1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Switch
  5. DS-3550
  6. Command line interface reference manual

D-Link DS-3550 Command Line Interface Reference Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
DES-3550

Layer 2 Switch

Command Line Interface Reference Manual
First Edition (February 2004)
651ES3550015
Printed In Taiwan
RECYCLABLE

Advertisement

Table of Contents
loading

Related Manuals for D-Link DS-3550

Summary of Contents for D-Link DS-3550

  • Page 1: Layer 2 Switch

    DES-3550 Layer 2 Switch Command Line Interface Reference Manual First Edition (February 2004) 651ES3550015 Printed In Taiwan RECYCLABLE...

  • Page 2: Wichtige Sicherheitshinweise

    CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING OR OTHER HAZARD. LIMITATION OF LIABILITY IN NO EVENT WILL D-LINK BE LIABLE FOR ANY DAMAGES, INCLUDING LOSS OF DATA, LOSS OF PROFITS, COST OF COVER OR OTHER INCIDENTAL, CONSEQUENTIAL OR INDIRECT DAMAGES ARISING OUT THE INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE OR INTERRUPTION OF A D- LINK PRODUCT, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY.

  • Page 3: Limited Warranty

    Registration Card. If a Registration Card for the product in question has not been returned to a D-Link office, then a proof of purchase (such as a copy of the dated purchase invoice) must be provided when requesting warranty service.
  • Page 4 Hardware. Repaired or replacement Hardware will be warranted for the remainder of the original Warranty Period from the date of original retail purchase. If a material defect is incapable of correction, or if D-Link determines in its sole discretion that it is not practical to repair or replace the defective Hardware, the price paid by the original purchaser for the defective Hardware will be refunded by D-Link upon return to D-Link of the defective Hardware.

  • Page 5: Copyright Statement

    D-Link Offices for Registration and Warranty Service The product's Registration Card, provided at the back of this manual, must be sent to a D-Link office. To obtain an RMA number for warranty service as to a hardware product, or to obtain warranty service as to a software product, contact the D-Link office nearest you. An address/telephone/fax/e-mail/Web site list of D-Link offices is provided in the back of this manual.

  • Page 7: Table Of Contents

    Table of Contents Introduction ...................................... 1 Using the Console CLI..................................4 Command Syntax ..................................... 8 Basic Switch Commands................................10 Switch Port Commands.................................. 21 Port Security Commands................................24 Network Management (SNMP) Commands ..........................27 Switch Utility Commands ................................49 Network Monitoring Commands ..............................53 Spanning Tree Commands ................................
  • Page 8 Single IP Management Commands...............................187 Command History List..................................198 Technical Specifications ................................201...

  • Page 9: Introduction

    NTRODUCTION The Switch can be managed through the Switch’s serial port, Telnet, or the Web-based management agent. The Command Line Interface (CLI) can be used to configure and manage the Switch via the serial port or Telnet interfaces. This manual provides a reference for all of the commands contained in the CLI. Configuration and management of the switch via the Web-based management agent is discussed in the User’s Guide.
  • Page 10 Figure 1-2. Boot Screen The Switch’s MAC address can also be found in the Web management program on the Switch Information (Basic Settings) window on the Configuration menu. The IP address for the switch must be set before it can be managed with the Web-based manager. The Switch IP address can be automatically set using BOOTP or DHCP protocols, in which case the actual address assigned to the switch must be known.
  • Page 11 In the above example, the Switch was assigned an IP address of 10.53.13.144/8 with a subnet mask of 255.0.0.0. The system message Success indicates that the command was executed successfully. The Switch can now be configured and managed via Telnet, SNMP MIB browser and the CLI or via the Web-based management agent using the above IP address to connect to the Switch.

  • Page 12: Using The Console Cli

    SING THE ONSOLE The DES-3550 supports a console management interface that allows the user to connect to the switch’s management agent via a serial port and a terminal or a computer running a terminal emulation program. The console can also be used over the network using the TCP/IP Telnet protocol.
  • Page 13 Commands are entered at the command prompt, DES-3550:4#. There are a number of helpful features included in the CLI. Entering the ? command will display a list of all of the top-level commands. Figure 2-2. The ? Command When you enter a command without its required parameters, the CLI will prompt you with a Next possible completions: message.
  • Page 14 Figure 2-4. Using the Up Arrow to Re-enter a Command In the above example, the command config account was entered without the required parameter <username>, the CLI returned the Next possible completions: <username> prompt. The up arrow cursor control key was pressed to re-enter the previous command (config account) at the command prompt.
  • Page 15 Figure 2-6. Next possible completions: Show Command In the above example, all of the possible next parameters for the show command are displayed. At the next command prompt, the up arrow was used to re-enter the show command, followed by the account parameter. The CLI then displays the user accounts configured on the Switch.

  • Page 16: Command Syntax

    OMMAND YNTAX The following symbols are used to describe how command entries are made and values and arguments are specified in this manual. The online help contained in the CLI and available through the console interface uses the same syntax. Note: All commands are case-sensitive.
  • Page 17 {braces} Description In the above syntax example, you have the option to specify config or detail. It is not necessary to specify either optional value, however the effect of the system reset is dependent on which, if any, value is specified.

  • Page 18: Basic Switch Commands

    ASIC WITCH OMMANDS The basic switch commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters create account [admin|user] <username 15> config account <username 15> show account delete account <username 15> show session show switch show serial_port...
  • Page 19 Example usage: To create an administrator-level user account with the username “dlink”. DES-3550:4#create account admin dlink Command: create account admin dlink Enter a case-sensitive new password:**** Enter the new password again for confirmation:**** Success. DES-3550:4# config account Used to configure user accounts Purpose Syntax config account <username>...
  • Page 20 show account Description Displays all user accounts created on the switch. Up to 8 user accounts can exist on the switch at one time. None. Parameters Only Administrator-level users can issue this command. Restrictions Example usage: To display the accounts that have been created: DES-3550:4#show account Command: show account Current Accounts:...
  • Page 21 show session Syntax show session This command displays a list of all the users that are logged-in at Description the time the command is issued. None Parameters Restrictions None. Example usage: To display the way that the users logged in: DES-3550:4#show session Command: show session ID Login Time...
  • Page 22 System Location : 7th_flr_east_cabinet System Contact : Julius_Erving_212-555-6666 Spanning Tree : Disabled GVRP : Disabled IGMP Snooping : Disabled TELNET : Enabled (TCP 23) : Enabled (TCP 80) RMON : Enabled Asymmetric VLAN : Disabled DES-3550:4# show serial_port Used to display the current serial port settings. Purpose Syntax show serial_port...
  • Page 23 config serial_port 19200, 38400, 115200. never − No time limit on the length of time the console can be open with no user input. 2_minutes − The console will log out the current user if there is no user input for 2 minutes. 5_minutes −...
  • Page 24 DES-3550:4#enable clipaging Command: enable clipaging Success. DES-3550:4# disable clipaging Purpose Used to disable the pausing of the console screen scrolling at the end of each page when the show command displays more than one screen of information. Syntax disable clipaging This command is used to disable the pausing of the console screen Description at the end of each page when the show command would display...
  • Page 25 DES-3550:4#enable telnet 23 Command: enable telnet 23 Success. DES-3550:4# disable telnet Purpose Used to disable the Telnet protocol on the switch. Syntax disable telnet This command is used to disable the Telnet protocol on the switch. Description None. Parameters Only administrator-level users can issue this command. Restrictions Example usage: To disable the Telnet protocol on the switch:...
  • Page 26 DES-3550:4#enable web 80 Command: enable web 80 Success. DES-3550:4# disable web Purpose Used to disable the HTTP-based management software on the switch. Syntax disable web This command disables the Web-based management software on Description the switch. Parameters None. Only administrator-level users can issue this command. Restrictions Example usage: To disable HTTP:...
  • Page 27 DES-3550:4#save Command: save Saving all configurations to NV-RAM... Done. DES-3550:4# reboot Purpose Used to restart the switch. Syntax reboot This command is used to restart the switch. Description None. Parameters Restrictions None. Example usage: To restart the switch: DES-3550:4#reboot Command: reboot Are you sure want to proceed with the system reboot? (y|n) Please wait, the switch is rebooting...
  • Page 28 To restore all of the switch’s parameters to their default values: DES-3550:4#reset config Command: reset config Are you sure to proceed with system reset?(y/n) Success. DES-3550:4# login Purpose Used to log in a user to the switch’s console. Syntax login This command is used to initiate the login procedure.

  • Page 29: Switch Port Commands

    WITCH OMMANDS The switch port commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters config ports [<portlist | all> {speed [auto | 10_half | 10_full |100_half | 100_full | 1000_full} | flow_control [enable | disable] | learning [enable | disable] state [enable | disable]} description <desc 32>...
  • Page 30 To configure the speed of port 3 to be 10 Mbps, full duplex, with learning and state enabled: DES-3550:4#config ports 1-3 speed 10_full learning enabled state enabled Command: config ports 1-3 speed 10_full learning enabled state enabled Success. DES-3550:4# show ports Purpose Used to display the current configuration of a range of ports.
  • Page 31 Example usage: To display the configuration of all ports on a switch, with description: DES-3550:4#show ports description Command: show ports description Port Port Settings Connection Address State Speed/Duplex/FlowCtrl Speed/Duplex/FlowCtrl Learning ------ -------- --------------------- --------------------- -------- Enabled Auto/Disabled Link Down Enabled Description: dads1 Enabled Auto/Disabled Link Down...

  • Page 32: Port Security Commands

    ECURITY OMMANDS The switch port security commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters config port_security [<portlist>| all ] {admin_state [enable| disable] ports |max_learning_addr <max_lock_no 0-10> | lock_address_mode [Permanent | DeleteOnTimeout | DeleteOnReset]} delete port_security vlan_name <vlan_name 32>...
  • Page 33 To configure the port security: DES-3550:4#config port_security ports 1-5 admin_state enable max_learning_addr 5 lock_address_mode DeleteOnReset Command: config port_security ports 1-5 admin_state enable max_learning_addr 5 lock_address_mode DeleteOnReset Success. DES-3550:4# delete port_security_entry Purpose Used to delete a port security entry by MAC address, port number and VLAN ID.
  • Page 34 clear port_security_entry to the port security function. <portlist> − specifies a port or port range the user wishes to clear. Parameters Restrictions Only administrator-level users can issue this command. Example usage: To clear a port security entry by port: DES-3550:4# clear port_security_entry port 6 Command: clear port_security_entry port 6 Success.

  • Page 35: Network Management (Snmp) Commands

    (SNMP) C ETWORK ANAGEMENT OMMANDS The network management commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. The DES-3550 supports the Simple Network Management Protocol (SNMP) versions 1, 2c, and 3. You can specify which version of the SNMP you want to use to monitor and control the switch.
  • Page 36 Command Parameters engineID show snmp engineID create snmp group <groupname 32> {v1 | v2c |v3 [noauth_nopriv | auth_nopriv | auth_priv ]} {read_view <view_name 32> | write_view <view_name 32> | notify_view <view_name 32>} delete snmp group <groupname 32> show snmp groups create snmp host <ipaddr>...
  • Page 37 create snmp user group that is also created by this command. Syntax create snmp user <username 32> <groupname 32> {encrypted [by_password auth [md5 <auth_password 8-16 > | sha <auth_password 8-20 >] priv [none | des <priv_password 8- 16> ]|by_key auth [md5 <auth_key 32-32>| sha <auth_key 40- 40>] priv [none | des <priv_key 32-32>...
  • Page 38 To create an SNMP user on the switch: DES-3550:4#create snmp user dlink default encrypted by_password auth md5 auth_password priv none Command: create snmp user dlink default encrypted by_password auth md5 auth_password priv none Success. DES-3550:4# delete snmp user Used to remove an SNMP user from an SNMP group and also to Purpose delete an entry from the USM User Table Settings Syntax...
  • Page 39 DES-3550:4#show snmp user Command: show snmp user Username Group Name Ver Auth Priv --------------- -------------- ----- -------- ------- initial initial None None Total Entries: 1 DES-3550:4# create snmp view Purpose Used to assign views to community strings to limit which MIB objects and SNMP manager can access.
  • Page 40 delete snmp view Syntax delete snmp view <view_name 32> [all | <oid>] Description The delete snmp view command is used to remove an SNMP view previously created on the switch. <view_name 32> − An alphanumeric string of up to 32 characters Parameters that identifies the SNMP view to be deleted.
  • Page 41 restricted 1.3.6.1.6.3.10.2.1 Included restricted 1.3.6.1.6.3.11.2.1 Included restricted 1.3.6.1.6.3.15.1.1 Included CommunityView Included CommunityView 1.3.6.1.6.3 Excluded CommunityView 1.3.6.1.6.3.1 Included Total Entries: 11 DES-3550:4# create snmp community Purpose Used to create an SNMP community string to define the relationship between the SNMP manager and an agent. The community string acts like a password to permit access to the agent on the switch.
  • Page 42 DES-3550:4#create snmp community dlink view ReadView read_write Command: create snmp community dlink view ReadView read_write Success. delete snmp community Purpose Used to remove a specific SNMP community string from the switch. Syntax delete snmp community <community_string 32> Description The delete snmp community command is used to remove a previously defined SNMP community string from the switch.
  • Page 43 DES-3550:4#show snmp community Command: show snmp community SNMP Community Table Community Name View Name Access Right -------------------------------- -------------------------------- ------------ dlink ReadView read_write private CommunityView read_write public CommunityView read_only Total Entries: 3 DES-3550:4# config snmp engineID Purpose Used to configure a name for the SNMP engine on the switch. Syntax config snmp engineID <snmp_engineID>...
  • Page 44 show snmp engineID Restrictions None. Example usage: To display the current name of the SNMP engine on the switch: DES-3550:4#show snmp engineID Command: show snmp engineID SNMP Engine ID : 0035636666 DES-3550:4# create snmp group Purpose Used to create a new SNMP group, or a table that maps SNMP users to SNMP views.
  • Page 45 create snmp group manager. auth_nopriv − Specifies that authorization will be required, but there will be no encryption of packets sent between the switch and a remote SNMP manager. auth_priv − Specifies that authorization will be required, and that packets sent between the switch and a remote SNMP manger will be encrypted.
  • Page 46 To delete the SNMP group named “sg1”. DES-3550:4#delete snmp group sg1 Command: delete snmp group sg1 Success. DES-3550:4# show snmp groups Purpose Used to display the group-names of SNMP groups currently configured on the switch. The security model, level, and status of each group are also displayed.
  • Page 47 WriteView Name : WriteView Notify View Name : NotifyView Security Model : SNMPv3 Security Level : authPriv Group Name : Group7 ReadView Name : ReadView WriteView Name : WriteView Notify View Name : NotifyView Security Model : SNMPv3 Security Level : authPriv Group Name...
  • Page 48 create snmp host auth_nopriv | auth_priv] <auth_string 32>] Description The create snmp host command creates a recipient of SNMP traps generated by the switch’s SNMP agent. <ipaddr> − The IP address of the remote management station that Parameters will serve as the SNMP host for the switch. v1 –...
  • Page 49 DES-3550:4#create snmp host 10.48.74.100 v3 auth_priv public Command: create snmp host 10.48.74.100 v3 auth_priv public Success. DES-3550:4# delete snmp host Purpose Used to remove a recipient of SNMP traps generated by the switch’s SNMP agent. Syntax delete snmp host <ipaddr> Description The delete snmp host command deletes a recipient of SNMP traps generated by the switch’s SNMP agent.
  • Page 50 DES-3550:4#show snmp host Command: show snmp host SNMP Host Table Host IP Address SNMP Version Community Name/SNMPv3 User Name --------------- --------------------- ------------------------------ 10.48.76.23 private 10.48.74.100 authpriv public Total Entries: 2 DES-3550:4# create trusted_host Purpose Used to create the trusted host. Syntax create trusted_host <ipaddr>...
  • Page 51 show trusted_host the switch using the create trusted_host command above. Parameters <ipaddr> − The IP address of the trusted host. Restrictions none. Example Usage: To display the list of trust hosts: DES-3550:4#show trusted_host Command: show trusted_host Management Stations IP Address ----------------------- 10.53.13.94 Total Entries: 1...
  • Page 52 enable snmp traps Syntax enable snmp traps Description The enable snmp traps command is used to enable SNMP trap support on the switch. Parameters none. Restrictions Only administrator-level users can issue this command. Example usage: To enable SNMP trap support on the switch: DES-3550:4#enable snmp traps Command: enable snmp traps Success.
  • Page 53 show snmp traps currently configured on the Switch. Parameters none. Restrictions Only administrator-level users can issue this command. Example usage: To view the current SNMP trap support: DES-3550:4#show snmp traps Command: show snmp traps SNMP Traps : Enabled Authenticate Traps : Enabled DES-3550:4# disable snmp traps Purpose...
  • Page 54 disable snmp authenticate_traps Parameters none. Restrictions Only administrator-level users can issue this command. Example Usage: To disable the SNMP authentication trap support: DES-3550:4#disable snmp authenticate_traps Command: disable snmp authenticate_traps Success. DES-3550:4# config snmp system_contact Purpose Used to enter the name of a contact person who is responsible for the switch.
  • Page 55 config snmp system_location characters can be used. Parameters <sw_location> - A maximum of 255 characters is allowed. A NULL string is accepted if there is no location desired. Restrictions Only administrator-level users can issue this command. Example usage: To configure the switch location for “ ”: H Q 5 F DES-3550:4#config snmp system_location HQ 5F...
  • Page 56 enable rmon Description This command is used, in conjunction with the disable rmon command below, to enable and disable remote monitoring (RMON) on the switch. Parameters none. Restrictions Only administrator-level users can issue this command. Example Usage: To enable RMON: DES-3550:4#enable rmon Command: enable rmon Success.

  • Page 57: Switch Utility Commands

    WITCH TILITY OMMANDS The download/upload commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters download [ firmware <ipaddr> <path_filename 64> {section_id <int 1-2>} configuration <ipaddr> <path_filename 64> {increment} ] config firmware section_id <value 1-2>...
  • Page 58 To download a configuration file: DES-3550:4#download configuration 10.48.74.121 c:\cfg\setting.txt Command: download configuration 10.48.74.121 c:\cfg\setting.txt Connecting to server....Done. Download configuration..... Done. DES-3550:4# config firmware Purpose Used to configure the firmware section as a boot up section, or to delete the firmware section Syntax config firmware section_id <int 1-2>...
  • Page 59 show firmware information Restrictions None. Example usage: To display the current firmware information on the switch: DES-3550:4#show firmware information Command: show firmware information ID Version Size(B) Update Time From User -------- ------- ------------------- ------------------ --------------- 1 1.00-B00 1360471 00000 days 00:00:00 Serial Port (PROM) Unknown *2 1.00-B02 2052372 00000 days 00:00:56 10.53.13.94...
  • Page 60 To upload a configuration file: DES-3550:4#upload configuration 10.48.74.121 c:\cfg\log.txt Command: upload configuration 10.48.74.121 c:\cfg\log.txt Connecting to server....Done. Upload configuration....Done. DES-3550:4# ping Purpose Used to test the connectivity between network devices. Syntax ping <ipaddr> {times <value 1-255>} {timeout <sec 1-99>} Description The ping command sends Internet Control Message Protocol (ICMP) echo messages to a remote IP address.

  • Page 61: Network Monitoring Commands

    ETWORK ONITORING OMMANDS The network monitoring commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters show packet ports <portlist> show error ports <portlist> show utilitzation [cpu | ports {<portlist>}] clear counters ports <portlist>...
  • Page 62 DES-3550:4#show packet port 2 Port number : 2 Frame Size Frame Counts Frame/sec Frame Type Total Total/sec ------------ ------------ ---------- ---------- ------- --------- 3275 RX Bytes 408973 1657 65-127 RX Frames 128-255 256-511 TX Bytes 7918 512-1023 TX Frames 1024-1518 Unicast RX Multicast RX Broadcast RX 3686...
  • Page 63 show utilization Purpose Used to display real-time port and cpu utilization statistics. Syntax show utilization [cpu | ports {<portlist>}] Description This command will display the real-time port and cpu utilization statistics for the switch. Parameters cpu – Entering this parameter will display the current cpu utilization of the switch.
  • Page 64 To display the current cpu utilization: DES-3550:4#show utilization cpu Command: show utilization cpu CPU utilization : ------------------------------------------------------------------------------- Five seconds - 15% One minute - 25% Five minutes - 14% DES-3550:4# clear counters Purpose Used to clear the switch’s statistics counters. Syntax clear counters {ports <portlist>} Description...
  • Page 65 DES-3550:4#clear log Command: clear log Success. DES-3550:4# show log Purpose Used to display the switch history log. Syntax show log {index <value>} Description This command will display the contents of the switch’s history log. index <value> − This command will display the history log, beginning Parameters at 1 and ending at the value specified by the user in the <value>...
  • Page 66 Example usage: To the syslog function on the switch: DES-3550:4#enable syslog Command: enable syslog Success. DES-3550:4# disable syslog Purpose Used to enable the system log to be sent to a remote host. Syntax disable syslog Description The disable syslog command enables the system log to be sent to a remote host.
  • Page 67 DES-3550:4#show syslog Command: show syslog Syslog Global State: Enabled DES-3550:4# create syslog host Purpose Used to create a new syslog host. Syntax create syslog host <index 1-4> ipaddress <ipaddr> {severity [informational|warning|all]| facility[local0|local1|local2|local3| local4|local5|local6|local7] |udp_port<udp_port_number>| state[enable|disable] Description The create syslog host command is used to create a new syslog host.
  • Page 68 create syslog host facility − Some of the operating system daemons and processes have been assigned Facility values. Processes and daemons that have not been explicitly assigned a Facility may use any of the"local use" facilities or they may use the "user-level" Facility. Those Facilities that have been designated are shown in the following: Bold font indicates the facility values that the switch currently supports.
  • Page 69 create syslog host remote host. This corresponds to number 16 from the list above. local1 − Specifies that local use 1 messages will be sent to the remote host. This corresponds to number 17 from the list above. local2 − Specifies that local use 2 messages will be sent to the remote host.
  • Page 70 config syslog host <index 1-4> − Specifies that the command will be applied to an index of hosts. There are four available indexes, numbered 1 through 4. severity − Severity level indicator. These are described in the following: Bold font indicates that the corresponding severity level is currently supported on the switch.
  • Page 71 config syslog host FTP daemon NTP subsystem log audit log alert clock daemon local use 0 (local0) local use 1 (local1) local use 2 (local2) local use 3 (local3) local use 4 (local4) local use 5 (local5) local use 6 (local6) local use 7 (local7) local0 −...
  • Page 72 DES-3550:4#config syslog host 1 severity all facility local0 Command: config syslog host all severity all facility local0 Success. DES-3550:4# Example usage: To configure a syslog host for all hosts: DES-3550:4#config syslog host all severity all facility local0 Command: config syslog host all severity all facility local0 Success.
  • Page 73 show syslog host <index 1-4> − Specifies that the command will be applied to an index Parameters of hosts. There are four available indexes, numbered 1 through 4. Restrictions None. Example usage: To show Syslog host information: DES-3550:4#show syslog host Command: show syslog host Syslog Global State: Disabled Host Id Host IP Address...

  • Page 74: Spanning Tree Commands

    PANNING OMMANDS The switch supports 802.1d STP and 802.1w Rapid STP. The spanning tree commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters config stp {maxage <value 6-40> | hellotime <value 1-10> | forwarddelay <value 4-30>...
  • Page 75 config stp stp – Selct this parameter for IEEE 802.1d STP and for • IEEE 802.1w STP compatibility mode. rstp - Select this paramter for IEEE 802.1w Rapid STP • mode. txholdcount <1-10> - the maximum number of Hello packets transmitted per interval.
  • Page 76 config stp ports portion of the segment. edge [true | false] – true designates the port as an edge port. Edge ports cannot create loops, however an edge port can lose edge port status if a topology change creates a potential for a loop. An edge port normally should not receive BPDU packets.
  • Page 77 DES-3550:4#enable stp Command: enable stp Success. DES-3550:4# disable stp Purpose Used to globally disable STP on the switch. Syntax disable stp Description This command allows the Spanning Tree Protocol to be globally disabled on the switch. Parameters None. Restrictions Only administrator-level users can issue this command. Example usage: To disable STP on the switch: DES-3550:4#disable stp...
  • Page 78 DES-3550:4#show stp Command: show stp Bridge Parameters Settings STP Status : Enabled Max Age : 20 Hello Time Forward Delay : 15 Priority : 32768 STP Version : RSTP TX Hold Count : 3 Forwarding BPDU : Enabled Designated Root Bridge : 00-00-51-43-70-00 Root Priority : 32768 Cost to Root...
  • Page 79 show stp ports Description This command displays the switch’s current per-port group STP configuration. Parameters <portlist> − Specifies a port or range of ports to be displayed. Restrictions None Example usage: To display STP state of port 1-9 of module 1: DES-3550:4#show stp ports Command: show ports Port Designated Bridge...

  • Page 80: Forwarding Database Commands

    ORWARDING ATABASE OMMANDS The layer 2 forwarding database commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters create fdb <vlan_name 32> <macaddr> port <port> create multicast_fdb <vlan_name 32> <macaddr> config multicast_fdb <vlan_name 32>...
  • Page 81 DES-3550:4#create fdb default 00-00-00-00-01-02 port 5 Command: create fdb default 00-00-00-00-01-02 port 5 Success. DES-3550:4# create multicast_fdb Purpose Used to create a static entry to the multicast MAC address forwarding table (database) Syntax create multicast_fdb <vlan_name 32> <macaddr> Description This command will make an entry into the switch’s multicast MAC address forwarding database.
  • Page 82 config multicast_fdb <portlist> − Specifies a range of ports to be configured. Restrictions Only administrator-level users can issue this command. Example usage: To add multicast MAC forwarding: DES-3550:4#config multicast_fdb default 01-00-00-00-00-01 add Command: config multicast_fdb default 01-00-00-00-00-01 add 1- Success. DES-3550:4# config fdb aging_time Purpose...
  • Page 83 delete fdb Purpose Used to delete an entry to the switch’s forwarding database. Syntax delete fdb <vlan_name 32> <macaddr> Description This command is used to delete a previous entry to the switch’s MAC address forwarding database. Parameters <vlan_name 32> − The name of the VLAN on which the MAC address resides.
  • Page 84 clear fdb through this port. all − Clears all dynamic entries to the switch’s forwarding database. Restrictions Only administrator-level users can issue this command. Example usage: To clear all FDB dynamic entries: DES-3550:4#clear fdb all Command: clear fdb all Success. DES-3550:4# show multicast_fdb Purpose...
  • Page 85 show fdb Purpose Used to display the current unicast MAC address forwarding database. Syntax show fdb {port <port> | vlan <vlan_name 32> | mac_address <macaddr> | static | aging_time} Description This command will display the current contents of the switch’s forwarding database.
  • Page 86 config multicast port_filtering_mode Purpose Used to configure the multicast packet filtering mode on a port per port basis. Syntax config multicast port_filtering_mode [<portlist> | all] [forward_all_groups | forward_unregistered_groups | filter_unregistered_groups] Description This command will configure the multicast packet filtering mode for specified ports on the switch.
  • Page 87 DES-3550:4#show multicast port_filtering_mode Command: show multicast port_filtering_mode Port Multicast Filter Mode ------ --------------------------- forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups forward_unregistered_groups CTRL+C ESC q Quit SPACE n Next Page p Previous Page r Refresh...

  • Page 88: Broadcast Storm Control Commands

    ROADCAST TORM ONTROL OMMANDS The broadcast storm control commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters config traffic control [<storm_grouplist 1-8> | all ] { broadcast [enabled | disabled] | multicast [enabled | disabled] | dlf [enabled | disabled] | threshold <value 0-255>...
  • Page 89 show traffic control Purpose Used to display current traffic control settings. Syntax show traffic control {group_list <storm_grouplist>} Description This command displays the current storm traffic control configuration on the switch. group_list <storm_grouplist> − Used to specify a broadcast storm Parameters control group.

  • Page 90: Qos Commands

    OMMANDS The DES-3550 switch supports 802.1p priority queuing. The switch has 4 priority queues. These priority queues are numbered from 3 (Class 3) — the highest priority queue — to 0 (Class 0) — the lowest priority queue. The eight priority tags specified in IEEE 802.1p (p0 to p7) are mapped to the switch’s priority queues as follows: •...
  • Page 91 config bandwidth_control bandwidth on a by-port basis. Parameters <portlist> − Specifies a port or range of ports to be configured. rx_rate − Specifies that one of the parameters below (no_limit or <value 1-1000>) will be applied to the rate at which the above specified ports will be allowed to receive packets no_limit −...
  • Page 92 To display bandwidth control settings: DES-3550:4#show bandwidth_control 1-10 Command: show bandwidth_control 1-10 Bandwidth Control Table Port RX Rate (Mbit/sec) TX_RATE (Mbit/sec) ---- ------------------------ ---------------------- no_limit no_limit no_limit no_limit no_limit no_limit no_limit no_limit no_limit 1:10 no_limit DES-3550:4# config scheduling Purpose Used to configure the traffic scheduling mechanism for each COS queue.
  • Page 93 config scheduling transmitted 3 packets. The process will then repeat. The max_latency parameter allows you to specify the maximum amount of time that packets are delayed before being transmitted to a given hardware priority queue. A value between 0 and 255 can be specified.
  • Page 94 show scheduling Parameters None. Restrictions None. Example usage: To display the current scheduling configuration: DES-3550:4# show scheduling Command: show scheduling QOS Output Scheduling Class ID MAX. Packets MAX. Latency ------------ ------------------- -------------------- Class-0 Class-1 Class-2 Class-3 DES-3550:4# config 802.1p user_priority Purpose Used to map the 802.1p user priority of an incoming packet to one of the four hardware queues available on the switch.
  • Page 95 config 802.1p user_priority queue). <priority 0-7> − The 802.1p user priority you want to associate with the <class_id 0-3> (the number of the hardware queue) with. <class_id 0-3> − The number of the switch’s hardware priority queue. The switch has four hardware priority queues available. They are numbered between 0 (the lowest priority) and 3 (the highest priority).
  • Page 96 config 802.1p default_priority Purpose Used to configure the 802.1p default priority settings on the switch. If an untagged packet is received by the switch, the priority configured with this command will be written to the packet’s priority field. Syntax config 802.1p default_priority [<portlist> | all] <priority 0-7> Description This command allows you to specify default priority handling of untagged packets received by the switch.
  • Page 97 DES-3550:4# show 802.1p default_priority Command: show 802.1p default_priority Port Priority ------- ----------- CTRL+C ESC q Quit Space n Next Page Enter Next Entry a All...

  • Page 98: Port Mirroring Commands

    IRRORING OMMANDS The port mirroring commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters config mirror port <port> [add | delete] source ports <portlist> [rx | tx | both] enable mirror disable mirror show mirror...
  • Page 99 config mirror port level users can issue this command. Example usage: To add the mirroring ports: DES-3550:4# config mirror port 1 add source ports 2-7 both Command: config mirror port 1 add source ports 2-7 both Success. DES-3550:4# config mirror delete Purpose Used to delete a port mirroring configuration| Syntax...
  • Page 100 enable mirror Purpose Used to enable a previously entered port mirroring configuration. Syntax enable mirror Description This command, combined with the disable mirror command below, allows you to enter a port mirroring configuration into the switch, and then turn the port mirroring on and off without having to modify the port mirroring configuration.
  • Page 101 show mirror Purpose Used to show the current port mirroring configuration on the switch. Syntax show mirror Description This command displays the current port mirroring configuration on the switch. Parameters None Restrictions None. Example usage: To display mirroring configuration: DES-3550:4#show mirror Command: show mirror Current Settings Mirror Status: Enabled...

  • Page 102: Vlan Commands

    VLAN C OMMANDS The VLAN commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters create vlan <vlan_name 32> {tag <vlanid 1-4094> | advertisement} delete vlan <vlan_name 32> config vlan <vlan_name 32>...
  • Page 103 DES-3550:4#create vlan v1 tag 2 Command: create vlan v1 tag 2 Success. DES-3550:4# delete vlan Purpose Used to delete a previously configured VLAN on the switch. Syntax delete vlan <vlan_name 32> Description This command will delete a previously configured VLAN on the switch.
  • Page 104 config vlan delete − Deletes the above specified VLAN from the switch. <portlist> − A port or range of ports to add to the VLAN. advertisement [enable|disable] − Enables or disables GVRP on the specified VLAN. Restrictions Only administrator-level users can issue this command. Example usage: To add 4 through 8 as tagged ports to the VLAN v1: DES-3550:4#config vlan v1 add tagged 4-8...
  • Page 105 To set the ingress checking status, the sending and receiving GVRP information : DES-3550:4#config gvrp 1-4 state enable ingress_checking enable acceptable_frame tagged_only pvid 2 Command: config gvrp 1-4 state enable ingress_checking enable acceptable_frame tagged_only pvid 2 Success. DES-3550:4# enable gvrp Purpose Used to enable GVRP on the switch.
  • Page 106 DES-3550:4#disable gvrp Command: disable gvrp Success. DES-3550:4# show vlan Purpose Used to display the current VLAN configuration on the switch Syntax show vlan {<vlan_name 32>} Description This command displays summary information about each VLAN including the VLAN ID, VLAN name, the Tagging|Untagging status, and the Member|Non-member|Forbidden status of each port that is a member of the VLAN.
  • Page 107 show gvrp status is to be displayed. Restrictions None. Example usage: To display GVRP port status: DES-3550:4#show gvrp Command: show gvrp Global GVRP : Disabled Port PVID GVRP Ingress Checking Acceptable Frame Type ------ ---- -------- ---------------- --------------------------- Disabled Enabled All Frames Disabled Enabled...

  • Page 108: Asymmetric Vlan Commands

    VLAN C SYMMETRIC OMMANDS The asymmetric VLAN commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters enable asymmetric_vlan disable asymmetric_vlan show asymmetric_vlan Each command is listed, in detail, in the following sections. enable asymmetric_vlan Purpose Used to enable the asymmetric VLAN function on the switch.
  • Page 109 DES-3550:4#disable asymmetric_vlan Command: disable asymmetric_vlan Success. DES-3550:4# show asymmetric_vlan Purpose Used to view the asymmetric VLAN state on the switch. Syntax show asymmetric_vlan Description This command displays the asymmetric VLAN state on the switch Parameters None. Restrictions Only administrator-level users can issue this command. Example usage: To display the asymmetric VLAN state cuurently set on the switch: DES-3550:4#show asymmetric_vlan...

  • Page 110: Link Aggregation Commands

    GGREGATION OMMANDS The link aggregation commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters create group_id <value 1-6> {type [lacp | static]} link_aggregation delete group_id <value 1-6> link_aggregation config group_id <value1-6>...
  • Page 111 create link_aggregation Restrictions Only administrator-level users can issue this command. Example usage: To create a link aggregation group: DES-3550:4#create link_aggregation group_id 1 Command: create link_aggregation group_id 1 Success. DES-3550:4# delete link_aggregation group_id Purpose Used to delete a previously configured link aggregation group. Syntax delete link_aggregation group_id <value 1-6>...
  • Page 112 config link_aggregation group _id<value> − Specifies the group id. The switch allows up to 6 Parameters link aggregation groups to be configured. The group number identifies each of the groups. master_port<port> − Master port ID. Specifies which port (by port number) of the link aggregation group will be the master port.
  • Page 113 config link_aggregation algorithm ip_source_dest − Indicates that the switch should examine the IP source address and the destination address. Restrictions Only administrator-level users can issue this command. Example usage: To configure link aggregation algorithm for mac-source-dest: DES-3550:4#config link_aggregation algorithm mac_source_dest Command: config link_aggregation algorithm mac_source_dest Success.
  • Page 114 config lacp_ports Purpose Used to configure settings for LACP compliant ports. Syntax config lacp_ports <portlist> mode [active | passive] Description This command is used to configure ports that have been previously designated as LACP ports (see create link_aggregation). Parameters <portlist> − Specifies a port or range of ports to be configured. mode –...
  • Page 115 To display LACP port mode settings: DES-3550:4#show lacp_port 1-10 Command: show lacp_port 1-10 Port Activity ------ -------- Active Active Active Active Active Active Active Active Active Active DES-3550:4#...

  • Page 116: Basic Ip Commands

    IP C ASIC OMMANDS The IP interface commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters config ipif <ipif_name 12> [{ipaddress <network_address> | vlan <vlan_name 32> |state [enable | disable]} bootp |dhcp] show ipif <ipif_name 12>...
  • Page 117 DES-3550:4#config ipif System ipaddress 10.48.74.122/8 Command: config ipif System ipaddress 10.48.74.122/8 Success. DES-3550:4# show ipif Purpose Used to display the configuration of an IP interface on the switch. Syntax show ipif <ipif_name 12> Description This command will display the configuration of an IP interface on the switch.

  • Page 118: Igmp Snooping Commands

    IGMP S NOOPING OMMANDS The switch port commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters config igmp_snooping [<vlan_name 32> | all] {host_timeout <sec 1-16711450> | router_timeout < sec 1-16711450> | leave_timer < sec 0-16711450>...
  • Page 119 config igmp_snooping seconds. state [enable | disable] − Allows you to enable or disable IGMP snooping for the specified VLAN. Restrictions Only administrator-level users can issue this command. Example usage: To configure the igmp snooping: DES-3550:4#config igmp_snooping default host_timeout 250 state enable Command: config igmp_snooping default host_timeout 250 state enable...
  • Page 120 config igmp_snooping querier • Other querier present interval—Amount of time that must pass before a multicast router decides that there is no longer another multicast router that is the querier. This interval is calculated as follows: (robustness variable x query interval) + (0.5 x query response interval).
  • Page 121 config router_ports <portlist> − Specifies a port or range of ports that will be configured as router ports. Restrictions Only administrator-level users can issue this command. Example usage: To set up static router ports: DES-3550:4#config router_ports default add 1-10 Command: config router_ports default add 1-10 Success.
  • Page 122 disable igmp_snooping traffic to flood within a given IP interface. Parameters forward_mcrouter_only – Adding this parameter to this command will disable forwarding all multicast traffic to a multicast-enabled routers .The switch will then forward all multicast traffic to any IP router.
  • Page 123 DES-3550:4#show igmp_snooping Command: show igmp_snooping IGMP Snooping Global State : Disabled Multicast router Only : Disabled VLAN Name : default Query Interval : 125 Max Response Time : 10 Robustness Value Last Member Query Interval Host Timeout : 260 Route Timeout : 260 Leave Timer Querier State...
  • Page 124 DES-3550:4#show igmp_snooping group Command: show igmp_snooping group VLAN Name : default Multicast group: 224.0.0.2 MAC address : 01-00-5E-00-00-02 Reports Port Member : 2,5 VLAN Name : default Multicast group: 224.0.0.9 MAC address : 01-00-5E-00-00-09 Reports Port Member : 6,8 VLAN Name : default Multicast group: 234.5.6.7 MAC address...
  • Page 125 show router_ports <vlan_name 32> − The name of the VLAN on which the router port Parameters resides. static − Displays router ports that have been statically configured. dynamic − Displays router ports that have been dynamically configured. Restrictions None. Example usage: To display the router ports.
  • Page 126 show igmp_snooping group Purpose Used to display the current IGMP snooping configuration on the switch. Syntax show igmp_snooping group {vlan <vlan_name 32>} Description This command will display the current IGMP setup currently configured on the switch. Parameters <vlan_name 32> − The name of the VLAN for which you want to view IGMP snooping forwarding table information.
  • Page 127 Multicast group: 239.255.255.250 MAC address : 01-00-5E-7F-FF-FA Reports Port Member : 18,20 VLAN Name : default Multicast group: 239.255.255.254 MAC address : 01-00-5E-7F-FF-FE Reports Port Member : 22,24 Total Entries : 6 DES-XXXXS:4#...

  • Page 128: Commands

    802.1X C OMMANDS The DES-3550 implements the server-side of the IEEE 802.1x Port-based Network Access Control. This mechanism is intended to allow only authorized users, or other network devices, access to network resources by establishing criteria for each port on the switch that a user or network device must meet before allowing that port to forward or receive frames. Command Parameters enable 802.1x...
  • Page 129 Example usage: To enable 802.1x switch wide: DES-3550:4#enable 802.1x Command: enable 802.1x Success. DES-3550:4# disable 802.1x Purpose Used to disable the 802.1x server on the switch. Syntax disable 802.1x Description The disable 802.1x command is used to disable the 802.1x Port- based Network Access control server application on the switch.
  • Page 130 show 802.1x auth_configuration by mac address or by port. Authentication Protocol: Radius_Eap − Shows the authentication protocol suite in use between the switch and a Radius server. May read Radius_Eap or Radius_Pap. Port number − Shows the physical port number on the switch. Capability: Authenticator|None −...
  • Page 131 DES-3550:4#show 802.1x auth_configuration ports 1 Command: show 802.1x auth_configuration ports 1 802.1X : Enabled Authentication Mode : Port_based Authentication Protocol : Radius_Eap Port number Capability : None AdminCrlDir : Both OpenCrlDir : Both Port Control : Auto QuietPeriod : 60 TxPeriod : 30 SuppTimeout...
  • Page 132 show 802.1x auth_state Restrictions Only administrator-level users can issue this command. Example usage: To display the 802.1x auth state: DES-3550:4#show 802.1x auth_state Command: show 802.1x auth_state Port Auth PAE State Backend State Port Status ------ ----------------------- --------------------- ----------------- ForceAuth Success Authorized ForceAuth Success...
  • Page 133 config 802.1x capability ports all − Specifies all of the ports on the switch. authenticator − A user must pass the authentication process to gain access to the network. none − The port is not controlled by the 802.1x functions. Restrictions Only administrator-level users can issue this command.
  • Page 134 config 802.1x auth_parameter auto − Allows the port’s status to reflect the outcome of the • authentication process. force_unauth − Forces the Authenticator for the port to • become unauthorized. Network access will be blocked. quiet_period <sec 0-65535> − Configures the time interval between authentication failure and the start of a new authentication attempt.
  • Page 135 config 802.1x init addresses operating from a specified range of ports. Parameters port_based – This instructs the switch to initialize 802.1x functions based only on the port number. Ports approved for initialization can then be specified. mac_based ports − This instructs the switch to initialize 802.1x functions based only on the MAC address.
  • Page 136 DES-3550:4#config 802.1x auth_mode mac_based Command: config 802.1x auth_mode mac_based Success. DES-3550:4# config 802.1x reauth Purpose Used to configure the 802.1x re-authentication feature of the switch. Syntax config 802.1x reauth {port_based ports [ <portlist> | all] | mac_based [ports] [<portlist> | all ] {mac_address <macaddr>}] Description The config 802.1x reauth command is used to re-authenticate a previously authenticated device based on port number.
  • Page 137 config radius add Description The config radius add command is used to configure the settings the switch will use to communicate with a RADIUS server. <server_index 1-3> − Assigns a number to the current set of Parameters RADIUS server settings. Up to 3 groups of RADIUS server settings can be entered on the switch.
  • Page 138 DES-3550:4#config radius delete 1 Command: config radius delete 1 Success. DES-3550:4# config radius Purpose Used to configure the switch’s RADIUS settings. Syntax config radius <server_index 1-3> {ipaddress <server_ip> | key <passwd 32> | auth_port <udp_port_number 1-65535> | acct_port <udp_port_number 1-65535>} Description The config radius command is used to configure the switch’s Radius settings.
  • Page 139 DES-3550:4#config radius 1 10.48.74.121 key dlink default Command: config radius 1 10.48.74.121 key dlink default Success. DES-3550:4# show radius Purpose Used to display the current RADIUS configurations on the switch. Syntax show radius Description The show radius command is used to display the current RADIUS configurations on the switch.

  • Page 140: Access Control List (Acl) Commands

    (ACL) C CCESS ONTROL OMMANDS The DES-3550 implements Access Control Lists that enable the switch to deny network access to specific devices or device groups based on IP settings or MAC address. Command Parameters create [ ethernet{ vlan | source_mac <macmask> | destination_mac <macmask>...
  • Page 141 Creating an access profile is divided into two basic parts. First, an access profile must be created using the create access_profile command. For example, if you want to deny all traffic to the subnet 10.42.73.0 to 10.42.73.255, you must first create an access profile that instructs the switch to examine all of the relevant fields of each frame: create access_profile ip source_ip_mask 255.255.255.0 profile_id 1 Here we have created an access profile that will examine the IP field of each frame received by the switch.
  • Page 142 create access_profile the config access_profile command, below. ethernet − Specifies that the switch will examine the layer 2 part of Parameters each packet header. vlan − Specifies that the switch will examine the VLAN part of • each packet header. source_mac <macmask>...
  • Page 143 create access_profile flag_mask [ all | {urg | ack | psh | rst | syn | fin}] – Enter the • appropriate flag_mask parameter. All incoming packets have TCP port numbers contained in them as the forwarding criterion. These numbers have flag bits asscociated with them which are parts of a packet that determine what to do with the packet.
  • Page 144 DES-3550:4#create access_profile ip vlan source_ip_mask 20.0.0.0 destination_ip_mask 10.0.0.0 dscp icmp type code permit profile_id 101 Command: create access_profile ip vlan source_ip_mask 20.0.0.0 destination_ip_mask 10.0.0.0 dscp icmp type code permit profile_id 101 Success. DES-3550:4# delete access_profile Purpose Used to delete a previously created access profile. Syntax delete access_profile [profile_id <value 1-255>] Description...
  • Page 145 config access_profile syn | fin}]} | udp {src_port <value 0-65535> | dst_port <value 0-65535>} | protocol_id <value 0 - 255> {user_define <hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0- 0xffffffff><hex0x0-0xffffffff>}]} | packet_content_mask {offset_0- 15 <hex0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff> | offset_16-31 <hex 0x0-0xffffffff><hex 0x0- 0xffffffff><hex 0x0-0xffffffff><hex 0x0-0xffffffff>...
  • Page 146 config access_profile profile will apply to only packets with this destination IP address. dscp <value 0-63> − Specifies that the access profile will apply • only to packets that have this value in their Type-of-Service (DiffServ code point, DSCP) field in their IP packet header. priority <value 0-7>...
  • Page 147 config access_profile Datagram Protocol (UDP) field in each packet. src_port <value 0-65535> − Specifies that the access profile • will apply only to packets that have this UDP source port in their header. dst_port <value 0-65535> − Specifies that the access profile •...
  • Page 148 Example usage: To configure the access profile with the profile ID of 1 to filter frames that have IP addresses in the range between 10.42.73.0 to 10.42.73.255: DES-3550:4# config access_profile profile_id 2 add access_id 1 ip source_ip 10.42.73.1 deny Command: config access_profile profile_id 1 add access_id 1 ip source_ip 10.42.73.1 deny Success.
  • Page 149 Ports : All Masks : Source IP Addr --------------- 255.0.0.0 ID Mode --- ------ --------------- Access Profile ID : 247 Type : Ethernet Frame Filter Ports : All Masks : 802.1p ------ ID Mode --- ------ ------ Access Profile ID : 248 Type : Ethernet Frame Filter Ports...
  • Page 150 ID Mode --- ------ ---------------- Access Profile ID : 251 Type : Ethernet Frame Filter Ports : All Masks : VLAN ---------------- ID Mode --- ------ ---------------- Access Profile ID : 252 Type : Ethernet Frame Filter Ports : All Masks : VLAN ----------------...

  • Page 151: Traffic Segmentation Commands

    RAFFIC EGMENTATION OMMANDS Traffic segmentation allows you to further sub-divide VLANs into smaller groups of ports that will help to reduce traffic on the VLAN. The VLAN rules take precedence, and then the traffic segmentation rules are applied. Command Parameters config [<portlist>] forward_list [null | <portlist>] traffic_segmentation...
  • Page 152 show traffic_segmentation Syntax show traffic_segmentation <portlist> Description The show traffic_segmentation command is used to display the current traffic segmentation configuration on the switch. <portlist> − Specifies a port or range of ports for which the current Parameters traffic segmentation configuration on the switch will be displayed. Restrictions The port lists for segmentation and the forward list must be on the same switch.

  • Page 153: Time And Sntp Commands

    SNTP C IME AND OMMANDS The Simple Network Time Protocol (SNTP) (an adaptation of the Network Time Protocol (NPT)) commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters {primary <ipaddr> | secondary <ipaddr> | poll-interval <int 30- config sntp 99999>} show sntp...
  • Page 154 config sntp Restrictions Only administrator-level users can issue this command. SNTP service must be enabled for this command to function (enable sntp). Example usage: To configure SNTP settings: DES-3550:4#config sntp primary 10.1.1.1 secondary 10.1.1.2 poll-interval 30 Command: config sntp primary 10.1.1.1 secondary 10.1.1.2 poll-interval 30 Success.
  • Page 155 enable sntp will override any manually configured system time settings. Parameters None. Restrictions Only administrator-level users can issue this command. SNTP settings must be configured for SNTP to function (config sntp). Example usage: To enable the SNTP function: DES-3550:4#enable sntp Command: enable sntp Success.
  • Page 156 config time month, and four numerical characters for the year. For example: 03aug2003. time – Express the system time using the format hh:mm:ss, that is, two numerical characters each for the hour using a 24-hour clock, the minute and second. For example: 19:42:30. Restrictions Only administrator-level users can issue this command.
  • Page 157 config dst Purpose Used to enable and configure time adjustments to allow for the use of Daylight Savings Time (DST). config dst [disable | repeating {s_week <start_week 1-4,last> | Syntax s_day <start_day sun-sat> | s_mth <start_mth 1-12> | s_time start_time hh:mm> | e_week <end_week 1-4,last> | e_day <end_day sun-sat>...
  • Page 158 config dst e-mth - Configure the month in which DST ends. <end_mth 1-12> - The month to end DST expressed as a number. s-time – Configure the time of day to begin DST. Time is expressed using a 24-hour clock. e-time - Configure the time of day to end DST.
  • Page 159 DES-3550:4#show time Command: show time Current Time Source : System Clock Current Time : 2 Days 01:43:41 Time Zone : GMT +02:30 Daylight Saving Time : Repeating Offset in Minutes : 30 Repeating From : Apr 2nd Tue 15:00 : Oct 2nd Wed 15:30 Annual From : 29 Apr 00:00...

  • Page 160: Arp Commands

    ARP C OMMANDS The ARP commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters create arpentry <ipaddr> <macaddr> config arpentry <ipaddr> <macaddr> delete arpentry {[<ipaddr> | all]} show arpentry {ipif <ipif_name 12>...
  • Page 161 config arpentry address of an entry in the switch’s ARP table. Parameters <ipaddr> − The IP address of the end node or station. <macaddr> − The MAC address corresponding to the IP address above. Restrictions Only administrator-level users can issue this command. Example Usage: To configure a static arp entry for the IP address 10.48.74.12 and MAC address 00:50:BA:00:07:36: DES-3550:4#config arpentry 10.48.74.12 00-50-BA-00-07-36...
  • Page 162 config arp_aging time Syntax config arp_aging time <value 0-65535> Description This command sets the maximum amount of time, in minutes, that an ARP entry can remain in the switch’s ARP table, without being accessed, before it is dropped from the table. Parameters time <value>...
  • Page 163 System 10.0.0.0 FF-FF-FF-FF-FF-FF Local/Broadcast System 10.1.1.169 00-50-BA-70-E4-4E Dynamic System 10.1.1.254 00-01-30-FA-5F-00 Dynamic System 10.9.68.1 00-A0-C9-A4-22-5B Dynamic System 10.9.68.4 00-80-C8-2E-C7-45 Dynamic System 10.10.27.51 00-80-C8-48-DF-AB Dynamic System 10.11.22.145 00-80-C8-93-05-6B Dynamic System 10.11.94.10 00-10-83-F9-37-6E Dynamic System 10.14.82.24 00-50-BA-90-37-10 Dynamic System 10.15.1.60 00-80-C8-17-42-55 Dynamic System 10.17.42.153 00-80-C8-4D-4E-0A...

  • Page 164: Routing Table Commands

    OUTING ABLE OMMANDS The routing table commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters create iproute default <ipaddr> {<metric 1-65535>} delete iproute default show iproute {<network_address>} {static} Each command is listed, in detail, in the following sections. create iproute default Purpose Used to create IP route entries to the switch’s IP...
  • Page 165 delete iproute default Description This command will delete an existing default entry from the switch’s IP routing table. Parameters none Restrictions Only administrator-level users can issue this command. Example usage: To delete the default IP route 10.53.13.254: DES-3550:4#delete iproute default 10.53.13.254 Command: delete iproute default 10.53.13.254 Success.

  • Page 166: Mac Notification Commands

    MAC N OTIFICATION OMMANDS The MAC Notification Commands in the Command Line Interface (CLI) are listed, in the following table, along with their appropriate parameters. Command Parameters enable mac_notification disable mac_notification config mac_notification {interval <int 1-2147483647> | historysize <int 1-500> config mac_notification [<portlist>...
  • Page 167 disable mac_notification Parameters None. Restrictions Only administrator-level users can issue this command. Example Usage: To disable MAC notification without changing basic configuration: DES-3550:4#disable mac_notification Command: disable mac_notification Success. DES-3550:4# config mac_notification Purpose Used to configure MAC address notification. Syntax config mac_notification {interval <int 1-2147483647> | historysize <int 1-500>...
  • Page 168 config mac_notification ports Description MAC address notificiation is used to monitor MAC addresses learned and entered into the FDB. Parameters <portlist> Specify a port or range of ports to be configured. all – Entering this command will set all ports on the system. enable / disable –...
  • Page 169 show mac_notification ports Purpose Used to display the switch’s MAC address table notification status settings Syntax show mac_notification ports <portlist> Description This command is used to display the switch’s MAC address table notification status settings. Parameters <portlist> - Specify a port or group of ports to be viewed. Entering this command without the parameter will display the MAC notification table for all ports.

  • Page 170: Access Authentication Control Commands

    CCESS UTHENTICATION ONTROL OMMANDS The TACACS / XTACACS / TACACS+ commands let you secure access to the switch using the TACACS / XTACACS / TACACS+ protocols. When a user logs in to the switch or tries to access the administrator level privelege, he or she is prompted for a password.
  • Page 171 Command Parameters enable authen_policy disable authen_policy show authen_policy create authen_login <string 15> method_list_name config authen_login [default | method_list_name <string 15>] method {tacacs | xtacacs | tacacs+ | server_group <string 15> | local | none} delete authen_login <string 15> method_list_name show authen_login {default | method_list_name <string 15>...
  • Page 172 enable authen_policy Purpose Used to enable system access authentication policy. Syntax enable authen_policy Description This command will enable an administrator-defined authentication policy for users trying to access the switch. When enabled, the device will check the method list and choose a technique for user authentication upon login.
  • Page 173 show authen_policy Purpose Used to display the system access authentication policy status on the switch. Syntax show authen_policy Description This command will show the current status of the access authentication policy on the switch Parameters None. Restrictions None. Example usage: To display the system access authentication policy: DES-3550:4#show authen_policy Command: show authen_policy...
  • Page 174 config authen_login Purpose Used to configure a user-defined or default method list of authentication methods for user login. Syntax config authen_login [default | method_list_name <string 15>] method {tacacs | xtacacs | tacacs+ | server_group <string 15> | local | none} Description This command will configure a user-defined or default method list of authentication methods for users logging on to the switch.
  • Page 175 config authen_login name defined by the user. The user may add one, or a combination of up to four (4) of the following authentication methods to this method list: tacacs – Adding this parameter will require the user to be authenticated using the tacacs protocol from a remote tacacs server.
  • Page 176 DES-3550:4#config authen_login default method xtacacs tacacs+ local Command: config authen_login default method xtacacs tacacs+ local Success. DES-3550:4# delete authen_login method_list_name Purpose Used to delete a previously configured user defined method list of authentication methods for users logging on to the switch. Syntax delete authen_login method_list_name <string 15>...
  • Page 177 show authen_login methods currewntly configured on the switch. The window will display the following parameters: Method List Name – The name of a previously configured method list name. Priority – Defines which order the method list protocols will be queried for authentication when a user attempts to log on to the switch.
  • Page 178 create authen_enable method_list_name to gain administrator privileges on the switch, which is defined by the Administrator. A maximum of eight (8) enable method lists can be implemented on the switch. Parameters <string 15> Enter an alphanumeric string of up to 15 characters to define the given enable method list the user wishes to create.
  • Page 179 config authen_enable tacacs – Adding this parameter will require the user to be authenticated using the tacacs protocol from the remote tacacs server hosts of the tacacs server group list. xtacacs – Adding this parameter will require the user to be authenticated using the xtacacs protocol from the remote xtacacs server hosts of the xtacacs server group list.
  • Page 180 DES-3550:4#config authen_enable method_list_name Trinity method tacacs xtacacs local Command: config authen_enable method_list_name Trinity method tacacs xtacacs local Success. DES-3550:4# Example usage: To configure the default method list with authentication methods xtacacs, tacacs+ and local, in that order: DES-3550:4#config authen_enable default method xtacacs tacacs+ local Command: config authen_enable default method xtacacs tacacs+ local...
  • Page 181 show authen_enable Purpose Used to display the method list of authentication methods for promoting normal user level priveledges to Administrator level priveledges on the switch. Syntax show authen_enable [default | method_list_name <string 15> | all] Description This command is used to delete a user-defined method list of authentication methods for promoting user level privileges to Adminstrator level privileges.
  • Page 182 DES-3550:4#show authen_enable all Command: show authen_enable all Method List Name Priority Method Name Comment ---------------- -------- --------------- ------------------ Permit tacacs+ Built-in Group tacacs Built-in Group Darren User-defined Group local Keyword default tacacs+ Built-in Group local Keyword Total Entries : 2 DES-3550:4# config authen application Purpose...
  • Page 183 config authen application authentication using the default method list. method_list_name <string 15> - Use this parameter to configure an application for user authentication using a prevoisly configured method list. Enter a alphanumeric string of up to 15 characters to define a previously configured method list. Restrictions Only administrator-level users can issue this command.
  • Page 184 create authen server_host Purpose Used to create an authentication server host. Syntax create authen server_host <ipaddr> protocol [tacacs | xtacacs | tacacs+] {port <int 1-65535> | key [<key_string 254> | none] | timeout <int 1-255> | retransmit < 1-255>} Description This command will create an authentication server host for the tacacs/xtacacs/tacacs+ security protocols on the switch.
  • Page 185 DES-3550:4#create authen server_host 10.1.1.121 protocol tacacs+ port 1234 timeout 10 retransmit 5 Command: create authen server_host 10.1.1.121 protocol tacacs+ port 1234 timeout 10 retransmit 5 Success. DES-3550:4# config authen server_host Purpose Used to configure a user-defined authentication server host. Syntax create authen server_host <ipaddr>...
  • Page 186 config authen server_host change how many times the device will resend an authentication request when the TACACS server does not respond. This field is inoperable for the tacacs+ protocol. Restrictions Only administrator-level users can issue this command. Example usage: To configure a TACACS+ authentication server host, with port number 4321, a timeout value of 12 seconds and a retransmit count of 4.
  • Page 187 DES-3550:4#delete authen server_host 10.1.1.121 protocol tacacs+ Command: delete authen server_host 10.1.1.121 protocol tacacs+ Success. DES-3550:4# show authen server_host Purpose Used to view a user-defined authentication server host. Syntax show authen server_host Description This command is used to view user-defined authentication server hosts previously created on the switch.
  • Page 188 DES-3550:4#show authen server_host Command: show authen server_host IP Address Protocol Port Timeout Retransmit Key --------------- -------- ----- ------- --------------- -------- 10.53.13.94 TACACS No Use Total Entries : 1 DES-3550:4# create authen server_group Purpose Used to create a user-defined authentication server group. Syntax create authen server_group <string 15>...
  • Page 189 config authen server_group authentication server hosts may be added to any particular group Parameters server_group - The user may define the group by protocol groups built into the switch(tacacs/xtacacs/tacacs+), or by a user-defined group previously created using the create authen server_group command.
  • Page 190 delete authen server_group Purpose Used to delete a user-defined authentication server group. Syntax delete authen server_group <string 15> Description This command will delete an authentication server group. Parameters <string 15> Enter an alphanumeric string of up to 15 characters to define the previously created server group the user wishes to delete.
  • Page 191 DES-3550:4#show authen server_group Command: show authen server_group Group Name IP Address Protocol --------------- --------------- -------- Darren 10.53.13.2 TACACS tacacs 10.53.13.94 TACACS tacacs+ (This group has no entry) xtacacs (This group has no entry) Total Entries : 4 DES-3550:4# config authen parameter response_timeout Purpose Used to configure the amount of time the switch will wait for a user to enter authentication before timing out.
  • Page 192 config authen parameter attempt authenticated after the set amount of attempts will be denied access to the switch and will be locked out of further authentication attempts. Command line interface users will have to wait 60 seconds before another authentication attempt. Telnet users will be disconnected from the switch.
  • Page 193 DES-3550:4#show authen parameter Command: show authen parameter Response timeout: 60 seconds User attempts DES-3550:4# enable admin Purpose Used to promote user level privileges to administrator level privileges Syntax enable admin Description This command is for users who have logged on to the switch on the normal user level, to become promoted to the administrator level.
  • Page 194 config admin local_enable Parameters <password 15> - After entering this command, the user will be prompted to enter the old password, then a new password in an alphanumeric string of no more than 15 characters, and finally prompted to enter the new password again to confirm. See the example below.
  • Page 195 IP M INGLE ANAGEMENT OMMANDS Simply put, Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. Switches using Single IP Management(labeled here as SIM) must conform to the following rules: SIM is an optional feature on the switch and can easily be enabled or disabled.
  • Page 196 6. The CaS can be configured through the CS to become a MS. After configuring one switch to operate as the CS of a SIM group, additional DES-3550 switches may join the group by either an automatic method or by manually configuring the switch to be a MS. The CS will then serve as the in band entry point for access to the MS.
  • Page 197 DES-3550:4#enable sim Command: enable sim Success. DES-3550:4# disable sim Purpose Used to disable Single IP Management(SIM) on the switch Syntax disable sim Description This command will disable SIM globally on the switch.. Parameters None. Restrictions Only administrator-level users can issue this command. Example usage: To disable SIM on the switch: DES-3550:4#disable sim...
  • Page 198 show sim (L3). Platform – Switch Description including name and model number. SIM State –Displays the current Single IP Management State of the switch, whether it be enabled or disabled. Role State – Displays the current role the switch is taking, including Commander, Member or Candidate.
  • Page 199 Platform : DES-3550 Fast-Ethernet Switch SIM State : Enabled Role State : Commander Discovery Interval : 60 sec Hold Time : 180 sec DES-3550:4# To show the candidate information in summary, if the candidate id is specified: DES-3550:4#show sim candidate Command: show sim candidate ID MAC Address Platform /...
  • Page 200 ID MAC Address Platform / Hold Firmware Device Name Capability Time Version --- ----------------- ------------------------ ----- --------- ---------------- *1 00-01-02-03-04-00 DES-3550 L2 Switch 1.00-B06 Trinity 2 00-55-55-00-55-00 DES-3550 L2 Switch 1.00-B06 default master SIM Group Name : SIM2 ID MAC Address Platform / Hold Firmware...
  • Page 201 reconfig switch the user desires to configure. exit – This command is used to exit from managing the member switch and will return to managing the commander switch. Restrictions Only administrator-level users can issue this command. Example usage: To connect to the MS, with member id 2, through the CS, using the command line interface: DES-3550:4#reconfig member_id 2 Command: reconfig member_id 2 DES-3550:4#...
  • Page 202 config sim hold time – Using this parameter, the user may set the time, in seconds, the switch will hold information sent to it from other switches, utilizing the discovery interval protocol. The user amy set the hold time from 1 to 180 seconds. Restrictions Only administrator-level users can issue this command.
  • Page 203 DES-3550:4# config sim commander group_name Trinity Command: config sim commander group_name Trinity Success. DES-3550:4# download sim_ms Purpose Used to download firmware or configuration file to an indicated device. Syntax download sim_ms [ firmware | configuration] <ipaddr> <path_filename 64> {members <mslist> | all} Description This command will download a firmware file or configuration file to a specified device from a TFTP server.
  • Page 204 Download Status : MAC Address Result ----------------- ---------------- 00-01-02-03-04-00 Success 00-07-06-05-04-03 Success 3 00-07-06-05-04-03 Success DES-3550:4# To download configuration files: DES-3550:4# download sim_ms configuration 10.53.13.94 c:/des3550.txt members all Command: download sim_ms firmware 10.53.13.94 c:/des35250.txt members all This device is updating configuation. Please wait... Download Status : MAC Address Result...
  • Page 205 Example usage: To upload configuration files to a TFTP server: DES-3550:4# upload sim_ms configuration 10.55.47.1 D:\configuration.txt 1 Command: upload sim_ms configuration 10.55.47.1 D:\configuration.txt 1 Success. DES-3550:4#...
  • Page 206 OMMAND ISTORY The switch history commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table. Command Parameters config <value 1-40> command_history show command_history Each command is listed, in detail, in the following sections. Purpose Used to display all commands in the Command Line Interface (CLI).
  • Page 207 config 802.1x reauth config access_profile profile_id config account config admin local_enable config arp_aging time config arpentry config authen application CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All Purpose Used to display all commands in the Command Line Interface (CLI). Syntax Description This command will display all of the commands available through the...
  • Page 208 config arpentry config authen application CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All config command_history Purpose Used to configure the command history. Syntax config command_history <value 1-40> Description This command is used to configure the command history. <value 1-40>...

  • Page 209: Physical And Environmental

    ECHNICAL PECIFICATIONS Physical and Environmental AC input & 100 - 240 VAC, 50-60 Hz (internal universal power supply) External Redundant power supply – will take over when internal power supply Redundant fails. power Supply: Power 90 watts maximum Consumption: DC fans: 2 built-in 40 x 40 x10 mm fans Operating 0 to 40 degrees Celsius...
  • Page 210 General 2000Mbps SFP (Mini GBIC) Support Fiber Optic IEEE 802.3z 1000BASE-LX (DEM-310GT transceiver) IEEE 802.3z 1000BASE-SX (DEM-311GT transceiver) IEEE 802.3z 1000BASE-LH (DEM-314GT transceiver) IEEE 802.3z 1000BASE-ZX (DEM-315GT transceiver) Network Cables: UTP Cat.5, Cat.5 Enhanced for 1000Mbps 10BASE-T: UTP Cat.5 for 100Mbps UTP Cat.3, 4, 5 for 10Mbps EIA/TIA-568 100-ohm screened twisted-pair (STP)(100m) 100BASE-TX:...

Table of Contents