Yamaha L2 Switch SWP2 series (SWP2-10SMF, SWP2-10MMF) Command Reference Rev.2.03.
| Command Reference | TOC Contents Preface: Introduction ............................................................................................12 Chapter 1: How to read the command reference ...............................................13 1.1 Applicable firmware revision .....................................................................................................................13 1.2 How to read the command reference .......................................................................
Command Reference | TOC | 3 4.3.5 Show startup configuration ..........................................................................................................36 4.3.6 Show backup configuration .........................................................................................................36 4.3.7 Erase startup configuration ..........................................................................................................37 4.3.8 Erase backup of certain functions ...................
| Command Reference | TOC 4.11 RMON ......................................................................................................................................................60 4.11.1 Set RMON function ...................................................................................................................60 4.11.2 Set RMON Ethernet statistical information group ....................................................................60 4.11.3 Set RMON history group ......................
Command Reference | TOC | 5 4.18.7 Destination e-mail address setting for e-mail transmission .......................................................85 4.18.8 Setting for subject used when sending e-mails ..........................................................................86 4.18.9 Wait time settings for e-mail transmission ................................................................................86 4.18.10 E-mail settings when sending certificates ...............................................
| Command Reference | TOC 4.24.2 Reload system ..........................................................................................................................111 4.24.3 Initialize settings ......................................................................................................................111 4.24.4 Set default LED mode .............................................................................................................112 4.24.5 Show LED mode ..........................
Command Reference | TOC | 7 5.3.13 Set the guest VLAN .................................................................................................................143 5.3.14 Suppression period settings following failed authentication ...................................................144 5.3.15 Set reauthentication interval ....................................................................................................145 5.3.16 Set the reply wait time for the RADIUS server overall .................
| Command Reference | TOC 6.2.15 Set DSCP value for voice VLAN ............................................................................................171 6.2.16 Set multiple VALN group .......................................................................................................171 6.2.17 Set name of multiple VLAN group .........................................................................................172 6.2.18 Show VLAN information ....................................................
Command Reference | TOC | 9 7.3.1 Show ARP table ........................................................................................................................199 7.3.2 Clear ARP table .........................................................................................................................200 7.3.3 Set static ARP entry ...................................................................................................................200 7.3.4 Set ARP timeout ........................
| Command Reference | TOC 8.3.1 Enable/disable MLD snooping ..................................................................................................220 8.3.2 Set MLD snooping fast-leave ....................................................................................................221 8.3.3 Set multicast router connection destination ...............................................................................221 8.3.4 Set query transmission function ......................................
Command Reference | TOC | 11 9.2.23 Set pre-marking (CoS) .............................................................................................................251 9.2.24 Set pre-marking (TOS precedence) .........................................................................................252 9.2.25 Set pre-marking (DSCP) ..........................................................................................................253 9.2.26 Set individual policers (single rate) .......................
| Command Reference | Introduction Preface Introduction • • • • • • Unauthorized reproduction of this document in part or in whole is prohibited. The contents of this document are subject to change without notice. Yamaha disclaims all responsibility for any damages caused by loss of data or other problems resulting from the use of this product. The warranty is limited to this physical product itself. Please be aware of these points.
Command Reference | How to read the command reference | 13 Chapter 1 How to read the command reference 1.1 Applicable firmware revision This command reference applies to firmware Yamaha L2 Switch SWP2 of Rev.2.03.13. For the latest firmware released after printing of this command reference, manuals, and items that differ, access the following URL and see the information in the WWW server. https://www.yamaha.com/proaudio/ 1.
| Command Reference | How to read the command reference 1.4 Input syntax for commands starting with the word "no" Many commands also have a form in which the command input syntax starts with the word no. If you use a syntax that with begins with the word no, the settings of that command are deleted and returned to the default value, unless explained otherwise.
Command Reference | How to use the commands | 15 Chapter 2 How to use the commands The SWP2 lets you perform command operations in the following two ways. Type of operation Method of operation Description Operation via console • • • Access from a console terminal Access from a TELNET client Access from a SSH client Issue commands one by one to interactively make settings or perform operations.
| Command Reference | How to use the commands 2.1.3 Access from an SSH client You can use an SSH client on a computer to connect to the SSH server of the SWP2 and control it. In order to make settings using SSH, you must first set up a connection environment (IP network) and then make SSH server settings. The IP address settings of the SWP2 are as follows. • • The default IPv4 address setting is ip address dhcp for VLAN #1. To change the IPv4 address, use the ip address command.
Command Reference | How to use the commands | 17 Setting item Content of setting who is using the terminal, and is applied as soon as the command is executed. Setting 2) applies starting with the next session. 2.2 Operation via configuration (config) files A file containing a set of needed commands is called a configuration (config) file. The settings that have been made on the SWP2 can be read as a configuration file by a host on the LAN via TFTP.
| Command Reference | How to use the commands Applicable configuration startup-config (USER mode) Applicable file Remote path Load (GET) Save (PUT) Automatic restart CONFIG file (.txt) reconfig - ✓ ✓ All settings (.zip) - ✓ ✓ reconfig-all When applying (PUT) a CONFIG file, confirm that the target CONFIG and the type of the target file are correct. If an incorrect file is specified, it cannot be reflected correctly. The command syntax used depends on the OS of that host (TFTP client).
Command Reference | How to use the commands | 19 The basic commands related to moving between command input modes are described below. For commands that move from global configuration mode mode to individual configuration mode, refer to "individual configuration mode." • exit command • logout command • enable command / administratorcommand • disable command • configure terminal command • end command 2.4.
| Command Reference | How to use the commands individual configuration mode Transition command Prompt E-mail template mode mail template command SWP2(config-mail)# RADIUS configuration mode radius-server local-profile command SWP2(config-radius)# 2.4.3 Command prompt prefix he command prompt prefix indicates the host name. In the default state, the host name is the model name "SWP2". This indication can be changed by using the hostname command to specify the host name.
Command Reference | How to use the commands | 21 Keyboard operation Ctrl + U • Description and notes Delete all characters that are being entered Other Keyboard operation Description and notes Ctrl + T Exchange the character at the cursor position with the preceding character. If the cursor is at the end of the line, exchange the preceding character with the character that precedes it.
| Command Reference | How to use the commands Keyboard operation ↑ Ctrl + P ↓ Ctrl + N Description and notes Move backward through command history Move forward through command history 2.6 Commands that start with the word "show" 2.6.1 Modifiers Modifiers send the information produced by the show command through a filter, restricting the content that is shown in the screen and making it easier for you to see the desired information. The SWP2 provides the following three modifiers for the show command.
Command Reference | Configuration | 23 Chapter 3 Configuration 3.1 Manage setting values The SWP2 uses the following configurations to manage its settings. Description User operations that can be performed Running configuration (running-config) Setting values currently used for operation. Managed in RAM. Note Save to startup configuration (in USER mode) Save some functions to backup configuration (in DANTE mode) Startup configuration (startup-config) In USER mode, setting values saved in Flash ROM.
| Command Reference | Configuration Setting position #2 #3 VLAN preset type Down (ON) Up (OFF) A Up (OFF) Down (ON) B Down (ON) Down (ON) C The common setting values and presets are shown first, and then the specific to the presets setting values are shown.
Command Reference | Configuration | 25 Category DNS cliant Traffic control Web GUI • Common setting L2MS L2 switching Traffic control • Default value Spanning tree enabled Proprietary loop detection enabled Behavior enabled QoS enabled QoS DSCP - transmission queue ID conversion table DSCP: 8 → transmission queue: 2 Other than above → transmission queue: 0 Flow control (IEEE 802.
| Command Reference | Configuration • • • • • • Interface L2MS Filter LAG(Static) Port Mode VLAN STP port1.
Command Reference | Configuration | 27 • • • Interface L2MS Filter LAG(static) Port Mode VLAN STP port1.3 Disable - Access 1(default) - port1.4 Disable - Access 1(default) - port1.5 Disable - Access 2 - port1.6 Disable - Access 2 - port1.7 Disable - Access 1(default) - port1.8 Disable - Access 2 - port1.9 Disable port1.10 Disable sa1 Trunk 1(native), 2 ✓ port1.11 Disable port1.
| Command Reference | Configuration • Check TTL : Disable
Command Reference | Maintenance and operation functions | 29 Chapter 4 Maintenance and operation functions 4.1 Passwords 4.1.
| Command Reference | Maintenance and operation functions [Description] Specifies the administrator password needed to enter priviledged EXEC mode. If this command is executed with the "no" syntax, the administrator password is deleted. [Note] If the password was encrypted by the password-encryption command, it is shown in the configuration in the form "enable password 8 password." The user cannot enter the password in this form when making configuration settings from the command line.
Command Reference | Maintenance and operation functions | 31 [Parameter] switch : Allow login by special password Setting value Description enable Allow disable Don't allow [Initial value] force-password enable [Input mode] global configuration mode [Description] Enable login with special password.
| Command Reference | Maintenance and operation functions Single-type alphanumeric characters and " and ' and | and > and ? and single-byte symbols other than space characters (32 characters or less) The first character must be a single-byte alphanumeric character [Initial value] none [Input mode] global configuration mode [Description] Sets user information. A maximum of 32 items of user information can be registered. The following words cannot be registered as user names.
Command Reference | Maintenance and operation functions | 33 Line Own User Status Login time IP address --------------------------------------------------------------------------------------------con 0 user1234 Login 02:15:23 vty 0 * operators1 Login 00:12:59 192.168.100.1 vty 1 abcdefghijklmnopqrstuvwxyzabcdef Login 00:00:50 192.168.100.24 vty 2 Login 00:00:21 192.168.100.10 vty 3 vty 4 vty 5 vty 6 vty 7 http 0 user1234 Login 01:12:25 192.168.100.4 http 1 (noname) Login 00:18:04 192.168.100.
| Command Reference | Maintenance and operation functions SWP2> 4.3 Configuration management 4.3.1 Save running configuration [Syntax] copy running-config startup-config [Input mode] priviledged EXEC mode [Description] Saves the current operating settings (running configuration) as the settings for startup (startup configuration). [Note] The save-destination startup configuration is determined by the unit's DIP switch #1 at the time that the unit is started.
Command Reference | Maintenance and operation functions | 35 • • • • • • • Settings related to user account Settings related to firmware updating Settings related to SYSLOG Settings related to HTTP server functions Settings related to Telnet server functions Settings related to SSH server functions Settings related to TFTP server functions Saves the settings of certain functions to the backup configuration.
| Command Reference | Maintenance and operation functions SWP2#show running-config ! interface port1.1 switchport ... ! line con 0 line vty 0 7 ! end SWP2# 4.3.5 Show startup configuration [Syntax] show startup-config [Input mode] priviledged EXEC mode [Description] Shows the startup settings (startup configuration). [Note] The startup configuration that is shown is determined by the unit's DIP switch #1 at the time that the unit is started.
Command Reference | Maintenance and operation functions | 37 ! ! Last backup: Fri Sep 7 00:00:00 UTC 2018 ! interface vlan1 ip address dhcp ! interface vlan2 ! http-server enable http-server language english ! telnet-server enable ! end SWP2# 4.3.7 Erase startup configuration [Syntax] erase startup-config [Input mode] priviledged EXEC mode [Description] Erase the settings used at startup (startup config) and the information associated with them.
| Command Reference | Maintenance and operation functions [Keyword] all : Shows up to five entries of the boot information history list : Shows a simplified version of up to five entries of the boot information history : <0-4> [Parameter] num Shows the boot history entry of the specified number [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Show the boot information. [Note] This history is cleared when you execute the cold start command or the clear boot list command.
Command Reference | Maintenance and operation functions | 39 Item Description DESCR Description Vendor Vendor name PID Product ID VID Version ID, 0 if invalid SN Serial number [Example] Show inventory information. SWP2>show inventory NAME : L2 switch DESCR : SWP2 Vendor: Yamaha PID : SWP2 VID : 0000 SN : SMF00000 NAME : DESCR : Vendor: PID : VID : SN : SFP1 10G Base-LR Yamaha YSFP-10G-LR V1.0 Z5H00000YJ NAME : DESCR : Vendor: PID : VID : SN : SFP2 10G Base-LR Yamaha YSFP-10G-LR V1.
| Command Reference | Maintenance and operation functions SWP2 BootROM Ver.1.01 SWP2 Rev.2.03.01 (Fri Sep 7 00:00:00 2018) main=SWP2 ver=00 serial=S00000000 MAC-Address=ac44.f200.0000 CPU: 4%(5sec) 5%(1min) 5%(5min) Memory: 25% used Startup firmware: exec0 Configration mode: DANTE VLAN preset: Normal Serial Baudrate: 9600 Boot time: 2018/10/01 06:14:46 +00:00 Current time: 2018/10/01 06:49:23 +00:00 Elapsed time from boot: 0days 00:34:41 SWP2> 4.5.
Command Reference | Maintenance and operation functions | 41 Item Explanation %MEM Percentage of physical memory used SIZE Amount of physical memory used (current value) PEAK Amount of physical memory used (maximum value until now) DATA Size of dynamic virtual memory area STK Stack size [Example] This shows how much memory is used by each process. SWP2#show memory 4.5.
| Command Reference | Maintenance and operation functions Command Executable show auth supplicant ✓ show error port-led ✓ show ip interface brief ✓ show ip forwarding ✓ show ipv6 interface brief ✓ show ipv6 forwarding ✓ show ip route ✓ show ip route database ✓ show ipv6 route ✓ show ipv6 route database ✓ show arp ✓ show ipv6 neighbors ✓ show ip igmp snooping groups ✓ show ip igmp snooping interface ✓ show ipv6 mld snooping groups ✓ show ipv6 mld snooping interface ✓ show
Command Reference | Maintenance and operation functions | 43 *** show dipsw *** ... ... ... # # End of Information for Yamaha Technical Support # SWP2# 4.6 Time management 4.6.1 Set clock manually [Syntax] clock set time month day year [Parameter] time : hh:mm:ss Time month : <1-12> or Jan, Feb, Mar, ... , Dec Month or name of month day : <1-31> Day year : Year (four digits) [Input mode] priviledged EXEC mode [Description] Set the system time.
| Command Reference | Maintenance and operation functions [Example] Set the time zone to JST. SWP2(config)#clock timezone JST Set the time zone to UTC+9 hours. SWP2(config)#clock timezone +9:00 4.6.3 Show current time [Syntax] show clock [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the current time, year, month, and date. [Example] Show current time. SWP2>show clock Thu Jan 1 00:00:00 JST 2015 4.6.
Command Reference | Maintenance and operation functions | 45 [Example] Specify 192.168.1.1 as the NTP server. SWP2(config)#ntpdate server ipv4 192.168.1.1 Specify fe80::2a0:deff:fe11:2233%vlan1 as the NTP server. SWP2(config)#ntpdate server ipv6 fe80::2a0:deff:fe11:2233%vlan1 Specify ntp.example.com as the NTP server. SWP2(config)#ntpdate server name ntp.example.com 4.6.
| Command Reference | Maintenance and operation functions 4.6.7 Show NTP server time synchronization settings [Syntax] show ntpdate [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the settings that are related to time synchronization from an NTP server. [Example] Show time synchronization settings. *If the synchronization update interval is one hour SWP2#show ntpdate NTP Server 1 : ntp.nict.
Command Reference | Maintenance and operation functions | 47 [Parameter] port1 : <0-7> VTY port number port2 : <0-7> Last VTY port number when specifying a range [Initial value] no line vty 0 7 [Input mode] global configuration mode [Description] After enabling the specified VTY ports, moves to line mode for making VTY port settings. If this command is executed with the "no" syntax, the specified VTY ports are disabled.
| Command Reference | Maintenance and operation functions 4.7.4 Change the number of lines displayed per page for the terminal in use [Syntax] terminal length line terminal no length [Parameter] line : <0-512> Number of lines displayed per page on the terminal [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Changes the number of lines displayed per page for the terminal in use. If line is set to 0, the display is not paused per page.
Command Reference | Maintenance and operation functions | 49 4.8 Management 4.8.1 Set management VLAN [Syntax] management interface interface no management interface [Parameter] interface : VLAN interface name [Initial value] management interface vlan1 [Input mode] global configuration mode [Description] Set the VLAN that is used for management.
| Command Reference | Maintenance and operation functions SWP2(config)#logging host fe80::2a0:deff:fe11:2233%vlan1 4.9.2 Set log output level (debug) [Syntax] logging trap debug no logging trap debug [Initial value] no logging trap debug [Input mode] global configuration mode [Description] Output the debug level log to SYSLOG. If this command is executed with the "no" syntax, the log is not output.
Command Reference | Maintenance and operation functions | 51 SWP2(config)#logging trap error 4.9.5 Set log console output [Syntax] logging stdout info no logging stdout info [Initial value] no logging stdout info [Input mode] global configuration mode [Description] Outputs the informational level SYSLOG to the console. If this command is executed with the "no" syntax, the log is not output. [Example] Output the informational level SYSLOG to the console. SWP2(config)#logging stdout info 4.9.
| Command Reference | Maintenance and operation functions [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the log that records the operating status of the unit. Normally the log is shown starting with the oldest events, but the display order is reversed if "reverse" is specified. The log contains a maximum of 10,000 events. If this maximum number is exceeded, the oldest events are successively deleted.
Command Reference | Maintenance and operation functions | 53 Setting value user : Description noauth No authentication / No encryption (noAuthNoPriv) auth Authentication / No encryption (authNoPriv) priv Authentication / Encryption (authPriv) User name (maximum 32 characters) This can be specified only if version is '3' [Initial value] none [Input mode] global configuration mode [Description] Set the destination of SNMP notifications. Up to 8 entries can be specified.
| Command Reference | Maintenance and operation functions Setting value Description l2ms When L2MS slave is detected or lost errdisable When ErrorDisable is detected or canceled rmon When RMON event is executed termmonitor When terminal monitoring is detected bridge When spanning tree root is detected / When topology is changed all All trap types. All of the above trap types are specified in the config.
Command Reference | Maintenance and operation functions | 55 [Parameter] location : Name to register as the system location (255 characters or less) [Initial value] no snmp-server location [Input mode] global configuration mode [Description] Sets the MIB variable sysLocation. sysLocation is a variable that is generally used to enter the installed location of the unit. If this command is executed with the "no" syntax, the setting is deleted. [Example] Set the system location as "MainOffice-1F".
| Command Reference | Maintenance and operation functions [Parameter] view : View name (maximum 32 characters) oid : MIB object ID type : Type Setting value Description include Include the specified object ID in management exclude Exclude the specified object ID from management [Initial value] none [Input mode] global configuration mode [Description] Sets the SNMP MIB view. The MIB view is the set of MIB objects to specify when allowing access rights. Up to 16 MIB views can be registered.
Command Reference | Maintenance and operation functions | 57 Setting value Description auth Authentication / No encryption (authNoPriv) priv Authentication / Encryption (authPriv) read_view : Name of the MIB view (maximum 32 characters) that can be read by users belonging to this group write_view : Name of the MIB view (maximum 32 characters) that can be written by users belonging to this group [Initial value] none [Input mode] global configuration mode [Description] Sets the user group.
| Command Reference | Maintenance and operation functions Setting value aes priv_pass : Description AES128-CFB Encryption password (8 or more characters, maximum 32 characters) [Initial value] none [Input mode] global configuration mode [Description] Specifies a user.
Command Reference | Maintenance and operation functions | 59 [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the contents of the SNMP view settings. Shows the view name, object ID, and type. [Example] Show the contents of the SNMP view settings. SWP2#show snmp view SNMP View information View Name: most OID: 1.6.1 Type: include View Name: standard OID: 1.3.6.1.2.1 Type: include 4.10.
| Command Reference | Maintenance and operation functions Auth: sha Priv: aes User Name: user1 Group Name: users Auth: sha Priv: none 4.11 RMON 4.11.1 Set RMON function [Syntax] rmon switch no rmon [Parameter] switch : RMON function operation Setting value Description enable Enable RMON function disable Disable RMON function [Initial value] rmon enable [Input mode] global configuration mode [Description] Sets the system-wide operation of the RMON function.
Command Reference | Maintenance and operation functions | 61 Maximum 127 characters (if omitted : RMON_SNMP) [Initial value] none [Input mode] interface mode [Description] Enables the RMON Ethernet statistical information group setting for the applicable interface. If this command is set, statistical information is collected, and the RMON MIB's etherStatsTable can be acquired. This command can be specified a maximum number of eight times for the same interface.
| Command Reference | Maintenance and operation functions [Note] To enable the history group setting of the RMON function, it is necessary to enable the system-wide RMON function in addition to this command. If this command is overwritten, the previously collected historical information is deleted, and collection is once again started. If the system-wide RMON function is disabled, collection of historical information is interrupted.
Command Reference | Maintenance and operation functions | 63 [Example] After making SNMP trap settings, enable the RMON event group setting. Set the type of event as "log-trap", and the community name of the trap as "public". SWP2(config)#snmp-server host 192.168.100.3 traps version 2c public SWP2(config)#snmp-server enable trap rmon SWP2(config)#rmon event 1 log-trap public 4.11.
| Command Reference | Maintenance and operation functions Setting value Description Use both upper threshold value and lower threshold value (risingOrFallingAlarm) 3 (if omitted : 3) owner : Name of alarm group owner (alarmOwner) maximum 127 characters (if omitted : RMON_SNMP) [Initial value] none [Input mode] global configuration mode [Description] Enables the RMON alarm group settings. Set variable as the MIB object that will be the target of monitoring by the RMON alarm group.
Command Reference | Maintenance and operation functions | 65 [Example] Enable the RMON alarm group settings with the following conditions. • The MIB object to be monitored is etherStatsPkts.1. • The sampling interval is 180 seconds. • The sampling type is delta. • The upper threshold value is 3000, and the event when rising above the upper threshold value is 1. • The lower threshold value is 2000, and the event when falling below the lower threshold value is 1. SWP2(config)#rmon alarm 1 etherStatsPkts.
| Command Reference | Maintenance and operation functions 4.11.7 Show RMON Ethernet statistical information group status [Syntax] show rmon statistics [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the settings and status of the RMON Ethernet statistical information group. The following items are shown.
Command Reference | Maintenance and operation functions | 67 • • Time of executing event Owner name [Example] SWP2>show rmon event event Index = 1 Description RMON_SNMP Event type Log Event community name RMON_SNMP Last Time Sent = 00:00:58 Owner RMON_SNMP 4.11.10 Show RMON alarm group status [Syntax] show rmon alarm [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the settings and status of the RMON alarm group. The following items are shown.
| Command Reference | Maintenance and operation functions SWP2(config)#interface port1.1 SWP2(config-if)#rmon clear counters 4.12 Telnet server 4.12.
Command Reference | Maintenance and operation functions | 69 4.12.3 Set host that can access the Telnet server [Syntax] telnet-server interface interface no telnet-server interface interface [Parameter] interface : VLAN interface name [Initial value] none [Input mode] global configuration mode [Description] Sets the VLAN interface that allows access to the Telnet server. If this command is executed with the "no" syntax, the specified interface is deleted.
| Command Reference | Maintenance and operation functions [Description] Restrict access to the TELNET server according to the client terminal's IPv4/IPv6 address. Up to eight instances of this command can be set, and those that are specified earlier take priority for application. If this command is set, all access that does not satisfy the registered conditions is denied. However, if this command is not set, all access is permitted.
Command Reference | Maintenance and operation functions | 71 Setting value Description enable Enable disable Disable [Initial value] telnet-client disable [Input mode] global configuration mode [Description] Enables use of the telnet command as a Telnet client. If this command is executed with the "no" syntax, the Telnet client is disabled. [Example] Enable the Telnet client. SWP2(config)#telnet-client enable 4.14 TFTP server 4.14.
| Command Reference | Maintenance and operation functions • • Listening port number VLAN interface that is permitted to access the TFTP server [Example] Show the settings of the TFTP server. SWP2#show tftp-server Service:Enable Port:69 Management interface(vlan): 1 Interface(vlan):1, 2, 3 4.14.
Command Reference | Maintenance and operation functions | 73 If this command is executed with the "no" syntax, the function is disabled. [Example] Start the HTTP server with 8080 as the listening port number. SWP2(config)#http-server enable 8080 4.15.
| Command Reference | Maintenance and operation functions Management interface(vlan): 1 Interface(vlan):1 Access:None Login timeout:30 min 51 sec 4.15.4 Set hosts that can access the HTTP server [Syntax] http-server interface interface no http-server interface interface [Parameter] interface : VLAN interface name [Initial value] none [Input mode] global configuration mode [Description] Sets the VLAN interface that allows access to the HTTP server.
Command Reference | Maintenance and operation functions | 75 [Input mode] global configuration mode [Description] Restrict access to the HTTP server according to the client terminal's IPv4/IPv6 address. Up to eight instances of this command can be set, and those that are specified earlier take priority for application. If this command is set, all access that does not satisfy the registered conditions is denied. However, if this command is not set, all access is permitted.
| Command Reference | Maintenance and operation functions Timeout time (minutes) sec : <0-2147483> Timeout time (seconds) [Initial value] http-server login-timeout 5 [Input mode] global configuration mode [Description] Specify the time until automatic logout when there has been no access to the HTTP server. If sec is omitted, 0 is specified. If this command is executed with the "no" syntax, the setting returns to the default. [Note] The smallest value that can be specified is one minute.
Command Reference | Maintenance and operation functions | 77 4.16.2 Show SSH server settings [Syntax] show ssh-server [Input mode] priviledged EXEC mode [Description] Shows the settings of the SSH server. The following items are shown. • SSH server function enabled/disabled status • Listening port number • Whether SSH server host key exists • VLAN interface permitted to access the SSH server • Filter that controls access to the SSH server [Example] Show the settings of the SSH server.
| Command Reference | Maintenance and operation functions [Parameter] action info : : Specifies the action for the access condition Setting value Description deny "Deny" the condition permit "Permit" the condition Specifies the transmission-source IPv4 address or IPv6 address that is the condition Setting value Description A.B.C.D Specifies an IPv4 address (A.B.C.D) A.B.C.D/M Specifies an IPv4 address (A.B.C.
Command Reference | Maintenance and operation functions | 79 [Input mode] priviledged EXEC mode [Description] Sets the host RSA key and host DSA key of the SSH server. For the RSA key, the bit parameter can be used to specify the number of bits in the generated key. The DSA key generates a 1024-bit key. [Note] In order to use the SSH server function, this command must be executed in advance to generate the host keys.
| Command Reference | Maintenance and operation functions PXUgrLf5HAAABAQCnnPO+ZjWZcZwGa6LxTGMczAjDy5uwD4DWBbRxsPKaXlsicJGC0aridnTthIGa8 ARypDjhpL1a37SDezx8yClQ5vh+4SPLdS1hdSSzXXE+MXIICXnOVPdiKC4ia10n81tMxW/EPw4SqFP 77r7VvCE/JpXv82AN2JTJ/HAn3X7lvMyCsKZLoWrEcEcBH5anvAQKByVt7RerToZ4vSgodskv7nyXX XXXXXXX ssh-rsa XXXXXXXXXX1yc2EAAAABIwAAAQEAwvAZK18jKTCHIHQfRV4r7UOYChX0oeKjBbuuLSDhSH WmhpG3xxJO0pDIedSF3Knb7LX2SfymQYJ7XYIqMjmU0oziv/zi+De/z3M7wJHQUwfMZEDAdR6Mx39w 6Q04/ehQcaszjXi+0Al2wG/kk56lAU23CW/i21o//5GZTzkF
Command Reference | Maintenance and operation functions | 81 [Parameter] interval : <1-2147483647> Client alive checking interval (seconds, if omitted: 100) count : <1-2147483647> Maximum count for client alive checking (if omitted: 3) [Initial value] ssh-server client alive disable [Input mode] global configuration mode [Description] Sets whether to perform client alive checking. A message requesting a response is sent to the client at intervals of the number of seconds specified by "interval".
| Command Reference | Maintenance and operation functions 4.17.2 Enable SSH client [Syntax] ssh-client switch no ssh-client [Parameter] switch : Whether to enable SSH client Setting value Description enable Enable disable Disable [Initial value] ssh-client disable [Input mode] global configuration mode [Description] Enables use of the ssh command as an SSH client. If this command is executed with the "no" syntax, the SSH client is disabled. [Example] Enable the SSH client.
Command Reference | Maintenance and operation functions | 83 [Parameter] id : <1-10> Mail server ID host : Mail server address or host name IPv4 address (A.B.C.D), IPv6 address (X:X::X:X) When specifying an IPv6 link local address, the transmitting interface also needs to be specified (in fe80::X%vlanN format). Host name (64 characters or less, Single-byte alphanumeric characters - .
| Command Reference | Maintenance and operation functions [Initial value] none [Input mode] global configuration mode [Description] Sets the name of the server used when sending e-mails. [Example] Sets the e-mail transmission server name to “test_mail_server”. SWP2(config)#mail server smtp 1 name test_mail_server 4.18.
Command Reference | Maintenance and operation functions | 85 [Example] Switches to the mode for setting e-mail template #1. SWP2(config)#mail template 1 SWP2(config-mail)# 4.18.5 E-mail transmission server ID settings [Syntax] send server server-id no send server [Parameter] server-id : <1-10> E-mail template ID [Initial value] no send server [Input mode] E-mail template mode [Description] Sets the ID of the e-mail server to be used.
| Command Reference | Maintenance and operation functions [Initial value] no send to [Input mode] E-mail template mode [Description] Sets the destination e-mail addresses (maximum of four). [Note] This setting is used as the destination for event notifications, and is not used for the destinations when distributing certificates or sending notifications. [Example] Specifies “user@test.com” as the destination e-mail address for e-mail template #1.
Command Reference | Maintenance and operation functions | 87 [Description] Sets the wait time before actually sending event-related notification e-mails. [Note] This setting is used as the wait time before event-related notification e-mails are sent. [Example] Sets the transmission wait time for e-mail template #1 to 60 seconds. SWP2(config)#mail template 1 SWP2(config-mail)#send notify wait-time 60 4.18.
| Command Reference | Maintenance and operation functions [Note] Example of e-mail body text used when sending notifications beforehand about expired term of validity for RADIUS server client certificates --------------------------------Your certificate will expire in [X] days.
Command Reference | Maintenance and operation functions | 89 Template ID Notify trigger Server host Server port Encryption Wait time Mail address (from) Mail address (to) : : : : : : : : 1 lan-map, terminal, stack smtp-server.com 25 STARTTLS 30 sec sample@test.com user1@test.com user2@test.com user3@test.com user4@test.com 4.19 LLDP 4.19.
| Command Reference | Maintenance and operation functions [Example] Set the system description to SWITCH1_POINT_A. SWP2(config)#lldp system-description SWITCH1_POINT_A 4.19.3 Set system name [Syntax] lldp system-name name no lldp system-name [Parameter] name : System name text string (255 characters or less) [Initial value] no lldp system-name [Input mode] global configuration mode [Description] Sets the system name used by the LLDP function.
Command Reference | Maintenance and operation functions | 91 [Parameter] switch : Set automatic setting function by LLDP Setting value Description enable Enable automatic setting function by LLDP disable Disable automatic setting function by LLDP [Initial value] lldp auto-setting disable [Input mode] global configuration mode [Description] Enables the function by which LLDP frames transmitted by specific Yamaha devices can automatically modify the settings of a switch.
| Command Reference | Maintenance and operation functions SWP2(config-if)#lldp-agent SWP2(lldp-agent)#set lldp enable rxonly 4.19.
Command Reference | Maintenance and operation functions | 93 SWP2(config-if)#lldp-agent SWP2(lldp-agent)#tlv-select basic-mgmt 4.19.9 Set IEEE-802.1 TLV [Syntax] tlv-select ieee-8021-org-specific no tlv-select ieee-8021-org-specific [Initial value] none [Input mode] LLDP agent mode [Description] Adds IEEE-802.1 TLVs to transmitted frames. If this command is executed with the "no" syntax, exclude IEEE-802.1 TLVs from transmitted frames. This command adds the following TLVs to LLDP frames.
| Command Reference | Maintenance and operation functions 4.19.11 Set LLDP-MED TLV [Syntax] tlv-select med no tlv-select med [Initial value] none [Input mode] LLDP agent mode [Description] If this command is executed with the "no" syntax, exclude LLDP-MED TLVs from transmitted frames. This command adds the following TLVs to LLDP frames.
Command Reference | Maintenance and operation functions | 95 [Parameter] fast_tx : <1-3600> LLDP frame transmission interval for high speed transmission period (seconds) [Initial value] set timer msg-fast-tx 1 [Input mode] LLDP agent mode [Description] Sets the LLDP frame transmission interval during the high speed transmission period. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Maintenance and operation functions [Initial value] set msg-tx-hold 4 [Input mode] LLDP agent mode [Description] Sets the multiplier for calculating the time to live (TTL) of device information. If this command is executed with the "no" syntax, the setting returns to the default. This setting is multiplied with the LLDP frame transmission interval (msg-tx-interval), and then increased by +1 to become the TTL value (seconds). The TTL value is set in "Time To Live TLV".
Command Reference | Maintenance and operation functions | 97 [Description] Sets the maximum number of connected devices that can be managed by a port. If this command is executed with the "no" syntax, the setting returns to the default. If the maximum number of connected device for a port is exceeded, LLDP frames sent from new devices are ignored. [Note] When this command is set, the remote device management table is cleared once when the first LLDP frame is received on the applicable port.
| Command Reference | Maintenance and operation functions Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows LLDP information for the interface specified by ifname. If "neighbor" is specified, information for the device connected to the interface is shown. The following items are shown.
Command Reference | Maintenance and operation functions | 99 ID of port VLAN PP Vlan id ID of protocol VLAN VLAN ID ID of port VLAN VLAN Name Name of port VLAN Remote Protocols Advertised List of supported protocols Remote VID Usage Digestt VID Usage Digestt value Remote Management Vlan Name of management VLAN Link Aggregation Status Link aggregation enabled/disabled Link Aggregation Port ID ID of link aggregation port • Port Vlan id 8023 ORIGIN SPECIFIC TLV information Auto negotiation e
| Command Reference | Maintenance and operation functions Datum Geodetic datum 0: USA's World Geodetic System (WGS 84) 1: North American Datum (NAD 83) 2: Average historical minimum sea level of North American Datum (NAD 83) LCI length Length of location information data What Place of reference location 0: Location of the DHCP server 1: Position of the network element thought to be nearest the client 2: Location of client Country Code Country code CA type CA (Civic Address) type MED Inventory
Command Reference | Maintenance and operation functions | 101 CHASSIS ID TYPE IP ADDRESS : 0.0.0.0 PORT ID TYPE INTERFACE NAME : port1.
| Command Reference | Maintenance and operation functions SWP2>clear lldp counters 4.20 L2MS (Layer 2 management service) settings 4.20.
Command Reference | Maintenance and operation functions | 103 [Example] If operating as a slave, L2MS information is shown. SWP2>show l2ms Role : Slave Status : Managed by Master (ac44.f23d.0bb9) 4.21 Snapshot 4.21.1 Set snapshot function [Syntax] snapshot enable snapshot disable no snapshot [Keyword] enable : Snapshot function is enabled disable : Snapshot function is disable [Initial value] snapshot disable [Input mode] global configuration mode [Description] Enables the snapshot function.
| Command Reference | Maintenance and operation functions SWP2(config)#snapshot trap terminal 4.21.3 Create snapshot [Syntax] snapshot save [after-update] [Keyword] after-update : After updating the network's connection state, save it as a snapshot [Input mode] priviledged EXEC mode [Description] Saves a snapshot file that is the base for the LAN map's snapshot function.
Command Reference | Maintenance and operation functions | 105 If the server's port number is other than 80, you must specify this within the URL, using the syntax "http://server IP address or hostname:port number/path name". [Example] Specify http://192.168.100.1/swp2.bin as the firmware download URL. SWP2(config)#firmware-update url http://192.168.100.1/swp2.bin SWP2(config)# 4.22.
| Command Reference | Maintenance and operation functions SWP2(config)#firmware-update timeout 120 SWP2(config)# 4.22.4 Allow revision-down [Syntax] firmware-update revision-down enable no firmware-update revision-down [Initial value] no firmware-update revision-down [Input mode] global configuration mode [Description] When using a firmware file from a web server to update the firmware, this allows the firmware to be changed to a revision that is older than the current revision.
Command Reference | Maintenance and operation functions | 107 [Description] Sets the time at which the new firmware is applied by restarting after a firmware update. If this command is executed with the "no" syntax, the new firmware is applied by restarting immediately after the firmware is updated. [Example] Specify AM 1:30 as the restart time for updating the firmware. SWP2(config)#firmware-update reload-time 1 30 SWP2(config)# 4.23 Schedule 4.23.
| Command Reference | Maintenance and operation functions event template_id : : Hour setting examples Setting contents 12.13 12:00 and 13:00 12- From 12:00 to 23:00 10-20 From 10:00 to 20:00 -20 From 0:00 to 20:00 * Hourly Minute setting examples Setting contents 30 30 minutes 15.
Command Reference | Maintenance and operation functions | 109 [Parameter] line : Single-byte alphanumeric characters and single-byte symbols (64 characters or less) Schedule template description text [Initial value] no description [Input mode] Schedule template mode [Description] Sets the schedule template description text. If this command is executed with the "no" syntax, the description text in the specified schedule template is deleted.
| Command Reference | Maintenance and operation functions [Initial value] None [Input mode] global configuration mode [Description] Switches to the mode for setting the schedule template. If this command is executed with the "no" syntax, the specified schedule template is deleted. [Example] This switches to the mode for setting schedule template #1. SWP2(config)#schedule template 1 SWP2(config-schedule)# 4.23.
Command Reference | Maintenance and operation functions | 111 SWP2(config-schedule)#cli-command 1 copy tech-support sd 4.24 General maintenance and operation functions 4.24.1 Set host name [Syntax] hostname hostname no hostname [hostname] [Parameter] hostname : Single-byte alphanumeric characters and single-byte symbols (63characters or less) Host name [Initial value] hostname SWP2 [Input mode] global configuration mode [Description] Specifies the host name.
| Command Reference | Maintenance and operation functions [Note] You must enter the administrator password when executing this command. A special password can be inputted to initialize the settings only when logging in at the command prompt using a special password. [Example] Initialize the settings. SWP2#cold start Password: 4.24.
Command Reference | Maintenance and operation functions | 113 4.24.6 Show DIP switches status [Syntax] show dipsw [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Show status of the DIP switches at startup and the current status. [Example] Show the status of the DIP switches. SWP2>show dipsw DIPSW SW1 SW2 SW3 SW4 -------------------------------------Startup status : ON OFF OFF ON Current status : ON OFF OFF ON 4.24.
| Command Reference | Interface control Chapter 5 Interface control 5.1 Interface basic settings 5.1.1 Set description [Syntax] description line no description [Parameter] line : Single-byte alphanumeric characters and single-byte symbols (80characters or less) Description of the applicable interface [Initial value] no description [Input mode] interface mode [Description] Specifies a description of the applicable interface.
Command Reference | Interface control | 115 [Parameter] type : Speed and duplex mode types Speed and duplex mode types Description auto Auto negotiation 10000-full 10Gbps/Full 1000-full 1000Mbps/Full 100-full 100Mbps/Full 100-half 100Mbps/Half 10-full 10Mbps/Full 10-half 10Mbps/Half [Initial value] speed-duplex auto [Input mode] interface mode [Description] Sets the speed and duplex mode. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Interface control SWP2(config)#interface port1.1 SWP2(config-if)#mru 9000 5.1.5 Set cross/straight automatic detection [Syntax] mdix auto action no mdix auto [Parameter] type : Cross/straight automatic detection operations Setting value Description enable Enable cross/straight automatic detection disable Disable cross/straight automatic detection [Initial value] mdix auto enable [Input mode] interface mode [Description] Enables cross/straight automatic detection.
Command Reference | Interface control | 117 When this command is used to change the settings, link-down temporarily occurs for the corresponding interface. [Example] Enable EEE for LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#eee enable 5.1.
| Command Reference | Interface control Item Description interface Interface name EEE(efficient-ethernet) Whether EEE is enabled Rx LPI Status Low-power mode status of the receiving unit Tx LPI Status Low-power mode status of the transmitting unit Wake Error Count Error count [Example] Show EEE status of LAN port #1. [If EEE is disabled] SWP2#show eee status interface port1.1 interface:port1.
Command Reference | Interface control | 119 Traffic direction Description transmit Transmitter [Initial value] no mirror interface [Input mode] interface mode [Description] Mirrors the traffic specified by direct, with the applicable interface as the mirror port and ifname as the monitor port. If this command is executed with the "no" syntax, the mirroring setting is deleted. [Note] This command can be specified only for LAN/SFP+ port. Only one interface can be specified as the mirror port.
| Command Reference | Interface control 5.1.11 Show interface status [Syntax] show interface [ type [ index ] ] [Parameter] type : Interface type Interface type index : Description port Physical interface vlan VLAN interface sa Static logical interface po LACP logical interface Index number Interface ID Description 1.X Specifies the number printed on the chassis (X). <1-4094> Specify the VLAN ID. <1-96> Speciffy the static logical interface number.
Command Reference | Interface control | 121 Item Description broadcast IP broadcast address *3 (shown only if IP address is set) Switchport mode Mode of the switchport • access : untagged • trunk : tagged Ingress filter Status of ingress filtering • enable : enabled • disable : disabled Acceptable frame types Frame types that can be received • all : All frames are received (regardless of whether they are tagged or untagged) • vlan-tagged only : Only frames with a VLAN tag are received Default Vlan
| Command Reference | Interface control ifIndex 5001, MRU 1522 Speed-Duplex: auto(configured), 1000-full(current) Auto MDI/MDIX: on Vlan info: Switchport mode : access Ingress filter : enable Acceptable frame types : all Default Vlan : 1 Configured Vlans : 1 Interface counter: input packets : 320 bytes : 25875 multicast packets: 301 output packets : 628 bytes : 129895 multicast packets: 628 broadcast packets: 0 drop packets : 0 Show the status of VLAN #1.
Command Reference | Interface control | 123 Item Description • (P) : LACP logical interface ID of associated logical interface Description Description of interface *1 Shown only for physical interface *2 hown only for physical interface and logical interface [Example] Show brief interface status.
| Command Reference | Interface control SWP2#interface reset port1.1 5.1.14 Show frame counter [Syntax] show frame-counter [ifname] [Parameter] ifname : Interface name of the LAN/SFP+ port Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows frame counter information for the interface specified by ifname. If ifname is omitted, shows information for all interfaces. The following items are shown.
Command Reference | Interface control | 125 *2 Shows the transmission information when tail dropping is enabled, and the information only for reception when tail dropping is disabled. [Example] Show the frame counter of LAN port #1. SWP2#show frame-counter port1.1 Interface port1.
| Command Reference | Interface control 5.1.16 Show SFP+ module status [Syntax] show ddm status [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the status of the SFP+ module. For each item, shows the current value, upper threshold value, and lower threshold value for each SFP+ port.
Command Reference | Interface control | 127 Setting value Description enable Enables SFP+ module optical reception level monitoring disable Disables SFP+ module optical reception level monitoring [Initial value] sfp-monitor rx-power enable [Input mode] global configuration mode [Description] Sets the monitoring of SFP+ module optical reception levels. [Example] Disable SFP+ module optical reception level monitoring. SWP2(config)#sfp-monitor rx-power disable 5.2 Link aggregation 5.2.
| Command Reference | Interface control SWP2(config)#interface port1.1 SWP2(config-if)#static-channel-group 5 5.2.2 Show static logical interface status [Syntax] show static-channel-group [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the static logical interface status. The following items are shown for each static logical interface that exists.
Command Reference | Interface control | 129 If you associate a LAN/SFP+ port to a link-id for which a LACP logical interface does not exist, the LACP logical interface is newly generated. If the associated LAN/SFP+ port is no longer present because it was removed from the LACP logical interface, the LACP logical interface is deleted. Up to twenty LAN/SFP+ port units can be associated with one LACP logical interface.
| Command Reference | Interface control Item Description • • • • • • "Initialize" "Port disabled" "LACP disabled" "Expired" "Defaulted" "Current" Periodic Transmission machine state Status of the LACP protocol Periodic Transmission transition variable • "Invalid" • "No periodic" • "Fast periodic" (transmitted at one-second intervals) • "Slow periodic" (transmitted at 30 second intervals) • "Periodic" Mux machine state Status of the LACP protocol Receive machine transition variable • "Detached" • "
Command Reference | Interface control | 131 SWP2#show etherchannel port1.1 Etherchannel port1.1 Physical admin key 3 Receive machine state Current Periodic Transmission machine state Slow periodic Mux machine state Collecting/Distributing Selection Selected Information Actor Partner LAG 0x8000, 00-a0-de-e0-e0-e0 0x8000, 00-a0-de-11-11-11 Admin Key 0001 0001 Port Priority 32768 32768 Ifindex 5001 5001 Timeout Long Long Active 1 1 Synchronized 1 1 Collecting 1 1 Distributing 1 1 Defaulted 0 0 Expired 0 0 5.
| Command Reference | Interface control [Example] Show the LACP system priority. SWP2>show lacp sys-id % System 0x8000, 00-a0-de-e0-e0-e0 5.2.
Command Reference | Interface control | 133 [Description] Sets the LACP timeout. [Note] This command can be set only for a LAN/SFP+ port that is associated with an LACP logical interface. If a LAN/SFP+ port is associated with an LACP logical interface, lacp timeout long command is specified for the corresponding LAN/SFP+ port. If it is dissociated from the LACP logical interface, the lacp timeout command setting of the corresponding LAN/SFP+ port is deleted.
| Command Reference | Interface control [Example] Show the frame counter for every LACP logical interface. SWP2#show lacp-counter % Traffic statistics Port LACPDUs Marker Sent Recv Sent Recv % Aggregator po1 , ID 4601 port1.1 297 298 0 0 port1.2 306 299 0 0 port1.3 305 298 0 0 port1.4 309 1350 0 0 port1.5 186 186 0 0 Pckt err Sent Recv 0 0 0 0 0 0 0 0 0 0 5.2.
Command Reference | Interface control | 135 [Keyword] summary : Abbreviated display detail : Detailed display : <1-127> [Parameter] link-id LACP logical interface number [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the status of the LACP logical interface specified by link-id. If link-id is omitted, shows the status of all LACP logical interface. If summary is specified, an abbreviated display is shown; if detail is specified, details are shown.
| Command Reference | Interface control Usage status Synchronization State of the linked-up LAN/SFP+ port Standby no Selected as a LAN/SFP+ port with LACP enabled, and specified as a standby port. Selected yes Selected as a LAN/SFP+ port with LACP enabled. Combined as link aggregation, [Example] Show the status of the LACP logical interface.
Command Reference | Interface control | 137 no lacp port-priority [Parameter] priority : <1-65535> LACP port priority order Lower numbers have higher priority [Initial value] lacp port-priority 32768 [Input mode] interface mode [Description] Sets the LACP port priority order. If this command is executed with the "no" syntax, the setting returns to the default value.
| Command Reference | Interface control 5.3.2 Configuring the MAC authentication function for the entire system [Syntax] aaa authentication auth-mac no aaa authentication auth-mac [Initial value] no aaa authentication auth-mac [Input mode] global configuration mode [Description] Enables MAC authentication for the entire system. If this command is executed with the "no" syntax, disables MAC authentication for the entire system.
Command Reference | Interface control | 139 Operation mode Description force-authorized Sets the authenticated port for IEEE 802.1X authentication to a fixed port force-unauthorized Sets the unauthenticated port for IEEE 802.1X authentication to a fixed port [Initial value] no dot1x port-control [Input mode] interface mode [Description] Configures the IEEE 802.1X authentication operation mode for the applicable interface. If this command is executed with the "no" syntax, the IEEE 802.
| Command Reference | Interface control To use this command, you must enable the port authentication function for the applicable interface. (dot1x port-control command) [Example] Discard received packets only for the packet forwarding operation on an unauthenticated port of LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#dot1x control-direction in 5.3.
Command Reference | Interface control | 141 5.3.
| Command Reference | Interface control You cannot enable the Web authentication function from any other mode besides multi-supplicant mode. You cannot use this together with guest VLAN. [Example] Enable the LAN port #1 Web authentication function. SWP2(config)#interface port1.1 SWP2(config-if)#auth-web enable 5.3.
Command Reference | Interface control | 143 [Initial value] no auth reauthentication [Input mode] interface mode [Description] Enables reauthentication of supplicants for the applicable interface. If this is executed with the "no" syntax, the re-authentication is disabled. When this setting is enabled, this periodically reauthenticates supplicants that have been successfully authenticated. The reauthentication interval can be changed using the auth timeout reauth-period command.
| Command Reference | Interface control no auth guest-vlan [Parameter] vlan-id : <1-4094> VLAN ID for guest VLAN [Initial value] no auth guest-vlan [Input mode] interface mode [Description] If the supplicant connected to the applicable interface is unauthorized or if authorization has failed, this specifies the guest VLAN to which the supplicant is associated. If this command is executed with the "no" syntax, the guest VLAN setting is deleted.
Command Reference | Interface control | 145 5.3.15 Set reauthentication interval [Syntax] auth timeout reauth-period time no auth timeout reauth-period [Parameter] time : <300-86400> Supplication reauthentication interval (seconds) [Initial value] auth timeout reauth-period 3600 [Input mode] interface mode [Description] Sets the reauthentication interval of the supplicant for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Interface control 5.3.17 Set supplicant reply wait time [Syntax] auth timeout supp-timeout time no auth timeout supp-timeout [Parameter] time : <1-65535> Supplicant reply wait time (seconds) [Initial value] auth timeout supp-timeout 30 [Input mode] interface mode [Description] Sets the reply wait time from the supplicant during port authentication for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Interface control | 147 Shared password (the settings for the radius-server key command are used if this is omitted) [Initial value] none [Input mode] global configuration mode [Description] Adds a server to the authentication server list. The maximum number of entries is 8. If this command is executed with the "no" syntax, this deletes the specified server from the authentication server list. [Example] Add the server at IP address 192.168.100.
| Command Reference | Interface control [Parameter] count : <0-100> Number of times to resend request [Initial value] radius-server retransmit 3 [Input mode] global configuration mode [Description] Sets the number of times to resend requests to a RADIUS server. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Interface control | 149 [Input mode] global configuration mode [Description] Sets the time during which the usage of the relevant server is prevented, when a request to the RADIUS server has timed out. If this command is executed with the "no" syntax, the setting returns to the default. [Example] This sets the usage prevention for the RADIUS server to 1 minute. SWP2(config)#radius-server deadtime 1 5.3.
| Command Reference | Interface control Clear-state time : Not configured Redirect URL : Not configured Auth-web custom-file : There is no custom-file RADIUS server address : 192.168.100.101 (port:1812) [Interface information] Interface port1.1 (up) 802.
Command Reference | Interface control | 151 -------- ----------------- ----------------- --------------- ---- -----port1.1 0011.2233.4455 user Authenticated 1 802.1X 5.3.
| Command Reference | Interface control [Description] Clears the packet statistical information during port authentication. [Example] Clear the statistical information for LAN port #1. SWP2#clear auth statistics interface port1.1 5.3.28 Show RADIUS server setting information [Syntax] show radius-server [Input mode] priviledged EXEC mode [Description] Shows setting information related to the RADIUS server.
Command Reference | Interface control | 153 5.3.30 Clear the authentication state [Syntax] clear auth state [all] [interface ifname] [supplicant mac-addr] [Keyword] all : Clears the authentication state for all supplicants interface : Clears the authentication state for supplicants connected to specific interfaces supplicant : Clear the authentication state for specific supplicant : Interfacee name [Parameter] ifname Interface to clear mac-addr : hhhh.hhhh.
| Command Reference | Interface control [Parameter] time : <0-23> Time at which the authentication state is cleared [Initial value] no auth clear-state time [Input mode] interface mode [Description] Sets the time at which the authentication state of the supplicant is cleared for the applicable interface. If this command is executed with the "no" syntax, deletes the time setting for clearing the authentication state.
Command Reference | Interface control | 155 5.4.1 Set port security function [Syntax] port-security enable port-security disable no port-security [Keyword] enable : Enables port security function disable : Disables port security function [Initial value] port-security disable [Input mode] interface mode [Description] Enables the port security function for the applicable interface.
| Command Reference | Interface control Operation mode shutdown Description Shuts down the port [Initial value] port-security violation discard [Input mode] interface mode [Description] Sets the action to be taken during a port security violation for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] When restoring ports in shutdown mode that have been shut down, use the no shutdown command.
Command Reference | Interface control | 157 Setting value interval : Description bpduguard BPDU guard function loop-detect Loop detection function <10-1000000> Time (seconds) until auto-recovery [Initial value] no errdisable auto-recovery bpduguard (BPDU guard function) errdisable auto-recovery loop-detect 300 (Loop detection function) [Input mode] global configuration mode [Description] Enables the function that automatically recovers after the error detection function causes the errdisable state,
| Command Reference | Layer 2 functions Chapter 6 Layer 2 functions 6.1 FDB (Forwarding Data Base) 6.1.
Command Reference | Layer 2 functions | 159 SWP2(config)#mac-address-table ageing-time 400 6.1.3 Clear dynamic entry [Syntax] clear clear clear clear mac-address-table mac-address-table mac-address-table mac-address-table dynamic dynamic adress mac-addr dynamic vlan vlan-id dynamic interface ifname [instance inst] [Keyword] address : Specifies the MAC address vlan : Specifies the VLAN ID interface : Specifies the interface instance : Specifies the MST instance : hhhh.hhhh.
| Command Reference | Layer 2 functions ifname : Setting value Description discard Discard Name of LAN/SFP+ port or logical interface Applicable interface vlan-id : <1-4094> Applicable VLAN ID [Initial value] none [Input mode] global configuration mode [Description] Registers a static entry in the MAC address table. If action is specified as "forward," received frames that match the specified MAC address and VLAN ID are forwarded to the specified interface.
Command Reference | Layer 2 functions | 161 1 1 sa1 sa2 1803.731e.8c2b 782b.cbcb.218d forward forward dynamic dynamic 300 300 6.1.
| Command Reference | Layer 2 functions [Keyword] name : Specifies the name of the VLAN state : Specifies the state of the VLAN : <2-4094> [Parameter] vlan-id VLAN ID name : Single-byte alphanumeric characters and single-byte symbols(32characters or less) Name of the VLAN state : Whether frame forwarding is enabled or disabled Setting value Description enable Frames are forwarded disable Frames are not forwarded [Initial value] none [Input mode] VLAN mode [Description] Sets the VLAN
Command Reference | Layer 2 functions | 163 Setting value Description isolated Secondary VLAN (isolated VLAN) [Initial value] none [Input mode] VLAN mode [Description] Uses vlan-id as a private VLAN. If this command is executed with the "no" syntax, the private VLAN setting is deleted, and it is used as a conventional VLAN.
| Command Reference | Layer 2 functions [Description] Specify the association of the secondary VLAN (isolated VLAN, community VLAN) with the primary VLAN of the private VLAN. By specifying "add," specify the association of the vlan-id with the 2nd-vlan-ids. By specifying "remove," remove the association of the vlan-id and the 2nd-vlan-ids. If this command is executed with the "no" syntax, all associations to the primary VLAN are deleted.
Command Reference | Layer 2 functions | 165 [Input mode] interface mode [Description] Sets the VLAN ID that is associated as an access port with the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be set only for a LAN/SFP+ port or logical interface for which the switchport mode access command is set.
| Command Reference | Layer 2 functions 6.2.
Command Reference | Layer 2 functions | 167 [Example] Set LAN port #1 as the trunk port, and associate it to VLAN #2. SWP2(config)#interface port1.1 SWP2(config-if)#switchport mode trunk SWP2(config-if)#switchport trunk allowed vlan add 2 6.2.
| Command Reference | Layer 2 functions Setting value Description promiscuous Promiscuous port host Host port [Initial value] none [Input mode] interface mode [Description] Specifies the private VLAN port type for the applicable interface. If this is executed with the "no" syntax, the setting of the private VLAN specified for the applicable interface is deleted. [Note] This command can be set only for a LAN/SFP+ port for which the switchport mode access command is set.
Command Reference | Layer 2 functions | 169 If the switchport mode private-vlan command is used to set the port type to something other than host port, the setting of this command is deleted. [Example] Specify the following private VLAN for each interface. • LAN port #1 : Primary VLAN #100, Secondary VLAN #101 • LAN port #2 : Primary VLAN #100, Secondary VLAN #102 • LAN port #3 : Primary VLAN #100, Secondary VLAN #103 SWP2(config)# interface port1.
| Command Reference | Layer 2 functions A community VLAN can be associated with multiple promiscuous ports. Multiple promiscuous ports can be specified for one primary VLAN. Since an interface in an isolated VLAN can communicate only with one promiscuous port, only one promiscuous port can be associated with one isolated VLAN. [Example] Make LAN port #1 operate as a promiscuous port, specify primary VLAN #100, and associate the secondary VLANs #101, #102, and #103. SWP2(config)# interface port1.
Command Reference | Layer 2 functions | 171 [Description] Specify the CoS value to use for voice traffic by the connected device. The connected device is notified of the setting via LLDP-MED in the following cases. • Voice VLAN is specified for the corresponding port. • LLDP-MED transmission and reception is possible for the corresponding port. [Example] Set the CoS value to 6 for using LAN port #1 as voice VLAN. SWP2(config)#interface port1.1 SWP2(config-if)#switchport voice cos 6 6.2.
| Command Reference | Layer 2 functions By default, each interface is not associated with a multiple VLAN group. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This cannot be used in conjunction with the private VLAN. Ports that are associated with a link aggregation logical interface must be set to the same multiple VLAN group. The multiple VLAN group is applied only to forwarding between ports.
Command Reference | Layer 2 functions | 173 [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows information for the specified VLAN ID. The following items are shown. Item Description VLAN ID VLAN ID Name Name of the VLAN State VLAN status (whether frames are forwarded) • ACTIVE : forwarded • SUSPEND : not forwarded Member ports Interfaces associated with the VLAN ID • (u) : Access port (untagged port) • (t) : Trunk port (tagged port) [Example] Show all VLAN information.
| Command Reference | Layer 2 functions 6.2.20 Show multiple VLAN group setting information [Syntax] show vlan multiple-vlan [group group-id] [Keyword] group : Show information for specific multiple VLAN groups : <1-256> [Parameter] group-id Multiple VLAN group ID [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the setting status for multiple VLAN groups. If the "group" specification is omitted, all groups that are actually assigned to the interface are shown.
Command Reference | Layer 2 functions | 175 Forward delay time (seconds) [Initial value] spanning-tree forward-time 15 [Input mode] global configuration mode [Description] Sets the forward delay time. If this command is executed with the "no" syntax, the setting returns to the default. [Note] The setting of this command must satisfy the following conditions. 2 x (hello time + 1) <= maximum aging time <= 2 x (forward delay time - 1) The maximum aging time can be set by the spanning-tree max-age command.
| Command Reference | Layer 2 functions Priority value [Initial value] spanning-tree priority 32768 [Input mode] global configuration mode [Description] Sets the bridge priority. Lower numbers have higher priority. If this command is executed with the "no" syntax, the setting returns to the default. [Note] In the case of MSTP, this is the setting for CIST (instance #0). [Example] Set the bridge priority to 4096. SWP2(config)#spanning-tree priority 4096 6.3.
Command Reference | Layer 2 functions | 177 Setting value Description shared Shared link [Initial value] spanning-tree link-type point-to-point [Input mode] interface mode [Description] Sets the link type for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP+ port and logical interface.
| Command Reference | Layer 2 functions 6.3.8 Set interface BPDU guard [Syntax] spanning-tree bpdu-guard guard no spanning-tree bpdu-guard [Parameter] guard : BPDU guard operation Setting value Description enable Enables BPDU guard disable Disables BPDU guard [Initial value] spanning-tree bpdu-guard disable [Input mode] interface mode [Description] Sets BPDU guard for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Layer 2 functions | 179 [Input mode] interface mode [Description] Sets the path cost of the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] In the case of MSTP, this is the setting for CIST (instance #0). This command can be specified only for LAN/SFP+ port and logical interface. It is not possible to specify this command for a LAN/SFP+ port that is associated to a logical interface.
| Command Reference | Layer 2 functions [Description] Sets the edge port of the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP+ port and logical interface. It is not possible to specify this command for a LAN/SFP+ port that is associated to a logical interface.
Command Reference | Layer 2 functions | 181 Item Description Ifindex Interface index number Port Id Interface's port ID Role Role of the interface. This is either Disabled, Designated, Rootport, or Alternate State State of the interface.
| Command Reference | Layer 2 functions % % % % Default: Default: Default: Default: CIST Root Id 8000ac44f2300110 CIST Reg Root Id 8000ac44f2300110 CIST Bridge Id 8000ac44f2300110 6 topology change(s) - last topology change Tue Feb 27 19:52:52 2018 % port1.1: Port Number 905 - Ifindex 5001 - Port Id 0x8389 - Role Designated State Forwarding % port1.1: Designated External Path Cost 0 -Internal Path Cost 0 % port1.1: Configured Path Cost 20000 - Add type Explicit ref count 1 % port1.
Command Reference | Layer 2 functions | 183 % % % % Config Bpdu's received TCN Bpdu's xmitted TCN Bpdu's received Forward Trans Count : : : : 0 2 3 1 % % % % % % % % % % % % % STATUS of Port Timers --------------------Hello Time Configured Hello timer Hello Time Value Forward Delay Timer Forward Delay Timer Value Message Age Timer Message Age Timer Value Topology Change Timer Topology Change Timer Value Hold Timer Hold Timer Value : : : : : : : : : : : 2 ACTIVE 0 INACTIVE 0 INACTIVE 0 INACTIVE 0 INAC
| Command Reference | Layer 2 functions SWP2#clear spanning-tree detected protocols interface port1.1 6.3.15 Move to MST mode [Syntax] spanning-tree mst configuration [Input mode] global configuration mode [Description] Moves to MST mode in order to make MST instance and MST region settings. [Note] To return from MST mode to global configuration mode, use the exit command. To return to priviledged EXEC mode, use the end command. [Example] Move to MST mode.
Command Reference | Layer 2 functions | 185 [Input mode] MST mode [Description] Associates a VLAN with an MST instance. If this command is executed with the "no" syntax, the VLAN association for the MST instance is deleted. If as a result of this deletion, not even one VLAN is associated with the MST instance, the MST instance is deleted. If you specify an MST instance that has not been generated, the MST instance will also be generated.
| Command Reference | Layer 2 functions [Description] Sets the MST region name. If this command is executed with the "no" syntax, the setting returns to the default. [Example] Set the MST region name to "Test1". SWP2(config)#spanning-tree mst configuration SWP2(config-mst)#region Test1 6.3.
Command Reference | Layer 2 functions | 187 6.3.
| Command Reference | Layer 2 functions [Description] Sets the path cost of the applicable interface on an MST instance. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP+ port and logical interface. It is not possible to specify this command for a LAN/SFP+ port that is associated to a logical interface.
Command Reference | Layer 2 functions | 189 [Example] Show MSTP information.
| Command Reference | Layer 2 functions [Keyword] interface : Specifies the interface to show : <1-15> [Parameter] instance-id ID of generated MST interface ifname : Name of LAN/SFP+ port or logical interface Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode, interface mode [Description] Shows information for the specified MST instance. If "interface" is omitted, information is shown for all interfaces that are assigned the specified MST instance.
Command Reference | Layer 2 functions | 191 [Note] The spanning tree function and the loop detection function can be used together on the entire system. In order to enable the loop detection function, the loop detection function must be enabled on the interface in addition to this command. Even if the loop detection function is enabled, the loop detection function does not operate on the following interfaces. • LAN/SFP+ port on which the spanning tree function is operating.
| Command Reference | Layer 2 functions LPD enabled STP enabled - STP - STP STP disabled - - LPD LPD STP enabled - STP LPD STP [Example] Enable the loop detection function of LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#loop-detect enable Disable the loop detection function of LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#loop-detect disable 6.4.
Command Reference | Layer 2 functions | 193 [Example] Reset the loop detection status. SWP2#loop-detect reset 6.4.5 Show loop detection function status [Syntax] show loop-detect [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the settings and status of the loop detection function. The following items are shown.
| Command Reference | Layer 3 functions Chapter 7 Layer 3 functions 7.1 IPv4 address management 7.1.1 Set IPv4 address [Syntax] ip ip no no no address ip_address/mask [secondary] [label textline] address ip_address netmask [secondary] [label textline] ip address ip_address/mask [secondary] ip address ip_address netmask [secondary] ip address [Keyword] label : Set label as IPv4 address secondary : Set as the secondary address : A.B.C.
Command Reference | Layer 3 functions | 195 [Parameter] interface : VLAN interface name [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the IPv4 address for each interface. The following content is shown. • IPv4 address • For secondary addresses, “(secondary)” is appended to the end of IPv4 addresses. • If an IPv4 address has been specified by the ip address dhcp command, an "*" is shown added before the displayed IPv4 address.
| Command Reference | Layer 3 functions [Note] The lease time requested from the DHCP server is fixed at 72 hours. However, the actual lease time will depend on the setting of the DHCP server. Even if this command is used to obtain the default gateway, DNS server, and default domain name from the DHCP server, the settings of the ip route, ip name-server, ip domain-name commands take priority.
Command Reference | Layer 3 functions | 197 [Parameter] switch : Behavior of the auto IP function Setting value Description enable Enable the auto IP function disable Disable the auto IP function [Initial value] auto-ip disable [Input mode] interface mode [Description] For the VLAN interface, enables the Auto IP function which automatically generates the IPv4 link local address (169.254.xxx.xxx/16).
| Command Reference | Layer 3 functions Netmask in address format Set this to 0.0.0.0 if specifying the default gateway gateway : A.B.C.D IPv4 address of gateway number : <1-255> Administrative distance (priority order when selecting route) (if omitted: 1) Lower numbers have higher priority. [Initial value] none [Input mode] global configuration mode [Description] Adds a static route for IPv4. If this command is executed with the "no" syntax, the specified route is deleted.
Command Reference | Layer 3 functions | 199 Known via "connected", distance 0, metric 0, best * is directly connected, vlan1 7.2.3 Show IPv4 Routing Information Base [Syntax] show ip route database [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the IPv4 Routing Information Base (RIB). [Example] Show the IPv4 routing information base. SWP2>show ip route database Codes: C - connected, S - static > - selected route, * - FIB route S S S C C *> *> *> *> *> 0.0.0.
| Command Reference | Layer 3 functions 7.3.2 Clear ARP table [Syntax] clear arp-cache [Input mode] priviledged EXEC mode [Description] Clears the ARP cache. [Example] Clear the ARP cache. SWP2#clear arp-cache 7.3.3 Set static ARP entry [Syntax] arp ip_address mac_address interface no arp ip_address [Parameter] ip_address : A.B.C.D IP address mac_address : HHHH.HHHH.HHHH MAC address interface : portN.
Command Reference | Layer 3 functions | 201 If this command is executed with the "no" syntax, the ARP entry timeout is set to 1200 seconds. [Example] Change the ARP entry ageing timeout for VLAN #1 to five minutes. SWP2(config)#interface vlan1 SWP2(config)#arp-aging-timeout 300 7.4 IPv4 forwarding control 7.4.
| Command Reference | Layer 3 functions [Parameter] host : Target to which ICMP Echo is sent Host name, or target IP address (A.B.C.
Command Reference | Layer 3 functions | 203 5 6 192.168.50.1 (192.168.50.1) 7.689 ms 7.527 ms 7.168 ms 192.168.100.1 (192.168.100.1) 33.948 ms 10.413 ms 7.681 ms 7.6 IPv6 address management 7.6.
| Command Reference | Layer 3 functions Up to 8 IPv6 addresses can be configured for the system overall (excepting link local addresses that are automatically assigned). If this command is executed with the "no" syntax, the specified IPv6 address is deleted. If no IPv6 address is specified, all IPv6 addresses (including RA settings) are deleted. [Note] It is not possible to assign an IPv6 address of the same subnet to multiple interfaces. [Example] Specify 2001:db8:1::2 as the IPv6 address for VLAN #1.
Command Reference | Layer 3 functions | 205 SWP2>show ipv6 interface brief Interface IPv6-Address Link-Status vlan1 2001:db8:1::2/64 2001:db8:2::2/64 fe80::2a0:deff:fe:2/64 vlan2 2001:db8:2::2/64 fe80::2a0:deff:fe:2/64 down vlan3 unassigned down Admin-Status up up up up 7.7 IPv6 route control 7.7.
| Command Reference | Layer 3 functions 7.7.2 Show IPv6 Forwarding Information Base [Syntax] show ipv6 route [ipv6_address[/prefix_len]] [Parameter] ipv6_address : X:X::X:X IPv6 address mask : <0-128> IPv6 prefix length (if omitted: 128) [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the IPv6 Forwarding Information Base (FIB). If the IPv6 address is omitted, the entire content of the FIB is shown.
Command Reference | Layer 3 functions | 207 7.7.4 Show summary of the route entries registered in the IPv6 Routing Information Base [Syntax] show ipv6 route summary [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows a summary of the route entries that are registered in the IPv6 Routing Information Base (RIB). [Note] [Example] Show a summary of the IPv6 Routing Information Base.
| Command Reference | Layer 3 functions [Description] Shows the neighbor cache table. [Note] [Example] Show the neighbor cache table. SWP2>show ipv neighbors IPv6 Address 2001:db8:1:0:3538:5dc7:6bc4:1a23 2001:db8:cafe::1 fe80::0211:22ff:fe33:4455 fe80::6477:88ff:fe99:aabb MAC Address 0011.2233.4455 00a0.de80.cafe 0011.2233.4455 6677.8899.aabb Interface vlan1 vlan1 vlan1 vlan1 Type dynamic static dynamic dynamic 7.8.
Command Reference | Layer 3 functions | 209 [Description] Shows the IPv6 packet forwarding settings. [Example] Shows the IPv6 packet forwarding settings. SWP2>show ipv6 forwarding IPv6 forwarding is on 7.10 IPv6 ping 7.10.
| Command Reference | Layer 3 functions 64 bytes from fe80::2a0:deff:fe11:2233: seq=4 ttl=64 time=10.210 ms --- fe80::2a0:deff:fe11:2233%vlan1 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 2.681/7.554/10.210 ms 7.10.
Command Reference | Layer 3 functions | 211 7.11.2 Set DNS server list [Syntax] dns-client name-server server no dns-client name-server server [Parameter] server : A.B.C.D IPv4 addtess of the DNS server : X:X::X:X IPv6 address of the DNS server If you specify an IPv6 link local address, you must also specify the output interface (fe80::X%vlanN format) [Initial value] none [Input mode] global configuration mode [Description] Adds a server to the DNS server list. Up to three servers can be specified.
| Command Reference | Layer 3 functions [Example] Set the default domain name to "example.com". SWP2(config)#dns-client domain-name example.com 7.11.4 Set search domain list [Syntax] dns-client domain-list name no dns-client domain-list name [Parameter] name : Domain name (maximum 255 characters) [Initial value] none [Input mode] global configuration mode [Description] Adds a domain name to the list of domain names used for DNS queries. Up to six domains can be registered in the search domain list.
Command Reference | Layer 3 functions | 213 * - Values assigned by DHCP Client.
| Command Reference | IP multicast control Chapter 8 IP multicast control 8.1 IP multicast basic settings 8.1.
Command Reference | IP multicast control | 215 [Example] Enable IGMP snooping for VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ip igmp snooping enable Disable IGMP snooping for VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ip igmp snooping disable 8.2.
| Command Reference | IP multicast control The multicast router must be connected to the specified LAN/SFP+ port. If an IGMP report is received from the receiver, it is forwarded to the specified LAN/SFP+ port. [Example] Specify LAN port #8 as a connection destination of the multicast router. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ip igmp snooping mrouter interface port1.8 Remove LAN port #8 as a connection destination of the multicast router.
Command Reference | IP multicast control | 217 [Note] This command can be specified only for VLAN interface. Also, this can be specified only if IGMP snooping is enabled. [Example] Set the VLAN #2 query transmission interval to 30 seconds. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ip igmp snooping query-interval 30 Return the VLAN #2 query transmission interval to the default setting.
| Command Reference | IP multicast control IGMP version [Initial value] ip igmp snooping version 3 [Input mode] interface mode [Description] Sets the IGMP version. If this command is executed with the "no" syntax, the IGMP version returns to the default setting (V3). [Note] This command can be specified only for VLAN interface. Also, this can be specified only if IGMP snooping is enabled. If an IGMP packet of a different version than this setting is received, the following action occurs.
Command Reference | IP multicast control | 219 [Parameter] A.B.C.D : Multicast group address ifname : VLAN interface name Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows IGMP group membership information. [Example] Show IGMP group membership information. SWP2#show ip igmp snooping groups IGMP Snooping Group Membership Group source list: (R - Remote, S - Static) Vlan Group/Source Address Interface Reporter Version 1 239.255.255.250 port1.5 192.168.100.
| Command Reference | IP multicast control Number of v2-leaves: 0 Number of v3-reports: 127 Active Ports: port1.5 port1.8 8.2.11 Clear IGMP group membership entries [Syntax] clear ip igmp snooping clear ip igmp snooping group A.B.C.D clear ip igmp snooping interface ifname [Keyword] group : Specifies the multicast group address to be cleared interface : Specifies the VLAN interface to be cleared : Multicast group address [Parameter] A.B.C.
Command Reference | IP multicast control | 221 [Example] Enable MLD snooping for VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ipv6 mld snooping enable Disnable MLD snooping for VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ipv6 mld snooping disable 8.3.
| Command Reference | IP multicast control The multicast router must be connected to the specified LAN/SFP+ port. If an MLD report is received from the receiver, it is forwarded to the specified LAN/SFP+ port. [Example] Specify LAN port #8 as a connection destination of the multicast router. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ipv6 mld snooping mrouter interface port1.8 Remove LAN port #8 as a connection destination of the multicast router.
Command Reference | IP multicast control | 223 [Note] This command can be specified only for VLAN interfaces. Also, this can be specified only if MLD snooping is enabled. [Example] Set the VLAN #2 query transmission interval to 30 seconds. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ipv6 mld snooping query-interval 30 Return the VLAN #2 query transmission interval to the default setting.
| Command Reference | IP multicast control Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the multicast router connection port information that was dynamically learned or statically set. [Example] Show multicast router connection port information for VLAN #2. SWP2#show ipv6 mld snooping mrouter vlan2 VLAN Interface IP-address Expires 2 port1.11(dynamic) fe80::ae44:f2ff:fe30:291 00:01:04 8.3.
Command Reference | IP multicast control | 225 [Parameter] ifname : VLAN interface name Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Show a VLAN interface's MLD-related information. [Example] Show MLD-related information for VLAN #1.
| Command Reference | Traffic control Chapter 9 Traffic control 9.1 ACL 9.1.1 Generate IPv4 access list [Syntax] access-list ipv4-acl-id [seq_num] action protocol src-info [src-port] dst-info [dst-port] [ack] [fin] [psh] [rst] [syn] [urg] no access-list ipv4-acl-id [seq_num] [action protocol src-info [src-port] dst-info [dst-port] [ack] [fin] [psh] [rst] [syn] [urg]] [Keyword] ack : If tcp is specified as the protocol, the ACK flag of the TCP header is specified as a condition.
Command Reference | Traffic control | 227 Setting value src-port : Description A.B.C.D/M Specifies an IPv4 address (A.B.C.D) with subnet mask length (Mbit) host A.B.C.D Specifies a single IPv4 address (A.B.C.D) any Applies to all IPv4 addresses <0-65535> If protocol is specified as tcp or udp, this specifies the transmission source port number <0-65535> that is the condition. This can also be omitted.
| Command Reference | Traffic control SWP2(config)#access-list 1 deny any 192.168.1.0 0.0.0.255 host 172.16.1.1 Delete IPv4 access list #1. SWP2(config)#no access-list 1 9.1.2 Add comment to IPv4 access list [Syntax] access-list ipv4-acl-id description line no access-list ipv4-acl-id description [Parameter] ipv4-acl-id : <1-2000> ID of IPv4 access list to which a comment will be added line : Comment to add.
Command Reference | Traffic control | 229 If the received/transmitted frame matches the conditions in the access list, the action in the access list will be the action (permit, deny) for the corresponding frame. If this command is executed with the "no" syntax, the applied access list is deleted from both LAN/SFP+ port and logical interface. [Note] Only one access list for each direction can be registered for incoming frames (in) and for outgoing frames (out) on the same interface.
| Command Reference | Traffic control To apply the generated access list, use the access-group command of interface mode. If the "no" syntax is used to specify "action" and following, the IPv6 access list that matches all conditions is deleted. If the "no" syntax is used without specifying "action" and following, the IPv6 access list of the matching ID of access list is deleted. [Note] An access list that is applied to LAN/SFP+ port and logical interface cannot be deleted using the "no" syntax.
Command Reference | Traffic control | 231 Setting value Description in Apply to received frames out Apply to transmitted frames [Initial value] none [Input mode] interface mode [Description] Applies an IPv6 access list to both LAN/SFP+ port and logical interface. If the received/transmitted frame matches the conditions in the access list, the action in the access list will be the action (permit, deny) for the corresponding frame.
| Command Reference | Traffic control Setting value dst-info : Description HHHH.HHHH.HHHH WWWW.WWWW.WWWW Specifies the MAC address (HHHH.HHHH.HHHH) with wildcard bits (WWWW.WWWW.WWWW) host HHHH.HHHH.HHHH Specifies an individual MAC address (HHHH.HHHH.HHHH) any Applies to all MAC addresses Specifies the destination MAC address information that is the condition Setting value Description HHHH.HHHH.HHHH WWWW.WWWW.WWWW Specifies the MAC address (HHHH.HHHH.HHHH) with wildcard bits (WWWW.WWWW.
Command Reference | Traffic control | 233 [Initial value] none [Input mode] global configuration mode [Description] Adds a comment (remark) to the already-generated MAC access list. If this is executed with the "no" syntax, the comment is deleted from the MAC access list. [Note] You can use this command to add a comment even after the access list has been applied to LAN/SFP+ port and logical interface. (The last-written comment overwrites the previous one.
| Command Reference | Traffic control 9.1.10 Show generated access list [Syntax] show access-list [acl_id] [Parameter] acl-id : <1-2000>, <2001-3000>, <3001-4000> ID of access list [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the registered access list. If acl-id is omitted, all access lists are shown.
Command Reference | Traffic control | 235 SWP2>show Interface Interface Interface access-group port1.1 : IPv4 access group 1 in port1.7 : IPv6 access group 3002 in port1.8 : MAC access group 2001 in 9.1.
| Command Reference | Traffic control 9.1.15 Set VLAN access map filter [Syntax] vlan filter access-map-name vlan-id [direction] no vlan filter access-map-name vlan-id [direction] [Parameter] access-map-name : Single-byte alphanumeric characters and single-byte symbols(256 characters or less) Access map name specified by the vlan access-map command vlan-id : <1-4094> VLAN ID set to the "enable" status by the vlan command direction : Specifies the direction of applicable frames.
Command Reference | Traffic control | 237 [Example] Show VLAN access map information. SWP2>show vlan access-map Vlan access-map VAM001 match ipv4 access-list 2 9.1.17 Show VLAN access map filter [Syntax] show vlan filter [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Show VLAN access map filter application information. The following items are shown.
| Command Reference | Traffic control SWP2(config)#qos disable 9.2.2 Set default CoS [Syntax] qos cos value no qos cos [Parameter] value : <0-7> Default CoS value [Initial value] qos cos 0 [Input mode] interface mode [Description] Sets the default CoS of LAN/SFP+ port and logical interface. If this is executed with the "no" syntax, the default value (CoS=0) is specified. The default CoS is used if untagged frames are received when the interface's trust mode is set to CoS.
Command Reference | Traffic control | 239 [Description] Specifies the trust mode of LAN/SFP+ port and logical interface. If this is executed with the "no" syntax, the default value (CoS trust mode) is specified. In the case of "CoS" trust mode, the CoS value of incoming frames is used to determine the egress queue. In the case of "DSCP," the DSCP value of incoming frames is used to determine the egress queue.
| Command Reference | Traffic control [Parameter] ifname : Name of the LAN/SFP+ port or logical interface. If this is omitted, the command applies to all ports. Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows QoS settings for the specified interface. The following content is shown.
Command Reference | Traffic control | 241 Port Trust Mode: DSCP Egress Traffic Shaping: Not Configured Queue Scheduling: Queue0 : SP Queue1 : SP Queue2 : SP Queue3 : SP Queue4 : SP Queue5 : SP Queue6 : SP Queue7 : SP DSCP (Queue): 0(2), 8(0), 16(1), 24(3), 32(4), 40(5), 48(6), 56(7), 1(2), 9(0), 17(1), 25(3), 33(4), 41(5), 49(6), 57(7), 2(2), 10(0), 18(1), 26(3), 34(4), 42(5), 50(6), 58(7), 3(2), 11(0), 19(1), 27(3), 35(4), 43(5), 51(6), 59(7), 4(2), 12(0), 20(1), 28(3), 36(4), 44(5), 52(6), 60(7), 5(
| Command Reference | Traffic control CoS value of conversion source queue-id : <0-7> Egress queue ID corresponding to CoS value [Initial value] See [Note] [Input mode] global configuration mode [Description] Specifies the values of the CoS - egress queue ID conversion table that is used to determine the egress queue. If this is executed with the "no" syntax, the egress queue ID for the specified CoS value is returned to the default setting.
Command Reference | Traffic control | 243 The DSCP - egress queue ID conversion table is used when the trust mode is set to DSCP. [Note] In order to execute this command, QoS must be enabled. The following table shows the default settings of the DSCP - egress queue ID conversion table. DSCP value Egress queue 0-7 2 8-15 0 16-23 1 24-31 3 32-39 4 40-47 5 48-55 6 56-63 7 [Example] Assign egress queue #4 to DSCP value "0.
| Command Reference | Traffic control 9.2.10 Specify egress queue of frames transmitted from the switch itself [Syntax] qos queue sent-from-cpu queue-id no qos queue sent-from-cpu [Parameter] queue-id : <0-7> Egress queue ID [Initial value] qos queue sent-from-cpu 7 [Input mode] global configuration mode [Description] Specifies the egress queue for the storage destination of frames sent to each LAN/SFP+ port from the switch itself (CPU).
Command Reference | Traffic control | 245 SWP2(config)#class-map class1 SWP2(config-cmap)# 9.2.12 Associate class map [Syntax] class name no class name [Parameter] name : Class map name [Input mode] policy map mode [Description] Associates a class map to a policy map. When the class map association succeeds, move to policy map class mode. In policy map class mode, you can make the following settings for each traffic class.
| Command Reference | Traffic control IPv4 access list ID : <2001 - 3000> MAC access list ID : <3001 - 4000> IPv6 access list ID [Input mode] class map mode [Description] Uses the access list as the conditions to classify the traffic class. If the received frame matches the conditions in the access list, the action in the access list will be the action (permit, deny) for the traffic class. If this is executed with the "no" syntax, the condition settings of the access list are deleted.
Command Reference | Traffic control | 247 [Input mode] class map mode [Description] Uses the value of the IP header's TOS precedence field as a condition to classify the traffic class. If this is executed with the "no" syntax, the classification conditions using TOS precedence are deleted. The setting can be repeated up to the maximum number (eight) of registrations. [Note] In order to execute this command, QoS must be enabled.
| Command Reference | Traffic control Setting value Description 0xXXXX Hexadecimal expression of type value any All frame [Input mode] class map mode [Description] Uses the Ethernet frame's type value and the presence of a VLAN tag as the conditions to classify the traffic class. If this command is executed with the "no" syntax, deletes conditional settings based on the Ethernet frame's type value and the presence of a VLAN tag.
Command Reference | Traffic control | 249 Ending VLAN ID value used as classification condition. The range from the specified starting value to the ending value can be a maximum of 30. [Input mode] class map mode [Description] Uses the VLAN ID as the condition to classify the traffic class. To delete the classification condition, use the no match vlan command. This can be used in conjunction with the setting of the match vlan command.
| Command Reference | Traffic control 9.2.21 Generate policy map for received frames [Syntax] policy-map name no policy-map name [Parameter] name : Name of policy map (maximum 32 characters; uppercase and lowercase are distinguished) [Input mode] global configuration mode [Description] Generates a policy map. The policy map combines the following processing for received frames, for each traffic class.
Command Reference | Traffic control | 251 [Description] Applies the policy map to the corresponding LAN/SFP+ port and logical interface. If this is executed with the "no" syntax, the policy map is deleted from the LAN/SFP+ port and logical interface. [Note] In order to execute this command, QoS must be enabled. If a policy map has already been applied to the LAN/SFP+ port and logical interface, an error occurs.
| Command Reference | Traffic control Pre-marking cannot be used in conjunction with the set egress queue function. [Example] Make the following settings for received frames of LAN port #1 • Permit traffic from the 10.1.0.0 network • Change the classified traffic class to the CoS value "2" [Traffic class definition] SWP2(config)#access-list 1 permit any 10.1.0.0 0.0.255.
Command Reference | Traffic control | 253 9.2.25 Set pre-marking (DSCP) [Syntax] set ip-dscp value no set dscp [Parameter] value : <0 - 63> DSCP value specified by pre-marking [Input mode] policy map class mode [Description] Changes the DSCP value of the classified traffic class to the specified DSCP value. In addition, reassign the egress queue according to the egress queue ID table that corresponds to the trust mode.
| Command Reference | Traffic control [Parameter] CIR : <1 - 102300000> Traffic rate (kbps) CBS : <11 - 2097120> Burst size of conformant token bucket (kbyte) EBS : <11 - 2097120> Burst size of excess token bucket (kbyte) action : Operation for packets categorized by bandwidth class Setting value Operation transmit Forward drop Discard remark Remarking (CoS/TOS/DSCP) [Input mode] policy map class mode [Description] Specifies individual policers (single rate) for the categorized traffi
Command Reference | Traffic control | 255 9.2.27 Set individual policers (twin rate) [Syntax] police twin-rate CIR PIR CBS PBS yellow-action action red-action action no police [Keyword] twin-rate : Use twin rate policers : <1 - 102300000> [Parameter] CIR Traffic rate (kbps) PIR : <1 - 102300000> Peak traffic rate (kbps). A value less than CIR cannot be specified.
| Command Reference | Traffic control SWP2(config-cmap)#match access-group 1 SWP2(config-cmap)#exit [Policy settings] SWP2(config)#policy-map policy1 SWP2(config-pmap)#class class1 SWP2(config-pmap-c)#police twin-rate 48 96 12 12 yellow-action remark red-action drop SWP2(config-pmap-c)#remark-map yellow ip-dscp 10 SWP2(config-pmap-c)#exit SWP2(config-pmap)#exit SWP2(config)#interface port1.1 SWP2(config-if)#service-policy input policy1 9.2.
Command Reference | Traffic control | 257 PHB DSCP value RFC Class Selector 0, 8, 16, 24, 32, 40, 48, 56 2474 Assured Forwarding 10, 12, 14, 18, 20, 22, 26, 28, 30, 34, 36, 2597 38 Expedited Forwarding(EF) 46 2598 [Example] Make the following settings for received frames of LAN port #1@ • Permit traffic from the 10.1.0.
| Command Reference | Traffic control 9.2.
Command Reference | Traffic control | 259 no police [Keyword] twin-rate : Use twin rate policers : <1 - 102300000> [Parameter] CIR Traffic rate (kbps) PIR : <1 - 102300000> Peak traffic rate (kbps). A value less than CIR cannot be specified.
| Command Reference | Traffic control [Parameter] color : Bandwidth class to remark Setting value type : Description yellow Make remarking settings for bandwidth class Yellow red Make remarking settings for bandwidth class Red Type of remarking Setting value value : Description cos CoS remarking ip-precedence TOS precedence remarking ip-dscp DSCP remarking <0 - 7> CoS or TOS precedence remarking value : <0 - 63> DSCP remarking value [Input mode] aggregate policer mode [Description
Command Reference | Traffic control | 261 9.2.33 Show aggregate policers [Syntax] show aggregate-police [name] [Parameter] name : Aggregate policer name. If this is omitted, the command applies to all aggregate policers. [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the contents of an aggregate policer. The contents shown are the same as in the police section shown by the show classmap command. [Note] In order to execute this command, QoS must be enabled.
| Command Reference | Traffic control SWP2(config)#policy-map policy1 SWP2(config-pmap)#class class1 SWP2(config-pmap-c)#police-aggregate AGP-01 SWP2(config-pmap-c)#exit SWP2(config-pmap)#class class2 SWP2(config-pmap-c)#police-aggregate AGP-01 SWP2(config-pmap-c)#exit SWP2(config-pmap)#exit SWP2(config)#interface port1.1 SWP2(config-if)#service-policy input policy1 9.2.
Command Reference | Traffic control | 263 [Input mode] priviledged EXEC mode [Description] Clears the metering totals for all policers (individual policers / aggregate policers) on the specified LAN/SFP+ port or logical interface. [Note] In order to execute this command, QoS must be enabled. [Example] Clear the metering totals for LAN port #1. SWP2#clear qos metering-counter port1.1 9.2.
| Command Reference | Traffic control [Parameter] value : <0 - 63> DSCP value corresponding to egress queue [Input mode] policy map class mode [Description] Assigns an egress queue to the classified traffic class. Use the DSCP value to specify the egress queue; the egress queue that is assigned is based on the "DSCP-egress queue ID conversion table." If this is executed with the "no" syntax, the specification of egress queue based on traffic class is removed.
Command Reference | Traffic control | 265 Item Description - Match ethertype (Ethernet Type) - Match vlan (VLAN ID) - Match vlan-range (VLAN ID) - Match CoS (CoS value) - Match IP precedence (TOS precedence) - Match IP DSCP (DSCP value) Set Pre-marking setting, egress queue setting - Set CoS (Pre-marking setting : CoS value) - Set IP precedence (Pre-marking setting : TOS precedence) - Set IP DSCP (Pre-marking setting : DSCP value) - Set CoS-Queue (Specify egress queue : CoS - Set IP-DSCP-Queue (Specify e
| Command Reference | Traffic control average rate (48 Kbits/sec) burst size (12 KBytes) excess burst size (12 KBytes) yellow-action (Remark [DSCP:10]) red-action (Drop) 9.2.40 Show map status [Syntax] show qos map-status type [name] [Parameter] type : Type of map to show Setting value name : Description policy Show policy map status information class Show class map status information The name of the policy map (or class map) to show.
Command Reference | Traffic control | 267 SWP2#show qos map-status class class1 class1 status policy-map association : policy1 (Detached) edit/erase : Disable attach limitation CoS trust mode : Enable DSCP trust mode : Enable Port-Priority trust mode : Disable 9.2.
| Command Reference | Traffic control [Parameter] CIR : <18-1000000> Traffic rate (kbps). Since rounding occurs, the value actually applied to the input value might be less (see [Note]) BC : <4-16000> Burst size (kbyte). Specified in 4-kbyte units. [Initial value] no traffic-shape rate [Input mode] interface mode [Description] Specifies shaping for the port. If this is executed with the "no" syntax, the port shaping setting is disabled. [Note] In order to execute this command, QoS must be enabled.
Command Reference | Traffic control | 269 [Description] Specifies shaping for the egress queue of the port. If this is executed with the "no" syntax, the egress queue shaping setting is disabled. [Note] In order to execute this command, QoS must be enabled. Since rounding occurs on the traffic rate, the value actually applied to the input value might be less. Input value Traffic rate granularity (kbps) 18 - 23476 17.
| Command Reference | Traffic control [Parameter] type : Flow control operation Setting value Description auto Enable flow control auto negotiation both Enable transmission/reception of Pause frames disable Disable flow control [Initial value] flowcontrol disable [Input mode] interface mode [Description] Enables flow control for the LAN/SFP+ port (IEEE 802.3x PAUSE frames send/receive). If this command is executed with the "no" syntax, flow control is disabled.
Command Reference | Traffic control | 271 --------port1.1 ----------Both ------- ------4337 0 Show flow control information for all ports. SWP2#show flowcontrol System flow-control: Enable Port FlowControl ------------------port1.1 Both port1.2 Disable port1.3 Both port1.4 Disable port1.5 Disable port1.6 Disable port1.7 Disable port1.8 Disable RxPause TxPause ------- ------4337 0 0 1732 - 9.4 Storm control 9.4.1 Set storm control [Syntax] storm-control type [type..
| Command Reference | Traffic control Interface to show [Initial value] none [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the upper limit value for frame reception. If the interface name is omitted, all interfaces are shown. [Example] Show the setting status of all interfaces. SWP2#show storm-control Port BcastLevel McastLevel port1.1 30.00% 30.00% port1.2 20.00% 20.00% port1.3 100.00% 100.00% port1.4 100.00% 100.00% port1.5 50.00% 50.00% port1.6 100.00% 100.00% port1.
Command Reference | Application | 273 Chapter 10 Application 10.1 Local RADIUS server 10.1.
| Command Reference | Application 10.1.3 Generate a route certificate authority [Syntax] crypto pki generate ca [ca-name] no crypto pki generate ca [Parameter] ca-name : Certificate authority name Characters that can be inputted for the certificate authority name • Within 3–32 characters • Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces • Cannot specify “DEFAULT” [Initial value] none [Input mode] global configuration mode [Description] Generates a route
Command Reference | Application | 275 Setting value Description pap PAP authentication method peap PEAP authentication method eap-md5 EAP-MD5 authentication method eap-tls EAP-TLS authentication method eap-ttls EAP-TTLS authentication method [Initial value] authentication pap peap eap-md5 eap-tls eap-ttls [Input mode] RADIUS configuration mode [Description] Specifies the authentication method used for the local RADIUS server.
| Command Reference | Application [Input mode] RADIUS configuration mode [Description] Adds a RADIUS client (NAS) to the RADIUS client list. The maximum number of registered entries is 100. If this command is executed with the "no" syntax, the specified RADIUS client setting is deleted. [Note] RADIUS client (NAS) information configured using this command will not display in running-config or startup-config.
Command Reference | Application | 277 mac-address : hhhh.hhhh.hhhh (h is hexadecimal) MAC address for terminal (user) to authenticate ssid : SSID connection point (32 characters or less, single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces ) name : User name (32 characters or less, single-byte alphanumeric characters and symbols other than the characters " ? and spaces mail-address : Mail address (256 characters or less, single-byte alphanumeric character
| Command Reference | Application 10.1.8 Reauthentication interval setting [Syntax] reauth interval time no reauth interval [Parameter] time : <3600,43200,86400,604800> Reauthentication interval (no. of seconds) [Initial value] reauth interval 3600 [Input mode] RADIUS configuration mode [Description] Sets the reauthentication interval that is notified to the RADIUS client (NAS). The RADIUS client (NAS) determines whether the reauthentication interval will be used.
Command Reference | Application | 279 Authentication method Characters that can be inputted EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric characters and symbols other than the characters \ [ ] / : * | < > " ? and spaces [Input mode] priviledged EXEC mode [Description] This issues client certificates to users for which the EAP-TLS certification method is specified.
| Command Reference | Application 10.1.
Command Reference | Application | 281 Authentication method Characters that can be inputted: EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric characters and symbols other than the characters \ [ ] / : * | < > " ? and spaces [Input mode] priviledged EXEC mode [Description] Sends client certificates to each user via e-mail attachment.
| Command Reference | Application 10.1.15 Show authenticated user information [Syntax] show radius-server local user [detail userid] [Keyword] detail : Show detailed information for the specified user : User ID [Parameter] userid (within 3–32 characters; cannot specify “DEFAULT”) Authentication method Characters that can be inputted EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric char
Command Reference | Application | 283 Issuance status Contents done Client certificate issuance completed, or not issued processing Now issuing client certificate aborted Issuance of client certificate aborted by executing “certificate abort” or other command [Example] Shows the issuance status for client certificates. SWP2#show radius-server local certificate status certificate process: done. 10.1.
| Command Reference | Application Reason for revocation Contents revoked Manual revocation expired Revocation due to expired term of validity [Example] Displays the list of revoked client certificates.
Command Reference | Index | 285 Index A aaa authentication auth-mac 138 aaa authentication auth-web 138 aaa authentication dot1x 137 access-group (IPv4) 228 access-group (IPv6) 230 access-group (MAC) 233 access-list (IPv4) 226 access-list (IPv6) 229 access-list (MAC) 231 access-list description (IPv4) 228 access-list description (IPv6) 230 access-list description (MAC) 232 action 109 aggregate-police 257 arp 200 arp-ageing-timeout 200 auth clear-state time (global configuration mode) 153 auth clear-state t
| Command Reference | Index ip igmp snooping 214 ip igmp snooping check ttl 217 ip igmp snooping fast-leave 215 ip igmp snooping mrouter interface 215 ip igmp snooping querier 216 ip igmp snooping query-interval 216 ip igmp snooping version 217 ip route 197 ipv6 203 ipv6 address 203 ipv6 address autoconfig 204 ipv6 forwarding 208 ipv6 mld snooping 220 ipv6 mld snooping fast-leave 221 ipv6 mld snooping mrouter interface 221 ipv6 mld snooping querier 222 ipv6 mld snooping query-interval 222 ipv6 mld snoop
Command Reference | Index | 287 rmon clear counters 67 rmon event 62 rmon history 61 rmon statistics 60 S save 34 save logging 51 schedule 107 schedule template 109 send from 85 send notify wait-time 86 send server 85 send subject 86 send to 85 service terminal-length 48 service-policy 250 set cos 251 set cos-queue 263 set ip-dscp 253 set ip-dscp-queue 263 set ip-precedence 252 set lldp 91 set management-address-tlv 92 set msg-tx-hold 95 set timer msg-fast-tx 94 set timer msg-tx-interval 94 set timer reini
| Command Reference | Index show vlan 172 show vlan access-map 236 show vlan filter 237 show vlan multiple-vlan 174 show vlan private-vlan 173 shutdown 114 snapshot delete 104 snapshot enable 103 snapshot save 104 snapshot trap terminal 103 snmp-server community 55 snmp-server contact 54 snmp-server enable trap 53 snmp-server group 56 snmp-server host 52 snmp-server location 54 snmp-server user 57 snmp-server view 55 spanning-tree 176 spanning-tree bpdu-filter 177 spanning-tree bpdu-guard 178 spanning-t
