VLAN ID : 1

DSCP : 63

ICMP

Type : 255

Code : 255

Action:

Permit

==============================================================================

==============================================================================

Profile ID: 3 Type: IPv6

Mask on

Class

Flow Label

Unused Rule Entries: 99

------------------------------------------------------------------------------

Rule ID : 1 Ports: 1

Match on

Class : 255

Flow Label : 0xFFFFF

Action:

Permit

121

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

==============================================================================

==============================================================================

Profile ID: 4 Type: User Defined

Mask on

Offset 0-15 : 0x00000000 0x00000000 0x00000000 0x00000000

Offset 16-31 : 0x00000000 0x00000000 0x00000000 0x00000000

Offset 32-47 : 0x00000000 0x00000000 0x00000000 0x00000000

Offset 48-63 : 0x00000000 0x00000000 0x00000000 0x00000000

Offset 64-79 : 0x00000000 0x00000000 0x00000000 0x00000000

Unused Rule Entries: 99

------------------------------------------------------------------------------

Rule ID : 1 Ports: 1

Match on

Offset 0-15 : 0x00000000 0x00000000 0x00000000 0x00000000

Offset 16-31 : 0x00000000 0x00000000 0x00000000 0x00000000

Offset 32-47 : 0x00000000 0x00000000 0x00000000 0x00000000

Offset 48-63 : 0x00000000 0x00000000 0x00000000 0x00000000

Offset 64-79 : 0x00000000 0x00000000 0x00000000 0x00000000

Action:

Permit

==============================================================================

DGS-3620-28PC:admin#

5-12 enable cpu_interface_filtering

Description

This command is used to enable CPU interface filtering.

Format enable cpu_interface_filtering

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable CPU interface filtering:

122

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#enable cpu_interface_filtering

Command: enable cpu_interface_filtering

Success.

DGS-3620-28PC:admin#

5-13 disable cpu_interface_filtering

Description

This command is used to disable CPU interface filtering.

Format disable cpu_interface_filtering

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To disable CPU interface filtering:

DGS-3620-28PC:admin#disable cpu_interface_filtering

Command: disable cpu_interface_filtering

Success.

DGS-3620-28PC:admin#

5-14 config flow_meter

Description

This command is used to configure the flow-based metering function. The metering function supports three modes: single rate two color, single rate three color, and two rate three color. The access rule must be created before the parameters of this function can be applied. For the single rate two color mode, users may set the preferred bandwidth for this rule, in Kbps, and once the bandwidth has been exceeded, overflowing packets will either be dropped or remarked DSCP, depending on the user configuration. For single rate three color mode, users need to specify the committed rate, in Kbps, the committed burst size, and the excess burst size. For the two rate three color mode, users need to specify the committed rate in Kbps, the committed burst size, the peak rate and the peak burst size. The green color packet will be treated as the conforming action, the yellow color packet will be treated as the exceeding action, and the red color packet will be treated as the violating action.

123

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

The replace DSCP action can be performed on packets that conform (GREEN) and packets that do not conform (YELLOW and RED). If drop YELLOW/RED is selected, the action to replace the

DSCP will not take effect. The color mapping for both “single rate three color” and “two rate three color” mode follow RFC 2697 and RFC 2698 in the color-blind situation.

Format config flow_meter [profile_id <value 1-6> | profile_name <name 1-32>] access_id <value 1-

256> [rate [<value 0-1048576>] {burst_size [<value 0-131072>]} rate_exceed [drop_packet | remark_dscp <value 0-63>] | tr_tcm cir <value 0-1048576> {cbs <value 0-131072>} pir <value

0-1048576> {pbs <value 0-131072>} {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit {replace_dscp

<value 0-63>} | drop] {counter [enable | disable]} violate [permit {replace_dscp <value 0-63>}

| drop] {counter [enable | disable]} | sr_tcm cir <value 0-1048576> cbs <value 0-131072> ebs

<value 0-131072> {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-

63>] {counter [enable | disable]}} exceed [permit {replace_dscp <value 0-63>} | drop]

{counter [enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop] {counter

[enable | disable]} | delete]

Parameters

profile_id - Specifies the index of the access list profile.

<value 1-6> - Enter the value between 1 and 6.

profile_name - Specifies the name of the profile.

<name 1-32> - Enter the name of the profile. The maximum length is 32 characters.

access_id - Specifies the index of the access list entry.

<value 1-256> - Enter the value between 1 and 256.

rate - Specifies the rate for single rate two color mode. Specify the committed bandwidth in Kbps for the flow.

<value 0-1048576>- Specifies the value between 0 and 1048576.

burst_size - (Optional) Specifies the burst size for the single rate two color mode. The unit is

Kbyte.

<value 0-131072> - Enter the value between 0 and 131072.

rate_exceed - Specifies the action for packets that exceed the committed rate in single rate two color mode. The action can be specified as one of the following:

drop_packet - Drop the packet immediately.

remark_dscp - Mark the packet with a specified DSCP. The packet is set to drop for packets with a high precedence.

<value 0-63> - Enter the value between 0 and 63.

tr_tcm - Specifies the “two-rate three-color mode.”

cir -Specify the Committed Information Rate. The unit is Kbps. CIR should always be equal or less than PIR.

<value 0-1048576> - Enter the value between 0 and 1048576.

cbs - (Optional) Specifies the Committed Burst Size. The unit is Kbyte.

<value 0-131072> - Enter the value between 0 and 131072.

pir - Specifies the Peak information Rate. The unit is Kbps. PIR should always be equal to or greater than CIR.

<value 0-1048576> - Enter the value between 0 and 1048576.

pbs - (Optional) Specifies the Peak Burst Size. The unit is Kbyte.

<value 0-131072> - Enter the value between 0 and 131072.

color_blind - Specifies the meter mode as color-blind. The default is color-blind mode.

color_aware - Specifies the meter mode as color-aware. The final color of the packet is determined by the initial color of the packet and the metering result.

conform - (Optional) This field denotes the green packet flow. Green packet flows may have their

DSCP field rewritten to a value stated in this field. Users may also choose to count green packets by using counter parameter.

124

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

permit - Enter this parameter to allow packet flows that are in the green flow.

replace_dscp - Packets that are in the green flow may have their DSCP field rewritten using this parameter and entering the DSCP value to replace.

<value 0-63> - Enter the value between 0 and 63.

counter - (Optional) Use this parameter to enable or disable the packet counter for the specified ACL entry in the green flow.

enable - Enable the packet counter for the specified ACL entry in the green flow.

disable - Disable the packet counter for the specified ACL entry in the green flow.

exceed - This field denotes the yellow packet flow. Yellow packet flows may have excess packets permitted through or dropped. Users may replace the DSCP field of these packets by checking its radio button and entering a new DSCP value in the allotted field.

permit - Enter this parameter to allow packet flows that are in the yellow flow.

replace_dscp - Specifies to change the DSCP of the packet.

<value 0-63> - Enter the replacement DSCP of the packet here. This value must be between 0 and 63.

drop - Enter this parameter to drop packets that are in the yellow flow.

counter - (Optional) Use this parameter to enable or disable the packet counter for the specified ACL entry in the green flow.

enable - Enable the packet counter for the specified ACL entry in the green flow.

disable - Disable the packet counter for the specified ACL entry in the green flow.

violate - This field denotes the red packet flow. Red packet flows may have excess packets permitted through or dropped. Users may replace the DSCP field of these packets by checking its radio button and entering a new DSCP value in the allotted field.

permit - Enter this parameter to allow packet flows that are in the red flow.

replace_dscp - Specifies to change the DSCP of the packet.

<value 0-63> - Enter the replacement DSCP of the packet here. This value must be between 0 and 63.

drop - Enter this parameter to drop packets that are in the red flow.

counter - (Optional) Use this parameter to enable or disable the packet counter for the specified ACL entry in the green flow.

enable - Enable the packet counter for the specified ACL entry in the green flow.

disable - Disable the packet counter for the specified ACL entry in the green flow.

sr_tcm - Specifies the “single-rate three-color mode”.

cir -Specify the Committed Information Rate. The unit is in Kbps.

<value 0-1048576> - Enter the value between 0 and 1048576.

cbs - Specifies the Committed Burst Size. The unit is in Kbyte.

<value 0-131072> - Enter the value between 0 and 131072.

ebs - Specifies the Excess Burst Size. The unit is Kbyte.

<value 0-131072> - Enter the value between 0 and 131072.

color_blind - Specifies the meter mode as color-blind. The default is color-blind mode.

color_aware - Specifies the meter mode as color-aware. The final color of the packet is determined by the initial color of the packet and the metering result.

conform - (Optional) This field denotes the green packet flow. Green packet flows may have their

DSCP field rewritten to a value stated in this field. Users may also choose to count green packets by using counter parameter.

permit - Enter this parameter to allow packet flows that are in the green flow.

replace_dscp - Packets that are in the green flow may have their DSCP field rewritten using this parameter and entering the DSCP value to replace.

<value 0-63> - Enter the value between 0 and 63.

counter - (Optional) Use this parameter to enable or disable the packet counter for the specified ACL entry in the green flow.

enable - Enable the packet counter for the specified ACL entry in the green flow.

disable - Disable the packet counter for the specified ACL entry in the green flow.

exceed - This field denotes the yellow packet flow. Yellow packet flows may have excess packets permitted through or dropped. Users may replace the DSCP field of these packets by checking its radio button and entering a new DSCP value in the allotted field.

permit - Enter this parameter to allow packet flows that are in the yellow flow.

replace_dscp - Specifies to change the DSCP of the packet.

<value 0-63> - Enter the replacement DSCP of the packet here. This value must be between 0 and 63.

125

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

drop - Enter this parameter to drop packets that are in the yellow flow.

counter - (Optional) Use this parameter to enable or disable the packet counter for the specified ACL entry in the green flow.

enable - Enable the packet counter for the specified ACL entry in the green flow.

disable - Disable the packet counter for the specified ACL entry in the green flow.

violate - This field denotes the red packet flow. Red packet flows may have excess packets permitted through or dropped. Users may replace the DSCP field of these packets by checking its radio button and entering a new DSCP value in the allotted field.

permit - Enter this parameter to allow packet flows that are in the red flow.

replace_dscp - Specifies to change the DSCP of the packet.

<value 0-63> - Enter the replacement DSCP of the packet here. This value must be between 0 and 63.

drop - Enter this parameter to drop packets that are in the red flow.

counter - (Optional) Use this parameter to enable or disable the packet counter for the specified ACL entry in the green flow.

enable - Enable the packet counter for the specified ACL entry in the green flow.

disable - Disable the packet counter for the specified ACL entry in the green flow.

delete - Use this parameter to delete the specified flow meter.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure a two rate, three color flow meter:

DGS-3620-28PC:admin#config flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs 200 pir 2000 pbs 200 conform replace_dscp 21 exceed drop violate permit

Command: config flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs 200 pir

2000 pbs 200 conform replace_dscp 21 exceed drop violate permit

Success.

DGS-3620-28PC:admin#

To replace DSCP action changed to perform on conform (green) and unconform (yellow and red) packets:

DGS-3620-28PC:admin# config flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs 200 pir 2000 pbs 200 exceed permit replace_dscp 21 violate permit replace_dscp 21

Command: config flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs 200 pir

2000 pbs 200 exceed permit replace_dscp 21 violate permit replace_dscp 21

Success.

DGS-3620-28PC:admin#

5-15 show flow_meter

Description

This command is used to display the flow meter table.

126

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format show flow_meter {[profile_id <value 1-6> | profile_name <name 1-32>] {access_id <value 1-

256>}}

Parameters

profile_id - (Optional) Specifies the profile ID.

<value 1-6> - Enter the profile ID. Enter a value between 1 and 6.

profile_name - (Optional) Specifies the name of the profile.

<name 1-32> - Enter the name of the profile. The maximum length is 32 characters.

access_id - (Optional) Specifies the access ID.

<value 1-256> - Enter the access ID. Enter a value between 1 and 256.

Restrictions

None.

Example

To display the flow meter configuration:

DGS-3620-28PC:admin#show flow_meter

Command: show flow_meter

Flow Meter Information

------------------------------------------------------------------------------

Profile ID:1 Aceess ID:1 Mode : trTCM / ColorBlind

CIR(Kbps):1000 CBS(Kbyte):200 PIR(Kbps):2000 PBS(Kbyte):200

Action:

Conform : Permit Counter: Disabled

Exceed : Permit Replace DSCP: 21 Counter: Disabled

Violate : Permit Replace DSCP: 21 Counter: Disabled

------------------------------------------------------------------------------

Total Entries: 1

DGS-3620-28PC:admin#

127

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 6 Access Control List

(ACL) Egress Commands

create egress_access_profile profile_id <value 1-4> profile_name <name 1-32> [ethernet {vlan

{<hex 0x0-0x0fff>} | source_mac <macmask 000000000000-ffffffffffff> | destination_mac

<macmask 000000000000-ffffffffffff> | 802.1p | ethernet_type} | ip {vlan {<hex 0x0-0x0fff>} | source_ip_mask <netmask> | destination_ip_mask <netmask> |dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff> {user_define_mask <hex

0x0-0xffffffff>}]} | ipv6 {class | source_ipv6_mask <ipv6mask> | destination_ipv6_mask

<ipv6mask> | [tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | udp

{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | icmp {type | code}]}]

delete egress_access_profile [profile_id <value 1-4> | profile_name <name 1-32> | all]

config egress_access_profile [profile_id <value 1-4> | profile_name <name 1-32>] [add access_id [auto_assign | <value 1-128>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-

4094>] {mask <hex 0x0-0x0fff>} | source_mac <macaddr> {mask <macmask>} | destination_mac <macaddr> {mask <macmask>} | 802.1p <value 0-7> | ethernet_type <hex

0x0-0xffff> | mirror} | ip {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-

0x0fff>} | source_ip <ipaddr> {mask <netmask>} | destination_ip <ipaddr> {mask <netmask>}

| dscp <value 0-63> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-

255>} | tcp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535>

{mask <hex 0x0-0xffff>} | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-

65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | protocol_id <value 0-255> {user_define <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}] | mirror} | ipv6 {class <value 0-255> | source_ipv6 <ipv6addr> {mask <ipv6mask>} | destination_ipv6 <ipv6addr> {mask <ipv6mask>} | [tcp {src_port <value 0-65535> {mask <hex

0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | udp {src_port <value 0-

65535> {mask<hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | icmp

{type <value 0-255> | code <value 0-255>}] | mirror}] [vlan_based [vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] | port_group [id<value 1-64> | name <name 16>] | port <port>]

[permit {replace_priority_with <value 0-7> | replace_dscp_with <value 0-63> | replace_vlan_id_with <value 1-4094> | counter [enable | disable]} | deny] {time_range

<range_name 32>} | delete access_id <value 1-128>]

show egress_access_profile {[profile_id <value 1-4> | profile_name <name 1-32>]}

show current_config egress_access_profile

config egress_flow_meter [profile_id <value 1-4> | profile_name <name 1-32>] access_id <value

1-128> [rate <value 0-1048576> {burst_size <value 0-131072>} rate_exceed [drop_packet | remark_dscp <value 0-63>] | tr_tcm cir <value 0-1048576> {cbs <value 0-131072>} pir <value

0-1048576> {pbs <value 0-131072>} {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit {replace_dscp <value

0-63>} | drop] {counter [enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop]

{counter [enable | disable]} | sr_tcm cir <value 0-1048576> cbs <value 0-131072> ebs <value

0-131072> {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>]

{counter [enable | disable]}} exceed [permit {replace_dscp <value 0-63>} | drop] {counter

[enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop] {counter [enable | disable]} | delete]

show egress_flow_meter {[profile_id <value 1-4> | profile_name <name 1-32>] {access_id

<value1-128>}}

create port_group id <value 1-64> name <name 16>

config port_group [id <value 1-64> | name <name 16>] [add | delete] [<portlist> | all]

delete port_group [id <value 1-64> | name <name 16>]

show port_group {id <value 1-64> | name <name 16>}

128

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

6-1 create egress_access_profile

Description

This command is used to create an egress access list profile. For example, for some hardware, it may be invalid to specify destination IPv6 address and source IPv6 address at the same time. The user will be prompted for these limitations.

Format create egress_access_profile profile_id <value 1-4> profile_name <name 1-32> [ethernet

{vlan {<hex 0x0-0x0fff>} | source_mac <macmask 000000000000-ffffffffffff> | destination_mac <macmask 000000000000-ffffffffffff> | 802.1p | ethernet_type} | ip {vlan

{<hex 0x0-0x0fff>} | source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp |

[icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask

<hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask

<hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff>

{user_define_mask <hex 0x0-0xffffffff>}]} | ipv6 {class | source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask> | [tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask

<hex 0x0-0xffff>} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | icmp {type | code}]}]

Parameters

profile_id - Specifies the index of the egress access list profile. The lower the profile ID, the higher the priority.

<value 1-4> - Enter the profile ID used here. This value must be between 1 and 4.

profile_name - The name of the profile must be specified. The maximum length is 32 characters.

<name 1-32> - Enter the profile name used here. This name can be up to 32 characters long.

ethernet - Specifies this is an Ethernet mask.

vlan - (Optional) Specifies a VLAN mask.

<hex 0x0-0x0fff> - Enter the VLAN mask used here.

source_mac - (Optional) Specifies the source MAC mask.

<macmask 000000000000-ffffffffffff> - Enter the source MAC mask used here.

destination_mac - (Optional) Specifies the destination MAC mask.

<macmask 000000000000-ffffffffffff> - Enter the destination MAC mask used here.

802.1p - (Optional) Specifies 802.1p priority tag mask.

ethernet_type - (Optional) Specifies the Ethernet type mask.

ip - Specifies this is an IPv4 mask.

vlan - (Optional) Specifies a VLAN mask.

<hex 0x0-0x0fff> - Enter the VLAN mask used here.

source_ip_mask - (Optional) Specifies a source IP address mask.

<netmask> - Enter the source network mask used here.

destination_ip_mask - (Optional) Specifies a destination IP address mask.

<netmask> - Enter the destination network mask used here.

dscp - (Optional) Specifies the DSCP mask.

icmp - (Optional) Specifies that the rule applies to ICMP traffic.

type - Specifies the type of ICMP traffic.

code - Specifies the code of ICMP traffic.

igmp - (Optional) Specifies that the rule applies to IGMP traffic.

type - Specifies the type of IGMP traffic.

tcp - (Optional) Specifies that the rule applies to TCP traffic.

src_port_mask - Specifies the TCP source port mask.

<hex 0x0-0xffff> - Enter the TCP source port mask value here.

dst_port_mask - Specifies the TCP destination port mask.

<hex 0x0-0xffff> - Enter the TCP source port mask value here.

flag_mask - (Optional) Specifies the TCP flag field mask.

129

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

all - Specifies that the TCP flag field mask will be set to 'all'.

urg - Specifies that the TCP flag field mask will be set to 'urg'.

ack - Specifies that the TCP flag field mask will be set to 'ack'.

psh - Specifies that the TCP flag field mask will be set to 'psh'.

rst - Specifies that the TCP flag field mask will be set to 'rst'.

syn - Specifies that the TCP flag field mask will be set to 'syn'.

fin - Specifies that the TCP flag field mask will be set to 'fin'.

udp - (Optional) Specifies that the rule applies to UDP traffic.

src_port_mask - Specifies the UDP source port mask.

<hex 0x0-0xffff> - Enter the UDP source port mask value here.

dst_port_mask - Specifies the UDP destination port mask.

<hex 0x0-0xffff> - Enter the UDP destination port mask value here.

protocod_id_mask - (Optional) Specifies that the rule applies to IP protocol ID traffic.

<hex 0x0-0xff> - Enter the protocol ID mask value here.

user_define_mask - (Optional) Specifies that the rule applies to the IP protocol ID, and that the mask option behind the IP header length is 20 bytes.

<hex 0x0-0xffffffff> - Enter the user-defined mask value here.

ipv6 - (Optional) Specifies this is an IPv6 mask.

class - (Optional) Specifies the IPv6 class.

source_ipv6_mask - (Optional) Specifies an IPv6 source sub-mask.

<ipv6mask> - Enter the IPv6 source sub-mask value here.

destination_ipv6_mask - Specifies an IPv6 destination sub-mask.

<ipv6mask> - Enter the IPv6 destination sub-mask value here.

tcp - (Optional) Specifies that the following parameter are application to the TCP configuration.

src_port_mask - Specifies an IPv6 Layer 4 TCP source port mask.

<hex 0x0-0xffff> - Enter the Ipv6 TCP source port mask value here.

dst_port_mask - Specifies an IPv6 Layer 4 TCP destination port mask.

<hex 0x0-0xffff> - Enter the Ipv6 TCP destination port mask value here.

udp - (Optional) Specifies that the following parameter are application to the UDP configuration.

src_port_mask - Specifies an IPv6 Layer 4 UDP source port mask.

<hex 0x0-0xffff> - Enter the Ipv6 UDP source port mask value here.

dst_port_mask - Specifies an IPv6 Layer 4 UDP destination port mask.

<hex 0x0-0xffff> - Enter the Ipv6 UDP destination port mask value here.

icmp - (Optional) Specifies that the rule applies to ICMP traffic.

type - Specifies the type of ICMP traffic.

code - Specifies the code of ICMP traffic.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To create an egress access list profile with the name “eap-eth-bc” and assign the profile ID to be 1:

DGS-3620-28PC:admin# create egress_access_profile profile_id 1 profile_name eap-eth-bc ethernet source_mac FF-FF-FF-FF-FF-FF

Command: create egress_access_profile profile_id 1 profile_name eap-eth-bc ethernet source_mac FF-FF-FF-FF-FF-FF

DGS-3620-28PC:admin#

130

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

6-2 delete egress_access_profile

Description

Delete egress access profile command can only delete the profile which is created by egress ACL module.

Format delete egress_access_profile [profile_id <value 1-4> | profile_name <name 1-32> | all]

Parameters

profile_id - Specifies the index of the egress access list profile.

<value 1-4> - Enter the profile ID used here. This value must be between 1 and 4.

profile_name - Specifies the name of the profile. The maximum length is 32 characters.

<name 1-32> - Enter the profile name used here. This name can be up to 32 characters long.

all - Specifies that the whole egress access list profile will be deleted.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete egress access list profile ID 1:

DGS-3620-28PC:admin# delete egress_access_profile profile_id 1

Command: delete egress_access_profile profile_id 1

Success.

DGS-3620-28PC:admin#

6-3 config egress_access_profile

Description

This command is used to configure egress access list entries.

Format config egress_access_profile [profile_id <value 1-4> | profile_name <name 1-32>] [add access_id [auto_assign | <value 1-128>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid

1-4094>] {mask <hex 0x0-0x0fff>} | source_mac <macaddr> {mask <macmask>} | destination_mac <macaddr> {mask <macmask>} | 802.1p <value 0-7> | ethernet_type <hex

0x0-0xffff> | mirror} | ip {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-

0x0fff>} | source_ip <ipaddr> {mask <netmask>} | destination_ip <ipaddr> {mask <netmask>}

| dscp <value 0-63> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-

255>} | tcp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535>

{mask <hex 0x0-0xffff>} | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-

65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | protocol_id <value 0-255> {user_define <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}] |

131

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

mirror} | ipv6 {class <value 0-255> | source_ipv6 <ipv6addr> {mask <ipv6mask>} | destination_ipv6 <ipv6addr> {mask <ipv6mask>} | [tcp {src_port <value 0-65535> {mask

<hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | udp {src_port <value

0-65535> {mask<hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | icmp

{type <value 0-255> | code <value 0-255>}] | mirror}] [vlan_based [vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] | port_group [id<value 1-64> | name <name 16>] | port <port>]

[permit {replace_priority_with <value 0-7> | replace_dscp_with <value 0-63> | replace_vlan_id_with <value 1-4094> | counter [enable | disable]} | deny] {time_range

<range_name 32>} | delete access_id <value 1-128>]

Parameters

profile_id - Specifies the index of the egress access list profile.

<value 1-4> - Enter the profile ID used here. This value must be between 1 and 4.

profile_name - Specifies the name of the profile.

<name 1-32> - Enter the profile name here. This name can be up to 32 characters long.

add - Specifies to add a profile or rule.

access_id - Specifies the index of the access list entry. If the auto_assign option is selected, the access ID is automatically assigned. The lower the access ID, the higher the priority.

auto assign - Specifies that the access ID will be configured automatically.

<value 1-128> - Enter the access ID used here. This value must be between 1 and 128.

ethernet - Specifies an Ethernet egress ACL rule.

vlan - (Optional) Specifies the VLAN name.

<vlan_name 32> - Enter the VLAN name used for this configuration here. This name can be up to 32 characters long.

vlanid - Specifies a VLAN ID.

<vlanid 1-4094> - Enter the VLAN ID used for this congfiguration here. This value must be between 1 and 4094.

mask - (Optional) Specifies the mask used.

<hex 0x0-x0fff> - Enter the mask value used here.

source_mac - (Optional) Specifies the source MAC address.

<macaddr> - Enter the source MAC address used here.

mask - Specifies that source MAC mask used.

<macmask> - Enter the source MAC mask value here.

destination_mac - Specifies the destination MAC address.

<macaddr> - Enter the destination MAC address used here.

mask - Specifies that destination MAC mask used.

<macmask> - Enter the destination MAC mask value here.

802.1p - (Optional) Specifies the value of the 802.1p priority tag. The priority tag ranges from

1 to 7.

<value 0-7> - Enter the 802.1p priority tag used here.

ethernet_type - (Optional) Specifies the Ethernet type.

<hex 0x0-0xffff> - Enter the Ethernet type mask used here.

mirror - Specifies that only the mirrored packet can be matched.

ip - Specifies an IP egress ACL rule.

vlan - (Optional) Specifies the VLAN name.

<vlan_name 32> - Enter the VLAN name used for this configuration here. This name can be up to 32 characters long.

vlanid - Specifies a VLAN ID.

<vlanid 1-4094> - Enter the VLAN ID used for this congfiguration here. This value must be between 1 and 4094.

mask - (Optional) Specifies the mask used.

<hex 0x0-x0fff> - Enter the mask value used here.

source_ip - (Optional) Specifies an IP source address.

<ipaddr> - Enter the source IP address used here.

mask - Specifies the source IP address used here.

<netmask> - Enter the source network mask here.

destination_ip - (Optional) Specifies an IP destination address.

132

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<ipaddr> - Enter the destination IP address used here.

mask - Specifies the destination IP address used here.

<netmask> - Enter the destination network mask here.

dscp - (Optional) Specifies the value of DSCP. The DSCP value ranges from 0 to 63.

<value 0-63> - Enter the DSCP value used here. This value must be between 0 and 63.

icmp - (Optional) Specifies that the following parameters configured will apply to the ICMP configuration.

type - Specifies that the rule will apply to the ICMP type traffic value.

<value 0-255> - Enter the ICMP traffic type value here. This value must be between 0 and 255.

code - Specifies that the rule will apply to the ICMP code traffic value.

<value 0-255> - Enter the ICMP code traffic value here. This value must be between 0 and 255.

igmp - (Optional) Specifies that the following parameters configured will apply to the IGMP configuration.

type - Specifies that the rule will apply to the IGMP type traffic value.

<value 0-255> - Enter the IGMP type traffic value here. This value must be between 0 and 255.

tcp - (Optional) Specifies that the following parameters configured will apply to the TCP configuration.

src_port - Specifies that the rule will apply to a range of TCP source ports.

<value 0-65535> - Enter the source port value here. This value must be between 0 and

65535.

mask - Specifies the TCP source port mask here.

<hex 0x0-0xffff> - Enter the TCP source port mask value here.

dst_port - Specifies that the rule will apply to a range of TCP destination ports.

<value 0-65535> - Enter the destination port value here. This value must be between 0 and 65535.

mask - Specifies the TCP destination port mask here.

<hex 0x0-0xffff> - Enter the TCP destination port mask value here.

flag - (Optional) Specifies the TCP flag fields.

all - Specifies that the TCP flag field will be set to 'all'.

urg - Specifies that the TCP flag field will be set to 'urg'.

ack - Specifies that the TCP flag field will be set to 'ack'.

psh - Specifies that the TCP flag field will be set to 'psh'.

rst - Specifies that the TCP flag field will be set to 'rst'.

syn - Specifies that the TCP flag field will be set to 'syn'.

fin - Specifies that the TCP flag field will be set to 'fin'.

udp - (Optional) Specifies that the following parameters configured will apply to the UDP configuration.

src_port - Specifies the UDP source port range.

<value 0-65535> - Enter the UDP source port range value here.

mask - Specifies the UDP source port mask here.

<hex 0x0-0xffff> - Enter the UDP source port mask value here.

dst_port - Specifies the UDP destination port range.

<value 0-65535> - Enter the UDP destination port range value here.

mask - Specifies the UDP destination port mask here.

<hex 0x0-0xffff> - Enter the UDP destination port mask value here.

protocol_id - (Optional) Specifies that the rule will apply to the value of IP protocol ID traffic.

<value 0-255> - Enter the protocol ID used here. This value must be between 0 and 255.

user_define - (Optional) Specifies that the rule will apply to the IP protocol ID and that the mask options behind the IP header, which has a length of 20 bytes.

<hex 0x0-0xffffffff> - Enter the user-defined mask value here.

mask - Specifies the user-defined mask here.

<hex 0x0-0xffffffff> - Enter the user-defined mask value here.

mirror - Specifies that only the mirrored packet can be matched.

ipv6 - Specifies the rule applies to IPv6 fields.

class - (Optional) Specifies the value of IPv6 class.

<value 0-255> - Enter the IPv6 class value here. This value must be between 0 and 255.

source_ipv6 - (Optional) Specifies the value of IPv6 source address.

133

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<ipv6addr> - Enter the source IPv6 source address here.

mask - Specifies the IPv6 source address mask here.

<ipv6mask> - Enter the IPv6 source address mask value here.

destination_ipv6 - (Optional) Specifies the value of IPv6 destination address.

<ipv6addr> - Enter the source IPv6 destination address here.

mask - Specifies the IPv6 destination address mask here.

<ipv6mask> - Enter the IPv6 destination address mask value here.

tcp - (Optional) Specifies the TCP protocol

src_port - Specifies the value of the IPv6 layer 4 TCP source port.

<value 0-65535> - Enter the IPv6 TCP source port value here. This value must be between 0 and 65535.

mask - Specifies the IPv6 TCP source port mask here.

<hex 0x0-0xffff> - Enter the IPv6 TCP source port mask value here.

dst_port - Specifies the value of the IPv6 layer 4 TCP destination port.

<value 0-65535> - Enter the IPv6 TCP destination port value here. This value must be between 0 and 65535.

mask - Specifies the IPv6 TCP destination port mask here.

<hex 0x0-0xffff> - Enter the IPv6 TCP destination port mask value here.

udp - (Optional) Specifies the UDP protocol.

src_port - Specifies the value of the IPv6 layer 4 UDP source port.

<value 0-65535> - Enter the IPv6 UDP source port value here. This value must be between 0 and 65535.

mask - Specifies the IPv6 UDP source port mask here.

<hex 0x0-0xffff> - Enter the IPv6 UDP source port mask value here.

dst_port - Specifies the value of the IPv6 layer 4 UDP destination port.

<value 0-65535> - Enter the IPv6 UDP destination port value here. This value must be between 0 and 65535.

mask - Specifies the IPv6 UDP destination port mask here.

<hex 0x0-0xffff> - Enter the IPv6 UDP destination port mask value here.

icmp - (Optional) Specifies that the following parameters configured will apply to the ICMP configuration.

type - Specifies that the rule will apply to the ICMP type traffic value.

<value 0-255> - Enter the ICMP traffic type value here. This value must be between 0 and 255.

code - Specifies that the rule will apply to the ICMP code traffic value.

<value 0-255> - Enter the ICMP code traffic value here. This value must be between 0 and 255.

mirror - Specifies that only the mirrored packet can be matched.

vlan_based - The rule applies on the specified VLAN.

vlan - Specifies the VLAN name.

<vlan_name 32> - Enter the VLAN name used for this configuration here. This name can be up to 32 characters long.

vlanid - Specifies a VLAN ID.

<vlanid 1-4094> - Enter the VLAN ID used for this congfiguration here. This value must be between 1 and 4094.

port_group - Specifies the port group value here.

id - Specifies the ID of the port group which the rule applies.

<value 1-64> - Enter the group ID value here. This value must be between 1 and 64.

name - Specifies the name of the port group which the rule applies.

<name 16> - Enter the port group name here. This name can be up to 16 characters long.

port - Specifies the port in the port group used.

<port> - Enter the port number used here.

permit - Specifies that packets matching the egress access rule are permitted by the switch.

replace_priority_with - (Optional) Specifies the packets that match the egress access rule are changed the 802.1p priority tag field by the switch.

<value 0-7> - Enter the replace priority with value here. This value must be between 0 and 7.

replace_dscp_with - (Optional) Specifies the packets that match the egress access rule are changed the DSCP value by the switch.

<value 0-63> - Enter the replace DSCP with value here. This value must be between 0 and

63.

134

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

replace_vlan_id_with - (Optional) Specifies the VLAN ID to replace the outer VLAN ID of the matched packets.

<value 1-4094> - Enter the replacement VLAN ID here. This value must be between 1 and

4094.

counter - (Optional) Specifies whether the ACL counter feature is enabled or disabled. This parameter is optional. The default option is disabled. If the rule is not bound with the flow_meter, all matching packets are counted. If the rule is bound with the flow_meter, then the “counter” is overridden.

enable - Specifies that the ACL counter feature will be enabled.

disable - Specifies that the ACL counter feature will be disabled.

deny - Specifies the packets that match the egress access rule are filtered by the switch.

time_range - (Optional) Specifies the name of the time range entry.

<range_name 32> - Enter the time range value here. This name can be up to 32 characters long.

delete - Specifies to delete a profile or rule.

access_id - Specifies the index of the access list entry. If the auto_assign option is selected, the access ID is automatically assigned.

<value 1-128> - Enter the access ID used here. This value must be between 1 and 128.

Example

To configure a port-base egress access rule that when the packet go out switch which match the specified source IP, DSCP and destination IP field, it will not be dropped:

DGS-3620-28PC:admin# config egress_access_profile profile_id 2 add access_id auto_assign ip source_ip 10.0.0.1 dscp 25 destination_ip 10.90.90.90 port_group id 1 permit

Command: config egress_access_profile profile_id 2 add access_id auto_assign ip source_ip 10.0.0.1 dscp 25 destination_ip 10.90.90.90 port_group id 1 permit

Success.

DGS-3620-28PC:admin#

To configure a vlan-base egress access rule that when the packet go out switch which match the specified source MAC field, it will be dropped:

DGS-3620-28PC:admin# config egress_access_profile profile_id 2 add access_id 1 ethernet source_mac 11-22-33-44-55-66 vlan_based vlan_id 1 deny

Command: config egress_access_profile profile_id 2 add access_id 1 ethernet source_mac 11-22-33-44-55-66 vlan_based vlan_id 1 deny

Success.

DGS-3620-28PC:admin#

6-4 show egress_access_profile

Description

This command is used to display current egress access list table.

135

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format show egress_access_profile {[profile_id <value 1-4> | profile_name <name 1-32>]}

Parameters

Restrictions

None.

profile_id - (Optional) Specifies the index of the egress access list profile.

<value 1-4> - Enter the profile ID here. This value must be between 1 and 4.

profile_name - (Optional) Specifies the name of the profile. The maximum length is 32 characters.

<name 1-32> - Enter the profile name here. This name can be up to 32 characters long.

If no parameter is specified, will show the all egress access profile.

Example

To display current egress access list table:

DGS-3620-28PC:admin# show egress_access_profile

Command: show access_profile

Egress Access Profile Table

Total User Set Rule Entries : 3

Total Used Hardware Entries : 3

Total Available Hardware Entries : 253

===============================================================================

=

Profile ID: 1 Profile name: 1 Type: Ethernet

Mask on

Source MAC : FF-FF-FF-FF-FF-FF

Available Hardware Entries : 127

-------------------------------------------------------------------------------

-

Rule ID : 1 Port group: -

Match on

VLAN ID : 1

Source MAC : 00-00-00-00-00-01

Action:

Permit

===============================================================================

=

===============================================================================

136

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

=

Profile ID: 2 Profile name: 2 Type: IPv4

Mask on

Source IP : 255.255.255.255

Destination IP : 255.255.255.255

DSCP

Available Hardware Entries : 126

-------------------------------------------------------------------------------

-

Rule ID : 1 (auto assign) Port group: 1

Match on

Source IP : 10.0.0.2

Destination IP : 10.90.90.90

DSCP : 25

Action:

Permit

-------------------------------------------------------------------------------

-

Rule ID : 2 (auto assign) Port group: 1

Match on

Source IP : 10.0.0.1

Destination IP : 10.90.90.90

DSCP : 25

Action:

Permit

Matched Count : 0 packets

===============================================================================

=

DGS-3620-28PC:admin#

The following example displays an egress access profile that supports an entry mask for each rule:

137

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show egress_access_profile profile_id 1

Command: show egress_access_profile profile_id 1

Egress Access Profile Table

===============================================================================

=

Profile ID: 1 Profile name: 1 Type: Ethernet

Mask on

Source MAC : FF-FF-FF-FF-FF-FF

Available Hardware Entries : 127

-------------------------------------------------------------------------------

-

Rule ID : 1 Port group: -

Match on

VLAN ID : 1

Source MAC : 00-00-00-00-00-01

Action:

Permit

===============================================================================

=

DGS-3620-28PC:admin#

6-5 show current_config egress_access_profile

Description

This command is used to display the egress ACL part of current configuration in user level of privilege.

The overall current configuration can be displayed by “show config” command which is accessible in administrator level of privilege.

Format show current_config egress_access_profile

Parameters

None.

Restrictions

None.

Example

To display current configuration of egress access list table:

138

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show current_config egress_access_profile

Command: show current_config egress_access_profile

#------------------------------------------------------------------------------

-

# Egress ACL create egress_access_profile profile_id 1 profile_name 1 ethernet source_mac

FF-

FF-FF-FF-FF-FF config egress_access_profile profile_id 1 add access_id 1 ethernet source_mac

00

-00-00-00-00-01 vlan_based vlan_id 1 permit create egress_access_profile profile_id 2 profile_name 2 ip source_ip_mask

255.2

55.255.255 destination_ip_mask 255.255.255.255 dscp config egress_access_profile profile_id 2 add access_id auto_assign ip source_ip

10.0.0.2 destination_ip 10.90.90.90 dscp 25 port_group id 1 permit counter enable config egress_access_profile profile_id 2 add access_id auto_assign ip source_ip

10.0.0.1 destination_ip 10.90.90.90 dscp 25 port_group id 1 permit

#------------------------------------------------------------------------------

-

DGS-3620-28PC:admin#

6-6 config egress_flow_meter

Description

This command is used to configure the packet flow-based metering based on an egress access profile and rule.

Format config egress_flow_meter [profile_id <value 1-4> | profile_name <name 1-32>] access_id

<value 1-128> [rate <value 0-1048576> {burst_size <value 0-131072>} rate_exceed

[drop_packet | remark_dscp <value 0-63>] | tr_tcm cir <value 0-1048576> {cbs <value 0-

131072>} pir <value 0-1048576> {pbs <value 0-131072>} {[color_blind | color_aware]}

{conform [permit | replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit

{replace_dscp <value 0-63>} | drop] {counter [enable | disable]} violate [permit

{replace_dscp <value 0-63>} | drop] {counter [enable | disable]} | sr_tcm cir <value 0-

1048576> cbs <value 0-131072> ebs <value 0-131072> {[color_blind | color_aware]}

{conform [permit | replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit

{replace_dscp <value 0-63>} | drop] {counter [enable | disable]} violate [permit

{replace_dscp <value 0-63>} | drop] {counter [enable | disable]} | delete]

Parameters

profile_id - Specifies the profile ID.

139

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<value 1-4> - Enter the profile ID used here. This value must be between 1 and 4.

profile_name - Specifies the name of the profile.

<name 1-32> - Enter the profile name used here. This name can be up to 32 characters long.

access_id - Specifies the access ID.

<value 1-128> - Enter the access ID used here. This value must be between 1 and 128.

rate - This specifies the rate for single rate two-color mode. Specify the committed bandwidth in

Kbps for the flow. The value m and n are determined by the project.

<value 0-1048576> - Enter the rate for single rate two-color mode here. This value must be between 0 and 1048576.

burst_size - (Optional) This specifies the burst size for the single rate “two color” mode. The unit is Kbytes.

<value 0-131072> - Enter the burst size value here. This value must be between 0 and

131072.

rate_exceed - This specifies the action for packets that exceed the committed rate in single rate

“two color” mode. The action can be specified as one of the following:

drop_packet - Drop the packet immediately.

remark_dscp - Mark the packet with a specified DSCP. The packet is set to have the higher drop precedence.

<value 0-63> - Enter the remark DSCP value here. This value must be between 0 and 63.

tr_tcm - Specifies the “two rate three color mode”.

cir - Specifies the two rate three color mode used.

<value 0-1048576> - Enter the two rate three color mode value here. This value must be between 0 and 1048576.

cbs - (Optional) Specifies the “Committed Burst Size”. The unit is Kbytes. That is to say, 1 means 1Kbytes. This parameter is an optional parameter. The default value is 4*1024.

<value 0-131072> - Enter the comitted burst size value here. This value must be between

0 and 131072.

pir - Specifies the “Peak Information Rate”. The unit is in Kbps. PIR should always be equal to or greater than CIR.

<value 0-1048576> - Enter the peak information rate value here. This value must be between 0 and 1048576.

pbs - (Optional) Specifies the “Peak Burst Size”. The unit is in Kbytes.

<value 0-131072> - Enter the peak burst size value here. This value must be between 0 and 131072.

color_blind - (Optional) Specifies the meter mode to be color-blind. The default is color-blind mode.

color_aware - (Optional) Specifies the meter mode to be color-aware. When this code is specified, user could set the “in-coming packet color” by using command “config color_aware”. The final color of packet is determined by the initial color of packet and the metering result.

conform - (Optional) Specifies the action when packet is in “green color”.

permit - Permit the packet.

replace_dscp - Changes the DSCP of the packet.

<value 0-63> - Enter the replace DSCP value here. This value must be between 0 and 63.

counter - (Optional) Specifies the ACL counter. This is optional. The default is “disable”. The resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.

enable - Specifies that the ACL counter parameter will be enabled.

disable - Specifies that the ACL counter parameter will be disabled.

exceed - Specifies the action when packet is in “yellow color”.

permit - (Optional) Permit the packet.

replace_dscp - Changes the DSCP of the packet.

<value 0-63> - Enter the DSCP replace value here. This value must be between 0 and 63.

drop - Drops the packet.

counter - (Optional) Specifies the ACL counter. This is optional. The default is “disable”. The resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.

enable - Specifies that the ACL counter parameter will be enabled.

disable - Specifies that the ACL counter parameter will be disabled.

violate - Specifies the action when packet is in “red color”.

140

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

permit - Permit the packet.

replace_dscp - (Optional) Changes the DSCP of the packet.

<value 0-63> - Enter the DSCP replace value here. This value must be between 0 and 63.

drop - Drops the packet.

counter - (Optional) Specifies the ACL counter. This is optional. The default is “disable”. The resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.

enable - Specifies that the ACL counter parameter will be enabled.

disable - Specifies that the ACL counter parameter will be disabled.

sr_tcm - Specifies the “single rate three color mode”.

cir - Specifies the single rate three color mode used.

<value 0-1048576> - Enter the single rate three color mode value here. This value must be between 0 and 1048576.

cbs - Specifies the “committed burst size”. The unit is Kbytes.

<value 0-131072> - Enter the committed burst size value here. This value must be between 0 and 131072.

ebs - Specifies the “Excess Burst Size”. The unit is Kbytes.

<value 0-131072> - Enter the excess burst size value here. This value must be between 0 and 131072.

color_blind - (Optional) Specifies the meter mode to be color-blind. The default is color-blind mode.

color_aware - (Optional) Specifies the meter mode to be color-aware. When this code is specified, user could set the “in-coming packet color” by using command “config color_aware”. The final color of packet is determined by the initial color of packet and the metering result.

conform - (Optional) Specifies the action when packet is in “green color”.

permit - (Optional) Permit the packet.

replace_dscp - Changes the DSCP of the packet.

<value 0-63> - Enter the replace DSCP value here. This value must be between 0 and 63.

counter - (Optional) Specifies the ACL counter. This is optional. The default is “disable”. The resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.

enable - Specifies that the ACL counter parameter will be enabled.

disable - Specifies that the ACL counter parameter will be disabled.

exceed - Specifies the action when packet is in “yellow color”.

permit - Permit the packet.

replace_dscp - (Optional) Changes the DSCP of the packet.

<value 0-63> - Enter the DSCP replace value here. This value must be between 0 and 63.

drop - Drops the packet.

counter - (Optional) Specifies the ACL counter. This is optional. The default is “disable”. The resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.

enable - Specifies that the ACL counter parameter will be enabled.

disable - Specifies that the ACL counter parameter will be disabled.

violate - Specifies the action when packet is in “red color”.

permit - Permit the packet.

replace_dscp - (Optional) Changes the DSCP of the packet.

<value 0-63> - Enter the DSCP replace value here. This value must be between 0 and 63.

drop - Drops the packet.

counter - (Optional) Specifies the ACL counter. This is optional. The default is “disable”. The resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.

enable - Specifies that the ACL counter parameter will be enabled.

disable - Specifies that the ACL counter parameter will be disabled.

delete - Delete the specified “flow_meter”.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

141

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure a “two rates three color” flow meter:

DGS-3620-28PC:admin# config egress_flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs 200 pir 2000 pbs 200 exceed replace_dscp 21 violate drop command: config egress_flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs

200 pir 2000 pbs 200 exceed replace_dscp 21 violate drop

Success.

DGS-3620-28PC:admin#

6-7 show egress_flow_meter

Description

This command is used to display the egress flow-based metering configuration.

Format show egress_flow_meter {[profile_id <value 1-4> | profile_name <name 1-32>] {access_id

<value1-128>}}

Parameters

profile_id - (Optional) Specifies the index of access list profile.

<value 1-4> - Enter the profile ID used here. This value must be between 1 and 4.

profile_name - (Optional) Specifies the name of the profile.

<name 1-32> - Enter the profile name used here. This name can be up to 32 characters long.

access_id - (Optional) Specifies the access ID.

<value 1-128> - Enter the access ID used here. This value must be between 1 and 128.

Restrictions

None.

Example

To display current egress flow meter table:

142

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show egress_flow_meter

Command: show egress_flow_meter

Flow Meter Information:

------------------------

Profile ID : 1 Access ID : 1 Mode : trTcm / color-blind

CIR:1000(Kbps) CBS:2000(Kbyte) PIR:2000(Kbps) PBS:2000(Kbyte)

Actions:

Conform : Permit Replace DSCP : 11 Counter : enable

Exceed : Permit Replace DSCP : 22 Counter : enable

Violate : Drop

Profile ID : 1 Access ID : 1 Mode : srTcm / color-blind

CIR:2500(Kbps) CBS:2000(Kbyte) EBS:3500(Kbyte)

Actions:

Conform : Permit Counter : enable

Exceed : Permit Replace DSCP: 33 Counter : enable

Violate : Drop

Total Entries: 2

DGS-3620-28PC:admin#

6-8 create port_group id

Description

This command is used to create a port group.

Format create port_group id <value 1-64> name <name 16>

Parameters

id - Specifies the port group ID.

<value 1-64> - Enter the port group ID here. This value must be between 1 and 64.

name - Specifies the port group name.

<name 16> - Enter the port group name here. This name can be up to 16 characters long.

Restrictions

Only Administrators and Operators can issue this command.

Example

To create a port group:

143

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# create port_group id 2 name group2

Command: create port_group id 2 name group2

Success.

DGS-3620-28PC:admin#

6-9 config port_group

Description

This command is used to add or delete a port list to a port group.

Format config port_group [id <value 1-64> | name <name 16>] [add | delete] [<portlist> | all]

Parameters

id - Specifies the port group ID.

<value 1-64> - Enter the port group ID used here. This value must be between 1 and 64.

name - Specifies the port group name.

<name 16> - Enter the port group name here. This name can be up to 16 characters long.

add - Add a port list to this port group.

delete - Delete a port list from this port group.

<portlist> - Enter a list of ports used for the configuration here.

all - Specifies that all the ports will be used for this configuration.

Restrictions

Only Administrators and Operators can issue this command.

Example

Add port list “1-3” to the port group which ID is “2”:

DGS-3620-28PC:admin# config port_group id 2 add 1-3

Command: config port_group id 2 add 1-3

Success.

DGS-3620-28PC:admin#

6-10 delete port_group

Description

This command is used to delete port group.

Format delete port_group [id <value 1-64> | name <name 16>]

144

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

id - Specifies the port group ID.

<value 1-64> - Enter the port group ID used here. This value must be between 1 and 64.

name - Specifies the port group name.

<name 16> - Enter the port group name here. This name can be up to 16 characters long.

Restrictions

Only Administrators and Operators can issue this command.

Example

To delete the port group which ID is “2”:

DGS-3620-28PC:admin# delete port_group id 2

Command: delete port_group id 2

Success.

DGS-3620-28PC:admin#

6-11 show port_group

Description

This command is used to display the port group information.

Format show port_group {id <value 1-64> | name <name 16>}

Parameters

id - (Optional) Specifies the port group ID.

<value 1-64> - Enter the port group ID used here. This value must be between 1 and 64.

name - (Optional) Specifies the port group name.

<name 16> - Enter the port group name here. This name can be up to 16 characters long.

If not specified parameter, will show all the port group.

Restrictions

Only Administrators and Operators can issue this command.

Example

To show all the port group information:

145

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show port_group

Command: show port_group

Port Group Table

Group ID Group Name Ports

1 group1 1-2,5

2 group2 4,5,7,9,11,13

15,17,19-25

4 group3 5-7

Total Entries :3

DGS-3620-28PC:admin#

146

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 7 ARP Commands

create arpentry <ipaddr> <macaddr>

delete arpentry [<ipaddr> | all]

config arpentry <ipaddr> <macaddr>

config arpentry force_aging_addr [add | delete] <ipaddr>

show arpentry {ipif <ipif_name 12> | ipaddress <ipaddr> | static | mac_address <macaddr>}

show arpentry force_aging_addr clear arptable

show ipfdb {[ip_address <ipaddr> | interface <ipif_name 12> | port <port>]}

config arp_aging time <min 0-65535>

config arp_retry times <value 0-4>

7-1 create arpentry

Description

This command is used to enter an IP address and the corresponding MAC address into the switch’s ARP table.

Format create arpentry <ipaddr> <macaddr>

Parameters

<ipaddr> - The IP address of the end node or station.

<macaddr> - The MAC address corresponding to the IP address above.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To create a static ARP entry for the IP address 10.48.74.121 and MAC address 00:50:BA:00:07:36:

DGS-3620-28PC:admin#create arpentry 10.48.74.121 00-50-BA-00-07-36

Command: create arpentry 10.48.74.121 00-50-BA-00-07-36

Success.

DGS-3620-28PC:admin#

7-2 delete arpentry

Description

This command is used to delete an ARP entry, made using the create arpentry command above, by specifying either the IP address of the entry or all. Specifying all deletes all static and dynamic

ARP entries.

147

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format delete arpentry [<ipaddr> | all]

Parameters

<ipaddr> - The IP address of the end node or station.

all - Delete all ARP entries

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete an entry of IP address 10.48.74.121 from the ARP table:

7-3

DGS-3620-28PC:admin#delete arpentry 10.48.74.121

Command: delete arpentry 10.48.74.121

Success.

DGS-3620-28PC:admin#

config arpentry

Description

This command is used to configure a static entry in the ARP table. Specify the IP address and

MAC address of the entry.

Format config arpentry <ipaddr> <macaddr>

Parameters

<ipaddr> - The IP address of the end node or station.

<macaddr> - The MAC address corresponding to the IP address above.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure a static ARP entry for the IP address 10.48.74.121 and MAC address

00:50:BA:00:07:36:

DGS-3620-28PC:admin#config arpentry 10.48.74.121 00-50-BA-00-07-36

Command: config arpentry 10.48.74.121 00-50-BA-00-07-36

148

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

7-4

Success.

DGS-3620-28PC:admin#

config arpentry force_aging_addr

Description

This command is used to to configure the force aging gateway address in the ARP table.

Format config arpentry force_aging_addr [add | delete] <ipaddr>

Parameters

add - Specifies to add a new entry.

delete - Specifies to remove an existing entry.

<ipaddr> - Enter the IP address of the gateway here.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

This example shows how to add a force aging ARP entry of gateway10.48.74.12.

7-5

DGS-3620-28PC:admin#config arpentry force_aging_addr add 10.48.74.12

Command: config arpentry force_aging_addr add 10.48.74.12

Success.

DGS-3620-28PC:admin#

show arpentry

Description

This command is used to display the Address Resolution Protocol (ARP) table. Filter the display by

IP address, interface name, static entries or mac_address.

Format show arpentry {ipif <ipif_name 12> | ipaddress <ipaddr> | static | mac_address <macaddr>}

Parameters

ipif - The name of the IP interface the end node or station for which the ARP table entry was made, resides on.

<ipif_name 12> - Enter the IP interface name. The maximum length is 12 characters.

149

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

ipaddress - The IP address of the end node or station.

<ipaddr> - Enter the IP address.

static - Displays the static entries to the ARP table.

mac_address - Displays the ARP entry by MAC address.

<macaddr> - Enter the MAC address.

Note: If no parameter is specified, all ARP entries will be displayed.

Restrictions

None.

Example

To display the ARP table:

7-6

DGS-3620-28PC:admin# show arpentry

Command: show arpentry

ARP Aging Time : 20

Interface IP Address MAC Address Type

------------- --------------- ----------------- ---------------

System 10.0.0.0 FF-FF-FF-FF-FF-FF Local/Broadcast

System 10.90.90.90 00-01-02-03-04-00 Local

System 10.255.255.255 FF-FF-FF-FF-FF-FF Local/Broadcast

Total Entries: 3

DGS-3620-28PC:admin#

show arpentry force_aging_addr

Description

This command is used to display the force aging entry in the ARP table.

Format show arpentry force_aging_addr

Parameters

None.

Restrictions

None.

150

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

This example shows how to display the force aging address in the ARP table.

DGS-3620-28PC:admin#show arpentry force_aging_addr

Command: show arpentry force_aging_addr

ARP Force Aging Address:

Interface IP Address MAC Address Type

------------- --------------- ----------------- ---------------

------------ 10.48.74.12 ----------------- ------

Total Entries: 1

DGS-3620-28PC:admin#

7-7 clear arptable

Description

This command is used to remove dynamic entries from the ARP table. Static ARP entries are not affected.

Format clear arptable

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To remove the dynamic entries from the ARP table:

7-8

DGS-3620-28PC:admin#clear arptable

Command: clear arptable

Success.

DGS-3620-28PC:admin#

show ipfdb

Description

This command is used to display the IP address forwarding table on the Switch.

151

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format show ipfdb {[ip_address <ipaddr> | interface <ipif_name 12> | port <port>]}

Parameters

ip_address - (Optional) Specifies the IP address of the forwarding table.

<ipaddr> - Enter the IP address to be displayed.

interface - (Optional) Specifies the interface name of the forwarding table.

<ipif_name 12> - Enter the interface name here. This name can be up to 12 characters long.

port - (Optional) Specifies the port to be displayed.

<port> - Enter the port number to be displayed.

Restrictions

None.

Example

To display the IP address forwarding table on the Switch:

7-9

DGS-3620-28PC:admin# show ipfdb

Command: show ipfdb

Interface IP Address Port Learned

------------ ---------------- --------- ---------

Total Entries: 0

DGS-3620-28PC:admin#

config arp_aging time

Description

This command is used to set the maximum amount of time, in minutes, that an ARP entry can remain in the switch’s ARP table, without being accessed, before it is dropped from the table.

Format config arp_aging time <min 0-65535>

Parameters

<min 0-65535> - The ARP age-out time, in minutes. The default is 20 minutes. The range is 0 to

65535 minutes.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

152

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure the ARP aging time:

DGS-3620-28PC:admin#config arp_aging time 30

Command: config arp_aging time 30

Success.

DGS-3620-28PC:admin#

7-10 config arp_retry times

Description

This command is used to configure the ARP retry times.

Format config arp_retry times <value 0-4>

Parameters

<value 0-4> - Enter the ARP retry times value here. This value must be between 0 and 4.

Entering 0 will only send one ARP request without any retries. By default, this value is 4.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

This example shows how to configure the ARP retry times value.

DGS-3620-28PC:admin#config arp_retry times 2

Command: config arp_retry times 2

Success.

DGS-3620-28PC:admin#

153

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 8 ARP Spoofing

Prevention Commands

config arp_spoofing_prevention [add gateway_ip <ipaddr> gateway_mac <macaddr> ports

[<portlist> | all] | delete gateway_ip <ipaddr>]

show arp_spoofing_prevention

8-1 config arp_spoofing_prevention

Description

The user can configure the spoofing prevention entry to prevent spoofing of MAC for the protected gateway. When an entry is created, those ARP packets whose sender IP matches the gateway IP of an entry, but either its sender MAC field or source MAC field does not match the gateway MAC of the entry will be dropped by the system.

Format config arp_spoofing_prevention [add gateway_ip <ipaddr> gateway_mac <macaddr> ports

[<portlist> | all] | delete gateway_ip <ipaddr>]

Parameters

add gateway_ip - Specifies a gateway IP to be added.

<ipaddr> - Enter the IP address.

gateway_mac - Specifies a gateway MAC to be configured.

<macaddr> - Enter the MAC address.

ports – Specify the ports.

<portlist> - Enter a range of ports to be configured.

all - Specifies all ports to be configured.

delete gateway_ip - Specifies a gateway IP to be deleted.

<ipaddr> - Enter the IP address.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the prevent IP spoofing attack:

DGS-3620-28PC:admin#config arp_spoofing_prevention add gateway_ip

10.254.254.251 gateway_mac 00-00-00-11-11-11 ports 1-2

Command: config arp_spoofing_prevention add gateway_ip 10.254.254.251 gateway_mac 00-00-00-11-11-11 ports 1-2

Success.

DGS-3620-28PC:admin#

154

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

8-2 show arp_spoofing_prevention

Description

This command is used to display the ARP spoofing prevention status.

Format show arp_spoofing_prevention

Parameters

None.

Restrictions

None.

Example

To display the ARP spoofing prevention status:

DGS-3620-28PC:admin#show arp_spoofing_prevention

Command: show arp_spoofing_prevention

Gateway IP Gateway MAC Ports

------------------ ------------------- --------------------

192.168.0.1 00-00-00-00-00-01 1-28

Total Entries: 1

DGS-3620-28PC:admin#

155

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 9 Asymmetric VLAN

Commands

enable asymmetric_vlan disable asymmetric_vlan show asymmetric_vlan

9-1 enable asymmetric_vlan

Description

This command is used to enable the asymmetric VLAN function..

Format enable asymmetric_vlan

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable asymmetric VLAN setting:

9-2

DGS-3620-28PC:admin# enable asymmetric_vlan

Command: enable asymmetric_vlan

Success.

DGS-3620-28PC:admin#

disable asymmetric_vlan

Description

This command is used to disable the asymmetric VLAN function.

Format disable asymmetric_vlan

156

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To disable asymmetric VLAN setting:

9-3

DGS-3620-28PC:admin# disable asymmetric_vlan

Command: disable asymmetric_vlan

Success.

DGS-3620-28PC:admin#

show asymmetric_vlan

Description

This command is used to display the asymmetric VLAN function.

Format show asymmetric_vlan

Parameters

None.

Restrictions

None.

Example

To display asymmetric VLAN:

DGS-3620-28PC:admin# show asymmetric_vlan

Command: show asymmetric_vlan

Asymmetric Vlan : Disabled

DGS-3620-28PC:admin#

157

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 10 Auto Configuration

Commands

show autoconfig enable autoconfig disable autoconfig

10-1 show autoconfig

Description

This command is used to display the status of automatically getting configuration from a TFTP server.

Format show autoconfig

Parameters

None.

Restrictions

None.

Example

To display the DHCP auto configuration status:

DGS-3620-28PC:admin#show autoconfig

Command: show autoconfig

Autoconfig State: Disabled

DGS-3620-28PC:admin#

10-2 enable autoconfig

Description

This command is used to enable automatically to get configuration from a TFTP server according to the options in the DHCP reply packet. To employ this method, the DHCP server must be set up to deliver the TFTP server IP address and configuration file name information first.

Format enable autoconfig

158

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

None.

Restrictions

Only Administrators and Operators can issue this command.

Example

To enable DHCP auto configuration status:

DGS-3620-28PC:admin#enable autoconfig

Command: enable autoconfig

Success.

DGS-3620-28PC:admin#

10-3 disable autoconfig

Description

This command is used to disable automatically to get configuration from a TFTP server.

Format disable autoconfig

Parameters

None.

Restrictions

Only Administrators and Operators can issue this command.

Example

To disable the DHCP auto configuration status:

DGS-3620-28PC:admin#disable autoconfig

Command: disable autoconfig

Success.

DGS-3620-28PC:admin#

159

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 11 Bidirectional

Forwarding Detection (BFD)

Commands

enable bfd disable bfd

config bfd [ipif <ipif_name 12> | all] {min_tx_interval <millisecond 50-1000> | min_rx_interval

<millisecond 50-1000> | multiplier <value 3-99> | slow_time <millisecond 1000-3000>}

show bfd {ipif <ipif_name 12>}

show bfd neighbor {ipif <ipif_name 12> | ipaddress <ipaddr> | protocol [ospf | vrrp] | details}

11-1 enable bfd

Description

This command is used to enable the BFD global state on the Switch.

Format enable bfd

Parameters

None

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

This example show how to enable the BFD global state.

DGS-3620-28PC:admin# enable bfd

Command: enable bfd

Success.

DGS-3620-28PC:admin#

11-2 disable bfd

Description

This command is used to disable the BFD global state on the Switch.

160

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format disable bfd

Parameters

None

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

This example show how to disable the BFD global state.

DGS-3620-28PC:admin# disable bfd

Command: disable bfd

Success.

DGS-3620-28PC:admin#

11-3 config bfd

Description

This command is used to configure the BFD parameters on the Switch.

Format config bfd [ipif <ipif_name 12> | all] {min_tx_interval <millisecond 50-1000> | min_rx_interval <millisecond 50-1000> | multiplier <value 3-99> | slow_time <millisecond

1000-3000>}

Parameters

ipif - Specifies the name of the IP interface.

<ipif_name 12> - Enter the name of the IP interface. This name can be up to 12 characters long.

all - Specifies that all the IP interfaces will be used.

min_tx_interval - (Optional) Specifies the desired minimum transmit interval value.

<millisecond 50-1000> - Enter the minimum transmit interval value here. This value must be between 50 and 1000 milliseconds.

min_rx_interval - (Optional) Specifies the required minimum receive interval value.

<millisecond 50-1000> - Enter the minimum receive interval value here. This value must be between 50 and 1000 milliseconds.

multiplier - (Optional) Specifies the BFD detection time multiplier value.

<value 3-99> - Enter the BFD detection time multiplier value here. This value must be between 3 and 99.

slow_time - (Optional) Specifies the BFD slow time value.

<millisecond 1000-3000> - Enter the BFD slow time value here. This value must be between

1000 and 3000 milliseconds.

161

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

This example show how to configure the desired minimum TX interval value to 100 milliseconds and detection time multiplier to 5 on the interface System.

DGS-3620-28PC:admin# config bfd ipif System min_tx_interval 100 multiplier 5

Command: config bfd ipif System min_tx_interval 100 multiplier 5

Success.

DGS-3620-28PC:admin#

11-4 show bfd

Description

This command is used to display the BFD information on the Switch.

Format show bfd {ipif <ipif_name 12>}

Parameters

ipif - (Optional) Specifies the IP interface to display.

<ipif_name 12> - Enter the IP interface's name here. This name can be up to 12 characters long.

Restrictions

None.

Example

This example show how to display the BFD information.

162

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show bfd

Command: show bfd

BFD Global State : Disabled

BFD Interface Setting

MinTxInt - Desired Minimum TX Interval

MinRxInt - Required Minimum RX Interval

Interface Name MinTxInt(ms) MinRxInt(ms) Multiplier Slow time(ms)

--------------- ------------ ------------ ---------- -------------

System 100 50 5 1000

Total Entries: 1

DGS-3620-28PC:admin#

11-5 show bfd neighbor

Description

This command is used to display the BFD neighbor information on the Switch.

Format show bfd neighbor {ipif <ipif_name 12> | ipaddress <ipaddr> | protocol [ospf | vrrp] | details}

Parameters

ipif - (Optional) Specifies the IP interface to display.

<ipif_name 12> - Enter the IP interface's name here. This name can be up to 12 characters long.

ipaddress - (Optional) Specifies to display the BFD neighbor information of the specified IP address.

<ipaddr> - Enter the IP address used here.

protocol - (Optional) Specifies to display the BFD neighbor information of the specified protocol owner.

ospf - Specifies to display OSPF BFD neighbor information.

vrrp - Specifies to display VRRP BFD neighbor information.

details - (Optional) Specifies to display more detailed BFD neighbor information.

Restrictions

None.

Examples

This example show how to display the BFD neighbors:

163

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show bfd neighbor

Command: show bfd neighbor

BFD Neighbor Table

Local Discr : Local Discriminator

Remote Discr: Remote Discriminator

Neighbor Local Remote Detect

Address Interface Name Discr Discr Time(ms) Status

--------------- -------------- ------ ------ -------- ----------

10.0.0.3 System 1 1 100 UP

10.0.0.2 System 2 1 50 UP

Total Entries: 2

DGS-3620-28PC:admin#

This example show how to display detailed information of BFD neighbors registered by OSPF.

DGS-3620-28PC:admin# show bfd neighbor protocol ospf details

Command: show bfd neighbor protocol ospf details

BFD Neighbor Table

Local Discr : Local Discriminator

Remote Discr: Remote Discriminator

Neighbor Local Remote Detect

Address Interface Name Discr Discr Time(ms) Status

--------------- -------------- ------ ------ -------- ----------

18.0.0.1 System 1 7 900 Up

Local Diagnostic : No Diagnostic

Pool Bit : Not set

Remote Minimum RX Interval : 300 ms

Remote Minimum TX Interval : 300 ms

Remote Multiplier : 3

Register Protocol : OSPF VRRP

Total Entries: 1

DGS-3620-28PC:admin#

164

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 12 Border Gateway

Protocol (BGP) Commands

enable bgp disable bgp

create bgp <as_number 1-4294967295>

delete bgp <as_number 1-4294967295>

config bgp router_id <ipaddr>

config bgp synchronization [enable | disable]

config bgp enforce_first_as [enable | disable]

create bgp aggregate_address [<network_address> | ipv6 <ipv6_networkaddr>] {summary_only

| as_set}

delete bgp aggregate_address [[<network_address> | all] | ipv6 [<ipv6_networkaddr> | all]]

show bgp aggregate_address {[<network_address> | ipv6 {<ipv6_networkaddr>}]}

create bgp network [<network_address> | ipv6 <ipv6_networkaddr>] {route_map <map_name

16>}

config bgp network [<network_address> | ipv6 <ipv6_networkaddr>] [route_map <map_name

16> | clear_routemap]

delete bgp network [[<network_address> | all] | ipv6 [<ipv6_networkaddr> | all]]

show bgp network {[<network_address> | ipv6 {<ipv6_networkaddr>}]}

config bgp timer holdtime <sec 0-65535> keepalive <sec 0-65535>

config bgp {always_compare_med [disable | enable] | deterministic_med [disable | enable] | default_local_preference <uint 0-4294967295> | bestpath {as_path_ignore [disable | enable] | compare_routerid [disable | enable] | med_confed [disable | enable] | med_missing_as_worst

[disable | enable] | compare_confed_aspath [disable | enable]}(1)}(1)

config bgp dampening {[ipv4 | ipv6] unicast} [route_map <map_name 16> | clear_routemap |

{state [enable | disable] | half_life <value 1-45> | reuse <value 1-20000> | suppress <value 1-

20000> | max_suppress_time <value 1-255> | un_reachability_half_life <value 1-45>}]

show bgp dampening {[ipv4 | ipv6] unicast}

config bgp peer_group <peer_group_name 16> [remote_as <as_number 0-4294967295> | [add | delete] [<ipaddr> | <ipv6addr>]]

create bgp neighbor [[<ipaddr> | <ipv6addr>] [remote_as <as_number 1-4294967295> | peer_group <peer_group_name 16>] | peer_group <peer_group_name 16>]

delete bgp neighbor [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16> | all]

config bgp neighbor [[[<ipaddr> | peer_group <peer_group_name 16>] [description <desc 80> | clear_description | password <password 25> | clear_password]] | <ipv6addr> [description

<desc 80> | clear_description]]

config bgp neighbor session [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]

[{[ipv4 | ipv6] unicast} activity | state] [enable | disable]

config bgp neighbor general [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]

[{ebgp_multihop <value 1-255> | weight [<value 0-65535> | default] | update_source [add | delete] ipif <ipif_name 12> | send_community [standard | none] | next_hop_self [enable | disable] | soft_reconfiguration_inbound [enable | disable] | remove_private_as [enable | disable] | allowas_in [enable {<value 1-10>} | disable] | default_originate [enable {route_map

<map_name 16>} | disable]} | [ipv4 | ipv6] unicast {send_community [standard | none] | next_hop_self [enable | disable] | soft_reconfiguration_inbound [enable | disable] | remove_private_as [enable | disable] | allowas_in [enable {<value 1-10>} | disable] | default_originate [enable {route_map <map_name 16>} | disable]}]

config bgp neighbor timer [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]

{advertisement_interval [<sec 0-600> | default] | [keepalive <sec 0-65535> holdtime <sec 0-

65535> | default_keepalive_holdtime] | as_origination_interval [<sec 1-600> | default] | connect [<sec 1-65535> | default]}

config bgp neighbor route_reflector_client [<ipaddr> | <ipv6addr> | peer_group

165

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<peer_group_name 16>] {[ipv4 | ipv6] unicast} state [enable | disable]

config bgp neighbor map [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>] {[ipv4 | ipv6] unicast} {unsuppress_map [add | delete] <map_name 16> | route_map [in | out] [add | delete] <map_name 16>}

config bgp neighbor filter [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>] {[ipv4 | ipv6] unicast} {filter_list [in | out] [add | delete] <list_name 16> | prefix_list [in | out] [add | delete] <list_name 16> | capability_orf_prefix_list [receive | send | both | none]}

show bgp peer_group {<peer_group_name 16>}

config bgp route_reflector cluster_id <ipaddr>

config bgp client_to_client_reflection [enable | disable]

config bgp confederation identifier <as_number 0-4294967295>

config bgp confederation peers [add | delete] <aspath_list>

clear bgp [all | neighbor_addr [<ipaddr> | <ipv6addr>] | as <as_number 1-4294967295> | peer_group <peer_group_name 16> | external] {[ipv4 | ipv6] unicast soft {[in {prefix_filter} | out]}}

clear bgp dampening {[ipv4 unicast {[<ipaddr> | <network_address>]} | [<ipaddr> |

<network_address>] | ipv6 unicast {[<ipv6addr> | <ipv6_networkaddr>]}]}

create bgp as_path access_list <list_name 16>

config bgp as_path access_list <list_name 16> [add | delete] <regexp_str 80> [deny | permit]

delete bgp as_path access_list [list_name <list_name 16> | all]

show bgp as_path access_list {<list_name 16>}

create bgp community_list [standard | expanded] <list_name 16>

config bgp community_list [standard <list_name 16> [add | delete] {internet | local_as | no_advertise | no_export | community_set <community_set 80>}(1) [deny | permit] | expanded

<list_name 16> [add | delete] <regexp_str 80> [deny | permit]]

delete bgp community_list [list_name <list_name 16> | all]

show bgp community_list {<list_name 16>}

show bgp route {[[regexp <desc 80> | inconsistent_as | cidr_only | filter_list <list_name 16> | route_map <map_name 16> | community {community_set <community_set 80> | local_as | no_advertise | no_export | internet} {exact_match} | community_list <list_name 16>

{exact_match} | ipaddress <ipaddr> | network <network_address> {longer_prefixes} | prefix_list <list_name 16>] | ipv6 unicast {[regexp <desc 80> | inconsistent_as | filter_list

<list_name 16> | route_map <map_name 16> | community {community_set

<community_set80> | local_as | no_advertise | no_export | internet} {exact_match} | community_list <list_name 16> {exact_match} | ipv6_address <ipv6addr> | ipv6_network

<ipv6_networkaddr> {longer_prefixes} | ipv6_prefix_list <list_name 16>]} | ipv4 unicast

{[regexp <desc 80> | inconsistent_as | cidr_only | filter_list <list_name 16> | route_map

<map_name 16> | community {community_set <community_set 80> | local_as | no_advertise

| no_export | internet} {exact_match} | community_list <list_name 16> {exact_match} | ipaddress <ipaddr> | network <network_address> {longer_prefixes} | prefix_list <list_name

16>]}]

show bgp neighbors {[<ipaddr> | <ipv6addr>] {[{[ipv4 | ipv6] unicast} [advertised_routes | received_routes | routes | received_prefix_filter] | statistics]}}

show bgp dampened_routes {[ipv4 | ipv6] unicast}

show bgp flap_statistics {[ipv4 | ipv6] unicast}

show bgp {summary {[ipv4 | ipv6 ] unicast}}

show bgp reflection {[ipv4 | ipv6] unicast}

show bgp confederation

config bgp trap [peer_established | peer_idle | all] [enable | disable]

show bgp trap_state

config bgp scan_timer [<sec 5-60> | default]

config bgp aggregate_next_hop_check [enable | disable]

config bgp fast_external_fallover [enable | disable]

config bgp neighbor maximum_prefix [<ipaddr> | <ipv6addr> | peer_group <peer_group_name

16>] [<value 1-12000> {<value 1-100>} {warning_only} | ipv4 unicast <value 1-12000>

{<value 1-100>} {warning_only} | ipv6 unicast <value 1-6000> {<value 1-100>}

{warning_only}]

clear bgp flap_statistics {[ipv4 unicast {[<ipaddr> | <network_address>]} | [<ipaddr> |

166

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<network_address>] | ipv6 unicast {[<ipv6addr> | <ipv6_networkaddr>]}]}

12-1 enable bgp

Description

This command is used to enable the BGP protocol. By enabling the BGP protocol, all the previous configurations will be applied to the protocol kernel and start. By default, BGP is disabled.

Format enable bgp

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To enable BGP protocol:

DGS-3620-28PC:admin# enable bgp

Command: enable bgp

Success.

DGS-3620-28PC:admin#

12-2 disable bgp

Description

This command is used to disable the BGP protocol. By disabling the BGP protocol, all peers will be disconnected and dynamic routes will be deleted. All the static configurations however will be reserved. If BGP enables again, the previous configurations can be re-applied.

Format disable bgp

Parameters

None.

167

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To disable BGP protocol:

DGS-3620-28PC:admin# disable bgp

Command: disable bgp

Success.

DGS-3620-28PC:admin#

12-3 create bgp

Description

This command is used to create a BGP process. It’s AS number must be set. When BGP protocol starts, it must belong to a single AS. The user must set the AS number before configuring any of the other attributes.

Format create bgp <as_number 1-4294967295>

Parameters

<as_number 1-4294967295> - Specifies the BGP AS number. This value must be between 1 and 4294967295.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To create a BGP process:

DGS-3620-28PC:admin# create bgp 100

Command: create bgp 100

Success.

DGS-3620-28PC:admin#

168

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

12-4 delete bgp

Description

This command is used to delete the BGP process. The AS number must be specified. When the

BGP process is deleted, all peer and route information from BGP will be deleted. Route entries redistributed from BGP must also be canceled.

Format delete bgp <as_number 1-4294967295>

Parameters

<as_number 1-4294967295> - Specifies the BGP AS number. This value must be between 1 and 4294967295.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To create a BGP process:

DGS-3620-28PC:admin# delete bgp 100

Command: delete bgp 100

Success.

DGS-3620-28PC:admin#

12-5 config bgp router_id

Description

This command is used to configure the BGP process’s router ID. The address of a loopback interface is preferred to as an IP address on a physical interface because the loopback interface is more effective than a fixed interface as an identifier because there is no physical link to go down.

The user must specify a unique router ID within the network. This command will reset all active

BGP peering sessions.

When a router ID is not configured, the router ID is selected by the following rules:

1. If a loopback interface is configured, the router ID is set to the IP address of the loopback.

2. If multiple loopback interfaces are configured, the loopback with the highest IP address is used.

3. If no loopback interface is configured, the router ID is set to the highest IP address on a physical interface.

Note: One newly created interface whose address may be preferred to be the router ID according to the rules above, but, it will not be chosen to be router ID immediately. Only when the router ID is set to zero or when recreating a BGP instance, the new interface may be selected as the BGP router ID.

169

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config bgp router_id <ipaddr>

Parameters

<ipaddr> - An ID to identify a BGP router. If it is set to zero the router ID will be automatically determined. The default value is the highest IP address on a physical interface.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To configure the BGP process’s router ID:

DGS-3620-28PC:admin# config bgp router_id 10.10.10.1

Command: config bgp router_id 10.10.10.1

Success

DGS-3620-28PC:admin#

12-6 config bgp synchronization

Description

This command is used to configure the BGP synchronization ability. Usually, a BGP speaker does not advertise a route to an external neighbor unless that route is local or exists in the IGP. By default, synchronization between BGP and the IGP is turned off to allow the BGP to advertise a network route without waiting for route validation from the IGP. This feature allows routers and access servers within an Autonomous System to have the route before BGP makes it available to other autonomous systems.

Format config bgp synchronization [enable | disable]

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

enable - Specifies to enable synchronization.

disable - Specifies to disable synchronization. By default, this setting is disabled.

170

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To enable the BGP process’ synchronization ability:

DGS-3620-28PC:admin# config bgp synchronization enable

Command: config bgp synchronization enable

Success

DGS-3620-28PC:admin#

12-7 config bgp enforce_first_as

Description

This command is used to enforce the neighbor’s AS as the first AS in the AS list.

When the setting is enabled, any updates received from an external neighbor, that does not have the neighbor’s configured Autonomous System (AS) at the beginning of the AS_PATH in the received update, will be denied. Enabling this feature adds to the security of the BGP network by not allowing traffic from unauthorized systems.

Format config bgp enforce_first_as [enable | disable]

Parameters

enable - Enables the enforce first AS setting.

disable - Disables the enforce first AS setting. The default setting is disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To enable the BGP process’s enforce_first_as ability:

DGS-3620-28PC:admin# config bgp enforce_first_as enable

Command: config bgp enforce_first_as enable

Success

DGS-3620-28PC:admin#

12-8 create bgp aggregate_address

Description

This command is used to create an aggregate entry in the Border Gateway Protocol (BGP) database.

171

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Using the aggregate_address command with no keywords will create an aggregate entry in the

BGP routing table, if any more specific BGP routes are available that fall within the specified range.

The aggregate route will be advertised as coming from your Autonomous System and will have the atomic aggregate attribute set to indicate that information might be missing. That is, the original AS path associated with more specific routes will be lost. The atomic aggregate attribute is set unless you specify the as_set keyword.

Using the as_set keyword will create an aggregate entry, but the path advertised for this route will include an AS set consisting of all AS that are contained in all paths that are being summarized.

Do not use continually withdrawn and updated as autonomous system path reachability information for the summarized routes changes.

Using the summary_only keyword will create an aggregate route but suppresses advertisements of more specific routes to all neighbors. If you want to suppress only advertisements to certain neighbors, you may use the neighbor prefix_list command.

Format create bgp aggregate_address [<network_address> | ipv6 <ipv6_networkaddr>]

{summary_only | as_set}

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

<network_address> - Specifies the IPv4 network address that will be aggregated.

ipv6 – Specifies the IPv6 network address that will be aggregated.

<ipv6_networkaddr> - Enter the IPv6 network address that will be aggregated here.

summary_only - (Optional) Specifies that more specific routes will not be advertised.

as_set - (Optional) Generates an Autonomous System set path information.

Example

To create an aggregate route of which the network address is 10.0.0.0/8, suppress more-specific routes:

DGS-3620-28PC:admin# create bgp aggregate_address 10.0.0.0/8 summary_only

Command: create bgp aggregate_address 10.0.0.0/8 summary_only

Success.

DGS-3620-28PC:admin#

12-9 delete bgp aggregate_address

Description

This command is used to delete an aggregate entry in a Border Gateway Protocol (BGP) database.

172

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format delete bgp aggregate_address [[<network_address> | all] | ipv6 [<ipv6_networkaddr> | all]]

Parameters

<network_address> - Specifies the IPv4 aggregated network to be deleted.

all – Specifies that all IPv4 aggregated networks will be deleted..

ipv6 – Specifies the IPv6 network address of the entry that will be deleted.

<ipv6_networkaddr> - Enter the IPv6 network address used here.

all – Specifies that all IPv6 aggregated networks will be deleted.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To delete an aggregate_route of which the network address is 10.0.0.0/8:

DGS-3620-28PC:admin# delete bgp aggregate_address 10.0.0.0/8

Command: delete bgp aggregate_address 10.0.0.0/8

Success.

DGS-3620-28PC:admin#

12-10 show bgp aggregate_address

Description

This command is used to show the aggregate entries in the Border Gateway Protocol (BGP) database.

Format show bgp aggregate_address {[<network_address> | ipv6 {<ipv6_networkaddr>}]}

Parameters

<network_address> - (Optional) Specifies the IP aggregated network address.

ipv6 – (Optional) Specifies the IPv6 aggregated network address.

<ipv6_networkaddr> - Enter the IPv6 aggregated network address used here.

If the specific network address is not specified, all aggregated addresses of IPv4 or IPv6 will be displayed.

Restrictions

None. (EI Mode Only Command)

173

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To display an aggregate route of 10.0.0.0/8:

DGS-3620-28PC:admin# show bgp aggregate_address 10.0.0.0/8

Command: show bgp aggregate_address 10.0.0.0/8

Network Address Options

------------------ ----------------------

10.0.0.0/8 summary_only, as_set

Total Aggregate Address Number: 1.

DGS-3620-28PC:admin#

12-11 create bgp network

Description

This command is used to specify the network advertised by the Border Gateway Protocol (BGP).

BGP networks can be learned from connected routes, from dynamic routing, and from static route sources.

Format create bgp network [<network_address> | ipv6 <ipv6_networkaddr>] {route_map

<map_name 16>}

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

<network_address> - Represents the local network that BGP will advertise.

ipv6 – Specifies the local IPv6 network that BGP will advertise.

<ipv6_networkaddr> - Enter the IPv6 network address here.

route_map - (Optional) Specifies the route map to be applied to the advertised networks. If not specified, all networks are advertised.

<map_name 16> - Enter the route map name here. This name can be up to 16 characters long.

Example

Setup network 10.108.0.0/16 to be included in the BGP updates:

DGS-3620-28PC:admin# create bgp network 10.108.0.0/16

Command: create bgp network 10.108.0.0/16

Success.

DGS-3620-28PC:admin#

174

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

12-12 config bgp network

Description

This command is used to configure the attribute associated with the network advertised by the

Border Gateway Protocol (BGP).

Format config bgp network [<network_address> | ipv6 <ipv6_networkaddr>] [route_map

<map_name 16> | clear_routemap]

Parameters

<network_address> - Represents the local IPv4 network that BGP will advertise.

ipv6 – Specifies the local IPv6 network that BGP will advertise.

<ipv6_networkaddr> - Enter the IPv6 network address here.

route_map - Specifies the route map applied to the advertised networks.

<map_name 16> - Enter the route map name here. This name can be up to 16 characters long.

clear_routemap - Removes the route map applied to the network.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

Change the network 10.108.0.0/16 to clear a route map:

DGS-3620-28PC:admin# config bgp network 10.108.0.0/16 clear_routemap

Command: config bgp network 10.108.0.0/16 clear_routemap

Success.

DGS-3620-28PC:admin#

12-13 delete bgp network

Description

This command is used to delete the networks advertised by the Border Gateway Protocol (BGP).

Format delete bgp network [[<network_address> | all] | ipv6 [<ipv6_networkaddr> | all]]

Parameters

<network_address> - Specifies the IPv4 network address of the entry that will be deleted.

all – Specifies to delete all IPv4 BGP networks.

ipv6 – Specifies the IPv6 network address of the entry that will be deleted.

175

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<ipv6_networkaddr> - Enter the IPv6 network address here.

all – Specifies to delete all IPv6 BGP networks.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To delete network 10.108.0.0/16 to be advertised in the BGP updates:

DGS-3620-28PC:admin# delete bgp network 10.108.0.0/16

Command: delete bgp network 10.108.0.0/16

Success.

DGS-3620-28PC:admin#

12-14 show bgp network

Description

This command is used to show the networks advertised by the Border Gateway Protocol (BGP).

Format show bgp network {[<network_address> | ipv6 {<ipv6_networkaddr>}]}

Parameters

<network_address> - (Optional) Enter the local IPv4 network address that BGP will advertise.

ipv6 - (Optional) Specifies the local IPv6 network address that BGP will advertise.

<ipv6_networkaddr> - Enter the local IPv6 network address that BGP will advertise.

If the specific network address is not specified, all network addresses of IPv4 or IPv6 will be displayed.

Restrictions

None. (EI Mode Only Command)

Example

To show network 10.108.0.0/16 advertised in the BGP updates:

176

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show bgp network 10.108.0.0/16

Command: show bgp network 10.108.0.0/16

Network Address Route Map

--------------- ----------------

10.108.0.0/16

Total Network Number: 1

DGS-3620-28PC:admin#

12-15 config bgp timer

Description

This command is used to configure the BGP protocol timer. The hold time needs to be at least three times that of the keepalive time. If the timer is specified for specific neighbors, then the neighbor specific timer will take effect.

Format config bgp timer holdtime <sec 0-65535> keepalive <sec 0-65535>

Parameters

holdtime - The system will declare a peer as dead if a keepalive message is received that is more than the hold time. The default value is 180 seconds. If the holdtime is set to zero, then the holdtime will never expire. If the two routers that build a BGP connection have a different hold time, then the smaller hold time will be used. If the timer is specified for specific neighbors, then the neighbor specific timer will take effect. The hold time needs to be at least three times that of the keepalive timer.

<sec 0-65535> - Enter the hold time value used here. This value must be between 0 and

65535.

keepalive - This specifies the interval at which keepalive messages are sent to its peer. If the keepalive value is set to zero, then the keepalive message will not be sent out. The default value is 60 seconds. If the two routers that build a BGP connection have a different keepalive timer, then the smaller keepalive timer will be used. If the timer is specified for specific neighbors, then the neighbor specific timer will take effect.

<sec 0-65535> - Enter the keep-alive time value used here. This value must be between 0 and 65535.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This command is used to configure the BGP hold and keepalive timer:

177

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# config bgp timer holdtime 360 keepalive 120

Command: config bgp timer holdtime 360 keepalive 120

Success.

DGS-3620-28PC:admin#

12-16 config bgp

Description

This command is used to configure the BGP best path selection related setting. MED is a metric assigned to tell the external router how to choose a route. By default, MED is used to determine the route that is advertised by the same AS.

The BGP deterministic med command can be configured to enforce a deterministic comparison of the MED values between all the paths received from within the same Autonomous System

Default local preference:

By default, a BGP router will send the default local preference with the routes. It can be overwritten if the local preference is set by the route map. For the received route, the local preference received with the route will be used in the best path selection. This local preference will be overwrite if the local preference is ingress set by the route map.

For the local routes, the default local preference will be used for them in the best path selection

Best path selection process:

The following is the steps that the BGP will use to select the best path among BGP routes:

1. Prefer the path that has the largest weight.

2. If the routes have the same weight, use the route with the highest local preference.

3. If the routes have the same local preference, prefer the route that was originated by BGP on this router. Originated from network command > from redistribute command> from aggregate command.

4. If no route was originated, prefer the route with the shortest AS path.

5. If all paths are of the same AS length, prefer the route with lowest origin code (IGP < EGP

< INCOMPLETE).

6. If the origin codes are the same, prefer the path with the lowest Multi Exit Discriminator.

7. If the MEDs are the same, prefer external paths over internal paths. EBGP

>Confederation>IBGP.

8. Prefer the path through the closest IGP neighbor.

9. Prefer the path that was received first (the oldest one).

10. Prefer the path with the lowest BGP Router ID.

11. Prefer to the routes advertised by the BGP speaker with a lower BGP identifier value.

12. Prefer to the routes advertised by the BGP speaker with lower peer address.

Format config bgp {always_compare_med [disable | enable] | deterministic_med [disable | enable] | default_local_preference <uint 0-4294967295> | bestpath {as_path_ignore [disable | enable]

| compare_routerid [disable | enable] | med_confed [disable | enable] | med_missing_as_worst [disable | enable] | compare_confed_aspath [disable | enable]}(1)}(1)

178

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

always_compare_med - (Optional) Enable or disable the comparison of the Multi Exit

Discriminator (MED) for paths from the neighbors in different Autonomous Systems. By default this setting is disabled.

enable - Specifies that the 'always compare MED' option will be enabled.

disable - Specifies that the 'always compare MED' option will be disabled.

deterministic_med - (Optional) Enable or disable to enforce the deterministic comparison of the

Multi Exit Discriminator (MED) for paths received from the neighbors within the same

Autonomous System. By default this setting is disabled.

enable - Specifies that the 'deterministic MED' option will be enabled.

disable - Specifies that the 'deterministic MED' option will be disabled.

default_local_preference - (Optional) Specifies the default local preference value. The default value is 100.

<uint 0-4294967295> - Enter the default local preference value here. This value must be between 0 and 4294967295.

bestpath - (Optional) Specifies the best path value to be used.

as_path_ignore - (Optional) If enabled, the BGP process will ignore the AS path in the path selection process. By default this value is disabled.

enable - Specifies that the 'AS path ignore' option will be enabled.

disable - Specifies that the 'AS path ignore' option will be disabled.

compare_routerid - (Optional) If enabled, the BGP process will include the router ID in the path selection process. Similar routes are compared and the route with the lowest router ID is selected. By default this value is disabled.

enable - Specifies that the 'compare router ID' option will be enabled.

disable - Specifies that the 'compare router ID' option will be disabled.

med_confed - (Optional) If enabled, the BGP process will compare the MED for the routes that are received from confederation peers. For routes that have an external AS in the path, the comparison does not occur. By default this value is disabled.

enable - Specifies that the 'MED confed' option will be enabled.

disable - Specifies that the 'MED confed' option will be disabled.

med_missing_as_worst - (Optional) If enabled, the BGP process will assign a value of infinity to routes that are missing the Multi Exit Discriminator (MED) attribute. If disabled, the BGP process will assign a value of zero to routes that are missing the Multi Exit Discriminator

(MED) attribute, causing this route to be choosed as the best path. By default this value is disabled.

enable - Specifies that the 'MED missing AS worst' option will be enabled.

disable - Specifies that the 'MED missing AS worst' option will be disabled.

compare_confed_aspath - (Optional) If enabled, the BGP process will compare the confederation AS path length of the routes received. The shorter the confederation AS path length, the better the route is. By default this value is disabled.

enable - Specifies that the 'compare confed AS path' option will be enabled.

disable - Specifies that the 'compare confed AS path' option will be disabled.

Example

This command shows how to disable the comparison of the Multi Exit Discriminator (MED):

179

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# config bgp always_compare_med disable

Command: config bgp always_compare_med disable

Success.

DGS-3620-28PC:admin#

12-17 config bgp dampening

Description

The purpose of this command is to eliminate the dampening of routes and thus to avoid unstable networks caused by flapping routes. The following describes the way how it is achieved.

If a prefix is removed or is added, BGP will add a penalty on the route of 1000; if an attribute of received route changes, BGP will add a penalty on the route of 500.

Suppose that the half-life is configured to be 15min, the re-use value will be 800, and the suppress value will be 1500.

1. When a route flaps (from up to down), add the penalty by 1000.Since the penalty is smaller than the suppress value, BGP will work normally. It will send a withdraw message

(an update message) to the neighbors.

2. The penalty of the route will decrease as time elapses. Here we assume that it pass 7.5 minutes, then the penalty of the route is 1000-500*7.5/15=750.

3. If another flap occurs (the route change from down to up) then the penalty of the route will be 1750 which is larger than the suppress value, and the route will be dampened. BGP will not send an update message for this status change.

4. When the penalty of the route decreases and become smaller than the re-use value (800), the route will not be dampened and the update message will be sent again.

If both IPv4 unicast and IPv6 unicast are not specified, the setting is for IPv4 unicast.

Note: If the dampening ability is enabled and there are one or more dampened routes, the dampened routes will be released to be the normal state immediately after we disable the dampening function.

Format config bgp dampening {[ipv4 | ipv6] unicast} [route_map <map_name 16> | clear_routemap |

{state [enable | disable] | half_life <value 1-45> | reuse <value 1-20000> | suppress <value 1-

20000> | max_suppress_time <value 1-255> | un_reachability_half_life <value 1-45>}(1)]

Parameters

ipv4 unicast - Specifies to configure the IPv4 unicast address family.

ipv6 unicast - Specifies to configure the IPv6 unicast address family.

route_map - The route_map here is to set the dampening to be criterial.

<map_name 16> - Enter the route map name here. This name can be up to 16 characters long.

clear_routemap - This option will withdraw the route_map configuration.

180

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

state - (Optional) Specifies the BGP dampening function’s state.

enable - Specifies that the BGP dampening function's state will be enabled.

disable - Specifies that the BGP dampening function's state will be disabled.

half_life - (Optional) Specifies the time (in minute) after which the penalty of the reachable routes will be down, by half. The default setting is 15 minutes.

<value 1-45> - Enter the half life value here. This value must be between 1 and 45 minutes.

reuse - (Optional) If the penalty for a flapping route decreases enough to fall below this value, the route is unsuppressed. The default setting is 750.

<value 1-20000> - Enter the re-use value used here. This value must be between 1 and

20000.

suppress - (Optional) A route is suppressed when its penalty exceeds this limit. The default setting is 2000.

<value 1-20000> - Enter the surpress value used here. This value must be between 1 and

20000.

max_suppress_time - (Optional) Maximum time (in minutes) a route can be suppressed. The default setting is 45 minutes.

<min 1-255> - Enter the maximum suppress time value here. This value must be between 1 and 255 minutes.

un_reachablity_half_life - (Optional) Specifies the time (in minute) after which the penalty of the unreachable routes will be down, by half. The default setting is 15 minutes.

<value 1-45> - Enter the the time after which the penalty of the unreachable routes will be down, by half here. This value must be between 1 and 45 minutes.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This command shows how to disable the dampening function:

DGS-3620-28PC:admin# config bgp dampening state disable

Command: config bgp dampening state disable

Success.

DGS-3620-28PC:admin# show bgp dampening

Command: show bgp dampening

BGP Dampening State :Disabled

BGP Dampening Route_Map :dmp1

Half-life Time :15 mins

Reuse Value :500

Suppress Value :900

MAX Suppress Time :60 mins

Unreachable route's Half-life :15 mins

DGS-3620-28PC:admin# show bgp route

Command: show bgp route

BGP Local Router ID is 20.90.90.90

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

181

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Network Gateway Metric LocPrf Weight Path

*> 20.0.0.0/8 0.0.0.0 0 32768 i

*> 221.221.2.0/24 0.0.0.0 0 32768 i

*d 221.221.252.0/24 1.1.1.2 1 40 i

*d 221.221.253.0/24 1.1.1.2 1 40 i

Total Entries: 4

DGS-3620-28PC:admin#

12-18 show bgp dampening

Description

This command is used to show the BGP dampening configurations. If no parameters are specified, dampening information for IPv4 unicast will be displayed.

Format show bgp dampening {[ipv4 | ipv6] unicast}

Parameters

ipv4 unicast – (Optional) Specifies to show dampening parameters for the IPv4 unicast address family.

ipv6 unicast – (Optional) Specifies to show dampening parameters for the IPv6 unicast address family.

Restrictions

None. (EI Mode Only Command)

Example

Following example shows how to get the BGP dampening configurations:

182

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show bgp dampening

Command: show bgp dampening

BGP Dampening State :Enabled

BGP Dampening Route_Map :dmp1

Half-life Time :15 minutes

Reuse Value :750

Suppress Value :2000

MAX Suppress Time :45 minutes

Unreachable route's Half-life :15 mins

DGS-3620-28PC:admin#

12-19 config bgp peer_group

Description

This command is used to configure the BGP peer group. The purpose of the neighbor peer group is to simplify the BGP neighbor configuration. The command is used to add an IP or to delete an IP from a BGP peer group. The peer group must be created using the “create neighbor peer group” command. The members must all be internal or external. If all the members of the BGP peer group are external, they are allowed to have different AS numbers. There are two kinds of the peer groups.

For the first kind or peer group, the remote AS is not set; members must be created as neighbors before it can be added to the peer group. When we configure the peer group’s remote AS behind this, the member’s remote AS will not change. For the second kind of peer group, the peer group has set a remote AS number. A member can be added to the peer group even if the member didn’t have an AS number before. In this situation, the system will create a neighbor for the peer group’s remote AS automatically. The member’s remote AS will change to the configured peer group’s remote AS, but the others’ will not change, which is created as a neighbor before added to the peer group.

If a BGP peer belongs to a peer group, some attributes or actions can only be configured from the peer group. The following is a list of them: capability_orf_prefix_list, next_hop_self, route_reflector_client, send_community, soft_reconfiguration_inbound, remove_private_as, allowas_in, holdtime, keepalive, unsuppress_map, default_originate, filter_list for out direction, route_map for out direction, prefix_list for out direction.

On the contrary, some attributes or actions are allowed to be configured from both the peer group and the member. If they are configured from the member, the setting will overwrite the setting configured from the peer group.

Other attribute that can be set from an individual peer are as follows: description, filter_list for in direction, route_map for in direction, prefix_list for in direction, ebgp_multihop, session state, session activity, weight.

As for the above attributes, setting the attribute of a peer group will automatically affect the setting for individual peers in the peer group.

For session state, if the peer group is configure to disable, all the members can’t set to enable. For session activity, can’t set the peer group to disable.

As for the description attribute, setting the peer group will not affect the setting for an individual peer.

183

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

After this command is executed, all peers belonging to this peer group, which are generated with no indicated AS number, will change their AS number to the same value as the peer group’s, stop and restarted values. If the peer group remote AS has a value of zero, it means “no remote_as”, and members that are generated with no indicated AS number will be deleted.

Format config bgp peer_group <peer_group_name 16> [remote_as <as_number 0-4294967295> |

[add | delete] [<ipaddr> | <ipv6addr>]]

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

<peer_group_name 16> - This is the name of the BGP peer group. This name can be up to 16 characters long.

remote_as - The number of autonomous systems to which the peer group belongs to.

<as_number 0-4294967295> - Enter the remote AS value here. This value must be between

0 and 4294967295.

add - Specifies to add an IP address.

delete - Specifies to delete an IP address.

<ipaddr> - Enter the IPv4 address to be added or deleted here.

<ipv6addr> - Enter the IPv6 address to be added or deleted here.

Example

To delete a member from the peer group named local:

DGS-3620-28PC:admin# config bgp peer_group local delete 10.2.2.2

Command: config bgp peer_group local delete 10.2.2.2

Success.

DGS-3620-28PC:admin#

To set a peer group named local remote_as to 50:

DGS-3620-28PC:admin# config bgp peer_group local remote_as 50

Command: config bgp peer_group local remote_as 50

Success.

DGS-3620-28PC:admin#

12-20 create bgp neighbor

Description

The command is used to create a BGP neighbor. Either a single router or a peer group can be created as neighbor.

184

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

If the created neighbor has a single IP address, the remote AS must be specified. A peer group must be specified of which this BGP speaking neighbor belongs to, and in this condition, a remote

AS must be specified to the peer group first.

If the created neighbor is a peer group, then the remote AS cannot be specified here. The remote

AS must specified by using the “config peer_group remote_as” command.

Format create bgp neighbor [[<ipaddr> | <ipv6addr>] [remote_as <as_number 1-4294967295> | peer_group <peer_group_name 16>] | peer_group <peer_group_name 16>]

Parameters

<ipaddr> - Enter the IPv4 address of the BGP speaking neighbor here.

<ipv6addr> - Enter the IPv6 address of the BGP speaking neighbor here.

remote_as - The number of Autonomous Systems to which the neighbor belongs.

<as_number 1-4294967295> - Enter the remote AS number here. This value must be between 1 and 4294967295.

peer_group - Specifies the peer group to be created and added as a neighbor.

<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.

peer_group - Specifies the peer group to be created and added as a neighbor.

<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To create a neighbor peer whose address is 10.10.10.2:

DGS-3620-28PC:admin# create bgp neighbor 10.10.10.2 remote_as 10

Command: create bgp neighbor 10.10.10.2 remote_as 10

Success.

DGS-3620-28PC:admin#

12-21 delete bgp neighbor

Description

This command is used to delete the BGP neighbor.

Format delete bgp neighbor [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16> | all]

185

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<ipaddr> - Specifies the IPv4 address of the neighbor that will be deleted.

<ipv6addr> - Specifies the IPv6 address of the neighbor that will be deleted.

peer_group - Specifies the peer group that will be deleted as a neighbor.

<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.

all - Delete all BGP neighbors, including individual peers and peer groups.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To delete a neighbor whose address is 10.10.10.2:

DGS-3620-28PC:admin# delete bgp neighbor 10.10.10.2

Command: delete bgp neighbor 10.10.10.2

Success.

DGS-3620-28PC:admin#

12-22 config bgp neighbor

Description

This command is used to configure the BGP neighbor’s description or password attribute.

Format config bgp neighbor [[[<ipaddr> | peer_group <peer_group_name 16>] [description <desc

80> | clear_description | password <password 25> | clear_password]] | <ipv6addr>

[description <desc 80> | clear_description]]

Parameters

<ipaddr> - Specifies the IP address of the neighbor to be configured.

peer_group - Specifies the peer group to be configured.

<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.

description - Associate a description with a neighbor. By default, the description is not specified.

<desc 80> - Enter the description value used here. This value can be up to 80 characters long.

clear_description - Removes the neighbor’s description.

password - Specifies to set the MD5 authentication password when a TCP connection between

BGP neighbors are established. When BGP neighbors are created, password aren’t set by default.

<password 25> - Enter the password used here. This password can be up to 25 characters long.

clear_password - Specifies to clear the MD5 authentication password when a TCP connection between BGP neighbors are established.

<ipv6addr> - Enter the IPv6 address used here.

186

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To configure a neighbor’s description:

DGS-3620-28PC:admin# config bgp neighbor 10.10.10.2 description EBGP-neighbor

Command: config bgp neighbor 10.10.10.2 description EBGP-neighbor

Success.

DGS-3620-28PC:admin#

12-23 config bgp neighbor session

Description

The command is used to configure the state or neighbor’s session activity for a BGP neighbor. If a neighbor is specified to be in the disabled state, it is equivalent to the case that the neighbor is deleted except when the neighbor configuration is kept. For activity, it is configured for the IPv4 unicast address family if both IPv4 and IPv6 unicast are not specified.

Format config bgp neighbor session [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]

[{[ipv4 | ipv6] unicast} activity | state] [enable | disable]

Parameters

<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.

<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.

peer_group - Specifies the peer group to be configured.

<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.

ipv4 unicast - Specifies to configure the IPv4 unicast address family.

ipv6 unicast - Specifies to configure the IPv6 unicast address family.

state - If state is changed from enabled to disabled, the session with the neighbor peer will be terminated.

activity - Specifies the state for individual address family. By default, the setting is enabled for

IPv4 address family.

enable - Specifies that the neighbor session state or the for individual address family state will be enabled.

disable - Specifies that the neighbor session state or the for individual address family state will be disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

187

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

This example will shut down all the neighbors that are contained in the peer group “Campus”:

DGS-3620-28PC:admin# config bgp neighbor session peer_group Campus state disable

Command: config bgp neighbor session peer_group Campus state disable

Success.

DGS-3620-28PC:admin#

This example shuts down the activity state of the neighbor 10.90.90.90:

DGS-3620-28PC:admin# config bgp neighbor session 10.90.90.90 activity disable

Command: config bgp neighbor session 10.90.90.90 activity disable

Success.

DGS-3620-28PC:admin#

12-24 config bgp neighbor general

Description

This command is used to configure the BGP neighbor’s general setting.

ebgp_multihop: This specifies the TTL of the BGP packet sent to the neighbor. If it is specified as

1, it will have a restriction that the neighbor must be directly connected to it.

weight: This specifies the weight that will be associated to the routes learned from the specified neighbor. The route with highest weight will be chosen as the preferred route. If the route map sets weight to a route, then this route map specified weight will override the weight specified by the

BGP neighbor’s command. Weight is an attribute which is specified in the ingress direction, and is not an attribute to be advertised with the route. It is used to specify preference to routes received from a neighbor over another neighbor.

soft_reconfiguration_inbound: If the setting is enabled, the route updates sent from the specified neighbor will be stored. This storage is required for inbound soft reconfiguration. When a soft reset is requested for inbound sessions, the session will not be torn down, but the inbound routing table will be cleared. It needs to be rebuilt. If the soft reconfiguration inbound is enabled, then the routing table can be rebuilt based on the stored route update information. If the soft reconfiguration inbound is disabled, then the local router will send the route refresh requests to the neighbor to ask for the route refresh.

next_hop_self: If the next_hop_self option is enabled, the router will set the next_hop to itself when it advertises the routes to the specific neighbor. If the next_hop_self option is disabled, the next_hop attributes will not be changed. The behavior described here will be overridden by the set next hop statement if route map is applied to the neighbor in the out direction.

remove_private_as: The private Autonomous System numbers are from 64512 to 65535. If this setting is set to enable, the private AS number in AS path attribute of the BGP update packets will be dropped.

allowas_in: The BGP router will do AS path loop checks for the received BGP update packet. If the BGP router’s self AS appears in the AS path, it is identified as a loop and the packet will be discarded. If the allow-as setting is enabled, the BGP router’s self AS is allowed in the AS path list.

188

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

default_originate: If this setting is enabled, it will allow a BGP speaker (the local router) to send the default route 0.0.0.0/0 to a neighbor to use as the default route. If route map is specified, the default route will be injected if the route map contains a match IP address statement. If this setting is disabled, no default route will be sent to the neighbor. The default setting is disabled.

By default, if both the IPv4 unicast and IPv6 unicast are not specified, the setting is for the IPv4 unicast address family for those parameters supporting the IPv4 and IPv6 unicast address family.

Format config bgp neighbor general [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]

[{ebgp_multihop <value 1-255> | weight [<value 0-65535> | default] | update_source [add | delete] ipif <ipif_name 12> | send_community [standard | none] | next_hop_self [enable | disable] | soft_reconfiguration_inbound [enable | disable] | remove_private_as [enable | disable] | allowas_in [enable {<value 1-10>} | disable] | default_originate [enable {route_map

<map_name 16>} | disable]} | [ipv4 | ipv6] unicast {send_community [standard | none] | next_hop_self [enable | disable] | soft_reconfiguration_inbound [enable | disable] | remove_private_as [enable | disable] | allowas_in [enable {<value 1-10>} | disable] | default_originate [enable {route_map <map_name 16>} | disable]}]

Parameters

<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.

<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.

peer_group - Specifies the peer group to be configured.

<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.

ebgp_multihop - (Optional) Specifies the TTL of BGP packet sent to the neighbor. For an EBGP neighbor the default setting is 1. This means only direct connected neighbors are allowed.

<value 1-255> - Enter the EBGP multi-hop value used here. This value must be between 1 and 255.

weight - (Optional) The valid range is from 0 to 65535. If this is not specified, the routes learned through another BGP peer will have a default weight of 0. Routes sourced by the local router have a weight of 32768. It cannot be changed.

value <0-65535> - Enter the weight value used here. This value must be between 0 and

65535.

default - Specifies that the default weight value will be used.

update_source - (Optional) Specifies an interface to be used by BGP sessions for the TCP connection. By default, this parameter is not set.

add - Specifies to add an interface.

delete - Specifies to delete an interface.

ipif - (Optional) Specifies the IP interface name used.

<ipif_name 12> - Enter the IP interface name used here. This name can be up to 12 characters long.

send_community - (Optional) This specifies the communities attribute to be sent to the BGP neighbor.

standard - Only standard communities will be sent.

none - No communities will be sent. The default value is none.

next_hop_self - (Optional) Enable or disable the next hop self attribute. By default, this setting is disabled.

enable - Specifies that the next-hop-self attribute will be enabled.

disable - Specifies that the next-hop-self attribute will be disabled.

soft_reconfiguration_inbound - (Optional) Specifies to enable or disable the inbound soft reconfiguration function. By default, this setting is disabled.

enable - Specifies that the soft re-configuration inbound option will be enabled.

disable - Specifies that the soft re-configuration inbound option will be disabled.

189

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

remove_private_as - (Optional) If this setting is set to enable, the private AS number in the AS path attribute of the BGP update packets will be dropped. By default, the setting is disabled.

enable - Specifies that the 'remove private AS' option will be enabled.

disable - Specifies that the 'remove private AS' option will be disabled.

allowas_in - (Optional) If the allow_as setting is enabled, the BGP router’s self AS is allowed in the AS path list. By default, the allow_as setting is disabled. If no number is supplied, the default value of 3 times is used.

enable - Specifies that the allow AS-in option will be enabled.

<value 1-10> - Enter the allow AS-in value used here. This value must be between 1 and 10.

disable - Specifies that the allow AS-in option will be disabled.

default_originate - (Optional) Specifies to enable or disable the default originate function. By default, this setting is disabled.

enable - Specifies that the default originate function will be enabled.

route_map - Specifies the route map name.

<map_name 16> - Enter the route map name here. This name can be up to 16 characters long.

disable - Specifies that the default originate function will be disabled.

ipv4 unicast - Specifies to configure the IPv4 unicast address family.

ipv6 unicast - Specifies to configure the IPv6 unicast address family.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This example shows how to configure the EBGP multi-hop to 2:

DGS-3620-28PC:admin# config bgp neighbor general 10.100.200.1 ebgp_multihop 2

Command: config bgp neighbor general 10.100.200.1 ebgp_multihop 2

Success.

DGS-3620-28PC:admin#

12-25 config bgp neighbor timer

Description

This command is used to configure the BGP neighbor’s timer attribute.

Format config bgp neighbor timer [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]

{advertisement_interval [<sec 0-600> | default] | [keepalive <sec 0-65535> holdtime <sec 0-

65535> | default_keepalive_holdtime] | as_origination_interval [<sec 1-600> | default] | connect [<sec 1-65535> | default]}

advertisement_interval: If an advertised route is flapping, this usually occurs when an interface is unstable, a lot of UPDATE and WITHDRAWN messages will be sent. One method to control the flooding of these messages is to set a minimum advertisement interval.

190

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.

<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.

peer_group - Specifies the peer group to be configured.

<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.

advertisement_interval - (Optional) It specifies the interval at which the BGP process sends update messages to its peer. If this value is set to zero, the update or withdrawn message will be sent immediately. The default value for IBGP peers is 5 seconds and for EBGP peers it is

30 seconds. When it is specified to default, the neighbor specific advertisement interval setting will be returned to the default setting.

<sec 0-600> - Enter the advertisement interval value here. This value must be between 0 and

600 seconds.

default - Specifies that the advertisement interval will be set to default.

keepalive - (Optional) This specifies the interval at which a keepalive message is sent to its peers. If the two routers, that build BGP connection, have different keepalive timers, the smaller keepalive timer will be used. If the keepalive is set to zero, then the keepalive message will not be sent out. By default, the timer is not specified. This neighbor specific setting will follow the global setting.

<sec 0-65535> - Enter the keep alive value here. This value must be between 0 and 65535.

holdtime - (Optional) The system will declare a peer as dead if not receiving a keepalive message until the hold time. If two routers, that builded a BGP connection, have different hold times, the smaller hold time will be used. If the holdtime is zero, then the holdtime will never expire. It is recommended that the holdtime value is 3 times that of keepalive timer. By default, the timer is not specified. This neighbor specific setting will follow the global setting.

<sec 0-65535> - Enter the hold time value here. This value must be between 0 and 65535.

default_keepalive_holdtime - (Optional) Clear the specification of the neighbor specific holdtime and keepalive setting.

as_origination_interval - (Optional) Minimum interval between the sending AS origination routing updates. The valid value is from 1 to 600. The default setting is 15 seconds.

<sec 1-600> - Enter the AS original interval value here. This value must be between 1 and

600.

default - Specifies that the default AS original interval value will be used.

connect - (Optional) Minimum interval BGP sends TCP connect requests to the peer after a TCP connection fail happens. The default setting is 120 seconds.

<sec 1-65535> - Enter the minimum interval BGP sends TCP connect requests to the peer after a TCP connection fail happens value here. This value must be between 1 and 65535.

default - Specifies that the default connect value will be used.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This example shows how to configure the advertisement interval to 20 seconds:

DGS-3620-28PC:admin# config bgp neighbor timer peer_group Campus advertisement_interval 20

Command: config bgp neighbor timer peer_group Campus advertisement_interval 20

Success.

DGS-3620-28PC:admin#

191

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

12-26 config bgp neighbor route_reflector_client

Description

This command is used to configure the BGP’s neighbor of the route reflector client. When the route reflector client is defined and the router reflection is enabled, the BGP router will act as the route reflector. The reflector and its client form a cluster. In a cluster, all the members must be iBGP connections with the reflector and vice versa. The reflector is the representative of the cluster. For the reflector, the iBGP connection is established by the “create bgp neighbor” command and the corresponding neighbor must be specified as the client by this command. For the client, the iBGP connection is established by the “create bgp neighbor” command.

When the router is in reflection mode, the router will exchange information with client neighbors in the reflection way and with the remaining neighbor in the ordinary way.

When the router is in non-reflection mode, the router will exchange information with all the neighbors in the non-reflection way.

An AS can have multiple clusters, and a cluster can have more than one reflector for redundancy purposes.

By default, if both the IPv4 unicast and IPv6 unicast options are not specified, the setting is for the

IPv4 unicast address family.

Format config bgp neighbor route_reflector_client [<ipaddr> | <ipv6addr> | peer_group

<peer_group_name 16>] {[ipv4 | ipv6] unicast} state [enable | disable]

Parameters

<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.

<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.

peer_group - Specifies the peer group to be configured.

<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.

ipv4 unicast - Specifies to configure the IPv4 unicast address family.

ipv6 unicast - Specifies to configure the IPv6 unicast address family.

state - The specified neighbor will become the router reflector client. By default, this state is disabled.

enable - Specifies that the neighbor will become the router reflector client.

disable - Specifies that the neighbor will not become the router reflector client.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This example shows how to add a neighbor as the route reflector client:

192

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# config bgp neighbor route_reflector_client 10.10.10.2 state enable

Command: config bgp neighbor route_reflector_client 10.10.10.2 state enable

Success.

DGS-3620-28PC:admin#

12-27 config bgp neighbor map

Description

The command is used to configure the route map related setting for a BGP neighbor. When a route map is applied by the route_map command, it enforces the route policy. When it is applied by the unsuppress_map command, the suppressed route which matches the permit rule will be unsuppressed. It provides a manipulation of routers per neighbor. If a route map is configured relating to a BGP neighbor but the route map doesn’t exist, it means deny any. If the route map exists but has no filter entry defined, it will permit all. By default, if both the IPv4 unicast and IPv6 unicast options are not specified, the setting is for the IPv4 unicast address family.

Format config bgp neighbor map [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]

{[ipv4 | ipv6] unicast} {unsuppress_map [add | delete] <map_name 16> | route_map [in | out]

[add | delete] <map_name 16>}

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.

<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.

peer_group - Specifies the peer group to be configured.

<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.

ipv4 unicast - Specifies to configure the IPv4 unicast address family.

ipv6 unicast - Specifies to configure the IPv6 unicast address family.

unsuppress_map - (Optional) Name of a route map used to selectively advertise routers previously suppressed by the aggregate_address command.

add - Specifies that a route map will be added.

delete - Specifies that a route map will be deleted.

<map_name 16> - Enter the unsurpress map name here. This name can be up to 16 characters long.

route_map - (Optional) Specifies the route map to be applied to the incoming or outgoing routes.

in - Specifies the incoming routes from the neighbor.

out - Specifies the outgoing routes sent to the peer.

add - Specifies that a route map will be added.

delete - Specifies that a route map will be deleted.

<map_name 16> - Enter the route map name here. This name can be up to 16 characters long.

193

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

This example shows how to configure the unsuppress map of peer group “Campus” to Profile1:

DGS-3620-28PC:admin# config bgp neighbor map peer_group Campus unsuppress_map add Profile1

Command: config bgp neighbor map peer_group Campus unsuppress_map add Profile1

Success.

DGS-3620-28PC:admin#

12-28 config bgp neighbor filter

Description

The command is used to configure the filter related setting for a BGP neighbor.

filter_list: If the filter_list doesn’t exist or does exist but have no filter entry, it means deny any.

prefix_list: If the prefix_list doesn’t exist, it means deny any. If the prefix_list does exist but have no filter entry defined, it will permit all.

capability_orf_prefix_list: BGP Outbound Route Filter Capability allows one BGP router to install its configured inbound prefix_list filter on to the remote BGP router. This is used for reducing the amount of unwanted routing updates from the remote peer.

By default, if both the IPv4 unicast and IPv6 unicast options are not specified, the setting is for the

IPv4 unicast address family.

Format config bgp neighbor filter [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]

{[ipv4 | ipv6] unicast} {filter_list [in | out] [add | delete] <list_name 16> | prefix_list [in | out]

[add | delete] <list_name 16> | capability_orf_prefix_list [receive | send | both | none]}

Parameters

<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.

<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.

peer_group- Specifies the peer group to be configured.

<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.

ipv4 unicast - Specifies to configure the IPv4 unicast address family.

ipv6 unicast - Specifies to configure the IPv6 unicast address family.

filter_list - (Optional) Specifies the name of an as_path access_list to be applied as a filter. The filtering can be applied to incoming routes or outgoing routes.

in - Specifies that the filter specified will be used for incoming traffic.

out - Specifies that the filter specified will be used for outgoing traffic.

add - Specifies that a filter list will be added.

delete - Specifies that a filter list will be deleted.

<list_name 16> - Enter the filter list name here. This name can be up to 16 characters long.

prefix_list - (Optional) Specifies the name of a prefix_list to be applied as a filter. The filtering can be applied to incoming routes or outgoing routes.

in - Specifies that the filter specified will be used for incoming traffic.

out - Specifies that the filter specified will be used for outgoing traffic.

194

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

add - Specifies that a filter list will be added.

delete - Specifies that a filter list will be deleted.

<list_name 16> - Enter the prefic list name here. This name can be up to 16 characters long.

capability_orf_prefix_list - (Optional) Used to configure an outbound route filter prefix list capability. It can be sent with the following values:

receive - Enables the ORF prefix list capability in the receiving direction. The local router will install the prefix filter list notified by the remote router.

send - Enables the ORF prefix list capability in the sending direction. The local router will notify the remote router for the ORF prefix list capability.

both - Enables the ORF prefix list capability in both received and send directions.

none - Disable the ORF prefix list capability in both received and send directions.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This example shows how to configure the BGP neighbor ingress filter list for the peer group

“Campus” to List1:

DGS-3620-28PC:admin# config bgp neighbor filter peer_group Campus filter_list in add List1

Command: config bgp neighbor filter peer_group Campus filter_list in add List1

Success.

DGS-3620-28PC:admin#

12-29 show bgp peer_group

Description

The command is used to show the information of the BGP peer group.

Format show bgp peer_group {<peer_group_name 16>}

Parameters

Restrictions

None. (EI Mode Only Command)

peer_group - (Optional) Name of the BGP peer group. The length is up to 16 bytes.

<peer_group_name 16> - Enter the BGP peer group name here. This name can be up to 16 characters long.

It means to display all the BGP peer groups’ information that doesn’t specify the peer group name.

195

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

Show the information of the BGP peer group local1:

DGS-3620-28PC:admin# create bgp neighbor peer_group local1

Command: create bgp neighbor peer_group local1

Success.

DGS-3620-28PC:admin# create bgp neighbor 10.2.2.2 remote_as 10

Command: create bgp neighbor 10.2.2.2 remote_as 10

Success.

DGS-3620-28PC:admin# config bgp peer_group local1 add 10.2.2.2

Command: config bgp peer_group local1 add 10.2.2.2

Success.

DGS-3620-28PC:admin# show bgp peer_group local1

Command: show bgp peer_group local1

BGP Peer Group :local1

-----------------------------------------------------------------------

Description :

Session State : Enabled

Remote AS : 10

Advertisement Interval : 30 seconds

Keepalive Interval : 60 seconds

Holdtime Interval : 180 seconds

AS Origination Interval : 15 seconds

Connect Retry Interval : 120 seconds

EBGP Multihop : 1

Weight : 0

Members : 10.2.2.2

For Address Family IPv4 Unicast

Next Hop Self : Disabled

Route Reflector Client : Disabled

Send Community : None

Remove Private As : Disabled

AllowAS In : Disabled

Soft Reconfiguration Inbound : Disabled

Default Originate : Disabled

Outbound Route Filter (ORF) type (64) Prefix list:

Send Mode : Disabled

Receive Mode : Disabled

Prefix Max Count : 12000

Prefix Warning Threshold : 75

Prefix Warning Only : Disabled

DGS-3620-28PC:admin#

196

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

12-30 config bgp route_reflector cluster_id

Description

This command is used to configure the BGP process’s global attribute. The route reflector and its clients together form a cluster. When a single route reflector is deployed in a cluster, the cluster is identified by the router ID of the route reflector.

When the cluster ID is 0.0.0.0, the cluster is identified by the router ID. Otherwise, the cluster is identified by the cluster ID.

The BGP cluster_id command is used to assign a cluster ID to a route reflector when the cluster has one or more route reflectors. Multiple route reflectors are deployed in a cluster to increase redundancy and to avoid a single point of failure. When multiple route reflectors are configured in a cluster, they must be configured with the same cluster ID. This allows all route reflectors in the cluster to recognize updates from peers in the same cluster and reduces the number of updates that needs to be stored in BGP routing tables.

This command is only required for the reflector and not the client.

Format config bgp route_reflector cluster_id <ipaddr>

Parameters

cluster_id - Specifies the IP address of the cluster ID. Setting the cluster ID to 0.0.0.0 will remove specifications of the cluster ID. The default value is 0.0.0.0.

<ipaddr> - Enter the cluster ID's IP address here.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This example shows how to configure the cluster ID:

DGS-3620-28PC:admin# config bgp route_reflector cluster_id 10.100.200.1

Command: config bgp route_reflector cluster_id 10.100.200.1

Success.

DGS-3620-28PC:admin#

12-31 config bgp client_to_client_reflection

Description

This command is used to configure the BGP client to client reflection setting. If the reflection is disabled, then the router will not reflect routes from the route reflect client to other route reflect clients, but it will still send routes received from a non-reflecting client to a reflecting client.

197

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config bgp client_to_client_reflection [enable | disable]

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

enable - The reflector will operate in reflector mode.

disable - The reflector will operate in non-reflector mode.

Example

This example shows how to disable the client to client reflection:

DGS-3620-28PC:admin# config bgp client_to_client_reflection disable

Command: config bgp client_to_client_reflection disable

Success.

DGS-3620-28PC:admin#

12-32 config bgp confederation identifier

Description

This command is used to configure the BGP confederation. A confederation, which is represented by an AS, is a group of the sub AS.

A confederation can be used to reduce the internal BGP (iBGP) mesh by dividing a large single AS into multihop sub AS. External peers interact with the confederation as if it is a single AS.

Each sub AS is fully meshed within itself and it has connections to other sub AS within the confederation. The next hop, Multi Exit Discriminator (MED), and local preference information is preserved throughout the confederation, allowing you to retain a single Interior Gateway Protocol

(IGP) for all the autonomous systems.

Format config bgp confederation identifier <as_number 0-4294967295>

Parameters

<as_number 0-4294967295> - Autonomous System numbers which we use to specify a BGP confederation. If it is set to zero, the BGP confederation number is deleted. By default, this setting is zero. This value must be between 0 and 4294967295.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

198

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To create a confederation, AS number is 20:

DGS-3620-28PC:admin# config bgp confederation identifier 20

Command: config bgp confederation identifier 20

Success.

DGS-3620-28PC:admin#

12-33 config bgp confederation peers

Description

The command is used to configure multiple adjacent Autonomous Systems in a confederation. The

Autonomous Systems specified in this command are visible internally to the confederation. Each

Autonomous System is fully meshed within itself or configures route reflector.

Format config bgp confederation peers [add | delete] <aspath_list>

Parameters

peers - Specifies that a peer will be added or deleted.

add - Specifies that a peer will be added.

delete - Specifies that a peer will be deleted.

<aspath_list> - Enter the AS number for BGP peers that will belong to the confederation here.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To add two confederation peers, AS number are 50000 and 50001:

DGS-3620-28PC:admin# config bgp confederation peers add 50000,50001

Command: config bgp confederation peers add 50000,50001

Success.

DGS-3620-28PC:admin#

12-34 clear bgp

Description

This command is used to initiate a hard reset or a soft reset for a connection. If a soft reset is applied to the inbound session, the session will not be rebuilded but the local inbound routing table

199

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

will be cleared and needs to be rebuilt. If a soft reconfiguration inbound is enabled, then the routing table can be rebuilt based on the stored route updates information. If a soft reconfiguration inbound is disabled, then the local router will send the route refresh request to the neighbor to ask for the route refresh. When the inbound session is to soft reset with the prefix filter option, and capability_orf_prefix_list is enabled in the send direction, then the local BGP will send ‘clear the routing table’, and notify the remote neighbor for the prefix_filter. This is a way to notify the neighbor of the prefix filter whenever a change is made to the prefix filter. By default, if both the

IPv4 unicast and IPv6 unicast are not specified, the IPv4 unicast address family will be reset. If no

IP/IPv6 address or IP/IPv6 network are specified, the dampening information for the entire routing table of the IPv4 unicast or IPv6 unicast address family will be cleared. If both the IPv4 unicast and

IPv6 unicast are not specified, the dampening information for the IPv4 unicast routing table will be cleared.

Format clear bgp [all | neighbor_addr [<ipaddr> | <ipv6addr>] | as <as_number 1-4294967295> | peer_group <peer_group_name 16> | external] {[ipv4 | ipv6] unicast soft {[in {prefix_filter} | out]}}

Parameters

all - Specifies that all current BGP sessions will be reset.

neighbor_addr - Specifies to reset the session with the specified neighbor.

<ipaddr> - Enter the IPv4 address used for this configuration here.

<ipv6addr> - Enter the IPv6 address used for this configuration here.

as - Specifies to reset sessions with BGP peers in the specified Autonomous System.

<as_number 1-4294967295> - Enter the AS number used here. This value must be between

1 and 4294967295.

peer_group - Specifies to reset a peer group.

<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.

external - All eBGP sessions will be reset.

ipv4 unicast - Specifies to soft reset the IPv4 unicast address family.

ipv6 unicast - Specifies to soft reset the IPv6 unicast address family.

soft - (Optional) Initiates a soft reset. Does not tear down the session.

in - Initiates inbound reconfiguration. If neither in nor out keywords are specified, both inbound and outbound sessions are reset.

prefix_filter - The local site configured prefix filter will be notified to the remote neighbor when inbound soft reset is applied.

out - Initiates outbound reconfiguration.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To reset all Border Gateway Protocol (BGP) connections:

200

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# clear bgp all

Command: clear bgp all

Success.

DGS-3620-28PC:admin#

12-35 clear bgp dampening

Description

This command clears the route dampening information stored in the routing table. If no IP/IPv6 address or IP/IPv6 network is specified, the dampening information for the entire routing table of the IPv4 unicast or IPv6 unicast address family will be cleared. If both the IPv4 unicast and IPv6 unicast options are not specified, the dampening information for the IPv4 unicast routing table will be cleared.

Format clear bgp dampening {[ipv4 unicast {[<ipaddr> | <network_address>]} | [<ipaddr> |

<network_address>] | ipv6 unicast {[<ipv6addr> | <ipv6_networkaddr>]}]}

Parameters

ipv4 unicast - (Optional) Specifies to clear the dampening information for the IPv4 unicast address family.

<ipaddr> - Enter the IPv4 address used here.

<network_address> - Enter the IPv4 network address here.

ipv6 unicast - (Optional) Specifies to clear the dampening information for the IPv6 unicast address family.

<ipv6addr> - Enter the IPv6 address used here.

<ipv6_networkaddr> - Enter the IPv6 network address here.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To clear route dampening information for network 192.168.10.0/24 and free suppressed routes:

DGS-3620-28PC:admin# clear bgp dampening 192.168.10.0/24

Command: clear bgp dampening 192.168.10.0/24

Success.

DGS-3620-28PC:admin#

201

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

12-36 create bgp as_path access_list

Description

The command is used to create an Autonomous System path access list. You can apply an

Autonomous System path access lists to both inbound and outbound routes exchanged by a BGP peer session.

Format create bgp as_path access_list <list_name 16>

Parameters

access_list - Specifies the AS path access list name.

<list_name 16> - Enter the AS path access list name here. This name can be up to 16 characters long.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

The following example creates an Autonomous System path access list:

DGS-3620-28PC:admin# create bgp as_path access_list test

Command: create bgp as_path access_list test

Success.

DGS-3620-28PC:admin#

12-37 config bgp as_path access_list

Description

This command is used to configure matching rules for an Autonomous System path access list using regular expressions.

Format config bgp as_path access_list <list_name 16> [add | delete] <regexp_str 80> [deny | permit]

Parameters

access_list - Specifies the AS path access list name.

<list_name 16> - Enter the AS path access list name here. This name can be up to 16 characters long.

add - Specifies to add a matching rule.

delete - Specifies to delete a matching rule.

<reg_express> - Regular expression that defines the as_path filter.

202

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

deny - Denies advertisement based on matching conditions.

permit - Permits advertisement based on matching conditions.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This example configures a matching rule for an AS path access list:

DGS-3620-28PC:admin# create bgp as_path access_list test

Command: create bgp as_path access_list test

Success.

DGS-3620-28PC:admin# config bgp as_path access_list test add (_64[6-9][0-9][0-

9]_|_65[0-9][0-9][0-9]_) deny

Command: config bgp as_path access_list test add (_64[6-9][0-9][0-9]_|_65[0-

9][0-9][0-9]_) deny

Success.

DGS-3620-28PC:admin# config bgp as_path access_list test add .* permit

Command: config bgp as_path access_list test add .* permit

Success.

DGS-3620-28PC:admin#

12-38 delete bgp as_path access_list

Description

This command is used to delete an Autonomous System path access list.

Format delete bgp as_path access_list [list_name <list_name 16> | all]

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

list_name - Specifies the AS path access list name.

<list_name 16> - Enter the AS path access list name here. This name can be up to 16 characters long.

all - Specifies that all the AS path lists will be used.

203

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

This example deletes a matching rule for an AS path access list:

DGS-3620-28PC:admin# delete bgp as_path access_list list_name test

Command: delete bgp as_path access_list list_name test

Success.

DGS-3620-28PC:admin#

12-39 show bgp as_path access_list

Description

This command displays the Autonomous System path’s access list. If a specific access list is not specified, all AS path access lists will be displayed.

Format show bgp as_path access_list {<list_name 16>}

Parameters

access_list - Specifies the AS path access list name.

<list_name 16> - (Optional) Enter the AS path access list name here. This name can be up to

16 characters long.

Restrictions

None. (EI Mode Only Command)

Example

This example displays an AS path access list:

DGS-3620-28PC:admin# show bgp as_path access_list 1

Command: show bgp as_path access_list 1

BGP AS Path Access List : 1 deny (_64[6-9][0-9][0-9]_|_65[0-9][0-9][0-9]_) permit 33

Total Filter Entries: 2

Total AS Path Access List Number: 1

DGS-3620-28PC:admin#

12-40 create bgp community_list

Description

This command is used to create a BGP community list.

204

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format create bgp community_list [standard | expanded] <list_name 16>

Parameters

standard - Creates a standard named community list.

expanded - Creates an expanded named community list.

<list_name 16> - Enter the name of the community list that will be created here. This name can be up to 16 characters long.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To create a standard BGP community list:

DGS-3620-28PC:admin# create bgp community_list standard list1

Command: create bgp community_list standard list1

Success.

DGS-3620-28PC:admin#

12-41 config bgp community_list

Description

This command is used to configure the matching rule for the community access list. Mutliple rules can be defined for a community list. Each rule is either in the permit form or in the deny form. Each rule in the standard community list contains one community. A community string, which contains multiple communities, can be defined for a rule. A Route can be associated with a community string. To match a rule, two community strings must exact match. The built-in community strings including internet, local_as, no_advertise, and no_export. The user-defined community is 4-bytes long, with the leading two bytes representing the AS number and the trailing two bytes representing a user defined number. BGP community attributes exchanged between BGP peers is controlled by the neighbor send-community command. The community string associated with routes can be controlled by the route map. By default, the community string “internet” will be sent.

If the route map sets a community string, this community string will be added to the existing community string associated with the route. If permit rules exist in an access list, then routes with community that does not match any rule in the list will be denied. If there are no rules or only deny rules configured for the community list, all routes will be denied.

Format config bgp community_list [standard <list_name 16> [add | delete] {internet | local_as | no_advertise | no_export | community_set <community_set 80>}(1) [deny | permit] | expanded <list_name 16> [add | delete] <regexp_str 80> [deny | permit]]

205

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

standard - Configures a standard community list.

<list_name 16> - Enter the standard community list name here. This name can be up to 16 characters long.

add - Adds a rule to the community list.

delete - Deletes a rule from the community list.

internet - (Optional) Routes with this community will be sent to all peers either internal or external.

local_as - (Optional) Routes with this community will be sent to peers in the same AS, but will not be sent to peers in another sub AS in the same confederation and to the external peers.

no_advertise - Routes with this community will not be advertised to any peer either internal or external.

no_export - (Optional) Routes with this community will be sent to peers in the same AS or in other sub Autonomous Systems within a confederation, but will not be sent to an external BGP

(eBGP) peer.

community_set - (Optional) A community is 4 bytes long, including the 2 bytes’s for the

Autonomous System’s number and 2 bytes for the network number This value is configured with two 2-byte numbers separated by a colon. The valid range of both number are from 1 to

65535. A community set can be formed by multiple communities, separated by a comma.

<community_set 80> - Enter the community set value here. This value can be up to 80 characters long.

deny - To deny the routes if rule is matched.

permit - To permit the routes if rule is matched.

expanded - Configures an expanded community list.

<list_name 16> - Name of community list to be configured.

add - Adds a rule to the community list.

delete - Deletes a rule from the community list.

<regexp_str 80> - Enter the registration expiry string value here. This value can be up to 80 characters long.

deny - To deny the routes if rule is matched.

permit - To permit the routes if rule is matched.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This example creates a standard community list and configures permits routes from the network 10 in the Autonomous System 50000:10

DGS-3620-28PC:admin# create bgp community_list standard list1

Command: create bgp community_list standard list1

Success.

DGS-3620-28PC:admin# config bgp community_list standard list1 add community_set 50000:10 permit

Command: config bgp community_list standard list1 add community_set 50000:10 permit

Success.

DGS-3620-28PC:admin#

206

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

12-42 delete bgp community_list

Description

This command is used to delete a BGP community list.

Format delete bgp community_list [list_name <list_name 16> | all]

Parameters

list_name - Specifies the name of the community list to be deleted.

<list_name 16> - Enter the community list name here. This name can be up to 16 characters long.

all - Specifies that all the community lists will be used.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This example deletes the community list named as list1:

DGS-3620-28PC:admin# delete bgp community_list list_name test1

Command: delete bgp community_list list_name test1

Success.

DGS-3620-28PC:admin#

12-43 show bgp community_list

Description

This command is used to show a BGP community list.

Format show bgp community_list {<list_name 16>}

Parameters

community_list - Specifies the name of community list to be displayed.

<list_name 16> - (Optional) Enter the community list name here. This name can be up to 16 characters long.

Restrictions

None. (EI Mode Only Command)

207

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

This example displays the community list name as list1:

DGS-3620-28PC:admin# create bgp community_list standard list1

Command: create bgp community_list standard list1

Success.

DGS-3620-28PC:admin# config bgp community_list standard list1 add community_set

50000:10 permit

Command: config bgp community_list standard list1 add community_set 50000:10 permit

Success.

DGS-3620-28PC:admin# show bgp community_list list1

Command: show bgp community_list list1

Community List Name: list1

--------------------------------

Type : standard permit : 50000:10

DGS-3620-28PC:admin#

12-44 show bgp route

Description

This command is used to display route entries in the Border Gateway Protocol (BGP) routing table

Format show bgp route {[[regexp <desc 80> | inconsistent_as | cidr_only | filter_list <list_name 16>

| route_map <map_name 16> | community {community_set <community_set 80> | local_as | no_advertise | no_export | internet} {exact_match} | community_list <list_name 16>

{exact_match} | ipaddress <ipaddr> | network <network_address> {longer_prefixes} | prefix_list <list_name 16>] | ipv6 unicast {[regexp <desc 80> | inconsistent_as | filter_list

<list_name 16> | route_map <map_name 16> | community {community_set

<community_set80> | local_as | no_advertise | no_export | internet} {exact_match} | community_list <list_name 16> {exact_match} | ipv6_address <ipv6addr> | ipv6_network

<ipv6_networkaddr> {longer_prefixes} | ipv6_prefix_list <list_name 16>]} | ipv4 unicast

{[regexp <desc 80> | inconsistent_as | cidr_only | filter_list <list_name 16> | route_map

<map_name 16> | community {community_set <community_set 80> | local_as | no_advertise | no_export | internet} {exact_match} | community_list <list_name 16>

{exact_match} | ipaddress <ipaddr> | network <network_address> {longer_prefixes} | prefix_list <list_name 16>]}]

Parameters

regexp - (Optional) Display routes matching the AS path regular expression.

208

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

None. (EI Mode Only Command)

<desc 80> - A regular expression to match the BGP AS paths, must enclose in the quotes.

Can include blank space. The string can be up to 80 characters long.

inconsistent_as - (Optional) Display the routes if they have of same prefix and different AS path originate.

cidr_only - (Optional) Display only routes with non-natural network masks.

filter_list - (Optional) Display routes conforming to the filter list.

<list_name 16> - Enter the filter list name here. This name can be up to 16 characters long.

route_map - (Optional) Display routes matching the route map.

<map_name 16> - Enter the route map name here. This name can be up to 16 characters long.

community - (Optional) Display routes matching the communities.

community_set - (Optional) Specifies the community set here.

<community_set 80> - Enter the community set here. This value can be up to 80 characters long.

local_as - (Optional) Do not send outside local AS (well-known community).

no_advertise - (Optional) Do not advertise to any peer (well-known community).

no_export - (Optional) Do not export to next AS (well-known community).

internet - (Optional) Send to the Internet (well-known community>.

exact_match - (Optional) If specified, communities.need to match exactly.

community_list - (Optional) A community is in the form of <as_number> : <udn_number>. A community string can be formed by multiple communities, separated by a comma.

<list_name 16> - Enter the community list name here. This name can be up to 16 characters long.

exact_match - (Optional) If specified, communities.need to match exactly.

ipaddress - (Optional) Display the host route that matches the specified IP address.

<ipaddr> - Enter the IP address to be displayed here.

network - (Optional) Display the route that matches the specified network address.

<network_address> - Enter the network address to be displayed here.

longer_prefixes - (Optional) If specified, more specific routes will be also displayed.

prefix_list - (Optional) Display routes conforming to the prefix list

<list_name 16> - Specifies the list name for the specified prefix list, IP access list, or route map.

ipv6 unicast - Specifies to display routes for the IPv6 unicast address family.

ipv6address - (Optional) Display the host route that matches the specified IPv6 address.

<ipv6addr> - Enter the IPv6 address to be displayed here.

ipv6_network - (Optional) Display the route that matches the specified IPv6 network address.

<ipv6_networkaddr> - Enter the IPv6 network address to be displayed here.

ipv6_prefix_list - Displays routes conforming to the IPv6 prefix list.

<list_name 16> - Enter the IPv6 prefix list name here. This name can be up to 16 characters long.

ipv4 unicast - Specifies to display routes for the IPv4 unicast address family.

Example

The following example shows how to get the BGP route information:

DGS-3620-28PC:admin# show bgp route

Command: show bgp route

BGP local router ID is 10.0.40.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? – incomplete

209

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Network Gateway Metric LocPrf Weight Path

*> 10.10.10.0/24 172.16.10.1 0 0 300 10 i

*> 10.10.20.0/24 172.16.10.1 0 0 300 10 i

* 10.20.10.0/24 172.16.10.1 0 0 300 10 i

*dh 30.10.1.1/24 172.3.3.2 100 50 200 20 i

Total Entries :4

DGS-3620-28PC:admin# show bgp route cidr_only

Command: show bgp route cidr_only

BGP local router ID is 172.16.73.131

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? – incomplete

Network Gateway Metric LocPrf Weight Path

*> 192.0.0.0/8 172.16.72.24 0 1878 200 ?

*> 172.16.0.0/14 172.16.72.30 0 108 200 ?

Total Entries :2

DGS-3620-28PC:admin# show bgp route community_list communitylist

Command: show bgp route community_list ommunitylist

BGP local router ID is 192.168.32.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? – incomplete

Network Gateway Metric LocPrf Weight Path

* i10.3.0.0/16 10.0.22.1 0 100 1800 1239 ?

*>i10.3.0.0/16 10.0.16.1 0 100 1800 1239 ?

* i10.6.0.0/16 10.0.22.1 0 100 1800 690 568 ?

Total Entries :3

DGS-3620-28PC:admin# show bgp route filter_list filter_list_one

Command: show bgp route filter_list filter_list_one

BGP local router ID is 172.16.72.24

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? – incomplete

Network Gateway Metric LocPrf Weight Path

* 172.16.0.0/24 172.16.72.30 0 109 108 ?

* 172.16.1.0/24 172.16.72.30 0 109 108 ?

* 172.16.11.0/24 172.16.72.30 0 109 108 ?

* 172.16.14.0/24 172.16.72.30 0 109 108 ?

* 172.16.15.0/24 172.16.72.30 0 109 108 ?

* 172.16.16.0/24 172.16.72.30 0 109 108 ?

210

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Total Entries :6

DGS-3620-28PC:admin# show bgp route regexp “108$”

Command: show bgp route regexp “108$”

BGP local router ID is 172.16.72.24

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? – incomplete

Network Gateway Metric LocPrf Weight Path s 172.16.0.0/24 172.16.72.30 0 109 108 ? s 172.16.0.0/24 172.16.72.31 0 109 108 ?

* 172.16.1.0/24 172.16.72.30 0 109 108 ?

* 172.16.11.0/24 172.16.72.30 0 109 108 ?

* 172.16.14.0/24 172.16.72.30 0 109 108 ?

* 172.16.15.0/24 172.16.72.30 0 109 108 ?

* 172.16.16.0/24 172.16.72.30 0 109 108 ?

Total Entries :7

DGS-3620-28PC:admin# show bgp route inconsistent_as

Command: show bgp route inconsistent_as

BGP local router ID is 172.16.72.24

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? – incomplete

Network Gateway Metric LocPrf Weight Path

* 172.16.1.0/24 172.16.72.30 0 109 108 i

172.16.72.21 0 110 101 i

* 172.16.11.0/24 172.16.72.30 0 109 108 i

172.16.72.10 0 104 105 i

172.16.72.10 0 104 103 i

Total Entries :2

DGS-3620-28PC:admin# show bgp route network 2.2.2.0/24

Command: show bgp route network 2.2.2.0/24

BGP routing table entry for 2.2.2.0/24

Paths:(1 available, best #1, table: Default_IP_Routing_Table.)

Not advertised to any peer.

as path is:Local

next hop is:0.0.0.0 ,from 0.0.0.0 (local router_id is:192.168.1.1)

origin IGP, metric 100, localpref 0, weight 32768, sourced, best

Community: no_advertise

DGS-3620-28PC:admin#

211

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

12-45 show bgp neighbors

Description

This command is used to display BGP and TCP connections with the BGP neighbor or routing table entries containing a BGP neighbor. To display BGP and TCP connection information for neighbor sessions, or routing table entries with BGP neighbor. For BGP, this includes detailed neighbor attribute, capability, path, and prefix information. For TCP, this includes statistics related to BGP neighbor session establishment and maintenance. If both the IPv4 unicast and IPv6 unicast are not specified, information for the IPv4 unicast will be displayed.

Format show bgp neighbors {[<ipaddr> | <ipv6addr>] {[{[ipv4 | ipv6] unicast} [advertised_routes | received_routes | routes | received_prefix_filter] | statistics]}}

Parameters

Restrictions

None. (EI Mode Only Command)

neighbors - Detailed information about TCP and BGP neighbor connections.

<ipaddr> - (Optional) Enter the IPv4 address used for the configuration here.

<ipv6addr> - (Optional) Enter the IPv6 address used for the configuration here.

ipv4 unicast - (Optional) Specifies to display routes for the IPv4 unicast address family.

ipv6 unicast - (Optional) Specifies to display routes for the IPv6 unicast address family.

advertised_routes - (Optional) Displays the routes advertised to a BGP neighbor.

received_routes - (Optional) Displays the routes received from this neighbor.

routes - (Optional) Displays routes in the routing table learned from the neighbor.

received_prefix_filter - (Optional) Displays the prefix filter information that is received from a

BGP neighbor.

statistics - (Optional) Displays the statistical information learned.

Example

To show the BGP neighbor or routes relative to one neighbor:

DGS-3620-28PC:admin# show bgp neighbor 10.10.10.2

Command: show bgp neighbors 10.10.10.2

BGP neighbor: 10.10.10.2 (Internal Peer)

-----------------------------------------------

Session State : Enabled

Remote AS : 1111

Remote Router ID : 3.3.3.3

BGP State : Established (UP for 00:19:12)

Hold Time : 9 Seconds

Keepalive Interval : 3 Seconds

Advertisement Interval : 5 Seconds

AS Origination Interval : 15 Seconds

Connect Retry Interval : 120 Seconds

EBGP Multihop : 255

Weight : 0

212

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

For Address Family IPv4 Unicast

IPv4 Unicast : Advertised and Received

Next Hop Self : Disabled

Remove Private As : Disabled

AllowAS In : Disabled

Soft Reconfiguration Inbound : Disabled

Send Community : None

Default Originate : Disabled

Outbound Route Filter (ORF) type (64) Prefix list:

Send Mode : Disabled

Receive Mode : Disabled

Prefix Max Count : 12000

Prefix Warning Threshold : 75

Prefix Warning Only : Disabled

DGS-3620-28PC:admin# show bgp neighbor 172.16.232.178 advertised_routes

Command: show bgp neighbor 172.16.232.178 advertised_routes

BGP local router ID is 172.16.232.181

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Gateway Metric LocPrf Weight Path

*>i 10.0.0.0/24 172.16.232.179 0 100 0 ?

*> 10.20.2.0/24 0.0.0.0 0 32768 i

Total Entries :2

DGS-3620-28PC:admin# show bgp neighbor 172.16.232.178 received_routes

Command: show bgp neighbor 172.16.232.178 received_routes

BGP local router ID is 172.16.232.181

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Gateway Metric LocPrf Weight Path

*>i10.0.0.0/24 172.16.232.179 0 100 0 ?

*> 10.20.2.0/24 0.0.0.0 0 32768 i

Total Entries :2

DGS-3620-28PC:admin# show bgp neighbors 172.16.232.178 received_prefix_filter

Command: show bgp neighbors 172.16.232.178 received_prefix_filter

Ip prefix-list 172.16.232.181: 1 entries

Seq 5 deny 10.0.0.0/8 le 32

Total Entries :1

213

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show bgp neighbors 172.16.232.178 routes

Command: show bgp neighbors 172.16.232.178 routes

BGP local router ID is 10.0.40.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? – incomplete

Network Gateway Metric LocPrf Weight Path

*> 10.10.10.0/24 172.16.10.1 0 0 300 10 i

*> 10.10.20.0/24 172.16.10.1 0 0 300 10 i

* 10.20.10.0/24 172.16.10.1 0 0 300 10 i

*dh 30.10.1.1/24 172.3.3.2 100 50 200 20 i

Total Entries :4

DGS-3620-28PC:admin#

12-46 show bgp dampened_routes

Description

This command is used to display dampened entries in the Border Gateway Protocol (BGP) routing table. If both the IPv4 unicast and IPv6 unicast are not specified, routes for the IPv4 unicast address family will be displayed.

Format show bgp dampened_routes {[ipv4 | ipv6] unicast}

Parameters

ipv4 unicast – (Optional) Specifies to display dampened routes for the IPv4 unicast address family.

ipv6 unicast – (Optional) Specifies to display dampened routes for the IPv6 unicast address family.

Restrictions

None. (EI Mode Only Command)

Example

To show the BGP dampened routes’ information:

214

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show bgp dampened_routes

Command: show bgp dampened_routes

BGP local router ID is 172.29.232.182

Status codes: s suppressed, d damped, h history, * valid, > best, i -internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network From Reuse Path

*d 10.0.0.0/16 172.16.232.177 00:18:4 100 ?

*d 10.2.0.0/16 172.16.232.177 00:28:5 100 ?

Total Entries :2

DGS-3620-28PC:admin#

12-47 show bgp flap_statistics

Description

This command is used to display flap entries in the Border Gateway Protocol’s (BGP) routing table.

If both the IPv4 unicast and IPv6 unicast are not specified, routes for the IPv4 unicast address family will be displayed.

Format show bgp flap_statistics {[ipv4 | ipv6] unicast}

Parameters

ipv4 unicast – (Optional) Specifies to display flap statistics for the IPv4 unicast address family.

ipv6 unicast – (Optional) Specifies to display flap statistics for the IPv6 unicast address family.

Restrictions

None. (EI Mode Only Command)

Example

To show flap BGP routes information:

215

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show bgp flap_statistics

Command:show bgp flap_statistics

BGP local router ID is 172.29.232.182

Status codes: s suppressed, d damped, h history, * valid, > best, i –internal

Origin codes: i - IGP, e - EGP, ? – incomplete

Network From Flaps Duration Reuse Path

*d 10.0.0.0/16 172.29.232.177 4 00:13:31 00:18:10 100 ?

*d 10.2.0.0/16 172.29.232.177 4 00:02:45 00:28:20 100 i

Total Entries :2

DGS-3620-28PC:admin#

12-48 show bgp

Description

This command is used to display BGP configuration and summary of the BGP status. If both the

IPv4 unicast and IPv6 unicast are not specified, summary information for the IPv4 unicast address family will be displayed.

Format show bgp {summary {[ipv4 | ipv6 ] unicast}}

Parameters

summary - (Optional) Specifies that the summary of the BGP status will be included in the display.

ipv4 unicast - Specifies to display summary information for IPv4 unicast.

ipv6 unicast - Specifies to display summary information for IPv6 unicast.

Restrictions

None. (EI Mode Only Command)

Example

This example displays the BGP setting:

DGS-3620-28PC:admin# show bgp

Command: show bgp

BGP Global State : Disabled

Version : 4

BGP Router Identifier : 10.90.90.90

Synchronization : Enabled

Enforce First AS : Enabled

Local AS number : 100

Scan Time : 60

216

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Hold Time : 300 Seconds

Keepalive Interval : 100 Seconds

Always Compare MED : Disabled

Deterministics MED : Disabled

Med Confed : Disabled

Default Local Preference : 200

AS Path Ignore : Disabled

Compare Router ID : Enabled

MED Missing as Worst : Disabled

Compare Confederation Path : Disabled

Fast External Fallover : Enabled

Aggregate Next Hop Check : Disabled

BGP Trap : None

DGS-3620-28PC:admin# show bgp summary

Command: show bgp summary

BGP Router Identifier : 172.16.1.1 local AS number : 100

Dampening : Enabled

BGP AS Path Entries : 10

BGP Community Entries : 7

Neighbor Ver AS MsgRcvd MsgSent Up/Down State/PfxRcvd

----------- --- -- ------- ------- ------- -------------

10.100.1.1 4 200 26 22 00:14:23 23

10.200.1.1 4 300 21 51 00:13:40 0

10.200.1.5 4 300 21 5 00:10:05 Idle

Total Number of Neighbors:3

DGS-3620-28PC:admin#

12-49 show bgp reflection

Description

This command is used to display the route reflection configuration of BGP. If both the IPv4 unicast and IPv6 unicast are not specified, the reflection information for the IPv4 unicast will be displayed.

Format show bgp reflection {[ipv4 | ipv6] unicast}

Parameters

Restrictions

None. (EI Mode Only Command)

ipv4 unicast - Specifies to display reflection information for IPv4 unicast.

ipv6 unicast - Specifies to display reflection information for IPv6 unicast.

217

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

This example displays the BGP reflection setting:

DGS-3620-28PC:admin# show bgp reflection

Command: show bgp reflection

Client to Client Reflection State : Disabled

Cluster ID : 0.0.0.0

Router Reflector Client:

10.1.1.20

10.1.1.30

DGS-3620-28PC:admin#

12-50 show bgp confederation

Description

This command is used to display the confederation configuration of BGP.

Format show bgp confederation

Parameters

None.

Restrictions

None. (EI Mode Only Command)

Example

This example displays the BGP confederation setting:

DGS-3620-28PC:admin# show bgp confederation

Command: show bgp confederation

BGP as number : 65501

Confederation identifier : 10

Confederation Peer : 65502,65503

Neighbor list:

IP address Remote AS number

--------------- --------------------

192.168.1.1 65502

192.168.1.2 65503

192.168.1.3 65501

DGS-3620-28PC:admin#

218

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

12-51 config bgp trap

Description

This command is used to configure the BGP trap state.

Format config bgp trap [peer_established | peer_idle | all] [enable | disable]

Parameters

peer_established - Enable or disable the sending of the peer established trap. This default value is disabled.

peer_idle - Enable or disable the sending of the peer idle trap. This default value is disabled.

all - Enable or disable the sending of both the peer idle and established trap. This default value is disabled.

enable - Specifies that the trap feature will be enabled.

disable - Specifies that the trap feature will be disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This example disables the BGP peer idle trap state:

DGS-3620-28PC:admin# config bgp trap peer_idle disable

Command: config bgp trap peer_idle disable

Success.

DGS-3620-28PC:admin#

12-52 show bgp trap_state

Description

This command is used to show the BGP trap state.

Format show bgp trap_state

Parameters

None.

Restrictions

None. (EI Mode Only Command)

219

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

This example displays the BGP trap state:

DGS-3620-28PC:admin# show bgp trap_state

Command: show bgp trap_state

BGP Trap State :

BGP Peer Established : Enabled

BGP Peer Idle : Enabled

DGS-3620-28PC:admin#

12-53 config bgp scan_timer

Description

This command is used to configure the BGP scan timer value. BGP will check the next hop whether it is reachable from the BGP route before the timer expires.

Format config bgp scan_timer [<sec 5-60> | default]

Parameters

<sec 5-60> - Set the BGP scan timer value from 5 to 60 seconds. Default is 60 seconds

default - Set the BGP scan timer to the default value.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This example configures the BGP scan timer to 30 seconds:

DGS-3620-28PC:admin# config bgp scan_timer 30

Command: config bgp scan_timer 30

Success.

DGS-3620-28PC:admin#

12-54 config bgp aggregate_next_hop_check

Description

This command is used to configure the BGP aggregated routes’ next hop check. Only the routes with the same next hop attribute can be aggregated if the BGP aggregate next hop check is enabled.

220

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config bgp aggregate_next_hop_check [enable | disable]

Parameters

enable - Specifies that the BGP aggregate next hop check will be enabled.

disable - Specifies that the BGP aggregate next hop check will be disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This is an example of configuring the BGP aggregate next hop check:

DGS-3620-28PC:admin# config bgp aggregate_next_hop_check enable

Command: config bgp aggregate_next_hop_check enable

Success.

DGS-3620-28PC:admin#

12-55 config bgp fast_external_fallover

Description

This command configures a Border Gateway Protocol (BGP) routing process to immediately reset its external BGP peer sessions if the link used to reach these peers goes down,

Format config bgp fast_external_fallover [enable | disable]

Parameters

enable - To enable BGP fast external fallover flag. Default is enabled.

disable - To disable BGP fast external fallover.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This example disables BGP fast external fallver:

221

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# config bgp fast_external_fallover disable

Command: config bgp fast_external_fallover disable

Success.

DGS-3620-28PC:admin#

12-56 config bgp neighbor maximum_prefix

Description

This command is used to configure the BGP neighbor maximum prefix.

Format config bgp neighbor maximum_prefix [<ipaddr> | <ipv6addr> | peer_group

<peer_group_name 16>] [<value 1-12000> {<value 1-100>} {warning_only} | ipv4 unicast

<value 1-12000> {<value 1-100>} {warning_only} | ipv6 unicast <value 1-6000> {<value 1-

100>} {warning_only}]

Parameters

<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.

<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.

peer_group - Specifies the peer group to be configured.

<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.

<value 1-12000> - Maximum number of prefixes allowed from the specified neighbor. The default is 12000.

<value 1-100> - (Optional) Integer specifying at what percentage the maximum prefix limit that the router starts to generate a warning message. The range is from 1 to 100; the default is 75.

warning_only - (Optional) Allows the router to generate a log message when the maximum prefix limit is exceeded, instead of terminating the peering session.

ipv4 unicast - Specifies to configure the IPv4 unicast address family.

ipv6 unicast - Specifies to configure the IPv6 unicast address family.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This example sets the maximum number of prefixes that will be accepted from the neighbor

192.168.1.1 to 5000, when 50 percent of the maximum prefix limit has been reached. This will display a warning message:

DGS-3620-28PC:admin# config bgp neighbor maximum_prefix 192.168.1.1 5000 50

Command: config bgp neighbor maximum_prefix 192.168.1.1 5000 50

Success.

DGS-3620-28PC:admin#

222

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

12-57 clear bgp flap_statistics

Description

The command is used to clear the accumulated penalties for routes that have been received on a router that has BGP dampening enabled. If no IP/IPv6 address or IP/IPv6 network are specified, flap statistics of the IPv4 unicast or IPv6 unicast address family are cleared for all routes. If both the IPv4 unicast and IPv6 unicast are not specified, flap statistics of IPv4 unicast are cleared.

Format clear bgp flap_statistics {[ipv4 unicast {[<ipaddr> | <network_address>]} | [<ipaddr> |

<network_address>] | ipv6 unicast {[<ipv6addr> | <ipv6_networkaddr>]}]}

Parameters

ipv4 unicast – (Optional) Specifies to clear the dampening information for the IPv4 unicast address family.

<ipaddr> - Enter the IPv4 address used here.

<network_address> - Enter the IPv4 network address here.

ipv6 unicast – (Optional) Specifies to clear the dampening information for the IPv6 unicast address family.

<ipv6addr> - Enter the IPv6 address used here.

<ipv6_networkaddr> - Enter the IPv6 network address here.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

This is an example to clear the route dampening flap statistics of network 192.168.1.0/24:

DGS-3620-28PC:admin# clear bgp flap_statistics 192.168.1.0/24

Command: clear bgp flap_statistics 192.168.1.0/24

Success.

DGS-3620-28PC:admin#

223

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 13 BPDU Attack

Protection Commands

config bpdu_protection ports [<portlist> | all] {state [enable | disable] | mode [drop | block | shutdown]}(1)

config bpdu_protection recovery_timer [<sec 60-1000000> | infinite]

config bpdu_protection [trap | log] [none | attack_detected | attack_cleared | both]

enable bpdu_protection disable bpdu_protection

show bpdu_protection {ports {<portlist>}}

13-1 config bpdu_protection ports

Description

This command is used to configure port state and mode for BPDU protection.

Format config bpdu_protection ports [<portlist> | all] {state [enable | disable] | mode [drop | block | shutdown]} (1)

Parameters

<portlist> - Enter a range of ports to be configured.

all - Specifies to set all ports in the system.

state - Specifies the BPDU protection state. The default state is disabled.

enable - Enable the BPDU protection state.

disable - Disable the BPDU protection state.

mode - Specifies the BPDU protection mode. The default mode is shutdown.

drop - Specifies to drop all received BPDU packets when the port enters the under attack state.

block - Specifies to drop all packets (include BPDU and normal packets) when the port enters the under attack state.

shutdown- Specifies to shut down the port when the port enters the under attack state.

Note: Only shutdown mode will make port link down, If the port status is Err-disabled but port link is up, please check “show ports err-disabled” command for the reason.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure port state to enable and drop mode:

224

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#config bpdu_protection ports 1 state enable mode drop

Command: config bpdu_protection ports 1 state enable mode drop

Success.

DGS-3620-28PC:admin#

13-2 config bpdu_protection recovery_timer

Description

When a port enters the under attack state, it can be disabled or blocked based on the configuration.

The state can be recovered manually or by the auto recovery mechanism. This command is used to configure the auto-recovery timer. To manually recover the port, the user needs to disable and re-enable the port.

Format config bpdu_protection recovery_timer [<sec 60-1000000> | infinite]

Parameters

<sec 60-1000000> - Enter the timer (in seconds) used by the Auto-recovery mechanism to recover the port. The valid range is 60 to 1000000. Auto-recovery time is 60 seconds by default.

infinite - Specifies the port will not be auto recovered.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the BPDU protection recovery timer to 120 seconds for the entire switch:

DGS-3620-28PC:admin#config bpdu_protection recovery_timer 120

Command: config bpdu_protection recovery_timer 120

Success.

DGS-3620-28PC:admin#

13-3 config bpdu_protection

Description

This command is used to configure the BPDU protection trap state or log state.

Format config bpdu_protection [trap | log] [none | attack_detected | attack_cleared | both]

225

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

trap - Specifies the trap state.

log - Specifies the log state.

none - Specifies neither attack_detected nor attack_cleared is trapped or logged.

attack_detected - Specifies events will be logged or trapped when the BPDU attacks is detected.

attack_cleared - Specifies events will be logged or trapped when the BPDU attacks is cleared.

both - Specifies the events of attack_detected and attack_cleared shall be trapped or logged.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the BPDU protection trap state as both for the entire switch:

DGS-3620-28PC:admin#config bpdu_protection trap both

Command: config bpdu_protection trap both

Success.

DGS-3620-28PC:admin#

13-4 enable bpdu_protection

Description

This command is used to enable BPDU protection globally for the entire switch.

Format enable bpdu_protection

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable BPDU protection for the entire switch:

DGS-3620-28PC:admin#enable bpdu_protection

Command: enable bpdu_protection

Success.

DGS-3620-28PC:admin#

226

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

13-5 disable bpdu_protection

Description

This command is used to disable BPDU protection globally for the entire switch.

Format disable bpdu_protection

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To disable BPDU protection:

DGS-3620-28PC:admin#disable bpdu_protection

Command: disable bpdu_protection

Success.

DGS-3620-28PC:admin#

13-6 show bpdu_protection

Description

This command is used to display BPDU protection global configuration or per port configuration and current status.

Format show bpdu_protection {ports {<portlist>}}

Parameters

ports - (Optional) Specifies all ports to be displayed.

<portlist> - (Optional) Specifies a range of ports to be displayed.

Restrictions

None.

227

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To display BPDU protection information for the entire switch:

DGS-3620-28PC:admin#show bpdu_protection

Command: show bpdu_protection

BPDU Protection Global Settings

---------------------------------------

BPDU Protection Status : Disabled

BPDU Protection Recover Time : 60 seconds

BPDU Protection Trap State : None

BPDU Protection Log State : Both

DGS-3620-28PC:admin#

To display BPDU protection status for ports 1 to 3:

DGS-3620-28PC:admin#show bpdu_protection ports 1-3

Command: show bpdu_protection ports 1-3

Port State Mode Status

----- ----------- ---------- -----------

1 Disabled Shutdown Normal

2 Disabled Shutdown Normal

3 Disabled Shutdown Normal

DGS-3620-28PC:admin#

228

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 14 Cable Diagnostics

Commands

cable_diag ports [<portlist> | all]

14-1 cable_diag ports

Description

This command is used to test copper cabling.

For 10/100Based-TX link speed RJ45 cables, two pairs of cables will be diagnosed.

For 1000Base-T link speed RJ45 cables, four pairs of cables will be diagnosed.

The type of cable errors can be open, short, or crosstalk.

Open means that the cable in the error pair does not have a connection at the specified position.

Short means that the cables in the error pair has a short problem at the specified position.

Crosstalk means that the cable in the error pair has a crosstalk problem at the specified position.

For Gigabit Ethernet ports:

• Where the link partner is powered on with no errors and the link is up, this command can detect the cable length.

• Where the link partner is powered on with errors, this command can detect whether the error is open, short, or crosstalk. In this case this command can also detect the distance of the error.

• Where the link partner is powered down with no errors and the link is down, this command can detect the cable length.

• When the link partner is powered down with errors, this command can detect whether the error is open, short, or crosstalk. In this case this command can also detect the distance of the error.

• When there is no link partner with no errors, this command cannot detect the cable length.

• When there is no link partner with errors, this command can detect whether the error is open, short, or crosstalk. In this case this command can also detect the distance of the error.

The Cable length range that can be detected is as follows:

• Smaller than 50m (<50m)

• Between 50m and 80m (50m~80m)

229

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

• Between 80m and 100m (80m~100m)

• Greater than 100m (>100m)

Note: This test will consume a low number of packets. Since this test is for copper cable, the port with fiber cable will be skipped from the test.

Format cable_diag ports [<portlist> | all]

Parameters

Restrictions

None.

<portlist> - Enter a range of ports to be configured.

all – Specify to set all ports in the system.

Example

To test the cable on ports 1 to 4, and 8:

230

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# cable_diag ports 1:1-1:10,1:21

Command: cable_diag ports 1:1-1:10,1:21

Perform Cable Diagnostics ...

Port Type Link Status Test Result Cable Length

(M)

------ ---------- ------------- ---------------------------- ------------

1:1 1000BASE-T Link Up OK 65

1:2 1000BASE-T Link Up OK -

1:3 1000BASE-T Link Down Shutdown 25

1:4 1000BASE-T Link Down Shutdown -

1:5 1000BASE-T Link Down Unknown -

1:6 1000BASE-T Link Down Pair 1 Crosstalk at 30M -

Pair 2 Crosstalk at 30M

Pair 3 OK at 110M

Pair 4 OK at 110M

1:7 1000BASE-T Link Down NO Cable -

1:8 1000BASE-T Link Down Pair 1 Open at 16M -

Pair 2 Open at 16M

Pair 3 OK at 50M

Pair 4 OK at 50M

1:9 1000BASE-T Link Down Pair 1 Short at 5M -

Pair 2 Short at 5M

Pair 3 OK at 110M

Pair 4 OK at 110M

1:10 1000BASE-T Link Down Pair 1 Unknown -

Pair 2 Short at 5M

Pair 3 OK at 110M

Pair 4 OK at 110M

1:21 1000BASE-X Link Up Unknown -

DGS-3620-28PC:admin#

231

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 15 CFM Commands

create cfm md <string 22> {md_index <uint 1-4294967295>} level <int 0-7>

config cfm md [<string 22> | md_index <uint 1-4294967295>] {mip [none | auto | explicit] | sender_id [none | chassis | manage | chassis_manage]}(1)

create cfm ma <string 22> {ma_index <uint 1-4294967295>} md [<string 22> | md_index <uint 1-

4294967295>]

config cfm ma [<string 22> | ma_index <uint 1-4294967295>] md [<string 22> | md_index <uint 1-

4294967295>] {vlanid <vlanid 1-4094> | mip [none | auto | explicit | defer] | sender_id [none | chassis | manage | chassis_manage | defer] | ccm_interval [3.3ms | 10ms | 100ms | 1sec |

10sec | 1min | 10min] | mepid_list [add | delete] <mepid_list 1-8191> | mode [software | hardware]}(1)

create cfm mep <string 32> mepid <int 1-8191> md [<string 22> | md_index <uint 1-

4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>] direction [inward | outward] port <port>

config cfm mep [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-

4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {state [enable | disable] | ccm [enable | disable] | pdu_priority <int 0-7> | fault_alarm [all | mac_status | remote_ccm | error_ccm | xcon_ccm | none] | alarm_time <centisecond 250-1000> | alarm_reset_time

<centisecond 250-1000>}(1)

delete cfm mep [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-

4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]

delete cfm ma [<string 22> | ma_index <uint 1-4294967295>] md [<string 22> | md_index <uint 1-

4294967295>]

delete cfm md [<string 22> | md_index <uint 1-4294967295>]

enable cfm disable cfm

config cfm ports <portlist> state [enable | disable]

show cfm ports <portlist>

show cfm {[md [<string 22> | md_index <uint 1-4294967295>] {ma [<string 22> | ma_index <uint

1-4294967295>] {mepid <int 1-8191>}} | mepname <string 32>]}

show cfm fault {md [<string 22> | md_index <uint 1-4294967295>] {ma [<string 22> | ma_index

<uint 1-4294967295>]}}

show cfm port <port> {level <int 0-7> | direction [inward | outward] | vlanid <vlanid 1-4094>}

cfm lock md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-

4294967295>] mepid <int 1-8191> remote_mepid <int 1-8191> action [start | stop]

cfm loopback <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {num

<int 1-65535> | [length <int 0-1500> | pattern <string 1500>] | pdu_priority <int 0-7>}

cfm linktrace <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index

<uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {ttl <int 2-255> | pdu_priority <int 0-7>}

show cfm linktrace [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint

1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {trans_id <uint>}

delete cfm linktrace {[md [<string 22> | md_index <uint 1-4294967295>] {ma [<string 22> | ma_index <uint 1-4294967295>] {mepid <int 1-8191>}} | mepname <string 32>]}

config cfm mp_ltr_all [enable | disable]

show cfm mipccm show cfm mp_ltr_all

show cfm pkt_cnt {[ports <portlist> {[rx | tx]} | [rx | tx] | ccm]}

clear cfm pkt_cnt {[ports <portlist> {[rx | tx]} | [rx | tx] | ccm]}

show cfm remote_mep [mepname <string 32> | md [<string 22> | md_index <uint 1-

4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>] mepid <int 1-8191>] remote_mepid <int 1-8191>

config cfm ais md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index

232

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<uint 1-4294967295>] mepid <int 1-8191> {period [1sec | 1min] | level <int 0-7> | state

[enable | disable]}

config cfm lock md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index

<uint 1-4294967295>] mepid <int 1-8191> {period [1sec | 1min] | level <int 0-7> | state

[enable | disable]}

config cfm trap [ais | lock] state [enable | disable]

cfm dm <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint

1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {period:interval

[100ms:1sec | 1sec:10sec | 10sec:1min] | percentile <int 0-100> | pdu_priority <int 0-7>}

cfm lm <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint

1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {period [100ms | 1sec |

10sec] | pdu_priority <int 0-7>}

clear cfm dm {[mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-

4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]} {[results | statistics]}

clear cfm lm {[mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-

4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]} {[results | statistics]}

config cfm dm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-

4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] state [enable | disable]

config cfm lm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-

4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] state [enable | disable]

show cfm dm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-

4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]

show cfm lm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-

4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]

15-1 create cfm md

Description

This command is used to create a CFM maintenance domain.

Format create cfm md <string 22> {md_index <uint 1-4294967295>} level <int 0-7>

Parameters

<string 22> - Enter the maintenance domain name used here. This name can be up to 22 characters long.

md_index - Specifies the maintenance domain index used.

<uint 1-4294967295> - Enter the maintenace domain index value used here. This value must be between 1 and 4294967295.

level - Specifies the maintenance domain level.

<int 0-7> - Enter the maintenance domain level from 0 to 7.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To create a CFM maintenance domain called “op_domain” and assign a maintenance domain level of “2”:

233

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#create cfm md op_domain level 2

Command: create cfm md op_domain level 2

Success.

DGS-3620-28PC:admin#

15-2 config cfm md

Description

This command is used to configure the parameters of a maintenance domain. The creation of

MIPs on an MA is useful to trace the link, MIP by MIP. It also allows the user to perform a loopback from an MEP to an MIP.

Format config cfm md [<string 22> | md_index <uint 1-4294967295>] {mip [none | auto | explicit] | sender_id [none | chassis | manage | chassis_manage]}(1)

Parameters

<string 22> - Enter the maintenance domain name used here. This name can be up to 22 characters long.

md_index - Specifies the maintenance domain index used.

<uint 1-4294967295> - Enter the maintenace domain index value used here. This value must be between 1 and 4294967295.

mip - (Optional) This is the control creations of MIPs.

none - Do not create MIPs. This is the default value.

auto - MIPs can always be created on any port in this MD if the port is not configured with an

MEP of this MD.

explicit - MIPs can only be created on any port in this MD if the next existing lower level has an MEP configured on that port, and that port is not configured with an MEP of this MD.

sender_id - (Optional) This is the control transmission of the sender ID TLV.

none - Do not transmit the sender ID TLV. This is the default value.

chassis - Transmit the sender ID TLV with the chassis ID information.

manage - Transmit the sender ID TLV with the managed address information.

chassis_manage - Transmit the sender ID TLV with chassis ID information and manage address information.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To configure the maintenance domain called “op_domain” and specify the explicit option for creating MIPs:

DGS-3620-28PC:admin#config cfm md op_domain mip explicit

Command: config cfm md op_domain mip explicit

Success.

234

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#

15-3 create cfm ma

Description

This command is used to create a maintenance association. Different MAs in a MD must have different MA Names. Different MAs in different MDs may have the same MA Name.

Format create cfm ma <string 22> {ma_index <uint 1-4294967295>} md [<string 22> | md_index

<uint 1-4294967295>]

Parameters

<string 22> - Enter the maintenance association name used here. This name can be up to 22 characters long.

ma_index - Specifies the maintenance association index used.

<uint 1-4294967295> - Enter the maintenance association index value used here. This value must be between 1 and 4294967295.

md - Specifies the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index - Specifies the maintenance domain index used.

<uint 1-4294967295> - Enter the maintenance domain index value used here. This value must be between 1 and 4294967295.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To create a maintenance association called “op1” and assign it to the maintenance domain

“op_domain”:

DGS-3620-28PC:admin#create cfm ma op1 md op_domain

Command: create cfm ma op1 md op_domain

Success.

DGS-3620-28PC:admin#

15-4 config cfm ma

Description

This command is used to configure the parameters of a maintenance association. The MEP list specified for an MA can be located in different devices. MEPs must be created on the ports of these devices explicitly. An MEP will transmit a CCM packet periodically across the MA. The receiving MEP will verify these received CCM packets from the other MEPs against this MEP list for the configuration integrity check.

235

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config cfm ma [<string 22> | ma_index <uint 1-4294967295>] md [<string 22> | md_index

<uint 1-4294967295>] {vlanid <vlanid 1-4094> | mip [none | auto | explicit | defer] | sender_id

[none | chassis | manage | chassis_manage | defer] | ccm_interval [3.3ms | 10ms | 100ms |

1sec | 10sec | 1min | 10min] | mepid_list [add | delete] <mepid_list 1-8191> | mode [software

| hardware]}(1)

Parameters

<string 22> - Enter the maintenance association name. The maximum length is 22 characters.

ma_index - Specifies the maintenance association index used.

<uint 1-4294967295> - Enter the maintenance association index value used here. This value must be between 1 and 4294967295.

md - Specifies the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index - Specifies the maintenance domain index used.

<uint 1-4294967295> - Enter the maintenance domain index value used here. This value must be between 1 and 4294967295.

vlanid - (Optional) Specifies the VLAN Identifier. Different MAs must be associated with different

VLANs.

<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.

mip - (Optional) This is the control creation of MIPs.

none - Do not create MIPs.

auto - MIPs can always be created on any port in this MA if that port is not configured with an

MEP of that MA.

explicit - MIPs can be created on any ports in this MA only if the next existing lower level has an MEP configured on that port, and that port is not configured with an MEP of this MA.

defer - Inherit the setting configured for the maintenance domain that this MA is associated with. This is the default value.

sender_id - (Optional) This is the control transmission of the sender ID TLV.

none - Do not transmit the sender ID TLV.

chassis - Transmit the sender ID TLV with the chassis ID information.

manage - Transmit the sender ID TLV with the manage address information.

chassis_manage - Transmit the sender ID TLV with the chassis ID information and the manage address information.

defer - Inherit the setting configured for the maintenance domain that this MA is associated with.

ccm_interval - (Optional) Specifies the CCM interval.

3.3ms - 3.3 milliseconds. Only work in CFM hardware mode.

10ms - 10 milliseconds. Only works in CFM hardware mode.

100ms - 100 milliseconds. Not recommended in CFM software mode.

1sec - One second.

10sec - Ten seconds. This is the default value.

1min - One minute.

10min - Ten minutes.

mepid_list - (Optional) Specifies the MEPIDs contained in the maintenance association.

add - Add MEPID(s).

delete - Delete MEPID(s).

<mepid_list 1-8191> - Enter the MEPIDs contained in the maintenance association. The range of the MEPID is 1 to 8191.

mode - (Optional) Specifies the mode of the MA.

software - Specifies that the MA will work in the CFM software mode. This is the default value.

hardware - Specifies that the MA will work in the CFM hardware mode.

236

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To configure the parameters of a maintenance association:

DGS-3620-28PC:admin#config cfm ma op1 md op_domain vlanid 1 ccm_interval 1sec

Command: config cfm ma op1 md op_domain vlanid 1 ccm_interval 1sec

Success.

DGS-3620-28PC:admin#

15-5 create cfm mep

Description

This command is used to create an MEP entry. Different MEPs in the same MA must have a different MEPID. To put MD name, MA name, and MEPID together identifies an MEP. Different

MEPs on the same device must have a different MEP name. Before creating an MEP, its MEPID should be configured in the MA’s MEPID list.

Format create cfm mep <string 32> mepid <int 1-8191> md [<string 22> | md_index <uint 1-

4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>] direction [inward | outward] port <port>

Parameters

<string 32> - Enter the MEP name used here. It is unique among all MEPs configured on the device. The name can be up to 32 characters long.

mepid - Specifies the MEP MEPID. It should be configured in the MA’s MEPID list.

<int 1-8191> - Enter the MEP MEPID between 1 and 8191.

md - Specifies the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index - Specifies the maintenance domain index.

<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.

ma - Specifies the maintenance association name.

<string 22> - Enter the maintenance association name. The maximum length is 22 characters.

ma_index - Specifies the maintenance association index.

<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.

direction - Specifies the MEP direction.

inward - Inward facing (up) MEP.

outward - Outward facing (down) MEP.

port - Specifies the port number. This port should be a member of the MA’s associated VLAN.

<port> - Enter a port.

237

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To create an MEP:

DGS-3620-28PC:admin#create cfm mep mep1 mepid 1 md op_domain ma op1 direction inward port 2

Command: create cfm mep mep1 mepid 1 md op_domain ma op1 direction inward port

2

Success.

DGS-3620-28PC:admin#

15-6 config cfm mep

Description

This command is used to configure the parameters of an MEP. An MEP may generate five types of

Fault Alarms, as shown below by their priorities from high to low:

1. Cross-connect CCM Received: priority 5

2. Error CCM Received: priority 4

3. Some Remote MEPs Down: priority 3

4. Some Remote MEP MAC Status Errors: priority 2

5. Some Remote MEP Defect Indications: priority 1

If multiple types of the fault occur on an MEP, only the fault with the highest priority will be alarmed.

Format config cfm mep [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index

<uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {state [enable | disable] | ccm [enable | disable] | pdu_priority <int 0-7> | fault_alarm [all | mac_status | remote_ccm | error_ccm | xcon_ccm | none] | alarm_time <centisecond 250-1000> | alarm_reset_time <centisecond 250-1000>}(1)

Parameters

mepname - Specifies the MEP name.

<string 32> - Enter the MEP name. The maximum length is 32 characters.

mepid - Specifies the MEP MEPID.

<int 1-8191> - Enter the MEP MEPID between 1 and 8191.

md - Specifies the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index - Specifies the maintenance domain index.

<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.

ma - Specifies the maintenance association name.

<string 22> - Enter the maintenance association name. The maximum length is 22

238

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

characters.

ma_index - Specifies the maintenance association index.

<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.

state - Specifies the MEP administrative state. The default is disable.

enable - Enable MEP.

disable - Disable MEP.

ccm - Specifies the CCM transmission state. The default is disable.

enable - Enable the CCM transmission.

disable - Disable the CCM transmission.

pdu_priority - The 802.1p priority is set in the CCM and the LTM messages transmitted by the

MEP. The default value is 7.

<int 0-7> - Enter the value between 0 and 7.

fault_alarm - This is the control types of the fault alarms sent by the MEP. The default value is none.

all - All types of fault alarms will be sent.

mac_status - Only the fault alarms whose priority is equal to or higher than “Some Remote

MEP MAC Status Errors” are sent.

remote_ccm - Only the fault alarms whose priority is equal to or higher than “Some Remote

MEPs Down” are sent.

error_ccm - Only the fault alarms whose priority is equal to or higher than “Error CCM

Received” are sent.

xcon_ccm - Only the fault alarms whose priority is equal to or higher than “Cross-connect

CCM Received” are sent.

none - No fault alarm is sent.

alarm_time - Specifies the time that a defect must exceed before the fault alarm can be sent.

The unit is centiseconds. The default value is 250.

<centisecond 250-1000> - Enter the time that a defect must exceed before the fault alarm can be sent. The unit is centiseconds. The range is 250 to 1000.

alarm_reset_time - Specifies the dormant duration time before a defect is triggered before the fault can be re-alarmed. The unit is centiseconds. The default value is 1000.

<centisecond 250-1000> - Enter the dormant duration time before a defect is triggered before the fault can be re-alarmed. The unit is centiseconds. The range is 250 to 1000.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To configure the parameters of an MEP:

DGS-3620-28PC:admin#config cfm mep mepname mep1 state enable ccm enable

Command: config cfm mep mepname mep1 state enable ccm enable

Success.

DGS-3620-28PC:admin#

15-7 delete cfm mep

Description

This command is used to delete a previously created MEP.

239

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format delete cfm mep [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index

<uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]

Parameters

mepname - Specifies the MEP name.

<string 32> - Enter the MEP name. The maximum length is 32 characters.

mepid - Specifies the MEP MEPID.

<int 1-8191> - Enter the MEP MEPID between 1 and 8191.

md - Specifies the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index - Specifies the maintenance domain index.

<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.

ma - Specifies the maintenance association name.

<string 22> - Enter the maintenance association name. The maximum length is 22 characters.

ma_index - Specifies the maintenance association index.

<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To delete a previously created MEP:

DGS-3620-28PC:admin#delete cfm mep mepname mep1

Command: delete cfm mep mepname mep1

Success.

DGS-3620-28PC:admin#

15-8 delete cfm ma

Description

This command is used to delete a created maintenance association.

Format delete cfm ma [<string 22> | ma_index <uint 1-4294967295>] md [<string 22> | md_index

<uint 1-4294967295>]

Parameters

<string 22> - Enter the maintenance association name. The maximum length is 22 characters.

ma_index - Specifies the maintenance association index.

240

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.

md - Specifies the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index - Specifies the maintenance domain index.

<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To delete a created maintenance association:

DGS-3620-28PC:admin#delete cfm ma op1 md op_domain

Command: delete cfm ma op1 md op_domain

Success.

DGS-3620-28PC:admin#

15-9 delete cfm md

Description

This command is used to delete a previously created maintenance domain. When the command is executing, all the MEPs and maintenance associations created in the maintenance domain will be deleted automatically.

Format delete cfm md [<string 22> | md_index <uint 1-4294967295>]

Parameters

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index - Specifies the maintenance domain index.

<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To delete a previously created maintenance domain:

DGS-3620-28PC:admin#delete cfm md op_domain

Command: delete cfm md op_domain

241

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Success.

DGS-3620-28PC:admin#

15-10 enable cfm

Description

This command is used to enable the CFM globally.

Format enable cfm

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To enable the CFM globally:

DGS-3620-28PC:admin#enable cfm

Command: enable cfm

Success.

DGS-3620-28PC:admin#

15-11 disable cfm

Description

This command is used to disable the CFM globally.

Format disable cfm

Parameters

None.

242

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To disable the CFM globally:

DGS-3620-28PC:admin#disable cfm

Command: disable cfm

Success.

DGS-3620-28PC:admin#

15-12 config cfm ports

Description

This command is used to enable or disable the CFM function on a per-port basis. By default, the

CFM function is disabled on all ports. If the CFM is disabled on a port:

• MIPs are never created on that port.

• MEPs can still be created on that port, and the configuration can be saved.

• MEPs created on that port can never generate or process CFM PDUs. If the user issues a

Loopback or Link trace test on those MEPs, it will prompt the user to inform them that the

CFM function is disabled on that port

Format config cfm ports <portlist> state [enable | disable]

Parameters

<portlist> - Enter the logical port list.

state - Specifies the CFM function status.

enable - Specifies to enable the CFM function.

disable - Specifies to disable the CFM function.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To enable the CFM function on ports 2 to 5:

DGS-3620-28PC:admin#config cfm ports 2-5 state enable

Command: config cfm ports 2-5 state enable

Success.

243

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#

15-13 show cfm ports

Description

This command is used to display the CFM state of specified ports.

Format show cfm ports <portlist>

Parameters

<portlist> - Enter the logical port list.

Restrictions

None. (EI Mode Only Command)

Example

To display the CFM state for ports 3 to 6:

DGS-3620-28PC:admin#show cfm ports 3-6

Command: show cfm ports 3-6

Port State

----- -------

3 Enabled

4 Enabled

5 Enabled

6 Enabled

DGS-3620-28PC:admin#

15-14 show cfm

Description

This command is used to display the CFM configuration.

Format show cfm {[md [<string 22> | md_index <uint 1-4294967295>] {ma [<string 22> | ma_index

<uint 1-4294967295>] {mepid <int 1-8191>}} | mepname <string 32>]}

Parameters

md - (Optional) Specifies the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

244

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

md_index - Specifies the maintenance domain index.

<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.

ma - (Optional) Specifies the maintenance association name.

<string 22> - Enter the maintenance association name. The maximum length is 22 characters.

ma_index - Specifies the maintenance association index.

<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.

mepid - (Optional) Specifies the MEPID.

<int 1-8191> - Enter the MEP MEPID between 1 and 8191.

mepname - (Optional) Specifies the MEP name.

<string 32> - Enter the MEP name. The maximum length is 32 characters.

Restrictions

None. (EI Mode Only Command)

Example

To display the CFM configuration:

DGS-3620-28PC:admin# show cfm

Command: show cfm

CFM State: Enabled

AIS Trap State: Disabled

LCK Trap State: Disabled

MD Index MD Name Level

---------- ---------------------- -----

1 cu-domain 5

2 op-domain 3

111 111 2

DGS-3620-28PC:admin#

15-15 show cfm fault

Description

This command is used to display all the fault conditions detected by the MEPs contained in the specified MA or MD. The display provides the overview of the fault status by MEPs.

Format show cfm fault {md [<string 22> | md_index <uint 1-4294967295>] {ma [<string 22> | ma_index <uint 1-4294967295>]}}

Parameters

md - (Optional) Specifies the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index - Specifies the maintenance domain index.

245

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.

ma - (Optional) Specifies the maintenance association name.

<string 22> - Enter the maintenance association name. The maximum length is 22 characters.

ma_index - Specifies the maintenance association index.

<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.

Restrictions

None. (EI Mode Only Command)

Example

To display the MEPs that have faults:

DGS-3620-28PC:admin#show cfm fault

Command: show cfm fault

MD Name MA Name MEPID Status AIS Status LCK Status

----------- ----------- ----- ---------------------- ------------ ------------ op_domain op1 1 Error CCM Received Normal Normal

DGS-3620-28PC:admin#

15-16 show cfm port

Description

This command is used to display MEPs and MIPs created on a port.

Format show cfm port <port> {level <int 0-7> | direction [inward | outward] | vlanid <vlanid 1-4094>}

Parameters

<port> - Enter the port number.

level - (Optional) Specifies the maintenance domain level. If not specified, all levels are shown.

<int 0-7> - Enter the value between 0 and 7.

direction - (Optional) Specifies the MEP direction.

inward - Specifies inward facing MEP.

outward - Specifies outward facing MEP.

vlanid - (Optional) Specifies the VLAN identifier. If not specified, all VLANs are displayed.

<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.

Restrictions

None. (EI Mode Only Command)

Example

To display a CFM port:

246

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#show cfm port 1

Command: show cfm port 1

MAC Address: 00-05-78-82-32-01

MD Name MA Name MEPID Level Direction VID

----------- ---------- ------- ------- --------- --- op_domain op1 1 2 inward 2 cust_domain cust1 8 4 inward 2 serv_domain serv2 MIP 3 2

DGS-3620-28PC:admin#

15-17 cfm lock md

Description

This command is used to start/stop cfm management lock. This command will result in the MEP sends a LCK PDU to client level MEP.

Format cfm lock md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index <uint

1-4294967295>] mepid <int 1-8191> remote_mepid <int 1-8191> action [start | stop]

Parameters

md - Specifies the maintenance domain name.

<string 22> - Enter the maintenance domain name here. This name can be up to 22 characters long.

md_index – Specifies the MD index value used.

<uint 1-4294967295> - Enter the MD index value used here. This value must be between

1 and 4294967295.

ma - Specifies the maintenance association name.

<string 22> - Enter the maintenance association name here. This name can be up to 22 characters long.

ma_index – Specifies the MA index value used.

<uint 1-4294967295> - Enter the MA index value used here. This value must be between

1 and 4294967295.

mepid - The MEP ID in the MD which sends LCK frame.

<int 1-8191> - Enter the MEP ID value here. This value must be between 1 and 8191.

remote_mepid - The peer MEP is the target of management action.

<int 1-8191> - Enter the remote MEP ID used here. This value must be between 1 and 8191.

action - Specifies to start or to stop the management lock function.

start - Specifies to start the management lock function.

stop - Specifies to stop the management lock function.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

247

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To start management lock:

DGS-3620-28PC:admin# cfm lock md op-domain ma op-ma mepid 1 remote_mepid 2 action start

Command: cfm lock md op-domain ma op-ma mepid 1 remote_mepid 2 action start

Success.

DGS-3620-28PC:admin#

15-18 cfm loopback

Description

This command is used to start a CFM loopback test. Press Ctrl+C to exit the loopback test. The

MAC address represents the destination MEP or MIP that can be reached by this MAC address.

The MEP represents the source MEP to initiate the loopback message.

Format cfm loopback <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {num <int

1-65535> | [length <int 0-1500> | pattern <string 1500>] | pdu_priority <int 0-7>}

Parameters

<macaddr> - Enter the destination MAC address.

mepname - Specifies the MEP name.

<string 32> - Enter the MEP name. The maximum length is 32 characters.

mepid - (Optional) Specifies the MEPID.

<int 1-8191> - Enter the MEP MEPID between 1 and 8191.

md - (Optional) Specifies the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index – Specifies the MD index value used.

<uint 1-4294967295> - Enter the MD index value used here. This value must be between

1 and 4294967295.

ma - (Optional) Specifies the maintenance association name.

<string 22> - Enter the maintenance association name. The maximum length is 22 characters.

ma_index – Specifies the MA index value used.

<uint 1-4294967295> - Enter the MA index value used here. This value must be between

1 and 4294967295.

num - (Optional) Specifies the number of LBMs to be sent. The default value is 4.

<int 1-65535> - Enter the value between 1 and 65535.

length - (Optional) Specifies the payload length of the LBM to be sent. The default is 0.

<int 0-1500> - Enter the value between 0 and 1500.

pattern - (Optional) Specifies an amount of data to be included in a Data TLV, along with an indication whether the Data TLV is to be included.

<string 1500> - Enter the pattern value used here. This value can be up to 1500 characters long.

pdu_priority - (Optional) Specifies the 802.1p priority to be set in the transmitted LBMs. If not specified, it uses the same priority as CCMs and LTMs sent by the MA

<int 0-7> - Enter the value between 0 and 7.

248

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

None. (EI Mode Only Command)

Example

To start a CFM loopback test:

DGS-3620-28PC:admin# cfm loopback 00-02-03-04-12-19 mepname op-mep1

Command: cfm loopback 00-02-03-04-12-19 mepname op-mep1

Reply from 00-02-03-04-12-19: bytes=0 time<10ms

Reply from 00-02-03-04-12-19: bytes=0 time<10ms

Reply from 00-02-03-04-12-19: bytes=0 time<10ms

Reply from 00-02-03-04-12-19: bytes=0 time<10ms

CFM loopback statistics for 00-02-03-04-12-19:

Packets: Sent=4, Received=4, Lost=0(0% loss).

DGS-3620-28PC:admin#

15-19 cfm linktrace

Description

This command is used to issue a CFM link track message.

Format cfm linktrace <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {ttl <int 2-

255> | pdu_priority <int 0-7>}

Parameters

<macaddr> - Enter the destination MAC address.

mepname - Specifies the MEP name.

<string 32> - Enter the MEP name. The maximum length is 32 characters.

mepid - (Optional) Specifies the MEPID.

<int 1-8191> - Enter the MEP MEPID between 1 and 8191.

md - (Optional) Specifies the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index – Specifies the MD index value used.

<uint 1-4294967295> - Enter the MD index value used here. This value must be between

1 and 4294967295.

ma - (Optional) Specifies the maintenance association name.

<string 22> - Enter the maintenance association name. The maximum length is 22 characters.

ma_index – Specifies the MA index value used.

<uint 1-4294967295> - Enter the MA index value used here. This value must be between

1 and 4294967295.

ttl - (Optional) Specifies the link trace message TTL value. The default value is 64.

<int 2-255> - Enter the link trace message TTL value. Enter a value between 2 and 255.

pdu_priority - (Optional) Specifies the 802.1p priority to be set in the transmitted LBMs. If not specified, it uses the same priority as CCMs and LTMs sent by the MA.

249

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<int 0-7> - Enter the 802.1p priority to be set in the transmitted LBMs. If not specified, it uses the same priority as CCMs and LTMs sent by the MA. Enter a value between 0 and 7.

Restrictions

None. (EI Mode Only Command)

Example

To transmit a LTM:

DGS-3620-28PC:admin#cfm linktrace 00-01-02-03-04-05 mepname mep1

Command: cfm linktrace 00-01-02-03-04-05 mepname mep1

Transaction ID: 26

Success.

DGS-3620-28PC:admin#

15-20 show cfm linktrace

Description

This command is used to display the link trace responses. The maximum linktrace responses a device can hold is 128.

Format show cfm linktrace [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index

<uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {trans_id <uint>}

Parameters

mepname - Specifies the MEP name.

<string 32> - Enter the MEP name. The maximum length is 32 characters.

mepid - (Optional) Specifies the MEPID.

<int 1-8191> - Enter the MEP MEPID between 1 and 8191.

md - (Optional) Specifies the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index - Specifies the maintenance domain index.

<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.

ma - (Optional) Specifies the maintenance association name.

<string 22> - Enter the maintenance association name. The maximum length is 22 characters.

ma_index - Specifies the maintenance association index.

<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.

trans_id - (Optional) The identifier of the transaction to be displayed.

<uint> - The identifier of the transaction to be displayed.

Restrictions

None. (EI Mode Only Command)

250

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To display a CFM linktrace reply:

DGS-3620-28PC:admin#show cfm linktrace mepname mep1

Command: show cfm linktrace mepname mep1

Trans ID Source MEP Destination

-------- ------------- ------------------

26 mep1 XX-XX-XX-XX-XX-XX

DGS-3620-28PC:admin#

To display a CFM linktrace reply:

DGS-3620-28PC:admin# show cfm linktrace mepname mep trans_id 0

Command: show cfm linktrace mepname mep trans_id 0

Transaction ID: 0

From MEP mep to 00-15-72-20-91-09

Start Time : 2010-12-31 00:51:49

Hop MEPID Ingress MAC Address Egress MAC Address Forwarded Relay Action

--- ----- ------------------- ------------------- --------- ------------

1 - 00-00-00-00-00-00 00-01-02-00-01-14 Yes FDB

2 2 00-15-72-20-91-14 00-15-72-20-91-09 No Hit

DGS-3620-28PC:admin#

15-21 delete cfm linktrace

Description

This command is used to delete the stored link trace response data that have been initiated by the specified MEP.

Format delete cfm linktrace {[md [<string 22> | md_index <uint 1-4294967295>] {ma [<string 22> | ma_index <uint 1-4294967295>] {mepid <int 1-8191>}} | mepname <string 32>]}

Parameters

md - (Optional) Specifies the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index – Specifies the MD index value used.

<uint 1-4294967295> - Enter the MD index value used here. This value must be between

1 and 4294967295.

ma - (Optional) Specifies the maintenance association name.

<string 22> - Enter the maintenance association name. The maximum length is 22 characters.

ma_index – Specifies the MA index value used.

<uint 1-4294967295> - Enter the MA index value used here. This value must be

251

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

between 1 and 4294967295.

mepid - (Optional) Specifies the MEPID.

<int 1-8191> - Enter the MEP MEPID between 1 and 8191.

mepname - (Optional) Specifies the MEP name.

<string 32> - Enter the MEP name. The maximum length is 32 characters.

Restrictions

None. (EI Mode Only Command)

Example

To delete the CFM link trace reply:

DGS-3620-28PC:admin#delete cfm linktrace mepname mep1

Command: delete cfm linktrace mepname mep1

Success.

DGS-3620-28PC:admin#

15-22 config cfm mp_ltr_all

Description

This command is to enable or disable the "all MPs reply LTRs" function. This function is for test purposes. According to IEEE 802.1ag, a Bridge replies with one LTR to an LTM. This command can make all MPs on the LTM’s forwarding path reply with LTRs, no matter whether they are on a

Bridge or not.

Format config cfm mp_ltr_all [enable | disable]

Parameters

enable - Enable this feature.

disable - Disable this feature.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To enable the all-MPs-reply-to-LTR function:

DGS-3620-28PC:admin#config cfm mp_ltr_all enable

Command: config cfm mp_ltr_all enable

Success.

252

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#

15-23 show cfm mipccm

Description

This command is used to display the MIP CCM database entries. All entries in the MIP CCM database will be displayed. An MIP CCM entry is similar to an FDB which keeps the forwarding port information of a MAC entry.

Format show cfm mipccm

Parameters

None.

Restrictions

None. (EI Mode Only Command)

Example

To display the MIP CCM database entries:

DGS-3620-28PC:admin#show cfm mipccm

Command: show cfm mipccm

MA VID MAC Address Port

------------------------ ---- -------------------- ------- opma 1 XX-XX-XX-XX-XX-XX-XX 2 opma 1 XX-XX-XX-XX-XX-XX-XX 3

Total: 2

DGS-3620-28PC:admin#

15-24 show cfm mp_ltr_all

Description

This command is used to display the current configuration of the "all MPs reply LTRs" function.

This command is for test purposes.

Format show cfm mp_ltr_all

Parameters

None.

253

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

None. (EI Mode Only Command)

Example

To display the configuration of the all-MPs-reply-to-LTR function:

DGS-3620-28PC:admin#show cfm mp_ltr_all

Command: show cfm mp_ltr_all

All MPs reply LTRs: Disabled

DGS-3620-28PC:admin#

15-25 show cfm pkt_cnt

Description

This command is used to display the CFM packet’s RX/TX counters.

Format show cfm pkt_cnt {[ports <portlist> {[rx | tx]} | [rx | tx] | ccm]}

Parameters

ports - (Optional) Specifies the port counters to display. If not specified, all ports will be displayed.

<portlist> - Enter a list of ports.

rx - (Optional) Display the RX counter. If not specified, both the RX and TX counters will be displayed.

tx - (Optional) Display the TX counter. If not specified, both the RX and TX counters will be displayed.

rx - (Optional) Display the RX counter. If not specified, both the RX and TX counters will be displayed.

tx - (Optional) Display the TX counter. If not specified, both the RX and TX counters will be displayed.

ccm - (Optional) Display the CCM RX counters.

Restrictions

None. (EI Mode Only Command)

Example

To display CFM packet RX/TX counters for ports 1 to 2:

DGS-3620-28PC:admin#show cfm pkt_cnt ports 1-2

Command: show cfm pkt_cnt ports 1-2

CFM RX Statistics

------------------------------------------------------------------------------

254

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Port AllPkt CCM LBR LBM LTR LTM VidDrop OpcoDrop

----- -------- -------- -------- --------- ------ ------- -------- --------

All 0 0 0 0 0 0 0 0

1 0 0 0 0 0 0 0 0

2 0 0 0 0 0 0 0 0

CFM TX Statistics

----------------------------------------------------------

Port AllPkt CCM LBR LBM LTR LTM

----- -------- -------- -------- --------- ------ -------

All 0 0 0 0 0 0

1 0 0 0 0 0 0

2 0 0 0 0 0 0

DGS-3620-28PC:admin#

15-26 clear cfm pkt_cnt

Description

This command is used to clear the CFM packet’s RX/TX counters.

Format clear cfm pkt_cnt {[ports <portlist> {[rx | tx]} | [rx | tx] | ccm]}

Parameters

ports - (Optional) Specifies the port counters to clear. If not specified, all ports will be cleared.

<portlist> - Enter a list of ports.

rx - (Optional) Clear the RX counter. If not specified, both the RX and TX counters will be cleared.

tx - (Optional) Clear the TX counter. If not specified, both the RX and TX counters will be cleared.

rx - (Optional) Clear the RX counter. If not specified, both the RX and TX counters will be cleared.

tx - (Optional) Clear the TX counter. If not specified, both the RX and TX counters will be cleared.

ccm - (Optional) Clear The CCM RX counters.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To clear all the CFM packet RX/TX counters:

DGS-3620-28PC:admin#clear cfm pkt_cnt

Command: clear cfm pkt_cnt

Success.

255

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#

To clear the CFM packet CCM counters:

DGS-3620-28PC:admin#clear cfm pkt_cnt ccm

Command: clear cfm pkt_cnt ccm

Success.

DGS-3620-28PC:admin#

15-27 show cfm remote_mep

Description

This command is used to display CFM remote MEP information.

Format show cfm remote_mep [mepname <string 32> | md [<string 22> | md_index <uint 1-

4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>] mepid <int 1-8191>] remote_mepid <int 1-8191>

Parameters

mepname - Specify the MEP name.

<string 32> - Enter the MEP name. The maximum length is 32 characters.

md - Specify the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index - Specifies the maintenance domain index.

<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.

ma - Specifies the maintenance association name.

<string 22> - Enter the maintenance association name. The maximum length is 22 characters.

ma_index - Specifies the maintenance association index.

<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.

mepid - Specifies the MEPID.

<int 1-8191> - Enter the MEP MEPID between 1 and 8191.

remote_mepid - Specifies the remote MEPID.

<int 1-8191> - Enter the remote MEPID between 1 and 8191.

Restrictions

None. (EI Mode Only Command)

Example

To display CFM remote MEP information:

DGS-3620-28PC:admin#show cfm remote_mep mepname mep1 remote_mepid 2

Command: show cfm remote_mep mepname mep1 remote_mepid 2

256

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Remote MEPID : 2

MAC Address : 00-11-22-33-44-02

Status : OK

RDI : Yes

Port State : Blocked

Interface Name : Down

Last CCM Serial Number : 1000

Send Chassis ID : 00-11-22-33-44-00

Sender Management Address: SNMP-UDP-IPv4 10.90.90.90:161

Detect Time : 2013-08-30 02:59:52

DGS-3620-28PC:admin#

15-28 config cfm ais md

Description

This command is used to configure the parameters of the AIS function on a MEP.

Format config cfm ais md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index

<uint 1-4294967295>] mepid <int 1-8191> {period [1sec | 1min] | level <int 0-7> | state

[enable | disable]}

Parameters

md - Specify the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index - Specifies the maintenance domain index.

<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.

ma - Specifies the maintenance association name.

<string 22> - Enter the maintenance association name. The maximum length is 22 characters.

ma_index - Specifies the maintenance association index.

<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.

mepid - Specifies the MEPID.

<int 1-8191> - Enter the MEP MEPID between 1 and 8191.

period - (Optional) Specifies the transmitting interval of the AIS PDU.

1sec - Specifies that the transmitting interval period will be set to 1 second.

1min - Specifies that the transmitting interval period will be set to 1 minute.

level - (Optional) Specifies the client level ID to which the MEP sends AIS PDU. The default client MD level is the MD level that the most immediate client layer MIPs and MEPs exist on.

<int 0-7> - Enter the client level ID used here. This value must be between 0 and 7.

state - (Optional) Specifies the AIS function state used.

enable - Specifies that AIS function state will be enabled.

disable - Specifies that AIS function state will be disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

257

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure the AIS function so that it is enabled and has a client level of 5:

DGS-3620-28PC:admin# config cfm ais md op-domain ma op-ma mepid 1 state enable level 5

Command: config cfm ais md op-domain ma op-ma mepid 1 state enable level 5

Success.

DGS-3620-28PC:admin#

15-29 config cfm lock md

Description

This command is used to configure the parameters of the LCK function on a MEP.

Format config cfm lock md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>] mepid <int 1-8191> {period [1sec | 1min] | level <int 0-7> | state [enable | disable]}

Parameters

md - Specify the maintenance domain name.

<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.

md_index - Specifies the maintenance domain index.

<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.

ma - Specifies the maintenance association name.

<string 22> - Enter the maintenance association name. The maximum length is 22 characters.

ma_index - Specifies the maintenance association index.

<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.

mepid - Specifies the MEPID.

<int 1-8191> - Enter the MEP MEPID between 1 and 8191.

period - (Optional) Specifies the transmitting interval of the LCK PDU.

1sec - Specifies that the transmitting interval period will be set to 1 second.

1min - Specifies that the transmitting interval period will be set to 1 minute.

level - (Optional) Specifies the client level ID to which the MEP sends LCK PDU. The default client MD level is the MD level that the most immediate client layer MIPs and MEPs exist on.

<int 0-7> - Enter the client level ID used here. This value must be between 0 and 7.

state - (Optional) Specifies the LCK function state used.

enable - Specifies that LCK function state will be enabled.

disable - Specifies that LCK function state will be disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

258

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure the LCK function state as enabled and specify a client level of 5:

DGS-3620-28PC:admin# config cfm lock md op-domain ma op-ma mepid 1 state enable level 5

Command: config cfm lock md op-domain ma op-ma mepid 1 state enable level 5

Success.

DGS-3620-28PC:admin#

15-30 config cfm trap

Description

This command is used to configure the state of the CFM trap.

Format config cfm trap [ais | lock] state [enable | disable]

Parameters

ais - Specifies the AIS trap status to be configured. If the trap status of AIS is enabled, a trap will be sent out when an ETH-AIS event occurs or clears.

lock - Specifies the LCK trap status that to be configured. If the trap status of LCK is enabled, a trap will be sent out wnen an ETH-LCK event occurs or clears.

state – Specify the state of the CFM trap.

enable – Enable the CFM trap state. This is the default.

disable – Disable the CFM trap state.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

DGS-3620-28PC:admin#config cfm trap ais state enable

Command: config cfm trap ais state enable

Success.

DGS-3620-28PC:admin#

15-31 cfm dm

Description

This command is used to start a frame delay measurement test on an MEP. It will result in the

MEP periodically sending a DMM message to a remote MEP in the diagnostic interval. The system will calculate the Frame Delay (FD) and Frame Delay Variation (FDV) based on the received DMR

259

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

messages and the percentile of the frame delay measurement test. To calculate the FDV, continuous received DMR frames are needed.

Users can abort the frame delay measurement test by disable frame delay measurement function on the MEP.

Format cfm dm <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index

<uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {period:interval

[100ms:1sec | 1sec:10sec | 10sec:1min] | percentile <int 0-100> | pdu_priority <int 0-7>}

Parameters

<macaddr> - Enter the destination MAC address.

mepname - Specifies the MEP name.

<string 32> - Enter the MEP name. This name can be up to 32 characters long.

mepid - Specifies the MEP ID.

<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.

md - Specifies the Maintenance Domain name.

<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.

md_index - Specifies the Maintenance Domain index.

<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.

ma - Specifies the Maintenance Association name.

<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.

ma_index - Specifies the Maintenance Association index.

<uint 1-4294967295> - Enter the Maintenance Association index.

period:interval - Specifies the transmission period of DMM message and the diagnostic interval.

100ms:1sec - Specifies the transmission period of 100 milliseconds and the diagnostic interval is one second.

1sec:10sec - Specifies the transmission period of one second and the diagnostic interval is ten seconds. This is the default value.

10sec:1min - Specifies the transmission period of ten seconds and the diagnostic interval is one minute.

percentile - Specifies the percentile of frame delay and frame delay variation measurement.

<int 0-100> - Enter the percentile of frame delay and frame delay variation measurement. This value must be between 1 and 100.

pdu_priority - Specifies the 802.1p priority which is set in the DMM message transmitted by the

MEP.

<int 0-7> - Enter the 802.1p priority which is set in the DMM message transmitted by the

MEP. This value must be between 1 and 7.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To start a frame delay measurement test:

260

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#cfm dm 00-01-02-03-04-05 mepname mep1 period:interval

1sec:10sec percentile 75 pdu_priority 7

Command: cfm dm 00-01-02-03-04-05 mepname mep1 period:interval 1sec:10sec percentile 75 pdu_priority 7

Success.

DGS-3620-28PC:admin#

15-32 cfm lm

Description

This command is used to start a frame loss measurement test.

Format cfm lm <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index

<uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {period [100ms |

1sec | 10sec] | pdu_priority <int 0-7>}

Parameters

<macaddr> - Enter the destination MAC address.

mepname - Specifies the MEP name.

<string 32> - Enter the MEP name. This name can be up to 32 characters long.

mepid - Specifies the MEP ID.

<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.

md - Specifies the Maintenance Domain name.

<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.

md_index - Specifies the Maintenance Domain index.

<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.

ma - Specifies the Maintenance Association name.

<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.

ma_index - Specifies the Maintenance Association index.

<uint 1-4294967295> - Enter the Maintenance Association index.

period - (Optional) Specifies the transmission period of LMM message.

100ms - Specifies that the transmission period will be 100ms.

1sec - Specifies that the transmission period will be 1sec.

10sec - Specifies that the transmission period will be 10sec.

pdu_priority - (Optional) Specifies the 802.1p priority which is set in the DMM message transmitted by the MEP.

<int 0-7> - Enter the 802.1p priority which is set in the DMM message transmitted by the

MEP. This value must be between 1 and 7.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

261

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To start a frame loss measurement test:

DGS-3620-28PC:admin#cfm lm 00-01-02-03-04-05 mepname mep1 period 1s pdu_priority 7

Command: cfm lm 00-01-02-03-04-05 mepname mep1 period 1sec pdu_priority 7

Success.

DGS-3620-28PC:admin#

15-33 clear cfm dm

Description

This command is used to clear the frame delay measurement information.

Format clear cfm dm {[mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint

1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]} {[results | statistics]}

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

mepname - (Optional) Specifies the MEP name.

<string 32> - Enter the MEP name. This name can be up to 32 characters long.

mepid - (Optional) Specifies the MEP ID.

<int 1-8191> - (Optional) Enter the MEP ID. This value must be between 1 and 8191.

md - (Optional) Specifies the Maintenance Domain name.

<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.

md_index - (Optional) Specifies the Maintenance Domain index.

<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.

ma - (Optional) Specifies the Maintenance Association name.

<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.

ma_index - (Optional) Specifies the Maintenance Association index.

<uint 1-4294967295> - Enter the Maintenance Association index.

results - (Optional) Specifies to clear the stored frame delay measurement results. If none of them is specified, both of them are cleared.

statistics - (Optional) Specifies to clear the stored the statistics of ETH-DM frames (DMM, DMR).

If none of them is specified, both of them are cleared.

Example

To clear the frame delay measurement information.

262

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#clear cfm dm mepname mep1

Command: clear cfm dm mepname mep1

Success.

DGS-3620-28PC:admin#

15-34 clear cfm lm

Description

This command is used to clear the frame loss measurement information.

Format clear cfm lm {[mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint

1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]} {[results | statistics]}

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

mepname - (Optional) Specifies the MEP name.

<string 32> - Enter the MEP name. This name can be up to 32 characters long.

mepid - (Optional) Specifies the MEP ID.

<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.

md - (Optional) Specifies the Maintenance Domain name.

<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.

md_index - (Optional) Specifies the Maintenance Domain index.

<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.

ma - (Optional) Specifies the Maintenance Association name.

<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.

ma_index - (Optional) Specifies the Maintenance Association index.

<uint 1-4294967295> - Enter the Maintenance Association index.

results - (Optional) Specifies to clear the stored frame loss measurement results. If none of them is specified, both of them are cleared.

statistics - (Optional) Specifies to clear the stored statistics of ETH-LM frames (LMM, LMR). If none of them is specified, both of them are cleared.

Example

To clear the frame loss measurement information.

DGS-3620-28PC:admin#clear cfm lm mepname mep1

Command: clear cfm lm mepname mep1

Success.

DGS-3620-28PC:admin#

263

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

15-35 config cfm dm

Description

This command is used to configure the parameters of frame delay measurement function.

Format config cfm dm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint

1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] state [enable | disable]

Parameters

mepname - Specifies the MEP name.

<string 32> - Enter the MEP name. This name can be up to 32 characters long.

mepid - Specifies the MEP ID.

<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.

md - Specifies the Maintenance Domain name.

<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.

md_index - Specifies the Maintenance Domain index.

<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.

ma - Specifies the Maintenance Association name.

<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.

ma_index - Specifies the Maintenance Association index.

<uint 1-4294967295> - Enter the Maintenance Association index.

state - Specifies the administrative state of frame delay measurement function on the MEP.

enable - Specifies that the frame delay measurement function will be enabled.

disable - Specifies that the frame delay measurement function will be disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To configure the administrative state of frame delay measurement function as enabled:

DGS-3620-28PC:admin#config cfm dm mepname mep1 state enable

Command: config cfm dm mepname mep1 state enable

Success.

DGS-3620-28PC:admin#

15-36 config cfm lm

Description

This command is used to configure the parameters of frame loss measurement function.

264

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config cfm lm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint

1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] state [enable | disable]

Parameters

mepname - Specifies the MEP name.

<string 32> - Enter the MEP name. This name can be up to 32 characters long.

mepid - Specifies the MEP ID.

<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.

md - Specifies the Maintenance Domain name.

<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.

md_index - Specifies the Maintenance Domain index.

<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.

ma - Specifies the Maintenance Association name.

<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.

ma_index - Specifies the Maintenance Association index.

<uint 1-4294967295> - Enter the Maintenance Association index.

state - Specifies the administrative state of frame loss measurement function on the MEP.

enable - Specifies that the frame loss measurement function will be enabled.

disable - Specifies that the frame loss measurement function will be disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To configure the administrative state of frame loss measurement function as enabled:

DGS-3620-28PC:admin#config cfm lm mepname mep1 state enable

Command: config cfm lm mepname mep1 state enable

Success.

DGS-3620-28PC:admin#

15-37 show cfm dm

Description

This command is used to show the frame delay measurement information.

Format show cfm dm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint

1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]

265

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

mepname - Specifies the MEP name.

<string 32> - Enter the MEP name. This name can be up to 32 characters long.

mepid - Specifies the MEP ID.

<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.

md - Specifies the Maintenance Domain name.

<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.

md_index - Specifies the Maintenance Domain index.

<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.

ma - Specifies the Maintenance Association name.

<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.

ma_index - Specifies the Maintenance Association index.

<uint 1-4294967295> - Enter the Maintenance Association index.

Restrictions

None. (EI Mode Only Command)

Example

To display the frame delay measurement information.

DGS-3620-28PC:admin#show cfm dm mepname mep1

Command: show cfm dm mepname mep1

State : Enabled

DMM Tansmitted : 0

DMR Received : 0

DMM Received : 0

DMR Transmitted : 0

Period:

ID MAC Address Status Interval PCT Pri FD nanosec FDV nanosec Start

Time

--- ----------------- ------- -------- --- --- ---------- ----------- ---------

3 00-01-02-03-04-05 Running 100ms:1s 75 7 0 0 2013-01-01

18:00:00

2 00-01-02-03-04-05 Success 1s:10s 50 7 1434343 2232 2013-01-01

14:00:00

1 00-01-02-03-04-05 Failed 10s:1min 75 1 0 0 2013-01-01

12:00:00

DGS-3620-28PC:admin#

15-38 show cfm lm

Description

This command is used to show the frame loss measurement information.

266

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format show cfm lm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint

1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]

Parameters

mepname - Specifies the MEP name.

<string 32> - Enter the MEP name. This name can be up to 32 characters long.

mepid - Specifies the MEP ID.

<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.

md - Specifies the Maintenance Domain name.

<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.

md_index - Specifies the Maintenance Domain index.

<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.

ma - Specifies the Maintenance Association name.

<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.

ma_index - Specifies the Maintenance Association index.

<uint 1-4294967295> - Enter the Maintenance Association index.

Restrictions

None. (EI Mode Only Command)

Example

To display the frame loss measurement information.

DGS-3620-28PC:admin#show cfm lm mepname mep1

Command: show cfm lm mepname mep1

State : Enabled

LMM Tansmitted : 61

LMR Received : 0

LMM Received : 0

LMR Transmitted : 0

ID MAC Address Status Period Pri Far-End Near-End Start Time

--- ----------------- ------- ------ --- ------- -------- -------------------

1 00-01-02-03-04-05 Failed 1sec 7 0 0 2000-01-15 22:46:33

DGS-3620-28PC:admin#

267

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 16 Command List

History Commands

? {<Command>}

show command_history

config command_history <value 1-40>

16-1 ?

Description

This command is used to display all of the commands available, on the current login account level, through the Command Line Interface (CLI).

Format

? {<Command>}

Parameters

<Command> – (Optional) Specify a command.

Note: If no command is specified, the system will display all commands of the corresponding user level.

Restrictions

None.

Example

To display all commands:

DGS-3620-28PC:admin#?

Command: ?

..

? cable_diag ports cd cfm linktrace cfm loopback clear clear address_binding dhcp_snoop binding_entry ports clear arptable clear attack_log clear cfm pkt_cnt clear counters

268

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

clear dhcp binding clear dhcp conflict_ip clear ethernet_oam ports clear fdb clear historical_counters ports clear igmp_snooping data_driven_group clear igmp_snooping statistic counter clear jwac auth_state clear log clear mac_based_access_control auth_state

CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All

To display the syntax for “config account”:

DGS-3620-28PC:admin#? config account

Command: ? config account

Command: config account

Usage: <username> {encrypt [plain_text| sha_1] <password>}

Description: Used to configure user accounts.

DGS-3620-28PC:admin#

16-2 show command_history

Description

This command is used to display the command history.

Format show command_history

Parameters

None.

Restrictions

None.

Example

To display the command history:

DGS-3620-28PC:admin# show command_history

Command: show command_history

?

? show traffic_segmentation 1-6 config traffic_segmentation 1-6 forward_list 7-8

269

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

config radius delete 1 config radius add 1 10.48.74.121 key dlink default config 802.1x reauth port_based ports all config 802.1x init port_based ports all config 802.1x auth_mode port_based config 802.1x auth_parameter ports 1-50 direction both config 802.1x capability ports 1-5 authenticator show 802.1x auth_configuration ports 1 show 802.1x auth_state ports 1-5 enable 802.1x show 802.1x auth_state ports 1-5 show igmp_snooping enable igmp_snooping

DGS-3620-28PC:admin#

16-3 config command_history

Description

This command is used to configure the number of commands that the switch can record. The switch can keep records for the last 40 (maximum) commands you entered.

Format config command_history <value 1-40>

Parameters

<value 1-40> – Specify the number of commands (1 to 40) that the switch can record. The default value is 25.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the number of commands the switch can record to the last 20 commands:

DGS-3620-28PC:admin#config command_history 20

Command: config command_history 20

Success.

DGS-3620-28PC:admin#

270

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 17 Command Logging

Commands

enable command logging disable command logging

show command logging

17-1 enable command logging

Description

The enable command logging command is used to enable the command logging function.

Note: When the switch is under the booting procedure and the procedure of downloading the configuration to execute immediately, all configuration commands should not be logged. When the user is under AAA authentication, the user name should not changed if user uses “enable admin” command to replace its privilege.

Format enable command logging

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To enable the command logging function:

DGS-3620-28PC:admin# enable command logging

Command: enable command logging

Success.

DGS-3620-28PC:admin#

17-2 disable command logging

Description

The disable command logging command is used to disable the command logging function.

271

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format disable command logging

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To disable the command logging:

DGS-3620-28PC:admin# disable command logging

Command: disable command logging

Success.

DGS-3620-28PC:admin#

17-3 show command logging

Description

This command displays the switch’s general command logging configuration status.

Format show command logging

Parameters

None.

Restrictions

Only Administrators and Operators can issue this command.

Example

To show the command logging configuration status:

DGS-3620-28PC:admin# show command logging

Command: show command logging

Command Logging State : Disabled

DGS-3620-28PC:admin#

272

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 18 Common Unicast

Routing Commands

config route preference [static | default | rip | ospfIntra | ospfInter | ospfExt1 | ospfExt2 | ebgp | ibgp] <value 1-999>

show route preference {[local | static | default | rip | ospf | ospfIntra | ospfInter | ospfExt1 | ospfExt2 | ebgp | ibgp]}

create route redistribute dst ospf src [local | static | rip | bgp] {mettype [1 | 2] | metric <value 0-

16777214> | route_map <map_name 16>}

config route redistribute dst ospf src [local | static | rip | bgp] {mettype [1 | 2] | metric <value 0-

16777214> | [route_map <map_name 16> | no_route_map]}

create route redistribute dst rip src [local | static | bgp | ospf [all | internal | external | type_1 | type_2 | inter+e1 | inter+e2]] {metric <value 0-16> | route_map <map_name 16>}

config route redistribute dst rip src [local | static | bgp | ospf [all | internal | external | type_1 | type_2 | inter+e1 | inter+e2]] {metric <value 0-16> | [route_map <map_name 16> | no_route_map]}

delete route redistribute dst rip src [local | static | ospf | bgp]

create route redistribute dst bgp src [local | static | rip | ospf [all | internal | external | type_1 | type_2 | inter+e1 | inter+e2]] {metric <uint 0-4294967295> | route_map <map_name 16>}

config route redistribute dst bgp src [local | static | rip | ospf [all | internal | external | type_1 | type_2 | inter+e1 | inter+e2]] {metric <uint 0-4294967295> | [route_map <map_name 16> | no_route_map]}

show route redistribute

show route redistribute dst rip {src [local | static | ospf | bgp]}

delete route redistribute dst bgp src [local | static | rip | ospf]

delete route redistribute dst ospf src [local | static | rip | bgp]

show route redistribute dst bgp {src [local | static | rip | ospf]}

show route redistribute dst ospf {src [local | static | rip | bgp]}

18-1 config route preference

Description

This command is used to configure the route type preference. The route with smaller preference has higher priority. The preference for local routes is fixed to 0.

Format config route preference [static | default | rip | ospfIntra | ospfInter | ospfExt1 | ospfExt2 | ebgp | ibgp] <value 1-999>

Parameters

static - Configure the preference of static route.

default - Configure the preference of default route.

rip - Configure the preference of RIP route.

ospfIntra - Configure the preference of OSPF intra-area route.

ospfInter - Configure the preference of OSPF inter-area route.

ospfExt1 - Configure the preference of OSPF external type-1 route.

ospfExt2 - Configure the preference of OSPF external type-2 route.

ebgp - Configure the preference of BGP AS-external route. (EI Mode Only Parameter)

273

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

ibgp - Configure the preference of BGP AS-internal route. (EI Mode Only Parameter)

<value 1-999> - Enter the route preference value here. This value must be between 1 and 999.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the route preference for static routes to 70:

DGS-3620-28PC:admin# config route preference static 70

Command: config route preference static 70

Success.

DGS-3620-28PC:admin#

18-2 show route preference

Description

This command is used to display the route preference of each route type.

Format show route preference {[local | static | default | rip | ospf | ospfIntra | ospfInter | ospfExt1 | ospfExt2 | ebgp | ibgp]}

Parameters

local - (Optional) Specifies to display the preference of local route.

static - (Optional) Specifies to display the preference of static route.

default - (Optional) Specifies to display the preference of default route.

rip - (Optional) Specifies to display the preference of RIP route.

ospf - (Optional) Specifies to display the preference of all types of OSPF route.

ospfIntra - (Optional) Specifies to display the preference of OSPF intra-area route.

ospfInter - (Optional) Specifies to display the preference of OSPF inter-area route.

ospfExt1 - (Optional) Specifies to display the preference of OSPF external type-1 route.

ospfExt2 - (Optional) Specifies to display the preference of OSPF external type-2 route.

ebgp - (Optional) Specifies to display the preference of BGP AS-external route. (EI Mode Only

Parameter)

ibgp - (Optional) Specifies to display the preference of BGP AS-internal route. (EI Mode Only

Parameter)

Restrictions

None.

Example

To display the route preference for all route types:

274

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#show route preference

Command: show route preference

Route Preference Settings

Protocol Preference

---------- ----------

RIP 100

Static 60

Default 1

Local 0

OSPF Intra 80

OSPF Inter 90

OSPF ExtT1 110

OSPF ExtT2 115

EBGP 70

IBGP 130

DGS-3620-28PC:admin#

18-3 create route redistribute dst ospf src

Description

This command is used to redistribute the routing information from other routing protocols to OSPF.

Format create route redistribute dst ospf src [local | static | rip | bgp] {mettype [1 | 2] | metric <value

0-16777214> | route_map <map_name 16>}

Parameters

local - To redistribute the local routes to OSPF.

static - To redistribute static routes to OSPF.

rip - To redistribute the RIP routes to OSPF.

bgp - To redistribute the BGP routes to OSPF. (EI Mode Only Parameter)

mettype - (Optional) Allows the selection of one of two methods for calculating the metric value.

1 calculates the metric (for other routing protocols to OSPF) by adding the destination’s interface cost to the metric entered in the Metric field. 2 uses the metric entered in the Metric field without change. This field applies only when the destination field is OSPF. If the metric type is not specified, it will be type 2.

1 - Specifies that the method type value will be set to 1.

2 - Specifies that the method type value will be set to 2.

metric - (Optional) Specifies the metric for the redistributed routes. If it is not specified or specified as 0, the redistributed routes will be associated with the default metric 20.

<value 0-16777214> - Enter the metric value used here. This value can be between 0 and

16777214.

route_map - Specifies a route map which will be used as the criteria to determine whether to redistribute specific routes.

<map_name 16> - Enter the route map name. This name can be up to 16 characters long.

275

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To add route redistribution to OSPF:

DGS-3620-28PC:admin# create route redistribute dst ospf src rip

Command: create route redistribute dst ospf src rip

Success.

DGS-3620-28PC:admin#

18-4 config route redistribute dst ospf src

Description

This command is used to update the metric to be associated with the redistributed routes from a specific protocol to OSPF protocol.

Format config route redistribute dst ospf src [local | static | rip | bgp] {mettype [1 | 2] | metric <value

0-16777214> | [route_map <map_name 16> | no_route_map]}

Parameters

local - To redistribute the local routes to OSPF

static - To redistribute the static routes to OSPF.

rip - To redistribute RIP routes to OSPF

bgp - To redistribute BGP routes to OSPF. (EI Mode Only Parameter)

mettype - (Optional) Allows the selection of one of two methods for calculating the metric value.

1 calculates the metric (for other routing protocols to OSPF) by adding the destination’s interface cost to the metric entered in the Metric field. 2 uses the metric entered in the Metric field without change. This field applies only when the destination field is OSPF. If the metric type is not specified, it will be type 2.

1 - Specifies that the method type value will be set to 1.

2 - Specifies that the method type value will be set to 2.

metric - (Optional) Specifies the metric for the redistributed routes. If it is not specified or specified as 0, the redistributed routes will be associated with the default metric 20.

<value 0-16777214> - Enter the metric value used here. This value can be between 0 and

16777214.

route_map - Specifies a route map which will be used as the criteria to determine whether to redistribute specific routes.

<map_name 16> - Enter the route map name. This name can be up to 16 characters long.

no_route_map - Specifies to withdraw the route map setting.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

276

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure route redistributions:

DGS-3620-28PC:admin# config route redistribute dst ospf src rip mettype 1 metric 2

Command: config route redistribute dst ospf src rip mettype 1 metric 2

Succuss.

DGS-3620-28PC:admin#

18-5 create route redistribute dst rip src

Description

This command is used to redistribute routing information from other routing protocols to RIP. When the metric is specified as 0, the metric in the original route will become the metric of the redistributed RIP routes transparently. If the metric of the original route is greater than 16, the route will be not redistributed.

Format create route redistribute dst rip src [local | static | bgp | ospf [all | internal | external | type_1

| type_2 | inter+e1 | inter+e2]] {metric <value 0-16> | route_map <map_name 16>}

Parameters

local - To redistribute local routes to RIP.

static - To redistribute static routes to RIP.

bgp - To redistribute BGP routes to RIP. (EI Mode Only Parameter)

ospf - To redistribute OSPF routes to RIP.

all - To redistribute both OSPF AS-internal and OSPF AS-external routes to RIP.

internal - To redistribute only the OSPF AS-internal routes.

external - To redistribute only the OSPF AS-external routes, including type-1 and type-2 routes.

type_1 - To redistribute only the OSPF AS-external type-1 routes.

type_2 - To redistribute only the OSPF AS-external type-2 routes.

inter+e1 - To redistribute only the OSPF AS-external type-1 and OSPF AS-internal routes.

inter+e2 - To redistribute only the OSPF AS-external type-2 and OSPF AS-internal routes.

metric - (Optional) Specifies the RIP route metric value for the redistributed routes.

<value 0-16> - Enter the metric value used here. This value must be between 0 and 16.

route_map - Specifies a route map which will be used as the criteria to determine whether to redistribute specific routes.

<map_name 16> - Enter the route map name. This name can be up to 16 characters long.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To add route redistribution settings:

277

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# create route redistribute dst rip src ospf all metric 2

Command: create route redistribute dst rip src ospf all metric 2

Success.

DGS-3620-28PC:admin#

18-6 config route redistribute dst rip src

Description

This command is used to update the metric to be associated with the redistributed routes from a specific protocol to RIP protocol.

Format config route redistribute dst rip src [local | static | bgp | ospf [all | internal | external | type_1

| type_2 | inter+e1 | inter+e2]] {metric <value 0-16> | [route_map <map_name 16> | no_route_map]}

Parameters

local - To redistribute local routes to RIP.

static - To redistribute static routes to RIP.

bgp - To redistribute BGP routes to RIP. (EI Mode Only Parameter)

ospf - To redistribute OSPF routes to RIP.

all - To redistribute both OSPF AS-internal and OSPF AS-external routes to RIP.

internal - To redistribute only the OSPF AS-internal routes.

external - To redistribute only the OSPF AS-external routes, including type-1 and type-2 routes.

type_1 - To redistribute only the OSPF AS-external type-1 routes.

type_2 - To redistribute only the OSPF AS-external type-2 routes.

inter+e1 - To redistribute only the OSPF AS-external type-1 and OSPF AS-internal routes.

inter+e2 - To redistribute only the OSPF AS-external type-2 and OSPF AS-internal routes.

metric - (Optional) Specifies the RIP metric value for the redistributed routes.

<value 0-16> - Enter the metric value used here. This value must be between 0 and 16.

route_map - Specifies a route map which will be used as the criteria to determine whether to redistribute specific routes.

<map_name 16> - Enter the route map name. This name can be up to 16 characters long.

no_route_map - Specifies to withdraw the route map setting.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure route redistributions:

278

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# config route redistribute dst rip src ospf internal

Command: config route redistribute dst rip src ospf internal

Success.

DGS-3620-28PC:admin#

18-7 delete route redistribute dst rip src

Description

This command is used to delete the route redistribute configuration on the Switch. It specifies to not redistribute other routing protocols to RIP.

Format delete route redistribute dst rip src [local | static | ospf | bgp]

Parameters

src - Specifies the source protocol.

static - To not redistribute static routes.

local - To not redistribute local routes.

ospf - To not redistribute OSPF routes.

bgp - To not redistribute BGP routes. (EI Mode Only Parameter)

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete route redistribution settings:

DGS-3620-28PC:admin# delete route redistribute dst rip src static

Command: delete route redistribute dst rip src static

Success.

DGS-3620-28PC:admin#

18-8 create route redistribute dst bgp src

Description

This command is used to redistribute routing information from other routing protocols to BGP.

Format create route redistribute dst bgp src [local | static | rip | ospf [all | internal | external | type_1

| type_2 | inter+e1 | inter+e2]] {metric <uint 0-4294967295> | route_map <map_name 16>}

279

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

local - To redistribute local routes to BGP.

static - To redistribute static routes to BGP.

rip - To redistribute RIP routes to BGP.

ospf - To redistribute OSPF routes to BGP.

all - To redistribute both OSPF AS-internal and OSPF AS-external routes to BGP.

internal - To redistribute only the OSPF AS-internal routes.

external - To redistribute only the OSPF AS-external routes, including type-1 and type-2 routes.

type_1 - To redistribute only the OSPF AS-external type-1 routes.

type_2 - To redistribute only the OSPF AS-external type-2 routes.

inter+e1 - To redistribute only the OSPF AS-external type-1 and OSPF AS-internal routes.

inter+e2 - To redistribute only the OSPF AS-external type-2 and OSPF AS-internal routes.

metric - (Optional) Specifies the BGP metric value for the redistributed routes.

<value 0-4294967295> - Enter the metric value used here. This value must be between 0 and

4294967295.

route_map - (Optional) Specifies a route map which will be used as the criteria to determine whether to redistribute specific routes.

<map_name 16> - Enter the route map name used here. This name can be up to 16 characters long.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To add route redistribution settings:

DGS-3620-28PC:admin# create route redistribute dst bgp src ospf all metric 2

Command: create route redistribute dst bgp src ospf all metric 2

Success.

DGS-3620-28PC:admin#

18-9 config route redistribute dst bgp src

Description

This command updates the metric to be associated with the redistributed routes from a specific protocol to BGP protocol.

Format config route redistribute dst bgp src [local | static | rip | ospf [all | internal | external | type_1

| type_2 | inter+e1 | inter+e2]] {metric <uint 0-4294967295> | [route_map <map_name 16> | no_route_map]}

Parameters

local - To redistribute local routes to BGP.

static - To redistribute static routes to BGP.

280

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

rip - To redistribute RIP routes to BGP.

ospf - To redistribute OSPF routes to BGP.

all - To redistribute both OSPF AS-internal and OSPF AS-external routes to BGP.

internal - To redistribute only the OSPF AS-internal routes.

external - To redistribute only the OSPF AS-external routes, including type-1 and type-2 routes.

type_1 - To redistribute only the OSPF AS-external type-1 routes.

type_2 - To redistribute only the OSPF AS-external type-2 routes.

inter+e1 - To redistribute only the OSPF AS-external type-1 and OSPF AS-internal routes.

inter+e2 - To redistribute only the OSPF AS-external type-2 and OSPF AS-internal routes.

metric - (Optional) Specifies the BGP metric value for the redistributed routes.

<value 0-4294967295> - Enter the metric value used here. This value must be between 0 and

4294967295.

route_map - (Optional) Specifies a route map which will be used as the criteria to determine whether to redistribute specific routes.

<map_name 16> - Enter the route map name used here. This name can be up to 16 characters long.

no_route_map - Specifies to withdraw the route map setting.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To add route redistribution settings:

DGS-3620-28PC:admin# config route redistribute dst bgp src ospf all metric 2

Command: config route redistribute dst bgp src ospf all metric 2

Success.

DGS-3620-28PC:admin#

18-10 show route redistribute

Description

This command is used to display the route redistribution settings on the Switch.

Format show route redistribute

Parameters

None

Restrictions

None.

281

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To display route redistributions:

DGS-3620-28PC:admin#show route redistribute

Command: show route redistribute

Route Redistribution Settings

Source Destination Type Metric RouteMapName

Protocol Protocol

-------- ------------ -------- ------------ ------------

RIP OSPF Type-2 20 N/A

Total Entries : 1

DGS-3620-28PC:admin#

18-11 show route redistribute dst rip

Description

This command is used to display the route redistribution settings on the Switch. It displays the redistribution with the target protocol RIP.

Format show route redistribute dst rip {src [local | static | ospf | bgp]}

Parameters

src - (Optional) Specifies the source protocol.

static - Display the redistribution with the source static.

local - Display the redistribution with the source local.

ospf - Display the redistribution with the source OSPF.

bgp - Display the redistribution with the source BGP. (EI Mode Only Parameter)

If no parameter is specified, the system will display all route redistributions.

Restrictions

None.

Example

To display route redistributions:

282

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#show route redistribute dst rip

Command: show route redistribute dst rip

Route Redistribution Settings

Source Destination Type Metric RouteMapName

Protocol Protocol

-------- ------------ -------- ------ ------------

OSPF RIP ExtType2 3 N/A

STATIC RIP All 5 N/A

LOCAL RIP All 4 N/A

Total Entries : 3

DGS-3620-28PC:admin#

18-12 delete route redistribute dst bgp src

Description

This command is used to delete the route redistribute configuration on the Switch. It specifies to not redistribute other routing protocols to BGP.

Format delete route redistribute dst bgp src [local | static | rip | ospf]

Parameters

src - Specifies the source protocol.

local - To not redistribute local routes.

static - To not redistribute static routes.

rip - To not redistribute RIP routes.

ospf - To not redistribute OSPF routes.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To delete route redistribution settings:

DGS-3620-28PC:admin#delete route redistribute dst bgp src static

Command: delete route redistribute dst bgp src static

Success.

DGS-3620-28PC:admin#

283

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

18-13 delete route redistribute dst ospf src

Description

This command is used to delete the route redistribute configuration on the Switch. It specifies to not redistribute other routing protocols to OSPF.

Format delete route redistribute dst ospf src [local | static | rip | bgp]

Parameters

src - Specifies the source protocol.

local - To not redistribute local routes.

static - To not redistribute static routes.

rip - To not redistribute RIP routes.

bgp - To not redistribute BGP routes. (EI Mode Only Parameter)

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete route redistribution settings:

DGS-3620-28PC:admin# delete route redistribute dst ospf src static

Command: delete route redistribute dst ospf src static

Success.

DGS-3620-28PC:admin#

18-14 show route redistribute dst bgp

Description

This command is used to display the route redistribution settings on the Switch. It displays the redistribution with the target protocol BGP.

Format show route redistribute dst bgp {src [local | static | rip | ospf]}

Parameters

src - (Optional) Specifies the source protocol.

local - Display the redistribution with the source local.

static - Display the redistribution with the source static.

rip - Display the redistribution with the source RIP.

ospf - Display the redistribution with the source OSPF.

If no parameter is specified, the system will display all route redistributions.

284

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

None. (EI Mode Only Command)

Example

To display route redistributions:

DGS-3620-28PC:admin#show route redistribute dst bgp

Command: show route redistribute dst bgp

Route Redistribution Settings

Source Destination Type Metric RouteMapName

Protocol Protocol

-------- ------------ -------- ------ ------------

Total Entries : 0

DGS-3620-28PC:admin#

18-15 show route redistribute dst ospf

Description

This command is used to display the route redistribution settings on the Switch. It displays the redistribution with the target protocol OSPF.

Format show route redistribute dst ospf {src [local | static | rip | bgp]}

Parameters

src - (Optional) Specifies the source protocol.

local - Display the redistribution with the source local.

static - Display the redistribution with the source static.

rip - Display the redistribution with the source RIP.

bgp - Display the redistribution with the source BGP. (EI Mode Only Parameter)

If no parameter is specified, the system will display all route redistributions.

Restrictions

None.

Example

To display route redistributions:

285

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#show route redistribute dst ospf

Command: show route redistribute dst ospf

Route Redistribution Settings

Source Destination Type Metric RouteMapName

Protocol Protocol

-------- ------------ -------- ------ ------------

Total Entries : 0

DGS-3620-28PC:admin#

286

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 19 Compound

Authentication

Commands

create authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>]

delete authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>]

config authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>] [add | delete] ports [<portlist> | all]

config authentication mac_format {case [lowercase | uppercase] | delimiter {[hyphen | colon | dot | none] | number [1 | 2 | 5]}(1)}(1)

config authentication ports [<portlist> | all] {auth_mode [port_based | host_based {vlanid

<vid_list> state [enable | disable]}] | multi_authen_methods [none | any | dot1x_impb | impb_jwac | impb_wac | mac_impb]}(1)

show authentication show authentication guest_vlan show authentication mac_format

show authentication ports {<portlist>}

enable authorization attributes disable authorization attributes show authorization

config authentication server failover [local | permit | block]

19-1 create authentication guest_vlan

Description

This command is used to assign a static VLAN to be a guest VLAN. The specific VLAN which is assigned to be a guest VLAN must already exist. The specific VLAN which is assigned to be a guest VLAN can’t be deleted.

Format create authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>]

Parameters

vlan - Specifies the guest VLAN by VLAN name.

<vlan_name 32> - Enter the guest VLAN by VLAN name. The VLAN name can be up to 32 characters long.

vlanid - Specifies the guest VLAN by VLAN ID.

<vlanid 1-4094> - Enter the guest VLAN by VLAN ID. The VLAN ID value must be between 1 and 4094.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

287

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To assign a static VLAN to be a guest VLAN:

DGS-3620-28PC:admin#create authentication guest_vlan vlan guestVLAN

Command: create authentication guest_vlan vlan guestVLAN

Success.

DGS-3620-28PC:admin#

19-2 delete authentication guest_vlan

Description

This command is used to delete a guest VLAN setting, but not a static VLAN. All ports which are enabled as guest VLANs will move to the original VLAN after deleting the guest VLAN.

Format delete authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>]

Parameters

vlan - Specifies the guest VLAN by VLAN name.

<vlan_name 32> - Enter the guest VLAN by VLAN name. The VLAN name can be up to 32 characters long.

vlanid - Specifies the guest VLAN by VLAN ID.

<vlanid 1-4094> - Enter the guest VLAN by VLAN ID. The VLAN ID value must be between 1 and 4094.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete a guest VLAN setting:

DGS-3620-28PC:admin#delete authentication guest_vlan vlan guestVLAN

Command: delete authentication guest_vlan vlan guestVLAN

Success.

DGS-3620-28PC:admin#

19-3 config authentication guest_vlan

Description

This command is used to assign or remove ports to or from a guest VLAN.

288

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>] [add | delete] ports [<portlist> | all ]

Parameters

vlan - Specifies the guest VLAN name.

<vlan_name 32> - Enter the guest VLAN name. The VLAN name can be up to 32 characters long.

vlanid - Specifies the guest VLAN VID.

<vlanid 1-4094> - Enter the guest VLAN VID. The VLAN ID value must be between 1 and

4094.

add - Specifies to add a port list to the guest VLAN.

delete - Specifies to delete a port list from the guest VLAN.

ports - Specifies a port or range of ports to configure.

<portlist> - Enter a range of ports to configure.

all - Specifies to configure all ports.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure authentication for all ports for a guest VLAN called “gv”:

DGS-3620-28PC:admin#config authentication guest_vlan vlan gv add ports all

Command: config authentication guest_vlan vlan gv add ports all

Success.

DGS-3620-28PC:admin#

19-4 config authentication mac_format

Description

This command will set the MAC address format that will be used for authentication username via the RADIUS server.

Format config authentication mac_format {case [lowercase | uppercase] | delimiter {[hyphen | colon

| dot | none] | number [1 | 2 | 5]}(1)}(1)

Parameters

case - (Optional) Specifies the case format used.

lowercase - Specifies using the lowercase format, the RADIUS authentication username will be formatted as: aa-bb-cc-dd-ee-ff.

uppercase - Specifies using the uppercase format, the RADIUS authentication username will be formatted as: AA-BB-CC-DD-EE-FF.

delimiter - (Optional) Specifies the delimiter format used.

289

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

hyphen - Specifies using the “-“ as delimiter, the format is: AA-BB-CC-DD-EE-FF

colon - Specifies using the “:“ as delimiter, the format is: AA:BB:CC:DD:EE:FF

dot - Specifies using the “.“ as delimiter, the format is: AA.BB.CC.DD.EE.FF

none - Specifies not using any delimiter, the format is: AABBCCDDEEFF

number - (Optional) Specifies the delimiter number used.

1 - Single delimiter, the format is: AABBCC.DDEEFF

2 - Double delimiter, the format is: AABB.CCDD.EEFF

5 - Multiple delimiter, the format is: AA.BB.CC.DD.EE.FF

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the MAC address format to IETF style:

DGS-3620-28PC:admin#config authentication mac_format case uppercase delimiter hyphen number 5

Command: config authentication mac_format case uppercase delimiter hyphen number 5

Success.

DGS-3620-28PC:admin#

19-5 config authentication ports

Description

This command is used to configure authorization mode and authentication method on ports.

Format config authentication ports [<portlist> | all] {auth_mode [port_based | host_based {vlanid

<vid_list> state [enable | disable]}] | multi_authen_methods [none | any | dot1x_impb | impb_jwac | impb_wac | mac_impb]}(1)

Parameters

<portlist> - Enter a port or range of ports to configure.

all - Specifies to configure all ports.

auth_mode - (Optional) The authorization mode is port-based or host-based.

port-based - If one of the attached hosts pass the authentication, all hosts on the same port will be granted access to the network. If the user fails the authorization, this port will keep trying the next authentication.

host-based - Specifies to allow every user to be authenticated individually.

vlanid - (Optional) Specifies the VLAN ID used for this configuration.

<vid_list> - Enter the VLAN ID used for this configuration here.

state - (Optional) Specifies whether the authorization mode will be enabled or disabled.

enable - Specifies that the authorization mode will be enabled.

disable - Specifies that the authorization mode will be disabled.

multi_authen_methods - (Optional) Specifies the method for compound authentication.

none - Specifies that compound authentication is not enabled.

any - Specifies if any of the authentication methods (802.1X, MAC, and JWAC/WAC) pass,

290

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

then pass.

dot1x_impb - Dot1x will be verified first, and then IMPB will be verified. Both authentications need to be passed.

impb_jwac - JWAC will be verified first, and then IMPB will be verified. Both authentications need to be passed.

impb_wac - WAC will be verified first, and then IMPB will be verified. Both authentications need to be passed.

mac_impb - MAC will be verified first, and then IMPB will be verified. Both authentications need to be passed.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

The following example sets the authentication mode of all ports to host-based:

DGS-3620-28PC:admin#config authentication ports all auth_mode host_based

Command: config authentication ports all auth_mode host_based

Success.

DGS-3620-28PC:admin#

The following example sets the compound authentication method of all ports to “any”:

DGS-3620-28PC:admin#config authentication ports all multi_authen_methods any

Command: config authentication ports all multi_authen_methods any

Success.

DGS-3620-28PC:admin#

19-6 show authentication

Description

This command is used to display the authentication failover configuration.

Format show authentication

Parameters

None.

Restrictions

None.

291

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To display the authentication failover configuration:

DGS-3620-28PC:admin#show authentication

Command: show authentication

Authentication Server Failover: Block.

DGS-3620-28PC:admin#

19-7 show authentication guest_vlan

Description

This command is used to display guest VLAN information.

Format show authentication guest_vlan

Parameters

None.

Restrictions

None.

Example

To display the guest VLAN setting:

DGS-3620-28PC:admin#show authentication guest_vlan

Command: show authentication guest_vlan

Guest VLAN VID :

Guest VLAN Member Ports:

Total Entries: 0

DGS-3620-28PC:admin#

19-8 show authentication mac_format

Description

This command is used to display the authentication MAC format setting.

Format show authentication mac_format

292

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

None.

Restrictions

None.

Example

To display the authentication MAC format setting:

DGS-3620-28PC:admin#show authentication mac_format

Command: show authentication mac_format

Case : Uppercase

Delimiter : None

Delimiter Number : 5

DGS-3620-28PC:admin#

19-9 show authentication ports

Description

This command is used to display the authentication method and authorization mode on ports.

Format show authentication ports {<portlist>}

Parameters

<portlist> - (Optional) Specifies to display compound authentication on specific port(s).

Restrictions

None.

Example

To display the authentication settings for ports 1 to 3:

293

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#show authentication ports 1-3

Command: show authentication ports 1-3

Port Methods Auth Mode Authentication VLAN(s)

---- -------------- ----------- ----------------------

1 None Host-based

2 None Host-based

3 None Host-based

DGS-3620-28PC:admin#

19-10 enable authorization attributes

Description

This command is used to enable the authorization global state.

Format enable authorization attributes

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable the authorization global state:

DGS-3620-28PC:admin#enable authorization attributes

Command: enable authorization attributes

Success.

DGS-3620-28PC:admin#

19-11 disable authorization attributes

Description

This command is used to disable the authorization global state.

Format disable authorization attributes

294

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To disable the authorization global state:

DGS-3620-28PC:admin#disable authorization attributes

Command: disable authorization attributes

Success.

DGS-3620-28PC:admin#

19-12 show authorization

Description

This command is used to display the authorization status.

Format show authorization

Parameters

None.

Restrictions

None.

Example

To display the authorization status:

DGS-3620-28PC:admin#show authorization

Command: show authorization

Authorization for Atributes: Enabled

DGS-3620-28PC:admin#

19-13 config authentication server failover

Description

This command is used to configure the authentication server failover function. When authentication server fails, administrator can configure to:

295

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

* Use the local database to authenticate the client. The switch will resort to using the local database to authenticate the client. If the client fails on local authentication, the client is regarded as un-authenticated, otherwise, it authenticated.

* Pass authentication. The client is always regarded as authenticated. If guest VLAN is enabled, clients will stay on the guest VLAN, otherwise, they will stay on the original VLAN.

* Block the client (default setting). The client is always regarded as un-authenticated.

Format config authentication server failover [local | permit | block]

Parameters

local - Specifies to use the local database to authenticate the client.

permit - Specifies that the client is always regarded as authenticated.

block - Specifies to block the client. This is the default setting.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To set the authentication server failover state:

DGS-3620-28PC:admin#config authentication server failover local

Command: config authentication server failover local

Success.

DGS-3620-28PC:admin#

296

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 20 Debug Software

Commands

debug address_binding [event | dhcp | all] state [enable | disable]

no debug address_binding

debug error_log [dump | clear | upload_toTFTP <ipaddr> <path_filename 64>]

debug buffer [utilization | dump | clear | upload_toTFTP <ipaddr> <path_filename 64>]

debug output [module <module_list> | all] [buffer | console]

debug config error_reboot [enable | disable]

debug config state [enable | disable]

debug show error_reboot state

debug stp clear counter {ports [<portlist> | all]}

debug stp config ports [<portlist> | all] [event | bpdu | state_machine | all] state [disable | brief | detail]

debug stp show counter {ports [<portlist> | all]}

debug stp show flag {ports <portlist>}

debug stp show information

debug stp state [disable | enable]

debug ospf [neighbor_state_change | interface_state_change {dr_bdr_selection} | lsa {all | originating | installing | receiving | flooding} (1) | packet {all | receiving | sending} (1) | retransmission | spf {all | intra | inter | extern} (1) | timer | virtual_link | route | redistribution] state [enable | disable]

debug ospf clear counter {packet | neighbor | spf}

debug ospf log state [enable | disable]

debug ospf show counter {packet | neighbor | spf}

debug ospf show detail external_link debug ospf show detail net_link debug ospf show detail rt_link debug ospf show detail summary_link debug ospf show detail type7_link debug ospf show flag debug ospf show log state debug ospf show redistribution debug ospf show request_list debug ospf show summary_list

debug ospf state [enable | disable]

debug vrrp [vr_state_change | packet [all | {receiving | sending}(1)] | mac_addr_update | interface_change | timers] state [enable | disable]

debug vrrp clear counter

debug vrrp log state [enable | disable]

debug vrrp show counter debug vrrp show flag debug vrrp show log state

debug vrrp state [enable | disable]

debug bgp show flag

debug bgp all flag [enable | disable]

debug bgp fsm_event [enable | disable]

debug bgp packet [{open | update | keepalive | notify | refresh | capability}(1) | all] [in | out]

[enable | disable]

debug bgp error state [enable | disable]

debug bgp show global_info

debug bgp show peer {ipv6 unicast}

debug bgp show peer_group {ipv6 unicast}

297

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

debug bgp show network {ipv6 unicast}

debug bgp show aggregate {ipv6 unicast}

debug bgp show damp {ipv6 unicast}

debug bgp show interface_info debug bgp show as_path_access_list

debug bgp show bgp_timer

debug bgp show community_list

debug bgp show redist_info

debug bgp router_map [enable | disable]

debug bgp access_list [enable | disable]

debug bgp prefix_list [enable | disable]

debug bgp state [enable | disable]

debug dhcpv6_client state enable debug dhcpv6_client state disable

debug dhcpv6_client output [buffer | console]

debug dhcpv6_client packet {all | receiving | sending} state [enable | disable]

debug dhcpv6_relay state enable debug dhcpv6_relay state disable

debug dhcpv6_relay hop_count state [enable | disable]

debug dhcpv6_relay output [buffer | console]

debug dhcpv6_relay packet {all | receiving | sending} state [enable | disable]

debug dhcpv6_server packet [all | receiving | sending] state [enable | disable]

debug dhcpv6_server state disable debug dhcpv6_server state enable debug pim ssm no debug pim ssm

debug ripng flag [{interface | packet [all | rx | tx] | route} | all] state [enable | disable]

debug ripng show flag debug ripng state disable debug ripng state enable

debug routefilter show [prefix_list | access_list | route_map | ipv6_prefix_list | ipv6_access_list]

debug show status {module <module_list>}

debug super_vlan state [enable | disable]

debug show address_binding binding_state_table [nd_snooping | dhcpv6_snooping]

debug show error ports box_id [<value 1-12> | all] {sio1 | sio2}

debug show jwac auth_info

debug show packet ports box_id [<value 1-12> | all] {sio1 | sio2}

debug show cpu utilization

20-1 debug address_binding

Description

This command is used to start the IMPB debug when the IMPB module receives an ARP/IP packet or a DHCP packet.

Format debug address_binding [event | dhcp | all] state [enable | disable]

Parameters

event - To print out the debug messages when IMPB module receives ARP/IP packets.

dhcp - To print out the debug messages when the IMPB module receives the DHCP packets.

all - Print out all debug messages.

298

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

state - Specifies the state of the address binding debugging option.

enable - Specifies that the address binding debugging option will be enabled.

disable - Specifies that the address binding debugging option will be disabled.

Restrictions

Only Administrator level users can issue this command.

Example

To print out all debug IMPB messages:

DGS-3620-28PC:admin# debug address_binding all state enable

Command: debug address_binding all state enable

Success.

DGS-3620-28PC:admin#

20-2 no debug address_binding

Description

This command is used to stop the IMPB debug starting when the IMPB module receives an

ARP/IP packet or a DHCP packet.

Format no debug address_binding

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To stop IMPB debug: starting when the IMPB module receives an ARP/IP or DHCP packet:

DGS-3620-28PC:admin# no debug address_binding

Command: no debug address_binding

Success.

DGS-3620-28PC:admin#

299

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

20-3 debug error_log

Description

Use this command to dump, clear or upload the software error log to a TFTP server.

Format debug error_log [dump | clear | upload_toTFTP <ipaddr> <path_filename 64>]

Parameters

dump - Display the debug message of the debug log.

clear - Clear the debug log.

upload_toTFTP - Upload the debug log to a TFTP server specified by IP address.

<ipaddr> - Specifies the IPv4 address of the TFTP server.

<path_filename 64> - The pathname specifies the DOS pathname on the TFTP server. It can be a relative pathname or an absolute pathname. This value can be up to 64 characters long.

Restrictions

Only Administrator level users can issue this command.

Example

To dump the error log:

DGS-3620-28PC:admin# debug error_log dump

Command: debug error_log dump

**************************************************************************

# debug log: 1

# firmware version: 2.60.016

# level: CPU exception

# clock: 437453880 ms

# time : 2000-01-08 05:55:40

======================== CPU EXCEPTION ========================

Current Task = IP-Tic Stack Pointer = 4CFEA7A0

---------------------------CP0 Registers-----------------------

Status : 1000FC01 Interrupt enable Normal level

Cause : 00000008 TLB exception (load or instruction fetch)

EPC : 80A0297C Addr : 00000008

Stack : 4CFEA7A0 Return : 80A02938

------------------------normal registers-----------------------

$0( $0) : 00000000 at( $1) : FFFFFFFE v0( $2) : 00000000 v1( $3) : 00000001 a0( $4) : 00000000 a1( $5) : 4825B4A8 a2( $6) : 00000001 a3( $7) : 00000001 t0( $8) : 814D7FCC t1( $9) : 0000FC00 t2($10) : 828100C4 t3($11) : 00000017 t4($12) : 828100BC t5($13) : 4CFEA430 t6($14) : 82810048 t7($15) : 00000000 s0($16) : 4825D94A s1($17) : 4825D890 s2($18) : 4825D949 s3($19) : 4825D946 s4($20) : 00000000 s5($21) : 00000008 s6($22) : 81800000 s7($23) : 00090000 t8($24) : 00000000 t9($25) : FFFFFFC0 k0($26) : 00000000 k1($27) : 00000000

300

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

gp($28) : 8180ADA0 sp($29) : 4CFEA7A0 fp($30) : 00000001 ra($31) : 80A02938

------------------------- TASK STACKTRACE ------------------------

->81150A58

->809B346C

->809E1DEC

->809D7E6C

->80A038CC

->80A033B0

->80A0297C

To clear the error log:

DGS-3620-28PC:admin# debug error_log clear

Command: debug error_log clear

Success.

DGS-3620-28PC:admin#

To upload the error log to TFTP server:

DGS-3620-28PC:admin# debug error_log upload_toTFTP 10.0.0.90 debug-log.txt

Command: debug error_log upload_toTFTP 10.0.0.90 debug-log.txt

Connecting to server................... Done.

Upload configuration................... Done.

DGS-3620-28PC:admin#

20-4 debug buffer

Description

Use this command to show the debug buffer’s state, or dump, clear, or upload the debug buffer to a TFTP server.

Note: When selecting to output to the debug buffer and there are debug messages being outputted, the system memory pool will be used as the debug buffer. The functions which will use the system memory pool resource may fail to execute command such as download and upload firmware, or save configuration. If you want to execute these commands successfully, please use the command “debug buffer clear” to release the system’s memory pool resources manually first.

Format debug buffer [utilization | dump | clear | upload_toTFTP <ipaddr> <path_filename 64>]

Parameters

utilization - Display the debug buffer’s state.

301

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

dump - Display the debug message in the debug buffer.

clear - Clear the debug buffer.

upload_toTFTP - Upload the debug buffer to a TFTP server specified by IP address.

<ipaddr> - Specifies the IPv4 address of the TFTP server.

<path_filename 64> - The pathname specifies the DOS pathname on the TFTP server. It can be a relative pathname or an absolute pathname. This value can be up to 64 characters long.

Restrictions

Only Administrator level users can issue this command.

Example

To show the debug buffer’s state:

DGS-3620-28PC:admin# debug buffer utilization

Command: debug buffer utilization

Allocate from

Total size

:

:

Utilization rate :

DGS-3620-28PC:admin#

System memory

2 MB

30%

To clear the debug buffer:

DGS-3620-28PC:admin# debug buffer clear

Command: debug buffer clear

Success.

DGS-3620-28PC:admin#

To upload the messages stored in debug buffer to TFTP server:

DGS-3620-28PC:admin# debug buffer upload_toTFTP 10.0.0.90 debugcontent.txt

Command: debug buffer upload_toTFTP 10.0.0.90 debugcontent.txt

Connecting to server................... Done.

Upload configuration................... Done.

DGS-3620-28PC:admin#

20-5 debug output

Description

Use the command to set a specified module’s debug message output to debug buffer or local console. If the user uses the command in a Telnet session, the error message also is output to the local console.

Note: When selecting to output to the debug buffer and there are debug messages being outputted, the system memory pool will be used as the debug buffer. The functions which will use

302

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

the system memory pool resource may fail to execute command such as download and upload firmware, or save configuration. If you want to execute these commands successfully, please use the command “debug buffer clear” to release the system’s memory pool resources manually first.

Format debug output [module <module_list> | all] [buffer | console]

Parameters

module - Specifies the module list.

<module_list> - Enter the module list here.

all - Control output method of all modules.

buffer - Direct the debug message of the module output to debug buffer(default).

console - Direct the debug message of the module output to local console.

Restrictions

Only Administrator level users can issue this command.

Example

To set all module debug message outputs to local console:

DGS-3620-28PC:admin# debug output all console

Command: debug output all console

Success.

DGS-3620-28PC:admin#

20-6 debug config error_reboot

Description

This command is used to set if the switch needs to be rebooted when a fatal error occurs. When the error occurs, the watchdog timer will be disabled by the system first, and then all debug information will be saved in NVRAM. If the error_reboot is enabled, the watchdog shall be enabled after all information is stored into NVRAM.

Format debug config error_reboot [enable | disable]

Parameters

enable - Need reboot switch when fatal error happens.(if the project do not define the default setting, enable for default).

disable - Do not need reboot switch when fatal error happens, system will hang-up for debug and enter the debug shell mode for debug.

303

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator level users can issue this command.

Example

To set the switch to not need a reboot when a fatal error occurs:

DGS-3620-28PC:admin# debug config error_reboot disable

Command: debug config error_reboot disable

Success.

DGS-3620-28PC:admin#

20-7 debug config state

Description

Use the command to set the state of the debug.

Format debug config state [enable | disable]

Parameters

enable - Enable the debug state.

disable - Disable the debug state.

Restrictions

Only Administrator level users can issue this command.

Example

To set the debug state to disabled:

DGS-3620-28PC:admin# debug config state disable

Command: debug config state disable

Success.

DGS-3620-28PC:admin#

20-8 debug show error_reboot state

Description

Use the command to show the error reboot status.

304

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format debug show error_reboot state

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To show the error reboot status:

DGS-3620-28PC:admin#debug show error_reboot state

Command: debug show error_reboot state

Error Reboot: Enabled

DGS-3620-28PC:admin#

20-9 debug stp clear counter

Description

This command used to clear the STP counters.

Format debug stp clear counter {ports [<portlist> | all]}

Parameters

ports - Specifies the port range.

<portlist> - Enter the list of port used for this configuration here.

all - Clears all port counters.

Restrictions

Only Administrator level users can issue this command.

Example

To clear all STP counters on the switch:

DGS-3620-28PC:admin# debug stp clear counter ports all

Command : debug stp clear counter ports all

Success.

DGS-3620-28PC:admin#

305

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

20-10 debug stp config ports

Description

This command used to configure per-port STP debug level on the specified ports.

Format debug stp config ports [<portlist> | all] [event | bpdu | state_machine | all] state [disable | brief | detail]

Parameters

ports - Specifies the STP port range to debug.

<portlist> - Enter the list of port used for this configuration here.

all - Specifies to debug all ports on the switch.

event - Debug the external operation and event processing.

bpdu - Debug the BPDU’s that have been received and transmitted.

state_machine - Debug the state change of the STP state machine.

all - Debug all of the above.

state - Specifies the state of the debug mechanism.

disable - Disables the debug mechanism.

brief - Sets the debug level to brief.

detail - Sets the debug level to detail.

Restrictions

Only Administrator level users can issue this command.

Example

To configure all STP debug flags to brief level on all ports:

DGS-3620-28PC:admin# debug stp config ports all all state brief

Command: debug stp config ports all all state brief

Success.

DGS-3620-28PC:admin#

20-11 debug stp show counter

Description

This command used to display the STP counters.

Format debug stp show counter {ports [<portlist> | all]}

306

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

ports - (Optional) Specifies the STP ports for display.

<portlist> - Enter the list of port used for this configuration here.

all - Display all port’s counters.

If no parameter is specified, display the global counters.

Restrictions

Only Administrator level users can issue this command.

Example

To show the STP counters for port 9:

DGS-3620-28PC:admin#debug stp show counter ports 9

Command: debug stp show counter ports 9

STP Counters

--------------------------------------

Port 9 :

Receive: Transmit:

Total STP Packets : 0 Total STP Packets : 0

Configuration BPDU : 0 Configuration BPDU : 0

TCN BPDU : 0 TCN BPDU : 0

RSTP TC-Flag : 0 RSTP TC-Flag : 0

RST BPDU : 0 RST BPDU : 0

Discard:

Total Discarded BPDU : 0

Global STP Disabled : 0

Port STP Disabled : 0

Invalid packet Format : 0

Invalid Protocol : 0

Configuration BPDU Length : 0

TCN BPDU Length : 0

RST BPDU Length : 0

Invalid Type : 0

Invalid Timers : 0

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

20-12 debug stp show flag

Description

This command used to display the STP debug level on specified ports.

Format debug stp show flag {ports <portlist>}

307

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

ports - (Optional) Specifies the STP ports to display.

<portlist> - (Optional) Enter the list of port used for this configuration here.

If no parameter is specified, all ports on the switch will be displayed.

Restrictions

Only Administrator level users can issue this command.

Example

To display the debug STP levels on all ports:

DGS-3620-28PC:admin# debug stp show flag

Command: debug stp show flag

Global State: Enabled

Port Index

----------

Event flag

----------

BPDU Flag

---------

State Machine Flag

------------------

1 Detail Brief Disable

2 Detail Brief Disable

3 Detail Brief Disable

4 Detail Brief Disable

5 Detail Brief Disable

6 Detail Brief Disable

7 Detail Brief Disable

8 Detail Brief Disable

9 Detail Brief Disable

10 Detail Brief Disable

11 Detail Brief Disable

12 Detail Brief Disable

DGS-3620-28PC:admin#

20-13 debug stp show information

Description

This command used to display STP detailed information, such as the hardware tables, the STP state machine, etc.

Format debug stp show information

Parameters

None.

308

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator level users can issue this command.

Example

To show STP debug information:

DGS-3620-28PC:admin# debug stp show information

Command: debug stp show information

Spanning Tree Debug Information:

----------------------------------------

Port Status In Hardware Table:

Instance 0:

Port 1 :BLK Port 2 :BLK Port 3 :BLK Port 4 :BLK Port 5 :BLK Port 6 :BLK

Port 7 :FOR Port 8 :BLK Port 9 :BLK Port 10:BLK Port 11:BLK Port 12:BLK

Instance 1:

Port 1 :BLK Port 2 :BLK Port 3 :BLK Port 4 :BLK Port 5 :BLK Port 6 :BLK

Port 7 :FOR Port 8 :BLK Port 9 :BLK Port 10:BLK Port 11:BLK Port 12:BLK

--------------------------------------

Root Priority And Times :

Instance 0:

Designated Root Bridge : 32768/00-01-02-03-04-00

External Root Cost : 0

Regional Root Bridge : 32768/00-01-02-03-04-00

Internal Root Cost : 0

Designated Bridge : 32768/00-01-02-03-04-00

Designated Port : 0

Message Age : 0

Max Age

Forward Delay

: 20

: 15

Hello Time

Instance 1:

: 2

Regional Root Bridge

Internal Root Cost

Designated Bridge

: 32769/00-01-02-03-04-00

: 0

: 32769/00-01-02-03-04-00

Designated Port

Remaining Hops

: 0

: 20

--------------------------------------

Designated Priority And Times:

Instance 0:

Port 1 :

Designated Root Bridge : 0 /00-00-00-00-00-00

External Root Cost : 0

Regional Root Bridge : 0 /00-00-00-00-00-00

Internal Root Cost : 0

Designated Bridge

Designated Port

Message Age

Max Age

Forward Delay

Hello Time

: 0 /00-00-00-00-00-00

: 0

: 0

: 20

: 15

: 2

309

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Instance 1:

Port 1 :

Regional Root Bridge

Internal Root Cost

Designated Bridge

Designated Port

Remaining Hops

DGS-3620-28PC:admin#

20-14 debug stp state

: 0 /00-00-00-00-00-00

: 0

: 0 /00-00-00-00-00-00

: 0

: 20

Description

This command is used to enable or disable the STP debug state.

Format debug stp state [enable | disable]

Parameters

state - Specifies the STP debug state.

enable - Enable the STP debug state.

disable - Disable the STP debug state.

Restrictions

Only Administrator level users can issue this command.

Example

To configure the STP debug state to enable, and then disable the STP debug state:

DGS-3620-28PC:admin# debug stp state enable

Command: debug stp state enable

Success.

DGS-3620-28PC:admin# debug stp state disable

Command: debug stp state disable

Success.

DGS-3620-28PC:admin#

20-15 debug ospf

Description

This command is used to enable or disable OSPF debug flags.

310

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format debug ospf [neighbor_state_change | interface_state_change {dr_bdr_selection} | lsa {all | originating | installing | receiving | flooding} (1) | packet {all | receiving | sending} (1) | retransmission | spf {all | intra | inter | extern} (1) | timer | virtual_link | route | redistribution] state [enable | disable]

Parameters

neighbor_state_change - The state of the OSPF neighbor state change debug.

interface_state_change - The state of the OSPF interface state change debug.

dr_bdr_selection - (Optional) Used to include or exclude debug information for DR/BDR selection.

lsa - The state of the designated debug flag.

all - (Optional) Specifies to set all LSA debug flags.

originating - (Optional) Specifies to set LSA originating debug flag.

installing - (Optional) Specifies to set LSA installing debug flag.

receiving - (Optional) Specifies to set LSA receiving debug flag.

flooding - (Optional) Specifies to set LSA flooding debug flag.

packet - The state of the designated debug flag.

all - (Optional) Specifies to set all packet debug flags.

receiving - (Optional) Specifies to set packet receiving debug flag.

sending - (Optional) Specifies to set packet sending debug flag.

retransmission - The state of the OSPF retransmission debug flag.

spf - The state of the designated debug flag.

all - (Optional) Specifies to set all SPF debug flags.

intra - (Optional) Specifies to set intra-area SPF debug flag.

inter - (Optional) Specifies to set inter-area SPF debug flag.

extern - (Optional) Specifies to set AS external SPF debug flag.

timer - The state of the OSPF timer debug flag.

virtual_link - The state of the OSPF virtual link debug flag.

route - The state of OSPF route debug flag.

redistribution - The state of OSPF redistribution debug flag.

state - Specifies to set the OSPF debug flags state.

enable - Specifies that the OSPF debug flags state will be enabled.

disable - Specifies that the OSPF debug flags state will be disabled.

Restrictions

Only Administrator level users can issue this command.

Example

To enable OSPF neighbor state change debug:

DGS-3620-28PC:admin# debug ospf neighbor_state_change state enable

Command: debug ospf neighbor_state_change state enable

Success.

DGS-3620-28PC:admin#

To enable OSPF interface state change debug:

311

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug ospf interface_state_change state enable

Command: debug ospf interface_state_change state enable

Success.

DGS-3620-28PC:admin#

To enable all OSPF LSA debug flags:

DGS-3620-28PC:admin# debug ospf lsa all state enable

Command: debug ospf lsa all state enable

Success.

DGS-3620-28PC:admin#

To enable all OSPF packet debug flags:

DGS-3620-28PC:admin# debug ospf packet all state enable

Command: debug ospf packet all state enable

Success.

DGS-3620-28PC:admin#

To enable OSPF retransmission debug flag:

DGS-3620-28PC:admin# debug ospf retransmission state enable

Command: debug ospf retransmission state enable

Success.

DGS-3620-28PC:admin#

To enable all OSPF SPF debug flags:

DGS-3620-28PC:admin# debug ospf spf all state enable

Command: debug ospf spf all state enable

Success.

DGS-3620-28PC:admin#

20-16 debug ospf clear counter

Description

This command is used to reset the OSPF statistic counters.

Format debug ospf clear counter {packet | neighbor | spf}

312

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

packet - (Optional) Specifies to reset the OSPF packet counter.

neighbor - (Optional) Specifies to reset the OSPF neighbor event counter.

spf - (Optional) Specifies to reset the OSPF SPF event counter.

If the parameter is not specified, all OSPF counters will be cleared.

Restrictions

Only Administrator level users can issue this command.

Example

To clear all OSPF statistic counters:

DGS-3620-28PC:admin# debug ospf clear counter

Command: debug ospf clear counter

Success.

DGS-3620-28PC:admin#

20-17 debug ospf log state

Description

This command is used to enable or disable the OSPF debug log.

Format debug ospf log state [enable | disable]

Parameters

state - Specifies the state of the OSPF debug log.

enable - Specifies that the OSPF debug log state will be enabled.

disable - Specifies that the OSPF debug log state will be disabled.

Restrictions

Only Administrator level users can issue this command.

Example

To enable the OSPF debug log:

DGS-3620-28PC:admin# debug ospf log state enable

Command: debug ospf log state enable

Success.

DGS-3620-28PC:admin#

313

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

20-18 debug ospf show counter

Description

This command is used to display OSPF statistic counters.

Format debug ospf show counter {packet | neighbor | spf}

Parameters

packet - (Optional) Specifies to display the OSPF packet counter.

neighbor - (Optional) Specifies to display the OSPF neighbor event counter.

spf - (Optional) Specifies to display the OSPF SPF event counter.

If the parameter is not specified, all OSPF counters will be displayed.

Restrictions

Only Administrator level users can issue this command.

Example

To show all OSPF statistic counters:

DGS-3620-28PC:admin# debug ospf show counter

Command: debug ospf show counter

OSPF Debug Statistic Counters

Packet Receiving:

Total : 30

Hello : 30

DD : 0

LSR : 0

LSU : 0

LSAck : 0

Drop : 0

Auth Fail : 0

Packet Sending:

Total : 59

Hello : 59

DD : 0

LSR : 0

LSU : 0

LSAck : 0

Neighbor State:

Change : 0

SeqMismatch : 0

SPF Calculation:

314

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Intra : 0

Inter : 0

Extern : 0

DGS-3620-28PC:admin#

20-19 debug ospf show detail external_link

Description

This command is used to display all AS external LSAs with detail information.

Format debug ospf show detail external_link

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To display all AS external LSAs with detail information:

DGS-3620-28PC:admin#debug ospf show detail external_link

Command: debug ospf show detail external_link

OSPF Phase2 External Link:

===========

AREA 0.0.0.0:

AS-External LSA:

Link-State ID: 192.168.205.0

Advertising Router: 1.1.1.1

LS Age: 10 Seconds

Options: 0x2

.... ...0 = 0 Bit Isn't Set

.... ..1. = E: ExternalRoutingCapability

.... .0.. = MC: NOT Multicast Capable

.... 0... = N/P: NSSA Bit

...0 .... = EA: Not Support Rcv And Fwd EA_LSA

..0. .... = DC: Not Support Handling Of Demand Circuits

.0.. .... = O: O Bit Isn't Set

0... .... = 7 Bit Isn't Set

LS Sequence Number: 0x80000001

Length: 36

Netmask: 255.255.255.0

315

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Metric: 20

Forwarding Address: 10.90.90.101

External Route Tag: 0

Internal Field:

Del_flag: 0x0 I_ref_count: 0 Seq: 0x80000001 Csum: 0xd08e

Rxtime: 384 Txtime: 0 Orgage: 0

Current Time: 394

DGS-3620-28PC:admin#

20-20 debug ospf show detail net_link

Description

This command is used to display all Network LSAs with detail information.

Format debug ospf show detail net_link

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To display all Network LSAs with detail information:

DGS-3620-28PC:admin#debug ospf show detail net_link

Command: debug ospf show detail net_link

OSPF Phase2 NET Link:

===========

AREA 0.0.0.0:

Network LSA:

Link-State ID: 10.90.90.123

Netmask: 255.0.0.0

Advertising Router: 10.90.90.91

LS Age: 109 Seconds

Options: 0x2

.... ...0 = 0 Bit Isn't Set

.... ..1. = E: ExternalRoutingCapability

.... .0.. = MC: NOT Multicast Capable

.... 0... = N/P: NSSA Bit

...0 .... = EA: Not Support Rcv And Fwd EA_LSA

..0. .... = DC: Not Support Handling Of Demand Circuits

.0.. .... = O: O Bit Isn't Set

316

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

0... .... = 7 Bit Isn't Set

LS Sequence Number: 0x80000001

Length: 32

Attached Router: 10.90.90.91

Attached Router: 1.1.1.1

Internal Field:

Del_flag: 0x0 I_ref_count: 0 Seq: 0x80000001 Csum: 0x4e99

Rxtime: 4 Txtime: 4 Orgage: 1

Current Time: 112

DGS-3620-28PC:admin#

20-21 debug ospf show detail rt_link

Description

This command is used to display all Router LSAs with detail information.

Format debug ospf show detail rt_link

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To display all Router LSAs with detail information:

DGS-3620-28PC:admin#debug ospf show detail rt_link

Command: debug ospf show detail rt_link

OSPF Phase2 RT Link:

===========

AREA 0.0.0.0:

Router LSA:

Link-State ID: 1.1.1.1

Advertising Router: 1.1.1.1

LS Age: 10 Seconds

Options: 0x2

.... ...0 = 0 Bit Isn't Set

.... ..1. = E: ExternalRoutingCapability

.... .0.. = MC: NOT Multicast Capable

.... 0... = N/P: NSSA Bit

...0 .... = EA: Not Support Rcv And Fwd EA_LSA

..0. .... = DC: Not Support Handling Of Demand Circuits

317

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

.0.. .... = O: O Bit Isn't Set

0... .... = 7 Bit Isn't Set

LS Sequence Number: 0x80000002

Length: 36

Flags: 0x0

.... ...0 = B: Not Area Border Router

.... ..0. = E: Not AS Boundary Router

.... .0.. = V: Not Virtual Link Endpoint

Number Of Links: 1

Type: Transit ID: 10.90.90.123 Data: 10.90.90.91 Metric: 1

Internal Field:

Del_flag: 0x0 I_ref_count: 0 Seq: 0x80000002 Csum: 0xd81d

Rxtime: 5 Txtime: 0 Orgage: 0

Current Time: 15

DGS-3620-28PC:admin#

20-22 debug ospf show detail summary_link

Description

This command is used to display all Summary LSAs with detail information.

Format debug ospf show detail summary_link

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To display all Summary LSAs with detail information:

DGS-3620-28PC:admin#debug ospf show detail summary_link

Command: debug ospf show detail summary_link

OSPF Phase2 Summary Link:

===========

AREA 0.0.0.0:

Summary LSA:

Link-State ID: 20.1.1.0

Advertising Router: 10.90.90.91

LS Age: 10 Seconds

Options: 0x2

.... ...0 = 0 Bit Isn't Set

318

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

.... ..1. = E: ExternalRoutingCapability

.... .0.. = MC: NOT Multicast Capable

.... 0... = N/P: NSSA Bit

...0 .... = EA: Not Support Rcv And Fwd EA_LSA

..0. .... = DC: Not Support Handling Of Demand Circuits

.0.. .... = O: O Bit Isn't Set

0... .... = 7 Bit Isn't Set

LS Sequence Number: 0x80000001

Length: 28

Netmask: 255.255.255.0

Metric: 1

Internal Field:

Del_flag: 0x0 I_ref_count: 0 Seq: 0x80000001 Csum: 0x8f9c

Rxtime: 246 Txtime: 246 Orgage: 1

Current Time: 255

DGS-3620-28PC:admin#

20-23 debug ospf show detail type7_link

Description

This command is used to display all type-7 LSAs with detail information.

Format debug ospf show detail type7_link

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To display all type-7 LSAs with detail information:

DGS-3620-28PC:admin#debug ospf show detail type7_link

Command: debug ospf show detail type7_link

OSPF Phase2 NSSA-External Link:

===========

AREA 0.0.0.1:

NSSA-External LSA:

Link-State ID: 0.0.0.0

Advertising Router: 10.90.90.91

LS Age: 855 Seconds

319

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Options: 0x2

.... ...0 = 0 Bit Isn't Set

.... ..1. = E: ExternalRoutingCapability

.... .0.. = MC: NOT Multicast Capable

.... 0... = N/P: NSSA Bit

...0 .... = EA: Not Support Rcv And Fwd EA_LSA

..0. .... = DC: Not Support Handling Of Demand Circuits

.0.. .... = O: O Bit Isn't Set

0... .... = 7 Bit Isn't Set

LS Sequence Number: 0x80000002

Length: 36

Netmask: 0.0.0.0

Metric: 0

Forwarding Address: 0.0.0.0

External Route Tag: 0

Internal Field:

Del_flag: 0x0 I_ref_count: 0 Seq: 0x80000002 Csum: 0x77be

Rxtime: 2301 Txtime: 0 Orgage: 0

Current Time: 3156

DGS-3620-28PC:admin#

20-24 debug ospf show flag

Description

This command is used to display the OSPF debug flag setting.

Format debug ospf show flag

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To show the current OSPF debug flag setting:

DGS-3620-28PC:admin# debug ospf show flag

Command: debug ospf show flag

Global State: Enabled

Current OSPF Flags Setting:

Neighbor State Change

320

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Interface State Change

LSA Originating

LSA Operating

LSA Receiving

LSA Flooding

Packet Receiving

Packet Sending

Retransmission

Timer

DR Selection

Route

Redistribution

Virtual Link

SPF Intra

SPF Inter

SPF Extern

DGS-3620-28PC:admin#

20-25 debug ospf show log state

Description

This command is used to display the OSPF debug log state.

Format debug ospf show log state

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To display the debug OSPF log state:

DGS-3620-28PC:admin# debug ospf show log state

Command: debug ospf show log state

OSPF Log State : Enabled

DGS-3620-28PC:admin#

321

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

20-26 debug ospf show redistribution

Description

This command is used to display the current internal OSPF redistribute list.

Format debug ospf show redistribution

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To display the current OSPF redistribution list:

DGS-3620-28PC:admin# debug ospf show redistribution

Command: debug ospf show redistribution

OSPF Redistribution List:

IP Nexthop State Type Tag

------------------ --------------- ----- ---- ---------------

1.1.1.0/24 0.0.0.0 ON 2 0.0.0.0

OSPF ASE Table:

IP Nexthop State Type Tag

------------------ --------------- ----- ---- ---------------

1.1.1.0/24 0.0.0.0 ON 2 0.0.0.0

DGS-3620-28PC:admin#

20-27 debug ospf show request_list

Description

This command is used to display the current internal OSPF request list.

Format debug ospf show request_list

Parameters

None.

322

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator level users can issue this command.

Example

To display the current OSPF request list:

DGS-3620-28PC:admin# debug ospf show request_list

Command: debug ospf show request_list

OSPF Request List:

Area 0.0.0.0:

Circuit: 1.1.1.1

Neighbor: 90.2.0.1 IP: 1.1.1.2

LSID: 192.194.134.0 RTID: 90.2.0.1

LSID: 192.194.135.0 RTID: 90.2.0.1

LSID: 192.194.136.0 RTID: 90.2.0.1

LSID: 192.194.137.0 RTID: 90.2.0.1

LSID: 192.194.138.0 RTID: 90.2.0.1

DGS-3620-28PC:admin#

20-28 debug ospf show summary_list

Description

This command is used to display the current internal OSPF summary list.

Format debug ospf show summary_list

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To display the current OSPF summary list:

323

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug ospf show summary_list

Command: debug ospf show summary_list

OSPF Summary List:

Area 0.0.0.0:

Circuit: 1.1.1.1

Neighbor: 90.2.0.1 IP: 1.1.1.2

LSID: 1.1.1.1 RTID: 1.1.1.1

Circuit: 2.2.2.1

Circuit: 10.1.1.6

DGS-3620-28PC:admin#

20-29 debug ospf state

Description

This command is used to set the OSPF debug global state.

Format debug ospf state [enable | disable]

Parameters

state - Specifies the OSPF debug global state.

enable - Specifies that the OSPF debug global state will be enabled.

disable - Specifies that the OSPF debug global state will be disabled.

Restrictions

Only Administrator level users can issue this command.

Example

To enable the OSPF debug global state:

324

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug ospf state enable

Command: debug ospf state enable

Success.

DGS-3620-28PC:admin# debug ospf show flag

Command: debug ospf show flag

Global State: Enabled

Current OSPF Flags Setting:

Neighbor State Change

DGS-3620-28PC:admin#

20-30 debug vrrp

Description

This command is used to set VRRP debug flags.

Format debug vrrp [vr_state_change | packet [all | {receiving | sending}(1)] | mac_addr_update | interface_change | timers] state [enable | disable]

Parameters

vr_state_change - Specifies the state of the VRRP change debug flag.

packet - Specifies to set the VRRP packet flags.

all - Specifies to set VRRP all packet debug flags.

receiving - (Optional) Specifies to set the VRRP packet receiving flag.

sending - (Optional) Specifies to set the VRRP packet sending flag.

mac_addr_update - Specifies the state of VRRP MAC debug flag.

interface_change - Specifies the state of VRRP interface debug flag.

timers - Specifies the state of VRRP timer's debug flag.

state - Specifies the state of the configured VRRP debug flag.

enable - Specifies that the configured VRRP debug flag will be enabled.

disable - Specifies that the configured VRRP debug flag will be disabled.

Restrictions

Only Administrator level users can issue this command.

Example

To enable the VRRP virtual router state change debug flag:

325

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug vrrp vr_state_change state enable

Command: debug vrrp vr_state_change state enable

Success.

DGS-3620-28PC:admin#

To enable all VRRP packet debug flags:

DGS-3620-28PC:admin# debug vrrp packet all state enable

Command: debug vrrp packet all state enable

Success.

DGS-3620-28PC:admin#

To enable VRRP virtual MAC address update debug flag:

DGS-3620-28PC:admin# debug vrrp mac_addr_update state enable

Command: debug vrrp mac_addr_update state enable

Success.

DGS-3620-28PC:admin#

To enable VRRP interface state change debug flag:

DGS-3620-28PC:admin# debug vrrp interface_change state enable

Command: debug vrrp interface_change state enable

Success.

DGS-3620-28PC:admin#

To enable VRRP timer debug flag:

DGS-3620-28PC:admin# debug vrrp timers state enable

Command: debug vrrp timers state enable

Success.

DGS-3620-28PC:admin#

20-31 debug vrrp clear counter

Description

This command is used to reset the VRRP debug statistic counters.

326

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format debug vrrp clear counter

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To clear VRRP statistic counters:

DGS-3620-28PC:admin# debug vrrp clear counter

Command: debug vrrp clear counter

Success

DGS-3620-28PC:admin#

20-32 debug vrrp log state

Description

This command is used to enable or disable the VRRP debug log state.

Format debug vrrp log state [enable | disable]

Parameters

state - Specifies the state of the VRRP log. The default setting is disabled.

enable - Specifies that the VRRP log state will be enabled.

disable - Specifies that the VRRP log state will be disabled.

Restrictions

Only Administrator level users can issue this command.

Example

To enable the VRRP debug log state:

DGS-3620-28PC:admin# debug vrrp log state enable

Command: debug vrrp log state enable

Success.

DGS-3620-28PC:admin#

327

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

20-33 debug vrrp show counter

Description

This command is used to display the VRRP debug statistic counters.

Format debug vrrp show counter

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To display VRRP statistic counters:

DGS-3620-28PC:admin# debug vrrp show counter

Command: debug vrrp show counter

VRRP debug statistic counters

Received ADV : 9

Drop : 52

Auth fail : 0

Sent ADV : 0

DGS-3620-28PC:admin#

20-34 debug vrrp show flag

Description

This command is used to display VRRP debug flag settings.

Format debug vrrp show flag

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

328

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To display VRRP debug flag settings:

DGS-3620-28PC:admin#debug vrrp show flag

Command: debug vrrp show flag

Global State: Disabled

Current VRRP debug level setting:

virtual router state change

packet receiving

packet sending

mac address update

interface change

timer

DGS-3620-28PC:admin#

20-35 debug vrrp show log state

Description

The command is used to display the VRRP debug log state.

Format debug vrrp show log state

Parameters

None.

Restrictions

Only Administrator level users can issue this command.

Example

To display the VRRP debug log state:

DGS-3620-28PC:admin# debug vrrp show log state

Command: debug vrrp show log state

VRRP Debug Log State: Disabled

DGS-3620-28PC:admin#

329

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

20-36 debug vrrp state

Description

The command is used to enable or disable the VRRP debug state.

Format debug vrrp state [enable | disable]

Parameters

state - Specifies the state of the VRRP debug state. The default setting is disabled.

enable - Specifies that the VRRP debug state will be enabled.

disable - Specifies that the VRRP debug state will be disabled.

Restrictions

Only Administrator level users can issue this command.

Example

To enable the VRRP debug state:

DGS-3620-28PC:admin# debug vrrp state enable

Command: debug vrrp state enable

Success.

DGS-3620-28PC:admin#

20-37 debug bgp show flag

Description

This command is used for displaying current BGP debugging flags’ setting.

Format debug bgp show flag

Parameters

None.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Show BGP debug flag:

330

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug bgp show flag

Command: debug bgp show flag

Current BGP flags setting:

Peer FSM Event Disable

OPEN Packet Receive Disable

OPEN Packet Send Disable

UPDATE Packet Receive Disable

UPDATE Packet Send Disable

KEEPALIVE Packet Receive Disable

KEEPALIVE Packet Send Disable

NOTIFY Packet Receive Disable

NOTIFY Packet Send Disable

REFRESH Packet Receive Disable

REFRESH Packet Send Disable

CAPABILITY Packet Receive Disable

CAPABILITY Packet Send Disable

Route MAP Disable

Access List Disable

Prefix List Disable

ERROR Information Disable

DGS-3620-28PC:admin#

20-38 debug bgp all flag

Description

This command is used for setting all BGP debugging flags to disable or enable.

Format debug bgp all flag [enable | disable]

Parameters

enable - Enable the BGP debug function.

disable - Disable the BGP debug function.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure all BGP debug flags’ state to enable:

331

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug bgp all flag enable

Command: debug bgp all flag enable

Success.

DGS-3620-28PC:admin#

20-39 debug bgp fsm_event

Description

This command is used for setting the flag of debugging information about peer FSM Event.

Format debug bgp fsm_event [enable | disable]

Parameters

enable - Enable the BGP debug function.

disable - Disable the BGP debug function.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure BGP peer FSM event debug flag to enable:

DGS-3620-28PC:admin# debug bgp fsm_event enable

Command: debug bgp fsm_event enable

Success.

DGS-3620-28PC:admin#

Output Examples: After BGP peer FSM event debug flag to enable, it may print following information.

BGP: 10.1.1.1-10.2.2.2, [FSM] State Change: Idle -> Connect.

BGP: 10.1.1.1-10.2.2.2, [FSM] Hold-Timer Expiry.

BGP: 10.1.1.1-10.2.2.2, [FSM] State: Open, Event: 3.

20-40 debug bgp packet

Description

This command is used for setting the flag of debugging information about different type of BGP packets’ receiving and sending.

332

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format debug bgp packet [{open | update | keepalive | notify | refresh | capability}(1) | all] [in | out]

[enable | disable]

Parameters

open - (Optional) Specifies that 'open' information will be displayed.

update - (Optional) Specifies that 'update' information will be displayed.

keepalive - (Optional) Specifies that 'keepalive' information will be displayed.

notify - (Optional) Specifies that 'notify' information will be displayed.

refresh - (Optional) Specifies that 'refresh' information will be displayed.

capability - (Optional) Specifies that 'capability' information will be displayed.

all - (Optional) Specifies that all information will be displayed.

in - Specifies that the incoming information will be displayed.

out - Specifies that the outgoing information will be displayed.

enable - Enable the BGP debug function.

disable - Disable the BGP debug function.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure BGP to display debugging information after received update packet:

DGS-3620-28PC:admin# debug bgp packet all in enable

Command: debug bgp packet all in enable

Success.

DGS-3620-28PC:admin#

Output Examples: After BGP peer FSM event debug flag to enable, it may print following information.

BGP:Peer:<10.1.1.10> RCV OPEN, version:<4>,remote-as:<40>,

HoldTime:<180>,RID:<16.0.0.1>

BGP:Peer:<10.1.1.10> RCV KEEPALIVE.

BGP:Peer:<10.1.1.10> RCV UPDATE, withdraw:

<21.0.0.0/8>,<22.0.0.0/8>,<23.0.0.0/8>, <24.0.0.0/8>,<25.0.0.0/8>...

BGP:Peer:<10.1.1.10> RCV UPDATE,attr:<Orign:i,As-path:10,Nexthop:10.1.1.10,Med:5>, NLRI: <21.0.0.0/8>,<22.0.0.0/8>

BGP:Peer:<10.1.1.10> RCV NOTIFYCATION,Code:<OPEN Message Error.>,SubCode:<Bad

Peer AS.>

BGP:Peer:<10.1.1.10> RCV REFRESH,afi:<1>,safi:<1>

BGP:Peer:<10.1.1.10> RCV Capability Action:Set,Code: GRST ,Length:2

333

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

20-41 debug bgp error state

Description

This command is use for setting the flag of debugging information about BGP Error not need send

BGP NOTIFICATION.

Format debug bgp error state [enable | disable]

Parameters

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

enable - Enable the BGP debug function.

disable - Disable the BGP debug function.

Example

Configure BGP to enable error debug flag:

DGS-3620-28PC:admin# debug bgp error state enable

Command: debug bgp error state enable

Success.

DGS-3620-28PC:admin#

Output Examples: After configure BGP to enable error debug flag, it may print following information when error happens.

BGP: 10.1.1.1-10.2.2.2, NHop Validate: Invalid NHop address 250.3.0.0/8 received.

BGP: Hold-Timer: Invalid Peer.

20-42 debug bgp show global_info

Description

This command is used for displaying global information of current BGP instance.

Format debug bgp show global_info

Parameters

None.

334

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure BGP to show global information:

DGS-3620-28PC:admin# debug bgp show global_info

Command: debug bgp show global_info

Following is the information for global debugging:

---------------------------------------------------

AS Number : 100

Router ID : 194.17.0.2

Cluster ID : 123.123.123.123

Confed ID : 0

Confederation Peers :

Fast External Fallover : Disabled

Dampening Ability : Disabled

Client to Client Ability : Enabled

Cluster Peers : 0.0.0.0, 0.0.0.0, peer1

Aggregate Next_Hop_Check : Disabled

Default Local Preference : 100

Default Holdtime : 40

Default Keepalive : 10

Scan Time : 60

BGP Active Flags:

BGP_AF_CFLAG_SYNCHRONIZATION

BGP_AF_CFLAG_NETWORK_SYNC

BGP Active Redist-Flags for IPv4 Unicast:

BGP Trap : None

DGS-3620-28PC:admin#

20-43 debug bgp show peer

Description

This command is used for displaying information of all peers in BGP protocol DB.

Format debug bgp show peer {ipv6 unicast}

Parameters

ipv6 unicast – (Optional) Specifies to debug the IPv6 unicast address family.

335

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure BGP to show all peers’ information:

DGS-3620-28PC:admin# debug bgp show peer

Command: debug bgp show peer

BGP neighbor: 10.10.10.2 (Internal Peer)

-----------------------------------------------

Session State: Enabled

Session Activity: Enabled

Peer Group: NULL

Remote AS: 1

Local AS:10

Remote Router ID:192.168.252.252

BGP State: Established ( UP for 00:24:25)

Hold Time (Configured): 180 Seconds

Hold Time(Current Used): 180 Seconds

Keepalive Interval (Configured): 60 Seconds

Keepalive Interval(Current Used): 60 Seconds

Advertisement Interval(Configured): 5 Seconds

Advertisement Interval(Current Used): 5 Seconds

AS Origination Interval (Configured) : 0 Seconds

AS Origination Interval (Current Used) : 15 Seconds

Connect Retry Interval (Configured) : 0 Seconds

Connect Retry Interval (Current Used) : 120 Seconds

EBGP Multihop : 2

Weight: 100

Next Hop Self: Disabled

Remove Private AS: Disabled

Allowas In: Disabled

Address Family IPv4 Unicast

IPv4 Unicast: None

Soft Reconfiguration Inbound: Enabled

Community Sent to this Neighbor: None

Default Originate: Enabled

Incoming Update Prefix List: prelist1

Incoming Update Filter List: ASlist1

Route Map for Outgoing Routes: routemap1

Unsuppress Route Map: us_routmp1

Outbound Route Filter (ORF) type (64) Prefix list:

Send Mode : Disabled

Receive Mode : Disabled

Pass Word:

Prefix Count: 0

Send Prefix Count: 0

Prefix Max Count: 12000

Prefix Warning Threshold: 75

Prefix Max Warning: Disabled

336

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#

20-44 debug bgp show peer_group

Description

This command is used for displaying current peer group’s configuration in BGP protocol stack.

Format debug bgp show peer_group {ipv6 unicast}

Parameters

ipv6 unicast – (Optional) Specifies to debug the IPv6 unicast address family.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure BGP to show peer group’s configuration:

337

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug bgp show peer_group

Command: debug bgp show peer_group

BGP Peer Group :tt

-------------------------------------------------------

Session State : Enabled

Session Activity : Enabled

Members : None

Remote AS : Not Set

Holdtime Interval : 180 seconds

Keepalive Interval : 60 seconds

Advertisement Interval : 0 seconds

AS Origination Interval : 0 Seconds

Connect Retry Interval : 0 Seconds

EBGP Multihop : 1

Weight : 0

Next Hop Self : Disabled

Remove Private As : Disabled

Allowas In : Disabled

Soft Reconfiguration Inbound : Disabled

Community Sent to this Neighbor : None

Default Originate : Disabled

Capability 0rf Prefix List : None

Pass Word:

Prefix Max Count: 12000

Prefix Warning Threshold: 75

Prefix Max Warning: Disabled

DGS-3620-28PC:admin#

20-45 debug bgp show network

Description

This command is used for displaying current network’s configuration in BGP protocol stack.

Format debug bgp show network {ipv6 unicast}

Parameters

ipv6 unicast – (Optional) Specifies to debug the IPv6 unicast address family.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure BGP to show network information:

338

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug bgp show network

Command: debug bgp show network

Network Route Map

------------- -----------

192.168.0.0/8 NULL

172.16.0.0/16 map1

Total Entries :2

DGS-3620-28PC:admin#

20-46 debug bgp show aggregate

Description

This command is used for displaying current aggregate’s configuration in BGP protocol stack.

Format debug bgp show aggregate {ipv6 unicast}

Parameters

ipv6 unicast – (Optional) Specifies to debug the IPv6 unicast address family.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure BGP to show aggregate information:

DGS-3620-28PC:admin# debug bgp show aggregate

Command: debug bgp show aggregate

Network Summary Only AS Set Suppress Count

------------- ------------ ------ -------------

192.168.0.0/8 YES NO 0

172.16.0.0/16 NO NO 2

Total Entries :2

DGS-3620-28PC:admin#

20-47 debug bgp show damp

Description

This command is used for displaying current dampening configuration and corresponding dynamic information in BGP protocol stack.

339

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format debug bgp show damp {ipv6 unicast}

Parameters

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

ipv6 unicast – (Optional) Specifies to debug the IPv6 unicast address family.

Example

Configure BGP to show current dampening information:

DGS-3620-28PC:admin# debug bgp show damp

Command: debug bgp show damp

Route Map : NULL

Reach Half Life Time is : 900 seconds

Reuse Value : 750

Suppress Value : 2000

MAX Suppress Time : 3600 seconds

Unreach Half Life Time is : 900 seconds

Reuse Index Size : 1024

Reuse List Size : 256

Reuse Offset : 19

Current dampened routes:

Damp Reuse List Info: reuse_index index ptr penalty flap start_time t_updated suppress_time evt show BGP Damp no reuse list info: 0 index ptr penalty flap start_time t_updated suppress_time evt

BGP Damp Decay List Info: decay array size is 90.

Index Value

----- -----

1 1

2 0.969663

3 0.940247

4 0.911722

5 0.884064

6 0.857244

7 0.831238

8 0.806021

9 0.781569

340

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

10 0.757858

Output truncated...

DGS-3620-28PC:admin#

20-48 debug bgp show interface_info

Description

This command is used for displaying current interface information in BGP protocol stack.

Format debug bgp show interface_info

Parameters

None.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure BGP to show current interface information:

DGS-3620-28PC:admin# debug bgp show interface_info

Command: debug bgp show interface_info

Interface Information:

Name Index Network Flags Status

---- ---- ------------ ----- ------

System 0001 30.30.30.30/8 0 Up

DGS-3620-28PC:admin#

20-49 debug bgp show as_path_access_list

Description

This command is used for displaying current BGP as path access list configuration in BGP protocol stack.

Format debug bgp show as_path_access_list

341

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

None.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure BGP to show current BGP as_path access_list information:

DGS-3620-28PC:admin# debug bgp show as_path_access_list

Command: debug bgp show as_path_access_list

BGP AS Path Access List 1 deny (_64[6-9][0-9][0-9]_|_65[0-9][0-9][0-9]_) permit 33

Total Entries: 1

DGS-3620-28PC:admin#

20-50 debug bgp show bgp_timer

Description

This command is used for displaying current BGP timer chain information in BGP protocol stack.

Format debug bgp show bgp_timer

Parameters

None.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure BGP to show current BGP timer chain information.

342

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug bgp show bgp_timer

Command: debug bgp show bgp_timer

BGP timer Link:

Node Time Func

---- ---- ------

08B108D0 0001 00675AF4

08B1AC70 0016 0065F4F4

08B1ACA8 0017 0065F5CC

08B37DCC 0029 0065F4F4

08B37E04 0030 0065F5CC

032821BC 0035 00662840

08B1AC54 0135 0065F40C

08B37DB0 0148 0065F40C

DGS-3620-28PC:admin#

20-51 debug bgp show community_list

Description

This command is used for displaying current community list configuration in protocol stack.

Format debug bgp show community_list

Parameters

None.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure BGP to show current community list information:

DGS-3620-28PC:admin# debug bgp show community_list

Command: debug bgp show community_list

Community list:1 standard

permit 50000:100

DGS-3620-28PC:admin#

20-52 debug bgp show redist_info

Description

This command is used for displaying current BGP redistribution information.

343

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format debug bgp show redist_info

Parameters

None.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure BGP to show current BGP redistribution information:

DGS-3620-28PC:admin# debug bgp show redist_info

Command: debug bgp show redist_info

Last redistribution count summary:

Type Route_count_rib total_count Time(msec)

------ ---------------- --------------- ---------

OSPF 0 0 0

RIP 0 0 0

STATIC 0 0 0

LOCAL 7 0 0

Redistributed routes summary:

Network Type Next_hop

------- ---- -------------

1.10.0.1/32 LOCAL 0.0.0.0

1.10.0.2/32 LOCAL 0.0.0.0

1.10.0.3/32 LOCAL 0.0.0.0

DGS-3620-28PC:admin#

20-53 debug bgp router_map

Description

This command is used for setting route_map debugging flags to disable or enable. If this flag is enable, route-map permit or deny in BGP module will be displayed.

Format debug bgp router_map [enable | disable]

Parameters

enable - Enable the route_map debug function.

disable - Disable the route_map debug function.

344

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

Configure routemap debug flags’ state to enable:

DGS-3620-28PC:admin# debug bgp router_map enable

Command: debug bgp router_map enable

Success.

DGS-3620-28PC:admin# config bgp neighbor map 15.0.0.1 route_map in add map1

Command: config bgp neighbor map 15.0.0.1 route_map in add map1

Success.

DGS-3620-28PC:admin#

Output Examples: After configure BGP to enable route map debug flag, it may print following information when route map applied. route_map:<map1>,apply bgp neighbor:<13.0.0.1> MATCH. route_map:<map1>,apply bgp static route:<32.0.0.0/8> Not MATCH.

20-54 debug bgp access_list

Description

This command is used for setting access_list debugging flags to disable or enable. If this flag is enable, access list permit or deny in BGP module will be displayed

Format debug bgp access_list [enable | disable]

Parameters

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

enable - Enable the access_list debug function.

disable - Disable the access_list debug function.

Example

Configure access list debug flags’ state to enable:

345

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug bgp access_list enable

Command: debug bgp access_list enable

Success.

DGS-3620-28PC:admin#

Output Examples: After configure BGP to enable access list debug flag, it may print following information when access list applied. access_list:<ac1>,apply bgp neighbor:<19.0.0.1> MATCH.

20-55 debug bgp prefix_list

Description

This command is used for setting prefix_list debugging flags to disable or enable. If this flag is enable, prefix list permit or deny in BGP module will be displayed.

Format debug bgp prefix_list [enable | disable]

Parameters

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

enable - Enable the prefix_list debug function.

disable - Disable the prefix_list debug function.

Example

Configure prefix list debug flags’ state to enable:

DGS-3620-28PC:admin# debug bgp prefix_list enable

Command: debug bgp prefix_list enable

Success.

DGS-3620-28PC:admin#

Output Examples: After configure BGP to enable prefix list debug flag, it may print following information when prefix list applied.

Prefix_list:<list1>,apply bgp neighbor:<15.0.0.1> MATCH.

346

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

20-56 debug bgp state

Description

This command is used to set the global state of BGP debug function.

Format debug bgp state [enable | disable]

Parameters

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

enable - Specifies to enable the debug function of BGP.

disable - Specifies to disable the debug function of BGP.

Example

To enable the debug function of BGP:

DGS-3620-28PC:admin#debug bgp state enable

Command: debug bgp state enable

Success.

DGS-3620-28PC:admin#

20-57 debug dhcpv6_client state enable

Description

This command is used to enable the DHCPv6 client Debug function.

Format debug dhcpv6_client state enable

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To enabled DHCPv6 client debug function:

347

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug dhcpv6_client state enable

Command: debug dhcpv6_client state enable

Success.

DGS-3620-28PC:admin#

20-58 debug dhcpv6_client state disable

Description

This command is used to disable the DHCPv6 client Debug function.

Format debug dhcpv6_client state enable

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To disabled DHCPv6 client debug function:

DGS-3620-28PC:admin# debug dhcpv6_client state disable

Command: debug dhcpv6_client state disable

Success.

DGS-3620-28PC:admin#

20-59 debug dhcpv6_client output

Description

Used to set debug message to output to buffer or console.

Format debug dhcpv6_client output [buffer | console]

Parameters

buffer - Let the debug message output to buffer.

console - Let the debug message output to console.

348

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator-level users can issue this command.

Example

To set debug information to output to console:

DGS-3620-28PC:admin# debug dhcpv6_client output console

Command: debug dhcpv6_client output console

Success.

DGS-3620-28PC:admin#

20-60 debug dhcpv6_client packet

Description

Used to enable or disable debug information flag for DHCPv6 client packet, including packet receiving and sending.

Format debug dhcpv6_client packet {all | receiving | sending} state [enable | disable]

Parameters

all - (Optional) Set packet receiving and sending debug flags.

receiving - (Optional) Set packet receiving debug flag.

sending - (Optional) Set packet sending debug flag.

state - Specifies that the designated flags will be enabled or disabled.

enable - Enable the designated flags.

disable - Disable the designated flags.

Restrictions

Only Administrator-level users can issue this command.

Example

To enable dhcpv6_client packet sending debug:

DGS-3620-28PC:admin# debug dhcpv6_client packet sending state enable

Command: debug dhcpv6_client packet sending state enable

Success.

DGS-3620-28PC:admin#

349

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

20-61 debug dhcpv6_relay state enable

Description

This command is used to enable the DHCPv6 relay Debug function.

Format debug dhcpv6_relay state enable

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To enabled DHCPv6 relay debug function:

DGS-3620-28PC:admin# debug dhcpv6_relay state enable

Command: debug dhcpv6_relay state enable

Success.

DGS-3620-28PC:admin#

20-62 debug dhcpv6_relay state disable

Description

This command is used to disable the DHCPv6 relay Debug function.

Format debug dhcpv6_relay state disable

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To disabled DHCPv6 relay debug function:

350

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug dhcpv6_relay state disable

Command: debug dhcpv6_relay state disable

Success.

DGS-3620-28PC:admin#

20-63 debug dhcpv6_relay hop_count state

Description

This command is used to enable or disable debug information flag about the hop count.

Format debug dhcpv6_relay hop_count state [enable | disable]

Parameters

Restrictions

Only Administrator-level users can issue this command.

state - Specifies the hop count debugging state.

enable - Specifies that the hop count state will be enabled.

disable - Specifies that the hop count state will be disabled.

Example

To enable debug information flag about the hop count:

DGS-3620-28PC:admin# debug dhcpv6_relay hop_count state enable

Command: debug dhcpv6_relay hop_count state enable

Success.

DGS-3620-28PC:admin#

20-64 debug dhcpv6_relay output

Description

Used to set debug message to output to buffer or console.

Format debug dhcpv6_relay output [buffer | console]

Parameters

output - Specifies the location of the debug message output.

buffer - Let the debug message output to buffer.

351

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

console - Let the debug message output to console.

Restrictions

Only Administrator-level users can issue this command.

Example

To set debug information to output to console:

DGS-3620-28PC:admin# debug dhcpv6_relay output console

Command: debug dhcpv6_relay output console

Success.

DGS-3620-28PC:admin#

20-65 debug dhcpv6_relay packet

Description

Used to enable or disable debug information flag for DHCPv6 relay packet, including packet receiving and sending.

Format debug dhcpv6_relay packet {all | receiving | sending} state [enable | disable]

Parameters

Restrictions

Only Administrator-level users can issue this command.

all - (Optional) Set packet receiving and sending debug flags.

receiving - (Optional) Set packet receiving debug flag.

sending - (Optional) Set packet sending debug flag.

state - Specifies if the designated flags function will be enabled or disabled.

enable - Enable the designated flags.

disable - Disable the designated flags.

Example

To enabled DHCPv6 relay packet sending debug:

DGS-3620-28PC:admin# debug dhcpv6_relay packet sending state enable

Command: debug dhcpv6_relay packet sending state enable

Success.

DGS-3620-28PC:admin#

352

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

20-66 debug dhcpv6_server packet

Description

This command is used to enable or disable the debug information flag of the DHCPv6 server packet, including packets receiving and sending.

Format debug dhcpv6_server packet [all | receiving | sending] state [enable | disable]

Parameters

Restrictions

Only Administrator-level users can issue this command.

all - Set packet receiving and sending debug flags.

receiving - Set packet receiving debug flag.

sending - Set packet sending debug flag.

state - Specifies the state of the designated flags.

enable - Enable the designated flags.

disable - Disable the designated flags.

Example

To enabled the DHCPv6 server packet sending debug:

DGS-3620-28PC:admin# debug dhcpv6_server packet sending state enable

Command: debug dhcpv6_server packet sending state enable

Success.

DGS-3620-28PC:admin#

20-67 debug dhcpv6_server state disable

Description

This command is used to disable the DHCPv6 server debug functions.

Format debug dhcpv6_server state disable

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

353

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To disabled the DHCPv6 server debug function:

DGS-3620-28PC:admin# debug dhcpv6_server state disable

Command: debug dhcpv6_server state disable

Success.

DGS-3620-28PC:admin#

20-68 debug dhcpv6_server state enable

Description

This command is used to enable the DHCPv6 server debug functions.

Format debug dhcpv6_server state enable

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To enabled the DHCPv6 server debug function:

DGS-3620-28PC:admin# debug dhcpv6_server state enable

Command: debug dhcpv6_server state enable

Success.

DGS-3620-28PC:admin#

20-69 debug pim ssm

Description

This command is used to enable the PIM-SSM debug function.

Format debug pim ssm

354

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To enable the PIM-SSM debug function:

DGS-3620-28PC:admin# debug pim ssm

Command: debug pim ssm

Success.

DGS-3620-28PC:admin#

Once the PIM-SSM debug enabled, the debug information maybe outputted.

DGS-3620-28PC:admin# PIM_SSM, 6 Dec 2012 15:37:22 IGMP Group Record Type 2 for group 232.1.1.1 from 192.168.2.14 on n101, ignored.

Output truncated...

20-70 no debug pim ssm

Description

This command is used to disable the PIM-SSM debug function.

Format no debug pim ssm

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

To disable the PIM-SSM debug function:

355

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# no debug pim ssm

Command: no debug pim ssm

Success.

DGS-3620-28PC:admin#

20-71 debug ripng flag

Description

This command is used to enable or disable the RIPng debug flag.

Format debug ripng flag [{interface | packet [all | rx | tx] | route} | all] state [enable | disable]

Parameters

interface - (Optional) Specifies the state of the RIPng interface debug. The default setting is disabled.

packet - (Optional) Specifies which packets should be set with debug flags.

all - Specifies to set all packets with debug flags.

rx - Specifies to set inbound packets with debug flag.

tx - Specifies to set outbound packets with debug flag.

route - (Optional) Specifies the state of the RIPng route debug. The default setting is disabled.

all - Specifies to set all debug flags.

state - Specifies the designated flags state.

enable - Specifies that the designated flags state will be enabled.

disable - Specifies that the designated flags state will be disabled.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

To enable the RIPng debug:

DGS-3620-28PC:admin# debug ripng state enable

Command: debug ripng state enable

Success.

DGS-3620-28PC:admin#

After enabling RIPng on an interface, the following information may appear when the interface state changes.

The RIPng interface System has changed the link state to down.

356

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

20-72 debug ripng show flag

Description

This command is used to display the RIPng debug flag setting.

Format debug ripng show flag

Parameters

None.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

To show the current RIPng debug flag setting:

DGS-3620-28PC:admin# debug ripng show flag

Command: debug ripng show flag

Current RIPng debug level setting:

Packet Receiving

Packet Sending

Route

Interface State Change

DGS-3620-28PC:admin#

20-73 debug ripng state disable

Description

This command is used to disable the RIPng debug state.

Format debug ripng state disable

Parameters

None.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

357

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To disable RIPng debug globally:

DGS-3620-28PC:admin# debug ripng state disable

Command: debug ripng state disable

Success.

DGS-3620-28PC:admin#

20-74 debug ripng state enable

Description

This command is used to enable the RIPng debug state.

Format debug ripng state enable

Parameters

None.

Restrictions

Only Administrator-level users can issue this command. (EI Mode Only Command)

Example

To enable RIPng debug globally:

DGS-3620-28PC:admin# debug ripng state enable

Command: debug ripng state enable

Success.

DGS-3620-28PC:admin#

20-75 debug routefilter show

Description

This command is used to display route filter information in kernel, including prefix list, access list, and route map.

Format debug routefilter show [prefix_list | access_list | route_map | ipv6_prefix_list | ipv6_access_list]

358

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

prefix_list - Specifies to display IPv4 prefix list debug information.

access_list - Specifies to display IPv4 access list debug information.

route_map - Specifies to display route map debug information.

ipv6_prefix_list - Specifies to display IPv6 prefix list debug information.

ipv6_access_list - Specifies to display IPv6 access list debug information.

Restrictions

Only Administrator-level users can issue this command.

Example

To display route filter information in kernel:

359

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug routefilter show route_map

Command: debug routefilter show route_map route-map 123,r_id:1

Sequence 1, type:1

Match clauses:

as-path (as-path filter): list1

community list1 exact

ip next-hop prefix-list 123

ip address prefix-list 123

metric 4294967294

ipv6 address prefix-list abc

ipv6 next-hop prefix-list abc

Set clauses:

Sequence 10, type:0

Match clauses:

Set clauses:

Sequence 100, type:1

Match clauses:

Set clauses:

Sequence 500, type:0

Match clauses:

Set clauses:

Sequence 1000, type:0

Match clauses:

Set clauses:

Sequence 5000, type:1

Match clauses:

Set clauses:

Sequence 10000, type:1

Match clauses:

Set clauses:

Sequence 65535, type:0

Match clauses:

Set clauses: route-map ~!@#$%^&*()_+~!@,r_id:2

Sequence 10, type:0

Match clauses:

Set clauses:

Sequence 65535, type:0

Match clauses:

metric 4294967294

ipv6 next-hop 1::1

ipv6 address abc0

Set clauses:

DGS-3620-28PC:admin#

20-76 debug show status

Description

Show the debug handler state and the specified module’s debug status.

360

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

If the input module list is empty, the states of all registered modules which support debug module will be shown.

Format debug show status {module <module_list>}

Parameters

module – (Optional) Specifies the module list.

<module_list> - Enter the module list here.

Restrictions

Only Administrator-level users can issue this command.

Example

To show the specified module’s debug state:

Prompt# debug show status module MSTP

Command: debug show status module MSTP

Debug Global State : Enable

MSTP

Prompt#

: Enable

To show the debug state:

Prompt# debug show status

Command: debug show status

Debug Global State: Enable

MSTP : Disabled

IMPB : Disabled

DHCPv6_CLIENT : Disabled

DHCPv6_RELAY : Disabled

OSPFV2 : Disabled

VRRP : Disabled

RIPNG : Disabled

ERPS : Disabled

DHCPv6_SERVER : Disabled

Prompt#

20-77 debug super_vlan state

Description

This command is used to enable or disable the super VLAN Debug Function.

361

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format debug super_vlan state [enable | disable]

Parameters

state - Specifies the super VLAN debug function state.

enable - Specifies that the super VLAN debug function will be enabled.

disable - Specifies that the super VLAN debug function will be disabled.

Restrictions

Only Administrator-level users can issue this command.

Example

To disable the super VLAN Debug Function:

DGS-3620-28PC:admin# debug super_vlan state disable

Command: debug super_vlan state disable

Success.

DGS-3620-28PC:admin#

After enabling super VLAN debug, the following information may appear when receive an ARP packet form sub VLAN.

The ARP request packet received from sub vlan 200.

20-78 debug show address_binding binding_state_table

Description

This command is used to display the binding state of the entries in the binding state table.

Format debug show address_binding binding_state_table [nd_snooping | dhcpv6_snooping]

Parameters

nd_snooping - Specifies to debug ND Snooping bound addresses in the binding state table.

dhcpv6_snooping - Specifies to debug DHCPv6 Snooping bound addresses in the binding state table.

Restrictions

Only Administrator-level users can issue this command.

362

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To display the DHCPv6 snooping binding state of entries:

DGS-3620-28PC:admin# debug show address_binding binding_state_table dhcpv6_snooping

Command: debug show address_binding binding_state_table dhcpv6_snooping

S (State) - S: Start, L: Live, D :Detection, R: Renew, B: Bound

Time - Expiry Time (sec)

IP Address MAC Address S Time Port

--------------------------------------- ----------------- -- ---------- -----

2001:2222:1111:7777:5555:6666:7777:8888 00-00-00-00-00-02 S 50 5

2001::1 00-00-00-00-03-02 B 100 6

Total Entries : 2

DGS-3620-28PC:admin#

To display the ND Snooping binding state of entries:

DGS-3620-28PC:admin# debug show address_binding binding_state_table nd_snooping

Command: debug show address_binding binding_state_table nd_snooping

S (State) - S: Start, Q: Query, B: Bound

Time - Expiry Time (sec)

IP Address MAC Address S Time Port

--------------------------------------- ----------------- -- ---------- -----

2001:2222:1111:7777:5555:6666:7777:8888 00-00-00-00-00-02 S 50 5

2001::1 00-00-00-00-03-02 B 100 6

Total Entries : 2

DGS-3620-28PC:admin#

20-79 debug show error ports box_id

Description

This command is used to show the error statistics information of the SIO ports

Format debug show error ports box_id [<value 1-12> | all] {sio1 | sio2}

Parameters

<value 1-12> - Enter the box ID used here. This value must be between 1 and 12.

all - Specifies that all the box IDs will be used.

sio1 - Specifies that the minimum of two SIO ports will be used. SIO1 is the first stacking port.

sio2 - Specifies that the maximum of two SIO ports will be used. SIO2 is the second stacking port.

363

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrator-level users can issue this command.

Example

To show error statistics information of the SIO port:

DGS-3620-28PC:admin#debug show error ports box_id all sio1

Command: debug show error ports box_id all sio1

Box ID 1 SIO 1:

RX Frames TX Frames

--------- ---------

CRC Error 0 Excessive Deferral 0

Undersize 0 CRC Error 0

Oversize 0 Late Collision 0

Fragment 0 Excessive Collision 0

Jabber 0 Single Collision 0

Buffer Full Drop 0 Collision 0

Symbol Error 0 STP Drop 0

Multicast Drop 0 HOL DROP 0

VLAN Ingress Drop 0 COS0 HOL DROP 0

STP Drop 0 COS1 HOL DROP 0

MTU Drop 0 COS2 HOL DROP 0

COS3 HOL DROP 0

COS4 HOL DROP 0

COS5 HOL DROP 0

COS6 HOL DROP 0

COS7 HOL DROP 0

CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All

20-80 debug show jwac auth_info

Description

This command is used to show debug information of JWAC.

Format debug show jwac auth_info

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

364

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To display debug information of JWAC:

DGS-3620-28PC:admin#debug show jwac auth_info

Command: debug show jwac auth_info

ACL Index Bitmap DB (jwac_db_acl_bmp):

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00

Internal TCP Port Number (jwac_internal_port_bitmap):

FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

FF FF FF FF FF FF FF FF

Connection DB:

No Host

Current AUTH DB (_jwac_db_nodes):

No Host

Ports AUTH Info: (_jwac_db_nodes)

port mac state last_bytes authing_cnt authed_cnt

----- ------------------ -------- ---------- ----------- -----------

JWAC Web data (jwac_web_auth_result_list):

CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All

20-81 debug show packet ports box_id

Description

This command is used to show the packet statistics information of the SIO ports.

Format debug show packet ports box_id [<value 1-12> | all] {sio1 | sio2}

Parameters

<value 1-12> - Enter the box ID used here. This value must be between 1 and 12.

all - Specifies that all the box IDs will be used.

sio1 - Specifies that the minimum of two SIO ports will be used. SIO1 is the first stacking port.

sio2 - Specifies that the maximum of two SIO ports will be used. SIO2 is the second stacking port.

Restrictions

Only Administrator-level users can issue this command.

365

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To show packet statistics information of the SIO port:

DGS-3620-28PC:admin# debug show packet ports box_id all sio1

Command: debug show packet ports box_id all sio1

BOX ID 1 SIO 1:

Frame Size/Type Frame Counts Frames/sec

--------------- ---------------------- -----------

64 0 0

65-127 0 0

128-255 0 0

256-511 0 0

512-1023 0 0

1024-1518 0 0

1519-2047 0 0

2048-4095 0 0

4096-9216 0 0

Unicast RX 0 0

Multicast RX 0 0

Broadcast RX 0 0

RX Bytes 0 0

RX Frames 0 0

TX Bytes 0 0

TX Frames 0 0

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

20-82 debug show cpu utilization

Description

This command is used to display the total CPU utilization and CPU utilization per process.

Format debug show cpu utilization

Parameters

None.

Restrictions

Only Administrator-level users can issue this command.

Example

This example shows how to turn on debugging for the show CPU utilization command.

366

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# debug show cpu utilization

Command: debug show cpu utilization

Five seconds - 14 % One minute - 14 % Five minutes - 14 %

Process Name 5Sec 1Min 5Min

----------------- ------ ------ ------

OS_UTIL 84 % 86 % 86 % bcmL2X.0 8 % 7 % 7 % bcmCNTR.0 2 % 2 % 2 %

MAUMIB_TASK 1 % 1 % 1 %

GBIC_Pooling 1 % 0 % 0 %

FAN_Pooling 1 % 0 % 0 %

DGS-3620-28PC:admin#

367

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 21 DHCP Local Relay

Commands

config dhcp_local_relay vlan <vlan_name 32> state [enable | disable]

config dhcp_local_relay vlan vlanid <vlan_id 1-4094> state [enable | disable]

enable dhcp_local_relay disable dhcp_local_relay show dhcp_local_relay

21-1 config dhcp_local_relay vlan

Description

This command is used to enable or disable the DHCP local relay function for a specified VLAN. By default, the switch will not broadcast DHCP packets on any VLAN for which a DHCP relay is configured. DHCP packets will be intercepted, and only be relayed to the servers specified in the dhcp_relay command. This is done to minimise the risk with rogue DHCP servers. Enabling the dhcp_local_relay feature will restore the broadcast behaviour, and cause DHCP packets to also be broadcast on the specified VLAN.

Note: When “dhcp_local_relay” is enabled, the switch will automatically add DHCP option 82, and the source MAC and gateway in the packet will remain unchanged.

Format config dhcp_local_relay vlan <vlan_name 32> state [enable | disable]

Parameters

<vlan_name 32> - Enter the name of the VLAN to be enabled for DHCP local relay.

state - Enable or disable DHCP local relay for a specified VLAN.

enable - Enable DHCP local relay for a specified VLAN.

disable - Disable DHCP local relay for a specified VLAN.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable DHCP local relay for the default VLAN:

DGS-3620-28PC:admin#config dhcp_local_relay vlan default state enable

Command: config dhcp_local_relay vlan default state enable

Success.

DGS-3620-28PC:admin#

368

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

21-2 config dhcp_local_relay vlan vlanid

Description

This command is used to enable or disable the DHCP local relay function for a specified VLAN ID.

Format config dhcp_local_relay vlan vlanid <vlan_id 1-4094> state [enable | disable]

Parameters

vlanid - Specifies the VLAN ID used to enabled DHCP local relay.

<vlan_id 1-4094> - Enter the VLAN ID used here. This value must be between 1 and 4094.

state - Enable or disable DHCP local relay for a specified VLAN.

enable - Enable DHCP local relay for a specified VLAN.

disable - Disable DHCP local relay for a specified VLAN.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable DHCP local relay for the default VLAN:

DGS-3620-28PC:admin#config dhcp_local_relay vlan vlanid 1 state enable

Command: config dhcp_local_relay vlan vlanid 1 state enable

Success.

DGS-3620-28PC:admin#

21-3 enable dhcp_local_relay

Description

This command is used to globally enable the DHCP local relay function on the switch.

Format enable dhcp_local_relay

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable the DHCP local relay function:

369

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#enable dhcp_local_relay

Command: enable dhcp_local_relay

Success.

DGS-3620-28PC:admin#

21-4 disable dhcp_local_relay

Description

This command is used to globally disable the DHCP local relay function on the switch.

Format disable dhcp_local_relay

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To disable the DHCP local relay function:

DGS-3620-28PC:admin#disable dhcp_local_relay

Command: disable dhcp_local_relay

Success.

DGS-3620-28PC:admin#

21-5 show dhcp_local_relay

Description

This command is used to display the current DHCP local relay configuration on the switch.

Format show dhcp_local_relay

Parameters

None.

370

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

None.

Example

To display the local DHCP relay status:

DGS-3620-28PC:admin#show dhcp_local_relay

Command: show dhcp_local_relay

DHCP/BOOTP Local Relay Status : Disabled

DHCP/BOOTP Local Relay VID List : 1,3-4

DGS-3620-28PC:admin#

371

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 22 DHCP Relay

Commands

config dhcp_relay {hops <int 1-16> | time <sec 0-65535>}(1)

config dhcp_relay add ipif <ipif_name 12> <ipaddr>

config dhcp_relay delete ipif <ipif_name 12> <ipaddr>

config dhcp_relay option_60 add string <multiword 255> relay <ipaddr> [exact-match | partialmatch]

config dhcp_relay option_60 default [relay <ipaddr> | mode [relay | drop]]

config dhcp_relay option_60 delete [string <multiword 255> {relay <ipaddr>} | ipaddress

<ipaddr> | all | default {<ipaddr>}]

config dhcp_relay option_60 state [enable | disable]

config dhcp_relay option_61 add [mac_address <macaddr> | string <desc_long 255>] [relay

<ipaddr> | drop]

config dhcp_relay option_61 default [relay <ipaddr> | drop]

config dhcp_relay option_61 delete [mac_address <macaddr> | string <desc_long 255> | all]

config dhcp_relay option_61 state [enable | disable]

config dhcp_relay option_82 check [enable | disable]

config dhcp_relay option_82 circuit_id [default | user_define <string 32> | vendor6]

config dhcp_relay option_82 policy [replace | drop | keep]

config dhcp_relay option_82 remote_id [default | user_define <string 32>]

config dhcp_relay option_82 state [enable | disable]

enable dhcp_relay disable dhcp_relay

show dhcp_relay {ipif <ipif_name 12>}

show dhcp_relay option_60 {[string <multiword 255> | ipaddress <ipaddr> | default]}

show dhcp_relay option_61

config dhcp_relay ports [<portlist> | all] state [enable | disable]

show dhcp_relay ports {<portlist>}

Note: The DHCP relay commands include all the commands defined in the BOOTP relay command section. If this DHCP relay command set is supported in your system, the BOOTP relay commands can be ignored.

Note: The system supporting DHCP relay will accept BOOTP relay commands in the

config file but not allow input from the console screen, and these BOOTP relay commands setting from the config file will be saved as DHCP relay commands while the save command is performed.

22-1 config dhcp_relay

Description

This command is used to configure the DHCP relay feature of the switch.

Format config dhcp_relay {hops <int 1-16> | time <sec 0-65535>}(1)

372

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

hops - Specifies the maximum number of router hops that the DHCP/BOOTP packets can cross.

The range is 1 to 16. The default value is 4.

<int 1-16> - Enter the maximum number of router hops that the DHCP/BOOTP packets can cross. The maximum number of hops value must be between 1 and 16.

time - Specifies the minimum time in seconds within which the switch must relay the

DHCP/BOOTP request. If this time is larger than the DHCP packet’s time, the switch will drop the DHCP/BOOTP packet. The range is 0 to 65535. The default value is 0.

<sec 0-65535> - Enter the minimum time in seconds within which the switch must relay the

DHCP/BOOTP request. The minimum time value must be between 0 and 65535 seconds.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the DHCP relay:

DGS-3620-28PC:admin#config dhcp_relay hops 4 time 2

Command: config dhcp_relay hops 4 time 2

Success.

DGS-3620-28PC:admin#

22-2 config dhcp_relay add ipif

Description

This command is used to add an IP destination address to the switch’s DHCP relay table.

Note: Adding a server to which DHCP packets will be relayed, will cause the switch to intercept

DHCP packets on the specified VLAN, and relay them directly to the specified server. DHCP packets will not be broadcast on the VLAN. To restore broadcast functionality, see the

“dhcp_local_relay” command

Format config dhcp_relay add ipif <ipif_name 12> <ipaddr>

Parameters

<ipif_name 12> - Enter the name of the IP interface which contains the IP address below.

<ipaddr> - Enter the DHCP/BOOTP server IP address.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To add an IP destination address to the switch’s DHCP relay table:

373

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#config dhcp_relay add ipif System 10.43.21.12

Command: config dhcp_relay add ipif System 10.43.21.12

Success.

DGS-3620-28PC:admin#

22-3 config dhcp_relay delete ipif

Description

This command is used to delete an IP destination address from the switch’s DHCP relay table.

Format config dhcp_relay delete ipif <ipif_name 12> <ipaddr>

Parameters

<ipif_name 12> - Enter the name of the IP interface which contains the IP address below.

<ipaddr> - Enter the DHCP/BOOTP server IP address.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete an IP destination address from the switch’s DHCP relay table:

DGS-3620-28PC:admin#config dhcp_relay delete ipif System 10.43.21.12

Command: config dhcp_relay delete ipif System 10.43.21.12

Success.

DGS-3620-28PC:admin#

22-4 config dhcp_relay option_60 add string

Description

This command is used to configure the Option 60 relay rules. Note that different strings can be specified with the same relay server, and the same string can be specified with multiple relay servers. The system will relay the packet to all the matching servers.

Format config dhcp_relay option_60 add string <multiword 255> relay <ipaddr> [exact-match | partial-match]

374

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<multiword 255> - Enter a string.

relay - Specifies a relay server IP address.

<ipaddr> - Enter the IP address here.

exact-match - The Option 60 string in the packet must fully match the specified string.

partial-match - The Option 60 string in the packet only need partially match the specified string.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure DHCP Option 60 to decide to relay which DHCP server:

DGS-3620-28PC:admin#config dhcp_relay option_60 add string “abc” relay

10.90.90.1 exact-match

Command: config dhcp_relay option_60 add string “abc” relay 10.90.90.1 exactmatch

Success.

DGS-3620-28PC:admin#

22-5 config dhcp_relay option_60 default

Description

This command is used to configure DHCP relay Option 60 default relay servers. When there are no match servers found for the packet based on Option 60, the relay servers will be determined by the default relay server setting. When drop is specified, the packet with no matching rules found will be dropped without further processing. If the setting is no- drop, then the packet will be processed further based on Option 61. The final relay servers will be the union of Option 60 default relay servers and the relay servers determined by Option 61.

Format config dhcp_relay option_60 default [relay <ipaddr> | mode [relay | drop]]

Parameters

relay - Specifies a relay server IP for the packet that has matching Option 60 rules.

<ipaddr> - Enter the server IP address here.

mode - Specifies the mode to relay or drop packets.

relay - The packet will be relayed based on the relay rules.

drop - Specifies to drop the packet that has no matching Option 60 rules.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

375

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure a DHCP Option 60 default drop action:

DGS-3620-28PC:admin#config dhcp_relay option_60 default mode drop

Command: config dhcp_relay option_60 default mode drop

Success.

DGS-3620-28PC:admin#

22-6 config dhcp_relay option_60 delete

Description

This command is used to delete a DHCP Option 60 entry. When all is specified, all rules excluding the default rules are deleted.

Format config dhcp_relay option_60 delete [string <multiword 255> {relay <ipaddr>} | ipaddress

<ipaddr> | all | default {<ipaddr>}]

Parameters

string - Delete all the entries whose string is equal to the string specified if the IP address is not specified.

<multiword 255> - The string value can be up to 255 characters long.

relay - (Optional) Delete one entry, whose string and IP address are equal to the string and IP address specified by the user.

<ipaddr> - Enter the IP address here.

ipaddress - Delete all the entries whose IP address are equal to the specified IP address.

<ipaddr> - Enter the IP address here.

all - Specifies to have all rules, excluding the default rules, deleted.

default - Delete the default relay IP address that is specified by the user.

<ipaddr> - (Optional) Enter the IP address here.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete a DHCP Option 60 entry:

DGS-3620-28PC:admin# config dhcp_relay option_60 delete string "abc" relay

10.90.90.1

Command: config dhcp_relay option_60 delete string "abc" relay 10.90.90.1

Success.

DGS-3620-28PC:admin#

376

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

22-7 config dhcp_relay option_60 state

Description

This command is used to decide whether DHCP relay will process the DHCP Option 60 or not.

When Option 60 is enabled, if the packet does not have Option 60, then the relay servers cannot be determined based on Option 60. The relay servers will be determined based on either Option

61 or per IPIF configured servers.

Format config dhcp_relay option_60 state [enable | disable]

Parameters

enable - Specifies to enable the DHCP relay function to use option 60 rules to relay DHCP packets.

disable - Specifies to disable the DHCP relay function from using option 60 rules to relay DHCP packets.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the DHCP Option 60 state:

DGS-3620-28PC:admin#config dhcp_relay option_60 state enable

Command: config dhcp_relay option_60 state enable

Success.

DGS-3620-28PC:admin#

22-8 config dhcp_relay option_61 add

Description

This command adds a rule to determine the relay server based on Option 61. The match rule can be based on either MAC address or a user-specified string. Only one relay server can be specified for a MAC address or a string. If relay servers are determined based on Option 60, and one relay server is determined based on Option 61, the final relay servers will be the union of these two sets of the servers.

Format config dhcp_relay option_61 add [mac_address <macaddr> | string <desc_long 255>] [relay

<ipaddr> | drop]

Parameters

mac_address - Specifies the client’s client-ID, which is the hardware address of the client.

377

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<macaddr> - Enter the client’s client-ID, which is the MAC address of the client.

string - Specifies the client’s client-ID, which is specified by administrator.

<desc_long 255> - Enter the client’s client-ID, which is specified by administrator The client-

ID string can be up to 255 characters long.

relay - Specifies to relay the packet to an IP address.

<ipaddr> - Enter to relay the packet to an IP address by entering the IP address here.

drop - Specifies to drop the packet.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure DHCP Option 61 to decide how to process DHCP packets:

DGS-3620-28PC:admin#config dhcp_relay option_61 add mac_address 00-11-22-33-44-

55 drop

Command: config dhcp_relay option_61 add mac_address 00-11-22-33-44-55 drop

Success.

DGS-3620-28PC:admin#

22-9 config dhcp_relay option_61 default

Description

This command is used to determine the rule to process those packets that have no Option 61 matching rules. The default default-rule is drop.

Format config dhcp_relay option_61 default [relay <ipaddr> | drop]

Parameters

relay - Specifies to relay the packet that has no option matching 61 matching rules to an IP address.

<ipaddr> - Enter the IP address here.

drop - Specifies to drop the packet that have no Option 61 matching rules.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the DHCP Option 61 default action to drop:

378

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#config dhcp_relay option_61 default drop

Command: config dhcp_relay option_61 default drop

Success.

DGS-3620-28PC:admin#

22-10 config dhcp_relay option_61 delete

Description

This command is used to delete Option 61 rules.

Format config dhcp_relay option_61 delete [mac_address <macaddr> | string <desc_long 255> | all]

Parameters

mac_address - The entry with the specified MAC address will be deleted

<macaddr> - Enter the MAC address here.

string - The entry with the specified string will be deleted.

<desc_long 255> - The string value can be up to 255 characters long.

all - All rules excluding the default rule will be deleted.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete a DHCP Option 61 entry:

DGS-3620-28PC:admin#config dhcp_relay option_61 delete mac_address 00-11-22-33-

44-55

Command: config dhcp_relay option_61 delete mac_address 00-11-22-33-44-55

Success.

DGS-3620-28PC:admin#

22-11 config dhcp_relay option_61 state

Description

This command is used to decide whether DHCP relay will process the DHCP Option 61 or not.

When Option 61 is enabled, if the packet does not have Option 61, then the relay servers cannot be determined based on Option 61. If the relay servers are determined based on Option 60 or

Option 61, then per IPIF configured servers will be ignored. If the relay servers are not determined either by Option 60 or Option 61, then per IPIF configured servers will be used to determine the relay servers.

379

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config dhcp_relay option_61 state [enable | disable]

Parameters

enable - Specifies to enable the DHCP relay function to use option 61 rules to relay DHCP packets.

disable - Specifies to disable the DHCP relay function to use option 61 rules to relay DHCP packets.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the state of DHCP relay Option 61:

DGS-3620-28PC:admin#config dhcp_relay option_61 state enable

Command: config dhcp_relay option_61 state enable

Success.

DGS-3620-28PC:admin#

22-12 config dhcp_relay option_82 check

Description

This command is used to configure the checking mechanism of the DHCP relay agent information

Option 82 of the switch.

Format config dhcp_relay option_82 check [enable | disable]

Parameters

enable - When the state is enabled, for a packet coming from the client side, the packet should not have the Option 82 field. If the packet has this option field, it will be dropped.

disable - The default setting is disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the checking mechanism of the DHCP relay agent information Option 82:

DGS-3620-28PC:admin#config dhcp_relay option_82 check disable

Command: config dhcp_relay option_82 check disable

380

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Success.

DGS-3620-28PC:admin#

22-13 config dhcp_relay option_82 circuit_id

Description

This command is used to configure the DHCP relay option 82 circuit ID.

Format config dhcp_relay option_82 circuit_id [default | user_define <string 32> | vendor6]

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

default - Specifies that the original format of the circuit ID will be used. The original format is as follows: a.

1 b.

0x6 c.

0 d.

4 e.

VLAN f.

Module ID g.

Port ID

1 byte 1 byte 1 byte 1 byte a. Sub-option type (1 means circuit ID) b. Length, it should be 6.

2 bytes 1 byte 1 byte c. Circuit ID’s sub-option, it should be 0. d. Sub-option’s length, it should be 4 e. VLAN ID (S-VID) f. Module ID, for standalone switch, it is 0; for stacking switch, it is the box ID that assigned by stacking. g. Port ID: port number of each box.

user_define – Specifies that a user-defined circuit ID will be used. The format is as follows: a.

2 b. n+2 c.

1 d. n e. user define

1 byte 1 byte 1 byte 1 byte

<desc 32> - Enter the user-defined ID. Space is allowed in the string.

System name

Module

ID

Max. 32 bytes

vendor6 – Specifies to use the vendor 6 specific circuit ID format. The format is as follows: a. b. c. d. e. f. g. h. i.

1 n - / Port ID - CVID

1 byte 1 byte 0-128 bytes

1 byte 1 byte a. Sub-option type (1 means circuit ID) b. Length: Total lengths of all follow fields. c. System name. d. Separator character

1 byte 1-2 bytes

1 byte 1-4 bytes e. Module ID f. Separator character. g. Port ID: port number h. Separator character i. CVID(Client VLAN ID)

381

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure the ciruit ID as vendor 6:

DGS-3620-28PC:admin# config dhcp_relay option_82 circuit_id vendor6

Command: config dhcp_relay option_82 circuit_id vendor6

Success.

DGS-3620-28PC:admin#

22-14 config dhcp_relay option_82 policy

Description

This option takes effect only when the check status is disabled. The relay agent does this operation because the packet cannot contain two Option 82s. The default setting is replace.

Format config dhcp_relay option_82 policy [replace | drop | keep]

Parameters

replace - Replace the existing option 82 field in the packet.

drop - Specifies to discard if the packet has the Option 82 field. If the packet, that comes from the client side, contains an Option 82 value, then the packet will be dropped. If the packet, that comes from the client side doesn’t contain an Option 82 value, then insert it's own Option 82 value into the packet.

keep - Specifies to retain the existing Option 82 field in the packet. The default setting is replace.

If the packet, that comes from the client side, and contains an Option 82 value, then keep the old Option 82 value. If the packet, that comes from the client side, doesn’t contain an Option

82 value, then insert it's own Option 82 value into the packet.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the policy of DHCP relay agent information Option 82:

DGS-3620-28PC:admin# config dhcp_relay option_82 policy replace

Command: config dhcp_relay option_82 policy replace

Success

DGS-3620-28PC:admin#

22-15 config dhcp_relay option_82 remote_id

Description

This command is used to configure the remote ID string of the DHCP relay agent information

Option 82 of the Switch.

382

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config dhcp_relay option_82 remote_id [default | user_define <string 32>]

Parameters

default - Use the switch’s system MAC address as remote ID.

user_define - Use the user-defined string as remote ID. Space characters are allowed in the string.

<string 32> - The user-defined string can be up to 32 characters long.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the remote ID string of the DHCP relay agent information Option 82:

DGS-3620-28PC:admin#config dhcp_relay option_82 remote_id user_define D-Link

Switch

Command: config dhcp_relay option_82 remote_id user_define D-Link Switch

Success.

DGS-3620-28PC:admin#

22-16 config dhcp_relay option_82 state

Description

This command is used to configure the state of the DHCP relay agent information Option 82 of the switch. The default settings is disabled.

Format config dhcp_relay option_82 state [enable | disable]

Parameters

enable - When the state is enabled, the DHCP packet will be inserted with the Option 82 field before being relayed to server. The DHCP packet will be processed based on the behavior defined in the check and policy setting.

disable - When the state is disabled, the DHCP packet will be relayed directly to the server without further check and processing of the packet.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

383

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure the state of the DHCP relay agent information Option 82:

DGS-3620-28PC:admin#config dhcp_relay option_82 state enable

Command: config dhcp_relay option_82 state enable

Success.

DGS-3620-28PC:admin#

22-17 enable dhcp_relay

Description

This command is used to enable the DHCP relay function on the switch.

Format enable dhcp _relay

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable the DHCP relay function:

DGS-3620-28PC:admin#enable dhcp_relay

Command: enable dhcp_relay

Success.

DGS-3620-28PC:admin#

22-18 disable dhcp_relay

Description

This command is used to disable the DHCP relay function on the switch.

Format disable dhcp _relay

Parameters

None.

384

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To disable the DHCP relay function:

DGS-3620-28PC:admin#disable dhcp_relay

Command: disable dhcp_relay

Success.

DGS-3620-28PC:admin#

22-19 show dhcp_relay

Description

This command is used to display the current DHCP relay configuration.

Format show dhcp_relay {ipif <ipif_name 12>}

Parameters

ipif – (Optional) Specify the IP interface name.

<ipif_name 12> - Enter the IP interface name. The IP interface name can be up to 12 characters long.

Note: If no parameter is specified, the system will display all DHCP relay configurations.

Restrictions

None.

Example

To display the DHCP relay status:

DGS-3620-28PC:admin#show dhcp_relay

Command: show dhcp_relay

DHCP/BOOTP Relay Status : Disabled

DHCP/BOOTP Hops Count Limit : 4

DHCP/BOOTP Relay Time Threshold : 0

DHCP Vendor Class Identifier Option 60 State: Disabled

DHCP Client Identifier Option 61 State: Disabled

DHCP Relay Agent Information Option 82 State : Disabled

385

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DHCP Relay Agent Information Option 82 Check : Disabled

DHCP Relay Agent Information Option 82 Policy : Replace

DHCP Relay Agent Information Option 82 Remote ID : D-Link Switch

DHCP Relay Agent Information Option 82 Circuit ID : default

Interface Server 1 Server 2 Server 3 Server 4

------------- --------------- ---------------- --------------- --------------

System 10.1.1.1 192.168.0.1

DGS-3620-28PC:admin#

22-20 show dhcp_relay option_60

Description

This command is used to display the DHCP relay option 60 entries.

Format show dhcp_relay option_60 {[string <multiword 255> | ipaddress <ipaddr> | default]}

Parameters

string - (Optional) Display the entry whose string equals the string specified.

<multiword 255> - The string can be up to 255 characters long.

ipaddress - (Optional) Display the entry whose IP ipaddress equals the specified IP address.

<ipaddr> - Enter the IP address here.

default - (Optional) Display the default behaviour of DHCP relay option 60.

Note: If no parameter is specified, all DHCP option 60 entries will be displayed.

Restrictions

None.

Example

To display the DHCP option 60 entries:

DGS-3620-28PC:admin#show dhcp_relay option_60

Command: show dhcp_relay option_60

Default Processing Mode: Drop

Default Servers:

10.90.90.100

10.90.90.101

10.90.90.102

Matching Rules:

386

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

String Match Type IP Address

------- --------- --------- abc Exact Match 10.90.90.1 abcde Partial Match 10.90.90.2 abcdefg Exact Match 10.90.90.3

Total Entries: 3

DGS-3620-28PC:admin#

22-21 show dhcp_relay option_61

Description

This command is used to display all the DHCP relay option 61 rules.

Format show dhcp_relay option_61

Parameters

None.

Restrictions

None.

Example

To display the DHCP option 61 entries:

DGS-3620-28PC:admin#show dhcp_relay option_61

Command: show dhcp_relay option_61

Default Relay Rule:Drop

Matching Rules:

Client-ID Type Relay Rule

----------- ---- --------- abc String Drop abcde String 10.90.90.1

00-11-22-33-44-55 MAC Address Drop

Total Entries: 3

DGS-3620-28PC:admin#

387

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

22-22 config dhcp_relay ports

Description

This command is used to configure the state of the DHCP relay function for each port.

Format config dhcp_relay ports [<portlist> | all] state [enable | disable]

Parameters

<portlist> - Enter the list of ports, used for this configuration, here.

all - Specifies that all the ports will be used for this configuration.

state - Specifies the state of the DHCP relay function for each port.

enable - Specifies that the DHCP relay function, for the specified port(s), will be enabled.

disable - Specifies that the DHCP relay function, for the specified port(s), will be disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable the DHCP relay function on ports 1 to 3:

DGS-3620-28PC:admin#config dhcp_relay ports 1:1-1:3 state enable

Command: config dhcp_relay ports 1:1-1:3 state enable

Success.

DGS-3620-28PC:admin#

22-23 show dhcp_relay ports

Description

This command is used to show the DHCP relay port configuration.

Format show dhcp_relay ports {<portlist>}

Parameters

<portlist> - (Optional) Enter the list of ports, used for this display, here.

If no parameter is specified, information for all ports will be displayed.

Restrictions

None.

388

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To display the DHCP relay state of ports 1 to 10:

DGS-3620-28PC:admin#show dhcp_relay ports 1:1-1:10

Command: show dhcp_relay ports 1:1-1:10

Port DHCP Relay State

---- ----------------

1:1 Enabled

1:2 Enabled

1:3 Enabled

1:4 Enabled

1:5 Enabled

1:6 Enabled

1:7 Enabled

1:8 Enabled

1:9 Enabled

1:10 Enabled

Total Entries : 10

DGS-3620-28PC:admin#

389

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 23 DHCP Server

Commands

create dhcp excluded_address begin_address <ipaddr> end_address <ipaddr>

delete dhcp excluded_address [begin_address <ipaddr> end_address <ipaddr> | all]

show dhcp excluded_address

create dhcp pool <pool_name 12>

delete dhcp pool [<pool_name 12> | all]

config dhcp pool network_addr <pool_name 12> <network_address>

config dhcp pool domain_name <pool_name 12> {<domain_name 64>}

config dhcp pool dns_server <pool_name 12> {<ipaddr> {<ipaddr> {<ipaddr>}}}

config dhcp pool netbios_name_server <pool_name 12> {<ipaddr> {<ipaddr> {<ipaddr>}}}

config dhcp pool netbios_node_type <pool_name 12> [broadcast | peer_to_peer | mixed | hybrid]

config dhcp pool default_router <pool_name 12> {<ipaddr> {<ipaddr> {<ipaddr>}}}

config dhcp pool lease <pool_name 12> [<day 0-365> <hour 0-23> <minute 0-59> | infinite]

config dhcp pool boot_file <pool_name 12> {<file_name 64>}

config dhcp pool next_server <pool_name 12> {<ipaddr>}

config dhcp ping_packets <number 0-10>

config dhcp ping_timeout <millisecond 10-2000>

create dhcp pool manual_binding <pool_name 12> <ipaddr> hardware_address <macaddr>

{type [ethernet | ieee802]}

delete dhcp pool manual_binding <pool_name 12> [<ipaddr> | all]

clear dhcp binding [<pool_name 12> [<ipaddr> | all] | all]

show dhcp binding {<pool_name 12>}

show dhcp pool {<pool_name 12>}

show dhcp pool manual_binding {<pool_name 12>}

enable dhcp_server disable dhcp_server show dhcp_server

clear dhcp conflict_ip [<ipaddr> | all]

show dhcp conflict_ip {<ipaddr>}

create dhcp option_profile <profile_name 12>

config dhcp option_profile <profile_name 12> [add option <value 1-254> [string <multiword

255> | hex <string 254>] | delete option <value 1-254>]

delete dhcp option_profile <profile_name 12>

show dhcp option_profile {<profile_name 12>}

config dhcp pool option_profile <pool_name 12> [add | delete] <profile_name 12>

23-1 create dhcp excluded_address

Description

This command is used to create a DHCP server exclude address. The DHCP server assumes that all IP addresses in a DHCP pool subnet are available for assigning to DHCP clients. Use this command to specify the IP address that the DHCP server should not assign to clients. This command can be used multiple times in order to define multiple groups of excluded addresses.

Format create dhcp excluded_address begin_address <ipaddr> end_address <ipaddr>

390

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

begin_address - Specifies the starting address of the IP address range.

<ipaddr> - Enter the starting address of the IP address range.

end_address - Specifies the ending address of the IP address range.

<ipaddr> - Enter the ending address of the IP address range.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To specify the IP address that DHCP server should not assign to clients:

DGS-3620-28PC:admin#create dhcp excluded_address begin_address 10.10.10.1 end_address 10.10.10.10

Command: create dhcp excluded_address begin_address 10.10.10.1 end_address

10.10.10.10

Success.

DGS-3620-28PC:admin#

23-2 delete dhcp excluded_address

Description

This command is used to delete a DHCP server exclude address.

Format delete dhcp excluded_address [begin_address <ipaddr> end_address <ipaddr> | all]

Parameters

begin_address - Specifies the starting address of the IP address range.

<ipaddr> - Enter the starting address of the IP address range.

end_address - Specifies the ending address of the IP address range.

<ipaddr> - Enter the ending address of the IP address range.

all - Specifies to delete all IP addresses.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete a DHCP server exclude address:

DGS-3620-28PC:admin#delete dhcp excluded_address begin_address 10.10.10.1 end_address 10.10.10.10

391

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Command: delete dhcp excluded_address begin_address 10.10.10.1 end_address

10.10.10.10

Success.

DGS-3620-28PC:admin#

23-3 show dhcp excluded_address

Description

This command is used to display the groups of IP addresses which are excluded from being a legal assigned IP address.

Format show dhcp excluded_address

Parameters

None.

Restrictions

None.

Example

To display the DHCP server excluded addresses:

DGS-3620-28PC:admin#show dhcp excluded_address

Command: show dhcp excluded_address

Index Begin Address End Address

----- ------------- --------------

1 192.168.0.1 192.168.0.100

2 10.10.10.10 10.10.10.11

Total Entries : 2

DGS-3620-28PC:admin#

23-4 create dhcp pool

Description

This command is used to create a DHCP pool by specifying a name. After creating a DHCP pool, use other DHCP pool configuration commands to configure parameters for the pool.

Format create dhcp pool <pool_name 12>

392

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<pool_name 12> - Enter the name of the DHCP pool.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To create a DHCP pool:

DGS-3620-28PC:admin#create dhcp pool nyknicks

Command: create dhcp pool nyknicks

Success.

DGS-3620-28PC:admin#

23-5 delete dhcp pool

Description

This command is used to delete a DHCP pool.

Format delete dhcp pool [<pool_name 12> | all]

Parameters

<pool_name 12> - Enter the name of the DHCP pool.

all - Specifies to delete all the DHCP pools.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete a DHCP pool:

DGS-3620-28PC:admin#delete dhcp pool nyknicks

Command: delete dhcp pool nyknicks

Success.

DGS-3620-28PC:admin#

393

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

23-6 config dhcp pool network_addr

Description

This command is used to specify the network for the DHCP pool. The addresses in the network are free to be assigned to the DHCP client. The prefix length specifies the number of bits that comprise the address prefix. The prefix is an alternative way of specifying the network mask of the client. The prefix length must be preceded by a forward slash (/). When the DHCP server receives a request from the client, the server will automatically find a pool to allocate the address. If the request is relayed to the server by the intermediate device, the server will match the gateway IP address carried in the packet against the network of each DHCP pool. The pool which has the longest match will be selected. If the request packet is not through relay, then the server will match the IP address of the IPIF that received the request packet against the network of each DHCP pool.

Format config dhcp pool network_addr <pool_name 12> <network_address>

Parameters

<pool_name 12> - Enter the DHCP pool name.

<network_address> - Enter the IP address that the DHCP server may assign to clients.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the address range of the DHCP address pool:

DGS-3620-28PC:admin#config dhcp pool network_addr nyknicks 10.10.10.0/24

Command: config dhcp pool network_addr nyknicks 10.10.10.0/24

Success.

DGS-3620-28PC:admin#

23-7 config dhcp pool domain_name

Description

This command is used to specify the domain name for the client if the server allocates the address for the client from this pool. The domain name configured here will be used as the default domain name by the client. By default, the domain name is empty. If the domain name is empty, the domain name information will not be provided to the client.

Format config dhcp pool domain_name <pool_name 12> {<domain_name 64>}

394

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<pool_name 12> - Enter the DHCP pool name.

<domain_name 64> - (Optional) Specifies the domain name of the client.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the domain name option of the DHCP pool:

DGS-3620-28PC:admin#config dhcp pool domain_name nyknicks nba.com

Command: config dhcp pool domain_name nyknicks nba.com

Success.

DGS-3620-28PC:admin#

23-8 config dhcp pool dns_server

Description

This command is used to specify the IP address of a DNS server that is available to a DHCP client.

Up to three IP addresses can be specified on one command line. If DNS server is not specified, the DNS server information will not be provided to the client. If this command is input twice for the same pool, the second command will overwrite the first command.

Format config dhcp pool dns_server <pool_name 12> {<ipaddr> {<ipaddr> {<ipaddr>}}}

Parameters

<pool_name 12> - Enter the DHCP pool name.

<ipaddr> - (Optional) Specifies the IP address of the DNS server. Up to three IP addresses can be specified on one command line.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the DNS server’s IP address:

DGS-3620-28PC:admin#config dhcp pool dns_server nyknicks 10.10.10.1

Command: config dhcp pool dns_server nyknicks 10.10.10.1

Success.

DGS-3620-28PC:admin#

395

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

23-9 config dhcp pool netbios_name_server

Description

This command is used to specify the NetBIOS WINS server that is available to a Microsoft DHCP client. Up to three IP addresses can be specified on one command line.

Windows Internet Naming Service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a general grouping of networks. If a

NetBIOS name server is not specified, the NetBIOS name server information will not be provided to the client. If this command is input twice for the same pool, the second command will overwrite the first command.

Format config dhcp pool netbios_name_server <pool_name 12> {<ipaddr> {<ipaddr> {<ipaddr>}}}

Parameters

<pool_name 12> - Enter the DHCP pool name.

<ipaddr> - (Optional) Specifies the IP address of the WINS server. Up to three IP addresses can be specified on one command line.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure a WINS server IP address:

DGS-3620-28PC:admin#config dhcp pool netbios_name_server knicks 10.10.10.1

Command: config dhcp pool netbios_name_server knicks 10.10.10.1

Success.

DGS-3620-28PC:admin#

23-10 config dhcp pool netbios_node_type

Description

This command is used to specify the NetBIOS node type for a Microsoft DHCP client.

The NetBIOS node type for Microsoft DHCP clients can be one of four settings: broadcast, peer-topeer, mixed, or hybrid. Use this command to configure a NetBIOS over TCP/IP device that is described in RFC 1001/1002. By default, the NetBIOS node type is broadcast.

Format config dhcp pool netbios_node_type <pool_name 12> [broadcast | peer_to_peer | mixed | hybrid]

396

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<pool_name 12> - Enter the DHCP pool name.

broadcast - Specifies the NetBIOS node type for Microsoft DHCP clients as broadcast.

peer_to_peer - Specifies the NetBIOS node type for Microsoft DHCP clients as peer_to_peer.

mixed - Specifies the NetBIOS node type for Microsoft DHCP clients as mixed.

hybrid - Specifies the NetBIOS node type for Microsoft DHCP clients as hybrid.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the NetBIOS node type:

DGS-3620-28PC:admin#config dhcp pool netbios_node_type knicks hybrid

Command: config dhcp pool netbios_node_type knicks hybrid

Success.

DGS-3620-28PC:admin#

23-11 config dhcp pool default_router

Description

This command is used to specify the IP address of the default router for a DHCP client. Up to three

IP addresses can be specified on one command line.

After a DHCP client has booted, the client begins sending packets to its default router. The IP address of the default router should be on the same subnet as the client. If the default router is not specified, the default router information will not be provided to the client. If this command is input twice for the same pool, the second command will overwrite the first command. The default router must be within the range the network defined for the DHCP pool.

Format config dhcp pool default_router <pool_name 12> {<ipaddr> {<ipaddr> {<ipaddr>}}}

Parameters

<pool_name 12> - Enter the DHCP pool name.

<ipaddr> - (Optional) Specifies the IP address of the default router. Up to three IP addresses can be specified on one command line.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the default router:

397

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#config dhcp pool default_router nyknicks 10.10.10.1

Command: config dhcp pool default_router nyknicks 10.10.10.1

Success.

DGS-3620-28PC:admin#

23-12 config dhcp pool lease

Description

This command is used to specify the duration of the DHCP pool lease.

By default, each IP address assigned by a DHCP server comes with a one-day lease, which is the amount of time that the address is valid.

Format config dhcp pool lease <pool_name 12> [<day 0-365> <hour 0-23> <minute 0-59> | infinite]

Parameters

<pool_name 12> - Enter the DHCP pool’s name.

<day 0-365> - Enter the number of days of the lease.

<hour 0-23> - Enter the number of hours of the lease.

<minute 0-59> - Enter the number of minutes of the lease.

infinite - Specifies a lease of unlimited duration.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the lease of a pool:

DGS-3620-28PC:admin#config dhcp pool lease nyknicks infinite

Command: config dhcp pool lease nyknicks infinite

Success.

DGS-3620-28PC:admin#

23-13 config dhcp pool boot_file

Description

This command is used to specify the name of the file that is used as a boot image.

The boot file is used to store the boot image for the client. The boot image is generally the operating system the client uses to load. If this command is input twice for the same pool, the second command will overwrite the first command. If the bootfile is not specified, the boot file information will not be provided to the client.

398

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config dhcp pool boot_file <pool_name 12> {<file_name 64>}

Parameters

<pool_name 12> - Enter the DHCP pool name.

<file_name 64> - (Optional) Specifies the file name of the boot image.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the boot file:

DGS-3620-28PC:admin#config dhcp pool boot_file engineering boot.had

Command: config dhcp pool boot_file engineering boot.had

Success.

DGS-3620-28PC:admin#

23-14 config dhcp pool next_server

Description

This command is used by the DHCP client boot process, typically a TFTP server. If next server information is not specified, it will not be provided to the client. If this command is input twice for the same pool, the second command will overwrite the first command.

Format config dhcp pool next_server <pool_name 12> {<ipaddr>}

Parameters

<pool_name 12> - Enter the DHCP pool name.

<ipaddr> - (Optional) Specifies the IP address of the next server.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the next server:

DGS-3620-28PC:admin#config dhcp pool next_server engineering 192.168.0.1

Command: config dhcp pool next_server engineering 192.168.0.1

Success.

399

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#

23-15 config dhcp ping_packets

Description

This command is used to specify the number of ping packets the DHCP server sends to an IP address before assigning this address to a requesting client.

By default, the DHCP server pings a pool address twice before assigning the address to a DHCP client. If the ping is unanswered, the DHCP server assumes (with a high probability) that the address is not in use and assigns the address to the requesting client. If the ping is answered, the server will discard the current IP address and try another IP address.

Format config dhcp ping_packets <number 0-10>

Parameters

<number 0-10> - Enter the number of ping packets. 0 means there is no ping test. The default value is 2.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure ping packets:

DGS-3620-28PC:admin#config dhcp ping_packets 4

Command: config dhcp ping_packets 4

Success.

DGS-3620-28PC:admin#

23-16 config dhcp ping_timeout

Description

This command is used to specify the amount of time the DHCP server must wait before timing out a ping packet.

By default, the DHCP server waits 100 milliseconds before timing out a ping packet.

Format config dhcp ping_timeout <millisecond 10-2000>

400

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<millisecond 10-2000> - Enter the amount of time the DHCP server must wait before timing out a ping packet. The default value is 100.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the time out value for ping packets:

DGS-3620-28PC:admin#config dhcp ping_timeout 500

Command: config dhcp ping_timeout 500

Success.

DGS-3620-28PC:admin#

23-17 create dhcp pool manual_binding

Description

This command is used to specify the distinct identification of the client in dotted-hexadecimal notation or hardware address.

An address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by a DHCP server.

The IP address specified in the manual binding entry must be in a range within that the network uses for the DHCP pool. If the user specifies a conflict IP address, an error message will be returned. If a number of manual binding entries are created, and the network address for the pool is changed such that conflicts are generated, those manual binding entries which conflict with the new network address will be automatically deleted.

Format create dhcp pool manual_binding <pool_name 12> <ipaddr> hardware_address <macaddr>

{type [ethernet | ieee802]}

Parameters

<pool_name 12> - Enter the DHCP pool name.

<ipaddr> - Enter the IP address which will be assigned to a specified client.

hardware_address - Specifies the hardware MAC address.

<macaddr> - Enter the MAC address here.

type - (Optional) Specifies the DHCP pool manual binding type.

ethernet - Specifies Ethernet type.

ieee802 -Specify IEEE802 type.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

401

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure manual bindings:

DGS-3620-28PC:admin#create dhcp pool manual_binding engineering 10.10.10.1 hardware_address 00-80-C8-02-02-02 type ethernet

Command: create dhcp pool manual_binding engineering 10.10.10.1 hardware_address 00-80-C8-02-02-02 type ethernet

Success.

DGS-3620-28PC:admin#

23-18 delete dhcp pool manual_binding

Description

This command is used to delete DHCP server manual binding.

Format delete dhcp pool manual_binding <pool_name 12> [<ipaddr> | all]

Parameters

<pool_name 12> - Enter the DHCP pool name.

<ipaddr> - Enter the IP address which will be assigned to a specified client.

all - Specifies to delete all IP addresses.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete DHCP server manual binding:

DGS-3620-28PC:admin#delete dhcp pool manual_binding engineering 10.10.10.1

Command: delete dhcp pool manual_binding engineering 10.10.10.1

Success.

DGS-3620-28PC:admin#

23-19 clear dhcp binding

Description

This command is used to clear a binding entry or all binding entries in a pool or clears all binding entries in all pools. Note that this command will not clear the dynamic binding entry which matches a manual binding entry.

402

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format clear dhcp binding [<pool_name 12> [<ipaddr> | all] | all]

Parameters

<pool_name 12> - Enter the DHCP pool name to clear.

<ipaddr> - Enter the IP address to clear.

all - Specifies to clear all IP addresses for the specified pool.

all - Specifies to clear all binding entries in all pools

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To clear dynamic binding entries in the pool named “engineering”:

DGS-3620-28PC:admin#clear dhcp binding engineering 10.20.3.4

Command: clear dhcp binding engineering 10.20.3.4

Success.

DGS-3620-28PC:admin#

23-20 show dhcp binding

Description

This command is used to display dynamic binding entries.

Format show dhcp binding {<pool_name 12>}

Parameters

<pool_name 12> - (Optional) Specifies a DHCP pool name.

Restrictions

None.

Example

To display dynamic binding entries for “engineering”:

DGS-3620-28PC:admin#show dhcp binding engineering

Command: show dhcp binding engineering

Pool Name IP Addresss Hardware Address Type Status Lifetime

------------ -------------- ------------------ -------- ------- ---------

403

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

engineering 192.168.0.1 00-80-C8-08-13-88 Ethernet Manual 86400 engineering 192.168.0.2 00-80-C8-08-13-99 Ethernet Automatic 86400 engineering 192.168.0.3 00-80-C8-08-13-A0 Ethernet Automatic 86400 engineering 192.168.0.4 00-80-C8-08-13-B0 Ethernet Automatic 86400

Total Entries: 4

DGS-3620-28PC:admin#

23-21 show dhcp pool

Description

This command is used to display the information for DHCP pool. If pool name is not specified, information for all pools will be displayed.

Format show dhcp pool {<pool_name 12>}

Parameters

<pool_name 12> - (Optional) Specifies the DHCP pool name.

Restrictions

None.

Example

To display the current DHCP pool information for “engineering”:

DGS-3620-28PC:admin#show dhcp pool engineering

Command: show dhcp pool engineering

Pool Name : engineering

Network Address : 10.10.10.0/24

Domain Name : dlink.com

DNS Server : 10.10.10.1

NetBIOS Name Server : 10.10.10.1

NetBIOS Node Type : Broadcast

Default Router : 10.10.10.1

Pool Lease : 10 Days, 0 Hours, 0 Minutes

Boot File : boot.bin

Next Server : 10.10.10.2

Option Profile : profile1

DGS-3620-28PC:admin#

404

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

23-22 show dhcp pool manual_binding

Description

This command is used to display the configured manual binding entries.

Format show dhcp pool manual_binding {<pool_name 12>}

Parameters

<pool_name 12> - (Optional) Specifies the DHCP pool name.

Restrictions

None.

Example

To display the configured manual binding entries:

DGS-3620-28PC:admin#show dhcp pool manual_binding

Command: show dhcp pool manual_binding

Pool Name IP Address Hardware Address Type

------------ ------------- ------------------ -------- p1 192.168.0.1 00-80-C8-08-13-88 Ethernet p1 192.168.0.2 00-80-C8-08-13-99 Ethernet

Total Entries : 2

DGS-3620-28PC:admin#

23-23 enable dhcp_server

Description

This command is used to enable the DHCP server function.

If DHCP relay is enabled, DHCP server cannot be enabled. The opposite is also true. For Layer 2 switches, if DHCP client is enabled on the only interface, then DHCP server cannot be enabled.

For layer 3 switches, when the System interface is the only interface then can DHCP client be enabled. If the DHCP client is enabled, then the DHCP server cannot be enabled.

Format enable dhcp_server

Parameters

None.

405

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable DHCP server:

DGS-3620-28PC:admin#enable dhcp_server

Command: enable dhcp_server

Success.

DGS-3620-28PC:admin#

23-24 disable dhcp_server

Description

This command is used to disable the DHCP server function on the switch.

Format disable dhcp_server

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To disable the Switch’s DHCP server:

DGS-3620-28PC:admin#disable dhcp_server

Command: disable dhcp_server

Success.

DGS-3620-28PC:admin#

23-25 show dhcp_server

Description

This command is used to display the current DHCP server configuration.

Format show dhcp_server

406

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

None.

Restrictions

None.

Example

To display the DHCP server status:

DGS-3620-28PC:admin#show dhcp_server

Command: show dhcp_server

DHCP Server Global State: Disabled

Ping Packet Number : 2

Ping Timeout : 100 ms

DGS-3620-28PC:admin#

23-26 clear dhcp conflict_ip

Description

This command is used to clear an entry or all entries from the conflict IP database.

Format clear dhcp conflict_ip [<ipaddr> | all]

Parameters

<ipaddr> - Enter the IP address to be cleared.

all - Specifies that all IP addresses will be cleared.

Restrictions

None.

Example

To clear an IP address 10.20.3.4 from the conflict database:

DGS-3620-28PC:admin#clear dhcp conflict_ip 10.20.3.4

Command: clear dhcp conflict_ip 10.20.3.4

Success.

DGS-3620-28PC:admin#

407

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

23-27 show dhcp conflict_ip

Description

This command is used to display the IP address that has been identified as being in conflict.

The DHCP server will use ping packet to determine whether an IP address is conflicting with other hosts before binding this IP. The IP address which has been identified in conflict will be moved to the conflict IP database. The system will not attempt to bind the IP address in the conflict IP database unless the user clears it from the conflict IP database.

Format show dhcp conflict_ip {<ipaddr>}

Parameters

<ipaddr> - (Optional) Specifies the IP address to be displayed.

Restrictions

None.

Example

To display the entries in the DHCP conflict IP database:

DGS-3620-28PC:admin#show dhcp conflict_ip

Command: show dhcp conflict_ip

IP Address Detection Method Detection Time

----------- ---------------- --------------------

172.16.1.32 Ping 2007/08/30 17:06:59

172.16.1.32 Gratuitous ARP 2007/09/10 19:38:01

DGS-3620-28PC:admin#

23-28 create dhcp option_profile

Description

This command is used to create a DHCP option profile.

Format create dhcp option_profile <profile_name 12>

Parameters

<profile_name 12> - Enter the DHCP option profile name here. This name can be up to 12 characters long.

408

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To create a DHCP option profile:

DGS-3620-28PC:admin#create dhcp option_profile profile1

Command: create dhcp option_profile profile1

Success.

DGS-3620-28PC:admin#

23-29 config dhcp option_profile

Description

This command is used to configure an option to and from a DHCP server option profile.

Format config dhcp option_profile <profile_name 12> [add option <value 1-254> [string <multiword

255> | hex <string 254>] | delete option <value 1-254>]

Parameters

<profile_name 12> - Enter the DHCP server option profile name here. This name can be up to

12 characters long.

add - Specifies to add an option to the DHCP server option profile.

option - Specifies the option value used.

<value 1-254> - Enter the option value used here. This must be between 1 and 254.

string - Specifies the character string associated with the option.

<multiword 255> - Enter the option association string here. This can be up to 255 characters long.

hex - Specifies the hexadecimal value of the option string.

<string 254> - Enter the hexadecimal value of the option string here. This can be up to 254 hexadecimal characters long.

delete - Specifies to delete an option from the DHCP server option profile.

option - Specifies the option value used.

<value 1-254> - Enter the option value used here. This must be between 1 and 254.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To add option 69 using HEX format:

DGS-3620-28PC:admin#config dhcp option_profile profile1 add option 69 hex c0a800fe

Command: config dhcp option_profile profile1 add option 69 hex c0a800fe

409

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Success.

DGS-3620-28PC:admin#

To add option 72 using string format:

DGS-3620-28PC:admin#config dhcp option_profile profile1 add option 72 string

"192.168.0.254"

Command: config dhcp option_profile profile1 add option 72 string

"192.168.0.254"

Success.

DGS-3620-28PC:admin#

To delete DHCP option profile option 69:

DGS-3620-28PC:admin#config dhcp option_profile profile1 delete option 69

Command: config dhcp option_profile profile1 delete option 69

Success.

DGS-3620-28PC:admin#

23-30 delete dhcp option_profile

Description

This command is used to delete a DHCP option profile.

Format delete dhcp option_profile <profile_name 12>

Parameters

<profile_name 12> - Enter the DHCP server option profile name here. This name can be up to

12 characters long.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete a DHCP option profile.

DGS-3620-28PC:admin#delete dhcp option_profile profile1

Command: delete dhcp option_profile profile1

Success.

DGS-3620-28PC:admin#

410

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

23-31 show dhcp option_profile

Description

This command is used to display the current DHCP option profile configuration.

Format show dhcp option_profile {<profile_name 12>}

Parameters

<profile_name 12> - (Optional) Enter the DHCP server option profile name here. This name can be up to 12 characters long.

If no parameter is specified, the system will display all DHCP option profile configurations.

Restrictions

None.

Example

To display the current DHCP option profile configuration.

DGS-3620-28PC:admin#show dhcp option_profile

Command: show dhcp option_profile

DHCP Option Profile Name : profile1

Option Type Value

------ ------ ------------------------------------------------------------

69 hex c0a800fe

72 string 192.168.0.254

Total Entries: 1

DGS-3620-28PC:admin#

23-32 config dhcp pool option_profile

Description

This command is used to apply an option profile to a specific DHCP pool.

Format config dhcp pool option_profile <pool_name 12> [add | delete] <profile_name 12>

Parameters

<pool_name 12> - Enter the DHCP pool name here. This name can be up to 12 characters long.

add - Specifies to add an option profile to a DHCP pool, configured on this switch.

411

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

delete - Specifies to delete an option profile from a DHCP pool, configured on this switch.

<profile_name 12> - Enter the DHCP server option profile name here. This name can be up to

12 characters long.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To add an option profile for DHCP profile1 in pool1:

DGS-3620-28PC:admin#config dhcp pool option_profile pool1 add profile1

Command: config dhcp pool option_profile pool1 add profile1

Success.

DGS-3620-28PC:admin#

To delete an option profile from a DHCP pool:

DGS-3620-28PC:admin#config dhcp pool option_profile pool1 delete profile1

Command: config dhcp pool option_profile pool1 delete profile1

Success.

DGS-3620-28PC:admin#

412

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 24 DHCP Server

Screening Commands

config filter dhcp_server [add permit server_ip <ipaddr> {client_mac <macaddr>} ports

[<portlist> | all] | delete permit server_ip <ipaddr> {client_mac <macaddr>} ports [<portlist> | all] | ports [<portlist> | all] state [enable | disable] | illegal_server_log_suppress_duration [1min

| 5min | 30min]]

config filter dhcp_server log [enable | disable]

config filter dhcp_server trap [enable | disable]

show filter dhcp_server

create filter dhcpv6_server permit sip <ipv6addr> ports [<portlist> | all]

config filter dhcpv6_server log [enable | disable]

config filter dhcpv6_server ports [<portlist> | all] state [enable | disable]

config filter dhcpv6_server trap [enable | disable]

show filter dhcpv6_server

delete filter dhcpv6_server permit sip <ipv6addr>

create filter icmpv6_ra_all_node permit sip <ipv6addr> ports [<portlist> | all]

config filter icmpv6_ra_all_node log [enable | disable]

config filter icmpv6_ra_all_node ports [<portlist> | all] state [enable | disable]

config filter icmpv6_ra_all_node trap [enable | disable]

show filter icmpv6_ra_all_node

delete filter icmpv6_ra_all_node permit sip <ipv6addr>

24-1 config filter dhcp_server

Description

This command has two purposes: to specify to filter all DHCP server packets on the specific port and to specify to allow some DHCP server packets with pre-defined server IP addresses and client

MAC addresses. With this function, we can restrict the DHCP server to service specific DHCP clients. This is useful when two DHCP servers are present on the network; one of them can provide the private IP address and the other can provide the public IP address.

Enabling filter DHCP server port state will create one access profile and create one access rule per port (UDP port = 67). Filter commands in this file will share the same access profile. Addition of a permit DHCP entry will create one access profile and create one access rule. Filter commands in this file will share the same access profile.

Format config filter dhcp_server [add permit server_ip <ipaddr> {client_mac <macaddr>} ports

[<portlist> | all] | delete permit server_ip <ipaddr> {client_mac <macaddr>} ports [<portlist>

| all] | ports [<portlist> | all] state [enable | disable] | illegal_server_log_suppress_duration

[1min | 5min | 30min]]

Parameters

add permit server_ip - Specifies the IP address of the DHCP server to be permitted.

<ipaddr> - Enter the IP address.

client_mac - (Optional) Specifies the MAC address of the DHCP client.

413

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

<macaddr> - Enter the MAC address.

ports - Specifies the ports.

<portlist> - Enter the range of ports to be configured.

all - Specifies to configure all ports.

delete permit server_ip - Specifies the delete permit server IP address.

<ipaddr> - Enter the IP address.

client_mac - (Optional) Specifies the MAC address of the DHCP client.

<macaddr> - Enter the MAC address.

ports - Specifies the ports.

<portlist> - Enter the range of ports to be configured.

all - Specifies to configure all ports.

ports - Specifies the ports.

<portlist> - Enter the range of ports to be configured.

all - Specifies to configure all ports.

state - Specifies the port status.

enable - Enable the state.

disable - Disable the state.

illegal_server_log_suppress_duration - Specifies the illegal server log suppression duration.

1min - Specifies an illegal server log suppression duration of 1 minute.

5min - Specifies an illegal server log suppression duration of 5 minutes.

30min - Specifies an illegal server log suppression duration of 30 minutes.

Example

To add an entry from the DHCP server/client filter list in the switch’s database:

DGS-3620-28PC:admin#config filter dhcp_server add permit server_ip 10.1.1.1 client_mac 00-00-00-00-00-01 port 1-26

Command: config filter dhcp_server add permit server_ip 10.1.1.1 client_mac 00-

00-00-00-00-01 port 1-26

Success.

DGS-3620-28PC:admin#

To configure the filter DHCP server state:

DGS-3620-28PC:admin#config filter dhcp_server ports 1-10 state enable

Command: config filter dhcp_server ports 1-10 state enable

Success.

DGS-3620-28PC:admin#

24-2 config filter dhcp_server log

Description

This command is used to enable or disable the log for a DHCP server filter event.

414

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config filter dhcp_server log [enable | disable]

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

enable – Specifies to enable the log for a DHCP server filter event.

disable – Specifies to disable the log for a DHCP server filter event.

Example

To enable the log for a DHCP server filter event:

DGS-3620-28PC:admin#config filter dhcp_server log enable

Command: config filter dhcp_server log enable

Success.

DGS-3620-28PC:admin#

24-3 config filter dhcp_server trap

Description

This command is used to enable or disable the trap for a DHCP server filter event.

Format config filter dhcp_server trap [enable | disable]

Parameters

enable – Specifies to enable the trap for a DHCP server filter event.

disable – Specifies to disable the trap for a DHCP server filter event.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable the trap for a DHCP server filter event:

DGS-3620-28PC:admin#config filter dhcp_server trap enable

Command: config filter dhcp_server trap enable

Success.

DGS-3620-28PC:admin#

415

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

24-4 show filter dhcp_server

Description

This command is used to display the DHCP server/client filter list created on the switch.

Format show filter dhcp_server

Parameters

None.

Restrictions

None.

Example

To display the DHCP server/client filter list created on the switch:

DGS-3620-28PC:admin#show filter dhcp_server

Command: show filter dhcp_server

Enabled Ports: 1,28

Trap State: Enabled

Log State: Enabled

Illegal Server Log Suppress Duration:1 minutes

Permit DHCP Server/Client Table:

Server IP Address Client MAC Address Port

----------------- ------------------ --------------------

Total Entries: 0

DGS-3620-28PC:admin#

24-5 create filter dhcpv6_server permit sip

Description

This command used to create a permit entry. The specific DHCPv6 server packets, with the source

IPv6 address, will be forwarded on the specified port(s).

Format create filter dhcpv6_server permit sip <ipv6addr> ports [<portlist> | all]

416

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<ipv6addr> - Specifies the source address of the entry which will be created into the Filter

DHCPv6 server forward list.

ports - Specifies the list of ports used for this configuration.

<portlist> - Enter the list of ports, used for this configuration, here.

all - Specifies that all ports will be used for this configuration.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To create a Filter DHCPv6 server permit entry on port 5:

DGS-3620-28PC:admin#create filter dhcpv6_server permit sip 2200::5 ports 1:5

Command: create filter dhcpv6_server permit sip 2200::5 ports 1:5

Success.

DGS-3620-28PC:admin#

24-6 config filter dhcpv6_server log

Description

This command is used to enable or disable the Filter DHCPv6 server log state.

Format config filter dhcpv6_server log [enable | disable]

Parameters

enable - Specifies that the log for the Filter DHCPv6 server will be enabled. The log for Filter

DHCPv6 server will be generated.

disable - Specifies that the log for the Filter DHCPv6 server will be disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable the Filter DHCPv6 Server log state:

DGS-3620-28PC:admin#config filter dhcpv6_server log enable

Command: config filter dhcpv6_server log enable

Success.

DGS-3620-28PC:admin#

417

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

24-7 config filter dhcpv6_server ports

Description

This command is used to configure the state of filter DHCPv6 server packets on the switch. The filter DHCPv6 server function is used to filter the DHCPv6 server packets on the specific port(s) and receive the trust packets from the specific source. This feature can be protected network usable when a malicious host sends the DHCPv6 server packets.

Format config filter dhcpv6_server ports [<portlist> | all] state [enable | disable]

Parameters

<portlist> - Enter the list of ports, used for this configuration, here.

all - Specifies that all ports will be used for this configuration.

state - Specifies whether the port’s filter DHCPv6 server function is enabled or disabled.

enable - Specifies that the filter option is enabled.

disable - Specifies that the filter option is disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the filter DHCPv6 server state to enabled for ports 1 to 8:

DGS-3620-28PC:admin#config filter dhcpv6_server ports 1:1-1:8 state enable

Command: config filter dhcpv6_server ports 1:1-1:8 state enable

Success.

DGS-3620-28PC:admin#

24-8 config filter dhcpv6_server trap

Description

This command is used to enable or disable the filter DHCPv6 server trap state.

Format config filter dhcpv6_server trap [enable | disable]

Parameters

enable - Specifies that the trap for the filter DHCPv6 server will be enabled. The trap for filter

DHCPv6 server will be sent out.

disable - Specifies that the trap for the filter DHCPv6 server will be disabled.

418

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable the filter DHCPv6 server trap state:

DGS-3620-28PC:admin#config filter dhcpv6_server trap enable

Command: config filter dhcpv6_server trap enable

Success.

DGS-3620-28PC:admin#

24-9 show filter dhcpv6_server

Description

This command is used to display the filter DHCPv6 server information.

Format show filter dhcpv6_server

Parameters

None.

Restrictions

None.

Example

To display filter DHCPv6 server information:

DGS-3620-28PC:admin#show filter dhcpv6_server

Command: show filter dhcpv6_server

Enabled ports:1:1-1:8

Trap State: Enabled

Log State: Enabled

Permit Source Address Table:

Source IP Address Port

--------------------------------------- ---------------

2200::5 1:5

Total Entries:1

DGS-3620-28PC:admin#

419

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

24-10 delete filter dhcpv6_server permit sip

Description

This command is used to delete a filter DHCPv6 server permit entry.

Format delete filter dhcpv6_server permit sip <ipv6addr>

Parameters

<ipv6addr> - Enter the source IPv6 address of the entry here.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete permit entry from the filter DHCPv6 server forward list:

DGS-3620-28PC:admin#delete filter dhcpv6_server permit sip 2200::4

Command: delete filter dhcpv6_server permit sip 2200::4

Success.

DGS-3620-28PC:admin#

24-11 create filter icmpv6_ra_all_node permit sip

Description

This command is used to create a filter ICMPv6 RA All-nodes permit entry.

Format create filter icmpv6_ra_all_node permit sip <ipv6addr> ports [<portlist> | all]

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

<ipv6addr> - Enter the source address of entry which will be created into the Filter ICMPv6 RA

All-nodes forward list here.

state - Specifies whether the port’s filter DHCPv6 server function is enabled or disabled.

enable - Specifies that the filter option is enabled.

disable - Specifies that the filter option is disabled.

420

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To create a filter ICMPv6 RA All-nodes permit entry on port 5:

DGS-3620-28PC:admin#create filter icmpv6_ra_all_node permit sip 2200::5 ports

1:5

Command: create filter icmpv6_ra_all_node permit sip 2200::5 ports 1:5

Success.

DGS-3620-28PC:admin#

24-12 config filter icmpv6_ra_all_node log

Description

This command is used to enable or disable the filter ICMPv6 RA All-nodes log state.

Format config filter icmpv6_ra_all_node log [enable | disable]

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

enable - Specifies that the log for the filter ICMPv6 RA will be enabled. The log for filter ICMPv6

RA all-nodes will be generated.

disable - Specifies that the log for the filter ICMPv6 RA will be disabled.

Example

To enable the filter ICMPv6 RA all-nodes log state:

DGS-3620-28PC:admin#config filter icmpv6_ra_all_node log enable

Command: config filter icmpv6_ra_all_node log enable

Success.

DGS-3620-28PC:admin#

24-13 config filter icmpv6_ra_all_node ports

Description

This command is used to configure the state of the filter ICMPv6 RA all-nodes packets on the switch. The filter ICMPv6 RA all-nodes function is used to filter the ICMPv6 RA all-nodes packets on the specific port(s) and receive the trust packets from the specific source. This feature can be protected network usable when a malicious host sends ICMPv6 RA all-nodes packets.

Note: It only needs to filter the packet of which the destination address is the all-nodes multicast address (FF02::1).

421

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config filter icmpv6_ra_all_node ports [<portlist> | all] state [enable | disable]

Parameters

<portlist> - Enter the list of ports, used for this configuration, here.

all - Specifies that all ports will be used for this configuration.

state - Specifies whether the port’s filter ICMPv6 RA all-nodes packets function is enabled or disabled.

enable - Specifies that the filter ICMPv6 RA all-nodes packets function is be enabled.

disable - Specifies that the filter ICMPv6 RA all-nodes packets function is be disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the filter ICMPv6 RA all-nodes state to enabled for ports 1 to 8:

DGS-3620-28PC:admin#config filter icmpv6_ra_all_node ports 1:1-1:8 state enable

Command: config filter icmpv6_ra_all_node ports 1:1-1:8 state enable

Success.

DGS-3620-28PC:admin#

24-14 config filter icmpv6_ra_all_node trap

Description

This command is used to enable or disable the filter ICMPv6 RA all-nodes trap state. If the

ICMPv6 RA all-nodes server trap state is disabled, no trap will be sent out.

Format config filter icmpv6_ra_all_node trap [enable | disable]

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

enable - Specifies that the trap for the filter ICMPv6 RA all-nodes will be enabled. The trap for filter ICMPv6 RA all-nodes will be sent out.

disable - Specifies that the trap for the filter ICMPv6 RA all-nodes will be disabled.

Example

To enable the filter ICMPv6 RA all-nodes trap state:

422

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#config filter icmpv6_ra_all_node trap enable

Command: config filter icmpv6_ra_all_node trap enable

Success.

DGS-3620-28PC:admin#

24-15 show filter icmpv6_ra_all_node

Description

This command is used to display the filter ICMPv6 RA all-nodes information.

Format show filter icmpv6_ra_all_node

Parameters

None.

Restrictions

None.

Example

To display filter ICMPv6 RA all-nodes information:

DGS-3620-28PC:admin#show filter icmpv6_ra_all_node

Command: show filter icmpv6_ra_all_node

Enabled ports:1:1-1:8

Trap State: Enabled

Log State: Enabled

Permit Source Address Table:

Source IP Address Port

--------------------------------------- ---------------

2200::5 1:5

Total Entries:1

DGS-3620-28PC:admin#

24-16 delete filter icmpv6_ra_all_node permit sip

Description

This command is used to delete a filter ICMPv6 RA all-nodes permit entry.

423

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format delete filter icmpv6_ra_all_node permit sip <ipv6addr>

Parameters

<ipv6addr> - Enter the source IPv6 address of the entry which will be deleted in the filter ICMPv6

RA all-nodes forward list.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete permit entry from the filter ICMPv6 RA all-nodes forward list:

DGS-3620-28PC:admin#delete filter icmpv6_ra_all_node permit sip 2200::4

Command: delete filter icmpv6_ra_all_node permit sip 2200::4

Success.

DGS-3620-28PC:admin#

424

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 25 DHCPv6 Relay

Commands

enable dhcpv6_relay disable dhcpv6_relay

config dhcpv6_relay hop_count <value 1-32>

config dhcpv6_relay [add | delete] ipif <ipif_name 12> <ipv6addr>

config dhcpv6_relay ipif [<ipif_name 12> | all] state [enable | disable]

show dhcpv6_relay {ipif <ipif_name 12>}

config dhcpv6_relay option_37 {state [enable | disable] | check [enable | disable] | remote_id

[default | cid_with_user_define <desc 128>| user_define <desc 128>]}(1)

25-1 enable dhcpv6_relay

Description

This command is used to enable the DHCPv6 relay function on the Switch.

Format enable dhcpv6_relay

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the DHCPv6 relay global state to enable:

DGS-3620-28PC:admin# enable dhcpv6_relay

Command: enable dhcpv6_relay

Success.

DGS-3620-28PC:admin#

25-2 disable dhcpv6_relay

Description

This command is used to disable the DHCPv6 relay function on the Switch.

425

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format disable dhcpv6_relay

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the DHCPv6 relay global state to disable:

DGS-3620-28PC:admin# disable dhcpv6_relay

Command: disable dhcpv6_relay

Success.

DGS-3620-28PC:admin#

25-3 config dhcpv6_relay hop_count

Description

Configure the DHCPv6 relay hop_count of the switch.

Format config dhcpv6_relay hop_count <value 1-32>

Parameters

hop_count - Specifies the number of relay agents that have relayed this message. The default value is 4.

<value 1-32> - Enter the hop count number here. This value must be between 1 and 32.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the maximum hops of a DHCPv6 relay packet could be transferred to 4:

DGS-3620-28PC:admin# config dhcpv6_relay hop_count 4

Command: config dhcpv6_relay hop_count 4

Success.

DGS-3620-28PC:admin#

426

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

25-4 config dhcpv6_relay

Description

The command could add/delete an IPv6 address which is a destination to forward (relay) DHCPv6 packets.

Format config dhcpv6_relay [add | delete] ipif <ipif_name 12> <ipv6addr>

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

add - Add an IPv6 destination to the DHCPv6 relay table.

delete - Delete an IPv6 destination from the DHCPv6 relay table

ipif - The name of the IP interface in which DHCPv6 relay is to be enabled.

<ipif_name 12> - Enter the IP interface name here. This name can be up to 12 characters long.

<ipv6addr> - The DHCPv6 server IP address.

Example

To add a DHCPv6 server to the relay table:

DGS-3620-28PC:admin# config dhcpv6_relay add ipif System

2001:DB8:1234:0:218:FEFF:FEFB:CC0E

Command: config dhcpv6_relay add ipif System 2001:DB8:1234:0:218:FEFF:FEFB:CC0E

Success.

DGS-3620-28PC:admin#

25-5 config dhcpv6_relay ipif

Description

The command is used to configure the DHCPv6 relay state of one specific interface or all interfaces.

Format config dhcpv6_relay ipif [<ipif_name 12> | all] state [enable | disable]

Parameters

ipif - Specifies the name of the IP interface.

<ipif_name 12> - Enter the IP interface name used here. This name can be up to 12 characters long.

427

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

all - Specifies that all the configured IP interfaces wil be used..

state - Specifies if the DHCPv6 relay state will be enabled or disabled.

enable - Choose this parameter to enable the DHCPv6 relay state of the interface.

disable - Choose this parameter to disable the DHCPv6 relay state of the interface.

Example

To configure the DHCPv6 relay state of the System interface to enable:

DGS-3620-28PC:admin# config dhcpv6_relay ipif System state enable

Command: config dhcpv6_relay ipif System state enable

Success.

DGS-3620-28PC:admin#

25-6 show dhcpv6_relay

Description

This command will display the current DHCPv6 relay configuration of all interfaces, or if an IP interface name is specified, the DHCPv6 relay configuration for that IP interface.

Format show dhcpv6_relay {ipif <ipif_name 12>}

Parameters

Restrictions

None.

ipif - (Optional) The name of the IP interface for which to display the current DHCPv6 relay configuration.

<ipif_name 12> - Enter the IP interface name used here. This name can be up to 12 characters long.

If no IP interface is specified, all configured DHCPv6 relay interfaces are displayed.

Example

To show the DHCPv6 relay configuration of all interfaces:

428

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#show dhcpv6_relay ipif System

Command: show dhcpv6_relay ipif System

DHCPv6 Relay Global State : Disabled

DHCPv6 Hops Count Limit : 4

DHCPv6 Relay Information Option 37 State : Disabled

DHCPv6 Relay Information Option 37 Check : Disabled

DHCPv6 Relay Information Option 37 Remote ID Type : Default

DHCPv6 Relay Information Option 37 Remote ID :

---------------------------------------------------------------

IP Interface : System

DHCPv6 Relay Status : Enabled

Server Address :

DGS-3620-28PC:admin#

25-7 config dhcpv6_relay option_37

Description

This command is used to configure the processing of Option 37 for the DHCPv6 relay function.

When the DHCPv6 relay Option 37 is enabled, the DHCP packet will be inserted with the Option

37 field before being relayed to server. The DHCP packet will be processed based on the behavior defined in the check and remote ID type setting. When the state is disabled, the DHCP packet will be relayed directly to server without further checks and inserted with the Option 37.

DGS-3620-28PC:admin#show dhcpv6_relay

Command: show dhcpv6_relay

DHCPv6 Relay Global State : Disabled

DHCPv6 Hops Count Limit : 4

DHCPv6 Relay Information Option 37 State : Disabled

DHCPv6 Relay Information Option 37 Check : Disabled

DHCPv6 Relay Information Option 37 Remote ID Type : Default

DHCPv6 Relay Information Option 37 Remote ID :

---------------------------------------------------------------

IP Interface : System

DHCPv6 Relay Status : Enabled

Server Address :

IP Interface : Interface1

DHCPv6 Relay Status : Enabled

Server Address :

Total Entries : 2

DGS-3620-28PC:admin#

To show the DHCPv6 relay configuration of System interface:

429

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config dhcpv6_relay option_37 {state [enable | disable] | check [enable | disable] | remote_id [default | cid_with_user_define <desc 128>| user_define <desc 128>]}(1)

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

state - Specifies the DHCPv6 relay Option 37 state.

enable - When the state is enabled, the DHCP packet will be inserted with the Option 37 field before being relayed to server.

disable - When the state is disabled, the DHCP packet will be relayed directly to server without further checks and inserted with the Option 37.

check - Specifies that packets coming from client side should or should not have the Option 37 field. If client originating packets have the Option 37 field set they will be dropped.

enable - Specifies that the check option is enabled.

disable - Specifies that the check option is disabled.

remote_id - Specifies the content in the Remote ID.

default - Specifies that the remote ID will contain the VLAN ID, Module, Port, and System

MAC address of the device.

cid_with_user_define - Specifies that the remote ID will contain the VLAN ID, Module, Port, and a user defined string.

<desc 128> - Enter the CID user defined string here. This can be up to 128 characters long.

user_define - Specifies that the remote ID will be a user defined string.

<desc 128> - Enter the user defined string here. This can be up to 128 characters long.0

Example

To enable the state of the DHCPv6 Option 37:

DGS-3620-28PC:admin#config dhcpv6_relay option_37 state enable

Command: config dhcpv6_relay option_37 state enable

Success.

DGS-3620-28PC:admin#

To enable the DHCPv6 Option 37 check:

DGS-3620-28PC:admin#config dhcpv6_relay option_37 check enable

Command: config dhcpv6_relay option_37 check enable

Success.

DGS-3620-28PC:admin#

To set the remote ID as default:

430

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#config dhcpv6_relay option_37 remote_id default

Command: config dhcpv6_relay option_37 remote_id default

Success.

DGS-3620-28PC:admin#

431

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 26 DHCPv6 Server

Commands

create dhcpv6 pool <pool_name 12>

delete dhcpv6 pool [<pool_name 12> | all]

show dhcpv6 pool {<pool_name 12>}

config dhcpv6 pool ipv6network_addr <pool_name 12> begin <ipv6networkaddr> end

<ipv6networkaddr>

config dhcpv6 pool domain_name <pool_name 12> <domain_name 255>

config dhcpv6 pool dns_server <pool_name 12> <ipv6addr> {<ipv6addr>}

config dhcpv6 pool lifetime <pool_name 12> preferred_lifetime <sec 60-4294967295> valid_lifetime <sec 60-4294967295>

config dhcpv6 pool manual_binding <pool_name 12> [add [<ipv6addr> | <ipv6networkaddr>] client_duid <string 28> | delete [<ipv6addr> | <ipv6networkaddr> | all]]

config dhcpv6 pool prefix_delegation <pool_name 12> <ipv6networkaddr> <value 1-128>

<ipif_name 12>

show dhcpv6 manual_binding {<pool_name 12>}

show dhcpv6 binding {<pool_name 12>}

clear dhcpv6 binding {<pool_name 12>}

enable dhcpv6_server disable dhcpv6_server

show dhcpv6_server {ipif <ipif_name 12>}

config dhcpv6 pool excluded_address <pool_name 12> [add begin <ipv6addr> end <ipv6addr>

| delete [begin <ipv6addr> end <ipv6addr> | all]]

show dhcpv6 excluded_address {<pool_name 12>}

config dhcpv6_server ipif [<ipif_name 12> | all] state [enable | disable]

26-1 create dhcpv6 pool

Description

This command is used to create a DHCPv6 pool for the DHCPv6 server.

Format create dhcpv6 pool <pool_name 12>

Parameters

pool - Specifies the pool to be created with this command.

<pool_name 12> - Enter the pool name here. This name can be up to 12 characters long.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To create a DHCPv6 pool pool1:

432

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# create dhcpv6 pool pool1

Command : create dhcpv6 pool pool1 success

DGS-3620-28PC:admin#

26-2 delete dhcpv6 pool

Description

This command is used to delete one or all DHCPv6 pools.

Format delete dhcpv6 pool [<pool_name 12> | all]

Parameters

pool - Specifies the DHCPv6 pool to be removed.

<pool_name 12> - Enter the DHCPv6 pool name to be removed here. This name can be up to 12 characters long.

all - Specifies that all the DHCPv6 pools will be removed.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete the DHCPv6 pool by specifying the pool name pool1:

DGS-3620-28PC:admin# delete dhcpv6 pool pool1

Command: delete dhcpv6 pool pool1

Success.

DGS-3620-28PC:admin#

26-3 show dhcpv6 pool

Description

This command is used to display one or all DHCPv6 pools configuration.

Format show dhcpv6 pool {<pool_name 12>}

Parameters

pool – Specifies the DHCPv6 pool to be displayed.

433

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<pool_name 12> - (Optional) Enter the DHCPv6 pool name to be displayed here. This name can be up to 12 characters long.

If no parameters are specified, all the DHCPv6 pools will be displayed.

Restrictions

None.

Example

To show the DHCPv6 pool by specifying the pool name pool1:

DGS-3620-28PC:admin# show dhcpv6 pool pool1

Command: show dhcpv6 pool pool1

Pool Name : pool1

Begin Network Address : 2000::1/64

End Network Address : 2000::200/64

Domain Name : domain.com

DNS Server Address : 2000::ff

: 2000::fe

Preferred Lifetime : 604800 (sec)

Valid Lifetime : 2592000 (sec)

Total Pool Entries: 1

DGS-3620-28PC:admin#

26-4 config dhcpv6 pool ipv6network_addr

Description

This command is used to configure the range of IPv6 network addresses for the DHCPv6 pool.

The IPv6 addresses in the range are free to be assigned to any DHCPv6 client. When the

DHCPv6 server receives a request from the client, the server will automatically find an available pool to allocate an IPv6 address.

The begin_networkaddr and end_networkaddr must observer some rules as followed:

The prefix of the begin_networkaddr and end_networkaddr are not consistence, otherwise, the switch will print an error message: The prefix of begin_networkaddr and end_networkaddr must be consistence.(e.g.: the begin_networkaddr is 2000::1/64, and the end_networkaddr is 3000::100/64)

The begin address must not be large than end address, otherwise, the switch will print an error message: The begin IPv6 address must be lower than or equal to the end IPv6 address.(e.g.: the begin_networkaddr is 2000::200/64, and the end_networkaddr is 2000::100/64)

There must not be intersection between the IPv6 address ranges of two pools, otherwise, the

Switch will print an error message: IPv6network address collision. (e.g.: pool1: 2000::1/64 ---

2000::100/64, pool2: 2000::50/64 --- 2000::200/64)

The IPv6 network address can’t be Link-local address and Multicast address, otherwise, the

Switch will print an error message: “The IPv6 network address can’t be Link-local address or

Multicast address. “ (e.g.:: pool1: FE80::1/64 --- FE80::100/64, pool2: FE80::200/64 ---

FE80::300/64

434

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config dhcpv6 pool ipv6network_addr <pool_name 12> begin <ipv6networkaddr> end

<ipv6networkaddr>

Parameters

<pool_name 12> - Enter the DHCPv6 pool name used here. This name can be up to 12 characters long.

begin - Specifies the beginning IPv6 network address of the DHCPv6 pool.

<ipv6networkaddr> - Enter the beginning IPv6 network address of the DHCPv6 pool here.

end - Specifies the ending IPv6 network address of the DHCPv6 pool.

<ipv6networkaddr> - Enter the ending IPv6 network address of the DHCPv6 pool here.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the range of ipv6network address for the DHCPv6 pool pool1:

DGS-3620-28PC:admin# config dhcpv6 pool ipv6network_addr pool1 begin 2000::1/64 end 2000::32/64

Command: config dhcpv6 pool ipv6network_addr pool1 begin 2000::1/64 end

2000::32/64 success

DGS-3620-28PC:admin#

26-5 config dhcpv6 pool domain_name

Description

This command is used to configure the domain name for the DHCPv6 pool of the Switch. The domain name configured here will be used as the default domain name by the client.

By default, the domain name is empty. If domain name is empty, the domain name information will not be provided to the client.

Format config dhcpv6 pool domain_name <pool_name 12> <domain_name 255>

Parameters

<pool_name 12> - Enter the DHCPv6 pool name used here. This name can be up to 12 characters long.

<domain_name 255> - Enter the domain name used here. This name can be up to 255 characters long.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

435

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure the domain name for the DHCPv6 pool pool1:

DGS-3620-28PC:admin# config dhcpv6 pool domain_name pool1 dlink.com

Command: config dhcpv6 pool domain_name pool1 dlink.com

Success.

DGS-3620-28PC:admin#

26-6 config dhcpv6 pool dns_server

Description

This command is used to configure the DNS server’s IPv6 addresses for a specific DHCPv6 pool.

Users may add up to two DNS Server addresses. If DNS server is not specified, the DNS server information will not be provided to the client. Users could delete a DNS server address in the method of setting the DNS server address to zero.

Format config dhcpv6 pool dns_server <pool_name 12> <ipv6addr> {<ipv6addr>}

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

<pool_name 12> - Enter the DHCPv6 pool name used here. This name can be up to 12 characters long.

<ipv6addr> - Enter the primary DNS Server IPv6 address used for this pool here.

<ipv6addr> - (Optional) Enter the secondary DNS Server IPv6 address used for this pool here.

Example

To configure the DNS server address for a DHCPv6 pool:

DGS-3620-28PC:admin# config dhcpv6 pool dns_server pool1 2000::200 2000::201

Command: config dhcpv6 pool dns_server pool1 2000::200 2000::201

Success.

DGS-3620-28PC:admin#

26-7 config dhcpv6 pool lifetime

Description

This command is used to configure the preferred-lifetime and valid-lifetime of IPv6 address within a

DHCPv6 pool.

436

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Preferred lifetime - the length of time that a valid address is preferred (i.e., the time until deprecation). When the preferred lifetime expires, the address becomes deprecated.

Valid lifetime - the length of time an address remains in the valid state (i.e., the time until invalidation). When the valid lifetime expires, the address becomes invalid.

The valid lifetime must be greater than or equal to the preferred lifetime.

Format config dhcpv6 pool lifetime <pool_name 12> preferred_lifetime <sec 60-4294967295> valid_lifetime <sec 60-4294967295>

Parameters

<pool_name 12> - Enter the DHCPv6 pool name used here. This name can be up to 12 characters long.

preferred_lifetime - Specifies the length of time that a valid address is preferred to.

<sec 60-4294967295> - Enter the preferred lifetime value here. This value must be between

60 and 4294967295 seconds.

valid_lifetime - Specifies the length of time an address remains in the valid state.

<sec 60-4294967295> - Enter the valid lifetime value here. This value must be between 60 and 4294967295 seconds.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the preferred-lifetime and valid-lifetime for the DHCPv6 pool:

DGS-3620-28PC:admin# config dhcpv6 pool lifetime pool1 preferred_lifetime 80 valid_lifetime 100

Command: config dhcpv6 pool lifetime pool1 preferred_lifetime 80 valid_lifetime

100

Success.

DGS-3620-28PC:admin#

26-8 config dhcpv6 pool manual_binding

Description

This command is used to configure a DHCPv6 pool manual binding entry. An address binding is a mapping between the IPv6 address and DUID (A DHCPv6 Unique Identifier for a DHCPv6 participant) of a client. The IPv6 address specified in the manual binding entry must be in the range of the DHCPv6 pool.

Format config dhcpv6 pool manual_binding <pool_name 12> [add [<ipv6addr> | <ipv6networkaddr>] client_duid <string 28> | delete [<ipv6addr> | <ipv6networkaddr> | all]]

437

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

<pool_name 12> - Enter the DHCPv6 pool name used here. This name can be up to 12 characters long.

add - Specifies the IPv6 address that will statically be bound to a device.

<ipv6addr> - Enter the IPv6 address used for the static bind here.

<ipv6networkaddr> - Enter the IPv6 network address used for the static bind here.

client_duid - Specifies the DUID of the device that will statically be bound to the IPv6 address entered in the previous field.

<string 28> - Enter the client DUID used here. This string can be up to 28 characters long.

delete - Specifies to delete the manual binding entry.

<ipv6addr> - Enter the IPv6 address of the manual binding entry to be deleted here.

<ipv6networkaddr> - Enter the IPv6 network address of the manual binding entry to be deleted here.

all - Specifies that all manual binding entries will be deleted.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To add a manual binding DHCPv6 entry:

DGS-3620-28PC:admin# config dhcpv6 pool manual_binding pool1 add 2000::3 client_duid 00010006124dd5840021918d4d9f

Command: config dhcpv6 pool manual_binding pool1 add 2000::3 client_duid

00010006124dd5840021918d4d9f success

DGS-3620-28PC:admin#

26-9 config dhcpv6 pool prefix_delegation

Description

This command is used to create a DHCPv6 prefix pool for an interface.

Format config dhcpv6 pool prefix_delegation <pool_name 12> <ipv6networkaddr> <value 1-128>

<ipif_name 12>

Parameters

<pool_name 12> - Enter the DHCPv6 server pool name here. This name can be up to 12 characters long.

<ipv6networkaddr> - Enter the IPv6 prefix assigned to the pool here.

<value 1-128> - Enter the length of the prefix, in bits, assigned to the user from the pool here.

The value of the assigned-length argument cannot be less than the value of the prefix-length.

<ipif_name 12> - Enter the name of the IP interface used for this prefix delegation.

438

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To create a DHCPv6 prefix pool prefixpool1 for interface System:

DGS-3620-28PC:admin#config dhcpv6 pool prefix_delegation prefixpool1 1111::/48

64 System

Command: config dhcpv6 pool prefix_delegation prefixpool1 1111::/48 64 System

Success.

DGS-3620-28PC:admin#

26-10 show dhcpv6 manual_binding

Description

This command will display the manual binding entries for the selected or all DHCPv6 pools.

Format show dhcpv6 manual_binding {<pool_name 12>}

Parameters

Restrictions

None.

<pool_name 12> - (Optional) Enter the DHCPv6 pool name used here. This name can be up to

12 characters long.

If no parameter is specified, then all the entries will be displayed.

Example

To display the manual binding entries of the DHCPv6 pool:

439

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show dhcpv6 manual_binding

Command: show dhcpv6 manual_binding

Pool Name :net100

Entry 1

IPv6 Address: 3000:100:1::ABCD

DUID : 00030006001572200700

Pool Name :net91

Entry 1

IPv6 Address: 3000:91:1::100

DUID : 00030006aabbcc000000

Entry 2

IPv6 Address: 3000:91:1::101

DUID : 00030006aabbcc000001

Total Entries: 3

DGS-3620-28PC:admin#

26-11 show dhcpv6 binding

Description

This command is used to show the DHCPv6 dynamic binding information. Entering the command without the pool name will display all information regarding DHCPv6 dynamic binding on the switch.

This command only displays the dynamic binding information, not including manual binding information.

Format show dhcpv6 binding {<pool_name 12>}

Parameters

<pool_name 12> - (Optional) Enter the DHCPv6 pool name used here. This name can be up to

12 characters long.

Restrictions

None.

Example

To display the DHCPv6 dynamic binding information on the Switch:

440

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# show dhcpv6 binding

Command: show dhcpv6 binding

Pool Name: net90 IPv6 Address: 3000:90:1::7

DUID : 0003000600cd14517000

Preferred(s): 120 Valid(s): 240

Pool Name: net100-2 IPv6 Address: 3000:100:1::1

DUID : 00030006001572200300

Preferred(s): 120 Valid(s): 240

Total Entries : 2

DGS-3620-28PC:admin#

26-12 clear dhcpv6 binding

Description

This command is used to clear the DHCPv6 dynamic binding information.

Format clear dhcpv6 binding {<pool_name 12>}

Parameters

<pool_name 12> - (Optional) Enter the DHCPv6 pool name used here. This name can be up to

12 characters long.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To clear the DHCPv6 dynamic binding information on the Switch:

DGS-3620-28PC:admin# clear dhcpv6 binding

Command: clear dhcpv6 binding

Success.

DGS-3620-28PC:admin#

26-13 enable dhcpv6_server

Description

This command is used to enable the DHCPv6 server function on the Switch

441

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format enable dhcpv6_server

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the DHCPv6 server global state to enable:

DGS-3620-28PC:admin# enable dhcpv6_server

Command: enable dhcpv6_server

Success.

DGS-3620-28PC:admin#

26-14 disable dhcpv6_server

Description

This command is used to disable the DHCPv6 server function on the Switch

Format disable dhcpv6_server

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the DHCPv6 server global state to disable:

DGS-3620-28PC:admin# disable dhcpv6_server

Command: disable dhcpv6_server

Success.

DGS-3620-28PC:admin#

442

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

26-15 show dhcpv6_server

Description

This command is used to display the DHCPv6 server setting.

Format show dhcpv6_server {ipif <ipif_name 12>}

Parameters

Restrictions

None.

ipif - (Optional) Specifies the IP interface name to be displayed.

<ipif_name 12> - Enter the IP interface name to be displayed here. This name can be up to

12 characters long.

Example

To display the DHCPv6 server setting:

DGS-3620-28PC:admin# show dhcpv6_server

Command: show dhcpv6_server

DHCPv6 Server Global State: Disabled

---------------------------------------------------------------

IP Interface : System

DHCPv6 Server State : Enabled

IP Interface : ipif1

DHCPv6 Server State : Enabled

Total Entries : 2

DGS-3620-28PC:admin#

26-16 config dhcpv6 pool excluded_address

Description

This command is used to configure the reserved IPv6 addresses on the DHCPv6 server.

Format config dhcpv6 pool excluded_address <pool_name 12> [add begin <ipv6addr> end

<ipv6addr> | delete [begin <ipv6addr> end <ipv6addr> | all]]

Parameters

<pool_name 12> - Enter the DHCPv6 pool name used here. This name can be up to 12

443

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command. characters long.

add - Specifies to add an excluded address range for a specified pool.

begin - Specifies the beginning IPv6 address of the range of IPv6 addresses to be excluded from the DHCPv6 pool.

<ipv6addr> - Enter the beginning IPv6 address used here.

end - Specifies the ending IPv6 address of the range of IPv6 addresses to be excluded from the DHCPv6 pool.

<ipv6addr> - Enter the ending IPv6 address used here.

delete - Specifies to delete one or all excluded address ranges of a specified pool.

begin - Specifies the beginning IPv6 address of the range of IPv6 addresses to be excluded from the DHCPv6 pool.

<ipv6addr> - Enter the beginning IPv6 address used here.

end - Specifies the ending IPv6 address of the range of IPv6 addresses to be excluded from the DHCPv6 pool.

<ipv6addr> - Enter the ending IPv6 address used here.

all - Specifies to delete all excluded address ranges of a specified pool.

Example

To add the IPv6 addresses range that DHCPv6 server should not assign to clients:

DGS-3620-28PC:admin# config dhcpv6 pool excluded_address pool1 add begin

2000::3 end 2000::8

Command: config dhcpv6 pool excluded_address pool1 add begin 2000::3 end

2000::8

Success.

DGS-3620-28PC:admin#

26-17 show dhcpv6 excluded_address

Description

This command is used to display the groups of IPv6 addresses which are excluded from the legal assigned IPv6 address

Format show dhcpv6 excluded_address {<pool_name 12>}

Parameters

Restrictions

None.

<pool_name 12> - (Optional) Enter the DHCPv6 pool name used here. This name can be up to

12 characters long.

444

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To display the excluded address information:

DGS-3620-28PC:admin# show dhcpv6 excluded_address

Command: show dhcpv6 excluded_address

Pool Name: net100

Range 1

Begin Address: 3000:110:1::1

End Address : 3000:110:1::7

Range 2

Begin Address: 3000:110:1::9

End Address : 3000:110:1::9

Range 3

Begin Address: 3000:110:1::11

End Address : 3000:110:1::11

Range 4

Begin Address: 3000:110:1::13

End Address : 3000:110:1::13

Total Entries : 5

DGS-3620-28PC:admin#

26-18 config dhcpv6_server ipif

Description

This command is used to configure the DHCPv6 Server state per interface.

Format config dhcpv6_server ipif [<ipif_name 12> | all] state [enable | disable]

Parameters

ipif - Specifies the IP interface used.

<ipif_name 12> - Enter the IP interface name used. This name can be up to 12 characters long.

all - Specifies that all the IP interfaces will used.

state - Specifies the DHCPv6 server state for the specified interface.

enable - Specifies that the DHCPv6 server state for the specified interface will be enabled.

disable - Specifies that the DHCPv6 server state for the specified interface will be disabled.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the DHCPv6 Server state of System Interface to enable:

445

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# config dhcpv6_server ipif System state enable

Command: config dhcpv6_server ipif System state enable

Success.

DGS-3620-28PC:admin#

446

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 27 Digital Diagnostic

Monitoring (DDM) Commands

config ddm [trap | log] [enable | disable]

config ddm ports [<portlist> | all] [[temperature_threshold {high_alarm <degrees> | low_alarm

<degrees> | high_warning <degrees> | low_warning <degrees>} | voltage_threshold

{high_alarm <voltage> | low_alarm <voltage> | high_warning <voltage> | low_warning

<voltage>} | bias_current_threshold {high_alarm <milliampere> | low_alarm <milliampere> | high_warning <milliampere> | low_warning <milliampere>} | tx_power_threshold {high_alarm

<mw_or_dbm> | low_alarm <mw_or_dbm> | high_warning <mw_or_dbm> | low_warning

<mw_or_dbm>} | rx_power_threshold {high_alarm <mw_or_dbm> | low_alarm <mw_or_dbm>

| high_warning <mw_or_dbm> | low_warning <mw_or_dbm>}] | {state [enable | disable] | shutdown [alarm | warning | none]}]

show ddm

show ddm ports {<portlist>} [status | configuration]

config ddm power_unit [mw | dbm]

27-1 config ddm

Description

The command configures the DDM log and trap action when encountering an exceeding alarm or warning thresholds event.

Format config ddm [trap | log] [enable | disable]

Parameters

trap - Specifies whether to send traps, when the operating parameter exceeds the corresponding threshold. The DDM trap is disabled by default.

log - Specifies whether to send a log, when the operating parameter exceeds the corresponding threshold. The DDM log is enabled by default.

enable - Specifies to enable the log or trap sending option.

disable - Specifies to disable the log or trap sending option.

Restrictions

Only Administrators and Operators can issue this command.

Example

To configure DDM log state to enable:

447

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#config ddm log enable

Command: config ddm log enable

Success.

DGS-3620-28PC:admin#

To configure DDM trap state to enable:

DGS-3620-28PC:admin#config ddm trap enable

Command: config ddm trap enable

Success.

DGS-3620-28PC:admin#

27-2 config ddm ports

Description

The command is used to configure the DDM settings of the specified ports.

Format config ddm ports [<portlist> | all] [[temperature_threshold {high_alarm <degrees> | low_alarm <degrees> | high_warning <degrees> | low_warning <degrees>} | voltage_threshold {high_alarm <voltage> | low_alarm <voltage> | high_warning <voltage> | low_warning <voltage>} | bias_current_threshold {high_alarm <milliampere> | low_alarm

<milliampere> | high_warning <milliampere> | low_warning <milliampere>} | tx_power_threshold {high_alarm <mw_or_dbm> | low_alarm <mw_or_dbm> | high_warning

<mw_or_dbm> | low_warning <mw_or_dbm>} | rx_power_threshold {high_alarm

<mw_or_dbm> | low_alarm <mw_or_dbm> | high_warning <mw_or_dbm> | low_warning

<mw_or_dbm>}] | {state [enable | disable] | shutdown [alarm | warning | none]}]

Parameters

<portlist> - Enter the range of ports to be configured here.

all - Specifies that all the optic ports’ operating parameters will be configured.

temperature_threshold - Specifies the threshold of the optic module’s temperature in centigrade. At least one parameter shall be specified for this threshold.

high_alarm - (Optional) Specifies the high threshold for the alarm. When the operating parameter rises above this value, the action associated with the alarm is taken.

<degrees> - Enter the high threshold alarm value used here.

low_alarm - (Optional) Specifies the low threshold for the alarm. When the operating parameter falls below this value, the action associated with the alarm is taken.

<degrees> - Enter the low threshold alarm value used here.

high_warning - (Optional) Specifies the high threshold for the warning. When the operating parameter rises above this value, the action associated with the warning is taken.

<degrees> - Enter the high threshold warning value here.

low_warning - (Optional) Specifies the low threshold for the warning. When the operating parameter falls below this value, the action associated with the warning is taken.

<degrees> - Enter the low threshold warning value here.

voltage_threshold - Specifies the threshold of optic module’s voltage.

high_alarm - (Optional) Specifies the high threshold for the alarm. When the operating parameter rises above this value, the action associated with the alarm is taken.

448

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

<voltage> - Enter the high threshold alarm value used here.

low_alarm - (Optional) Specifies the low threshold for the alarm. When the operating parameter falls below this value, the action associated with the alarm is taken.

<voltage> - Enter the low threshold alarm value used here.

high_warning - (Optional) Specifies the high threshold for the warning. When the operating parameter rises above this value, the action associated with the warning is taken.

<voltage> - Enter the high threshold warning value here.

low_warning - (Optional) Specifies the low threshold for the warning. When the operating parameter falls below this value, the action associated with the warning is taken.

<voltage> - Enter the low threshold warning value here.

bias_current_threshold - Specifies the threshold of the optic module’s bias current.

high_alarm - (Optional) Specifies the high threshold for the alarm. When the operating parameter rises above this value, the action associated with the alarm is taken.

<milliampere> - Enter the high threshold alarm value used here.

low_alarm - (Optional) Specifies the low threshold for the alarm. When the operating parameter falls below this value, the action associated with the alarm is taken.

<milliampere> - Enter the low threshold alarm value used here.

high_warning - (Optional) Specifies the high threshold for the warning. When the operating parameter rises above this value, the action associated with the warning is taken.

<milliampere> - Enter the high threshold warning value here.

low_warning - (Optional) Specifies the low threshold for the warning. When the operating parameter falls below this value, the action associated with the warning is taken.

<milliampere> - Enter the low threshold warning value here.

tx_power_threshold - Specifies the threshold of the optic module’s output power.

high_alarm - (Optional) Specifies the high threshold for the alarm. When the operating parameter rises above this value, the action associated with the alarm is taken.

<mw_or_dbm> - Enter the high threshold alarm value used here.

low_alarm - (Optional) Specifies the low threshold for the alarm. When the operating parameter falls below this value, the action associated with the alarm is taken.

<mw_or_dbm> - Enter the low threshold alarm value used here.

high_warning - (Optional) Specifies the high threshold for the warning. When the operating parameter rises above this value, the action associated with the warning is taken.

<mw_or_dbm> - Enter the high threshold warning value here.

low_warning - (Optional) Specifies the low threshold for the warning. When the operating parameter falls below this value, the action associated with the warning is taken.

<mw_or_dbm> - Enter the low threshold warning value here.

rx_power_threshold - Specifies the threshold of optic module’s received power.

high_alarm - (Optional) Specifies the high threshold for the alarm. When the operating parameter rises above this value, the action associated with the alarm is taken.

<mw_or_dbm> - Enter the high threshold alarm value used here.

low_alarm - (Optional) Specifies the low threshold for the alarm. When the operating parameter falls below this value, the action associated with the alarm is taken.

<mw_or_dbm> - Enter the low threshold alarm value used here.

high_warning - (Optional) Specifies the high threshold for the warning. When the operating parameter rises above this value, the action associated with the warning is taken.

<mw_or_dbm> - Enter the high threshold warning value here.

low_warning - (Optional) Specifies the low threshold for the warning. When the operating parameter falls below this value, the action associated with the warning is taken.

<mw_or_dbm> - Enter the low threshold warning value here.

state - (Optional) Specifies the DDM state to enable or disable. If the state is disabled, no DDM action will take effect.

enable - Specifies to enable the DDM state.

disable - Specifies to disable the DDM state.

shutdown - (Optional) Specifies whether or not to shutdown the port when the operating parameter exceeds the corresponding alarm threshold or warning threshold.

alarm - Shutdown the port when the configured alarm threshold range is exceeded.

warning - Shutdown the port when the configured warning threshold range is exceeded.

none - The port will never shutdown regardless if the threshold ranges are exceeded or not.

449

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators and Operators can issue this command.

Example

To configure the port 21’s temperature threshold:

DGS-3620-28PC:admin#config ddm ports 1:21 temperature_threshold high_alarm

84.9555 low_alarm -10 high_warning 70 low_warning 2.25251

Command: config ddm ports 1:21 temperature_threshold high_alarm 84.9555 low_alarm -10 high_warning 70 low_warning 2.25251

Success.

DGS-3620-28PC:admin#

To configure the port 21’s voltage threshold:

DGS-3620-28PC:admin#config ddm ports 1:21 voltage_threshold high_alarm 4.25 low_alarm 2.5 high_warning 3.5 low_warning 3

Command: config ddm ports 1:21 voltage_threshold high_alarm 4.25 low_alarm 2.5 high_warning 3.5 low_warning 3

Success.

DGS-3620-28PC:admin#

To configure the port 21’s bias current threshold:

DGS-3620-28PC:admin#config ddm ports 1:21 bias_current_threshold high_alarm

7.25 low_alarm 0.004 high_warning 0.5 low_warning 0.008

Command: config ddm ports 1:21 bias_current_threshold high_alarm 7.25 low_alarm

0.004 high_warning 0.5 low_warning 0.008

Success.

DGS-3620-28PC:admin#

To configure the port 21’s transmit power threshold:

DGS-3620-28PC:admin#config ddm ports 1:21 tx_power_threshold high_alarm 0.625 low_alarm 0.006 high_warning 0.55 low_warning 0.008

Command: config ddm ports 1:21 tx_power_threshold high_alarm 0.625 low_alarm

0.006 high_warning 0.55 low_warning 0.008

Success.

DGS-3620-28PC:admin#

To configure the port 21’s receive power threshold:

450

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#config ddm ports 1:21 rx_power_threshold high_alarm 4.55 low_alarm 0.01 high_warning 3.5 low_warning 0.03

Command: config ddm ports 1:21 rx_power_threshold high_alarm 4.55 low_alarm

0.01 high_warning 3.5 low_warning 0.03

Success.

DGS-3620-28PC:admin#

To configure port 21’s actions associate with the alarm:

DGS-3620-28PC:admin#config ddm ports 1:21 state enable shutdown alarm

Command: config ddm ports 1:21 state enable shutdown alarm

Success.

DGS-3620-28PC:admin#

27-3 show ddm

Description

This command is used to display the DDM global settings.

Format show ddm

Parameters

None.

Restrictions

None.

Example

To display the DDM global settings:

DGS-3620-28PC:admin#show ddm

Command: show ddm

DDM Log : Enabled

DDM Trap : Disabled

DDM Tx/Rx Power Unit : mw

DGS-3620-28PC:admin#

451

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

27-4 show ddm ports

Description

This command is used to show the current operating DDM parameters and configuration values of the optic module of the specified ports. There are two types of thresholds: the administrative configuration and the operation configuration threshold.

For the optic port, when a particular threshold was configured by user, it will be shown in this command with a tag indicating that it is a threshold that user configured, else it would be the threshold read from the optic module that is being inserted.

Format show ddm ports {<portlist>} [status | configuration]

Parameters

<portlist> - (Optional) Enter the range of ports to be displayed here.

status - Specifies that the operating parameter will be displayed.

configuration - Specifies that the configuration values will be displayed.

Restrictions

None.

Example

To display ports 21-22’s operating parameters:

DGS-3620-28PC:admin#show ddm ports 1:21-1:22 status

Command: show ddm ports 1:21-1:22 status

Port Temperature Voltage Bias-Current TX-Power RX-Power

(in Celsius) (V) (mA) (mW) (mW)

------- ------------- ---------- -------------- ---------- ------------

1:21 21.5 2.5 50 3 4

1:22 - - - - -

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

To display port 21’s configuration:

452

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#show ddm ports 1:21 configuration

Command: show ddm ports 1:21 configuration

Port: 1:21

--------------------------------------------

DDM State : Enabled

Shutdown : Alarm

Threshold Temperature Voltage Bias-Current TX-Power RX-Power

(in Celsius) (V) (mA) (mW) (mW)

------------- ------------ ------------ ------------ ------------ ------------

High Alarm 84.9555(A) 4.2500(A) 7.2500(A) 0.6250(A) 4.5500(A)

Low Alarm -10.0000(A) 2.5000(A) 0.0040(A) 0.0060(A) 0.0100(A)

High Warning 70.0000(A) 3.5000(A) 0.5000(A) 0.5500(A) 3.5000(A)

Low Warning 2.2525(A) 3.0000(A) 0.0080(A) 0.0080(A) 0.0300(A)

A means that the threshold is administratively configured.

DGS-3620-28PC:admin#

27-5 config ddm power_unit

Description

The command is used to configure the unit of DDM TX and RX power.

Format config ddm power_unit [mw | dbm]

Parameters

mw - Specifies the DDM TX and RX power unit as mW.

dbm - Specifies the DDM TX and RX power unit as dBm.

Restrictions

Only Administrators and Operators can issue this command.

Example

To configure the DDM TX and RX power unit as dBm:

DGS-3620-28PC:admin#config ddm power_unit dbm

Command: config ddm power_unit dbm

Success.

DGS-3620-28PC:admin#

453

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 28 Distance Vector

Multicast Routing Protocol

(DVMRP) Commands

config dvmrp [ipif <ipif_name 12> | all] {metric <value 1-31> | probe <sec 1-65535> | neighbor_timeout <sec 1-65535> | state [enable | disable]}(1)

enable dvmrp disable dvmrp

show dvmrp {ipif <ipif_name 12>}

show dvmrp neighbor {ipif <ipif_name 12> | ipaddress <network_address>}

show dvmrp nexthop {ipaddress <network_address> | ipif <ipif_name 12>}

show dvmrp routing_table {ipaddress <network_address>}

28-1 config dvmrp

Description

This command is used to configure DVMRP configurations.

Format config dvmrp [ipif <ipif_name 12> | all] {metric <value 1-31> | probe <sec 1-65535> | neighbor_timeout <sec 1-65535> | state [enable | disable]}(1)

Parameters

ipif - Specifies the IP interface name used.

<ipif_name 12> - Enter the IP interface name used here. This name can be up to 12 characters long.

all - Specifies that all the IP interfaces will be used.

metric - (Optional) Allows the assignment of a DVMRP route cost to the above IP interface. A

DVMRP route cost is a relative number that represents the real cost of using this route in the construction of a multicast delivery tree. It is similar to, but not defined as, the hop count in

RIP.

<value 1-31> - Enter the metric value used here. This value must be between 1 and 31. The default value is 1.

probe - (Optional) Specifies the time in seconds between the DVMRP Probe message transmissions.

<sec 1-65535> - Enter the probe value used here. This value must be between 1 and 65535 seconds. The default value is 10 seconds.

neighbor_timeout - (Optional) Specifies the time period for DVMRP will hold Neithbor Router reports before issuing poison route messages.

<sec 1-65535> - Enter the neighbor timeout value used here. This value must be between 1 and 65535 seconds. The default value is 35 seconds.

state - (Optional) Specifies the DVMRP state of the IP interface.

enable - Specifies that DVMRP of the specified IP interface will be enabled.

disable - Specifies that DVMRP of the specified IP interface will be disabled.

454

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To configure DVMRP configurations of IP interface called ‘System’:

DGS-3620-28PC:admin# config dvmrp ipif System neighbor_timeout 30 metric 1 probe 5

Command: config dvmrp ipif System neighbor_timeout 30 metric 1 probe 5

Success

DGS-3620-28PC:admin#

28-2 enable dvmrp

Description

This command is used to enable the DVMRP global state on the Switch.

Format enable dvmrp

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To enable DVMRP:

DGS-3620-28PC:admin# enable dvmrp

Command: enable dvmrp

Success.

DGS-3620-28PC:admin#

28-3 disable dvmrp

Description

This command is used to disable the DVMRP global state on the Switch.

455

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format disable dvmrp

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only

Command)

Example

To disable DVMRP:

DGS-3620-28PC:admin# disable dvmrp

Command: disable dvmrp

Success.

DGS-3620-28PC:admin#

28-4 show dvmrp

Description

This command is used to display DVMRP configurations.

Format show dvmrp {ipif <ipif_name 12>}

Parameters

ipif - (Optional) Specifies the IP interface name used for the display.

<ipif_name 12> - Enter the IP interface name used for the display here. This name can be up to 12 characters long.

If no parameter is specified, then all the IP interfaces will be displayed.

Restrictions

None. (EI Mode Only Command)

Example

To display DVMRP configurations:

456

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#show dvmrp

Command: show dvmrp

DVMRP Global State : Disabled

Interface IP Address Neighbor Timeout Probe Metric State

------------ ----------------- ---------------- ----- ------ --------

System 192.168.69.123 35 10 1 Disabled

Total Entries: 1

DGS-3620-28PC:admin#

28-5 show dvmrp neighbor

Description

This command is used to display the DVMRP neighbor table.

Format show dvmrp neighbor {ipif <ipif_name 12> | ipaddress <network_address>}

Parameters

ipif - (Optional) Specifies the IP interface name used for the display.

<ipif_name 12> - Enter the IP interface name used for the display here. This name can be up to 12 characters long.

ipaddress - (Optional) Specifies the IP address and netmask of the destination used.

<network_address> - Enter the IP address and netmask of the destination used here.

If no parameter is specified, the system will display the whole DVMRP neighbor table.

Restrictions

None. (EI Mode Only Command)

Example

To display DVMRP neighbor table:

DGS-3620-28PC:admin# show dvmrp neighbor

Command: show dvmrp neighbor

DVMRP Neighbor Address Table

Interface Neighbor Address Generation ID Expire Time

--------------- ---------------- ------------- -----------

System 10.48.74.123 86 32

Total Entries : 1

DGS-3620-28PC:admin#

457

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

28-6 show dvmrp nexthop

Description

This command is used to display the DVMRP routing next hop table.

Format show dvmrp nexthop {ipaddress <network_address> | ipif <ipif_name 12>}

Parameters

ipaddress - (Optional) Specifies the IP address and netmask of the destination used.

<network_address> - Enter the IP address and netmask of the destination used here.

ipif - (Optional) Specifies the IP interface name used for the display.

<ipif_name 12> - Enter the IP interface name used for the display here. This name can be up to 12 characters long.

If no parameter is specified, the system will display all the DVMRP routing next hop tables.

Restrictions

None. (EI Mode Only Command)

Example

To display DVMRP routing next hop table:

DGS-3620-28PC:admin# show dvmrp nexthop

Command: show dvmrp nexthop

DVMRP Routing Next Hop Table

Source Address/NetMask Interface Name Type

---------------------- --------------- ------

10.0.0.0/8 ip2 Leaf

10.0.0.0/8 ip3 Leaf

20.0.0.0/8 System Leaf

20.0.0.0/8 ip3 Leaf

30.0.0.0/8 System Leaf

30.0.0.0/8 ip2 Leaf

Total Entries : 6

DGS-3620-28PC:admin#

28-7 show dvmrp routing_table

Description

This command is used to display the DVMRP routing table.

Format show dvmrp routing_table {ipaddress <network_address>}

458

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Parameters

ipaddress - (Optional) Specifies the IP address and netmask of the destination used.

<network_address> - Enter the IP address and netmask of the destination used here.

If no parameter is specified, the system will display the whole DVMRP routing table.

Restrictions

None. (EI Mode Only Command)

Example

To display DVMRP routing table:

DGS-3620-28PC:admin# show dvmrp routing_table

Command: show dvmrp routing_table

DVMRP Routing Table

Source Address/Netmask Upstream Neighbor Metric Learned Interface Expire

---------------------- ----------------- ------ ------- ---------- ------

10.0.0.0/8 10.90.90.90 2 Local System -

20.0.0.0/16 20.1.1.1 2 Local ip2 -

30.0.0.0/24 30.1.1.1 2 Local ip3 -

Total Entries : 3

DGS-3620-28PC:admin#

459

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 29 D-Link License

Management System (DLMS)

Commands

29-1

install dlms activation_code <string 25> {unit <unit_id>}

show dlms license

install dlms activation_code

Description

This command is used to install an activation code. The activation code is a set of codes which activates functions on the switch.

Format install dlms activation_code <string 25> {unit <unit_id>}

Parameters

<string 25> Specifies an activation code. The length should be 25 string characters

unit - Specifies the unit to display.

<unit_id> Specifies the switch in the switch stack.

Restrictions

Only Administrator level users can issue this command.

Example

To input a legal activation code:

DGS-3620-28PC:admin# install dlms activation_code xBc7vNWsSpchuQkGZsTfPwcfa

Command: install dlms activation_code xBc7vNWsSpchuQkGZsTfPwcfa

Success.

Please reboot the device to active the license.

DGS-3620-28PC:admin#

460

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

29-2 show dlms license

Description

This command will display the license information.

Format show dlms license {unit <unit_id>}

Parameters

unit - Specifies the unit to display.

<unit_id> Specifies the switch in the switch stack.

Restrictions

None.

Example

To display license information:

DGS-3620-28PC:admin# show dlms license

Command: show dlms license

Device Default License : EI

DGS-3620-28PC:admin#

461

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 30 Domain Name

System (DNS) Relay

Commands

config dnsr [[primary | secondary] nameserver <ipaddr> | [add | delete] static <domain_name 32>

<ipaddr>]

enable dnsr {[cache | static]}

disable dnsr {[cache | static]}

show dnsr {static}

30-1 config dnsr

Description

This command is used to add or delete a static entry into the Switch’s DNS resolution table, or set up the relay server.

Format config dnsr [[primary | secondary] nameserver <ipaddr> | [add | delete] static

<domain_name 32> <ipaddr>]

Parameters

primary - Specifies to indicate that the IP address below is the address of the primary DNS server.

secondary - Specifies to indicate that the IP address below is the address of the secondary DNS server.

nameserver - Specifies the IP address of the DNS nameserver.

<ipaddr> - Enter the IP address of the DNS nameserver.

add - Specifies to add the DNS relay function.

delete - Specifies to delete the DNS relay function.

static - Specifies the domain name of the entry.

<domain_name32> - Enter the domain name.

<ipaddr> - Enter the IP address of the entry.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To set IP address 10.24.22.5 as the primary DNS server:

DGS-3620-28PC:admin# config dnsr primary nameserver 10.24.22.5

Command: config dnsr primary nameserver 10.24.22.5

Success.

462

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#

To add the entry “dns1” with IP address 10.24.22.5 to the DNS static table:

DGS-3620-28PC:admin#config dnsr add static dns1 10.24.22.5

Command: config dnsr add static dns1 10.24.22.5

Success.

DGS-3620-28PC:admin#

To delete the entry “dns1” with IP address 10.24.22.5 from the DNS static table:

DGS-3620-28PC:admin#config dnsr delete static dns1 10.24.22.5

Command: config dnsr delete static dns1 10.24.22.5

Success.

DGS-3620-28PC:admin#

30-2 enable dnsr

Description

This command is used to enable DNS relay.

Format enable dnsr {[cache | static]}

Parameters

cache - Specifies to enable the cache lookup for the DNS relay on the switch.

static - Specifies to enable the static table lookup for the DNS relay on the switch.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable DNS relay:

DGS-3620-28PC:admin#enable dnsr

Command: enable dnsr

Success.

DGS-3620-28PC:admin#

To enable cache lookup for DNS relay:

463

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#enable dnsr cache

Command: enable dnsr cache

Success.

DGS-3620-28PC:admin#

To enable static table lookup for DNS relay:

DGS-3620-28PC:admin#enable dnsr static

Command: enable dnsr static

Success.

DGS-3620-28PC:admin#

30-3 disable dnsr

Description

This command is used to disable DNS relay on the switch.

Format disable dnsr {[cache | static]}

Parameters

cache - (Optional) Specifies to disable the cache lookup for the DNS relay on the switch.

static - (Optional) Specifies to disable the static table lookup for the DNS relay on the switch.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To disable the status of DNS relay:

DGS-3620-28PC:admin#disable dnsr

Command: disable dnsr

Success.

DGS-3620-28PC:admin#

To disable cache lookup for DNS relay:

DGS-3620-28PC:admin#disable dnsr cache

Command: disable dnsr cache

Success.

464

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#

To disable static table lookup for DNS relay:

DGS-3620-28PC:admin#disable dnsr static

Command: disable dnsr static

Success.

DGS-3620-28PC:admin#

30-4 show dnsr

Description

This command is used to display the current DNS relay configuration and static entries.

Format show dnsr {static}

Parameters

static - (Optional) Specifies to display the static entries in the DNS relay table. If this parameter is omitted, the entire DNS relay table will be displayed.

Restrictions

None.

Example

To display the DNS relay status:

465

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin#show dnsr

Command: show dnsr

DNSR Status : Disabled

Primary Name Server : 0.0.0.0

Secondary Name Server : 0.0.0.0

DNSR Cache Status : Disabled

DNSR Static Table Status : Disabled

DNS Relay Static Table

Domain Name IP Address

----------------------------------------- --------------- www.123.com.tw 10.12.12.123

Total Entries: 1

DGS-3620-28PC:admin#

466

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 31 Domain Name

System (DNS) Resolver

Commands

config name_server add [<ipaddr> | <ipv6addr>] {primary}

config name_server delete [<ipaddr> | <ipv6addr>] {primary}

config name_server timeout <second 1-60>

show name_server

create host_name <name 255> [<ipaddr> | <ipv6addr>]

delete host_name [<name 255> | all]

show host_name {static | dynamic}

enable dns_resolver disable dns_resolver

31-1 config name_server add

Description

This command is used to add a DNS resolver name server to the Switch.

Format config name_server add [<ipaddr> | <ipv6addr>] {primary}

Parameters

<ipaddr> - Enter the DNS Resolver name server IPv4 address used here.

<ipv6addr> - Enter the DNS Resolver name server IPv6 address used here.

primary – (Optional) Specifies that the name server is a primary name server.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To add DNS Resolver primary name server 10.10.10.10:

DGS-3620-28PC:admin# config name_server add 10.10.10.10 primary

Command: config name_server add 10.10.10.10 primary

Success.

DGS-3620-28PC:admin#

467

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

31-2 config name_server delete

Description

This command is used to delete a DNS resolver name server from the Switch.

Format config name_server delete [<ipaddr> | <ipv6addr>] {primary}

Parameters

<ipaddr> - Enter the DNS Resolver name server IPv4 address used here.

<ipv6addr> - Enter the DNS Resolver name server IPv6 address used here.

primary – (Optional) Specifies that the name server is a primary name server.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete DNS Resolver name server 10.10.10.1:

DGS-3620-28PC:admin# config name_server delete 10.10.10.10

Command: config name_server delete 10.10.10.10

Success.

DGS-3620-28PC:admin#

31-3 config name_server timeout

Description

This command is used to configure the timeout value of a DNS Resolver name server.

Format config name_server timeout <second 1-60>

Parameters

timeout - Specifies the maximum time waiting for a responce from a specified name server.

<second 1-60> - Enter the timeout value used here. This value must be between 1 and 60 seconds.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

468

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure DNS Resolver name server time out to 10 seconds:

DGS-3620-28PC:admin# config name_server timeout 10

Command: config name_server timeout 10

Success.

DGS-3620-28PC:admin#

31-4 show name_server

Description

This command is used to display the current DNS Resolver name servers and name server time out on the Switch.

Format show name_server

Parameters

None.

Restrictions

None.

Example

To display the current DNS Resolver name servers and name server time out:

DGS-3620-28PC:admin# show name_server

Command: show name_server

Name Server Time Out: 3 seconds

Static Name Server Table:

Server IP Address Priority

--------------------- --------------

20.20.20.20 Secondary

10.1.1.1 Primary

Dynamic Name Server Table:

Server IP Address Priority

--------------------- --------------

10.48.74.122 Primary

DGS-3620-28PC:admin#

469

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

31-5 create host_name

Description

This command is used to create the static host name entry of the Switch.

Format create host_name <name 255> [<ipaddr> | <ipv6addr>]

Parameters

<name 255> - Enter the hostname used here. This name can be up to 255 characters long.

<ipaddr> - Enter the host IPv4 address used here.

<ipv6addr> - Enter the host IPv6 address used here.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To create static host name “www.example.com”:

DGS-3620-28PC:admin# create host_name www.example.com 10.10.10.10

Command: create host_name www.example.com 10.10.10.10

Success.

DGS-3620-28PC:admin#

31-6 delete host_name

Description

This command is used to delete the static or dynamic host name entries of the Switch.

Format delete host_name [<name 255> | all]

Parameters

<name 255> - Enter the hostname used here. This name can be up to 255 characters long.

all - Specifies that all the hostnames will be deleted.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete the static host name entry “www.example.com”:

470

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

DGS-3620-28PC:admin# delete host_name www.example.com

Command: delete host_name www.example.com

Success.

DGS-3620-28PC:admin#

31-7 show host_name

Description

This command is used to display the current host name.

Format show host_name {static | dynamic}

Parameters

static – (Optional) Specifies to display the static host name entries.

dynamic – (Optional) Specifies to display the dynamic host name entries.

Restrictions

None.

Example

To display the static and dynamic host name entries:

DGS-3620-28PC:admin#show host_name

Command: show host_name

Static Host Name Table

Host Name : www.example1.com

IP Address : 20.20.20.20

IPv6 Address : 3000::1

Host Name : www.example2.com

IP Address : 10.10.10.10

IPv6 Address : 1000::1

Host Name : www.example3.com

IP Address : 4.4.4.4

Host Name : www.example4.com

IPv6 Address : 4000::1

Total Static Entries: 4

Dynamic Host Name Table

471

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Total Dynamic Entries: 0

DGS-3620-28PC:admin#

31-8 enable dns_resolver

Description

This command is used to enable the DNS Resolver state of the Switch.

Format enable dns_resolver

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure the DNS Resolver state to enabled:

DGS-3620-28PC:admin# enable dns_resolver

Command: enable dns_resolver

Success.

DGS-3620-28PC:admin#

31-9 disable dns_resolver

Description

This command is used to disable the DNS Resolver state of the Switch.

Format disable dns_resolver

Parameters

None.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

472

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To configure the DNS Resolver state to disabled:

DGS-3620-28PC:admin# disable dns_resolver

Command: disable dns_resolver

Success.

DGS-3620-28PC:admin#

473

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 32 DoS Attack

Prevention Commands

config dos_prevention dos_type [{land_attack | blat_attack | tcp_null_scan | tcp_xmasscan | tcp_synfin | tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack} | all]

{action [drop] | state [enable | disable]}(1)

config dos_prevention log [enable | disable]

config dos_prevention trap [enable | disable]

show dos_prevention {land_attack | blat_attack | tcp_null_scan | tcp_xmasscan | tcp_synfin | tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack}

32-1 config dos_prevention dos_type

Description

This command is used to configure the prevention of each DoS attacks. The packet matching will be done by hardware. For a specific type of attack, the content of the packet will be matched against a specific pattern.

Format config dos_prevention dos_type [{land_attack | blat_attack | tcp_null_scan | tcp_xmasscan

| tcp_synfin | tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack} | all]

{action [drop] | state [enable | disable]}(1)

Parameters

land_attack - (Optional) Specifies that the DoS attack prevention type will be set to prevent

LAND attacks.

blat_attack - (Optional) Specifies that the DoS attack prevention type will be set to prevent BLAT attacks.

tcp_null_scan - (Optional) Specifies that the DoS attack prevention type will be set to prevent

TCP Null Scan attacks.

tcp_xmasscan - (Optional) Specifies that the DoS attack prevention type will be set to prevent

TCP Xmas Scan attacks.

tcp_synfin - (Optional) Specifies that the DoS attack prevention type will be set to prevent TCP

SYN FIN attacks.

tcp_syn_srcport_less_1024 - (Optional) Specifies that the DoS attack prevention type will be set to prevent TCP SYN Source Port Less 1024 attacks.

ping_death_attack - (Optional) Specifies that the DoS attack prevention type will be set to prevent Ping of Death attacks.

tcp_tiny_frag_attack - (Optional) Specifies that the DoS attack prevention type will be set to prevent TCP Tiny Frag attacks.

all - Specifies that the DoS attack prevention type will be set to prevent all attacks.

action - (Optional) Specifies the action that the DoS Prevention function will take.

drop - Specifies to drop all matched DoS attack packets.

state - (Optional) Specifies the DoS Attack Prevention state.

enable - Specifies that the DoS Attack Prevention state will be enabled.

disable - Specifies that the DoS Attack Prevention state will be disabled.

474

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To configure land attack and blat attack prevention, the action is drop:

DGS-3620-28PC:admin#config dos_prevention dos_type land_attack blat_attack action drop state enable

Command: config dos_prevention dos_type land_attack blat_attack action drop state enable

Success.

DGS-3620-28PC:admin#

32-2 config dos_prevention log

Description

This command is used to enable or disable the DoS prevention log state.

Format config dos_prevention log [enable | disable]

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

enable - Specifies to enable the DoS prevention log state.

disable - Specifies to disable the DoS prevention log state.

Example

To enable the DoS prevention log:

DGS-3620-28PC:admin#config dos_prevention log enable

Command: config dos_prevention log enable

Success.

DGS-3620-28PC:admin#

32-3 config dos_prevention trap

Description

This command is used to enable or disable the DoS prevention trap state.

475

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format config dos_prevention trap [enable | disable]

Parameters

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

enable - Specifies to enable the DoS prevention trap state.

disable - Specifies to disable the DoS prevention trap state.

Example

To enable the DoS prevention trap:

DGS-3620-28PC:admin#config dos_prevention trap disable

Command: config dos_prevention trap disable

Success.

DGS-3620-28PC:admin#

32-4 show dos_prevention

Description

This command is used to display DoS prevention information.

Format show dos_prevention {land_attack | blat_attack | tcp_null_scan | tcp_xmasscan | tcp_synfin

| tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack}

Parameters

land_attack - (Optional) Specifies that only DoS LAND attack information will be displayed.

blat_attack - (Optional) Specifies that only DoS BLAT attack information will be displayed.

tcp_null_scan - (Optional) Specifies that only DoS TCP Null Scan attack information will be displayed.

tcp_xmasscan - (Optional) Specifies that only DoS TCP Xmas Scan attack information will be displayed.

tcp_synfin - (Optional) Specifies that only DoS TCP SYN FIN attack information will be displayed.

tcp_syn_srcport_less_1024 - (Optional) Specifies that only DoS TCP SYN Source Port Less than 1024 attack information will be displayed.

ping_death_attack - (Optional) Specifies that only DoS Ping of Death attack information will be displayed.

tcp_tiny_frag_attack - (Optional) Specifies that only DoS TCP Tiny Frag attack information will be displayed.

Restrictions

None.

476

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Example

To display DoS prevention information:

DGS-3620-28PC:admin#show dos_prevention

Command: show dos_prevention

Trap:Disabled Log:Enabled Function Version : 1.01

DoS Type State Action Frame Counts

-------------------------- -------- ---------------- ------------

Land Attack Enabled Drop -

Blat Attack Enabled Drop -

TCP Null Scan Disabled Drop -

TCP Xmas Scan Disabled Drop -

TCP SYNFIN Disabled Drop -

TCP SYN SrcPort Less 1024 Disabled Drop -

Ping of Death Attack Disabled Drop -

TCP Tiny Fragment Attack Disabled Drop -

CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh

To display DoS prevention information of Land Attack:

DGS-3620-28PC:admin#show dos_prevention land_attack

Command: show dos_prevention land_attack

DoS Type : Land Attack

State : Disabled

Action : Drop

Frame Counts : -

DGS-3620-28PC:admin#

To display DoS prevention information of Blat Attack:

DGS-3620-28PC:admin#show dos_prevention blat_attack

Command: show dos_prevention blat_attack

DoS Type : Blat Attack

State : Disabled

Action : Drop

Frame Counts : -

DGS-3620-28PC:admin#

477

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 33 D-Link

Unidirectional Link Detection

(DULD) Commands

config duld ports [<portlist> | all] {state [enable | disable] | mode [shutdown | normal] | discovery_time <sec 5-65535>}

show duld ports {<portlist>}

33-1 config duld ports

Description

The command used to configure unidirectional link detection on ports.

Unidirectional link detection provides discovery mechanism based on 802.3ah to discovery its neighbor. If the OAM discovery can complete in configured discovery time, it concludes the link is bidirectional. Otherwise, it starts detecting task to detect the link status.

Format config duld ports [<portlist> | all] {state [enable | disable] | mode [shutdown | normal] | discovery_time <sec 5-65535>}

Parameters

ports - Specifies a range of ports to be used.

<portlist> - Enter the list of ports used for this configuration here.

all – Specifies that all the ports will be used for this configuration.

state - (Optional) Specifies these ports unidirectional link detection status. The default state is disabled.

enable - Specifies that the unidirectional link detection status will be enabled.

disable - Specifies that the unidirectional link detection status will be disabled.

mode - (Optional) Specifies the mode the unidirectional link detection will be set to.

shutdown - If any unidirectional link is detected, disable the port and log an event.

normal - Only log an event when a unidirectional link is detected.

discovery_time - (Optional) Specifies these ports neighbor discovery time. If the discovery is timeout, the unidirectional link detection will start. The default discovery time is 5 seconds.

<sec 5-65535> - Enter the discovery time value here. This value must be between 5 and

65535.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable unidirectional link detection on port 1:

DGS-3620-28PC:admin# config duld ports 1 state enable

478

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Commands: config duld ports 1 state enable

Success

DGS-3620-28PC:admin#

33-2 show duld ports

Description

This command is used to show unidirectional link detection information.

Format show duld ports {<portlist>}

Parameters

ports - (Optional) Specifies a range of ports to be display.

<portlist> - Enter the list of ports to be displayed here.

If no ports are specified, all the ports will be displayed.

Restrictions

None.

Example

To show ports 1-4 unidirectional link detection information:

DGS-3620-28PC:admin#config duld ports 1:1-1:2,1:4 state enable

Command: config duld ports 1:1-1:2,1:4 state enable

Success.

DGS-3620-28PC:admin#show duld ports 1:1-1:4

Command: show duld ports 1:1-1:4

Port Admin State Oper Status Mode Link Status Discovery Time(Sec)

----- ----------- ----------- -------- -------------- -------------------

1:1 Enabled Disabled Normal Unknown 5

1:2 Enabled Disabled Normal Unknown 5

1:3 Disabled Disabled Normal Unknown 5

1:4 Enabled Disabled Normal Unknown 5

DGS-3620-28PC:admin#

479

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Chapter 34 Ethernet Ring

Protection Switching

(ERPS) Commands

enable erps disable erps

create erps raps_vlan <vlanid 1-4094>

delete erps raps_vlan <vlanid 1-4094>

config erps raps_vlan <vlanid 1-4094> [state [enable | disable] | ring_mel <value 0-7> | ring_port

[west [<port> | virtual_channel] | east [<port> | virtual_channel]] | rpl_port [west | east | none] | rpl_owner [enable | disable] | protected_vlan [add | delete] vlanid <vidlist> | sub_ring raps_vlan <vlanid 1-4094> tc_propagation state [enable | disable] | [add | delete] sub_ring raps_vlan <vlanid 1-4094> | revertive [enable | disable] | timer {holdoff_time <millisecond 0-

10000> | guard_time <millisecond 10-2000> | wtr_time <min 5-12>}]

config erps log [enable | disable]

config erps trap [enable | disable]

show erps {raps_vlan <vlanid 1-4094> {sub_ring}}

34-1 enable erps

Description

This command is used to enable the global ERPS function on the Switch. When both the global state and the specified ring ERPS state are enabled, the specified ring will be activated.

The global ERPS function cannot be enabled, when any ERPS ring on the device is enabled and the integrity of any ring parameter is not available. For each ring that has the ring state enabled, the following integrity will be checked when ERPS is enabled:

1. R-APS VLAN is created.

2. The Ring port is a tagged member port of the R-APS VLAN.

3. The RPL port is specified if the RPL owner is enabled.

4. The RPL port is not a virtual channel.

5. The Ring port is the master port if it belongs to a link aggregation group.

The default state is disabled.

Format enable erps

Parameters

None.

480

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To enable ERPS:

DGS-3620-28PC:admin#enable erps

Command: enable erps

Success.

DGS-3620-28PC:admin#

34-2 disable erps

Description

This command is used to disable the ERPS function on the switch.

Format disable erps

Parameters

None. The ERPS is disabled by default.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To disable ERPS:

DGS-3620-28PC:admin#disable erps

Command: disable erps

Success.

DGS-3620-28PC:admin#

34-3 create erps raps_vlan

Description

This command is used to create an R-APS VLAN on the switch. There should be only one R-APS

VLAN used to transfer R-APS messages. Note that the R-APS VLAN must already have been created by the create vlan command.

481

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

Format create erps raps_vlan <vlanid 1-4094>

Parameters

<vlanid 1-4094> - Enter the VLAN which will be the R-APS VLAN.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To create an ERPS RAPS VLAN:

DGS-3620-28PC:admin#create erps raps_vlan 4094

Command: create erps raps_vlan 4094

Success.

DGS-3620-28PC:admin#

34-4 delete erps raps_vlan

Description

This command is used to delete an R-APS VLAN on the switch. When an R-APS VLAN is deleted, all parameters related to this R-APS VLAN will also be deleted. This command can only be issued when ERPS is disabled.

Format delete erps raps_vlan <vlanid 1-4094>

Parameters

<vlanid 1-4094> - Enter the VLAN which will be the R-APS VLAN.

Restrictions

Only Administrators, Operators and Power-Users can issue this command.

Example

To delete an R-APS VLAN:

DGS-3620-28PC:admin#delete erps raps_vlan 4094

Command: delete erps raps_vlan 4094

Success.

DGS-3620-28PC:admin#

482

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide

34-5 config erps raps_vlan

Description

This command is used to set the R-APS VLAN parameters. The ring_mel command is used to configure the ring MEL for an R-APS VLAN. The ring MEL is one field in the R-APS PDU. Note that if CFM (Connectivity Fault Management) and ERPS are used at the same time, R-APS PDU is one of a suite of Ethernet OAM PDU. The behavior for forwarding of R-APS PDU should follow the

Ethernet OAM. If the ring MEL is not higher than the highest MEL of the MEPs on the ring ports, the R-APS PDU cannot be forwarded on the ring.

The ring_port command is used to configure the port that participates in the ERPS ring.

Restrictions apply for ports that are included in a link aggregation group. A link aggregation gr