D-Link xStack DGS-3620 DGS-3620 Layer 3 Managed Gigabit Switch CLI Reference Guide
Below you will find brief information for Layer 3 Managed Gigabit Switch xStack DGS-3620. The xStack DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch is a member of the D-Link xStack family. It provides a stacking architecture with fault tolerance, flexibility, port density, robust security and maximum throughput with a user-friendly management interface for the networking professional.
advertisement
Assistant Bot
Need help? Our chatbot has already read the manual and is ready to assist you. Feel free to ask any questions about the device, but providing details will make the conversation more productive.
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Table of Contents
Access Authentication Control (AAC) Commands .................................................... 57
Bidirectional Forwarding Detection (BFD) Commands ........................................... 160
Border Gateway Protocol (BGP) Commands ......................................................... 165
Digital Diagnostic Monitoring (DDM) Commands ................................................... 447
Distance Vector Multicast Routing Protocol (DVMRP) Commands ........................ 454
D-Link License Management System (DLMS) Commands .................................... 460
Domain Name System (DNS) Relay Commands ................................................... 462
Domain Name System (DNS) Resolver Commands .............................................. 467
D-Link Unidirectional Link Detection (DULD) Commands ...................................... 478
Ethernet Ring Protection Switching (ERPS) Commands ........................................ 480
II
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Internet Group Management Protocol (IGMP) Commands..................................... 528
IGMP Snooping Multicast (ISM) VLAN Commands ................................................ 560
Japanese Web-based Access Control (JWAC) Commands ................................... 666
LLDP Data Center Bridging Exchange Protocol (LLDP-DCBX) Commands .......... 736
MLD Snooping Multicast (MSM) VLAN Commands ............................................... 802
Modify Login Banner and Prompt Commands ........................................................ 813
Open Shortest Path First (OSPF) Command List ................................................... 873
III
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Protocol Independent Multicast (PIM) Commands ................................................. 923
Secure File Transfer Protocol (SFTP) Commands ............................................... 1068
IV
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
V
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 1 Using the Command
Line Interface
The DGS-3620 Layer 3 stackable Gigabit Ethernet switch series are members of the D-Link xStack® family. Ranging from 10/100/1000Mbps edge switches to core gigabit switches, the xStack
®
switch family has been future-proof designed to provide a stacking architecture with fault tolerance, flexibility, port density, robust security and maximum throughput with a user-friendly management interface for the networking professional.
The Switch can be managed through the Switch’s serial port, Telnet, SNMP or the Web-based management agent. The Command Line Interface (CLI) can be used to configure and manage the
Switch via the serial port or Telnet interfaces.
This manual provides a reference for all of the commands contained in the CLI. Every command will be introduced in terms of purpose, format, description, parameters, and examples.
Configuration and management of the Switch via the Web-based management agent are discussed in the Web UI Reference Guide. For detailed information on installing hardware please also refer to the Harware Installation Guide.
1-1 Accessing the Switch via the Serial Port
The Switch’s serial port’s default settings are as follows:
• 115200 baud
• no parity
• 8 data bits
• 1 stop bit
A computer running a terminal emulation program capable of emulating a VT-100 terminal and a serial port configured as above is then connected to the Switch’s serial port via an RJ-45 to RS-
232 DB-9 convertor cable.
With the serial port properly connected to a management computer, the following screen should be visible.
DGS-3620-28PC Gigabit Ethernet Switch
Command Line Interface
Firmware: Build 2.60.016
Copyright(C) 2013 D-Link Corporation. All rights reserved.
UserName:
There is no initial username or password. Just press the Enter key twice to display the CLI input cursor
− DGS-3620-28PC:admin#. This is the command line where all commands are input.
1
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
1-2 Setting the Switch’s IP Address
Each Switch must be assigned its own IP Address, which is used for communication with an
SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The Switch’s default IP address is 10.90.90.90. You can change the default Switch IP address to meet the specification of your networking address scheme.
The Switch is also assigned a unique MAC address by the factory. This MAC address cannot be changed, and can be found on the initial boot console screen – shown below.
Boot Procedure V1.00.016
-------------------------------------------------------------------------------
Power On Self Test ........................................ 100 %
MAC Address : 00-01-02-03-04-00
H/W Version : B1
Please Wait, Loading V2.60.016 Runtime Image .............. 100 %
UART init ................................................. 100 %
Starting runtime image
Device Discovery .......................................... 100 %
Configuration init ........................................ 100 %
Press any key to login...
The Switch’s MAC address can also be found in the Web management program on the Device
Information (Basic Settings) window on the Configuration menu.
The IP address for the Switch must be set before it can be managed with the Web-based manager.
The Switch IP address can be automatically set using BOOTP or DHCP protocols, in which case the actual address assigned to the Switch must be known.
Starting at the command line prompt, enter the commands config ipif System ipaddress
xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy. Where the x’s represent the IP address to be assigned to the
IP interface named System and the y’s represent the corresponding subnet mask.
Alternatively, you can enter config ipif System ipaddress xxx.xxx.xxx.xxx/z. Where the x’s represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation.
The IP interface named System on the Switch can be assigned an IP address and subnet mask which can then be used to connect a management station to the Switch’s Telnet or Web-based management agent
DGS-3620-28PC:admin# config ipif System ipaddress 10.24.22.100/255.0.0.0
Command: config ipif System ipaddress 10.24.22.100/8
Success.
DGS-3620-28PC:admin#
2
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
In the above example, the Switch was assigned an IP address of 10.24.22.100 with a subnet mask of 255.0.0.0. The system message Success indicates that the command was executed successfully. The Switch can now be configured and managed via Telnet, SNMP MIB browser and the CLI or via the Web-based management agent using the above IP address to connect to the
Switch.
There are a number of helpful features included in the CLI. Entering the ? command will display a list of all of the top-level commands.
DGS-3620-28PC:admin#?
Command: ?
..
? cable_diag ports cd cfm dm cfm linktrace cfm lm cfm lock md cfm loopback change drive clear clear address_binding dhcp_snoop binding_entry ports clear address_binding nd_snoop binding_entry ports clear arptable clear attack_log clear bgp clear bgp dampening clear bgp flap_statistics clear cfm dm clear cfm lm clear cfm pkt_cnt clear counters
CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All
When entering a command without its required parameters, the CLI will prompt you with a Next
possible completions: message.
DGS-3620-28PC:admin#config account
Command: config account
Next possible completions:
<username 15>
DGS-3620-28PC:admin#
In this case, the command config account was entered with the parameter <username>. The CLI will then prompt to enter the <username> with the message, Next possible completions:. Every
3
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
command in the CLI has this feature, and complex commands have several layers of parameter prompting.
In addition, after typing any given command plus one space, users can see all of the next possible sub-commands, in sequential order, by repeatedly pressing the Tab key.
To re-enter the previous command at the command prompt, press the up arrow cursor key. The previous command will appear at the command prompt.
DGS-3620-28PC:admin#config account
Command: config account
Next possible completions:
<username 15>
DGS-3620-28PC:admin#
In the above example, the command config account was entered without the required parameter
<username>, the CLI returned the Next possible completions: <username> prompt. The up arrow cursor control key was pressed to re-enter the previous command (config account) at the command prompt. Now the appropriate username can be entered and the config account command re-executed.
All commands in the CLI function in this way. In addition, the syntax of the help prompts are the same as presented in this manual
− angle brackets < > indicate a numerical value or character string, braces { } indicate optional parameters or a choice of parameters, and brackets [ ] indicate required parameters.
If a command is entered that is unrecognized by the CLI, the top-level commands will be displayed under the Available commands: prompt.
DGS-3620-28PC:admin#the
Available commands:
.. ? cable_diag cd cfm change clear config copy create debug del delete dir disable download enable erase format install login logout md move no ping ping6 rd reboot reconfig rename reset save show telnet traceroute traceroute6 upload
DGS-3620-28PC:admin#
The top-level commands consist of commands such as show or config. Most of these commands require one or more parameters to narrow the top-level command. This is equivalent to show what? or config what? Where the what? is the next parameter.
For example, entering the show command with no additional parameters, the CLI will then display all of the possible next parameters.
4
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#show
Command: show
Next possible completions:
802.1p 802.1x aaa access_profile account accounting acct_client address_binding arp_spoofing_prevention arpentry asymmetric_vlan attack_log auth_client auth_diagnostics auth_session_statistics auth_statistics authen authen_enable authen_login authen_policy authentication authorization autoconfig bandwidth_control bfd bgp boot_file bpdu_protection broadcast_ping_reply cfm command command_history community_encryption config cpu current_config ddm device_status dhcp dhcp_local_relay dhcp_relay dhcp_server dhcpv6 dhcpv6_relay dhcpv6_server dlms dnsr dos_prevention dot1v_protocol_group dscp duld dvmrp ecmp egress_access_profile egress_flow_meter environment erps error ethernet_oam external_alarm fdb filter flow_meter gratuitous_arp greeting_message gvrp hol_prevention host_name igmp igmp_proxy igmp_snooping ip ip_tunnel ipfdb ipif ipif_ipv6_link_local_auto ipmc ipmroute iproute ipv6 ipv6route jumbo_frame jwac l2protocol_tunnel lacp_port led limited_multicast_addr link_aggregation lldp lldp_dcbx lldp_med log log_save_timing log_software_module loopback loopdetect mac_based_access_control mac_based_access_control_local mac_based_vlan mac_notification max_mcast_group mcast_filter_profile md5 mirror mld mld_proxy mld_snooping multicast multicast_fdb name_server nlb ospf ospfv3 out_band_ipif packet password_recovery per_queue pfc pim pim-ssm pim6 poe policy_route port port_group port_security port_security_entry port_vlan ports power_saving private_vlan ptp pvid qinq radius rcp reboot rip ripng rmon route route_map router_ports rspan safeguard_engine scheduling scheduling_mechanism serial_port session sflow sftp sim snmp sntp ssh ssl stack_device stack_information stacking_mode storage_media_info stp sub_vlan subnet_vlan super_vlan surveillance_vlan switch syslog system_severity
5
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
tacacs tech_support telnet terminal tftp time time_range traffic traffic_segmentation trap trusted_host udp_helper utilization vlan vlan_precedence vlan_translation vlan_translation_profile vlan_trunk voice_vlan vrrp wac wred
DGS-3620-28PC:admin#
In the above example, all of the possible next parameters for the show command are displayed. At the next command prompt, the up arrow was used to re-enter the show command, followed by the
account parameter. The CLI then displays the user accounts configured on the Switch.
1-3 Command Syntax Symbols
The following symbols are used to describe how command entries are made and values and arguments are specified in this manual. The online help contained in the CLI and available through the console interface uses the same syntax.
Note: All commands are case-sensitive. Be sure to disable Caps Lock or any other unwanted function that changes text case.
Syntax
angle brackets < > square brackets [ ] vertical bar | braces { }
Description
Encloses a variable or value. Users must specify the variable or value.
For example, in the syntax
create ipif <ipif_name 12> {<network_address>} <vlan_name 32>
{secondary | state [enable | disable] | proxy_arp [enable | disable]
{local [enable | disable]}}
users must supply an IP interface name for <ipif_name 12> and a
VLAN name for <vlan_name 32> when entering the command. DO
NOT TYPE THE ANGLE BRACKETS.
Encloses a required value or list of required arguments. Only one value or argument must be specified. For example, in the syntax
create account [admin | operator | power_user | user] <username
15> {encrypt [plain_text | sha_1] <password>}
users must specify either the admin-, operator-, power_user-level or user-level account when entering the command. DO NOT TYPE THE
SQUARE BRACKETS.
Separates mutually exclusive items in a list. For example, in the syntax
reset {[config | system]} {force_agree}
users may choose config or system in the command. DO NOT TYPE
THE VERTICAL BAR.
Encloses an optional value or a list of optional arguments. One or more values or arguments can be specified. For example, in the syntax
reset {[config | system]} {force_agree} users may choose config or system in the command. DO NOT TYPE
THE BRACES.
6
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
parentheses ( ) ipif <ipif_name 12> metric <value 1-31>
Indicates at least one or more of the values or arguments in the preceding syntax enclosed by braces must be specified. For example, in the syntax
config dhcp_relay {hops <int 1-16> | time <sec 0-65535>}(1)
users have the option to specify hops or time or both of them. The "(1)" following the set of braces indicates at least one argument or value within the braces must be specified. DO NOT TYPE THE
PARENTHESES.
12 means the maximum length of the IP interface name.
1-31 means the legal range of the metric value.
1-4
Keys
Delete
Line Editing Keys
Description
Delete character under cursor and shift remainder of line to left.
Backspace
CTRL+R
Up Arrow
Down Arrow
Left Arrow
Right Arrow
Tab
Delete character to left of cursor and shift remainder of line to left.
Toggle on and off. When toggled on, inserts text and shifts previous text to right.
Repeats the previously entered command. Each time the up arrow is pressed, the command previous to that displayed appears. This way it is possible to review the command history for the current session. Use the down arrow to progress sequentially forward through the command history list.
The down arrow will display the next command in the command history entered in the current session. This displays each command sequentially as it was entered. Use the up arrow to review previous commands.
Move cursor to left.
Move cursor to right
Help user to select appropriate token.
The screen display pauses when the show command output reaches the end of the page.
1-5
Keys
Space
Multiple Page Display Control Keys
Description
Displays the next page.
CTRL+C
ESC n p
Stops the display of remaining pages when multiple pages are to be displayed.
Stops the display of remaining pages when multiple pages are to be displayed.
Displays the next page.
Displays the previous page.
7
q r a
Enter
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Stops the display of remaining pages when multiple pages are to be displayed.
Refreshes the pages currently displayed.
Displays the remaining pages without pausing between pages.
Displays the next line or table entry.
8
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 2 Basic Management
Commands
create account [admin | operator | power_user | user] <username 15> {encrypt [plain_text | sha_1] <password>}
enable password encryption disable password encryption
config account <username 15> {encrypt [plain_text | sha_1] <password>}
show account
delete account <username 15>
show session show switch show environment
config temperature [trap | log] state [enable | disable]
config temperature threshold {high <temperature -500-500> | low <temperature -500-500>}(1)
show serial_port
config serial_port {baud_rate [9600 | 19200 | 38400 | 115200] | auto_logout [never | 2_minutes |
5_minutes | 10_minutes | 15_minutes]}(1)
enable clipaging disable clipaging
enable telnet {<tcp_port_number 1-65535>}
disable telnet
enable web {<tcp_port_number 1-65535>}
disable web
save {[config <pathname> | log | all]}
reboot {force_agree}
reset {[config | system]} {force_agree}
login logout clear
config terminal width [default | <value 80-200>]
show terminal width show device_status
config out_band_ipif {ipaddress <network_address> | state [enable | disable] | gateway
<ipaddr>}
show out_band_ipif
2-1 create account
Description
This command creates user accounts. The username is between 1 and 15 characters, the password is between 0 and 15 characters. The number of accounts (including admin, operator, and user) is up to eight.
Format create account [admin | operator | power_user | user] <username 15> {encrypt [plain_text | sha_1] <password>}
9
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
admin - Specifies the name of the admin account.
operator - Specifies the name of the operator account.
power_user - Specifies a power user level account. The power user level is lower than the operator level and higher than the user level.
user - Specifies the name of the user account.
<username 15> - Enter a username of up to 15 characters.
encrypt - Specifies the encryption used.
plain_text - Specifies the password in plain text form.
sha_1 - Specifies the password in SHA-1 encrypted form.
<password> - The password for the user account. The length of a password in plain-text form and encrypted form are different. For a plain-text form password, the password must be a minimum of 0 characters and a maximum of 15 characters. For an encrypted form password, the length is fixed to 35 bytes long. The password is case-sensitive.
Restrictions
Only Administrator-level users can issue this command.
Example
To create the Administrator-level user “dlink”:
DGS-3620-28PC:admin#create account admin dlink
Command: create account admin dlink
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
Success.
DGS-3620-28PC:admin#
To create the Operator-level user “Sales”:
DGS-3620-28PC:admin##create account operator Sales
Command: create account operator Sales
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
Success.
DGS-3620-28PC:admin#
To create the User-level user “System”:
DGS-3620-28PC:admin##create account user System
Command: create account user System
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
Success.
DGS-3620-28PC:admin#
10
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
2-2 enable password encryption
Description
The user account configuration information will be stored in the configuration file, and can be applied to the system later. If the password encryption is enabled, the password will be in encrypted form when it is stored in the configuration file. When password encryption is disabled, the password will be in plain text form when it is stored in the configuration file. However, if the created user account directly uses the encrypted password, the password will still be in the encrypted form.
Format enable password encryption
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To enable password encryption:
2-3
DGS-3620-28PC:admin#enable password encryption
Command: enable password encryption
Success.
DGS-3620-28PC:admin#
disable password encryption
Description
The user account configuration information will be stored in the configuration file, and can be applied to the system later. If the password encryption is enabled, the password will be in encrypted form when it is stored in the configuration file. When password encryption is disabled, the password will be in plain text form when it is stored in the configuration file. However, if the created user account directly uses the encrypted password, the password will still be in the encrypted form.
Format disable password encryption
Parameters
None.
11
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator-level users can issue this command.
Example
To disable password encryption:
2-4
DGS-3620-28PC:admin#disable password encryption
Command: disable password encryption
Success.
DGS-3620-28PC:admin#
config account
Description
When the password information is not specified in the command, the system will prompt the user to input the password interactively. For this case, the user can only input the plain text password.
If the password is present in the command, the user can select to input the password in the plain text form or in the encrypted form. The encryption algorithm is based on SHA-1.
Format config account <username 15> {encrypt [plain_text | sha_1] <password>}
Parameters
<username 15> - Enter the name of the account. The account must already be defined.
encrypt - (Optional) Specifies the encryption type, plain_text or sha_1.
plain_text - Specifies the password in plain text form. For the plain text form, passwords must have a minimum of 0 and a maximum of 15 characters. The password is case-sensitive
sha_1 - Specifies the password in the SHA-1 encrypted form. For the encrypted form password, the length is fixed to 35 bytes long. The password is case-sensitive.
<password> - Enter the password.
Restrictions
Only Administrator-level users can issue this command.
Example
To configure the user password of the “dlink” account:
DGS-3620-28PC:admin#config account dlink
Command: config account dlink
Enter a old password:****
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
12
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Success.
DGS-3620-28PC:admin#
To configure the user password of the “administrator” account:
2-5
DGS-3620-28PC:admin#config account administrator encrypt sha_1
*@&NWoZK3kTsExUV00Ywo1G5jlUKKv+toYg
Command: config account administrator encrypt sha_1
*@&NWoZK3kTsExUV00Ywo1G5jlUKKv+toYg
Success.
DGS-3620-28PC:admin#
show account
Description
This command is used to display user accounts that have been created.
Format show account
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To display accounts that have been created:
2-6
DGS-3620-28PC:admin#show account
Command: show account
Current Accounts:
Username Access Level
--------------- ------------
System User
Sales Operator dlink Admin
DGS-3620-28PC:admin#
delete account
Description
This command is used to delete an existing account.
13
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format delete account <username 15>
Parameters
Restrictions
Only Administrator-level users can issue this command. One active admin user must exist.
<username 15> - Enter the name of the user who will be deleted.
Example
To delete the user account “System”:
2-7
DGS-3620-28PC:admin#delete account System
Command: delete account System
Success.
DGS-3620-28PC:admin#
show session
Description
This command is used to display a list of current users which are logged in to CLI sessions.
Format show session
Parameters
None.
Restrictions
Only Administrators and Operators can issue this command.
Example
To display accounts a list of currently logged-in users:
DGS-3620-28PC:admin#show session
Command: show session
ID Live Time From Level User
-- ------------ ------------ ----- --------------------
8 23:37:42.270 Serial Port admin Anonymous
14
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
2-8
Total Entries: 1
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
show switch
Description
This command is used to display the switch information.
Format show switch
Parameters
None.
Restrictions
None.
Example
To display the switch information:
DGS-3620-28PC:admin#show switch
Command: show switch
Device Type : DGS-3620-28PC Gigabit Ethernet Switch
MAC Address : 00-01-02-03-04-00
IP Address : 10.90.90.90 (Manual)
VLAN Name : default
Subnet Mask : 255.0.0.0
Default Gateway : 0.0.0.0
Boot PROM Version : Build 1.00.016
Firmware Version : Build 2.60.016
Hardware Version : B1
Firmware Type : EI
Serial Number : D1234567890
System Name :
System Location :
System Uptime : 0 days, 0 hours, 7 minutes, 13 seconds
System Contact :
Spanning Tree : Disabled
GVRP : Disabled
IGMP Snooping : Disabled
MLD Snooping : Disabled
RIP : Disabled
RIPng : Disabled
DVMRP : Disabled
15
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
PIM : Disabled
PIM6 : Disabled
PIM6 : Disabled
OSPFv3 : Disabled
BGP : Disabled
VLAN Trunk : Disabled
Telnet : Enabled (TCP 23)
Web : Enabled (TCP 80)
SNMP : Disabled
SSL Status : Disabled
SSH Status : Disabled
802.1X : Disabled
Jumbo Frame : Off
CLI Paging : Enabled
MAC Notification : Disabled
Port Mirror : Disabled
SNTP : Disabled
DHCP Relay : Disabled
DNSR Status : Disabled
VRRP : Disabled
HOL Prevention State : Enabled
Syslog Global State : Disabled
Single IP Management : Disabled
Password Encryption Status : Disabled
DNS Resolver : Disabled
DGS-3620-28PC:admin#
2-9 show environment
Description
This command is used to display the device’s internal and external power, internal temperature, and fan status.
Format show environment
Parameters
None.
Restrictions
None.
Example
To display the switch hardware and fan status:
16
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show environment
Command: show environment
High Warning Temperature Threshold(Celsius) : 79
Low Warning Temperature Threshold(Celsius) : 11
Unit 1
Internal Power : Active
External Power : Fail
Right Fan 1 : Speed Low (3000 RPM)
Right Fan 2 : Speed Low (3000 RPM)
Right Fan 3 : Speed Low (3000 RPM)
Right Fan 4 : Speed Low (3000 RPM)
Current Temperature(Celsius) : 28
Fan High Temperature Threshold(Celsius) : 40
Fan Low Temperature Threshold(Celsius) : 35
DGS-3620-28PC:admin#
2-10 config temperature
Description
This command is used to configure the warning trap or log state of the system internal temperature.
Format config temperature [trap | log] state [enable | disable]
Parameters
Restrictions
Only Administrators and Operators can issue this command.
trap - Specifies to configure the warning temperature trap.
log - Specifies to configure the warning temperature log.
state - Enable or disable either the trap or log state for a warning temperature event. The default is enable.
enable - Enable either the trap or log state for a warning temperature event.
disable - Disable either the trap or log state for a warning temperature event.
Example
To enable the warning temperature trap state:
DGS-3620-28PC:admin#config temperature trap state enable
Command: config temperature trap state enable
Success.
DGS-3620-28PC:admin#
17
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
To enable the warning temperature log state:
DGS-3620-28PC:admin#config temperature log state enable
Command: config temperature log state enable
Success.
DGS-3620-28PC:admin#
2-11 config temperature threshold
Description
This command is used to configure the warning temperature high threshold or low threshold. When temperature is above the high threshold or below the low threshold, SW will send alarm traps or keep the logs.
Format config temperature threshold {high <temperature -500-500> | low <temperature -500-500>}(1)
Parameters
high - Specifies the high threshold value. The high threshold must bigger than the low threshold.
<temperature -500-500> - Enter the high threshold value. This value must be between -500 and 500.
low - Specifies the low threshold value.
<temperature -500-500> - Enter the low threshold value. This value must be between -500 and 500.
Restrictions
Only Administrators and Operators can issue this command.
Example
To configure a warming temperature threshold high of 80:
DGS-3620-28PC:admin#config temperature threshold high 80
Command: config temperature threshold high 80
Success.
DGS-3620-28PC:admin#
2-12 show serial_port
Description
This command is used to display the current console port setting.
18
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format show serial_port
Parameters
None.
Restrictions
None.
Example
To display the console port setting:
DGS-3620-28PC:admin#show serial_port
Command: show serial_port
Baud Rate : 115200
Data Bits : 8
Parity Bits : None
Stop Bits : 1
Auto-Logout : 10 mins
DGS-3620-28PC:admin#
2-13 config serial_port
Description
This command is used to configure the serial bit rate that will be used to communicate with the management host and the auto logout time for idle connections.
Format config serial_port {baud_rate [9600 | 19200 | 38400 | 115200] | auto_logout [never |
2_minutes | 5_minutes | 10_minutes | 15_minutes]}(1)
Parameters
baud_rate - Specifies the baud rate value. The default baud rate is 115200.
9600 - Specifies a baud rate of 9600.
19200 - Specifies a baud rate of 19200.
38400 - Specifies a baud rate of 38400.
115200 - Specifies a baud rate of 115200.
auto_logout - Specifies the timeout value. The default timeout is 10_minutes.
never - Specifies to never timeout.
2_minutes - Specifies when the idle value is over 2 minutes, the device will auto logout.
5_minutes - Specifies when the idle value over 5 minutes, the device will auto logout.
10_minutes - Specifies when the idle value is over 10 minutes, the device will auto logout.
15_minutes - Specifies when the idle value is over 15 minutes, the device will auto logout.
19
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators and Operators can issue this command.
Example
To configure the baud rate:
DGS-3620-28PC:admin# config serial_port baud_rate 9600
Command: config serial_port baud_rate 9600
Success.
DGS-3620-28PC:admin#
2-14 enable clipaging
Description
This command is used to enable pausing of the screen display when show command output reaches the end of the page. The default setting is enabled.
Format enable clipaging
Parameters
None.
Restrictions
Only Administrators and Operators can issue this command.
Example
To enable pausing of the screen display when show command output reaches the end of the page:
DGS-3620-28PC:admin#enable clipaging
Command: enable clipaging
Success.
DGS-3620-28PC:admin#
2-15 disable clipaging
Description
This command is used to disable pausing of the screen display when show command output reaches the end of the page. The default setting is enabled.
20
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format disable clipaging
Parameters
None.
Restrictions
Only Administrators and Operators can issue this command.
Example
To disable pausing of the screen display when show command output reaches the end of the page:
DGS-3620-28PC:admin#disable clipaging
Command: disable clipaging
Success.
DGS-3620-28PC:admin#
2-16 enable telnet
Description
This command is used to enable Telnet and configure a port number. The default setting is enabled and the port number is 23.
Format enable telnet {<tcp_port_number 1-65535>}
Parameters
<tcp_port_number 1-65535> - (Optional) Specifies the TCP port number. TCP ports are numbered between 1 and 65535. The “well-known” TCP port for the Telnet protocol is 23.
Restrictions
Only Administrators and Operators can issue this command.
Example
To enable Telnet and configure a port number:
DGS-3620-28PC:admin#enable telnet 23
Command: enable telnet 23
Success.
DGS-3620-28PC:admin#
21
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
2-17 disable telnet
Description
This command is used to disable Telnet.
Format disable telnet
Parameters
None.
Restrictions
Only Administrators and Operators can issue this command.
Example
To disable Telnet:
DGS-3620-28PC:admin#disable telnet
Command: disable telnet
Success.
DGS-3620-28PC:admin#
2-18 enable web
Description
This command is used to enable Web UI and configure the port number. The default setting is enabled and the port number is 80.
Format enable web {<tcp_port_number 1-65535>}
Parameters
Restrictions
Only Administrators and Operators can issue this command.
<tcp_port_number 1-65535> - (Optional) Specifies the TCP port number. TCP ports are numbered between 1 and 65535. The “well-know” TCP port for the Web protocol is 80.
22
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To enable HTTP and configure port number:
DGS-3620-28PC:admin#enable web 80
Command: enable web 80
Note: SSL will be disabled if web is enabled.
Success.
DGS-3620-28PC:admin#
2-19 disable web
Description
This command is used to disable Web UI.
Format disable web
Parameters
None.
Restrictions
Only Administrators and Operators can issue this command.
Example
To disable HTTP:
DGS-3620-28PC:admin#disable web
Command: disable web
Success.
DGS-3620-28PC:admin#
2-20 save
Description
This command is used to save the current configuration or log in non-volatile RAM.
Format save {[config <pathname> | log | all]}
23
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
config - (Optional) Specifies to save configuration.
<pathname> - Enter the path name of the indicated configuration
log - (Optional) Specifies to save log.
all - (Optional) Specifies to save changes to currently active configuration and save logs.
Note: If no keyword is specified, all changes will be saved to bootup configuration file.
Restrictions
Only Administrators and Operators can issue this command.
Example
To save the current configuration to the bootup configuration file:
DGS-3620-28PC:admin#save
Command: save
Saving all configurations to NV-RAM.......... Done.
DGS-3620-28PC:admin#
To save the current configuration to destination file, named 1:
DGS-3620-28PC:admin#save config 1
Command: save config 1
Saving all configurations to NV-RAM.......... Done.
DGS-3620-28PC:admin#
To save a log to NV-RAM:
DGS-3620-28PC:admin#save log
Command: save log
Saving all system logs to NV-RAM............. Done.
DGS-3620-28PC:admin#
To save all the configurations and logs to NV-RAM:
DGS-3620-28PC:admin#save all
Command: save all
Saving configuration and logs to NV-RAM...... Done.
DGS-3620-28PC:admin#
24
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
2-21 reboot
Description
This command is used to restart the switch.
Format reboot {force_agree}
Parameters
force_agree – (Optional) Specify to immediately execute the reboot command without further confirmation.
Restrictions
Only Administrator-level users can issue this command.
Example
To restart the switch:
DGS-3620-28PC:admin#reboot
Command: reboot
Are you sure you want to proceed with the system reboot?(y/n)
Please wait, the switch is rebooting…
2-22 reset
Description
This command is used to reset all switch parameters to the factory defaults.
Format reset {[config | system]} {force_agree}
Parameters
config - (Optional) Specifies this keyword and all parameters are reset to default settings.
However, the device will neither save nor reboot.
system - (Optional) Specifies this keyword and all parameters are reset to default settings. Then the switch will do factory reset, save, and reboot.
force_agree - (Optional) Specifies and the reset command will be executed immediately without further confirmation.
Note: If no keyword is specified, all parameters will be reset to default settings except IP address, user account, and history log, but the device will neither save nor reboot.
25
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator-level users can issue this command.
Example
To reset all the switch parameters except the IP address:
DGS-3620-28PC:admin#reset
Command: reset
Are you sure to proceed with system reset except IP address?(y/n)
Success.
DGS-3620-28PC:admin#
To reset the system configuration settings:
DGS-3620-28PC:admin#reset config
Command: reset config
Are you sure to proceed with system reset?(y/n)
Success.
DGS-3620-28PC:admin#
To reset all system parameters, save, and restart the switch:
DGS-3620-28PC:admin#reset system
Command: reset system
Are you sure to proceed with system reset, save and reboot?(y/n)
Loading factory default configuration… Done.
Saving all configuration to NV-RAM… Done.
Please wait, the switch is rebooting…
2-23 login
Description
This command is used to log in to the switch.
Format login
Parameters
None.
Restrictions
None.
26
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To login to the switch:
DGS-3620-28PC:admin#login
Command: login
UserName:
2-24 logout
Description
This command is used to log out of the switch.
Format logout
Parameters
None.
Restrictions
None.
Example
To logout of the switch:
DGS-3620-28PC:admin#logout
Command: logout
***********
* Logout *
***********
DGS-3620-28PC Gigabit Ethernet Switch
Command Line Interface
Firmware: Build 2.60.016
Copyright(C) 2013 D-Link Corporation. All rights reserved.
UserName:
27
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
2-25 clear
Description
This command is used to clear the terminal screen.
Format clear
Parameters
None.
Restrictions
None.
Example
To clear the terminal screan:
DGS-3620-28PC:admin#clear
Command: clear
2-26 config terminal width
Description
This command is used to configure the terminal width.
Format config terminal width [default | <value 80-200>]
Parameters
Restrictions
None.
default - Specifies the default terminal width value.
<value 80-200> - Enter a terminal width value between 80 and 200 characters. The default value is 80.
Example
To configure the terminal width:
DGS-3620-28PC:admin#config terminal width 90
Command: config terminal width 90
28
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Success.
DGS-3620-28PC:admin#
2-27 show terminal width
Description
This command is used to display the configuration of the current terminal width.
Format show terminal width
Parameters
None.
Restrictions
None.
Example
To display the configuration of the current terminal width:
DGS-3620-28PC:admin#show terminal width
Command: show terminal width
Global terminal width : 80
Current terminal width : 80
DGS-3620-28PC:admin#
2-28 show device_status
Description
This command displays current status of power(s) and fan(s) on the system.
Within fan(s) status display, for example, there are three fans on the left of the switch, if three fans is working normally, there will display “OK” in the Left Fan field. If some fans work failed, such as fan 1,3 , there will only display the failed fans in the Left Fan field, such as “1,3 Fail”.
In the same way, the Right Fan, Back Fan is same to Left Fan. Because there is only one CPU
Fan, if it is working failed, display “Fail”, otherwise display “OK”.
Format show device_status
29
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
None.
Restrictions
None.
Example
To show device status, the number 1, 2, 3 etc represent the fan number:
DGS-3620-28PC:admin# show device_status
Command: show device_status
Unit 1:
Internal Power: Active
External Power: Fail
Left Fan : 1, 3 Fail
Right Fan : 2 Fail
Back Fan : OK
CPU Fan : Fail
Unit 2:
Internal Power: Active
External Power: Fail
Left Fan : 1 Fail
Right Fan : OK
Back Fan : 2, 4 Fail
CPU Fan : OK
DGS-3620-28PC:admin#
2-29 config out_band_ipif
Description
This command is used to configure the out of band management port settings.
Format config out_band_ipif {ipaddress <network_address> | state [enable | disable] | gateway
<ipaddr>} (1)
Parameters
ipaddress - Specifies the IP address of the interface. The parameter must include the mask.
<network_address> - Enter the IP address of the interface. The parameter must include the mask.
state – Specify the interface status.
enable - Specifies to enable the interface.
disable - Specifies to disable the interface.
gateway - Specifies the gateway IP address of the out-of-band management network.
30
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<ipaddr> - Enter the gateway IP address.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To disable the out-of-band management state:
DGS-3620-28PC:admin#config out_band_ipif state disable
Command: config out_band_ipif state disable
Success.
DGS-3620-28PC:admin#
2-30 show out_band_ipif
Description
This command is used to display the current configurations of special out-of-band management interfaces.
Format show out_band_ipif
Parameters
None.
Restrictions
None.
Example
To display the configuration of out-of-band management interfaces:
DGS-3620-28PC:admin#show out_band_ipif
Command: show out_band_ipif
Status : Enable
IP Address : 192.168.0.1
Subnet Mask : 255.255.255.0
Gateway : 0.0.0.0
Link Status : LinkDown
DGS-3620-28PC:admin#
31
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 3 802.1X Commands
enable 802.1x disable 802.1x
create 802.1x user <username 15>
delete 802.1x user <username 15>
show 802.1x user
config 802.1x auth_protocol [local | radius_eap]
show 802.1x {[auth_state | auth_configuration] ports {<portlist>}}
config 802.1x capability ports [<portlist> | all] [authenticator | none]
config 802.1x fwd_pdu ports [<portlist> | all] [enable | disable]
config 802.1x fwd_pdu system [enable | disable]
config 802.1x auth_parameter ports [<portlist> | all] [default | {direction [both | in] | port_control
[force_unauth | auto | force_auth] | quiet_period <sec 0-65535> | tx_period <sec 1-65535> | supp_timeout <sec 1-65535> | server_timeout <sec 1-65535> | max_req <value 1-10> | reauth_period <sec 1-65535> | max_users [<value 1-448> | no_limit] | enable_reauth [enable
| disable]}(1)]
config 802.1x authorization attributes radius [enable | disable]
config 802.1x init [port_based ports [<portlist> | all] | mac_based ports [<portlist> | all]
{mac_address <macaddr>}]
config 802.1x max_users [<value 1-448> | no_limit]
config 802.1x reauth [port_based ports [<portlist> | all] |mac_based ports [<portlist> | all]
{mac_address <macaddr>}]
create 802.1x guest_vlan <vlan_name 32>
delete 802.1x guest_vlan <vlan_name 32>
config 802.1x guest_vlan ports [<portlist> | all] state [enable | disable]
show 802.1x guest_vlan
config 802.1x trap state [enable | disable]
config radius add <server_index 1-3> [<server_ip> |<ipv6addr>] [key <password 32> | encryption_key <password 56>] [default | {auth_port <udp_port_number 1-65535> | acct_port
<udp_port_number 1-65535> | timeout <sec 1-255> | retransmit <int 1-20>}]
config radius delete <server_index 1-3>
config radius <server_index 1-3> {ipaddress [<server_ip> |<ipv6addr>] | [key <password 32> | encryption_key <password 56>] | auth_port [<udp_port_number 1-65535> | default] | acct_port [<udp_port_number 1-65535> | default] | timeout [<sec 1-255> | default] | retransmit
[<int 1-20> | default]}
show radius
show auth_statistics {ports <portlist>}
show auth_diagnostics {ports <portlist>}
show auth_session_statistics {ports <portlist>}
show auth_client show acct_client
3-1 enable 802.1x
Description
This command is used to enable the 802.1X function.
Format enable 802.1x
32
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable the 802.1X function:
3-2
DGS-3620-28PC:admin#enable 802.1x
Command: enable 802.1x
Success.
DGS-3620-28PC:admin#
disable 802.1x
Description
This command is used to disable the 802.1X function.
Format disable 802.1x
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To disable the 802.1Xfunction:
DGS-3620-28PC:admin#disable 802.1x
Command: disable 802.1x
Success.
DGS-3620-28PC:admin#
33
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
3-3 create 802.1x user
Description
This command is used to create an 802.1X user.
Format create 802.1x user <username 15>
Parameters
<username 15> - Enter to add a user name.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To create a user named “ctsnow”:
3-4
DGS-3620-28PC:admin#create 802.1x user ctsnow
Command: create 802.1x user ctsnow
Enter a case-sensitive new password:
Enter the new password again for confirmation:
Success.
DGS-3620-28PC:admin#
delete 802.1x user
Description
This command is used to delete a specified user.
Format delete 802.1x user <username 15>
Parameters
<username 15> - Enter to delete a user name.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
34
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To delete the user named “Tiberius”:
3-5
DGS-3620-28PC:admin#delete 802.1x user Tiberius
Command: delete 802.1x user Tiberius
Success.
DGS-3620-28PC:admin#
show 802.1x user
Description
This command is used to display 802.1X local user account information.
Format show 802.1x user
Parameters
None.
Restrictions
None.
Example
To display 802.1X user information:
DGS-3620-28PC:admin#show 802.1x user
Command: show 802.1x user
Current Accounts:
Username Password
--------------- ------------ ctsnow gallinari
Total Entries : 1
DGS-3620-28PC:admin#
3-6 config 802.1x auth_protocol
Description
This command is used to configure the 802.1X authentication protocol.
35
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config 802.1x auth_protocol [local | radius_eap]
Parameters
local - Specifiy the authentication protocol as local.
radius_eap - Specifies the authentication protocol as RADIUS EAP.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the 802.1X RADIUS EAP:
3-7
DGS-3620-28PC:admin#config 802.1x auth_protocol radius_eap
Command: config 802.1x auth_protocol radius_eap
Success.
DGS-3620-28PC:admin#
show 802.1x
Description
This command is used to display the 802.1X state or configurations.
Format show 802.1x {[auth_state | auth_configuration] ports {<portlist>}}
Parameters
auth_state - (Optional) Specifies to display the 802.1X authentication state of some or all ports.
auth_configuration - (Optional) Specifies to display 802.1X configuration of some or all ports.
ports - (Optional) Specifies a range of ports to be displayed.
<portlist> - Enter a range of ports to be displayed.
Restrictions
None.
Example
To display 802.1X information:
DGS-3620-28PC:admin#show 802.1x
Command: show 802.1x
802.1X : Disabled
36
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Authentication Protocol : RADIUS_EAP
Forward EAPOL PDU : Disabled
Max User : 448
RADIUS Authorization : Enabled
DGS-3620-28PC:admin#
To display the 802.1x state for ports 1 to 5:
DGS-3620-28PC:admin# show 802.1x auth_state ports 1-4
Command: show 802.1x auth_state ports 1-4
Status: A – Authorized; U – Unauthorized; (P): Port-Based 802.1X Pri: Priority
Port MAC Address Auth PAE State Backend Status VID Pri
VID State
----- -------------------- ------- -------------- ---------- ------ ----- -----
1 00-00-00-00-00-01 10 Authenticated Idle A 4004 3
1 00-00-00-00-00-02 10 Authenticated Idle A 1234 -
1 00-00-00-00-00-04 30 Authenticating Response U - -
2 - (P) - Authenticating Request U - -
3 - (P) - Connecting Idle U - -
4 - (P) - Held Fail U - -
Total Authenticating Hosts: 3
Total Authenticated Hosts : 2
DGS-3620-28PC:admin#
To display the 802.1x configuration for port 1:
DGS-3620-28PC:admin# show 802.1x auth_configuration ports 1:1
Command: show 802.1x auth_configuration ports 1:1
Port number : 1:1
Capability : None
AdminCrlDir : Both
OpenCrlDir : Both
Port Control : Auto
QuietPeriod : 60 Seconds
TxPeriod : 30 Seconds
SuppTimeout : 30 Seconds
ServerTimeout : 30 Seconds
MaxReq : 2 Times
ReAuthPeriod : 3600 Seconds
ReAuthenticate : Disabled
Forward EAPOL PDU On Port
Max User On Port
DGS-3620-28PC:admin#
: Enabled
: 10
37
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
3-8 config 802.1x capability ports
Description
This command is used to configure port capability.
Format config 802.1x capability ports [<portlist> | all] [authenticator | none]
Parameters
<portlist> - Enter a range of ports to be configured.
all - Specifies to configure all ports.
authenticator - The port that wishes to enforce authentication before allowing access to services that are accessible via that port adopts the authenticator role.
none – Disable authentication on specified port.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure port capability for ports 1 to 10:
DGS-3620-28PC:admin#config 802.1x capability ports 1-10 authenticator
Command: config 802.1x capability ports 1-10 authenticator
Success.
DGS-3620-28PC:admin#
3-9 config 802.1x fwd_pdu ports
Description
This command is used to configure the 802.1X PDU forwarding state on specific ports of the switch.
Format config 802.1x fwd_pdu ports [<portlist> | all] [enable | disable]
Parameters
<portlist> - Enter a range of ports to be configured.
all - Specifies all ports.
enable - Enable the 802.1X PDU forwarding state.
disable - Disable the 802.1X PDU forwarding state.
38
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the 802.1X PDU forwarding state on ports 1 to 2:
DGS-3620-28PC:admin#config 802.1x fwd_pdu ports 1-2 enable
Command: config 802.1x fwd_pdu ports 1-2 enable
Success.
DGS-3620-28PC:admin#
3-10 config 802.1x fwd_pdu system
Description
This command is used to configure the 802.1X PDU forwarding state.
Format config 802.1x fwd_pdu system [enable | disable]
Parameters
enable - Enable the 802.1X PDU forwarding state.
disable - Disable the 802.1X PDU forwarding state.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the 802.1X PDU forwarding state:
DGS-3620-28PC:admin#config 802.1x fwd_pdu system enable
Command: config 802.1x fwd_pdu system enable
Success.
DGS-3620-28PC:admin#
3-11 config 802.1x auth_parameter ports
Description
This command is used to configure the parameters that control the operation of the authenticator associated with a port.
39
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config 802.1x auth_parameter ports [<portlist> | all] [default | {direction [both | in] | port_control [force_unauth | auto | force_auth] | quiet_period <sec 0-65535> | tx_period
<sec 1-65535> | supp_timeout <sec 1-65535> | server_timeout <sec 1-65535> | max_req
<value 1-10> | reauth_period <sec 1-65535> | max_users [<value 1-448> | no_limit] | enable_reauth [enable | disable]}(1)]
Parameters
<portlist> - Enter a range of ports to be configured.
all - Specifies to configure all ports.
default - Set all parameters to the default value.
direction - (Optional) Set the direction of access control.
both - For bidirectional access control.
in - For ingress access control.
port_control - (Optional) Force a specific port to be unconditionally authorized or unauthorized by setting the parameter of port_control to be force_authorized or force_unauthorized.
Besides, the controlled port will reflect the outcome of authentication if port_control is auto.
force_auth - The port transmits and receives normal traffic without 802.1X-based authentication of the client.
auto - The port begins in the unauthorized state, and relays authentication messages between the client and the authentication server.
force_unauth - The port will remain in the unauthorized state, ignoring all attempts by the client to authenticate.
quiet_period - (Optional) The initialization value of the quietWhile timer. The default value is 60 s and can be any value from 0 to 65535.
<sec 0-65535> - The quiet period value must be between 0 an 65535 seconds.
tx_period - (Optional) The initialization value of the txWhen timer. The default value is 30 s and can be any value from 1 to 65535.
<sec 1-65535> - The transmit period value must be between 1 an 65535 seconds.
supp_timeout - (Optional) The initialization value of the aWhile timer when timing out the supplicant. Its default value is 30 s and can be any value from 1 to 65535.
<sec 1-65535> - The timeout value must be between 1 an 65535 seconds.
server_timeout - (Optional) The initialization value of the aWhile timer when timing out the authentication server. Its default value is 30 and can be any value from 1 to 65535.
<sec 1-65535> - The server timeout value must be between 1 an 65535 seconds.
max_req - (Optional) The maximum number of times that the authenitcation PAE state machine will retransmit an EAP Request packet to the supplicant. Its default value is 2 and can be any number from 1 to 10.
<value 1-10> - The maximum require number must be between 1 and 10.
reauth_period - (Optional) It's a non-zero number of seconds, which is used to be the reauthentication timer. The default value is 3600.
<sec 1-65535> - The reauthentication period value must be between 1 an 65535 seconds.
max_users - (Optional) Set the maximum number of users between 1 and 448.
<value 1-448> - The maximum users value must be between 1 and 448.
no_limit - Set an unlimited number of users.
enable_reauth - (Optional) Enable or disable the re-authentication mechanism for a specific port.
enable - Enable the re-authentication mechanism for a specific port.
disable - Disable the re-authentication mechanism for a specific port.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
40
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure the parameters that control the operation of the authenticator associated with a port:
DGS-3620-28PC:admin# config 802.1x auth_parameter ports 1-20 direction both
Command: config 802.1x auth_parameter ports 1-20 direction both
Success.
DGS-3620-28PC:admin#
3-12 config 802.1x authorization attributes radius
Description
This command is used to enable or disable the acceptation of an authorized configuration. (To configure that attributes, regarding VLAN, 802.1p, ACL and Ingress/Egress Bandwidth, please refer to the Appendix section at the end of this document.)
Format config 802.1x authorization attributes radius [enable | disable]
Parameters
enable - The authorization attributes such as VLAN, 802.1p default priority, and ACL assigned by the RADUIS server will be accepted if the global authorization status is enabled. The default state is enabled.
disable - The authorization attributes assigned by the RADUIS server will not be accepted.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the 802.1X state of acceptation of an authorized configuration:
DGS-3620-28PC:admin#config 802.1x authorization attributes radius enable
Command: config 802.1x authorization attributes radius enable
Success.
DGS-3620-28PC:admin#
3-13 config 802.1x init
Description
This command is used to initialize the authentication state machine of some or all.
41
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config 802.1x init [port_based ports [<portlist> | all] | mac_based ports [<portlist> | all]
{mac_address <macaddr>}]
Parameters
port_based ports - Used to configure authentication in port-based mode.
<portlist> - Enter a range of ports to be configured.
all - Specifies to configure all ports.
mac_based ports - To configure authentication in host-based 802.1X mode.
<portlist> - Enter a range of ports to be configured.
all - Specifies to configure all ports.
mac_address - (Optional) Specifies the MAC address of the host.
<macaddr> - Enter the MAC address here.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To initialize the authentication state machine of some or all:
DGS-3620-28PC:admin# config 802.1x init port_based ports all
Command: config 802.1x init port_based ports all
Success.
DGS-3620-28PC:admin#
3-14 config 802.1x max_users
Description
This command is used to configure the 802.1X maximum number of users of the system.
Format config 802.1x max_users [<value 1-448> | no_limit]
Parameters
<value 1-448> - Enter the maximum number of users.
no_limit - Specifies an unlimited number of users.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the 820.1X maximum numbers of the system:
42
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# config 802.1x max_users 2
Command: config 802.1x max_users 2
Success.
DGS-3620-28PC:admin#
3-15 config 802.1x reauth
Description
This command is used to reauthenticate the device connected with the port. During the reauthentication period, the port status remains authorized until failed reauthentication.
Format config 802.1x reauth [port_based ports [<portlist> | all] |mac_based ports [<portlist> | all]
{mac_address <macaddr>}]
Parameters
port_based ports - The switch passes data based on its authenticated port.
<portlist> - Enter a range of ports to be configured.
all - Specifies to configure all ports.
mac_based ports - The switch passes data based on the MAC address of authenticated
RADIUS client.
<portlist> - Enter a range of ports to be configured.
all - Specifies to configure all ports.
mac_address - (Optional) Specifies the MAC address of the authenticated RADIUS client.
<macaddr> - Enter the MAC address here.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To reauthenticate the device connected with the port:
DGS-3620-28PC:admin# config 802.1x reauth port_based ports all
Command: config 802.1x reauth port_based ports all
Success.
DGS-3620-28PC:admin#
3-16 create 802.1x guest_vlan
Description
This command is used to assign a static VLAN to be a guest VLAN. The specific VLAN which is assigned to a guest VLAN must already exist. The specific VLAN which is assigned to the guest
VLAN can’t be deleted.
43
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format create 802.1x guest_vlan <vlan_name 32>
Parameters
<vlan_name 32> - Enter the static VLAN to be a guest VLAN.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To assign a static VLAN to be a guest VLAN:
DGS-3620-28PC:admin# create 802.1x guest_vlan guestVLAN
Command: create 802.1x guest_vlan guestVLAN
Success.
DGS-3620-28PC:admin#
3-17 delete 802.1x guest_vlan
Description
This command is used to delete a guest VLAN setting, but not to delete the static VLAN itself.
Format delete 802.1x guest_vlan <vlan_name 32>
Parameters
<vlan_name 32> - Enter the guest VLAN name.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete a guest VLAN configuration:
DGS-3620-28PC:admin# delete 802.1x guest_vlan guestVLAN
Command: delete 802.1x guest_vlan guestVLAN
Success.
DGS-3620-28PC:admin#
44
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
3-18 config 802.1x guest_vlan ports
Description
This command is used to configure a guest VLAN setting.
Format config 802.1x guest_vlan ports [<portlist> | all] state [enable | disable]
Parameters
<portlist> - Enter a range of ports to be configured.
all - Specifies to configure all ports.
state - Specifies the guest VLAN port state of the configured ports.
enable - Join the guest VLAN.
disable - Remove from guest VLAN.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure a guest VLAN setting for ports 1 to 8:
DGS-3620-28PC:admin# config 802.1x guest_vlan ports 1-8 state enable
Command: config 802.1x guest_vlan ports 1-8 state enable
Warning, The ports are moved to Guest VLAN.
Success.
DGS-3620-28PC:admin#
3-19 show 802.1x guest_vlan
Description
This command is used to display guest VLAN information.
Format show 802.1x guest_vlan
Parameters
None.
45
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
None.
Example
To display guest VLAN information:
DGS-3620-28PC:admin#show 802.1x guest_vlan
Command: show 802.1x guest_vlan
Guest Vlan Setting
-----------------------------------------------------------
Guest vlan : guest
Enable guest vlan ports : 1-10
DGS-3620-28PC:admin#
3-20 config radius add
Description
This command is used to add a new RADIUS server. The server with a lower index has higher authenticative priority.
Format config radius add <server_index 1-3> [<server_ip> |<ipv6addr>] [key <password 32> | encryption_key <password 56>] [default | {auth_port <udp_port_number 1-65535> | acct_port <udp_port_number 1-65535> | timeout <sec 1-255> | retransmit <int 1-20>}]
Parameters
<server_index 1-3> - Enter the RADIUS server index.
<server_ip> - Enter the IP address of the RADIUS server.
<ipv6add> - Specifies the IPv6 address used.
key - Specifies the key pre-negotiated between switch and the RADIUS server. It is used to encrypt user’s authentication data before being transmitted over the Internet. The maximum length of the key is 32.
<passwd 32> - The maximum length of the password is 32 characters long.
encryption_key - (Optional) Specifies the key pre-negotiated between the switch and the
RADIUS server. It is used to encrypt the user’s authentication data before being transmitted over the Internet.
<password 56> - Enter the enryption key.
default - Sets the auth_port to be 1812 and acct_port to be 1813.
auth_port - Specifies the UDP port number which is used to transmit RADIUS authentication data between the switch and the RADIUS server.The range is 1 to 65535.
<udp_port_number 1-65535> - The authentication port value must be between 1 and 65535.
acct_port - Specifies the UDP port number which is used to transmit RADIUS accounting statistics between the switch and the RADIUS server. The range is 1 to 65535.
<udp_port_number 1-65535> - The accounting statistics value must be between 1 and
65535.
timeout - Specifies the time, in seconds ,for waiting server reply. The default value is 5 seconds.
<int 1-255> - The timeout value must be between 1 and 255.
retransmit - Specifies the count for re-transmit. The default value is 2.
46
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<int 1-20> - The re-transmit value must be between 1 and 20.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To add a new RADIUS server:
DGS-3620-28PC:admin#config radius add 1 10.48.74.121 key dlink default
Command: config radius add 1 10.48.74.121 key dlink default
Success.
DGS-3620-28PC:admin#
3-21 config 802.1x trap state
Description
This command is used to enable or disable the sending of 802.1X traps.
Format config 802.1x trap state [enable | disable]
Parameters
enable - Specifies to enable the sending of 802.1X traps.
disable - Specifies to disable the sending of 802.1X traps.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
This example shows how to enable the trap state for 802.1X.
DGS-3620-28PC:admin# config 802.1x trap state enable
Command: config 802.1x trap state enable
Success.
DGS-3620-28PC:admin#
3-22 config radius delete
Description
This command is used to delete a RADIUS server.
47
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config radius delete <server_index 1-3>
Parameters
<server_index 1-3> - Enter the RADIUS server index. The range is from 1 to 3.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete a RADIUS server:
DGS-3620-28PC:admin#config radius delete 1
Command: config radius delete 1
Success.
DGS-3620-28PC:admin#
3-23 config radius
Description
This command is used to configure a RADIUS server.
Format config radius <server_index 1-3> {ipaddress [<server_ip> |<ipv6addr>] | [key <password
32> | encryption_key <password 56>] | auth_port [<udp_port_number 1-65535> | default] | acct_port [<udp_port_number 1-65535> | default] | timeout [<sec 1-255> | default] | retransmit [<int 1-20> | default]}
Parameters
<server_index 1-3> - Enter the RADIUS server index.
ipaddress - Specifies the IP address of the RADIUS server.
<server_ip> - Enter the RADIUS server IP address here.
<ipv6addr> - Enter the IPv6 address here.
key - Specifies the key pre-negotiated between the switch and the RADIUS server. It is used to encrypt user’s authentication data before being transmitted over the Internet. The maximum length of the key is 32.
<passwd 32> - Enter the key pre-negotiated between the switch and the RADIUS server. It is used to encrypt user’s authentication data before being transmitted over the Internet. The maximum length of the key is 32.
encryption_key - (Optional) Specifies the key pre-negotiated between the switch and the
RADIUS server. It is used to encrypt the user’s authentication data before being transmitted over the Internet.
<password 56> - Enter the enryption key.
auth_port - Specifies the UDP port number which is used to transmit RADIUS authentication data between the switch and the RADIUS server. The default is 1812.
48
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<udp_port_number 1-65535> - The authentication port value must be between 1 and 65535.
default - Specifies to use the default value.
acct_port - Specifies the UDP port number which is used to transmit RADIUS accounting statistics between the switch and the RADIUS server. The default is 1813.
<udp_port_number 1-65535> - The accounting statistics value must be between 1 and
65535.
default - Specifies to use the default value.
timeout - Specifies the time in seconds for waiting for a server reply. The default value is 5 seconds.
<int 1-255> - Enter the time in seconds for waiting for a server reply. The timeout value must be between 1 and 255. The default value is 5 seconds.
default - Specifies to use the default value.
retransmit - Specifies the count for re-transmission. The default value is 2.
<int 1-20> - The re-transmit value must be between 1 and 20.
default - Specifies to use the default value.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure a RADIUS server:
DGS-3620-28PC:admin#config radius 1 ipaddress 10.48.74.121 key dlink
Command: config radius 1 ipaddress 10.48.74.121 key dlink
Success.
DGS-3620-28PC:admin#
3-24 show radius
Description
This command is used to display RADIUS server configurations.
Format show radius
Parameters
None.
Restrictions
None.
Example
To display RADIUS server configurations:
DGS-3620-28PC:admin#show radius
49
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Command: show radius
Index 1
IP Address : 192.168.69.1
Auth-Port : 1812
Acct-Port : 1813
Timeout : 5
Retransmit : 2
Key : 123456
Total Entries : 1
DGS-3620-28PC:admin#
3-25 show auth_statistics
Description
This command is used to display authenticator statistics information
Format show auth_statistics {ports <portlist>}
Parameters
ports - (Optional) Specifies a range of ports to be displayed.
<portlist> - Enter a range of ports to be displayed.
Restrictions
None.
Example
To display authenticator statistics information for port 3:
DGS-3620-28PC:admin# show auth_statistics ports 3
Command: show auth_statistics ports 3
Auth VID :100
MAC Address :00-00-00-00-00-03
Port number : 3
EapolFramesRx 0
EapolFramesTx 6
EapolStartFramesRx 0
EapolReqIdFramesTx 6
EapolLogoffFramesRx 0
EapolReqFramesTx 0
EapolRespIdFramesRx 0
EapolRespFramesRx 0
50
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
InvalidEapolFramesRx 0
EapLengthErrorFramesRx 0
LastEapolFrameVersion 0
LastEapolFrameSource 00-00-00-00-00-03
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
3-26 show auth_diagnostics
Description
This command is used to display authenticator diagnostics information.
Format show auth_diagnostics {ports <portlist>}
Parameters
ports - (Optional) Specifies a range of ports to be displayed.
<portlist> - Enter a range of ports to be displayed.
Restrictions
None.
Example
To display authenticator diagnostics information for port 3:
DGS-3620-28PC:admin# show auth_diagnostics ports 3
Command: show auth_diagnostics ports 3
Auth VID 100
MAC Address 00-00-00-00-00-03
Port number : 1
EntersConnecting 20
EapLogoffsWhileConnecting 0
EntersAuthenticating 0
SuccessWhileAuthenticating 0
TimeoutsWhileAuthenticating 0
FailWhileAuthenticating 0
ReauthsWhileAuthenticating 0
EapStartsWhileAuthenticating 0
EapLogoffWhileAuthenticating 0
ReauthsWhileAuthenticated 0
EapStartsWhileAuthenticated 0
EapLogoffWhileAuthenticated 0
BackendResponses 0
BackendAccessChallenges 0
BackendOtherRequestsToSupplicant 0
51
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
BackendNonNakResponsesFromSupplicant 0
BackendAuthSuccesses 0
BackendAuthFails 0
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
3-27 show auth_session_statistics
Description
This command is used to display authenticator session statistics information.
Format show auth_session_statistics {ports <portlist>}
Parameters
ports - (Optional) Specifies a range of ports to be displayed.
<portlist> - Enter a range of ports to be displayed.
Restrictions
None.
Example
To display authenticator session statistics information for port 1:
DGS-3620-28PC:admin# show auth_session_statistics ports 3
Command: show auth_session_statistics ports 3
Auth VID : 100
MAC Address : 00-00-00-00-00-03
Port number : 3
SessionOctetsRx
SessionOctetsTx
SessionFramesRx
0
0
0
0 SessionFramesTx
SessionId
SessionAuthenticMethod
SessionTime
SessionTerminateCause
Remote Authentication Server
0
SupplicantLogoff
SessionUserName
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
3-28 show auth_client
Description
This command is used to display authentication client information.
52
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format show auth_client
Parameters
None.
Restrictions
None.
Example
To display authentication client information:
DGS-3620-28PC:admin# show auth_client
Command: show auth_client radiusAuthClient ==> radiusAuthClientInvalidServerAddresses 0 radiusAuthClientIdentifier D-Link radiusAuthServerEntry ==> radiusAuthServerIndex :1 radiusAuthServerAddress 0.0.0.0 radiusAuthClientServerPortNumber X radiusAuthClientRoundTripTime 0 radiusAuthClientAccessRequests 0 radiusAuthClientAccessRetransmissions 0 radiusAuthClientAccessAccepts 0 radiusAuthClientAccessRejects 0 radiusAuthClientAccessChallenges 0 radiusAuthClientMalformedAccessResponses 0 radiusAuthClientBadAuthenticators 0 radiusAuthClientPendingRequests 0 radiusAuthClientTimeouts 0 radiusAuthClientUnknownTypes 0 radiusAuthClientPacketsDropped 0 radiusAuthClient ==> radiusAuthClientInvalidServerAddresses 0 radiusAuthClientIdentifier D-Link radiusAuthServerEntry ==> radiusAuthServerIndex :2 radiusAuthServerAddress 0.0.0.0
53
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
radiusAuthClientServerPortNumber X radiusAuthClientRoundTripTime 0 radiusAuthClientAccessRequests 0 radiusAuthClientAccessRetransmissions 0 radiusAuthClientAccessAccepts 0 radiusAuthClientAccessRejects 0 radiusAuthClientAccessChallenges 0 radiusAuthClientMalformedAccessResponses 0 radiusAuthClientBadAuthenticators 0 radiusAuthClientPendingRequests 0 radiusAuthClientTimeouts 0 radiusAuthClientUnknownTypes 0 radiusAuthClientPacketsDropped 0 radiusAuthClient ==> radiusAuthClientInvalidServerAddresses 0 radiusAuthClientIdentifier D-Link radiusAuthServerEntry ==> radiusAuthServerIndex :3 radiusAuthServerAddress 0.0.0.0 radiusAuthClientServerPortNumber X radiusAuthClientRoundTripTime 0 radiusAuthClientAccessRequests 0 radiusAuthClientAccessRetransmissions 0 radiusAuthClientAccessAccepts 0 radiusAuthClientAccessRejects 0 radiusAuthClientAccessChallenges 0 radiusAuthClientMalformedAccessResponses 0 radiusAuthClientBadAuthenticators 0 radiusAuthClientPendingRequests 0 radiusAuthClientTimeouts 0 radiusAuthClientUnknownTypes 0 radiusAuthClientPacketsDropped 0
DGS-3620-28PC:admin#
3-29 show acct_client
Description
This command is used to display account client information
Format show acct_client
Parameters
None.
54
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
None.
Example
To display account client information:
DGS-3620-28PC:admin# show acct_client
Command: show acct_client radiusAcctClient ==> radiusAcctClientInvalidServerAddresses 0 radiusAcctClientIdentifier D-Link radiusAuthServerEntry ==> radiusAccServerIndex : 1 radiusAccServerAddress 0.0.0.0 radiusAccClientServerPortNumber X radiusAccClientRoundTripTime 0 radiusAccClientRequests 0 radiusAccClientRetransmissions 0 radiusAccClientResponses 0 radiusAccClientMalformedResponses 0 radiusAccClientBadAuthenticators 0 radiusAccClientPendingRequests 0 radiusAccClientTimeouts 0 radiusAccClientUnknownTypes 0 radiusAccClientPacketsDropped 0 radiusAcctClient ==> radiusAcctClientInvalidServerAddresses 0 radiusAcctClientIdentifier D-Link radiusAuthServerEntry ==> radiusAccServerIndex : 2 radiusAccServerAddress 0.0.0.0 radiusAccClientServerPortNumber X radiusAccClientRoundTripTime 0 radiusAccClientRequests 0 radiusAccClientRetransmissions 0 radiusAccClientResponses 0 radiusAccClientMalformedResponses 0 radiusAccClientBadAuthenticators 0 radiusAccClientPendingRequests 0 radiusAccClientTimeouts 0 radiusAccClientUnknownTypes 0 radiusAccClientPacketsDropped 0
55
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
radiusAcctClient ==> radiusAcctClientInvalidServerAddresses 0 radiusAcctClientIdentifier D-Link radiusAuthServerEntry ==> radiusAccServerIndex : 3 radiusAccServerAddress 0.0.0.0 radiusAccClientServerPortNumber X radiusAccClientRoundTripTime 0 radiusAccClientRequests 0 radiusAccClientRetransmissions 0 radiusAccClientResponses 0 radiusAccClientMalformedResponses 0 radiusAccClientBadAuthenticators 0 radiusAccClientPendingRequests 0 radiusAccClientTimeouts 0 radiusAccClientUnknownTypes 0 radiusAccClientPacketsDropped 0
DGS-3620-28PC:admin#
56
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 4 Access Authentication
Control (AAC)
Commands
enable authen_policy disable authen_policy show authen_policy enable authen_policy_encryption disable authen_policy_encryption
create authen_login method_list_name <string 15>
config authen_login [default | method_list_name <string 15>] method {tacacs | xtacacs | tacacs+
| radius | server_group <string 15> | local | none}(1)
delete authen_login method_list_name <string 15>
show authen_login [default | method_list_name <string 15> | all]
create authen_enable method_list_name <string 15>
config authen_enable [default | method_list_name <string 15>] method {tacacs | xtacacs | tacacs+ | radius | server_group <string 15> | local_enable | none}(1)
delete authen_enable method_list_name <string 15>
show authen_enable [default | method_list_name <string 15> | all]
config authen application [console | telnet | ssh | http | all] [login | enable] [default | method_list_name <string 15>]
show authen application
create authen server_group <string 15>
config authen server_group [tacacs | xtacacs | tacacs+ | radius | <string 15>] [add | delete] server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]
delete authen server_group <string 15>
show authen server_group {<string 15>}
create authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int 1-
65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-
255> | retransmit <int 1-20>}
config authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int 1-
65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-
255> | retransmit <int 1-20>}(1)
delete authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]
show authen server_host
config authen parameter response_timeout <int 0-255>
config authen parameter attempt <int 1-255>
show authen parameter enable admin
config admin local_enable {encrypt [plain_text | sha_1] <password>}
create aaa server_group <string 15>
config aaa server_group [tacacs | xtacacs | tacacs+ | radius | group_name <string 15>] [add | delete] server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]
delete aaa server_group <string 15>
delete aaa server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]
show aaa
show aaa server_group {<string 15>}
show aaa server_host enable aaa_server_password_encryption disable aaa_server_password_encryption
config accounting [default | method_list_name <string 15>] method {tacacs+ | radius |
57
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
server_group <string 15> | none}
config accounting service [network | shell | system] state [enable {[radius_only | method_list_name <string 15> | default_method_list]} | disable]
config accounting service command {administrator | operator | power_user | user}
[method_list_name <string> | none]
create accounting method_list_name <string 15>
delete accounting method_list_name <string 15>
show accounting [default | method_list_name <string 15> | all]
show accounting service
create radius server_host <ipaddr> {auth_port <int 1-65535> | acct_port <int 1-65535> | [key
[<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255> | retransmit <int 1-20>}
config radius server_host <ipaddr> {auth_port <int 1-65535> | acct_port <int 1-65535> | [key
[<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255> | retransmit <int 1-20>}
config radius source_ipif [<ipif_name 12> {<ipaddr> | <ipv6addr>} | none]
show radius source_ipif
create tacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit <int 1-
20>}
config tacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit <int 1-
20>}
create tacacs+ server_host <ipaddr> {port <int 1-65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255>}
config tacacs+ server_host <ipaddr> {port <int 1-65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255>}
create xtacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit <int 1-
20>}
config xtacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit <int 1-
20>}
config tacacs source_ipif [<ipif_name 12> {<ipaddr>} | none]
show tacacs source_ipif
The TACACS / XTACACS / TACACS+ / RADIUS commands allows secure access to the Switch using the TACACS / XTACACS / TACACS+ / RADIUS protocols. When a user logs in to the
Switch or tries to access the administrator level privilege, he or she is prompted for a password. If
TACACS / XTACACS / TACACS+ / RADIUS authentication is enabled on the Switch, it will contact a TACACS / XTACACS / TACACS+ / RADIUS server to verify the user. If the user is verified, he or she is granted access to the Switch.
There are currently three versions of the TACACS security protocol, each a separate entity. The
Switch’s software supports the following versions of TACACS:
1. TACACS (Terminal Access Controller Access Control System) —Provides password checking and authentication, and notification of user actions for security purposes utilizing via one or more centralized TACACS servers, utilizing the UDP protocol for packet transmission.
2. Extended TACACS (XTACACS) — An extension of the TACACS protocol with the ability to provide more types of authentication requests and more types of response codes than
TACACS. This protocol also uses UDP to transmit packets.
3. TACACS+ (Terminal Access Controller Access Control System plus) — Provides detailed access control for authentication for network devices. TACACS+ is facilitated through Authentication commands via one or more centralized servers. The TACACS+ protocol encrypts all traffic between the Switch and the TACACS+ daemon, using the TCP protocol to ensure reliable delivery.
58
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
The Switch also supports the RADIUS protocol for authentication using the Access Authentication
Control commands. RADIUS or Remote Authentication Dial In User Server also uses a remote server for authentication and can be responsible for receiving user connection requests, authenticating the user and returning all configuration information necessary for the client to deliver service through the user. RADIUS may be facilitated on this Switch using the commands listed in this section.
In order for the TACACS / XTACACS / TACACS+ / RADIUS security function to work properly, a
TACACS / XTACACS / TACACS+ / RADIUS server must be configured on a device other than the
Switch, called a server host and it must include usernames and passwords for authentication.
When the user is prompted by the Switch to enter usernames and passwords for authentication, the Switch contacts the TACACS / XTACACS / TACACS+ / RADIUS server to verify, and the server will respond with one of three messages:
The server verifies the username and password, and the user is granted normal user privileges on the Switch. The server will not accept the username and password and the user is denied access to the Switch.
The server doesn’t respond to the verification query. At this point, the Switch receives the timeout from the server and then moves to the next method of verification configured in the method list.
The Switch has four built-in server groups, one for each of the TACACS, XTACACS, TACACS+ and RADIUS protocols. These built-in server groups are used to authenticate users trying to access the Switch. The users will set server hosts in a preferable order in the built-in server group and when a user tries to gain access to the Switch, the Switch will ask the first server host for authentication. If no authentication is made, the second server host in the list will be queried, and so on. The built-in server group can only have hosts that are running the specified protocol. For example, the TACACS server group can only have TACACS server hosts.
The administrator for the Switch may set up five different authentication techniques per userdefined method list (TACACS / XTACACS / TACACS+ / RADIUS / local / none) for authentication.
These techniques will be listed in an order preferable, and defined by the user for normal user authentication on the Switch, and may contain up to eight authentication techniques. When a user attempts to access the Switch, the Switch will select the first technique listed for authentication. If the first technique goes through its server hosts and no authentication is returned, the Switch will then go to the next technique listed in the server group for authentication, until the authentication has been verified or denied, or the list is exhausted.
Note: User granted access to the Switch will be granted normal user privileges on the
Switch. To gain access to admin level privileges, the user must enter the enable admin command and then enter a password, which was previously configured by the administrator of the Switch.
Note: TACACS, XTACACS and TACACS+ are separate entities and are not compatible.
The Switch and the server must be configured exactly the same, using the same protocol. (For example, if the Switch is set up for TACACS authentication, so must be the host server.)
4-1 enable authen_policy
Description
This command is used to enable system access authentication policy. When enabled, the device will adopt the login authentication method list to authenticate the user for login, and adopt the enable authentication mothod list to authenticate the enable password for promoting the user‘s privilege to Administrator level.
59
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format enable authen_policy
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To enable system access authentication policy:
DGS-3620-28PC:admin#enable authen_policy
Command: enable authen_policy
Success.
DGS-3620-28PC:admin#
4-2 disable authen_policy
Description
This command is used to disable system access authentication policy. When authentication is disabled, the device will adopt the local user account database to authenticate the user for login, and adopt the local enable password to authenticate the enable password for promoting the user‘s privilege to Administrator level.
Format disable authen_policy
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To disable system access authentication policy:
DGS-3620-28PC:admin#disable authen_policy
Command: disable authen_policy
60
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Success.
DGS-3620-28PC:admin#
4-3 show authen_policy
Description
This command is used to display whether system access authentication policy is enabled or disabled.
Format show authen_policy
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To display system access authentication policy:
4-4
DGS-3620-28PC:admin#show authen_policy
Command: show authen_policy
Authentication Policy : Disabled
Authentication Policy Encryption: Disabled
DGS-3620-28PC:admin#
enable authen_policy_encryption
Description
This command is used to enable the authentication policy encryption. When enabled, TACACS+ and RADIUS key will be in the encrypted form.
Format enable authen_policy_encryption
Parameters
None.
61
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator-level users can issue this command.
Example
To enable the authentication policy encryption:
DGS-3620-28PC:admin#enable authen_policy_encryption
Command: enable authen_policy_encryption
Success.
DGS-3620-28PC:admin#
4-5 disable authen_policy_encryption
Description
This command is used to disable the authentication policy encryption. When disabled, TACACS+ and RADIUS key will be in the plain text form.
Format disable authen_policy_encryption
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To disable the authentication policy encryption:
4-6
DGS-3620-28PC:admin#disable authen_policy_encryption
Command: disable authen_policy_encryption
Success.
DGS-3620-28PC:admin#
create authen_login method_list_name
Description
This command is used to create a user-defined method list of authentication methods for user login. The maximum supported number of the login method lists is eight.
62
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format create authen_login method_list_name <string 15>
Parameters
<string 15> - Enter the user-defined method list name.
Restrictions
Only Administrator-level users can issue this command.
Example
To create a user-defined method list for user login:
DGS-3620-28PC:admin#create authen_login method_list_name login_list_1
Command: create authen_login method_list_name login_list_1
Success.
DGS-3620-28PC:admin#
4-7 config authen_login
Description
This command is used to configure a user-defined or default method list of authentication methods for user login. The sequence of methods will affect the authentication result. For example, if the sequence is TACACS+ first, then TACACS and local, when a user trys to login, the authentication request will be sent to the first server host in the TACACS+ built-in server group. If the first server host in the TACACS+ group is missing, the authentication request will be sent to the second server host in the TACACS+ group, and so on. If all server hosts in the TACACS+ group are missing, the authentication request will be sent to the first server host in the TACACS group. If all server hosts in a TACACS group are missing, the local account database in the device is used to authenticate this user. When a user logs in to the device successfully while using methods like
TACACS/XTACACS/TACACS+/RADIUS built-in or user-defined server groups or none, the “user” privilege level is assigned only. If a user wants to get admin privilege level, the user must use the
“enable admin” command to promote his privilege level. But when the local method is used, the privilege level will depend on this account privilege level stored in the local device.
Format config authen_login [default | method_list_name <string 15>] method {tacacs | xtacacs | tacacs+ | radius | server_group <string 15> | local | none}(1)
Parameters
default – Specify the default method list of authentication methods.
method_list_name - Specifies the user-defined method list of authentication methods.
<string 15> - Enter the user-defined method list of authentication methods. The method list name can be up to 15 characters long.
method - Choose the desired authentication method:
63
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
tacacs - Specifies authentication by the built-in server group TACACS.
xtacacs - Specifies authentication by the built-in server group XTACACS.
tacacs+ - Specifies authentication by the built-in server group TACACS+.
radius - Specifies authentication by the built-in server group RADIUS.
server_group - Specifies authentication by the user-defined server group.
<string 15> - Enter authentication by the user-defined server group. The server group value can be up to 15 characters long.
local - Specifies authentication by local user account database in the device.
none - Specifies no authentication.
Restrictions
Only Administrator-level users can issue this command.
Example
To configure a user-defined method list for user login:
DGS-3620-28PC:admin#config authen_login method_list_name login_list_1 method tacacs+ tacacs local
Command: config authen_login method_list_name login_list_1 method tacacs+ tacacs local
Success.
DGS-3620-28PC:admin#
4-8 delete authen_login method_list_name
Description
This command is used to delete a user-defined method list of authentication methods for user login.
Format delete authen_login method_list_name <string 15>
Parameters
<string 15> - Enter the user-defined method list name.
Restrictions
Only Administrator-level users can issue this command.
Example
To delete a user-defined method list for user login:
DGS-3620-28PC:admin#delete authen_login method_list_name login_list_1
Command: delete authen_login method_list_name login_list_1
Success.
64
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
4-9
DGS-3620-28PC:admin#
show authen_login
Description
This command is used to display the method list of authentication methods for user login.
Format show authen_login [default | method_list_name <string 15> | all]
Parameters
default – Specify to display the default method list for user login.
method_list_name - Specifies the user-defined method list for user login.
<string 15> - Enter the user-defined method list for user login. The method list name can be up to 15 characters long.
all – Specify to display all method lists for user login.
Restrictions
Only Administrator-level users can issue this command.
Example
To display a user-defined method list for user login:
DGS-3620-28PC:admin#show authen_login method_list_name login_list_1
Command: show authen_login method_list_name login_list_1
Method List Name Priority Method Name Comment
---------------- -------- --------------- ------------------ login_list_1 1 tacacs+ Built-in Group
2 tacacs Built-in Group
3 mix_1 User-defined Group
4 local Keyword
DGS-3620-28PC:admin#
4-10 create authen_enable method_list_name
Description
This command is used to create a user-defined method list of authentication methods for promoting a user's privilege to Admin level. The maximum supported number of the enable method lists is eight.
Format create authen_enable method_list_name <string 15>
65
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<string 15> - Enter the user-defined method list name.
Restrictions
Only Administrator-level users can issue this command.
Example
To create a user-defined method list for promoting a user's privilege to Admin level:
DGS-3620-28PC:admin#create authen_enable method_list_name enable_list_1
Command: create authen_enable method_list_name enable_list_1
Success.
DGS-3620-28PC:admin#
4-11 config authen_enable
Description
This command is used to configure a user-defined or default method list of authentication methods for promoting a user's privilege to Admin level. The sequence of methods will effect the authencation result. For example, if the sequence is TACACS+ first, then TACACS and local_enable, when a user tries to promote a user's privilege to Admin level, the authentication request will be sent to the first server host in the TACACS+ built-in server group. If the first server host in the TACACS+ group is missing, the authentication request will be sent to the second server host in the TACACS+ group, and so on. If all server hosts in the TACACS+ group are missing, the authentication request will be sent to the first server host in the TACACS group. If all server hosts in the TACACS group are missing, the local enable password in the device is used to authenticate this user’s password. The local enable password in the device can be configured by the CLI command config admin local_enable.
Format config authen_enable [default | method_list_name <string 15>] method {tacacs | xtacacs | tacacs+ | radius | server_group <string 15> | local_enable | none}(1)
Parameters
default - Specifies the default method list of authentication methods.
method_list_name - Specifies the user-defined method list of authentication methods.
<string 15> - Enter the user-defined method list of authentication methods. The method list name can be up to 15 characters long.
method - Choose the desired authentication method:
tacacs - Specifies authentication by the built-in server group TACACS.
xtacacs - Specifies authentication by the built-in server group XTACACS.
tacacs+ - Specifies authentication by the built-in server group TACACS+.
radius - Specifies authentication by the built-in server group RADIUS.
server_group - Specifies authentication by the user-defined server group.
<string 15> - Enter authentication by the user-defined server group. The server group value can be up to 15 characters long.
66
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
local_enable - Specifies authentication by local enable password in the device.
none - Specifies no authentication.
Restrictions
Only Administrator-level users can issue this command.
Example
To configure a user-defined method list for promoting a user's privilege to Admin level:
DGS-3620-28PC:admin#config authen_enable method_list_name enable_list_1 method tacacs+ tacacs local_enable
Command: config authen_ enable method_list_name enable_list_1 method tacacs+ tacacs local_enable
Success.
DGS-3620-28PC:admin#
4-12 delete authen_enable method_list_name
Description
This command is used to delete a user-defined method list of authentication methods for promoting a user's privilege to Administrator level.
Format delete authen_enable method_list_name <string 15>
Parameters
<string 15> - Enter the user-defined method list name.
Restrictions
Only Administrator-level users can issue this command.
Example
To delete a user-defined method list for promoting a user's privilege to Admin level:
DGS-3620-28PC:admin#delete authen_enable method_list_name enable_list_1
Command: delete authen_enable method_list_name enable_list_1
Success.
DGS-3620-28PC:admin#
67
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
4-13 show authen_enable
Description
This command is used to display the method list of authentication methods for promoting a user's privilege to Administrator level.
Format show authen_enable [default | method_list_name <string 15> | all]
Parameters
default - Specifies to display the default method list for promoting a user's privilege to
Administrator level.
method_list_name - Specifies the user-defined method list for promoting a user's privilege to
Administrator level.
<string 15> - Enter the user-defined method list for a promoting a user's privilege to
Administrator level . The method list name value can be up to 15 characters long.
all - Specifies to display all method lists for promoting a user's privilege to Administrator level.
Restrictions
Only Administrator-level users can issue this command.
Example
To display all method lists for promoting a user's privilege to Administrator level:
DGS-3620-28PC:admin#show authen_enable all
Command: show authen_enable all
Method List Name Priority Method Name Comment
---------------- -------- --------------- ------------------ default 1 local_enable Keyword enable_list_1 1 tacacs+ Built-in Group
2 tacacs Built-in Group
3 mix_1 User-defined Group
4 loca_enable Keyword enable_list_2 1 tacacs+ Built-in Group
2 radius Built-in Group
Total Entries : 3
DGS-3620-28PC:admin#
4-14 config authen application
Description
This command is used to configure login or enable method list for all or the specified application.
68
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config authen application [console | telnet | ssh | http | all] [login | enable] [default | method_list_name <string 15>]
Parameters
console - Specifies an application: console.
telnet - Specifies an application: Telnet.
ssh - Specifies an application: SSH.
http - Specifies an application: Web.
all - Specifies all applications: console, Telnet, SSH, and Web.
login - Specifies the method list of authentication methods for user login.
enable - Specifies the method list of authentication methods for promoting user privilege to
Administrator level.
default - Specifies the default method list.
method_list_name - Specifies the user-defined method list name.
<string 15> - Enter the user-defined method list name. The method list name value can be up to 15 characters long.
Restrictions
Only Administrator-level users can issue this command.
Example
To configure the login method list for Telnet:
DGS-3620-28PC:admin#config authen application telnet login method_list_name login_list_1
Command: config authen application telnet login method_list_name login_list_1
Success.
DGS-3620-28PC:admin#
4-15 show authen application
Description
This command is used to display the login/enable method list for all applications.
Format show authen application
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
69
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To display the login and enable method list for all applications:
DGS-3620-28PC:admin#show authen application
Command: show authen application
Application Login Method List Enable Method List
----------- ----------------- ------------------
Console default default
Telnet login_list_1 default
SSH default default
HTTP default default
DGS-3620-28PC:admin#
4-16 create authen server_group
Description
This command is used to create a user-defined authentication server group. The maximum supported number of server groups including built-in server groups is eight. Each group consists of eight server hosts as maximum.
Format create authen server_group <string 15>
Parameters
<string 15> - Enter the user-defined server group name.
Restrictions
Only Administrator-level users can issue this command.
Example
To create a user-defined authentication server group:
DGS-3620-28PC:admin#create authen server_group mix_1
Command: create authen server_group mix_1
Success.
DGS-3620-28PC:admin#
4-17 config authen server_group
Description
This command is used to add or remove an authentication server host to or from the specified server group. Built-in server group tacacs, xtacacs, tacacs+, and RADIUS accept the server host with the same protocol only, but user-defined server group can accept server hosts with different
70
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
protocols. The server host must be created first by using the CLI command create authen
server_host.
Format config authen server_group [tacacs | xtacacs | tacacs+ | radius | <string 15>] [add | delete] server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]
Parameters
tacacs - Specifies the built-in server group TACACS.
xtacacs - Specifies the built-in server group XTACACS.
tacacs+ - Specifies the built-in server group TACACS+.
radius – Specify the built-in server group RADIUS.
<string 15> - Enter a user-defined server group.
add - Specifies to add a server host to a server group.
delete - Specifies to remove a server host from a server group.
server_host - Specifies the server host’s IP address.
<ipaddr> - Enter the server host’s IP address.
protocol - Specifies the server host’s type of authentication protocol.
tacacs - Specifies the server host’s authentication protocol TACACS.
xtacacs - Specifies the server host’s authentication protocol XTACACS.
tacacs+ - Specifies the server host’s authentication protocol TACACS+.
radius - Specifies the server host’s authentication protocol RADIUS.
Restrictions
Only Administrator-level users can issue this command.
Example
To add an authentication server host to a server group:
DGS-3620-28PC:admin#config authen server_group mix_1 add server_host 10.1.1.222 protocol tacacs+
Command: config authen server_group mix_1 add server_host 10.1.1.222 protocol tacacs+
Success.
DGS-3620-28PC:admin#
4-18 delete authen server_group
Description
This command is used to delete a user-defined authentication server group.
Format delete authen server_group <string 15>
71
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<string 15> - Enter the user-defined server group name.
Restrictions
Only Administrator-level users can issue this command.
Example
To delete a user-defined authentication server group:
DGS-3620-28PC:admin#delete authen server_group mix_1
Command: delete authen server_group mix_1
Success.
DGS-3620-28PC:admin#
4-19 show authen server_group
Description
This command is used to display the authentication server groups.
Format show authen server_group {<string 15>}
Parameters
<string 15> - (Optional) Specifies the built-in or user-defined server group name.
Restrictions
Only Administrator-level users can issue this command.
Example
To display all authentication server groups:
DGS-3620-28PC:admin#show authen server_group
Command: show authen server_group
Group Name IP Address Protocol
--------------- --------------- -------- mix_1 10.1.1.222 TACACS+ radius 10.1.1.224 RADIUS tacacs 10.1.1.225 TACACS tacacs+ 10.1.1.226 TACACS+ xtacacs 10.1.1.227 XTACACS
Total Entries : 5
72
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#
4-20 create authen server_host
Description
This command is used to create an authentication server host. When an authentication server host is created, the IP address and protocol are the index. That means more than one authentication protocol service can be run on the same physical host. The maximum supported number of server hosts is 16.
Format create authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int
1-65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int
1-255> | retransmit <int 1-20>}
Parameters
<ipaddr> - Enter the server host’s IP address.
protocol - Specifies the server host’s type of authentication protocol.
tacacs - Specifies the server host’s authentication protocol TACACS.
xtacacs - Specifies the server host’s authentication protocol XTACACS.
tacacs+ - Specifies the server host’s authentication protocol TACACS+.
radius - Specifies the server host’s authentication protocol RADIUS.
port - (Optional) Specifies the port number of the authentication protocol for the server host. The default value for TACACS/XTACACS/TACACS+ is 49. The default value for RADIUS is 1812.
<int 1-65535> - Enter the port number of the authentication protocol for the server host. The default value for TACACS/XTACACS/TACACS+ is 49. The default value for RADIUS is
1812. The port number must be between 1 and 65535.
key - (Optional) Specifies the key for TACACS+ and RADIUS authentication.
<key_string 254> - Enter the key for TACACS+ and RADIUS authenticaiton. If the value is null, no encryption will apply. This value is meaningless for TACACS and XTACACS.
none - No encryption for TACACS+ and RADIUS authenticaiton. This value is meaningless for TACACS and XTACACS.
encryption_key - (Optional) Specifies the encrypted form key string for TACACS+ and RADIUS authentication. This value is meaningless for TACACS and XTACACS. The encryption algorithm is based on DES.
<key_string 344> - Enter the encrypted form key string for TACACS+ and RADIUS authentication.
timeout - (Optional) Specifies the time in seconds for waiting for a server reply. The default value is 5 seconds.
<int 1-255> - Enter the time in seconds for waiting for a server reply. The default value is 5 seconds. The timeout value must be between 1 and 255 seconds.
retransmit - (Optional) Specifies the count for re-transmit. This value is meaningless for
TACACS+. The default value is 2.
<int 1-20> - Enter the count for re-transmit. This value is meaningless for TACACS+. The default value is 2. The re-transmit value must be between 1 and 20.
Restrictions
Only Administrator-level users can issue this command.
73
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To create a TACACS+ authentication server host with a listening port number of 15555 and a timeout value of 10 seconds:
DGS-3620-28PC:admin#create authen server_host 10.1.1.222 protocol tacacs+ port
15555 key "123" timeout 10
Command: create authen server_host 10.1.1.222 protocol tacacs+ port 15555 key
"123" timeout 10
Success.
DGS-3620-28PC:admin#
4-21 config authen server_host
Description
This command is used to configure an authentication server host.
Format config authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius] {port <int
1-65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int
1-255> | retransmit <int 1-20>}(1)
Parameters
<ipaddr> - Enter the server host’s IP address.
protocol - Specifies the server host’s type of authentication protocol.
tacacs - Specifies the server host’s authentication protocol TACACS.
xtacacs - Specifies the server host’s authentication protocol XTACACS.
tacacs+ - Specifies the server host’s authentication protocol TACACS+.
radius - Specifies the server host’s authentication protocol RADIUS.
port - Specifies the port number of the authentication protocol for the server host. The default value for TACACS/XTACACS/TACACS+ is 49. The default value for RADIUS is 1812.
<int 1-65535> - Enter the port number of the authentication protocol for the server host. The default value for TACACS/XTACACS/TACACS+ is 49. The default value for RADIUS is
1812. The port number must be between 1 and 65535.
key - Specifies the key for TACACS+ and RADIUS authentication.
<key_string 254> - Enter the key for TACACS+ and RADIUS authentication. If the value is null, no encryption will apply. This value is meaningless for TACACS and XTACACS.
none - Specifies no encryption for TACACS+ and RADIUS authentication. This value is meaningless for TACACS and XTACACS.
encryption_key - (Optional) Specifies the encrypted form key string for TACACS+ and RADIUS authentication. This value is meaningless for TACACS and XTACACS. The encryption algorithm is based on DES.
<key_string 344> - Enter the encrypted form key string for TACACS+ and RADIUS authentication.
timeout - Specifies the time in seconds for waiting for a server reply. The default value is 5 seconds.
<int 1-255> - Enter the time in seconds for waiting for a server reply. The default value is 5 seconds. The timeout value must be between 1 and 255 seconds.
retransmit - Specifies the count for re-transmit. This value is meaningless for TACACS+. The default value is 2.
<int 1-20> - Enter the count for re-transmit. This value is meaningless for TACACS+. The default value is 2. The re-transmit value must be between 1 and 20.
74
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator-level users can issue this command.
Example
To configure a TACACS+ authentication server host’s key value:
DGS-3620-28PC:admin#config authen server_host 10.1.1.222 protocol tacacs+ key
"abc123"
Command: config authen server_host 10.1.1.222 protocol tacacs+ key "abc123"
Success.
DGS-3620-28PC:admin#
4-22 delete authen server_host
Description
This command is used to delete an authentication server host.
Format delete authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]
Parameters
<ipaddr> - Enter the server host’s IP address.
protocol - Specifies the server host’s type of authentication protocol.
tacacs - Specifies the server host’s authentication protocol TACACS.
xtacacs - Specifies the server host’s authentication protocol XTACACS.
tacacs+ - Specifies the server host’s authentication protocol TACACS+.
radius - Specifies the server host’s authentication protocol RADIUS.
Restrictions
Only Administrator-level users can issue this command.
Example
To delete an authentication server host:
DGS-3620-28PC:admin#delete authen server_host 10.1.1.222 protocol tacacs+
Command: delete authen server_host 10.1.1.222 protocol tacacs+
Success.
DGS-3620-28PC:admin#
75
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
4-23 show authen server_host
Description
This command is used to display authentication server hosts.
Format show authen server_host
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To display all authentication server hosts:
DGS-3620-28PC:admin#show authen server_host
Command: show authen server_host
IP Address Protocol Port Timeout Retransmit Key
--------------- -------- ----- ------- ---------- -----------------------
10.1.1.222 TACACS+ 15555 10 ------ 123
Total Entries : 1
DGS-3620-28PC:admin#
4-24 config authen parameter response_timeout
Description
This command is used to configure the amount of time waiting for users to input on the console and Telnet applications.
Format config authen parameter response_timeout <int 0-255>
Parameters
<int 0-255> - Enter the amount of time for user input on console or Telnet. 0 means there is no time out. The default value is 30 seconds.
Restrictions
Only Administrator-level users can issue this command.
76
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure 60 seconds for user to input:
DGS-3620-28PC:admin#config authen parameter response_timeout 60
Command: config authen parameter response_timeout 60
Success.
DGS-3620-28PC:admin#
4-25 config authen parameter attempt
Description
This command is used to configure the maximum attempts for users trying to login or promote the privilege on console or Telnet applications. If the failure value is exceeded, connection or access will be locked.
Format config authen parameter attempt <int 1-255>
Parameters
<int 1-255> - Enter the amount of attempts for users trying to login or promote the privilege on console or Telnet. The default value is 3.
Restrictions
Only Administrator-level users can issue this command.
Example
To configure the maximum attempts for users trying to login or promote the privilege to be 9:
DGS-3620-28PC:admin#config authen parameter attempt 9
Command: config authen parameter attempt 9
Success.
DGS-3620-28PC:admin#
4-26 show authen parameter
Description
This command is used to display the authentication parameters.
Format show authen parameter
77
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To display the authentication parameters:
DGS-3620-28PC:admin# show authen parameter
Command: show authen parameter
Response Timeout : 60 seconds
User Attempts : 9
DGS-3620-28PC:admin#
4-27 enable admin
Description
This command is used to promote the "user" privilege level to "admin" level. When the user enters this command, the authentication method RADIUS, TACACS, XTACAS, TACACS+, user-defined server groups, local enable, or none will be used to authenticate the user. Because TACACS,
XTACACS and RADIUS don't support the enable function by themselves, if a user wants to use either one of these three protocols to enable authentication, the user must create a special account on the server host first, which has a username enable and then configure its password as the enable password to support the "enable" function. This command cannot be used when authentication policy is disabled.
Format enable admin
Parameters
None.
Restrictions
None.
Example
To enable administrator lever privilege:
DGS-3620-28PC:admin# enable admin
Password:********
78
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#
4-28 config admin local_enable
Description
This command is used to configure the local enable password for the enable command. When the user chooses the local_enable method to promote the privilege level, the enable password of the local device is needed.
Format config admin local_enable {encrypt [plain_text | sha_1] <password>}
Parameters
encrypt - (Optional) Specifies the encryption method used.
plain_text - Specifies that the password will be in the plain text form.
sha_1 - Specifies that the password will be in the SHA-1 encrypted form.
<password> - Enter the password. Plain text password must be between 0 and 15 characters. The length of SHA-1 encrypted passwords are fixed to 35 bytes long and the password is case-sensitive.
Restrictions
Only Administrator-level users can issue this command.
Example
To configure the administrator password:
DGS-3620-28PC:admin#config admin local_enable
Command: config admin local_ebable
Enter the old password:
Enter the case-sensitive new password:******
Enter the new password again for confirmation:******
Success.
DGS-3620-28PC:admin#
4-29 create aaa server_group
Description
This command is used to create a group of user-defined AAA servers. The maximum number of supported server groups, including the built-in server groups, is 8. Each group can have a maximum of 8 server hosts.
Format create aaa server_group <string 15>
79
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<string 15> - Enter the user-defined server group name.
Restrictions
Only Administrator level can issue this command.
Example
To create a user-defined AAA server group called “mix_1”:
DGS-3620-28PC:admin#create aaa server_group mix_1
Command: create aaa server_group mix_1
Success.
DGS-3620-28PC:admin#
4-30 config aaa server_group
Description
This command is used to add or remove an AAA server host to or from the specified server group.
The built-in TACACS, XTACACS, TACACS+, and RADIUS server groups only accept server hosts with the same protocol, but a user-defined server group can accept server hosts with different protocols.
Format config aaa server_group [tacacs | xtacacs | tacacs+ | radius | group_name <string 15>] [add
| delete] server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]
Parameters
tacacs - Specifies the built-in TACACS server group.
xtacacs - Specifies the built-in XTACACS server group.
tacacs+ - Specifies the built-in TACACS+ server group.
radius - Specifies the built-in RADIUS server group.
group_name - Specifies a user-defined server group.
<string 15> - Enter the name of the server group.
add - Add a server host to the server group.
delete - Remove a server host to the server group.
server_host - Specifies the server host.
<ipaddr> - Enter the IP address of the server host.
protocol - Specifies the server host protocol.
tacacs - Specifies the server host using TACACS protocol.
xtacacs - Specifies the server host using XTACACS protocol.
tacacs+ - Specifies the server host using TACACS+ protocol.
radius - Specifies the server host using RADIUS protocol.
80
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator level can issue this command.
Example
To To add an AAA server host with an IP address of 10.1.1.222 to server group “mix_1”, specifying the TACACS+ protocol:
DGS-3620-28PC:admin#config aaa server_group group_name mix_1 add server_host
10.1.1.222 protocol tacacs+
Command: config aaa server_group group_name mix_1 add server_host 10.1.1.222 protocol tacacs+
Success.
DGS-3620-28PC:admin#
4-31 delete aaa server_group
Description
This command is used to delete a group of user-defined AAA servers.
Format delete aaa server_group <string 15>
Parameters
<string 15> - Enter the server group name to be deleted.
Restrictions
Only Administrator level can issue this command.
Example
To delete a user-defined AAA server group called “mix_1”:
DGS-3620-28PC:admin#delete aaa server_group mix_1
Command: delete aaa server_group mix_1
Success.
DGS-3620-28PC:admin#
4-32 delete aaa server_host
Description
This command is used to delete an AAA server host.
81
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format delete aaa server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+ | radius]
Parameters
Restrictions
Only Administrator level can issue this command.
<ipaddr> - Enter the IP address of the server host.
protocol – Specify the protocol.
tacacs – Specify TACACS server host.
xtacacs - Specifies XTACACS server host.
tacacs+ - Specifies TACACS+ server host.
radius - Specifies RADIUS server host.
Example
To tacacs | xtacacs | tacacs+| delete an AAA server host, with an IP address of 10.1.1.222, that is running the TACACS+ protocol:
DGS-3620-28PC:admin#delete aaa server_host 10.1.1.222 protocol tacacs+
Command: delete aaa server_host 10.1.1.222 protocol tacacs+
Success.
DGS-3620-28PC:admin#
4-33 show aaa
Description
This command is used to display AAA global configuration.
Format show aaa
Parameters
None.
Restrictions
None.
Example
To display AAA global configuration:
82
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#show aaa
Command: show aaa
Authentication Policy: Enabled
Accounting Network Service State: AAA Method
Accounting Network Service Method: acc_telnet
Accounting Shell Service State: RADIUS Only
Accounting Shell Service Method:
Accounting System Service State: Disabled
Accounting System Service Method:
Accounting Admin Command Service Method:
Accounting Operator Command Service Method:
Accounting PowerUser Command Service Method:
Accounting User Command Service Method:
Authentication Policy Encryption: Enabled
DGS-3620-28PC:admin#
4-34 show aaa server_group
Description
This command is used to display the groups of AAA servers groups.
Format show aaa server_group {<string 15>}
Parameters
<string 15> - (Optional) Specifies the built-in or user-defined server group name.
Restrictions
Only Administrator level can issue this command.
Example
To display all AAA server groups:
83
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#show aaa server_group
Command: show aaa server_group
Group Name IP Address Protocol
--------------- --------------------------------------- -------- mix_1 --------------------------------------- -------- radius --------------------------------------- -------- tacacs --------------------------------------- -------- tacacs+ --------------------------------------- -------- xtacacs --------------------------------------- --------
Total Entries : 5
DGS-3620-28PC:admin#
4-35 show aaa server_host
Description
This command is used to display the AAA server hosts.
Format show aaa server_host
Parameters
None.
Restrictions
Only Administrator level can issue this command.
Example
To display all AAA server hosts:
DGS-3620-28PC:admin#show aaa server_host
Command: show aaa server_host
IP Address Protocl Port Acct Time Retry Key
Port out
-------------------- ------- ----- ----- ---- ----- ---------------------------
10.1.1.222 RADIUS 15555 1813 10 2 ******
Total Entries : 1
DGS-3620-28PC:admin#
84
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
4-36 enable aaa_server_password_encryption
Description
This command is used to enable AAA server password encryption.
Format enable aaa_server_password_encryption
Parameters
None.
Restrictions
Only Administrator level can issue this command.
Example
To enable AAA server password encryption:
DGS-3620-28PC:admin#enable aaa_server_password_encryption
Command: enable aaa_server_password_encryption
Success.
DGS-3620-28PC:admin#
4-37 disable aaa_server_password_encryption
Description
This command is used to disable AAA server password encryption.
Format disable aaa_server_password_encryption
Parameters
None.
Restrictions
Only Administrator level can issue this command.
Example
To disable AAA server password encryption:
85
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#disable aaa_server_password_encryption
Command: disable aaa_server_password_encryption
Success.
DGS-3620-28PC:admin#
4-38 config accounting
Description
This command is used to configure a user-defined or default method list of accounting methods.
Format config accounting [default | method_list_name <string 15>] method {tacacs+ | radius | server_group <string 15> | none}
Parameters
Restrictions
Only Administrator level users can issue this command.
default - Specifies the default method list of accounting methods.
method_list_name - Specifies the user-defined method list of accounting methods.
<string 15> - Enter the user-defined method list name here. This name can be up to 15 characters long.
method - Specifies the accounting method used.
tacacs+ - Specifies to use the built-in server group 'tacacs+'.
radius - Specifies to use the built-in server group 'radius'.
server_group - Specifies the user-defined server group. If the group contains 'tacacs' or
'xtacacs' server, it will be skipped in accounting.
<string 15> - Enter the user-defined server group name here. This name can be up to 15 characters long.
none - Specifies no accounting.
Example
To configure a user-defined method list called “shell_acct”, that specifies a sequence of the built-in
“tacacs+” server group, followed by the “radius” server group for accounting service on switch:
DGS-3620-28PC:admin#config accounting method_list_name shell_acct method tacacs+ radius
Command: config accounting method_list_name shell_acct method tacacs+ radius
Success.
DGS-3620-28PC:admin#
86
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
4-39 config accounting service
Description
This command is used to configure the state of the specified RADIUS accounting service.
Format config accounting service [network | shell | system] state [enable {[radius_only | method_list_name <string 15> | default_method_list]} | disable]
Parameters
network - Specifies that when enabled, the Switch will send informational packets to a remote
RADIUS server when 802.1X, WAC and JWAC port access control events occur on the
Switch. By default, the service is disabled.
shell - Specifies that when enabled, the Switch will send informational packets to a remote
RADIUS server when a user either logs in, logs out or times out on the Switch, using the console, Telnet, or SSH. By default, the service is disabled.
system - Specifies that when enabled, the Switch will send informational packets to a remote
RADIUS server when system events occur on the Switch, such as a system reset or system boot. By default, the service is disabled.
state - Specifies the state of the accounting service.
enable - Enable the specified accounting service.
radius_only - Specifies that the accounting service should only use the RADIUS group specified by the config radius add <server_index 1-3> [<server_ip> | <ipv6addr>]” command.
method_list_name - Specifies that the accounting service should use the AAA userdefined method list specified by the “create accounting method_list_name <string 15>” command.
<string 15> - Enter the method list name used here. This name can be up to 15 characters long.
default_method_list - Specifies that the accounting service should use the AAA default method list.
disable - Disable the specified accounting service.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the state of the RADIUS accounting service shell to enable:
DGS-3620-28PC:admin# config accounting service shell state enable
Command: config accounting service shell state enable
Success
DGS-3620-28PC:admin#
4-40 config accounting service command
Description
This command is used to configure the state of the specified accounting service.
87
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config accounting service command {administrator | operator | power_user | user}
[method_list_name <string> | none]
Parameters
administrator - (Optional) Specifies the accounting service for all administrator level commands.
operator - (Optional) Specifies the accounting service for all operator level commands.
power_user - (Optional) Specifies the accounting service for all power-user level commands.
user - (Optional) Specifies the accounting service for all user level commands.
method_list_name - Specifies the accounting service by the AAA user-defined method list.
Note: The accounting command only supports the TACACS+ server. The other servers that exist in the method list will be skipped.
<string> - Enter the method list name used here.
none - Specifies to disable accounting services for the specified command level.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the AAA accounting methodlist “admin_acct” for accounting to all administrator commands:
DGS-3620-28PC:admin#config accounting service command administrator method_list_name admin_acct
Command: config accounting service command administrator method_list_name admin_acct
Success.
DGS-3620-28PC:admin#
4-41 create accounting method_list_name
Description
This command is used to create a user-defined method list of accounting methods.
Format create accounting method_list_name <string 15>
Parameters
<string 15> - Enter the name of the user-defined method list here. This name can be up to 15 characters long.
Restrictions
Only Administrator level users can issue this command.
88
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To create a user-defined accounting method list called “shell_acct”:
DGS-3620-28PC:admin#create accounting method_list_name shell_acct
Command: create accounting method_list_name shell_acct
Success.
DGS-3620-28PC:admin#
4-42 delete accounting method_list_name
Description
This command is used to delete a user-defined method list of accounting methods.
Format delete accounting method_list_name <string 15>
Parameters
<string 15> - Enter the name of the user-defined method list here. This name can be up to 15 characters long.
Restrictions
Only Administrator level users can issue this command.
Example
To delete the user-defined accounting method list called “shell_acct” from switch:
DGS-3620-28PC:admin#delete accounting method_list_name shell_acct
Command: delete accounting method_list_name shell_acct
Success.
DGS-3620-28PC:admin#
4-43 show accounting
Description
This command is used to display the method list of accounting methods on switch.
Format show accounting [default | method_list_name <string 15> | all]
89
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
default - Displays the user-defined list of default accounting methods.
method_list_name - Displays the user-defined list of specific accounting methods.
<string 15> - Enter the user-defined method list name here. This name can be up to 15 characters long.
all - Displays all accounting method lists on switch.
Restrictions
Only Administrator level users can issue this command.
Example
To display the user-defined accounting method list called “shell_acct”:
DGS-3620-28PC:admin#show accounting method_list_name shell_acct
Command: show accounting method_list_name shell_acct
Method List Name Priority Method Name Comment
---------------- -------- --------------- ------------------ shell_acct 1 none Keyword
DGS-3620-28PC:admin#
4-44 show accounting service
Description
This command is used to display RADIUS accounting service information.
Format show accounting service
Parameters
None.
Restrictions
None.
Example
To display accounting service information:
DGS-3620-28PC:admin#show accounting service
Command: show accounting service
Accounting State
-------------------
Network : Disabled
90
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Shell : Disabled
System : Disabled
DGS-3620-28PC:admin#
4-45 create radius server_host
Description
This command is used to create an RADIUS server host.
Format create radius server_host <ipaddr> {auth_port <int 1-65535> | acct_port <int 1-65535> | [key
[<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255> | retransmit <int 1-20>}
Parameters
<ipaddr> - Enter the IP address of the server host.
auth_port - (Optional) Specifies the port of the RADIUS authentication.
<int 1-65535> - Enter the value between 1 and 65535. The default value is 1812.
acct_port - (Optional) Specifies the port of the RAIDUS accounting.
<int 1-65535> - Enter the value between 1 and 65535. The default value is 1813.
key - (Optional) Specifies the key for RADIUS.
<key_string 254> - Enter the plain text key string for RADIUS.
none - No encryption for RADIUS.
encryption_key - (Optional) The encrypted form key string for RADIUS. The encryption algorithm is based on DES.
<key_string 344> - Etner the string with maximum 344 characters.
timeout - (Optional) Specifies the time in second to wait for the server to reply.
<int 1-255> - Enter the value between 1 and 255. The default value is 5.
retransmit - (Optional) Specifies the count for re-transmissions.
<int 1-20> - Enter the value between 1 and 20. The default value is 2.
Restrictions
Only Administrator level can issue this command.
Example
To create an RADIUS server host:
DGS-3620-28PC:admin#create radius server_host 10.1.1.222 auth_port 15555 timeout 10
Command: create radius server_host 10.1.1.222 auth_port 15555 timeout 10
Key is empty for TACACS+ or RADIUS.
Success.
DGS-3620-28PC:admin#
91
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
4-46 config radius server_host
Description
This command is used to configure the RADIUS server host.
Format config radius server_host <ipaddr> {auth_port <int 1-65535> | acct_port <int 1-65535> | [key
[<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255> | retransmit <int 1-20>}
Parameters
<ipaddr> - Enter the IP address of the server host.
auth_port - (Optional) Specifies the port of the RADIUS authentication.
<int 1-65535> - Enter the value between 1 and 65535. The default value is 1812.
acct_port - (Optional) Specifies the port of the RAIDUS accounting.
<int 1-65535> - Enter the value between 1 and 65535. The default value is 1813.
key - (Optional) Specifies the key for RADIUS.
<key_string 254> - Enter the plain text key string for RADIUS.
none - No encryption for RADIUS.
encryption_key - (Optional) The encrypted form key string for RADIUS. The encryption algorithm is based on DES.
<key_string 344> - Etner the string with maximum 344 characters.
timeout - (Optional) Specifies the time in second to wait for the server to reply.
<int 1-255> - Enter the value between 1 and 255. The default value is 5.
retransmit - (Optional) Specifies the count for re-transmissions.
<int 1-20> - Enter the value between 1 and 20. The default value is 2.
Restrictions
Only Administrator level can issue this command.
Example
To configure the RADIUS server host:
DGS-3620-28PC:admin#config radius server_host 10.1.1.222 key "abc123"
Command: config radius server_host 10.1.1.222 key "abc123"
Success.
DGS-3620-28PC:admin#
4-47 config radius source_ipif
Description
This command is used to specify source interface for all outgoing RADIUS packets.
Format config radius source_ipif [<ipif_name 12> {<ipaddr> | <ipv6addr>} | none]
92
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<ipif_name 12> - Enter the IP interface name used here.
<ipaddr> - Enter the IPv4 address used here.
<ipv6addr> - Enter the IPv6 address used here.
none - Specifies to revert to the default route table for all outgoing RADIUS packet.
Restrictions
Only Administrator level can issue this command.
Example
To specify an interface as the source interface for all outgoing RADIUS packets.
DGS-3620-28PC:admin#config radius source_ipif if_v200
Command: config radius source_ipif if_v200
Success.
DGS-3620-28PC:admin#
4-48 show radius source_ipif
Description
This command is used to display specified source interface for all outgoing RADIUS packets.
Format show radius source_ipif
Parameters
None.
Restrictions
Only Administrator level can issue this command.
Example
To display specified source interface for all outgoing RADIUS packets.
DGS-3620-28PC:admin#show radius source_ipif
Command: show radius source_ipif
IP Interface : if_v200
IPv4 Address : None
IPv6 Address : None
DGS-3620-28PC:admin#
93
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
4-49 create tacacs server_host
Description
This command is used to create a TACACS server host.
Format create tacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit
<int 1-20>}
Parameters
<ipaddr> - Enter the IP address of the server host.
port - (Optional) The port number of the TACACS server host.
<int 1-65535> - Enter the value between 1 and 65535. The default value is 49.
timeout - (Optional) Specifies the time in second to wait for the server to reply.
<int 1-255> - Enter the value between 1 and 255. The default value is 5.
retransmit - (Optional) Specifies the count for re-transmissions.
<int 1-20> - Enter the value between 1 and 20. The default value is 2.
Restrictions
Only Administrator level can issue this command.
Example
To create a TACACS server host:
DGS-3620-28PC:admin#create tacacs server_host 10.1.1.223 port 15555 timeout 10
Command: create tacacs server_host 10.1.1.223 port 15555 timeout 10
Success.
DGS-3620-28PC:admin#
4-50 config tacacs server_host
Description
This command is used to configure a TACACS server host.
Format config tacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit
<int 1-20>}
Parameters
<ipaddr> - Enter the IP address of the server host.
port - (Optional) The port number of the TACACS server host.
<int 1-65535> - Enter the value between 1 and 65535. The default value is 49.
94
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator level can issue this command.
timeout - (Optional) Specifies the time in second to wait for the server to reply.
<int 1-255> - Enter the value between 1 and 255. The default value is 5.
retransmit - (Optional) Specifies the count for re-transmissions.
<int 1-20> - Enter the value between 1 and 20. The default value is 2.
Example
To configure the TACACS server host:
DGS-3620-28PC:admin#config tacacs server_host 10.1.1.223 retransmit 5
Command: config tacacs server_host 10.1.1.223 retransmit 5
Key is meaningless for TACACS and XTACACS.
Success.
DGS-3620-28PC:admin#
4-51 create tacacs+ server_host
Description
This command is used to create a TACACS+ server host.
Format create tacacs+ server_host <ipaddr> {port <int 1-65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255>}
Parameters
Restrictions
Only Administrator level can issue this command.
<ipaddr> - Enter the IP address of the server host.
port - (Optional) The port number of the TACACS+ server host.
<int 1-65535> - Enter the value between 1 and 65535. The default value is 49.
key - (Optional) Specifies the key for TACACS+.
<key_string 254> - Enter the plain text key string for TACACS+.
none - No encryption for RADIUS.
encryption_key - (Optional) The encrypted form key string for TACACS+. The encryption algorithm is based on DES.
<key_string 344> - Etner the string with maximum 344 characters.
timeout - (Optional) Specifies the time in second to wait for the server to reply.
<int 1-255> - Enter the value between 1 and 255. The default value is 5.
Example
To create a TACACS+ server host:
95
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#create tacacs+ server_host 10.1.1.211 port 15555 timeout 10 key "abc123"
Command: create tacacs+ server_host 10.1.1.211 port 15555 timeout 10 key
"abc123"
Success.
DGS-3620-28PC:admin#
4-52 config tacacs+ server_host
Description
This command is used to configure the TACACS+ server host.
Format config tacacs+ server_host <ipaddr> {port <int 1-65535> | [key [<key_string 254> | none] | encryption_key <key_string 344>] | timeout <int 1-255>}
Parameters
<ipaddr> - Enter the IP address of the server host.
port - (Optional) The port number of the TACACS+ server host.
<int 1-65535> - Enter the value between 1 and 65535. The default value is 49.
key - (Optional) Specifies the key for TACACS+.
<key_string 254> - Enter the plain text key string for TACACS+.
none - No encryption for RADIUS.
encryption_key - (Optional) The encrypted form key string for TACACS+. The encryption algorithm is based on DES.
<key_string 344> - Etner the string with maximum 344 characters.
timeout - (Optional) Specifies the time in second to wait for the server to reply.
<int 1-255> - Enter the value between 1 and 255. The default value is 5.
Restrictions
Only Administrator level can issue this command.
Example
To configure the TACACS+ server host:
DGS-3620-28PC:admin#config tacacs+ server_host 10.1.1.211 key "abcd123"
Command: config tacacs+ server_host 10.1.1.211 key "abcd123"
Success.
DGS-3620-28PC:admin#
4-53 create xtacacs server_host
Description
This command is used to
96
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format create xtacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit
<int 1-20>}
Parameters
<ipaddr> - Enter the IP address of the server host.
port - (Optional) The port number of the XTACACS server host.
<int 1-65535> - Enter the value between 1 and 65535. The default value is 49.
timeout - (Optional) Specifies the time in second to wait for the server to reply.
<int 1-255> - Enter the value between 1 and 255. The default value is 5.
retransmit - (Optional) Specifies the count for re-transmissions.
<int 1-20> - Enter the value between 1 and 20. The default value is 2.
Restrictions
Only Administrator level can issue this command.
Example
To create a XTACACS server host:
DGS-3620-28PC:admin#create xtacacs server_host 10.1.1.224 port 15555 timeout 10
Command: create xtacacs server_host 10.1.1.224 port 15555 timeout 10
Success.
DGS-3620-28PC:admin#
4-54 config xtacacs server_host
Description
This command is used to configure a XTACACS server host.
Format config xtacacs server_host <ipaddr> {port <int 1-65535> | timeout <int 1-255> | retransmit
<int 1-20>}
Parameters
<ipaddr> - Enter the IP address of the server host.
port - (Optional) The port number of the XTACACS server host.
<int 1-65535> - Enter the value between 1 and 65535. The default value is 49.
timeout - (Optional) Specifies the time in second to wait for the server to reply.
<int 1-255> - Enter the value between 1 and 255. The default value is 5.
retransmit - (Optional) Specifies the count for re-transmissions.
<int 1-20> - Enter the value between 1 and 20. The default value is 2.
97
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator level can issue this command.
Example
To configure the XTACACS server host:
DGS-3620-28PC:admin#config xtacacs server_host 10.1.1.224 retransmit 5
Command: config xtacacs server_host 10.1.1.224 retransmit 5
Key is meaningless for TACACS and XTACACS.
Success.
DGS-3620-28PC:admin#
4-55 config tacacs source_ipif
Description
This command is used to specify the source interface for all outgoing TACACS packets.
Format config tacacs source_ipif [<ipif_name 12> {<ipaddr>} | none]
Parameters
<ipif_name 12> - Enter the interface name as source interface for all outgoing TACACS packets.
<ipaddr> - (Optional) Enter the IP address as source IPv4 address for all outgoing TACACS packets.
none - Specifies to revert to the default route table for all outgoing TACACS packet.
Restrictions
Only Administrator level can issue this command.
Example
To specify a source interface for all outgoing TACACS packets:
DGS-3620-28PC:admin#config tacacs source_ipif if_v200
Command: config tacacs source_ipif if_v200
Success.
DGS-3620-28PC:admin#
4-56 show tacacs source_ipif
Description
This command is used to display the specified source interface for all outgoing TACACS packets.
98
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format show tacacs source_ipif
Parameters
None.
Restrictions
Only Administrator level can issue this command.
Example
To display the specified source interface for all outgoing TACACS packets.
DGS-3620-28PC:admin#show tacacs source_ipif
Command: show tacacs source_ipif
IP Interface : if_v200
IPv4 Address : None
DGS-3620-28PC:admin#
99
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 5 Access Control List
(ACL) Commands
create access_profile profile_id <value 1-6> profile_name <name 1-32> [ethernet {vlan {<hex
0x0-0x0fff>} | source_mac <macmask 000000000000-ffffffffffff> | destination_mac <macmask
000000000000-ffffffffffff> | 802.1p | ethernet_type}(1) | ip {vlan {<hex 0x0-0x0fff>} | source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff> {user_define_mask <hex
0x0-0xffffffff>}]}(1) | packet_content_mask {offset_chunk_1 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_2 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_3 <value 0-31> <hex 0x0-
0xffffffff> | offset_chunk_4 <value 0-31> <hex 0x0-0xffffffff>}(1) | ipv6 {class | flowlabel | source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask> | [tcp {src_port_mask
<hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | icmp {type | code}]}(1)]
delete access_profile [profile_id <value 1-6> | profile_name <name 1-32> | all]
config access_profile [profile_id <value 1-6> | profile_name <name 1-32>] [add access_id
[auto_assign | <value 1-256>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>]
{mask <hex 0x0-0x0fff>} | source_mac <macaddr> {mask <macmask>} | destination_mac
<macaddr> {mask <macmask>} | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>}(1) | ip
{[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-0x0fff>} | source_ip
<ipaddr> {mask <netmask>} | destination_ip <ipaddr> {mask <netmask>} | dscp<value 0-63> |
[icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-255>} | tcp {src_port
<value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}
| flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-65535> {mask <hex 0x0-
0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | protocol_id <value 0-255>
{user_define <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}]}(1) | packet_content
{offset_chunk_1 <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_2 <hex 0x0-
0xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_3 <hex 0x0-0xffffffff> {mask <hex 0x0-
0xffffffff>} | offset_chunk_4 <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}(1) | ipv6 {class
<value 0-255> | flowlabel <hex 0x0-0xfffff> | source_ipv6 <ipv6addr> {mask<ipv6mask>} | destination_ipv6 <ipv6addr> {mask <ipv6mask>} | [tcp {src_port<value 0-65535> {mask <hex
0x0-0xffff>} | dst_port <value 0-65535> {mask <hex0x0-0xffff>}} | udp {src_port <value 0-
65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | icmp
{type<value 0-255> | code <value 0-255>}]}(1)] [port [<portlist> | all] | vlan_based [vlan
<vlan_name 32> | vlan_id <vlanid 1-4094>]] [permit {priority <value 0-7> {replace_priority} |
[replace_dscp_with <value 0-63> | replace_tos_precedence_with <value 0-7>] | counter
[enable | disable] | urpf_state_check [enable | disable]} | mirror {group_id <value 1-4>} | deny]
{time_range <range_name 32>} | delete access_id <value 1-256>]
show access_profile {[profile_id <value 1-6> | profile_name <name 1-32>]}
config time_range <range_name 32> [hours start_time <time hh:mm:ss> end_time <time hh:mm:ss> weekdays <daylist> | delete]
show time_range show current_config access_profile
delete cpu access_profile [profile_id <value 1-5> | all]
create cpu access_profile profile_id <value 1-5> [ethernet {vlan | source_mac <macmask
000000000000-ffffffffffff> | destination_mac <macmask 000000000000-ffffffffffff> | 802.1p | ethernet_type}(1) | ip {vlan | source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask
<hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex
0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff>
{user_define_mask <hex 0x0-0xffffffff>}]}(1) | packet_content_mask {offset_0-15 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-
100
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}(1) | ipv6 {class | flowlabel
| source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask>}(1)]
config cpu access_profile profile_id <value 1-5> [add access_id [auto_assign | <value 1-100>]
[ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] | source_mac <macaddr> | destination_mac <macaddr> | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>} | ip {[vlan
<vlan_name 32> | vlan_id <vlanid 1-4094>] | source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-
255>} | tcp {src_port <value 0-65535> | dst_port <value 0-65535> | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-65535> | dst_port <value 0-65535>} | protocol_id
<value 0-255> {user_define <hex 0x0-0xffffffff>}]} | packet_content {offset_0-15 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>} | ipv6 {class <value 0-
255> | flowlabel <hex 0x0-0xfffff> | source_ipv6 <ipv6addr> | destination_ipv6 <ipv6addr>}] port [<portlist> | all] [permit | deny] {time_range <range_name 32>} | delete access_id <value
1-100>]
show cpu access_profile {profile_id <value 1-5>}
enable cpu_interface_filtering disable cpu_interface_filtering
config flow_meter [profile_id <value 1-6> | profile_name <name 1-32>] access_id <value 1-256>
[rate [<value 0-1048576>] {burst_size [<value 0-131072>]} rate_exceed [drop_packet | remark_dscp <value 0-63>] | tr_tcm cir <value 0-1048576> {cbs <value 0-131072>} pir <value
0-1048576> {pbs <value 0-131072>} {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit {replace_dscp <value
0-63>} | drop] {counter [enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop]
{counter [enable | disable]} | sr_tcm cir <value 0-1048576> cbs <value 0-131072> ebs <value
0-131072> {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>]
{counter [enable | disable]}} exceed [permit {replace_dscp <value 0-63>} | drop] {counter
[enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop] {counter [enable | disable]} | delete]
show flow_meter {[profile_id <value 1-6> | profile_name <name 1-32>] {access_id <value 1-
256>}}
5-1 create access_profile profile_id
Description
This command is used to create access list profiles.
Format create access_profile profile_id <value 1-6> profile_name <name 1-32> [ethernet {vlan
{<hex 0x0-0x0fff>} | source_mac <macmask 000000000000-ffffffffffff> | destination_mac
<macmask 000000000000-ffffffffffff> | 802.1p | ethernet_type}(1) | ip {vlan {<hex 0x0-0x0fff>}
| source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff> {user_define_mask
<hex 0x0-0xffffffff>}]}(1) | packet_content_mask {offset_chunk_1 <value 0-31> <hex 0x0-
0xffffffff> | offset_chunk_2 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_3 <value 0-31>
<hex 0x0-0xffffffff> | offset_chunk_4 <value 0-31> <hex 0x0-0xffffffff>}(1) | ipv6 {class |
101
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
flowlabel | source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask> | [tcp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | udp {src_port_mask
<hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | icmp {type | code}]}(1)]
Parameters
<value 1-6> - Enter the profile ID between 1 and 6. The lower the profile ID, the higher the priority.
profile_name - Specifies a profile name.
<name 1-32> - The maximum length is 32 characters.
ethernet - Specifies an Ethernet access control list rule.
vlan - Specifies a VLAN mask. Only the last 12 bits of the mask will be considered.
<hex 0x0-0x0fff> - (Optional) Specifies a VLAN mask.
source_mac - Specifies the source MAC mask.
<macmask 000000000000-ffffffffffff> - Enter the source MAC mask.
destination_mac - Specifies the destination MAC mask.
<macmask 000000000000-ffffffffffff> - Enter the destination MAC mask.
802.1p - Speciy the 802.1p priority tag mask.
ethernet_type - Specifies the Ethernet type.
ip - Specifies an IP access control list rule.
vlan - Specifies a VLAN mask. Only the last 12 bits of the mask will be considered.
<hex 0x0-0x0fff> - (Optional) Specifies a VLAN mask.
source_ip_mask - Specifies an IP source submask.
<netmask> - Enter an IP source submask.
destination_ip_mask - Specifies an IP destination submask.
<netmask> - Enter an IP destination submask.
dscp - Specifies the DSCP mask.
icmp - Specifies that the rule applies to ICMP traffic.
type - (Optional) Specifies the ICMP packet type.
code - (Optional) Specifies the ICMP code.
igmp - Specifies that the rule applies to IGMP traffic.
type - (Optional) Specifies the IGMP packet type.
tcp - Specifies that the rule applies to TCP traffic.
src_port_mask - (Optional) Specifies the TCP source port mask.
<hex 0x0-0xffff> - Enter the TCP source port mask.
dst_port_mask - (Optional) Specifies the TCP destination port mask.
<hex 0x0-0xffff> - Enter the TCP destination port mask.
flag_mask - (Optional) Specifies the TCP flag field mask.
all – Specify to check all paramenters below.
urg - (Optional) Specifies Urgent Pointer field significant.
ack - (Optional) Specifies Acknowledgment field significant.
psh - (Optional) Specifies Push Function.
rst - (Optional) Specifies to reset the connection.
syn - (Optional) Specifies to synchronize sequence numbers.
fin - (Optional) No more data from sender.
udp - Specifies that the rule applies to UDP traffic.
src_port_mask - (Optional) Specifies the TCP source port mask.
<hex 0x0-0xffff> - Enter the TCP source port mask.
dst_port_mask - (Optional) Specifies the TCP destination port mask.
<hex 0x0-0xffff> - Enter the TCP destination port mask.
protocol_id_mask - Specifies that the rule applies to the IP protocol ID traffic.
<hex 0x0-0xff> - Enter that the rule applies to the IP protocol ID traffic.
user_define_mask - (Optional) Specifies the L4 part mask.
<hex 0x0-0xffffffff> - Enter the L4 part mask.
packet_content_mask - A maximum of six offsets can be specified. Each offset defines one byte of data which is identified as a single UDF field. The offset reference is also configurable. It can be defined to start at the end of the tag, the end of the Ethernet type, or the end of the IP header.
offset_chunk_1 - Specifies the offset chunk 1 that allows users to examine the specified
102
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
offset_chunks within a packet at one time and specifies the frame content offset and mask.
<value 0-31> - Enter the offset chunk 1 value here. This value must be between 0 and 31.
<hex 0x0-0xffffffff> - Enter the offset chunk 1 mask value here.
offset_chunk_2 - Specifies the offset chunk 2 that allows users to examine the specified offset_chunks within a packet at one time and specifies the frame content offset and mask.
<value 0-31> - Enter the offset chunk 2 value here. This value must be between 0 and 31.
<hex 0x0-0xffffffff> - Enter the offset chunk 2 mask value here.
offset_chunk_3 - Specifies the offset chunk 3 that allows users to examine the specified offset_chunks within a packet at one time and specifies the frame content offset and mask.
<value 0-31> - Enter the offset chunk 3 value here. This value must be between 0 and 31.
<hex 0x0-0xffffffff> - Enter the offset chunk 3 mask value here.
offset_chunk_4 - Specifies the offset chunk 4 that allows users to examine the specified offset_chunks within a packet at one time and specifies the frame content offset and mask.
<value 0-31> - Enter the offset chunk 4 value here. This value must be between 0 and 31.
<hex 0x0-0xffffffff> - Enter the offset chunk 4 mask value here.
ipv6 - Specifies the IPv6 filtering mask.
class - Specifies the IPv6 class mask.
flowlabel - Specifies the IPv6 flow label mask.
source_ipv6_mask - Specifies the IPv6 source IP mask.
<ipv6mask> - Enter the IPv6 source IP mask.
destination_ipv6_mask - Specifies the IPv6 destination IP mask.
<ipv6mask> - Enter the IPv6 destination IP mask.
tcp - Specifies that the rule applies to TCP traffic.
src_port_mask - (Optional) Specifies the TCP source port mask.
<hex 0x0-0xffff> - Enter the TCP source port mask.
dst_port_mask - (Optional) Specifies the TCP destination port mask.
<hex 0x0-0xffff> - Enter the TCP destination port mask.
udp - Specifies that the rule applies to UDP traffic.
src_port_mask - (Optional) Specifies the TCP source port mask.
<hex 0x0-0xffff> - Enter the TCP source port mask.
dst_port_mask - (Optional) Specifies the TCP destination port mask.
<hex 0x0-0xffff> - Enter the TCP destination port mask.
icmp - Specifies that the rule applies to ICMP traffic.
type - (Optional) Specifies the ICMP packet type.
code - (Optional) Specifies the ICMP code.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To create access list profiles:
DGS-3620-28PC:admin#create access_profile profile_id 1 profile_name 1 ethernet vlan source_mac FF-FF-FF-FF-FF-FF destination_mac 00-00-00-FF-FF-FF 802.1p ethernet_type
Command: create access_profile profile_id 1 profile_name 1 ethernet vlan source_mac FF-FF-FF-FF-FF-FF destination_mac 00-00-00-FF-FF-FF 802.1p ethernet_type
Success.
DGS-3620-28PC:admin#
DGS-3620-28PC:admin#create access_profile profile_id 2 profile_name 2 ip vlan source_ip_mask 255.255.255.255 destination_ip_mask 255.255.255.0 dscp icmp
Command: create access_profile profile_id 2 profile_name 2 ip vlan
103
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
5-2
source_ip_mask 255.255.255.255 destination_ip_mask 255.255.255.0 dscp icmp
Success.
DGS-3620-28PC:admin#
delete access_profile
Description
This command is used to delete access list profiles.
Format delete access_profile [profile_id <value 1-6> | profile_name <name 1-32> | all]
Parameters
profile_id - Specifies the index of the access list profile.
<value 1-6> - Enter the index of the access list profile. Enter a value between 1 and 6.
profile_name - Specifies the profile name.
<name 1-32> - Enter the profile name. The maximum length is 32 characters.
all - Specifies the whole access list profile to delete.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete access list profiles:
5-3
DGS-3620-28PC:admin#delete access_profile profile_id 1
Command: delete access_profile profile_id 1
Success.
DGS-3620-28PC:admin#
config access_profile
Description
This command is used to configure access list entries.
Format config access_profile [profile_id <value 1-6> | profile_name <name 1-32>] [add access_id
[auto_assign | <value 1-256>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>]
{mask <hex 0x0-0x0fff>} | source_mac <macaddr> {mask <macmask>} | destination_mac
<macaddr> {mask <macmask>} | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>}(1) | ip
{[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-0x0fff>} | source_ip
<ipaddr> {mask <netmask>} | destination_ip <ipaddr> {mask <netmask>} | dscp<value 0-
104
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
63> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-255>} | tcp
{src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex
0x0-0xffff>} | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-65535>
{mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | protocol_id
<value 0-255> {user_define <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}]}(1) | packet_content {offset_chunk_1 <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_2 <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_3 <hex 0x0-
0xffffffff> {mask <hex 0x0-0xffffffff>} | offset_chunk_4 <hex 0x0-0xffffffff> {mask <hex 0x0-
0xffffffff>}}(1) | ipv6 {class <value 0-255> | flowlabel <hex 0x0-0xfffff> | source_ipv6
<ipv6addr> {mask<ipv6mask>} | destination_ipv6 <ipv6addr> {mask <ipv6mask>} | [tcp
{src_port<value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask
<hex0x0-0xffff>}} | udp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value
0-65535> {mask <hex 0x0-0xffff>}} | icmp {type<value 0-255> | code <value 0-255>}]}(1)]
[port [<portlist> | all] | vlan_based [vlan <vlan_name 32> | vlan_id <vlanid 1-4094>]] [permit
{priority <value 0-7> {replace_priority} | [replace_dscp_with <value 0-63> | replace_tos_precedence_with <value 0-7>] | counter [enable | disable] | urpf_state_check
[enable | disable]} | mirror {group_id <value 1-4>} | deny] {time_range <range_name 32>} | delete access_id <value 1-256>]
Parameters
profile_id - Specifies the index of the access list profile.
<value 1-6> - Enter the value between 1 and 6.
profile_name - Specifies the profile name.
<name 1-32> - Enter the profile name. The maximum length is 32 characters.
add access_id - Specifies the index of the access list entry. The lower the access ID, the higher the priority.
auto_assign - Specifies to automatically assign the access ID.
<value 1-256> - Enter a value between 1 and 256.
ethernet - Specifies an Ethernet access control list rule.
vlan - Specifies the VLAN name.
<vlan_name 32> -Specify the VLAN name. The maximum length is 32 characters.
vlanid - Specifies the VLAN ID.
<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.
mask - (Optional) Specifies the mask.
<hex 0x0-0x0fff> - Enter the mask.
source_mac - Specifies the source MAC address.
<macaddr> - Enter the source MAC address.
mask - (Optional) Specifies the mask.
<macmask> - Enter the mask.
destination_mac - Specifies the destination MAC address.
<macaddr> - Enter the destination MAC address.
mask - (Optional) Specifies the mask.
<macmask> - Enter the mask.
802.1p - Specifies the value of the 802.1p priority tag.
<value 0-7> - Enter the value of the 802.1p priority tag. The priority tag ranges from 1 to 7.
ethernet_type - Specifies the Ethernet type.
<hex 0x0-0xffff> - Enter the Ethernet type.
ip - Specifies an IP access control list rule.
vlan - Specifies the VLAN name.
<vlan_name 32> -Specify the VLAN name. The maximum length is 32 characters.
vlanid - Specifies the VLAN ID.
<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.
mask - (Optional)Specify the mask.
<hex 0x0-0x0fff> - Enter the mask.
source_ip - Specifies an IP source address.
105
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<ipaddr> - Enter an IP source address.
mask - (Optional) Specifies the mask.
<netmask> - Enter the mask.
destination_ip - Specifies an IP destination address.
<ipaddr> - Enter an IP destination address.
mask - (Optional) Specifies the mask.
<netmask> - Enter the mask.
dscp - Specifies the value of DSCP.
<value 0-63> - Enter the value of DSCP. The DSCP value ranges from 0 to 63.
icmp - Specifies the ICMP.
type - (Optional) Specifies that the rule will apply to the ICMP Type traffic value.
<value 0-255> - Enter the value between 0 and 255.
code - (Optional) Specifies that the rule will apply to the ICMP Code traffic value.
<value 0-255> - Enter the value between 0 and 255.
igmp - Specifies the IGMP.
type - (Optional) Specifies that the rule will apply to the IGMP Type traffic value.
<value 0-255> - Enter the value between 0 and 255.
tcp - Specifies TCP.
src_port - (Optional) Specifies that the rule will apply to a range of TCP source ports.
<value 0-65535> - Enter the value between 0 and 65535.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffff> - Enter the mask.
dst_port - (Optional) Specifies that the rule will apply to a range of TCP destination ports.
<value 0-65535> - Enter the value between 0 and 65535.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffff> - Enter the mask.
flag - Specifies the TCP flag field value.
all – Specify to check all paramenters below.
urg - (Optional) Specifies Urgent Pointer field significant.
ack - (Optional) Specifies Acknowledgment field significant.
psh - (Optional) Specifies Push Function.
rst - (Optional) Specifies to reset the connection.
syn - (Optional) Specifies to synchronize sequence numbers.
fin - (Optional) No more data from sender.
udp - Specifies UDP.
src_port - (Optional) Specifies the UDP source port range.
<value 0-65535> - Enter the value between 0 and 65535.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffff> - Enter the mask.
dst_port - (Optional) Specifies the UDP destination port range.
<value 0-65535> - Enter the value between 0 and 65535.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffff> - Enter the mask.
protocol_id - Specifies that the rule will apply to the value of IP protocol ID traffic.
<value 0-255> - Enter the value between 0 and 255.
user_define - (Optional) Specifies that the rule will apply to the IP protocol ID and that the mask options behind the IP header, which has a length of 4 bytes.
<hex 0x0-0xffffffff> - Enter that the rule will apply to the IP protocol ID and that the mask options behind the IP header, which has a length of 4 bytes.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffffffff> - Enter the mask.
packet_content - Specifies the packet content for the user defined mask.
offset_chunk_1 - Specifies the contents of the offset trunk 1 to be monitored.
<hex 0x0-0xffffffff> - Enter the contents of the offset trunk 1 to be monitored here.
mask - Specifies an additional mask for each field.
<hex 0x0-0xffffffff> - Enter the additional mask value used here.
offset_chunk_2 - Specifies the contents of the offset trunk 2 to be monitored.
<hex 0x0-0xffffffff> - Enter the contents of the offset trunk 2 to be monitored here.
mask - Specifies an additional mask for each field.
<hex 0x0-0xffffffff> - Enter the additional mask value used here.
106
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
offset_chunk_3 - Specifies the contents of the offset trunk 3 to be monitored.
<hex 0x0-0xffffffff> - Enter the contents of the offset trunk 3 to be monitored here.
mask - Specifies an additional mask for each field.
<hex 0x0-0xffffffff> - Enter the additional mask value used here.
offset_chunk_4 - Specifies the contents of the offset trunk 4 to be monitored.
<hex 0x0-0xffffffff> - Enter the contents of the offset trunk 4 to be monitored here.
mask - Specifies an additional mask for each field.
<hex 0x0-0xffffffff> - Enter the additional mask value used here.
ipv6 - Specifies that the rule applies to IPv6 fields.
class - Specifies the value of the IPv6 class.
<value 0-255> - Enter the value between 0 and 255.
flowlabel - Specifies the value of the IPv6 flow label.
<hex 0x0-0xfffff> - Enter the value of the IPv6 flow label.
source_ipv6 - Specifies the value of the IPv6 source address.
<ipv6addr> - Enter the value of the IPv6 source address.
mask - (Optional) Specifies the mask.
<ipv6mask> - Enter the mask.
destination_ipv6 - Specifies the value of the IPv6 destination address.
<ipv6addr> - Enter the value of the IPv6 destination address.
mask - (Optional) Specifies the mask.
<ipv6mask> - Enter the mask.
tcp - Specifies TCP.
src_port - (Optional) Specifies the TCP source port range.
<value 0-65535> - Enter the value between 0 and 65535.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffff> - Enter the mask.
dst_port - (Optional) Specifies the TCP destination port range.
<value 0-65535> - Enter the value between 0 and 65535.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffff> - Enter the mask.
udp - Specifies UDP.
src_port - (Optional) Specifies the UDP source port range.
<value 0-65535> - Enter the value between 0 and 65535.
mask - (Optional) Specifies the mask.
<hex 0x0-0xffff> - Enter the mask.
dst_port - (Optional) Specifies the UDP destination port range.
<value 0-65535> - Enter the value between 0 and 65535.
mask - Specifies the mask.
<hex 0x0-0xffff> - Enter the mask.
icmp - Specifies that the rule applies to the value of ICMP traffic.
type - Specifies that the rule applies to the value of ICMP type traffic.
<value 0-255> - Enter the ICMP type value used here. This value must be between 0 and 255.
code - Specifies that the rule applies to the value of ICMP code traffic.
<value 0-255> - Enter the ICMP code value used here. This value must be between 0 and 255.
port - The access profile rule may be defined for each port on the switch. The port list is specified by listing the lowest switch number and the beginning port number on that switch, separated by a colon.
<portlist> - Enter a list of ports.
all - Specifies that the access rule will apply to all ports.
vlan_based - Specifies the VLAN-based ACL rule. There are two conditions: this rule will apply to all ports and packets must belong to the configured VLAN. It can be specified by VLAN name or VLAN ID.
vlan - Specifies the VLAN name.
<vlan_name 32> - Enter the VLAN name. The maximum length is 32 characters.
vlan_id - Specifies the VLAN ID.
<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.
permit - Specifies the packets that match the access profile are permit by the switch.
priority - (Optional) Specifies the packets that match the access profile are remap the 802.1p
107
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
priority tag field by the switch.
<value 0-7> - Enter the value between 0 and 7.
replace_priority - (Optional) Specifies the packets that match the access profile remarking the
802.1p priority tag field by the switch.
replace_dscp_with - (Optional) Specifies the DSCP of the packets that match the access profile are modified according to the value.
<value 0-63> - Enter the value between 0 and 63.
replace_tos_precedence_with - (Optional) Specifies that the IP precedence of the outgoing packet is changed with the new value. If used without an action priority, the packet is sent to the default TC.
<value 0-7> - Enter the value between 0 and 7.
counter - (Optional) Specifies whether the ACL counter feature will be enabled or disabled.
enable - Specifies whether the ACL counter feature is enabled. If the rule is not bound with the flow meter, all matching packets are counted. If the rule is bound with the flow meter, then the “counter” is overridden.
disable - Specifies whether the ACL counter feature is disabled. The default option is disabled.
urpf_state_check - (Optional) Specifies if the incoming packet is determined to be dropped by the URPF and ACL check option.
enable - Specifies to match the permit entry in ACL. The URPF action to drop the packet is ignored. This is the default option.
disable - Specifies to match the permit entry in ACL. The URPF action to drop the packet is honored.
mirror - Specifies that packets matching the access profile are copied to the mirror port.
group_id - Specifies the group ID used.
<value 1-4> - Enter the group ID used here. This value must be between 1 and 4.
deny - Specifies the packets that match the access profile are filtered by the switch.
time_range - (Optional) Specifies the name of this time range entry.
<range_name 32> - Enter the name of this time range entry. The maximum length is 32 characters.
delete access_id - Specifies to delete the access ID.
<value 1-256> - Enter the value between 1 and 256.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure an access list entry:
DGS-3620-28PC:admin#config access_profile profile_id 1 add access_id 1 ip vlan default source_ip 20.2.2.3 destination_ip 10.1.1.252 dscp 3 icmp port 1 permit
Command: config access_profile profile_id 1 add access_id 1 ip vlan default source_ip 20.2.2.3 destination_ip 10.1.1.252 dscp 3 icmp port 1 permit
Success.
DGS-3620-28PC:admin#
108
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
5-4 show access_profile
Description
This command is used to display the current access list table.
Format show access_profile {[profile_id <value 1-6> | profile_name <name 1-32>]}
Parameters
profile_id - (Optional) Specifies the index of the access list profile.
<value 1-6> - Enter the profile ID between 1 and 6.
profile_name - (Optional) Specifies the name of the access list profile.
<name 1-32> - Enter the profile name between 1 and 32.
Restrictions
None.
Example
To display the current access list table:
DGS-3620-28PC:admin#show access_profile
Command: show access_profile
Access Profile Table
Total User Set Rule Entries : 2
Total Used HW Entries : 3
Total Available HW Entries : 1533
==============================================================================
Profile ID: 1 Profile name: EtherACL Type: Ethernet
Mask on
VLAN : 0xFFF
802.1p
Ethernet Type
Available HW Entries : 255
------------------------------------------------------------------------------
Rule ID : 1 Ports: 1
Match on
VLAN ID : 1
802.1p : 7
Ethernet Type : 0xFFFF
Action:
Permit
109
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
URPF State Check: Enabled
(Replaced)Priority : 7
Replace ToS Precedence : 7
==============================================================================
==============================================================================
Profile ID: 2 Profile name: IPv4ACL Type: IPv4
Mask on
VLAN : 0xFFF
DSCP
ICMP
Type
Code
Available HW Entries : 254
------------------------------------------------------------------------------
Rule ID : 1 Ports: 1
Match on
VLAN ID : 1
DSCP : 63
ICMP
Type : 255
Code : 255
Action:
Permit
URPF State Check: Enabled
(Replaced)Priority : 7
Replace ToS Precedence : 7
==============================================================================
DGS-3620-28PC:admin#
Note: “Total User Set Entries” indicates the total number of ACL rules created by the user. “Total Used HW Entries” indicates the total number of hardware entries used in the device. “Available HW Entries” indicates the total number of available hardware entries in the device.
To display an access profile that supports an entry mask for each rule:
DGS-3620-28PC:admin#show access_profile profile_id 3
Command: show access_profile profile_id 3
Access Profile Table
==============================================================================
Profile ID: 3 Profile name: IPv6ACL Type: IPv6
110
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Mask on
Class
Flow Label
TCP
Available HW Entries : 255
------------------------------------------------------------------------------
Rule ID : 1 Ports: 1
Match on
Class : 255
Flow Label : 0xFFFFF
TCP
Action:
Permit
URPF State Check: Enabled
(Replaced)Priority : 7
Replace ToS Precedence : 7
==============================================================================
DGS-3620-28PC:admin#
To display the packet content mask profile for the profile with an ID of 4:
DGS-3620-28PC:admin#show access_profile profile_id 4
Command: show access_profile profile_id 4
Access Profile Table
==============================================================================
Profile ID: 4 Profile name: PCACL Type: User Defined
Mask on
offset_chunk_1 : 1 value : 0x00000000
offset_chunk_2 : 2 value : 0x00000000
offset_chunk_3 : 3 value : 0x00000000
offset_chunk_4 : 4 value : 0x00000000
Available HW Entries : 254
------------------------------------------------------------------------------
Rule ID : 1 Ports: 1
Match on
offset_chunk_1 : 1 value : 0x00000001 Mask : 0x00000005
offset_chunk_2 : 2 value : 0x00000002 Mask : 0x00000006
offset_chunk_3 : 3 value : 0x00000003 Mask : 0x00000007
offset_chunk_4 : 4 value : 0x00000000 Mask : 0x00000008
Action:
Permit
111
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
URPF State Check: Enabled
(Replaced)Priority : 7
Replace ToS Precedence : 7
==============================================================================
DGS-3620-28PC:admin#
5-5 config time_range
Description
This command is used to define a specific range of time to activate a function on the Switch by specifying which time range in a day and which days in a week are covered in the time range. Note that the specified time range is based on SNTP time or configured time. If this time is not available, then the time range will not be met.
Format config time_range <range_name 32> [ hours start_time < hh:mm:ss> end_time< hh:mm:ss> weekdays <daylist> | delete]
Parameters
<range_name 32> - Enter the name of the time range settings.
hours start_time - Specifies the starting time in a day. (24-hr time). For example, 19:00 means
7PM. 19 is also acceptable. The start_time must be smaller than the end_time.
< hh:mm:ss> - Enter the time.
end_time - Specifies the ending time in a day. (24-hr time)
< hh:mm:ss> - Enter the time.
weekdays - Specifies the list of days contained in the time range. Use a dash to define a period of days. Use a comma to separate specific days. For example, mon-fri (Monday to Friday) sun, mon, fri (Sunday, Monday, and Friday)
<daylist> - Enter a list of days.
delete - Delete a time range profile. When a time range profile has been associated with ACL entries, the deletion of this time range profile will fail.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the range of time to activate a function on the switch:
DGS-3620-28PC:admin#config time_range testdaily hours start_time 12:0:0 end_time 13:0:0 weekdays mon,fri
Command: config time_range testdaily hours start_time 12:0:0 end_time 13:0:0 weekdays mon,fri
Success.
DGS-3620-28PC:admin#
112
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
5-6 show time_range
Description
This command is used to display current time range settings.
Format show time_range
Parameters
None.
Restrictions
None.
Example
To display current time range setting:
5-7
DGS-3620-28PC:admin#show time_range
Command: show time_range
Time Range Information
-------------------------
Range Name : testdaily
Weekdays : Mon,Fri
Start Time : 12:00:00
End Time : 13:00:00
Total Entries :1
DGS-3620-28PC:admin#
show current_config access_profile
Description
This command is used to display the ACL part of the current configuration, when logged in with user level privileges. The overall current configuration can be displayed by using the show config command, which is accessible with administrator level privileges.
Format show current_config access_profile
Parameters
None.
113
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
None.
Example
To display the ACL part of the current configuration:
5-8
DGS-3620-28PC:admin#show current_config access_profile
Command: show current_config access_profile
#-----------------------------------------------------------------------------
# ACL create access_profile profile_id 1 profile_name EtherACL ethernet vlan 0xFFF
802.1p ethernet_type config access_profile profile_id 1 add access_id 1 ethernet vlan_id 1 802.1p 7 ethernet_type 0xFFFF port 1 permit priority 7 replace_priority replace_tos 7 urpf_state_check enable create access_profile profile_id 2 profile_name IPv4ACL ip vlan dscp icmp type code config access_profile profile_id 2 add access_id 1 ip vlan_id 1 dscp 63 icmp type 255 code 255 port 1 permit priority 7 replace_priority replace_tos 7 urpf_state_check enable create access_profile profile_id 3 profile_name IPv6ACL ipv6 class flowlabel tcp config access_profile profile_id 3 add access_id 1 ipv6 class 255 flowlabel
0xFFFFF tcp port 1 permit priority 7 replace_priority replace_tos 7 urpf_state_check enable create access_profile profile_id 4 profile_name PCACL packet_content_mask offset_chunk_1 1 0x0 offset_chunk_2 2 0x0 offset_chunk_3 3 0x0 offset_chunk_4 4
0x0 config access_profile profile_id 4 add access_id 1 packet_content offset_chunk_1 0x1 mask 0x5 offset_chunk_2 0x2 mask 0x6 offset_chunk_3 0x3 mask
0x7 offset_chunk_4 0x4 mask 0x8 port 1 permit priority 7 replace_priority replace_tos 7 urpf_state_check enable
#-----------------------------------------------------------------------------
DGS-3620-28PC:admin#
delete cpu access_profile
Description
This command is used to delete CPU access list profiles.
Format delete cpu access_profile [profile_id <value 1-5> | all]
Parameters
profile_id - Specifies the index of the access list profile.
<value 1-5> - Enter the value between 1 and 5.
114
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
all - Specifies to delete all the access list profiles.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete access list rules:
5-9
DGS-3620-28PC:admin#delete cpu access_profile profile_id 3
Command: delete cpu access_profile profile_id 3
Success.
DGS-3620-28PC:admin#
create cpu access_profile profile_id
Description
This command is used to create CPU access list profiles.
Format create cpu access_profile profile_id <value 1-5> [ethernet {vlan | source_mac <macmask
000000000000-ffffffffffff> | destination_mac <macmask 000000000000-ffffffffffff> | 802.1p | ethernet_type}(1) | ip {vlan | source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex
0x0-0xff> {user_define_mask <hex 0x0-0xffffffff>}]}(1) | packet_content_mask {offset_0-15
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79
<hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>}(1) | ipv6
{class | flowlabel | source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask>}(1)]
Parameters
<value 1-5> - Enter a value between 1 and 5.
ethernet - Specifies an Ethernet CPU access control list rule.
vlan - Specifies a VLAN mask.
source_mac - Specifies the source MAC mask.
<macmask000000000000-ffffffffffff> - Enter the source MAC mask.
destination_mac - Specifies the destination MAC mask.
<macmask 000000000000-ffffffffffff> - Enter the destination MAC mask.
802.1p - Specifies the 802.1p priority tag mask.
ethernet_type - Specifies the Ethernet type mask.
ip - Specifies an IP CPU access control list rule.
vlan - Specifies a VLAN mask.
source_ip_mask - Specifies an IP source submask.
<netmask> - Enter an IP source submask.
115
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
destination_ip_mask - Specifies an IP destination submask.
<netmask> - Enter an IP destination submask.
dscp - Specifies the DSCP mask.
icmp - Specifies that the rule applies to ICMP traffic.
type - (Optional) Specifies the ICMP packet type.
code - (Optional) Specifies the ICMP code.
igmp - Specifies that the rule applies to IGMP traffic.
type - (Optional) Specifies the IGMP packet type.
tcp - Specifies that the rule applies to TCP traffic.
src_port_mask - (Optional) Specifies the TCP source port mask.
<hex 0x0-0xffff> - Enter the TCP source port mask.
dst_port_mask - (Optional) Specifies the TCP destination port mask.
<hex 0x0-0xffff> - Enter the TCP destination port mask.
flag_mask - (Optional) Specifies the TCP flag field mask.
all – Specify to check all paramenters below.
urg - (Optional) Specifies Urgent Pointer field significant.
ack - (Optional) Specifies Acknowledgment field significant.
psh - (Optional) Specifies Push Function.
rst - (Optional) Specifies to reset the connection.
syn - (Optional) Specifies to synchronize sequence numbers.
fin - (Optional) No more data from sender.
udp - Specifies that the rule applies to UDP traffic.
src_port_mask - (Optional) Specifies the UDP source port mask.
<hex 0x0-0xffff> - Enter the UDP source port mask.
dst_port_mask - (Optional) Specifies the UDP destination port mask.
<hex 0x0-0xffff> - Enter the UDP destination port mask.
protocol_id_mask - Specifies that the rule applies to the IP protocol ID traffic.
<hex 0x0-0xff> - Enter that the rule applies to the IP protocol ID traffic.
user_define_mask - (Optional) Specifies the L4 part mask
<hex 0x0-0xffffffff> - Enter the L4 part mask
packet_content_mask - Specifies the packet content mask.
offset_0-15 - Specifies the mask for packet bytes 0-15.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 0-3.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 4-7.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 8-11.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 12-15.
offset_16-31 - Specifies the mask for packet bytes 16-31.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 16-19.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 20-23.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 24-27.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 28-31.
offset_32-47 - Specifies the mask for packet bytes 32-47
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 32-35.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 36-39.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 40-43.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 44-47.
offset_48-63 - Specifies the mask for packet bytes 48-63.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 48-51.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 52-55.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 56-59.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 60-63.
offset_64-79 - Specifies the mask for packet bytes 64-79.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 64-67.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 68-71.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 72-75.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 76-79.
ipv6 - Specifies the IPv6 mask.
class - Specifies the IPv6 class mask.
flowlabel - Specifies the IPv6 flow label mask.
source_ipv6_mask - Specifies the IPv6 source IP mask.
116
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<ipv6mask> - Enter the IPv6 source IP mask.
destination_ipv6_mask - Specifies the IPv6 destination IP mask.
<ipv6mask> - Enter the IPv6 destination IP mask.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To create CPU access list profiles:
DGS-3620-28PC:admin#create cpu access_profile profile_id 1 ethernet vlan
Command: create cpu access_profile profile_id 1 ethernet vlan
Success.
DGS-3620-28PC:admin#create cpu access_profile profile_id 2 ip source_ip_mask
255.255.255.255
Command: create cpu access_profile profile_id 2 ip source_ip_mask
255.255.255.25
5
Success.
DGS-3620-28PC:admin#
5-10 config cpu access_profile profile_id
Description
This command is used to configure CPU access list entries.
Format config cpu access_profile profile_id <value 1-5> [add access_id [auto_assign | <value 1-
100>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] | source_mac <macaddr> | destination_mac <macaddr> | 802.1p <value 0-7> | ethernet_type <hex 0x0-0xffff>} | ip {[vlan
<vlan_name 32> | vlan_id <vlanid 1-4094>] | source_ip <ipaddr> | destination_ip <ipaddr> | dscp <value 0-63> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-
255>} | tcp {src_port <value 0-65535> | dst_port <value 0-65535> | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-65535> | dst_port <value 0-65535>} | protocol_id
<value 0-255> {user_define <hex 0x0-0xffffffff>}]} | packet_content {offset_0-15 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_32-47 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_48-63 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> | offset_64-79 <hex 0x0-
0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff> <hex 0x0-0xffffffff>} | ipv6 {class <value 0-
255> | flowlabel <hex 0x0-0xfffff> | source_ipv6 <ipv6addr> | destination_ipv6 <ipv6addr>}] port [<portlist> | all] [permit | deny] {time_range <range_name 32>} | delete access_id
<value 1-100>]
117
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<value 1-5> - Enter the index of the CPU access list profile.
add access_id - Specifies the index of an access list entry to add. The range of this value is 1 to
100.
auto_assign - Specifies to automatically assign the access ID.
<value 1-100> - Enter an access ID between 1 and 100.
ethernet - Specifies an Ethernet CPU access control list rule.
vlan - Specifies the VLAN name.
<vlan_name 32> -Specify the VLAN name. The maximum length is 32 characters.
vlanid - Specifies the VLAN ID.
<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.
source_mac - Specifies the source MAC address.
<macaddr> - Enter the source MAC address.
destination_mac - Specifies the destination MAC address.
<macaddr> - Enter the destination MAC address.
802.1p - Specifies the value of the 802.1p priority tag.
<value 0-7> - Enter the value of the 802.1p priority tag. The priority tag ranges from 1 to 7.
ethernet_type - Specifies the Ethernet type.
<hex 0x0-0xffff> - Enter the Ethernet type.
ip - Specifies an IP access control list rule.
vlan - Specifies the VLAN name.
<vlan_name 32> -Specify the VLAN name. The maximum length is 32 characters.
vlanid - Specifies the VLAN ID.
<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.
source_ip - Specifies an IP source address.
<ipaddr> - Enter an IP source address.
destination_ip - Specifies an IP destination address.
<ipaddr> - Enter an IP destination address.
dscp - Specifies the value of DSCP.
<value 0-63> - Enter the value of DSCP. The DSCP value ranges from 0 to 63.
icmp - Specifies the ICMP.
type - (Optional) Specifies that the rule will apply to the ICMP Type traffic value.
<value 0-255> - Enter the value between 0 and 255.
code - (Optional) Specifies that the rule will apply to the ICMP Code traffic value.
<value 0-255> - Enter the value between 0 and 255.
igmp - Specifies the IGMP.
type - (Optional) Specifies that the rule will apply to the IGMP Type traffic value.
<value 0-255> - Enter the value between 0 and 255.
tcp - Specifies TCP.
src_port - (Optional) Specifies that the rule will apply to a range of TCP source ports.
<value 0-65535> - Enter the value between 0 and 65535.
dst_port - (Optional) Specifies that the rule will apply to a range of TCP destination ports.
<value 0-65535> - Enter the value between 0 and 65535.
flag - Specifies the TCP flag field value.
all – Specify to check all paramenters below.
urg - (Optional) Specifies Urgent Pointer field significant.
ack - (Optional) Specifies Acknowledgment field significant.
psh - (Optional) Specifies Push Function.
rst - (Optional) Specifies to reset the connection.
syn - (Optional) Specifies to synchronize sequence numbers.
fin - (Optional) No more data from sender.
udp - Specifies UDP.
src_port - (Optional) Specifies the UDP source port range.
<value 0-65535> - Enter the value between 0 and 65535.
dst_port - (Optional) Specifies the UDP destination port range.
<value 0-65535> - Enter the value between 0 and 65535.
protocol_id - Specifies that the rule will apply to the value of IP protocol ID traffic.
<value 0-255> - Enter the value between 0 and 255.
user_define - (Optional) Specifies that the rule will apply to the IP protocol ID and that the
118
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
mask options behind the IP header, which has a length of 4 bytes.
<hex 0x0-0xffffffff> - Enter that the rule will apply to the IP protocol ID and that the mask options behind the IP header , which has a length of 4 bytes.
packet_content - Specifies that the access control list rule will be set to packet content.
offset_0-15 - Specifies the mask for packet bytes 0-15.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 0-3.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 4-7.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 8-11.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 12-15.
offset_16-31 - Specifies the mask for packet bytes 16-31.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 16-19.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 20-23.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 24-27.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 28-31.
offset_32-47 - Specifies the mask for packet bytes 32-47
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 32-35.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 36-39.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 40-43.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 44-47.
offset_48-63 - Specifies the mask for packet bytes 48-63.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 48-51.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 52-55.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 56-59.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 60-63.
offset_64-79 - Specifies the mask for packet bytes 64-79.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 64-67.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 68-71.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 72-75.
<hex 0x0-0xffffffff> - Enter the mask for packet bytes 76-79.
ipv6 - Specifies that the rule applies to IPv6 fields.
class - Specifies the value of the IPv6 class.
<value 0-255> - Enter the value between 0 and 255.
flowlabel - Specifies the value of the IPv6 flow label.
<hex 0x0-0xfffff> - Enter the value of the IPv6 flow label.
source_ipv6 - Specifies the value of the IPv6 source address.
<ipv6addr> - Enter the value of the IPv6 source address.
destination_ipv6 - Specifies the value of the IPv6 destination address.
<ipv6addr> - Enter the value of the IPv6 destination address.
port - Specifies the port number to configure.
<portlist> - Enter a list of ports.
all - Specifies to configure all ports.
permit - Specifies the packets that match the access profile are permitted by the switch.
deny - Specifies the packets that match the access profile are filtered by the switch.
time_range - (Optional) Specifies the name of this time range entry.
<range_name 32> - Enter the name of this time range entry. The maximum length is 32 characters.
delete access_id - Specifies to delete the access ID.
<value 1-100> - Enter the value between 1 and 100.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure access list entry:
DGS-3620-28PC:admin#config cpu access_profile profile_id 1 add access_id 1 ethernet vlan default port 1-3 deny
119
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Command: config cpu access_profile profile_id 1 add access_id 1 ethernet vlan default port 1-3 deny
Success.
DGS-3620-28PC:admin#
5-11 show cpu access_profile
Description
This command is used to display the current CPU access list table.
Format show cpu access_profile {profile_id <value 1-5>}
Parameters
profile_id - (Optional) Specifies the index of an access list profile.
<value 1-5> - Enter value between 1 and 5.
Restrictions
None.
Example
To display the current CPU access list table:
DGS-3620-28PC:admin#show cpu access_profile
Command: show cpu access_profile
CPU Interface Filtering State: Disabled
CPU Interface Access Profile Table
Total Unused Rule Entries : 496
Total Used Rule Entries : 4
==============================================================================
Profile ID: 1 Type: Ethernet
Mask on
VLAN : 0xFFF
802.1p
Ethernet Type
Unused Rule Entries: 99
------------------------------------------------------------------------------
Rule ID : 1 Ports: 1
Match on
120
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
VLAN ID : 1
802.1p : 7
Ethernet Type : 0xFFFF
Action:
Permit
==============================================================================
==============================================================================
Profile ID: 2 Type: IPv4
Mask on
VLAN : 0xFFF
DSCP
ICMP
Type
Code
Unused Rule Entries: 99
------------------------------------------------------------------------------
Rule ID : 1 Ports: 1
Match on
VLAN ID : 1
DSCP : 63
ICMP
Type : 255
Code : 255
Action:
Permit
==============================================================================
==============================================================================
Profile ID: 3 Type: IPv6
Mask on
Class
Flow Label
Unused Rule Entries: 99
------------------------------------------------------------------------------
Rule ID : 1 Ports: 1
Match on
Class : 255
Flow Label : 0xFFFFF
Action:
Permit
121
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
==============================================================================
==============================================================================
Profile ID: 4 Type: User Defined
Mask on
Offset 0-15 : 0x00000000 0x00000000 0x00000000 0x00000000
Offset 16-31 : 0x00000000 0x00000000 0x00000000 0x00000000
Offset 32-47 : 0x00000000 0x00000000 0x00000000 0x00000000
Offset 48-63 : 0x00000000 0x00000000 0x00000000 0x00000000
Offset 64-79 : 0x00000000 0x00000000 0x00000000 0x00000000
Unused Rule Entries: 99
------------------------------------------------------------------------------
Rule ID : 1 Ports: 1
Match on
Offset 0-15 : 0x00000000 0x00000000 0x00000000 0x00000000
Offset 16-31 : 0x00000000 0x00000000 0x00000000 0x00000000
Offset 32-47 : 0x00000000 0x00000000 0x00000000 0x00000000
Offset 48-63 : 0x00000000 0x00000000 0x00000000 0x00000000
Offset 64-79 : 0x00000000 0x00000000 0x00000000 0x00000000
Action:
Permit
==============================================================================
DGS-3620-28PC:admin#
5-12 enable cpu_interface_filtering
Description
This command is used to enable CPU interface filtering.
Format enable cpu_interface_filtering
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable CPU interface filtering:
122
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#enable cpu_interface_filtering
Command: enable cpu_interface_filtering
Success.
DGS-3620-28PC:admin#
5-13 disable cpu_interface_filtering
Description
This command is used to disable CPU interface filtering.
Format disable cpu_interface_filtering
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To disable CPU interface filtering:
DGS-3620-28PC:admin#disable cpu_interface_filtering
Command: disable cpu_interface_filtering
Success.
DGS-3620-28PC:admin#
5-14 config flow_meter
Description
This command is used to configure the flow-based metering function. The metering function supports three modes: single rate two color, single rate three color, and two rate three color. The access rule must be created before the parameters of this function can be applied. For the single rate two color mode, users may set the preferred bandwidth for this rule, in Kbps, and once the bandwidth has been exceeded, overflowing packets will either be dropped or remarked DSCP, depending on the user configuration. For single rate three color mode, users need to specify the committed rate, in Kbps, the committed burst size, and the excess burst size. For the two rate three color mode, users need to specify the committed rate in Kbps, the committed burst size, the peak rate and the peak burst size. The green color packet will be treated as the conforming action, the yellow color packet will be treated as the exceeding action, and the red color packet will be treated as the violating action.
123
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
The replace DSCP action can be performed on packets that conform (GREEN) and packets that do not conform (YELLOW and RED). If drop YELLOW/RED is selected, the action to replace the
DSCP will not take effect. The color mapping for both “single rate three color” and “two rate three color” mode follow RFC 2697 and RFC 2698 in the color-blind situation.
Format config flow_meter [profile_id <value 1-6> | profile_name <name 1-32>] access_id <value 1-
256> [rate [<value 0-1048576>] {burst_size [<value 0-131072>]} rate_exceed [drop_packet | remark_dscp <value 0-63>] | tr_tcm cir <value 0-1048576> {cbs <value 0-131072>} pir <value
0-1048576> {pbs <value 0-131072>} {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit {replace_dscp
<value 0-63>} | drop] {counter [enable | disable]} violate [permit {replace_dscp <value 0-63>}
| drop] {counter [enable | disable]} | sr_tcm cir <value 0-1048576> cbs <value 0-131072> ebs
<value 0-131072> {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-
63>] {counter [enable | disable]}} exceed [permit {replace_dscp <value 0-63>} | drop]
{counter [enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop] {counter
[enable | disable]} | delete]
Parameters
profile_id - Specifies the index of the access list profile.
<value 1-6> - Enter the value between 1 and 6.
profile_name - Specifies the name of the profile.
<name 1-32> - Enter the name of the profile. The maximum length is 32 characters.
access_id - Specifies the index of the access list entry.
<value 1-256> - Enter the value between 1 and 256.
rate - Specifies the rate for single rate two color mode. Specify the committed bandwidth in Kbps for the flow.
<value 0-1048576>- Specifies the value between 0 and 1048576.
burst_size - (Optional) Specifies the burst size for the single rate two color mode. The unit is
Kbyte.
<value 0-131072> - Enter the value between 0 and 131072.
rate_exceed - Specifies the action for packets that exceed the committed rate in single rate two color mode. The action can be specified as one of the following:
drop_packet - Drop the packet immediately.
remark_dscp - Mark the packet with a specified DSCP. The packet is set to drop for packets with a high precedence.
<value 0-63> - Enter the value between 0 and 63.
tr_tcm - Specifies the “two-rate three-color mode.”
cir -Specify the Committed Information Rate. The unit is Kbps. CIR should always be equal or less than PIR.
<value 0-1048576> - Enter the value between 0 and 1048576.
cbs - (Optional) Specifies the Committed Burst Size. The unit is Kbyte.
<value 0-131072> - Enter the value between 0 and 131072.
pir - Specifies the Peak information Rate. The unit is Kbps. PIR should always be equal to or greater than CIR.
<value 0-1048576> - Enter the value between 0 and 1048576.
pbs - (Optional) Specifies the Peak Burst Size. The unit is Kbyte.
<value 0-131072> - Enter the value between 0 and 131072.
color_blind - Specifies the meter mode as color-blind. The default is color-blind mode.
color_aware - Specifies the meter mode as color-aware. The final color of the packet is determined by the initial color of the packet and the metering result.
conform - (Optional) This field denotes the green packet flow. Green packet flows may have their
DSCP field rewritten to a value stated in this field. Users may also choose to count green packets by using counter parameter.
124
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
permit - Enter this parameter to allow packet flows that are in the green flow.
replace_dscp - Packets that are in the green flow may have their DSCP field rewritten using this parameter and entering the DSCP value to replace.
<value 0-63> - Enter the value between 0 and 63.
counter - (Optional) Use this parameter to enable or disable the packet counter for the specified ACL entry in the green flow.
enable - Enable the packet counter for the specified ACL entry in the green flow.
disable - Disable the packet counter for the specified ACL entry in the green flow.
exceed - This field denotes the yellow packet flow. Yellow packet flows may have excess packets permitted through or dropped. Users may replace the DSCP field of these packets by checking its radio button and entering a new DSCP value in the allotted field.
permit - Enter this parameter to allow packet flows that are in the yellow flow.
replace_dscp - Specifies to change the DSCP of the packet.
<value 0-63> - Enter the replacement DSCP of the packet here. This value must be between 0 and 63.
drop - Enter this parameter to drop packets that are in the yellow flow.
counter - (Optional) Use this parameter to enable or disable the packet counter for the specified ACL entry in the green flow.
enable - Enable the packet counter for the specified ACL entry in the green flow.
disable - Disable the packet counter for the specified ACL entry in the green flow.
violate - This field denotes the red packet flow. Red packet flows may have excess packets permitted through or dropped. Users may replace the DSCP field of these packets by checking its radio button and entering a new DSCP value in the allotted field.
permit - Enter this parameter to allow packet flows that are in the red flow.
replace_dscp - Specifies to change the DSCP of the packet.
<value 0-63> - Enter the replacement DSCP of the packet here. This value must be between 0 and 63.
drop - Enter this parameter to drop packets that are in the red flow.
counter - (Optional) Use this parameter to enable or disable the packet counter for the specified ACL entry in the green flow.
enable - Enable the packet counter for the specified ACL entry in the green flow.
disable - Disable the packet counter for the specified ACL entry in the green flow.
sr_tcm - Specifies the “single-rate three-color mode”.
cir -Specify the Committed Information Rate. The unit is in Kbps.
<value 0-1048576> - Enter the value between 0 and 1048576.
cbs - Specifies the Committed Burst Size. The unit is in Kbyte.
<value 0-131072> - Enter the value between 0 and 131072.
ebs - Specifies the Excess Burst Size. The unit is Kbyte.
<value 0-131072> - Enter the value between 0 and 131072.
color_blind - Specifies the meter mode as color-blind. The default is color-blind mode.
color_aware - Specifies the meter mode as color-aware. The final color of the packet is determined by the initial color of the packet and the metering result.
conform - (Optional) This field denotes the green packet flow. Green packet flows may have their
DSCP field rewritten to a value stated in this field. Users may also choose to count green packets by using counter parameter.
permit - Enter this parameter to allow packet flows that are in the green flow.
replace_dscp - Packets that are in the green flow may have their DSCP field rewritten using this parameter and entering the DSCP value to replace.
<value 0-63> - Enter the value between 0 and 63.
counter - (Optional) Use this parameter to enable or disable the packet counter for the specified ACL entry in the green flow.
enable - Enable the packet counter for the specified ACL entry in the green flow.
disable - Disable the packet counter for the specified ACL entry in the green flow.
exceed - This field denotes the yellow packet flow. Yellow packet flows may have excess packets permitted through or dropped. Users may replace the DSCP field of these packets by checking its radio button and entering a new DSCP value in the allotted field.
permit - Enter this parameter to allow packet flows that are in the yellow flow.
replace_dscp - Specifies to change the DSCP of the packet.
<value 0-63> - Enter the replacement DSCP of the packet here. This value must be between 0 and 63.
125
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
drop - Enter this parameter to drop packets that are in the yellow flow.
counter - (Optional) Use this parameter to enable or disable the packet counter for the specified ACL entry in the green flow.
enable - Enable the packet counter for the specified ACL entry in the green flow.
disable - Disable the packet counter for the specified ACL entry in the green flow.
violate - This field denotes the red packet flow. Red packet flows may have excess packets permitted through or dropped. Users may replace the DSCP field of these packets by checking its radio button and entering a new DSCP value in the allotted field.
permit - Enter this parameter to allow packet flows that are in the red flow.
replace_dscp - Specifies to change the DSCP of the packet.
<value 0-63> - Enter the replacement DSCP of the packet here. This value must be between 0 and 63.
drop - Enter this parameter to drop packets that are in the red flow.
counter - (Optional) Use this parameter to enable or disable the packet counter for the specified ACL entry in the green flow.
enable - Enable the packet counter for the specified ACL entry in the green flow.
disable - Disable the packet counter for the specified ACL entry in the green flow.
delete - Use this parameter to delete the specified flow meter.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure a two rate, three color flow meter:
DGS-3620-28PC:admin#config flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs 200 pir 2000 pbs 200 conform replace_dscp 21 exceed drop violate permit
Command: config flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs 200 pir
2000 pbs 200 conform replace_dscp 21 exceed drop violate permit
Success.
DGS-3620-28PC:admin#
To replace DSCP action changed to perform on conform (green) and unconform (yellow and red) packets:
DGS-3620-28PC:admin# config flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs 200 pir 2000 pbs 200 exceed permit replace_dscp 21 violate permit replace_dscp 21
Command: config flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs 200 pir
2000 pbs 200 exceed permit replace_dscp 21 violate permit replace_dscp 21
Success.
DGS-3620-28PC:admin#
5-15 show flow_meter
Description
This command is used to display the flow meter table.
126
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format show flow_meter {[profile_id <value 1-6> | profile_name <name 1-32>] {access_id <value 1-
256>}}
Parameters
profile_id - (Optional) Specifies the profile ID.
<value 1-6> - Enter the profile ID. Enter a value between 1 and 6.
profile_name - (Optional) Specifies the name of the profile.
<name 1-32> - Enter the name of the profile. The maximum length is 32 characters.
access_id - (Optional) Specifies the access ID.
<value 1-256> - Enter the access ID. Enter a value between 1 and 256.
Restrictions
None.
Example
To display the flow meter configuration:
DGS-3620-28PC:admin#show flow_meter
Command: show flow_meter
Flow Meter Information
------------------------------------------------------------------------------
Profile ID:1 Aceess ID:1 Mode : trTCM / ColorBlind
CIR(Kbps):1000 CBS(Kbyte):200 PIR(Kbps):2000 PBS(Kbyte):200
Action:
Conform : Permit Counter: Disabled
Exceed : Permit Replace DSCP: 21 Counter: Disabled
Violate : Permit Replace DSCP: 21 Counter: Disabled
------------------------------------------------------------------------------
Total Entries: 1
DGS-3620-28PC:admin#
127
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 6 Access Control List
(ACL) Egress Commands
create egress_access_profile profile_id <value 1-4> profile_name <name 1-32> [ethernet {vlan
{<hex 0x0-0x0fff>} | source_mac <macmask 000000000000-ffffffffffff> | destination_mac
<macmask 000000000000-ffffffffffff> | 802.1p | ethernet_type} | ip {vlan {<hex 0x0-0x0fff>} | source_ip_mask <netmask> | destination_ip_mask <netmask> |dscp | [icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff> {user_define_mask <hex
0x0-0xffffffff>}]} | ipv6 {class | source_ipv6_mask <ipv6mask> | destination_ipv6_mask
<ipv6mask> | [tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | udp
{src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | icmp {type | code}]}]
delete egress_access_profile [profile_id <value 1-4> | profile_name <name 1-32> | all]
config egress_access_profile [profile_id <value 1-4> | profile_name <name 1-32>] [add access_id [auto_assign | <value 1-128>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid 1-
4094>] {mask <hex 0x0-0x0fff>} | source_mac <macaddr> {mask <macmask>} | destination_mac <macaddr> {mask <macmask>} | 802.1p <value 0-7> | ethernet_type <hex
0x0-0xffff> | mirror} | ip {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-
0x0fff>} | source_ip <ipaddr> {mask <netmask>} | destination_ip <ipaddr> {mask <netmask>}
| dscp <value 0-63> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-
255>} | tcp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535>
{mask <hex 0x0-0xffff>} | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-
65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | protocol_id <value 0-255> {user_define <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}] | mirror} | ipv6 {class <value 0-255> | source_ipv6 <ipv6addr> {mask <ipv6mask>} | destination_ipv6 <ipv6addr> {mask <ipv6mask>} | [tcp {src_port <value 0-65535> {mask <hex
0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | udp {src_port <value 0-
65535> {mask<hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | icmp
{type <value 0-255> | code <value 0-255>}] | mirror}] [vlan_based [vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] | port_group [id<value 1-64> | name <name 16>] | port <port>]
[permit {replace_priority_with <value 0-7> | replace_dscp_with <value 0-63> | replace_vlan_id_with <value 1-4094> | counter [enable | disable]} | deny] {time_range
<range_name 32>} | delete access_id <value 1-128>]
show egress_access_profile {[profile_id <value 1-4> | profile_name <name 1-32>]}
show current_config egress_access_profile
config egress_flow_meter [profile_id <value 1-4> | profile_name <name 1-32>] access_id <value
1-128> [rate <value 0-1048576> {burst_size <value 0-131072>} rate_exceed [drop_packet | remark_dscp <value 0-63>] | tr_tcm cir <value 0-1048576> {cbs <value 0-131072>} pir <value
0-1048576> {pbs <value 0-131072>} {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit {replace_dscp <value
0-63>} | drop] {counter [enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop]
{counter [enable | disable]} | sr_tcm cir <value 0-1048576> cbs <value 0-131072> ebs <value
0-131072> {[color_blind | color_aware]} {conform [permit | replace_dscp <value 0-63>]
{counter [enable | disable]}} exceed [permit {replace_dscp <value 0-63>} | drop] {counter
[enable | disable]} violate [permit {replace_dscp <value 0-63>} | drop] {counter [enable | disable]} | delete]
show egress_flow_meter {[profile_id <value 1-4> | profile_name <name 1-32>] {access_id
<value1-128>}}
create port_group id <value 1-64> name <name 16>
config port_group [id <value 1-64> | name <name 16>] [add | delete] [<portlist> | all]
delete port_group [id <value 1-64> | name <name 16>]
show port_group {id <value 1-64> | name <name 16>}
128
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
6-1 create egress_access_profile
Description
This command is used to create an egress access list profile. For example, for some hardware, it may be invalid to specify destination IPv6 address and source IPv6 address at the same time. The user will be prompted for these limitations.
Format create egress_access_profile profile_id <value 1-4> profile_name <name 1-32> [ethernet
{vlan {<hex 0x0-0x0fff>} | source_mac <macmask 000000000000-ffffffffffff> | destination_mac <macmask 000000000000-ffffffffffff> | 802.1p | ethernet_type} | ip {vlan
{<hex 0x0-0x0fff>} | source_ip_mask <netmask> | destination_ip_mask <netmask> | dscp |
[icmp {type | code} | igmp {type} | tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask
<hex 0x0-0xffff> | flag_mask [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port_mask
<hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | protocol_id_mask <hex 0x0-0xff>
{user_define_mask <hex 0x0-0xffffffff>}]} | ipv6 {class | source_ipv6_mask <ipv6mask> | destination_ipv6_mask <ipv6mask> | [tcp {src_port_mask <hex 0x0-0xffff> | dst_port_mask
<hex 0x0-0xffff>} | udp {src_port_mask <hex 0x0-0xffff> | dst_port_mask <hex 0x0-0xffff>} | icmp {type | code}]}]
Parameters
profile_id - Specifies the index of the egress access list profile. The lower the profile ID, the higher the priority.
<value 1-4> - Enter the profile ID used here. This value must be between 1 and 4.
profile_name - The name of the profile must be specified. The maximum length is 32 characters.
<name 1-32> - Enter the profile name used here. This name can be up to 32 characters long.
ethernet - Specifies this is an Ethernet mask.
vlan - (Optional) Specifies a VLAN mask.
<hex 0x0-0x0fff> - Enter the VLAN mask used here.
source_mac - (Optional) Specifies the source MAC mask.
<macmask 000000000000-ffffffffffff> - Enter the source MAC mask used here.
destination_mac - (Optional) Specifies the destination MAC mask.
<macmask 000000000000-ffffffffffff> - Enter the destination MAC mask used here.
802.1p - (Optional) Specifies 802.1p priority tag mask.
ethernet_type - (Optional) Specifies the Ethernet type mask.
ip - Specifies this is an IPv4 mask.
vlan - (Optional) Specifies a VLAN mask.
<hex 0x0-0x0fff> - Enter the VLAN mask used here.
source_ip_mask - (Optional) Specifies a source IP address mask.
<netmask> - Enter the source network mask used here.
destination_ip_mask - (Optional) Specifies a destination IP address mask.
<netmask> - Enter the destination network mask used here.
dscp - (Optional) Specifies the DSCP mask.
icmp - (Optional) Specifies that the rule applies to ICMP traffic.
type - Specifies the type of ICMP traffic.
code - Specifies the code of ICMP traffic.
igmp - (Optional) Specifies that the rule applies to IGMP traffic.
type - Specifies the type of IGMP traffic.
tcp - (Optional) Specifies that the rule applies to TCP traffic.
src_port_mask - Specifies the TCP source port mask.
<hex 0x0-0xffff> - Enter the TCP source port mask value here.
dst_port_mask - Specifies the TCP destination port mask.
<hex 0x0-0xffff> - Enter the TCP source port mask value here.
flag_mask - (Optional) Specifies the TCP flag field mask.
129
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
all - Specifies that the TCP flag field mask will be set to 'all'.
urg - Specifies that the TCP flag field mask will be set to 'urg'.
ack - Specifies that the TCP flag field mask will be set to 'ack'.
psh - Specifies that the TCP flag field mask will be set to 'psh'.
rst - Specifies that the TCP flag field mask will be set to 'rst'.
syn - Specifies that the TCP flag field mask will be set to 'syn'.
fin - Specifies that the TCP flag field mask will be set to 'fin'.
udp - (Optional) Specifies that the rule applies to UDP traffic.
src_port_mask - Specifies the UDP source port mask.
<hex 0x0-0xffff> - Enter the UDP source port mask value here.
dst_port_mask - Specifies the UDP destination port mask.
<hex 0x0-0xffff> - Enter the UDP destination port mask value here.
protocod_id_mask - (Optional) Specifies that the rule applies to IP protocol ID traffic.
<hex 0x0-0xff> - Enter the protocol ID mask value here.
user_define_mask - (Optional) Specifies that the rule applies to the IP protocol ID, and that the mask option behind the IP header length is 20 bytes.
<hex 0x0-0xffffffff> - Enter the user-defined mask value here.
ipv6 - (Optional) Specifies this is an IPv6 mask.
class - (Optional) Specifies the IPv6 class.
source_ipv6_mask - (Optional) Specifies an IPv6 source sub-mask.
<ipv6mask> - Enter the IPv6 source sub-mask value here.
destination_ipv6_mask - Specifies an IPv6 destination sub-mask.
<ipv6mask> - Enter the IPv6 destination sub-mask value here.
tcp - (Optional) Specifies that the following parameter are application to the TCP configuration.
src_port_mask - Specifies an IPv6 Layer 4 TCP source port mask.
<hex 0x0-0xffff> - Enter the Ipv6 TCP source port mask value here.
dst_port_mask - Specifies an IPv6 Layer 4 TCP destination port mask.
<hex 0x0-0xffff> - Enter the Ipv6 TCP destination port mask value here.
udp - (Optional) Specifies that the following parameter are application to the UDP configuration.
src_port_mask - Specifies an IPv6 Layer 4 UDP source port mask.
<hex 0x0-0xffff> - Enter the Ipv6 UDP source port mask value here.
dst_port_mask - Specifies an IPv6 Layer 4 UDP destination port mask.
<hex 0x0-0xffff> - Enter the Ipv6 UDP destination port mask value here.
icmp - (Optional) Specifies that the rule applies to ICMP traffic.
type - Specifies the type of ICMP traffic.
code - Specifies the code of ICMP traffic.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To create an egress access list profile with the name “eap-eth-bc” and assign the profile ID to be 1:
DGS-3620-28PC:admin# create egress_access_profile profile_id 1 profile_name eap-eth-bc ethernet source_mac FF-FF-FF-FF-FF-FF
Command: create egress_access_profile profile_id 1 profile_name eap-eth-bc ethernet source_mac FF-FF-FF-FF-FF-FF
DGS-3620-28PC:admin#
130
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
6-2 delete egress_access_profile
Description
Delete egress access profile command can only delete the profile which is created by egress ACL module.
Format delete egress_access_profile [profile_id <value 1-4> | profile_name <name 1-32> | all]
Parameters
profile_id - Specifies the index of the egress access list profile.
<value 1-4> - Enter the profile ID used here. This value must be between 1 and 4.
profile_name - Specifies the name of the profile. The maximum length is 32 characters.
<name 1-32> - Enter the profile name used here. This name can be up to 32 characters long.
all - Specifies that the whole egress access list profile will be deleted.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete egress access list profile ID 1:
DGS-3620-28PC:admin# delete egress_access_profile profile_id 1
Command: delete egress_access_profile profile_id 1
Success.
DGS-3620-28PC:admin#
6-3 config egress_access_profile
Description
This command is used to configure egress access list entries.
Format config egress_access_profile [profile_id <value 1-4> | profile_name <name 1-32>] [add access_id [auto_assign | <value 1-128>] [ethernet {[vlan <vlan_name 32> | vlan_id <vlanid
1-4094>] {mask <hex 0x0-0x0fff>} | source_mac <macaddr> {mask <macmask>} | destination_mac <macaddr> {mask <macmask>} | 802.1p <value 0-7> | ethernet_type <hex
0x0-0xffff> | mirror} | ip {[vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] {mask <hex 0x0-
0x0fff>} | source_ip <ipaddr> {mask <netmask>} | destination_ip <ipaddr> {mask <netmask>}
| dscp <value 0-63> | [icmp {type <value 0-255> | code <value 0-255>} | igmp {type <value 0-
255>} | tcp {src_port <value 0-65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535>
{mask <hex 0x0-0xffff>} | flag [all | {urg | ack | psh | rst | syn | fin}]} | udp {src_port <value 0-
65535> {mask <hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | protocol_id <value 0-255> {user_define <hex 0x0-0xffffffff> {mask <hex 0x0-0xffffffff>}}] |
131
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
mirror} | ipv6 {class <value 0-255> | source_ipv6 <ipv6addr> {mask <ipv6mask>} | destination_ipv6 <ipv6addr> {mask <ipv6mask>} | [tcp {src_port <value 0-65535> {mask
<hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | udp {src_port <value
0-65535> {mask<hex 0x0-0xffff>} | dst_port <value 0-65535> {mask <hex 0x0-0xffff>}} | icmp
{type <value 0-255> | code <value 0-255>}] | mirror}] [vlan_based [vlan <vlan_name 32> | vlan_id <vlanid 1-4094>] | port_group [id<value 1-64> | name <name 16>] | port <port>]
[permit {replace_priority_with <value 0-7> | replace_dscp_with <value 0-63> | replace_vlan_id_with <value 1-4094> | counter [enable | disable]} | deny] {time_range
<range_name 32>} | delete access_id <value 1-128>]
Parameters
profile_id - Specifies the index of the egress access list profile.
<value 1-4> - Enter the profile ID used here. This value must be between 1 and 4.
profile_name - Specifies the name of the profile.
<name 1-32> - Enter the profile name here. This name can be up to 32 characters long.
add - Specifies to add a profile or rule.
access_id - Specifies the index of the access list entry. If the auto_assign option is selected, the access ID is automatically assigned. The lower the access ID, the higher the priority.
auto assign - Specifies that the access ID will be configured automatically.
<value 1-128> - Enter the access ID used here. This value must be between 1 and 128.
ethernet - Specifies an Ethernet egress ACL rule.
vlan - (Optional) Specifies the VLAN name.
<vlan_name 32> - Enter the VLAN name used for this configuration here. This name can be up to 32 characters long.
vlanid - Specifies a VLAN ID.
<vlanid 1-4094> - Enter the VLAN ID used for this congfiguration here. This value must be between 1 and 4094.
mask - (Optional) Specifies the mask used.
<hex 0x0-x0fff> - Enter the mask value used here.
source_mac - (Optional) Specifies the source MAC address.
<macaddr> - Enter the source MAC address used here.
mask - Specifies that source MAC mask used.
<macmask> - Enter the source MAC mask value here.
destination_mac - Specifies the destination MAC address.
<macaddr> - Enter the destination MAC address used here.
mask - Specifies that destination MAC mask used.
<macmask> - Enter the destination MAC mask value here.
802.1p - (Optional) Specifies the value of the 802.1p priority tag. The priority tag ranges from
1 to 7.
<value 0-7> - Enter the 802.1p priority tag used here.
ethernet_type - (Optional) Specifies the Ethernet type.
<hex 0x0-0xffff> - Enter the Ethernet type mask used here.
mirror - Specifies that only the mirrored packet can be matched.
ip - Specifies an IP egress ACL rule.
vlan - (Optional) Specifies the VLAN name.
<vlan_name 32> - Enter the VLAN name used for this configuration here. This name can be up to 32 characters long.
vlanid - Specifies a VLAN ID.
<vlanid 1-4094> - Enter the VLAN ID used for this congfiguration here. This value must be between 1 and 4094.
mask - (Optional) Specifies the mask used.
<hex 0x0-x0fff> - Enter the mask value used here.
source_ip - (Optional) Specifies an IP source address.
<ipaddr> - Enter the source IP address used here.
mask - Specifies the source IP address used here.
<netmask> - Enter the source network mask here.
destination_ip - (Optional) Specifies an IP destination address.
132
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<ipaddr> - Enter the destination IP address used here.
mask - Specifies the destination IP address used here.
<netmask> - Enter the destination network mask here.
dscp - (Optional) Specifies the value of DSCP. The DSCP value ranges from 0 to 63.
<value 0-63> - Enter the DSCP value used here. This value must be between 0 and 63.
icmp - (Optional) Specifies that the following parameters configured will apply to the ICMP configuration.
type - Specifies that the rule will apply to the ICMP type traffic value.
<value 0-255> - Enter the ICMP traffic type value here. This value must be between 0 and 255.
code - Specifies that the rule will apply to the ICMP code traffic value.
<value 0-255> - Enter the ICMP code traffic value here. This value must be between 0 and 255.
igmp - (Optional) Specifies that the following parameters configured will apply to the IGMP configuration.
type - Specifies that the rule will apply to the IGMP type traffic value.
<value 0-255> - Enter the IGMP type traffic value here. This value must be between 0 and 255.
tcp - (Optional) Specifies that the following parameters configured will apply to the TCP configuration.
src_port - Specifies that the rule will apply to a range of TCP source ports.
<value 0-65535> - Enter the source port value here. This value must be between 0 and
65535.
mask - Specifies the TCP source port mask here.
<hex 0x0-0xffff> - Enter the TCP source port mask value here.
dst_port - Specifies that the rule will apply to a range of TCP destination ports.
<value 0-65535> - Enter the destination port value here. This value must be between 0 and 65535.
mask - Specifies the TCP destination port mask here.
<hex 0x0-0xffff> - Enter the TCP destination port mask value here.
flag - (Optional) Specifies the TCP flag fields.
all - Specifies that the TCP flag field will be set to 'all'.
urg - Specifies that the TCP flag field will be set to 'urg'.
ack - Specifies that the TCP flag field will be set to 'ack'.
psh - Specifies that the TCP flag field will be set to 'psh'.
rst - Specifies that the TCP flag field will be set to 'rst'.
syn - Specifies that the TCP flag field will be set to 'syn'.
fin - Specifies that the TCP flag field will be set to 'fin'.
udp - (Optional) Specifies that the following parameters configured will apply to the UDP configuration.
src_port - Specifies the UDP source port range.
<value 0-65535> - Enter the UDP source port range value here.
mask - Specifies the UDP source port mask here.
<hex 0x0-0xffff> - Enter the UDP source port mask value here.
dst_port - Specifies the UDP destination port range.
<value 0-65535> - Enter the UDP destination port range value here.
mask - Specifies the UDP destination port mask here.
<hex 0x0-0xffff> - Enter the UDP destination port mask value here.
protocol_id - (Optional) Specifies that the rule will apply to the value of IP protocol ID traffic.
<value 0-255> - Enter the protocol ID used here. This value must be between 0 and 255.
user_define - (Optional) Specifies that the rule will apply to the IP protocol ID and that the mask options behind the IP header, which has a length of 20 bytes.
<hex 0x0-0xffffffff> - Enter the user-defined mask value here.
mask - Specifies the user-defined mask here.
<hex 0x0-0xffffffff> - Enter the user-defined mask value here.
mirror - Specifies that only the mirrored packet can be matched.
ipv6 - Specifies the rule applies to IPv6 fields.
class - (Optional) Specifies the value of IPv6 class.
<value 0-255> - Enter the IPv6 class value here. This value must be between 0 and 255.
source_ipv6 - (Optional) Specifies the value of IPv6 source address.
133
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<ipv6addr> - Enter the source IPv6 source address here.
mask - Specifies the IPv6 source address mask here.
<ipv6mask> - Enter the IPv6 source address mask value here.
destination_ipv6 - (Optional) Specifies the value of IPv6 destination address.
<ipv6addr> - Enter the source IPv6 destination address here.
mask - Specifies the IPv6 destination address mask here.
<ipv6mask> - Enter the IPv6 destination address mask value here.
tcp - (Optional) Specifies the TCP protocol
src_port - Specifies the value of the IPv6 layer 4 TCP source port.
<value 0-65535> - Enter the IPv6 TCP source port value here. This value must be between 0 and 65535.
mask - Specifies the IPv6 TCP source port mask here.
<hex 0x0-0xffff> - Enter the IPv6 TCP source port mask value here.
dst_port - Specifies the value of the IPv6 layer 4 TCP destination port.
<value 0-65535> - Enter the IPv6 TCP destination port value here. This value must be between 0 and 65535.
mask - Specifies the IPv6 TCP destination port mask here.
<hex 0x0-0xffff> - Enter the IPv6 TCP destination port mask value here.
udp - (Optional) Specifies the UDP protocol.
src_port - Specifies the value of the IPv6 layer 4 UDP source port.
<value 0-65535> - Enter the IPv6 UDP source port value here. This value must be between 0 and 65535.
mask - Specifies the IPv6 UDP source port mask here.
<hex 0x0-0xffff> - Enter the IPv6 UDP source port mask value here.
dst_port - Specifies the value of the IPv6 layer 4 UDP destination port.
<value 0-65535> - Enter the IPv6 UDP destination port value here. This value must be between 0 and 65535.
mask - Specifies the IPv6 UDP destination port mask here.
<hex 0x0-0xffff> - Enter the IPv6 UDP destination port mask value here.
icmp - (Optional) Specifies that the following parameters configured will apply to the ICMP configuration.
type - Specifies that the rule will apply to the ICMP type traffic value.
<value 0-255> - Enter the ICMP traffic type value here. This value must be between 0 and 255.
code - Specifies that the rule will apply to the ICMP code traffic value.
<value 0-255> - Enter the ICMP code traffic value here. This value must be between 0 and 255.
mirror - Specifies that only the mirrored packet can be matched.
vlan_based - The rule applies on the specified VLAN.
vlan - Specifies the VLAN name.
<vlan_name 32> - Enter the VLAN name used for this configuration here. This name can be up to 32 characters long.
vlanid - Specifies a VLAN ID.
<vlanid 1-4094> - Enter the VLAN ID used for this congfiguration here. This value must be between 1 and 4094.
port_group - Specifies the port group value here.
id - Specifies the ID of the port group which the rule applies.
<value 1-64> - Enter the group ID value here. This value must be between 1 and 64.
name - Specifies the name of the port group which the rule applies.
<name 16> - Enter the port group name here. This name can be up to 16 characters long.
port - Specifies the port in the port group used.
<port> - Enter the port number used here.
permit - Specifies that packets matching the egress access rule are permitted by the switch.
replace_priority_with - (Optional) Specifies the packets that match the egress access rule are changed the 802.1p priority tag field by the switch.
<value 0-7> - Enter the replace priority with value here. This value must be between 0 and 7.
replace_dscp_with - (Optional) Specifies the packets that match the egress access rule are changed the DSCP value by the switch.
<value 0-63> - Enter the replace DSCP with value here. This value must be between 0 and
63.
134
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
replace_vlan_id_with - (Optional) Specifies the VLAN ID to replace the outer VLAN ID of the matched packets.
<value 1-4094> - Enter the replacement VLAN ID here. This value must be between 1 and
4094.
counter - (Optional) Specifies whether the ACL counter feature is enabled or disabled. This parameter is optional. The default option is disabled. If the rule is not bound with the flow_meter, all matching packets are counted. If the rule is bound with the flow_meter, then the “counter” is overridden.
enable - Specifies that the ACL counter feature will be enabled.
disable - Specifies that the ACL counter feature will be disabled.
deny - Specifies the packets that match the egress access rule are filtered by the switch.
time_range - (Optional) Specifies the name of the time range entry.
<range_name 32> - Enter the time range value here. This name can be up to 32 characters long.
delete - Specifies to delete a profile or rule.
access_id - Specifies the index of the access list entry. If the auto_assign option is selected, the access ID is automatically assigned.
<value 1-128> - Enter the access ID used here. This value must be between 1 and 128.
Example
To configure a port-base egress access rule that when the packet go out switch which match the specified source IP, DSCP and destination IP field, it will not be dropped:
DGS-3620-28PC:admin# config egress_access_profile profile_id 2 add access_id auto_assign ip source_ip 10.0.0.1 dscp 25 destination_ip 10.90.90.90 port_group id 1 permit
Command: config egress_access_profile profile_id 2 add access_id auto_assign ip source_ip 10.0.0.1 dscp 25 destination_ip 10.90.90.90 port_group id 1 permit
Success.
DGS-3620-28PC:admin#
To configure a vlan-base egress access rule that when the packet go out switch which match the specified source MAC field, it will be dropped:
DGS-3620-28PC:admin# config egress_access_profile profile_id 2 add access_id 1 ethernet source_mac 11-22-33-44-55-66 vlan_based vlan_id 1 deny
Command: config egress_access_profile profile_id 2 add access_id 1 ethernet source_mac 11-22-33-44-55-66 vlan_based vlan_id 1 deny
Success.
DGS-3620-28PC:admin#
6-4 show egress_access_profile
Description
This command is used to display current egress access list table.
135
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format show egress_access_profile {[profile_id <value 1-4> | profile_name <name 1-32>]}
Parameters
Restrictions
None.
profile_id - (Optional) Specifies the index of the egress access list profile.
<value 1-4> - Enter the profile ID here. This value must be between 1 and 4.
profile_name - (Optional) Specifies the name of the profile. The maximum length is 32 characters.
<name 1-32> - Enter the profile name here. This name can be up to 32 characters long.
If no parameter is specified, will show the all egress access profile.
Example
To display current egress access list table:
DGS-3620-28PC:admin# show egress_access_profile
Command: show access_profile
Egress Access Profile Table
Total User Set Rule Entries : 3
Total Used Hardware Entries : 3
Total Available Hardware Entries : 253
===============================================================================
=
Profile ID: 1 Profile name: 1 Type: Ethernet
Mask on
Source MAC : FF-FF-FF-FF-FF-FF
Available Hardware Entries : 127
-------------------------------------------------------------------------------
-
Rule ID : 1 Port group: -
Match on
VLAN ID : 1
Source MAC : 00-00-00-00-00-01
Action:
Permit
===============================================================================
=
===============================================================================
136
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
=
Profile ID: 2 Profile name: 2 Type: IPv4
Mask on
Source IP : 255.255.255.255
Destination IP : 255.255.255.255
DSCP
Available Hardware Entries : 126
-------------------------------------------------------------------------------
-
Rule ID : 1 (auto assign) Port group: 1
Match on
Source IP : 10.0.0.2
Destination IP : 10.90.90.90
DSCP : 25
Action:
Permit
-------------------------------------------------------------------------------
-
Rule ID : 2 (auto assign) Port group: 1
Match on
Source IP : 10.0.0.1
Destination IP : 10.90.90.90
DSCP : 25
Action:
Permit
Matched Count : 0 packets
===============================================================================
=
DGS-3620-28PC:admin#
The following example displays an egress access profile that supports an entry mask for each rule:
137
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show egress_access_profile profile_id 1
Command: show egress_access_profile profile_id 1
Egress Access Profile Table
===============================================================================
=
Profile ID: 1 Profile name: 1 Type: Ethernet
Mask on
Source MAC : FF-FF-FF-FF-FF-FF
Available Hardware Entries : 127
-------------------------------------------------------------------------------
-
Rule ID : 1 Port group: -
Match on
VLAN ID : 1
Source MAC : 00-00-00-00-00-01
Action:
Permit
===============================================================================
=
DGS-3620-28PC:admin#
6-5 show current_config egress_access_profile
Description
This command is used to display the egress ACL part of current configuration in user level of privilege.
The overall current configuration can be displayed by “show config” command which is accessible in administrator level of privilege.
Format show current_config egress_access_profile
Parameters
None.
Restrictions
None.
Example
To display current configuration of egress access list table:
138
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show current_config egress_access_profile
Command: show current_config egress_access_profile
#------------------------------------------------------------------------------
-
# Egress ACL create egress_access_profile profile_id 1 profile_name 1 ethernet source_mac
FF-
FF-FF-FF-FF-FF config egress_access_profile profile_id 1 add access_id 1 ethernet source_mac
00
-00-00-00-00-01 vlan_based vlan_id 1 permit create egress_access_profile profile_id 2 profile_name 2 ip source_ip_mask
255.2
55.255.255 destination_ip_mask 255.255.255.255 dscp config egress_access_profile profile_id 2 add access_id auto_assign ip source_ip
10.0.0.2 destination_ip 10.90.90.90 dscp 25 port_group id 1 permit counter enable config egress_access_profile profile_id 2 add access_id auto_assign ip source_ip
10.0.0.1 destination_ip 10.90.90.90 dscp 25 port_group id 1 permit
#------------------------------------------------------------------------------
-
DGS-3620-28PC:admin#
6-6 config egress_flow_meter
Description
This command is used to configure the packet flow-based metering based on an egress access profile and rule.
Format config egress_flow_meter [profile_id <value 1-4> | profile_name <name 1-32>] access_id
<value 1-128> [rate <value 0-1048576> {burst_size <value 0-131072>} rate_exceed
[drop_packet | remark_dscp <value 0-63>] | tr_tcm cir <value 0-1048576> {cbs <value 0-
131072>} pir <value 0-1048576> {pbs <value 0-131072>} {[color_blind | color_aware]}
{conform [permit | replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit
{replace_dscp <value 0-63>} | drop] {counter [enable | disable]} violate [permit
{replace_dscp <value 0-63>} | drop] {counter [enable | disable]} | sr_tcm cir <value 0-
1048576> cbs <value 0-131072> ebs <value 0-131072> {[color_blind | color_aware]}
{conform [permit | replace_dscp <value 0-63>] {counter [enable | disable]}} exceed [permit
{replace_dscp <value 0-63>} | drop] {counter [enable | disable]} violate [permit
{replace_dscp <value 0-63>} | drop] {counter [enable | disable]} | delete]
Parameters
profile_id - Specifies the profile ID.
139
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<value 1-4> - Enter the profile ID used here. This value must be between 1 and 4.
profile_name - Specifies the name of the profile.
<name 1-32> - Enter the profile name used here. This name can be up to 32 characters long.
access_id - Specifies the access ID.
<value 1-128> - Enter the access ID used here. This value must be between 1 and 128.
rate - This specifies the rate for single rate two-color mode. Specify the committed bandwidth in
Kbps for the flow. The value m and n are determined by the project.
<value 0-1048576> - Enter the rate for single rate two-color mode here. This value must be between 0 and 1048576.
burst_size - (Optional) This specifies the burst size for the single rate “two color” mode. The unit is Kbytes.
<value 0-131072> - Enter the burst size value here. This value must be between 0 and
131072.
rate_exceed - This specifies the action for packets that exceed the committed rate in single rate
“two color” mode. The action can be specified as one of the following:
drop_packet - Drop the packet immediately.
remark_dscp - Mark the packet with a specified DSCP. The packet is set to have the higher drop precedence.
<value 0-63> - Enter the remark DSCP value here. This value must be between 0 and 63.
tr_tcm - Specifies the “two rate three color mode”.
cir - Specifies the two rate three color mode used.
<value 0-1048576> - Enter the two rate three color mode value here. This value must be between 0 and 1048576.
cbs - (Optional) Specifies the “Committed Burst Size”. The unit is Kbytes. That is to say, 1 means 1Kbytes. This parameter is an optional parameter. The default value is 4*1024.
<value 0-131072> - Enter the comitted burst size value here. This value must be between
0 and 131072.
pir - Specifies the “Peak Information Rate”. The unit is in Kbps. PIR should always be equal to or greater than CIR.
<value 0-1048576> - Enter the peak information rate value here. This value must be between 0 and 1048576.
pbs - (Optional) Specifies the “Peak Burst Size”. The unit is in Kbytes.
<value 0-131072> - Enter the peak burst size value here. This value must be between 0 and 131072.
color_blind - (Optional) Specifies the meter mode to be color-blind. The default is color-blind mode.
color_aware - (Optional) Specifies the meter mode to be color-aware. When this code is specified, user could set the “in-coming packet color” by using command “config color_aware”. The final color of packet is determined by the initial color of packet and the metering result.
conform - (Optional) Specifies the action when packet is in “green color”.
permit - Permit the packet.
replace_dscp - Changes the DSCP of the packet.
<value 0-63> - Enter the replace DSCP value here. This value must be between 0 and 63.
counter - (Optional) Specifies the ACL counter. This is optional. The default is “disable”. The resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.
enable - Specifies that the ACL counter parameter will be enabled.
disable - Specifies that the ACL counter parameter will be disabled.
exceed - Specifies the action when packet is in “yellow color”.
permit - (Optional) Permit the packet.
replace_dscp - Changes the DSCP of the packet.
<value 0-63> - Enter the DSCP replace value here. This value must be between 0 and 63.
drop - Drops the packet.
counter - (Optional) Specifies the ACL counter. This is optional. The default is “disable”. The resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.
enable - Specifies that the ACL counter parameter will be enabled.
disable - Specifies that the ACL counter parameter will be disabled.
violate - Specifies the action when packet is in “red color”.
140
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
permit - Permit the packet.
replace_dscp - (Optional) Changes the DSCP of the packet.
<value 0-63> - Enter the DSCP replace value here. This value must be between 0 and 63.
drop - Drops the packet.
counter - (Optional) Specifies the ACL counter. This is optional. The default is “disable”. The resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.
enable - Specifies that the ACL counter parameter will be enabled.
disable - Specifies that the ACL counter parameter will be disabled.
sr_tcm - Specifies the “single rate three color mode”.
cir - Specifies the single rate three color mode used.
<value 0-1048576> - Enter the single rate three color mode value here. This value must be between 0 and 1048576.
cbs - Specifies the “committed burst size”. The unit is Kbytes.
<value 0-131072> - Enter the committed burst size value here. This value must be between 0 and 131072.
ebs - Specifies the “Excess Burst Size”. The unit is Kbytes.
<value 0-131072> - Enter the excess burst size value here. This value must be between 0 and 131072.
color_blind - (Optional) Specifies the meter mode to be color-blind. The default is color-blind mode.
color_aware - (Optional) Specifies the meter mode to be color-aware. When this code is specified, user could set the “in-coming packet color” by using command “config color_aware”. The final color of packet is determined by the initial color of packet and the metering result.
conform - (Optional) Specifies the action when packet is in “green color”.
permit - (Optional) Permit the packet.
replace_dscp - Changes the DSCP of the packet.
<value 0-63> - Enter the replace DSCP value here. This value must be between 0 and 63.
counter - (Optional) Specifies the ACL counter. This is optional. The default is “disable”. The resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.
enable - Specifies that the ACL counter parameter will be enabled.
disable - Specifies that the ACL counter parameter will be disabled.
exceed - Specifies the action when packet is in “yellow color”.
permit - Permit the packet.
replace_dscp - (Optional) Changes the DSCP of the packet.
<value 0-63> - Enter the DSCP replace value here. This value must be between 0 and 63.
drop - Drops the packet.
counter - (Optional) Specifies the ACL counter. This is optional. The default is “disable”. The resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.
enable - Specifies that the ACL counter parameter will be enabled.
disable - Specifies that the ACL counter parameter will be disabled.
violate - Specifies the action when packet is in “red color”.
permit - Permit the packet.
replace_dscp - (Optional) Changes the DSCP of the packet.
<value 0-63> - Enter the DSCP replace value here. This value must be between 0 and 63.
drop - Drops the packet.
counter - (Optional) Specifies the ACL counter. This is optional. The default is “disable”. The resource may be limited so that a counter cannot be turned on. Counters will be cleared when the function is disabled.
enable - Specifies that the ACL counter parameter will be enabled.
disable - Specifies that the ACL counter parameter will be disabled.
delete - Delete the specified “flow_meter”.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
141
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure a “two rates three color” flow meter:
DGS-3620-28PC:admin# config egress_flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs 200 pir 2000 pbs 200 exceed replace_dscp 21 violate drop command: config egress_flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs
200 pir 2000 pbs 200 exceed replace_dscp 21 violate drop
Success.
DGS-3620-28PC:admin#
6-7 show egress_flow_meter
Description
This command is used to display the egress flow-based metering configuration.
Format show egress_flow_meter {[profile_id <value 1-4> | profile_name <name 1-32>] {access_id
<value1-128>}}
Parameters
profile_id - (Optional) Specifies the index of access list profile.
<value 1-4> - Enter the profile ID used here. This value must be between 1 and 4.
profile_name - (Optional) Specifies the name of the profile.
<name 1-32> - Enter the profile name used here. This name can be up to 32 characters long.
access_id - (Optional) Specifies the access ID.
<value 1-128> - Enter the access ID used here. This value must be between 1 and 128.
Restrictions
None.
Example
To display current egress flow meter table:
142
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show egress_flow_meter
Command: show egress_flow_meter
Flow Meter Information:
------------------------
Profile ID : 1 Access ID : 1 Mode : trTcm / color-blind
CIR:1000(Kbps) CBS:2000(Kbyte) PIR:2000(Kbps) PBS:2000(Kbyte)
Actions:
Conform : Permit Replace DSCP : 11 Counter : enable
Exceed : Permit Replace DSCP : 22 Counter : enable
Violate : Drop
Profile ID : 1 Access ID : 1 Mode : srTcm / color-blind
CIR:2500(Kbps) CBS:2000(Kbyte) EBS:3500(Kbyte)
Actions:
Conform : Permit Counter : enable
Exceed : Permit Replace DSCP: 33 Counter : enable
Violate : Drop
Total Entries: 2
DGS-3620-28PC:admin#
6-8 create port_group id
Description
This command is used to create a port group.
Format create port_group id <value 1-64> name <name 16>
Parameters
id - Specifies the port group ID.
<value 1-64> - Enter the port group ID here. This value must be between 1 and 64.
name - Specifies the port group name.
<name 16> - Enter the port group name here. This name can be up to 16 characters long.
Restrictions
Only Administrators and Operators can issue this command.
Example
To create a port group:
143
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# create port_group id 2 name group2
Command: create port_group id 2 name group2
Success.
DGS-3620-28PC:admin#
6-9 config port_group
Description
This command is used to add or delete a port list to a port group.
Format config port_group [id <value 1-64> | name <name 16>] [add | delete] [<portlist> | all]
Parameters
id - Specifies the port group ID.
<value 1-64> - Enter the port group ID used here. This value must be between 1 and 64.
name - Specifies the port group name.
<name 16> - Enter the port group name here. This name can be up to 16 characters long.
add - Add a port list to this port group.
delete - Delete a port list from this port group.
<portlist> - Enter a list of ports used for the configuration here.
all - Specifies that all the ports will be used for this configuration.
Restrictions
Only Administrators and Operators can issue this command.
Example
Add port list “1-3” to the port group which ID is “2”:
DGS-3620-28PC:admin# config port_group id 2 add 1-3
Command: config port_group id 2 add 1-3
Success.
DGS-3620-28PC:admin#
6-10 delete port_group
Description
This command is used to delete port group.
Format delete port_group [id <value 1-64> | name <name 16>]
144
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
id - Specifies the port group ID.
<value 1-64> - Enter the port group ID used here. This value must be between 1 and 64.
name - Specifies the port group name.
<name 16> - Enter the port group name here. This name can be up to 16 characters long.
Restrictions
Only Administrators and Operators can issue this command.
Example
To delete the port group which ID is “2”:
DGS-3620-28PC:admin# delete port_group id 2
Command: delete port_group id 2
Success.
DGS-3620-28PC:admin#
6-11 show port_group
Description
This command is used to display the port group information.
Format show port_group {id <value 1-64> | name <name 16>}
Parameters
id - (Optional) Specifies the port group ID.
<value 1-64> - Enter the port group ID used here. This value must be between 1 and 64.
name - (Optional) Specifies the port group name.
<name 16> - Enter the port group name here. This name can be up to 16 characters long.
If not specified parameter, will show all the port group.
Restrictions
Only Administrators and Operators can issue this command.
Example
To show all the port group information:
145
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show port_group
Command: show port_group
Port Group Table
Group ID Group Name Ports
1 group1 1-2,5
2 group2 4,5,7,9,11,13
15,17,19-25
4 group3 5-7
Total Entries :3
DGS-3620-28PC:admin#
146
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 7 ARP Commands
create arpentry <ipaddr> <macaddr>
delete arpentry [<ipaddr> | all]
config arpentry <ipaddr> <macaddr>
config arpentry force_aging_addr [add | delete] <ipaddr>
show arpentry {ipif <ipif_name 12> | ipaddress <ipaddr> | static | mac_address <macaddr>}
show arpentry force_aging_addr clear arptable
show ipfdb {[ip_address <ipaddr> | interface <ipif_name 12> | port <port>]}
config arp_aging time <min 0-65535>
config arp_retry times <value 0-4>
7-1 create arpentry
Description
This command is used to enter an IP address and the corresponding MAC address into the switch’s ARP table.
Format create arpentry <ipaddr> <macaddr>
Parameters
<ipaddr> - The IP address of the end node or station.
<macaddr> - The MAC address corresponding to the IP address above.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To create a static ARP entry for the IP address 10.48.74.121 and MAC address 00:50:BA:00:07:36:
DGS-3620-28PC:admin#create arpentry 10.48.74.121 00-50-BA-00-07-36
Command: create arpentry 10.48.74.121 00-50-BA-00-07-36
Success.
DGS-3620-28PC:admin#
7-2 delete arpentry
Description
This command is used to delete an ARP entry, made using the create arpentry command above, by specifying either the IP address of the entry or all. Specifying all deletes all static and dynamic
ARP entries.
147
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format delete arpentry [<ipaddr> | all]
Parameters
<ipaddr> - The IP address of the end node or station.
all - Delete all ARP entries
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete an entry of IP address 10.48.74.121 from the ARP table:
7-3
DGS-3620-28PC:admin#delete arpentry 10.48.74.121
Command: delete arpentry 10.48.74.121
Success.
DGS-3620-28PC:admin#
config arpentry
Description
This command is used to configure a static entry in the ARP table. Specify the IP address and
MAC address of the entry.
Format config arpentry <ipaddr> <macaddr>
Parameters
<ipaddr> - The IP address of the end node or station.
<macaddr> - The MAC address corresponding to the IP address above.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure a static ARP entry for the IP address 10.48.74.121 and MAC address
00:50:BA:00:07:36:
DGS-3620-28PC:admin#config arpentry 10.48.74.121 00-50-BA-00-07-36
Command: config arpentry 10.48.74.121 00-50-BA-00-07-36
148
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
7-4
Success.
DGS-3620-28PC:admin#
config arpentry force_aging_addr
Description
This command is used to to configure the force aging gateway address in the ARP table.
Format config arpentry force_aging_addr [add | delete] <ipaddr>
Parameters
add - Specifies to add a new entry.
delete - Specifies to remove an existing entry.
<ipaddr> - Enter the IP address of the gateway here.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
This example shows how to add a force aging ARP entry of gateway10.48.74.12.
7-5
DGS-3620-28PC:admin#config arpentry force_aging_addr add 10.48.74.12
Command: config arpentry force_aging_addr add 10.48.74.12
Success.
DGS-3620-28PC:admin#
show arpentry
Description
This command is used to display the Address Resolution Protocol (ARP) table. Filter the display by
IP address, interface name, static entries or mac_address.
Format show arpentry {ipif <ipif_name 12> | ipaddress <ipaddr> | static | mac_address <macaddr>}
Parameters
ipif - The name of the IP interface the end node or station for which the ARP table entry was made, resides on.
<ipif_name 12> - Enter the IP interface name. The maximum length is 12 characters.
149
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
ipaddress - The IP address of the end node or station.
<ipaddr> - Enter the IP address.
static - Displays the static entries to the ARP table.
mac_address - Displays the ARP entry by MAC address.
<macaddr> - Enter the MAC address.
Note: If no parameter is specified, all ARP entries will be displayed.
Restrictions
None.
Example
To display the ARP table:
7-6
DGS-3620-28PC:admin# show arpentry
Command: show arpentry
ARP Aging Time : 20
Interface IP Address MAC Address Type
------------- --------------- ----------------- ---------------
System 10.0.0.0 FF-FF-FF-FF-FF-FF Local/Broadcast
System 10.90.90.90 00-01-02-03-04-00 Local
System 10.255.255.255 FF-FF-FF-FF-FF-FF Local/Broadcast
Total Entries: 3
DGS-3620-28PC:admin#
show arpentry force_aging_addr
Description
This command is used to display the force aging entry in the ARP table.
Format show arpentry force_aging_addr
Parameters
None.
Restrictions
None.
150
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
This example shows how to display the force aging address in the ARP table.
DGS-3620-28PC:admin#show arpentry force_aging_addr
Command: show arpentry force_aging_addr
ARP Force Aging Address:
Interface IP Address MAC Address Type
------------- --------------- ----------------- ---------------
------------ 10.48.74.12 ----------------- ------
Total Entries: 1
DGS-3620-28PC:admin#
7-7 clear arptable
Description
This command is used to remove dynamic entries from the ARP table. Static ARP entries are not affected.
Format clear arptable
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To remove the dynamic entries from the ARP table:
7-8
DGS-3620-28PC:admin#clear arptable
Command: clear arptable
Success.
DGS-3620-28PC:admin#
show ipfdb
Description
This command is used to display the IP address forwarding table on the Switch.
151
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format show ipfdb {[ip_address <ipaddr> | interface <ipif_name 12> | port <port>]}
Parameters
ip_address - (Optional) Specifies the IP address of the forwarding table.
<ipaddr> - Enter the IP address to be displayed.
interface - (Optional) Specifies the interface name of the forwarding table.
<ipif_name 12> - Enter the interface name here. This name can be up to 12 characters long.
port - (Optional) Specifies the port to be displayed.
<port> - Enter the port number to be displayed.
Restrictions
None.
Example
To display the IP address forwarding table on the Switch:
7-9
DGS-3620-28PC:admin# show ipfdb
Command: show ipfdb
Interface IP Address Port Learned
------------ ---------------- --------- ---------
Total Entries: 0
DGS-3620-28PC:admin#
config arp_aging time
Description
This command is used to set the maximum amount of time, in minutes, that an ARP entry can remain in the switch’s ARP table, without being accessed, before it is dropped from the table.
Format config arp_aging time <min 0-65535>
Parameters
<min 0-65535> - The ARP age-out time, in minutes. The default is 20 minutes. The range is 0 to
65535 minutes.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
152
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure the ARP aging time:
DGS-3620-28PC:admin#config arp_aging time 30
Command: config arp_aging time 30
Success.
DGS-3620-28PC:admin#
7-10 config arp_retry times
Description
This command is used to configure the ARP retry times.
Format config arp_retry times <value 0-4>
Parameters
<value 0-4> - Enter the ARP retry times value here. This value must be between 0 and 4.
Entering 0 will only send one ARP request without any retries. By default, this value is 4.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
This example shows how to configure the ARP retry times value.
DGS-3620-28PC:admin#config arp_retry times 2
Command: config arp_retry times 2
Success.
DGS-3620-28PC:admin#
153
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 8 ARP Spoofing
Prevention Commands
config arp_spoofing_prevention [add gateway_ip <ipaddr> gateway_mac <macaddr> ports
[<portlist> | all] | delete gateway_ip <ipaddr>]
show arp_spoofing_prevention
8-1 config arp_spoofing_prevention
Description
The user can configure the spoofing prevention entry to prevent spoofing of MAC for the protected gateway. When an entry is created, those ARP packets whose sender IP matches the gateway IP of an entry, but either its sender MAC field or source MAC field does not match the gateway MAC of the entry will be dropped by the system.
Format config arp_spoofing_prevention [add gateway_ip <ipaddr> gateway_mac <macaddr> ports
[<portlist> | all] | delete gateway_ip <ipaddr>]
Parameters
add gateway_ip - Specifies a gateway IP to be added.
<ipaddr> - Enter the IP address.
gateway_mac - Specifies a gateway MAC to be configured.
<macaddr> - Enter the MAC address.
ports – Specify the ports.
<portlist> - Enter a range of ports to be configured.
all - Specifies all ports to be configured.
delete gateway_ip - Specifies a gateway IP to be deleted.
<ipaddr> - Enter the IP address.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the prevent IP spoofing attack:
DGS-3620-28PC:admin#config arp_spoofing_prevention add gateway_ip
10.254.254.251 gateway_mac 00-00-00-11-11-11 ports 1-2
Command: config arp_spoofing_prevention add gateway_ip 10.254.254.251 gateway_mac 00-00-00-11-11-11 ports 1-2
Success.
DGS-3620-28PC:admin#
154
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
8-2 show arp_spoofing_prevention
Description
This command is used to display the ARP spoofing prevention status.
Format show arp_spoofing_prevention
Parameters
None.
Restrictions
None.
Example
To display the ARP spoofing prevention status:
DGS-3620-28PC:admin#show arp_spoofing_prevention
Command: show arp_spoofing_prevention
Gateway IP Gateway MAC Ports
------------------ ------------------- --------------------
192.168.0.1 00-00-00-00-00-01 1-28
Total Entries: 1
DGS-3620-28PC:admin#
155
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 9 Asymmetric VLAN
Commands
enable asymmetric_vlan disable asymmetric_vlan show asymmetric_vlan
9-1 enable asymmetric_vlan
Description
This command is used to enable the asymmetric VLAN function..
Format enable asymmetric_vlan
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable asymmetric VLAN setting:
9-2
DGS-3620-28PC:admin# enable asymmetric_vlan
Command: enable asymmetric_vlan
Success.
DGS-3620-28PC:admin#
disable asymmetric_vlan
Description
This command is used to disable the asymmetric VLAN function.
Format disable asymmetric_vlan
156
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To disable asymmetric VLAN setting:
9-3
DGS-3620-28PC:admin# disable asymmetric_vlan
Command: disable asymmetric_vlan
Success.
DGS-3620-28PC:admin#
show asymmetric_vlan
Description
This command is used to display the asymmetric VLAN function.
Format show asymmetric_vlan
Parameters
None.
Restrictions
None.
Example
To display asymmetric VLAN:
DGS-3620-28PC:admin# show asymmetric_vlan
Command: show asymmetric_vlan
Asymmetric Vlan : Disabled
DGS-3620-28PC:admin#
157
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 10 Auto Configuration
Commands
show autoconfig enable autoconfig disable autoconfig
10-1 show autoconfig
Description
This command is used to display the status of automatically getting configuration from a TFTP server.
Format show autoconfig
Parameters
None.
Restrictions
None.
Example
To display the DHCP auto configuration status:
DGS-3620-28PC:admin#show autoconfig
Command: show autoconfig
Autoconfig State: Disabled
DGS-3620-28PC:admin#
10-2 enable autoconfig
Description
This command is used to enable automatically to get configuration from a TFTP server according to the options in the DHCP reply packet. To employ this method, the DHCP server must be set up to deliver the TFTP server IP address and configuration file name information first.
Format enable autoconfig
158
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
None.
Restrictions
Only Administrators and Operators can issue this command.
Example
To enable DHCP auto configuration status:
DGS-3620-28PC:admin#enable autoconfig
Command: enable autoconfig
Success.
DGS-3620-28PC:admin#
10-3 disable autoconfig
Description
This command is used to disable automatically to get configuration from a TFTP server.
Format disable autoconfig
Parameters
None.
Restrictions
Only Administrators and Operators can issue this command.
Example
To disable the DHCP auto configuration status:
DGS-3620-28PC:admin#disable autoconfig
Command: disable autoconfig
Success.
DGS-3620-28PC:admin#
159
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 11 Bidirectional
Forwarding Detection (BFD)
Commands
enable bfd disable bfd
config bfd [ipif <ipif_name 12> | all] {min_tx_interval <millisecond 50-1000> | min_rx_interval
<millisecond 50-1000> | multiplier <value 3-99> | slow_time <millisecond 1000-3000>}
show bfd {ipif <ipif_name 12>}
show bfd neighbor {ipif <ipif_name 12> | ipaddress <ipaddr> | protocol [ospf | vrrp] | details}
11-1 enable bfd
Description
This command is used to enable the BFD global state on the Switch.
Format enable bfd
Parameters
None
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
This example show how to enable the BFD global state.
DGS-3620-28PC:admin# enable bfd
Command: enable bfd
Success.
DGS-3620-28PC:admin#
11-2 disable bfd
Description
This command is used to disable the BFD global state on the Switch.
160
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format disable bfd
Parameters
None
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
This example show how to disable the BFD global state.
DGS-3620-28PC:admin# disable bfd
Command: disable bfd
Success.
DGS-3620-28PC:admin#
11-3 config bfd
Description
This command is used to configure the BFD parameters on the Switch.
Format config bfd [ipif <ipif_name 12> | all] {min_tx_interval <millisecond 50-1000> | min_rx_interval <millisecond 50-1000> | multiplier <value 3-99> | slow_time <millisecond
1000-3000>}
Parameters
ipif - Specifies the name of the IP interface.
<ipif_name 12> - Enter the name of the IP interface. This name can be up to 12 characters long.
all - Specifies that all the IP interfaces will be used.
min_tx_interval - (Optional) Specifies the desired minimum transmit interval value.
<millisecond 50-1000> - Enter the minimum transmit interval value here. This value must be between 50 and 1000 milliseconds.
min_rx_interval - (Optional) Specifies the required minimum receive interval value.
<millisecond 50-1000> - Enter the minimum receive interval value here. This value must be between 50 and 1000 milliseconds.
multiplier - (Optional) Specifies the BFD detection time multiplier value.
<value 3-99> - Enter the BFD detection time multiplier value here. This value must be between 3 and 99.
slow_time - (Optional) Specifies the BFD slow time value.
<millisecond 1000-3000> - Enter the BFD slow time value here. This value must be between
1000 and 3000 milliseconds.
161
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
This example show how to configure the desired minimum TX interval value to 100 milliseconds and detection time multiplier to 5 on the interface System.
DGS-3620-28PC:admin# config bfd ipif System min_tx_interval 100 multiplier 5
Command: config bfd ipif System min_tx_interval 100 multiplier 5
Success.
DGS-3620-28PC:admin#
11-4 show bfd
Description
This command is used to display the BFD information on the Switch.
Format show bfd {ipif <ipif_name 12>}
Parameters
ipif - (Optional) Specifies the IP interface to display.
<ipif_name 12> - Enter the IP interface's name here. This name can be up to 12 characters long.
Restrictions
None.
Example
This example show how to display the BFD information.
162
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show bfd
Command: show bfd
BFD Global State : Disabled
BFD Interface Setting
MinTxInt - Desired Minimum TX Interval
MinRxInt - Required Minimum RX Interval
Interface Name MinTxInt(ms) MinRxInt(ms) Multiplier Slow time(ms)
--------------- ------------ ------------ ---------- -------------
System 100 50 5 1000
Total Entries: 1
DGS-3620-28PC:admin#
11-5 show bfd neighbor
Description
This command is used to display the BFD neighbor information on the Switch.
Format show bfd neighbor {ipif <ipif_name 12> | ipaddress <ipaddr> | protocol [ospf | vrrp] | details}
Parameters
ipif - (Optional) Specifies the IP interface to display.
<ipif_name 12> - Enter the IP interface's name here. This name can be up to 12 characters long.
ipaddress - (Optional) Specifies to display the BFD neighbor information of the specified IP address.
<ipaddr> - Enter the IP address used here.
protocol - (Optional) Specifies to display the BFD neighbor information of the specified protocol owner.
ospf - Specifies to display OSPF BFD neighbor information.
vrrp - Specifies to display VRRP BFD neighbor information.
details - (Optional) Specifies to display more detailed BFD neighbor information.
Restrictions
None.
Examples
This example show how to display the BFD neighbors:
163
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show bfd neighbor
Command: show bfd neighbor
BFD Neighbor Table
Local Discr : Local Discriminator
Remote Discr: Remote Discriminator
Neighbor Local Remote Detect
Address Interface Name Discr Discr Time(ms) Status
--------------- -------------- ------ ------ -------- ----------
10.0.0.3 System 1 1 100 UP
10.0.0.2 System 2 1 50 UP
Total Entries: 2
DGS-3620-28PC:admin#
This example show how to display detailed information of BFD neighbors registered by OSPF.
DGS-3620-28PC:admin# show bfd neighbor protocol ospf details
Command: show bfd neighbor protocol ospf details
BFD Neighbor Table
Local Discr : Local Discriminator
Remote Discr: Remote Discriminator
Neighbor Local Remote Detect
Address Interface Name Discr Discr Time(ms) Status
--------------- -------------- ------ ------ -------- ----------
18.0.0.1 System 1 7 900 Up
Local Diagnostic : No Diagnostic
Pool Bit : Not set
Remote Minimum RX Interval : 300 ms
Remote Minimum TX Interval : 300 ms
Remote Multiplier : 3
Register Protocol : OSPF VRRP
Total Entries: 1
DGS-3620-28PC:admin#
164
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 12 Border Gateway
Protocol (BGP) Commands
create bgp <as_number 1-4294967295>
delete bgp <as_number 1-4294967295>
config bgp synchronization [enable | disable]
config bgp enforce_first_as [enable | disable]
create bgp aggregate_address [<network_address> | ipv6 <ipv6_networkaddr>] {summary_only
| as_set}
delete bgp aggregate_address [[<network_address> | all] | ipv6 [<ipv6_networkaddr> | all]]
show bgp aggregate_address {[<network_address> | ipv6 {<ipv6_networkaddr>}]}
create bgp network [<network_address> | ipv6 <ipv6_networkaddr>] {route_map <map_name
16>}
config bgp network [<network_address> | ipv6 <ipv6_networkaddr>] [route_map <map_name
16> | clear_routemap]
delete bgp network [[<network_address> | all] | ipv6 [<ipv6_networkaddr> | all]]
show bgp network {[<network_address> | ipv6 {<ipv6_networkaddr>}]}
config bgp timer holdtime <sec 0-65535> keepalive <sec 0-65535>
config bgp {always_compare_med [disable | enable] | deterministic_med [disable | enable] | default_local_preference <uint 0-4294967295> | bestpath {as_path_ignore [disable | enable] | compare_routerid [disable | enable] | med_confed [disable | enable] | med_missing_as_worst
[disable | enable] | compare_confed_aspath [disable | enable]}(1)}(1)
config bgp dampening {[ipv4 | ipv6] unicast} [route_map <map_name 16> | clear_routemap |
{state [enable | disable] | half_life <value 1-45> | reuse <value 1-20000> | suppress <value 1-
20000> | max_suppress_time <value 1-255> | un_reachability_half_life <value 1-45>}]
show bgp dampening {[ipv4 | ipv6] unicast}
config bgp peer_group <peer_group_name 16> [remote_as <as_number 0-4294967295> | [add | delete] [<ipaddr> | <ipv6addr>]]
create bgp neighbor [[<ipaddr> | <ipv6addr>] [remote_as <as_number 1-4294967295> | peer_group <peer_group_name 16>] | peer_group <peer_group_name 16>]
delete bgp neighbor [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16> | all]
config bgp neighbor [[[<ipaddr> | peer_group <peer_group_name 16>] [description <desc 80> | clear_description | password <password 25> | clear_password]] | <ipv6addr> [description
<desc 80> | clear_description]]
config bgp neighbor session [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]
[{[ipv4 | ipv6] unicast} activity | state] [enable | disable]
config bgp neighbor general [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]
[{ebgp_multihop <value 1-255> | weight [<value 0-65535> | default] | update_source [add | delete] ipif <ipif_name 12> | send_community [standard | none] | next_hop_self [enable | disable] | soft_reconfiguration_inbound [enable | disable] | remove_private_as [enable | disable] | allowas_in [enable {<value 1-10>} | disable] | default_originate [enable {route_map
<map_name 16>} | disable]} | [ipv4 | ipv6] unicast {send_community [standard | none] | next_hop_self [enable | disable] | soft_reconfiguration_inbound [enable | disable] | remove_private_as [enable | disable] | allowas_in [enable {<value 1-10>} | disable] | default_originate [enable {route_map <map_name 16>} | disable]}]
config bgp neighbor timer [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]
{advertisement_interval [<sec 0-600> | default] | [keepalive <sec 0-65535> holdtime <sec 0-
65535> | default_keepalive_holdtime] | as_origination_interval [<sec 1-600> | default] | connect [<sec 1-65535> | default]}
config bgp neighbor route_reflector_client [<ipaddr> | <ipv6addr> | peer_group
165
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<peer_group_name 16>] {[ipv4 | ipv6] unicast} state [enable | disable]
config bgp neighbor map [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>] {[ipv4 | ipv6] unicast} {unsuppress_map [add | delete] <map_name 16> | route_map [in | out] [add | delete] <map_name 16>}
config bgp neighbor filter [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>] {[ipv4 | ipv6] unicast} {filter_list [in | out] [add | delete] <list_name 16> | prefix_list [in | out] [add | delete] <list_name 16> | capability_orf_prefix_list [receive | send | both | none]}
show bgp peer_group {<peer_group_name 16>}
config bgp route_reflector cluster_id <ipaddr>
config bgp client_to_client_reflection [enable | disable]
config bgp confederation identifier <as_number 0-4294967295>
config bgp confederation peers [add | delete] <aspath_list>
clear bgp [all | neighbor_addr [<ipaddr> | <ipv6addr>] | as <as_number 1-4294967295> | peer_group <peer_group_name 16> | external] {[ipv4 | ipv6] unicast soft {[in {prefix_filter} | out]}}
clear bgp dampening {[ipv4 unicast {[<ipaddr> | <network_address>]} | [<ipaddr> |
<network_address>] | ipv6 unicast {[<ipv6addr> | <ipv6_networkaddr>]}]}
create bgp as_path access_list <list_name 16>
config bgp as_path access_list <list_name 16> [add | delete] <regexp_str 80> [deny | permit]
delete bgp as_path access_list [list_name <list_name 16> | all]
show bgp as_path access_list {<list_name 16>}
create bgp community_list [standard | expanded] <list_name 16>
config bgp community_list [standard <list_name 16> [add | delete] {internet | local_as | no_advertise | no_export | community_set <community_set 80>}(1) [deny | permit] | expanded
<list_name 16> [add | delete] <regexp_str 80> [deny | permit]]
delete bgp community_list [list_name <list_name 16> | all]
show bgp community_list {<list_name 16>}
show bgp route {[[regexp <desc 80> | inconsistent_as | cidr_only | filter_list <list_name 16> | route_map <map_name 16> | community {community_set <community_set 80> | local_as | no_advertise | no_export | internet} {exact_match} | community_list <list_name 16>
{exact_match} | ipaddress <ipaddr> | network <network_address> {longer_prefixes} | prefix_list <list_name 16>] | ipv6 unicast {[regexp <desc 80> | inconsistent_as | filter_list
<list_name 16> | route_map <map_name 16> | community {community_set
<community_set80> | local_as | no_advertise | no_export | internet} {exact_match} | community_list <list_name 16> {exact_match} | ipv6_address <ipv6addr> | ipv6_network
<ipv6_networkaddr> {longer_prefixes} | ipv6_prefix_list <list_name 16>]} | ipv4 unicast
{[regexp <desc 80> | inconsistent_as | cidr_only | filter_list <list_name 16> | route_map
<map_name 16> | community {community_set <community_set 80> | local_as | no_advertise
| no_export | internet} {exact_match} | community_list <list_name 16> {exact_match} | ipaddress <ipaddr> | network <network_address> {longer_prefixes} | prefix_list <list_name
16>]}]
show bgp neighbors {[<ipaddr> | <ipv6addr>] {[{[ipv4 | ipv6] unicast} [advertised_routes | received_routes | routes | received_prefix_filter] | statistics]}}
show bgp dampened_routes {[ipv4 | ipv6] unicast}
show bgp flap_statistics {[ipv4 | ipv6] unicast}
show bgp {summary {[ipv4 | ipv6 ] unicast}}
show bgp reflection {[ipv4 | ipv6] unicast}
config bgp trap [peer_established | peer_idle | all] [enable | disable]
config bgp scan_timer [<sec 5-60> | default]
config bgp aggregate_next_hop_check [enable | disable]
config bgp fast_external_fallover [enable | disable]
config bgp neighbor maximum_prefix [<ipaddr> | <ipv6addr> | peer_group <peer_group_name
16>] [<value 1-12000> {<value 1-100>} {warning_only} | ipv4 unicast <value 1-12000>
{<value 1-100>} {warning_only} | ipv6 unicast <value 1-6000> {<value 1-100>}
{warning_only}]
clear bgp flap_statistics {[ipv4 unicast {[<ipaddr> | <network_address>]} | [<ipaddr> |
166
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<network_address>] | ipv6 unicast {[<ipv6addr> | <ipv6_networkaddr>]}]}
12-1 enable bgp
Description
This command is used to enable the BGP protocol. By enabling the BGP protocol, all the previous configurations will be applied to the protocol kernel and start. By default, BGP is disabled.
Format enable bgp
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To enable BGP protocol:
DGS-3620-28PC:admin# enable bgp
Command: enable bgp
Success.
DGS-3620-28PC:admin#
12-2 disable bgp
Description
This command is used to disable the BGP protocol. By disabling the BGP protocol, all peers will be disconnected and dynamic routes will be deleted. All the static configurations however will be reserved. If BGP enables again, the previous configurations can be re-applied.
Format disable bgp
Parameters
None.
167
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To disable BGP protocol:
DGS-3620-28PC:admin# disable bgp
Command: disable bgp
Success.
DGS-3620-28PC:admin#
12-3 create bgp
Description
This command is used to create a BGP process. It’s AS number must be set. When BGP protocol starts, it must belong to a single AS. The user must set the AS number before configuring any of the other attributes.
Format create bgp <as_number 1-4294967295>
Parameters
<as_number 1-4294967295> - Specifies the BGP AS number. This value must be between 1 and 4294967295.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To create a BGP process:
DGS-3620-28PC:admin# create bgp 100
Command: create bgp 100
Success.
DGS-3620-28PC:admin#
168
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
12-4 delete bgp
Description
This command is used to delete the BGP process. The AS number must be specified. When the
BGP process is deleted, all peer and route information from BGP will be deleted. Route entries redistributed from BGP must also be canceled.
Format delete bgp <as_number 1-4294967295>
Parameters
<as_number 1-4294967295> - Specifies the BGP AS number. This value must be between 1 and 4294967295.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To create a BGP process:
DGS-3620-28PC:admin# delete bgp 100
Command: delete bgp 100
Success.
DGS-3620-28PC:admin#
12-5 config bgp router_id
Description
This command is used to configure the BGP process’s router ID. The address of a loopback interface is preferred to as an IP address on a physical interface because the loopback interface is more effective than a fixed interface as an identifier because there is no physical link to go down.
The user must specify a unique router ID within the network. This command will reset all active
BGP peering sessions.
When a router ID is not configured, the router ID is selected by the following rules:
1. If a loopback interface is configured, the router ID is set to the IP address of the loopback.
2. If multiple loopback interfaces are configured, the loopback with the highest IP address is used.
3. If no loopback interface is configured, the router ID is set to the highest IP address on a physical interface.
Note: One newly created interface whose address may be preferred to be the router ID according to the rules above, but, it will not be chosen to be router ID immediately. Only when the router ID is set to zero or when recreating a BGP instance, the new interface may be selected as the BGP router ID.
169
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config bgp router_id <ipaddr>
Parameters
<ipaddr> - An ID to identify a BGP router. If it is set to zero the router ID will be automatically determined. The default value is the highest IP address on a physical interface.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To configure the BGP process’s router ID:
DGS-3620-28PC:admin# config bgp router_id 10.10.10.1
Command: config bgp router_id 10.10.10.1
Success
DGS-3620-28PC:admin#
12-6 config bgp synchronization
Description
This command is used to configure the BGP synchronization ability. Usually, a BGP speaker does not advertise a route to an external neighbor unless that route is local or exists in the IGP. By default, synchronization between BGP and the IGP is turned off to allow the BGP to advertise a network route without waiting for route validation from the IGP. This feature allows routers and access servers within an Autonomous System to have the route before BGP makes it available to other autonomous systems.
Format config bgp synchronization [enable | disable]
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
enable - Specifies to enable synchronization.
disable - Specifies to disable synchronization. By default, this setting is disabled.
170
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To enable the BGP process’ synchronization ability:
DGS-3620-28PC:admin# config bgp synchronization enable
Command: config bgp synchronization enable
Success
DGS-3620-28PC:admin#
12-7 config bgp enforce_first_as
Description
This command is used to enforce the neighbor’s AS as the first AS in the AS list.
When the setting is enabled, any updates received from an external neighbor, that does not have the neighbor’s configured Autonomous System (AS) at the beginning of the AS_PATH in the received update, will be denied. Enabling this feature adds to the security of the BGP network by not allowing traffic from unauthorized systems.
Format config bgp enforce_first_as [enable | disable]
Parameters
enable - Enables the enforce first AS setting.
disable - Disables the enforce first AS setting. The default setting is disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To enable the BGP process’s enforce_first_as ability:
DGS-3620-28PC:admin# config bgp enforce_first_as enable
Command: config bgp enforce_first_as enable
Success
DGS-3620-28PC:admin#
12-8 create bgp aggregate_address
Description
This command is used to create an aggregate entry in the Border Gateway Protocol (BGP) database.
171
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Using the aggregate_address command with no keywords will create an aggregate entry in the
BGP routing table, if any more specific BGP routes are available that fall within the specified range.
The aggregate route will be advertised as coming from your Autonomous System and will have the atomic aggregate attribute set to indicate that information might be missing. That is, the original AS path associated with more specific routes will be lost. The atomic aggregate attribute is set unless you specify the as_set keyword.
Using the as_set keyword will create an aggregate entry, but the path advertised for this route will include an AS set consisting of all AS that are contained in all paths that are being summarized.
Do not use continually withdrawn and updated as autonomous system path reachability information for the summarized routes changes.
Using the summary_only keyword will create an aggregate route but suppresses advertisements of more specific routes to all neighbors. If you want to suppress only advertisements to certain neighbors, you may use the neighbor prefix_list command.
Format create bgp aggregate_address [<network_address> | ipv6 <ipv6_networkaddr>]
{summary_only | as_set}
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
<network_address> - Specifies the IPv4 network address that will be aggregated.
ipv6 – Specifies the IPv6 network address that will be aggregated.
<ipv6_networkaddr> - Enter the IPv6 network address that will be aggregated here.
summary_only - (Optional) Specifies that more specific routes will not be advertised.
as_set - (Optional) Generates an Autonomous System set path information.
Example
To create an aggregate route of which the network address is 10.0.0.0/8, suppress more-specific routes:
DGS-3620-28PC:admin# create bgp aggregate_address 10.0.0.0/8 summary_only
Command: create bgp aggregate_address 10.0.0.0/8 summary_only
Success.
DGS-3620-28PC:admin#
12-9 delete bgp aggregate_address
Description
This command is used to delete an aggregate entry in a Border Gateway Protocol (BGP) database.
172
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format delete bgp aggregate_address [[<network_address> | all] | ipv6 [<ipv6_networkaddr> | all]]
Parameters
<network_address> - Specifies the IPv4 aggregated network to be deleted.
all – Specifies that all IPv4 aggregated networks will be deleted..
ipv6 – Specifies the IPv6 network address of the entry that will be deleted.
<ipv6_networkaddr> - Enter the IPv6 network address used here.
all – Specifies that all IPv6 aggregated networks will be deleted.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To delete an aggregate_route of which the network address is 10.0.0.0/8:
DGS-3620-28PC:admin# delete bgp aggregate_address 10.0.0.0/8
Command: delete bgp aggregate_address 10.0.0.0/8
Success.
DGS-3620-28PC:admin#
12-10 show bgp aggregate_address
Description
This command is used to show the aggregate entries in the Border Gateway Protocol (BGP) database.
Format show bgp aggregate_address {[<network_address> | ipv6 {<ipv6_networkaddr>}]}
Parameters
<network_address> - (Optional) Specifies the IP aggregated network address.
ipv6 – (Optional) Specifies the IPv6 aggregated network address.
<ipv6_networkaddr> - Enter the IPv6 aggregated network address used here.
If the specific network address is not specified, all aggregated addresses of IPv4 or IPv6 will be displayed.
Restrictions
None. (EI Mode Only Command)
173
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To display an aggregate route of 10.0.0.0/8:
DGS-3620-28PC:admin# show bgp aggregate_address 10.0.0.0/8
Command: show bgp aggregate_address 10.0.0.0/8
Network Address Options
------------------ ----------------------
10.0.0.0/8 summary_only, as_set
Total Aggregate Address Number: 1.
DGS-3620-28PC:admin#
12-11 create bgp network
Description
This command is used to specify the network advertised by the Border Gateway Protocol (BGP).
BGP networks can be learned from connected routes, from dynamic routing, and from static route sources.
Format create bgp network [<network_address> | ipv6 <ipv6_networkaddr>] {route_map
<map_name 16>}
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
<network_address> - Represents the local network that BGP will advertise.
ipv6 – Specifies the local IPv6 network that BGP will advertise.
<ipv6_networkaddr> - Enter the IPv6 network address here.
route_map - (Optional) Specifies the route map to be applied to the advertised networks. If not specified, all networks are advertised.
<map_name 16> - Enter the route map name here. This name can be up to 16 characters long.
Example
Setup network 10.108.0.0/16 to be included in the BGP updates:
DGS-3620-28PC:admin# create bgp network 10.108.0.0/16
Command: create bgp network 10.108.0.0/16
Success.
DGS-3620-28PC:admin#
174
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
12-12 config bgp network
Description
This command is used to configure the attribute associated with the network advertised by the
Border Gateway Protocol (BGP).
Format config bgp network [<network_address> | ipv6 <ipv6_networkaddr>] [route_map
<map_name 16> | clear_routemap]
Parameters
<network_address> - Represents the local IPv4 network that BGP will advertise.
ipv6 – Specifies the local IPv6 network that BGP will advertise.
<ipv6_networkaddr> - Enter the IPv6 network address here.
route_map - Specifies the route map applied to the advertised networks.
<map_name 16> - Enter the route map name here. This name can be up to 16 characters long.
clear_routemap - Removes the route map applied to the network.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
Change the network 10.108.0.0/16 to clear a route map:
DGS-3620-28PC:admin# config bgp network 10.108.0.0/16 clear_routemap
Command: config bgp network 10.108.0.0/16 clear_routemap
Success.
DGS-3620-28PC:admin#
12-13 delete bgp network
Description
This command is used to delete the networks advertised by the Border Gateway Protocol (BGP).
Format delete bgp network [[<network_address> | all] | ipv6 [<ipv6_networkaddr> | all]]
Parameters
<network_address> - Specifies the IPv4 network address of the entry that will be deleted.
all – Specifies to delete all IPv4 BGP networks.
ipv6 – Specifies the IPv6 network address of the entry that will be deleted.
175
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<ipv6_networkaddr> - Enter the IPv6 network address here.
all – Specifies to delete all IPv6 BGP networks.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To delete network 10.108.0.0/16 to be advertised in the BGP updates:
DGS-3620-28PC:admin# delete bgp network 10.108.0.0/16
Command: delete bgp network 10.108.0.0/16
Success.
DGS-3620-28PC:admin#
12-14 show bgp network
Description
This command is used to show the networks advertised by the Border Gateway Protocol (BGP).
Format show bgp network {[<network_address> | ipv6 {<ipv6_networkaddr>}]}
Parameters
<network_address> - (Optional) Enter the local IPv4 network address that BGP will advertise.
ipv6 - (Optional) Specifies the local IPv6 network address that BGP will advertise.
<ipv6_networkaddr> - Enter the local IPv6 network address that BGP will advertise.
If the specific network address is not specified, all network addresses of IPv4 or IPv6 will be displayed.
Restrictions
None. (EI Mode Only Command)
Example
To show network 10.108.0.0/16 advertised in the BGP updates:
176
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show bgp network 10.108.0.0/16
Command: show bgp network 10.108.0.0/16
Network Address Route Map
--------------- ----------------
10.108.0.0/16
Total Network Number: 1
DGS-3620-28PC:admin#
12-15 config bgp timer
Description
This command is used to configure the BGP protocol timer. The hold time needs to be at least three times that of the keepalive time. If the timer is specified for specific neighbors, then the neighbor specific timer will take effect.
Format config bgp timer holdtime <sec 0-65535> keepalive <sec 0-65535>
Parameters
holdtime - The system will declare a peer as dead if a keepalive message is received that is more than the hold time. The default value is 180 seconds. If the holdtime is set to zero, then the holdtime will never expire. If the two routers that build a BGP connection have a different hold time, then the smaller hold time will be used. If the timer is specified for specific neighbors, then the neighbor specific timer will take effect. The hold time needs to be at least three times that of the keepalive timer.
<sec 0-65535> - Enter the hold time value used here. This value must be between 0 and
65535.
keepalive - This specifies the interval at which keepalive messages are sent to its peer. If the keepalive value is set to zero, then the keepalive message will not be sent out. The default value is 60 seconds. If the two routers that build a BGP connection have a different keepalive timer, then the smaller keepalive timer will be used. If the timer is specified for specific neighbors, then the neighbor specific timer will take effect.
<sec 0-65535> - Enter the keep-alive time value used here. This value must be between 0 and 65535.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This command is used to configure the BGP hold and keepalive timer:
177
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# config bgp timer holdtime 360 keepalive 120
Command: config bgp timer holdtime 360 keepalive 120
Success.
DGS-3620-28PC:admin#
12-16 config bgp
Description
This command is used to configure the BGP best path selection related setting. MED is a metric assigned to tell the external router how to choose a route. By default, MED is used to determine the route that is advertised by the same AS.
The BGP deterministic med command can be configured to enforce a deterministic comparison of the MED values between all the paths received from within the same Autonomous System
Default local preference:
By default, a BGP router will send the default local preference with the routes. It can be overwritten if the local preference is set by the route map. For the received route, the local preference received with the route will be used in the best path selection. This local preference will be overwrite if the local preference is ingress set by the route map.
For the local routes, the default local preference will be used for them in the best path selection
Best path selection process:
The following is the steps that the BGP will use to select the best path among BGP routes:
1. Prefer the path that has the largest weight.
2. If the routes have the same weight, use the route with the highest local preference.
3. If the routes have the same local preference, prefer the route that was originated by BGP on this router. Originated from network command > from redistribute command> from aggregate command.
4. If no route was originated, prefer the route with the shortest AS path.
5. If all paths are of the same AS length, prefer the route with lowest origin code (IGP < EGP
< INCOMPLETE).
6. If the origin codes are the same, prefer the path with the lowest Multi Exit Discriminator.
7. If the MEDs are the same, prefer external paths over internal paths. EBGP
>Confederation>IBGP.
8. Prefer the path through the closest IGP neighbor.
9. Prefer the path that was received first (the oldest one).
10. Prefer the path with the lowest BGP Router ID.
11. Prefer to the routes advertised by the BGP speaker with a lower BGP identifier value.
12. Prefer to the routes advertised by the BGP speaker with lower peer address.
Format config bgp {always_compare_med [disable | enable] | deterministic_med [disable | enable] | default_local_preference <uint 0-4294967295> | bestpath {as_path_ignore [disable | enable]
| compare_routerid [disable | enable] | med_confed [disable | enable] | med_missing_as_worst [disable | enable] | compare_confed_aspath [disable | enable]}(1)}(1)
178
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
always_compare_med - (Optional) Enable or disable the comparison of the Multi Exit
Discriminator (MED) for paths from the neighbors in different Autonomous Systems. By default this setting is disabled.
enable - Specifies that the 'always compare MED' option will be enabled.
disable - Specifies that the 'always compare MED' option will be disabled.
deterministic_med - (Optional) Enable or disable to enforce the deterministic comparison of the
Multi Exit Discriminator (MED) for paths received from the neighbors within the same
Autonomous System. By default this setting is disabled.
enable - Specifies that the 'deterministic MED' option will be enabled.
disable - Specifies that the 'deterministic MED' option will be disabled.
default_local_preference - (Optional) Specifies the default local preference value. The default value is 100.
<uint 0-4294967295> - Enter the default local preference value here. This value must be between 0 and 4294967295.
bestpath - (Optional) Specifies the best path value to be used.
as_path_ignore - (Optional) If enabled, the BGP process will ignore the AS path in the path selection process. By default this value is disabled.
enable - Specifies that the 'AS path ignore' option will be enabled.
disable - Specifies that the 'AS path ignore' option will be disabled.
compare_routerid - (Optional) If enabled, the BGP process will include the router ID in the path selection process. Similar routes are compared and the route with the lowest router ID is selected. By default this value is disabled.
enable - Specifies that the 'compare router ID' option will be enabled.
disable - Specifies that the 'compare router ID' option will be disabled.
med_confed - (Optional) If enabled, the BGP process will compare the MED for the routes that are received from confederation peers. For routes that have an external AS in the path, the comparison does not occur. By default this value is disabled.
enable - Specifies that the 'MED confed' option will be enabled.
disable - Specifies that the 'MED confed' option will be disabled.
med_missing_as_worst - (Optional) If enabled, the BGP process will assign a value of infinity to routes that are missing the Multi Exit Discriminator (MED) attribute. If disabled, the BGP process will assign a value of zero to routes that are missing the Multi Exit Discriminator
(MED) attribute, causing this route to be choosed as the best path. By default this value is disabled.
enable - Specifies that the 'MED missing AS worst' option will be enabled.
disable - Specifies that the 'MED missing AS worst' option will be disabled.
compare_confed_aspath - (Optional) If enabled, the BGP process will compare the confederation AS path length of the routes received. The shorter the confederation AS path length, the better the route is. By default this value is disabled.
enable - Specifies that the 'compare confed AS path' option will be enabled.
disable - Specifies that the 'compare confed AS path' option will be disabled.
Example
This command shows how to disable the comparison of the Multi Exit Discriminator (MED):
179
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# config bgp always_compare_med disable
Command: config bgp always_compare_med disable
Success.
DGS-3620-28PC:admin#
12-17 config bgp dampening
Description
The purpose of this command is to eliminate the dampening of routes and thus to avoid unstable networks caused by flapping routes. The following describes the way how it is achieved.
If a prefix is removed or is added, BGP will add a penalty on the route of 1000; if an attribute of received route changes, BGP will add a penalty on the route of 500.
Suppose that the half-life is configured to be 15min, the re-use value will be 800, and the suppress value will be 1500.
1. When a route flaps (from up to down), add the penalty by 1000.Since the penalty is smaller than the suppress value, BGP will work normally. It will send a withdraw message
(an update message) to the neighbors.
2. The penalty of the route will decrease as time elapses. Here we assume that it pass 7.5 minutes, then the penalty of the route is 1000-500*7.5/15=750.
3. If another flap occurs (the route change from down to up) then the penalty of the route will be 1750 which is larger than the suppress value, and the route will be dampened. BGP will not send an update message for this status change.
4. When the penalty of the route decreases and become smaller than the re-use value (800), the route will not be dampened and the update message will be sent again.
If both IPv4 unicast and IPv6 unicast are not specified, the setting is for IPv4 unicast.
Note: If the dampening ability is enabled and there are one or more dampened routes, the dampened routes will be released to be the normal state immediately after we disable the dampening function.
Format config bgp dampening {[ipv4 | ipv6] unicast} [route_map <map_name 16> | clear_routemap |
{state [enable | disable] | half_life <value 1-45> | reuse <value 1-20000> | suppress <value 1-
20000> | max_suppress_time <value 1-255> | un_reachability_half_life <value 1-45>}(1)]
Parameters
ipv4 unicast - Specifies to configure the IPv4 unicast address family.
ipv6 unicast - Specifies to configure the IPv6 unicast address family.
route_map - The route_map here is to set the dampening to be criterial.
<map_name 16> - Enter the route map name here. This name can be up to 16 characters long.
clear_routemap - This option will withdraw the route_map configuration.
180
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
state - (Optional) Specifies the BGP dampening function’s state.
enable - Specifies that the BGP dampening function's state will be enabled.
disable - Specifies that the BGP dampening function's state will be disabled.
half_life - (Optional) Specifies the time (in minute) after which the penalty of the reachable routes will be down, by half. The default setting is 15 minutes.
<value 1-45> - Enter the half life value here. This value must be between 1 and 45 minutes.
reuse - (Optional) If the penalty for a flapping route decreases enough to fall below this value, the route is unsuppressed. The default setting is 750.
<value 1-20000> - Enter the re-use value used here. This value must be between 1 and
20000.
suppress - (Optional) A route is suppressed when its penalty exceeds this limit. The default setting is 2000.
<value 1-20000> - Enter the surpress value used here. This value must be between 1 and
20000.
max_suppress_time - (Optional) Maximum time (in minutes) a route can be suppressed. The default setting is 45 minutes.
<min 1-255> - Enter the maximum suppress time value here. This value must be between 1 and 255 minutes.
un_reachablity_half_life - (Optional) Specifies the time (in minute) after which the penalty of the unreachable routes will be down, by half. The default setting is 15 minutes.
<value 1-45> - Enter the the time after which the penalty of the unreachable routes will be down, by half here. This value must be between 1 and 45 minutes.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This command shows how to disable the dampening function:
DGS-3620-28PC:admin# config bgp dampening state disable
Command: config bgp dampening state disable
Success.
DGS-3620-28PC:admin# show bgp dampening
Command: show bgp dampening
BGP Dampening State :Disabled
BGP Dampening Route_Map :dmp1
Half-life Time :15 mins
Reuse Value :500
Suppress Value :900
MAX Suppress Time :60 mins
Unreachable route's Half-life :15 mins
DGS-3620-28PC:admin# show bgp route
Command: show bgp route
BGP Local Router ID is 20.90.90.90
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
181
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Network Gateway Metric LocPrf Weight Path
*> 20.0.0.0/8 0.0.0.0 0 32768 i
*> 221.221.2.0/24 0.0.0.0 0 32768 i
*d 221.221.252.0/24 1.1.1.2 1 40 i
*d 221.221.253.0/24 1.1.1.2 1 40 i
Total Entries: 4
DGS-3620-28PC:admin#
12-18 show bgp dampening
Description
This command is used to show the BGP dampening configurations. If no parameters are specified, dampening information for IPv4 unicast will be displayed.
Format show bgp dampening {[ipv4 | ipv6] unicast}
Parameters
ipv4 unicast – (Optional) Specifies to show dampening parameters for the IPv4 unicast address family.
ipv6 unicast – (Optional) Specifies to show dampening parameters for the IPv6 unicast address family.
Restrictions
None. (EI Mode Only Command)
Example
Following example shows how to get the BGP dampening configurations:
182
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show bgp dampening
Command: show bgp dampening
BGP Dampening State :Enabled
BGP Dampening Route_Map :dmp1
Half-life Time :15 minutes
Reuse Value :750
Suppress Value :2000
MAX Suppress Time :45 minutes
Unreachable route's Half-life :15 mins
DGS-3620-28PC:admin#
12-19 config bgp peer_group
Description
This command is used to configure the BGP peer group. The purpose of the neighbor peer group is to simplify the BGP neighbor configuration. The command is used to add an IP or to delete an IP from a BGP peer group. The peer group must be created using the “create neighbor peer group” command. The members must all be internal or external. If all the members of the BGP peer group are external, they are allowed to have different AS numbers. There are two kinds of the peer groups.
For the first kind or peer group, the remote AS is not set; members must be created as neighbors before it can be added to the peer group. When we configure the peer group’s remote AS behind this, the member’s remote AS will not change. For the second kind of peer group, the peer group has set a remote AS number. A member can be added to the peer group even if the member didn’t have an AS number before. In this situation, the system will create a neighbor for the peer group’s remote AS automatically. The member’s remote AS will change to the configured peer group’s remote AS, but the others’ will not change, which is created as a neighbor before added to the peer group.
If a BGP peer belongs to a peer group, some attributes or actions can only be configured from the peer group. The following is a list of them: capability_orf_prefix_list, next_hop_self, route_reflector_client, send_community, soft_reconfiguration_inbound, remove_private_as, allowas_in, holdtime, keepalive, unsuppress_map, default_originate, filter_list for out direction, route_map for out direction, prefix_list for out direction.
On the contrary, some attributes or actions are allowed to be configured from both the peer group and the member. If they are configured from the member, the setting will overwrite the setting configured from the peer group.
Other attribute that can be set from an individual peer are as follows: description, filter_list for in direction, route_map for in direction, prefix_list for in direction, ebgp_multihop, session state, session activity, weight.
As for the above attributes, setting the attribute of a peer group will automatically affect the setting for individual peers in the peer group.
For session state, if the peer group is configure to disable, all the members can’t set to enable. For session activity, can’t set the peer group to disable.
As for the description attribute, setting the peer group will not affect the setting for an individual peer.
183
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
After this command is executed, all peers belonging to this peer group, which are generated with no indicated AS number, will change their AS number to the same value as the peer group’s, stop and restarted values. If the peer group remote AS has a value of zero, it means “no remote_as”, and members that are generated with no indicated AS number will be deleted.
Format config bgp peer_group <peer_group_name 16> [remote_as <as_number 0-4294967295> |
[add | delete] [<ipaddr> | <ipv6addr>]]
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
<peer_group_name 16> - This is the name of the BGP peer group. This name can be up to 16 characters long.
remote_as - The number of autonomous systems to which the peer group belongs to.
<as_number 0-4294967295> - Enter the remote AS value here. This value must be between
0 and 4294967295.
add - Specifies to add an IP address.
delete - Specifies to delete an IP address.
<ipaddr> - Enter the IPv4 address to be added or deleted here.
<ipv6addr> - Enter the IPv6 address to be added or deleted here.
Example
To delete a member from the peer group named local:
DGS-3620-28PC:admin# config bgp peer_group local delete 10.2.2.2
Command: config bgp peer_group local delete 10.2.2.2
Success.
DGS-3620-28PC:admin#
To set a peer group named local remote_as to 50:
DGS-3620-28PC:admin# config bgp peer_group local remote_as 50
Command: config bgp peer_group local remote_as 50
Success.
DGS-3620-28PC:admin#
12-20 create bgp neighbor
Description
The command is used to create a BGP neighbor. Either a single router or a peer group can be created as neighbor.
184
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
If the created neighbor has a single IP address, the remote AS must be specified. A peer group must be specified of which this BGP speaking neighbor belongs to, and in this condition, a remote
AS must be specified to the peer group first.
If the created neighbor is a peer group, then the remote AS cannot be specified here. The remote
AS must specified by using the “config peer_group remote_as” command.
Format create bgp neighbor [[<ipaddr> | <ipv6addr>] [remote_as <as_number 1-4294967295> | peer_group <peer_group_name 16>] | peer_group <peer_group_name 16>]
Parameters
<ipaddr> - Enter the IPv4 address of the BGP speaking neighbor here.
<ipv6addr> - Enter the IPv6 address of the BGP speaking neighbor here.
remote_as - The number of Autonomous Systems to which the neighbor belongs.
<as_number 1-4294967295> - Enter the remote AS number here. This value must be between 1 and 4294967295.
peer_group - Specifies the peer group to be created and added as a neighbor.
<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.
peer_group - Specifies the peer group to be created and added as a neighbor.
<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To create a neighbor peer whose address is 10.10.10.2:
DGS-3620-28PC:admin# create bgp neighbor 10.10.10.2 remote_as 10
Command: create bgp neighbor 10.10.10.2 remote_as 10
Success.
DGS-3620-28PC:admin#
12-21 delete bgp neighbor
Description
This command is used to delete the BGP neighbor.
Format delete bgp neighbor [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16> | all]
185
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<ipaddr> - Specifies the IPv4 address of the neighbor that will be deleted.
<ipv6addr> - Specifies the IPv6 address of the neighbor that will be deleted.
peer_group - Specifies the peer group that will be deleted as a neighbor.
<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.
all - Delete all BGP neighbors, including individual peers and peer groups.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To delete a neighbor whose address is 10.10.10.2:
DGS-3620-28PC:admin# delete bgp neighbor 10.10.10.2
Command: delete bgp neighbor 10.10.10.2
Success.
DGS-3620-28PC:admin#
12-22 config bgp neighbor
Description
This command is used to configure the BGP neighbor’s description or password attribute.
Format config bgp neighbor [[[<ipaddr> | peer_group <peer_group_name 16>] [description <desc
80> | clear_description | password <password 25> | clear_password]] | <ipv6addr>
[description <desc 80> | clear_description]]
Parameters
<ipaddr> - Specifies the IP address of the neighbor to be configured.
peer_group - Specifies the peer group to be configured.
<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.
description - Associate a description with a neighbor. By default, the description is not specified.
<desc 80> - Enter the description value used here. This value can be up to 80 characters long.
clear_description - Removes the neighbor’s description.
password - Specifies to set the MD5 authentication password when a TCP connection between
BGP neighbors are established. When BGP neighbors are created, password aren’t set by default.
<password 25> - Enter the password used here. This password can be up to 25 characters long.
clear_password - Specifies to clear the MD5 authentication password when a TCP connection between BGP neighbors are established.
<ipv6addr> - Enter the IPv6 address used here.
186
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To configure a neighbor’s description:
DGS-3620-28PC:admin# config bgp neighbor 10.10.10.2 description EBGP-neighbor
Command: config bgp neighbor 10.10.10.2 description EBGP-neighbor
Success.
DGS-3620-28PC:admin#
12-23 config bgp neighbor session
Description
The command is used to configure the state or neighbor’s session activity for a BGP neighbor. If a neighbor is specified to be in the disabled state, it is equivalent to the case that the neighbor is deleted except when the neighbor configuration is kept. For activity, it is configured for the IPv4 unicast address family if both IPv4 and IPv6 unicast are not specified.
Format config bgp neighbor session [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]
[{[ipv4 | ipv6] unicast} activity | state] [enable | disable]
Parameters
<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.
<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.
peer_group - Specifies the peer group to be configured.
<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.
ipv4 unicast - Specifies to configure the IPv4 unicast address family.
ipv6 unicast - Specifies to configure the IPv6 unicast address family.
state - If state is changed from enabled to disabled, the session with the neighbor peer will be terminated.
activity - Specifies the state for individual address family. By default, the setting is enabled for
IPv4 address family.
enable - Specifies that the neighbor session state or the for individual address family state will be enabled.
disable - Specifies that the neighbor session state or the for individual address family state will be disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
187
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
This example will shut down all the neighbors that are contained in the peer group “Campus”:
DGS-3620-28PC:admin# config bgp neighbor session peer_group Campus state disable
Command: config bgp neighbor session peer_group Campus state disable
Success.
DGS-3620-28PC:admin#
This example shuts down the activity state of the neighbor 10.90.90.90:
DGS-3620-28PC:admin# config bgp neighbor session 10.90.90.90 activity disable
Command: config bgp neighbor session 10.90.90.90 activity disable
Success.
DGS-3620-28PC:admin#
12-24 config bgp neighbor general
Description
This command is used to configure the BGP neighbor’s general setting.
ebgp_multihop: This specifies the TTL of the BGP packet sent to the neighbor. If it is specified as
1, it will have a restriction that the neighbor must be directly connected to it.
weight: This specifies the weight that will be associated to the routes learned from the specified neighbor. The route with highest weight will be chosen as the preferred route. If the route map sets weight to a route, then this route map specified weight will override the weight specified by the
BGP neighbor’s command. Weight is an attribute which is specified in the ingress direction, and is not an attribute to be advertised with the route. It is used to specify preference to routes received from a neighbor over another neighbor.
soft_reconfiguration_inbound: If the setting is enabled, the route updates sent from the specified neighbor will be stored. This storage is required for inbound soft reconfiguration. When a soft reset is requested for inbound sessions, the session will not be torn down, but the inbound routing table will be cleared. It needs to be rebuilt. If the soft reconfiguration inbound is enabled, then the routing table can be rebuilt based on the stored route update information. If the soft reconfiguration inbound is disabled, then the local router will send the route refresh requests to the neighbor to ask for the route refresh.
next_hop_self: If the next_hop_self option is enabled, the router will set the next_hop to itself when it advertises the routes to the specific neighbor. If the next_hop_self option is disabled, the next_hop attributes will not be changed. The behavior described here will be overridden by the set next hop statement if route map is applied to the neighbor in the out direction.
remove_private_as: The private Autonomous System numbers are from 64512 to 65535. If this setting is set to enable, the private AS number in AS path attribute of the BGP update packets will be dropped.
allowas_in: The BGP router will do AS path loop checks for the received BGP update packet. If the BGP router’s self AS appears in the AS path, it is identified as a loop and the packet will be discarded. If the allow-as setting is enabled, the BGP router’s self AS is allowed in the AS path list.
188
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
default_originate: If this setting is enabled, it will allow a BGP speaker (the local router) to send the default route 0.0.0.0/0 to a neighbor to use as the default route. If route map is specified, the default route will be injected if the route map contains a match IP address statement. If this setting is disabled, no default route will be sent to the neighbor. The default setting is disabled.
By default, if both the IPv4 unicast and IPv6 unicast are not specified, the setting is for the IPv4 unicast address family for those parameters supporting the IPv4 and IPv6 unicast address family.
Format config bgp neighbor general [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]
[{ebgp_multihop <value 1-255> | weight [<value 0-65535> | default] | update_source [add | delete] ipif <ipif_name 12> | send_community [standard | none] | next_hop_self [enable | disable] | soft_reconfiguration_inbound [enable | disable] | remove_private_as [enable | disable] | allowas_in [enable {<value 1-10>} | disable] | default_originate [enable {route_map
<map_name 16>} | disable]} | [ipv4 | ipv6] unicast {send_community [standard | none] | next_hop_self [enable | disable] | soft_reconfiguration_inbound [enable | disable] | remove_private_as [enable | disable] | allowas_in [enable {<value 1-10>} | disable] | default_originate [enable {route_map <map_name 16>} | disable]}]
Parameters
<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.
<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.
peer_group - Specifies the peer group to be configured.
<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.
ebgp_multihop - (Optional) Specifies the TTL of BGP packet sent to the neighbor. For an EBGP neighbor the default setting is 1. This means only direct connected neighbors are allowed.
<value 1-255> - Enter the EBGP multi-hop value used here. This value must be between 1 and 255.
weight - (Optional) The valid range is from 0 to 65535. If this is not specified, the routes learned through another BGP peer will have a default weight of 0. Routes sourced by the local router have a weight of 32768. It cannot be changed.
value <0-65535> - Enter the weight value used here. This value must be between 0 and
65535.
default - Specifies that the default weight value will be used.
update_source - (Optional) Specifies an interface to be used by BGP sessions for the TCP connection. By default, this parameter is not set.
add - Specifies to add an interface.
delete - Specifies to delete an interface.
ipif - (Optional) Specifies the IP interface name used.
<ipif_name 12> - Enter the IP interface name used here. This name can be up to 12 characters long.
send_community - (Optional) This specifies the communities attribute to be sent to the BGP neighbor.
standard - Only standard communities will be sent.
none - No communities will be sent. The default value is none.
next_hop_self - (Optional) Enable or disable the next hop self attribute. By default, this setting is disabled.
enable - Specifies that the next-hop-self attribute will be enabled.
disable - Specifies that the next-hop-self attribute will be disabled.
soft_reconfiguration_inbound - (Optional) Specifies to enable or disable the inbound soft reconfiguration function. By default, this setting is disabled.
enable - Specifies that the soft re-configuration inbound option will be enabled.
disable - Specifies that the soft re-configuration inbound option will be disabled.
189
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
remove_private_as - (Optional) If this setting is set to enable, the private AS number in the AS path attribute of the BGP update packets will be dropped. By default, the setting is disabled.
enable - Specifies that the 'remove private AS' option will be enabled.
disable - Specifies that the 'remove private AS' option will be disabled.
allowas_in - (Optional) If the allow_as setting is enabled, the BGP router’s self AS is allowed in the AS path list. By default, the allow_as setting is disabled. If no number is supplied, the default value of 3 times is used.
enable - Specifies that the allow AS-in option will be enabled.
<value 1-10> - Enter the allow AS-in value used here. This value must be between 1 and 10.
disable - Specifies that the allow AS-in option will be disabled.
default_originate - (Optional) Specifies to enable or disable the default originate function. By default, this setting is disabled.
enable - Specifies that the default originate function will be enabled.
route_map - Specifies the route map name.
<map_name 16> - Enter the route map name here. This name can be up to 16 characters long.
disable - Specifies that the default originate function will be disabled.
ipv4 unicast - Specifies to configure the IPv4 unicast address family.
ipv6 unicast - Specifies to configure the IPv6 unicast address family.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This example shows how to configure the EBGP multi-hop to 2:
DGS-3620-28PC:admin# config bgp neighbor general 10.100.200.1 ebgp_multihop 2
Command: config bgp neighbor general 10.100.200.1 ebgp_multihop 2
Success.
DGS-3620-28PC:admin#
12-25 config bgp neighbor timer
Description
This command is used to configure the BGP neighbor’s timer attribute.
Format config bgp neighbor timer [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]
{advertisement_interval [<sec 0-600> | default] | [keepalive <sec 0-65535> holdtime <sec 0-
65535> | default_keepalive_holdtime] | as_origination_interval [<sec 1-600> | default] | connect [<sec 1-65535> | default]}
advertisement_interval: If an advertised route is flapping, this usually occurs when an interface is unstable, a lot of UPDATE and WITHDRAWN messages will be sent. One method to control the flooding of these messages is to set a minimum advertisement interval.
190
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.
<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.
peer_group - Specifies the peer group to be configured.
<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.
advertisement_interval - (Optional) It specifies the interval at which the BGP process sends update messages to its peer. If this value is set to zero, the update or withdrawn message will be sent immediately. The default value for IBGP peers is 5 seconds and for EBGP peers it is
30 seconds. When it is specified to default, the neighbor specific advertisement interval setting will be returned to the default setting.
<sec 0-600> - Enter the advertisement interval value here. This value must be between 0 and
600 seconds.
default - Specifies that the advertisement interval will be set to default.
keepalive - (Optional) This specifies the interval at which a keepalive message is sent to its peers. If the two routers, that build BGP connection, have different keepalive timers, the smaller keepalive timer will be used. If the keepalive is set to zero, then the keepalive message will not be sent out. By default, the timer is not specified. This neighbor specific setting will follow the global setting.
<sec 0-65535> - Enter the keep alive value here. This value must be between 0 and 65535.
holdtime - (Optional) The system will declare a peer as dead if not receiving a keepalive message until the hold time. If two routers, that builded a BGP connection, have different hold times, the smaller hold time will be used. If the holdtime is zero, then the holdtime will never expire. It is recommended that the holdtime value is 3 times that of keepalive timer. By default, the timer is not specified. This neighbor specific setting will follow the global setting.
<sec 0-65535> - Enter the hold time value here. This value must be between 0 and 65535.
default_keepalive_holdtime - (Optional) Clear the specification of the neighbor specific holdtime and keepalive setting.
as_origination_interval - (Optional) Minimum interval between the sending AS origination routing updates. The valid value is from 1 to 600. The default setting is 15 seconds.
<sec 1-600> - Enter the AS original interval value here. This value must be between 1 and
600.
default - Specifies that the default AS original interval value will be used.
connect - (Optional) Minimum interval BGP sends TCP connect requests to the peer after a TCP connection fail happens. The default setting is 120 seconds.
<sec 1-65535> - Enter the minimum interval BGP sends TCP connect requests to the peer after a TCP connection fail happens value here. This value must be between 1 and 65535.
default - Specifies that the default connect value will be used.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This example shows how to configure the advertisement interval to 20 seconds:
DGS-3620-28PC:admin# config bgp neighbor timer peer_group Campus advertisement_interval 20
Command: config bgp neighbor timer peer_group Campus advertisement_interval 20
Success.
DGS-3620-28PC:admin#
191
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
12-26 config bgp neighbor route_reflector_client
Description
This command is used to configure the BGP’s neighbor of the route reflector client. When the route reflector client is defined and the router reflection is enabled, the BGP router will act as the route reflector. The reflector and its client form a cluster. In a cluster, all the members must be iBGP connections with the reflector and vice versa. The reflector is the representative of the cluster. For the reflector, the iBGP connection is established by the “create bgp neighbor” command and the corresponding neighbor must be specified as the client by this command. For the client, the iBGP connection is established by the “create bgp neighbor” command.
When the router is in reflection mode, the router will exchange information with client neighbors in the reflection way and with the remaining neighbor in the ordinary way.
When the router is in non-reflection mode, the router will exchange information with all the neighbors in the non-reflection way.
An AS can have multiple clusters, and a cluster can have more than one reflector for redundancy purposes.
By default, if both the IPv4 unicast and IPv6 unicast options are not specified, the setting is for the
IPv4 unicast address family.
Format config bgp neighbor route_reflector_client [<ipaddr> | <ipv6addr> | peer_group
<peer_group_name 16>] {[ipv4 | ipv6] unicast} state [enable | disable]
Parameters
<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.
<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.
peer_group - Specifies the peer group to be configured.
<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.
ipv4 unicast - Specifies to configure the IPv4 unicast address family.
ipv6 unicast - Specifies to configure the IPv6 unicast address family.
state - The specified neighbor will become the router reflector client. By default, this state is disabled.
enable - Specifies that the neighbor will become the router reflector client.
disable - Specifies that the neighbor will not become the router reflector client.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This example shows how to add a neighbor as the route reflector client:
192
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# config bgp neighbor route_reflector_client 10.10.10.2 state enable
Command: config bgp neighbor route_reflector_client 10.10.10.2 state enable
Success.
DGS-3620-28PC:admin#
12-27 config bgp neighbor map
Description
The command is used to configure the route map related setting for a BGP neighbor. When a route map is applied by the route_map command, it enforces the route policy. When it is applied by the unsuppress_map command, the suppressed route which matches the permit rule will be unsuppressed. It provides a manipulation of routers per neighbor. If a route map is configured relating to a BGP neighbor but the route map doesn’t exist, it means deny any. If the route map exists but has no filter entry defined, it will permit all. By default, if both the IPv4 unicast and IPv6 unicast options are not specified, the setting is for the IPv4 unicast address family.
Format config bgp neighbor map [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]
{[ipv4 | ipv6] unicast} {unsuppress_map [add | delete] <map_name 16> | route_map [in | out]
[add | delete] <map_name 16>}
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.
<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.
peer_group - Specifies the peer group to be configured.
<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.
ipv4 unicast - Specifies to configure the IPv4 unicast address family.
ipv6 unicast - Specifies to configure the IPv6 unicast address family.
unsuppress_map - (Optional) Name of a route map used to selectively advertise routers previously suppressed by the aggregate_address command.
add - Specifies that a route map will be added.
delete - Specifies that a route map will be deleted.
<map_name 16> - Enter the unsurpress map name here. This name can be up to 16 characters long.
route_map - (Optional) Specifies the route map to be applied to the incoming or outgoing routes.
in - Specifies the incoming routes from the neighbor.
out - Specifies the outgoing routes sent to the peer.
add - Specifies that a route map will be added.
delete - Specifies that a route map will be deleted.
<map_name 16> - Enter the route map name here. This name can be up to 16 characters long.
193
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
This example shows how to configure the unsuppress map of peer group “Campus” to Profile1:
DGS-3620-28PC:admin# config bgp neighbor map peer_group Campus unsuppress_map add Profile1
Command: config bgp neighbor map peer_group Campus unsuppress_map add Profile1
Success.
DGS-3620-28PC:admin#
12-28 config bgp neighbor filter
Description
The command is used to configure the filter related setting for a BGP neighbor.
filter_list: If the filter_list doesn’t exist or does exist but have no filter entry, it means deny any.
prefix_list: If the prefix_list doesn’t exist, it means deny any. If the prefix_list does exist but have no filter entry defined, it will permit all.
capability_orf_prefix_list: BGP Outbound Route Filter Capability allows one BGP router to install its configured inbound prefix_list filter on to the remote BGP router. This is used for reducing the amount of unwanted routing updates from the remote peer.
By default, if both the IPv4 unicast and IPv6 unicast options are not specified, the setting is for the
IPv4 unicast address family.
Format config bgp neighbor filter [<ipaddr> | <ipv6addr> | peer_group <peer_group_name 16>]
{[ipv4 | ipv6] unicast} {filter_list [in | out] [add | delete] <list_name 16> | prefix_list [in | out]
[add | delete] <list_name 16> | capability_orf_prefix_list [receive | send | both | none]}
Parameters
<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.
<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.
peer_group- Specifies the peer group to be configured.
<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.
ipv4 unicast - Specifies to configure the IPv4 unicast address family.
ipv6 unicast - Specifies to configure the IPv6 unicast address family.
filter_list - (Optional) Specifies the name of an as_path access_list to be applied as a filter. The filtering can be applied to incoming routes or outgoing routes.
in - Specifies that the filter specified will be used for incoming traffic.
out - Specifies that the filter specified will be used for outgoing traffic.
add - Specifies that a filter list will be added.
delete - Specifies that a filter list will be deleted.
<list_name 16> - Enter the filter list name here. This name can be up to 16 characters long.
prefix_list - (Optional) Specifies the name of a prefix_list to be applied as a filter. The filtering can be applied to incoming routes or outgoing routes.
in - Specifies that the filter specified will be used for incoming traffic.
out - Specifies that the filter specified will be used for outgoing traffic.
194
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
add - Specifies that a filter list will be added.
delete - Specifies that a filter list will be deleted.
<list_name 16> - Enter the prefic list name here. This name can be up to 16 characters long.
capability_orf_prefix_list - (Optional) Used to configure an outbound route filter prefix list capability. It can be sent with the following values:
receive - Enables the ORF prefix list capability in the receiving direction. The local router will install the prefix filter list notified by the remote router.
send - Enables the ORF prefix list capability in the sending direction. The local router will notify the remote router for the ORF prefix list capability.
both - Enables the ORF prefix list capability in both received and send directions.
none - Disable the ORF prefix list capability in both received and send directions.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This example shows how to configure the BGP neighbor ingress filter list for the peer group
“Campus” to List1:
DGS-3620-28PC:admin# config bgp neighbor filter peer_group Campus filter_list in add List1
Command: config bgp neighbor filter peer_group Campus filter_list in add List1
Success.
DGS-3620-28PC:admin#
12-29 show bgp peer_group
Description
The command is used to show the information of the BGP peer group.
Format show bgp peer_group {<peer_group_name 16>}
Parameters
Restrictions
None. (EI Mode Only Command)
peer_group - (Optional) Name of the BGP peer group. The length is up to 16 bytes.
<peer_group_name 16> - Enter the BGP peer group name here. This name can be up to 16 characters long.
It means to display all the BGP peer groups’ information that doesn’t specify the peer group name.
195
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
Show the information of the BGP peer group local1:
DGS-3620-28PC:admin# create bgp neighbor peer_group local1
Command: create bgp neighbor peer_group local1
Success.
DGS-3620-28PC:admin# create bgp neighbor 10.2.2.2 remote_as 10
Command: create bgp neighbor 10.2.2.2 remote_as 10
Success.
DGS-3620-28PC:admin# config bgp peer_group local1 add 10.2.2.2
Command: config bgp peer_group local1 add 10.2.2.2
Success.
DGS-3620-28PC:admin# show bgp peer_group local1
Command: show bgp peer_group local1
BGP Peer Group :local1
-----------------------------------------------------------------------
Description :
Session State : Enabled
Remote AS : 10
Advertisement Interval : 30 seconds
Keepalive Interval : 60 seconds
Holdtime Interval : 180 seconds
AS Origination Interval : 15 seconds
Connect Retry Interval : 120 seconds
EBGP Multihop : 1
Weight : 0
Members : 10.2.2.2
For Address Family IPv4 Unicast
Next Hop Self : Disabled
Route Reflector Client : Disabled
Send Community : None
Remove Private As : Disabled
AllowAS In : Disabled
Soft Reconfiguration Inbound : Disabled
Default Originate : Disabled
Outbound Route Filter (ORF) type (64) Prefix list:
Send Mode : Disabled
Receive Mode : Disabled
Prefix Max Count : 12000
Prefix Warning Threshold : 75
Prefix Warning Only : Disabled
DGS-3620-28PC:admin#
196
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
12-30 config bgp route_reflector cluster_id
Description
This command is used to configure the BGP process’s global attribute. The route reflector and its clients together form a cluster. When a single route reflector is deployed in a cluster, the cluster is identified by the router ID of the route reflector.
When the cluster ID is 0.0.0.0, the cluster is identified by the router ID. Otherwise, the cluster is identified by the cluster ID.
The BGP cluster_id command is used to assign a cluster ID to a route reflector when the cluster has one or more route reflectors. Multiple route reflectors are deployed in a cluster to increase redundancy and to avoid a single point of failure. When multiple route reflectors are configured in a cluster, they must be configured with the same cluster ID. This allows all route reflectors in the cluster to recognize updates from peers in the same cluster and reduces the number of updates that needs to be stored in BGP routing tables.
This command is only required for the reflector and not the client.
Format config bgp route_reflector cluster_id <ipaddr>
Parameters
cluster_id - Specifies the IP address of the cluster ID. Setting the cluster ID to 0.0.0.0 will remove specifications of the cluster ID. The default value is 0.0.0.0.
<ipaddr> - Enter the cluster ID's IP address here.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This example shows how to configure the cluster ID:
DGS-3620-28PC:admin# config bgp route_reflector cluster_id 10.100.200.1
Command: config bgp route_reflector cluster_id 10.100.200.1
Success.
DGS-3620-28PC:admin#
12-31 config bgp client_to_client_reflection
Description
This command is used to configure the BGP client to client reflection setting. If the reflection is disabled, then the router will not reflect routes from the route reflect client to other route reflect clients, but it will still send routes received from a non-reflecting client to a reflecting client.
197
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config bgp client_to_client_reflection [enable | disable]
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
enable - The reflector will operate in reflector mode.
disable - The reflector will operate in non-reflector mode.
Example
This example shows how to disable the client to client reflection:
DGS-3620-28PC:admin# config bgp client_to_client_reflection disable
Command: config bgp client_to_client_reflection disable
Success.
DGS-3620-28PC:admin#
12-32 config bgp confederation identifier
Description
This command is used to configure the BGP confederation. A confederation, which is represented by an AS, is a group of the sub AS.
A confederation can be used to reduce the internal BGP (iBGP) mesh by dividing a large single AS into multihop sub AS. External peers interact with the confederation as if it is a single AS.
Each sub AS is fully meshed within itself and it has connections to other sub AS within the confederation. The next hop, Multi Exit Discriminator (MED), and local preference information is preserved throughout the confederation, allowing you to retain a single Interior Gateway Protocol
(IGP) for all the autonomous systems.
Format config bgp confederation identifier <as_number 0-4294967295>
Parameters
<as_number 0-4294967295> - Autonomous System numbers which we use to specify a BGP confederation. If it is set to zero, the BGP confederation number is deleted. By default, this setting is zero. This value must be between 0 and 4294967295.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
198
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To create a confederation, AS number is 20:
DGS-3620-28PC:admin# config bgp confederation identifier 20
Command: config bgp confederation identifier 20
Success.
DGS-3620-28PC:admin#
12-33 config bgp confederation peers
Description
The command is used to configure multiple adjacent Autonomous Systems in a confederation. The
Autonomous Systems specified in this command are visible internally to the confederation. Each
Autonomous System is fully meshed within itself or configures route reflector.
Format config bgp confederation peers [add | delete] <aspath_list>
Parameters
peers - Specifies that a peer will be added or deleted.
add - Specifies that a peer will be added.
delete - Specifies that a peer will be deleted.
<aspath_list> - Enter the AS number for BGP peers that will belong to the confederation here.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To add two confederation peers, AS number are 50000 and 50001:
DGS-3620-28PC:admin# config bgp confederation peers add 50000,50001
Command: config bgp confederation peers add 50000,50001
Success.
DGS-3620-28PC:admin#
12-34 clear bgp
Description
This command is used to initiate a hard reset or a soft reset for a connection. If a soft reset is applied to the inbound session, the session will not be rebuilded but the local inbound routing table
199
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
will be cleared and needs to be rebuilt. If a soft reconfiguration inbound is enabled, then the routing table can be rebuilt based on the stored route updates information. If a soft reconfiguration inbound is disabled, then the local router will send the route refresh request to the neighbor to ask for the route refresh. When the inbound session is to soft reset with the prefix filter option, and capability_orf_prefix_list is enabled in the send direction, then the local BGP will send ‘clear the routing table’, and notify the remote neighbor for the prefix_filter. This is a way to notify the neighbor of the prefix filter whenever a change is made to the prefix filter. By default, if both the
IPv4 unicast and IPv6 unicast are not specified, the IPv4 unicast address family will be reset. If no
IP/IPv6 address or IP/IPv6 network are specified, the dampening information for the entire routing table of the IPv4 unicast or IPv6 unicast address family will be cleared. If both the IPv4 unicast and
IPv6 unicast are not specified, the dampening information for the IPv4 unicast routing table will be cleared.
Format clear bgp [all | neighbor_addr [<ipaddr> | <ipv6addr>] | as <as_number 1-4294967295> | peer_group <peer_group_name 16> | external] {[ipv4 | ipv6] unicast soft {[in {prefix_filter} | out]}}
Parameters
all - Specifies that all current BGP sessions will be reset.
neighbor_addr - Specifies to reset the session with the specified neighbor.
<ipaddr> - Enter the IPv4 address used for this configuration here.
<ipv6addr> - Enter the IPv6 address used for this configuration here.
as - Specifies to reset sessions with BGP peers in the specified Autonomous System.
<as_number 1-4294967295> - Enter the AS number used here. This value must be between
1 and 4294967295.
peer_group - Specifies to reset a peer group.
<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.
external - All eBGP sessions will be reset.
ipv4 unicast - Specifies to soft reset the IPv4 unicast address family.
ipv6 unicast - Specifies to soft reset the IPv6 unicast address family.
soft - (Optional) Initiates a soft reset. Does not tear down the session.
in - Initiates inbound reconfiguration. If neither in nor out keywords are specified, both inbound and outbound sessions are reset.
prefix_filter - The local site configured prefix filter will be notified to the remote neighbor when inbound soft reset is applied.
out - Initiates outbound reconfiguration.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To reset all Border Gateway Protocol (BGP) connections:
200
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# clear bgp all
Command: clear bgp all
Success.
DGS-3620-28PC:admin#
12-35 clear bgp dampening
Description
This command clears the route dampening information stored in the routing table. If no IP/IPv6 address or IP/IPv6 network is specified, the dampening information for the entire routing table of the IPv4 unicast or IPv6 unicast address family will be cleared. If both the IPv4 unicast and IPv6 unicast options are not specified, the dampening information for the IPv4 unicast routing table will be cleared.
Format clear bgp dampening {[ipv4 unicast {[<ipaddr> | <network_address>]} | [<ipaddr> |
<network_address>] | ipv6 unicast {[<ipv6addr> | <ipv6_networkaddr>]}]}
Parameters
ipv4 unicast - (Optional) Specifies to clear the dampening information for the IPv4 unicast address family.
<ipaddr> - Enter the IPv4 address used here.
<network_address> - Enter the IPv4 network address here.
ipv6 unicast - (Optional) Specifies to clear the dampening information for the IPv6 unicast address family.
<ipv6addr> - Enter the IPv6 address used here.
<ipv6_networkaddr> - Enter the IPv6 network address here.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To clear route dampening information for network 192.168.10.0/24 and free suppressed routes:
DGS-3620-28PC:admin# clear bgp dampening 192.168.10.0/24
Command: clear bgp dampening 192.168.10.0/24
Success.
DGS-3620-28PC:admin#
201
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
12-36 create bgp as_path access_list
Description
The command is used to create an Autonomous System path access list. You can apply an
Autonomous System path access lists to both inbound and outbound routes exchanged by a BGP peer session.
Format create bgp as_path access_list <list_name 16>
Parameters
access_list - Specifies the AS path access list name.
<list_name 16> - Enter the AS path access list name here. This name can be up to 16 characters long.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
The following example creates an Autonomous System path access list:
DGS-3620-28PC:admin# create bgp as_path access_list test
Command: create bgp as_path access_list test
Success.
DGS-3620-28PC:admin#
12-37 config bgp as_path access_list
Description
This command is used to configure matching rules for an Autonomous System path access list using regular expressions.
Format config bgp as_path access_list <list_name 16> [add | delete] <regexp_str 80> [deny | permit]
Parameters
access_list - Specifies the AS path access list name.
<list_name 16> - Enter the AS path access list name here. This name can be up to 16 characters long.
add - Specifies to add a matching rule.
delete - Specifies to delete a matching rule.
<reg_express> - Regular expression that defines the as_path filter.
202
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
deny - Denies advertisement based on matching conditions.
permit - Permits advertisement based on matching conditions.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This example configures a matching rule for an AS path access list:
DGS-3620-28PC:admin# create bgp as_path access_list test
Command: create bgp as_path access_list test
Success.
DGS-3620-28PC:admin# config bgp as_path access_list test add (_64[6-9][0-9][0-
9]_|_65[0-9][0-9][0-9]_) deny
Command: config bgp as_path access_list test add (_64[6-9][0-9][0-9]_|_65[0-
9][0-9][0-9]_) deny
Success.
DGS-3620-28PC:admin# config bgp as_path access_list test add .* permit
Command: config bgp as_path access_list test add .* permit
Success.
DGS-3620-28PC:admin#
12-38 delete bgp as_path access_list
Description
This command is used to delete an Autonomous System path access list.
Format delete bgp as_path access_list [list_name <list_name 16> | all]
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
list_name - Specifies the AS path access list name.
<list_name 16> - Enter the AS path access list name here. This name can be up to 16 characters long.
all - Specifies that all the AS path lists will be used.
203
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
This example deletes a matching rule for an AS path access list:
DGS-3620-28PC:admin# delete bgp as_path access_list list_name test
Command: delete bgp as_path access_list list_name test
Success.
DGS-3620-28PC:admin#
12-39 show bgp as_path access_list
Description
This command displays the Autonomous System path’s access list. If a specific access list is not specified, all AS path access lists will be displayed.
Format show bgp as_path access_list {<list_name 16>}
Parameters
access_list - Specifies the AS path access list name.
<list_name 16> - (Optional) Enter the AS path access list name here. This name can be up to
16 characters long.
Restrictions
None. (EI Mode Only Command)
Example
This example displays an AS path access list:
DGS-3620-28PC:admin# show bgp as_path access_list 1
Command: show bgp as_path access_list 1
BGP AS Path Access List : 1 deny (_64[6-9][0-9][0-9]_|_65[0-9][0-9][0-9]_) permit 33
Total Filter Entries: 2
Total AS Path Access List Number: 1
DGS-3620-28PC:admin#
12-40 create bgp community_list
Description
This command is used to create a BGP community list.
204
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format create bgp community_list [standard | expanded] <list_name 16>
Parameters
standard - Creates a standard named community list.
expanded - Creates an expanded named community list.
<list_name 16> - Enter the name of the community list that will be created here. This name can be up to 16 characters long.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To create a standard BGP community list:
DGS-3620-28PC:admin# create bgp community_list standard list1
Command: create bgp community_list standard list1
Success.
DGS-3620-28PC:admin#
12-41 config bgp community_list
Description
This command is used to configure the matching rule for the community access list. Mutliple rules can be defined for a community list. Each rule is either in the permit form or in the deny form. Each rule in the standard community list contains one community. A community string, which contains multiple communities, can be defined for a rule. A Route can be associated with a community string. To match a rule, two community strings must exact match. The built-in community strings including internet, local_as, no_advertise, and no_export. The user-defined community is 4-bytes long, with the leading two bytes representing the AS number and the trailing two bytes representing a user defined number. BGP community attributes exchanged between BGP peers is controlled by the neighbor send-community command. The community string associated with routes can be controlled by the route map. By default, the community string “internet” will be sent.
If the route map sets a community string, this community string will be added to the existing community string associated with the route. If permit rules exist in an access list, then routes with community that does not match any rule in the list will be denied. If there are no rules or only deny rules configured for the community list, all routes will be denied.
Format config bgp community_list [standard <list_name 16> [add | delete] {internet | local_as | no_advertise | no_export | community_set <community_set 80>}(1) [deny | permit] | expanded <list_name 16> [add | delete] <regexp_str 80> [deny | permit]]
205
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
standard - Configures a standard community list.
<list_name 16> - Enter the standard community list name here. This name can be up to 16 characters long.
add - Adds a rule to the community list.
delete - Deletes a rule from the community list.
internet - (Optional) Routes with this community will be sent to all peers either internal or external.
local_as - (Optional) Routes with this community will be sent to peers in the same AS, but will not be sent to peers in another sub AS in the same confederation and to the external peers.
no_advertise - Routes with this community will not be advertised to any peer either internal or external.
no_export - (Optional) Routes with this community will be sent to peers in the same AS or in other sub Autonomous Systems within a confederation, but will not be sent to an external BGP
(eBGP) peer.
community_set - (Optional) A community is 4 bytes long, including the 2 bytes’s for the
Autonomous System’s number and 2 bytes for the network number This value is configured with two 2-byte numbers separated by a colon. The valid range of both number are from 1 to
65535. A community set can be formed by multiple communities, separated by a comma.
<community_set 80> - Enter the community set value here. This value can be up to 80 characters long.
deny - To deny the routes if rule is matched.
permit - To permit the routes if rule is matched.
expanded - Configures an expanded community list.
<list_name 16> - Name of community list to be configured.
add - Adds a rule to the community list.
delete - Deletes a rule from the community list.
<regexp_str 80> - Enter the registration expiry string value here. This value can be up to 80 characters long.
deny - To deny the routes if rule is matched.
permit - To permit the routes if rule is matched.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This example creates a standard community list and configures permits routes from the network 10 in the Autonomous System 50000:10
DGS-3620-28PC:admin# create bgp community_list standard list1
Command: create bgp community_list standard list1
Success.
DGS-3620-28PC:admin# config bgp community_list standard list1 add community_set 50000:10 permit
Command: config bgp community_list standard list1 add community_set 50000:10 permit
Success.
DGS-3620-28PC:admin#
206
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
12-42 delete bgp community_list
Description
This command is used to delete a BGP community list.
Format delete bgp community_list [list_name <list_name 16> | all]
Parameters
list_name - Specifies the name of the community list to be deleted.
<list_name 16> - Enter the community list name here. This name can be up to 16 characters long.
all - Specifies that all the community lists will be used.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This example deletes the community list named as list1:
DGS-3620-28PC:admin# delete bgp community_list list_name test1
Command: delete bgp community_list list_name test1
Success.
DGS-3620-28PC:admin#
12-43 show bgp community_list
Description
This command is used to show a BGP community list.
Format show bgp community_list {<list_name 16>}
Parameters
community_list - Specifies the name of community list to be displayed.
<list_name 16> - (Optional) Enter the community list name here. This name can be up to 16 characters long.
Restrictions
None. (EI Mode Only Command)
207
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
This example displays the community list name as list1:
DGS-3620-28PC:admin# create bgp community_list standard list1
Command: create bgp community_list standard list1
Success.
DGS-3620-28PC:admin# config bgp community_list standard list1 add community_set
50000:10 permit
Command: config bgp community_list standard list1 add community_set 50000:10 permit
Success.
DGS-3620-28PC:admin# show bgp community_list list1
Command: show bgp community_list list1
Community List Name: list1
--------------------------------
Type : standard permit : 50000:10
DGS-3620-28PC:admin#
12-44 show bgp route
Description
This command is used to display route entries in the Border Gateway Protocol (BGP) routing table
Format show bgp route {[[regexp <desc 80> | inconsistent_as | cidr_only | filter_list <list_name 16>
| route_map <map_name 16> | community {community_set <community_set 80> | local_as | no_advertise | no_export | internet} {exact_match} | community_list <list_name 16>
{exact_match} | ipaddress <ipaddr> | network <network_address> {longer_prefixes} | prefix_list <list_name 16>] | ipv6 unicast {[regexp <desc 80> | inconsistent_as | filter_list
<list_name 16> | route_map <map_name 16> | community {community_set
<community_set80> | local_as | no_advertise | no_export | internet} {exact_match} | community_list <list_name 16> {exact_match} | ipv6_address <ipv6addr> | ipv6_network
<ipv6_networkaddr> {longer_prefixes} | ipv6_prefix_list <list_name 16>]} | ipv4 unicast
{[regexp <desc 80> | inconsistent_as | cidr_only | filter_list <list_name 16> | route_map
<map_name 16> | community {community_set <community_set 80> | local_as | no_advertise | no_export | internet} {exact_match} | community_list <list_name 16>
{exact_match} | ipaddress <ipaddr> | network <network_address> {longer_prefixes} | prefix_list <list_name 16>]}]
Parameters
regexp - (Optional) Display routes matching the AS path regular expression.
208
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
None. (EI Mode Only Command)
<desc 80> - A regular expression to match the BGP AS paths, must enclose in the quotes.
Can include blank space. The string can be up to 80 characters long.
inconsistent_as - (Optional) Display the routes if they have of same prefix and different AS path originate.
cidr_only - (Optional) Display only routes with non-natural network masks.
filter_list - (Optional) Display routes conforming to the filter list.
<list_name 16> - Enter the filter list name here. This name can be up to 16 characters long.
route_map - (Optional) Display routes matching the route map.
<map_name 16> - Enter the route map name here. This name can be up to 16 characters long.
community - (Optional) Display routes matching the communities.
community_set - (Optional) Specifies the community set here.
<community_set 80> - Enter the community set here. This value can be up to 80 characters long.
local_as - (Optional) Do not send outside local AS (well-known community).
no_advertise - (Optional) Do not advertise to any peer (well-known community).
no_export - (Optional) Do not export to next AS (well-known community).
internet - (Optional) Send to the Internet (well-known community>.
exact_match - (Optional) If specified, communities.need to match exactly.
community_list - (Optional) A community is in the form of <as_number> : <udn_number>. A community string can be formed by multiple communities, separated by a comma.
<list_name 16> - Enter the community list name here. This name can be up to 16 characters long.
exact_match - (Optional) If specified, communities.need to match exactly.
ipaddress - (Optional) Display the host route that matches the specified IP address.
<ipaddr> - Enter the IP address to be displayed here.
network - (Optional) Display the route that matches the specified network address.
<network_address> - Enter the network address to be displayed here.
longer_prefixes - (Optional) If specified, more specific routes will be also displayed.
prefix_list - (Optional) Display routes conforming to the prefix list
<list_name 16> - Specifies the list name for the specified prefix list, IP access list, or route map.
ipv6 unicast - Specifies to display routes for the IPv6 unicast address family.
ipv6address - (Optional) Display the host route that matches the specified IPv6 address.
<ipv6addr> - Enter the IPv6 address to be displayed here.
ipv6_network - (Optional) Display the route that matches the specified IPv6 network address.
<ipv6_networkaddr> - Enter the IPv6 network address to be displayed here.
ipv6_prefix_list - Displays routes conforming to the IPv6 prefix list.
<list_name 16> - Enter the IPv6 prefix list name here. This name can be up to 16 characters long.
ipv4 unicast - Specifies to display routes for the IPv4 unicast address family.
Example
The following example shows how to get the BGP route information:
DGS-3620-28PC:admin# show bgp route
Command: show bgp route
BGP local router ID is 10.0.40.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? – incomplete
209
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Network Gateway Metric LocPrf Weight Path
*> 10.10.10.0/24 172.16.10.1 0 0 300 10 i
*> 10.10.20.0/24 172.16.10.1 0 0 300 10 i
* 10.20.10.0/24 172.16.10.1 0 0 300 10 i
*dh 30.10.1.1/24 172.3.3.2 100 50 200 20 i
Total Entries :4
DGS-3620-28PC:admin# show bgp route cidr_only
Command: show bgp route cidr_only
BGP local router ID is 172.16.73.131
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? – incomplete
Network Gateway Metric LocPrf Weight Path
*> 192.0.0.0/8 172.16.72.24 0 1878 200 ?
*> 172.16.0.0/14 172.16.72.30 0 108 200 ?
Total Entries :2
DGS-3620-28PC:admin# show bgp route community_list communitylist
Command: show bgp route community_list ommunitylist
BGP local router ID is 192.168.32.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? – incomplete
Network Gateway Metric LocPrf Weight Path
* i10.3.0.0/16 10.0.22.1 0 100 1800 1239 ?
*>i10.3.0.0/16 10.0.16.1 0 100 1800 1239 ?
* i10.6.0.0/16 10.0.22.1 0 100 1800 690 568 ?
Total Entries :3
DGS-3620-28PC:admin# show bgp route filter_list filter_list_one
Command: show bgp route filter_list filter_list_one
BGP local router ID is 172.16.72.24
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? – incomplete
Network Gateway Metric LocPrf Weight Path
* 172.16.0.0/24 172.16.72.30 0 109 108 ?
* 172.16.1.0/24 172.16.72.30 0 109 108 ?
* 172.16.11.0/24 172.16.72.30 0 109 108 ?
* 172.16.14.0/24 172.16.72.30 0 109 108 ?
* 172.16.15.0/24 172.16.72.30 0 109 108 ?
* 172.16.16.0/24 172.16.72.30 0 109 108 ?
210
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Total Entries :6
DGS-3620-28PC:admin# show bgp route regexp “108$”
Command: show bgp route regexp “108$”
BGP local router ID is 172.16.72.24
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? – incomplete
Network Gateway Metric LocPrf Weight Path s 172.16.0.0/24 172.16.72.30 0 109 108 ? s 172.16.0.0/24 172.16.72.31 0 109 108 ?
* 172.16.1.0/24 172.16.72.30 0 109 108 ?
* 172.16.11.0/24 172.16.72.30 0 109 108 ?
* 172.16.14.0/24 172.16.72.30 0 109 108 ?
* 172.16.15.0/24 172.16.72.30 0 109 108 ?
* 172.16.16.0/24 172.16.72.30 0 109 108 ?
Total Entries :7
DGS-3620-28PC:admin# show bgp route inconsistent_as
Command: show bgp route inconsistent_as
BGP local router ID is 172.16.72.24
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? – incomplete
Network Gateway Metric LocPrf Weight Path
* 172.16.1.0/24 172.16.72.30 0 109 108 i
172.16.72.21 0 110 101 i
* 172.16.11.0/24 172.16.72.30 0 109 108 i
172.16.72.10 0 104 105 i
172.16.72.10 0 104 103 i
Total Entries :2
DGS-3620-28PC:admin# show bgp route network 2.2.2.0/24
Command: show bgp route network 2.2.2.0/24
BGP routing table entry for 2.2.2.0/24
Paths:(1 available, best #1, table: Default_IP_Routing_Table.)
Not advertised to any peer.
as path is:Local
next hop is:0.0.0.0 ,from 0.0.0.0 (local router_id is:192.168.1.1)
origin IGP, metric 100, localpref 0, weight 32768, sourced, best
Community: no_advertise
DGS-3620-28PC:admin#
211
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
12-45 show bgp neighbors
Description
This command is used to display BGP and TCP connections with the BGP neighbor or routing table entries containing a BGP neighbor. To display BGP and TCP connection information for neighbor sessions, or routing table entries with BGP neighbor. For BGP, this includes detailed neighbor attribute, capability, path, and prefix information. For TCP, this includes statistics related to BGP neighbor session establishment and maintenance. If both the IPv4 unicast and IPv6 unicast are not specified, information for the IPv4 unicast will be displayed.
Format show bgp neighbors {[<ipaddr> | <ipv6addr>] {[{[ipv4 | ipv6] unicast} [advertised_routes | received_routes | routes | received_prefix_filter] | statistics]}}
Parameters
Restrictions
None. (EI Mode Only Command)
neighbors - Detailed information about TCP and BGP neighbor connections.
<ipaddr> - (Optional) Enter the IPv4 address used for the configuration here.
<ipv6addr> - (Optional) Enter the IPv6 address used for the configuration here.
ipv4 unicast - (Optional) Specifies to display routes for the IPv4 unicast address family.
ipv6 unicast - (Optional) Specifies to display routes for the IPv6 unicast address family.
advertised_routes - (Optional) Displays the routes advertised to a BGP neighbor.
received_routes - (Optional) Displays the routes received from this neighbor.
routes - (Optional) Displays routes in the routing table learned from the neighbor.
received_prefix_filter - (Optional) Displays the prefix filter information that is received from a
BGP neighbor.
statistics - (Optional) Displays the statistical information learned.
Example
To show the BGP neighbor or routes relative to one neighbor:
DGS-3620-28PC:admin# show bgp neighbor 10.10.10.2
Command: show bgp neighbors 10.10.10.2
BGP neighbor: 10.10.10.2 (Internal Peer)
-----------------------------------------------
Session State : Enabled
Remote AS : 1111
Remote Router ID : 3.3.3.3
BGP State : Established (UP for 00:19:12)
Hold Time : 9 Seconds
Keepalive Interval : 3 Seconds
Advertisement Interval : 5 Seconds
AS Origination Interval : 15 Seconds
Connect Retry Interval : 120 Seconds
EBGP Multihop : 255
Weight : 0
212
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
For Address Family IPv4 Unicast
IPv4 Unicast : Advertised and Received
Next Hop Self : Disabled
Remove Private As : Disabled
AllowAS In : Disabled
Soft Reconfiguration Inbound : Disabled
Send Community : None
Default Originate : Disabled
Outbound Route Filter (ORF) type (64) Prefix list:
Send Mode : Disabled
Receive Mode : Disabled
Prefix Max Count : 12000
Prefix Warning Threshold : 75
Prefix Warning Only : Disabled
DGS-3620-28PC:admin# show bgp neighbor 172.16.232.178 advertised_routes
Command: show bgp neighbor 172.16.232.178 advertised_routes
BGP local router ID is 172.16.232.181
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Gateway Metric LocPrf Weight Path
*>i 10.0.0.0/24 172.16.232.179 0 100 0 ?
*> 10.20.2.0/24 0.0.0.0 0 32768 i
Total Entries :2
DGS-3620-28PC:admin# show bgp neighbor 172.16.232.178 received_routes
Command: show bgp neighbor 172.16.232.178 received_routes
BGP local router ID is 172.16.232.181
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Gateway Metric LocPrf Weight Path
*>i10.0.0.0/24 172.16.232.179 0 100 0 ?
*> 10.20.2.0/24 0.0.0.0 0 32768 i
Total Entries :2
DGS-3620-28PC:admin# show bgp neighbors 172.16.232.178 received_prefix_filter
Command: show bgp neighbors 172.16.232.178 received_prefix_filter
Ip prefix-list 172.16.232.181: 1 entries
Seq 5 deny 10.0.0.0/8 le 32
Total Entries :1
213
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show bgp neighbors 172.16.232.178 routes
Command: show bgp neighbors 172.16.232.178 routes
BGP local router ID is 10.0.40.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? – incomplete
Network Gateway Metric LocPrf Weight Path
*> 10.10.10.0/24 172.16.10.1 0 0 300 10 i
*> 10.10.20.0/24 172.16.10.1 0 0 300 10 i
* 10.20.10.0/24 172.16.10.1 0 0 300 10 i
*dh 30.10.1.1/24 172.3.3.2 100 50 200 20 i
Total Entries :4
DGS-3620-28PC:admin#
12-46 show bgp dampened_routes
Description
This command is used to display dampened entries in the Border Gateway Protocol (BGP) routing table. If both the IPv4 unicast and IPv6 unicast are not specified, routes for the IPv4 unicast address family will be displayed.
Format show bgp dampened_routes {[ipv4 | ipv6] unicast}
Parameters
ipv4 unicast – (Optional) Specifies to display dampened routes for the IPv4 unicast address family.
ipv6 unicast – (Optional) Specifies to display dampened routes for the IPv6 unicast address family.
Restrictions
None. (EI Mode Only Command)
Example
To show the BGP dampened routes’ information:
214
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show bgp dampened_routes
Command: show bgp dampened_routes
BGP local router ID is 172.29.232.182
Status codes: s suppressed, d damped, h history, * valid, > best, i -internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network From Reuse Path
*d 10.0.0.0/16 172.16.232.177 00:18:4 100 ?
*d 10.2.0.0/16 172.16.232.177 00:28:5 100 ?
Total Entries :2
DGS-3620-28PC:admin#
12-47 show bgp flap_statistics
Description
This command is used to display flap entries in the Border Gateway Protocol’s (BGP) routing table.
If both the IPv4 unicast and IPv6 unicast are not specified, routes for the IPv4 unicast address family will be displayed.
Format show bgp flap_statistics {[ipv4 | ipv6] unicast}
Parameters
ipv4 unicast – (Optional) Specifies to display flap statistics for the IPv4 unicast address family.
ipv6 unicast – (Optional) Specifies to display flap statistics for the IPv6 unicast address family.
Restrictions
None. (EI Mode Only Command)
Example
To show flap BGP routes information:
215
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show bgp flap_statistics
Command:show bgp flap_statistics
BGP local router ID is 172.29.232.182
Status codes: s suppressed, d damped, h history, * valid, > best, i –internal
Origin codes: i - IGP, e - EGP, ? – incomplete
Network From Flaps Duration Reuse Path
*d 10.0.0.0/16 172.29.232.177 4 00:13:31 00:18:10 100 ?
*d 10.2.0.0/16 172.29.232.177 4 00:02:45 00:28:20 100 i
Total Entries :2
DGS-3620-28PC:admin#
12-48 show bgp
Description
This command is used to display BGP configuration and summary of the BGP status. If both the
IPv4 unicast and IPv6 unicast are not specified, summary information for the IPv4 unicast address family will be displayed.
Format show bgp {summary {[ipv4 | ipv6 ] unicast}}
Parameters
summary - (Optional) Specifies that the summary of the BGP status will be included in the display.
ipv4 unicast - Specifies to display summary information for IPv4 unicast.
ipv6 unicast - Specifies to display summary information for IPv6 unicast.
Restrictions
None. (EI Mode Only Command)
Example
This example displays the BGP setting:
DGS-3620-28PC:admin# show bgp
Command: show bgp
BGP Global State : Disabled
Version : 4
BGP Router Identifier : 10.90.90.90
Synchronization : Enabled
Enforce First AS : Enabled
Local AS number : 100
Scan Time : 60
216
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Hold Time : 300 Seconds
Keepalive Interval : 100 Seconds
Always Compare MED : Disabled
Deterministics MED : Disabled
Med Confed : Disabled
Default Local Preference : 200
AS Path Ignore : Disabled
Compare Router ID : Enabled
MED Missing as Worst : Disabled
Compare Confederation Path : Disabled
Fast External Fallover : Enabled
Aggregate Next Hop Check : Disabled
BGP Trap : None
DGS-3620-28PC:admin# show bgp summary
Command: show bgp summary
BGP Router Identifier : 172.16.1.1 local AS number : 100
Dampening : Enabled
BGP AS Path Entries : 10
BGP Community Entries : 7
Neighbor Ver AS MsgRcvd MsgSent Up/Down State/PfxRcvd
----------- --- -- ------- ------- ------- -------------
10.100.1.1 4 200 26 22 00:14:23 23
10.200.1.1 4 300 21 51 00:13:40 0
10.200.1.5 4 300 21 5 00:10:05 Idle
Total Number of Neighbors:3
DGS-3620-28PC:admin#
12-49 show bgp reflection
Description
This command is used to display the route reflection configuration of BGP. If both the IPv4 unicast and IPv6 unicast are not specified, the reflection information for the IPv4 unicast will be displayed.
Format show bgp reflection {[ipv4 | ipv6] unicast}
Parameters
Restrictions
None. (EI Mode Only Command)
ipv4 unicast - Specifies to display reflection information for IPv4 unicast.
ipv6 unicast - Specifies to display reflection information for IPv6 unicast.
217
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
This example displays the BGP reflection setting:
DGS-3620-28PC:admin# show bgp reflection
Command: show bgp reflection
Client to Client Reflection State : Disabled
Cluster ID : 0.0.0.0
Router Reflector Client:
10.1.1.20
10.1.1.30
DGS-3620-28PC:admin#
12-50 show bgp confederation
Description
This command is used to display the confederation configuration of BGP.
Format show bgp confederation
Parameters
None.
Restrictions
None. (EI Mode Only Command)
Example
This example displays the BGP confederation setting:
DGS-3620-28PC:admin# show bgp confederation
Command: show bgp confederation
BGP as number : 65501
Confederation identifier : 10
Confederation Peer : 65502,65503
Neighbor list:
IP address Remote AS number
--------------- --------------------
192.168.1.1 65502
192.168.1.2 65503
192.168.1.3 65501
DGS-3620-28PC:admin#
218
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
12-51 config bgp trap
Description
This command is used to configure the BGP trap state.
Format config bgp trap [peer_established | peer_idle | all] [enable | disable]
Parameters
peer_established - Enable or disable the sending of the peer established trap. This default value is disabled.
peer_idle - Enable or disable the sending of the peer idle trap. This default value is disabled.
all - Enable or disable the sending of both the peer idle and established trap. This default value is disabled.
enable - Specifies that the trap feature will be enabled.
disable - Specifies that the trap feature will be disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This example disables the BGP peer idle trap state:
DGS-3620-28PC:admin# config bgp trap peer_idle disable
Command: config bgp trap peer_idle disable
Success.
DGS-3620-28PC:admin#
12-52 show bgp trap_state
Description
This command is used to show the BGP trap state.
Format show bgp trap_state
Parameters
None.
Restrictions
None. (EI Mode Only Command)
219
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
This example displays the BGP trap state:
DGS-3620-28PC:admin# show bgp trap_state
Command: show bgp trap_state
BGP Trap State :
BGP Peer Established : Enabled
BGP Peer Idle : Enabled
DGS-3620-28PC:admin#
12-53 config bgp scan_timer
Description
This command is used to configure the BGP scan timer value. BGP will check the next hop whether it is reachable from the BGP route before the timer expires.
Format config bgp scan_timer [<sec 5-60> | default]
Parameters
<sec 5-60> - Set the BGP scan timer value from 5 to 60 seconds. Default is 60 seconds
default - Set the BGP scan timer to the default value.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This example configures the BGP scan timer to 30 seconds:
DGS-3620-28PC:admin# config bgp scan_timer 30
Command: config bgp scan_timer 30
Success.
DGS-3620-28PC:admin#
12-54 config bgp aggregate_next_hop_check
Description
This command is used to configure the BGP aggregated routes’ next hop check. Only the routes with the same next hop attribute can be aggregated if the BGP aggregate next hop check is enabled.
220
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config bgp aggregate_next_hop_check [enable | disable]
Parameters
enable - Specifies that the BGP aggregate next hop check will be enabled.
disable - Specifies that the BGP aggregate next hop check will be disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This is an example of configuring the BGP aggregate next hop check:
DGS-3620-28PC:admin# config bgp aggregate_next_hop_check enable
Command: config bgp aggregate_next_hop_check enable
Success.
DGS-3620-28PC:admin#
12-55 config bgp fast_external_fallover
Description
This command configures a Border Gateway Protocol (BGP) routing process to immediately reset its external BGP peer sessions if the link used to reach these peers goes down,
Format config bgp fast_external_fallover [enable | disable]
Parameters
enable - To enable BGP fast external fallover flag. Default is enabled.
disable - To disable BGP fast external fallover.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This example disables BGP fast external fallver:
221
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# config bgp fast_external_fallover disable
Command: config bgp fast_external_fallover disable
Success.
DGS-3620-28PC:admin#
12-56 config bgp neighbor maximum_prefix
Description
This command is used to configure the BGP neighbor maximum prefix.
Format config bgp neighbor maximum_prefix [<ipaddr> | <ipv6addr> | peer_group
<peer_group_name 16>] [<value 1-12000> {<value 1-100>} {warning_only} | ipv4 unicast
<value 1-12000> {<value 1-100>} {warning_only} | ipv6 unicast <value 1-6000> {<value 1-
100>} {warning_only}]
Parameters
<ipaddr> - Specifies the IPv4 address of the neighbor to be configured.
<ipv6addr> - Specifies the IPv6 address of the neighbor to be configured.
peer_group - Specifies the peer group to be configured.
<peer_group_name 16> - Enter the peer group name here. This name can be up to 16 characters long.
<value 1-12000> - Maximum number of prefixes allowed from the specified neighbor. The default is 12000.
<value 1-100> - (Optional) Integer specifying at what percentage the maximum prefix limit that the router starts to generate a warning message. The range is from 1 to 100; the default is 75.
warning_only - (Optional) Allows the router to generate a log message when the maximum prefix limit is exceeded, instead of terminating the peering session.
ipv4 unicast - Specifies to configure the IPv4 unicast address family.
ipv6 unicast - Specifies to configure the IPv6 unicast address family.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This example sets the maximum number of prefixes that will be accepted from the neighbor
192.168.1.1 to 5000, when 50 percent of the maximum prefix limit has been reached. This will display a warning message:
DGS-3620-28PC:admin# config bgp neighbor maximum_prefix 192.168.1.1 5000 50
Command: config bgp neighbor maximum_prefix 192.168.1.1 5000 50
Success.
DGS-3620-28PC:admin#
222
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
12-57 clear bgp flap_statistics
Description
The command is used to clear the accumulated penalties for routes that have been received on a router that has BGP dampening enabled. If no IP/IPv6 address or IP/IPv6 network are specified, flap statistics of the IPv4 unicast or IPv6 unicast address family are cleared for all routes. If both the IPv4 unicast and IPv6 unicast are not specified, flap statistics of IPv4 unicast are cleared.
Format clear bgp flap_statistics {[ipv4 unicast {[<ipaddr> | <network_address>]} | [<ipaddr> |
<network_address>] | ipv6 unicast {[<ipv6addr> | <ipv6_networkaddr>]}]}
Parameters
ipv4 unicast – (Optional) Specifies to clear the dampening information for the IPv4 unicast address family.
<ipaddr> - Enter the IPv4 address used here.
<network_address> - Enter the IPv4 network address here.
ipv6 unicast – (Optional) Specifies to clear the dampening information for the IPv6 unicast address family.
<ipv6addr> - Enter the IPv6 address used here.
<ipv6_networkaddr> - Enter the IPv6 network address here.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
This is an example to clear the route dampening flap statistics of network 192.168.1.0/24:
DGS-3620-28PC:admin# clear bgp flap_statistics 192.168.1.0/24
Command: clear bgp flap_statistics 192.168.1.0/24
Success.
DGS-3620-28PC:admin#
223
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 13 BPDU Attack
Protection Commands
config bpdu_protection ports [<portlist> | all] {state [enable | disable] | mode [drop | block | shutdown]}(1)
config bpdu_protection recovery_timer [<sec 60-1000000> | infinite]
config bpdu_protection [trap | log] [none | attack_detected | attack_cleared | both]
enable bpdu_protection disable bpdu_protection
show bpdu_protection {ports {<portlist>}}
13-1 config bpdu_protection ports
Description
This command is used to configure port state and mode for BPDU protection.
Format config bpdu_protection ports [<portlist> | all] {state [enable | disable] | mode [drop | block | shutdown]} (1)
Parameters
<portlist> - Enter a range of ports to be configured.
all - Specifies to set all ports in the system.
state - Specifies the BPDU protection state. The default state is disabled.
enable - Enable the BPDU protection state.
disable - Disable the BPDU protection state.
mode - Specifies the BPDU protection mode. The default mode is shutdown.
drop - Specifies to drop all received BPDU packets when the port enters the under attack state.
block - Specifies to drop all packets (include BPDU and normal packets) when the port enters the under attack state.
shutdown- Specifies to shut down the port when the port enters the under attack state.
Note: Only shutdown mode will make port link down, If the port status is Err-disabled but port link is up, please check “show ports err-disabled” command for the reason.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure port state to enable and drop mode:
224
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#config bpdu_protection ports 1 state enable mode drop
Command: config bpdu_protection ports 1 state enable mode drop
Success.
DGS-3620-28PC:admin#
13-2 config bpdu_protection recovery_timer
Description
When a port enters the under attack state, it can be disabled or blocked based on the configuration.
The state can be recovered manually or by the auto recovery mechanism. This command is used to configure the auto-recovery timer. To manually recover the port, the user needs to disable and re-enable the port.
Format config bpdu_protection recovery_timer [<sec 60-1000000> | infinite]
Parameters
<sec 60-1000000> - Enter the timer (in seconds) used by the Auto-recovery mechanism to recover the port. The valid range is 60 to 1000000. Auto-recovery time is 60 seconds by default.
infinite - Specifies the port will not be auto recovered.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the BPDU protection recovery timer to 120 seconds for the entire switch:
DGS-3620-28PC:admin#config bpdu_protection recovery_timer 120
Command: config bpdu_protection recovery_timer 120
Success.
DGS-3620-28PC:admin#
13-3 config bpdu_protection
Description
This command is used to configure the BPDU protection trap state or log state.
Format config bpdu_protection [trap | log] [none | attack_detected | attack_cleared | both]
225
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
trap - Specifies the trap state.
log - Specifies the log state.
none - Specifies neither attack_detected nor attack_cleared is trapped or logged.
attack_detected - Specifies events will be logged or trapped when the BPDU attacks is detected.
attack_cleared - Specifies events will be logged or trapped when the BPDU attacks is cleared.
both - Specifies the events of attack_detected and attack_cleared shall be trapped or logged.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the BPDU protection trap state as both for the entire switch:
DGS-3620-28PC:admin#config bpdu_protection trap both
Command: config bpdu_protection trap both
Success.
DGS-3620-28PC:admin#
13-4 enable bpdu_protection
Description
This command is used to enable BPDU protection globally for the entire switch.
Format enable bpdu_protection
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable BPDU protection for the entire switch:
DGS-3620-28PC:admin#enable bpdu_protection
Command: enable bpdu_protection
Success.
DGS-3620-28PC:admin#
226
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
13-5 disable bpdu_protection
Description
This command is used to disable BPDU protection globally for the entire switch.
Format disable bpdu_protection
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To disable BPDU protection:
DGS-3620-28PC:admin#disable bpdu_protection
Command: disable bpdu_protection
Success.
DGS-3620-28PC:admin#
13-6 show bpdu_protection
Description
This command is used to display BPDU protection global configuration or per port configuration and current status.
Format show bpdu_protection {ports {<portlist>}}
Parameters
ports - (Optional) Specifies all ports to be displayed.
<portlist> - (Optional) Specifies a range of ports to be displayed.
Restrictions
None.
227
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To display BPDU protection information for the entire switch:
DGS-3620-28PC:admin#show bpdu_protection
Command: show bpdu_protection
BPDU Protection Global Settings
---------------------------------------
BPDU Protection Status : Disabled
BPDU Protection Recover Time : 60 seconds
BPDU Protection Trap State : None
BPDU Protection Log State : Both
DGS-3620-28PC:admin#
To display BPDU protection status for ports 1 to 3:
DGS-3620-28PC:admin#show bpdu_protection ports 1-3
Command: show bpdu_protection ports 1-3
Port State Mode Status
----- ----------- ---------- -----------
1 Disabled Shutdown Normal
2 Disabled Shutdown Normal
3 Disabled Shutdown Normal
DGS-3620-28PC:admin#
228
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 14 Cable Diagnostics
Commands
cable_diag ports [<portlist> | all]
14-1 cable_diag ports
Description
This command is used to test copper cabling.
For 10/100Based-TX link speed RJ45 cables, two pairs of cables will be diagnosed.
For 1000Base-T link speed RJ45 cables, four pairs of cables will be diagnosed.
The type of cable errors can be open, short, or crosstalk.
• Open means that the cable in the error pair does not have a connection at the specified position.
• Short means that the cables in the error pair has a short problem at the specified position.
• Crosstalk means that the cable in the error pair has a crosstalk problem at the specified position.
For Gigabit Ethernet ports:
• Where the link partner is powered on with no errors and the link is up, this command can detect the cable length.
• Where the link partner is powered on with errors, this command can detect whether the error is open, short, or crosstalk. In this case this command can also detect the distance of the error.
• Where the link partner is powered down with no errors and the link is down, this command can detect the cable length.
• When the link partner is powered down with errors, this command can detect whether the error is open, short, or crosstalk. In this case this command can also detect the distance of the error.
• When there is no link partner with no errors, this command cannot detect the cable length.
• When there is no link partner with errors, this command can detect whether the error is open, short, or crosstalk. In this case this command can also detect the distance of the error.
The Cable length range that can be detected is as follows:
• Smaller than 50m (<50m)
• Between 50m and 80m (50m~80m)
229
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
• Between 80m and 100m (80m~100m)
• Greater than 100m (>100m)
Note: This test will consume a low number of packets. Since this test is for copper cable, the port with fiber cable will be skipped from the test.
Format cable_diag ports [<portlist> | all]
Parameters
Restrictions
None.
<portlist> - Enter a range of ports to be configured.
all – Specify to set all ports in the system.
Example
To test the cable on ports 1 to 4, and 8:
230
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# cable_diag ports 1:1-1:10,1:21
Command: cable_diag ports 1:1-1:10,1:21
Perform Cable Diagnostics ...
Port Type Link Status Test Result Cable Length
(M)
------ ---------- ------------- ---------------------------- ------------
1:1 1000BASE-T Link Up OK 65
1:2 1000BASE-T Link Up OK -
1:3 1000BASE-T Link Down Shutdown 25
1:4 1000BASE-T Link Down Shutdown -
1:5 1000BASE-T Link Down Unknown -
1:6 1000BASE-T Link Down Pair 1 Crosstalk at 30M -
Pair 2 Crosstalk at 30M
Pair 3 OK at 110M
Pair 4 OK at 110M
1:7 1000BASE-T Link Down NO Cable -
1:8 1000BASE-T Link Down Pair 1 Open at 16M -
Pair 2 Open at 16M
Pair 3 OK at 50M
Pair 4 OK at 50M
1:9 1000BASE-T Link Down Pair 1 Short at 5M -
Pair 2 Short at 5M
Pair 3 OK at 110M
Pair 4 OK at 110M
1:10 1000BASE-T Link Down Pair 1 Unknown -
Pair 2 Short at 5M
Pair 3 OK at 110M
Pair 4 OK at 110M
1:21 1000BASE-X Link Up Unknown -
DGS-3620-28PC:admin#
231
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 15 CFM Commands
create cfm md <string 22> {md_index <uint 1-4294967295>} level <int 0-7>
config cfm md [<string 22> | md_index <uint 1-4294967295>] {mip [none | auto | explicit] | sender_id [none | chassis | manage | chassis_manage]}(1)
create cfm ma <string 22> {ma_index <uint 1-4294967295>} md [<string 22> | md_index <uint 1-
4294967295>]
config cfm ma [<string 22> | ma_index <uint 1-4294967295>] md [<string 22> | md_index <uint 1-
4294967295>] {vlanid <vlanid 1-4094> | mip [none | auto | explicit | defer] | sender_id [none | chassis | manage | chassis_manage | defer] | ccm_interval [3.3ms | 10ms | 100ms | 1sec |
10sec | 1min | 10min] | mepid_list [add | delete] <mepid_list 1-8191> | mode [software | hardware]}(1)
create cfm mep <string 32> mepid <int 1-8191> md [<string 22> | md_index <uint 1-
4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>] direction [inward | outward] port <port>
config cfm mep [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-
4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {state [enable | disable] | ccm [enable | disable] | pdu_priority <int 0-7> | fault_alarm [all | mac_status | remote_ccm | error_ccm | xcon_ccm | none] | alarm_time <centisecond 250-1000> | alarm_reset_time
<centisecond 250-1000>}(1)
delete cfm mep [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-
4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]
delete cfm ma [<string 22> | ma_index <uint 1-4294967295>] md [<string 22> | md_index <uint 1-
4294967295>]
delete cfm md [<string 22> | md_index <uint 1-4294967295>]
enable cfm disable cfm
config cfm ports <portlist> state [enable | disable]
show cfm ports <portlist>
show cfm {[md [<string 22> | md_index <uint 1-4294967295>] {ma [<string 22> | ma_index <uint
1-4294967295>] {mepid <int 1-8191>}} | mepname <string 32>]}
show cfm fault {md [<string 22> | md_index <uint 1-4294967295>] {ma [<string 22> | ma_index
<uint 1-4294967295>]}}
show cfm port <port> {level <int 0-7> | direction [inward | outward] | vlanid <vlanid 1-4094>}
cfm lock md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-
4294967295>] mepid <int 1-8191> remote_mepid <int 1-8191> action [start | stop]
cfm loopback <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {num
<int 1-65535> | [length <int 0-1500> | pattern <string 1500>] | pdu_priority <int 0-7>}
cfm linktrace <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index
<uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {ttl <int 2-255> | pdu_priority <int 0-7>}
show cfm linktrace [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint
1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {trans_id <uint>}
delete cfm linktrace {[md [<string 22> | md_index <uint 1-4294967295>] {ma [<string 22> | ma_index <uint 1-4294967295>] {mepid <int 1-8191>}} | mepname <string 32>]}
config cfm mp_ltr_all [enable | disable]
show cfm mipccm show cfm mp_ltr_all
show cfm pkt_cnt {[ports <portlist> {[rx | tx]} | [rx | tx] | ccm]}
clear cfm pkt_cnt {[ports <portlist> {[rx | tx]} | [rx | tx] | ccm]}
show cfm remote_mep [mepname <string 32> | md [<string 22> | md_index <uint 1-
4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>] mepid <int 1-8191>] remote_mepid <int 1-8191>
config cfm ais md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index
232
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<uint 1-4294967295>] mepid <int 1-8191> {period [1sec | 1min] | level <int 0-7> | state
[enable | disable]}
config cfm lock md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index
<uint 1-4294967295>] mepid <int 1-8191> {period [1sec | 1min] | level <int 0-7> | state
[enable | disable]}
config cfm trap [ais | lock] state [enable | disable]
cfm dm <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint
1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {period:interval
[100ms:1sec | 1sec:10sec | 10sec:1min] | percentile <int 0-100> | pdu_priority <int 0-7>}
cfm lm <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint
1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {period [100ms | 1sec |
10sec] | pdu_priority <int 0-7>}
clear cfm dm {[mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-
4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]} {[results | statistics]}
clear cfm lm {[mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-
4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]} {[results | statistics]}
config cfm dm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-
4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] state [enable | disable]
config cfm lm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-
4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] state [enable | disable]
show cfm dm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-
4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]
show cfm lm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-
4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]
15-1 create cfm md
Description
This command is used to create a CFM maintenance domain.
Format create cfm md <string 22> {md_index <uint 1-4294967295>} level <int 0-7>
Parameters
<string 22> - Enter the maintenance domain name used here. This name can be up to 22 characters long.
md_index - Specifies the maintenance domain index used.
<uint 1-4294967295> - Enter the maintenace domain index value used here. This value must be between 1 and 4294967295.
level - Specifies the maintenance domain level.
<int 0-7> - Enter the maintenance domain level from 0 to 7.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To create a CFM maintenance domain called “op_domain” and assign a maintenance domain level of “2”:
233
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#create cfm md op_domain level 2
Command: create cfm md op_domain level 2
Success.
DGS-3620-28PC:admin#
15-2 config cfm md
Description
This command is used to configure the parameters of a maintenance domain. The creation of
MIPs on an MA is useful to trace the link, MIP by MIP. It also allows the user to perform a loopback from an MEP to an MIP.
Format config cfm md [<string 22> | md_index <uint 1-4294967295>] {mip [none | auto | explicit] | sender_id [none | chassis | manage | chassis_manage]}(1)
Parameters
<string 22> - Enter the maintenance domain name used here. This name can be up to 22 characters long.
md_index - Specifies the maintenance domain index used.
<uint 1-4294967295> - Enter the maintenace domain index value used here. This value must be between 1 and 4294967295.
mip - (Optional) This is the control creations of MIPs.
none - Do not create MIPs. This is the default value.
auto - MIPs can always be created on any port in this MD if the port is not configured with an
MEP of this MD.
explicit - MIPs can only be created on any port in this MD if the next existing lower level has an MEP configured on that port, and that port is not configured with an MEP of this MD.
sender_id - (Optional) This is the control transmission of the sender ID TLV.
none - Do not transmit the sender ID TLV. This is the default value.
chassis - Transmit the sender ID TLV with the chassis ID information.
manage - Transmit the sender ID TLV with the managed address information.
chassis_manage - Transmit the sender ID TLV with chassis ID information and manage address information.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To configure the maintenance domain called “op_domain” and specify the explicit option for creating MIPs:
DGS-3620-28PC:admin#config cfm md op_domain mip explicit
Command: config cfm md op_domain mip explicit
Success.
234
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#
15-3 create cfm ma
Description
This command is used to create a maintenance association. Different MAs in a MD must have different MA Names. Different MAs in different MDs may have the same MA Name.
Format create cfm ma <string 22> {ma_index <uint 1-4294967295>} md [<string 22> | md_index
<uint 1-4294967295>]
Parameters
<string 22> - Enter the maintenance association name used here. This name can be up to 22 characters long.
ma_index - Specifies the maintenance association index used.
<uint 1-4294967295> - Enter the maintenance association index value used here. This value must be between 1 and 4294967295.
md - Specifies the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index - Specifies the maintenance domain index used.
<uint 1-4294967295> - Enter the maintenance domain index value used here. This value must be between 1 and 4294967295.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To create a maintenance association called “op1” and assign it to the maintenance domain
“op_domain”:
DGS-3620-28PC:admin#create cfm ma op1 md op_domain
Command: create cfm ma op1 md op_domain
Success.
DGS-3620-28PC:admin#
15-4 config cfm ma
Description
This command is used to configure the parameters of a maintenance association. The MEP list specified for an MA can be located in different devices. MEPs must be created on the ports of these devices explicitly. An MEP will transmit a CCM packet periodically across the MA. The receiving MEP will verify these received CCM packets from the other MEPs against this MEP list for the configuration integrity check.
235
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config cfm ma [<string 22> | ma_index <uint 1-4294967295>] md [<string 22> | md_index
<uint 1-4294967295>] {vlanid <vlanid 1-4094> | mip [none | auto | explicit | defer] | sender_id
[none | chassis | manage | chassis_manage | defer] | ccm_interval [3.3ms | 10ms | 100ms |
1sec | 10sec | 1min | 10min] | mepid_list [add | delete] <mepid_list 1-8191> | mode [software
| hardware]}(1)
Parameters
<string 22> - Enter the maintenance association name. The maximum length is 22 characters.
ma_index - Specifies the maintenance association index used.
<uint 1-4294967295> - Enter the maintenance association index value used here. This value must be between 1 and 4294967295.
md - Specifies the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index - Specifies the maintenance domain index used.
<uint 1-4294967295> - Enter the maintenance domain index value used here. This value must be between 1 and 4294967295.
vlanid - (Optional) Specifies the VLAN Identifier. Different MAs must be associated with different
VLANs.
<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.
mip - (Optional) This is the control creation of MIPs.
none - Do not create MIPs.
auto - MIPs can always be created on any port in this MA if that port is not configured with an
MEP of that MA.
explicit - MIPs can be created on any ports in this MA only if the next existing lower level has an MEP configured on that port, and that port is not configured with an MEP of this MA.
defer - Inherit the setting configured for the maintenance domain that this MA is associated with. This is the default value.
sender_id - (Optional) This is the control transmission of the sender ID TLV.
none - Do not transmit the sender ID TLV.
chassis - Transmit the sender ID TLV with the chassis ID information.
manage - Transmit the sender ID TLV with the manage address information.
chassis_manage - Transmit the sender ID TLV with the chassis ID information and the manage address information.
defer - Inherit the setting configured for the maintenance domain that this MA is associated with.
ccm_interval - (Optional) Specifies the CCM interval.
3.3ms - 3.3 milliseconds. Only work in CFM hardware mode.
10ms - 10 milliseconds. Only works in CFM hardware mode.
100ms - 100 milliseconds. Not recommended in CFM software mode.
1sec - One second.
10sec - Ten seconds. This is the default value.
1min - One minute.
10min - Ten minutes.
mepid_list - (Optional) Specifies the MEPIDs contained in the maintenance association.
add - Add MEPID(s).
delete - Delete MEPID(s).
<mepid_list 1-8191> - Enter the MEPIDs contained in the maintenance association. The range of the MEPID is 1 to 8191.
mode - (Optional) Specifies the mode of the MA.
software - Specifies that the MA will work in the CFM software mode. This is the default value.
hardware - Specifies that the MA will work in the CFM hardware mode.
236
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To configure the parameters of a maintenance association:
DGS-3620-28PC:admin#config cfm ma op1 md op_domain vlanid 1 ccm_interval 1sec
Command: config cfm ma op1 md op_domain vlanid 1 ccm_interval 1sec
Success.
DGS-3620-28PC:admin#
15-5 create cfm mep
Description
This command is used to create an MEP entry. Different MEPs in the same MA must have a different MEPID. To put MD name, MA name, and MEPID together identifies an MEP. Different
MEPs on the same device must have a different MEP name. Before creating an MEP, its MEPID should be configured in the MA’s MEPID list.
Format create cfm mep <string 32> mepid <int 1-8191> md [<string 22> | md_index <uint 1-
4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>] direction [inward | outward] port <port>
Parameters
<string 32> - Enter the MEP name used here. It is unique among all MEPs configured on the device. The name can be up to 32 characters long.
mepid - Specifies the MEP MEPID. It should be configured in the MA’s MEPID list.
<int 1-8191> - Enter the MEP MEPID between 1 and 8191.
md - Specifies the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index - Specifies the maintenance domain index.
<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.
ma - Specifies the maintenance association name.
<string 22> - Enter the maintenance association name. The maximum length is 22 characters.
ma_index - Specifies the maintenance association index.
<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.
direction - Specifies the MEP direction.
inward - Inward facing (up) MEP.
outward - Outward facing (down) MEP.
port - Specifies the port number. This port should be a member of the MA’s associated VLAN.
<port> - Enter a port.
237
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To create an MEP:
DGS-3620-28PC:admin#create cfm mep mep1 mepid 1 md op_domain ma op1 direction inward port 2
Command: create cfm mep mep1 mepid 1 md op_domain ma op1 direction inward port
2
Success.
DGS-3620-28PC:admin#
15-6 config cfm mep
Description
This command is used to configure the parameters of an MEP. An MEP may generate five types of
Fault Alarms, as shown below by their priorities from high to low:
1. Cross-connect CCM Received: priority 5
2. Error CCM Received: priority 4
3. Some Remote MEPs Down: priority 3
4. Some Remote MEP MAC Status Errors: priority 2
5. Some Remote MEP Defect Indications: priority 1
If multiple types of the fault occur on an MEP, only the fault with the highest priority will be alarmed.
Format config cfm mep [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index
<uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {state [enable | disable] | ccm [enable | disable] | pdu_priority <int 0-7> | fault_alarm [all | mac_status | remote_ccm | error_ccm | xcon_ccm | none] | alarm_time <centisecond 250-1000> | alarm_reset_time <centisecond 250-1000>}(1)
Parameters
mepname - Specifies the MEP name.
<string 32> - Enter the MEP name. The maximum length is 32 characters.
mepid - Specifies the MEP MEPID.
<int 1-8191> - Enter the MEP MEPID between 1 and 8191.
md - Specifies the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index - Specifies the maintenance domain index.
<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.
ma - Specifies the maintenance association name.
<string 22> - Enter the maintenance association name. The maximum length is 22
238
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
characters.
ma_index - Specifies the maintenance association index.
<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.
state - Specifies the MEP administrative state. The default is disable.
enable - Enable MEP.
disable - Disable MEP.
ccm - Specifies the CCM transmission state. The default is disable.
enable - Enable the CCM transmission.
disable - Disable the CCM transmission.
pdu_priority - The 802.1p priority is set in the CCM and the LTM messages transmitted by the
MEP. The default value is 7.
<int 0-7> - Enter the value between 0 and 7.
fault_alarm - This is the control types of the fault alarms sent by the MEP. The default value is none.
all - All types of fault alarms will be sent.
mac_status - Only the fault alarms whose priority is equal to or higher than “Some Remote
MEP MAC Status Errors” are sent.
remote_ccm - Only the fault alarms whose priority is equal to or higher than “Some Remote
MEPs Down” are sent.
error_ccm - Only the fault alarms whose priority is equal to or higher than “Error CCM
Received” are sent.
xcon_ccm - Only the fault alarms whose priority is equal to or higher than “Cross-connect
CCM Received” are sent.
none - No fault alarm is sent.
alarm_time - Specifies the time that a defect must exceed before the fault alarm can be sent.
The unit is centiseconds. The default value is 250.
<centisecond 250-1000> - Enter the time that a defect must exceed before the fault alarm can be sent. The unit is centiseconds. The range is 250 to 1000.
alarm_reset_time - Specifies the dormant duration time before a defect is triggered before the fault can be re-alarmed. The unit is centiseconds. The default value is 1000.
<centisecond 250-1000> - Enter the dormant duration time before a defect is triggered before the fault can be re-alarmed. The unit is centiseconds. The range is 250 to 1000.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To configure the parameters of an MEP:
DGS-3620-28PC:admin#config cfm mep mepname mep1 state enable ccm enable
Command: config cfm mep mepname mep1 state enable ccm enable
Success.
DGS-3620-28PC:admin#
15-7 delete cfm mep
Description
This command is used to delete a previously created MEP.
239
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format delete cfm mep [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index
<uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]
Parameters
mepname - Specifies the MEP name.
<string 32> - Enter the MEP name. The maximum length is 32 characters.
mepid - Specifies the MEP MEPID.
<int 1-8191> - Enter the MEP MEPID between 1 and 8191.
md - Specifies the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index - Specifies the maintenance domain index.
<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.
ma - Specifies the maintenance association name.
<string 22> - Enter the maintenance association name. The maximum length is 22 characters.
ma_index - Specifies the maintenance association index.
<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To delete a previously created MEP:
DGS-3620-28PC:admin#delete cfm mep mepname mep1
Command: delete cfm mep mepname mep1
Success.
DGS-3620-28PC:admin#
15-8 delete cfm ma
Description
This command is used to delete a created maintenance association.
Format delete cfm ma [<string 22> | ma_index <uint 1-4294967295>] md [<string 22> | md_index
<uint 1-4294967295>]
Parameters
<string 22> - Enter the maintenance association name. The maximum length is 22 characters.
ma_index - Specifies the maintenance association index.
240
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.
md - Specifies the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index - Specifies the maintenance domain index.
<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To delete a created maintenance association:
DGS-3620-28PC:admin#delete cfm ma op1 md op_domain
Command: delete cfm ma op1 md op_domain
Success.
DGS-3620-28PC:admin#
15-9 delete cfm md
Description
This command is used to delete a previously created maintenance domain. When the command is executing, all the MEPs and maintenance associations created in the maintenance domain will be deleted automatically.
Format delete cfm md [<string 22> | md_index <uint 1-4294967295>]
Parameters
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index - Specifies the maintenance domain index.
<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To delete a previously created maintenance domain:
DGS-3620-28PC:admin#delete cfm md op_domain
Command: delete cfm md op_domain
241
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Success.
DGS-3620-28PC:admin#
15-10 enable cfm
Description
This command is used to enable the CFM globally.
Format enable cfm
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To enable the CFM globally:
DGS-3620-28PC:admin#enable cfm
Command: enable cfm
Success.
DGS-3620-28PC:admin#
15-11 disable cfm
Description
This command is used to disable the CFM globally.
Format disable cfm
Parameters
None.
242
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To disable the CFM globally:
DGS-3620-28PC:admin#disable cfm
Command: disable cfm
Success.
DGS-3620-28PC:admin#
15-12 config cfm ports
Description
This command is used to enable or disable the CFM function on a per-port basis. By default, the
CFM function is disabled on all ports. If the CFM is disabled on a port:
• MIPs are never created on that port.
• MEPs can still be created on that port, and the configuration can be saved.
• MEPs created on that port can never generate or process CFM PDUs. If the user issues a
Loopback or Link trace test on those MEPs, it will prompt the user to inform them that the
CFM function is disabled on that port
Format config cfm ports <portlist> state [enable | disable]
Parameters
<portlist> - Enter the logical port list.
state - Specifies the CFM function status.
enable - Specifies to enable the CFM function.
disable - Specifies to disable the CFM function.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To enable the CFM function on ports 2 to 5:
DGS-3620-28PC:admin#config cfm ports 2-5 state enable
Command: config cfm ports 2-5 state enable
Success.
243
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#
15-13 show cfm ports
Description
This command is used to display the CFM state of specified ports.
Format show cfm ports <portlist>
Parameters
<portlist> - Enter the logical port list.
Restrictions
None. (EI Mode Only Command)
Example
To display the CFM state for ports 3 to 6:
DGS-3620-28PC:admin#show cfm ports 3-6
Command: show cfm ports 3-6
Port State
----- -------
3 Enabled
4 Enabled
5 Enabled
6 Enabled
DGS-3620-28PC:admin#
15-14 show cfm
Description
This command is used to display the CFM configuration.
Format show cfm {[md [<string 22> | md_index <uint 1-4294967295>] {ma [<string 22> | ma_index
<uint 1-4294967295>] {mepid <int 1-8191>}} | mepname <string 32>]}
Parameters
md - (Optional) Specifies the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
244
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
md_index - Specifies the maintenance domain index.
<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.
ma - (Optional) Specifies the maintenance association name.
<string 22> - Enter the maintenance association name. The maximum length is 22 characters.
ma_index - Specifies the maintenance association index.
<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.
mepid - (Optional) Specifies the MEPID.
<int 1-8191> - Enter the MEP MEPID between 1 and 8191.
mepname - (Optional) Specifies the MEP name.
<string 32> - Enter the MEP name. The maximum length is 32 characters.
Restrictions
None. (EI Mode Only Command)
Example
To display the CFM configuration:
DGS-3620-28PC:admin# show cfm
Command: show cfm
CFM State: Enabled
AIS Trap State: Disabled
LCK Trap State: Disabled
MD Index MD Name Level
---------- ---------------------- -----
1 cu-domain 5
2 op-domain 3
111 111 2
DGS-3620-28PC:admin#
15-15 show cfm fault
Description
This command is used to display all the fault conditions detected by the MEPs contained in the specified MA or MD. The display provides the overview of the fault status by MEPs.
Format show cfm fault {md [<string 22> | md_index <uint 1-4294967295>] {ma [<string 22> | ma_index <uint 1-4294967295>]}}
Parameters
md - (Optional) Specifies the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index - Specifies the maintenance domain index.
245
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.
ma - (Optional) Specifies the maintenance association name.
<string 22> - Enter the maintenance association name. The maximum length is 22 characters.
ma_index - Specifies the maintenance association index.
<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.
Restrictions
None. (EI Mode Only Command)
Example
To display the MEPs that have faults:
DGS-3620-28PC:admin#show cfm fault
Command: show cfm fault
MD Name MA Name MEPID Status AIS Status LCK Status
----------- ----------- ----- ---------------------- ------------ ------------ op_domain op1 1 Error CCM Received Normal Normal
DGS-3620-28PC:admin#
15-16 show cfm port
Description
This command is used to display MEPs and MIPs created on a port.
Format show cfm port <port> {level <int 0-7> | direction [inward | outward] | vlanid <vlanid 1-4094>}
Parameters
<port> - Enter the port number.
level - (Optional) Specifies the maintenance domain level. If not specified, all levels are shown.
<int 0-7> - Enter the value between 0 and 7.
direction - (Optional) Specifies the MEP direction.
inward - Specifies inward facing MEP.
outward - Specifies outward facing MEP.
vlanid - (Optional) Specifies the VLAN identifier. If not specified, all VLANs are displayed.
<vlanid 1-4094> - Enter the VLAN ID between 1 and 4094.
Restrictions
None. (EI Mode Only Command)
Example
To display a CFM port:
246
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#show cfm port 1
Command: show cfm port 1
MAC Address: 00-05-78-82-32-01
MD Name MA Name MEPID Level Direction VID
----------- ---------- ------- ------- --------- --- op_domain op1 1 2 inward 2 cust_domain cust1 8 4 inward 2 serv_domain serv2 MIP 3 2
DGS-3620-28PC:admin#
15-17 cfm lock md
Description
This command is used to start/stop cfm management lock. This command will result in the MEP sends a LCK PDU to client level MEP.
Format cfm lock md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index <uint
1-4294967295>] mepid <int 1-8191> remote_mepid <int 1-8191> action [start | stop]
Parameters
md - Specifies the maintenance domain name.
<string 22> - Enter the maintenance domain name here. This name can be up to 22 characters long.
md_index – Specifies the MD index value used.
<uint 1-4294967295> - Enter the MD index value used here. This value must be between
1 and 4294967295.
ma - Specifies the maintenance association name.
<string 22> - Enter the maintenance association name here. This name can be up to 22 characters long.
ma_index – Specifies the MA index value used.
<uint 1-4294967295> - Enter the MA index value used here. This value must be between
1 and 4294967295.
mepid - The MEP ID in the MD which sends LCK frame.
<int 1-8191> - Enter the MEP ID value here. This value must be between 1 and 8191.
remote_mepid - The peer MEP is the target of management action.
<int 1-8191> - Enter the remote MEP ID used here. This value must be between 1 and 8191.
action - Specifies to start or to stop the management lock function.
start - Specifies to start the management lock function.
stop - Specifies to stop the management lock function.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
247
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To start management lock:
DGS-3620-28PC:admin# cfm lock md op-domain ma op-ma mepid 1 remote_mepid 2 action start
Command: cfm lock md op-domain ma op-ma mepid 1 remote_mepid 2 action start
Success.
DGS-3620-28PC:admin#
15-18 cfm loopback
Description
This command is used to start a CFM loopback test. Press Ctrl+C to exit the loopback test. The
MAC address represents the destination MEP or MIP that can be reached by this MAC address.
The MEP represents the source MEP to initiate the loopback message.
Format cfm loopback <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {num <int
1-65535> | [length <int 0-1500> | pattern <string 1500>] | pdu_priority <int 0-7>}
Parameters
<macaddr> - Enter the destination MAC address.
mepname - Specifies the MEP name.
<string 32> - Enter the MEP name. The maximum length is 32 characters.
mepid - (Optional) Specifies the MEPID.
<int 1-8191> - Enter the MEP MEPID between 1 and 8191.
md - (Optional) Specifies the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index – Specifies the MD index value used.
<uint 1-4294967295> - Enter the MD index value used here. This value must be between
1 and 4294967295.
ma - (Optional) Specifies the maintenance association name.
<string 22> - Enter the maintenance association name. The maximum length is 22 characters.
ma_index – Specifies the MA index value used.
<uint 1-4294967295> - Enter the MA index value used here. This value must be between
1 and 4294967295.
num - (Optional) Specifies the number of LBMs to be sent. The default value is 4.
<int 1-65535> - Enter the value between 1 and 65535.
length - (Optional) Specifies the payload length of the LBM to be sent. The default is 0.
<int 0-1500> - Enter the value between 0 and 1500.
pattern - (Optional) Specifies an amount of data to be included in a Data TLV, along with an indication whether the Data TLV is to be included.
<string 1500> - Enter the pattern value used here. This value can be up to 1500 characters long.
pdu_priority - (Optional) Specifies the 802.1p priority to be set in the transmitted LBMs. If not specified, it uses the same priority as CCMs and LTMs sent by the MA
<int 0-7> - Enter the value between 0 and 7.
248
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
None. (EI Mode Only Command)
Example
To start a CFM loopback test:
DGS-3620-28PC:admin# cfm loopback 00-02-03-04-12-19 mepname op-mep1
Command: cfm loopback 00-02-03-04-12-19 mepname op-mep1
Reply from 00-02-03-04-12-19: bytes=0 time<10ms
Reply from 00-02-03-04-12-19: bytes=0 time<10ms
Reply from 00-02-03-04-12-19: bytes=0 time<10ms
Reply from 00-02-03-04-12-19: bytes=0 time<10ms
CFM loopback statistics for 00-02-03-04-12-19:
Packets: Sent=4, Received=4, Lost=0(0% loss).
DGS-3620-28PC:admin#
15-19 cfm linktrace
Description
This command is used to issue a CFM link track message.
Format cfm linktrace <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {ttl <int 2-
255> | pdu_priority <int 0-7>}
Parameters
<macaddr> - Enter the destination MAC address.
mepname - Specifies the MEP name.
<string 32> - Enter the MEP name. The maximum length is 32 characters.
mepid - (Optional) Specifies the MEPID.
<int 1-8191> - Enter the MEP MEPID between 1 and 8191.
md - (Optional) Specifies the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index – Specifies the MD index value used.
<uint 1-4294967295> - Enter the MD index value used here. This value must be between
1 and 4294967295.
ma - (Optional) Specifies the maintenance association name.
<string 22> - Enter the maintenance association name. The maximum length is 22 characters.
ma_index – Specifies the MA index value used.
<uint 1-4294967295> - Enter the MA index value used here. This value must be between
1 and 4294967295.
ttl - (Optional) Specifies the link trace message TTL value. The default value is 64.
<int 2-255> - Enter the link trace message TTL value. Enter a value between 2 and 255.
pdu_priority - (Optional) Specifies the 802.1p priority to be set in the transmitted LBMs. If not specified, it uses the same priority as CCMs and LTMs sent by the MA.
249
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<int 0-7> - Enter the 802.1p priority to be set in the transmitted LBMs. If not specified, it uses the same priority as CCMs and LTMs sent by the MA. Enter a value between 0 and 7.
Restrictions
None. (EI Mode Only Command)
Example
To transmit a LTM:
DGS-3620-28PC:admin#cfm linktrace 00-01-02-03-04-05 mepname mep1
Command: cfm linktrace 00-01-02-03-04-05 mepname mep1
Transaction ID: 26
Success.
DGS-3620-28PC:admin#
15-20 show cfm linktrace
Description
This command is used to display the link trace responses. The maximum linktrace responses a device can hold is 128.
Format show cfm linktrace [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index
<uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {trans_id <uint>}
Parameters
mepname - Specifies the MEP name.
<string 32> - Enter the MEP name. The maximum length is 32 characters.
mepid - (Optional) Specifies the MEPID.
<int 1-8191> - Enter the MEP MEPID between 1 and 8191.
md - (Optional) Specifies the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index - Specifies the maintenance domain index.
<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.
ma - (Optional) Specifies the maintenance association name.
<string 22> - Enter the maintenance association name. The maximum length is 22 characters.
ma_index - Specifies the maintenance association index.
<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.
trans_id - (Optional) The identifier of the transaction to be displayed.
<uint> - The identifier of the transaction to be displayed.
Restrictions
None. (EI Mode Only Command)
250
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To display a CFM linktrace reply:
DGS-3620-28PC:admin#show cfm linktrace mepname mep1
Command: show cfm linktrace mepname mep1
Trans ID Source MEP Destination
-------- ------------- ------------------
26 mep1 XX-XX-XX-XX-XX-XX
DGS-3620-28PC:admin#
To display a CFM linktrace reply:
DGS-3620-28PC:admin# show cfm linktrace mepname mep trans_id 0
Command: show cfm linktrace mepname mep trans_id 0
Transaction ID: 0
From MEP mep to 00-15-72-20-91-09
Start Time : 2010-12-31 00:51:49
Hop MEPID Ingress MAC Address Egress MAC Address Forwarded Relay Action
--- ----- ------------------- ------------------- --------- ------------
1 - 00-00-00-00-00-00 00-01-02-00-01-14 Yes FDB
2 2 00-15-72-20-91-14 00-15-72-20-91-09 No Hit
DGS-3620-28PC:admin#
15-21 delete cfm linktrace
Description
This command is used to delete the stored link trace response data that have been initiated by the specified MEP.
Format delete cfm linktrace {[md [<string 22> | md_index <uint 1-4294967295>] {ma [<string 22> | ma_index <uint 1-4294967295>] {mepid <int 1-8191>}} | mepname <string 32>]}
Parameters
md - (Optional) Specifies the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index – Specifies the MD index value used.
<uint 1-4294967295> - Enter the MD index value used here. This value must be between
1 and 4294967295.
ma - (Optional) Specifies the maintenance association name.
<string 22> - Enter the maintenance association name. The maximum length is 22 characters.
ma_index – Specifies the MA index value used.
<uint 1-4294967295> - Enter the MA index value used here. This value must be
251
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
between 1 and 4294967295.
mepid - (Optional) Specifies the MEPID.
<int 1-8191> - Enter the MEP MEPID between 1 and 8191.
mepname - (Optional) Specifies the MEP name.
<string 32> - Enter the MEP name. The maximum length is 32 characters.
Restrictions
None. (EI Mode Only Command)
Example
To delete the CFM link trace reply:
DGS-3620-28PC:admin#delete cfm linktrace mepname mep1
Command: delete cfm linktrace mepname mep1
Success.
DGS-3620-28PC:admin#
15-22 config cfm mp_ltr_all
Description
This command is to enable or disable the "all MPs reply LTRs" function. This function is for test purposes. According to IEEE 802.1ag, a Bridge replies with one LTR to an LTM. This command can make all MPs on the LTM’s forwarding path reply with LTRs, no matter whether they are on a
Bridge or not.
Format config cfm mp_ltr_all [enable | disable]
Parameters
enable - Enable this feature.
disable - Disable this feature.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To enable the all-MPs-reply-to-LTR function:
DGS-3620-28PC:admin#config cfm mp_ltr_all enable
Command: config cfm mp_ltr_all enable
Success.
252
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#
15-23 show cfm mipccm
Description
This command is used to display the MIP CCM database entries. All entries in the MIP CCM database will be displayed. An MIP CCM entry is similar to an FDB which keeps the forwarding port information of a MAC entry.
Format show cfm mipccm
Parameters
None.
Restrictions
None. (EI Mode Only Command)
Example
To display the MIP CCM database entries:
DGS-3620-28PC:admin#show cfm mipccm
Command: show cfm mipccm
MA VID MAC Address Port
------------------------ ---- -------------------- ------- opma 1 XX-XX-XX-XX-XX-XX-XX 2 opma 1 XX-XX-XX-XX-XX-XX-XX 3
Total: 2
DGS-3620-28PC:admin#
15-24 show cfm mp_ltr_all
Description
This command is used to display the current configuration of the "all MPs reply LTRs" function.
This command is for test purposes.
Format show cfm mp_ltr_all
Parameters
None.
253
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
None. (EI Mode Only Command)
Example
To display the configuration of the all-MPs-reply-to-LTR function:
DGS-3620-28PC:admin#show cfm mp_ltr_all
Command: show cfm mp_ltr_all
All MPs reply LTRs: Disabled
DGS-3620-28PC:admin#
15-25 show cfm pkt_cnt
Description
This command is used to display the CFM packet’s RX/TX counters.
Format show cfm pkt_cnt {[ports <portlist> {[rx | tx]} | [rx | tx] | ccm]}
Parameters
ports - (Optional) Specifies the port counters to display. If not specified, all ports will be displayed.
<portlist> - Enter a list of ports.
rx - (Optional) Display the RX counter. If not specified, both the RX and TX counters will be displayed.
tx - (Optional) Display the TX counter. If not specified, both the RX and TX counters will be displayed.
rx - (Optional) Display the RX counter. If not specified, both the RX and TX counters will be displayed.
tx - (Optional) Display the TX counter. If not specified, both the RX and TX counters will be displayed.
ccm - (Optional) Display the CCM RX counters.
Restrictions
None. (EI Mode Only Command)
Example
To display CFM packet RX/TX counters for ports 1 to 2:
DGS-3620-28PC:admin#show cfm pkt_cnt ports 1-2
Command: show cfm pkt_cnt ports 1-2
CFM RX Statistics
------------------------------------------------------------------------------
254
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Port AllPkt CCM LBR LBM LTR LTM VidDrop OpcoDrop
----- -------- -------- -------- --------- ------ ------- -------- --------
All 0 0 0 0 0 0 0 0
1 0 0 0 0 0 0 0 0
2 0 0 0 0 0 0 0 0
CFM TX Statistics
----------------------------------------------------------
Port AllPkt CCM LBR LBM LTR LTM
----- -------- -------- -------- --------- ------ -------
All 0 0 0 0 0 0
1 0 0 0 0 0 0
2 0 0 0 0 0 0
DGS-3620-28PC:admin#
15-26 clear cfm pkt_cnt
Description
This command is used to clear the CFM packet’s RX/TX counters.
Format clear cfm pkt_cnt {[ports <portlist> {[rx | tx]} | [rx | tx] | ccm]}
Parameters
ports - (Optional) Specifies the port counters to clear. If not specified, all ports will be cleared.
<portlist> - Enter a list of ports.
rx - (Optional) Clear the RX counter. If not specified, both the RX and TX counters will be cleared.
tx - (Optional) Clear the TX counter. If not specified, both the RX and TX counters will be cleared.
rx - (Optional) Clear the RX counter. If not specified, both the RX and TX counters will be cleared.
tx - (Optional) Clear the TX counter. If not specified, both the RX and TX counters will be cleared.
ccm - (Optional) Clear The CCM RX counters.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To clear all the CFM packet RX/TX counters:
DGS-3620-28PC:admin#clear cfm pkt_cnt
Command: clear cfm pkt_cnt
Success.
255
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#
To clear the CFM packet CCM counters:
DGS-3620-28PC:admin#clear cfm pkt_cnt ccm
Command: clear cfm pkt_cnt ccm
Success.
DGS-3620-28PC:admin#
15-27 show cfm remote_mep
Description
This command is used to display CFM remote MEP information.
Format show cfm remote_mep [mepname <string 32> | md [<string 22> | md_index <uint 1-
4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>] mepid <int 1-8191>] remote_mepid <int 1-8191>
Parameters
mepname - Specify the MEP name.
<string 32> - Enter the MEP name. The maximum length is 32 characters.
md - Specify the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index - Specifies the maintenance domain index.
<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.
ma - Specifies the maintenance association name.
<string 22> - Enter the maintenance association name. The maximum length is 22 characters.
ma_index - Specifies the maintenance association index.
<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.
mepid - Specifies the MEPID.
<int 1-8191> - Enter the MEP MEPID between 1 and 8191.
remote_mepid - Specifies the remote MEPID.
<int 1-8191> - Enter the remote MEPID between 1 and 8191.
Restrictions
None. (EI Mode Only Command)
Example
To display CFM remote MEP information:
DGS-3620-28PC:admin#show cfm remote_mep mepname mep1 remote_mepid 2
Command: show cfm remote_mep mepname mep1 remote_mepid 2
256
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Remote MEPID : 2
MAC Address : 00-11-22-33-44-02
Status : OK
RDI : Yes
Port State : Blocked
Interface Name : Down
Last CCM Serial Number : 1000
Send Chassis ID : 00-11-22-33-44-00
Sender Management Address: SNMP-UDP-IPv4 10.90.90.90:161
Detect Time : 2013-08-30 02:59:52
DGS-3620-28PC:admin#
15-28 config cfm ais md
Description
This command is used to configure the parameters of the AIS function on a MEP.
Format config cfm ais md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index
<uint 1-4294967295>] mepid <int 1-8191> {period [1sec | 1min] | level <int 0-7> | state
[enable | disable]}
Parameters
md - Specify the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index - Specifies the maintenance domain index.
<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.
ma - Specifies the maintenance association name.
<string 22> - Enter the maintenance association name. The maximum length is 22 characters.
ma_index - Specifies the maintenance association index.
<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.
mepid - Specifies the MEPID.
<int 1-8191> - Enter the MEP MEPID between 1 and 8191.
period - (Optional) Specifies the transmitting interval of the AIS PDU.
1sec - Specifies that the transmitting interval period will be set to 1 second.
1min - Specifies that the transmitting interval period will be set to 1 minute.
level - (Optional) Specifies the client level ID to which the MEP sends AIS PDU. The default client MD level is the MD level that the most immediate client layer MIPs and MEPs exist on.
<int 0-7> - Enter the client level ID used here. This value must be between 0 and 7.
state - (Optional) Specifies the AIS function state used.
enable - Specifies that AIS function state will be enabled.
disable - Specifies that AIS function state will be disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
257
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure the AIS function so that it is enabled and has a client level of 5:
DGS-3620-28PC:admin# config cfm ais md op-domain ma op-ma mepid 1 state enable level 5
Command: config cfm ais md op-domain ma op-ma mepid 1 state enable level 5
Success.
DGS-3620-28PC:admin#
15-29 config cfm lock md
Description
This command is used to configure the parameters of the LCK function on a MEP.
Format config cfm lock md [<string 22> | md_index <uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>] mepid <int 1-8191> {period [1sec | 1min] | level <int 0-7> | state [enable | disable]}
Parameters
md - Specify the maintenance domain name.
<string 22> - Enter the maintenance domain name. The maximum length is 22 characters.
md_index - Specifies the maintenance domain index.
<uint 1-4294967295> - Enter the maintenance domain index value here. This value must be between 1 and 4294967295.
ma - Specifies the maintenance association name.
<string 22> - Enter the maintenance association name. The maximum length is 22 characters.
ma_index - Specifies the maintenance association index.
<uint 1-4294967295> - Enter the maintenance association index value here. This value must be between 1 and 4294967295.
mepid - Specifies the MEPID.
<int 1-8191> - Enter the MEP MEPID between 1 and 8191.
period - (Optional) Specifies the transmitting interval of the LCK PDU.
1sec - Specifies that the transmitting interval period will be set to 1 second.
1min - Specifies that the transmitting interval period will be set to 1 minute.
level - (Optional) Specifies the client level ID to which the MEP sends LCK PDU. The default client MD level is the MD level that the most immediate client layer MIPs and MEPs exist on.
<int 0-7> - Enter the client level ID used here. This value must be between 0 and 7.
state - (Optional) Specifies the LCK function state used.
enable - Specifies that LCK function state will be enabled.
disable - Specifies that LCK function state will be disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
258
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure the LCK function state as enabled and specify a client level of 5:
DGS-3620-28PC:admin# config cfm lock md op-domain ma op-ma mepid 1 state enable level 5
Command: config cfm lock md op-domain ma op-ma mepid 1 state enable level 5
Success.
DGS-3620-28PC:admin#
15-30 config cfm trap
Description
This command is used to configure the state of the CFM trap.
Format config cfm trap [ais | lock] state [enable | disable]
Parameters
ais - Specifies the AIS trap status to be configured. If the trap status of AIS is enabled, a trap will be sent out when an ETH-AIS event occurs or clears.
lock - Specifies the LCK trap status that to be configured. If the trap status of LCK is enabled, a trap will be sent out wnen an ETH-LCK event occurs or clears.
state – Specify the state of the CFM trap.
enable – Enable the CFM trap state. This is the default.
disable – Disable the CFM trap state.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
DGS-3620-28PC:admin#config cfm trap ais state enable
Command: config cfm trap ais state enable
Success.
DGS-3620-28PC:admin#
15-31 cfm dm
Description
This command is used to start a frame delay measurement test on an MEP. It will result in the
MEP periodically sending a DMM message to a remote MEP in the diagnostic interval. The system will calculate the Frame Delay (FD) and Frame Delay Variation (FDV) based on the received DMR
259
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
messages and the percentile of the frame delay measurement test. To calculate the FDV, continuous received DMR frames are needed.
Users can abort the frame delay measurement test by disable frame delay measurement function on the MEP.
Format cfm dm <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index
<uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {period:interval
[100ms:1sec | 1sec:10sec | 10sec:1min] | percentile <int 0-100> | pdu_priority <int 0-7>}
Parameters
<macaddr> - Enter the destination MAC address.
mepname - Specifies the MEP name.
<string 32> - Enter the MEP name. This name can be up to 32 characters long.
mepid - Specifies the MEP ID.
<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.
md - Specifies the Maintenance Domain name.
<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.
md_index - Specifies the Maintenance Domain index.
<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.
ma - Specifies the Maintenance Association name.
<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.
ma_index - Specifies the Maintenance Association index.
<uint 1-4294967295> - Enter the Maintenance Association index.
period:interval - Specifies the transmission period of DMM message and the diagnostic interval.
100ms:1sec - Specifies the transmission period of 100 milliseconds and the diagnostic interval is one second.
1sec:10sec - Specifies the transmission period of one second and the diagnostic interval is ten seconds. This is the default value.
10sec:1min - Specifies the transmission period of ten seconds and the diagnostic interval is one minute.
percentile - Specifies the percentile of frame delay and frame delay variation measurement.
<int 0-100> - Enter the percentile of frame delay and frame delay variation measurement. This value must be between 1 and 100.
pdu_priority - Specifies the 802.1p priority which is set in the DMM message transmitted by the
MEP.
<int 0-7> - Enter the 802.1p priority which is set in the DMM message transmitted by the
MEP. This value must be between 1 and 7.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To start a frame delay measurement test:
260
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#cfm dm 00-01-02-03-04-05 mepname mep1 period:interval
1sec:10sec percentile 75 pdu_priority 7
Command: cfm dm 00-01-02-03-04-05 mepname mep1 period:interval 1sec:10sec percentile 75 pdu_priority 7
Success.
DGS-3620-28PC:admin#
15-32 cfm lm
Description
This command is used to start a frame loss measurement test.
Format cfm lm <macaddr> [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index
<uint 1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] {period [100ms |
1sec | 10sec] | pdu_priority <int 0-7>}
Parameters
<macaddr> - Enter the destination MAC address.
mepname - Specifies the MEP name.
<string 32> - Enter the MEP name. This name can be up to 32 characters long.
mepid - Specifies the MEP ID.
<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.
md - Specifies the Maintenance Domain name.
<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.
md_index - Specifies the Maintenance Domain index.
<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.
ma - Specifies the Maintenance Association name.
<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.
ma_index - Specifies the Maintenance Association index.
<uint 1-4294967295> - Enter the Maintenance Association index.
period - (Optional) Specifies the transmission period of LMM message.
100ms - Specifies that the transmission period will be 100ms.
1sec - Specifies that the transmission period will be 1sec.
10sec - Specifies that the transmission period will be 10sec.
pdu_priority - (Optional) Specifies the 802.1p priority which is set in the DMM message transmitted by the MEP.
<int 0-7> - Enter the 802.1p priority which is set in the DMM message transmitted by the
MEP. This value must be between 1 and 7.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
261
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To start a frame loss measurement test:
DGS-3620-28PC:admin#cfm lm 00-01-02-03-04-05 mepname mep1 period 1s pdu_priority 7
Command: cfm lm 00-01-02-03-04-05 mepname mep1 period 1sec pdu_priority 7
Success.
DGS-3620-28PC:admin#
15-33 clear cfm dm
Description
This command is used to clear the frame delay measurement information.
Format clear cfm dm {[mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint
1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]} {[results | statistics]}
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
mepname - (Optional) Specifies the MEP name.
<string 32> - Enter the MEP name. This name can be up to 32 characters long.
mepid - (Optional) Specifies the MEP ID.
<int 1-8191> - (Optional) Enter the MEP ID. This value must be between 1 and 8191.
md - (Optional) Specifies the Maintenance Domain name.
<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.
md_index - (Optional) Specifies the Maintenance Domain index.
<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.
ma - (Optional) Specifies the Maintenance Association name.
<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.
ma_index - (Optional) Specifies the Maintenance Association index.
<uint 1-4294967295> - Enter the Maintenance Association index.
results - (Optional) Specifies to clear the stored frame delay measurement results. If none of them is specified, both of them are cleared.
statistics - (Optional) Specifies to clear the stored the statistics of ETH-DM frames (DMM, DMR).
If none of them is specified, both of them are cleared.
Example
To clear the frame delay measurement information.
262
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#clear cfm dm mepname mep1
Command: clear cfm dm mepname mep1
Success.
DGS-3620-28PC:admin#
15-34 clear cfm lm
Description
This command is used to clear the frame loss measurement information.
Format clear cfm lm {[mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint
1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]} {[results | statistics]}
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
mepname - (Optional) Specifies the MEP name.
<string 32> - Enter the MEP name. This name can be up to 32 characters long.
mepid - (Optional) Specifies the MEP ID.
<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.
md - (Optional) Specifies the Maintenance Domain name.
<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.
md_index - (Optional) Specifies the Maintenance Domain index.
<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.
ma - (Optional) Specifies the Maintenance Association name.
<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.
ma_index - (Optional) Specifies the Maintenance Association index.
<uint 1-4294967295> - Enter the Maintenance Association index.
results - (Optional) Specifies to clear the stored frame loss measurement results. If none of them is specified, both of them are cleared.
statistics - (Optional) Specifies to clear the stored statistics of ETH-LM frames (LMM, LMR). If none of them is specified, both of them are cleared.
Example
To clear the frame loss measurement information.
DGS-3620-28PC:admin#clear cfm lm mepname mep1
Command: clear cfm lm mepname mep1
Success.
DGS-3620-28PC:admin#
263
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
15-35 config cfm dm
Description
This command is used to configure the parameters of frame delay measurement function.
Format config cfm dm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint
1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] state [enable | disable]
Parameters
mepname - Specifies the MEP name.
<string 32> - Enter the MEP name. This name can be up to 32 characters long.
mepid - Specifies the MEP ID.
<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.
md - Specifies the Maintenance Domain name.
<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.
md_index - Specifies the Maintenance Domain index.
<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.
ma - Specifies the Maintenance Association name.
<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.
ma_index - Specifies the Maintenance Association index.
<uint 1-4294967295> - Enter the Maintenance Association index.
state - Specifies the administrative state of frame delay measurement function on the MEP.
enable - Specifies that the frame delay measurement function will be enabled.
disable - Specifies that the frame delay measurement function will be disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To configure the administrative state of frame delay measurement function as enabled:
DGS-3620-28PC:admin#config cfm dm mepname mep1 state enable
Command: config cfm dm mepname mep1 state enable
Success.
DGS-3620-28PC:admin#
15-36 config cfm lm
Description
This command is used to configure the parameters of frame loss measurement function.
264
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config cfm lm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint
1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]] state [enable | disable]
Parameters
mepname - Specifies the MEP name.
<string 32> - Enter the MEP name. This name can be up to 32 characters long.
mepid - Specifies the MEP ID.
<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.
md - Specifies the Maintenance Domain name.
<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.
md_index - Specifies the Maintenance Domain index.
<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.
ma - Specifies the Maintenance Association name.
<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.
ma_index - Specifies the Maintenance Association index.
<uint 1-4294967295> - Enter the Maintenance Association index.
state - Specifies the administrative state of frame loss measurement function on the MEP.
enable - Specifies that the frame loss measurement function will be enabled.
disable - Specifies that the frame loss measurement function will be disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To configure the administrative state of frame loss measurement function as enabled:
DGS-3620-28PC:admin#config cfm lm mepname mep1 state enable
Command: config cfm lm mepname mep1 state enable
Success.
DGS-3620-28PC:admin#
15-37 show cfm dm
Description
This command is used to show the frame delay measurement information.
Format show cfm dm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint
1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]
265
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
mepname - Specifies the MEP name.
<string 32> - Enter the MEP name. This name can be up to 32 characters long.
mepid - Specifies the MEP ID.
<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.
md - Specifies the Maintenance Domain name.
<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.
md_index - Specifies the Maintenance Domain index.
<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.
ma - Specifies the Maintenance Association name.
<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.
ma_index - Specifies the Maintenance Association index.
<uint 1-4294967295> - Enter the Maintenance Association index.
Restrictions
None. (EI Mode Only Command)
Example
To display the frame delay measurement information.
DGS-3620-28PC:admin#show cfm dm mepname mep1
Command: show cfm dm mepname mep1
State : Enabled
DMM Tansmitted : 0
DMR Received : 0
DMM Received : 0
DMR Transmitted : 0
Period:
ID MAC Address Status Interval PCT Pri FD nanosec FDV nanosec Start
Time
--- ----------------- ------- -------- --- --- ---------- ----------- ---------
3 00-01-02-03-04-05 Running 100ms:1s 75 7 0 0 2013-01-01
18:00:00
2 00-01-02-03-04-05 Success 1s:10s 50 7 1434343 2232 2013-01-01
14:00:00
1 00-01-02-03-04-05 Failed 10s:1min 75 1 0 0 2013-01-01
12:00:00
DGS-3620-28PC:admin#
15-38 show cfm lm
Description
This command is used to show the frame loss measurement information.
266
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format show cfm lm [mepname <string 32> | mepid <int 1-8191> md [<string 22> | md_index <uint
1-4294967295>] ma [<string 22> | ma_index <uint 1-4294967295>]]
Parameters
mepname - Specifies the MEP name.
<string 32> - Enter the MEP name. This name can be up to 32 characters long.
mepid - Specifies the MEP ID.
<int 1-8191> - Enter the MEP ID. This value must be between 1 and 8191.
md - Specifies the Maintenance Domain name.
<string 22> - Enter the Maintenance Domain name. This name can be up to 22 characters long.
md_index - Specifies the Maintenance Domain index.
<uint 1-4294967295> - Enter the Maintenance Domain index. This value must be between 1 and 4294967295.
ma - Specifies the Maintenance Association name.
<string 22> - Enter the Maintenance Association name. This name can be up to 22 characters long.
ma_index - Specifies the Maintenance Association index.
<uint 1-4294967295> - Enter the Maintenance Association index.
Restrictions
None. (EI Mode Only Command)
Example
To display the frame loss measurement information.
DGS-3620-28PC:admin#show cfm lm mepname mep1
Command: show cfm lm mepname mep1
State : Enabled
LMM Tansmitted : 61
LMR Received : 0
LMM Received : 0
LMR Transmitted : 0
ID MAC Address Status Period Pri Far-End Near-End Start Time
--- ----------------- ------- ------ --- ------- -------- -------------------
1 00-01-02-03-04-05 Failed 1sec 7 0 0 2000-01-15 22:46:33
DGS-3620-28PC:admin#
267
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 16 Command List
History Commands
? {<Command>}
show command_history
config command_history <value 1-40>
16-1 ?
Description
This command is used to display all of the commands available, on the current login account level, through the Command Line Interface (CLI).
Format
? {<Command>}
Parameters
<Command> – (Optional) Specify a command.
Note: If no command is specified, the system will display all commands of the corresponding user level.
Restrictions
None.
Example
To display all commands:
DGS-3620-28PC:admin#?
Command: ?
..
? cable_diag ports cd cfm linktrace cfm loopback clear clear address_binding dhcp_snoop binding_entry ports clear arptable clear attack_log clear cfm pkt_cnt clear counters
268
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
clear dhcp binding clear dhcp conflict_ip clear ethernet_oam ports clear fdb clear historical_counters ports clear igmp_snooping data_driven_group clear igmp_snooping statistic counter clear jwac auth_state clear log clear mac_based_access_control auth_state
CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All
To display the syntax for “config account”:
DGS-3620-28PC:admin#? config account
Command: ? config account
Command: config account
Usage: <username> {encrypt [plain_text| sha_1] <password>}
Description: Used to configure user accounts.
DGS-3620-28PC:admin#
16-2 show command_history
Description
This command is used to display the command history.
Format show command_history
Parameters
None.
Restrictions
None.
Example
To display the command history:
DGS-3620-28PC:admin# show command_history
Command: show command_history
?
? show traffic_segmentation 1-6 config traffic_segmentation 1-6 forward_list 7-8
269
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
config radius delete 1 config radius add 1 10.48.74.121 key dlink default config 802.1x reauth port_based ports all config 802.1x init port_based ports all config 802.1x auth_mode port_based config 802.1x auth_parameter ports 1-50 direction both config 802.1x capability ports 1-5 authenticator show 802.1x auth_configuration ports 1 show 802.1x auth_state ports 1-5 enable 802.1x show 802.1x auth_state ports 1-5 show igmp_snooping enable igmp_snooping
DGS-3620-28PC:admin#
16-3 config command_history
Description
This command is used to configure the number of commands that the switch can record. The switch can keep records for the last 40 (maximum) commands you entered.
Format config command_history <value 1-40>
Parameters
<value 1-40> – Specify the number of commands (1 to 40) that the switch can record. The default value is 25.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the number of commands the switch can record to the last 20 commands:
DGS-3620-28PC:admin#config command_history 20
Command: config command_history 20
Success.
DGS-3620-28PC:admin#
270
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 17 Command Logging
Commands
enable command logging disable command logging
17-1 enable command logging
Description
The enable command logging command is used to enable the command logging function.
Note: When the switch is under the booting procedure and the procedure of downloading the configuration to execute immediately, all configuration commands should not be logged. When the user is under AAA authentication, the user name should not changed if user uses “enable admin” command to replace its privilege.
Format enable command logging
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To enable the command logging function:
DGS-3620-28PC:admin# enable command logging
Command: enable command logging
Success.
DGS-3620-28PC:admin#
17-2 disable command logging
Description
The disable command logging command is used to disable the command logging function.
271
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format disable command logging
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To disable the command logging:
DGS-3620-28PC:admin# disable command logging
Command: disable command logging
Success.
DGS-3620-28PC:admin#
17-3 show command logging
Description
This command displays the switch’s general command logging configuration status.
Format show command logging
Parameters
None.
Restrictions
Only Administrators and Operators can issue this command.
Example
To show the command logging configuration status:
DGS-3620-28PC:admin# show command logging
Command: show command logging
Command Logging State : Disabled
DGS-3620-28PC:admin#
272
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 18 Common Unicast
Routing Commands
config route preference [static | default | rip | ospfIntra | ospfInter | ospfExt1 | ospfExt2 | ebgp | ibgp] <value 1-999>
show route preference {[local | static | default | rip | ospf | ospfIntra | ospfInter | ospfExt1 | ospfExt2 | ebgp | ibgp]}
create route redistribute dst ospf src [local | static | rip | bgp] {mettype [1 | 2] | metric <value 0-
16777214> | route_map <map_name 16>}
config route redistribute dst ospf src [local | static | rip | bgp] {mettype [1 | 2] | metric <value 0-
16777214> | [route_map <map_name 16> | no_route_map]}
create route redistribute dst rip src [local | static | bgp | ospf [all | internal | external | type_1 | type_2 | inter+e1 | inter+e2]] {metric <value 0-16> | route_map <map_name 16>}
config route redistribute dst rip src [local | static | bgp | ospf [all | internal | external | type_1 | type_2 | inter+e1 | inter+e2]] {metric <value 0-16> | [route_map <map_name 16> | no_route_map]}
delete route redistribute dst rip src [local | static | ospf | bgp]
create route redistribute dst bgp src [local | static | rip | ospf [all | internal | external | type_1 | type_2 | inter+e1 | inter+e2]] {metric <uint 0-4294967295> | route_map <map_name 16>}
config route redistribute dst bgp src [local | static | rip | ospf [all | internal | external | type_1 | type_2 | inter+e1 | inter+e2]] {metric <uint 0-4294967295> | [route_map <map_name 16> | no_route_map]}
show route redistribute
show route redistribute dst rip {src [local | static | ospf | bgp]}
delete route redistribute dst bgp src [local | static | rip | ospf]
delete route redistribute dst ospf src [local | static | rip | bgp]
show route redistribute dst bgp {src [local | static | rip | ospf]}
show route redistribute dst ospf {src [local | static | rip | bgp]}
18-1 config route preference
Description
This command is used to configure the route type preference. The route with smaller preference has higher priority. The preference for local routes is fixed to 0.
Format config route preference [static | default | rip | ospfIntra | ospfInter | ospfExt1 | ospfExt2 | ebgp | ibgp] <value 1-999>
Parameters
static - Configure the preference of static route.
default - Configure the preference of default route.
rip - Configure the preference of RIP route.
ospfIntra - Configure the preference of OSPF intra-area route.
ospfInter - Configure the preference of OSPF inter-area route.
ospfExt1 - Configure the preference of OSPF external type-1 route.
ospfExt2 - Configure the preference of OSPF external type-2 route.
ebgp - Configure the preference of BGP AS-external route. (EI Mode Only Parameter)
273
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
ibgp - Configure the preference of BGP AS-internal route. (EI Mode Only Parameter)
<value 1-999> - Enter the route preference value here. This value must be between 1 and 999.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the route preference for static routes to 70:
DGS-3620-28PC:admin# config route preference static 70
Command: config route preference static 70
Success.
DGS-3620-28PC:admin#
18-2 show route preference
Description
This command is used to display the route preference of each route type.
Format show route preference {[local | static | default | rip | ospf | ospfIntra | ospfInter | ospfExt1 | ospfExt2 | ebgp | ibgp]}
Parameters
local - (Optional) Specifies to display the preference of local route.
static - (Optional) Specifies to display the preference of static route.
default - (Optional) Specifies to display the preference of default route.
rip - (Optional) Specifies to display the preference of RIP route.
ospf - (Optional) Specifies to display the preference of all types of OSPF route.
ospfIntra - (Optional) Specifies to display the preference of OSPF intra-area route.
ospfInter - (Optional) Specifies to display the preference of OSPF inter-area route.
ospfExt1 - (Optional) Specifies to display the preference of OSPF external type-1 route.
ospfExt2 - (Optional) Specifies to display the preference of OSPF external type-2 route.
ebgp - (Optional) Specifies to display the preference of BGP AS-external route. (EI Mode Only
Parameter)
ibgp - (Optional) Specifies to display the preference of BGP AS-internal route. (EI Mode Only
Parameter)
Restrictions
None.
Example
To display the route preference for all route types:
274
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#show route preference
Command: show route preference
Route Preference Settings
Protocol Preference
---------- ----------
RIP 100
Static 60
Default 1
Local 0
OSPF Intra 80
OSPF Inter 90
OSPF ExtT1 110
OSPF ExtT2 115
EBGP 70
IBGP 130
DGS-3620-28PC:admin#
18-3 create route redistribute dst ospf src
Description
This command is used to redistribute the routing information from other routing protocols to OSPF.
Format create route redistribute dst ospf src [local | static | rip | bgp] {mettype [1 | 2] | metric <value
0-16777214> | route_map <map_name 16>}
Parameters
local - To redistribute the local routes to OSPF.
static - To redistribute static routes to OSPF.
rip - To redistribute the RIP routes to OSPF.
bgp - To redistribute the BGP routes to OSPF. (EI Mode Only Parameter)
mettype - (Optional) Allows the selection of one of two methods for calculating the metric value.
1 calculates the metric (for other routing protocols to OSPF) by adding the destination’s interface cost to the metric entered in the Metric field. 2 uses the metric entered in the Metric field without change. This field applies only when the destination field is OSPF. If the metric type is not specified, it will be type 2.
1 - Specifies that the method type value will be set to 1.
2 - Specifies that the method type value will be set to 2.
metric - (Optional) Specifies the metric for the redistributed routes. If it is not specified or specified as 0, the redistributed routes will be associated with the default metric 20.
<value 0-16777214> - Enter the metric value used here. This value can be between 0 and
16777214.
route_map - Specifies a route map which will be used as the criteria to determine whether to redistribute specific routes.
<map_name 16> - Enter the route map name. This name can be up to 16 characters long.
275
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To add route redistribution to OSPF:
DGS-3620-28PC:admin# create route redistribute dst ospf src rip
Command: create route redistribute dst ospf src rip
Success.
DGS-3620-28PC:admin#
18-4 config route redistribute dst ospf src
Description
This command is used to update the metric to be associated with the redistributed routes from a specific protocol to OSPF protocol.
Format config route redistribute dst ospf src [local | static | rip | bgp] {mettype [1 | 2] | metric <value
0-16777214> | [route_map <map_name 16> | no_route_map]}
Parameters
local - To redistribute the local routes to OSPF
static - To redistribute the static routes to OSPF.
rip - To redistribute RIP routes to OSPF
bgp - To redistribute BGP routes to OSPF. (EI Mode Only Parameter)
mettype - (Optional) Allows the selection of one of two methods for calculating the metric value.
1 calculates the metric (for other routing protocols to OSPF) by adding the destination’s interface cost to the metric entered in the Metric field. 2 uses the metric entered in the Metric field without change. This field applies only when the destination field is OSPF. If the metric type is not specified, it will be type 2.
1 - Specifies that the method type value will be set to 1.
2 - Specifies that the method type value will be set to 2.
metric - (Optional) Specifies the metric for the redistributed routes. If it is not specified or specified as 0, the redistributed routes will be associated with the default metric 20.
<value 0-16777214> - Enter the metric value used here. This value can be between 0 and
16777214.
route_map - Specifies a route map which will be used as the criteria to determine whether to redistribute specific routes.
<map_name 16> - Enter the route map name. This name can be up to 16 characters long.
no_route_map - Specifies to withdraw the route map setting.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
276
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure route redistributions:
DGS-3620-28PC:admin# config route redistribute dst ospf src rip mettype 1 metric 2
Command: config route redistribute dst ospf src rip mettype 1 metric 2
Succuss.
DGS-3620-28PC:admin#
18-5 create route redistribute dst rip src
Description
This command is used to redistribute routing information from other routing protocols to RIP. When the metric is specified as 0, the metric in the original route will become the metric of the redistributed RIP routes transparently. If the metric of the original route is greater than 16, the route will be not redistributed.
Format create route redistribute dst rip src [local | static | bgp | ospf [all | internal | external | type_1
| type_2 | inter+e1 | inter+e2]] {metric <value 0-16> | route_map <map_name 16>}
Parameters
local - To redistribute local routes to RIP.
static - To redistribute static routes to RIP.
bgp - To redistribute BGP routes to RIP. (EI Mode Only Parameter)
ospf - To redistribute OSPF routes to RIP.
all - To redistribute both OSPF AS-internal and OSPF AS-external routes to RIP.
internal - To redistribute only the OSPF AS-internal routes.
external - To redistribute only the OSPF AS-external routes, including type-1 and type-2 routes.
type_1 - To redistribute only the OSPF AS-external type-1 routes.
type_2 - To redistribute only the OSPF AS-external type-2 routes.
inter+e1 - To redistribute only the OSPF AS-external type-1 and OSPF AS-internal routes.
inter+e2 - To redistribute only the OSPF AS-external type-2 and OSPF AS-internal routes.
metric - (Optional) Specifies the RIP route metric value for the redistributed routes.
<value 0-16> - Enter the metric value used here. This value must be between 0 and 16.
route_map - Specifies a route map which will be used as the criteria to determine whether to redistribute specific routes.
<map_name 16> - Enter the route map name. This name can be up to 16 characters long.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To add route redistribution settings:
277
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# create route redistribute dst rip src ospf all metric 2
Command: create route redistribute dst rip src ospf all metric 2
Success.
DGS-3620-28PC:admin#
18-6 config route redistribute dst rip src
Description
This command is used to update the metric to be associated with the redistributed routes from a specific protocol to RIP protocol.
Format config route redistribute dst rip src [local | static | bgp | ospf [all | internal | external | type_1
| type_2 | inter+e1 | inter+e2]] {metric <value 0-16> | [route_map <map_name 16> | no_route_map]}
Parameters
local - To redistribute local routes to RIP.
static - To redistribute static routes to RIP.
bgp - To redistribute BGP routes to RIP. (EI Mode Only Parameter)
ospf - To redistribute OSPF routes to RIP.
all - To redistribute both OSPF AS-internal and OSPF AS-external routes to RIP.
internal - To redistribute only the OSPF AS-internal routes.
external - To redistribute only the OSPF AS-external routes, including type-1 and type-2 routes.
type_1 - To redistribute only the OSPF AS-external type-1 routes.
type_2 - To redistribute only the OSPF AS-external type-2 routes.
inter+e1 - To redistribute only the OSPF AS-external type-1 and OSPF AS-internal routes.
inter+e2 - To redistribute only the OSPF AS-external type-2 and OSPF AS-internal routes.
metric - (Optional) Specifies the RIP metric value for the redistributed routes.
<value 0-16> - Enter the metric value used here. This value must be between 0 and 16.
route_map - Specifies a route map which will be used as the criteria to determine whether to redistribute specific routes.
<map_name 16> - Enter the route map name. This name can be up to 16 characters long.
no_route_map - Specifies to withdraw the route map setting.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure route redistributions:
278
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# config route redistribute dst rip src ospf internal
Command: config route redistribute dst rip src ospf internal
Success.
DGS-3620-28PC:admin#
18-7 delete route redistribute dst rip src
Description
This command is used to delete the route redistribute configuration on the Switch. It specifies to not redistribute other routing protocols to RIP.
Format delete route redistribute dst rip src [local | static | ospf | bgp]
Parameters
src - Specifies the source protocol.
static - To not redistribute static routes.
local - To not redistribute local routes.
ospf - To not redistribute OSPF routes.
bgp - To not redistribute BGP routes. (EI Mode Only Parameter)
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete route redistribution settings:
DGS-3620-28PC:admin# delete route redistribute dst rip src static
Command: delete route redistribute dst rip src static
Success.
DGS-3620-28PC:admin#
18-8 create route redistribute dst bgp src
Description
This command is used to redistribute routing information from other routing protocols to BGP.
Format create route redistribute dst bgp src [local | static | rip | ospf [all | internal | external | type_1
| type_2 | inter+e1 | inter+e2]] {metric <uint 0-4294967295> | route_map <map_name 16>}
279
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
local - To redistribute local routes to BGP.
static - To redistribute static routes to BGP.
rip - To redistribute RIP routes to BGP.
ospf - To redistribute OSPF routes to BGP.
all - To redistribute both OSPF AS-internal and OSPF AS-external routes to BGP.
internal - To redistribute only the OSPF AS-internal routes.
external - To redistribute only the OSPF AS-external routes, including type-1 and type-2 routes.
type_1 - To redistribute only the OSPF AS-external type-1 routes.
type_2 - To redistribute only the OSPF AS-external type-2 routes.
inter+e1 - To redistribute only the OSPF AS-external type-1 and OSPF AS-internal routes.
inter+e2 - To redistribute only the OSPF AS-external type-2 and OSPF AS-internal routes.
metric - (Optional) Specifies the BGP metric value for the redistributed routes.
<value 0-4294967295> - Enter the metric value used here. This value must be between 0 and
4294967295.
route_map - (Optional) Specifies a route map which will be used as the criteria to determine whether to redistribute specific routes.
<map_name 16> - Enter the route map name used here. This name can be up to 16 characters long.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To add route redistribution settings:
DGS-3620-28PC:admin# create route redistribute dst bgp src ospf all metric 2
Command: create route redistribute dst bgp src ospf all metric 2
Success.
DGS-3620-28PC:admin#
18-9 config route redistribute dst bgp src
Description
This command updates the metric to be associated with the redistributed routes from a specific protocol to BGP protocol.
Format config route redistribute dst bgp src [local | static | rip | ospf [all | internal | external | type_1
| type_2 | inter+e1 | inter+e2]] {metric <uint 0-4294967295> | [route_map <map_name 16> | no_route_map]}
Parameters
local - To redistribute local routes to BGP.
static - To redistribute static routes to BGP.
280
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
rip - To redistribute RIP routes to BGP.
ospf - To redistribute OSPF routes to BGP.
all - To redistribute both OSPF AS-internal and OSPF AS-external routes to BGP.
internal - To redistribute only the OSPF AS-internal routes.
external - To redistribute only the OSPF AS-external routes, including type-1 and type-2 routes.
type_1 - To redistribute only the OSPF AS-external type-1 routes.
type_2 - To redistribute only the OSPF AS-external type-2 routes.
inter+e1 - To redistribute only the OSPF AS-external type-1 and OSPF AS-internal routes.
inter+e2 - To redistribute only the OSPF AS-external type-2 and OSPF AS-internal routes.
metric - (Optional) Specifies the BGP metric value for the redistributed routes.
<value 0-4294967295> - Enter the metric value used here. This value must be between 0 and
4294967295.
route_map - (Optional) Specifies a route map which will be used as the criteria to determine whether to redistribute specific routes.
<map_name 16> - Enter the route map name used here. This name can be up to 16 characters long.
no_route_map - Specifies to withdraw the route map setting.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To add route redistribution settings:
DGS-3620-28PC:admin# config route redistribute dst bgp src ospf all metric 2
Command: config route redistribute dst bgp src ospf all metric 2
Success.
DGS-3620-28PC:admin#
18-10 show route redistribute
Description
This command is used to display the route redistribution settings on the Switch.
Format show route redistribute
Parameters
None
Restrictions
None.
281
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To display route redistributions:
DGS-3620-28PC:admin#show route redistribute
Command: show route redistribute
Route Redistribution Settings
Source Destination Type Metric RouteMapName
Protocol Protocol
-------- ------------ -------- ------------ ------------
RIP OSPF Type-2 20 N/A
Total Entries : 1
DGS-3620-28PC:admin#
18-11 show route redistribute dst rip
Description
This command is used to display the route redistribution settings on the Switch. It displays the redistribution with the target protocol RIP.
Format show route redistribute dst rip {src [local | static | ospf | bgp]}
Parameters
src - (Optional) Specifies the source protocol.
static - Display the redistribution with the source static.
local - Display the redistribution with the source local.
ospf - Display the redistribution with the source OSPF.
bgp - Display the redistribution with the source BGP. (EI Mode Only Parameter)
If no parameter is specified, the system will display all route redistributions.
Restrictions
None.
Example
To display route redistributions:
282
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#show route redistribute dst rip
Command: show route redistribute dst rip
Route Redistribution Settings
Source Destination Type Metric RouteMapName
Protocol Protocol
-------- ------------ -------- ------ ------------
OSPF RIP ExtType2 3 N/A
STATIC RIP All 5 N/A
LOCAL RIP All 4 N/A
Total Entries : 3
DGS-3620-28PC:admin#
18-12 delete route redistribute dst bgp src
Description
This command is used to delete the route redistribute configuration on the Switch. It specifies to not redistribute other routing protocols to BGP.
Format delete route redistribute dst bgp src [local | static | rip | ospf]
Parameters
src - Specifies the source protocol.
local - To not redistribute local routes.
static - To not redistribute static routes.
rip - To not redistribute RIP routes.
ospf - To not redistribute OSPF routes.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To delete route redistribution settings:
DGS-3620-28PC:admin#delete route redistribute dst bgp src static
Command: delete route redistribute dst bgp src static
Success.
DGS-3620-28PC:admin#
283
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
18-13 delete route redistribute dst ospf src
Description
This command is used to delete the route redistribute configuration on the Switch. It specifies to not redistribute other routing protocols to OSPF.
Format delete route redistribute dst ospf src [local | static | rip | bgp]
Parameters
src - Specifies the source protocol.
local - To not redistribute local routes.
static - To not redistribute static routes.
rip - To not redistribute RIP routes.
bgp - To not redistribute BGP routes. (EI Mode Only Parameter)
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete route redistribution settings:
DGS-3620-28PC:admin# delete route redistribute dst ospf src static
Command: delete route redistribute dst ospf src static
Success.
DGS-3620-28PC:admin#
18-14 show route redistribute dst bgp
Description
This command is used to display the route redistribution settings on the Switch. It displays the redistribution with the target protocol BGP.
Format show route redistribute dst bgp {src [local | static | rip | ospf]}
Parameters
src - (Optional) Specifies the source protocol.
local - Display the redistribution with the source local.
static - Display the redistribution with the source static.
rip - Display the redistribution with the source RIP.
ospf - Display the redistribution with the source OSPF.
If no parameter is specified, the system will display all route redistributions.
284
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
None. (EI Mode Only Command)
Example
To display route redistributions:
DGS-3620-28PC:admin#show route redistribute dst bgp
Command: show route redistribute dst bgp
Route Redistribution Settings
Source Destination Type Metric RouteMapName
Protocol Protocol
-------- ------------ -------- ------ ------------
Total Entries : 0
DGS-3620-28PC:admin#
18-15 show route redistribute dst ospf
Description
This command is used to display the route redistribution settings on the Switch. It displays the redistribution with the target protocol OSPF.
Format show route redistribute dst ospf {src [local | static | rip | bgp]}
Parameters
src - (Optional) Specifies the source protocol.
local - Display the redistribution with the source local.
static - Display the redistribution with the source static.
rip - Display the redistribution with the source RIP.
bgp - Display the redistribution with the source BGP. (EI Mode Only Parameter)
If no parameter is specified, the system will display all route redistributions.
Restrictions
None.
Example
To display route redistributions:
285
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#show route redistribute dst ospf
Command: show route redistribute dst ospf
Route Redistribution Settings
Source Destination Type Metric RouteMapName
Protocol Protocol
-------- ------------ -------- ------ ------------
Total Entries : 0
DGS-3620-28PC:admin#
286
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 19 Compound
Authentication
Commands
create authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>]
delete authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>]
config authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>] [add | delete] ports [<portlist> | all]
config authentication mac_format {case [lowercase | uppercase] | delimiter {[hyphen | colon | dot | none] | number [1 | 2 | 5]}(1)}(1)
config authentication ports [<portlist> | all] {auth_mode [port_based | host_based {vlanid
<vid_list> state [enable | disable]}] | multi_authen_methods [none | any | dot1x_impb | impb_jwac | impb_wac | mac_impb]}(1)
show authentication show authentication guest_vlan show authentication mac_format
show authentication ports {<portlist>}
enable authorization attributes disable authorization attributes show authorization
config authentication server failover [local | permit | block]
19-1 create authentication guest_vlan
Description
This command is used to assign a static VLAN to be a guest VLAN. The specific VLAN which is assigned to be a guest VLAN must already exist. The specific VLAN which is assigned to be a guest VLAN can’t be deleted.
Format create authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>]
Parameters
vlan - Specifies the guest VLAN by VLAN name.
<vlan_name 32> - Enter the guest VLAN by VLAN name. The VLAN name can be up to 32 characters long.
vlanid - Specifies the guest VLAN by VLAN ID.
<vlanid 1-4094> - Enter the guest VLAN by VLAN ID. The VLAN ID value must be between 1 and 4094.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
287
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To assign a static VLAN to be a guest VLAN:
DGS-3620-28PC:admin#create authentication guest_vlan vlan guestVLAN
Command: create authentication guest_vlan vlan guestVLAN
Success.
DGS-3620-28PC:admin#
19-2 delete authentication guest_vlan
Description
This command is used to delete a guest VLAN setting, but not a static VLAN. All ports which are enabled as guest VLANs will move to the original VLAN after deleting the guest VLAN.
Format delete authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>]
Parameters
vlan - Specifies the guest VLAN by VLAN name.
<vlan_name 32> - Enter the guest VLAN by VLAN name. The VLAN name can be up to 32 characters long.
vlanid - Specifies the guest VLAN by VLAN ID.
<vlanid 1-4094> - Enter the guest VLAN by VLAN ID. The VLAN ID value must be between 1 and 4094.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete a guest VLAN setting:
DGS-3620-28PC:admin#delete authentication guest_vlan vlan guestVLAN
Command: delete authentication guest_vlan vlan guestVLAN
Success.
DGS-3620-28PC:admin#
19-3 config authentication guest_vlan
Description
This command is used to assign or remove ports to or from a guest VLAN.
288
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config authentication guest_vlan [vlan <vlan_name 32> | vlanid <vlanid 1-4094>] [add | delete] ports [<portlist> | all ]
Parameters
vlan - Specifies the guest VLAN name.
<vlan_name 32> - Enter the guest VLAN name. The VLAN name can be up to 32 characters long.
vlanid - Specifies the guest VLAN VID.
<vlanid 1-4094> - Enter the guest VLAN VID. The VLAN ID value must be between 1 and
4094.
add - Specifies to add a port list to the guest VLAN.
delete - Specifies to delete a port list from the guest VLAN.
ports - Specifies a port or range of ports to configure.
<portlist> - Enter a range of ports to configure.
all - Specifies to configure all ports.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure authentication for all ports for a guest VLAN called “gv”:
DGS-3620-28PC:admin#config authentication guest_vlan vlan gv add ports all
Command: config authentication guest_vlan vlan gv add ports all
Success.
DGS-3620-28PC:admin#
19-4 config authentication mac_format
Description
This command will set the MAC address format that will be used for authentication username via the RADIUS server.
Format config authentication mac_format {case [lowercase | uppercase] | delimiter {[hyphen | colon
| dot | none] | number [1 | 2 | 5]}(1)}(1)
Parameters
case - (Optional) Specifies the case format used.
lowercase - Specifies using the lowercase format, the RADIUS authentication username will be formatted as: aa-bb-cc-dd-ee-ff.
uppercase - Specifies using the uppercase format, the RADIUS authentication username will be formatted as: AA-BB-CC-DD-EE-FF.
delimiter - (Optional) Specifies the delimiter format used.
289
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
hyphen - Specifies using the “-“ as delimiter, the format is: AA-BB-CC-DD-EE-FF
colon - Specifies using the “:“ as delimiter, the format is: AA:BB:CC:DD:EE:FF
dot - Specifies using the “.“ as delimiter, the format is: AA.BB.CC.DD.EE.FF
none - Specifies not using any delimiter, the format is: AABBCCDDEEFF
number - (Optional) Specifies the delimiter number used.
1 - Single delimiter, the format is: AABBCC.DDEEFF
2 - Double delimiter, the format is: AABB.CCDD.EEFF
5 - Multiple delimiter, the format is: AA.BB.CC.DD.EE.FF
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the MAC address format to IETF style:
DGS-3620-28PC:admin#config authentication mac_format case uppercase delimiter hyphen number 5
Command: config authentication mac_format case uppercase delimiter hyphen number 5
Success.
DGS-3620-28PC:admin#
19-5 config authentication ports
Description
This command is used to configure authorization mode and authentication method on ports.
Format config authentication ports [<portlist> | all] {auth_mode [port_based | host_based {vlanid
<vid_list> state [enable | disable]}] | multi_authen_methods [none | any | dot1x_impb | impb_jwac | impb_wac | mac_impb]}(1)
Parameters
<portlist> - Enter a port or range of ports to configure.
all - Specifies to configure all ports.
auth_mode - (Optional) The authorization mode is port-based or host-based.
port-based - If one of the attached hosts pass the authentication, all hosts on the same port will be granted access to the network. If the user fails the authorization, this port will keep trying the next authentication.
host-based - Specifies to allow every user to be authenticated individually.
vlanid - (Optional) Specifies the VLAN ID used for this configuration.
<vid_list> - Enter the VLAN ID used for this configuration here.
state - (Optional) Specifies whether the authorization mode will be enabled or disabled.
enable - Specifies that the authorization mode will be enabled.
disable - Specifies that the authorization mode will be disabled.
multi_authen_methods - (Optional) Specifies the method for compound authentication.
none - Specifies that compound authentication is not enabled.
any - Specifies if any of the authentication methods (802.1X, MAC, and JWAC/WAC) pass,
290
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
then pass.
dot1x_impb - Dot1x will be verified first, and then IMPB will be verified. Both authentications need to be passed.
impb_jwac - JWAC will be verified first, and then IMPB will be verified. Both authentications need to be passed.
impb_wac - WAC will be verified first, and then IMPB will be verified. Both authentications need to be passed.
mac_impb - MAC will be verified first, and then IMPB will be verified. Both authentications need to be passed.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
The following example sets the authentication mode of all ports to host-based:
DGS-3620-28PC:admin#config authentication ports all auth_mode host_based
Command: config authentication ports all auth_mode host_based
Success.
DGS-3620-28PC:admin#
The following example sets the compound authentication method of all ports to “any”:
DGS-3620-28PC:admin#config authentication ports all multi_authen_methods any
Command: config authentication ports all multi_authen_methods any
Success.
DGS-3620-28PC:admin#
19-6 show authentication
Description
This command is used to display the authentication failover configuration.
Format show authentication
Parameters
None.
Restrictions
None.
291
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To display the authentication failover configuration:
DGS-3620-28PC:admin#show authentication
Command: show authentication
Authentication Server Failover: Block.
DGS-3620-28PC:admin#
19-7 show authentication guest_vlan
Description
This command is used to display guest VLAN information.
Format show authentication guest_vlan
Parameters
None.
Restrictions
None.
Example
To display the guest VLAN setting:
DGS-3620-28PC:admin#show authentication guest_vlan
Command: show authentication guest_vlan
Guest VLAN VID :
Guest VLAN Member Ports:
Total Entries: 0
DGS-3620-28PC:admin#
19-8 show authentication mac_format
Description
This command is used to display the authentication MAC format setting.
Format show authentication mac_format
292
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
None.
Restrictions
None.
Example
To display the authentication MAC format setting:
DGS-3620-28PC:admin#show authentication mac_format
Command: show authentication mac_format
Case : Uppercase
Delimiter : None
Delimiter Number : 5
DGS-3620-28PC:admin#
19-9 show authentication ports
Description
This command is used to display the authentication method and authorization mode on ports.
Format show authentication ports {<portlist>}
Parameters
<portlist> - (Optional) Specifies to display compound authentication on specific port(s).
Restrictions
None.
Example
To display the authentication settings for ports 1 to 3:
293
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#show authentication ports 1-3
Command: show authentication ports 1-3
Port Methods Auth Mode Authentication VLAN(s)
---- -------------- ----------- ----------------------
1 None Host-based
2 None Host-based
3 None Host-based
DGS-3620-28PC:admin#
19-10 enable authorization attributes
Description
This command is used to enable the authorization global state.
Format enable authorization attributes
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable the authorization global state:
DGS-3620-28PC:admin#enable authorization attributes
Command: enable authorization attributes
Success.
DGS-3620-28PC:admin#
19-11 disable authorization attributes
Description
This command is used to disable the authorization global state.
Format disable authorization attributes
294
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To disable the authorization global state:
DGS-3620-28PC:admin#disable authorization attributes
Command: disable authorization attributes
Success.
DGS-3620-28PC:admin#
19-12 show authorization
Description
This command is used to display the authorization status.
Format show authorization
Parameters
None.
Restrictions
None.
Example
To display the authorization status:
DGS-3620-28PC:admin#show authorization
Command: show authorization
Authorization for Atributes: Enabled
DGS-3620-28PC:admin#
19-13 config authentication server failover
Description
This command is used to configure the authentication server failover function. When authentication server fails, administrator can configure to:
295
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
* Use the local database to authenticate the client. The switch will resort to using the local database to authenticate the client. If the client fails on local authentication, the client is regarded as un-authenticated, otherwise, it authenticated.
* Pass authentication. The client is always regarded as authenticated. If guest VLAN is enabled, clients will stay on the guest VLAN, otherwise, they will stay on the original VLAN.
* Block the client (default setting). The client is always regarded as un-authenticated.
Format config authentication server failover [local | permit | block]
Parameters
local - Specifies to use the local database to authenticate the client.
permit - Specifies that the client is always regarded as authenticated.
block - Specifies to block the client. This is the default setting.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To set the authentication server failover state:
DGS-3620-28PC:admin#config authentication server failover local
Command: config authentication server failover local
Success.
DGS-3620-28PC:admin#
296
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 20 Debug Software
Commands
debug address_binding [event | dhcp | all] state [enable | disable]
no debug address_binding
debug error_log [dump | clear | upload_toTFTP <ipaddr> <path_filename 64>]
debug buffer [utilization | dump | clear | upload_toTFTP <ipaddr> <path_filename 64>]
debug output [module <module_list> | all] [buffer | console]
debug config error_reboot [enable | disable]
debug config state [enable | disable]
debug show error_reboot state
debug stp clear counter {ports [<portlist> | all]}
debug stp config ports [<portlist> | all] [event | bpdu | state_machine | all] state [disable | brief | detail]
debug stp show counter {ports [<portlist> | all]}
debug stp show flag {ports <portlist>}
debug stp show information
debug stp state [disable | enable]
debug ospf [neighbor_state_change | interface_state_change {dr_bdr_selection} | lsa {all | originating | installing | receiving | flooding} (1) | packet {all | receiving | sending} (1) | retransmission | spf {all | intra | inter | extern} (1) | timer | virtual_link | route | redistribution] state [enable | disable]
debug ospf clear counter {packet | neighbor | spf}
debug ospf log state [enable | disable]
debug ospf show counter {packet | neighbor | spf}
debug ospf show detail external_link debug ospf show detail net_link debug ospf show detail rt_link debug ospf show detail summary_link debug ospf show detail type7_link debug ospf show flag debug ospf show log state debug ospf show redistribution debug ospf show request_list debug ospf show summary_list
debug ospf state [enable | disable]
debug vrrp [vr_state_change | packet [all | {receiving | sending}(1)] | mac_addr_update | interface_change | timers] state [enable | disable]
debug vrrp clear counter
debug vrrp log state [enable | disable]
debug vrrp show counter debug vrrp show flag debug vrrp show log state
debug vrrp state [enable | disable]
debug bgp show flag
debug bgp all flag [enable | disable]
debug bgp fsm_event [enable | disable]
debug bgp packet [{open | update | keepalive | notify | refresh | capability}(1) | all] [in | out]
debug bgp error state [enable | disable]
debug bgp show peer {ipv6 unicast}
debug bgp show peer_group {ipv6 unicast}
297
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
debug bgp show network {ipv6 unicast}
debug bgp show aggregate {ipv6 unicast}
debug bgp show damp {ipv6 unicast}
debug bgp show interface_info debug bgp show as_path_access_list
debug bgp show bgp_timer
debug bgp show redist_info
debug bgp router_map [enable | disable]
debug bgp access_list [enable | disable]
debug bgp prefix_list [enable | disable]
debug bgp state [enable | disable]
debug dhcpv6_client state enable debug dhcpv6_client state disable
debug dhcpv6_client output [buffer | console]
debug dhcpv6_client packet {all | receiving | sending} state [enable | disable]
debug dhcpv6_relay state enable debug dhcpv6_relay state disable
debug dhcpv6_relay hop_count state [enable | disable]
debug dhcpv6_relay output [buffer | console]
debug dhcpv6_relay packet {all | receiving | sending} state [enable | disable]
debug dhcpv6_server packet [all | receiving | sending] state [enable | disable]
debug dhcpv6_server state disable debug dhcpv6_server state enable debug pim ssm no debug pim ssm
debug ripng flag [{interface | packet [all | rx | tx] | route} | all] state [enable | disable]
debug ripng show flag debug ripng state disable debug ripng state enable
debug routefilter show [prefix_list | access_list | route_map | ipv6_prefix_list | ipv6_access_list]
debug show status {module <module_list>}
debug super_vlan state [enable | disable]
debug show address_binding binding_state_table [nd_snooping | dhcpv6_snooping]
debug show error ports box_id [<value 1-12> | all] {sio1 | sio2}
debug show jwac auth_info
debug show packet ports box_id [<value 1-12> | all] {sio1 | sio2}
debug show cpu utilization
20-1 debug address_binding
Description
This command is used to start the IMPB debug when the IMPB module receives an ARP/IP packet or a DHCP packet.
Format debug address_binding [event | dhcp | all] state [enable | disable]
Parameters
event - To print out the debug messages when IMPB module receives ARP/IP packets.
dhcp - To print out the debug messages when the IMPB module receives the DHCP packets.
all - Print out all debug messages.
298
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
state - Specifies the state of the address binding debugging option.
enable - Specifies that the address binding debugging option will be enabled.
disable - Specifies that the address binding debugging option will be disabled.
Restrictions
Only Administrator level users can issue this command.
Example
To print out all debug IMPB messages:
DGS-3620-28PC:admin# debug address_binding all state enable
Command: debug address_binding all state enable
Success.
DGS-3620-28PC:admin#
20-2 no debug address_binding
Description
This command is used to stop the IMPB debug starting when the IMPB module receives an
ARP/IP packet or a DHCP packet.
Format no debug address_binding
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To stop IMPB debug: starting when the IMPB module receives an ARP/IP or DHCP packet:
DGS-3620-28PC:admin# no debug address_binding
Command: no debug address_binding
Success.
DGS-3620-28PC:admin#
299
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
20-3 debug error_log
Description
Use this command to dump, clear or upload the software error log to a TFTP server.
Format debug error_log [dump | clear | upload_toTFTP <ipaddr> <path_filename 64>]
Parameters
dump - Display the debug message of the debug log.
clear - Clear the debug log.
upload_toTFTP - Upload the debug log to a TFTP server specified by IP address.
<ipaddr> - Specifies the IPv4 address of the TFTP server.
<path_filename 64> - The pathname specifies the DOS pathname on the TFTP server. It can be a relative pathname or an absolute pathname. This value can be up to 64 characters long.
Restrictions
Only Administrator level users can issue this command.
Example
To dump the error log:
DGS-3620-28PC:admin# debug error_log dump
Command: debug error_log dump
**************************************************************************
# debug log: 1
# firmware version: 2.60.016
# level: CPU exception
# clock: 437453880 ms
# time : 2000-01-08 05:55:40
======================== CPU EXCEPTION ========================
Current Task = IP-Tic Stack Pointer = 4CFEA7A0
---------------------------CP0 Registers-----------------------
Status : 1000FC01 Interrupt enable Normal level
Cause : 00000008 TLB exception (load or instruction fetch)
EPC : 80A0297C Addr : 00000008
Stack : 4CFEA7A0 Return : 80A02938
------------------------normal registers-----------------------
$0( $0) : 00000000 at( $1) : FFFFFFFE v0( $2) : 00000000 v1( $3) : 00000001 a0( $4) : 00000000 a1( $5) : 4825B4A8 a2( $6) : 00000001 a3( $7) : 00000001 t0( $8) : 814D7FCC t1( $9) : 0000FC00 t2($10) : 828100C4 t3($11) : 00000017 t4($12) : 828100BC t5($13) : 4CFEA430 t6($14) : 82810048 t7($15) : 00000000 s0($16) : 4825D94A s1($17) : 4825D890 s2($18) : 4825D949 s3($19) : 4825D946 s4($20) : 00000000 s5($21) : 00000008 s6($22) : 81800000 s7($23) : 00090000 t8($24) : 00000000 t9($25) : FFFFFFC0 k0($26) : 00000000 k1($27) : 00000000
300
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
gp($28) : 8180ADA0 sp($29) : 4CFEA7A0 fp($30) : 00000001 ra($31) : 80A02938
------------------------- TASK STACKTRACE ------------------------
->81150A58
->809B346C
->809E1DEC
->809D7E6C
->80A038CC
->80A033B0
->80A0297C
To clear the error log:
DGS-3620-28PC:admin# debug error_log clear
Command: debug error_log clear
Success.
DGS-3620-28PC:admin#
To upload the error log to TFTP server:
DGS-3620-28PC:admin# debug error_log upload_toTFTP 10.0.0.90 debug-log.txt
Command: debug error_log upload_toTFTP 10.0.0.90 debug-log.txt
Connecting to server................... Done.
Upload configuration................... Done.
DGS-3620-28PC:admin#
20-4 debug buffer
Description
Use this command to show the debug buffer’s state, or dump, clear, or upload the debug buffer to a TFTP server.
Note: When selecting to output to the debug buffer and there are debug messages being outputted, the system memory pool will be used as the debug buffer. The functions which will use the system memory pool resource may fail to execute command such as download and upload firmware, or save configuration. If you want to execute these commands successfully, please use the command “debug buffer clear” to release the system’s memory pool resources manually first.
Format debug buffer [utilization | dump | clear | upload_toTFTP <ipaddr> <path_filename 64>]
Parameters
utilization - Display the debug buffer’s state.
301
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
dump - Display the debug message in the debug buffer.
clear - Clear the debug buffer.
upload_toTFTP - Upload the debug buffer to a TFTP server specified by IP address.
<ipaddr> - Specifies the IPv4 address of the TFTP server.
<path_filename 64> - The pathname specifies the DOS pathname on the TFTP server. It can be a relative pathname or an absolute pathname. This value can be up to 64 characters long.
Restrictions
Only Administrator level users can issue this command.
Example
To show the debug buffer’s state:
DGS-3620-28PC:admin# debug buffer utilization
Command: debug buffer utilization
Allocate from
Total size
:
:
Utilization rate :
DGS-3620-28PC:admin#
System memory
2 MB
30%
To clear the debug buffer:
DGS-3620-28PC:admin# debug buffer clear
Command: debug buffer clear
Success.
DGS-3620-28PC:admin#
To upload the messages stored in debug buffer to TFTP server:
DGS-3620-28PC:admin# debug buffer upload_toTFTP 10.0.0.90 debugcontent.txt
Command: debug buffer upload_toTFTP 10.0.0.90 debugcontent.txt
Connecting to server................... Done.
Upload configuration................... Done.
DGS-3620-28PC:admin#
20-5 debug output
Description
Use the command to set a specified module’s debug message output to debug buffer or local console. If the user uses the command in a Telnet session, the error message also is output to the local console.
Note: When selecting to output to the debug buffer and there are debug messages being outputted, the system memory pool will be used as the debug buffer. The functions which will use
302
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
the system memory pool resource may fail to execute command such as download and upload firmware, or save configuration. If you want to execute these commands successfully, please use the command “debug buffer clear” to release the system’s memory pool resources manually first.
Format debug output [module <module_list> | all] [buffer | console]
Parameters
module - Specifies the module list.
<module_list> - Enter the module list here.
all - Control output method of all modules.
buffer - Direct the debug message of the module output to debug buffer(default).
console - Direct the debug message of the module output to local console.
Restrictions
Only Administrator level users can issue this command.
Example
To set all module debug message outputs to local console:
DGS-3620-28PC:admin# debug output all console
Command: debug output all console
Success.
DGS-3620-28PC:admin#
20-6 debug config error_reboot
Description
This command is used to set if the switch needs to be rebooted when a fatal error occurs. When the error occurs, the watchdog timer will be disabled by the system first, and then all debug information will be saved in NVRAM. If the error_reboot is enabled, the watchdog shall be enabled after all information is stored into NVRAM.
Format debug config error_reboot [enable | disable]
Parameters
enable - Need reboot switch when fatal error happens.(if the project do not define the default setting, enable for default).
disable - Do not need reboot switch when fatal error happens, system will hang-up for debug and enter the debug shell mode for debug.
303
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator level users can issue this command.
Example
To set the switch to not need a reboot when a fatal error occurs:
DGS-3620-28PC:admin# debug config error_reboot disable
Command: debug config error_reboot disable
Success.
DGS-3620-28PC:admin#
20-7 debug config state
Description
Use the command to set the state of the debug.
Format debug config state [enable | disable]
Parameters
enable - Enable the debug state.
disable - Disable the debug state.
Restrictions
Only Administrator level users can issue this command.
Example
To set the debug state to disabled:
DGS-3620-28PC:admin# debug config state disable
Command: debug config state disable
Success.
DGS-3620-28PC:admin#
20-8 debug show error_reboot state
Description
Use the command to show the error reboot status.
304
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format debug show error_reboot state
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To show the error reboot status:
DGS-3620-28PC:admin#debug show error_reboot state
Command: debug show error_reboot state
Error Reboot: Enabled
DGS-3620-28PC:admin#
20-9 debug stp clear counter
Description
This command used to clear the STP counters.
Format debug stp clear counter {ports [<portlist> | all]}
Parameters
ports - Specifies the port range.
<portlist> - Enter the list of port used for this configuration here.
all - Clears all port counters.
Restrictions
Only Administrator level users can issue this command.
Example
To clear all STP counters on the switch:
DGS-3620-28PC:admin# debug stp clear counter ports all
Command : debug stp clear counter ports all
Success.
DGS-3620-28PC:admin#
305
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
20-10 debug stp config ports
Description
This command used to configure per-port STP debug level on the specified ports.
Format debug stp config ports [<portlist> | all] [event | bpdu | state_machine | all] state [disable | brief | detail]
Parameters
ports - Specifies the STP port range to debug.
<portlist> - Enter the list of port used for this configuration here.
all - Specifies to debug all ports on the switch.
event - Debug the external operation and event processing.
bpdu - Debug the BPDU’s that have been received and transmitted.
state_machine - Debug the state change of the STP state machine.
all - Debug all of the above.
state - Specifies the state of the debug mechanism.
disable - Disables the debug mechanism.
brief - Sets the debug level to brief.
detail - Sets the debug level to detail.
Restrictions
Only Administrator level users can issue this command.
Example
To configure all STP debug flags to brief level on all ports:
DGS-3620-28PC:admin# debug stp config ports all all state brief
Command: debug stp config ports all all state brief
Success.
DGS-3620-28PC:admin#
20-11 debug stp show counter
Description
This command used to display the STP counters.
Format debug stp show counter {ports [<portlist> | all]}
306
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
ports - (Optional) Specifies the STP ports for display.
<portlist> - Enter the list of port used for this configuration here.
all - Display all port’s counters.
If no parameter is specified, display the global counters.
Restrictions
Only Administrator level users can issue this command.
Example
To show the STP counters for port 9:
DGS-3620-28PC:admin#debug stp show counter ports 9
Command: debug stp show counter ports 9
STP Counters
--------------------------------------
Port 9 :
Receive: Transmit:
Total STP Packets : 0 Total STP Packets : 0
Configuration BPDU : 0 Configuration BPDU : 0
TCN BPDU : 0 TCN BPDU : 0
RSTP TC-Flag : 0 RSTP TC-Flag : 0
RST BPDU : 0 RST BPDU : 0
Discard:
Total Discarded BPDU : 0
Global STP Disabled : 0
Port STP Disabled : 0
Invalid packet Format : 0
Invalid Protocol : 0
Configuration BPDU Length : 0
TCN BPDU Length : 0
RST BPDU Length : 0
Invalid Type : 0
Invalid Timers : 0
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
20-12 debug stp show flag
Description
This command used to display the STP debug level on specified ports.
Format debug stp show flag {ports <portlist>}
307
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
ports - (Optional) Specifies the STP ports to display.
<portlist> - (Optional) Enter the list of port used for this configuration here.
If no parameter is specified, all ports on the switch will be displayed.
Restrictions
Only Administrator level users can issue this command.
Example
To display the debug STP levels on all ports:
DGS-3620-28PC:admin# debug stp show flag
Command: debug stp show flag
Global State: Enabled
Port Index
----------
Event flag
----------
BPDU Flag
---------
State Machine Flag
------------------
1 Detail Brief Disable
2 Detail Brief Disable
3 Detail Brief Disable
4 Detail Brief Disable
5 Detail Brief Disable
6 Detail Brief Disable
7 Detail Brief Disable
8 Detail Brief Disable
9 Detail Brief Disable
10 Detail Brief Disable
11 Detail Brief Disable
12 Detail Brief Disable
DGS-3620-28PC:admin#
20-13 debug stp show information
Description
This command used to display STP detailed information, such as the hardware tables, the STP state machine, etc.
Format debug stp show information
Parameters
None.
308
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator level users can issue this command.
Example
To show STP debug information:
DGS-3620-28PC:admin# debug stp show information
Command: debug stp show information
Spanning Tree Debug Information:
----------------------------------------
Port Status In Hardware Table:
Instance 0:
Port 1 :BLK Port 2 :BLK Port 3 :BLK Port 4 :BLK Port 5 :BLK Port 6 :BLK
Port 7 :FOR Port 8 :BLK Port 9 :BLK Port 10:BLK Port 11:BLK Port 12:BLK
Instance 1:
Port 1 :BLK Port 2 :BLK Port 3 :BLK Port 4 :BLK Port 5 :BLK Port 6 :BLK
Port 7 :FOR Port 8 :BLK Port 9 :BLK Port 10:BLK Port 11:BLK Port 12:BLK
--------------------------------------
Root Priority And Times :
Instance 0:
Designated Root Bridge : 32768/00-01-02-03-04-00
External Root Cost : 0
Regional Root Bridge : 32768/00-01-02-03-04-00
Internal Root Cost : 0
Designated Bridge : 32768/00-01-02-03-04-00
Designated Port : 0
Message Age : 0
Max Age
Forward Delay
: 20
: 15
Hello Time
Instance 1:
: 2
Regional Root Bridge
Internal Root Cost
Designated Bridge
: 32769/00-01-02-03-04-00
: 0
: 32769/00-01-02-03-04-00
Designated Port
Remaining Hops
: 0
: 20
--------------------------------------
Designated Priority And Times:
Instance 0:
Port 1 :
Designated Root Bridge : 0 /00-00-00-00-00-00
External Root Cost : 0
Regional Root Bridge : 0 /00-00-00-00-00-00
Internal Root Cost : 0
Designated Bridge
Designated Port
Message Age
Max Age
Forward Delay
Hello Time
: 0 /00-00-00-00-00-00
: 0
: 0
: 20
: 15
: 2
309
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Instance 1:
Port 1 :
Regional Root Bridge
Internal Root Cost
Designated Bridge
Designated Port
Remaining Hops
DGS-3620-28PC:admin#
20-14 debug stp state
: 0 /00-00-00-00-00-00
: 0
: 0 /00-00-00-00-00-00
: 0
: 20
Description
This command is used to enable or disable the STP debug state.
Format debug stp state [enable | disable]
Parameters
state - Specifies the STP debug state.
enable - Enable the STP debug state.
disable - Disable the STP debug state.
Restrictions
Only Administrator level users can issue this command.
Example
To configure the STP debug state to enable, and then disable the STP debug state:
DGS-3620-28PC:admin# debug stp state enable
Command: debug stp state enable
Success.
DGS-3620-28PC:admin# debug stp state disable
Command: debug stp state disable
Success.
DGS-3620-28PC:admin#
20-15 debug ospf
Description
This command is used to enable or disable OSPF debug flags.
310
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format debug ospf [neighbor_state_change | interface_state_change {dr_bdr_selection} | lsa {all | originating | installing | receiving | flooding} (1) | packet {all | receiving | sending} (1) | retransmission | spf {all | intra | inter | extern} (1) | timer | virtual_link | route | redistribution] state [enable | disable]
Parameters
neighbor_state_change - The state of the OSPF neighbor state change debug.
interface_state_change - The state of the OSPF interface state change debug.
dr_bdr_selection - (Optional) Used to include or exclude debug information for DR/BDR selection.
lsa - The state of the designated debug flag.
all - (Optional) Specifies to set all LSA debug flags.
originating - (Optional) Specifies to set LSA originating debug flag.
installing - (Optional) Specifies to set LSA installing debug flag.
receiving - (Optional) Specifies to set LSA receiving debug flag.
flooding - (Optional) Specifies to set LSA flooding debug flag.
packet - The state of the designated debug flag.
all - (Optional) Specifies to set all packet debug flags.
receiving - (Optional) Specifies to set packet receiving debug flag.
sending - (Optional) Specifies to set packet sending debug flag.
retransmission - The state of the OSPF retransmission debug flag.
spf - The state of the designated debug flag.
all - (Optional) Specifies to set all SPF debug flags.
intra - (Optional) Specifies to set intra-area SPF debug flag.
inter - (Optional) Specifies to set inter-area SPF debug flag.
extern - (Optional) Specifies to set AS external SPF debug flag.
timer - The state of the OSPF timer debug flag.
virtual_link - The state of the OSPF virtual link debug flag.
route - The state of OSPF route debug flag.
redistribution - The state of OSPF redistribution debug flag.
state - Specifies to set the OSPF debug flags state.
enable - Specifies that the OSPF debug flags state will be enabled.
disable - Specifies that the OSPF debug flags state will be disabled.
Restrictions
Only Administrator level users can issue this command.
Example
To enable OSPF neighbor state change debug:
DGS-3620-28PC:admin# debug ospf neighbor_state_change state enable
Command: debug ospf neighbor_state_change state enable
Success.
DGS-3620-28PC:admin#
To enable OSPF interface state change debug:
311
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug ospf interface_state_change state enable
Command: debug ospf interface_state_change state enable
Success.
DGS-3620-28PC:admin#
To enable all OSPF LSA debug flags:
DGS-3620-28PC:admin# debug ospf lsa all state enable
Command: debug ospf lsa all state enable
Success.
DGS-3620-28PC:admin#
To enable all OSPF packet debug flags:
DGS-3620-28PC:admin# debug ospf packet all state enable
Command: debug ospf packet all state enable
Success.
DGS-3620-28PC:admin#
To enable OSPF retransmission debug flag:
DGS-3620-28PC:admin# debug ospf retransmission state enable
Command: debug ospf retransmission state enable
Success.
DGS-3620-28PC:admin#
To enable all OSPF SPF debug flags:
DGS-3620-28PC:admin# debug ospf spf all state enable
Command: debug ospf spf all state enable
Success.
DGS-3620-28PC:admin#
20-16 debug ospf clear counter
Description
This command is used to reset the OSPF statistic counters.
Format debug ospf clear counter {packet | neighbor | spf}
312
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
packet - (Optional) Specifies to reset the OSPF packet counter.
neighbor - (Optional) Specifies to reset the OSPF neighbor event counter.
spf - (Optional) Specifies to reset the OSPF SPF event counter.
If the parameter is not specified, all OSPF counters will be cleared.
Restrictions
Only Administrator level users can issue this command.
Example
To clear all OSPF statistic counters:
DGS-3620-28PC:admin# debug ospf clear counter
Command: debug ospf clear counter
Success.
DGS-3620-28PC:admin#
20-17 debug ospf log state
Description
This command is used to enable or disable the OSPF debug log.
Format debug ospf log state [enable | disable]
Parameters
state - Specifies the state of the OSPF debug log.
enable - Specifies that the OSPF debug log state will be enabled.
disable - Specifies that the OSPF debug log state will be disabled.
Restrictions
Only Administrator level users can issue this command.
Example
To enable the OSPF debug log:
DGS-3620-28PC:admin# debug ospf log state enable
Command: debug ospf log state enable
Success.
DGS-3620-28PC:admin#
313
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
20-18 debug ospf show counter
Description
This command is used to display OSPF statistic counters.
Format debug ospf show counter {packet | neighbor | spf}
Parameters
packet - (Optional) Specifies to display the OSPF packet counter.
neighbor - (Optional) Specifies to display the OSPF neighbor event counter.
spf - (Optional) Specifies to display the OSPF SPF event counter.
If the parameter is not specified, all OSPF counters will be displayed.
Restrictions
Only Administrator level users can issue this command.
Example
To show all OSPF statistic counters:
DGS-3620-28PC:admin# debug ospf show counter
Command: debug ospf show counter
OSPF Debug Statistic Counters
Packet Receiving:
Total : 30
Hello : 30
DD : 0
LSR : 0
LSU : 0
LSAck : 0
Drop : 0
Auth Fail : 0
Packet Sending:
Total : 59
Hello : 59
DD : 0
LSR : 0
LSU : 0
LSAck : 0
Neighbor State:
Change : 0
SeqMismatch : 0
SPF Calculation:
314
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Intra : 0
Inter : 0
Extern : 0
DGS-3620-28PC:admin#
20-19 debug ospf show detail external_link
Description
This command is used to display all AS external LSAs with detail information.
Format debug ospf show detail external_link
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To display all AS external LSAs with detail information:
DGS-3620-28PC:admin#debug ospf show detail external_link
Command: debug ospf show detail external_link
OSPF Phase2 External Link:
===========
AREA 0.0.0.0:
AS-External LSA:
Link-State ID: 192.168.205.0
Advertising Router: 1.1.1.1
LS Age: 10 Seconds
Options: 0x2
.... ...0 = 0 Bit Isn't Set
.... ..1. = E: ExternalRoutingCapability
.... .0.. = MC: NOT Multicast Capable
.... 0... = N/P: NSSA Bit
...0 .... = EA: Not Support Rcv And Fwd EA_LSA
..0. .... = DC: Not Support Handling Of Demand Circuits
.0.. .... = O: O Bit Isn't Set
0... .... = 7 Bit Isn't Set
LS Sequence Number: 0x80000001
Length: 36
Netmask: 255.255.255.0
315
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Metric: 20
Forwarding Address: 10.90.90.101
External Route Tag: 0
Internal Field:
Del_flag: 0x0 I_ref_count: 0 Seq: 0x80000001 Csum: 0xd08e
Rxtime: 384 Txtime: 0 Orgage: 0
Current Time: 394
DGS-3620-28PC:admin#
20-20 debug ospf show detail net_link
Description
This command is used to display all Network LSAs with detail information.
Format debug ospf show detail net_link
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To display all Network LSAs with detail information:
DGS-3620-28PC:admin#debug ospf show detail net_link
Command: debug ospf show detail net_link
OSPF Phase2 NET Link:
===========
AREA 0.0.0.0:
Network LSA:
Link-State ID: 10.90.90.123
Netmask: 255.0.0.0
Advertising Router: 10.90.90.91
LS Age: 109 Seconds
Options: 0x2
.... ...0 = 0 Bit Isn't Set
.... ..1. = E: ExternalRoutingCapability
.... .0.. = MC: NOT Multicast Capable
.... 0... = N/P: NSSA Bit
...0 .... = EA: Not Support Rcv And Fwd EA_LSA
..0. .... = DC: Not Support Handling Of Demand Circuits
.0.. .... = O: O Bit Isn't Set
316
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
0... .... = 7 Bit Isn't Set
LS Sequence Number: 0x80000001
Length: 32
Attached Router: 10.90.90.91
Attached Router: 1.1.1.1
Internal Field:
Del_flag: 0x0 I_ref_count: 0 Seq: 0x80000001 Csum: 0x4e99
Rxtime: 4 Txtime: 4 Orgage: 1
Current Time: 112
DGS-3620-28PC:admin#
20-21 debug ospf show detail rt_link
Description
This command is used to display all Router LSAs with detail information.
Format debug ospf show detail rt_link
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To display all Router LSAs with detail information:
DGS-3620-28PC:admin#debug ospf show detail rt_link
Command: debug ospf show detail rt_link
OSPF Phase2 RT Link:
===========
AREA 0.0.0.0:
Router LSA:
Link-State ID: 1.1.1.1
Advertising Router: 1.1.1.1
LS Age: 10 Seconds
Options: 0x2
.... ...0 = 0 Bit Isn't Set
.... ..1. = E: ExternalRoutingCapability
.... .0.. = MC: NOT Multicast Capable
.... 0... = N/P: NSSA Bit
...0 .... = EA: Not Support Rcv And Fwd EA_LSA
..0. .... = DC: Not Support Handling Of Demand Circuits
317
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
.0.. .... = O: O Bit Isn't Set
0... .... = 7 Bit Isn't Set
LS Sequence Number: 0x80000002
Length: 36
Flags: 0x0
.... ...0 = B: Not Area Border Router
.... ..0. = E: Not AS Boundary Router
.... .0.. = V: Not Virtual Link Endpoint
Number Of Links: 1
Type: Transit ID: 10.90.90.123 Data: 10.90.90.91 Metric: 1
Internal Field:
Del_flag: 0x0 I_ref_count: 0 Seq: 0x80000002 Csum: 0xd81d
Rxtime: 5 Txtime: 0 Orgage: 0
Current Time: 15
DGS-3620-28PC:admin#
20-22 debug ospf show detail summary_link
Description
This command is used to display all Summary LSAs with detail information.
Format debug ospf show detail summary_link
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To display all Summary LSAs with detail information:
DGS-3620-28PC:admin#debug ospf show detail summary_link
Command: debug ospf show detail summary_link
OSPF Phase2 Summary Link:
===========
AREA 0.0.0.0:
Summary LSA:
Link-State ID: 20.1.1.0
Advertising Router: 10.90.90.91
LS Age: 10 Seconds
Options: 0x2
.... ...0 = 0 Bit Isn't Set
318
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
.... ..1. = E: ExternalRoutingCapability
.... .0.. = MC: NOT Multicast Capable
.... 0... = N/P: NSSA Bit
...0 .... = EA: Not Support Rcv And Fwd EA_LSA
..0. .... = DC: Not Support Handling Of Demand Circuits
.0.. .... = O: O Bit Isn't Set
0... .... = 7 Bit Isn't Set
LS Sequence Number: 0x80000001
Length: 28
Netmask: 255.255.255.0
Metric: 1
Internal Field:
Del_flag: 0x0 I_ref_count: 0 Seq: 0x80000001 Csum: 0x8f9c
Rxtime: 246 Txtime: 246 Orgage: 1
Current Time: 255
DGS-3620-28PC:admin#
20-23 debug ospf show detail type7_link
Description
This command is used to display all type-7 LSAs with detail information.
Format debug ospf show detail type7_link
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To display all type-7 LSAs with detail information:
DGS-3620-28PC:admin#debug ospf show detail type7_link
Command: debug ospf show detail type7_link
OSPF Phase2 NSSA-External Link:
===========
AREA 0.0.0.1:
NSSA-External LSA:
Link-State ID: 0.0.0.0
Advertising Router: 10.90.90.91
LS Age: 855 Seconds
319
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Options: 0x2
.... ...0 = 0 Bit Isn't Set
.... ..1. = E: ExternalRoutingCapability
.... .0.. = MC: NOT Multicast Capable
.... 0... = N/P: NSSA Bit
...0 .... = EA: Not Support Rcv And Fwd EA_LSA
..0. .... = DC: Not Support Handling Of Demand Circuits
.0.. .... = O: O Bit Isn't Set
0... .... = 7 Bit Isn't Set
LS Sequence Number: 0x80000002
Length: 36
Netmask: 0.0.0.0
Metric: 0
Forwarding Address: 0.0.0.0
External Route Tag: 0
Internal Field:
Del_flag: 0x0 I_ref_count: 0 Seq: 0x80000002 Csum: 0x77be
Rxtime: 2301 Txtime: 0 Orgage: 0
Current Time: 3156
DGS-3620-28PC:admin#
20-24 debug ospf show flag
Description
This command is used to display the OSPF debug flag setting.
Format debug ospf show flag
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To show the current OSPF debug flag setting:
DGS-3620-28PC:admin# debug ospf show flag
Command: debug ospf show flag
Global State: Enabled
Current OSPF Flags Setting:
Neighbor State Change
320
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Interface State Change
LSA Originating
LSA Operating
LSA Receiving
LSA Flooding
Packet Receiving
Packet Sending
Retransmission
Timer
DR Selection
Route
Redistribution
Virtual Link
SPF Intra
SPF Inter
SPF Extern
DGS-3620-28PC:admin#
20-25 debug ospf show log state
Description
This command is used to display the OSPF debug log state.
Format debug ospf show log state
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To display the debug OSPF log state:
DGS-3620-28PC:admin# debug ospf show log state
Command: debug ospf show log state
OSPF Log State : Enabled
DGS-3620-28PC:admin#
321
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
20-26 debug ospf show redistribution
Description
This command is used to display the current internal OSPF redistribute list.
Format debug ospf show redistribution
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To display the current OSPF redistribution list:
DGS-3620-28PC:admin# debug ospf show redistribution
Command: debug ospf show redistribution
OSPF Redistribution List:
IP Nexthop State Type Tag
------------------ --------------- ----- ---- ---------------
1.1.1.0/24 0.0.0.0 ON 2 0.0.0.0
OSPF ASE Table:
IP Nexthop State Type Tag
------------------ --------------- ----- ---- ---------------
1.1.1.0/24 0.0.0.0 ON 2 0.0.0.0
DGS-3620-28PC:admin#
20-27 debug ospf show request_list
Description
This command is used to display the current internal OSPF request list.
Format debug ospf show request_list
Parameters
None.
322
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator level users can issue this command.
Example
To display the current OSPF request list:
DGS-3620-28PC:admin# debug ospf show request_list
Command: debug ospf show request_list
OSPF Request List:
Area 0.0.0.0:
Circuit: 1.1.1.1
Neighbor: 90.2.0.1 IP: 1.1.1.2
LSID: 192.194.134.0 RTID: 90.2.0.1
LSID: 192.194.135.0 RTID: 90.2.0.1
LSID: 192.194.136.0 RTID: 90.2.0.1
LSID: 192.194.137.0 RTID: 90.2.0.1
LSID: 192.194.138.0 RTID: 90.2.0.1
DGS-3620-28PC:admin#
20-28 debug ospf show summary_list
Description
This command is used to display the current internal OSPF summary list.
Format debug ospf show summary_list
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To display the current OSPF summary list:
323
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug ospf show summary_list
Command: debug ospf show summary_list
OSPF Summary List:
Area 0.0.0.0:
Circuit: 1.1.1.1
Neighbor: 90.2.0.1 IP: 1.1.1.2
LSID: 1.1.1.1 RTID: 1.1.1.1
Circuit: 2.2.2.1
Circuit: 10.1.1.6
DGS-3620-28PC:admin#
20-29 debug ospf state
Description
This command is used to set the OSPF debug global state.
Format debug ospf state [enable | disable]
Parameters
state - Specifies the OSPF debug global state.
enable - Specifies that the OSPF debug global state will be enabled.
disable - Specifies that the OSPF debug global state will be disabled.
Restrictions
Only Administrator level users can issue this command.
Example
To enable the OSPF debug global state:
324
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug ospf state enable
Command: debug ospf state enable
Success.
DGS-3620-28PC:admin# debug ospf show flag
Command: debug ospf show flag
Global State: Enabled
Current OSPF Flags Setting:
Neighbor State Change
DGS-3620-28PC:admin#
20-30 debug vrrp
Description
This command is used to set VRRP debug flags.
Format debug vrrp [vr_state_change | packet [all | {receiving | sending}(1)] | mac_addr_update | interface_change | timers] state [enable | disable]
Parameters
vr_state_change - Specifies the state of the VRRP change debug flag.
packet - Specifies to set the VRRP packet flags.
all - Specifies to set VRRP all packet debug flags.
receiving - (Optional) Specifies to set the VRRP packet receiving flag.
sending - (Optional) Specifies to set the VRRP packet sending flag.
mac_addr_update - Specifies the state of VRRP MAC debug flag.
interface_change - Specifies the state of VRRP interface debug flag.
timers - Specifies the state of VRRP timer's debug flag.
state - Specifies the state of the configured VRRP debug flag.
enable - Specifies that the configured VRRP debug flag will be enabled.
disable - Specifies that the configured VRRP debug flag will be disabled.
Restrictions
Only Administrator level users can issue this command.
Example
To enable the VRRP virtual router state change debug flag:
325
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug vrrp vr_state_change state enable
Command: debug vrrp vr_state_change state enable
Success.
DGS-3620-28PC:admin#
To enable all VRRP packet debug flags:
DGS-3620-28PC:admin# debug vrrp packet all state enable
Command: debug vrrp packet all state enable
Success.
DGS-3620-28PC:admin#
To enable VRRP virtual MAC address update debug flag:
DGS-3620-28PC:admin# debug vrrp mac_addr_update state enable
Command: debug vrrp mac_addr_update state enable
Success.
DGS-3620-28PC:admin#
To enable VRRP interface state change debug flag:
DGS-3620-28PC:admin# debug vrrp interface_change state enable
Command: debug vrrp interface_change state enable
Success.
DGS-3620-28PC:admin#
To enable VRRP timer debug flag:
DGS-3620-28PC:admin# debug vrrp timers state enable
Command: debug vrrp timers state enable
Success.
DGS-3620-28PC:admin#
20-31 debug vrrp clear counter
Description
This command is used to reset the VRRP debug statistic counters.
326
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format debug vrrp clear counter
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To clear VRRP statistic counters:
DGS-3620-28PC:admin# debug vrrp clear counter
Command: debug vrrp clear counter
Success
DGS-3620-28PC:admin#
20-32 debug vrrp log state
Description
This command is used to enable or disable the VRRP debug log state.
Format debug vrrp log state [enable | disable]
Parameters
state - Specifies the state of the VRRP log. The default setting is disabled.
enable - Specifies that the VRRP log state will be enabled.
disable - Specifies that the VRRP log state will be disabled.
Restrictions
Only Administrator level users can issue this command.
Example
To enable the VRRP debug log state:
DGS-3620-28PC:admin# debug vrrp log state enable
Command: debug vrrp log state enable
Success.
DGS-3620-28PC:admin#
327
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
20-33 debug vrrp show counter
Description
This command is used to display the VRRP debug statistic counters.
Format debug vrrp show counter
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To display VRRP statistic counters:
DGS-3620-28PC:admin# debug vrrp show counter
Command: debug vrrp show counter
VRRP debug statistic counters
Received ADV : 9
Drop : 52
Auth fail : 0
Sent ADV : 0
DGS-3620-28PC:admin#
20-34 debug vrrp show flag
Description
This command is used to display VRRP debug flag settings.
Format debug vrrp show flag
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
328
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To display VRRP debug flag settings:
DGS-3620-28PC:admin#debug vrrp show flag
Command: debug vrrp show flag
Global State: Disabled
Current VRRP debug level setting:
virtual router state change
packet receiving
packet sending
mac address update
interface change
timer
DGS-3620-28PC:admin#
20-35 debug vrrp show log state
Description
The command is used to display the VRRP debug log state.
Format debug vrrp show log state
Parameters
None.
Restrictions
Only Administrator level users can issue this command.
Example
To display the VRRP debug log state:
DGS-3620-28PC:admin# debug vrrp show log state
Command: debug vrrp show log state
VRRP Debug Log State: Disabled
DGS-3620-28PC:admin#
329
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
20-36 debug vrrp state
Description
The command is used to enable or disable the VRRP debug state.
Format debug vrrp state [enable | disable]
Parameters
state - Specifies the state of the VRRP debug state. The default setting is disabled.
enable - Specifies that the VRRP debug state will be enabled.
disable - Specifies that the VRRP debug state will be disabled.
Restrictions
Only Administrator level users can issue this command.
Example
To enable the VRRP debug state:
DGS-3620-28PC:admin# debug vrrp state enable
Command: debug vrrp state enable
Success.
DGS-3620-28PC:admin#
20-37 debug bgp show flag
Description
This command is used for displaying current BGP debugging flags’ setting.
Format debug bgp show flag
Parameters
None.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Show BGP debug flag:
330
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug bgp show flag
Command: debug bgp show flag
Current BGP flags setting:
Peer FSM Event Disable
OPEN Packet Receive Disable
OPEN Packet Send Disable
UPDATE Packet Receive Disable
UPDATE Packet Send Disable
KEEPALIVE Packet Receive Disable
KEEPALIVE Packet Send Disable
NOTIFY Packet Receive Disable
NOTIFY Packet Send Disable
REFRESH Packet Receive Disable
REFRESH Packet Send Disable
CAPABILITY Packet Receive Disable
CAPABILITY Packet Send Disable
Route MAP Disable
Access List Disable
Prefix List Disable
ERROR Information Disable
DGS-3620-28PC:admin#
20-38 debug bgp all flag
Description
This command is used for setting all BGP debugging flags to disable or enable.
Format debug bgp all flag [enable | disable]
Parameters
enable - Enable the BGP debug function.
disable - Disable the BGP debug function.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure all BGP debug flags’ state to enable:
331
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug bgp all flag enable
Command: debug bgp all flag enable
Success.
DGS-3620-28PC:admin#
20-39 debug bgp fsm_event
Description
This command is used for setting the flag of debugging information about peer FSM Event.
Format debug bgp fsm_event [enable | disable]
Parameters
enable - Enable the BGP debug function.
disable - Disable the BGP debug function.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure BGP peer FSM event debug flag to enable:
DGS-3620-28PC:admin# debug bgp fsm_event enable
Command: debug bgp fsm_event enable
Success.
DGS-3620-28PC:admin#
Output Examples: After BGP peer FSM event debug flag to enable, it may print following information.
BGP: 10.1.1.1-10.2.2.2, [FSM] State Change: Idle -> Connect.
BGP: 10.1.1.1-10.2.2.2, [FSM] Hold-Timer Expiry.
BGP: 10.1.1.1-10.2.2.2, [FSM] State: Open, Event: 3.
20-40 debug bgp packet
Description
This command is used for setting the flag of debugging information about different type of BGP packets’ receiving and sending.
332
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format debug bgp packet [{open | update | keepalive | notify | refresh | capability}(1) | all] [in | out]
[enable | disable]
Parameters
open - (Optional) Specifies that 'open' information will be displayed.
update - (Optional) Specifies that 'update' information will be displayed.
keepalive - (Optional) Specifies that 'keepalive' information will be displayed.
notify - (Optional) Specifies that 'notify' information will be displayed.
refresh - (Optional) Specifies that 'refresh' information will be displayed.
capability - (Optional) Specifies that 'capability' information will be displayed.
all - (Optional) Specifies that all information will be displayed.
in - Specifies that the incoming information will be displayed.
out - Specifies that the outgoing information will be displayed.
enable - Enable the BGP debug function.
disable - Disable the BGP debug function.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure BGP to display debugging information after received update packet:
DGS-3620-28PC:admin# debug bgp packet all in enable
Command: debug bgp packet all in enable
Success.
DGS-3620-28PC:admin#
Output Examples: After BGP peer FSM event debug flag to enable, it may print following information.
BGP:Peer:<10.1.1.10> RCV OPEN, version:<4>,remote-as:<40>,
HoldTime:<180>,RID:<16.0.0.1>
BGP:Peer:<10.1.1.10> RCV KEEPALIVE.
BGP:Peer:<10.1.1.10> RCV UPDATE, withdraw:
<21.0.0.0/8>,<22.0.0.0/8>,<23.0.0.0/8>, <24.0.0.0/8>,<25.0.0.0/8>...
BGP:Peer:<10.1.1.10> RCV UPDATE,attr:<Orign:i,As-path:10,Nexthop:10.1.1.10,Med:5>, NLRI: <21.0.0.0/8>,<22.0.0.0/8>
BGP:Peer:<10.1.1.10> RCV NOTIFYCATION,Code:<OPEN Message Error.>,SubCode:<Bad
Peer AS.>
BGP:Peer:<10.1.1.10> RCV REFRESH,afi:<1>,safi:<1>
BGP:Peer:<10.1.1.10> RCV Capability Action:Set,Code: GRST ,Length:2
333
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
20-41 debug bgp error state
Description
This command is use for setting the flag of debugging information about BGP Error not need send
BGP NOTIFICATION.
Format debug bgp error state [enable | disable]
Parameters
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
enable - Enable the BGP debug function.
disable - Disable the BGP debug function.
Example
Configure BGP to enable error debug flag:
DGS-3620-28PC:admin# debug bgp error state enable
Command: debug bgp error state enable
Success.
DGS-3620-28PC:admin#
Output Examples: After configure BGP to enable error debug flag, it may print following information when error happens.
BGP: 10.1.1.1-10.2.2.2, NHop Validate: Invalid NHop address 250.3.0.0/8 received.
BGP: Hold-Timer: Invalid Peer.
20-42 debug bgp show global_info
Description
This command is used for displaying global information of current BGP instance.
Format debug bgp show global_info
Parameters
None.
334
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure BGP to show global information:
DGS-3620-28PC:admin# debug bgp show global_info
Command: debug bgp show global_info
Following is the information for global debugging:
---------------------------------------------------
AS Number : 100
Router ID : 194.17.0.2
Cluster ID : 123.123.123.123
Confed ID : 0
Confederation Peers :
Fast External Fallover : Disabled
Dampening Ability : Disabled
Client to Client Ability : Enabled
Cluster Peers : 0.0.0.0, 0.0.0.0, peer1
Aggregate Next_Hop_Check : Disabled
Default Local Preference : 100
Default Holdtime : 40
Default Keepalive : 10
Scan Time : 60
BGP Active Flags:
BGP_AF_CFLAG_SYNCHRONIZATION
BGP_AF_CFLAG_NETWORK_SYNC
BGP Active Redist-Flags for IPv4 Unicast:
BGP Trap : None
DGS-3620-28PC:admin#
20-43 debug bgp show peer
Description
This command is used for displaying information of all peers in BGP protocol DB.
Format debug bgp show peer {ipv6 unicast}
Parameters
ipv6 unicast – (Optional) Specifies to debug the IPv6 unicast address family.
335
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure BGP to show all peers’ information:
DGS-3620-28PC:admin# debug bgp show peer
Command: debug bgp show peer
BGP neighbor: 10.10.10.2 (Internal Peer)
-----------------------------------------------
Session State: Enabled
Session Activity: Enabled
Peer Group: NULL
Remote AS: 1
Local AS:10
Remote Router ID:192.168.252.252
BGP State: Established ( UP for 00:24:25)
Hold Time (Configured): 180 Seconds
Hold Time(Current Used): 180 Seconds
Keepalive Interval (Configured): 60 Seconds
Keepalive Interval(Current Used): 60 Seconds
Advertisement Interval(Configured): 5 Seconds
Advertisement Interval(Current Used): 5 Seconds
AS Origination Interval (Configured) : 0 Seconds
AS Origination Interval (Current Used) : 15 Seconds
Connect Retry Interval (Configured) : 0 Seconds
Connect Retry Interval (Current Used) : 120 Seconds
EBGP Multihop : 2
Weight: 100
Next Hop Self: Disabled
Remove Private AS: Disabled
Allowas In: Disabled
Address Family IPv4 Unicast
IPv4 Unicast: None
Soft Reconfiguration Inbound: Enabled
Community Sent to this Neighbor: None
Default Originate: Enabled
Incoming Update Prefix List: prelist1
Incoming Update Filter List: ASlist1
Route Map for Outgoing Routes: routemap1
Unsuppress Route Map: us_routmp1
Outbound Route Filter (ORF) type (64) Prefix list:
Send Mode : Disabled
Receive Mode : Disabled
Pass Word:
Prefix Count: 0
Send Prefix Count: 0
Prefix Max Count: 12000
Prefix Warning Threshold: 75
Prefix Max Warning: Disabled
336
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#
20-44 debug bgp show peer_group
Description
This command is used for displaying current peer group’s configuration in BGP protocol stack.
Format debug bgp show peer_group {ipv6 unicast}
Parameters
ipv6 unicast – (Optional) Specifies to debug the IPv6 unicast address family.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure BGP to show peer group’s configuration:
337
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug bgp show peer_group
Command: debug bgp show peer_group
BGP Peer Group :tt
-------------------------------------------------------
Session State : Enabled
Session Activity : Enabled
Members : None
Remote AS : Not Set
Holdtime Interval : 180 seconds
Keepalive Interval : 60 seconds
Advertisement Interval : 0 seconds
AS Origination Interval : 0 Seconds
Connect Retry Interval : 0 Seconds
EBGP Multihop : 1
Weight : 0
Next Hop Self : Disabled
Remove Private As : Disabled
Allowas In : Disabled
Soft Reconfiguration Inbound : Disabled
Community Sent to this Neighbor : None
Default Originate : Disabled
Capability 0rf Prefix List : None
Pass Word:
Prefix Max Count: 12000
Prefix Warning Threshold: 75
Prefix Max Warning: Disabled
DGS-3620-28PC:admin#
20-45 debug bgp show network
Description
This command is used for displaying current network’s configuration in BGP protocol stack.
Format debug bgp show network {ipv6 unicast}
Parameters
ipv6 unicast – (Optional) Specifies to debug the IPv6 unicast address family.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure BGP to show network information:
338
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug bgp show network
Command: debug bgp show network
Network Route Map
------------- -----------
192.168.0.0/8 NULL
172.16.0.0/16 map1
Total Entries :2
DGS-3620-28PC:admin#
20-46 debug bgp show aggregate
Description
This command is used for displaying current aggregate’s configuration in BGP protocol stack.
Format debug bgp show aggregate {ipv6 unicast}
Parameters
ipv6 unicast – (Optional) Specifies to debug the IPv6 unicast address family.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure BGP to show aggregate information:
DGS-3620-28PC:admin# debug bgp show aggregate
Command: debug bgp show aggregate
Network Summary Only AS Set Suppress Count
------------- ------------ ------ -------------
192.168.0.0/8 YES NO 0
172.16.0.0/16 NO NO 2
Total Entries :2
DGS-3620-28PC:admin#
20-47 debug bgp show damp
Description
This command is used for displaying current dampening configuration and corresponding dynamic information in BGP protocol stack.
339
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format debug bgp show damp {ipv6 unicast}
Parameters
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
ipv6 unicast – (Optional) Specifies to debug the IPv6 unicast address family.
Example
Configure BGP to show current dampening information:
DGS-3620-28PC:admin# debug bgp show damp
Command: debug bgp show damp
Route Map : NULL
Reach Half Life Time is : 900 seconds
Reuse Value : 750
Suppress Value : 2000
MAX Suppress Time : 3600 seconds
Unreach Half Life Time is : 900 seconds
Reuse Index Size : 1024
Reuse List Size : 256
Reuse Offset : 19
Current dampened routes:
Damp Reuse List Info: reuse_index index ptr penalty flap start_time t_updated suppress_time evt show BGP Damp no reuse list info: 0 index ptr penalty flap start_time t_updated suppress_time evt
BGP Damp Decay List Info: decay array size is 90.
Index Value
----- -----
1 1
2 0.969663
3 0.940247
4 0.911722
5 0.884064
6 0.857244
7 0.831238
8 0.806021
9 0.781569
340
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
10 0.757858
Output truncated...
DGS-3620-28PC:admin#
20-48 debug bgp show interface_info
Description
This command is used for displaying current interface information in BGP protocol stack.
Format debug bgp show interface_info
Parameters
None.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure BGP to show current interface information:
DGS-3620-28PC:admin# debug bgp show interface_info
Command: debug bgp show interface_info
Interface Information:
Name Index Network Flags Status
---- ---- ------------ ----- ------
System 0001 30.30.30.30/8 0 Up
DGS-3620-28PC:admin#
20-49 debug bgp show as_path_access_list
Description
This command is used for displaying current BGP as path access list configuration in BGP protocol stack.
Format debug bgp show as_path_access_list
341
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
None.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure BGP to show current BGP as_path access_list information:
DGS-3620-28PC:admin# debug bgp show as_path_access_list
Command: debug bgp show as_path_access_list
BGP AS Path Access List 1 deny (_64[6-9][0-9][0-9]_|_65[0-9][0-9][0-9]_) permit 33
Total Entries: 1
DGS-3620-28PC:admin#
20-50 debug bgp show bgp_timer
Description
This command is used for displaying current BGP timer chain information in BGP protocol stack.
Format debug bgp show bgp_timer
Parameters
None.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure BGP to show current BGP timer chain information.
342
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug bgp show bgp_timer
Command: debug bgp show bgp_timer
BGP timer Link:
Node Time Func
---- ---- ------
08B108D0 0001 00675AF4
08B1AC70 0016 0065F4F4
08B1ACA8 0017 0065F5CC
08B37DCC 0029 0065F4F4
08B37E04 0030 0065F5CC
032821BC 0035 00662840
08B1AC54 0135 0065F40C
08B37DB0 0148 0065F40C
DGS-3620-28PC:admin#
20-51 debug bgp show community_list
Description
This command is used for displaying current community list configuration in protocol stack.
Format debug bgp show community_list
Parameters
None.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure BGP to show current community list information:
DGS-3620-28PC:admin# debug bgp show community_list
Command: debug bgp show community_list
Community list:1 standard
permit 50000:100
DGS-3620-28PC:admin#
20-52 debug bgp show redist_info
Description
This command is used for displaying current BGP redistribution information.
343
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format debug bgp show redist_info
Parameters
None.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure BGP to show current BGP redistribution information:
DGS-3620-28PC:admin# debug bgp show redist_info
Command: debug bgp show redist_info
Last redistribution count summary:
Type Route_count_rib total_count Time(msec)
------ ---------------- --------------- ---------
OSPF 0 0 0
RIP 0 0 0
STATIC 0 0 0
LOCAL 7 0 0
Redistributed routes summary:
Network Type Next_hop
------- ---- -------------
1.10.0.1/32 LOCAL 0.0.0.0
1.10.0.2/32 LOCAL 0.0.0.0
1.10.0.3/32 LOCAL 0.0.0.0
DGS-3620-28PC:admin#
20-53 debug bgp router_map
Description
This command is used for setting route_map debugging flags to disable or enable. If this flag is enable, route-map permit or deny in BGP module will be displayed.
Format debug bgp router_map [enable | disable]
Parameters
enable - Enable the route_map debug function.
disable - Disable the route_map debug function.
344
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
Configure routemap debug flags’ state to enable:
DGS-3620-28PC:admin# debug bgp router_map enable
Command: debug bgp router_map enable
Success.
DGS-3620-28PC:admin# config bgp neighbor map 15.0.0.1 route_map in add map1
Command: config bgp neighbor map 15.0.0.1 route_map in add map1
Success.
DGS-3620-28PC:admin#
Output Examples: After configure BGP to enable route map debug flag, it may print following information when route map applied. route_map:<map1>,apply bgp neighbor:<13.0.0.1> MATCH. route_map:<map1>,apply bgp static route:<32.0.0.0/8> Not MATCH.
20-54 debug bgp access_list
Description
This command is used for setting access_list debugging flags to disable or enable. If this flag is enable, access list permit or deny in BGP module will be displayed
Format debug bgp access_list [enable | disable]
Parameters
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
enable - Enable the access_list debug function.
disable - Disable the access_list debug function.
Example
Configure access list debug flags’ state to enable:
345
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug bgp access_list enable
Command: debug bgp access_list enable
Success.
DGS-3620-28PC:admin#
Output Examples: After configure BGP to enable access list debug flag, it may print following information when access list applied. access_list:<ac1>,apply bgp neighbor:<19.0.0.1> MATCH.
20-55 debug bgp prefix_list
Description
This command is used for setting prefix_list debugging flags to disable or enable. If this flag is enable, prefix list permit or deny in BGP module will be displayed.
Format debug bgp prefix_list [enable | disable]
Parameters
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
enable - Enable the prefix_list debug function.
disable - Disable the prefix_list debug function.
Example
Configure prefix list debug flags’ state to enable:
DGS-3620-28PC:admin# debug bgp prefix_list enable
Command: debug bgp prefix_list enable
Success.
DGS-3620-28PC:admin#
Output Examples: After configure BGP to enable prefix list debug flag, it may print following information when prefix list applied.
Prefix_list:<list1>,apply bgp neighbor:<15.0.0.1> MATCH.
346
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
20-56 debug bgp state
Description
This command is used to set the global state of BGP debug function.
Format debug bgp state [enable | disable]
Parameters
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
enable - Specifies to enable the debug function of BGP.
disable - Specifies to disable the debug function of BGP.
Example
To enable the debug function of BGP:
DGS-3620-28PC:admin#debug bgp state enable
Command: debug bgp state enable
Success.
DGS-3620-28PC:admin#
20-57 debug dhcpv6_client state enable
Description
This command is used to enable the DHCPv6 client Debug function.
Format debug dhcpv6_client state enable
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To enabled DHCPv6 client debug function:
347
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug dhcpv6_client state enable
Command: debug dhcpv6_client state enable
Success.
DGS-3620-28PC:admin#
20-58 debug dhcpv6_client state disable
Description
This command is used to disable the DHCPv6 client Debug function.
Format debug dhcpv6_client state enable
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To disabled DHCPv6 client debug function:
DGS-3620-28PC:admin# debug dhcpv6_client state disable
Command: debug dhcpv6_client state disable
Success.
DGS-3620-28PC:admin#
20-59 debug dhcpv6_client output
Description
Used to set debug message to output to buffer or console.
Format debug dhcpv6_client output [buffer | console]
Parameters
buffer - Let the debug message output to buffer.
console - Let the debug message output to console.
348
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator-level users can issue this command.
Example
To set debug information to output to console:
DGS-3620-28PC:admin# debug dhcpv6_client output console
Command: debug dhcpv6_client output console
Success.
DGS-3620-28PC:admin#
20-60 debug dhcpv6_client packet
Description
Used to enable or disable debug information flag for DHCPv6 client packet, including packet receiving and sending.
Format debug dhcpv6_client packet {all | receiving | sending} state [enable | disable]
Parameters
all - (Optional) Set packet receiving and sending debug flags.
receiving - (Optional) Set packet receiving debug flag.
sending - (Optional) Set packet sending debug flag.
state - Specifies that the designated flags will be enabled or disabled.
enable - Enable the designated flags.
disable - Disable the designated flags.
Restrictions
Only Administrator-level users can issue this command.
Example
To enable dhcpv6_client packet sending debug:
DGS-3620-28PC:admin# debug dhcpv6_client packet sending state enable
Command: debug dhcpv6_client packet sending state enable
Success.
DGS-3620-28PC:admin#
349
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
20-61 debug dhcpv6_relay state enable
Description
This command is used to enable the DHCPv6 relay Debug function.
Format debug dhcpv6_relay state enable
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To enabled DHCPv6 relay debug function:
DGS-3620-28PC:admin# debug dhcpv6_relay state enable
Command: debug dhcpv6_relay state enable
Success.
DGS-3620-28PC:admin#
20-62 debug dhcpv6_relay state disable
Description
This command is used to disable the DHCPv6 relay Debug function.
Format debug dhcpv6_relay state disable
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To disabled DHCPv6 relay debug function:
350
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug dhcpv6_relay state disable
Command: debug dhcpv6_relay state disable
Success.
DGS-3620-28PC:admin#
20-63 debug dhcpv6_relay hop_count state
Description
This command is used to enable or disable debug information flag about the hop count.
Format debug dhcpv6_relay hop_count state [enable | disable]
Parameters
Restrictions
Only Administrator-level users can issue this command.
state - Specifies the hop count debugging state.
enable - Specifies that the hop count state will be enabled.
disable - Specifies that the hop count state will be disabled.
Example
To enable debug information flag about the hop count:
DGS-3620-28PC:admin# debug dhcpv6_relay hop_count state enable
Command: debug dhcpv6_relay hop_count state enable
Success.
DGS-3620-28PC:admin#
20-64 debug dhcpv6_relay output
Description
Used to set debug message to output to buffer or console.
Format debug dhcpv6_relay output [buffer | console]
Parameters
output - Specifies the location of the debug message output.
buffer - Let the debug message output to buffer.
351
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
console - Let the debug message output to console.
Restrictions
Only Administrator-level users can issue this command.
Example
To set debug information to output to console:
DGS-3620-28PC:admin# debug dhcpv6_relay output console
Command: debug dhcpv6_relay output console
Success.
DGS-3620-28PC:admin#
20-65 debug dhcpv6_relay packet
Description
Used to enable or disable debug information flag for DHCPv6 relay packet, including packet receiving and sending.
Format debug dhcpv6_relay packet {all | receiving | sending} state [enable | disable]
Parameters
Restrictions
Only Administrator-level users can issue this command.
all - (Optional) Set packet receiving and sending debug flags.
receiving - (Optional) Set packet receiving debug flag.
sending - (Optional) Set packet sending debug flag.
state - Specifies if the designated flags function will be enabled or disabled.
enable - Enable the designated flags.
disable - Disable the designated flags.
Example
To enabled DHCPv6 relay packet sending debug:
DGS-3620-28PC:admin# debug dhcpv6_relay packet sending state enable
Command: debug dhcpv6_relay packet sending state enable
Success.
DGS-3620-28PC:admin#
352
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
20-66 debug dhcpv6_server packet
Description
This command is used to enable or disable the debug information flag of the DHCPv6 server packet, including packets receiving and sending.
Format debug dhcpv6_server packet [all | receiving | sending] state [enable | disable]
Parameters
Restrictions
Only Administrator-level users can issue this command.
all - Set packet receiving and sending debug flags.
receiving - Set packet receiving debug flag.
sending - Set packet sending debug flag.
state - Specifies the state of the designated flags.
enable - Enable the designated flags.
disable - Disable the designated flags.
Example
To enabled the DHCPv6 server packet sending debug:
DGS-3620-28PC:admin# debug dhcpv6_server packet sending state enable
Command: debug dhcpv6_server packet sending state enable
Success.
DGS-3620-28PC:admin#
20-67 debug dhcpv6_server state disable
Description
This command is used to disable the DHCPv6 server debug functions.
Format debug dhcpv6_server state disable
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
353
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To disabled the DHCPv6 server debug function:
DGS-3620-28PC:admin# debug dhcpv6_server state disable
Command: debug dhcpv6_server state disable
Success.
DGS-3620-28PC:admin#
20-68 debug dhcpv6_server state enable
Description
This command is used to enable the DHCPv6 server debug functions.
Format debug dhcpv6_server state enable
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To enabled the DHCPv6 server debug function:
DGS-3620-28PC:admin# debug dhcpv6_server state enable
Command: debug dhcpv6_server state enable
Success.
DGS-3620-28PC:admin#
20-69 debug pim ssm
Description
This command is used to enable the PIM-SSM debug function.
Format debug pim ssm
354
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To enable the PIM-SSM debug function:
DGS-3620-28PC:admin# debug pim ssm
Command: debug pim ssm
Success.
DGS-3620-28PC:admin#
Once the PIM-SSM debug enabled, the debug information maybe outputted.
DGS-3620-28PC:admin# PIM_SSM, 6 Dec 2012 15:37:22 IGMP Group Record Type 2 for group 232.1.1.1 from 192.168.2.14 on n101, ignored.
Output truncated...
20-70 no debug pim ssm
Description
This command is used to disable the PIM-SSM debug function.
Format no debug pim ssm
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
To disable the PIM-SSM debug function:
355
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# no debug pim ssm
Command: no debug pim ssm
Success.
DGS-3620-28PC:admin#
20-71 debug ripng flag
Description
This command is used to enable or disable the RIPng debug flag.
Format debug ripng flag [{interface | packet [all | rx | tx] | route} | all] state [enable | disable]
Parameters
interface - (Optional) Specifies the state of the RIPng interface debug. The default setting is disabled.
packet - (Optional) Specifies which packets should be set with debug flags.
all - Specifies to set all packets with debug flags.
rx - Specifies to set inbound packets with debug flag.
tx - Specifies to set outbound packets with debug flag.
route - (Optional) Specifies the state of the RIPng route debug. The default setting is disabled.
all - Specifies to set all debug flags.
state - Specifies the designated flags state.
enable - Specifies that the designated flags state will be enabled.
disable - Specifies that the designated flags state will be disabled.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
To enable the RIPng debug:
DGS-3620-28PC:admin# debug ripng state enable
Command: debug ripng state enable
Success.
DGS-3620-28PC:admin#
After enabling RIPng on an interface, the following information may appear when the interface state changes.
The RIPng interface System has changed the link state to down.
356
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
20-72 debug ripng show flag
Description
This command is used to display the RIPng debug flag setting.
Format debug ripng show flag
Parameters
None.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
To show the current RIPng debug flag setting:
DGS-3620-28PC:admin# debug ripng show flag
Command: debug ripng show flag
Current RIPng debug level setting:
Packet Receiving
Packet Sending
Route
Interface State Change
DGS-3620-28PC:admin#
20-73 debug ripng state disable
Description
This command is used to disable the RIPng debug state.
Format debug ripng state disable
Parameters
None.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
357
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To disable RIPng debug globally:
DGS-3620-28PC:admin# debug ripng state disable
Command: debug ripng state disable
Success.
DGS-3620-28PC:admin#
20-74 debug ripng state enable
Description
This command is used to enable the RIPng debug state.
Format debug ripng state enable
Parameters
None.
Restrictions
Only Administrator-level users can issue this command. (EI Mode Only Command)
Example
To enable RIPng debug globally:
DGS-3620-28PC:admin# debug ripng state enable
Command: debug ripng state enable
Success.
DGS-3620-28PC:admin#
20-75 debug routefilter show
Description
This command is used to display route filter information in kernel, including prefix list, access list, and route map.
Format debug routefilter show [prefix_list | access_list | route_map | ipv6_prefix_list | ipv6_access_list]
358
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
prefix_list - Specifies to display IPv4 prefix list debug information.
access_list - Specifies to display IPv4 access list debug information.
route_map - Specifies to display route map debug information.
ipv6_prefix_list - Specifies to display IPv6 prefix list debug information.
ipv6_access_list - Specifies to display IPv6 access list debug information.
Restrictions
Only Administrator-level users can issue this command.
Example
To display route filter information in kernel:
359
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug routefilter show route_map
Command: debug routefilter show route_map route-map 123,r_id:1
Sequence 1, type:1
Match clauses:
as-path (as-path filter): list1
community list1 exact
ip next-hop prefix-list 123
ip address prefix-list 123
metric 4294967294
ipv6 address prefix-list abc
ipv6 next-hop prefix-list abc
Set clauses:
Sequence 10, type:0
Match clauses:
Set clauses:
Sequence 100, type:1
Match clauses:
Set clauses:
Sequence 500, type:0
Match clauses:
Set clauses:
Sequence 1000, type:0
Match clauses:
Set clauses:
Sequence 5000, type:1
Match clauses:
Set clauses:
Sequence 10000, type:1
Match clauses:
Set clauses:
Sequence 65535, type:0
Match clauses:
Set clauses: route-map ~!@#$%^&*()_+~!@,r_id:2
Sequence 10, type:0
Match clauses:
Set clauses:
Sequence 65535, type:0
Match clauses:
metric 4294967294
ipv6 next-hop 1::1
ipv6 address abc0
Set clauses:
DGS-3620-28PC:admin#
20-76 debug show status
Description
Show the debug handler state and the specified module’s debug status.
360
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
If the input module list is empty, the states of all registered modules which support debug module will be shown.
Format debug show status {module <module_list>}
Parameters
module – (Optional) Specifies the module list.
<module_list> - Enter the module list here.
Restrictions
Only Administrator-level users can issue this command.
Example
To show the specified module’s debug state:
Prompt# debug show status module MSTP
Command: debug show status module MSTP
Debug Global State : Enable
MSTP
Prompt#
: Enable
To show the debug state:
Prompt# debug show status
Command: debug show status
Debug Global State: Enable
MSTP : Disabled
IMPB : Disabled
DHCPv6_CLIENT : Disabled
DHCPv6_RELAY : Disabled
OSPFV2 : Disabled
VRRP : Disabled
RIPNG : Disabled
ERPS : Disabled
DHCPv6_SERVER : Disabled
Prompt#
20-77 debug super_vlan state
Description
This command is used to enable or disable the super VLAN Debug Function.
361
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format debug super_vlan state [enable | disable]
Parameters
state - Specifies the super VLAN debug function state.
enable - Specifies that the super VLAN debug function will be enabled.
disable - Specifies that the super VLAN debug function will be disabled.
Restrictions
Only Administrator-level users can issue this command.
Example
To disable the super VLAN Debug Function:
DGS-3620-28PC:admin# debug super_vlan state disable
Command: debug super_vlan state disable
Success.
DGS-3620-28PC:admin#
After enabling super VLAN debug, the following information may appear when receive an ARP packet form sub VLAN.
The ARP request packet received from sub vlan 200.
20-78 debug show address_binding binding_state_table
Description
This command is used to display the binding state of the entries in the binding state table.
Format debug show address_binding binding_state_table [nd_snooping | dhcpv6_snooping]
Parameters
nd_snooping - Specifies to debug ND Snooping bound addresses in the binding state table.
dhcpv6_snooping - Specifies to debug DHCPv6 Snooping bound addresses in the binding state table.
Restrictions
Only Administrator-level users can issue this command.
362
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To display the DHCPv6 snooping binding state of entries:
DGS-3620-28PC:admin# debug show address_binding binding_state_table dhcpv6_snooping
Command: debug show address_binding binding_state_table dhcpv6_snooping
S (State) - S: Start, L: Live, D :Detection, R: Renew, B: Bound
Time - Expiry Time (sec)
IP Address MAC Address S Time Port
--------------------------------------- ----------------- -- ---------- -----
2001:2222:1111:7777:5555:6666:7777:8888 00-00-00-00-00-02 S 50 5
2001::1 00-00-00-00-03-02 B 100 6
Total Entries : 2
DGS-3620-28PC:admin#
To display the ND Snooping binding state of entries:
DGS-3620-28PC:admin# debug show address_binding binding_state_table nd_snooping
Command: debug show address_binding binding_state_table nd_snooping
S (State) - S: Start, Q: Query, B: Bound
Time - Expiry Time (sec)
IP Address MAC Address S Time Port
--------------------------------------- ----------------- -- ---------- -----
2001:2222:1111:7777:5555:6666:7777:8888 00-00-00-00-00-02 S 50 5
2001::1 00-00-00-00-03-02 B 100 6
Total Entries : 2
DGS-3620-28PC:admin#
20-79 debug show error ports box_id
Description
This command is used to show the error statistics information of the SIO ports
Format debug show error ports box_id [<value 1-12> | all] {sio1 | sio2}
Parameters
<value 1-12> - Enter the box ID used here. This value must be between 1 and 12.
all - Specifies that all the box IDs will be used.
sio1 - Specifies that the minimum of two SIO ports will be used. SIO1 is the first stacking port.
sio2 - Specifies that the maximum of two SIO ports will be used. SIO2 is the second stacking port.
363
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrator-level users can issue this command.
Example
To show error statistics information of the SIO port:
DGS-3620-28PC:admin#debug show error ports box_id all sio1
Command: debug show error ports box_id all sio1
Box ID 1 SIO 1:
RX Frames TX Frames
--------- ---------
CRC Error 0 Excessive Deferral 0
Undersize 0 CRC Error 0
Oversize 0 Late Collision 0
Fragment 0 Excessive Collision 0
Jabber 0 Single Collision 0
Buffer Full Drop 0 Collision 0
Symbol Error 0 STP Drop 0
Multicast Drop 0 HOL DROP 0
VLAN Ingress Drop 0 COS0 HOL DROP 0
STP Drop 0 COS1 HOL DROP 0
MTU Drop 0 COS2 HOL DROP 0
COS3 HOL DROP 0
COS4 HOL DROP 0
COS5 HOL DROP 0
COS6 HOL DROP 0
COS7 HOL DROP 0
CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All
20-80 debug show jwac auth_info
Description
This command is used to show debug information of JWAC.
Format debug show jwac auth_info
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
364
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To display debug information of JWAC:
DGS-3620-28PC:admin#debug show jwac auth_info
Command: debug show jwac auth_info
ACL Index Bitmap DB (jwac_db_acl_bmp):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00
Internal TCP Port Number (jwac_internal_port_bitmap):
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF
Connection DB:
No Host
Current AUTH DB (_jwac_db_nodes):
No Host
Ports AUTH Info: (_jwac_db_nodes)
port mac state last_bytes authing_cnt authed_cnt
----- ------------------ -------- ---------- ----------- -----------
JWAC Web data (jwac_web_auth_result_list):
CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All
20-81 debug show packet ports box_id
Description
This command is used to show the packet statistics information of the SIO ports.
Format debug show packet ports box_id [<value 1-12> | all] {sio1 | sio2}
Parameters
<value 1-12> - Enter the box ID used here. This value must be between 1 and 12.
all - Specifies that all the box IDs will be used.
sio1 - Specifies that the minimum of two SIO ports will be used. SIO1 is the first stacking port.
sio2 - Specifies that the maximum of two SIO ports will be used. SIO2 is the second stacking port.
Restrictions
Only Administrator-level users can issue this command.
365
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To show packet statistics information of the SIO port:
DGS-3620-28PC:admin# debug show packet ports box_id all sio1
Command: debug show packet ports box_id all sio1
BOX ID 1 SIO 1:
Frame Size/Type Frame Counts Frames/sec
--------------- ---------------------- -----------
64 0 0
65-127 0 0
128-255 0 0
256-511 0 0
512-1023 0 0
1024-1518 0 0
1519-2047 0 0
2048-4095 0 0
4096-9216 0 0
Unicast RX 0 0
Multicast RX 0 0
Broadcast RX 0 0
RX Bytes 0 0
RX Frames 0 0
TX Bytes 0 0
TX Frames 0 0
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
20-82 debug show cpu utilization
Description
This command is used to display the total CPU utilization and CPU utilization per process.
Format debug show cpu utilization
Parameters
None.
Restrictions
Only Administrator-level users can issue this command.
Example
This example shows how to turn on debugging for the show CPU utilization command.
366
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# debug show cpu utilization
Command: debug show cpu utilization
Five seconds - 14 % One minute - 14 % Five minutes - 14 %
Process Name 5Sec 1Min 5Min
----------------- ------ ------ ------
OS_UTIL 84 % 86 % 86 % bcmL2X.0 8 % 7 % 7 % bcmCNTR.0 2 % 2 % 2 %
MAUMIB_TASK 1 % 1 % 1 %
GBIC_Pooling 1 % 0 % 0 %
FAN_Pooling 1 % 0 % 0 %
DGS-3620-28PC:admin#
367
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 21 DHCP Local Relay
Commands
config dhcp_local_relay vlan <vlan_name 32> state [enable | disable]
config dhcp_local_relay vlan vlanid <vlan_id 1-4094> state [enable | disable]
enable dhcp_local_relay disable dhcp_local_relay show dhcp_local_relay
21-1 config dhcp_local_relay vlan
Description
This command is used to enable or disable the DHCP local relay function for a specified VLAN. By default, the switch will not broadcast DHCP packets on any VLAN for which a DHCP relay is configured. DHCP packets will be intercepted, and only be relayed to the servers specified in the dhcp_relay command. This is done to minimise the risk with rogue DHCP servers. Enabling the dhcp_local_relay feature will restore the broadcast behaviour, and cause DHCP packets to also be broadcast on the specified VLAN.
Note: When “dhcp_local_relay” is enabled, the switch will automatically add DHCP option 82, and the source MAC and gateway in the packet will remain unchanged.
Format config dhcp_local_relay vlan <vlan_name 32> state [enable | disable]
Parameters
<vlan_name 32> - Enter the name of the VLAN to be enabled for DHCP local relay.
state - Enable or disable DHCP local relay for a specified VLAN.
enable - Enable DHCP local relay for a specified VLAN.
disable - Disable DHCP local relay for a specified VLAN.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable DHCP local relay for the default VLAN:
DGS-3620-28PC:admin#config dhcp_local_relay vlan default state enable
Command: config dhcp_local_relay vlan default state enable
Success.
DGS-3620-28PC:admin#
368
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
21-2 config dhcp_local_relay vlan vlanid
Description
This command is used to enable or disable the DHCP local relay function for a specified VLAN ID.
Format config dhcp_local_relay vlan vlanid <vlan_id 1-4094> state [enable | disable]
Parameters
vlanid - Specifies the VLAN ID used to enabled DHCP local relay.
<vlan_id 1-4094> - Enter the VLAN ID used here. This value must be between 1 and 4094.
state - Enable or disable DHCP local relay for a specified VLAN.
enable - Enable DHCP local relay for a specified VLAN.
disable - Disable DHCP local relay for a specified VLAN.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable DHCP local relay for the default VLAN:
DGS-3620-28PC:admin#config dhcp_local_relay vlan vlanid 1 state enable
Command: config dhcp_local_relay vlan vlanid 1 state enable
Success.
DGS-3620-28PC:admin#
21-3 enable dhcp_local_relay
Description
This command is used to globally enable the DHCP local relay function on the switch.
Format enable dhcp_local_relay
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable the DHCP local relay function:
369
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#enable dhcp_local_relay
Command: enable dhcp_local_relay
Success.
DGS-3620-28PC:admin#
21-4 disable dhcp_local_relay
Description
This command is used to globally disable the DHCP local relay function on the switch.
Format disable dhcp_local_relay
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To disable the DHCP local relay function:
DGS-3620-28PC:admin#disable dhcp_local_relay
Command: disable dhcp_local_relay
Success.
DGS-3620-28PC:admin#
21-5 show dhcp_local_relay
Description
This command is used to display the current DHCP local relay configuration on the switch.
Format show dhcp_local_relay
Parameters
None.
370
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
None.
Example
To display the local DHCP relay status:
DGS-3620-28PC:admin#show dhcp_local_relay
Command: show dhcp_local_relay
DHCP/BOOTP Local Relay Status : Disabled
DHCP/BOOTP Local Relay VID List : 1,3-4
DGS-3620-28PC:admin#
371
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 22 DHCP Relay
Commands
config dhcp_relay {hops <int 1-16> | time <sec 0-65535>}(1)
config dhcp_relay add ipif <ipif_name 12> <ipaddr>
config dhcp_relay delete ipif <ipif_name 12> <ipaddr>
config dhcp_relay option_60 add string <multiword 255> relay <ipaddr> [exact-match | partialmatch]
config dhcp_relay option_60 default [relay <ipaddr> | mode [relay | drop]]
config dhcp_relay option_60 delete [string <multiword 255> {relay <ipaddr>} | ipaddress
<ipaddr> | all | default {<ipaddr>}]
config dhcp_relay option_60 state [enable | disable]
config dhcp_relay option_61 add [mac_address <macaddr> | string <desc_long 255>] [relay
<ipaddr> | drop]
config dhcp_relay option_61 default [relay <ipaddr> | drop]
config dhcp_relay option_61 delete [mac_address <macaddr> | string <desc_long 255> | all]
config dhcp_relay option_61 state [enable | disable]
config dhcp_relay option_82 check [enable | disable]
config dhcp_relay option_82 circuit_id [default | user_define <string 32> | vendor6]
config dhcp_relay option_82 policy [replace | drop | keep]
config dhcp_relay option_82 remote_id [default | user_define <string 32>]
config dhcp_relay option_82 state [enable | disable]
enable dhcp_relay disable dhcp_relay
show dhcp_relay {ipif <ipif_name 12>}
show dhcp_relay option_60 {[string <multiword 255> | ipaddress <ipaddr> | default]}
show dhcp_relay option_61
config dhcp_relay ports [<portlist> | all] state [enable | disable]
show dhcp_relay ports {<portlist>}
Note: The DHCP relay commands include all the commands defined in the BOOTP relay command section. If this DHCP relay command set is supported in your system, the BOOTP relay commands can be ignored.
Note: The system supporting DHCP relay will accept BOOTP relay commands in the
config file but not allow input from the console screen, and these BOOTP relay commands setting from the config file will be saved as DHCP relay commands while the save command is performed.
22-1 config dhcp_relay
Description
This command is used to configure the DHCP relay feature of the switch.
Format config dhcp_relay {hops <int 1-16> | time <sec 0-65535>}(1)
372
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
hops - Specifies the maximum number of router hops that the DHCP/BOOTP packets can cross.
The range is 1 to 16. The default value is 4.
<int 1-16> - Enter the maximum number of router hops that the DHCP/BOOTP packets can cross. The maximum number of hops value must be between 1 and 16.
time - Specifies the minimum time in seconds within which the switch must relay the
DHCP/BOOTP request. If this time is larger than the DHCP packet’s time, the switch will drop the DHCP/BOOTP packet. The range is 0 to 65535. The default value is 0.
<sec 0-65535> - Enter the minimum time in seconds within which the switch must relay the
DHCP/BOOTP request. The minimum time value must be between 0 and 65535 seconds.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the DHCP relay:
DGS-3620-28PC:admin#config dhcp_relay hops 4 time 2
Command: config dhcp_relay hops 4 time 2
Success.
DGS-3620-28PC:admin#
22-2 config dhcp_relay add ipif
Description
This command is used to add an IP destination address to the switch’s DHCP relay table.
Note: Adding a server to which DHCP packets will be relayed, will cause the switch to intercept
DHCP packets on the specified VLAN, and relay them directly to the specified server. DHCP packets will not be broadcast on the VLAN. To restore broadcast functionality, see the
“dhcp_local_relay” command
Format config dhcp_relay add ipif <ipif_name 12> <ipaddr>
Parameters
<ipif_name 12> - Enter the name of the IP interface which contains the IP address below.
<ipaddr> - Enter the DHCP/BOOTP server IP address.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To add an IP destination address to the switch’s DHCP relay table:
373
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#config dhcp_relay add ipif System 10.43.21.12
Command: config dhcp_relay add ipif System 10.43.21.12
Success.
DGS-3620-28PC:admin#
22-3 config dhcp_relay delete ipif
Description
This command is used to delete an IP destination address from the switch’s DHCP relay table.
Format config dhcp_relay delete ipif <ipif_name 12> <ipaddr>
Parameters
<ipif_name 12> - Enter the name of the IP interface which contains the IP address below.
<ipaddr> - Enter the DHCP/BOOTP server IP address.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete an IP destination address from the switch’s DHCP relay table:
DGS-3620-28PC:admin#config dhcp_relay delete ipif System 10.43.21.12
Command: config dhcp_relay delete ipif System 10.43.21.12
Success.
DGS-3620-28PC:admin#
22-4 config dhcp_relay option_60 add string
Description
This command is used to configure the Option 60 relay rules. Note that different strings can be specified with the same relay server, and the same string can be specified with multiple relay servers. The system will relay the packet to all the matching servers.
Format config dhcp_relay option_60 add string <multiword 255> relay <ipaddr> [exact-match | partial-match]
374
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<multiword 255> - Enter a string.
relay - Specifies a relay server IP address.
<ipaddr> - Enter the IP address here.
exact-match - The Option 60 string in the packet must fully match the specified string.
partial-match - The Option 60 string in the packet only need partially match the specified string.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure DHCP Option 60 to decide to relay which DHCP server:
DGS-3620-28PC:admin#config dhcp_relay option_60 add string “abc” relay
10.90.90.1 exact-match
Command: config dhcp_relay option_60 add string “abc” relay 10.90.90.1 exactmatch
Success.
DGS-3620-28PC:admin#
22-5 config dhcp_relay option_60 default
Description
This command is used to configure DHCP relay Option 60 default relay servers. When there are no match servers found for the packet based on Option 60, the relay servers will be determined by the default relay server setting. When drop is specified, the packet with no matching rules found will be dropped without further processing. If the setting is no- drop, then the packet will be processed further based on Option 61. The final relay servers will be the union of Option 60 default relay servers and the relay servers determined by Option 61.
Format config dhcp_relay option_60 default [relay <ipaddr> | mode [relay | drop]]
Parameters
relay - Specifies a relay server IP for the packet that has matching Option 60 rules.
<ipaddr> - Enter the server IP address here.
mode - Specifies the mode to relay or drop packets.
relay - The packet will be relayed based on the relay rules.
drop - Specifies to drop the packet that has no matching Option 60 rules.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
375
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure a DHCP Option 60 default drop action:
DGS-3620-28PC:admin#config dhcp_relay option_60 default mode drop
Command: config dhcp_relay option_60 default mode drop
Success.
DGS-3620-28PC:admin#
22-6 config dhcp_relay option_60 delete
Description
This command is used to delete a DHCP Option 60 entry. When all is specified, all rules excluding the default rules are deleted.
Format config dhcp_relay option_60 delete [string <multiword 255> {relay <ipaddr>} | ipaddress
<ipaddr> | all | default {<ipaddr>}]
Parameters
string - Delete all the entries whose string is equal to the string specified if the IP address is not specified.
<multiword 255> - The string value can be up to 255 characters long.
relay - (Optional) Delete one entry, whose string and IP address are equal to the string and IP address specified by the user.
<ipaddr> - Enter the IP address here.
ipaddress - Delete all the entries whose IP address are equal to the specified IP address.
<ipaddr> - Enter the IP address here.
all - Specifies to have all rules, excluding the default rules, deleted.
default - Delete the default relay IP address that is specified by the user.
<ipaddr> - (Optional) Enter the IP address here.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete a DHCP Option 60 entry:
DGS-3620-28PC:admin# config dhcp_relay option_60 delete string "abc" relay
10.90.90.1
Command: config dhcp_relay option_60 delete string "abc" relay 10.90.90.1
Success.
DGS-3620-28PC:admin#
376
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
22-7 config dhcp_relay option_60 state
Description
This command is used to decide whether DHCP relay will process the DHCP Option 60 or not.
When Option 60 is enabled, if the packet does not have Option 60, then the relay servers cannot be determined based on Option 60. The relay servers will be determined based on either Option
61 or per IPIF configured servers.
Format config dhcp_relay option_60 state [enable | disable]
Parameters
enable - Specifies to enable the DHCP relay function to use option 60 rules to relay DHCP packets.
disable - Specifies to disable the DHCP relay function from using option 60 rules to relay DHCP packets.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the DHCP Option 60 state:
DGS-3620-28PC:admin#config dhcp_relay option_60 state enable
Command: config dhcp_relay option_60 state enable
Success.
DGS-3620-28PC:admin#
22-8 config dhcp_relay option_61 add
Description
This command adds a rule to determine the relay server based on Option 61. The match rule can be based on either MAC address or a user-specified string. Only one relay server can be specified for a MAC address or a string. If relay servers are determined based on Option 60, and one relay server is determined based on Option 61, the final relay servers will be the union of these two sets of the servers.
Format config dhcp_relay option_61 add [mac_address <macaddr> | string <desc_long 255>] [relay
<ipaddr> | drop]
Parameters
mac_address - Specifies the client’s client-ID, which is the hardware address of the client.
377
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<macaddr> - Enter the client’s client-ID, which is the MAC address of the client.
string - Specifies the client’s client-ID, which is specified by administrator.
<desc_long 255> - Enter the client’s client-ID, which is specified by administrator The client-
ID string can be up to 255 characters long.
relay - Specifies to relay the packet to an IP address.
<ipaddr> - Enter to relay the packet to an IP address by entering the IP address here.
drop - Specifies to drop the packet.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure DHCP Option 61 to decide how to process DHCP packets:
DGS-3620-28PC:admin#config dhcp_relay option_61 add mac_address 00-11-22-33-44-
55 drop
Command: config dhcp_relay option_61 add mac_address 00-11-22-33-44-55 drop
Success.
DGS-3620-28PC:admin#
22-9 config dhcp_relay option_61 default
Description
This command is used to determine the rule to process those packets that have no Option 61 matching rules. The default default-rule is drop.
Format config dhcp_relay option_61 default [relay <ipaddr> | drop]
Parameters
relay - Specifies to relay the packet that has no option matching 61 matching rules to an IP address.
<ipaddr> - Enter the IP address here.
drop - Specifies to drop the packet that have no Option 61 matching rules.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the DHCP Option 61 default action to drop:
378
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#config dhcp_relay option_61 default drop
Command: config dhcp_relay option_61 default drop
Success.
DGS-3620-28PC:admin#
22-10 config dhcp_relay option_61 delete
Description
This command is used to delete Option 61 rules.
Format config dhcp_relay option_61 delete [mac_address <macaddr> | string <desc_long 255> | all]
Parameters
mac_address - The entry with the specified MAC address will be deleted
<macaddr> - Enter the MAC address here.
string - The entry with the specified string will be deleted.
<desc_long 255> - The string value can be up to 255 characters long.
all - All rules excluding the default rule will be deleted.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete a DHCP Option 61 entry:
DGS-3620-28PC:admin#config dhcp_relay option_61 delete mac_address 00-11-22-33-
44-55
Command: config dhcp_relay option_61 delete mac_address 00-11-22-33-44-55
Success.
DGS-3620-28PC:admin#
22-11 config dhcp_relay option_61 state
Description
This command is used to decide whether DHCP relay will process the DHCP Option 61 or not.
When Option 61 is enabled, if the packet does not have Option 61, then the relay servers cannot be determined based on Option 61. If the relay servers are determined based on Option 60 or
Option 61, then per IPIF configured servers will be ignored. If the relay servers are not determined either by Option 60 or Option 61, then per IPIF configured servers will be used to determine the relay servers.
379
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config dhcp_relay option_61 state [enable | disable]
Parameters
enable - Specifies to enable the DHCP relay function to use option 61 rules to relay DHCP packets.
disable - Specifies to disable the DHCP relay function to use option 61 rules to relay DHCP packets.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the state of DHCP relay Option 61:
DGS-3620-28PC:admin#config dhcp_relay option_61 state enable
Command: config dhcp_relay option_61 state enable
Success.
DGS-3620-28PC:admin#
22-12 config dhcp_relay option_82 check
Description
This command is used to configure the checking mechanism of the DHCP relay agent information
Option 82 of the switch.
Format config dhcp_relay option_82 check [enable | disable]
Parameters
enable - When the state is enabled, for a packet coming from the client side, the packet should not have the Option 82 field. If the packet has this option field, it will be dropped.
disable - The default setting is disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the checking mechanism of the DHCP relay agent information Option 82:
DGS-3620-28PC:admin#config dhcp_relay option_82 check disable
Command: config dhcp_relay option_82 check disable
380
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Success.
DGS-3620-28PC:admin#
22-13 config dhcp_relay option_82 circuit_id
Description
This command is used to configure the DHCP relay option 82 circuit ID.
Format config dhcp_relay option_82 circuit_id [default | user_define <string 32> | vendor6]
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
default - Specifies that the original format of the circuit ID will be used. The original format is as follows: a.
1 b.
0x6 c.
0 d.
4 e.
VLAN f.
Module ID g.
Port ID
1 byte 1 byte 1 byte 1 byte a. Sub-option type (1 means circuit ID) b. Length, it should be 6.
2 bytes 1 byte 1 byte c. Circuit ID’s sub-option, it should be 0. d. Sub-option’s length, it should be 4 e. VLAN ID (S-VID) f. Module ID, for standalone switch, it is 0; for stacking switch, it is the box ID that assigned by stacking. g. Port ID: port number of each box.
user_define – Specifies that a user-defined circuit ID will be used. The format is as follows: a.
2 b. n+2 c.
1 d. n e. user define
1 byte 1 byte 1 byte 1 byte
<desc 32> - Enter the user-defined ID. Space is allowed in the string.
System name
Module
ID
Max. 32 bytes
vendor6 – Specifies to use the vendor 6 specific circuit ID format. The format is as follows: a. b. c. d. e. f. g. h. i.
1 n - / Port ID - CVID
1 byte 1 byte 0-128 bytes
1 byte 1 byte a. Sub-option type (1 means circuit ID) b. Length: Total lengths of all follow fields. c. System name. d. Separator character
1 byte 1-2 bytes
1 byte 1-4 bytes e. Module ID f. Separator character. g. Port ID: port number h. Separator character i. CVID(Client VLAN ID)
381
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure the ciruit ID as vendor 6:
DGS-3620-28PC:admin# config dhcp_relay option_82 circuit_id vendor6
Command: config dhcp_relay option_82 circuit_id vendor6
Success.
DGS-3620-28PC:admin#
22-14 config dhcp_relay option_82 policy
Description
This option takes effect only when the check status is disabled. The relay agent does this operation because the packet cannot contain two Option 82s. The default setting is replace.
Format config dhcp_relay option_82 policy [replace | drop | keep]
Parameters
replace - Replace the existing option 82 field in the packet.
drop - Specifies to discard if the packet has the Option 82 field. If the packet, that comes from the client side, contains an Option 82 value, then the packet will be dropped. If the packet, that comes from the client side doesn’t contain an Option 82 value, then insert it's own Option 82 value into the packet.
keep - Specifies to retain the existing Option 82 field in the packet. The default setting is replace.
If the packet, that comes from the client side, and contains an Option 82 value, then keep the old Option 82 value. If the packet, that comes from the client side, doesn’t contain an Option
82 value, then insert it's own Option 82 value into the packet.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the policy of DHCP relay agent information Option 82:
DGS-3620-28PC:admin# config dhcp_relay option_82 policy replace
Command: config dhcp_relay option_82 policy replace
Success
DGS-3620-28PC:admin#
22-15 config dhcp_relay option_82 remote_id
Description
This command is used to configure the remote ID string of the DHCP relay agent information
Option 82 of the Switch.
382
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config dhcp_relay option_82 remote_id [default | user_define <string 32>]
Parameters
default - Use the switch’s system MAC address as remote ID.
user_define - Use the user-defined string as remote ID. Space characters are allowed in the string.
<string 32> - The user-defined string can be up to 32 characters long.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the remote ID string of the DHCP relay agent information Option 82:
DGS-3620-28PC:admin#config dhcp_relay option_82 remote_id user_define D-Link
Switch
Command: config dhcp_relay option_82 remote_id user_define D-Link Switch
Success.
DGS-3620-28PC:admin#
22-16 config dhcp_relay option_82 state
Description
This command is used to configure the state of the DHCP relay agent information Option 82 of the switch. The default settings is disabled.
Format config dhcp_relay option_82 state [enable | disable]
Parameters
enable - When the state is enabled, the DHCP packet will be inserted with the Option 82 field before being relayed to server. The DHCP packet will be processed based on the behavior defined in the check and policy setting.
disable - When the state is disabled, the DHCP packet will be relayed directly to the server without further check and processing of the packet.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
383
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure the state of the DHCP relay agent information Option 82:
DGS-3620-28PC:admin#config dhcp_relay option_82 state enable
Command: config dhcp_relay option_82 state enable
Success.
DGS-3620-28PC:admin#
22-17 enable dhcp_relay
Description
This command is used to enable the DHCP relay function on the switch.
Format enable dhcp _relay
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable the DHCP relay function:
DGS-3620-28PC:admin#enable dhcp_relay
Command: enable dhcp_relay
Success.
DGS-3620-28PC:admin#
22-18 disable dhcp_relay
Description
This command is used to disable the DHCP relay function on the switch.
Format disable dhcp _relay
Parameters
None.
384
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To disable the DHCP relay function:
DGS-3620-28PC:admin#disable dhcp_relay
Command: disable dhcp_relay
Success.
DGS-3620-28PC:admin#
22-19 show dhcp_relay
Description
This command is used to display the current DHCP relay configuration.
Format show dhcp_relay {ipif <ipif_name 12>}
Parameters
ipif – (Optional) Specify the IP interface name.
<ipif_name 12> - Enter the IP interface name. The IP interface name can be up to 12 characters long.
Note: If no parameter is specified, the system will display all DHCP relay configurations.
Restrictions
None.
Example
To display the DHCP relay status:
DGS-3620-28PC:admin#show dhcp_relay
Command: show dhcp_relay
DHCP/BOOTP Relay Status : Disabled
DHCP/BOOTP Hops Count Limit : 4
DHCP/BOOTP Relay Time Threshold : 0
DHCP Vendor Class Identifier Option 60 State: Disabled
DHCP Client Identifier Option 61 State: Disabled
DHCP Relay Agent Information Option 82 State : Disabled
385
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DHCP Relay Agent Information Option 82 Check : Disabled
DHCP Relay Agent Information Option 82 Policy : Replace
DHCP Relay Agent Information Option 82 Remote ID : D-Link Switch
DHCP Relay Agent Information Option 82 Circuit ID : default
Interface Server 1 Server 2 Server 3 Server 4
------------- --------------- ---------------- --------------- --------------
System 10.1.1.1 192.168.0.1
DGS-3620-28PC:admin#
22-20 show dhcp_relay option_60
Description
This command is used to display the DHCP relay option 60 entries.
Format show dhcp_relay option_60 {[string <multiword 255> | ipaddress <ipaddr> | default]}
Parameters
string - (Optional) Display the entry whose string equals the string specified.
<multiword 255> - The string can be up to 255 characters long.
ipaddress - (Optional) Display the entry whose IP ipaddress equals the specified IP address.
<ipaddr> - Enter the IP address here.
default - (Optional) Display the default behaviour of DHCP relay option 60.
Note: If no parameter is specified, all DHCP option 60 entries will be displayed.
Restrictions
None.
Example
To display the DHCP option 60 entries:
DGS-3620-28PC:admin#show dhcp_relay option_60
Command: show dhcp_relay option_60
Default Processing Mode: Drop
Default Servers:
10.90.90.100
10.90.90.101
10.90.90.102
Matching Rules:
386
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
String Match Type IP Address
------- --------- --------- abc Exact Match 10.90.90.1 abcde Partial Match 10.90.90.2 abcdefg Exact Match 10.90.90.3
Total Entries: 3
DGS-3620-28PC:admin#
22-21 show dhcp_relay option_61
Description
This command is used to display all the DHCP relay option 61 rules.
Format show dhcp_relay option_61
Parameters
None.
Restrictions
None.
Example
To display the DHCP option 61 entries:
DGS-3620-28PC:admin#show dhcp_relay option_61
Command: show dhcp_relay option_61
Default Relay Rule:Drop
Matching Rules:
Client-ID Type Relay Rule
----------- ---- --------- abc String Drop abcde String 10.90.90.1
00-11-22-33-44-55 MAC Address Drop
Total Entries: 3
DGS-3620-28PC:admin#
387
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
22-22 config dhcp_relay ports
Description
This command is used to configure the state of the DHCP relay function for each port.
Format config dhcp_relay ports [<portlist> | all] state [enable | disable]
Parameters
<portlist> - Enter the list of ports, used for this configuration, here.
all - Specifies that all the ports will be used for this configuration.
state - Specifies the state of the DHCP relay function for each port.
enable - Specifies that the DHCP relay function, for the specified port(s), will be enabled.
disable - Specifies that the DHCP relay function, for the specified port(s), will be disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable the DHCP relay function on ports 1 to 3:
DGS-3620-28PC:admin#config dhcp_relay ports 1:1-1:3 state enable
Command: config dhcp_relay ports 1:1-1:3 state enable
Success.
DGS-3620-28PC:admin#
22-23 show dhcp_relay ports
Description
This command is used to show the DHCP relay port configuration.
Format show dhcp_relay ports {<portlist>}
Parameters
<portlist> - (Optional) Enter the list of ports, used for this display, here.
If no parameter is specified, information for all ports will be displayed.
Restrictions
None.
388
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To display the DHCP relay state of ports 1 to 10:
DGS-3620-28PC:admin#show dhcp_relay ports 1:1-1:10
Command: show dhcp_relay ports 1:1-1:10
Port DHCP Relay State
---- ----------------
1:1 Enabled
1:2 Enabled
1:3 Enabled
1:4 Enabled
1:5 Enabled
1:6 Enabled
1:7 Enabled
1:8 Enabled
1:9 Enabled
1:10 Enabled
Total Entries : 10
DGS-3620-28PC:admin#
389
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 23 DHCP Server
Commands
create dhcp excluded_address begin_address <ipaddr> end_address <ipaddr>
delete dhcp excluded_address [begin_address <ipaddr> end_address <ipaddr> | all]
show dhcp excluded_address
create dhcp pool <pool_name 12>
delete dhcp pool [<pool_name 12> | all]
config dhcp pool network_addr <pool_name 12> <network_address>
config dhcp pool domain_name <pool_name 12> {<domain_name 64>}
config dhcp pool dns_server <pool_name 12> {<ipaddr> {<ipaddr> {<ipaddr>}}}
config dhcp pool netbios_name_server <pool_name 12> {<ipaddr> {<ipaddr> {<ipaddr>}}}
config dhcp pool netbios_node_type <pool_name 12> [broadcast | peer_to_peer | mixed | hybrid]
config dhcp pool default_router <pool_name 12> {<ipaddr> {<ipaddr> {<ipaddr>}}}
config dhcp pool lease <pool_name 12> [<day 0-365> <hour 0-23> <minute 0-59> | infinite]
config dhcp pool boot_file <pool_name 12> {<file_name 64>}
config dhcp pool next_server <pool_name 12> {<ipaddr>}
config dhcp ping_packets <number 0-10>
config dhcp ping_timeout <millisecond 10-2000>
create dhcp pool manual_binding <pool_name 12> <ipaddr> hardware_address <macaddr>
{type [ethernet | ieee802]}
delete dhcp pool manual_binding <pool_name 12> [<ipaddr> | all]
clear dhcp binding [<pool_name 12> [<ipaddr> | all] | all]
show dhcp binding {<pool_name 12>}
show dhcp pool {<pool_name 12>}
show dhcp pool manual_binding {<pool_name 12>}
enable dhcp_server disable dhcp_server show dhcp_server
clear dhcp conflict_ip [<ipaddr> | all]
show dhcp conflict_ip {<ipaddr>}
create dhcp option_profile <profile_name 12>
config dhcp option_profile <profile_name 12> [add option <value 1-254> [string <multiword
255> | hex <string 254>] | delete option <value 1-254>]
delete dhcp option_profile <profile_name 12>
show dhcp option_profile {<profile_name 12>}
config dhcp pool option_profile <pool_name 12> [add | delete] <profile_name 12>
23-1 create dhcp excluded_address
Description
This command is used to create a DHCP server exclude address. The DHCP server assumes that all IP addresses in a DHCP pool subnet are available for assigning to DHCP clients. Use this command to specify the IP address that the DHCP server should not assign to clients. This command can be used multiple times in order to define multiple groups of excluded addresses.
Format create dhcp excluded_address begin_address <ipaddr> end_address <ipaddr>
390
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
begin_address - Specifies the starting address of the IP address range.
<ipaddr> - Enter the starting address of the IP address range.
end_address - Specifies the ending address of the IP address range.
<ipaddr> - Enter the ending address of the IP address range.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To specify the IP address that DHCP server should not assign to clients:
DGS-3620-28PC:admin#create dhcp excluded_address begin_address 10.10.10.1 end_address 10.10.10.10
Command: create dhcp excluded_address begin_address 10.10.10.1 end_address
10.10.10.10
Success.
DGS-3620-28PC:admin#
23-2 delete dhcp excluded_address
Description
This command is used to delete a DHCP server exclude address.
Format delete dhcp excluded_address [begin_address <ipaddr> end_address <ipaddr> | all]
Parameters
begin_address - Specifies the starting address of the IP address range.
<ipaddr> - Enter the starting address of the IP address range.
end_address - Specifies the ending address of the IP address range.
<ipaddr> - Enter the ending address of the IP address range.
all - Specifies to delete all IP addresses.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete a DHCP server exclude address:
DGS-3620-28PC:admin#delete dhcp excluded_address begin_address 10.10.10.1 end_address 10.10.10.10
391
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Command: delete dhcp excluded_address begin_address 10.10.10.1 end_address
10.10.10.10
Success.
DGS-3620-28PC:admin#
23-3 show dhcp excluded_address
Description
This command is used to display the groups of IP addresses which are excluded from being a legal assigned IP address.
Format show dhcp excluded_address
Parameters
None.
Restrictions
None.
Example
To display the DHCP server excluded addresses:
DGS-3620-28PC:admin#show dhcp excluded_address
Command: show dhcp excluded_address
Index Begin Address End Address
----- ------------- --------------
1 192.168.0.1 192.168.0.100
2 10.10.10.10 10.10.10.11
Total Entries : 2
DGS-3620-28PC:admin#
23-4 create dhcp pool
Description
This command is used to create a DHCP pool by specifying a name. After creating a DHCP pool, use other DHCP pool configuration commands to configure parameters for the pool.
Format create dhcp pool <pool_name 12>
392
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<pool_name 12> - Enter the name of the DHCP pool.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To create a DHCP pool:
DGS-3620-28PC:admin#create dhcp pool nyknicks
Command: create dhcp pool nyknicks
Success.
DGS-3620-28PC:admin#
23-5 delete dhcp pool
Description
This command is used to delete a DHCP pool.
Format delete dhcp pool [<pool_name 12> | all]
Parameters
<pool_name 12> - Enter the name of the DHCP pool.
all - Specifies to delete all the DHCP pools.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete a DHCP pool:
DGS-3620-28PC:admin#delete dhcp pool nyknicks
Command: delete dhcp pool nyknicks
Success.
DGS-3620-28PC:admin#
393
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
23-6 config dhcp pool network_addr
Description
This command is used to specify the network for the DHCP pool. The addresses in the network are free to be assigned to the DHCP client. The prefix length specifies the number of bits that comprise the address prefix. The prefix is an alternative way of specifying the network mask of the client. The prefix length must be preceded by a forward slash (/). When the DHCP server receives a request from the client, the server will automatically find a pool to allocate the address. If the request is relayed to the server by the intermediate device, the server will match the gateway IP address carried in the packet against the network of each DHCP pool. The pool which has the longest match will be selected. If the request packet is not through relay, then the server will match the IP address of the IPIF that received the request packet against the network of each DHCP pool.
Format config dhcp pool network_addr <pool_name 12> <network_address>
Parameters
<pool_name 12> - Enter the DHCP pool name.
<network_address> - Enter the IP address that the DHCP server may assign to clients.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the address range of the DHCP address pool:
DGS-3620-28PC:admin#config dhcp pool network_addr nyknicks 10.10.10.0/24
Command: config dhcp pool network_addr nyknicks 10.10.10.0/24
Success.
DGS-3620-28PC:admin#
23-7 config dhcp pool domain_name
Description
This command is used to specify the domain name for the client if the server allocates the address for the client from this pool. The domain name configured here will be used as the default domain name by the client. By default, the domain name is empty. If the domain name is empty, the domain name information will not be provided to the client.
Format config dhcp pool domain_name <pool_name 12> {<domain_name 64>}
394
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<pool_name 12> - Enter the DHCP pool name.
<domain_name 64> - (Optional) Specifies the domain name of the client.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the domain name option of the DHCP pool:
DGS-3620-28PC:admin#config dhcp pool domain_name nyknicks nba.com
Command: config dhcp pool domain_name nyknicks nba.com
Success.
DGS-3620-28PC:admin#
23-8 config dhcp pool dns_server
Description
This command is used to specify the IP address of a DNS server that is available to a DHCP client.
Up to three IP addresses can be specified on one command line. If DNS server is not specified, the DNS server information will not be provided to the client. If this command is input twice for the same pool, the second command will overwrite the first command.
Format config dhcp pool dns_server <pool_name 12> {<ipaddr> {<ipaddr> {<ipaddr>}}}
Parameters
<pool_name 12> - Enter the DHCP pool name.
<ipaddr> - (Optional) Specifies the IP address of the DNS server. Up to three IP addresses can be specified on one command line.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the DNS server’s IP address:
DGS-3620-28PC:admin#config dhcp pool dns_server nyknicks 10.10.10.1
Command: config dhcp pool dns_server nyknicks 10.10.10.1
Success.
DGS-3620-28PC:admin#
395
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
23-9 config dhcp pool netbios_name_server
Description
This command is used to specify the NetBIOS WINS server that is available to a Microsoft DHCP client. Up to three IP addresses can be specified on one command line.
Windows Internet Naming Service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a general grouping of networks. If a
NetBIOS name server is not specified, the NetBIOS name server information will not be provided to the client. If this command is input twice for the same pool, the second command will overwrite the first command.
Format config dhcp pool netbios_name_server <pool_name 12> {<ipaddr> {<ipaddr> {<ipaddr>}}}
Parameters
<pool_name 12> - Enter the DHCP pool name.
<ipaddr> - (Optional) Specifies the IP address of the WINS server. Up to three IP addresses can be specified on one command line.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure a WINS server IP address:
DGS-3620-28PC:admin#config dhcp pool netbios_name_server knicks 10.10.10.1
Command: config dhcp pool netbios_name_server knicks 10.10.10.1
Success.
DGS-3620-28PC:admin#
23-10 config dhcp pool netbios_node_type
Description
This command is used to specify the NetBIOS node type for a Microsoft DHCP client.
The NetBIOS node type for Microsoft DHCP clients can be one of four settings: broadcast, peer-topeer, mixed, or hybrid. Use this command to configure a NetBIOS over TCP/IP device that is described in RFC 1001/1002. By default, the NetBIOS node type is broadcast.
Format config dhcp pool netbios_node_type <pool_name 12> [broadcast | peer_to_peer | mixed | hybrid]
396
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<pool_name 12> - Enter the DHCP pool name.
broadcast - Specifies the NetBIOS node type for Microsoft DHCP clients as broadcast.
peer_to_peer - Specifies the NetBIOS node type for Microsoft DHCP clients as peer_to_peer.
mixed - Specifies the NetBIOS node type for Microsoft DHCP clients as mixed.
hybrid - Specifies the NetBIOS node type for Microsoft DHCP clients as hybrid.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the NetBIOS node type:
DGS-3620-28PC:admin#config dhcp pool netbios_node_type knicks hybrid
Command: config dhcp pool netbios_node_type knicks hybrid
Success.
DGS-3620-28PC:admin#
23-11 config dhcp pool default_router
Description
This command is used to specify the IP address of the default router for a DHCP client. Up to three
IP addresses can be specified on one command line.
After a DHCP client has booted, the client begins sending packets to its default router. The IP address of the default router should be on the same subnet as the client. If the default router is not specified, the default router information will not be provided to the client. If this command is input twice for the same pool, the second command will overwrite the first command. The default router must be within the range the network defined for the DHCP pool.
Format config dhcp pool default_router <pool_name 12> {<ipaddr> {<ipaddr> {<ipaddr>}}}
Parameters
<pool_name 12> - Enter the DHCP pool name.
<ipaddr> - (Optional) Specifies the IP address of the default router. Up to three IP addresses can be specified on one command line.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the default router:
397
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#config dhcp pool default_router nyknicks 10.10.10.1
Command: config dhcp pool default_router nyknicks 10.10.10.1
Success.
DGS-3620-28PC:admin#
23-12 config dhcp pool lease
Description
This command is used to specify the duration of the DHCP pool lease.
By default, each IP address assigned by a DHCP server comes with a one-day lease, which is the amount of time that the address is valid.
Format config dhcp pool lease <pool_name 12> [<day 0-365> <hour 0-23> <minute 0-59> | infinite]
Parameters
<pool_name 12> - Enter the DHCP pool’s name.
<day 0-365> - Enter the number of days of the lease.
<hour 0-23> - Enter the number of hours of the lease.
<minute 0-59> - Enter the number of minutes of the lease.
infinite - Specifies a lease of unlimited duration.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the lease of a pool:
DGS-3620-28PC:admin#config dhcp pool lease nyknicks infinite
Command: config dhcp pool lease nyknicks infinite
Success.
DGS-3620-28PC:admin#
23-13 config dhcp pool boot_file
Description
This command is used to specify the name of the file that is used as a boot image.
The boot file is used to store the boot image for the client. The boot image is generally the operating system the client uses to load. If this command is input twice for the same pool, the second command will overwrite the first command. If the bootfile is not specified, the boot file information will not be provided to the client.
398
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config dhcp pool boot_file <pool_name 12> {<file_name 64>}
Parameters
<pool_name 12> - Enter the DHCP pool name.
<file_name 64> - (Optional) Specifies the file name of the boot image.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the boot file:
DGS-3620-28PC:admin#config dhcp pool boot_file engineering boot.had
Command: config dhcp pool boot_file engineering boot.had
Success.
DGS-3620-28PC:admin#
23-14 config dhcp pool next_server
Description
This command is used by the DHCP client boot process, typically a TFTP server. If next server information is not specified, it will not be provided to the client. If this command is input twice for the same pool, the second command will overwrite the first command.
Format config dhcp pool next_server <pool_name 12> {<ipaddr>}
Parameters
<pool_name 12> - Enter the DHCP pool name.
<ipaddr> - (Optional) Specifies the IP address of the next server.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the next server:
DGS-3620-28PC:admin#config dhcp pool next_server engineering 192.168.0.1
Command: config dhcp pool next_server engineering 192.168.0.1
Success.
399
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#
23-15 config dhcp ping_packets
Description
This command is used to specify the number of ping packets the DHCP server sends to an IP address before assigning this address to a requesting client.
By default, the DHCP server pings a pool address twice before assigning the address to a DHCP client. If the ping is unanswered, the DHCP server assumes (with a high probability) that the address is not in use and assigns the address to the requesting client. If the ping is answered, the server will discard the current IP address and try another IP address.
Format config dhcp ping_packets <number 0-10>
Parameters
<number 0-10> - Enter the number of ping packets. 0 means there is no ping test. The default value is 2.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure ping packets:
DGS-3620-28PC:admin#config dhcp ping_packets 4
Command: config dhcp ping_packets 4
Success.
DGS-3620-28PC:admin#
23-16 config dhcp ping_timeout
Description
This command is used to specify the amount of time the DHCP server must wait before timing out a ping packet.
By default, the DHCP server waits 100 milliseconds before timing out a ping packet.
Format config dhcp ping_timeout <millisecond 10-2000>
400
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<millisecond 10-2000> - Enter the amount of time the DHCP server must wait before timing out a ping packet. The default value is 100.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the time out value for ping packets:
DGS-3620-28PC:admin#config dhcp ping_timeout 500
Command: config dhcp ping_timeout 500
Success.
DGS-3620-28PC:admin#
23-17 create dhcp pool manual_binding
Description
This command is used to specify the distinct identification of the client in dotted-hexadecimal notation or hardware address.
An address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by a DHCP server.
The IP address specified in the manual binding entry must be in a range within that the network uses for the DHCP pool. If the user specifies a conflict IP address, an error message will be returned. If a number of manual binding entries are created, and the network address for the pool is changed such that conflicts are generated, those manual binding entries which conflict with the new network address will be automatically deleted.
Format create dhcp pool manual_binding <pool_name 12> <ipaddr> hardware_address <macaddr>
{type [ethernet | ieee802]}
Parameters
<pool_name 12> - Enter the DHCP pool name.
<ipaddr> - Enter the IP address which will be assigned to a specified client.
hardware_address - Specifies the hardware MAC address.
<macaddr> - Enter the MAC address here.
type - (Optional) Specifies the DHCP pool manual binding type.
ethernet - Specifies Ethernet type.
ieee802 -Specify IEEE802 type.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
401
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure manual bindings:
DGS-3620-28PC:admin#create dhcp pool manual_binding engineering 10.10.10.1 hardware_address 00-80-C8-02-02-02 type ethernet
Command: create dhcp pool manual_binding engineering 10.10.10.1 hardware_address 00-80-C8-02-02-02 type ethernet
Success.
DGS-3620-28PC:admin#
23-18 delete dhcp pool manual_binding
Description
This command is used to delete DHCP server manual binding.
Format delete dhcp pool manual_binding <pool_name 12> [<ipaddr> | all]
Parameters
<pool_name 12> - Enter the DHCP pool name.
<ipaddr> - Enter the IP address which will be assigned to a specified client.
all - Specifies to delete all IP addresses.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete DHCP server manual binding:
DGS-3620-28PC:admin#delete dhcp pool manual_binding engineering 10.10.10.1
Command: delete dhcp pool manual_binding engineering 10.10.10.1
Success.
DGS-3620-28PC:admin#
23-19 clear dhcp binding
Description
This command is used to clear a binding entry or all binding entries in a pool or clears all binding entries in all pools. Note that this command will not clear the dynamic binding entry which matches a manual binding entry.
402
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format clear dhcp binding [<pool_name 12> [<ipaddr> | all] | all]
Parameters
<pool_name 12> - Enter the DHCP pool name to clear.
<ipaddr> - Enter the IP address to clear.
all - Specifies to clear all IP addresses for the specified pool.
all - Specifies to clear all binding entries in all pools
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To clear dynamic binding entries in the pool named “engineering”:
DGS-3620-28PC:admin#clear dhcp binding engineering 10.20.3.4
Command: clear dhcp binding engineering 10.20.3.4
Success.
DGS-3620-28PC:admin#
23-20 show dhcp binding
Description
This command is used to display dynamic binding entries.
Format show dhcp binding {<pool_name 12>}
Parameters
<pool_name 12> - (Optional) Specifies a DHCP pool name.
Restrictions
None.
Example
To display dynamic binding entries for “engineering”:
DGS-3620-28PC:admin#show dhcp binding engineering
Command: show dhcp binding engineering
Pool Name IP Addresss Hardware Address Type Status Lifetime
------------ -------------- ------------------ -------- ------- ---------
403
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
engineering 192.168.0.1 00-80-C8-08-13-88 Ethernet Manual 86400 engineering 192.168.0.2 00-80-C8-08-13-99 Ethernet Automatic 86400 engineering 192.168.0.3 00-80-C8-08-13-A0 Ethernet Automatic 86400 engineering 192.168.0.4 00-80-C8-08-13-B0 Ethernet Automatic 86400
Total Entries: 4
DGS-3620-28PC:admin#
23-21 show dhcp pool
Description
This command is used to display the information for DHCP pool. If pool name is not specified, information for all pools will be displayed.
Format show dhcp pool {<pool_name 12>}
Parameters
<pool_name 12> - (Optional) Specifies the DHCP pool name.
Restrictions
None.
Example
To display the current DHCP pool information for “engineering”:
DGS-3620-28PC:admin#show dhcp pool engineering
Command: show dhcp pool engineering
Pool Name : engineering
Network Address : 10.10.10.0/24
Domain Name : dlink.com
DNS Server : 10.10.10.1
NetBIOS Name Server : 10.10.10.1
NetBIOS Node Type : Broadcast
Default Router : 10.10.10.1
Pool Lease : 10 Days, 0 Hours, 0 Minutes
Boot File : boot.bin
Next Server : 10.10.10.2
Option Profile : profile1
DGS-3620-28PC:admin#
404
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
23-22 show dhcp pool manual_binding
Description
This command is used to display the configured manual binding entries.
Format show dhcp pool manual_binding {<pool_name 12>}
Parameters
<pool_name 12> - (Optional) Specifies the DHCP pool name.
Restrictions
None.
Example
To display the configured manual binding entries:
DGS-3620-28PC:admin#show dhcp pool manual_binding
Command: show dhcp pool manual_binding
Pool Name IP Address Hardware Address Type
------------ ------------- ------------------ -------- p1 192.168.0.1 00-80-C8-08-13-88 Ethernet p1 192.168.0.2 00-80-C8-08-13-99 Ethernet
Total Entries : 2
DGS-3620-28PC:admin#
23-23 enable dhcp_server
Description
This command is used to enable the DHCP server function.
If DHCP relay is enabled, DHCP server cannot be enabled. The opposite is also true. For Layer 2 switches, if DHCP client is enabled on the only interface, then DHCP server cannot be enabled.
For layer 3 switches, when the System interface is the only interface then can DHCP client be enabled. If the DHCP client is enabled, then the DHCP server cannot be enabled.
Format enable dhcp_server
Parameters
None.
405
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable DHCP server:
DGS-3620-28PC:admin#enable dhcp_server
Command: enable dhcp_server
Success.
DGS-3620-28PC:admin#
23-24 disable dhcp_server
Description
This command is used to disable the DHCP server function on the switch.
Format disable dhcp_server
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To disable the Switch’s DHCP server:
DGS-3620-28PC:admin#disable dhcp_server
Command: disable dhcp_server
Success.
DGS-3620-28PC:admin#
23-25 show dhcp_server
Description
This command is used to display the current DHCP server configuration.
Format show dhcp_server
406
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
None.
Restrictions
None.
Example
To display the DHCP server status:
DGS-3620-28PC:admin#show dhcp_server
Command: show dhcp_server
DHCP Server Global State: Disabled
Ping Packet Number : 2
Ping Timeout : 100 ms
DGS-3620-28PC:admin#
23-26 clear dhcp conflict_ip
Description
This command is used to clear an entry or all entries from the conflict IP database.
Format clear dhcp conflict_ip [<ipaddr> | all]
Parameters
<ipaddr> - Enter the IP address to be cleared.
all - Specifies that all IP addresses will be cleared.
Restrictions
None.
Example
To clear an IP address 10.20.3.4 from the conflict database:
DGS-3620-28PC:admin#clear dhcp conflict_ip 10.20.3.4
Command: clear dhcp conflict_ip 10.20.3.4
Success.
DGS-3620-28PC:admin#
407
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
23-27 show dhcp conflict_ip
Description
This command is used to display the IP address that has been identified as being in conflict.
The DHCP server will use ping packet to determine whether an IP address is conflicting with other hosts before binding this IP. The IP address which has been identified in conflict will be moved to the conflict IP database. The system will not attempt to bind the IP address in the conflict IP database unless the user clears it from the conflict IP database.
Format show dhcp conflict_ip {<ipaddr>}
Parameters
<ipaddr> - (Optional) Specifies the IP address to be displayed.
Restrictions
None.
Example
To display the entries in the DHCP conflict IP database:
DGS-3620-28PC:admin#show dhcp conflict_ip
Command: show dhcp conflict_ip
IP Address Detection Method Detection Time
----------- ---------------- --------------------
172.16.1.32 Ping 2007/08/30 17:06:59
172.16.1.32 Gratuitous ARP 2007/09/10 19:38:01
DGS-3620-28PC:admin#
23-28 create dhcp option_profile
Description
This command is used to create a DHCP option profile.
Format create dhcp option_profile <profile_name 12>
Parameters
<profile_name 12> - Enter the DHCP option profile name here. This name can be up to 12 characters long.
408
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To create a DHCP option profile:
DGS-3620-28PC:admin#create dhcp option_profile profile1
Command: create dhcp option_profile profile1
Success.
DGS-3620-28PC:admin#
23-29 config dhcp option_profile
Description
This command is used to configure an option to and from a DHCP server option profile.
Format config dhcp option_profile <profile_name 12> [add option <value 1-254> [string <multiword
255> | hex <string 254>] | delete option <value 1-254>]
Parameters
<profile_name 12> - Enter the DHCP server option profile name here. This name can be up to
12 characters long.
add - Specifies to add an option to the DHCP server option profile.
option - Specifies the option value used.
<value 1-254> - Enter the option value used here. This must be between 1 and 254.
string - Specifies the character string associated with the option.
<multiword 255> - Enter the option association string here. This can be up to 255 characters long.
hex - Specifies the hexadecimal value of the option string.
<string 254> - Enter the hexadecimal value of the option string here. This can be up to 254 hexadecimal characters long.
delete - Specifies to delete an option from the DHCP server option profile.
option - Specifies the option value used.
<value 1-254> - Enter the option value used here. This must be between 1 and 254.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To add option 69 using HEX format:
DGS-3620-28PC:admin#config dhcp option_profile profile1 add option 69 hex c0a800fe
Command: config dhcp option_profile profile1 add option 69 hex c0a800fe
409
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Success.
DGS-3620-28PC:admin#
To add option 72 using string format:
DGS-3620-28PC:admin#config dhcp option_profile profile1 add option 72 string
"192.168.0.254"
Command: config dhcp option_profile profile1 add option 72 string
"192.168.0.254"
Success.
DGS-3620-28PC:admin#
To delete DHCP option profile option 69:
DGS-3620-28PC:admin#config dhcp option_profile profile1 delete option 69
Command: config dhcp option_profile profile1 delete option 69
Success.
DGS-3620-28PC:admin#
23-30 delete dhcp option_profile
Description
This command is used to delete a DHCP option profile.
Format delete dhcp option_profile <profile_name 12>
Parameters
<profile_name 12> - Enter the DHCP server option profile name here. This name can be up to
12 characters long.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete a DHCP option profile.
DGS-3620-28PC:admin#delete dhcp option_profile profile1
Command: delete dhcp option_profile profile1
Success.
DGS-3620-28PC:admin#
410
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
23-31 show dhcp option_profile
Description
This command is used to display the current DHCP option profile configuration.
Format show dhcp option_profile {<profile_name 12>}
Parameters
<profile_name 12> - (Optional) Enter the DHCP server option profile name here. This name can be up to 12 characters long.
If no parameter is specified, the system will display all DHCP option profile configurations.
Restrictions
None.
Example
To display the current DHCP option profile configuration.
DGS-3620-28PC:admin#show dhcp option_profile
Command: show dhcp option_profile
DHCP Option Profile Name : profile1
Option Type Value
------ ------ ------------------------------------------------------------
69 hex c0a800fe
72 string 192.168.0.254
Total Entries: 1
DGS-3620-28PC:admin#
23-32 config dhcp pool option_profile
Description
This command is used to apply an option profile to a specific DHCP pool.
Format config dhcp pool option_profile <pool_name 12> [add | delete] <profile_name 12>
Parameters
<pool_name 12> - Enter the DHCP pool name here. This name can be up to 12 characters long.
add - Specifies to add an option profile to a DHCP pool, configured on this switch.
411
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
delete - Specifies to delete an option profile from a DHCP pool, configured on this switch.
<profile_name 12> - Enter the DHCP server option profile name here. This name can be up to
12 characters long.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To add an option profile for DHCP profile1 in pool1:
DGS-3620-28PC:admin#config dhcp pool option_profile pool1 add profile1
Command: config dhcp pool option_profile pool1 add profile1
Success.
DGS-3620-28PC:admin#
To delete an option profile from a DHCP pool:
DGS-3620-28PC:admin#config dhcp pool option_profile pool1 delete profile1
Command: config dhcp pool option_profile pool1 delete profile1
Success.
DGS-3620-28PC:admin#
412
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 24 DHCP Server
Screening Commands
config filter dhcp_server [add permit server_ip <ipaddr> {client_mac <macaddr>} ports
[<portlist> | all] | delete permit server_ip <ipaddr> {client_mac <macaddr>} ports [<portlist> | all] | ports [<portlist> | all] state [enable | disable] | illegal_server_log_suppress_duration [1min
| 5min | 30min]]
config filter dhcp_server log [enable | disable]
config filter dhcp_server trap [enable | disable]
show filter dhcp_server
create filter dhcpv6_server permit sip <ipv6addr> ports [<portlist> | all]
config filter dhcpv6_server log [enable | disable]
config filter dhcpv6_server ports [<portlist> | all] state [enable | disable]
config filter dhcpv6_server trap [enable | disable]
show filter dhcpv6_server
delete filter dhcpv6_server permit sip <ipv6addr>
create filter icmpv6_ra_all_node permit sip <ipv6addr> ports [<portlist> | all]
config filter icmpv6_ra_all_node log [enable | disable]
config filter icmpv6_ra_all_node ports [<portlist> | all] state [enable | disable]
config filter icmpv6_ra_all_node trap [enable | disable]
show filter icmpv6_ra_all_node
delete filter icmpv6_ra_all_node permit sip <ipv6addr>
24-1 config filter dhcp_server
Description
This command has two purposes: to specify to filter all DHCP server packets on the specific port and to specify to allow some DHCP server packets with pre-defined server IP addresses and client
MAC addresses. With this function, we can restrict the DHCP server to service specific DHCP clients. This is useful when two DHCP servers are present on the network; one of them can provide the private IP address and the other can provide the public IP address.
Enabling filter DHCP server port state will create one access profile and create one access rule per port (UDP port = 67). Filter commands in this file will share the same access profile. Addition of a permit DHCP entry will create one access profile and create one access rule. Filter commands in this file will share the same access profile.
Format config filter dhcp_server [add permit server_ip <ipaddr> {client_mac <macaddr>} ports
[<portlist> | all] | delete permit server_ip <ipaddr> {client_mac <macaddr>} ports [<portlist>
| all] | ports [<portlist> | all] state [enable | disable] | illegal_server_log_suppress_duration
[1min | 5min | 30min]]
Parameters
add permit server_ip - Specifies the IP address of the DHCP server to be permitted.
<ipaddr> - Enter the IP address.
client_mac - (Optional) Specifies the MAC address of the DHCP client.
413
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
<macaddr> - Enter the MAC address.
ports - Specifies the ports.
<portlist> - Enter the range of ports to be configured.
all - Specifies to configure all ports.
delete permit server_ip - Specifies the delete permit server IP address.
<ipaddr> - Enter the IP address.
client_mac - (Optional) Specifies the MAC address of the DHCP client.
<macaddr> - Enter the MAC address.
ports - Specifies the ports.
<portlist> - Enter the range of ports to be configured.
all - Specifies to configure all ports.
ports - Specifies the ports.
<portlist> - Enter the range of ports to be configured.
all - Specifies to configure all ports.
state - Specifies the port status.
enable - Enable the state.
disable - Disable the state.
illegal_server_log_suppress_duration - Specifies the illegal server log suppression duration.
1min - Specifies an illegal server log suppression duration of 1 minute.
5min - Specifies an illegal server log suppression duration of 5 minutes.
30min - Specifies an illegal server log suppression duration of 30 minutes.
Example
To add an entry from the DHCP server/client filter list in the switch’s database:
DGS-3620-28PC:admin#config filter dhcp_server add permit server_ip 10.1.1.1 client_mac 00-00-00-00-00-01 port 1-26
Command: config filter dhcp_server add permit server_ip 10.1.1.1 client_mac 00-
00-00-00-00-01 port 1-26
Success.
DGS-3620-28PC:admin#
To configure the filter DHCP server state:
DGS-3620-28PC:admin#config filter dhcp_server ports 1-10 state enable
Command: config filter dhcp_server ports 1-10 state enable
Success.
DGS-3620-28PC:admin#
24-2 config filter dhcp_server log
Description
This command is used to enable or disable the log for a DHCP server filter event.
414
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config filter dhcp_server log [enable | disable]
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
enable – Specifies to enable the log for a DHCP server filter event.
disable – Specifies to disable the log for a DHCP server filter event.
Example
To enable the log for a DHCP server filter event:
DGS-3620-28PC:admin#config filter dhcp_server log enable
Command: config filter dhcp_server log enable
Success.
DGS-3620-28PC:admin#
24-3 config filter dhcp_server trap
Description
This command is used to enable or disable the trap for a DHCP server filter event.
Format config filter dhcp_server trap [enable | disable]
Parameters
enable – Specifies to enable the trap for a DHCP server filter event.
disable – Specifies to disable the trap for a DHCP server filter event.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable the trap for a DHCP server filter event:
DGS-3620-28PC:admin#config filter dhcp_server trap enable
Command: config filter dhcp_server trap enable
Success.
DGS-3620-28PC:admin#
415
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
24-4 show filter dhcp_server
Description
This command is used to display the DHCP server/client filter list created on the switch.
Format show filter dhcp_server
Parameters
None.
Restrictions
None.
Example
To display the DHCP server/client filter list created on the switch:
DGS-3620-28PC:admin#show filter dhcp_server
Command: show filter dhcp_server
Enabled Ports: 1,28
Trap State: Enabled
Log State: Enabled
Illegal Server Log Suppress Duration:1 minutes
Permit DHCP Server/Client Table:
Server IP Address Client MAC Address Port
----------------- ------------------ --------------------
Total Entries: 0
DGS-3620-28PC:admin#
24-5 create filter dhcpv6_server permit sip
Description
This command used to create a permit entry. The specific DHCPv6 server packets, with the source
IPv6 address, will be forwarded on the specified port(s).
Format create filter dhcpv6_server permit sip <ipv6addr> ports [<portlist> | all]
416
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<ipv6addr> - Specifies the source address of the entry which will be created into the Filter
DHCPv6 server forward list.
ports - Specifies the list of ports used for this configuration.
<portlist> - Enter the list of ports, used for this configuration, here.
all - Specifies that all ports will be used for this configuration.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To create a Filter DHCPv6 server permit entry on port 5:
DGS-3620-28PC:admin#create filter dhcpv6_server permit sip 2200::5 ports 1:5
Command: create filter dhcpv6_server permit sip 2200::5 ports 1:5
Success.
DGS-3620-28PC:admin#
24-6 config filter dhcpv6_server log
Description
This command is used to enable or disable the Filter DHCPv6 server log state.
Format config filter dhcpv6_server log [enable | disable]
Parameters
enable - Specifies that the log for the Filter DHCPv6 server will be enabled. The log for Filter
DHCPv6 server will be generated.
disable - Specifies that the log for the Filter DHCPv6 server will be disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable the Filter DHCPv6 Server log state:
DGS-3620-28PC:admin#config filter dhcpv6_server log enable
Command: config filter dhcpv6_server log enable
Success.
DGS-3620-28PC:admin#
417
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
24-7 config filter dhcpv6_server ports
Description
This command is used to configure the state of filter DHCPv6 server packets on the switch. The filter DHCPv6 server function is used to filter the DHCPv6 server packets on the specific port(s) and receive the trust packets from the specific source. This feature can be protected network usable when a malicious host sends the DHCPv6 server packets.
Format config filter dhcpv6_server ports [<portlist> | all] state [enable | disable]
Parameters
<portlist> - Enter the list of ports, used for this configuration, here.
all - Specifies that all ports will be used for this configuration.
state - Specifies whether the port’s filter DHCPv6 server function is enabled or disabled.
enable - Specifies that the filter option is enabled.
disable - Specifies that the filter option is disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the filter DHCPv6 server state to enabled for ports 1 to 8:
DGS-3620-28PC:admin#config filter dhcpv6_server ports 1:1-1:8 state enable
Command: config filter dhcpv6_server ports 1:1-1:8 state enable
Success.
DGS-3620-28PC:admin#
24-8 config filter dhcpv6_server trap
Description
This command is used to enable or disable the filter DHCPv6 server trap state.
Format config filter dhcpv6_server trap [enable | disable]
Parameters
enable - Specifies that the trap for the filter DHCPv6 server will be enabled. The trap for filter
DHCPv6 server will be sent out.
disable - Specifies that the trap for the filter DHCPv6 server will be disabled.
418
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable the filter DHCPv6 server trap state:
DGS-3620-28PC:admin#config filter dhcpv6_server trap enable
Command: config filter dhcpv6_server trap enable
Success.
DGS-3620-28PC:admin#
24-9 show filter dhcpv6_server
Description
This command is used to display the filter DHCPv6 server information.
Format show filter dhcpv6_server
Parameters
None.
Restrictions
None.
Example
To display filter DHCPv6 server information:
DGS-3620-28PC:admin#show filter dhcpv6_server
Command: show filter dhcpv6_server
Enabled ports:1:1-1:8
Trap State: Enabled
Log State: Enabled
Permit Source Address Table:
Source IP Address Port
--------------------------------------- ---------------
2200::5 1:5
Total Entries:1
DGS-3620-28PC:admin#
419
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
24-10 delete filter dhcpv6_server permit sip
Description
This command is used to delete a filter DHCPv6 server permit entry.
Format delete filter dhcpv6_server permit sip <ipv6addr>
Parameters
<ipv6addr> - Enter the source IPv6 address of the entry here.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete permit entry from the filter DHCPv6 server forward list:
DGS-3620-28PC:admin#delete filter dhcpv6_server permit sip 2200::4
Command: delete filter dhcpv6_server permit sip 2200::4
Success.
DGS-3620-28PC:admin#
24-11 create filter icmpv6_ra_all_node permit sip
Description
This command is used to create a filter ICMPv6 RA All-nodes permit entry.
Format create filter icmpv6_ra_all_node permit sip <ipv6addr> ports [<portlist> | all]
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
<ipv6addr> - Enter the source address of entry which will be created into the Filter ICMPv6 RA
All-nodes forward list here.
state - Specifies whether the port’s filter DHCPv6 server function is enabled or disabled.
enable - Specifies that the filter option is enabled.
disable - Specifies that the filter option is disabled.
420
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To create a filter ICMPv6 RA All-nodes permit entry on port 5:
DGS-3620-28PC:admin#create filter icmpv6_ra_all_node permit sip 2200::5 ports
1:5
Command: create filter icmpv6_ra_all_node permit sip 2200::5 ports 1:5
Success.
DGS-3620-28PC:admin#
24-12 config filter icmpv6_ra_all_node log
Description
This command is used to enable or disable the filter ICMPv6 RA All-nodes log state.
Format config filter icmpv6_ra_all_node log [enable | disable]
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
enable - Specifies that the log for the filter ICMPv6 RA will be enabled. The log for filter ICMPv6
RA all-nodes will be generated.
disable - Specifies that the log for the filter ICMPv6 RA will be disabled.
Example
To enable the filter ICMPv6 RA all-nodes log state:
DGS-3620-28PC:admin#config filter icmpv6_ra_all_node log enable
Command: config filter icmpv6_ra_all_node log enable
Success.
DGS-3620-28PC:admin#
24-13 config filter icmpv6_ra_all_node ports
Description
This command is used to configure the state of the filter ICMPv6 RA all-nodes packets on the switch. The filter ICMPv6 RA all-nodes function is used to filter the ICMPv6 RA all-nodes packets on the specific port(s) and receive the trust packets from the specific source. This feature can be protected network usable when a malicious host sends ICMPv6 RA all-nodes packets.
Note: It only needs to filter the packet of which the destination address is the all-nodes multicast address (FF02::1).
421
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config filter icmpv6_ra_all_node ports [<portlist> | all] state [enable | disable]
Parameters
<portlist> - Enter the list of ports, used for this configuration, here.
all - Specifies that all ports will be used for this configuration.
state - Specifies whether the port’s filter ICMPv6 RA all-nodes packets function is enabled or disabled.
enable - Specifies that the filter ICMPv6 RA all-nodes packets function is be enabled.
disable - Specifies that the filter ICMPv6 RA all-nodes packets function is be disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the filter ICMPv6 RA all-nodes state to enabled for ports 1 to 8:
DGS-3620-28PC:admin#config filter icmpv6_ra_all_node ports 1:1-1:8 state enable
Command: config filter icmpv6_ra_all_node ports 1:1-1:8 state enable
Success.
DGS-3620-28PC:admin#
24-14 config filter icmpv6_ra_all_node trap
Description
This command is used to enable or disable the filter ICMPv6 RA all-nodes trap state. If the
ICMPv6 RA all-nodes server trap state is disabled, no trap will be sent out.
Format config filter icmpv6_ra_all_node trap [enable | disable]
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
enable - Specifies that the trap for the filter ICMPv6 RA all-nodes will be enabled. The trap for filter ICMPv6 RA all-nodes will be sent out.
disable - Specifies that the trap for the filter ICMPv6 RA all-nodes will be disabled.
Example
To enable the filter ICMPv6 RA all-nodes trap state:
422
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#config filter icmpv6_ra_all_node trap enable
Command: config filter icmpv6_ra_all_node trap enable
Success.
DGS-3620-28PC:admin#
24-15 show filter icmpv6_ra_all_node
Description
This command is used to display the filter ICMPv6 RA all-nodes information.
Format show filter icmpv6_ra_all_node
Parameters
None.
Restrictions
None.
Example
To display filter ICMPv6 RA all-nodes information:
DGS-3620-28PC:admin#show filter icmpv6_ra_all_node
Command: show filter icmpv6_ra_all_node
Enabled ports:1:1-1:8
Trap State: Enabled
Log State: Enabled
Permit Source Address Table:
Source IP Address Port
--------------------------------------- ---------------
2200::5 1:5
Total Entries:1
DGS-3620-28PC:admin#
24-16 delete filter icmpv6_ra_all_node permit sip
Description
This command is used to delete a filter ICMPv6 RA all-nodes permit entry.
423
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format delete filter icmpv6_ra_all_node permit sip <ipv6addr>
Parameters
<ipv6addr> - Enter the source IPv6 address of the entry which will be deleted in the filter ICMPv6
RA all-nodes forward list.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete permit entry from the filter ICMPv6 RA all-nodes forward list:
DGS-3620-28PC:admin#delete filter icmpv6_ra_all_node permit sip 2200::4
Command: delete filter icmpv6_ra_all_node permit sip 2200::4
Success.
DGS-3620-28PC:admin#
424
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 25 DHCPv6 Relay
Commands
enable dhcpv6_relay disable dhcpv6_relay
config dhcpv6_relay hop_count <value 1-32>
config dhcpv6_relay [add | delete] ipif <ipif_name 12> <ipv6addr>
config dhcpv6_relay ipif [<ipif_name 12> | all] state [enable | disable]
show dhcpv6_relay {ipif <ipif_name 12>}
config dhcpv6_relay option_37 {state [enable | disable] | check [enable | disable] | remote_id
[default | cid_with_user_define <desc 128>| user_define <desc 128>]}(1)
25-1 enable dhcpv6_relay
Description
This command is used to enable the DHCPv6 relay function on the Switch.
Format enable dhcpv6_relay
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the DHCPv6 relay global state to enable:
DGS-3620-28PC:admin# enable dhcpv6_relay
Command: enable dhcpv6_relay
Success.
DGS-3620-28PC:admin#
25-2 disable dhcpv6_relay
Description
This command is used to disable the DHCPv6 relay function on the Switch.
425
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format disable dhcpv6_relay
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the DHCPv6 relay global state to disable:
DGS-3620-28PC:admin# disable dhcpv6_relay
Command: disable dhcpv6_relay
Success.
DGS-3620-28PC:admin#
25-3 config dhcpv6_relay hop_count
Description
Configure the DHCPv6 relay hop_count of the switch.
Format config dhcpv6_relay hop_count <value 1-32>
Parameters
hop_count - Specifies the number of relay agents that have relayed this message. The default value is 4.
<value 1-32> - Enter the hop count number here. This value must be between 1 and 32.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the maximum hops of a DHCPv6 relay packet could be transferred to 4:
DGS-3620-28PC:admin# config dhcpv6_relay hop_count 4
Command: config dhcpv6_relay hop_count 4
Success.
DGS-3620-28PC:admin#
426
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
25-4 config dhcpv6_relay
Description
The command could add/delete an IPv6 address which is a destination to forward (relay) DHCPv6 packets.
Format config dhcpv6_relay [add | delete] ipif <ipif_name 12> <ipv6addr>
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
add - Add an IPv6 destination to the DHCPv6 relay table.
delete - Delete an IPv6 destination from the DHCPv6 relay table
ipif - The name of the IP interface in which DHCPv6 relay is to be enabled.
<ipif_name 12> - Enter the IP interface name here. This name can be up to 12 characters long.
<ipv6addr> - The DHCPv6 server IP address.
Example
To add a DHCPv6 server to the relay table:
DGS-3620-28PC:admin# config dhcpv6_relay add ipif System
2001:DB8:1234:0:218:FEFF:FEFB:CC0E
Command: config dhcpv6_relay add ipif System 2001:DB8:1234:0:218:FEFF:FEFB:CC0E
Success.
DGS-3620-28PC:admin#
25-5 config dhcpv6_relay ipif
Description
The command is used to configure the DHCPv6 relay state of one specific interface or all interfaces.
Format config dhcpv6_relay ipif [<ipif_name 12> | all] state [enable | disable]
Parameters
ipif - Specifies the name of the IP interface.
<ipif_name 12> - Enter the IP interface name used here. This name can be up to 12 characters long.
427
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
all - Specifies that all the configured IP interfaces wil be used..
state - Specifies if the DHCPv6 relay state will be enabled or disabled.
enable - Choose this parameter to enable the DHCPv6 relay state of the interface.
disable - Choose this parameter to disable the DHCPv6 relay state of the interface.
Example
To configure the DHCPv6 relay state of the System interface to enable:
DGS-3620-28PC:admin# config dhcpv6_relay ipif System state enable
Command: config dhcpv6_relay ipif System state enable
Success.
DGS-3620-28PC:admin#
25-6 show dhcpv6_relay
Description
This command will display the current DHCPv6 relay configuration of all interfaces, or if an IP interface name is specified, the DHCPv6 relay configuration for that IP interface.
Format show dhcpv6_relay {ipif <ipif_name 12>}
Parameters
Restrictions
None.
ipif - (Optional) The name of the IP interface for which to display the current DHCPv6 relay configuration.
<ipif_name 12> - Enter the IP interface name used here. This name can be up to 12 characters long.
If no IP interface is specified, all configured DHCPv6 relay interfaces are displayed.
Example
To show the DHCPv6 relay configuration of all interfaces:
428
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#show dhcpv6_relay ipif System
Command: show dhcpv6_relay ipif System
DHCPv6 Relay Global State : Disabled
DHCPv6 Hops Count Limit : 4
DHCPv6 Relay Information Option 37 State : Disabled
DHCPv6 Relay Information Option 37 Check : Disabled
DHCPv6 Relay Information Option 37 Remote ID Type : Default
DHCPv6 Relay Information Option 37 Remote ID :
---------------------------------------------------------------
IP Interface : System
DHCPv6 Relay Status : Enabled
Server Address :
DGS-3620-28PC:admin#
25-7 config dhcpv6_relay option_37
Description
This command is used to configure the processing of Option 37 for the DHCPv6 relay function.
When the DHCPv6 relay Option 37 is enabled, the DHCP packet will be inserted with the Option
37 field before being relayed to server. The DHCP packet will be processed based on the behavior defined in the check and remote ID type setting. When the state is disabled, the DHCP packet will be relayed directly to server without further checks and inserted with the Option 37.
DGS-3620-28PC:admin#show dhcpv6_relay
Command: show dhcpv6_relay
DHCPv6 Relay Global State : Disabled
DHCPv6 Hops Count Limit : 4
DHCPv6 Relay Information Option 37 State : Disabled
DHCPv6 Relay Information Option 37 Check : Disabled
DHCPv6 Relay Information Option 37 Remote ID Type : Default
DHCPv6 Relay Information Option 37 Remote ID :
---------------------------------------------------------------
IP Interface : System
DHCPv6 Relay Status : Enabled
Server Address :
IP Interface : Interface1
DHCPv6 Relay Status : Enabled
Server Address :
Total Entries : 2
DGS-3620-28PC:admin#
To show the DHCPv6 relay configuration of System interface:
429
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config dhcpv6_relay option_37 {state [enable | disable] | check [enable | disable] | remote_id [default | cid_with_user_define <desc 128>| user_define <desc 128>]}(1)
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
state - Specifies the DHCPv6 relay Option 37 state.
enable - When the state is enabled, the DHCP packet will be inserted with the Option 37 field before being relayed to server.
disable - When the state is disabled, the DHCP packet will be relayed directly to server without further checks and inserted with the Option 37.
check - Specifies that packets coming from client side should or should not have the Option 37 field. If client originating packets have the Option 37 field set they will be dropped.
enable - Specifies that the check option is enabled.
disable - Specifies that the check option is disabled.
remote_id - Specifies the content in the Remote ID.
default - Specifies that the remote ID will contain the VLAN ID, Module, Port, and System
MAC address of the device.
cid_with_user_define - Specifies that the remote ID will contain the VLAN ID, Module, Port, and a user defined string.
<desc 128> - Enter the CID user defined string here. This can be up to 128 characters long.
user_define - Specifies that the remote ID will be a user defined string.
<desc 128> - Enter the user defined string here. This can be up to 128 characters long.0
Example
To enable the state of the DHCPv6 Option 37:
DGS-3620-28PC:admin#config dhcpv6_relay option_37 state enable
Command: config dhcpv6_relay option_37 state enable
Success.
DGS-3620-28PC:admin#
To enable the DHCPv6 Option 37 check:
DGS-3620-28PC:admin#config dhcpv6_relay option_37 check enable
Command: config dhcpv6_relay option_37 check enable
Success.
DGS-3620-28PC:admin#
To set the remote ID as default:
430
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#config dhcpv6_relay option_37 remote_id default
Command: config dhcpv6_relay option_37 remote_id default
Success.
DGS-3620-28PC:admin#
431
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 26 DHCPv6 Server
Commands
create dhcpv6 pool <pool_name 12>
delete dhcpv6 pool [<pool_name 12> | all]
show dhcpv6 pool {<pool_name 12>}
config dhcpv6 pool ipv6network_addr <pool_name 12> begin <ipv6networkaddr> end
<ipv6networkaddr>
config dhcpv6 pool domain_name <pool_name 12> <domain_name 255>
config dhcpv6 pool dns_server <pool_name 12> <ipv6addr> {<ipv6addr>}
config dhcpv6 pool lifetime <pool_name 12> preferred_lifetime <sec 60-4294967295> valid_lifetime <sec 60-4294967295>
config dhcpv6 pool manual_binding <pool_name 12> [add [<ipv6addr> | <ipv6networkaddr>] client_duid <string 28> | delete [<ipv6addr> | <ipv6networkaddr> | all]]
config dhcpv6 pool prefix_delegation <pool_name 12> <ipv6networkaddr> <value 1-128>
<ipif_name 12>
show dhcpv6 manual_binding {<pool_name 12>}
show dhcpv6 binding {<pool_name 12>}
clear dhcpv6 binding {<pool_name 12>}
enable dhcpv6_server disable dhcpv6_server
show dhcpv6_server {ipif <ipif_name 12>}
config dhcpv6 pool excluded_address <pool_name 12> [add begin <ipv6addr> end <ipv6addr>
| delete [begin <ipv6addr> end <ipv6addr> | all]]
show dhcpv6 excluded_address {<pool_name 12>}
config dhcpv6_server ipif [<ipif_name 12> | all] state [enable | disable]
26-1 create dhcpv6 pool
Description
This command is used to create a DHCPv6 pool for the DHCPv6 server.
Format create dhcpv6 pool <pool_name 12>
Parameters
pool - Specifies the pool to be created with this command.
<pool_name 12> - Enter the pool name here. This name can be up to 12 characters long.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To create a DHCPv6 pool pool1:
432
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# create dhcpv6 pool pool1
Command : create dhcpv6 pool pool1 success
DGS-3620-28PC:admin#
26-2 delete dhcpv6 pool
Description
This command is used to delete one or all DHCPv6 pools.
Format delete dhcpv6 pool [<pool_name 12> | all]
Parameters
pool - Specifies the DHCPv6 pool to be removed.
<pool_name 12> - Enter the DHCPv6 pool name to be removed here. This name can be up to 12 characters long.
all - Specifies that all the DHCPv6 pools will be removed.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete the DHCPv6 pool by specifying the pool name pool1:
DGS-3620-28PC:admin# delete dhcpv6 pool pool1
Command: delete dhcpv6 pool pool1
Success.
DGS-3620-28PC:admin#
26-3 show dhcpv6 pool
Description
This command is used to display one or all DHCPv6 pools configuration.
Format show dhcpv6 pool {<pool_name 12>}
Parameters
pool – Specifies the DHCPv6 pool to be displayed.
433
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<pool_name 12> - (Optional) Enter the DHCPv6 pool name to be displayed here. This name can be up to 12 characters long.
If no parameters are specified, all the DHCPv6 pools will be displayed.
Restrictions
None.
Example
To show the DHCPv6 pool by specifying the pool name pool1:
DGS-3620-28PC:admin# show dhcpv6 pool pool1
Command: show dhcpv6 pool pool1
Pool Name : pool1
Begin Network Address : 2000::1/64
End Network Address : 2000::200/64
Domain Name : domain.com
DNS Server Address : 2000::ff
: 2000::fe
Preferred Lifetime : 604800 (sec)
Valid Lifetime : 2592000 (sec)
Total Pool Entries: 1
DGS-3620-28PC:admin#
26-4 config dhcpv6 pool ipv6network_addr
Description
This command is used to configure the range of IPv6 network addresses for the DHCPv6 pool.
The IPv6 addresses in the range are free to be assigned to any DHCPv6 client. When the
DHCPv6 server receives a request from the client, the server will automatically find an available pool to allocate an IPv6 address.
The begin_networkaddr and end_networkaddr must observer some rules as followed:
The prefix of the begin_networkaddr and end_networkaddr are not consistence, otherwise, the switch will print an error message: The prefix of begin_networkaddr and end_networkaddr must be consistence.(e.g.: the begin_networkaddr is 2000::1/64, and the end_networkaddr is 3000::100/64)
The begin address must not be large than end address, otherwise, the switch will print an error message: The begin IPv6 address must be lower than or equal to the end IPv6 address.(e.g.: the begin_networkaddr is 2000::200/64, and the end_networkaddr is 2000::100/64)
There must not be intersection between the IPv6 address ranges of two pools, otherwise, the
Switch will print an error message: IPv6network address collision. (e.g.: pool1: 2000::1/64 ---
2000::100/64, pool2: 2000::50/64 --- 2000::200/64)
The IPv6 network address can’t be Link-local address and Multicast address, otherwise, the
Switch will print an error message: “The IPv6 network address can’t be Link-local address or
Multicast address. “ (e.g.:: pool1: FE80::1/64 --- FE80::100/64, pool2: FE80::200/64 ---
FE80::300/64
434
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config dhcpv6 pool ipv6network_addr <pool_name 12> begin <ipv6networkaddr> end
<ipv6networkaddr>
Parameters
<pool_name 12> - Enter the DHCPv6 pool name used here. This name can be up to 12 characters long.
begin - Specifies the beginning IPv6 network address of the DHCPv6 pool.
<ipv6networkaddr> - Enter the beginning IPv6 network address of the DHCPv6 pool here.
end - Specifies the ending IPv6 network address of the DHCPv6 pool.
<ipv6networkaddr> - Enter the ending IPv6 network address of the DHCPv6 pool here.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the range of ipv6network address for the DHCPv6 pool pool1:
DGS-3620-28PC:admin# config dhcpv6 pool ipv6network_addr pool1 begin 2000::1/64 end 2000::32/64
Command: config dhcpv6 pool ipv6network_addr pool1 begin 2000::1/64 end
2000::32/64 success
DGS-3620-28PC:admin#
26-5 config dhcpv6 pool domain_name
Description
This command is used to configure the domain name for the DHCPv6 pool of the Switch. The domain name configured here will be used as the default domain name by the client.
By default, the domain name is empty. If domain name is empty, the domain name information will not be provided to the client.
Format config dhcpv6 pool domain_name <pool_name 12> <domain_name 255>
Parameters
<pool_name 12> - Enter the DHCPv6 pool name used here. This name can be up to 12 characters long.
<domain_name 255> - Enter the domain name used here. This name can be up to 255 characters long.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
435
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure the domain name for the DHCPv6 pool pool1:
DGS-3620-28PC:admin# config dhcpv6 pool domain_name pool1 dlink.com
Command: config dhcpv6 pool domain_name pool1 dlink.com
Success.
DGS-3620-28PC:admin#
26-6 config dhcpv6 pool dns_server
Description
This command is used to configure the DNS server’s IPv6 addresses for a specific DHCPv6 pool.
Users may add up to two DNS Server addresses. If DNS server is not specified, the DNS server information will not be provided to the client. Users could delete a DNS server address in the method of setting the DNS server address to zero.
Format config dhcpv6 pool dns_server <pool_name 12> <ipv6addr> {<ipv6addr>}
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
<pool_name 12> - Enter the DHCPv6 pool name used here. This name can be up to 12 characters long.
<ipv6addr> - Enter the primary DNS Server IPv6 address used for this pool here.
<ipv6addr> - (Optional) Enter the secondary DNS Server IPv6 address used for this pool here.
Example
To configure the DNS server address for a DHCPv6 pool:
DGS-3620-28PC:admin# config dhcpv6 pool dns_server pool1 2000::200 2000::201
Command: config dhcpv6 pool dns_server pool1 2000::200 2000::201
Success.
DGS-3620-28PC:admin#
26-7 config dhcpv6 pool lifetime
Description
This command is used to configure the preferred-lifetime and valid-lifetime of IPv6 address within a
DHCPv6 pool.
436
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Preferred lifetime - the length of time that a valid address is preferred (i.e., the time until deprecation). When the preferred lifetime expires, the address becomes deprecated.
Valid lifetime - the length of time an address remains in the valid state (i.e., the time until invalidation). When the valid lifetime expires, the address becomes invalid.
The valid lifetime must be greater than or equal to the preferred lifetime.
Format config dhcpv6 pool lifetime <pool_name 12> preferred_lifetime <sec 60-4294967295> valid_lifetime <sec 60-4294967295>
Parameters
<pool_name 12> - Enter the DHCPv6 pool name used here. This name can be up to 12 characters long.
preferred_lifetime - Specifies the length of time that a valid address is preferred to.
<sec 60-4294967295> - Enter the preferred lifetime value here. This value must be between
60 and 4294967295 seconds.
valid_lifetime - Specifies the length of time an address remains in the valid state.
<sec 60-4294967295> - Enter the valid lifetime value here. This value must be between 60 and 4294967295 seconds.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the preferred-lifetime and valid-lifetime for the DHCPv6 pool:
DGS-3620-28PC:admin# config dhcpv6 pool lifetime pool1 preferred_lifetime 80 valid_lifetime 100
Command: config dhcpv6 pool lifetime pool1 preferred_lifetime 80 valid_lifetime
100
Success.
DGS-3620-28PC:admin#
26-8 config dhcpv6 pool manual_binding
Description
This command is used to configure a DHCPv6 pool manual binding entry. An address binding is a mapping between the IPv6 address and DUID (A DHCPv6 Unique Identifier for a DHCPv6 participant) of a client. The IPv6 address specified in the manual binding entry must be in the range of the DHCPv6 pool.
Format config dhcpv6 pool manual_binding <pool_name 12> [add [<ipv6addr> | <ipv6networkaddr>] client_duid <string 28> | delete [<ipv6addr> | <ipv6networkaddr> | all]]
437
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
<pool_name 12> - Enter the DHCPv6 pool name used here. This name can be up to 12 characters long.
add - Specifies the IPv6 address that will statically be bound to a device.
<ipv6addr> - Enter the IPv6 address used for the static bind here.
<ipv6networkaddr> - Enter the IPv6 network address used for the static bind here.
client_duid - Specifies the DUID of the device that will statically be bound to the IPv6 address entered in the previous field.
<string 28> - Enter the client DUID used here. This string can be up to 28 characters long.
delete - Specifies to delete the manual binding entry.
<ipv6addr> - Enter the IPv6 address of the manual binding entry to be deleted here.
<ipv6networkaddr> - Enter the IPv6 network address of the manual binding entry to be deleted here.
all - Specifies that all manual binding entries will be deleted.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To add a manual binding DHCPv6 entry:
DGS-3620-28PC:admin# config dhcpv6 pool manual_binding pool1 add 2000::3 client_duid 00010006124dd5840021918d4d9f
Command: config dhcpv6 pool manual_binding pool1 add 2000::3 client_duid
00010006124dd5840021918d4d9f success
DGS-3620-28PC:admin#
26-9 config dhcpv6 pool prefix_delegation
Description
This command is used to create a DHCPv6 prefix pool for an interface.
Format config dhcpv6 pool prefix_delegation <pool_name 12> <ipv6networkaddr> <value 1-128>
<ipif_name 12>
Parameters
<pool_name 12> - Enter the DHCPv6 server pool name here. This name can be up to 12 characters long.
<ipv6networkaddr> - Enter the IPv6 prefix assigned to the pool here.
<value 1-128> - Enter the length of the prefix, in bits, assigned to the user from the pool here.
The value of the assigned-length argument cannot be less than the value of the prefix-length.
<ipif_name 12> - Enter the name of the IP interface used for this prefix delegation.
438
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To create a DHCPv6 prefix pool prefixpool1 for interface System:
DGS-3620-28PC:admin#config dhcpv6 pool prefix_delegation prefixpool1 1111::/48
64 System
Command: config dhcpv6 pool prefix_delegation prefixpool1 1111::/48 64 System
Success.
DGS-3620-28PC:admin#
26-10 show dhcpv6 manual_binding
Description
This command will display the manual binding entries for the selected or all DHCPv6 pools.
Format show dhcpv6 manual_binding {<pool_name 12>}
Parameters
Restrictions
None.
<pool_name 12> - (Optional) Enter the DHCPv6 pool name used here. This name can be up to
12 characters long.
If no parameter is specified, then all the entries will be displayed.
Example
To display the manual binding entries of the DHCPv6 pool:
439
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show dhcpv6 manual_binding
Command: show dhcpv6 manual_binding
Pool Name :net100
Entry 1
IPv6 Address: 3000:100:1::ABCD
DUID : 00030006001572200700
Pool Name :net91
Entry 1
IPv6 Address: 3000:91:1::100
DUID : 00030006aabbcc000000
Entry 2
IPv6 Address: 3000:91:1::101
DUID : 00030006aabbcc000001
Total Entries: 3
DGS-3620-28PC:admin#
26-11 show dhcpv6 binding
Description
This command is used to show the DHCPv6 dynamic binding information. Entering the command without the pool name will display all information regarding DHCPv6 dynamic binding on the switch.
This command only displays the dynamic binding information, not including manual binding information.
Format show dhcpv6 binding {<pool_name 12>}
Parameters
<pool_name 12> - (Optional) Enter the DHCPv6 pool name used here. This name can be up to
12 characters long.
Restrictions
None.
Example
To display the DHCPv6 dynamic binding information on the Switch:
440
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# show dhcpv6 binding
Command: show dhcpv6 binding
Pool Name: net90 IPv6 Address: 3000:90:1::7
DUID : 0003000600cd14517000
Preferred(s): 120 Valid(s): 240
Pool Name: net100-2 IPv6 Address: 3000:100:1::1
DUID : 00030006001572200300
Preferred(s): 120 Valid(s): 240
Total Entries : 2
DGS-3620-28PC:admin#
26-12 clear dhcpv6 binding
Description
This command is used to clear the DHCPv6 dynamic binding information.
Format clear dhcpv6 binding {<pool_name 12>}
Parameters
<pool_name 12> - (Optional) Enter the DHCPv6 pool name used here. This name can be up to
12 characters long.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To clear the DHCPv6 dynamic binding information on the Switch:
DGS-3620-28PC:admin# clear dhcpv6 binding
Command: clear dhcpv6 binding
Success.
DGS-3620-28PC:admin#
26-13 enable dhcpv6_server
Description
This command is used to enable the DHCPv6 server function on the Switch
441
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format enable dhcpv6_server
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the DHCPv6 server global state to enable:
DGS-3620-28PC:admin# enable dhcpv6_server
Command: enable dhcpv6_server
Success.
DGS-3620-28PC:admin#
26-14 disable dhcpv6_server
Description
This command is used to disable the DHCPv6 server function on the Switch
Format disable dhcpv6_server
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the DHCPv6 server global state to disable:
DGS-3620-28PC:admin# disable dhcpv6_server
Command: disable dhcpv6_server
Success.
DGS-3620-28PC:admin#
442
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
26-15 show dhcpv6_server
Description
This command is used to display the DHCPv6 server setting.
Format show dhcpv6_server {ipif <ipif_name 12>}
Parameters
Restrictions
None.
ipif - (Optional) Specifies the IP interface name to be displayed.
<ipif_name 12> - Enter the IP interface name to be displayed here. This name can be up to
12 characters long.
Example
To display the DHCPv6 server setting:
DGS-3620-28PC:admin# show dhcpv6_server
Command: show dhcpv6_server
DHCPv6 Server Global State: Disabled
---------------------------------------------------------------
IP Interface : System
DHCPv6 Server State : Enabled
IP Interface : ipif1
DHCPv6 Server State : Enabled
Total Entries : 2
DGS-3620-28PC:admin#
26-16 config dhcpv6 pool excluded_address
Description
This command is used to configure the reserved IPv6 addresses on the DHCPv6 server.
Format config dhcpv6 pool excluded_address <pool_name 12> [add begin <ipv6addr> end
<ipv6addr> | delete [begin <ipv6addr> end <ipv6addr> | all]]
Parameters
<pool_name 12> - Enter the DHCPv6 pool name used here. This name can be up to 12
443
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command. characters long.
add - Specifies to add an excluded address range for a specified pool.
begin - Specifies the beginning IPv6 address of the range of IPv6 addresses to be excluded from the DHCPv6 pool.
<ipv6addr> - Enter the beginning IPv6 address used here.
end - Specifies the ending IPv6 address of the range of IPv6 addresses to be excluded from the DHCPv6 pool.
<ipv6addr> - Enter the ending IPv6 address used here.
delete - Specifies to delete one or all excluded address ranges of a specified pool.
begin - Specifies the beginning IPv6 address of the range of IPv6 addresses to be excluded from the DHCPv6 pool.
<ipv6addr> - Enter the beginning IPv6 address used here.
end - Specifies the ending IPv6 address of the range of IPv6 addresses to be excluded from the DHCPv6 pool.
<ipv6addr> - Enter the ending IPv6 address used here.
all - Specifies to delete all excluded address ranges of a specified pool.
Example
To add the IPv6 addresses range that DHCPv6 server should not assign to clients:
DGS-3620-28PC:admin# config dhcpv6 pool excluded_address pool1 add begin
2000::3 end 2000::8
Command: config dhcpv6 pool excluded_address pool1 add begin 2000::3 end
2000::8
Success.
DGS-3620-28PC:admin#
26-17 show dhcpv6 excluded_address
Description
This command is used to display the groups of IPv6 addresses which are excluded from the legal assigned IPv6 address
Format show dhcpv6 excluded_address {<pool_name 12>}
Parameters
Restrictions
None.
<pool_name 12> - (Optional) Enter the DHCPv6 pool name used here. This name can be up to
12 characters long.
444
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To display the excluded address information:
DGS-3620-28PC:admin# show dhcpv6 excluded_address
Command: show dhcpv6 excluded_address
Pool Name: net100
Range 1
Begin Address: 3000:110:1::1
End Address : 3000:110:1::7
Range 2
Begin Address: 3000:110:1::9
End Address : 3000:110:1::9
Range 3
Begin Address: 3000:110:1::11
End Address : 3000:110:1::11
Range 4
Begin Address: 3000:110:1::13
End Address : 3000:110:1::13
Total Entries : 5
DGS-3620-28PC:admin#
26-18 config dhcpv6_server ipif
Description
This command is used to configure the DHCPv6 Server state per interface.
Format config dhcpv6_server ipif [<ipif_name 12> | all] state [enable | disable]
Parameters
ipif - Specifies the IP interface used.
<ipif_name 12> - Enter the IP interface name used. This name can be up to 12 characters long.
all - Specifies that all the IP interfaces will used.
state - Specifies the DHCPv6 server state for the specified interface.
enable - Specifies that the DHCPv6 server state for the specified interface will be enabled.
disable - Specifies that the DHCPv6 server state for the specified interface will be disabled.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the DHCPv6 Server state of System Interface to enable:
445
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# config dhcpv6_server ipif System state enable
Command: config dhcpv6_server ipif System state enable
Success.
DGS-3620-28PC:admin#
446
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 27 Digital Diagnostic
Monitoring (DDM) Commands
config ddm [trap | log] [enable | disable]
config ddm ports [<portlist> | all] [[temperature_threshold {high_alarm <degrees> | low_alarm
<degrees> | high_warning <degrees> | low_warning <degrees>} | voltage_threshold
{high_alarm <voltage> | low_alarm <voltage> | high_warning <voltage> | low_warning
<voltage>} | bias_current_threshold {high_alarm <milliampere> | low_alarm <milliampere> | high_warning <milliampere> | low_warning <milliampere>} | tx_power_threshold {high_alarm
<mw_or_dbm> | low_alarm <mw_or_dbm> | high_warning <mw_or_dbm> | low_warning
<mw_or_dbm>} | rx_power_threshold {high_alarm <mw_or_dbm> | low_alarm <mw_or_dbm>
| high_warning <mw_or_dbm> | low_warning <mw_or_dbm>}] | {state [enable | disable] | shutdown [alarm | warning | none]}]
show ddm
show ddm ports {<portlist>} [status | configuration]
config ddm power_unit [mw | dbm]
27-1 config ddm
Description
The command configures the DDM log and trap action when encountering an exceeding alarm or warning thresholds event.
Format config ddm [trap | log] [enable | disable]
Parameters
trap - Specifies whether to send traps, when the operating parameter exceeds the corresponding threshold. The DDM trap is disabled by default.
log - Specifies whether to send a log, when the operating parameter exceeds the corresponding threshold. The DDM log is enabled by default.
enable - Specifies to enable the log or trap sending option.
disable - Specifies to disable the log or trap sending option.
Restrictions
Only Administrators and Operators can issue this command.
Example
To configure DDM log state to enable:
447
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#config ddm log enable
Command: config ddm log enable
Success.
DGS-3620-28PC:admin#
To configure DDM trap state to enable:
DGS-3620-28PC:admin#config ddm trap enable
Command: config ddm trap enable
Success.
DGS-3620-28PC:admin#
27-2 config ddm ports
Description
The command is used to configure the DDM settings of the specified ports.
Format config ddm ports [<portlist> | all] [[temperature_threshold {high_alarm <degrees> | low_alarm <degrees> | high_warning <degrees> | low_warning <degrees>} | voltage_threshold {high_alarm <voltage> | low_alarm <voltage> | high_warning <voltage> | low_warning <voltage>} | bias_current_threshold {high_alarm <milliampere> | low_alarm
<milliampere> | high_warning <milliampere> | low_warning <milliampere>} | tx_power_threshold {high_alarm <mw_or_dbm> | low_alarm <mw_or_dbm> | high_warning
<mw_or_dbm> | low_warning <mw_or_dbm>} | rx_power_threshold {high_alarm
<mw_or_dbm> | low_alarm <mw_or_dbm> | high_warning <mw_or_dbm> | low_warning
<mw_or_dbm>}] | {state [enable | disable] | shutdown [alarm | warning | none]}]
Parameters
<portlist> - Enter the range of ports to be configured here.
all - Specifies that all the optic ports’ operating parameters will be configured.
temperature_threshold - Specifies the threshold of the optic module’s temperature in centigrade. At least one parameter shall be specified for this threshold.
high_alarm - (Optional) Specifies the high threshold for the alarm. When the operating parameter rises above this value, the action associated with the alarm is taken.
<degrees> - Enter the high threshold alarm value used here.
low_alarm - (Optional) Specifies the low threshold for the alarm. When the operating parameter falls below this value, the action associated with the alarm is taken.
<degrees> - Enter the low threshold alarm value used here.
high_warning - (Optional) Specifies the high threshold for the warning. When the operating parameter rises above this value, the action associated with the warning is taken.
<degrees> - Enter the high threshold warning value here.
low_warning - (Optional) Specifies the low threshold for the warning. When the operating parameter falls below this value, the action associated with the warning is taken.
<degrees> - Enter the low threshold warning value here.
voltage_threshold - Specifies the threshold of optic module’s voltage.
high_alarm - (Optional) Specifies the high threshold for the alarm. When the operating parameter rises above this value, the action associated with the alarm is taken.
448
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
<voltage> - Enter the high threshold alarm value used here.
low_alarm - (Optional) Specifies the low threshold for the alarm. When the operating parameter falls below this value, the action associated with the alarm is taken.
<voltage> - Enter the low threshold alarm value used here.
high_warning - (Optional) Specifies the high threshold for the warning. When the operating parameter rises above this value, the action associated with the warning is taken.
<voltage> - Enter the high threshold warning value here.
low_warning - (Optional) Specifies the low threshold for the warning. When the operating parameter falls below this value, the action associated with the warning is taken.
<voltage> - Enter the low threshold warning value here.
bias_current_threshold - Specifies the threshold of the optic module’s bias current.
high_alarm - (Optional) Specifies the high threshold for the alarm. When the operating parameter rises above this value, the action associated with the alarm is taken.
<milliampere> - Enter the high threshold alarm value used here.
low_alarm - (Optional) Specifies the low threshold for the alarm. When the operating parameter falls below this value, the action associated with the alarm is taken.
<milliampere> - Enter the low threshold alarm value used here.
high_warning - (Optional) Specifies the high threshold for the warning. When the operating parameter rises above this value, the action associated with the warning is taken.
<milliampere> - Enter the high threshold warning value here.
low_warning - (Optional) Specifies the low threshold for the warning. When the operating parameter falls below this value, the action associated with the warning is taken.
<milliampere> - Enter the low threshold warning value here.
tx_power_threshold - Specifies the threshold of the optic module’s output power.
high_alarm - (Optional) Specifies the high threshold for the alarm. When the operating parameter rises above this value, the action associated with the alarm is taken.
<mw_or_dbm> - Enter the high threshold alarm value used here.
low_alarm - (Optional) Specifies the low threshold for the alarm. When the operating parameter falls below this value, the action associated with the alarm is taken.
<mw_or_dbm> - Enter the low threshold alarm value used here.
high_warning - (Optional) Specifies the high threshold for the warning. When the operating parameter rises above this value, the action associated with the warning is taken.
<mw_or_dbm> - Enter the high threshold warning value here.
low_warning - (Optional) Specifies the low threshold for the warning. When the operating parameter falls below this value, the action associated with the warning is taken.
<mw_or_dbm> - Enter the low threshold warning value here.
rx_power_threshold - Specifies the threshold of optic module’s received power.
high_alarm - (Optional) Specifies the high threshold for the alarm. When the operating parameter rises above this value, the action associated with the alarm is taken.
<mw_or_dbm> - Enter the high threshold alarm value used here.
low_alarm - (Optional) Specifies the low threshold for the alarm. When the operating parameter falls below this value, the action associated with the alarm is taken.
<mw_or_dbm> - Enter the low threshold alarm value used here.
high_warning - (Optional) Specifies the high threshold for the warning. When the operating parameter rises above this value, the action associated with the warning is taken.
<mw_or_dbm> - Enter the high threshold warning value here.
low_warning - (Optional) Specifies the low threshold for the warning. When the operating parameter falls below this value, the action associated with the warning is taken.
<mw_or_dbm> - Enter the low threshold warning value here.
state - (Optional) Specifies the DDM state to enable or disable. If the state is disabled, no DDM action will take effect.
enable - Specifies to enable the DDM state.
disable - Specifies to disable the DDM state.
shutdown - (Optional) Specifies whether or not to shutdown the port when the operating parameter exceeds the corresponding alarm threshold or warning threshold.
alarm - Shutdown the port when the configured alarm threshold range is exceeded.
warning - Shutdown the port when the configured warning threshold range is exceeded.
none - The port will never shutdown regardless if the threshold ranges are exceeded or not.
449
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators and Operators can issue this command.
Example
To configure the port 21’s temperature threshold:
DGS-3620-28PC:admin#config ddm ports 1:21 temperature_threshold high_alarm
84.9555 low_alarm -10 high_warning 70 low_warning 2.25251
Command: config ddm ports 1:21 temperature_threshold high_alarm 84.9555 low_alarm -10 high_warning 70 low_warning 2.25251
Success.
DGS-3620-28PC:admin#
To configure the port 21’s voltage threshold:
DGS-3620-28PC:admin#config ddm ports 1:21 voltage_threshold high_alarm 4.25 low_alarm 2.5 high_warning 3.5 low_warning 3
Command: config ddm ports 1:21 voltage_threshold high_alarm 4.25 low_alarm 2.5 high_warning 3.5 low_warning 3
Success.
DGS-3620-28PC:admin#
To configure the port 21’s bias current threshold:
DGS-3620-28PC:admin#config ddm ports 1:21 bias_current_threshold high_alarm
7.25 low_alarm 0.004 high_warning 0.5 low_warning 0.008
Command: config ddm ports 1:21 bias_current_threshold high_alarm 7.25 low_alarm
0.004 high_warning 0.5 low_warning 0.008
Success.
DGS-3620-28PC:admin#
To configure the port 21’s transmit power threshold:
DGS-3620-28PC:admin#config ddm ports 1:21 tx_power_threshold high_alarm 0.625 low_alarm 0.006 high_warning 0.55 low_warning 0.008
Command: config ddm ports 1:21 tx_power_threshold high_alarm 0.625 low_alarm
0.006 high_warning 0.55 low_warning 0.008
Success.
DGS-3620-28PC:admin#
To configure the port 21’s receive power threshold:
450
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#config ddm ports 1:21 rx_power_threshold high_alarm 4.55 low_alarm 0.01 high_warning 3.5 low_warning 0.03
Command: config ddm ports 1:21 rx_power_threshold high_alarm 4.55 low_alarm
0.01 high_warning 3.5 low_warning 0.03
Success.
DGS-3620-28PC:admin#
To configure port 21’s actions associate with the alarm:
DGS-3620-28PC:admin#config ddm ports 1:21 state enable shutdown alarm
Command: config ddm ports 1:21 state enable shutdown alarm
Success.
DGS-3620-28PC:admin#
27-3 show ddm
Description
This command is used to display the DDM global settings.
Format show ddm
Parameters
None.
Restrictions
None.
Example
To display the DDM global settings:
DGS-3620-28PC:admin#show ddm
Command: show ddm
DDM Log : Enabled
DDM Trap : Disabled
DDM Tx/Rx Power Unit : mw
DGS-3620-28PC:admin#
451
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
27-4 show ddm ports
Description
This command is used to show the current operating DDM parameters and configuration values of the optic module of the specified ports. There are two types of thresholds: the administrative configuration and the operation configuration threshold.
For the optic port, when a particular threshold was configured by user, it will be shown in this command with a tag indicating that it is a threshold that user configured, else it would be the threshold read from the optic module that is being inserted.
Format show ddm ports {<portlist>} [status | configuration]
Parameters
<portlist> - (Optional) Enter the range of ports to be displayed here.
status - Specifies that the operating parameter will be displayed.
configuration - Specifies that the configuration values will be displayed.
Restrictions
None.
Example
To display ports 21-22’s operating parameters:
DGS-3620-28PC:admin#show ddm ports 1:21-1:22 status
Command: show ddm ports 1:21-1:22 status
Port Temperature Voltage Bias-Current TX-Power RX-Power
(in Celsius) (V) (mA) (mW) (mW)
------- ------------- ---------- -------------- ---------- ------------
1:21 21.5 2.5 50 3 4
1:22 - - - - -
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
To display port 21’s configuration:
452
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#show ddm ports 1:21 configuration
Command: show ddm ports 1:21 configuration
Port: 1:21
--------------------------------------------
DDM State : Enabled
Shutdown : Alarm
Threshold Temperature Voltage Bias-Current TX-Power RX-Power
(in Celsius) (V) (mA) (mW) (mW)
------------- ------------ ------------ ------------ ------------ ------------
High Alarm 84.9555(A) 4.2500(A) 7.2500(A) 0.6250(A) 4.5500(A)
Low Alarm -10.0000(A) 2.5000(A) 0.0040(A) 0.0060(A) 0.0100(A)
High Warning 70.0000(A) 3.5000(A) 0.5000(A) 0.5500(A) 3.5000(A)
Low Warning 2.2525(A) 3.0000(A) 0.0080(A) 0.0080(A) 0.0300(A)
A means that the threshold is administratively configured.
DGS-3620-28PC:admin#
27-5 config ddm power_unit
Description
The command is used to configure the unit of DDM TX and RX power.
Format config ddm power_unit [mw | dbm]
Parameters
mw - Specifies the DDM TX and RX power unit as mW.
dbm - Specifies the DDM TX and RX power unit as dBm.
Restrictions
Only Administrators and Operators can issue this command.
Example
To configure the DDM TX and RX power unit as dBm:
DGS-3620-28PC:admin#config ddm power_unit dbm
Command: config ddm power_unit dbm
Success.
DGS-3620-28PC:admin#
453
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 28 Distance Vector
Multicast Routing Protocol
(DVMRP) Commands
config dvmrp [ipif <ipif_name 12> | all] {metric <value 1-31> | probe <sec 1-65535> | neighbor_timeout <sec 1-65535> | state [enable | disable]}(1)
enable dvmrp disable dvmrp
show dvmrp {ipif <ipif_name 12>}
show dvmrp neighbor {ipif <ipif_name 12> | ipaddress <network_address>}
show dvmrp nexthop {ipaddress <network_address> | ipif <ipif_name 12>}
show dvmrp routing_table {ipaddress <network_address>}
28-1 config dvmrp
Description
This command is used to configure DVMRP configurations.
Format config dvmrp [ipif <ipif_name 12> | all] {metric <value 1-31> | probe <sec 1-65535> | neighbor_timeout <sec 1-65535> | state [enable | disable]}(1)
Parameters
ipif - Specifies the IP interface name used.
<ipif_name 12> - Enter the IP interface name used here. This name can be up to 12 characters long.
all - Specifies that all the IP interfaces will be used.
metric - (Optional) Allows the assignment of a DVMRP route cost to the above IP interface. A
DVMRP route cost is a relative number that represents the real cost of using this route in the construction of a multicast delivery tree. It is similar to, but not defined as, the hop count in
RIP.
<value 1-31> - Enter the metric value used here. This value must be between 1 and 31. The default value is 1.
probe - (Optional) Specifies the time in seconds between the DVMRP Probe message transmissions.
<sec 1-65535> - Enter the probe value used here. This value must be between 1 and 65535 seconds. The default value is 10 seconds.
neighbor_timeout - (Optional) Specifies the time period for DVMRP will hold Neithbor Router reports before issuing poison route messages.
<sec 1-65535> - Enter the neighbor timeout value used here. This value must be between 1 and 65535 seconds. The default value is 35 seconds.
state - (Optional) Specifies the DVMRP state of the IP interface.
enable - Specifies that DVMRP of the specified IP interface will be enabled.
disable - Specifies that DVMRP of the specified IP interface will be disabled.
454
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To configure DVMRP configurations of IP interface called ‘System’:
DGS-3620-28PC:admin# config dvmrp ipif System neighbor_timeout 30 metric 1 probe 5
Command: config dvmrp ipif System neighbor_timeout 30 metric 1 probe 5
Success
DGS-3620-28PC:admin#
28-2 enable dvmrp
Description
This command is used to enable the DVMRP global state on the Switch.
Format enable dvmrp
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To enable DVMRP:
DGS-3620-28PC:admin# enable dvmrp
Command: enable dvmrp
Success.
DGS-3620-28PC:admin#
28-3 disable dvmrp
Description
This command is used to disable the DVMRP global state on the Switch.
455
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format disable dvmrp
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command. (EI Mode Only
Command)
Example
To disable DVMRP:
DGS-3620-28PC:admin# disable dvmrp
Command: disable dvmrp
Success.
DGS-3620-28PC:admin#
28-4 show dvmrp
Description
This command is used to display DVMRP configurations.
Format show dvmrp {ipif <ipif_name 12>}
Parameters
ipif - (Optional) Specifies the IP interface name used for the display.
<ipif_name 12> - Enter the IP interface name used for the display here. This name can be up to 12 characters long.
If no parameter is specified, then all the IP interfaces will be displayed.
Restrictions
None. (EI Mode Only Command)
Example
To display DVMRP configurations:
456
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#show dvmrp
Command: show dvmrp
DVMRP Global State : Disabled
Interface IP Address Neighbor Timeout Probe Metric State
------------ ----------------- ---------------- ----- ------ --------
System 192.168.69.123 35 10 1 Disabled
Total Entries: 1
DGS-3620-28PC:admin#
28-5 show dvmrp neighbor
Description
This command is used to display the DVMRP neighbor table.
Format show dvmrp neighbor {ipif <ipif_name 12> | ipaddress <network_address>}
Parameters
ipif - (Optional) Specifies the IP interface name used for the display.
<ipif_name 12> - Enter the IP interface name used for the display here. This name can be up to 12 characters long.
ipaddress - (Optional) Specifies the IP address and netmask of the destination used.
<network_address> - Enter the IP address and netmask of the destination used here.
If no parameter is specified, the system will display the whole DVMRP neighbor table.
Restrictions
None. (EI Mode Only Command)
Example
To display DVMRP neighbor table:
DGS-3620-28PC:admin# show dvmrp neighbor
Command: show dvmrp neighbor
DVMRP Neighbor Address Table
Interface Neighbor Address Generation ID Expire Time
--------------- ---------------- ------------- -----------
System 10.48.74.123 86 32
Total Entries : 1
DGS-3620-28PC:admin#
457
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
28-6 show dvmrp nexthop
Description
This command is used to display the DVMRP routing next hop table.
Format show dvmrp nexthop {ipaddress <network_address> | ipif <ipif_name 12>}
Parameters
ipaddress - (Optional) Specifies the IP address and netmask of the destination used.
<network_address> - Enter the IP address and netmask of the destination used here.
ipif - (Optional) Specifies the IP interface name used for the display.
<ipif_name 12> - Enter the IP interface name used for the display here. This name can be up to 12 characters long.
If no parameter is specified, the system will display all the DVMRP routing next hop tables.
Restrictions
None. (EI Mode Only Command)
Example
To display DVMRP routing next hop table:
DGS-3620-28PC:admin# show dvmrp nexthop
Command: show dvmrp nexthop
DVMRP Routing Next Hop Table
Source Address/NetMask Interface Name Type
---------------------- --------------- ------
10.0.0.0/8 ip2 Leaf
10.0.0.0/8 ip3 Leaf
20.0.0.0/8 System Leaf
20.0.0.0/8 ip3 Leaf
30.0.0.0/8 System Leaf
30.0.0.0/8 ip2 Leaf
Total Entries : 6
DGS-3620-28PC:admin#
28-7 show dvmrp routing_table
Description
This command is used to display the DVMRP routing table.
Format show dvmrp routing_table {ipaddress <network_address>}
458
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Parameters
ipaddress - (Optional) Specifies the IP address and netmask of the destination used.
<network_address> - Enter the IP address and netmask of the destination used here.
If no parameter is specified, the system will display the whole DVMRP routing table.
Restrictions
None. (EI Mode Only Command)
Example
To display DVMRP routing table:
DGS-3620-28PC:admin# show dvmrp routing_table
Command: show dvmrp routing_table
DVMRP Routing Table
Source Address/Netmask Upstream Neighbor Metric Learned Interface Expire
---------------------- ----------------- ------ ------- ---------- ------
10.0.0.0/8 10.90.90.90 2 Local System -
20.0.0.0/16 20.1.1.1 2 Local ip2 -
30.0.0.0/24 30.1.1.1 2 Local ip3 -
Total Entries : 3
DGS-3620-28PC:admin#
459
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 29 D-Link License
Management System (DLMS)
Commands
29-1
install dlms activation_code <string 25> {unit <unit_id>}
show dlms license
install dlms activation_code
Description
This command is used to install an activation code. The activation code is a set of codes which activates functions on the switch.
Format install dlms activation_code <string 25> {unit <unit_id>}
Parameters
<string 25> Specifies an activation code. The length should be 25 string characters
unit - Specifies the unit to display.
<unit_id> Specifies the switch in the switch stack.
Restrictions
Only Administrator level users can issue this command.
Example
To input a legal activation code:
DGS-3620-28PC:admin# install dlms activation_code xBc7vNWsSpchuQkGZsTfPwcfa
Command: install dlms activation_code xBc7vNWsSpchuQkGZsTfPwcfa
Success.
Please reboot the device to active the license.
DGS-3620-28PC:admin#
460
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
29-2 show dlms license
Description
This command will display the license information.
Format show dlms license {unit <unit_id>}
Parameters
unit - Specifies the unit to display.
<unit_id> Specifies the switch in the switch stack.
Restrictions
None.
Example
To display license information:
DGS-3620-28PC:admin# show dlms license
Command: show dlms license
Device Default License : EI
DGS-3620-28PC:admin#
461
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 30 Domain Name
System (DNS) Relay
Commands
config dnsr [[primary | secondary] nameserver <ipaddr> | [add | delete] static <domain_name 32>
<ipaddr>]
enable dnsr {[cache | static]}
disable dnsr {[cache | static]}
show dnsr {static}
30-1 config dnsr
Description
This command is used to add or delete a static entry into the Switch’s DNS resolution table, or set up the relay server.
Format config dnsr [[primary | secondary] nameserver <ipaddr> | [add | delete] static
<domain_name 32> <ipaddr>]
Parameters
primary - Specifies to indicate that the IP address below is the address of the primary DNS server.
secondary - Specifies to indicate that the IP address below is the address of the secondary DNS server.
nameserver - Specifies the IP address of the DNS nameserver.
<ipaddr> - Enter the IP address of the DNS nameserver.
add - Specifies to add the DNS relay function.
delete - Specifies to delete the DNS relay function.
static - Specifies the domain name of the entry.
<domain_name32> - Enter the domain name.
<ipaddr> - Enter the IP address of the entry.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To set IP address 10.24.22.5 as the primary DNS server:
DGS-3620-28PC:admin# config dnsr primary nameserver 10.24.22.5
Command: config dnsr primary nameserver 10.24.22.5
Success.
462
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#
To add the entry “dns1” with IP address 10.24.22.5 to the DNS static table:
DGS-3620-28PC:admin#config dnsr add static dns1 10.24.22.5
Command: config dnsr add static dns1 10.24.22.5
Success.
DGS-3620-28PC:admin#
To delete the entry “dns1” with IP address 10.24.22.5 from the DNS static table:
DGS-3620-28PC:admin#config dnsr delete static dns1 10.24.22.5
Command: config dnsr delete static dns1 10.24.22.5
Success.
DGS-3620-28PC:admin#
30-2 enable dnsr
Description
This command is used to enable DNS relay.
Format enable dnsr {[cache | static]}
Parameters
cache - Specifies to enable the cache lookup for the DNS relay on the switch.
static - Specifies to enable the static table lookup for the DNS relay on the switch.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable DNS relay:
DGS-3620-28PC:admin#enable dnsr
Command: enable dnsr
Success.
DGS-3620-28PC:admin#
To enable cache lookup for DNS relay:
463
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#enable dnsr cache
Command: enable dnsr cache
Success.
DGS-3620-28PC:admin#
To enable static table lookup for DNS relay:
DGS-3620-28PC:admin#enable dnsr static
Command: enable dnsr static
Success.
DGS-3620-28PC:admin#
30-3 disable dnsr
Description
This command is used to disable DNS relay on the switch.
Format disable dnsr {[cache | static]}
Parameters
cache - (Optional) Specifies to disable the cache lookup for the DNS relay on the switch.
static - (Optional) Specifies to disable the static table lookup for the DNS relay on the switch.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To disable the status of DNS relay:
DGS-3620-28PC:admin#disable dnsr
Command: disable dnsr
Success.
DGS-3620-28PC:admin#
To disable cache lookup for DNS relay:
DGS-3620-28PC:admin#disable dnsr cache
Command: disable dnsr cache
Success.
464
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#
To disable static table lookup for DNS relay:
DGS-3620-28PC:admin#disable dnsr static
Command: disable dnsr static
Success.
DGS-3620-28PC:admin#
30-4 show dnsr
Description
This command is used to display the current DNS relay configuration and static entries.
Format show dnsr {static}
Parameters
static - (Optional) Specifies to display the static entries in the DNS relay table. If this parameter is omitted, the entire DNS relay table will be displayed.
Restrictions
None.
Example
To display the DNS relay status:
465
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin#show dnsr
Command: show dnsr
DNSR Status : Disabled
Primary Name Server : 0.0.0.0
Secondary Name Server : 0.0.0.0
DNSR Cache Status : Disabled
DNSR Static Table Status : Disabled
DNS Relay Static Table
Domain Name IP Address
----------------------------------------- --------------- www.123.com.tw 10.12.12.123
Total Entries: 1
DGS-3620-28PC:admin#
466
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 31 Domain Name
System (DNS) Resolver
Commands
config name_server add [<ipaddr> | <ipv6addr>] {primary}
config name_server delete [<ipaddr> | <ipv6addr>] {primary}
config name_server timeout <second 1-60>
show name_server
create host_name <name 255> [<ipaddr> | <ipv6addr>]
delete host_name [<name 255> | all]
show host_name {static | dynamic}
enable dns_resolver disable dns_resolver
31-1 config name_server add
Description
This command is used to add a DNS resolver name server to the Switch.
Format config name_server add [<ipaddr> | <ipv6addr>] {primary}
Parameters
<ipaddr> - Enter the DNS Resolver name server IPv4 address used here.
<ipv6addr> - Enter the DNS Resolver name server IPv6 address used here.
primary – (Optional) Specifies that the name server is a primary name server.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To add DNS Resolver primary name server 10.10.10.10:
DGS-3620-28PC:admin# config name_server add 10.10.10.10 primary
Command: config name_server add 10.10.10.10 primary
Success.
DGS-3620-28PC:admin#
467
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
31-2 config name_server delete
Description
This command is used to delete a DNS resolver name server from the Switch.
Format config name_server delete [<ipaddr> | <ipv6addr>] {primary}
Parameters
<ipaddr> - Enter the DNS Resolver name server IPv4 address used here.
<ipv6addr> - Enter the DNS Resolver name server IPv6 address used here.
primary – (Optional) Specifies that the name server is a primary name server.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete DNS Resolver name server 10.10.10.1:
DGS-3620-28PC:admin# config name_server delete 10.10.10.10
Command: config name_server delete 10.10.10.10
Success.
DGS-3620-28PC:admin#
31-3 config name_server timeout
Description
This command is used to configure the timeout value of a DNS Resolver name server.
Format config name_server timeout <second 1-60>
Parameters
timeout - Specifies the maximum time waiting for a responce from a specified name server.
<second 1-60> - Enter the timeout value used here. This value must be between 1 and 60 seconds.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
468
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure DNS Resolver name server time out to 10 seconds:
DGS-3620-28PC:admin# config name_server timeout 10
Command: config name_server timeout 10
Success.
DGS-3620-28PC:admin#
31-4 show name_server
Description
This command is used to display the current DNS Resolver name servers and name server time out on the Switch.
Format show name_server
Parameters
None.
Restrictions
None.
Example
To display the current DNS Resolver name servers and name server time out:
DGS-3620-28PC:admin# show name_server
Command: show name_server
Name Server Time Out: 3 seconds
Static Name Server Table:
Server IP Address Priority
--------------------- --------------
20.20.20.20 Secondary
10.1.1.1 Primary
Dynamic Name Server Table:
Server IP Address Priority
--------------------- --------------
10.48.74.122 Primary
DGS-3620-28PC:admin#
469
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
31-5 create host_name
Description
This command is used to create the static host name entry of the Switch.
Format create host_name <name 255> [<ipaddr> | <ipv6addr>]
Parameters
<name 255> - Enter the hostname used here. This name can be up to 255 characters long.
<ipaddr> - Enter the host IPv4 address used here.
<ipv6addr> - Enter the host IPv6 address used here.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To create static host name “www.example.com”:
DGS-3620-28PC:admin# create host_name www.example.com 10.10.10.10
Command: create host_name www.example.com 10.10.10.10
Success.
DGS-3620-28PC:admin#
31-6 delete host_name
Description
This command is used to delete the static or dynamic host name entries of the Switch.
Format delete host_name [<name 255> | all]
Parameters
<name 255> - Enter the hostname used here. This name can be up to 255 characters long.
all - Specifies that all the hostnames will be deleted.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete the static host name entry “www.example.com”:
470
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
DGS-3620-28PC:admin# delete host_name www.example.com
Command: delete host_name www.example.com
Success.
DGS-3620-28PC:admin#
31-7 show host_name
Description
This command is used to display the current host name.
Format show host_name {static | dynamic}
Parameters
static – (Optional) Specifies to display the static host name entries.
dynamic – (Optional) Specifies to display the dynamic host name entries.
Restrictions
None.
Example
To display the static and dynamic host name entries:
DGS-3620-28PC:admin#show host_name
Command: show host_name
Static Host Name Table
Host Name : www.example1.com
IP Address : 20.20.20.20
IPv6 Address : 3000::1
Host Name : www.example2.com
IP Address : 10.10.10.10
IPv6 Address : 1000::1
Host Name : www.example3.com
IP Address : 4.4.4.4
Host Name : www.example4.com
IPv6 Address : 4000::1
Total Static Entries: 4
Dynamic Host Name Table
471
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Total Dynamic Entries: 0
DGS-3620-28PC:admin#
31-8 enable dns_resolver
Description
This command is used to enable the DNS Resolver state of the Switch.
Format enable dns_resolver
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure the DNS Resolver state to enabled:
DGS-3620-28PC:admin# enable dns_resolver
Command: enable dns_resolver
Success.
DGS-3620-28PC:admin#
31-9 disable dns_resolver
Description
This command is used to disable the DNS Resolver state of the Switch.
Format disable dns_resolver
Parameters
None.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
472
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To configure the DNS Resolver state to disabled:
DGS-3620-28PC:admin# disable dns_resolver
Command: disable dns_resolver
Success.
DGS-3620-28PC:admin#
473
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 32 DoS Attack
Prevention Commands
config dos_prevention dos_type [{land_attack | blat_attack | tcp_null_scan | tcp_xmasscan | tcp_synfin | tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack} | all]
{action [drop] | state [enable | disable]}(1)
config dos_prevention log [enable | disable]
config dos_prevention trap [enable | disable]
show dos_prevention {land_attack | blat_attack | tcp_null_scan | tcp_xmasscan | tcp_synfin | tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack}
32-1 config dos_prevention dos_type
Description
This command is used to configure the prevention of each DoS attacks. The packet matching will be done by hardware. For a specific type of attack, the content of the packet will be matched against a specific pattern.
Format config dos_prevention dos_type [{land_attack | blat_attack | tcp_null_scan | tcp_xmasscan
| tcp_synfin | tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack} | all]
{action [drop] | state [enable | disable]}(1)
Parameters
land_attack - (Optional) Specifies that the DoS attack prevention type will be set to prevent
LAND attacks.
blat_attack - (Optional) Specifies that the DoS attack prevention type will be set to prevent BLAT attacks.
tcp_null_scan - (Optional) Specifies that the DoS attack prevention type will be set to prevent
TCP Null Scan attacks.
tcp_xmasscan - (Optional) Specifies that the DoS attack prevention type will be set to prevent
TCP Xmas Scan attacks.
tcp_synfin - (Optional) Specifies that the DoS attack prevention type will be set to prevent TCP
SYN FIN attacks.
tcp_syn_srcport_less_1024 - (Optional) Specifies that the DoS attack prevention type will be set to prevent TCP SYN Source Port Less 1024 attacks.
ping_death_attack - (Optional) Specifies that the DoS attack prevention type will be set to prevent Ping of Death attacks.
tcp_tiny_frag_attack - (Optional) Specifies that the DoS attack prevention type will be set to prevent TCP Tiny Frag attacks.
all - Specifies that the DoS attack prevention type will be set to prevent all attacks.
action - (Optional) Specifies the action that the DoS Prevention function will take.
drop - Specifies to drop all matched DoS attack packets.
state - (Optional) Specifies the DoS Attack Prevention state.
enable - Specifies that the DoS Attack Prevention state will be enabled.
disable - Specifies that the DoS Attack Prevention state will be disabled.
474
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To configure land attack and blat attack prevention, the action is drop:
DGS-3620-28PC:admin#config dos_prevention dos_type land_attack blat_attack action drop state enable
Command: config dos_prevention dos_type land_attack blat_attack action drop state enable
Success.
DGS-3620-28PC:admin#
32-2 config dos_prevention log
Description
This command is used to enable or disable the DoS prevention log state.
Format config dos_prevention log [enable | disable]
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
enable - Specifies to enable the DoS prevention log state.
disable - Specifies to disable the DoS prevention log state.
Example
To enable the DoS prevention log:
DGS-3620-28PC:admin#config dos_prevention log enable
Command: config dos_prevention log enable
Success.
DGS-3620-28PC:admin#
32-3 config dos_prevention trap
Description
This command is used to enable or disable the DoS prevention trap state.
475
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format config dos_prevention trap [enable | disable]
Parameters
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
enable - Specifies to enable the DoS prevention trap state.
disable - Specifies to disable the DoS prevention trap state.
Example
To enable the DoS prevention trap:
DGS-3620-28PC:admin#config dos_prevention trap disable
Command: config dos_prevention trap disable
Success.
DGS-3620-28PC:admin#
32-4 show dos_prevention
Description
This command is used to display DoS prevention information.
Format show dos_prevention {land_attack | blat_attack | tcp_null_scan | tcp_xmasscan | tcp_synfin
| tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack}
Parameters
land_attack - (Optional) Specifies that only DoS LAND attack information will be displayed.
blat_attack - (Optional) Specifies that only DoS BLAT attack information will be displayed.
tcp_null_scan - (Optional) Specifies that only DoS TCP Null Scan attack information will be displayed.
tcp_xmasscan - (Optional) Specifies that only DoS TCP Xmas Scan attack information will be displayed.
tcp_synfin - (Optional) Specifies that only DoS TCP SYN FIN attack information will be displayed.
tcp_syn_srcport_less_1024 - (Optional) Specifies that only DoS TCP SYN Source Port Less than 1024 attack information will be displayed.
ping_death_attack - (Optional) Specifies that only DoS Ping of Death attack information will be displayed.
tcp_tiny_frag_attack - (Optional) Specifies that only DoS TCP Tiny Frag attack information will be displayed.
Restrictions
None.
476
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Example
To display DoS prevention information:
DGS-3620-28PC:admin#show dos_prevention
Command: show dos_prevention
Trap:Disabled Log:Enabled Function Version : 1.01
DoS Type State Action Frame Counts
-------------------------- -------- ---------------- ------------
Land Attack Enabled Drop -
Blat Attack Enabled Drop -
TCP Null Scan Disabled Drop -
TCP Xmas Scan Disabled Drop -
TCP SYNFIN Disabled Drop -
TCP SYN SrcPort Less 1024 Disabled Drop -
Ping of Death Attack Disabled Drop -
TCP Tiny Fragment Attack Disabled Drop -
CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh
To display DoS prevention information of Land Attack:
DGS-3620-28PC:admin#show dos_prevention land_attack
Command: show dos_prevention land_attack
DoS Type : Land Attack
State : Disabled
Action : Drop
Frame Counts : -
DGS-3620-28PC:admin#
To display DoS prevention information of Blat Attack:
DGS-3620-28PC:admin#show dos_prevention blat_attack
Command: show dos_prevention blat_attack
DoS Type : Blat Attack
State : Disabled
Action : Drop
Frame Counts : -
DGS-3620-28PC:admin#
477
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 33 D-Link
Unidirectional Link Detection
(DULD) Commands
config duld ports [<portlist> | all] {state [enable | disable] | mode [shutdown | normal] | discovery_time <sec 5-65535>}
show duld ports {<portlist>}
33-1 config duld ports
Description
The command used to configure unidirectional link detection on ports.
Unidirectional link detection provides discovery mechanism based on 802.3ah to discovery its neighbor. If the OAM discovery can complete in configured discovery time, it concludes the link is bidirectional. Otherwise, it starts detecting task to detect the link status.
Format config duld ports [<portlist> | all] {state [enable | disable] | mode [shutdown | normal] | discovery_time <sec 5-65535>}
Parameters
ports - Specifies a range of ports to be used.
<portlist> - Enter the list of ports used for this configuration here.
all – Specifies that all the ports will be used for this configuration.
state - (Optional) Specifies these ports unidirectional link detection status. The default state is disabled.
enable - Specifies that the unidirectional link detection status will be enabled.
disable - Specifies that the unidirectional link detection status will be disabled.
mode - (Optional) Specifies the mode the unidirectional link detection will be set to.
shutdown - If any unidirectional link is detected, disable the port and log an event.
normal - Only log an event when a unidirectional link is detected.
discovery_time - (Optional) Specifies these ports neighbor discovery time. If the discovery is timeout, the unidirectional link detection will start. The default discovery time is 5 seconds.
<sec 5-65535> - Enter the discovery time value here. This value must be between 5 and
65535.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable unidirectional link detection on port 1:
DGS-3620-28PC:admin# config duld ports 1 state enable
478
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Commands: config duld ports 1 state enable
Success
DGS-3620-28PC:admin#
33-2 show duld ports
Description
This command is used to show unidirectional link detection information.
Format show duld ports {<portlist>}
Parameters
ports - (Optional) Specifies a range of ports to be display.
<portlist> - Enter the list of ports to be displayed here.
If no ports are specified, all the ports will be displayed.
Restrictions
None.
Example
To show ports 1-4 unidirectional link detection information:
DGS-3620-28PC:admin#config duld ports 1:1-1:2,1:4 state enable
Command: config duld ports 1:1-1:2,1:4 state enable
Success.
DGS-3620-28PC:admin#show duld ports 1:1-1:4
Command: show duld ports 1:1-1:4
Port Admin State Oper Status Mode Link Status Discovery Time(Sec)
----- ----------- ----------- -------- -------------- -------------------
1:1 Enabled Disabled Normal Unknown 5
1:2 Enabled Disabled Normal Unknown 5
1:3 Disabled Disabled Normal Unknown 5
1:4 Enabled Disabled Normal Unknown 5
DGS-3620-28PC:admin#
479
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 34 Ethernet Ring
Protection Switching
(ERPS) Commands
enable erps disable erps
create erps raps_vlan <vlanid 1-4094>
delete erps raps_vlan <vlanid 1-4094>
config erps raps_vlan <vlanid 1-4094> [state [enable | disable] | ring_mel <value 0-7> | ring_port
[west [<port> | virtual_channel] | east [<port> | virtual_channel]] | rpl_port [west | east | none] | rpl_owner [enable | disable] | protected_vlan [add | delete] vlanid <vidlist> | sub_ring raps_vlan <vlanid 1-4094> tc_propagation state [enable | disable] | [add | delete] sub_ring raps_vlan <vlanid 1-4094> | revertive [enable | disable] | timer {holdoff_time <millisecond 0-
10000> | guard_time <millisecond 10-2000> | wtr_time <min 5-12>}]
config erps log [enable | disable]
config erps trap [enable | disable]
show erps {raps_vlan <vlanid 1-4094> {sub_ring}}
34-1 enable erps
Description
This command is used to enable the global ERPS function on the Switch. When both the global state and the specified ring ERPS state are enabled, the specified ring will be activated.
The global ERPS function cannot be enabled, when any ERPS ring on the device is enabled and the integrity of any ring parameter is not available. For each ring that has the ring state enabled, the following integrity will be checked when ERPS is enabled:
1. R-APS VLAN is created.
2. The Ring port is a tagged member port of the R-APS VLAN.
3. The RPL port is specified if the RPL owner is enabled.
4. The RPL port is not a virtual channel.
5. The Ring port is the master port if it belongs to a link aggregation group.
The default state is disabled.
Format enable erps
Parameters
None.
480
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To enable ERPS:
DGS-3620-28PC:admin#enable erps
Command: enable erps
Success.
DGS-3620-28PC:admin#
34-2 disable erps
Description
This command is used to disable the ERPS function on the switch.
Format disable erps
Parameters
None. The ERPS is disabled by default.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To disable ERPS:
DGS-3620-28PC:admin#disable erps
Command: disable erps
Success.
DGS-3620-28PC:admin#
34-3 create erps raps_vlan
Description
This command is used to create an R-APS VLAN on the switch. There should be only one R-APS
VLAN used to transfer R-APS messages. Note that the R-APS VLAN must already have been created by the create vlan command.
481
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
Format create erps raps_vlan <vlanid 1-4094>
Parameters
<vlanid 1-4094> - Enter the VLAN which will be the R-APS VLAN.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To create an ERPS RAPS VLAN:
DGS-3620-28PC:admin#create erps raps_vlan 4094
Command: create erps raps_vlan 4094
Success.
DGS-3620-28PC:admin#
34-4 delete erps raps_vlan
Description
This command is used to delete an R-APS VLAN on the switch. When an R-APS VLAN is deleted, all parameters related to this R-APS VLAN will also be deleted. This command can only be issued when ERPS is disabled.
Format delete erps raps_vlan <vlanid 1-4094>
Parameters
<vlanid 1-4094> - Enter the VLAN which will be the R-APS VLAN.
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
To delete an R-APS VLAN:
DGS-3620-28PC:admin#delete erps raps_vlan 4094
Command: delete erps raps_vlan 4094
Success.
DGS-3620-28PC:admin#
482
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
34-5 config erps raps_vlan
Description
This command is used to set the R-APS VLAN parameters. The ring_mel command is used to configure the ring MEL for an R-APS VLAN. The ring MEL is one field in the R-APS PDU. Note that if CFM (Connectivity Fault Management) and ERPS are used at the same time, R-APS PDU is one of a suite of Ethernet OAM PDU. The behavior for forwarding of R-APS PDU should follow the
Ethernet OAM. If the ring MEL is not higher than the highest MEL of the MEPs on the ring ports, the R-APS PDU cannot be forwarded on the ring.
The ring_port command is used to configure the port that participates in the ERPS ring.
Restrictions apply for ports that are included in a link aggregation group. A link aggregation gr