Who Should Use This Book This book is intended for network installers and system administrators engaged in configuring and maintaining a network. The administrator should be familiar with Ethernet concepts, IP addressing, Spanning Tree Protocol, and SNMP configuration parameters. G8264CS Command Reference for ENOS 8.4...
Typographic Conventions The following table describes the typographic styles used in this book. Table 1. Typographic Conventions Typeface or Symbol Meaning plain fixedwidth This type is used for names of commands, files, and text directories used within the text. For example: View the readme.txt file. It also depicts on‐screen computer output and prompts. bold fixedwidth This bold type appears in command examples. It shows text text that must be typed in exactly as shown. For example: show sysinfo bold body text This bold type indicates objects such as window names, dialog box names, and icons, as well as user interface objects such as buttons, and tabs. italicized body text This italicized type indicates book titles, special terms, or words to be emphasized. angle brackets < > Indicate a variable to enter based on the description inside the brackets. Do not type the brackets when entering the command. Example: If the command syntax is ping <IP address> you enter ping 192.32.10.12 braces {} Indicate required elements in syntax descriptions where there is more than one option. You must choose only one of the options. Do not type the braces when entering the ...
ISCLI Command Modes The ISCLI has three major command modes listed in order of increasing privileges, as follows: User EXEC mode This is the initial mode of access. By default, password checking is disabled for this mode, on console. Privileged EXEC mode This mode is accessed from User EXEC mode. This mode can be accessed using the following command: enable Global Configuration mode This mode allows you to make changes to the running configuration. If you save the configuration, the settings survive a reload of the G8264CS. Several sub‐modes can be accessed from the Global Configuration mode. For more details, see Table 2. This mode can be accessed using the following command: configure terminal Each mode provides a specific set of commands. The command set of a higher‐privilege mode is a superset of a lower‐privilege mode—all lower‐privilege mode commands are accessible when using a higher‐privilege mode. The following table lists the ISCLI command modes. Table 2. ISCLI Command Modes Command Mode/Prompt Command used to enter or exit User EXEC Default mode, entered automatically on console RS G8264CS> Exit: exit or logout Privileged EXEC Enter Privileged EXEC mode, from User EXEC mode:...
Page 24
Table 2. ISCLI Command Modes (continued) Command Mode/Prompt Command used to enter or exit Router RIP Enter RIP Configuration mode, from Global Configuration mode: RS G8264CS(configrouterrip)# router rip Exit to Global Configuration mode: exit Exit to Privileged EXEC mode: end Route Map Enter Route Map Configuration mode, from Global Configuration mode: RS G8264CS(configroutemap)# routemap <1‐64> Exit to Global Configuration mode: exit Exit to Privileged EXEC mode: end Router VRRP Enter VRRP Configuration mode, from Global Configuration mode: RS G8264CS(configvrrp)# router vrrp Exit to Global Configuration mode: exit Exit to Privileged EXEC mode: end PIM Component Enter Protocol Independent Multicast (PIM) Component Configuration mode, from Global Configuration mode: RS G8264CS(configippimcomp)# ip pim component <1‐2>...
Global Commands Some basic commands are recognized throughout the ISCLI command modes. These commands are useful for obtaining online help, navigating through the interface, and for saving configuration changes. For help on a specific command, type the command, followed by help. Table 3. Description of Global Commands Command Action Provides more information about a specific command or lists commands available at the current level. list Lists the commands available at the current level. exit Go up one level in the command mode structure. If already at the top level, exit from the command line interface and log out. copy runningconfig Write configuration changes to non‐volatile flash startupconfig memory. logout Exit from the command line interface and log out. traceroute Use this command to identify the route used for station‐to‐station connectivity across the network. The format is as follows: traceroute [{<hostname>|<IP address>} [<max‐hops (1‐32)> [<msec‐delay (1‐4294967295)>]][dataport|mgtport]] Where: hostname/IP address: Sets the hostname or IP address of the target station. maxhops: Sets the maximum distance to trace. msecdelay: Sets the number of milliseconds ...
Page 28
Table 3. Description of Global Commands Command Action telnet This command is used to form a Telnet session between the switch and another network device. The format is as follows: telnet [{<hostname>|<IP address>} [<service port (1‐65535)>][dataport|mgtport]] Where: hostname/IP address: Sets the target station. port: Sets the logical Telnet port or service number. By default, the management port is used. To use a specific port, use the following options: data port: dataport management port: mgtport Note: The DNS parameters must be configured if specifying hostnames. show history This command displays the last ten issued commands. show who Displays a list of users who are currently logged in. show line Displays a list of users who are currently logged in, in table format. G8264CS Command Reference for ENOS 8.4...
User Access Levels To enable better switch management and user accountability, three levels or classes of user access have been implemented on the G8264CS. Levels of access to CLI, Web management functions, and screens increase as needed to perform various switch management tasks. Conceptually, access classes are defined as follows: user Interaction with the switch is completely passive—nothing can be changed on the G8264CS. Users may display information that has no security or privacy implications, such as switch statistics and current operational state information. oper Operators can make temporary changes on the G8264CS. These changes are lost when the switch is rebooted. Operators have access to the switch management features used for daily switch operations. Because any changes an operator makes are undone by a reboot of the switch, operators cannot severely impact switch operation. admin Administrators are the only ones that may make permanent changes to the switch configuration—changes that are persistent across a reboot of the switch. Administrators can access switch functions to configure and troubleshoot problems on the G8264CS. Because administrators can also make temporary (operator‐level) changes as well, they must be aware of the interactions between temporary and permanent changes. Access to switch functions is controlled through the use of unique surnames and passwords. Once you are connected to the switch via local Telnet, remote Telnet, or SSH, you are prompted to enter a password. The default user names/password for each access level are listed in the following table. Note: It is recommended that you change default switch passwords after initial configuration and as regularly as required under your network security policies. Table 4. User Access Levels User Account Description and Tasks Performed Password User The User has no direct responsibility for switch ...
System Information The information provided by each command option is briefly described in the following table, with pointers to where detailed information can be found. Table 6. System Information Options Command Syntax and Usage dir [configs|images] Displays the configuration files and NOS images currently on the switch. configs ‐ displays only the configuration files currently on the switch images ‐ displays only the system images currently on the switch For more details, see page Command mode: Privileged EXEC show access user Displays configured user names and their status. Command mode: Privileged EXEC show logging [messages] [severity <0‐7>] [reverse] [|{include|exclude|section|begin|head <1‐2000>| |last <1‐2000>}] Displays the current syslog configuration, followed by the most recent 2000 syslog messages. messages displays the most recent 2000 syslog messages only severity displays syslog messages of the specified severity level reverse displays syslog messages starting with the most recent message | displays syslog messages that match one of the following filters: • include displays syslog messages that match the specified expression • exclude displays syslog messages that don’t match the specified expression •...
CLI Display Information These commands allow you to display information about the number of lines per screen displayed in the CLI. Table 7. CLI Display Information Options Command Syntax and Usage show terminallength Displays the number of lines per screen displayed in the CLI for the current session. A value of 0 means paging is disabled. Command mode: All show line console length Displays the number of lines per screen displayed in the CLI by default for console sessions. A value of 0 means paging is disabled. Command mode: All show line vty length Displays the number of lines per screen displayed in the CLI by default for Telnet and SSH sessions. A value of 0 means paging is disabled. Command mode: All G8264CS Command Reference for ENOS 8.4...
SNMPv3 System Information SNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2 framework by supporting the following: a new SNMP message format security for messages access control remote configuration of SNMP parameters For more details on the SNMPv3 architecture please refer to RFC2271 to RFC2276. Table 9. SNMPv3 Information Options Command Syntax and Usage show snmpserver v3 Displays all the SNMPv3 information. To view a sample, see page Command mode: All show snmpserver v3 access Displays View‐based Access Control information. To view a sample, see page Command mode: All show snmpserver v3 community Displays information about the community table information. To view a sample, see page Command mode: All show snmpserver v3 group Displays information about the group, including the security model, user name and group name. To view a sample, see page Command mode: All show snmpserver v3 notify Displays the Notify table information. To view a sample, see page Command mode: All show snmpserver v3 targetaddress Displays the Target Address table information. To view a sample, see page Command mode: All show snmpserver v3 targetparameters...
SNMPv3 View Table Information The user can control and restrict the access allowed to a group to only a subset of the management information in the management domain that the group can access within each context by specifying the group’s rights in terms of a particular MIB view for security reasons. The following command displays the SNMPv3 View Table: show snmpserver v3 view Command mode: All View Name Subtree Mask Type iso 1.3 included v1v2only 1.3 included v1v2only 1.3.6.1.6.3.15 excluded v1v2only 1.3.6.1.6.3.16 excluded v1v2only 1.3.6.1.6.3.18 excluded Table 11. SNMPv3 View Table Information Parameters Field Description View Name Displays the name of the view. Subtree Displays the MIB subtree as an OID string. A view subtree is the set of all MIB object instances which have a common Object Identifier prefix to their names. Mask Displays the bit mask. Type Displays whether a family of view subtrees is included or excluded from the MIB view. G8264CS Command Reference for ENOS 8.4...
SNMPv3 Group Table Information A group is a combination of security model and security name that defines the access rights assigned to all the security names belonging to that group. The group is identified by a group name. The following command displays SNMPv3 group information: show snmpserver v3 group Command mode: All All active SNMPv3 groups are listed below: Sec Model User Name Group Name snmpv1 v1v2only v1v2grp usm adminmd5 admingrp usm adminsha admingrp usm adminshaaes admingrp Table 13. SNMPv3 Group Table Information Parameters Field Description Sec Model Displays the security model used, which is any one of: USM, SNMPv1, SNMPv2, and SNMPv3. User Name Displays the name for the group. Group Name Displays the access name of the group. SNMPv3 Community Table Information The following command displays the SNMPv3 community table information stored in the SNMP engine: show snmpserver v3 community Command mode: All ...
SNMPv3 Target Parameters Table Information The following command displays SNMPv3 target parameters information: show snmpserver v3 targetparameters Command mode: All Name MP Model User Name Sec Model Sec Level v1v2param snmpv2c v1v2only snmpv1 noAuthNoPriv Table 16. SNMPv3 Target Parameters Table Information Field Description Name Displays the locally arbitrary, but unique identifier associated with this snmpTargeParamsEntry. MP Model Displays the Message Processing Model used when generating SNMP messages using this entry. User Name Displays the securityName, which identifies the entry on whose behalf SNMP messages will be generated using this entry. Sec Model Displays the security model used when generating SNMP messages using this entry. The system may choose to return an inconsistentValue error if an attempt is made to set this variable to a value for a security model the system does not support. Sec Level Displays the level of security used when generating SNMP messages using this entry. SNMPv3 Notify Table Information The following command displays the SNMPv3 Notify Table: show snmpserver v3 notify Command mode: All ...
General System Information The following command displays system information: show sysinfo Command mode: All System Information at 12:27:46 Wed May 27, 2015 Time zone: No timezone configured Daylight Savings Time Status: Disabled Lenovo RackSwitch G8264CS Switch has been up for 0 days, 21 hours, 21 minutes and 44 seconds. Last boot: 15:07:19 Tue May 26, 2015 (reset from console) MAC address: 74:99:75:75:63:00 IP (If 1) address: 0.0.0.0 Management Port MAC Address: 74:99:75:75:63:fe Management Port IP Address (if 128): 10.241.37.200 Hardware Revision: 0 Hardware Part No: BAC0011000 Switch Serial No: Y250CM2C9009 Manufacturing date: 12/50 MTM Value: 7159HCM ESN: MM05941 Software Version 8.4.1.0 (FLASH image1), factory default configuration. Boot kernel version 8.4.1.0 USB Boot: disabled Temperature Mezzanine : 32 C Temperature CPU Local : 38 C Temperature Mother Top : 31 C Temperature Mother Bottom : 33 C Temperature Switch Asic Max : 43 C Temperature FC Module Max : 59 C System Warning at 86 C / Shutdown at 95 C / Set Point is 76 C Fan 1 Module 1: 7468rpm 25pwm( 9%) FrontToBack Fan 2 Module 1: 3163rpm 25pwm( 9%) FrontToBack Fan 3 Module 2: 7346rpm 25pwm( 9%) FrontToBack Fan 4 Module 2: 3362rpm 25pwm( 9%) FrontToBack Fan 5 Module 3: 7479rpm 25pwm( 9%) FrontToBack Fan 6 Module 3: 3126rpm 25pwm( 9%) FrontToBack Fan 7 Module 4: 7336rpm 25pwm( 9%) FrontToBack Fan 8 Module 4: 3174rpm 25pwm( 9%) FrontToBack System Fan Airflow: FrontToBack Power Supply 1: FrontToBack [43X3311]...
Show Recent Syslog Messages The following command displays system log messages: show logging [messages] [severity <0‐7>] [reverse] Command mode: All Current syslog configuration: host 0.0.0.0 via MGT port, severity 7, facility 0 host2 0.0.0.0 via MGT port, severity2 7, facility2 0 console enabled severity level of console output 6 severity level of write to flash 7 syslogging all features Syslog source loopback interface not set Nov 2 5:49:53 172.25.254.19 INFO console: System log cleared by user admin. Nov 2 5:51:23 172.25.254.19 CRIT system: Fan Mod 4 Removed Nov 2 5:54:27 172.25.254.19 CRIT system: **** MAX TEMPERATURE (61) ABOVE FAIL THRESH **** Nov 2 5:54:27 172.25.254.19 CRIT system: **** PLATFORM THERMAL SHUTDOWN **** Nov 2 6:02:06 0.0.0.0 NOTICE system: link up on management port MGT Nov 2 6:02:06 0.0.0.0 INFO system: booted version 0.0.0 from FLASH image2, active configuration Nov 2 6:02:09 0.0.0.0 NOTICE system: SR SFP+ inserted at port 63 is Approved Nov 2 6:02:12 0.0.0.0 NOTICE system: 1m DAC inserted at port 64 is Accepted Nov 2 6:02:12 0.0.0.0 NOTICE system: link up on management port MGT Nov 2 6:03:11 172.25.254.19 NOTICE system: Received DHCP Offer IP: 172.25.254.19 Mask: 255.255.0. Broadcast 172.25.255.255 GW: 172.25.1.1 Nov 2 6:03:11 0.0.0.0 NOTICE ip: MGT port default gateway 172.25.1.1 operational Nov 2 6:22:54 172.25.254.19 NOTICE mgmt: admin(admin) login on Console Nov 2 6:33:00 172.25.254.19 NOTICE mgmt: admin(admin) idle timeout from Console Each syslog message has a severity level associated with it, included in text form as a prefix to the log message. One of eight different prefixes is used, depending on the condition that the administrator is being notified of, as shown here.
LDAP Information The following command displays LDAP server configuration information: show ldapserver Command mode: All except User EXEC for LDAP configured in legacy mode: Current LDAP settings: Primary LDAP Server (null) via MGT port Secondary LDAP Server (null) via MGT port Current LDAP server (null) LDAP port 389, Retries 3, Timeout 5, LDAP server OFF, Backdoor access disabled LDAP domain name LDAP user attribute uid for LDAP configured in enhanced mode: Current LDAP settings: LDAP server 1 10.10.43.55:389 via MGT port LDAP server 2 LDAPserver109:389 via DATA port LDAP server 3 (null) LDAP server 4 (null) LDAP Bind Mode Login Credentials LDAP Bind DN (null) Retries 3, Timeout 5, LDAP server OFF, Backdoor access disabled LDAP domain name LDAP attributes user attribute uid group attribute memberOf login attribute ibmchassisRole LDAP group filter (null) G8264CS Command Reference for ENOS 8.4...
Page 52
Table 19. Layer 2 Information Commands (continued) Command Syntax and Usage show spanningtree Displays Spanning Tree information, including the status (on or off), Spanning Tree mode (RSTP, PVRST, or MSTP) and VLAN membership. In addition to seeing if STG is enabled or disabled, you can view the following STG bridge information: Priority Hello interval Maximum age value Forwarding delay Aging time You can also see the following port‐specific STG information: Port alias and priority Cost State For details, see page Command mode: All show spanningtree blockedports Lists the ports blocked by each STP instance. Command mode: All show spanningtree mst configuration Displays the current MSTP settings. Command mode: All show spanningtree mst <0‐32> [information] Displays Spanning Tree information for the specified instance. 0 is used for CIST. CIST bridge information includes: Priority ...
802.1X Information The following command displays 802.1X information: show dot1x information Command mode: All System capability : Authenticator System status : disabled Protocol version : 1 Guest VLAN status : disabled Guest VLAN : none Authenticator Backend Assigned Port Auth Mode Auth Status PAE State Auth State VLAN *1 forceauth unauthorized initialize initialize none *2 forceauth unauthorized initialize initialize none *3 forceauth unauthorized initialize initialize none The following table describes the IEEE 802.1X parameters. Table 20. 802.1X Parameter Descriptions Parameter Description Port Displays each port’s alias. Auth Mode Displays the Access Control authorization mode for the port. The Authorization mode can be one of the following: forceunauth auto forceauth Auth Status Displays the current authorization status of the port, either authorized or unauthorized. Authenticator Displays the Authenticator Port Access Entity State. The PAE State PAE state can be one of the following: initialize ...
FDB Information The forwarding database (FDB) contains information that maps the media access control (MAC) address of each known device to the switch port where the device address was learned. The FDB also shows which other ports have seen frames destined for a particular MAC address. Note: The master forwarding database supports up to 128K MAC address entries on the MP per switch. Table 21. FDB Information Options Command Syntax and Usage show macaddresstable Displays all entries in the Forwarding Database. Command mode: All show macaddresstable all Displays all unicast and multicast entries in the Forwarding Database. Command mode: All show macaddresstable address <MAC address> Displays a single database entry by its MAC address. You are prompted to enter the MAC address of the device. Enter the MAC address using the format, xx:xx:xx:xx:xx:xx. For example, 08:00:20:12:34:56. You can also enter the MAC address using the format, xxxxxxxxxxxx. For example, 080020123456. Command mode: All show macaddresstable configuredstatic Displays all configured static MAC entries in the FDB. Command mode: All show macaddresstable interface port <port alias or number> Displays all FDB entries for a particular port. Command mode: All show macaddresstable multicast Displays all static multicast MAC entries in the FDB. For details, see page Command mode: All show macaddresstable portchannel <1‐128> Displays all FDB entries for a particular Link Aggregation Group (LAG).
Show All FDB Information The following command displays Forwarding Database information: show macaddresstable Command mode: All Mac address Aging Time: 300 MAC address VLAN Port Trnk State Permanent 00:04:38:90:54:18 1 4 FWD 00:09:6b:9b:01:5f 1 13 FWD 00:09:6b:ca:26:ef 4095 1 FWD 00:0f:06:ec:3b:00 4095 1 FWD 00:11:43:c4:79:83 1 4 FWD P An address that is in the forwarding (FWD) state, means that it has been learned by the switch. When in the aggregation (TRK) state, the port field represents the Link Aggregation Group (LAG) number. If the state for the port is listed as unknown (UNK), the MAC address has not yet been learned by the switch, but has only been seen as a destination address. When an address is in the unknown state, no outbound port is indicated, although ports which reference the address as a destination are listed under “Reference ports.” Clearing Entries from the Forwarding Database To clear the entire FDB, refer to “Forwarding Database Maintenance” on page 647. G8264CS Command Reference for ENOS 8.4...
Link Aggregation Control Protocol The following command displays LACP information: show lacp information Command mode: All port mode adminkey operkey selected prio aggr trunk status minlinks 1 active 65535 65535 yes 32768 1 65 up 1 2 active 65535 65535 yes 32768 1 65 up 1 3 active 65535 65535 individual 32768 down 1 4 active 65535 65535 yes 32768 1 65 up 1 5 active 65535 65535 yes 32768 1 65 up 1 6 active 65535 65535 yes 32768 1 65 up 1 7 active 65535 65535 yes 32768 1 65 up 1 8 active 65535 65535 yes 32768 1 65 up 1 9 active 1000 1000 suspended 32768 down 1 10 active 1000 1000 suspended 32768 down 1 (*) LACP PortChannel is statically bound to the admin key LACP dump includes the following information for each port in the G8264CS: mode Displays the port’s LACP mode (active, passive or off). adminkey Displays the value of the port’s adminkey. operkey Shows the value of the port’s operational key. selected Indicates whether the port has been selected to be part of a Link Aggregation Group. prio Shows the value of the port priority. aggr Displays the aggregator associated with each port. trunk ...
Page 62
A monitor port’s Failover status is Operational only if all the following conditions hold true: Port link is up. If Spanning‐Tree is enabled, the port is in the Forwarding state. If the port is a member of an LACP Link Aggregation Group (LAG), the port is aggregated. If any of these conditions are not true, the monitor port is considered to be failed. A control port is considered to be operational if the monitor trigger state is Up. Even if a port’s link status is Down, Spanning‐Tree status is Blocking, and the LACP status is Not Aggregated, from a teaming perspective the port status is Operational, since the trigger is Up. A control port’s status is displayed as Failed only if the monitor trigger state is Down. G8264CS Command Reference for ENOS 8.4...
LLDP Information The following commands display LLDP information. Table 25. LLDP Information Options Command Syntax and Usage show lldp Displays the current Link Layer Discovery Protocol (LLDP) configuration. Command mode: All show lldp information Displays all LLDP information. Command mode: All show lldp port [<port alias or number>] Displays LLDP information for all ports or a specific port. Command mode: All show lldp port <port alias or number> tlv evb Displays Edge Virtual Bridge (EVB) type‐length‐value (TLV) information for the specified port. Command mode: All show lldp receive Displays information about the LLDP receive state machine. Command mode: All show lldp remotedevice [<1‐256>|detail] Displays information received from LLDP‐capable devices. For more information, see page Command mode: All show lldp remotedevice port <port alias or number> Displays information received from LLDP‐capable devices for a specific port. A list of ports needs to be delimited by ʹ,ʹ and a range of ports delimited by ʹ‐ʹ. Command mode: All show lldp transmit Displays information about the LLDP transmit state machine. Command mode: All G8264CS Command Reference for ENOS 8.4...
Unidirectional Link Detection Information The following commands display UDLD information: Table 26. UDLD Information Options Command Syntax and Usage show udld Displays all UDLD information. Command mode: All show interface port <port alias or number> udld Displays UDLD information about the selected port. Command mode: All UDLD Port Information The following command displays UDLD information for the selected port: show interface port <port alias or number> udld Command mode: All UDLD information on port 1 Port enable administrative configuration setting: Enabled Port administrative mode: normal Port enable operational state: link up Port operational state: advertisement Port bidirectional status: bidirectional Message interval: 15 Time out interval: 5 Neighbor cache: 1 neighbor detected Entry #1 Expiration time: 31 seconds Device Name: Device ID: 00:da:c0:00:04:00 Port ID: 1 UDLD information includes the following: Status (enabled or disabled) ...
OAM Discovery Information The following commands display OAM information: Table 28. OAM Discovery Information Options Command Syntax and Usage show interface port <port alias or number> oam Displays OAM information about the selected port. Command mode: All show oam Displays all OAM information. Command mode: All OAM Port Information The following command displays OAM information for the selected port: show interface port <port alias or number> oam Command mode: All OAM information on port 1 State enabled Mode active Link up Satisfied Yes Evaluating No Remote port information: Mode active MAC address 00:da:c0:00:04:00 Stable Yes State valid Yes Evaluating No OAM port display shows information about the selected port and the peer to which the link is connected. G8264CS Command Reference for ENOS 8.4...
vLAG Aggregation Information The following command displays vLAG information for the Link Aggregation Group (LAG): show vlag portchannel <1‐64> Command mode: All vLAG is enabled on trunk 13 Protocol Static Current settings: enabled ports: 13 Current L2 trunk hash settings: smac dmac Current L3 trunk hash settings: sip dip Current ingress port hash: disabled Current L4 port hash: disabled Current FCoE trunk hash settings: sid did vLAG Peer Gateway Information The following command displays the current state of the vLAG peer gateway. show vlag peergateway Command mode: All Current peer gateway state: disabled vLAG VRRP Information The following command displays vLAG related VRRP information: show vlag vrrp Command mode: All vLAG VRRP mode: Active vLAG related VRRP information: 1: vrid 1, local role master, peer role backup 10: vrid 1, local role backup, peer role backup 100: vrid 1, local role backup, peer role master vLAG VRRP mode: Passive vLAG related VRRP information: 1: vrid 1, local role master, peer role init 10: vrid 1, local role backup, peer role init 100: vrid 1, local role backup, peer role init...
RSTP Information The following command displays RSTP information: show spanningtree stp <1> information Command mode: All Spanning Tree Group 1: On (RSTP) VLANs: 1 10 4095 Current Root: PathCost Port Hello MaxAge FwdDel 8000 00:25:03:49:29:00 0 0 2 20 15 Parameters: Priority Hello MaxAge FwdDel Aging Topology Change Counts 32768 2 20 15 300 1 Port Prio Cost State Role Designated Bridge Des Port Type 1 (pc12) 128 490!+ FWD DESG 800000:25:03:49:29:00 8026 P2P 2 (pc12) 128 490!+ FWD DESG 800000:25:03:49:29:00 8026 P2P 3 (pc12) 128 490!+ FWD DESG 800000:25:03:49:29:00 8026 P2P 4 (pc12) 128 490!+ FWD DESG 800000:25:03:49:29:00 8026 P2P MGT 0 0 FWD * * = STP turned off for this port. ! = Automatic path cost. + = Portchannel cost, not the individual port cost. The switch software uses the Per VLAN Rapid Spanning Tree Protocol (PVRST) spanning tree mode, with IEEE 802.1D (2004) Rapid Spanning Tree Protocol (RSTP) or IEEE 802.1Q (2003) Multiple Spanning Tree Protocol (MSTP), as alternatives. The following port‐specific information is also displayed: Table 30. PVRST/RSTP/MSTP Port Parameter Descriptions Parameter Description Priority The Port Priority parameter helps determine which bridge port (port) becomes the designated port. In a network topology that has multiple bridge ports connected to a single segment, the port with the lowest port priority becomes the designated port for the segment. Cost The Port Path cost parameter is used to help determine the designated port for a segment. Generally speaking, the faster the ...
PVRST Information The following command displays PVRST information: show spanningtree stp <1‐128> information Command mode: All Spanning Tree Group 1: On (PVRST) VLANs: 1 Current Root: PathCost Port Hello MaxAge FwdDel 8001 a8:97:dc:03:d5:00 490 1 2 20 15 Prev Root: Port Replaced at 8001 a8:97:dc:d2:12:00 0 16:33:08 3 32016 Parameters: Priority Hello MaxAge FwdDel Aging Topology Change Counts 32769 2 20 15 300 8 Port Prio Cost State Role Designated Bridge Des Port Type 1 (pc1) 128 490!+ FWD ROOT 8001a8:97:dc:03:d5:00 8042 P2P 2 (pc1) 128 490!+ FWD ROOT 8001a8:97:dc:03:d5:00 8042 P2P 3 (pc1) 128 490!+ FWD ROOT 8001a8:97:dc:03:d5:00 8042 P2P 4 (pc1) 128 490!+ FWD ROOT 8001a8:97:dc:03:d5:00 8042 P2P 11 128 2000! FWD DESG 8001a8:97:dc:d2:12:00 800b P2P 13 128 2000! FWD DESG 8001a8:97:dc:d2:12:00 800d P2P 14 128 2000! FWD DESG 8001a8:97:dc:d2:12:00 800e P2P 16 128 2000! FWD DESG 8001a8:97:dc:d2:12:00 8010 P2P ! = Automatic path cost. + = Portchannel cost, not the individual port cost. You can configure the switch software to use the IEEE 802.1D (2004) Rapid Spanning Tree Protocol (RSTP), the IEEE 802.1Q (2003) Multiple Spanning Tree Protocol (MSTP) or PerVLAN Rapid Spanning Tree Protocol (PVRST). The following port‐specific information is also displayed: Table 31. RSTP/MSTP/PVRST Port Parameter Descriptions Parameter Description Prio (port) The Port Priority parameter helps determine which bridge port becomes the designated port. In a network topology that ...
Spanning Tree Bridge Information The following command displays Spanning Tree bridge information: show spanningtree bridge Command mode: All STG Priority Hello MaxAge FwdDel Protocol VLANs 1 32768 2 20 15 PVRST 1 2 32768 2 20 15 PVRST 2 128 32768 2 20 15 PVRST 4095 show spanningtree vlan <VLAN ID (1‐4094)> bridge Command mode: All Vlan Priority Hello MaxAge FwdDel Protocol 1 32768 2 20 15 MSTP Table 32. Bridge Parameter Descriptions Parameter Description VLAN VLANs that are part of the Spanning Tree Group Priority The bridge priority parameter controls which bridge on the network will become the STP root bridge. The lower the value, the higher the priority. Hello The hello time parameter specifies, in seconds, how often the bridge transmits a configuration bridge protocol data unit (BPDU). Any bridge that is not the root bridge uses the root bridge hello value. MaxAge The maximum age parameter specifies, in seconds, the maximum time the bridge waits without receiving a configuration bridge protocol data unit before it reconfigures the STP network. FwdDel The forward delay parameter specifies, in seconds, the amount of time that a bridge port has to wait before it ...
Multiple Spanning Tree Information The following command displays Multiple Spanning Tree (MSTP) information: show spanningtree mst <0‐32> information Command mode: All Mstp Digest: 0x9f71e12a07f4e3004fe0ce1f241a7b66 Spanning Tree Group 5: On (MSTP) VLANs MAPPED: 5 VLANs: 5 Current Root: PathCost Port 0000 a8:97:dc:88:c9:00 0 0 Parameters: Priority Aging Topology Change Counts 0 300 1 Port Prio Cost State Role Designated Bridge Des Port Type 1 (pc105) 128 156!+ FWD DESG 0000a8:97:dc:88:c9:00 80e8 P2P 2 (pc105) 128 156!+ FWD DESG 0000a8:97:dc:88:c9:00 80e8 P2P 4 128 500! FWD DESG 0000a8:97:dc:88:c9:00 800a P2P,edge 22 (pc105) 128 156!+ FWD DESG 0000a8:97:dc:88:c9:00 80e8 P2P ! = Automatic path cost. + = Portchannel cost, not the individual port cost. In addition to seeing Common Internal Spanning Tree (CIST) status, you can view the following CIST bridge information: Table 34. CIST Parameter Descriptions Parameter Description CIST Root The CIST Root shows information about the root bridge for the Common Internal Spanning Tree (CIST). Values on this row of information refer to the CIST root. CIST Regional The CIST Regional Root shows information about the root Root bridge for this MSTP region. Values on this row of information refer to the regional root. Priority (bridge) The bridge priority parameter controls which bridge on the ...
Link Aggregation Group (LAG) Information The following command displays Link Aggregation Group (LAG) information: show portchannel information Command mode: All Trunk group 1: Enabled Protocol Static Port state: 1: STG 1 forwarding 2: STG 1 forwarding When LAGs are configured, you can view the state of each port in the various LAGs. Note: If Spanning Tree Protocol on any port in the LAG is set to forwarding, the remaining ports in the LAG will also be set to forwarding. G8264CS Command Reference for ENOS 8.4...
Page 82
The following command displays VLAN information: show vlan Command mode: All VLAN Name Status Ports 1 Default VLAN ena 120 2 VLAN 2 dis 2122 100 VLAN 100 ena empty 200 VLAN 200 ena empty 300 VLAN 300 ena empty 4095 Mgmt VLAN ena MGT Primary Secondary Type Ports 100 200 isolated 14 100 300 community 12 This information display includes all configured VLANs and all member ports that have an active link state. Port membership is represented in slot/port format. VLAN information includes: VLAN Number VLAN Name Status Port membership of the VLAN Protocol VLAN information (if available) Private VLAN information (if available) G8264CS Command Reference for ENOS 8.4...
Page 84
Table 37. Layer 3 Information Commands (continued) Command Syntax and Usage show ip igmp Displays IGMP Information. For more IGMP information options, see page 116. Command mode: All show ip information Displays all IP information. Command mode: All show ip interface brief Displays IP Information. For details, see page 128. IP information, includes: IP interface information: Interface number, IP address, subnet mask, VLAN number, and operational status. Default gateway information: Metric for selecting which configured gateway to use, gateway number, IP address, and health status IP forwarding settings, network filter settings, route map settings Command mode: All show ipv6 interface <interface number> Displays IPv6 interface information. For details, see page 126. Command mode: All show ip matchaddress [<1‐256>] Displays the current the Network Filter configuration. Command mode: All show ip mroute Displays the current IP multicast routes. Command mode: All show ipv6 mld Displays Multicast Listener Discovery (MLD) information. For more MLD information options, see page 121. ...
Page 86
Table 37. Layer 3 Information Commands (continued) Command Syntax and Usage show ip slp directoryagents Displays SLP Directory Agent (DA) information. Command mode: All show ip slp useragents Displays SLP User Agent (UA) information. Command mode: All show ip vrrp information Displays VRRP information. For details, see page 123. Command mode: All show ipsec manualpolicy Displays information about manual key management policy for IP security. For more information options, see page 132. Command mode: All show layer3 Dumps all Layer 3 switch information available (10K or more, depending on your configuration). If you want to capture dump data to a file, set your communication software on your workstation to capture session data before issuing the dump commands. Command mode: All show layer3 igmpgroups Displays the total number of IGMP groups that are registered on the switch. Command mode: All show layer3 ipmcgroups Displays the total number of current IP multicast (IPMC) groups that are registered on the switch. Command mode: All G8264CS Command Reference for ENOS 8.4...
Show All IP Route Information The following command displays IP route information: show ip route Command mode: All Mgmt routes: Status code: * best Destination Mask Gateway Type Tag Metric If * 192.168.50.0 255.255.255.0 192.168.50.50 direct fixed 128 * 192.168.50.50 255.255.255.255 192.168.50.50 local addr 128 * 192.168.50.255 255.255.255.255 192.168.50.255 broadcast broadcast 128 Data routes: Status code: * best Destination Mask Gateway Type Tag Metric If * 127.0.0.0 255.0.0.0 0.0.0.0 martian martian * 224.0.0.0 224.0.0.0 0.0.0.0 martian martian * 224.0.0.0 240.0.0.0 0.0.0.0 multicast addr * 255.255.255.255 255.255.255.255 255.255.255.255 broadcast broadcast The following table describes the Type parameters. Table 39. IP Routing Type Parameters Parameter Description indirect The next hop to the host or subnet destination will be forwarded through a router at the Gateway address. direct Packets will be delivered to a destination host or subnet attached to the switch. local Indicates a route to one of the switch’s IP interfaces. broadcast Indicates a broadcast route. martian The destination belongs to a host or subnet which is filtered out. ...
ARP Information The ARP information includes IP address and MAC address of each entry, address status flags (see Table 42 on page 92), VLAN, age and port for the address. Table 41. ARP Information Options Command Syntax and Usage show [ip] arp [all] Displays all ARP entries. including: IP address and MAC address of each entry Address status flag The VLAN and port to which the address belongs The elapsed time (in seconds) since the ARP entry was learned For more information, see page Command mode: All show ip arp data Displays all data ARP entries. Command mode: All show [ip] arp find <IP address> Displays a single ARP entry by IP address. Command mode: All show ip arp inspection Displays the current Dynamic ARP Inspection (DAI) configuration settings. For details, see page Command mode: All show [ip] arp interface port <port alias or number> Displays the ARP entries on a single port. Command mode: All show ip arp management Displays all management ARP entries. Command mode: All show [ip] arp reply Displays the ARP entries for the switch’s IP interfaces.
Show All ARP Entry Information The following command displays ARP information: show [ip] arp Command mode: All Mgmt ARP entries: Total number of Mgmt ARP entries : 3 IP address Flags MAC address VLAN Age Port 10.241.38.131 P 74:99:75:74:c4:fe 4095 MGT 10.241.38.132 74:99:75:75:69:fe 4095 71 MGT 10.241.38.254 74:99:75:c8:13:00 4095 35 MGT Data ARP entries: Current ARP configuration: rearp 5 No static ARP configured. Total number data ARP entries : 10 IP address Flags MAC address VLAN Age Port 1.1.1.4 P 74:99:75:74:c4:00 100 1.1.1.5 74:99:75:75:69:00 100 140 TRK64 1.1.1.10 P 00:00:5e:00:01:01 100 2.2.2.4 P 74:99:75:74:c4:00 200 2.2.2.5 74:99:75:75:69:00 200 141 TRK64 2.2.2.6 74:99:75:08:99:00 200 140 TRK1 2.2.2.10 P 00:00:5e:00:01:01 200 3.3.3.4 P 74:99:75:74:c4:00 300 3.3.3.6 74:99:75:08:99:00 300 150 TRK1 3.3.3.10 P 00:00:5e:00:01:01 300 The Port field shows the target port of the ARP entry. The Flags field is interpreted as follows: Table 42. ARP Flag Parameters Flag Description Permanent entry created for switch IP interface. Indirect route entry.
BGP Information The following commands display BGP information: Table 44. BGP Peer Information Options Command Syntax and Usage show ip bgp aggregateaddress [<1‐16>] Displays the current BGP aggregation configuration. Command mode: All show ip bgp information Displays the BGP routing table. See page 97 for a sample output. Command mode: All show ip bgp neighbor [<1‐96>] Displays the current BGP peer configuration. Command mode: All show ip bgp neighbor advertisedroutes Displays all BGP advertised routes to all neighbors. Command mode: All show ip bgp neighbor <1‐96> advertisedroutes Displays all BGP advertised routes to a specific peer. Command mode: All show ip bgp neighbor group Displays BGP group information. See page 96 for a sample output. Command mode: All show ip bgp neighbor information Displays BGP peer information. See page 95 for a sample output. Command mode: All show ip bgp neighbor <1‐96> information Displays BGP peer information for a specific peer. Command mode: All show ip bgp neighbor <1‐96> redistribute Displays BGP neighbor redistribution. Command mode: All G8264CS Command Reference for ENOS 8.4...
BGP Group Information Following is an example of the information provided by the following command: show ip bgp neighbor group Command mode: All BGP Group Information: Local router ID: 1.1.1.2, Local AS: 100 Group 1: Name: toG82642007 Addr: 192.168.128.0 Mask: 255.255.255.248 Remote AS list: 200 Dynamic Peers Limit: 8 Dynamic Peers in established state: 1 Dynamic Peers of this group: 97: 192.168.128.4, Group: 1 (toG82642007), TTL 1 Remote AS: 200, Local AS: 100, Link type: EBGP Remote router ID: 2.2.1.2, Local router ID: 1.1.1.2 Configured Version: 4 Negotiated Version: 4 Total path attribute out: 0 In Total Messages: 74 Out Total Messages: 74 In Updates: 0 Out Updates: 0 Established Time: 01:12:36 MinAdvTime: 00:01:00 Configured holdtime: 00:03:00 Negotiated holdtime: 00:03:00 Configured keepalive 00:01:00 Negotiated keepalive 00:01:00 In Update Last Time: 00:00:00 Out Update Last Time: 00:14:32 Last Send Time: 01:26:54 Last Received Time: 01:26:54 Inrmap list count: 0 Outrmap list count: 0 G8264CS Command Reference for ENOS 8.4...
OSPF Information The following commands display OSPF information: Table 45. OSPF Information Options Command Syntax and Usage show interface ip <1‐128> ospf Displays the current OSPF settings for the specified IP interface. Command mode: All show ip ospf area <0‐5> Displays OSPF settings for a particular area index. Command mode: All show ip ospf area information [<0‐5>] Displays area information for all areas or a particular area index. Command mode: All show ip ospf arearange <1‐16> Displays the current OSPF summary range settings. Command mode: All show ip ospf areavirtuallink <1‐3> Displays the current OSPF virtual link settings. Command mode: All show ip ospf areavirtuallink information Displays information about all the configured virtual links. Command mode: All show ip ospf generalinformation Displays general OSPF information. See page 100 for a sample output. Command mode: All show ip ospf host <1‐128> Displays the current OSPF host entries. Command mode: All show ip ospf host information Displays OSPF host configuration information. Command mode: All show ip ospf information Displays the OSPF information. Command mode: All G8264CS Command Reference for ENOS 8.4...
OSPF General Information The following command displays general OSPF information: show ip ospf generalinformation Command mode: All OSPF Version 2 Router ID: 10.10.10.1 Started at 1663 and the process uptime is 4626 Area Border Router: yes, AS Boundary Router: no LS types supported are 6 External LSA count 0 External LSA checksum sum 0x0 Number of interfaces in this router is 2 Number of virtual links in this router is 1 16 new lsa received and 34 lsa originated from this router Total number of entries in the LSDB 10 Database checksum sum 0x0 Total neighbors are 1, of which 2 are >=INIT state, 2 are >=EXCH state, 2 are =FULL state Number of areas is 2, of which 3transit 0nssa Area Id : 0.0.0.0 Authentication : none Import ASExtern : yes Number of times SPF ran : 8 Area Border Router count : 2 AS Boundary Router count : 0 LSA count : 5 LSA Checksum sum : 0x2237B Summary : noSummary OSPF Interface Information The following command displays OSPF interface information: show ip ospf interface <interface number> Command mode: All Ip Address 10.10.12.1, Area 0.0.0.1, Admin Status UP Router ID 10.10.10.1, State DR, Priority 1 Designated Router (ID) 10.10.10.1, Ip Address 10.10.12.1 Backup Designated Router (ID) 10.10.14.1, Ip Address 10.10.12.2 Timer intervals, Hello 10, Dead 40, Wait 1663, Retransmit 5,...
OSPF Database Information The following commands display OSPF Database information: Table 46. OSPF Database Information Options Command Syntax and Usage show ip ospf database Displays all the Link State Advertisements (LSAs). Command mode: All show ip ospf database advertisingrouter <router ID (IP address)> Takes advertising router as a parameter. Displays all the LSAs in the LS database that have the advertising router with the specified router ID, for example: 20.1.1.1. Command mode: All show ip ospf database area <0‐5> Displays LS database information for the specified OSPF area. Command mode: All show ip ospf database asbrsummary [advertisingrouter <router ID (IP address)>|linkstateid <link state ID (IP address)>|self] Displays ASBR summary LSAs. The usage of this command is as follows: asbrsummary advertisingrouter 20.1.1.1 displays ASBR summary LSAs having the advertising router 20.1.1.1. asbrsummary linkstateid 10.1.1.1 displays ASBR summary LSAs having the link state ID 10.1.1.1. asbrsummary self displays the self advertised ASBR summary LSAs. asbrsummary with no parameters displays all the ASBR summary LSAs. Command mode: All show ip ospf database databasesummary Displays the following information about the LS database in a table format: Number of LSAs of each type in each area. Total number of LSAs for each area.
OSPFv3 Information The following commands display OSPFv3 information: Table 47. OSPFv3 Information Options Command Syntax and Usage show ipv6 ospf area <area index (0‐2)> Displays the OSPFv3 area information. Command mode: All show ipv6 ospf areas Displays the OSPFv3 Area Table. Command mode: All show ipv6 ospf arearange <1‐16> Displays the current OSPFv3 summary range settings. Command mode: All show ipv6 ospf arearange information Displays OSPFv3 summary ranges. Command mode: All show ipv6 ospf areavirtuallink <1‐3> Displays the current OSPFv3 virtual link settings. Command mode: All show ipv6 ospf areavirtuallink information Displays information about all the configured virtual links. Command mode: All show ipv6 ospf borderrouters Displays OSPFv3 routes to an ABR or ASBR. Command mode: All show ipv6 ospf host <1‐128> Displays the current OSPFv3 host entries. Command mode: All show ipv6 ospf host information Displays OSPFv3 host configuration information. Command mode: All show ipv6 ospf information Displays all OSPFv3 information. To view a sample display, see page 106. Command mode: All G8264CS Command Reference for ENOS 8.4...
OSPFv3 Information Dump The following command displays OSPFv3 information: show ipv6 ospf information Command mode: All Router Id: 1.0.0.1 ABR Type: Standard ABR SPF schedule delay: 5 secs Hold time between two SPFs: 10 secs Exit Overflow Interval: 0 Ref BW: 100000 Ext Lsdb Limit: none Trace Value: 0x00008000 As Scope Lsa: 2 Checksum Sum: 0xfe16 Passive Interface: Disable Nssa Asbr Default Route Translation: Disable Autonomous System Boundary Router Redistributing External Routes from connected, metric 10, metric type asExtType1, no tag set Number of Areas in this router 1 Area 0.0.0.0 Number of interfaces in this area is 1 Number of Area Scope Lsa: 7 Checksum Sum: 0x28512 Number of Indication Lsa: 0 SPF algorithm executed: 2 times OSPFv3 Interface Information The following command displays OSPFv3 interface information: show ipv6 ospf interface Command mode: All Ospfv3 Interface Information Interface Id: 1 Instance Id: 0 Area Id: 0.0.0.0 Local Address: fe80::222:ff:fe7d:5d00 Router Id: 1.0.0.1 Network Type: BROADCAST Cost: 1 State: BACKUP Designated Router Id: 2.0.0.2 local address: fe80::218:b1ff:fea1:6c01 Backup Designated Router Id: 1.0.0.1 local address: fe80::222:ff:fe7d:5d00 Transmit Delay: 1 sec Priority: 1 IfOptions: 0x0 Timer intervals configured: Hello: 10, Dead: 40, Retransmit: 5 Hello due in 6 sec Neighbor Count is: 1, Adjacent neighbor count is: 1 Adjacent with neighbor 2.0.0.2 G8264CS Command Reference for ENOS 8.4...
RIP Routes Information The following command displays RIP route information: show ip rip routes Command mode: All >> IP Routing# 30.1.1.0/24 directly connected 3.0.0.0/8 via 30.1.1.11 metric 4 4.0.0.0/16 via 30.1.1.11 metric 16 10.0.0.0/8 via 30.1.1.2 metric 3 20.0.0.0/8 via 30.1.1.2 metric 2 This table contains all dynamic routes learned through RIP, including the routes that are undergoing garbage collection with metric = 16. This table does not contain locally configured static routes. RIP Interface Information The following command displays RIP user information: show ip rip interface <interface number> Command mode: All RIP USER CONFIGURATION : RIP: ON, update 30 RIP on Interface 49 : 101.1.1.10, enabled version 2, listen enabled, supply enabled, default none poison disabled, split horizon enabled, trigg enabled, mcast enabled, metric 1 auth none, key none G8264CS Command Reference for ENOS 8.4...
IPv6 Routing Table Information The following command displays IPv6 routing information: show ipv6 route Command mode: All IPv6 Routing Table 3 entries Codes : C Connected, S Static O OSPF M Management Gateway S ::/0 [1/20] via 2001:2:3:4::1, Interface 2 C 2001:2:3:4::/64 [1/1] via ::, Interface 2 C fe80::20f:6aff:feec:f701/128 [1/1] Note that the first number inside the brackets represents the metric and the second number represents the preference for the route. G8264CS Command Reference for ENOS 8.4...
IPv6 Neighbor Discovery Prefix Information The following command displays a summary of IPv6 Neighbor Discovery prefix information: show ipv6 prefix Command mode: All Codes: A Address , P PrefixAdvertisement D Default , N Not Advertised [L] Onlink Flag is set [A] Autonomous Flag is set AD 10:: 64 [LA] Valid lifetime 2592000 , Preferred lifetime 604800 P 20:: 64 [LA] Valid lifetime 200 , Preferred lifetime 100 Neighbor Discovery prefix information includes information about all configured prefixes. The following command displays IPv6 Neighbor Discovery prefix information for an interface: show ipv6 prefix interface <interface number> Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 116
IGMP Information The following commands display IGMP information: Table 52. IGMP Multicast Group Information Commands Command Syntax and Usage show ip igmp Displays the current IGMP configuration parameters. Command mode: All show ip igmp filtering Displays current IGMP Filtering parameters. Command mode: All show ip igmp groups Displays information for all multicast groups. For details, see page 119. Command mode: All show ip igmp groups address <IP address> Displays a single IGMP multicast group by its IP address. Command mode: All show ip igmp groups detail <IP address> Displays details about an IGMP multicast group, including source and timer information. Command mode: All show ip igmp groups interface port <port alias or number> Displays all IGMP multicast groups on a single port. Command mode: All show ip igmp groups portchannel <1‐128> Displays all IGMP multicast groups on a single Link Aggregation Group (LAG). Command mode: All show ip igmp groups vlan <VLAN ID (1‐4094)> Displays all IGMP multicast groups on a single VLAN. Command mode: All show ip igmp ipmcgrp Displays information for all IPMC groups. For details, see page 120. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 118
IGMP Querier Information The following command displays IGMP Querier information for a particular VLAN: show ip igmp querier vlan <VLAN ID (1‐4094)> Command mode: All Current IGMP Querier information: IGMP Querier information for vlan 1: Other IGMP querier none Switchquerier enabled, current state: Querier Switchquerier type: Ipv4, address 1.1.1.1, Switchquerier general query interval: 125 secs, Switchquerier maxresponse interval: 100 'tenths of secs', Switchquerier startup interval: 31 secs, count: 2 Switchquerier robustness: 2 IGMP configured version is v3 IGMP Operating version is v3 IGMP Querier information includes: VLAN number Querier status Other IGMP querier—none IGMP querier present, address: (IP or MAC address) Other IGMP querier present, interval (minutes:seconds) Querier election type (IPv4 or MAC) and address Query interval Querier startup interval Maximum query response interval Querier robustness value IGMP version number G8264CS Command Reference for ENOS 8.4...
Page 120
IPMC Group Information The following command displays IGMP IPMC group information: show ip igmp ipmcgrp Command mode: All Total number of displayed ipmc groups: 4 Legend(possible values in Type column): SH static host DR dynamic registered SP static primary DU dynamic unregistered SB static backup M mrouter O other Source Group Vlan Port Type Timeleft =============== =============== ==== ============ ==== ========== * 232.0.0.1 1 DU 6 sec * 232.0.0.2 1 DU 6 sec * 232.0.0.3 1 DU 6 sec * 232.0.0.4 1 DU 6 sec IGMP IPMC Group information includes: IGMP source address IGMP group address VLAN and port Type of IPMC group Expiration timer value G8264CS Command Reference for ENOS 8.4...
Page 122
MLD Mrouter Information The following command displays MLD Mrouter information: show ipv6 mld mrouter Command mode: All Source: fe80:0:0:0:200:14ff:fea8:40c9 Port/Vlan: 26/4 Interface: 3 QRV: 2 QQIC:125 Maximum Response Delay: 1000 Version: MLDv2 Expires:1:02 The following table describes the MLD Mrouter information displayed in the output. Table 54. MLD Mrouter Statistic Description Source Displays the link‐local address of the reporter. Port/Vlan Displays the port/vlan on which the general query is received. Interface Displays the interface number on which the general query is received. Displays the Querier’s robustness variable value. QQIC Displays the Querier’s query interval code. Maximum Response Displays the configured maximum query response time. Delay Version Displays the MLD version configured on the interface. Expires Displays the amount of time that must pass before the multicast router decides that there are no more listeners for a multicast address or a particular source on a link. G8264CS Command Reference for ENOS 8.4...
Page 124
The following command displays VRRP information: show ip vrrp information Command mode: All VRRP information: 1: vrid 2, 205.178.18.210, if 1, renter, prio 100, master 2: vrid 1, 205.178.18.202, if 1, renter, prio 100, backup 3: vrid 3, 205.178.18.204, if 1, renter, prio 100, master When virtual routers are configured, you can view the status of each virtual router using this command. VRRP information includes: Virtual router number Virtual router ID and IP address Interface number Ownership status owner identifies the preferred master virtual router. A virtual router is the owner when the IP address of the virtual router and its IP interface are the same. renter identifies virtual routers which are not owned by this device. Priority value. During the election process, the virtual router with the highest priority becomes master. Activity status master identifies the elected master virtual router. backup identifies that the virtual router is in backup mode. init identifies that the virtual router is waiting for a startup event. For example, once it receives a startup event, it transitions to master if its ...
Page 126
IPv6 Interface Information The following command displays IPv6 interface information: show ipv6 interface <interface number> Command mode: All Interface information: 2: IP6 2001:0:0:0:225:3ff:febb:bb15/64 , vlan 1, up fe80::225:3ff:febb:bb15 Link local address: fe80::225:3ff:febb:bb15 Global unicast address(es): 2001::225:3ff:febb:bb15/64 Anycast address(es): Not Configured. Joined group address(es): ff02::1 ff02::2 ff02::1:ffbb:bb15 MTU is 1500 ICMP redirects are enabled ND DAD is enabled, Number of DAD attempts: 1 ND router advertisement is disabled For each interface, the following information is displayed: IPv6 interface address and prefix VLAN assignment Status (up, down or disabled) Path MTU size Status of ICMP redirects Status of Neighbor Discovery (ND) Duplicate Address Detection (DAD) Status of Neighbor Discovery router advertisements G8264CS Command Reference for ENOS 8.4...
Page 128
IP Information The following command displays Layer 3 information: show ip interface brief Command mode: All IP information: AS number 0 Interface information: 1: IP4 192.168.0.2 255.255.255.0 192.168.0.255, vlan 1, up 128: IP4 10.241.37.168 255.255.255.128 10.241.37.255, vlan 4095, up Loopback interface information: Default gateway information: metric strict 4: 10.241.37.254, up active Default IP6 gateway information: ECMP Hash Mechanism: dipsip Current BOOTP relay settings: OFF Global servers: Server 1 address 0.0.0.0 Server 2 address 0.0.0.0 Server 3 address 0.0.0.0 Server 4 address 0.0.0.0 Server 5 address 0.0.0.0 Current BOOTP relay option82 settings: OFF Current BOOTP relay option82 policy: Replace Current DHCP Snooping settings: Off DHCP Snooping is configured on the following VLANs: empty Insertion of option 82 information is Disable Interface Trusted Rate limit (pps) 1 No none 2 No none 3 No none 4 No none 62 No none 63 No none 64 No none MGT No none Current IP forwarding settings: ON, dirbr disabled, noicmprd disabled, ICMPv6 redirect disabled Current network filter settings: none Current route map settings: none...
Page 130
IKEv2 Information The following table lists commands that display information about IKEv2. Table 56. IKEv2 Information Commands Command Syntax and Usage show ikev2 Displays all IKEv2 information. See page 131 for sample output. Command mode: All show ikev2 cacert Displays the CA certificate. Command mode: All show ikev2 hostcert Displays the host certificate. Command mode: All show ikev2 identity Displays IKEv2 identity information. Command mode: All show ikev2 presharekey Displays the IKEv2 preshare key. Command mode: All show ikev2 proposal Displays the IKEv2 proposal. Command mode: All show ikev2 retransmitinterval Displays the IKEv2 retransmit interval. Command mode: All show ikev2 sa Displays the IKEv2 SA. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 132
IP Security Information The following table describes the commands used to display information about IP security. Table 57. IPsec Information Commands Command Syntax and Usage show ipsec dynamicpolicy [<1‐10>] Displays dynamic policy information. Command mode: All show ipsec manualpolicy [<1‐10>] Displays manual policy information. See page 133 for sample output. Command mode: All show ipsec sa Displays all security association information. Command mode: All show ipsec spd Displays all security policy information. Command mode: All show ipsec trafficselector [<1‐10>] Displays IPsec traffic selector information. Command mode: All show ipsec transformset [<1‐10>] Displays IPsec transform set information. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 134
DHCP Snooping Information The following command displays DHCP Snooping information: show ip dhcp snooping Command mode: All DHCP Snooping is configured on the following VLANs: empty Insertion of option 82 information is Disable Interface Trusted Rate limit (pps) 1 No none 5 No none 6 No none 7 No none 8 No none 9 No none 10 No none 11 No none 12 No none 13 No none 14 No none 15 No none The following command displays the DHCP binding table: show ip dhcp snooping binding Command mode: All Mac Address IP Address Lease(seconds) Type VLAN Interface 00:00:01:00:02:01 10.0.0.1 1600 dynamic 100 port 1 02:1c:5f:d1:18:9c 210.38.197.63 86337 Static 127 1 06:51:4d:e6:16:2d 194.116.155.190 86337 Static 105 1 08:69:0f:1d:ba:3d 40.90.17.26 86337 Static 150 1 08:a2:6d:00:36:56 40.194.18.213 86337 Static 108 1 0e:a7:f8:a2:74:2c 130.254.47.129 86337 Static 171 1 0e:b7:64:02:97:7c 35.92.27.110 86337 Static 249 1 Total number of bindings: 7 The DHCP Snooping binding table displays information for each entry in the table. Each entry has a MAC address, an IP address, the lease time, the interface to which the entry applies and the VLAN to which the interface belongs. G8264CS Command Reference for ENOS 8.4...
Page 136
PIM Component Information The following command displays Protocol Independent Multicast (PIM) component information: show ip pim component [<component ID (1‐2)>] Command mode: All PIM Component Information ComponentId: 1 PIM Mode: sparse, PIM Version: 2 Elected BSR: 0.0.0.0 Candidate RP Holdtime: 0 PIM component information includes the following: Component ID Mode (sparse, dense) PIM Version Elected Bootstrap Router (BSR) address Candidate Rendezvous Point (RP) hold time, in seconds PIM Interface Information The following command displays information about PIM interfaces: show ip pim interface Command mode: All Address IfName/IfId Ver/Mode Nbr Qry DRAddress DRPrio Count Interval 40.0.0.3 net4/4 2/Sparse 1 30 40.0.0.3 1 50.0.0.3 net5/5 2/Sparse 0 30 50.0.0.3 1 PIM interface information includes the following for each PIM interface: IP address ...
Page 138
PIM Multicast Route Information Commands The following commands display PIM Multicast Route information: Table 59. PIM Multicast Route Information Options Command Syntax and Usage show ip pim mroute Displays information about all PIM multicast routes. Command mode: All show ip pim mroute [<component ID (1‐2)>] Displays PIM multicast routes for the selected component. Command mode: All show ip pim mroute count Displays a count of PIM multicast routes of each type. Command mode: All show ip pim mroute flags [s] [r] [w] Displays PIM multicast routes based on the selected entry flags. Enter flags in any combination: s: Shortest Path Tree (SPT) bit r: Rendezvous Point Tree (RPT) bit w: Wildcard bit Command mode: All show ip pim mroute group <multicast group IP address> Displays PIM multicast routes for the selected multicast group. Command mode: All show ip pim mroute interface {<interface number>|port <port alias or number>} Displays PIM multicast routes for the selected incoming IP interface. Command mode: All show ip pim mroute source <multicast source IP address> Displays PIM multicast routes for the selected source IP address.
Quality of Service Information The following commands display QoS information: Table 60. QoS information Options Command Syntax and Usage show qos protocolpacketcontrol information queue [all] Displays the packet rate configured for each configurable packet queue. The all option also displays the packet rate configured for each reserved packet queue. Command mode: All show qos protocolpacketcontrol information protocol Displays of mapping of protocol packet types to each packet queue number. The status indicates whether the protocol is running or not running. Command mode: All show qos randomdetect Displays WRED and ECN information. For details, see page 142. Command mode: All show qos transmitqueue Displays the current 802.1p parameters. Command mode: All show qos transmitqueue information Displays all 802.1p information. For details, see page 141. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 144
Access Control List Information The following commands display IPv4 Access Control List (ACL) information: Table 64. IPv4 Access Control List Information Commands Command Syntax and Usage show accesscontrol list [<1‐256>] Displays ACL list information. To view sample output, see page 145. Command mode: All show accesscontrol list <1‐256> ethernet Displays the current Ethernet parameters for the specified ACL. Command mode: All show accesscontrol list <1‐256> ipv4 Displays the current IPv4 parameters for the specified ACL. Command mode: All show accesscontrol list <1‐256> log Displays the current IPv4 ACL log state. Command mode: All show accesscontrol list <1‐256> meter Displays the current metering parameters for the specified ACL. Command mode: All show accesscontrol list <1‐256> mirror Displays the current port mirroring parameters for the specified ACL. Command mode: All show accesscontrol list <1‐256> packetformat Displays the current Packet Format parameters for the specified ACL. Command mode: All show accesscontrol list <1‐256> remark Displays the current re‐mark parameters for the specified ACL. Command mode: All show accesscontrol list <1‐256> tcpudp Displays the current TCP/UDP Filtering parameters for the specified ACL. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 146
Table 65. ACL List Parameter Descriptions Parameter Description Packet Format Displays the ACL Packet Format parameters, if configured. Actions Displays the configured action for the ACL. Statistics Displays status of ACL statistics (enabled or disabled). Mirror Target Displays ACL port mirroring parameters. Configuration Filter x profile Indicates the ACL number. Access Control IPv6 List Information The following commands display IPv6 Access Control List (ACL) information: Table 66. IPv6 Access Control List Information Commands Command Syntax and Usage show accesscontrol list6 [<1‐128>] Displays the current ACL parameters. Command mode: All show accesscontrol list6 <1‐128> ipv6 Displays the current IPv6 parameters for the specified ACL. Command mode: All show accesscontrol list6 <1‐128> log Displays the current IPv6 ACL log state. Command mode: All show accesscontrol list6 <1‐128> meter Displays current metering parameters for the specified ACL. Command mode: All show accesscontrol list6 <1‐128> remark Displays current re‐mark parameters for the specified ACL.
RMON History Information The following command displays RMON History information: show rmon history Command mode: All RMON History group configuration: Index IFOID Interval Rbnum Gbnum 1 1.3.6.1.2.1.2.2.1.1.24 30 5 5 2 1.3.6.1.2.1.2.2.1.1.22 30 5 5 3 1.3.6.1.2.1.2.2.1.1.20 30 5 5 4 1.3.6.1.2.1.2.2.1.1.19 30 5 5 5 1.3.6.1.2.1.2.2.1.1.24 1800 5 5 Index Owner 1 dan The following table describes the RMON History Information parameters. Table 68. RMON History Parameter Descriptions Parameter Description Index Displays the index number that identifies each history instance. IFOID Displays the MIB Object Identifier. Interval Displays the time interval for each sampling bucket. Rbnum Displays the number of requested buckets, which is the number of data slots into which data is to be saved. Gbnum Displays the number of granted buckets that may hold sampled data. Owner Displays the owner of the history instance. G8264CS Command Reference for ENOS 8.4...
Table 69. RMON Alarm Parameter Descriptions (continued) Parameter Description rEvtIdx Displays the rising alarm event index that is triggered when a rising threshold is crossed. fEvtIdx Displays the falling alarm event index that is triggered when a falling threshold is crossed. Displays the MIB Object Identifier for each alarm index. Owner Displays the owner of the alarm instance. RMON Event Information The following command displays RMON event information: show rmon event Command mode: All RMON Event group configuration: Index Type Last Sent Description 1 both 0D: 0H: 1M:20S Event_1 2 none 0D: 0H: 0M: 0S Event_2 3 log 0D: 0H: 0M: 0S Event_3 4 trap 0D: 0H: 0M: 0S Event_4 5 both 0D: 0H: 0M: 0S Log and trap event for Link Down 10 both 0D: 0H: 0M: 0S Log and trap event for Link Up 11 both 0D: 0H: 0M: 0S Send log and trap for icmpInMsg 15 both 0D: 0H: 0M: 0S Send log and trap for icmpInEchos Index Owner 1 dan The following table describes the RMON Event Information parameters. Table 70. RMON Event Parameter Descriptions Parameter Description Index Displays the index number that identifies each event instance.
Port Information The following command displays port information: show interface trunk <port alias or number> Command mode: All Alias Port Tag RMON Lrn Fld PVID DESCRIPTION VLAN(s) Trk NVLAN 1 1 n d e e 1 1 2 2 n d e e 1 1 3 3 n d e e 1 1 4 4 n d e e 1 1 5 5 n d e e 1 1 9 9 n d e e 1 1 13 13 n d e e 1 1 14 14 n d e e 1 1 15 15 n d e e 1 1 16 16 n d e e 1 1 17 17 n d e e 1 1 18 18 n d e e 1 1 19 19 n d e e 1 1 20 20 n d e e 1 1 60 60 n d e e 1 1 61 61 n d e e 1 1 62 62 n d e e 1 1 63 63 n d e e 1 1 64 64 n d e e 1 1 MGT 65 n d e e 4095 4095 * = PVID/NativeVLAN is tagged. # = PVID is ingress tagged. Trk = Trunk mode NVLAN = NativeVLAN Port information includes: Port alias or number Whether the port uses VLAN tagging or not (y or n) Whether the port has Remote Monitoring (RMON) enabled Whether the port has FDB learning enabled (Lrn) Whether the port has Port Flooding enabled (Fld) ...
Page 154
Use the following command to display extended transceiver information: show interface port <port alias or number> transceiver details Command mode: All Port TX Link TXFlt Volts DegsC TXuW RXuW Transceiver Approve 3 Q10G 1.C Ena LINK N/A N/A N/A N/A N/A PasQD 1.0m Approved BLADE NETWORK Part:BNQSQSCBL1M Date:110925 S/N:3548Y350VT19P8EM G8264CS Command Reference for ENOS 8.4...
Page 156
Table 71. VMReady Information Options Command Syntax and Usage show virt vmpolicy vmbwidth [<MAC address>|<UUID>|<name>| |<IP address>|<index number>|<index range>] [|{include|exclude| |section|begin}] Displays the current VM bandwidth management parameters for all virtual machines or only for a certain virtual machine by specifying its MAC address, UUID, name, IP address or index number. | displays the VM bandwidth management parameters matching one of the following filters: • include displays parameters matching the specified expression • exclude displays parameters not matching the specified expression • section displays parameters matching the specified section • begin displays parameters beginning from the first parameter that matches the specified expression For a sample output, see page 160. Command mode: All show virt vmprofile [<profile name>] Displays the current VM Profile parameters. For a sample output, see page 160. Command mode: All show virt vmware Displays the current VMware parameters. To view command options, see page 161. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 158
VM Port Information The following command displays VM information for a specific port: show virt port <port alias or number> Command mode: All IP Address VMAC Address Index Port VM Group (Profile) Check status 3.3.3.2 00:50:56:a5:32:f7 0 23 40.40.31.1 00:50:56:a5:4e:9f 1 23 30 test30 Number of entries: 2 VM Portchannel Information The following command displays VM information for a specific portchannel: show virt portchannel <1‐128> Command mode: All IP Address VMAC Address Index Port VM Group (Profile) Check status 5.5.5.2 00:50:56:a5:17:07 2 ST 5 0.0.0.0 00:50:56:a5:4b:03 4 ST 5 5.5.5.3 00:50:56:af:20:6f 3 ST 5 Number of entries: 3 0.0.0.0 indicates IP address not yet available ST: Server Trunk G8264CS Command Reference for ENOS 8.4...
Page 160
VM Group Information The following command displays VM Group parameters: show virt vmgroup [<1‐4096>] Command mode: All VM group 1 current configuration: Current VM group's secure mode: Disabled Current Group Ports: 13 17 Current Group vPorts: : empty VLAN: 2 Tagging/Trunkmode: Disabled Current GROUP VMAP Config is empty VM Bandwidth Information The following command displays VM bandwidth management parameters: show virt vmpolicy vmbwidth Command mode: All Bandwidth Profile for VM 00:50:56:a5:32:f7 is enabled. TX: Rate: 1024 Burst: 2048 ACL: 127 VM Profile Information The following command displays VM Profile parameters: show virt vmprofile Command mode: All VM profile "test30": VLAN ID: 30 Traffic shaping not enabled. VM Groups: 30 G8264CS Command Reference for ENOS 8.4...
Page 162
VMware Hello Information The following command displays VM hello parameters: show virt vmware hello Command mode: All Current Settings: Hello Disabled Hello timer: 23 seconds Hello ports: 13 Hello address: 10.36.30.1 VMware Host Information The following command displays VM host information: show virt vmware hosts Command mode: All UUID Name(s), IP Address 80a42681d0e55910a0bfbd23bd3f7803 127.12.41.30 3c2e063c153cdd118b32a78dd1909a69 127.12.46.10 64f1fe30143cdd1184f2a8ba2cd7ae40 127.12.44.50 c818938e143cdd119f7ad8defa4b83bf 127.12.46.20 fc719af0093cdd1195beb0adac1bcf86 127.12.46.30 009a581a143cdd11be4cc9fb65ff04ec 127.12.46.40 VM host information includes the following: UUID associated with the VMware host. Name or IP address of the VMware host. G8264CS Command Reference for ENOS 8.4...
Page 164
VMware VM Information The following command displays information for a specific Virtual Machine (VM): show virt vmware showvm {<VM UUID>|<VM IP address>|<VM name>} Command mode: All MAC Address 00:50:56:a5:32:f7 Port 23 Type Virtual Machine VM vCenter Name arch131_nfs_3 VM OS hostname Not Available VM IP Address 3.3.3.2 VM UUID 422547ad0ef75992118463aa9030377e Current VM Host 10.241.32.131 vSwitch vSwitch1 Port Group Lenovo_Default VLAN ID 0 The following command displays the UUIDs and the names of all the VMware VMs: show virt vmware vms Command mode: All Rescanning data center. Please wait. UUID Name(s), IP Address 42312c262a75c05beed26d837ac46fdd SNSC 4225801cdfdb061d65e44e4860d6fbcf arch2_06 422534406de774168a29fb462114ead0 arch2_05 422f49dfbf88e4d56cee047a626029aa arch2_4_clone 4225a4f23422038f77b56134f5fd00b6 arch_clone 422fddf6b9c3fb529eedfb7ccab48ab8 WIN_iperf 422573e7f2a1373a87ec7f78d8313cca linux 422f08f6c3b1a641a44af2698a850f3c IxVM008, localhost, 10.241.30.208 422f15d25e6e88ef689e9af8e4c69c34 IxVM007, localhost, 10.241.30.207 422f54d355b53731e8f162abac8a0911 IxVM006, localhost, 10.241.30.206 422f42d0329eaec299c82724aa26db7a IxVM005, localhost, 10.241.30.205 VMware VM information includes the following: UUID associated with the VMware VM. Name or IP address of the VMware VM. ESX Server - Switchport Mapping The following command displays ESX Server ‐ switchport mapping: show virt vmware switchportmapping...
vNIC Information The following command displays the current Virtual NIC (vNIC) parameters: show vnic Command mode: All Current Settings for vNIC Feature: State: On vNICs: 11.1 : Enabled, Max Bandwidth (increments of 100Mbps) 25 vNIC Group 32: Enabled, VLAN 32 vNICs: 11.1 Ports: empty Uplink Port: 20 Uplink failover: Enabled The following command displays Virtual NIC information: show vnic vnic [all] Command mode: All vNIC vNICGroup Vlan MaxBandwidth Type MACAddress Link 1.1 10 10 25 default none down 50.2 4 44 25 default 00:00:c9:93:d2:07 up 53.1 # * 10 default none disabled 53.4 4 44 25 default 00:00:c9:93:d5:03 up # = Not added to any vNIC group * = Not added to any vNIC group or no vlan set for its vNIC group vNIC information includes the following for each vNIC: vNIC ID vNIC Group that contains the vNIC VLAN assigned to the vNIC Group Maximum bandwidth allocated to the vNIC vNIC type (default or FCoE) MAC address of the vNIC, if applicable ...
EVB Information The following commands display Edge Virtual Bridge (EVB) Virtual Station Interface (VDP) discovery and configuration information. Table 74. EVB Information Options Command Syntax and Usage show virt evb profile Displays all EVB profile parameters. Command mode: All show virt evb profile <profile number> [ports] Displays the selected EVB profile parameters. It can include ports. Command mode: All show virt evb profile ports Displays all EVB profile parameters including ports. Command mode: All show virt evb vdp tlv Displays all active Virtual Station Interface (VSI) Discovery and Configuration Protocol (VDP) type‐length‐values (TLVs). Command mode: All show virt evb vdp vm Displays all associated Virtual Machines (VMs). For a sample output, see page 170. Command mode: All show virt evb vsidb <VSI database number (1)> Displays Virtual Station Interface database information. Command mode: All show virt evb vsitypes [mgrid <0‐255>|typeid <1‐16777215>| |version <0‐255>] Displays the current Virtual Station Interface Type database parameters. For a sample output, see page 169. Command mode: All G8264CS Command Reference for ENOS 8.4...
DCBX Information The following table describes the Data Center Bridging Capability Exchange (DCBX) protocol information options. Table 76. DCBX Information Options Command Syntax and Usage show cee information dcbx port <port alias or number> Displays all DCBX information for the specified port or range of ports. Command mode: All show cee information dcbx port <port alias or number> app_proto Displays information about the DCBX Application Protocol state machine on the specified port or range of ports. For details, see page 179. Command mode: All show cee information dcbx port <port alias or number> control Displays information about the DCBX Control state machine for the specified port or range of ports. For details, see page 173. Command mode: All show cee information dcbx port <port alias or number> ets Displays information about the DCBX ETS state machine for the specified port or range of ports. For details, see page 176. Command mode: All show cee information dcbx port <port alias or number> feature Displays information about the DCBX Feature state machine for the specified port or range of ports. For details, see page 174. Command mode: All show cee information dcbx port <port alias or number> pfc Displays information about the DCBX PFC state machine for the specified port or range of ports. For details, see page 178. Command mode: All G8264CS Command Reference for ENOS 8.4...
DCBX Feature Information The following command displays DCBX Feature information: show cee information dcbx port <port alias or number> feature Command mode: All DCBX Port Feature Statemachine Info ================================================================================== Alias Port Type AdmState Will Advrt OpVer MxVer PrWill SeqNo Err OperMode Syncd 1 1 ETS enabled No Yes 0 0 No 1 No disabled No 1 1 PFC enabled No Yes 0 0 No 1 No disabled No 1 1 AppProt disabled No Yes 0 0 No 1 No disabled No 2 2 ETS enabled No Yes 0 0 No 1 No disabled No 2 2 PFC enabled No Yes 0 0 No 1 No disabled No 2 2 AppProt disabled No Yes 0 0 No 1 No disabled No 3 3 ETS enabled No Yes 0 0 No 1 No disabled No 3 3 PFC enabled No Yes 0 0 No 1 No disabled No 3 3 AppProt disabled No Yes 0 0 No 1 No disabled No 4 4 ETS enabled No Yes 0 0 No 1 No disabled No 4 4 PFC enabled No Yes 0 0 No 1 No disabled No 4 4 AppProt disabled No Yes 0 0 No 1 No disabled No 5 5 ETS enabled No Yes 0 0 No 1 No disabled No 5 5 PFC enabled No Yes 0 0 No 1 No disabled No 5 5 AppProt disabled No Yes 0 0 No 1 No disabled No The following table describes the DCBX Feature information. Table 77. DCBX Feature Information Fields Parameter Description Alias Displays each port’s alias. Port Displays each port’s number. Type Feature type AdmState Feature status (Enabled or Disabled) Will Willing flag status (Yes/True or No/Untrue)
DCBX PFC Information The following command displays DCBX Priority Flow Control (PFC) information: show cee information dcbx port <port alias or number> pfc Command mode: All DCBX Port Priority Flow Control Table ===================================== Alias Port Priority EnableDesr EnableOper EnablePeer 2 2 0 disabled disabled disabled 2 2 1 disabled disabled disabled 2 2 2 disabled disabled disabled 2 2 3 enabled disabled disabled 2 2 4 disabled disabled disabled 2 2 5 disabled disabled disabled 2 2 6 disabled disabled disabled 2 2 7 disabled disabled disabled DCBX PFC information includes the following: Port alias and number 802.1p value EnableDesr: Status configured on this switch EnableOper: Status negotiated with the peer (operating status) EnablePeer: Status configured on the peer G8264CS Command Reference for ENOS 8.4...
Page 180
The following table describes the DCBX Application Protocol information. Table 79. DCBX Application Protocol Information Fields Parameter Description Protocol ID Identifies the supported Application Protocol. Selector Field Specifies the Application Protocol type, as follows: 0 = Ethernet Type 1 = TCP socket ID Organizationally Unique DCBX TLV identifier Alias Port alias Port Port number Priority 802.1p value EnableDesr Status configured on this switch EnableOper Status negotiated with the peer (operating status) EnablePeer Status configured on the peer G8264CS Command Reference for ENOS 8.4...
PFC Information The following table describes the Priority Flow Control (PFC) information options. Table 81. PFC Information Options Command Syntax and Usage show cee port <port alias or number> pfc Displays PFC information. Command mode: All show cee port <port alias or number> pfc information Displays PFC information. Command mode: All show cee port <port alias or number> pfc priority <0‐7> Displays PFC information. Command mode: All The following command displays PFC information: show cee port <port alias or number> pfc information Command mode: All PFC information for Port 1: PFC ON Priority State Description 0 Dis 1 Dis 2 Dis 3 Ena 4 Dis 5 Dis 6 Dis 7 Dis State indicates whether PFC is Enabled/Disabled on a particular priority G8264CS Command Reference for ENOS 8.4...
FIP Snooping FCoE Forwarder Information The following command shows FCoE forwarder (FCF) information that has been learned (detected) by the switch: show fcoe fips fcf Command mode: All Total number of FCFs detected: 0 The following command displays FIP Snooping information for the selected port: show fcoe fips port <port alias or number> information Command mode: All FIP Snooping on port INT2: This port has been configured to automatically detect FCF. It has currently detected to have 0 FCF connecting to it. FIPS ACLs configured on this port: SMAC 00:c0:dd:13:9b:6f, action deny. SMAC 00:c0:dd:13:9b:70, action deny. SMAC 00:c0:dd:13:9b:6d, action deny. SMAC 00:c0:dd:13:9b:6e, action deny. DMAC 00:c0:dd:13:9b:6f, ethertype 0x8914, action permit. DMAC 00:c0:dd:13:9b:70, ethertype 0x8914, action permit. DMAC 00:c0:dd:13:9b:6d, ethertype 0x8914, action permit. DMAC 00:c0:dd:13:9b:6e, ethertype 0x8914, action permit. SMAC 0e:fc:00:01:0a:00, DMAC 00:c0:dd:13:9b:6d, ethertype 0x8906, vlan 1002, action permit. DMAC 01:10:18:01:00:01, Ethertype 0x8914, action permit. DMAC 01:10:18:01:00:02, Ethertype 0x8914, action permit. Ethertype 0x8914, action deny. Ethertype 0x8906, action deny. SMAC 0e:fc:00:00:00:00, SMAC mask ff:ff:ff:00:00:00, action deny. FIP Snooping port information includes the following: Fibre Channel Forwarding (FCF) mode Number of FCF links connected to the port List of FIP Snooping ACLs assigned to the port G8264CS Command Reference for ENOS 8.4...
Page 186
Table 83. Fibre Channel Information Commands Command Syntax and Usage show npv trafficmap Displays NPV source‐destination traffic mapping. For details, see page 189. Command mode: All show npv autodisruptiveloadbalance [<switch_number>] Displays all VLANs that have automated disruptive load balance enabled. Command mode: All show zone Lists all FC zones. Command mode: All show zone status Displays FC zone status information. For details, see page 189. Command mode: All show zone name <zone name> Displays information for the specified FC zone. Command mode: All show zoneset Lists all FC zonesets. Command mode: All show zoneset name <zoneset name> Displays information for the specified FC zoneset. Command mode: All show zoneset active Displays the currently active FC zoneset. Command mode: All show interface fc information Displays FC port information. For details, see page 190. Command mode: All show interface fc port <port alias or number> Displays FC information for the specified ports.
Fabric Configuration Status Database Information The following command displays information about the fabric configuration: show fcs database Command mode: All Fabric Name : 10:00:74:99:75:22:48:00 Switch Domain Id : 1 Switch Mgmt Id : 010000 Switch WWN : 10:00:74:99:75:22:48:00 Switch Ports: Port PWWN 55 20:02:74:99:75:22:48:00 63 00:00:00:00:00:00:00:00 64 00:00:00:00:00:00:00:00 Fibre Channel Forwarding Information The following command displays information about Fibre Channel forwarding: show fcf Command mode: All FCF:1 in VLAN: 1002 NPVGw FCMAP : 0x0efc00 Priority : 128 FKAAdv : 8 FC Port : 55 60 63 64 ==================================================== FCF:2 in VLAN: 1003 NPVGw FCMAP : 0x0efc01 Priority : 128 FKAAdv : 8 FC Port : 56 59 ...
FC Port Information The following command displays information about FC ports: show interface fc information Command mode: All Alias Port Admin Oper Login Config Running Link Link State State Status Type Type Status Speed 53 53 Online Online LoggedIn F F Active 4Gb/s 54 54 Online Offline NotLoggedIn F F Active 4Gb/s 55 55 Online Offline NotLoggedIn F Unknown Inactive Unknown 56 56 Online Offline NotLoggedIn F Unknown Inactive Unknown 57 57 Down Downed NotLoggedIn Eth Eth Inactive Unknown 58 58 Down Downed NotLoggedIn Eth Eth Inactive Unknown 59 59 Down Downed NotLoggedIn Eth Eth Inactive Unknown 60 60 Down Downed NotLoggedIn Eth Eth Inactive Unknown 61 61 Down Downed NotLoggedIn Eth Eth Inactive Unknown 62 62 Down Downed NotLoggedIn Eth Eth Inactive Unknown 63 63 Down Downed NotLoggedIn Eth Eth Inactive Unknown 64 64 Online Downed NotLoggedIn Eth Eth Inactive Unknown Fibre Channel port information includes the following: Table 84. Fibre Channel Port Information Descriptions Parameter Description Alias Port alias Port Port number Admin State Configured state of the port (online, offline, or down) Oper State Current operational state of the port (online, offline, or downed) Login Status Login status of the port on the FC fabric (LoggedIn or NotLoggedIn) Config Type Configured FC port type, as follows: E (Expansion port) **not supported ...
Information Dump The following command dumps switch information: show informationdump Command mode: All Use the dump command to dump all switch information available (10K or more, depending on your configuration). This data is useful for tuning and debugging switch performance. If you want to capture dump data to a file, set your communication software on your workstation to capture session data prior to issuing the dump commands. G8264CS Command Reference for ENOS 8.4...
Port Statistics These commands display traffic statistics on a port‐by‐port basis. Traffic statistics include SNMP Management Information Base (MIB) objects. Table 86. Port Statistics Commands Command Syntax and Usage show interface port <port alias or number> bitrateusage Displays the traffic rate in kilobits per second. Command mode: All show interface port <port alias or number> bridgingcounters Displays bridging (“dot1”) statistics for the port. See page 201 for sample output. Command mode: All show interface port <port alias or number> bridgingrate Displays per‐second bridging (“dot1”) statistics for the port. Command mode: All show interface port <port alias or number> egressqueuecounters [<queue number (0‐7)>|drop] Displays the total number of packets and bytes either successfully transmitted or dropped for each queue of the specified ports. queue number filters the output to the specified queue number drop lists only the queues with dropped traffic (non‐zero counters for dropped packets/bytes counters) See page 212 for sample output. Command mode: All show interface port <port alias or number> egressqueuerate [<queue number (0‐7)>|drop] Displays the number of packets and bytes per second either successfully transmitted or dropped for each queue of the specified ports. queue number filters the output to the specified queue number drop lists only the queues with dropped traffic (non‐zero rates for dropped ...
802.1X Authenticator Statistics Use the following command to display the 802.1X authenticator statistics of the selected port: show interface port <port alias or number> dot1x counters Command mode: All Authenticator Statistics: eapolFramesRx = 925 eapolFramesTx = 3201 eapolStartFramesRx = 2 eapolLogoffFramesRx = 0 eapolRespIdFramesRx = 463 eapolRespFramesRx = 460 eapolReqIdFramesTx = 1820 eapolReqFramesTx = 1381 invalidEapolFramesRx = 0 eapLengthErrorFramesRx = 0 lastEapolFrameVersion = 1 lastEapolFrameSource = 00:01:02:45:ac:51 The following table describes the 802.1X authenticator statistics. Table 87. 802.1X Authenticator Statistics of a Port Statistics Description eapolFramesRx Total number of EAPOL frames received eapolFramesTx Total number of EAPOL frames transmitted eapolStartFramesRx Total number of EAPOL Start frames received eapolLogoffFramesRx Total number of EAPOL Logoff frames received eapolRespIdFramesRx Total number of EAPOL Response Identity frames received eapolRespFramesRx Total number of Response frames received eapolReqIdFramesTx Total number of Request Identity frames ...
Page 198
Table 88. 802.1X Authenticator Diagnostics of a Port (continued) Statistics Description authTimeoutsWhileAuthenticating Total number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of the Backend Authentication state machine indicating authentication timeout. authFailWhileAuthenticating Total number of times that the state machine transitions from AUTHENTICATING to HELD, as a result of the Backend Authentication state machine indicating authentication failure. authReauthsWhileAuthenticating Total number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of a re‐authentication request authEapStartsWhileAuthenticating Total number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of an EAPOL‐Start message being received from the Supplicant. authEapLogoffWhileAuthenticating Total number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of an EAPOL‐Logoff message being received from the Supplicant. authReauthsWhileAuthenticated Total number of times that the state machine transitions from AUTHENTICATED to CONNECTING, as a result of a re‐authentication request. authEapStartsWhileAuthenticated Total number of times that the state ...
BootStrap Protocol Relay Statistics Use the following command to display the BOOTP Relay statistics of the selected port: show ip bootprelay counters interface <port alias or number> Command mode: All BOOTP Relay statistics for port 1: Requests received from client: 0 Requests relayed to server: 0 Requests relayed with option 82: 0 Requests dropped due to ... relay not allowed: 0 no server or unreachable server: 0 packet or processing errors: 0 Replies received from server: 0 Replies relayed to client: 0 Replies dropped due to ... packet or processing errors: 0 G8264CS Command Reference for ENOS 8.4...
Ethernet Statistics Use the following command to display the ethernet statistics of the selected port: show interface port <port alias or number> ethernetcounters Command mode: All Ethernet statistics for port 1: dot3StatsAlignmentErrors: 0 dot3StatsFCSErrors: 0 dot3StatsSingleCollisionFrames: 0 dot3StatsMultipleCollisionFrames: 0 dot3StatsLateCollisions: 0 dot3StatsExcessiveCollisions: 0 dot3StatsInternalMacTransmitErrors: NA dot3StatsFrameTooLongs: 0 dot3StatsInternalMacReceiveErrors: 0 The following table describes the ethernet statistics. Table 90. Ethernet Statistics of a Port Statistics Description dot3StatsAlignment Errors A count of frames received on a particular interface that are not an integral number of octets in length and do not pass the Frame Check Sequence (FCS) check. The count represented by an instance of this object is incremented when the alignmentError status is returned by the MAC service to the Logical Link Control (LLC) (or other MAC user). Received frames for which multiple error conditions obtained are, according to the conventions of IEEE 802.3 Layer Management, counted exclusively according to the error status presented to the LLC. dot3StatsFCSErrors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the Frame Check Sequence (FCS) check. The count represented by an instance of this object is ...
Page 204
Table 90. Ethernet Statistics of a Port (continued) Statistics Description dot3StatsFrameTooLongs A count of frames received on a particular interface that exceed the maximum permitted frame size. The count represented by an instance of this object is incremented when the frameTooLong status is returned by the MAC service to the LLC (or other MAC user). Received frames for which multiple error conditions obtained are, according to the conventions of IEEE 802.3 Layer Management, counted exclusively according to the error status presented to the LLC. dot3StatsInternalMac A count of frames for which reception on a ReceiveErrors particular interface fails due to an internal MAC sub layer receive error. A frame is only counted by an instance of this object if it is not counted by the corresponding instance of either the dot3StatsFrameTooLongs object, the dot3StatsAlignmentErrors object, or the dot3StatsFCSErrors object. The precise meaning of the count represented by an instance of this object is implementation‐specific. In particular, an instance of this object may represent a count of received errors on a particular interface that are not otherwise counted. G8264CS Command Reference for ENOS 8.4...
Page 206
Table 91. Interface Statistics of a Port (continued) Statistics Description ifInDiscards The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being delivered to a higher‐layer protocol. One possible reason for discarding such a packet could be to free up buffer space. ifInErrors For packet‐oriented interfaces, the number of inbound packets that contained errors preventing them from being delivered to a higher‐layer protocol. For character‐oriented or fixed‐length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher‐layer protocol. ifOutOctets The total number of octets transmitted out of the interface, including framing characters. ifOutUcastPkts The total number of packets that higher‐level protocols requested to be transmitted, and which were not addressed to a multicast or broadcast address at this sub‐layer, including those that were discarded or not sent. ifOutBroadcastPkts The total number of packets that higher‐level protocols requested to be transmitted, and which were addressed toa broadcast address at this sub‐layer, including those that were discarded or not sent. This object is a 64‐bit version of ifOutBroadcastPkts. ifOutMulticastPkts The total number of packets that higher‐level protocols requested to be transmitted, and which were addressed to a multicast address at this sub‐layer, including those that were discarded or not sent. For a MAC layer protocol, this includes both Group and Functional addresses. This object is a 64‐bit version of ...
Interface Protocol Statistics Use the following command to display the interface protocol statistics of the selected port: show interface port <port alias or number> ipcounters Command mode: All GEA IP statistics for port 1: ipInReceives : 0 ipInHeaderError: 0 ipInDiscards : 0 The following table describes the interface protocol statistics. Table 92. Interface Protocol Statistics of a Port Statistics Description ipInReceives The total number of input datagrams received from interfaces, including those received in error. ipInHeaderErrors The number of input datagrams discarded because the IP address in their IP headerʹs destination field was not a valid address to be received at this entity (the switch). ipInDiscards The number of input IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (for example, for lack of buffer space). Note that this counter does not include any datagrams discarded while awaiting re‐assembly. Link Statistics Use the following command to display the link statistics of the selected port: show interface port <port alias or number> linkcounters Command mode: All Link statistics for port 1: linkStateChange: 1 The following table describes the link statistics. ...
Page 210
Table 94. RMON Statistics of a Port (continued) Statistics Description etherStatsCRCAlignErrors The total number of packets received that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non‐integral number of octets (Alignment Error). etherStatsUndersizePkts The total number of packets received that were less than 64 octets long (excluding framing bits but including FCS octets) and were otherwise well formed. etherStatsOversizePkts The total number of packets received that were longer than 1518 octets (excluding framing bits but including FCS octets) and were otherwise well formed. etherStatsFragments The total number of packets received that were less than 64 octets in length (excluding framing bits but including FCS octets) and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non‐integral number of octets (Alignment Error). etherStatsJabbers The total number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non‐integral number of octets (Alignment Error). Jabber is defined as the condition where any packet exceeds 20 ms. ...
Multicast QoS Queue Counter-Based Statistics Use the following command to display the counter‐based multicast QoS queue statistics of the selected port: show interface port <port alias or number> egressmcastqueue counters Command mode: All Multicast QoS statistics for port 1: QoS Queue 8: Tx Packets: 0 Dropped Packets: 0 Tx Bytes: 0 Dropped Bytes: 0 QoS Queue 9: Tx Packets: 0 Dropped Packets: 0 Tx Bytes: 0 Dropped Bytes: 0 QoS Queue 10: Tx Packets: 0 Dropped Packets: 0 Tx Bytes: 0 Dropped Bytes: 0 QoS Queue 11: Tx Packets: 0 Dropped Packets: 0 Tx Bytes: 0 Dropped Bytes: 0 The following table describes the counter‐based multicast QoS queue statistics. Table 97. Multicast QoS Queue Counter‐Based Statistics of a Port Statistics Description Tx Packets Total number of successfully transmitted packets for the multicast QoS queue Dropped Packets Total number of dropped packets for the ...
Link Aggregation Group (LAG) Statistics The following commands display Link Aggregation Group (LAG) statistics: Table 99. LAG Statistics Commands Command Syntax and Usage show interface portchannel <1‐128> interfacecounters Displays interface statistics for the LAG. Command mode: All clear interface portchannel <1‐128> counters Clears all the statistics on the selected LAG. Command mode: Privileged EXEC G8264CS Command Reference for ENOS 8.4...
Page 218
Table 100. Layer 2 Statistics Commands Command Syntax and Usage show macaddresstable counters unicast Displays all FDB statistics for all Unicast FDB entries. Command mode: All show macaddresstable counters vlan <VLAN ID (1‐4094)> Displays all FDB statistics on a single VLAN. Command mode: All show oam counters Displays OAM statistics. See page 225 for sample output. Command mode: All show spanningtree statistics Displays all Spanning Tree Protocol (STP) statistics. See page 224 for sample output. Command mode: All show spanningtree statistics port <port alias or number> Displays STP statistics for the specified port. See page 224 for sample output. Command mode: All show spanningtree statistics stp <1‐128> Displays STP statistics for the specified Spanning Tree Group (STG). See page 224 for sample output. Command mode: All show vlag statistics Displays all vLAG statistics. See page 226 for sample output. Command mode: All clear hotlinks Clears all Hot Links statistics. Command mode: Privileged EXEC clear interface port <port alias or number> lacp counters Clears Link Aggregation Control Protocol (LACP) statistics.
FDB Statistics Use the following command to display statistics regarding the use of the forwarding database, including the number of new entries, finds, and unsuccessful searches: show macaddresstable counters Command mode: All FDB statistics: current: 83 hiwat: 855 FDB statistics are described in the following table: Table 101. Forwarding Database Statistics Statistic Description current Current number of entries in the Forwarding Database. hiwat Highest number of entries recorded at any given time in the Forwarding Database. G8264CS Command Reference for ENOS 8.4...
Hotlinks Statistics Use the following command to display statistics: Hot Links show hotlinks counters Command mode: All Hot Links Trigger Stats: Trigger 1 statistics: Trigger Name: Trigger 1 Master active: 0 Backup active: 0 FDB update: 0 failed: 0 The following table describes the Hotlinks statistics: Table 103. Hotlinks Statistics Statistic Description Master active Total number of times the Master interface transitioned to the Active state. Backup active Total number of times the Backup interface transitioned to the Active state. FDB update Total number of FDB update requests sent. failed Total number of FDB update requests that failed. G8264CS Command Reference for ENOS 8.4...
Layer 3 Statistics The following commands display Layer 3 statistics: Table 107. Layer 3 Statistics Commands Command Syntax and Usage show [ip] arp counters Displays Address Resolution Protocol (ARP) statistics. See page 242 for sample output. Command mode: All show ip arp inspection statistics [vlan <VLAN ID (1‐4094)>] Displays Dynamic ARP Inspection statistics. See page 242 for sample output. Command mode: All show ip counters Displays Internet Protocol (IP) statistics. See page 233 for sample output. Command mode: All show ipv6 counters Displays Internet Protocol version 6 (IPv6) statistics. See page 235 for sample output. Command mode: All show ip dhcp snooping counters Displays Dynamic Host Control Protocol (DHCP) Snooping statistics. Command mode: All show ip dns counters Displays Domain Name System (DNS) statistics. See page 243 for sample output. Command mode: All show ip icmp counters Displays Internet Control Message Protocol (ICMP) statistics. See page 244 for sample output.
Page 230
Table 107. Layer 3 Statistics Commands (continued) Command Syntax and Usage show ipv6 route counters Displays IPv6 route statistics. See page 241 for sample output. Command mode: All show ip slp counters Displays Service Location Protocol (SLP) statistics. Command mode: All show ip tcp counters Displays Transmission Control Protocol (TCP) statistics. See page 246 for sample output. Command mode: All show ip udp counters Displays User Datagram Protocol (UDP) statistics. See page 248 for sample output. Command mode: All show ip vrrp counters When virtual routers are configured, you can display the protocol statistics for Virtual Router Redundancy Protocol (VRRP). See page 264 for sample output. Command mode: All show layer3 counters Dumps all Layer 3 statistics. Use this command to gather data for tuning and debugging switch performance. If you want to capture dump data to a file, set your communication software on your workstation to capture session data prior to issuing the dump command. Command mode: All clear ip arp counters Clears Address Resolution Protocol (ARP) statistics. Command mode: Privileged EXEC clear ip arp inspection statistics [vlan <VLAN ID (1‐4094)>] Clears Dynamic ARP Inspection statistics. Command mode: Privileged EXEC clear ip counters Clears IPv4 statistics. Use this command with caution as it deletes all the IPv4 ...
Page 234
Table 108. IPv4 Statistics (continued) Statistics Description ipOutRequests The total number of IP datagrams which local IP user‐protocols (including ICMP) supplied to IP in requests for transmission. Note that this counter does not include any datagrams counted in ipForwDatagrams. ipOutDiscards The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination, but which were discarded (for example, for lack of buffer space). Note that this counter would include datagrams counted in ipForwDatagrams if any such packets met this (discretionary) discard criterion. ipDefaultTTL The default value inserted into the TimeToLive (TTL) field of the IP header of datagrams originated at this entity (the switch), whenever a TTL value is not supplied by the transport layer protocol. G8264CS Command Reference for ENOS 8.4...
Page 236
Table 109. IPv6 Statistics (continued) Statistic Description AddrErrors Number of datagrams discarded because the IP address in their IP headerʹs destination field was not a valid address to be received at this entity (the switch). This count includes invalid addresses. For entities which are not IP Gateways and therefore do not forward datagrams, this counter includes datagrams discarded because the destination address was not a local address. FwdDgrams Number of input datagrams for which this entity (the switch) was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination. In entities which do not act as IP Gateways, this counter will include only those packets, which were Source‐Routed via this entity (the switch), and the Source‐ Route option processing was successful. UnknownProtos Number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol. Discards Number of IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (for example, for lack of buffer space). Note that this counter does not include any datagrams discarded while awaiting re‐assembly. Delivers Number of datagrams successfully delivered to IP user‐protocols (including ICMP). OutRequests Number of IP datagrams which local IP user‐protocols (including ICMP) supplied to IP in requests for transmission. OutDiscards Number of output IP datagrams for which no problem was encountered to prevent their transmission to their ...
Page 238
Table 110. ICMP Statistics Statistic Description Redirects Number of ICMP Redirect messages received. AdminProhib The number of ICMP destination unreachable/communication administratively prohibited messages received by the interface. ICMPBadCode The number of ICMP Parameter Problem messages received by the interface. Sent ICMPMsgs Number of ICMP messages which this entity (the switch) attempted to send. ICMPErrMsgs Number of ICMP messages which this entity (the switch) did not send due to problems discovered within ICMP such as a lack of buffer. This value should not include errors discovered outside the ICMP layer such as the inability of IP to route the resultant datagram. In some implementations there may be no types of errors that contribute to this counterʹs value. DstUnReach Number of ICMP Destination Unreachable messages sent. TimeExcds Number of ICMP Time Exceeded messages sent. ParmProbs Number of ICMP Parameter Problem messages sent. PktTooBigs The number of ICMP Packet Too Big messages sent by the interface. EchoReq Number of ICMP Echo (request) messages sent. EchoReply Number of ICMP Echo Reply messages sent. RouterSols Number of Router Solicitation messages sent by the switch. RouterAdv Number of Router Advertisements sent by the switch.
Page 240
IPv4 Route Statistics The following command displays IPv4 route statistics: show ip route counters Command mode: All Route statistics: Current total outstanding routes : 2 Highest number ever recorded : 2 Current static routes : 0 Current RIP routes : 0 Current OSPF routes : 0 Current BGP routes : 0 Maximum supported routes : 16384 ECMP statistics (active in ASIC): Maximum number of ECMP routes : 16384 Maximum number of static ECMP routes : 128 Number of routes with ECMP paths : 0 The following table describes the IPv4 route statistics. Table 112. IPv4 Route Statistics Statistics Description Current total Total number of outstanding routes in the route table. outstanding routes Highest number ever Highest number of routes ever recorded in the route table. recorded Current static routes Total number of static routes in the route table. Current RIP routes Total number of RIP routes in the route table. Current OSPF routes Total number of OSPF routes in the route table. Current BGP routes Total number of BGP routes in the route table. Maximum supported Maximum number of routes that are supported. routes Maximum number of ...
ARP statistics The following command displays Address Resolution Protocol statistics. show [ip] arp counters Command mode: All Mgmt ARP statistics: arpEntriesCur: 1 arpEntriesHighWater: 2 Data ARP statistics: arpEntriesCur: 1 arpEntriesHighWater: 1 arpEntriesMax: 16383 The following table describes the ARP statistics. Table 114. ARP Statistics Statistic Description arpEntriesCur The total number of outstanding ARP entries in the ARP table. arpEntriesHighWater The highest number of ARP entries ever recorded in the ARP table. arpEntriesMax The maximum number of ARP entries that are supported. The following command displays Dynamic ARP Inspection statistics. show ip arp inspection statistics [vlan <VLAN ID (1‐4094)>] Command mode: All Vlan Forwarded Dropped 2 100 200 G8264CS Command Reference for ENOS 8.4...
ICMP Statistics The following command displays ICMP statistics: show ip icmp counters Command mode: All ICMP statistics: icmpInMsgs: 245802 icmpInErrors: 1393 icmpInDestUnreachs: 41 icmpInTimeExcds: 0 icmpInParmProbs: 0 icmpInSrcQuenchs: 0 icmpInRedirects: 0 icmpInEchos: 18 icmpInEchoReps: 244350 icmpInTimestamps: 0 icmpInTimestampReps: 0 icmpInAddrMasks: 0 icmpInAddrMaskReps: 0 icmpOutMsgs: 253810 icmpOutErrors: 0 icmpOutDestUnreachs: 15 icmpOutTimeExcds: 0 icmpOutParmProbs: 0 icmpOutSrcQuenchs: 0 icmpOutRedirects: 0 icmpOutEchos: 253777 icmpOutEchoReps: 18 icmpOutTimestamps: 0 icmpOutTimestampReps: 0 icmpOutAddrMasks: 0 icmpOutAddrMaskReps: 0 The following table describes the ICMP statistics. Table 116. ICMP Statistics Statistic Description icmpInMsgs The total number of ICMP messages which the entity (the switch) received. Note that this counter includes all those counted by icmpInErrors. icmpInErrors The number of ICMP messages which the entity (the switch) received but determined as having ICMP‐specific errors (bad ICMP checksums, bad length, and so forth). icmpInDestUnreachs The number of ICMP Destination Unreachable messages received. icmpInTimeExcds The number of ICMP Time Exceeded messages received. icmpInParmProbs The number of ICMP Parameter Problem messages ...
Page 246
TCP Statistics The following command displays TCP statistics: show ip tcp counters Command mode: All TCP statistics: tcpRtoAlgorithm: 4 tcpRtoMin: 0 tcpRtoMax: 240000 tcpMaxConn: 512 tcpActiveOpens: 252214 tcpPassiveOpens: 7 tcpAttemptFails: 528 tcpEstabResets: 4 tcpInSegs: 756401 tcpOutSegs: 756655 tcpRetransSegs: 0 tcpInErrs: 0 tcpCurrEstab: 0 tcpCurConn: 3 tcpOutRsts: 417 The following table describes the TCP statistics. Table 117. TCP Statistics Statistic Description tcpRtoAlgorithm The algorithm used to determine the timeout value used for retransmitting unacknowledged octets. tcpRtoMin The minimum value permitted by a TCP implementation for the retransmission timeout, measured in milliseconds. More refined semantics for objects of this type depend upon the algorithm used to determine the retransmission timeout. In particular, when the timeout algorithm is rsre(3), an object of this type has the semantics of the LBOUND quantity described in RFC 793. tcpRtoMax The maximum value permitted by a TCP implementation for the retransmission timeout, measured in milliseconds. More refined semantics for objects of this type depend upon the algorithm used to determine the retransmission timeout. In particular, when the timeout algorithm is rsre(3), an object of this type has the semantics of the UBOUND quantity described in RFC 793. tcpMaxConn The limit on the total number of TCP connections the ...
Page 248
UDP Statistics The following command displays UDP statistics: show ip udp counters Command mode: All UDP statistics: udpInDatagrams: 54 udpOutDatagrams: 43 udpInErrors: 0 udpNoPorts: 1578077 The following table describes the UDP statistics. Table 118. UDP Statistics Statistic Description udpInDatagrams The total number of UDP datagrams delivered to the switch. udpOutDatagrams The total number of UDP datagrams sent from this entity (the switch). udpInErrors The number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port. udpNoPorts The total number of received UDP datagrams for which there was no application at the destination port. G8264CS Command Reference for ENOS 8.4...
Page 250
Table 119. IGMP Statistics (continued) Statistic Description rxIgmpV3CurrentStateRecords Total number of Current State records received rxIgmpV3SourceListChangeRecords Total number of Source List Change records received rxIgmpV3FilterChangeRecords Total number of Filter Change records received txIgmpGenQueries Total number of General Membership Query packets transmitted rxPimHellos Total number of PIM hellos received G8264CS Command Reference for ENOS 8.4...
OSPF Statistics The following commands display OSPF statistics: Table 122. OSPF Statistics Commands Command Syntax and Usage show ip ospf counters Displays global OSPF statistics. See page 255 for sample output. Command mode: All show ip ospf area [<0‐5>] counters Displays OSPF statistics for all areas or a specified area. Command mode: All show ip ospf interface [<interface number>|port <port alias or number>] counters Displays OSPF statistics for all interfaces or a specified interface. Command mode: All clear ip ospf counters Clears OSPF statistics. Command mode: Privileged EXEC G8264CS Command Reference for ENOS 8.4...
Page 256
Table 123. OSPF General Statistics (continued) Statistic Description Tx Hello The sum total of all Hello packets transmitted on all OSPF areas and interfaces. Rx Database The sum total of all Database Description packets received on all OSPF areas and interfaces. Tx Database The sum total of all Database Description packets transmitted on all OSPF areas and interfaces. Rx ls Requests The sum total of all Link State Request packets received on all OSPF areas and interfaces. Tx ls Requests The sum total of all Link State Request packets transmitted on all OSPF areas and interfaces. Rx ls Acks The sum total of all Link State Acknowledgement packets received on all OSPF areas and interfaces. Tx ls Acks The sum total of all Link State Acknowledgement packets transmitted on all OSPF areas and interfaces. Rx ls Updates The sum total of all Link State Update packets received on all OSPF areas and interfaces. Tx ls Updates The sum total of all Link State Update packets transmitted on all OSPF areas and interfaces. Nbr Change Stats: hello The sum total of all Hello packets received from neighbors on all OSPF areas and interfaces. Start The sum total number of neighbors in this state (that is, an indication that Hello packets should now be sent to the neighbor at intervals of HelloInterval seconds.) across all OSPF areas and interfaces.
Page 258
Table 123. OSPF General Statistics (continued) Statistic Description Timers Kickoff: hello The sum total number of times the Hello timer has been fired (which triggers the send of a Hello packet) across all OPSF areas and interfaces. retransmit The sum total number of times the Retransmit timer has been fired across all OPSF areas and interfaces. lsa lock The sum total number of times the Link State Advertisement (LSA) lock timer has been fired across all OSPF areas and interfaces. lsa ack The sum total number of times the LSA Ack timer has been fired across all OSPF areas and interfaces. dbage The total number of times the data base age (Dbage) has been fired. summary The total number of times the Summary timer has been fired. ase export The total number of times the Autonomous System Export (ASE) timer has been fired. G8264CS Command Reference for ENOS 8.4...
Page 260
OSPFv3 Global Statistics The following command displays statistics about OSPFv3 packets received on all OSPFv3 areas and interfaces: show ipv6 ospf counters Command mode: All OSPFv3 stats Rx/Tx/Disd Stats: Rx Tx Discarded Pkts 9695 95933 0 hello 9097 8994 0 database 39 51 6 ls requests 16 8 0 ls acks 172 360 0 ls updates 371 180 0 Errors rx on pasv intf 0 rx but ospf off 0 rx on intf not up 0 rx version mismatch 0 rx rtr id is zero 0 rx with our rtr id 0 instance id mismatch 0 area mismatch 0 dest addr mismatch 0 bad checksum 0 no associated nbr 0 bad packet type 0 hello mismatch 0 options mismatch 0 dead mismatch 0 bad nbma/ptomp nbr 0 Nbr change stats: Intf change Stats: down 0 down 5 attempt 0 loop 0 init 1 waiting 6 n2way 1 ptop 0 exstart 1 dr 4 exchange done 1 backup 6 loading done 1 dr other 0 full 1 all events 33...
Page 262
Table 125. OSPFv3 General Statistics (continued) Statistics Description Tx ls updates The sum total of all Link State Update packets transmitted on all OSPFv3 interfaces. Discarded ls The sum total of all Link State Update packets discarded. updates Nbr Change Stats: down The total number of Neighboring routers down (in the initial state of a neighbor conversation) across all OSPFv3 interfaces. attempt The total number of transitions into attempt state of neighboring routers across allOSPFv3 interfaces. init The total number of transitions into init state of neighboring routers across all OSPFv3 interfaces. n2way The total number of bidirectional communication establishment between this router and other neighboring routers. exstart The total number of transitions into exstart state of neighboring routers across all OSPFv3 interfaces exchange done The total number of neighbors in this state (that is, in an adjacencyʹs final state) having transmitted a full sequence of Database Description packets, across all OSPFv3 interfaces. loading done The total number of link state updates received for all out‐of‐date portions of the database across all OSPFv3 interfaces. full The total number of transitions into full state of neighboring routers across all OSPFv3 interfaces. all events The total number of state transitions of neighboring routers ...
VRRP Statistics Virtual Router Redundancy Protocol (VRRP) support on the G8264CS provides redundancy between routers in a LAN. This is accomplished by configuring the same virtual router IP address and ID number on each participating VRRP‐capable routing device. One of the virtual routers is then elected as the master, based on a number of priority criteria, and assumes control of the shared virtual router IP address. If the master fails, one of the backup virtual routers will assume routing authority and take control of the virtual router IP address. When virtual routers are configured, you can display the protocol statistics for VRRP. The following command displays VRRP statistics: show ip vrrp counters Command mode: All VRRP statistics: vrrpInAdvers: 0 vrrpBadAdvers: 0 vrrpOutAdvers: 0 vrrpOutGratuitousARPs: 0 vrrpBadVersion: 0 vrrpBadVrid: 0 vrrpBadAddress: 0 vrrpBadData: 0 vrrpBadPassword: 0 vrrpBadInterval: 0 The following table describes the VRRP statistics. Table 126. VRRP Statistics Statistics Description vrrpInAdvers The total number of valid VRRP advertisements that have been received. vrrpBadAdvers The total number of VRRP advertisements received that were dropped. vrrpOutAdvers The total number of VRRP advertisements that have been sent. vrrpBadVersion The total number of VRRP advertisements received that had a bad version number. vrrpOut The total number of VRRP gratuitous ARPs that have been GratuitousARPs sent.
Routing Information Protocol Statistics The following command displays RIP statistics: show ip rip counters Command mode: All RIP ALL STATS INFORMATION: RIP packets received = 12 RIP packets sent = 75 RIP request received = 0 RIP response recevied = 12 RIP request sent = 3 RIP reponse sent = 72 RIP route timeout = 0 RIP bad size packet received = 0 RIP bad version received = 0 RIP bad zeros received = 0 RIP bad src port received = 0 RIP bad src IP received = 0 RIP packets from self received = 0 G8264CS Command Reference for ENOS 8.4...
Management Processor Statistics The following commands display Management Processor (MP) statistics: Table 129. Management Processor Statistics Options Command Syntax and Usage show mp i2c show processes i2c Displays Inter‐Integrated Circuit (I2C) statistics. Command mode: All show mp memory show processes memory Displays memory utilization statistics. Command mode: All show mp packet Displays MP packet statistics.For command options, see page 270. Command mode: All show mp tcpblock show processes tcpblock Displays all TCP control blocks that are in use. To view a sample output and a description of the stats, see page 280. Command mode: All show mp thread show processes thread Displays thread statistics. Command mode: All show mp udpblock show processes udpblock Displays all UDP control blocks that are in use. To view a sample output, see page 281. Command mode: All show processes Displays MP specific statistics. For command options, see page 282.
Page 270
MP Packet Statistics Commands The following commands display MP Packet statistics: Table 130. Packet Statistics Commands Command Syntax and Usage show mp packet counters Displays packet statistics, to check for leaks and load. To view a sample output and a description of the stats, see page 271. Command mode: All show mp packet dump {all|rx|tx} all displays all packet statistics and logs received or sent by the CPU. rx displays all packet statistics and logs received by the CPU. tx displays all packet statistics and logs sent by the CPU. Command mode: All show mp packet last {both|rx|tx} <number of logs (1‐1000)> both displays a list of the most recent packets received or sent by the CPU. rx displays a log of the most recent packets received by the CPU. tx displays a log of the most recent packets sent by the CPU. Command mode: All show mp packet logs {all|rx|tx} all displays a log of all packets received or sent by the CPU. rx displays a log of packets received by the CPU. tx displays a log of packets sent by the CPU. Command mode: All show mp packet parse {rx|tx} <parsing option>...
Page 274
Table 131. Packet Statistics (continued) Statistics Description jumbo packet buffers current Total number of packet allocations with more than 1536 bytes from the packet buffer pool by the TCP/IP protocol stack. Maximum number of jumbo packet allocations supported. hi‐watermark The highest number of packet allocation with more than 1536 bytes from the packet buffer pool by the TCP/IP protocol stack. pkt_hdr statistics current Total number of packet allocations with more than 1536 bytes from the packet buffer pool by the TCP/IP protocol stack. Maximum number of packet allocations with more than 1536 bytes from the packet buffer pool by the TCP/IP protocol stack. hi‐watermark The highest number of packet allocation with more than 1536 bytes from the packet buffer pool by the TCP/IP protocol stack. G8264CS Command Reference for ENOS 8.4...
Page 276
Logged Packet Statistics The following command displays logged packets that have been received or sent, based on the specified filter: show mp packet parse {rx|tx} <parsing option> The filter options are described in the following table. Table 132. Packet Log Parsing Options Command Syntax and Usage show mp packet parse {rx|tx} arp Displays only ARP packets logged. Command mode: All show mp packet parse {rx|tx} bgp Displays only BGP packets logged. Command mode: All show mp packet parse {rx|tx} bpdu Displays only BPDUs logged Command mode: All show mp packet parse {rx|tx} cisco Displays only Cisco packets (BPDU/CDP/UDLD) logged. Command mode: All show mp packet parse {rx|tx} dhcp Displays only DHCP packets logged. Command mode: All show mp packet parse {rx|tx} ecp Displays only ECP packets logged. Command mode: All show mp packet parse {rx|tx} ftp Displays only FTP packets logged. Command mode: All show mp packet parse {rx|tx} http Displays only HTTP packets logged. Command mode: All show mp packet parse {rx|tx} https Displays only HTTPS packets logged. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 278
Table 132. Packet Log Parsing Options (continued) Command Syntax and Usage show mp packet parse {rx|tx} other Displays logs of all packets not explicitly selectable. Command mode: All show mp packet parse {rx|tx} pim Displays only PIM packets logged. Command mode: All show mp packet parse {rx|tx} port <port alias or number> Displays only logged packets with the specified port. Command mode: All show mp packet parse {rx|tx} radius Displays only RADIUS packets logged. Command mode: All show mp packet parse {rx|tx} rarp Displays only Reverse‐ARP packets. Command mode: All show mp packet parse {rx|tx} raw Displays raw packet buffer in addition to headers. Command mode: All show mp packet parse {rx|tx} rip Displays only RIP packets logged. Command mode: All show mp packet parse {rx|tx} snmp Displays only SNMP packets logged. Command mode: All show mp packet parse {rx|tx} ssh Displays only SSH packets logged. Command mode: All show mp packet parse {rx|tx} tacacs Displays only TACACS packets logged. Command mode: All show mp packet parse {rx|tx} tcp Displays only TCP packets logged. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 284
CPU Statistics History The following command displays a history of CPU use statistics: show processes cpu history Command mode: All CPU Utilization History 40 (LACP) 8% at 12:41:07 Mon Jul 6, 2015 75 (ARP ) 32% at 12:41:08 Mon Jul 6, 2015 75 (ARP ) 48% at 12:41:13 Mon Jul 6, 2015 54 (PROX) 62% at 13:52:06 Mon Jul 6, 2015 54 (PROX) 63% at 15:03:43 Mon Jul 6, 2015 54 (PROX) 64% at 4:02:46 Wed Jul 8, 2015 54 (PROX) 65% at 3:54:27 Thu Jul 9, 2015 G8264CS Command Reference for ENOS 8.4...
ACL Statistics This option displays ACL statistics. show accesscontrol counters Command mode: All Hits for ACL 1: 26057515 Hits for ACL 2: 26057497 VMAP Statistics The following command displays VLAN Map statistics. show accesscontrol vmap <1‐128> counters Command mode: All Hits for VMAP 1: 57515 G8264CS Command Reference for ENOS 8.4...
Page 290
Table 137. SNMP Statistics (continued) Statistic Description snmpInASNParseErrs The total number of ASN.1 or BER errors encountered by the SNMP protocol entity when decoding SNMP Messages received. Note: OSIʹs method of specifying abstract objects is called ASN.1 (Abstract Syntax Notation One, defined in X.208), and one set of rules for representing such objects as strings of ones and zeros is called the BER (Basic Encoding Rules, defined in X.209). ASN.1 is a flexible notation that allows one to define a variety of data types, from simple types such as integers and bit strings to structured types such as sets and sequences. BER describes how to represent or encode values of each ASN.1 type as a string of eight‐bit octets. snmpEnableAuthTraps An object to enable or disable the authentication traps generated by this entity (the switch). snmpOutPkts The total number of SNMP Messages which were passed from the SNMP protocol entity to the transport service. snmpInBadTypes The total number of SNMP Messages which failed ASN parsing. snmpInTooBigs The total number of SNMP Protocol Data Units (PDUs) which were delivered to the SNMP protocol entity and for which the value of the error‐status field is too big. snmpInNoSuchNames The total number of SNMP Protocol Data Units (PDUs) which were delivered to the SNMP protocol entity and for which the value of the error‐status field is noSuchName.
Page 292
Table 137. SNMP Statistics (continued) Statistic Description snmpOutGenErrs The total number of SNMP Protocol Data Units (PDUs), which were generated by the SNMP protocol entity and for which the value of the error‐status field is genErr. snmpOutGetRequests The total number of SNMP Get‐Request Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity. snmpOutGetNexts The total number of SNMP Get‐Next Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity. snmpOutSetRequests The total number of SNMP Set‐Request Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity. snmpOutGetResponses The total number of SNMP Get‐Response Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity. snmpOutTraps The total number of SNMP Trap Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity. snmpSilentDrops The total number of GetRequest‐PDUs, GetNextRequest‐PDUs, GetBulkRequest‐PDUs, SetRequest‐PDUs, and InformRequest‐PDUs delivered to the OSPFSNMPv2 entity which were silently dropped because the size of a reply containing an alternate Response‐PDU with an empty variable bindings field was greater than either a local constraint or the maximum message size associated with the originator of the request.
Page 294
Table 138. NTP Statistics Field Description Last update time The time stamp showing the time when the switch was last updated. Current system The switch system time when the following command was time issued: show ntp counters The following command displays information about NTP associated peers: show ntp associations Command mode: All address ref clock st when(s) offset(s) *12.200.151.18 198.72.72.10 3 35316 2 *synced, #unsynced The following table describes the NTP associations statistics. Table 139. NTP Associations Field Description address Peer address ref clock Peer reference clock address Peer stratum when(s) Time in seconds since the latest NTP packet was received from the peer offset(s) Offset in seconds between the peer clock and local clock G8264CS Command Reference for ENOS 8.4...
Page 298
Table 140. General Configuration Commands Command Syntax and Usage copy runningconfig startupconfig Copy the current (running) configuration from switch memory to the startupconfig partition. Command mode: Privileged EXEC copy runningconfig {ftp|tftp|sftp} [dataport|mgtport] Backs up the current (running) configuration to a file on the selected FTP/TFTP/SFTP server. Command mode: Privileged EXEC copy runningconfig tftp address <TFTP server IP address> filename <TFTP server filepath> [dataport|mgtport] Backs up the current (running) configuration to a file on the specified TFTP server. Command mode: Privileged EXEC copy runningconfig <TFTP server filepath> [dataport|mgtport] Backs up the current (running) configuration to a file on the specified TFTP server. For example: copy runningconfig tftp://10.72.97.135:/directory/config.txt mgtport Command mode: Privileged EXEC copy <TFTP server filepath> runningconfig [dataport|mgtport] Restores the current (running) configuration from a file on the specified TFTP server. For example: copy tftp://10.72.97.135:/directory/config.txt runningconfig mgtport Command mode: Privileged EXEC copy {ftp|tftp|sftp} runningconfig [dataport|mgtport] Restores current configuration from a FTP/TFTP/SFTP server. For details, see page 611. Command mode: Privileged EXEC copy {tftp|sftp} {cacert|hostkey|hostcert|publickey} Import interface used by NIST certified test laboratories for USGv6 (NIST SP 500‐267) certification purposes. Required for RSA digital signature authentication verification during IKEv2 interoperability testing. Uses TFTP or SFTP to import: cacert: Certificate Authority root certificate ...
Viewing and Saving Changes As you use the configuration commands to set switch parameters, the changes you make take effect immediately. You do not need to apply them. Configuration changes are lost the next time the switch boots, unless you save the changes. You can view all running configuration changes that have been applied but not saved to flash memory using the show runningconfig diff command in Privileged EXEC mode. Note: Some operations can override the settings of the Configuration commands. Therefore, settings you view using the Configuration commands (for example, port status) might differ from run‐time information that you view using the Information commands. The Information commands display current run‐time information of switch parameters. Saving the Configuration You must save configuration settings to flash memory, so the G8264CS reloads the settings after a reboot. Note: If you do not save the changes, they will be lost the next time the system is rebooted. To save the new configuration, enter the following command: RS G8264CS# copy runningconfig startupconfig or: RS G8264CS# write Note: The write command doesn’t prompt the user for confirmation. When you save configuration changes, the changes are saved to the active configuration block. For instructions on selecting the configuration to run at the next system reboot, see “Selecting a Configuration Block” on page 634. G8264CS Command Reference for ENOS 8.4...
Page 302
Table 141. System Configuration Options (continued) Command Syntax and Usage hostname <1‐64 characters> Enables displaying of the host name (system administrator’s name) in the Command Line Interface (CLI). Command mode: Global configuration no hostname Deletes the host name set by the system administrator and displays the default system host name in the CLI. Command mode: Global configuration line console length <0‐300> Configures the number of lines per screen displayed in the CLI by default for console sessions. Setting it to 0 disables paging. The default value is 28. Command mode: Global configuration no line console Sets line console length to the default value of 28. Command mode: Global configuration line vty length <0‐300> Sets the default number of lines per screen displayed for Telnet and SSH sessions. A value of 0 disables paging. The default value is 28. Command mode: Global configuration no line vty Sets line vty length to the default value of 28. Command mode: Global configuration [no] prompting Enables or disables CLI confirmation prompts. By default, this settings is enabled. Note: When disabled, the switch will choose the default answer. Command mode: Global configuration [no] system bootp Enables or disables the use of the Bootstrap Protocol (BOOTP). If you enable BOOTP, the switch will query its BOOTP server for all of the switch IP parameters. For more details, see page 549.
Page 304
Table 141. System Configuration Options (continued) Command Syntax and Usage system notice <maximum 2021 character multi‐line login notice> <ʹ.ʹ to end> [addline <notice text>] Displays a login notice immediately before the “Enter password:” prompt. This notice can contain up to 2021 characters and new lines. The addline option adds new lines of text to the existing login notice without replacing it. Command mode: Global configuration no system notice Deletes the login notice. Command mode: Global configuration [no] system packetlogging Enables or disables logging of packets that come to the CPU. The default setting is enabled. Command mode: Global configuration [no] system resetcontrol Enables or disables the reset control flag. When enabled, the switch continues to function after a crash of the main processor, using the last known Layer 2/3 information. The default setting is enabled. Command mode: Global configuration [no] system serverports port <port alias or number> Adds or removes the specified port to the list of server ports. For more details, see page 358. Command mode: Global configuration [no] system serviceled enable Enables (on) or disables (off) the Service Required LED on the front panel of the switch unit. Command mode: Global configuration [no] system serviceled operationalenable Enables (on) or disables (off) the Service Required LED to glow in steady blue to locate the device. Command mode: Privileged EXEC system time <hh>:<mm>:<ss> Configures the system time using a 24‐hour clock format. The time retains its ...
Page 306
Table 141. System Configuration Options (continued) Command Syntax and Usage ssl minimumversion {tls10|tls11|tls12} Configures the minimum accepted Transport Layer Security (TLS) version. tls10 ‐ TLS version 1.0 tls11 ‐ TLS version 1.1 tls12 ‐ TLS version 1.2 Command mode: Global configuration show boot strict Displays the current security strict mode status. Command mode: Global configuration show system Displays the current system parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 308
Link Flap Dampening Configuration The Link Flap Dampening feature allows the switch to automatically disable a port if too many link flaps (link up/link down) are detected on the port during a specified time interval. The port remains in the error‐disabled state until it is re‐enabled manually or re‐enabled automatically by the switch after a timeout period has elapsed. Table 143. Link Flap Dampening Configuration Options Command Syntax and Usage [no] errdisable linkflap enable Enables or disables Link Flap Dampening. Command mode: Global configuration errdisable linkflap maxflaps <1‐100> Configures the maximum number of link flaps allowed in the configured time period. The default value is 5. Command mode: Global configuration errdisable linkflap time <5‐500> Configures the time period, in seconds. The default value is 30 seconds. Command mode: Global configuration show errdisable linkflap Displays the current Link Flap Dampening parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 310
Table 144. Host Log Configuration Options (continued) Command Syntax and Usage logging host <1‐2> facility <0‐7> This option sets the facility level of the first or second syslog host displayed. The default value is 0. Command mode: Global configuration logging host <1‐2> severity <0‐7> This option sets the severity level of the first or second syslog host displayed. The default value is 7, which means log all severity levels. Command mode: Global configuration no logging host <1‐2> Deletes the specified syslog host. Command mode: Global configuration [no] logging log {all|<feature>} Enables or disables features for which syslog messages can be generated. You can choose to enable/disable syslog on all available features by using the option all or enable/disable specific features (such as vlans, stg or ssh). For a complete list of features, see page 312. Command mode: Global configuration [no] logging pdrop enable Enables or disables packet drop logging. By default, the switch generates these messages once every 2 minutes. Command mode: Global configuration logging pdrop interval <0‐30> Configures the packet drop logging interval, in minutes. The default value is 2 minutes. Command mode: Global configuration logging sourceinterface loopback <1‐5> Sets the loopback interface number for syslogs. Command mode: Global configuration no logging sourceinterface loopback Removes the loopback interface for syslogs. Command mode: Global configuration G8264CS Command Reference for ENOS 8.4...
SSH Server Configuration For the RackSwitch G8264CS, these commands enable Secure Shell access from any SSH client. Table 145. SSH Server Configuration Options Command Syntax and Usage [no] ssh enable Enables or disables the SSH server. Command mode: Global configuration ssh generatehostkey Generate the RSA host key. Command mode: Global configuration ssh maxauthattempts <1‐20> Sets the maximum number of SSH authentication attempts. The default value is 2. Command mode: Global configuration no ssh maxauthattempts Resets the maximum number of SSH authentication attempts to its default value of 2. Command mode: Global configuration ssh port <TCP port number (1‐65535)> Sets the SSH server port number. The default port number is 22. Command mode: Global configuration no ssh port Resets the SSH server port to the default port number ‐ 22. Command mode: Global configuration ssh publickey index <1‐100> {adduser|deluser} username <user name> Assigns another user name for existing public keys or removes a user name. Command mode: Global configuration [no] ssh scpenable Enables or disables the SCP apply and save. Command mode: Global configuration ssh scppassword Set the administration password for SCP access.
RADIUS Server Configuration The following table describes the RADIUS Server commands. Table 146. RADIUS Server Configuration Options Command Syntax and Usage [no] radiusserver backdoor Enables or disables the RADIUS backdoor for Telnet/SSH/HTTP/HTTPS. The default value is disabled. To obtain the RADIUS backdoor password for your switch, contact your Service and Support line. Command mode: Global configuration [no] radiusserver enable Enables or disables the RADIUS server. Command mode: Global configuration radiusserver port <UDP port number (1500‐3000)> Configures the RADIUS server port. Enter the number of the UDP port to be configured. The default port is 1645. Command mode: Global configuration default radiusserver port Resets the RADIUS server port to the default UDP port ‐ 1645. Command mode: Global configuration radiusserver primaryhost <IP address> key <1‐32 characters> Sets the primary RADIUS server address and the shared secret between the switch and the RADIUS server(s). Command mode: Global configuration radiusserver primaryhost {dataport|mgtport} Defines the primary interface port to use to send RADIUS server requests. Select the port to use for data transfer. Command mode: Global configuration no radiusserver primaryhost [key] Deletes the primary RADIUS server. The key option only deletes the shared secret between the switch and the RADIUS server. Command mode: Global configuration radiusserver retransmit <1‐3>...
TACACS+ Server Configuration TACACS (Terminal Access Controller Access Control system) is an authentication protocol that allows a remote access server to forward a userʹs logon password to an authentication server to determine whether access can be allowed to a given system. TACACS is not an encryption protocol and therefore less secure than TACACS+ and Remote Authentication Dial‐In User Service (RADIUS) protocols. Both TACACS and TACACS+ are described in RFC 1492. TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Control Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also, RADIUS combines authentication and authorization in a user profile, whereas TACACS+ separates the two operations. TACACS+ offers the following advantages over RADIUS as the authentication device: TACACS+ is TCP‐based, so it facilitates connection‐oriented traffic. It supports full‐packet encryption, as opposed to password‐only in authentication requests. It supports de‐coupled authentication, authorization and accounting. Table 147. TACACS+ Server Configuration Options Command Syntax and Usage [no] tacacsserver accountingenable Enables or disables TACACS+ accounting. Command mode: Global configuration tacacsserver attempts <1‐10> Sets the number of failed login attempts before disconnecting the user. The default is 2 attempts. Command mode: Global configuration no tacacsserver attempts Resets the number of failed login attempts to the default value of 2. Command mode: Global configuration [no] tacacsserver backdoor Enables or disables the TACACS+ back door for Telnet, SSH/SCP or ...
Page 320
Table 147. TACACS+ Server Configuration Options (continued) Command Syntax and Usage [no] tacacsserver passwordchange Enables or disables TACACS+ password change. The default value is disabled. Command mode: Global configuration tacacsserver port <TCP port number (1‐65000)> Enter the number of the TCP port to be configured. The default is 49. Command mode: Global configuration default tacacsserver port Resets the TACACS+ server port to the default port number ‐ 49. Command mode: Global configuration tacacsserver primaryhost <IP address> key <1‐32 characters> Sets the primary TACACS+ server address and the shared secret between the switch and the TACACS+ server(s). Command mode: Global configuration tacacsserver primaryhost {dataport|mgtport} Defines the primary interface port to use to send TACACS+ server requests. Select the port to use for data transfer. Command mode: Global configuration no tacacsserver primaryhost [key] Deletes the primary TACACS+ server. The key option only removes the shared secret between the switch and the TACACS+ server. Command mode: Global configuration [no] tacacsserver privilegemapping Enables or disables TACACS+ privilege‐level mapping. The default value is disabled. Command mode: Global configuration tacacsserver retransmit <1‐3> Sets the number of failed authentication requests before switching to a different TACACS+ server. The default is 3 requests. Command mode: Global configuration tacacsserver secondaryhost <IP address> key <1‐32 characters> Sets the secondary TACACS+ server address and the shared secret between the ...
Page 322
Table 147. TACACS+ Server Configuration Options (continued) Command Syntax and Usage primarypassword Configures the password for the primary TACACS+ server. The CLI will prompt you for input. Command mode: Global configuration secondarypassword Configures the password for the secondary TACACS+ server. The CLI will prompt you for input. Command mode: Global configuration show tacacsserver Displays current TACACS+ configuration parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 324
Table 148. LDAP Server Configuration Options (continued) Command Syntax and Usage ldapserver attribute username <1‐128 characters> Configures a customized LDAP user search attribute. The default value is uid (unique identification number). Note: The user attribute needs to be set to cn (common name) if LDAP server is MS active directory. For example: cn=John Smith Command mode: Global configuration no ldapserver attribute username Resets the LDAP user search attribute to its default value of uid. Command mode: Global configuration no ldapserver attribute Resets the LDAP attributes to their default values. Command mode: Global configuration [no] ldapserver backdoor Enables or disables the LDAP back door for Telnet, SSH, SCP, HTTP, or HTTPS access. The default setting is disabled. Note: To obtain the LDAP back door password for your G8264CS, contact your Service and Support line. Command mode: Global configuration ldapserver basedn <1‐128 characters> Configure the Distinguished Name (DN) of the LDAP server. The DN consists of a sequence of different Relative Distinguished Names (RDN) connected by commas. An RDN is an attribute that has an associated value in the format ‘attribute=value’. For a list of typical RDNs, see page 329. Enter the full path for your organization. For example: ou=people,dc=mydomain,dc=com Note: This option is available only in LDAP enhanced mode. Command mode: Global configuration no ldapserver basedn Deletes the configured DN. Note: This option is available only in LDAP enhanced mode. Command mode: Global configuration G8264CS Command Reference for ENOS 8.4...
Page 326
Table 148. LDAP Server Configuration Options (continued) Command Syntax and Usage [no] ldapserver enable Enables or disables the LDAP server. Command mode: Global configuration ldapserver groupfilter <LDAP groups> Configures a list of LDAP groups to be searched for login permissions. Multiple groups must be separated by commas. Note: This option is available only in LDAP enhanced mode. Command mode: Global configuration no ldapserver groupfilter Removes the list of LDAP groups searched for login permissions. Note: This option is available only in LDAP enhanced mode. Command mode: Global configuration ldapserver host <LDAP server number (1‐4)> <IP address or hostname> [port <UDP port number(1‐65535)>] [dataport|mgtport] Configures up to four external LDAP servers. The default UDP port used by LDAP is 389. Note: The IP address and port number of a LDAP server must be non‐zero. Note: This option is available only in LDAP enhanced mode. Command mode: Global configuration no ldapserver host <LDAP server number (1‐4)> Removes the specified external LDAP server. Note: This option is available only in LDAP enhanced mode. Command mode: Global configuration ldapserver port <UDP port number (1‐65000)> Enter the number of the UDP port to be configured. The default port is 389. Note: This option is available only in LDAP legacy mode. Command mode: Global configuration default ldapserver port Resets the LDAP server port to the default port number ‐ 389. Command mode: Global configuration ldapserver primaryhost <IPv4 address> [dataport|mgtport] Configures the primary LDAP server with an IPv4 address. Note: This option is available only in LDAP legacy mode.
Page 328
Table 148. LDAP Server Configuration Options (continued) Command Syntax and Usage ldapserver security starttls Configures LDAP to encrypt LDAP credentials (DN and password) using Start Transport Layer Security (StartTLS) when sending a bind request to the LDAP server. This requires the LDAP client to present a Certificate Authority (CA) root certificate. The CA root certificate can be downloaded from the LDAP server. For more details, see page 298. The LDAP client and LDAP server do not need to initiate a separate TLS session before any LDAP messages are exchanged. StartTLS encrypts a non‐encrypted LDAP connection by wrapping it with TLS at any time during or after the connection has been established. Thus, there is no need to use a separate port for encrypted LDAP communication. Note: This option is available only in LDAP enhanced mode. Command mode: Global configuration [no] ldapserver security mutual Enables or disables LDAP to request the LDAP server to also provide its own Certificate Authority (CA) root certificate for authentication by the LDAP client. The LDAP server and the LDAP client both compare the other’s CA root certificate against their own. If both certificates match, the authentication succeeds. If either certificate does not match, the authentication fails. Note: This option is available only in LDAP enhanced mode. Command mode: Global configuration [no] ldapserver srv Enables or disables the switch to look up LDAP server information by retrieving a Service (SRV) record associated with LDAP from the configured Domain Name System (DNS). For more details on DNS, see “Domain Name System Configuration” on page 547. Note: This option is available only in LDAP enhanced mode. Command mode: Global configuration ldapserver secondaryhost <IPv4 address> [dataport|mgtport] Configures the secondary LDAP server with an IPv4 address. Note: This option is available only in LDAP legacy mode. Command mode: Global configuration no ldapserver secondaryhost Deletes the secondary LDAP server.
NTP Server Configuration These commands allow you to synchronize the switch clock to a Network Time Protocol (NTP) server. By default, this option is disabled. Table 149. NTP Server Configuration Options Command Syntax and Usage [no] ntp enable Enables or disables the NTP synchronization service. Command mode: Global configuration ntp interval <5‐44640> Specifies the interval, that is, how often, in minutes, to re‐synchronize the switch clock with the NTP server. The default value is 1440. Command mode: Global configuration ntp ipv6 primaryserver {dataport|mgtport} Prompts for the port of the IPv6 primary NTP server to which you want to synchronize the switch clock. Command mode: Global configuration ntp ipv6 primaryserver <IPv6 address> [dataport|mgtport] Prompts for the IPv6 address of the primary NTP server to which you want to synchronize the switch clock. Command mode: Global configuration no ntp ipv6 primaryserver Deletes the IPv6 primary NTP server. Command mode: Global configuration ntp ipv6 secondaryserver {dataport|mgtport} Prompts for the port of the IPv6 secondary NTP server to which you want to synchronize the switch clock. Command mode: Global configuration ntp ipv6 secondaryserver <IPv6 address> [dataport|mgtport] Prompts for the IPv6 address of the secondary NTP server to which you want to synchronize the switch clock. Command mode: Global configuration no ntp ipv6 secondaryserver Deletes the IPv6 secondary NTP server.
Page 332
Table 149. NTP Server Configuration Options (continued) Command Syntax and Usage [no] ntp synclogs Enables or disables informational logs for NTP synchronization failures. Default setting is enabled. Command mode: Global configuration show ntp Displays the current NTP service settings. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 334
Table 150. System SNMP Options (continued) Command Syntax and Usage no snmpserver host <trap host IP address> Removes the trap host server. Command mode: Global configuration [no] snmpserver linktrap [port] <port alias or number> enable Enables or disables the sending of SNMP link up and link down traps for a specific system port. The default setting is disabled. Command mode: Global configuration snmpserver location <1‐64 characters> Configures the name of the system location. The location can have a maximum of 64 characters. Command mode: Global configuration no snmpserver location Deletes the name of the system location. Command mode: Global configuration snmpserver name <1‐64 characters> Configures the name for the system. The name can have a maximum of 64 characters. Command mode: Global configuration no snmpserver name Deletes the name of the system. Command mode: Global configuration snmpserver readcommunity <1‐32 characters> Configures the SNMP read community string. The read community string controls SNMP “get” access to the switch. It can have a maximum of 32 characters. The default read community string is public. Command mode: Global configuration [no] snmpserver readcommunityadditional <1‐32 characters> Adds or removes an additional SNMP read community string. Up to 7 additional read community strings are supported. Command mode: Global configuration snmpserver timeout <1‐30> Sets the timeout value for the SNMP state machine, in minutes.
SNMPv3 Configuration SNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2 Framework by supporting the following: a new SNMP message format security for messages access control remote configuration of SNMP parameters For more details on the SNMPv3 architecture please refer to RFC3411 to RFC3418. Table 151. SNMPv3 Configuration Options Command Syntax and Usage snmpserver access <1‐32> This command allows you to specify access rights. The View‐based Access Control Model defines a set of services that an application can use for checking access rights of the user. You need access control when you have to process retrieval or modification request from an SNMP entity. To view command options, see page 340. Command mode: Global configuration snmpserver community <1‐16> The community table contains objects for mapping community strings and version‐independent SNMP message parameters. To view command options, see page 342. Command mode: Global configuration snmpserver group <1‐17> A group maps the user name to the access group names and their access rights needed to access SNMP management objects. A group defines the access rights assigned to all names that belong to a particular group. To view command options, see page 341. Command mode: Global configuration snmpserver notify <1‐16>...
User Security Model Configuration You can make use of a defined set of user identities using this Security Model. An SNMP engine must have the knowledge of applicable attributes of a user. These commands help you create a user security model entry for an authorized user. You need to provide a security name to create the USM entry. Table 152. User Security Model Configuration Options Command Syntax and Usage snmpserver user <1‐17> authenticationprotocol {md5|sha|none} authenticationpassword This command allows you to configure the authentication protocol and password. The authentication protocol can be HMAC‐MD5‐96 or HMAC‐SHA‐96 for compatibility mode, HMAC‐SHA‐96 for security strict mode or none. The default algorithm is none. MD5 authentication protocol is not available in security strict mode if you do not select SNMPv3 account backward compatibility. When you configure an authentication algorithm, you must provide a password, otherwise you will get an error message during validation. This command allows you to create or change your password for authentication. Command mode: Global configuration snmpserver user <1‐17> name <1‐32 characters> This command allows you to configure a string that represents the name of the user. This is the login name that you need in order to access the switch. Command mode: Global configuration snmpserver user <1‐17> privacyprotocol {des|aes|none} privacypassword This command allows you to configure the type of privacy protocol and the privacy password. The privacy protocol protects messages from disclosure. The options are: des (CBC‐DES Symmetric Encryption Protocol) aes (AES‐128 Advanced Encryption Standard Protocol) ...
View-based Access Control Model Configuration The view‐based Access Control Model defines a set of services that an application can use for checking access rights of the user. Access control is needed when the user has to process SNMP retrieval or modification request from an SNMP entity. Table 154. View‐based Access Control Model Options Command Syntax and Usage snmpserver access <1‐32> level {noAuthNoPriv|authNoPriv| |authPriv} Defines the minimum level of security required to gain access rights. noAuthNoPriv means that the SNMP message will be sent without authentication and without using a privacy protocol. authNoPriv means that the SNMP message will be sent with authentication but without using a privacy protocol. authPriv means that the SNMP message will be sent both with authentication and using a privacy protocol. Command mode: Global configuration snmpserver access <1‐32> name <1‐32 characters> Defines the name of the group. Command mode: Global configuration snmpserver access <1‐32> notifyview <1‐32 characters> Defines a notify view name that allows you notify access to the MIB view. Command mode: Global configuration snmpserver access <1‐32> readview <1‐32 characters> Defines a read view name that allows you read access to a particular MIB view. If the value is empty or if there is no active MIB view having this value then no access is granted. Command mode: Global configuration snmpserver access <1‐32> security {usm|snmpv1|snmpv2} Allows you to select the security model to be used.
SNMPv3 Community Table Configuration These commands are used for configuring the community table entry. The configured entry is stored in the community table list in the SNMP engine. This table is used to configure community strings in the Local Configuration Datastore (LCD) of SNMP engine. Table 156. SNMPv3 Community Table Configuration Options Command Syntax and Usage snmpserver community <1‐16> index <1‐32 characters> Allows you to configure the unique index value of a row in this table. Command string: Global configuration snmpserver community <1‐16> name <1‐32 characters> Defines the user name as defined in the following command: snmpserver user <1‐17> name <1‐32 characters> on page 338. Command string: Global configuration snmpserver community <1‐16> tag <1‐255 characters> Allows you to configure a tag. This tag specifies a set of transport endpoints to which a command responder application sends an SNMP trap. Command mode: Global configuration snmpserver community <1‐16> username <1‐32 characters> Defines a readable string that represents the corresponding value of an SNMP community name in a security model. Command mode: Global configuration no snmpserver community <1‐16> Deletes the community table entry. Command mode: Global configuration show snmpserver v3 community <1‐16> Displays the community table configuration. Command mode: All G8264CS Command Reference for ENOS 8.4...
Table 157. Target Address Table Configuration Options (continued) Command Syntax and Usage no snmpserver targetaddress <1‐16> Deletes the Target Address Table entry. Command mode: Global configuration show snmpserver v3 targetaddress <1‐16> Displays the current Target Address Table configuration. Command mode: All SNMPv3 Target Parameters Table Configuration You can configure the target parameters entry and store it in the target parameters table in the SNMP engine. This table contains parameters that are used to generate a message. The parameters include the message processing model (for example: SNMPv3, SNMPv2c, SNMPv1), the security model (for example: USM), the security name and the security level (noAuthnoPriv, authNoPriv or authPriv). Table 158. Target Parameters Table Configuration Options Command Syntax and Usage snmpserver targetparameters <1‐16> level {noAuthNoPriv| |authNoPriv|authPriv} Allows you to select the level of security to be used when generating the SNMP messages using this entry. noAuthNoPriv means that the SNMP message will be sent without authentication and without using a privacy protocol. authNoPriv means that the SNMP message will be sent with authentication but without using a privacy protocol.
System Access Configuration The following table describes the System Access commands. Table 160. System Access Configuration Options Command Syntax and Usage [no] access http enable Enables or disables HTTP (Web) access to the Browser‐Based Interface. The default settings is enabled. Command mode: Global configuration access http port <TCP port number (1‐65535)> Sets the switch port used for serving switch Web content. The default is HTTP port 80. Command mode: Global configuration default access http port Resets the HTTP port to the default port number ‐ 80. Command mode: Global configuration access snmp {readonly|readwrite} Enables read‐only/write‐read SNMP access. Command mode: Global configuration no access snmp Disables SNMP access. Command mode: Global configuration [no] access telnet enable Enables or disables Telnet access. The default setting is enabled. Command mode: Global configuration access telnet port <TCP port number (1‐65535)> Sets an optional Telnet server port number for cases where the server listens for Telnet sessions on a non‐standard port. Command mode: Global configuration default access telnet port Resets the Telnet server port to the default port number ‐ 23. Command mode: Global configuration access tftpport <TCP port number (1‐65535)> Sets the TFTP port for the switch.
Page 348
Table 161. Management Network Configuration Options Command Syntax and Usage no access managementnetwork {snmpro|snmprw} Clears the IPv4 SNMP read‐only or SNMP read/write access control list for management purposes. Command mode: Global configuration [no] access managementnetwork6 <mgmt network IPv6 address> <IPv6 prefix length> Adds or removes a defined network through which switch access is allowed via Telnet, SNMP or the Lenovo N/OS browser‐based interface. A range of IPv6 addresses is produced when used with a prefix length. Specify an IPv6 address in hexadecimal format with colons. Note: If you configure the management network without including the switch interfaces, the configuration causes the Firewall Load Balancing health checks to fail and creates a “Network Down” state on the network. Command mode: Global configuration [no] access managementnetwork6 <mgmt network IPv6 address> <IPv6 prefix length> {snmpro|snmprw} Adds or removes a defined IPv6 network through which SNMP read‐only or SNMP read/write switch access is allowed. Command mode: Global configuration no access managementnetwork6 {snmpro|snmprw} Clears the IPv6 SNMP read‐only or SNMP read/write access control list for management purposes. Command mode: Global configuration show access managementnetwork Displays the current management network configuration. Command mode: Privileged EXEC clear access managementnetwork Removes all defined management networks. Command mode: Privileged EXEC G8264CS Command Reference for ENOS 8.4...
Displays the current user status. Command mode: Privileged EXEC clear line <1‐12> Ejects the user with the corresponding session ID from the G8264CS. Command mode: Privileged EXEC System User ID Configuration The following table describes the System User ID commands. Table 163. User ID Configuration Options Command Syntax and Usage [no] access user <1‐20> enable Enables or disables the user ID. Command mode: Global configuration access user <1‐20> level {user|operator|administrator} Sets the Class‐of‐Service to define the user’s authority level. Lenovo N/OS defines these levels as: User, Operator and Administrator, with User being the most restricted level. Command mode: Global configuration access user <1‐20> name <1‐64 characters> Defines the user name of maximum eight characters. Command mode: Global configuration access user <1‐20> password Sets the user (user) password. This command will prompt for required information: current admin password, new password (up to 64 characters) and confirmation of the new password. Command mode: Global configuration G8264CS Command Reference for ENOS 8.4...
The following table describes the HTTP Access commands. Table 165. HTTPS Access Configuration Options Command Syntax and Usage [no] access https enable Enables or disables BBI access (Web access) using HTTPS. Command mode: Global configuration access https generatecertificate Allows you to generate a certificate to connect to the SSL to be used during the key exchange. A default certificate is created when HTTPS is enabled for the first time. The user can create a new certificate defining the information that they want to be used in the various fields. For example: Country Name (2 letter code): CA State or Province Name (full name): Ontario Locality Name (for example, city): Ottawa Organization Name (for example, company): Lenovo Organizational Unit Name (for example, section): Operations Common Name (for example, user’s name): Mr Smith Email (for example, email address): info@lenovo.com You will be asked to confirm if you want to generate the certificate. It will take approximately 30 seconds to generate the certificate. Then the switch will restart SSL agent. Command mode: Global configuration G8264CS Command Reference for ENOS 8.4...
Page 354
Table 165. HTTPS Access Configuration Options (continued) Command Syntax and Usage copy {tftp|sftp} hostcert [dataport|mgtport] Enables you to import a host certificate using TFTP/SFTP. Command mode: Global configuration copy tftp hostcert address <hostname or server IP address> filename <server‐filename> [dataport|mgtport] Enables you to import a host certificate using TFTP. Command mode: Global configuration copy {tftp|sftp} hostkey [dataport|mgtport] Enables you to import a host private key using TFTP/SFTP. Command mode: Global configuration copy tftp hostkey address <hostname or server IP address> filename <server‐filename> [dataport|mgtport] Enables you to import a host private key using TFTP. Command mode: Global configuration copy {tftp|sftp} publickey [dataport|mgtport] Enables you to import a client public key using TFTP/SFTP. Command mode: Global configuration copy tftp publickey address <hostname or server IP address> filename <server‐filename> [dataport|mgtport] Enables you to import a client public key using TFTP. Command mode: Global configuration copy certrequest {tftp|ftp|sftp} address <hostname or server IP address> filename <server‐filename> [dataport|mgtport] Enables you to export a CSR to an external server using TFTP/SFTP/FTP. Command mode: Global configuration show https hostcsr pemformat Displays the generated CSR in PEM format. Command mode: Privileged EXEC show https hostcsr txtformat Displays the generated CSR in TXT format. Command mode: Privileged EXEC show access Displays the current SSL Web Access configuration. Command mode: Privileged EXEC G8264CS Command Reference for ENOS 8.4...
Configuration Lenovo N/OS supports sFlow version 5. sFlow is a sampling method used for monitoring high speed switched networks. Use these commands to configure the sFlow agent on the switch. Table 167. sFlow Configuration Options Command Syntax and Usage [no] sflow enable Enables or disables the sFlow agent. Command mode: Global configuration sflow port <UDP port number (1‐65000)> Configures the UDP port for the sFlow server. The default value is 6343. Command mode: Global configuration default sflow port Resets the sFlow server port to the default port number ‐ 6343. Command mode: Global configuration sflow server <IP address> [dataport|mgtport] Defines the sFlow server address and interface port. Command mode: Global configuration no sflow server Deletes the sFlow server address. Command mode: Global configuration. show sflow Displays sFlow configuration parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Server Port Configuration Use these commands to define a list of server ports. Ports that are not configured as server ports are considered to be uplink ports. VMready learns Virtual Machine information only from server ports. Table 169. Server Port Configuration Options Command Syntax and Usage [no] system serverports port <port alias or number> Adds or removes one or more ports to the list of server ports. Command mode: Global configuration show system serverports Displays the current server port configuration. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 360
Table 170. Port Configuration Options (continued) Command Syntax and Usage [no] floodblocking Enables or disables port Flood Blocking. When enabled, unicast and multicast packets with unknown destination MAC addresses are blocked from the port. Command mode: Interface port/Interface portchannel ip dhcp snooping limit rate <1‐2048> Configures the maximum number of DHCP packets allowed per second. Command mode: Interface port no ip dhcp snooping limit rate Unlimits the maximum number of DHCP packets allowed per second. Command mode: Interface port [no] ip dhcp snooping trust Configures this port as a trusted port for DHCP packets from the server. Command mode: Interface port [no] learning Enables or disables FDB learning on the port. Command mode: Interface port/Interface portchannel [no] macaddresstable macnotification Enables or disables MAC Address Notification. With MAC Address Notification enabled, the switch generates a syslog message when a MAC address is added or removed from the MAC address table. Command mode: Interface port/Interface portchannel portchannel minlinks <1‐16> Set the minimum number of links for the LACP LAG to which this port belongs. If the specified minimum number of ports are not available, the Link Aggregation Group (LAG) is placed in the down state. Command mode: Interface port [no] reflectiverelay force Enables or disables constraint to always keep reflective relay active. The default setting is disabled. Command mode: Interface port [no] rmon Enables or disables Remote Monitoring (RMON) on the current port. Command mode: Interface port/Interface portchannel shutdown Disables the port. (To temporarily disable a port without changing its ...
Page 362
Table 170. Port Configuration Options (continued) Command Syntax and Usage [no] switchport privatevlan mapping <primary VLAN ID (2‐4094)> Enables or disables private VLAN mapping on a port in promiscuous mode. Command mode: Interface port/Interface portchannel switchport trunk allowed vlan <VLAN ID (1‐4094)> Configures the allowed VLANs in trunk mode for the current port or portchannel. If the allowed range does not have any existing VLANs, the lowest‐numbered VLAN is created and becomes the Native‐VLAN. If the allowed range contains an existing VLAN(s), but the Native‐VLAN is not in the allowed range, the Native‐VLAN is changed to the lowest‐numbered existing VLAN. If a new VLAN is created and it is part of the allowed VLAN range, the port will also be added to that VLAN. Command mode: Interface port/Interface portchannel switchport trunk allowed vlan {add|remove} <VLAN ID (1‐4094)> Updates the associated VLANs in trunk mode. add enables the VLAN range in addition to the current configuration. If any VLAN in the range does not exist, it will not be created and enabled automatically. If a new VLAN is created and it is part of the allowed VLAN range, the port will also be added to that VLAN. remove eliminates the VLAN range from the current configuration. If the Native‐VLAN is in the specified range, the smallest available VLAN from the remaining range will become the new Native‐VLAN. If the remaining range does not have any existing VLANs, the lowest‐numbered VLAN is created and becomes the Native‐VLAN. Note: The remaining VLAN range must contain at least one VLAN. Command mode: Interface port/Interface portchannel switchport trunk allowed vlan {all|none} Updates the associated VLANs in trunk mode. all associates the port to all existing regular VLANs and to any other VLAN that gets created afterwards. none removes the port from all currently associated VLANs and assigns the ...
Port Error Disable and Recovery Configuration The Error Disable and Recovery feature allows the switch to automatically disable a port if an error condition is detected on the port. The port remains in the error‐disabled state until it is re‐enabled manually, or re‐enabled automatically by the switch after a timeout period has elapsed. The error‐disabled state of a port does not persist across a system reboot. Table 171. Port Error Disable Options Command Syntax and Usage [no] errdisable recovery Enables or disables automatic error‐recovery for the port. The default setting is enabled. Note: Error‐recovery must be enabled globally before port‐level commands become active. Command mode: Interface port/Interface portchannel show interface port <port alias or number> errdisable Displays the specified port’s Error Disable parameters. Command mode: All Port Link Flap Dampening Configuration The following table describes the Port Link Flap Dampening commands. Table 172. Port Link Flap Dampening Configuration Options Command Syntax and Usage [no] errdisable linkflap enable Enables or disables Link Flap Dampening on the port. For more information, ...
Temporarily Disabling a Port To temporarily disable a port without changing its stored configuration attributes, enter the following command at any prompt: RS G8264CS(config)# interface port <port alias or number> shutdown Because this configuration sets a temporary state for the port, you do not need to use a save operation. The port state will revert to its original configuration when the RackSwitch G8264CS is rebooted. See the “Operations Commands” on page 613 for other operations‐level commands. G8264CS Command Reference for ENOS 8.4...
Port OAM Configuration Operation, Administration, and Maintenance (OAM) protocol allows the switch to detect faults on the physical port links. OAM is described in the IEEE 802.3ah standard. OAM Discovery commands are described in the following table. Table 175. Port OAM Configuration Options Command Syntax and Usage [no] oam Enables or disables OAM discovery on the current port. Command mode: Interface port [no] oam passive Enables or disables OAM discovery passive mode. In passive mode, the current port allows its peer link to initiate OAM discovery. If OAM determines that the port is in an anomalous condition, the port is disabled. Command mode: Interface port show interface port <port alias or number> oam Displays the specified port’s OAM parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Port WRED Configuration These commands allow you to configure Weighted Random Early Detection (WRED) parameters for a selected port. For global WRED configuration, see “Weighted Random Early Detection Configuration” on page 377. Table 177. Port WRED Options Command Syntax and Usage [no] randomdetect enable Enables or disables Random Detection and avoidance. Command mode: Interface port [no] randomdetect ecn enable Enables or disables Explicit Congestion Notification (ECN). When ECN is on, the switch marks the ECN bit of the packet (if applicable) instead of dropping the packet. ECN‐aware devices are notified of the congestion and those devices can take corrective actions. Note: ECN functions only on TCP traffic. Command mode: Interface port show interface port <port alias or number> randomdetect Displays current Random Detection and avoidance parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Quality of Service Configuration Quality of Service (QoS) commands configure the 802.1p priority value and DiffServ Code Point value of incoming packets. This allows you to differentiate between various types of traffic, and provide different priority levels. 802.1p Configuration This feature provides the G8264CS the capability to filter IP packets based on the 802.1p bits in the packetʹs VLAN header. The 802.1p bits specify the priority that you should give to the packets while forwarding them. The packets with a higher (non‐zero) priority bits are given forwarding preference over packets with numerically lower priority bits value. Table 179. 802.1p Configuration Options Command Syntax and Usage qos transmitqueue mapping <priority (0‐7)> <COSq number (0‐7)> Maps the 802.1p priority to the Class of Service queue (COSq) priority. Enter the 802.1p priority value, followed by the Class of Service queue that handles the matching traffic. Command mode: Global configuration default qos transmitqueue mapping Resets the 802.1p packet priority mapping to its default values. Command mode: Global configuration qos transmitqueue multicastmapping <priority (0‐7)> <COSq number (8‐11)> Maps the 802.1p priority to the multicast Class of Service queue (COSq) priority. Enter the 802.1p priority value, followed by the multicast Class of Service queue that handles the matching traffic. Command mode: Global configuration default qos transmitqueue multicastmapping Resets the 802.1p packet priority multicast mapping to its default values. Command mode: Global configuration qos transmitqueue weightcos <COSq number (0‐7)> <weight (0‐15)> Configures the weight of the selected Class of Service queue (COSq). Enter the queue number, followed by the scheduling weight.
DSCP Configuration These commands map the DiffServ Code Point (DSCP) value of incoming packets to a new value or to an 802.1p priority value. Table 180. DSCP Configuration Options Command Syntax and Usage qos dscp dot1pmapping <DSCP (0‐63)> <priority (0‐7)> Maps the DiffServ Code point value to an 802.1p priority value. Enter the DSCP value, followed by the corresponding 802.1p value. Command mode: Global configuration qos dscp dscpmapping <DSCP (0‐63)> <new DSCP (0‐63)> Maps the initial DiffServ Code Point (DSCP) value to a new value. Enter the DSCP value of incoming packets, followed by the new value. Command mode: Global configuration [no] qos dscp remarking Globally enables or disables DSCP re‐marking. Command mode: Global configuration show qos dscp Displays the current DSCP parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 376
Table 181. Control Plane Protection Options (continued) Command Syntax and Usage qos protocolpacketcontrol ratelimitpacketqueue <packet queue number (0‐47)> <1‐10000> Configures the number of packets per second allowed for each packet queue. Command mode: Global configuration no qos protocolpacketcontrol ratelimitpacketqueue <packet queue number (0‐47)> Clears the packet rate configured for the selected packet queue. Command mode: Global configuration show qos protocolpacketcontrol information protocol Displays of mapping of protocol packet types to each packet queue number. The status indicates whether the protocol is running or not running. Command mode: All show qos protocolpacketcontrol information queue Displays the packet rate configured for each packet queue. Command mode: All G8264CS Command Reference for ENOS 8.4...
Access Control List Configuration These commands allow you to define filtering criteria for each Access Control List (ACL). Table 185. ACL Configuration Options Command Syntax and Usage accesscontrol list <1‐256> action {permit|deny| |setpriority <0‐7>} Configures a filter action for packets that match the ACL definitions. You can choose to permit (pass) or deny (drop) packets or set the 802.1p priority level. Command mode: Global configuration accesscontrol list <1‐256> egressport port <port alias or number> Configures the ACL to function on egress packets. Command mode: Global configuration no accesscontrol list <1‐256> egressport Disables the ACL to function on egress packets. Command mode: Global configuration [no] accesscontrol list <1‐256> log Enables or disables logging for the Access Control List. Note: Enabling the LOG feature neutralizes ACL deny filter actions for Telnet and SSH traffic that is addressed to the switchʹs Layer 3 interfaces. Command mode: Global configuration [no] accesscontrol list <1‐256> statistics Enables or disables the statistics collection for the Access Control List. Command mode: Global configuration default accesscontrol list <1‐256> Resets the ACL parameters to their default values. Command mode: Global configuration show accesscontrol list <1‐256> Displays the current ACL parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 382
Table 187. Ethernet Filtering Configuration Options Command Syntax and Usage no accesscontrol list <1‐256> ethernet priority Removes the Ethernet priority value for the ACL. Command mode: Global configuration accesscontrol list <1‐256> ethernet sourcemacaddress <MAC address> [<MAC mask>] Defines the source MAC address for this ACL. Command mode: Global configuration no accesscontrol list <1‐256> ethernet sourcemacaddress Removes the source MAC address for this ACL. Command mode: Global configuration accesscontrol list <1‐256> ethernet vlan <VLAN ID (1‐4094)> [<VLAN mask>] Defines a VLAN number and mask for this ACL. Command mode: Global configuration no accesscontrol list <1‐256> ethernet vlan Removes VLAN number and mask for this ACL. Command mode: Global configuration default accesscontrol list <1‐256> ethernet Resets Ethernet parameters for the ACL to their default values. Command mode: Global configuration no accesscontrol list <1‐256> ethernet Removes Ethernet parameters for the ACL. Command mode: Global configuration show accesscontrol list <1‐256> ethernet Displays the current Ethernet parameters for the ACL. Command mode: All G8264CS Command Reference for ENOS 8.4...
Table 188. IP version 4 Filtering Configuration Options Command Syntax and Usage no accesscontrol list <1‐256> ipv4 typeofservice Deletes the configured Type of Service (ToS) value for the specified ACL. Command mode: Global configuration default accesscontrol list <1‐256> ipv4 Resets the IPv4 parameters for the ACL to their default values. Command mode: Global configuration show accesscontrol list <1‐256> ipv4 Displays the current IPv4 parameters. Command mode: All TCP/UDP Filtering Configuration These commands allow you to define TCP/UDP matching criteria for an ACL. Table 189. TCP/UDP Filtering Configuration Options Command Syntax and Usage accesscontrol list <1‐256> tcpudp sourceport <1‐65535> [<mask (0xFFFF)>] Defines a source port for the ACL. If defined, traffic with the specified TCP or UDP source port will match this ACL. Specify the port number. Listed here are some of the well‐known ports: Number Name ftpdata telnet smtp time name whois domain tftp gopher...
Packet Format Filtering Configuration These commands allow you to define Packet Format matching criteria for an ACL. Table 190. Packet Format Filtering Configuration Options Command Syntax and Usage accesscontrol list <1‐256> packetformat ethernet {ethertype2|snap|llc} Defines the Ethernet format for the ACL. Command mode: Global configuration accesscontrol list <1‐256> packetformat ip {ipv4|ipv6} Defines the IP format for the ACL. Command mode: Global configuration accesscontrol list <1‐256> packetformat tagging {any|none| |tagged} Defines the tagging format for the ACL. Command mode: Global configuration no accesscontrol list <1‐256> packetformat {ethernet|ip| |tagging} Deletes the selected format for the specified ACL. Command mode: Global configuration default accesscontrol list <1‐256> packetformat Resets Packet Format parameters for the ACL to their default values. Command mode: Global configuration show accesscontrol list <1‐256> packetformat Displays the current Packet Format parameters for the ACL. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 388
ACL Re-Mark Configuration You can choose to re‐mark IP header data for the selected ACL. You can configure different re‐mark values, based on whether packets fall within the ACL Metering profile, or out of the ACL Metering profile. Table 192. ACL Re‐Marking Configuration Options Command Syntax and Usage default accesscontrol list <1‐256> remark Sets the ACL re‐mark parameters to their default values. Command mode: Global configuration show accesscontrol list <1‐256> remark Displays current re‐mark parameters. Command mode: All Re-Marking In-Profile Configuration The following table displays Re‐Marking In‐Profile configuration commands: Table 193. ACL Re‐Marking In‐Profile Options Command Syntax and Usage accesscontrol list <1‐256> remark dot1p <0‐7> Re‐marks the 802.1p value. The value is the priority bits information in the packet structure. Command mode: Global configuration no accesscontrol list <1‐256> remark dot1p Disables the use of 802.1p priority for in‐profile traffic. Command mode: Global configuration accesscontrol list <1‐256> remark inprofile dscp <0‐63> Re‐marks the DSCP value for in‐profile traffic. Command mode: Global configuration no accesscontrol list <1‐256> remark inprofile [dscp] Deletes the re‐mark in‐profile configuration. The dscp option only disables ...
Page 390
ACL IPv6 Configuration These commands allow you to define filtering criteria for each IPv6 Access Control List (ACL). Table 195. IPv6 ACL Options Command Syntax and Usage accesscontrol list6 <1‐128> action {permit|deny| |setpriority <0‐7>} Configures a filter action for packets that match the ACL definitions. You can choose to permit (pass) or deny (drop) packets or set the 802.1p priority level. Command mode: Global configuration accesscontrol list6 <1‐128> egressport port <port alias or number> Configures the ACL to function on egress packets. Command mode: Global configuration no accesscontrol list6 <1‐128> egressport port Disables the ACL to function on egress packets. Command mode: Global configuration [no] accesscontrol list6 <1‐128> log Enables or disables Access Control List logging. Command mode: Global configuration [no] accesscontrol list6 <1‐128> statistics Enables or disables the statistics collection for the Access Control List. Command mode: Global configuration default accesscontrol list6 <1‐128> Resets the ACL parameters to their default values. Command mode: Global configuration show accesscontrol list6 <1‐128> Displays the current ACL parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 392
Table 196. IP version 6 Filtering Options Command Syntax and Usage no accesscontrol list6 <1‐128> ipv6 trafficclass Deletes the configured traffic class for the specified ACL. Command mode: Global configuration default accesscontrol list6 <1‐128> ipv6 Resets the IPv6 parameters for the ACL to their default values. Command mode: Global configuration show accesscontrol list6 <1‐128> ipv6 Displays the current IPv6 parameters. Command mode: All IPv6 TCP/UDP Filtering Configuration These commands allows you to define TCP/UDP matching criteria for an ACL. Table 197. IPv6 ACL TCP/UDP Filtering Options Command Syntax and Usage accesscontrol list6 <1‐128> tcpudp sourceport <source port number (1‐65535)> [<mask (0xFFFF)>] Defines a source port for the ACL. If defined, traffic with the specified TCP or UDP source port will match this ACL. Specify the port number. Listed here are some of the well‐known ports: Number Name ftpdata telnet smtp time name whois domain tftp...
Page 394
IPv6 Re-Mark Configuration You can choose to re‐mark IP header data for the selected ACL. You can configure different re‐mark values, based on whether packets fall within the ACL metering profile, or out of the ACL metering profile. Table 198. IPv6 Re‐Marking In‐Profile Options Command Syntax and Usage default accesscontrol list6 <1‐128> remark Sets the ACL re‐mark parameters to their default values. Command mode: Global configuration show accesscontrol list6 <1‐128> remark Displays current re‐mark parameters. Command mode: All IPv6 Re-Marking In-Profile Configuration The following table displays IPv6 Re‐Marking In‐Profile configuration commands: Table 199. IPv6 ACL Re‐Marking In‐Profile Options Command Syntax and Usage accesscontrol list6 <1‐128> remark dot1p <0‐7> Re‐marks the 802.1p value. The value is the priority bits information in the packet structure. Command mode: Global configuration no accesscontrol6 list6 <1‐128> remark dot1p Disables the use of 802.1p priority for in‐profile traffic. Command mode: Global configuration accesscontrol list6 <1‐128> remark inprofile dscp <0‐63> Re‐marks the DSCP value for in‐profile traffic. Command mode: Global configuration no accesscontrol list6 <1‐128> remark inprofile [dscp] Deletes the re‐mark in‐profile configuration. The dscp option only disables ...
Page 396
IPv6 Metering Configuration These commands define the Access Control profile for the selected ACL. Table 201. IPv6 Metering Options Command Syntax and Usage accesscontrol list6 <1‐128> meter action {drop|pass} Configures the ACL Meter to either drop or pass out‐of‐profile traffic. Command mode: Global configuration accesscontrol list6 <1‐128> meter committedrate <64‐10000000> Configures the committed rate, in kilobits per second. The committed rate must be a multiple of 64. Command mode: Global configuration [no] accesscontrol list6 <1‐128> meter enable Enables or disables ACL Metering. Command mode: Global configuration accesscontrol list6 <1‐128> meter maximumburstsize <32‐4096> Configures the maximum burst size, in kilobits. Enter one of the following values for mbsize: 32, 64, 128, 256, 512, 1024, 2048, 4096. Command mode: Global configuration default accesscontrol list6 <1‐128> meter Sets the ACL meter configuration to its default values. Command mode: Global configuration show accesscontrol list6 <1‐128> meter Displays current ACL Metering parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
ACL Group Configuration These commands allow you to compile one or more ACLs into an ACL group. Once you create an ACL group, you can assign the ACL group to one or more ports. Table 203. ACL Group Configuration Commands Command Syntax and Usage [no] accesscontrol group <1‐256> list <1‐256> Adds or removes the selected IPv4 ACL to the ACL group. Command mode: Global configuration [no] accesscontrol group <1‐256> list6 <1‐128> Adds or removes the selected IPv6 ACL to the ACL group. Command mode: Global configuration show accesscontrol group <1‐256> Displays the current ACL group parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 400
Table 205. IP version 4 Filtering Configuration Options Command Syntax and Usage accesscontrol macl <1‐128> ipv4 protocol <0‐255> Defines an IP protocol for the MACL. If defined, traffic from the specified protocol matches this filter. Specify the protocol number. Listed below are some of the well‐known protocols. Number Name icmp igmp ospf vrrp Command mode: Global configuration no accesscontrol macl <1‐128> ipv4 protocol Deletes the configured IP protocol for the specified MACL. Command mode: Global configuration accesscontrol macl <1‐128> ipv4 sourceipaddress <IP address> [<IP mask>] Defines a source IP address for the MACL. If defined, traffic with this source IP address will match this MACL. Specify an IP address in dotted decimal notation. Command mode: Global configuration no accesscontrol macl <1‐128> ipv4 sourceipaddress Deletes the configured source IP address for the specified MACL. Command mode: Global configuration no accesscontrol macl <1‐128> ipv4 Removes all the IPv4 parameters for the specified MACL. Command mode: Global configuration show accesscontrol macl <1‐128> ipv4 Displays the current IPv4 parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 402
VMAP Configuration A VLAN Map is an Access Control List (ACL) that can be assigned to a VLAN or a VM group instead of a port. In a virtualized environment where Virtual Machines move between physical servers, VLAN Maps allow you to create traffic filtering and metering policies associated with a VM’s VLAN. For more information about VLAN Map configuration commands, see “Access Control List Configuration” on page 380. For more information about assigning VLAN Maps to a VLAN, see “VLAN Configuration” on page 455. For more information about assigning VLAN Maps to a VM group, see “VM Group Configuration” on page 593. The following table lists the general VMAP configuration commands. Table 207. VMAP Configuration Options Command Syntax and Usage accesscontrol vmap <1‐128> action {permit|deny|setpriority <0‐7>} Configures a filter action for packets that match the VMAP definitions. You can choose to permit (pass) or deny (drop) packets or set the 802.1p priority level. Command mode: Global configuration accesscontrol vmap <1‐128> egressport <port alias or number> Configures the VMAP to function on egress packets. Command mode: Global configuration no accesscontrol vmap <1‐128> egressport Disables the VMAP to function on egress packets. Command mode: Global configuration accesscontrol vmap <1‐128> ethernet destinationmacaddress <MAC address> [<MAC mask>] Defines the destination MAC address for the VMAP. Command mode: Global configuration no accesscontrol vmap <1‐128> ethernet destinationmacaddress Removes the destination MAC address for the specified VMAP.
Page 404
Table 207. VMAP Configuration Options Command Syntax and Usage no accesscontrol vmap <1‐128> ipv4 destinationipaddress Disables filtering of VMAP statistics collection based on destiantion IP address. Command mode: Global configuration accesscontrol vmap <1‐128> ipv4 protocol <0‐255> Enables filtering of VMAP statistics collection based on protocol. Command mode: Global configuration no accesscontrol vmap <1‐128> ipv4 protocol Disables filtering of VMAP statistics collection based on protocol. Command mode: Global configuration accesscontrol vmap <1‐128> ipv4 sourceipaddress <IPv4 address> [<IPv4 mask>] Enables filtering of VMAP statistics collection based on source IP address. Command mode: Global configuration no accesscontrol vmap <1‐128> ipv4 sourceipaddress Disables filtering of VMAP statistics collection based on source IP address. Command mode: Global configuration accesscontrol vmap <1‐128> ipv4 typeofservice <0‐255> Enables filtering of VMAP statistics collection based on type of service. Command mode: Global configuration no accesscontrol vmap <1‐128> ipv4 typeofservice Disables filtering of VMAP statistics collection based on type of service. Command mode: Global configuration default accesscontrol vmap <1‐128> ipv4 Resets the IPv4 parameters for the VMAP to their default values. Command mode: Global configuration accesscontrol vmap <1‐128> meter action {drop|pass} Sets VMAP port metering to drop or pass out‐of‐profile traffic. Command mode: Global configuration accesscontrol vmap <1‐128> meter committedrate <64‐10000000> Sets the VMAP port metering control rate in kilobits per second. Command mode: Global configuration [no] accesscontrol vmap <1‐128> meter enable Enables or disables VMAP port metering. ...
Page 406
Table 207. VMAP Configuration Options Command Syntax and Usage accesscontrol vmap <1‐128> remark dot1p <0‐7> Sets the VMAP re‐mark configuration user update priority. Command mode: Global configuration no accesscontrol vmap <1‐128> remark dot1p Disables the use of dot1p for in‐profile traffic VMAP re‐mark configuration. Command mode: Global configuration accesscontrol vmap <1‐128> remark {inprofile|outprofile} dscp <0‐63> Sets the VMAP re‐mark configuration user update priority for in‐profile or out‐profile traffic. Command mode: Global configuration no accesscontrol vmap <1‐128> remark {inprofile| |outprofile} Removes all re‐mark in‐profile or out‐profile settings. Command mode: Global configuration no accesscontrol vmap <1‐128> remark inprofile dscp Disables the use of DSCP for in‐profile traffic. Command mode: Global configuration [no] accesscontrol vmap <1‐128> remark usetosprecedence Enables or disables the use of the TOS precedence for in‐profile traffic. Command mode: Global configuration default accesscontrol vmap <1‐128> remark Resets the VMAP re‐mark parameters to their default values. Command mode: Global configuration no accesscontrol vmap <1‐128> remark Disables re‐marking for the specified VMAP. Command mode: Global configuration [no] accesscontrol vmap <1‐128> statistics Enables or disables statistics for this access control list. Command mode: Global configuration accesscontrol vmap <1‐128> tcpudp {sourceport| |destinationport} <1‐65535> [<port mask (0x0001 ‐ 0xFFFF)>] Sets the TCP/UDP filtering source port or destination port and port mask for this ACL.
Port Mirroring Port Mirroring is disabled by default. For more information about port mirroring on the G8264CS, see “Appendix A: Troubleshooting” in the Lenovo RackSwitch G8264CS Application Guide for Lenovo Enterprise Network Operating System 8.4. Port Mirroring commands are used to configure, enable and disable the monitor port. When enabled, network packets being sent and/or received on a target port are duplicated and sent to a monitor port. By attaching a network analyzer to the monitor port, you can collect detailed information about your network performance and usage. Table 208. Port Mirroring Configuration Options Command Syntax and Usage [no] portmirroring enable Enables or disables port mirroring. Command mode: Global configuration show portmirroring Displays current settings of the mirrored and monitoring ports. Command mode: All Port-Mirroring Configuration The following table describes the Port Mirroring commands. Table 209. Port‐Based Port‐Mirroring Configuration Options Command Syntax and Usage portmirroring monitorport <port alias or number> mirroringport <port alias or number> {in|out|both} Adds the port to be mirrored. This command also allows you to enter the direction of the traffic. It is necessary to specify the direction because: If the source port of the frame matches the mirrored port and the mirrored direction is ingress or both (ingress and egress), the frame is sent to the monitoring port.
802.1X Global Configuration The global 802.1X commands allow you to configure parameters that affect all ports in the switch. Table 212. 802.1X Global Configuration Options Command Syntax and Usage dot1x maxrequest <1‐10> Sets the maximum number of times the authenticator retransmits an EAP‐Request packet to the supplicant (client). The default value is 2. Command mode: Global configuration dot1x mode {forceunauthorized|auto|forceauthorized} Sets the type of access control for all ports: forceunauthorized ‐ the port is unauthorized unconditionally. auto ‐ the port is unauthorized until it is successfully authorized by the RADIUS server. forceauthorized ‐ the port is authorized unconditionally, allowing all traffic. The default value is forceauthorized. Command mode: Global configuration dot1x quiettime <0‐65535> Sets the time, in seconds, the authenticator waits before transmitting an EAP‐Request/ Identity frame to the supplicant (client) after an authentication failure in the previous round of authentication. The default value is 60 seconds. Command mode: Global configuration [no] dot1x reauthenticate Sets the re‐authentication status to on or off. The default value is off. Command mode: Global configuration dot1x reauthenticationinterval <1‐604800> Sets the time, in seconds, the authenticator waits before re‐authenticating a ...
802.1X Guest VLAN Configuration The 802.1X Guest VLAN commands allow you to configure a Guest VLAN for unauthenticated ports. The Guest VLAN provides limited access to switch functions. Table 213. 802.1X Guest VLAN Configuration Options Command Syntax and Usage [no] dot1x guestvlan enable Enables or disables the 802.1X Guest VLAN. Command mode: Global configuration dot1x guestvlan vlan <VLAN ID (1‐4094)> Configures the Guest VLAN number. Command mode: Global configuration no dot1x guestvlan vlan Removes the Guest VLAN number. Command mode: Global configuration show dot1x Displays current 802.1X parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 414
Table 214. 802.1X Port Options (continued) Command Syntax and Usage dot1x servertimeout <1‐65535> Sets the time, in seconds, the authenticator waits for a response from the RADIUS server before declaring an authentication timeout. The default value is 30 seconds. The time interval between transmissions of the RADIUS Access‐Request packet containing the supplicant’s (client’s) EAP‐Response packet is determined by the current setting of the radiusserver timeout <1‐10> command. Command mode: Interface port dot1x supplicanttimeout <1‐65535> Sets the time, in seconds, the authenticator waits for an EAP‐Response packet from the supplicant (client) before retransmitting the EAP‐Request packet from the authentication server. The default value is 30 seconds. Command mode: Interface port dot1x transmitinterval <1‐65535> Sets the time, in seconds, the authenticator waits for an EAP‐Response/Identity frame from the supplicant (client) before retransmitting an EAP‐Request/Identity frame. The default value is 30 seconds. Command mode: Interface port [no] dot1x vlanassign Sets the dynamic VLAN assignment status to on or off. The default value is off. Command mode: Interface port default dot1x Resets the 802.1X port parameters to their default values. Command mode: Interface port show interface port <port alias or number> dot1x Displays current 802.1X port parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 416
Table 215. Spanning Tree Configuration Options (continued) Command Syntax and Usage spanningtree guard loop Enables STP loop guard. STP loop guard prevents the port from forwarding traffic if no BPDUs are received. The port is placed into a loop‐inconsistent blocking state until a BPDU is received. Command mode: Interface port/Interface portchannel spanningtree guard root Enables STP root guard. STP root guard enforces the position of the root bridge. If the bridge receives a superior BPDU, the port is placed into a root‐inconsistent state (listening). Command mode: Interface port/Interface portchannel spanningtree guard none Disables STP loop guard and root guard. Command mode: Interface port/Interface portchannel no spanningtree guard Sets the Spanning Tree guard parameters to their default values. Command mode: Interface port/Interface portchannel [no] spanningtree linktype {p2p|shared|auto} Defines the type of link connected to the port, as follows: auto: Configures the port to detect the link type, and automatically match its settings. p2p: Configures the port for Point‐To‐Point protocol. shared: Configures the port to connect to a shared medium (usually a hub). The default link type is auto. Command mode: Interface port/Interface portchannel [no] spanningtree portfast Enables or disables this port as portfast or edge port. An edge port is not connected to a bridge and can begin forwarding traffic as soon as the link is up. Configures server ports as edge ports (enabled). Note: After you configure the port as an edge port, you must disable the port and then re‐enable the port for the change to take effect.
MSTP Configuration Up to 32 Spanning Tree Groups can be configured in MSTP mode. MSTP is turned off by default and the default STP mode is PVRST. Note: When Multiple Spanning Tree is turned on, VLAN 4095 is moved from Spanning Tree Group 128 to the Common Internal Spanning Tree (CIST). When Multiple Spanning Tree is turned off, VLAN 4095 is moved back to Spanning Tree Group 128. Table 216. Multiple Spanning Tree Configuration Options Command Syntax and Usage spanningtree mst configuration Enables MSTP configuration mode. Command mode: Global configuration [no] spanningtree mst <0‐32> enable Enables or disables the specified MSTP instance. Command mode: Global configuration spanningtree mst <0‐32> priority <0‐65535> Configures the bridge priority for the specified MSTP instance. The bridge priority parameter controls which bridge on the network is the MSTP root bridge. To make this switch the root bridge, configure the bridge priority lower than all other switches and bridges on your network. The lower the value, the higher the bridge priority. The range is 0 to 65535, in steps of 4096 (0, 4096, 8192, 12288 ...) and the default value is 32768. Command mode: Global configuration no spanningtree mst <0‐32> priority Resets the bridge priority for the specified MSTP instance to the default value of 32768. Command mode: Global configuration spanningtree mst forwardtime <4‐30> Configures the forward delay time in seconds. The forward delay parameter specifies the amount of time that a bridge port has to wait before it changes from the discarding and learning states to the forwarding state. The default value is 15. Command mode: Global configuration spanningtree mst maxage <6‐40>...
Page 420
Table 216. Multiple Spanning Tree Configuration Options (continued) Command Syntax and Usage show spanningtree mst configuration Displays the current MSTP settings. Command mode: All show spanningtree mst <0‐32> information Displays current MST information for the specified instance. Command mode: All MSTP Port Configuration MSTP port parameters are used to modify MSTP operation on an individual port basis. MSTP parameters do not affect operation of RSTP/PVRST. For each port, RSTP/PVRST/MSTP is turned on by default. Table 217. MSTP Port Configuration Options Command Syntax and Usage spanningtree mst <0‐32> cost <0‐200000000> Configures the port path cost for the specified MSTP instance. The port path cost is used to help determine the designated port for a segment. Port path cost is based on the port speed, and is calculated as follows: 1Gbps = 20000 10Gbps = 2000 The default value of 0 (zero) indicates that the default path cost will be computed for an auto negotiated link speed. Command mode: Interface port/Interface portchannel [no] spanningtree mst <0‐32> enable Enables or disables the specified MSTP instance on the port. Command mode: Interface port/Interface portchannel spanningtree mst <0‐32> portpriority <0‐240>...
Page 422
RSTP/PVRST Configuration The following table describes the commands used to configure the Rapid Spanning Tree (RSTP) and Per VLAN Rapid Spanning Tree Protocol (PVRST) protocols. Table 218. RSTP/PVRST Configuration Options Command Syntax and Usage boot spanningtree maxinstances {128|256} Configures the maximum number of Spanning Tree Groups (STGs) that can be used on the switch. The default value is 128. Note: The switch needs to be reloaded for the configuration to take effect. Command mode: Global configuration no boot spanningtree maxinstances Reset the maximum number of STGs available on the switch to the default value of 128. Note: The switch needs to be reloaded for the configuration to take effect. Command mode: Global configuration [no] spanningtree stp <1‐256> enable Globally enables or disables Spanning Tree Protocol. STG is turned on by default. Command mode: Global configuration spanningtree stp <1‐256> vlan <VLAN ID (1‐4094)> Associates a VLAN with a Spanning Tree Group and requires a VLAN ID as a parameter. If the VLAN does not exist, it will be created automatically, but it will not be enabled by default. Command mode: Global configuration no spanningtree stp <1‐256> vlan {<VLAN ID (1‐4094)>|all} Breaks the association between a specified VLAN or all VLANs and a Spanning Tree Group and requires a VLAN ID as a parameter. Command mode: Global configuration default spanningtree stp <1‐256> Restores a Spanning Tree instance to its default configuration. Command mode: Global configuration G8264CS Command Reference for ENOS 8.4...
Page 424
Bridge RSTP/PVRST Configuration Spanning Tree bridge parameters affect the global STG operation of the switch. STG bridge parameters include: Bridge priority Bridge hello time Bridge maximum age Forwarding delay When configuring STG bridge parameters, the following formulas must be used: 2 × (forwarding delay ‐ 1) > bridge maximum age 2 × (bridge hello time + 1) < bridge maximum age Table 219. Bridge Spanning Tree Configuration Options Command Syntax and Usage spanningtree stp <1‐256> bridge forwarddelay <4‐30> Configures the bridge forward delay parameter. The forward delay parameter specifies the amount of time that a bridge port has to wait before it changes from the discarding and learning states to the forwarding state. The range is 4 to 30 seconds and the default is 15 seconds. Note: This command does not apply to MSTP. Command mode: Global configuration no spanningtree stp <1‐256> bridge forwarddelay Resets the bridge forward delay parameter to its default value of 15 seconds. Command mode: Global configuration spanningtree stp <1‐256> bridge hellotime <1‐10> Configures the bridge Hello time.The Hello time specifies how often the bridge transmits a configuration bridge protocol data unit (BPDU). Any bridge that is not the root bridge uses the root bridge Hello value. The range is 1 to 10 seconds and the default is 2 seconds. Note: This command does not apply to MSTP.
Page 426
RSTP/PVRST Port Configuration By default, Spanning Tree is turned off for management ports, and turned on for data ports. STG port parameters include: Port priority Port path cost Table 220. Spanning Tree Port Options Command Syntax and Usage [no] spanningtree stp <1‐256> enable Enables or disables STG on the port. Command mode: Interface port/Interface portchannel spanningtree stp <1‐256> pathcost <1‐200000000, 0 for default)> Configures the port path cost. The port path cost is used to help determine the designated port for a segment. Port path cost is based on the port speed, and is calculated as follows: 1Gbps = 20000 10Gbps = 2000 The default value of 0 (zero) indicates that the default path cost will be computed for an auto negotiated link speed. Command mode: Interface port/Interface portchannel spanningtree stp <1‐256> priority <0‐240> Configures the port priority. The port priority helps determine which bridge port becomes the designated port. In a network topology that has multiple bridge ports connected to a single segment, the port with the lowest port priority becomes the designated port for the segment. The default value is 128. RSTP/PVRST: The range is 0 to 240, in steps of 16 (0, 16, 32...). Command mode: Interface port/Interface portchannel default spanningtree stp <1‐256> Resets the STG configuration to its default settings. Command mode: Interface port/Interface portchannel show interface port <port alias or number> spanningtree stp <1‐256>...
Page 428
Static Multicast MAC Configuration The following options are available to control the forwarding of known and unknown multicast packets: All multicast packets are flooded to the entire VLAN. This is the default switch behavior. Known multicast packets are forwarded only to those ports specified. Unknown multicast packets are flooded to the entire VLAN. To configure this option, define the Multicast MAC address for the VLAN and specify ports that are to receive multicast packets (macaddresstable multicast). Known multicast packets are forwarded only to those ports specified. Unknown multicast packets are dropped. To configure this option: Define the Multicast MAC address for the VLAN and specify ports that are to receive multicast packets (macaddresstable multicast). Enable Flood Blocking on ports that are not to receive multicast packets (interface port <port alias or number>) (floodblocking). Use the following commands to configure static Multicast MAC entries in the Forwarding Database (FDB). Table 222. Static Multicast MAC Configuration Options Command Syntax and Usage [no] macaddresstable multicast <MAC address> <VLAN ID (1‐4094)> <port alias or number> Adds or removes a static multicast entry. You can list ports separated by a comma ( , ) or enter a range of ports separated by a hyphen ( ). For example: macaddresstable multicast 01:00:00:23:3f:01 200 14 Command mode: Global configuration [no] macaddresstable multicast <MAC address> port <port alias or number> Adds or removes a static multicast entry for Network Load Balancing (NLB). ...
Page 430
Table 223. FDB Configuration Options Command Syntax and Usage no macaddresstable static all [mac <MAC address>| vlan <VLAN ID (1‐4094)>] Deletes all permanent FBD entries. mac deletes all permanent entries that use the specified MAC address vlan deletes all permanent entries that use the specified vlan Command mode: Global configuration no macaddresstable static all interface {port <port alias or number>|portchannel <1‐64>|adminkey <1‐65535>} Deletes all permanent FBD entries that use the specified port, Link Aggregation Group (LAG) or LACP admin key. Command mode: Global configuration show macaddresstable Display current FDB configuration. Command mode: All G8264CS Command Reference for ENOS 8.4...
LLDP Configuration Use the following commands to configure Link Layer Detection Protocol (LLDP). Table 225. LLDP Configuration Options Command Syntax and Usage [no] lldp enable Globally enables or disables LLDP. The default setting is enabled. Command mode: Global configuration lldp holdtimemultiplier <2‐10> Configures the message hold time multiplier. The hold time is configured as a multiple of the message transmission interval. The default value is 4. Command mode: Global configuration no lldp holdtimemultiplier Resets the message hold time multiplier to its default value of 4. Command mode: Global configuration lldp refreshinterval <5‐32768> Configures the message transmission interval, in seconds. The default value is 30 seconds. Command mode: Global configuration no lldp refreshinterval Resets the message transmission interval to its default value of 30 seconds. Command mode: Global configuration lldp reinitdelay <1‐10> Configures the re‐initialization delay interval, in seconds. The re‐initialization delay allows the port LLDP information to stabilize before transmitting LLDP messages. The default value is 2 seconds. Command mode: Global configuration no lldp reinitdelay Resets the re‐initialization delay interval to its default value of 2 seconds. Command mode: Global configuration lldp transmissiondelay <1‐8192> Configures the transmission delay interval, in seconds. The transmit delay timer represents the minimum time permitted between successive LLDP ...
Page 434
LLDP Optional TLV configuration Use the following commands to configure LLDP port TLV (Type, Length, Value) options for the selected port. Table 227. Optional TLV Options Command Syntax and Usage [no] lldp tlv all Enables or disables all optional TLV information types. Command mode: Interface port [no] lldp tlv dcbx Enables or disables the DCBX information type. Command mode: Interface port [no] lldp tlv framesz Enables or disables the Maximum Frame Size information type. Command mode: Interface port [no] lldp tlv linkaggr Enables or disables the Link Aggregation information type. Command mode: Interface port [no] lldp tlv macphy Enables or disables the MAC/Phy Configuration information type. Command mode: Interface port [no] lldp tlv mgmtaddr Enables or disables the Management Address information type. Command mode: Interface port [no] lldp tlv portdesc Enables or disables the Port Description information type. Command mode: Interface port [no] lldp tlv portprot Enables or disables the Port and VLAN Protocol ID information type. Command mode: Interface port [no] lldp tlv portvid Enables or disables the Port VLAN ID information type. Command mode: Interface port G8264CS Command Reference for ENOS 8.4...
Page 436
The two types of aggregation can be configured using the following portchannel ranges: static LAGs: 1‐64 LACP LAGs: 65‐128 Up to 64 static LAGs can be configured on the G8264CS, with the following restrictions: Any physical switch port can belong to no more than one LAG. Up to 16 ports can belong to the same LAG. You must configure all ports in a LAG with the same properties (speed, duplex, flow control, STG, VLAN and so on). ® Aggregation from non‐Lenovo devices must comply with Cisco ® EtherChannel technology. By default, each LAG is empty and disabled. Table 228. LAG Configuration Options Command Syntax and Usage [no] portchannel <1‐64> enable Enables or disables the current LAG. Command mode: Global configuration portchannel <1‐64> port <port alias or number> [enable] Adds a physical port or ports to the current LAG. You can add several ports, with each port separated by a comma ( , ) or a range of ports, separated by a dash ( ‐ ). The enable option also enables the current LAG. Command mode: Global configuration no portchannel <1‐64> port <port alias or number>...
Page 438
Table 229. LAG Hash Options Command Syntax and Usage [no] portchannel thash L4port Enables or disables use of Layer 4 service ports (TCP, UDP and so on) to compute the hash value. The default setting is disabled. Command mode: Global configuration show portchannel hash Display current LAG hash configuration. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 440
Layer 3 Link Aggregation Group (LAG) Hash Layer 3 Link Aggregation Group (LAG) hash parameters are set globally. You can enable one or both parameters, to configure any of the following valid combinations: SIP (source IP only) DIP (destination IP only) SIP and DIP Use the following commands to configure Layer 3 LAG hash parameters for the switch. Table 231. Layer 3 LAG Hash Options Command Syntax and Usage portchannel thash l3thash l3destinationipaddress Enables Layer 3 LAG hashing on the destination IP address. Command mode: Global configuration portchannel thash l3thash l3sourceipaddress Enables Layer 3 LAG hashing on the source IP address. Command mode: Global configuration portchannel thash l3thash l3sourcedestinationip Enables Layer 3 LAG hashing on both the source and the destination IP address. Command mode: Global configuration portchannel thash l3thash l3usel2hash Enables use of Layer 2 hash parameters only. When enabled, Layer 3 hashing parameters are cleared. Command mode: Global configuration show portchannel hash Displays the current LAG hash settings.
Page 442
Table 232. vLAG Configuration Options Command Syntax and Usage no vlag priority Resets the vLAG priority of the switch to its default value of 0. Command mode: Global configuration vlag startupdelay <0‐3600> Sets, in seconds, the vLAG startup delay interval. The default value is 120 seconds. Command mode: Global configuration no vlag startupdelay Sets the vLAG startup‐delay timer to the default 120 seconds duration. Command mode: Global configuration vlag tierid <1‐512> Sets the vLAG peer ID. Command mode: Global configuration no vlag tierid Resets the vLAG peer ID to its default value of 0. Command mode: Global configuration [no] vlag vrrp active Enables or disables vLAG VRRP active mode. Note: If active mode is disabled, the switch will be in passive mode. In active mode, Layer 3 traffic is forwarded in all vLAG related VRRP domains. In passive mode, Layer 3 traffic is forwarded in a vLAG related VRRP domain only if either the switch or its peer virtual router is the VRRP master. Command mode: Global configuration show vlag Displays current vLAG parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 444
vLAG ISL Configuration These commands allow you to configure a dedicated inter‐switch link (ISL) for synchronization between vLAG peers. Table 234. vLAG ISL Configuration Options Command Syntax and Usage vlag isl adminkey <1‐65535> Enables vLAG Inter‐Switch Link (ISL) on the selected LACP admin key. LACP Link Aggregation Groups (LAGs) formed with this admin key will be included in the ISL. Command mode: Global configuration no vlag isl adminkey Disables vLAG Inter‐Switch Link (ISL) for LACP admin keys. Command mode: Global configuration vlag isl portchannel <1‐64> Enables vLAG Inter‐Switch Link (ISL) on the selected LAG. Command mode: Global configuration no vlag isl portchannel Disables vLAG Inter‐Switch Link (ISL) for LAGs. Command mode: Global configuration show vlag isl Displays current vLAG Inter‐Switch Link (ISL) parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Table 235. Link Aggregation Control Protocol Options Command Syntax and Usage no lacp <1‐65535> Deletes a selected LACP LAG, based on its admin key. This command is equivalent to disabling LACP on each of the ports configured with the same admin key. Command mode: Global configuration show lacp Display current LACP configuration. Command mode: All LACP Port Configuration Use the following commands to configure Link Aggregation Control Protocol (LACP) for the selected port. Table 236. LACP Port Options Command Syntax and Usage lacp key <1‐65535> Set the admin key for this port. Only ports with the same admin key and oper key (operational state generated internally) can form a LACP LAG group. Command mode: Interface port/Interface portchannel default lacp key Resets the LACP admin key of the port to the default value. Command mode: Interface port/Interface portchannel lacp mode {off|active|passive} Set the LACP mode for this port, as follows: off turns LACP off for this port. You can use this port to manually configure a static LAG. active turns LACP on and set this port to active. Active ports initiate ...
Layer 2 Failover Configuration Use these commands to configure Layer 2 Failover. For more information about Layer 2 Failover, see “High Availability” in the Lenovo RackSwitch G8264CS Application Guide for Lenovo Enterprise Network Operating System 8.4. Table 237. Layer 2 Failover Configuration Options Command Syntax and Usage [no] failover enable Globally enables or disables Layer 2 Failover. Command mode: Global configuration show failover trigger Displays current Layer 2 Failover parameters. Command mode: All Failover Trigger Configuration The following table describes the Failover Trigger commands. Table 238. Failover Trigger Configuration Options Command Syntax and Usage [no] failover trigger <1‐8> enable Enables or disables the Failover trigger. Command mode: Global configuration failover trigger <1‐8> limit <0‐1024> Configures the minimum number of operational links allowed within each trigger before the trigger initiates a failover event. If you enter a value of zero (0), the switch triggers a failover event only when no links in the trigger are operational. Command mode: Global configuration no failover trigger <1‐8>...
Page 450
Failover Manual Monitor Control Configuration Use these commands to define the port link(s) to control. The Manual Monitor Control configuration accepts any non‐management port. Table 240. Failover Manual Monitor Control Options Command Syntax and Usage [no] failover trigger <1‐8> mmon control adminkey <1‐65535> Adds or removes an LACP admin key to the Manual Monitor Control configuration. LACP Link Aggregation Groups (LAGs) formed with this admin key will be included in the Manual Monitor Control configuration. Command mode: Global configuration [no] failover trigger <1‐8> mmon control member <port alias or number> Adds or removes the selected port to the Manual Monitor Control configuration. Command mode: Global configuration [no] failover trigger <1‐8> mmon control portchannel <1‐64> Adds or removes the selected LAG to the Manual Monitor Control configuration. Command mode: Global configuration show failover trigger <1‐8> Displays the current Failover settings. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 452
Hot Links Trigger Configuration The following table describes the Hot Links Trigger commands. Table 242. Hot Links Trigger Configuration Options Command Syntax and Usage [no] hotlinks trigger <1‐25> enable Enables or disables the Hot Links trigger. Command mode: Global configuration hotlinks trigger <1‐25> forwarddelay <0‐3600> Configures the Forward Delay interval, in seconds. The default value is 1 second. Command mode: Global configuration hotlinks trigger <1‐25> name <1‐32 characters> Defines a name for the Hot Links trigger. Command mode: Global configuration no hotlinks trigger <1‐25> name Removes the name of the specified Hot Links trigger. Command mode: Global configuration [no] hotlinks trigger <1‐25> preemption Enables or disables pre‐emption, which allows the Master interface to transition to the Active state whenever it becomes available. The default setting is enabled. Command mode: Global configuration no hotlinks trigger <1‐25> Deletes the Hot Links trigger. Command mode: Global configuration show hotlinks trigger <1‐25> Displays the current Hot Links trigger settings. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 454
Hot Links Backup Configuration Use the following commands to configure the Hot Links Backup interface. Table 244. Hot Links Backup Configuration Options Command Syntax and Usage hotlinks trigger <1‐25> backup adminkey <1‐65535> Adds an LACP admin key to the Hot Links Backup interface. LACP Link Aggregation Groups (LAGs) formed with this admin key will be included in the Hot Links Backup interface. Command mode: Global configuration no hotlinks trigger <1‐25> backup adminkey Clears all LACP admin keys on the Hot Links Backup interface. Command mode: Global configuration hotlinks trigger <1‐25> backup port <port alias or number> Adds the selected port to the Hot Links Backup interface. Command mode: Global configuration no hotlinks trigger <1‐25> backup port Clears all ports added to the Hot Links Backup interface. Command mode: Global configuration hotlinks trigger <1‐25> backup portchannel <1‐64> Adds the selected LAG to the Hot Links Backup interface. Command mode: Global configuration no hotlinks trigger <1‐25> backup portchannel Clears all LAGs added to the Hot Links Backup interface. Command mode: Global configuration show hotlinks trigger <1‐25> Displays the current Hot Links trigger settings. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 456
Table 245. VLAN Configuration Options Command Syntax and Usage [no] vmap <1‐128> [serverports|nonserverports] Adds or removes a VLAN Map to the VLAN membership. You can choose to limit operation of the VLAN Map to server ports only or non‐server ports only. If you do not select a port type, the VMAP is applied to the entire VLAN. Command mode: VLAN no vlan <VLAN ID (1‐4094)> Deletes the specified VLAN. Command mode: Global configuration show vlan information Displays the current VLAN configuration. Command mode: All Note: All ports must belong to at least one VLAN. Any port which is removed from a VLAN and which is not a member of any other VLAN is automatically added to default VLAN 1. You cannot remove a port from VLAN 1 if the port has no membership in any other VLAN. Also, you cannot add a port to more than one VLAN unless the port has VLAN tagging turned on. Protocol-Based VLAN Configuration Use the following commands to configure Protocol‐based VLAN for the selected VLAN. Table 246. Protocol VLAN Configuration Options Command Syntax and Usage [no] protocolvlan <protocol number (1‐8)> enable Enables or disables the selected protocol on the VLAN. Command mode: VLAN protocolvlan <protocol number (1‐8)> frametype {ether2|llc|snap} <ethernet type>...
Private VLAN Configuration Use the following commands to configure Private VLANs. Table 247. Private VLAN Options Command Syntax and Usage privatevlan association [add|remove] <secondary VLAN list> Configures Private VLAN mapping between a primary VLAN and secondary VLANs. If no optional parameter is specified, the list of secondary VLANs, replaces the currently associated secondary VLANs. Otherwise: add appends the secondary VLANs to the ones currently associated remove excludes the secondary VLANs from the ones currently associated Command mode: VLAN [no] privatevlan community Enables or disables the VLAN type as a community VLAN. Community VLANs carry upstream traffic from host ports. A Private VLAN may have multiple community VLANs. Command mode: VLAN [no] privatevlan isolated Enables or disables the VLAN type as an isolated VLAN. The isolated VLAN carries unidirectional traffic from host ports. A Private VLAN may have only one isolated VLAN. Command mode: VLAN [no] privatevlan primary Enables or disables the VLAN type as a Primary VLAN. A Private VLAN must have only one primary VLAN. The primary VLAN carries unidirectional traffic to ports on the isolated VLAN or to community VLAN. Command mode: VLAN show vlan privatevlan [type] Displays current parameters for the selected Private VLAN(s). type lists only the VLAN type for each private VLAN: community, isolated, or primary Command mode: All G8264CS Command Reference for ENOS 8.4...
Layer 3 Configuration The following table describes basic Layer 3 Configuration commands. The following sections provide more detailed information and commands Table 249. Layer 3 Configuration Commands Command Syntax and Usage interface ip <1‐128> Configures the IP Interface. The G8264CS supports up to 128 IP interfaces. To view command options, see page 462. Command mode: Global configuration ip pim component <1‐2> Enters Protocol Independent Multicast (PIM) component configuration mode. To view command options, see page 562. Command mode: Global configuration ip routerid <IP address> Sets the router ID. Command mode: Global configuration no ip routerid Removes the router ID. Command mode: Global configuration routemap <1‐64> Enters IP Route Map mode. To view command options, see page 476. Command mode: Global configuration router bgp Enters Border Gateway Protocol (BGP) configuration mode. To view command options, see page 512. Command mode: Global configuration router ospf Enters OSPF configuration mode. To view command options, see page 485.
IP Interface Configuration The G8264CS supports up to 128 IP interfaces. Each IP interface represents the switch on an IP subnet on your network. Interface 127 and interface 128 are reserved for switch management. The interface option is disabled by default. Table 250. IP Interface Configuration Options Command Syntax and Usage interface ip <1‐128> Enter IP interface mode. Command mode: Global configuration [no] enable Enables or disables this IP interface. Command mode: Interface IP ip address <IP address> [<IP netmask>] [enable] Configures the IP address of the switch interface, using dotted decimal notation. The enable option also enables the IP interface. Command mode: Interface IP ip netmask <IP netmask> Configures the IP subnet address mask for the interface, using dotted decimal notation. Command mode: Interface IP ipv6 address <IPv6 address> [<IPv6 prefix length> [anycast]] [enable] Configures the IPv6 address of the switch interface, using hexadecimal format with colons. The anycast option configures the IPv6 address as an IPv6 anycast address. The enable option also enables the IP interface. Command mode: Interface IP ipv6 prefixlen <IPv6 prefix length (1‐128)> Configures the subnet IPv6 prefix length. The default value is 0 (zero). Command mode: Interface IP ipv6 secaddr6 address <IPv6 address> <IPv6 prefix length> [anycast] Configures the secondary IPv6 address of the switch interface, using hexadecimal format with colons. The anycast option configures the secondary IPv6 address as an IPv6 anycast address. Command mode: Interface IP no ipv6 secaddr6 address Removes the secondary IPv6 address.
IPv6 Neighbor Discovery Configuration The following table describes the IPv6 Neighbor Discovery configuration commands. Table 251. IPv6 Neighbor Discovery Configuration Options Command Syntax and Usage [no] ipv6 nd advmtu Enables or disables the MTU option in Router Advertisements. The default setting is enabled. Command mode: Interface IP ipv6 nd dadattempts <1‐10> Configures the maximum number of duplicate address detection attempts. The default value is 1. Command mode: Interface IP no ipv6 nd dadattempts Resets the maximum number of duplicate address detection attempts to the default value of 1. Command mode: Interface IP ipv6 nd hopslimit <0‐255> Configures the Router Advertisement hop limit. The default value is 64 hops. Command mode: Interface IP no ipv6 nd hopslimit Resets the IPv6 Router Advertisement hop limit to its default value of 64 hops. Command mode: Interface IP [no] ipv6 nd managedconfig Enables or disables the managed address configuration flag of the interface. When enabled, the host IP address can be set automatically through DHCP. The default setting is disabled. Command mode: Interface IP [no] ipv6 nd otherconfig Enables or disables the other stateful configuration flag, which allows the interface to use DHCP for other stateful configuration. The default setting is disabled.
Page 466
Table 251. IPv6 Neighbor Discovery Configuration Options (continued) Command Syntax and Usage ipv6 nd retransmittime <0‐4294967> ipv6 nd retransmittime <0‐4294967295> ms Configures the Router Advertisement re‐transmit timer, in seconds or milliseconds (ms). The default value is 1 second. Command mode: Interface IP no ipv6 nd retransmittime Resets the Router Advertisement re‐transmit timer to its default value of 1 second. Command mode: Interface IP [no] ipv6 nd suppressra Enables or disables IPv6 Router Advertisements on the interface. The default setting is disabled (suppress Router Advertisements). Command mode: Interface IP G8264CS Command Reference for ENOS 8.4...
IPv4 Static Route Configuration Up to 128 IPv4 static routes can be configured. Table 253. IPv4 Static Route Configuration Options Command Syntax and Usage ip route <IP subnet> <IP netmask> <IP nexthop> [<IP interface number>| |port <port alias or number>] Adds a static route. You will be prompted to enter a destination IP address, destination subnet mask, and gateway address. Enter all addresses using dotted decimal notation. Command mode: Global configuration no ip route <IP subnet> <IP netmask> [<IP interface number>|<IP nexthop> [<IP interface number>]|port <port alias or number>] Removes a static route. The destination address of the route to remove must be specified using dotted decimal notation. Command mode: Global configuration ip route ecmphash [dipsip|sip] Configures ECMP hashing parameters. You may choose one or more of the following parameters: dipsip: Destination IP and source IP address sip: Source IP address Command mode: Global configuration [no] ip route healthcheck Enables or disables static route health checks. The default setting is disabled. Command mode: Global configuration ip route interval <1‐60> Configures the ECMP health‐check ping interval, in seconds. The default value is 1 second. Command mode: Global configuration ip route retries <1‐60>...
IP Multicast Route Configuration The following table describes the IP Multicast (IPMC) route commands. Note: Before you can add an IPMC route, IGMP must be turned on, IGMP Snooping/Relay must be enabled, and the required VLANs must be added to IGMP Snooping/Relay. Table 254. IP Multicast Route Configuration Commands Command Syntax and Usage [no] ip mroute <IPMC destination> <VLAN ID (1‐4094)> <port alias or number> [{primary|backup|host} [<virtual router ID>]] Adds or removes a static multicast route. The destination address, VLAN and member port of the route must be specified. Command mode: Global configuration [no] ip mroute <IP address> <VLAN ID (1‐4094)> portchannel <1‐64> [{primary|backup|host} [<virtual router ID>]] Adds or removes a static multicast route. The destination address, VLAN, and member Link Aggregation Group (LAG) of the route must be specified. Command mode: Global configuration [no] ip mroute <IP address> <VLAN ID (1‐4094)> adminkey <1‐65535> [{primary|backup|host} [<virtual router ID>]] Adds or removes a static multicast route. The destination address, VLAN, and LACP admin key of the route must be specified. Command mode: Global configuration no ip mroute all Removes all the static multicast routes configured. Command mode: Global configuration show ip mroute Displays the current IP multicast routes. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 472
Table 256. ARP Static Configuration Options Command Syntax and Usage no ip arp all [ip <IP interface number>|interface port <port alias or number>|vlan <VLAN ID (1‐4094)>] Deletes all static ARP entries or just the ARP entries that use a specific IP interface, port or vlan. Command mode: Global configuration show [ip] arp static Displays current static ARP configuration. Command mode: All G8264CS Command Reference for ENOS 8.4...
IP Forwarding Configuration The following table describes the IP Forwarding commands. Table 258. IP Forwarding Configuration Options Command Syntax and Usage [no] ip routing Enables or disables IP forwarding (routing) on the G8264CS. Forwarding is turned on by default. Command mode: Global configuration [no] ip routing directedbroadcasts Enables or disables forwarding directed broadcasts. The default setting is disabled. Command mode: Global configuration [no] ip routing icmp6redirect Enables or disables IPv6 ICMP re‐directs. The default setting is disabled. Command mode: Global configuration [no] ip routing noicmpredirect Enables or disables ICMP re‐directs. The default setting is disabled. Command mode: Global configuration show ip routing Displays the current IP forwarding settings. Command mode: All G8264CS Command Reference for ENOS 8.4...
Routing Map Configuration Routing maps control and modify routing information. Note: The map number (1‐64) represents the routing map you wish to configure. Table 260. Routing Map Configuration Options Command Syntax and Usage routemap <1‐64> Enter route map configuration mode. Command mode: Global configuration accesslist <1‐32> Configures the Access List. For more information, see page 479. Command mode: Route map aspathlist <1‐8> Configures the Autonomous System (AS) Filter. For more information, see page 480. Command mode: Route map aspathpreference <1‐65535> Sets the AS path preference of the matched route. You can configure up to 32 path preferences. Command mode: Route map no aspathpreference Removes the AS path preference of the current route map. Command mode: Route map [no] enable Enables or disables the route map. Command mode: Route map localpreference <0‐4294967294> Sets the local preference of the matched route, which affects both inbound and outbound directions. The path with the higher preference is preferred. Command mode: Route map no localpreference Removes the local preference of the current route map.
Page 478
Table 260. Routing Map Configuration Options (continued) Command Syntax and Usage no routemap <1‐64> Deletes the route map. Command mode: Global configuration show routemap [<1‐64>] Displays the current route configuration. Command mode: All G8264CS Command Reference for ENOS 8.4...
Autonomous System Filter Path Configuration Note: The path number represents the AS path you wish to configure. Table 262. AS Filter Configuration Options Command Syntax and Usage aspathlist <1‐8> action {permit|deny} Permits or denies Autonomous System filter action. Command mode: Route map aspathlist <1‐8> aspath <1‐65535> Sets the Autonomous System filter’s path number. Command mode: Route map [no] aspathlist <1‐8> enable Enables or disables the Autonomous System filter. Command mode: Route map no aspathlist <1‐8> Deletes the Autonomous System filter. Command mode: Route map show routemap <1‐64> aspathlist <1‐8> Displays the current Autonomous System filter configuration. Command mode: All G8264CS Command Reference for ENOS 8.4...
RIP Interface Configuration The RIP Interface commands are used for configuring Routing Information Protocol parameters for the selected interface. Note: Do not configure RIP version 1 parameters if your routing equipment uses RIP version 2. Table 264. RIP Interface Options Command Syntax and Usage ip rip authentication key <password> Configures the authentication key password. Command mode: Interface IP no ip rip authentication key Removes the authentication key password. Command mode: Interface IP ip rip authentication type password <password> Configures the authentication type. The default is none. Command mode: Interface IP no ip rip authentication type Removes the authentication type. Command mode: Interface IP ip rip defaultaction {listen|supply|both} When enabled, the switch accepts RIP default routes from other routers, but gives them lower priority than configured default gateways. The default value is none. Command mode: Interface IP no ip rip defaultaction Configures the switch to reject RIP default routes. Command mode: Interface IP [no] ip rip enable Enables or disables RIP on the current interface. Command mode: Interface IP [no] ip rip listen When enabled, the switch learns routes from other routers.
RIP Route Redistribution Configuration The following table describes the RIP Route Redistribution commands. Table 265. RIP Redistribution Options Command Syntax and Usage [no] redistribute {fixed|static|ospf|eospf|ebgp|ibgp} {<1‐64>|all} Adds or removes selected routing maps to the RIP route redistribution list. To add specific route maps, enter routing map numbers, separated by a comma(,). To add or remove all 64 route maps, type all. The routes of the redistribution protocol matched by the route maps in the route redistribution list will be redistributed. Command mode: Router RIP redistribute {fixed|static|ospf|eospf|ebgp|ibgp} export <metric number (1‐15)> Exports the routes of this protocol in which the metric and metric type are specified. Command mode: Router RIP no redistribute {fixed|static|ospf|eospf|ebgp|ibgp} export Stops exporting the routes of the specified protocol. Command mode: Router RIP show ip rip redistribute Displays the current RIP route redistribute configuration. Command mode: All G8264CS Command Reference for ENOS 8.4...
Table 266. OSPF Configuration Options (continued) Command Syntax and Usage messagedigestkey <key ID (1‐255)> md5key <text string> Assigns a string to MD5 authentication key. Command mode: Router OSPF no messagedigestkey <key ID (1‐255)> Removes the MD5 authentication key. Command mode: Router OSPF redistribute {fixed|static|rip|ebgp|ibgp} Configures OSPF route redistribution. See page 494 to view command options. Command mode: Router OSPF show ip ospf Displays the current OSPF configuration settings. Command mode: All Area Index Configuration The following table describes the Area Index commands. Table 267. Area Index Configuration Options Command Syntax and Usage area <0‐5> areaid <IP address> Defines the IP address of the OSPF area number. Command mode: Router OSPF area <0‐5> authenticationtype {password|md5} Sets the authentication type. password authenticates simple passwords so that only trusted routing devices can participate. md5 is used when MD5 cryptographic authentication is required. ...
OSPF Summary Range Configuration The following table describes the OSPF Summary Range commands. Table 268. OSPF Summary Range Configuration Options Command Syntax and Usage arearange <1‐16> address <IP address> [<IP netmask>] Displays the base IP address or the IP address mask for the range. Command mode: Router OSPF arearange <1‐16> area <0‐5> Displays the area index used by the G8264CS. Command mode: Router OSPF [no] arearange <1‐16> enable Enables or disables the OSPF summary range. Command mode: Router OSPF [no] arearange <1‐16> hide Hides or shows the OSPF summary range. Command mode: Router OSPF no arearange <1‐16> Deletes the OSPF summary range. Command mode: Router OSPF show ip ospf arearange <1‐16> Displays the current OSPF summary range. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 490
Table 269. OSPF Interface Configuration Options (continued) Command Syntax and Usage [no] ip ospf passiveinterface Sets the interface as passive. On a passive interface, you can disable OSPF protocol exchanges, but the router advertises the interface in its LSAs so that IP connectivity to the attached network segment will be established. Command mode: Interface IP [no] ip ospf pointtopoint Sets the interface as point‐to‐point. Command mode: Interface IP ip ospf priority <0‐255> Configures the priority value for the G8264CS’s OSPF interfaces. A priority value of 255 is the highest and 1 is the lowest. A priority value of 0 specifies that the interface cannot be used as Designated Router (DR) or Backup Designated Router (BDR). Command mode: Interface IP ip ospf retransmitinterval <1‐3600> Configures the retransmit interval in seconds. Command mode: Interface IP ip ospf transitdelay <1‐3600> Configures the transit delay in seconds. Command mode: Interface IP no ip ospf Deletes the OSPF interface. Command mode: Interface IP show interface ip <1‐128> ospf Displays the current settings for OSPF interface. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 492
Table 270. OSPF Virtual Link Configuration Options (continued) Command Syntax and Usage areavirtuallink <1‐3> neighborrouter <IP address> Configures the router ID of the virtual neighbor. The default value is 0.0.0.0. Command mode: Router OSPF areavirtuallink <1‐3> retransmitinterval <1‐3600> Configures the retransmit interval, in seconds. The default value is 5 seconds. Command mode: Router OSPF areavirtuallink <1‐3> transitdelay <1‐3600> Configures the delay in transit, in seconds. The default value is 1 second. Command mode: Router OSPF no areavirtuallink <1‐3> Deletes OSPF virtual link. Command mode: Router OSPF show ip ospf areavirtuallink <1‐3> Displays the current OSPF virtual link settings. Command mode: All G8264CS Command Reference for ENOS 8.4...
OSPF Route Redistribution Configuration The following table describes the OSPF Route Redistribution commands. Table 272. OSPF Route Redistribution Configuration Options Command Syntax and Usage [no] redistribute {fixed|static|rip|ebgp|ibgp} <1‐64> Adds or removes selected routing map to the rmap list. This option adds a route map to the route redistribution list. The routes of the redistribution protocol matched by the route maps in the route redistribution list will be redistributed. Command mode: Router OSPF redistribute {fixed|static|rip|ebgp|ibgp} export <metric (1‐16777214)> <AS external metric type (1‐2)> Exports the routes of this protocol as external OSPF AS‐external LSAs in which the metric and metric type are specified. Command mode: Router OSPF no redistribute {fixed|static|rip|ebgp|ibgp} export Stops exporting the routes of the protocol. Command mode: Router OSPF show ip ospf redistribute Displays the current route map settings. Command mode: All OSPF MD5 Key Configuration The following table describes the OSPF MD5 Key commands. Table 273. OSPF MD5 Key Options Command Syntax and Usage messagedigestkey <1‐255> md5key <1‐16 characters>...
Page 496
Table 274. OSPFv3 Configuration Options (continued) Command Syntax and Usage neighbor <1‐256> {address <IPv6 address>|interface <1‐126>| |priority <0‐255>} Configures directly reachable routers over non‐broadcast networks.This is required for non‐broadcast multiple access (NBMA) networks and optional for Point‐to‐Multipoint networks. address configures the neighbor’s IPv6 address. interface configures the OSPFv3 interface used for the neighbor entry. priority configures the priority value used for the neighbor entry. A priority value of 255 is the highest and 1 is the lowest. A priority value of 0 specifies that the neighbor cannot be used as Designated Router or Backup Designated Router. The default value is 1. Command mode: Router OSPF3 [no] neighbor <1‐256> enable Enables or disables the specified neighbor. Command mode: Router OSPF3 no neighbor <1‐256> Deletes the neighbor entry. Command mode: Router OSPF3 [no] nssaAsbrDfRtTrans Enables or disables setting of the P‐bit in the default Type 7 LSA generated by an NSSA internal ASBR. The default setting is disabled. Command mode: Router OSPF3 referencebandwidth <0‐4294967295> Configures the reference bandwidth, in kilobits per second, used to calculate the default interface metric. The default value is 100,000. Command mode: Router OSPF3 routerid <IPv4 address> Defines the router ID.
Page 498
Table 275. OSPFv3 Area Index Configuration Options (continued) Command Syntax and Usage area <0‐2> stabilityinterval <1‐255> Configures the stability interval for an NSSA, in seconds. When the interval expires, an elected translator determines that its services are no longer required. The default value is 40 seconds. Command mode: Router OSPF3 no area <0‐2> stabilityinterval Resets the stability interval for the NSSA to its default value of 40 seconds. Command mode: Router OSPF3 area <0‐2> translationrole {always|candidate} Configures the translation role for an NSSA area, as follows: always: Type 7 LSAs are always translated into Type 5 LSAs. candidate: An NSSA border router participates in the translator election process. The default setting is candidate. Command mode: Router OSPF3 no area <0‐2> translationrole Resets the translation role for the NSSA to its default value ‐ candidate. Command mode: Router OSPF3 area <0‐2> type {transit|stub|nssa} [nosummary] Defines the type of area. For example, when a virtual link has to be established with the backbone, the area type must be defined as transit. transit allows area summary information to be exchanged between routing devices. Any area that is not a stub area or NSSA is considered to be transit area. stub is an area where external routing information is not distributed. Typically, a stub area is connected to only one other area. nssa (Not‐So‐Stubby Area) is similar to stub area with additional capabilities. For example, routes originating from within the NSSA can be ...
OSPFv3 Summary Range Configuration The following table describes the OSPFv3 Summary Range commands. Table 276. OSPFv3 Summary Range Configuration Options Command Syntax and Usage arearange <1‐16> address <IPv6 address> <prefix length (1‐128)> Configures the base IPv6 address and subnet prefix length for the range. Command mode: Router OSPF3 arearange <1‐16> area <area index (0‐2)> Configures the area index used by the switch. Command mode: Router OSPF3 [no] arearange <1‐16> enable Enables or disables the OSPFv3 summary range. Command mode: Router OSPF3 [no] arearange <1‐16> hide Hides or shows the OSPFv3 summary range. Command mode: Router OSPF3 arearange <1‐16> lsatype {summary|Type7} Configures the LSA type, as follows: Summary LSA Type7 LSA Command mode: Router OSPF3 arearange <1‐16> tag <0‐4294967295> Configures the route tag. Command mode: Router OSPF3 no arearange <1‐16> Deletes the OSPFv3 summary range. Command mode: Router OSPF3 show ipv6 ospf arearange Displays the current OSPFv3 summary range.
OSPFv3 Interface Configuration The following table describes the OSPFv3 Interface commands. Table 278. OSPFv3 Interface Configuration Options Command Syntax and Usage interface ip <1‐128> Enter Interface IP mode, from Global Configuration mode. Command mode: Global configuration ipv6 ospf area <0‐2> Configures the OSPFv3 area index. Command mode: Interface IP ipv6 ospf area <0‐2> instance <0‐255> Configures the instance ID for the interface. Command mode: Interface IP ipv6 ospf cost <1‐65535> Configures the metric value for sending a packet on the interface. Command mode: Interface IP no ipv6 ospf cost Removes the metric value for sending a packet on the interface. Command mode: Interface IP ipv6 ospf deadinterval <1‐65535> Configures the time period, in seconds, for which the router waits for hello packet from the neighbor before declaring this neighbor down. Command mode: Interface IP no ipv6 ospf deadinterval Resets the dead interval for hello packets to its default value. Command mode: Interface IP [no] ipv6 ospf enable Enables or disables OSPFv3 on the interface. Command mode: Interface IP ipv6 ospf hellointerval <1‐65535> Configures the indicated interval, in seconds, between the hello packets, that the router sends on the interface. Command mode: Interface IP no ipv6 ospf hellointerval Resets the hello interval for hello packets to its default value.
Page 504
Table 278. OSPFv3 Interface Configuration Options (continued) Command Syntax and Usage ipv6 ospf retransmitinterval <1‐1800> Configures the interval in seconds, between LSA retransmissions for adjacencies belonging to interface. Command mode: Interface IP no ipv6 ospf retransmitinterval Resets the interval between LSA retransmissions for adjacencies belonging to the current interface to its default value. Command mode: Interface IP ipv6 ospf transmitdelay <1‐1800> Configures the estimated time, in seconds, taken to transmit LS update packet over this interface. Command mode: Interface IP no ipv6 ospf transmitdelay Resets the estimated time taken to transmit LS update packet over the current interface to its default value. Command mode: Interface IP no ipv6 ospf Deletes OSPFv3 from interface. Command mode: Interface IP show ipv6 ospf interface Displays the current settings for OSPFv3 interface. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 506
Table 279. Layer 3 IPsec Configuration Options (continued) Command Syntax and Usage ipv6 ospf encryption ipsec spi <256‐4294967295> esp {3des|aescbc|null} <encryption key (hexadecimal)> {md5|sha1|none} <authentication key (hexadecimal)> Configures the Security Parameters Index (SPI), encryption algorithm, authentication algorithm, and authentication key for the Encapsulating Security Payload (ESP). The ESP algorithms supported are: 3des (hexadecimal key length is 48) aescbc (hexadecimal key length is 32) null means ESP with no encryption. The authentication algorithms supported are: md5 (hexadecimal key length is 32) sha1 (hexadecimal key length is 40) none means ESP with no authentication. Note: If the encryption algorithm is null, the authentication algorithm must be either MD5 or SHA1. If an encryption algorithm is specified (3DES or AES‐CBC), the authentication algorithm can be none. Command mode: Interface IP no ipv6 ospf encryption ipsec spi <256‐4294967295> Disables the specified Encapsulating Security Payload (ESP) SPI. Command mode: Interface IP ipv6 ospf encryption ipsec default Resets the Encapsulating Security Payload (ESP) configuration to default values. Command mode: Interface IP G8264CS Command Reference for ENOS 8.4...
OSPFv3 Redistribute Entry Configuration The following table describes the OSPFv3 Redistribute Entry commands. Table 283. OSPFv3 Redist Entry Configuration Options Command Syntax and Usage redistconfig <1‐128> address <IPv6 address> <IPv6 prefix length (1‐128)> Configures the base IPv6 address and the subnet prefix length for the redistribution entry. Command mode: Router OSPF3 [no] redistconfig <1‐128> enable Enables or disables the OSPFv3 redistribution entry. Command mode: Router OSPF3 redistconfig <1‐128> metrictype {asExttype1|asExttype2} Configures the metric type applied to the route before it is advertised into the OSPFv3 domain. Command mode: Router OSPF3 redistconfig <1‐128> metricvalue <1‐16777215> Configures the route metric value applied to the route before it is advertised into the OSPFv3 domain. Command mode: Router OSPF3 redistconfig <1‐128> tag <0‐4294967295> Configures the route tag. Command mode: Router OSPF3 no redistconfig <1‐128> tag Removes the route tag. Command mode: Router OSPF3 no redistconfig <1‐128> Deletes the OSPFv3 redistribution entry. Command mode: Router OSPF3 show ipv6 ospf redistconfig <1‐128> Displays the current OSPFv3 redistribution configuration for the specified entry. Command mode: All G8264CS Command Reference for ENOS 8.4...
Border Gateway Protocol Configuration Border Gateway Protocol (BGP) is an Internet protocol that enables routers on a network to share routing information with each other and advertise information about the segments of the IP address space they can access within their network with routers on external networks. BGP allows you to decide what is the “best” route for a packet to take from your network to a destination on another network, rather than simply setting a default route from your border router(s) to your upstream provider(s). You can configure BGP either within an autonomous system or between different autonomous systems. When run within an autonomous system, itʹs called internal BGP (iBGP). When run between different autonomous systems, itʹs called external BGP (eBGP). BGP is defined in RFC 1771. BGP commands enable you to configure the switch to receive routes and to advertise static routes, fixed routes and virtual server IP addresses with other internal and external routers. BGP is turned off by default. Note: Fixed routes are subnet routes. There is one fixed route per IP interface. Table 285. Border Gateway Protocol Options Command Syntax and Usage router bgp Enter Router BGP configuration mode. Command mode: Global configuration aggregateaddress <1‐16> Configures aggregation IP address. To view command options, see page 517. Command mode: Router BGP as <0‐65535> Set Autonomous System number. Command mode: Router BGP [no] asn4comp Enables or disables ASN4 to ASN2 compatibility. Command mode: Router BGP [no] bestpath aspath multipathrelax Changes the default best path selection configuration by allowing load sharing ...
Table 285. Border Gateway Protocol Options (continued) Command Syntax and Usage [no] set ip nexthop peeraddress Applied on output, sets the next‐hop of the advertised matching routes to the current peer address of the local router. Applied on input, sets the next‐hop of the received matching routes to the neighbor address, overriding other existing next‐hops. Use the no form of the command to remove the entry. Command mode: Route map show ip bgp Displays the current BGP configuration. Command mode: All BGP Peer Configuration Use these commands to configure BGP peers, which are border routers that exchange routing information with routers on internal and external networks. The peer option is disabled by default. Table 286. BGP Peer Configuration Options Command Syntax and Usage neighbor <1‐96> advertisementinterval <1‐65535> Sets time, in seconds, between advertisements. The default value is 60 seconds. Command mode: Router BGP [no] neighbor <1‐96> nexthopself Enables or disables enforcing the use the router’s own IP address as next‐hop attribute when sending BGP updates to the peer. Note: Applicable only for EBGP routes. Command mode: Router BGP [no] neighbor <1‐96> passive Enables or disables BGP passive mode, which prevents the switch from ...
Page 516
Table 286. BGP Peer Configuration Options (continued) Command Syntax and Usage neighbor <1‐96> shutdown Disables this peer configuration. Command mode: Router BGP no neighbor <1‐96> shutdown Enables this peer configuration. Command mode: Router BGP neighbor <1‐96> timetolive <1‐255> Time‐to‐live (TTL) is a value in an IP packet that tells a network router whether or not the packet has been in the network too long and should be discarded. TTL specifies a certain time span in seconds that, when exhausted, would cause the packet to be discarded. The TTL is determined by the number of router hops the packet is allowed before it must be discarded. This command specifies the number of router hops that the IP packet can make. This value is used to restrict the number of “hops” the advertisement makes. It is also used to support multi‐hops, which allow BGP peers to talk across a routed network. The default number is set at 1. Note: The TTL value is significant only to eBGP peers, for iBGP peers the TTL value in the IP packets is always 255 (regardless of the configured value). Command mode: Router BGP no neighbor <1‐96> timetolive Disables the TTL feature. Command mode: Router BGP neighbor <1‐96> timers holdtime <0, 3‐65535> Sets the period of time, in seconds, that will elapse before the peer session is torn down because the switch hasn’t received a “keep alive” message from the peer. The default value is 180 seconds. Command mode: Router BGP neighbor <1‐96> timers keepalive <0‐21845> Sets the keep‐alive time for the specified peer, in seconds. The default value is 60 seconds. Command mode: Router BGP neighbor <1‐96> ttlsecurity hops <1‐254>...
BGP Neighbor Redistribution Configuration This menu enables you to redistribute routes learned from various routing information sources into BGP. Table 288. BGP Neighbor Redistribution Configuration Options Command Syntax and Usage neighbor <1‐96> redistribute defaultaction {import| |originate|redistribute} Sets default route action. Defaults routes can be configured as follows: import: Import these routes. originate: The switch sends a default route to peers if it does not have any default routes in its routing table. redistribute: Default routes are either configured through default gateway or learned through other protocols and redistributed to peer. If the routes are learned from default gateway configuration, you have to enable static routes since the routes from default gateway are static routes. Similarly, if the routes are learned from a certain routing protocol, you have to enable that protocol. Command mode: Router BGP no neighbor <1‐96> redistribute defaultaction Disables the default route action configuration. Command mode: Router BGP neighbor <1‐96> redistribute defaultmetric <1‐4294967294> Sets default metric of advertised routes. Command mode: Router BGP no neighbor <1‐96> redistribute defaultmetric Disables the default metric configuration of advertised routes. Command mode: Router BGP [no] neighbor <1‐96> redistribute {fixed|ospf|rip|static} Enables or disables advertising fixed, OSPF, RIP or static routes. Command mode: Router BGP show ip bgp neighbor <1‐96> redistribute Displays current redistribution configuration.
Page 520
Table 289. BGP Peering Group Configuration Options (continued) Command Syntax and Usage neighbor group <1‐8> redistribute Configures BGP neighbor group redistribution. To view command options, see page 523. Command mode: Router BGP neighbor group <1‐8> remoteas <AS number (1‐65535)> [alternateas <AS number (1‐65535)>] Adds a remote access server (RAS) into the RAS list. Using the alternateas option you can add up to 5 alternate access servers. Command mode: Router BGP neighbor group <1‐8> routemap {in|out} <route map ID (1‐64)> Adds route map into in‐route or out‐route map list. Command mode: Router BGP no neighbor group <1‐8> routemap {in|out} {<route map ID (1‐64)>|all} Removes route map from in‐route map list. Command mode: Router BGP neighbor group <1‐8> routeoriginationinterval <min orig time (1‐65535)> Sets the minimum time between route originations, in seconds. The default value is 15 seconds. Command mode: Router BGP [no] neighbor group <1‐8> routereflectorclient Enables or disables the group as a route reflector client. Configuring route reflector clients, implicitly sets up the local router as a route reflector. Command mode: Router BGP [no] neighbor group <1‐8> sendcommunity Enables or disables sending a community attribute to a BGP neighbor group. Command mode: Router BGP no neighbor group <1‐8> shutdown Enables this peering group configuration. Command mode: Router BGP neighbor group <1‐8> shutdown Disables this peering group configuration.
Page 522
Table 289. BGP Peering Group Configuration Options (continued) Command Syntax and Usage no neighbor group <1‐8> Deletes this peering group configuration. Command mode: Router BGP show ip bgp neighbor group [<1‐8>] Displays the current peering group configuration. Command mode: All G8264CS Command Reference for ENOS 8.4...
MLD Global Configuration The following table describes the commands used to configure global MLD parameters. Table 291. MLD Global Configuration Commands Command Syntax and Usage ipv6 mld Enter MLD global configuration mode. Command mode: Global configuration [no] enable Globally enables or disables MLD. Command mode: MLD Configuration default Resets MLD parameters to their default values. Command mode: MLD Configuration show ipv6 mld Displays the current MLD configuration parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 526
Table 292. MLD Interface Configuration Commands (continued) Command Syntax and Usage ipv6 mld robust <1‐10> Configures the MLD Robustness variable, which allows you to tune the switch for expected packet loss on the subnet. If the subnet is expected to be lossy (high rate of packet loss), increase the value. The default value is 2. Command mode: Interface IP no ipv6 mld robust Resets the MLD Robustness variable to its default value of 2. Command mode: Interface IP ipv6 mld version <1‐2> Defines the MLD protocol version number. The default value is 1. Command mode: Interface IP no ipv6 mld version Resets the MLD protocol version number to its default value of 1. Command mode: Interface IP ipv6 mld default Resets MLD parameters for the selected interface to their default values. Command mode: Interface IP G8264CS Command Reference for ENOS 8.4...
IGMP Snooping Configuration IGMP Snooping allows the switch to forward multicast traffic only to those ports that request it. IGMP Snooping prevents multicast traffic from being flooded to all ports. The switch learns which server hosts are interested in receiving multicast traffic, and forwards it only to ports connected to those servers. The following table describes the commands used to configure IGMP Snooping. Table 294. IGMP Snooping Configuration Options Command Syntax and Usage [no] ip igmp snoop aggregate Enables or disables IGMP Membership Report aggregation. Command mode: Global configuration [no] ip igmp snoop enable Enables or disables IGMP Snooping. Command mode: Global configuration [no] ip igmp snoop mroutertimeout <1‐600> Configures the timeout value for IGMP Membership Queries (mrouter). Once the timeout value is reached, the switch removes the multicast router from its IGMP table, if the proper conditions are met. The range is from 1 to 600 seconds. The default is 255 seconds. Command mode: Global configuration [no] ip igmp snoop sourceip <IP address> Configures the source IP address used as a proxy for IGMP Group Specific Queries. Command mode: Global configuration ip igmp snoop vlan <VLAN ID (1‐4094)> Adds the selected VLAN(s) to IGMP Snooping. Command mode: Global configuration no ip igmp snoop vlan {<VLAN ID (1‐4094)>|all} Removes all VLANs or just the specified VLAN(s) from IGMP Snooping. Command mode: Global configuration default ip igmp snoop Resets IGMP Snooping parameters to their default values. Command mode: Global configuration show ip igmp snoop Displays the current IGMP Snooping parameters.
IGMP Relay Configuration When you configure IGMP Relay, also configure the IGMP Relay multicast routers. The following table describes the commands used to configure IGMP Relay. Table 296. IGMP Relay Configuration Options Command Syntax and Usage [no] ip igmp relay enable Enables or disables IGMP Relay. Command mode: Global configuration ip igmp relay report <0‐150> Configures the interval between unsolicited Join reports sent by the switch, in seconds. The default value is 10. Command mode: Global configuration ip igmp relay vlan <VLAN ID (1‐4094)> Adds the VLAN or range of VLANs to the list of IGMP Relay VLANs. Command mode: Global configuration no ip igmp relay vlan {<VLAN ID (1‐4094)>|all} Removes all VLANs or just the specified VLAN from the list of IGMP Relay VLANs. Command mode: Global configuration show ip igmp relay Displays the current IGMP Relay configuration. Command mode: All G8264CS Command Reference for ENOS 8.4...
IGMP Static Multicast Router Configuration The following table describes the commands used to configure a static multicast router. Note: When static Mrouters are used, the switch continues learning dynamic Mrouters via IGMP snooping. However, dynamic Mrouters may not replace static Mrouters. If a dynamic Mrouter has the same port and VLAN combination as a static Mrouter, the dynamic Mrouter is not learned. Table 298. IGMP Static Multicast Router Configuration Options Command Syntax and Usage ip igmp mrouter port <port alias or number> <VLAN ID (1‐4094)> <version (1‐3)> Selects a port/VLAN combination on which the static multicast router is connected, and configures the IGMP version of the multicast router. Command mode: Global configuration no ip igmp mrouter {port <port alias or number> <VLAN ID (1‐4094)> <version (1‐3)>|all} Removes all static multicast routers or a specific static multicast router from the selected port/VLAN combination. Command mode: Global configuration clear ip igmp mrouter Clears the dynamic multicast router port table. Command mode: Privileged EXEC show ip igmp mrouter Displays the current IGMP Multicast Router parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 534
IGMP Filtering Port Configuration The following table describes the commands used to configure a port for IGMP filtering. Table 301. IGMP Filter Port Configuration Options Command Syntax and Usage [no] ip igmp filtering Enables or disables IGMP filtering on this port. Command mode: Interface port [no] ip igmp profile <1‐16> Adds or removes an IGMP filter to this port. Command mode: Interface port show interface port <port alias or number> igmpfiltering Displays the current IGMP filter parameters for this port. Command mode: All G8264CS Command Reference for ENOS 8.4...
Table 302. IGMP Advanced Configuration Options (continued) Command Syntax and Usage ip igmp timeout <1‐255> Configures the timeout value for IGMP Membership Reports (host). Once the timeout value is reached, the switch removes the host from its IGMP table, if the conditions are met. The range is from 1 to 255 seconds. The default is 10 seconds. Command mode: Global configuration no ip igmp timeout Resets the timeout value for IGMP Membership Reports (host) to its default value of 10 seconds. Command mode: Global configuration IGMP Querier Configuration The following table describes the commands used to configure IGMP Querier. Table 303. IGMP Querier Configuration Options Command Syntax and Usage [no] ip igmp querier enable Enables or disables IGMP Querier. Command mode: Global configuration ip igmp querier vlan <VLAN ID (1‐4094)> electiontype {ipv4|mac} Sets the IGMP Querier election criteria as IP address or Mac address. The default setting is ipv4. Command mode: Global configuration no ip igmp querier vlan <VLAN ID (1‐4094)> electiontype Resets the IGMP Querier election criteria to its default value ‐ ipv4. Command mode: Global configuration [no] ip igmp querier vlan <VLAN ID (1‐4094)> enable Enables or disables IGMP Querier for the selected VLANs.
Page 538
Table 303. IGMP Querier Configuration Options (continued) Command Syntax and Usage ip igmp querier vlan <VLAN ID (1‐4094)> startupinterval <1‐608> Configures the Startup Query Interval, which is the interval between General Queries sent out at startup. The default value is 31 seconds. Command mode: Global configuration no ip igmp querier vlan <VLAN ID (1‐4094)> startupinterval Resets the Startup Query Interval to its default value of 31 seconds. Command mode: Global configuration ip igmp querier vlan <VLAN ID (1‐4094)> version {v1|v2|v3} Configures the IGMP version. The default version is v3. Command mode: Global configuration no ip igmp querier vlan <VLAN ID (1‐4094)> version Resets the IGMP version to its default value of v3. Command mode: Global configuration no ip igmp querier vlan <VLAN ID (1‐4094)> Deletes the IGMP Querier configuration for the specified VLAN. Command mode: Global configuration show ip igmp querier Displays the current IGMP Querier parameters. Command mode: All show ip igmp querier vlan <VLAN ID (1‐4094)> Displays IGMP Querier information for the selected VLAN. Command mode: Global configuration G8264CS Command Reference for ENOS 8.4...
Page 540
IKEv2 Proposal Configuration The following table describes the commands used to configure an IKEv2 proposal. IKEv2 proposal includes an encryption algorithm (cipher), an authentication algorithm type and a Diffie‐Hellman (DH) group, which determines the strength of the key used in the key exchange process. Higher DH group numbers are more secure but require additional time to compute the key. Table 306. IKEv2 Proposal Options Command Syntax and Usage ikev2 proposal Enter IKEv2 proposal mode. Command mode: Global configuration encryption {3des|aescbc} Configures IKEv2 encryption mode. The default value is 3des. Command mode: IKEv2 proposal group 24 Configures the DH group. The default group is 2. Command mode: IKEv2 proposal integrity sha1 Configures the IKEv2 authentication algorithm type. The default value is sha1. Command mode: IKEv2 proposal show ikev2 proposal Displays the current IKEv2 Proposal configuration. Command mode: All G8264CS Command Reference for ENOS 8.4...
IPsec Configuration The following table describes the commands used to configure IPsec. Table 308. IPsec Options Command Syntax and Usage [no] ipsec enable Enables or disables IPsec. Command mode: Global configuration show ipsec Displays the current IPsec settings. Command mode: All IPsec Transform Set Configuration The following table describes the commands used to configure IPsec transforms. Table 309. IPsec Transform Set Options Command Syntax and Usage ipsec transformset <1‐10> {ahsha1|esp3des|espaescbc| |espnull|espsha1} Sets the AH or ESP authentication, encryption, or integrity algorithm. The available algorithms are as follows: ahsha1 esp3des espaescbc espnull espsha1 ...
Page 544
IPsec Dynamic Policy Configuration The following table describes the commands used to configure an IPsec dynamic policy. Table 311. IPsec Dynamic Policy Options Command Syntax and Usage ipsec dynamicpolicy <1‐10> Enter IPsec dynamic policy mode. Command mode: Global configuration peer <IPv6 address> Sets the remote peer IP address. Command mode: IPsec dynamic policy pfs {enable|disable} Enables or disables perfect forward security. Command mode: IPsec dynamic policy salifetime <120‐86400> Sets the IPsec SA lifetime in seconds. The default value is 86400 seconds. Command mode: IPsec dynamic policy trafficselector <1‐10> Sets the traffic selector for the IPsec policy. Command mode: IPsec dynamic policy transformset <1‐10> Sets the transform set for the IPsec policy. Command mode: IPsec dynamic policy show ipsec dynamicpolicy <1‐10> Displays the current IPsec dynamic policy settings. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 546
Table 312. IPsec Manual Policy Options (continued) Command Syntax and Usage outah spi <256‐4294967295> Sets the outbound Authentication Header (AH) Security Parameter Index (SPI). Note: For manual policies, when peering with a third‐party device, key lengths are fixed to 20 characters for SHA1. Command mode: IPsec manual policy outesp {authkey|cipherkey} <key code (hexadecimal)> Sets the outbound Encapsulating Security Payload (ESP) authenticator key or cipher key. Note: For manual policies, when peering with a third‐party device, key lengths are fixed to 8 characters for DES and to 24 characters for 3DES and AES‐CBC encryption. Command mode: IPsec manual policy outesp spi <256‐4294967295> Sets the outbound Encapsulating Security Payload (ESP) Security Parameter Index (SPI). Note: For manual policies, when peering with a third‐party device, key lengths are fixed to 20 characters for SHA1. Command mode: IPsec manual policy peer <IPv6 address> Sets the remote peer IP address. Command mode: IPsec manual policy trafficselector <1‐10> Sets the traffic selector for the IPsec policy. Command mode: IPsec manual policy transformset <1‐10> Sets the transform set for the IPsec policy. Command mode: IPsec manual policy show ipsec manualpolicy <1‐10> Displays the current IPsec manual policy settings. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 548
Table 313. Domain Name Service Options Command Syntax and Usage ip dns ipv6 secondaryserver [<IPv6 address>] [dataport| |mgtport] You are prompted to set the IPv6 address for your secondary DNS server, using hexadecimal format with colons. If the primary DNS server fails, the configured secondary will be used instead. Command mode: Global configuration no ip dns ipv6 secondaryserver Removes the IPv6 secondary DNS server. Command mode: Global configuration ip dns ipv6 requestversion {ipv4|ipv6} Sets the protocol used for the first request to the DNS server, as follows: IPv4 IPv6 Command mode: Global configuration show ip dns Displays the current Domain Name System settings. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 550
Table 315. BOOTP Relay Broadcast Domain Configuration Options (continued) Command Syntax and Usage no ip bootprelay bcastdomain <1‐10> Deletes the selected broadcast domain configuration. Command mode: Global configuration show ip bootprelay Displays the current parameters for the BOOTP Relay broadcast domain. Command mode: All Option 82 Configuration These commands allow you to configure DHCP option 82 information. The switch can use the following DHCP option 82 sub‐options to allocate server addresses. Circuit ID: Identifies the host name or MAC addresses of the switch making the DHCP request. Remote ID: Identifies the port that receives the DHCP request. DHCP Relay Agent (Option 82) is defined in RFC 3046. Table 316. Option 82 Configuration Options Command Syntax and Usage [no] ip bootprelay information enable Enables or disables BOOTP Option 82. Command mode: Global configuration ip bootprelay information policy {keep|drop|replace} Configures the DHCP re‐forwarding policy, as follows: keep: Retains requests that contain relay information if the option 82 information is also present. drop: Discards requests that contain relay information if the option 82 ...
Page 552
Table 317. Virtual Router Redundancy Protocol Options Command Syntax and Usage virtualrouter <1‐128> Configures virtual routers for the switch. To view command options, see page 553. Command mode: Router VRRP show ip vrrp Displays the current VRRP parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 554
Table 318. VRRP Virtual Router Configuration Options (continued) Command Syntax and Usage [no] virtualrouter <1‐128> preemption Enables or disables master preemption. When enabled, if this virtual router is in backup mode but has a higher priority than the current master, this virtual router will preempt the lower priority master and assume control. Note that even when preemption is disabled, this virtual router will always pre‐empt any other master if this switch is the owner (the IP interface address and virtual router addr are the same). By default, this option is enabled. Command mode: Router VRRP virtualrouter <1‐128> priority <1‐254> Defines the election priority bias for this virtual server. During the master router election process, the routing device with the highest virtual router priority number wins. If there is a tie, the device with the highest IP interface address wins. If this virtual router’s IP address is the same as the one used by the IP interface, the priority for this virtual router will automatically be set to 255 (highest). When priority tracking is used, this base priority value can be modified according to a number of performance and operational criteria. The priority value can be any integer between 1 and 254. The default value is 100. Command mode: Router VRRP virtualrouter <1‐128> timers advertise <1‐255> Defines the time interval between VRRP master advertisements. This can be any integer between 1 and 255 seconds. The default value is 1. Command mode: Router VRRP virtualrouter <1‐128> timers preemptdelaytime <0‐255> Configures the preempt delay interval (in seconds). This timer is configured on the virtual router and prevents the switch from transitioning back to Master state until the preempt delay interval has expired. Ensure that the interval is long enough for OSPF or other routing protocols to converge. The default is 0 seconds. Command mode: Router VRRP virtualrouter <1‐128> track Enables the priority system used when electing the master router from a pool ...
Virtual Router Priority Tracking Configuration These commands are used for modifying the priority system used when electing the master router from a pool of virtual routers. Various tracking criteria can be used to bias the election results. Each time one of the tracking criteria is met, the priority level for the virtual router is increased by an amount defined through the VRRP Tracking commands. Criteria are tracked dynamically, continuously updating virtual router priority levels when enabled. If the virtual router preemption option is enabled, this virtual router can assume master routing authority when its priority level rises above that of the current master. Some tracking criteria apply to standard virtual routers, otherwise called “virtual interface routers.” A virtual server router is defined as any virtual router whose IP address is the same as any configured virtual server IP address. Table 319. VRRP Priority Tracking Configuration Options Command Syntax and Usage [no] virtualrouter <1‐128> track interfaces When enabled, the priority for this virtual router will be increased for each other IP interface active on this switch. An IP interface is considered active when there is at least one active port on the same VLAN. This helps elect the virtual routers with the most available routes as the master. This command is disabled by default. Command mode: Router VRRP [no] virtualrouter <1‐128> track ports When enabled, the priority for this virtual router will be increased for each active port on the same VLAN. A port is considered “active” if it has a link and is forwarding traffic. This helps elect the virtual routers with the most available ports as the master. This command is disabled by default. Command mode: Router VRRP [no] virtualrouter <1‐128> track virtualrouters When enabled, the priority for this virtual router will be increased for each virtual router in master mode on this switch. This is useful for making sure ...
Page 558
Table 320. VRRP Virtual Router Group Configuration Options (continued) Command Syntax and Usage [no] group preemption Enables or disables master pre‐emption. When enabled, if the virtual router group is in backup mode but has a higher priority than the current master, this virtual router will pre‐empt the lower priority master and assume control. Note that even when preemption is disabled, this virtual router will always pre‐empt any other master if this switch is the owner (the IP interface address and virtual router address are the same). The default setting is enabled. Command mode: Router VRRP group priority <1‐254> Defines the election priority bias for this virtual router group. During the master router election process, the routing device with the highest virtual router priority number wins. If there is a tie, the device with the highest IP interface address wins. If this virtual router’s IP address (addr) is the same as the one used by the IP interface, the priority for this virtual router will automatically be set to 255 (highest). This can be any integer between 1 and 254. The default value is 100. When priority tracking is used, this base priority value can be modified according to a number of performance and operational criteria. Command mode: Router VRRP group track Enables the priority system used when electing the master router from a pool of virtual router groups. To view command options, see page 559. Command mode: Router VRRP group virtualrouterid <1‐255> Defines the virtual router ID (VRID). The VRID for standard virtual routers (where the virtual router IP address is not the same as any virtual server) can be any integer between 1 and 128. All VRID values must be unique within the VLAN to which the virtual router’s IP interface (see interface) belongs. The default virtual router ID is 1. Command mode: Router VRRP no group Deletes the virtual router group from the switch configuration.
VRRP Interface Configuration These commands are used for configuring VRRP authentication parameters for the IP interfaces used with the virtual routers. Note: The interface represents the IP interface on which authentication parameters must be configured. Table 322. VRRP Interface Options Command Syntax and Usage interface <1‐126> authentication {password|none} Defines the type of authentication that will be used: none (no authentication) password (password authentication). Command mode: Router VRRP interface <1‐126> password <password> Defines a plain text password up to eight characters long. This password will be added to each VRRP packet transmitted by this interface when password authentication is chosen (see interface authentication above). Command mode: Router VRRP no interface <1‐126> password Resets the configured password to its default value. Command mode: Router VRRP no interface <1‐126> Clears the authentication configuration parameters for this IP interface. The IP interface itself is not deleted. Command mode: Router VRRP show ip vrrp interface <1‐126> Displays the current configuration for this IP interface’s authentication parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 562
Protocol Independent Multicast Configuration The following table describes the PIM commands. Table 324. PIM Configuration Options Command Syntax and Usage ip pim component <1‐2> Enter PIM component mode. Command mode: Global configuration no ip pim component <2> Deletes the PIM component. Command mode: Global configuration [no] ip pim enable Globally enables or disables PIM. Command mode: Global configuration [no] ip pim pmbr enable Enables or disables PIM border router. The default setting is disabled. Command mode: Global configuration ip pim regstopratelimitperiod <0‐2147483647> Configures the register stop rate limit, in seconds. The default value is 5 seconds. Command mode: Global configuration default ip pim regstopratelimitperiod Reset the register stop rate limit to its default value of 5 seconds. Command mode: Global configuration no ip pim regstopratelimitperiod Disables the register stop rate limit. Command mode: Global configuration [no] ip pim staticrp enable Enables or disables static RP configuration. The default setting is disabled. Command mode: Global configuration G8264CS Command Reference for ENOS 8.4...
Page 564
RP Candidate Configuration Use these commands to configure a PIM router Rendezvous Point (RP) candidate. Table 326. RP Candidate Configuration Options Command Syntax and Usage rpcandidate holdtime <0‐255> Configures the hold time of the RP candidate, in seconds. Command mode: PIM Component no rpcandidate holdtime Resets the hold time of the RP candidate to its default value of 0 seconds. Command mode: PIM Component [no] rpcandidate rpaddress <group multicast address> <group subnet mask> <IP address> Adds or removes an RP candidate. Command mode: PIM Component RP Static Configuration Use these commands to configure a static PIM router Rendezvous Point (RP). Table 327. RP Static Configuration Options Command Syntax and Usage rpstatic rpaddress <group multicast address> <group subnet mask> <IP address> Adds a static RP. Command mode: PIM Component no rpstatic rpaddress <group multicast address> <group subnet mask> Removes the specified static RP. Command mode: PIM Component G8264CS Command Reference for ENOS 8.4...
Page 566
Table 328. PIM Interface Configuration Options (continued) Command Syntax and Usage ip pim helloholdtime <1‐65535> Configures the time period in seconds for which a neighbor is to consider this switch to be operative (up). The default value is 105 seconds. Command mode: Interface IP [default|no] ip pim helloholdtime Resets the PIM Hello packets hold time to its default value of 105 seconds. Command mode: Interface IP ip pim hellointerval <0‐65535> Configures the time interval, in seconds, between PIM Hello packets. The default value is 30 seconds. Command mode: Interface IP [default|no] ip pim hellointerval Resets the time interval between PIM Hello packets to its default value of 30 seconds. Command mode: Interface IP ip pim joinpruneinterval <0‐65535> Configures the interval between Join Prune messages, in seconds. The default value is 60 seconds. Command mode: Interface IP [default|no] ip pim joinpruneinterval Resets the interval between Join Prune messages to its default value of 60 seconds. Command mode: Interface IP ip pim landelay <0‐32767> Configures the LAN delay value for the router interface, in seconds. Command mode: Interface IP [default|no] ip pim landelay Resets the LAN delay for the router interface to its default value. Command mode: Interface IP [no] ip pim lanprunedelay Enables or disables LAN delay advertisements on the interface. The default setting is disabled. Command mode: Interface IP G8264CS Command Reference for ENOS 8.4...
Page 568
IPv6 Default Gateway Configuration The switch supports IPv6 default gateways, as follows: Gateway 1: data traffic Gateway 4: management port The following table describes the IPv6 Default Gateway Configuration commands. Table 329. IPv6 Default Gateway Configuration Options Command Syntax and Usage ip gateway6 {1|4} address <IPv6 address> [enable] Configures the IPv6 address of the default gateway, in hexadecimal format with colons (such as 3001:0:0:0:0:0:abcd:12). The enable option also enables the gateway. Command mode: Global configuration [no] ip gateway6 {1|4} enable Enables or disables the default gateway. Command mode: Global configuration no ip gateway6 {1|4} Deletes the default gateway. Command mode: Global configuration show ipv6 gateway6 {1|4} Displays the current IPv6 default gateway configuration. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 570
IPv6 Path MTU Configuration The following table describes the configuration options for Path MTU (Maximum Transmission Unit). The Path MTU cache can consume system memory and affect performance. These commands allow you to manage the Path MTU cache. Table 332. IPv6 Path MTU Options Command Syntax and Usage ip pmtu6 timeout {0|<10‐100>} Sets the timeout value for Path MTU cache entries, in minutes. Enter 0 (zero) to set the timeout to infinity (no timeout). The default value is 10 minutes. Command mode: Global configuration clear ipv6 pmtu Clears all entries in the Path MTU cache. Command mode: Privileged EXEC show ipv6 pmtu Displays the current Path MTU configuration. Command mode: All IPv6 Neighbor Discovery Prefix Configuration The following table describes the Neighbor Discovery prefix configuration options. These commands allow you to define a list of prefixes to be placed in Prefix Information options in Router Advertisement messages sent from an interface. Table 333. IPv6 Neighbor Discovery Prefix Options Command Syntax and Usage interface ip <1‐128>...
Page 572
IPv6 Prefix Policy Table Configuration The following table describes the configuration options for the IPv6 Prefix Policy Table. The Prefix Policy Table allows you to override the default address selection criteria. Table 334. IPv6 Prefix Policy Table Options Command Syntax and Usage [no] ip prefixpolicy <IPv6 prefix> <IPv6 prefix length> <precedence (0‐100)> <label (0‐100)> Adds or removes a Prefix Policy Table entry. Enter the following parameters: IPv6 address prefix Prefix length Precedence: The precedence is used to sort destination addresses. Prefixes with a higher precedence are sorted before those with a lower precedence. Label: The label allows you to select prefixes based on matching labels. Source prefixes are coupled with destination prefixes if their labels match. Command mode: Global configuration show ip prefixpolicy Displays the current Prefix Policy Table configuration. Command mode: All G8264CS Command Reference for ENOS 8.4...
DHCP Snooping DHCP Snooping provides security by filtering untrusted DHCP packets and by maintaining a binding table of trusted interfaces. Table 336. DHCP Snooping Options Command Syntax and Usage [no] ip dhcp snooping Enables or disables DHCP Snooping. Command mode: Global configuration ip dhcp snooping binding <MAC address> vlan <VLAN ID (1‐4094)> <IP address> port <port alias or number> expiry <1‐4294967295> Adds a manual entry to the binding table. Command mode: Global configuration no ip dhcp snooping binding {<MAC address>|all [interface port <port alias or number>|vlan <VLAN ID (1‐4094)>]} Removes an entry from the binding table. Command mode: Global configuration [no] ip dhcp snooping information optioninsert Enables or disables option 82 support for DHCP Snooping. When enabled, DHCP Snooping performs the following functions: if a DHCP packet from a client contains option 82 information, the information is retained. when DHCP Snooping forwards a DHCP packet from a client, option 82 information is added to the packet. when DHCP snooping forward a DHCP packet from a server, option 82 information is removed from the packet. Command mode: Global configuration [no] ip dhcp snooping vlan <VLAN ID (1‐4094)> Adds or removes the selected VLAN to DHCP Snooping. Member ports participate in DHCP Snooping. Command mode: Global configuration show ip dhcp snooping Displays the current DHCP Snooping parameters.
Page 576
ETS Global Configuration Enhanced Transmission Selection (ETS) allows you to allocate bandwidth to different traffic types, based on 802.1p priority. Note: ETS configuration supersedes the QoS 802.1p menu and commands. When ETS is enabled, you cannot configure the 802.1p options. ETS Global Priority Group Configuration The following table describes the global ETS Priority Group configuration options. Table 338. Global ETS Priority Group Options Command Syntax and Usage cee global ets prioritygroup pgid <0‐7, 15> bandwidth <bandwidth percentage (0, 10‐100)> Allows you to configure the link bandwidth percentage allocated to the Priority Group. Note: Priority Group 15 is a strict priority group and does not need bandwidth assigned to it. Command mode: Global configuration cee global ets prioritygroup pgid <0‐7, 15> description <1‐31 characters> Enter text that describes this Priority Group. Command mode: Global configuration no cee global ets prioritygroup <0‐7, 15> description Deletes the Priority Group description. Command mode: Global configuration cee global ets prioritygroup pgid <0‐7, 15> priority <802.1p priority (0‐7)> Allows you to assign one or more 802.1p values to the Priority Group. Command mode: Global configuration show cee global ets Displays the current global ETS parameters.
Page 578
802.1p PFC Configuration The following table describes the 802.1p Priority Flow Control (PFC) configuration options. Table 340. PFC 802.1p Configuration Options Command Syntax and Usage [no] cee port <port alias or number> pfc enable Enables or disables Priority Flow Control on the specified port. Command mode: Global configuration [no] cee port <port alias or number> pfc priority <0‐7> enable Enables or disables Priority Flow Control on the selected 802.1p priority. Note: PFC can be enabled on 802.1p priority 3 and one other priority only. Command mode: Global configuration cee port <port alias or number> pfc priority <0‐7> description <1‐31 characters> Enter text to describe the priority value. Command mode: Global configuration no cee port <port alias or number> pfc priority <0‐7> description Deletes the description for the specified priority value. Command mode: Global configuration show cee port <port alias or number> pfc Displays the current 802.1p Priority Flow Control configuration on the specified port or ports. Command mode: All show cee port <port alias or number> pfc priority <0‐7> Displays the current 802.1p Priority Flow Control parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 580
Fibre Channel Configuration As a converged switch, the G8264CS provides combined support for Ethernet and Fibre Channel (FC) networks. Ports 53‐64 are hybrid, allowing them to operate in either Ethernet mode (the default), or in Fibre Channel mode for direct connection to Fibre Channel devices. The G8264CS can be used in the following Fibre Channel applications: As an FCoE gateway for bridging FCoE and Fibre Channel networks As a Node Port Virtualized (NPV) Gateway for uplinking multiple Fibre Channel nodes to a full fabric switch As a Full‐Fabric Switch — a central element of a Fibre Channel network The following table describes generic Fibre Channel configuration options. Table 342. Fibre Channel Configuration Commands Command Syntax and Usage [no] system port <low port><high port> type fc Enables or disables Fibre Channel mode on the specified port range. Fibre Channel can be enabled only for port pairs, specifically for: 53‐54, 55‐56 and 57‐58. The default setting is disabled (ports are in Ethernet mode). Note: VLAN tagging is automatically enabled on any ports placed in Fibre Channel mode. Command mode: Global configuration [no] fcalias <1‐64 characters> wwn <port World Wide Name> Configures or removes an FC alias name for the specified port World Wide Name. Command mode: Global configuration fcdomain domain <0‐239> {preferred|static} Configures the domain type for the specified FC domain ID: preferred allows the domain ID to be re‐assigned. If the switch does not get its requested domain ID, it accepts any assigned domain ID. static does not allow the domain ID to be re‐assigned. If the switch does ...
Page 582
Table 344. FCF VLAN Configuration Commands Command Syntax and Usage [no] npv autodisruptiveloadbalance enable Automatically triggers a load‐balance if an imbalance is detected in the current NPV VLAN. Any new uplinks are monitored and the switch will assess the load on existing links. If necessary, the enodes will be redistributed to the new uplink. The no form of the command removes the automated option. Any new uplinks will not trigger a disruptive load balance. Note: A switch reboot will not affect the status of this command. Command mode: VLAN configuration [no] npv enable Enables or disables NPV gateway functionality for the VLAN. The default setting is disabled. Command mode: VLAN configuration [no] npv trafficmap externalinterface <FC port alias or number> Enables or disables the selected ports as NP (external uplink) ports. Command mode: VLAN configuration fcoe fcmap <fabric map ID> Configures the global FC‐map that identifies the FC fabric used by the switch. The switch will discard MAC addresses that are not part of the current fabric, which avoids cross‐fabric talk. The FC‐map is a 24‐bit hexadecimal value. The default value is 0x0efc00. Command mode: VLAN configuration no fcoe fcmap Resets the FC‐map to the default 0x0efc00 value. Command mode: VLAN configuration fcoe fcfpriority <0‐255> Configures the FCF priority. When an FC initiator sends login requests to multiple FCFs, it selects the one with the highest priority value. The default value is 128. Command mode: VLAN configuration no fcoe fcfpriority Resets the FCF priority to the default 128 value. Command mode: VLAN configuration fcoe fkaadvperiod <8‐90>...
Page 584
FC Zoneset Configuration Use the following commands to configure Fibre Channel zonesets. Table 346. Fibre Channel Zoneset Configuration Commands Command Syntax and Usage [no] zoneset name <1‐64 characters> Enter FC Zoneset configuration mode for the specified zone. If the zoneset doesn’t exist, it is created. Command mode: Global configuration no zoneset name <1‐64 characters> Deletes the specified FC Zoneset. Command mode: Global configuration [no] zoneset activate name <1‐64 characters> Activates or deactivates the zoneset. Only one zoneset can be active at any point in time. Activating a zoneset automatically deactivates any other zoneset currently active. Command mode: Global configuration zoneset clone <selected zoneset name> <new zoneset name> Creates a new zoneset with the attributes of the selected zoneset. Command mode: Global configuration zone copy activezoneset runningconfig Copies the active zoneset database to the running configuration. Command mode: Global configuration zoneset rename <current name> <new name> Renames the FC zoneset. Command mode: Global configuration [no] member <1‐64 characters> Adds or removes a zone from the zoneset. Command mode: FC Zoneset configuration G8264CS Command Reference for ENOS 8.4...
Page 586
FIPS Port Configuration FIP Snooping allows the switch to monitor FCoE Initialization Protocol (FIP) frames to gather discovery, initialization, and maintenance data. This data is used to automatically configure ACLs that provide FCoE connections and data security. The following table describes the port Fibre Channel over Ethernet Initialization Protocol (FIP) Snooping configuration options. Table 348. Port FIP Snooping Options Command Syntax and Usage [no] fcoe fips port <port alias or number> enable Enables or disables FIP Snooping on the port. The default setting is enabled. Command mode: Global configuration fcoe fips port <port alias or number> fcfmode [auto|on|off] Configures FCoE Forwarding (FCF) on the port, as follows: on: Configures the port as a Fibre Channel Forwarding (FCF) port. off: Configures the port as an FCoE node (ENode port). auto: Automatically detect the configuration of the connected device, and configure this port to match. Command mode: Global configuration G8264CS Command Reference for ENOS 8.4...
Table 349. RMON History Configuration Options Command Syntax and Usage no rmon history <1‐65535> Deletes the selected History index. Command mode: Global configuration show rmon history Displays the current RMON History parameters. Command mode: All RMON Event Configuration The following table describes the RMON Event commands. Table 350. RMON Event Configuration Options Command Syntax and Usage rmon event <1‐65535> description <1‐127 characters> Enter a text string to describe the event. Command mode: Global configuration no rmon event <1‐65535> description Deletes the description of the specified event index. Command mode: Global configuration rmon event <1‐65535> owner <1‐127 characters> Enter a text string that identifies the person or entity that uses this Event index. Command mode: Global configuration no rmon event <1‐65535> owner Deletes the identification information for the specified Event index. Command mode: Global configuration rmon event <1‐65535> type {log|trap|both} Selects the type of notification provided for this event. For log events, an entry is made in the log table and sent to the configured syslog host. For trap events, an SNMP trap is sent to the management station. Command mode: Global configuration no rmon event <1‐65535> type Removes notification provided for this event.
Page 590
Table 351. RMON Alarm Configuration Options (continued) Command Syntax and Usage rmon alarm <1‐65535> owner <1‐127 characters> Enter a text string that identifies the person or entity that uses this alarm index. Command mode: Global configuration no rmon alarm <1‐65535> owner Deletes the identification information for the specified Alarm index. Command mode: Global configuration rmon alarm <1‐65535> risingcrossingindex <0‐65535> Configures the rising alarm event index that is triggered when a rising threshold is crossed. Command mode: Global configuration rmon alarm <1‐65535> risinglimit <‐2147483647 ‐ 2147483647> Configures the rising threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single event is generated. Command mode: Global configuration rmon alarm <1‐65535> sample {abs|delta} Configures the method of sampling the selected variable and calculating the value to be compared against the thresholds, as follows: abs ‐ absolute value, the value of the selected variable is compared directly with the thresholds at the end of the sampling interval. delta ‐ delta value, the value of the selected variable at the last sample is subtracted from the current value, and the difference compared with the thresholds. Command mode: Global configuration no rmon alarm <1‐65535> Deletes the selected RMON Alarm index. Command mode: Global configuration show rmon alarm Displays the current RMON Alarm parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 592
Table 353. VM Bandwidth Management Options (continued) Command Syntax and Usage virt vmpolicy vmbwidth {<MAC address>|<UUID>|<name>| |<IP address>|<index number>} txrate <0‐40000000> <max. burst (0‐4096)> [<ACL number>] The first value configures Committed Rate—the amount of bandwidth available to traffic transmitted from the VM to the switch, in kilobits per second. Enter the value in multiples of 64. The second values configures the maximum burst size, in kilobits. Enter one of the following values: 0, 32, 64, 128, 256, 512, 1024, 2048 or 4096. The third value represents the ACL assigned to the transmission rate. The ACL is added automatically, in sequential order, if not specified by the user. If there are no available ACLs, the TXrate cannot be configured. Each TXrate configuration reduces the number of available ACLs by one. Command mode: Global configuration no virt vmpolicy vmbwidth {<MAC address>|<UUID>|<name>| |<IP address>|<index number>} Deletes the bandwidth management settings from this VM policy. Command mode: Global configuration show virt vmpolicy vmbwidth [<MAC address>|<UUID>|<name>| |<IP address>|<index number>|<index range>] [|{include|exclude| |section|begin}] Displays the current VM bandwidth management parameters for all virtual machines or only for a certain VM by specifying its MAC address, UUID, name, IP address or index number. | displays the VM bandwidth management parameters matching one of the following filters: • include displays parameters matching the specified expression • exclude displays parameters not matching the specified expression • section displays parameters matching the specified section • begin displays parameters beginning from the first parameter that matches the specified expression Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 594
Table 354. VM Group Configuration Options (continued) Command Syntax and Usage virt vmgroup <1‐4096> stg <1‐128> Assigns the VM group to a Spanning Tree Group (STG). Command mode: Global configuration [no] virt vmgroup <1‐4096> tag Enables or disables VLAN tagging on ports in this VM group. Command mode: Global configuration virt vmgroup <1‐4096> validate {basic|advanced} Enables MAC address spoof prevention for the specified VM group. basic validation ensures lightweight port‐based protection by cross‐checking the VM MAC address, switch port and switch ID between the switch and the hypervisor. Applicable for “trusted” hypervisors, which are not susceptible to duplicating or reusing MAC addresses on virtual machines. advanced validation ensures heavyweight VM‐based protection by cross‐checking the VM MAC address, VM UUID, switch port and switch ID between the switch and the hypervisor. Applicable for “untrusted” hypervisors, which are susceptible to duplicating or reusing MAC addresses on virtual machines. The default setting is disabled. Command mode: Global configuration no virt vmgroup <1‐4096> validate Disables MAC address spoof prevention for the specified VM group. Command mode: Global configuration virt vmgroup <1‐4096> vlan <VLAN ID (1‐4094)> Assigns a VLAN to this VM group. If you do not assign a VLAN to the VM group, the switch automatically assigns the first unused VLAN when adding a port or a VM to the VM Group. Note: If you add a VM profile to this group, the group will use the VLAN assigned to the profile. Command mode: Global configuration [no] virt vmgroup <1‐4096> vm {<VM MAC address index (0‐4095)>| |<MAC address>|<UUID>|<name>|<IP address>} Adds or removes a VM to/from the VM group. Enter a unique identifier to ...
VM Check Configuration The following table describes the VM Check validation options used for MAC address spoof prevention. Table 355. VM Check Configuration Options Command Syntax and Usage virt vmcheck acls max <1‐256> Configures the maximum number of ACLs that can be set up for MAC address spoofing prevention in advanced validation mode. The default value is 50. Command mode: Global configuration default virt vmcheck acls Sets to default maximum number of ACLs that can be set up for MAC address spoofing prevention in advanced validation mode. Command mode: Global configuration no virt vmcheck acls Disables ACL‐based MAC address spoofing prevention in advanced validation mode. Command mode: Global configuration virt vmcheck action advanced {acl|link|log} Sets up action taken when detecting MAC address spoofing in advanced validation mode: acl registers a syslog entry and installs an ACL to drop traffic incoming on the corresponding switch port originating from the spoofed MAC address link registers a syslog entry and disables the corresponding switch port log registers a syslog entry The default setting is acl. Command mode: Global configuration virt vmcheck action basic {link|log} Sets up action taken when detecting MAC address spoofing in basic validation mode: link registers a syslog entry and disables the corresponding switch port ...
Page 598
Table 356. VM Profile Configuration Options Command Syntax and Usage virt vmprofile edit <profile name (1‐39 characters)> shaping <average (1‐1000000000)> <burst (1‐1000000000)> <peak (1‐1000000000)> Configures traffic shaping parameters implemented in the hypervisor, as follows: Average traffic, in kilobits per second. Maximum burst size, in kilobits. Peak traffic, in kilobits per second. Delete traffic shaping parameters. Command mode: Global configuration no virt vmprofile <profile name (1‐39 characters)> shaping Deletes the traffic shaping parameters for the specified VM profile. Command mode: Global configuration virt vmprofile edit <profile name (1‐39 characters)> vlan <VLAN ID (1‐4094)> Assigns a VLAN to the VM profile. Command mode: Global configuration show virt vmprofile [<profile name>] Displays the current VM Profile parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Virtual Center, VM Agent functionality is enabled across the system. You are prompted for the following information: IP address of the Virtual Center User name and password for the Virtual Center Whether to authenticate the SSL security certificate (yes or no) Command mode: Global configuration no virt vmware vcspec Deletes the Virtual Center credentials on the switch. Command mode: Global configuration show virt vmware Displays the current VMware parameters. Command mode: All Miscellaneous VMReady Configuration You can pre‐configure MAC addresses as VM Organization Unique Identifiers (OUIs). These configuration commands are only available using the Lenovo N/OS CLI and the Miscellaneous VMReady Configuration Menu. The following table describes the VMReady configuration options. Table 358. VMReady Configuration Options Command Syntax and Usage [no] virt vmrmisc lmac Enables or disables the switch to treat locally administered MAC addresses as VMs. Command mode: Global configuration virt vmrmisc oui <3 byte VM MAC OUI> <Vendor Name> Adds a MAC OUI. Command mode: Global configuration no virt vmrmisc oui <3 byte VM MAC OUI> Removes a MAC OUI. Command mode: Global configuration show virt oui Displays all the configured MAC OUIs.
Table 360. vNIC Port Configuration Options Command Syntax and Usage bandwidth <1‐100> Configures the maximum bandwidth allocated to this vNIC, in increments of 100 Mbps. For example: 1 = 100 Mbps 10 = 1000 Mbps Command mode: vNIC configuration [no] enable Enables or disables the vNIC. Command mode: vNIC configuration Virtual NIC Group Configuration The following table describes the Virtual NIC (vNIC) Group configuration options. Table 361. vNIC Group Configuration Options Command Syntax and Usage vnic vnicgroup <1‐32> Enters vNIC Group Configuration mode. Command mode: Global Configuration [no] enable Enables or disables the vNIC Group. Command mode: vNIC Group configuration [no] failover Enables or disables uplink failover for the vNIC Group. Uplink Failover for the vNIC Group will disable only the affected vNIC links on the port. Other port functions continue to operate normally. The default setting is disabled.
Edge Virtual Bridge Configuration You can configure your switch to use Edge Virtual Bridging (EVB). The following table describes EVB configuration commands. Table 362. Edge Virtual Bridge Configuration Options Command Syntax and Usage virt evb vsidb <VSIDB number> Enter Virtual Station Interface Database configuration mode. For more details, see page 605. Command mode: Global configuration virt evb profile <profile number> Enter Virtual Station Interface Profile configuration mode. For more details, see page 607. Command mode: Global configuration show virt evb vsidb <VSIDB number> Displays the current Virtual Station Interface database information. Command mode: All show virt evb profile [<profile number>] Displays the current EVB profile parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 606
Table 363. Edge Virtual Bridge VSI Type Database Configuration Options (continued) Command Syntax and Usage no virt evb vsidb <VSIDB number> Resets the Virtual Station Interface Type database information to the default values. Command mode: Global configuration show virt evb vsitypes [mgrid <0‐255>|typeid <1‐16777215>| |version <0‐255>] Displays the current Virtual Station Interface Type database parameters. Command mode: All show virt evb vsidb <VSIDB number> Displays the current Virtual Station Interface database information. Command mode: All G8264CS Command Reference for ENOS 8.4...
Service Location Protocol Configuration Service Location Protocol (SLP) enables networked devices to request/announce services over a local area network without prior configuration. In an SLP environment, devices may have the following roles: User Agents (UA) are devices requesting services. Service Agents (SA) are devices providing services. Directory Agents (DA) are devices caching services provided by SAs. When present in an SLA setup, DAs mediate all communication between UAs and SAs. When SLP is enabled, the RackSwitch G8264CS behaves as a Service Agent providing systems management services. Table 365. Service Location Protocol Options Command Syntax and Usage [no] ip slp activedadiscovery enable Enables or disables active directory agent discovery. The default value is disabled. Command mode: Global configuration ip slp activedadiscoverystartwaittime <1‐10> Number of seconds to wait after enabling SLP before attempting active DA discovery, if active DA discovery is enabled. The default value is 3 seconds. Command mode: Global configuration [no] ip slp enable Enables or disables SLP. The default value is disabled. Command mode: Global configuration clear ip slp directoryagents Clears directory agents discovered. Command mode: Privileged EXEC show ip slp directoryagents Displays DA information.
Saving the Active Switch Configuration When the copy runningconfig command is used, the switch’s active configuration commands (as displayed using show runningconfig) will be uploaded to the specified script configuration file on the FTP/TFTP/SFTP server. To start the switch configuration upload, at the prompt, enter: RS G8264CS# copy runningconfig ftp or: RS G8264CS# copy runningconfig sftp or: RS G8264CS# copy runningconfig tftp The switch prompts you for the server address and filename. Note: The output file is formatted with line‐breaks but no carriage returns—the file cannot be viewed with editors that require carriage returns (such as Microsoft Notepad). Note: If the FTP/TFTP/SFTP server is running SunOS or the Solaris operating system, the specified configuration file must exist prior to executing the copy runningconfig command and must be writable (set with proper permission, and not locked by any application). The contents of the specified file will be replaced with the current configuration data. G8264CS Command Reference for ENOS 8.4...
USB Copy If a USB drive is inserted into the USB port, you can copy files from the switch to the USB drive, or from the USB drive to the switch. You also can boot the switch using software or configuration files found on the USB drive (see “USB Boot Configuration” on page 629). Copy to USB Use the following command to copy a file from the switch to the USB drive: usbcopy tousb <filename> {active|boot|crashdump|image1|image2| |syslog} Command mode: Privileged EXEC In this example, the active configuration file is copied to a directory on the USB drive: RS G8264CS# usbcopy tousb a_folder/myconfig.cfg active Copy from USB Use the following command to copy a file from the USB drive to the switch: usbcopy fromusb <filename> {active|boot|image1|image2} Command mode: Privileged EXEC In this example, the active configuration file is copied from a directory on the USB drive: RS G8264CS# usbcopy fromusb a_folder/myconfig.cfg active The new file replaces the current file. Note: Do not use two consecutive dot characters ( .. ). Do not use a slash character ( / ) to begin a filename. G8264CS Command Reference for ENOS 8.4...
Operations-Level Port Commands Operations‐level port options are used for temporarily disabling or enabling a port, and for re‐setting the port. Table 367. Port Operations Command Syntax and Usage [no] interface port <port alias or number> rmon Temporarily enables or disables remote monitoring of the port. The port will be returned to its configured operation mode when the switch is rebooted. Command Mode: Privileged EXEC interface port <port alias or number> shutdown Temporarily disables the port. The port will be returned to its configured operation mode when the switch is rebooted. Command Mode: Privileged EXEC no interface port <port alias or number> shutdown Temporarily enables the port. The port will be returned to its configured operation mode when the switch is rebooted. Command Mode: Privileged EXEC show interface port <port alias or number> operation Displays the port interface operational state. Command Mode: All G8264CS Command Reference for ENOS 8.4...
VMware Operations Use these commands to perform minor adjustments to the VMware operation. Use these commands to perform Virtual Switch operations directly from the switch. Note that these commands require the configuration of Virtual Center access information (virt vmware vcspec). Table 369. VMware Operations Command Syntax and Usage virt vmware export <VM profile name> <VMware host ID> <Virtual Switch name> Exports a VM Profile to a VMware host. Use one of the following identifiers to specify each host: UUID IP address Host name You may enter a Virtual Switch name, or enter a new name to create a new Virtual Switch. Command Mode: All virt vmware pg <Port Group name> <host ID> <VSwitch name> <VLAN ID (0‐4094)> <shaping‐enabled> [<average‐Kbps> <burst‐KB> <peak‐Kbps>] Adds a Port Group to a VMware host. You are prompted for the following information: Port Group name VMware host ID (Use host UUID, host IP address, or host name.) Virtual Switch name VLAN ID of the Port Group Whether to enable the traffic‐shaping profile (1 or 0). If you choose 1 (yes), ...
VMware Distributed Virtual Switch Operations Use these commands to administer a VMware Distributed Virtual Switch (dvSwitch). Table 370. VMware dvSwitch Operations (/oper/virt/vmware/dvswitch) Command Syntax and Usage virt vmware dvswitch add <datacenter name> <dvSwitch name> [<dvSwitch version>] Adds the specified dvSwitch to the specified DataCenter. Command Mode: All virt vmware dvswitch addhost <dvSwitch name> {<host UUID| |host IP address|host name>} Adds the specified host to the specified dvSwitch. Use one of the following identifiers to specify the host: UUID IP address Host name Command Mode: All virt vmware dvswitch adduplink <dvSwitch name> {<host UUID| |host IP address|host name>} <uplink name> Adds the specified physical NIC to the specified dvSwitch uplink ports. Command Mode: All virt vmware dvswitch del <datacenter name> <dvSwitch name> Removes the specified dvSwitch from the specified DataCenter. Command Mode: All virt vmware dvswitch remhost <dvSwitch name> {<host UUID| |host IP address|host name>} Removes the specified host from the specified dvSwitch. Use one of the following identifiers to specify the host: UUID ...
Scheduled Reboot of the Switch This feature allows the switch administrator to schedule a reboot to occur at a particular time in future. This feature is particularly helpful if the user needs to perform switch upgrades during off‐peak hours. You can set the reboot time, cancel a previously scheduled reboot, and check the time of the current reboot schedule. Table 373. Scheduled Reboot Options Command Syntax and Usage boot schedule <day> <time (hh:mm)> Configures the switch reboot time. The following options are valid for the day value: monday tuesday wednesday thursday friday saturday sunday Command mode: Global configuration no boot schedule Cancels the switch reboot time. Command mode: Global configuration show boot Displays the current switch reboot schedule. Command mode: All G8264CS Command Reference for ENOS 8.4...
Security Policy Configuration The switch can be configured to use two different security modes: Legacy policy mode Secure policy mode Legacy Policy mode allows the switch to use all communication protocols with no regards to the security level of the protocol.The switch will be able to use both protocols that encrypt and do not encrypt their communication across the network. Secure Policy mode allows the switch to use only secure communication protocols. Protocols that are regarded as being insecure are disabled and cannot be run on the switch. The commands associated with such protocols are unavailable. The following protocols are disabled and are not available on the switch if Secure Policy mode is enabled: HTTP LDAP Client SNMPv1 and SNMPv2 Telnet Client and Telnet Server Telnet IPv6 Client and Telnet IPv6 Server FTP Client and FTP Server Radius Client TACACS+ Client Syslog Server The following protocols are enabled and available on the switch if Secure Policy mode is enabled: DHCP Client DHCPv6 Client ...
Configuring the Number of Spanning Tree Groups The maximum number of Spanning Tree Groups (STGs) available on the switch can be configured to be either 128 or 256. Table 376. Configuring the Maximum Number of STGs Command Options Command Syntax and Usage boot spanningtree maxinstances {128|256} Configures the maximum number of Spanning Tree Groups (STGs) that can be used on the switch. The default value is 128. Note: The switch needs to be reloaded for the configuration to take effect. Command mode: Global configuration no boot spanningtree maxinstances Reset the maximum number of STGs available on the switch to the default value of 128. Note: The switch needs to be reloaded for the configuration to take effect. Command mode: Global configuration show boot spanningtree Displays the maximum number of currently available STGs on the switch and the maximum number of available STGs after the switch reloads. Command mode: All The following command displays the current maximum limit of STGs on the switch and the maximum limit configured after the switch reloads: show boot spanningtree Command mode: All Bootup Max PVRST Instances: 128 Saved Max PVRST Instances: 256 NOTE: A Reboot is required for the new settings to take effect. When switching from 256 to 128 STP instances, please remove any extra configuration for STP instance 128 and above, then save the configuration; otherwise, all STP instance configuration may be lost after reload.
QSFP Port Configuration The following table displays the QSFP Port configuration commands. Table 378. QSFP Port Options Command Syntax and Usage [no] boot qsfp40gports <port alias or number> Enables or disables 40GbE mode on the selected QSFP+ ports. When enabled, each QSFP+ port is set as a single 40GbE port. When disabled, each QSFP+ port is configured to breakout into four 10GbE ports. Note: You must reboot the switch for this change to take effect. Command mode: Global configuration show boot qsfpportmodes Displays the current QSFP parameters. Command mode: All G8264CS Command Reference for ENOS 8.4...
Page 630
To safely remove the USB device without corrupting any files, use the following command: system usbeject Command mode: Global configuration Note: Not available in stacking. G8264CS Command Reference for ENOS 8.4...
Loading New Software to Your Switch The switch can store up to two different software images, called image1 and image2, as well as boot software, called boot. When you load new software, you must specify where it should be placed: either into image1, image2 or boot. For example, if your active image is currently loaded into image1, you would probably load the new image software into image2. This lets you test the new software and reload the original active image (stored in image1), if needed. To load a new software image to your switch, you need the following: The image or boot software loaded on a SFTP/FTP/TFTP server on your network The hostname or IP address of the SFTP/FTP/TFTP server The name of the new software image or boot file Note: The DNS parameters must be configured if specifying hostnames. When the above requirements are met, use the following procedure to download the new software to your switch. 1. In Privileged EXEC mode, enter the following command: RS G8264CS# copy {ftp|tftp|sftp} {image1|image2|bootimage} 2. Select a port to use for downloading the image. Port type [DATA|MGT]: 3. Enter the hostname or IP address of the SFTP, FTP or TFTP server. < > Address or name of remote host: IP address or hostname 4. Enter the name of the new software file on the server. < > Source file name: ...
Selecting a Configuration Block When you make configuration changes to the RackSwitch G8264CS, you must save the changes so that they are retained beyond the next time the switch is rebooted. When you perform a save operation, your new configuration changes are placed in the active configuration block. The previous configuration is copied into the backup configuration block. There is also a factory configuration block. This holds the default configuration set by the factory when your RackSwitch G8264CS was manufactured. Under certain circumstances, it may be desirable to reset the switch configuration to the default. This can be useful when a custom‐configured RackSwitch G8264CS is moved to a network environment where it will be re‐configured for a different purpose. In Global Configuration mode, use the following command to set which configuration block you want the switch to load the next time it is rebooted: RS G8264CS(config)# boot configurationblock {active|backup|factory} G8264CS Command Reference for ENOS 8.4...
Rebooting the Switch You can reboot the switch to make your software image file and configuration block changes occur. Note: Rebooting the switch causes the Spanning Tree Group to restart. This process can be lengthy, depending on the topology of your network. Enter the following command to reboot (reload) the switch: RS G8264CS# reload [nodump] You are prompted to confirm your request. Reset will use software "image2" and the active config block. >> Note that this will RESTART the Spanning Tree, >> which will likely cause an interruption in network service. Confirm reload (y/n) ? Note: Before rebooting, the switch writes (saves) technical support information (backup‐tech‐support) in a local file to flash memory. The nodump option skips this step, thereby decreasing the time needed for the switch to reboot. By default, the switch saves technical support information before rebooting. Technical support information (backup‐tech‐support) can be uploaded to an external server using the following command: copy backuptechsupport {ftp|sftp|tftp} Command mode: Privileged EXEC Note: Technical support information is stored in a compressed format. For details, see page 645. G8264CS Command Reference for ENOS 8.4...
Boot Recovery Mode The Boot Recovery Mode allows you to recover from a failed software or boot image upgrade using TFTP or XModem download. To enter Boot Recovery Mode you must select “Boot in recovery mode” option from the Boot Management Menu by pressing R. Entering Rescue Mode. Please select one of the following options: T) Configure networking and tftp download an image X) Use xmodem 1K to serial download an image P) Physical presence (low security mode) R) Reboot E) Exit Option? : The Boot Recovery Mode menu allows you to perform the following actions: To recover from a failed software or boot image upgrade using TFTP, press T and follow the screen prompts. For more details, see “Recover from a Failed Image Upgrade using TFTP” on page 639. To recover from a failed software or boot image upgrade using XModem download, press X and follow the screen prompts. For more details, see “Recovering from a Failed Image Upgrade using XModem Download” on page 641. To enable the loading of an unofficial image, press P and follow the screen prompts. For more details, see “Physical Presence” on page 643. To restart the boot process from the beginning, press R. To exit Boot Recovery Mode menu, press E. The boot process continues. G8264CS Command Reference for ENOS 8.4...
Page 640
Below is an example of a successful recovery procedure using TFTP: Entering Rescue Mode. Please select one of the following options: T) Configure networking and tftp download an image X) Use xmodem 1K to serial download an image P) Physical presence (low security mode) R) Reboot E) Exit Option? : t Performing TFTP rescue. Please answer the following questions (enter 'q' to quit): IP addr :10.241.6.4 Netmask :255.255.255.128 Gateway :10.241.6.66 Server addr:10.72.97.135 Image Filename: G8264CS8.4.1.0_OS.img Netmask : 255.255.255.128 Gateway : 10.241.6.66 Configuring management port....... Installing image G8264CS8.4.1.0_OS.img from TFTP server 10.72.97.135 Extracting images ... Do *NOT* power cycle the switch. Installing Application: Image signature verified. Install image as image 1 or 2 (hit return to just boot image): 2 Installing image as image2: 100% Image2 updated succeeded Updating install log. File G8264CS8.4.1.0_OS.img installed from 10.72.97.135 at 15:29:30 on 1232015 Please select one of the following options: T) Configure networking and tftp download an image X) Use xmodem 1K to serial download an image P) Physical presence (low security mode) R) Reboot E) Exit Option? : G8264CS Command Reference for ENOS 8.4...
Page 642
The image install will begin. After the procedure is complete, the Recovery Mode menu will be re‐displayed. Extracting images ... Do *NOT* power cycle the switch. Installing Root Filesystem: Image signature verified. 100% Installing Kernel: Image signature verified. 100% Installing Device Tree: Image signature verified. 100% Installing Boot Loader: 100% Updating install log. File image installed from xmodem at 18:06:02 on 1332015 Please select one of the following options: T) Configure networking and tftp download an image X) Use xmodem 1K to serial download an image P) Physical presence (low security mode) R) Reboot E) Exit Option? : Boot image recovery is complete. G8264CS Command Reference for ENOS 8.4...
Page 646
Table 379. General Maintenance Commands (continued) Command Syntax and Usage copy backuptechsupport tftp address <hostname or server IP address> filename <TFTP server filepath> {dataport|mgtport} Uploads the technical support information saved before a switch reboot (backup‐tech‐support) to an external TFTP server. Note: Technical support information is stored in a compressed format. Command mode: Privileged EXEC clear flashdump Clears dump information from flash memory. Command mode: Privileged EXEC clear logging Clears the system log file (SYSLOG). Command mode: Privileged EXEC show techsupport [fcoe|l2|l3|link|port] Dumps all G8264CS information, statistics and configuration. You can log the output (tsdmp) into a file. To filter the information, use the following options: fcoe displays only FCoE‐related information l2 displays only Layer 2‐related information l3 displays only Layer 3‐related information link displays only link status‐related information port displays only port‐related information Command mode: All except User EXEC G8264CS Command Reference for ENOS 8.4...
Debugging Commands The Miscellaneous Debug Commands display trace buffer information about events that can be helpful in understanding switch operation. You can view the following information using the debug commands: Events traced by the Management Processor (MP) Events traced to a buffer area when a reboot occurs If the switch reboots for any reason, the MP trace buffer is saved into the snap trace buffer area. The output from these commands can be interpreted by Technical Support personnel. Table 381. Miscellaneous Debug Options Command Syntax and Usage debug debugflags This command sets the flags that are used for debugging purposes. Command mode: Privileged EXEC debug dumpbt Displays the backtrace log. Command mode: Privileged EXEC [no] debug lacp packet {receive|transmit|both} port <port alias or number> Enables or disables debugging for Link Aggregation Control Protocol (LACP) packets on selected ports running LACP. The following parameters are available: receive filters only LACP packets received transmit filters only LACP packets sent both filters LACP packets either sent or received port filters LACP packets sent/received on specific ports By default, LACP debugging is disabled. Command mode: Privileged EXEC debug mpsnap Displays the Management Processor snap (or post‐mortem) trace buffer. This ...
Page 650
SSH Debugging The following table describes the SSH debugging commands. Table 382. SSH Debugging Options Command Syntax and Usage [no] debug ssh client all Enables or disables all SSH Client debug messages. Command mode: Privileged EXEC [no] debug ssh client state Enables or disables SSH Client state debug messages. Command mode: Privileged EXEC [no] debug ssh server all Enables or disables all SSH Server debug messages. Command mode: Privileged EXEC [no] debug ssh server disconnect Enables or disables SSH Server disconnect debug messages. Command mode: Privileged EXEC [no] debug ssh server msg Enables or disables SSH Server type and protocol debug messages. Command mode: Privileged EXEC [no] debug ssh server packet Enables or disables SSH Server type, protocol and packet debug messages. Command mode: Privileged EXEC [no] debug ssh server state Enables or disables SSH Server state debug messages. Command mode: Privileged EXEC G8264CS Command Reference for ENOS 8.4...
Page 654
BGP Maintenance The following table describes the BGP information commands. Table 386. Border Gateway Protocol Maintenance Options Command Syntax and Usage show ip bgp debugging [last] Displays all BGP debugging entries. If the last option is specified, displays the results starting with the last entry first. Command mode: All show ip bgp debugging <IP address> [last] Displays all BGP debugging entries for the specified neighbor. If the last option is specified, displays the results starting with the last entry first. Command mode: All show ip bgp debugging <IP address> ignored [last] Displays BGP information for routers that have been ignored by the specified neighbor. If the last option is specified, displays the results starting with the last entry first. Command mode: All show ip bgp debugging <IP address> {in|out} [last] Displays inbound or outbound BGP debugging updates for the specified neighbor. If the last option is specified, displays the results starting with the last entry first. Command mode: All show ip bgp debugging ignored [last] Shows all BGP information for routers that have been ignored. If the last option is specified, displays the results starting with the last entry first. Command mode: All show ip bgp debugging {in|out} [last] Displays inbound or outbound BGP debugging updates. If the last option is specified, displays the results starting with the last entry first. Command mode: All show ip bgp information Displays the BGP routing table. Command mode: All show ip bgp information <IP address> <mask> Displays the BGP information related to the specified route.
Page 656
LLDP Cache Manipulation The following table describes the LLDP cache manipulation commands. Table 388. LLDP Cache Manipulation Options Command Syntax and Usage show lldp [information] Displays all LLDP information. Command mode: All show lldp port <port alias or number> Displays Link Layer Discovery Protocol (LLDP) port information. Command mode: All show lldp port <port alias or number> tlv evb Displays Edge Virtual Bridge (EVB) type‐length‐value (TLV) information for the specified port. Command mode: All show lldp receive Displays information about the LLDP receive state machine. Command mode: All show lldp transmit Displays information about the LLDP transmit state machine. Command mode: All show lldp remotedevice [<1‐256>|detail|port <port alias or number>] Displays information received from LLDP ‐capable devices. For more information, see page Command mode: All clear lldp Clears the LLDP cache. Command mode: Privileged EXEC G8264CS Command Reference for ENOS 8.4...
IP Route Manipulation The following table describes the IP route manipulation commands. Table 390. IP Route Manipulation Options Command Syntax and Usage show ip route Shows all routes. Command mode: All show ip route address <IP address> Shows a single route by destination IP address. Command mode: All show ip route gateway <IP address> Shows routes to a default gateway. Command mode: All show ip route interface <1‐128> Shows routes on a single interface. Command mode: All show ip route tag {address|bgp|broadcast|fixed|martian| |multicast|ospf|rip|static} Shows routes of a single tag. For a description of IP routing tags, see Table 40 on page Command mode: All show ip route type {broadcast|direct|indirect|local| |martian|multicast} Shows routes of a single type. For a description of IP routing types, see Table 39 on page Command mode: All clear ip route Clears the route table from switch memory. Command mode: Privileged EXEC Note: To display all routes, you can also refer to “IP Routing Information” on page G8264CS Command Reference for ENOS 8.4...
IGMP Multicast Routers Maintenance The following table describes the maintenance commands for IGMP multicast routers (Mrouters). Table 392. IGMP Multicast Router Maintenance Commands Command Syntax and Usage show ip igmp mrouter [dynamic|interface|portchannel|static] Displays information for all Mrouters, all dynamic/static Mrouter ports installed or Mrouter ports specific to a specified interface/portchannel. Command mode: All show ip igmp mrouter information Displays IGMP snooping information for all Mrouters. Command mode: All show ip igmp mrouter vlan <VLAN ID (1‐4094)> Displays IGMP Mrouter information for a single VLAN. Command mode: All show ip igmp querier vlan <VLAN ID (1‐4094)> Displays IGMP querier information for a single VLAN. Command mode: All show ip igmp relay Displays IGMP relay information. Command mode: All show ip igmp snoop igmpv3 Displays IGMPv3 snooping information. Command mode: All clear ip igmp mrouter Clears the dynamic IGMP Mrouter port table. Command mode: Privileged EXEC G8264CS Command Reference for ENOS 8.4...
Page 662
IPv6 Route Maintenance The following table describes the IPv6 route maintenance commands. Table 394. IPv6 Route Maintenance Options Command Syntax and Usage show ipv6 route Shows all IPv6 routes. Command mode: All show ipv6 route address <IPv6 address> Show a single route by destination IP address. Command mode: All show ipv6 route gateway <IPv6 gateway address> Show routes to a single gateway. Command mode: All show ipv6 route interface <1‐128> Show routes on a single IP interface. Command mode: All show ipv6 route static Show static IPv6 routes. Command mode: All show ipv6 route summary Shows a summary of IPv6 route information. Command mode: All show ipv6 route type {connected|static|ospf} Show routes of a single type. Command mode: All clear ipv6 route Clears all IPv6 routes. Command mode: Privileged EXEC G8264CS Command Reference for ENOS 8.4...
Clearing Dump Information To clear dump information from flash memory, enter: RS G8264CS# clear flashdump The switch clears the dump region of flash memory and displays the following message: FLASH dump region cleared. If the flash dump region is already clear, the switch displays the following message: FLASH dump region is already clear. G8264CS Command Reference for ENOS 8.4...
Page 670
LOG_CRIT Thread LOG_CRIT Message canʹt allocate memory in load_MP_INT() currently not enough resource for loading RSA {private|public key} SYSTEM System memory is at <n> percent G8264CS Command Reference for ENOS 8.4...
Page 672
LOG_INFO Thread LOG_INFO Message System log cleared by user <username>. System log cleared via SNMP. HOTLINKS ʺErrorʺ is set to ʺ{Active|Standby}ʺ HOTLINKS ʺLearningʺ is set to ʺ{Active|Standby}ʺ HOTLINKS ʺNoneʺ is set to ʺ{Active|Standby}ʺ HOTLINKS ʺSide Maxʺ is set to ʺ{Active|Standby}ʺ HOTLINKS has no ʺ{Side Max|None|Learning|Error}ʺ interface MGMT /* Config changes at <time> by <username> */ <config diff> /* Done */ MGMT <username> ejected from BBI MGMT <username>(<user type>) {logout|ejected|idle timeout|connection closed} from {Console|Telnet/SSH} MGMT <username>(<user type>) login {on Console|from host <IP address>} MGMT boot kernel download completed. Now writing to flash. MGMT boot kernel downloaded {from host <hostname>|via browser}, filename too long to be displayed, software version <version> MGMT boot kernel downloaded from host <hostname>, file ʹ<filename>ʹ, software version <version> MGMT Canʹt downgrade to image with only single flash support MGMT Could not revert unsaved changes MGMT Download already currently in progress. Try again later via {Browser|BBI} MGMT Error in setting the new config...
Page 674
Thread LOG_INFO Message (continued) MGMT undefined downloaded {from host <hostname>|via browser}, filename too long to be displayed, software version <version> MGMT undefined downloaded from host <hostname>, file ʹ<filename>ʹ, software version <version> MGMT unsaved changes reverted [from BBI|from SNMP] MGMT Unsupported GBIC {accepted|refused} MGMT user {SNMP user|<username>} ejected from BBI MGMT Watchdog has been {enabled|disabled} MGMT Watchdog timeout interval is now <seconds> seconds) MGMT Wrong config file type <username>(<user type>) {logout|ejected|idle timeout|connection closed} from {Console|Telnet/SSH} <username>(<user type>) login {on Console|from host <IP address>} Error in setting the new config New config set scp<username>(<user type>) {logout|ejected|idle timeout| connection closed} from {Console|Telnet/SSH} scp<username>(<user type>) login {on Console|from host <IP address>} server key autogen {starts|completes} Wrong config file type SYSTEM booted version <version> from Flash image <image>, {active| backup|factory} config block G8264CS Command Reference for ENOS 8.4...
Page 678
Thread LOG_NOTICE Message (continued) SYSTEM Received BOOTP Offer: IP: <IP address>, Mask: <netmask>, Broadcast <IP address>, GW: <IP address> SYSTEM Watchdog threshold changed from <old value> to <new value> seconds SYSTEM Watchdog timer has been enabled TEAMING error, action is undefined TEAMING is down, but teardown is blocked TEAMING is down, control ports are auto disabled TEAMING is up, control ports are auto controlled VLAN Default VLAN can not be deleted VRRP virtual router <IP address> is now {BACKUP|MASTER} <username> ejected from BBI RSA host key is being saved to Flash ROM, please donʹt reboot the box immediately. G8264CS Command Reference for ENOS 8.4...
Page 682
Start the process of determining a solution to your problem by making the pertinent information available to the service technicians. The IBM service technicians can start working on your solution as soon as you have completed and submitted an Electronic Service Request. You can solve many problems without outside assistance by following the troubleshooting procedures that Lenovo provides in the online help or in the Lenovo product documentation. The Lenovo product documentation also describes the diagnostic tests that you can perform. The documentation for most systems, operating systems, and programs contains troubleshooting procedures and explanations of error messages and error codes. If you suspect a software problem, see the documentation for the operating system or program. G8264CS Command Reference for ENOS 8.4...
Page 684
Any performance data contained herein was determined in a controlled environment. Therefore, the result obtained in other operating environments may vary significantly. Some measurements may have been made on development‐level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. G8264CS Command Reference for ENOS 8.4...
Important Notes Processor speed indicates the internal clock speed of the microprocessor; other factors also affect application performance. CD or DVD drive speed is the variable read rate. Actual speeds vary and are often less than the possible maximum. When referring to processor storage, real and virtual storage, or channel volume, KB stands for 1 024 bytes, MB stands for 1 048 576 bytes, and GB stands for 1 073 741 824 bytes. When referring to hard disk drive capacity or communications volume, MB stands for 1 000 000 bytes, and GB stands for 1 000 000 000 bytes. Total user‐accessible capacity can vary depending on operating environments. Maximum internal hard disk drive capacities assume the replacement of any standard hard disk drives and population of all hard‐disk‐drive bays with the largest currently supported drives that are available from Lenovo. Maximum memory might require replacement of the standard memory with an optional memory module. Each solid‐state memory cell has an intrinsic, finite number of write cycles that the cell can incur. Therefore, a solid‐state device has a maximum number of write cycles that it can be subjected to, expressed as total bytes written (TBW). A device that has exceeded this limit might fail to respond to system‐generated commands or might be incapable of being written to. Lenovo is not responsible for replacement of a device that has exceeded its maximum guaranteed number of program/erase cycles, as documented in the Official Published Specifications for the device. Lenovo makes no representations or warranties with respect to non‐Lenovo products. Support (if any) for the non‐Lenovo products is provided by the third party, not Lenovo. Some software might differ from its retail version (if available) and might not include user manuals or all program functionality. G8264CS Command Reference for ENOS 8.4...
Particulate Contamination Attention: Airborne particulates (including metal flakes or particles) and reactive gases acting alone or in combination with other environmental factors such as humidity or temperature might pose a risk to the device that is described in this document. Risks that are posed by the presence of excessive particulate levels or concentrations of harmful gases include damage that might cause the device to malfunction or cease functioning altogether. This specification sets forth limits for particulates and gases that are intended to avoid such damage. The limits must not be viewed or used as definitive limits, because numerous other factors, such as temperature or moisture content of the air, can influence the impact of particulates or environmental corrosives and gaseous contaminant transfer. In the absence of specific limits that are set forth in this document, you must implement practices that maintain particulate and gas levels that are consistent with the protection of human health and safety. If Lenovo determines that the levels of particulates or gases in your environment have caused damage to the device, Lenovo may condition provision of repair or replacement of devices or parts on implementation of appropriate remedial measures to mitigate such environmental contamination. Implementation of such remedial measures is a customer responsibility.. Contaminant Limits Particulate • The room air must be continuously filtered with 40% atmospheric dust spot efficiency (MERV 9) according to ASHRAE Standard 52.2 • Air that enters a data center must be filtered to 99.97% efficiency or greater, using high‐efficiency particulate air (HEPA) filters that meet MIL‐STD‐282. • The deliquescent relative humidity of the particulate contamination must be more than 60% • The room must be free of conductive contamination such as zinc whis‐ kers. Gaseous • Copper: Class G1 as per ANSI/ISA 71.04‐1985 • Silver: Corrosion rate of less than 300 Å in 30 days 1 ...
Federal Communications Commission (FCC) Statement Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user will be required to correct the interference at his own expense. Properly shielded and grounded cables and connectors must be used to meet FCC emission limits. Lenovo is not responsible for any radio or television interference caused by using other than recommended cables and connectors or by unauthorized changes or modifications to this equipment. Unauthorized changes or modifications could void the user’s authority to operate the equipment. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that might cause undesired operation. Industry Canada Class A Emission Compliance Statement This Class A digital apparatus complies with Canadian ICES‐003. Avis de Conformité à la Réglementation d'Industrie Canada Cet appareil numérique de la classe A est conforme à la norme NMB‐003 du ...
Zulassungsbescheinigung laut dem Deutschen Gesetz über die elektromagnetische Verträglichkeit von Betriebsmitteln, EMVG vom 20. Juli 2007 (früher Gesetz über die elektromagnetische Verträglichkeit von Geräten), bzw. der EMV EU Richtlinie 2014/30/EU (früher 2004/108/EC ), für Geräte der Klasse A. Dieses Gerät ist berechtigt, in Übereinstimmung mit dem Deutschen EMVG das EG‐Konformitätszeichen ‐ CE ‐ zu führen. Verantwortlich für die Konformitätserklärung nach Paragraf 5 des EMVG ist die Lenovo (Deutschland) GmbH, Meitnerstr. 9, D‐70563 Stuttgart. Informationen in Hinsicht EMVG Paragraf 4 Abs. (1) 4: Das Gerät erfüllt die Schutzanforderungen nach EN 55024 und EN 55022 Klasse Nach der EN 55022: „Dies ist eine Einrichtung der Klasse A. Diese Einrichtung kann im Wohnbereich Funkstörungen verursachen; in diesem Fall kann vom Betreiber verlangt werden, angemessene Maßnahmen durchzuführen und dafür aufzukommen.“ Nach dem EMVG: „Geräte dürfen an Orten, für die sie nicht ausreichend entstört sind, nur mit besonderer Genehmigung des Bundesministers für Post und Telekommunikation oder des Bundesamtes für Post und Telekommunikation betrieben werden. Die Genehmigung wird erteilt, wenn keine elektromagnetischen Störungen zu erwarten sind.“ (Auszug aus dem EMVG, Paragraph 3, Abs. 4). Dieses Genehmigungsverfahrenist nach Paragraph 9 EMVG in Verbindung mit der entsprechenden Kostenverordnung (Amtsblatt 14/93) kostenpflichtig. Anmerkung: Um die Einhaltung des EMVG sicherzustellen sind die Geräte, wie in den Handbüchern angegeben, zu installieren und zu betreiben. Japan VCCI Class A Statement This is a Class A product based on the standard of the Voluntary Control Council for Interference (VCCI). If this equipment is used in a domestic environment, radio interference may occur, in which case the user may be required to take corrective actions. G8264CS Command Reference for ENOS 8.4...
Page 698
IP interface 88 active 559 Korea Class A electronic emission statement 693 address of default gateway 467 configuration mode 22 configuring address 462 configuring VLANs 463 LACP information 84 clear statistics 218 IP route tag 88 configuration 445 network filter configuration 475 control plane protection 375 priority increment value (ifs) for VRRP 561 information 59 IP routing interface portchannel mode 359 information 87 logged packet statistics 277 information (IPv6) 111 statistics 217 manipulation 658 vLAG information 69...