Yamaha L2 Switch SWP2 series (SWP2-10SMF, SWP2-10MMF) Command Reference Rev.2.03.
| Command Reference | TOC Contents Preface: Introduction ............................................................................................12 Chapter 1: How to read the command reference ...............................................13 1.1 Applicable firmware revision .....................................................................................................................13 1.2 How to read the command reference .......................................................................
Command Reference | TOC | 3 4.3.5 Show startup configuration ..........................................................................................................36 4.3.6 Show backup configuration .........................................................................................................36 4.3.7 Erase startup configuration ..........................................................................................................37 4.3.8 Erase backup of certain functions ...................
| Command Reference | TOC 4.11.1 Set RMON function ...................................................................................................................58 4.11.2 Set RMON Ethernet statistical information group ....................................................................59 4.11.3 Set RMON history group ...........................................................................................................59 4.11.4 Set RMON event group ...............................................
Command Reference | TOC | 5 4.18.8 Setting for subject used when sending e-mails ..........................................................................84 4.18.9 Wait time settings for e-mail transmission ................................................................................85 4.18.10 E-mail settings when sending certificates ...............................................................................85 4.18.11 E-mail settings for certificate notification ....................................
| Command Reference | TOC 5.1 Interface basic settings .............................................................................................................................109 5.1.1 Set description ...........................................................................................................................109 5.1.2 Shutdown ...................................................................................................................................109 5.1.
Command Reference | TOC | 7 5.3.22 Set time of RADIUS server usage prevention .........................................................................142 5.3.23 Set NAS-Identifier attribute sent to RADIUS server ..............................................................142 5.3.24 Show port authentication information .....................................................................................143 5.3.25 Show supplicant information .................................................................
| Command Reference | TOC 6.3.3 Set maximum aging time ...........................................................................................................169 6.3.4 Set bridge priority ......................................................................................................................169 6.3.5 Set spanning tree for an interface ..............................................................................................170 6.3.6 Set spanning tree link type .......................
Command Reference | TOC | 9 7.5.2 Check IPv4 route .......................................................................................................................196 7.6 IPv6 address management ........................................................................................................................196 7.6.1 Set IPv6 .....................................................................................................................................196 7.6.2 Set IPv6 address ...........
| Command Reference | TOC 8.3.10 Clear MLD group membership entries Chapter 9: Traffic control ....................................................................................218 ..................................................................................219 9.1 ACL ..........................................................................................................................................................219 9.1.1 Generate IPv4 access list ......................................
Command Reference | TOC | 11 9.2.32 Set remarking of aggregate policers ........................................................................................252 9.2.33 Show aggregate policers ..........................................................................................................254 9.2.34 Apply aggregate policer ..........................................................................................................254 9.2.35 Show metering counters ....................................
| Command Reference | Introduction Preface Introduction • • • • • • Unauthorized reproduction of this document in part or in whole is prohibited. The contents of this document are subject to change without notice. Yamaha disclaims all responsibility for any damages caused by loss of data or other problems resulting from the use of this product. The warranty is limited to this physical product itself. Please be aware of these points.
Command Reference | How to read the command reference | 13 Chapter 1 How to read the command reference 1.1 Applicable firmware revision This command reference applies to firmware Yamaha L2 Switch SWP2 of Rev.2.03.09. For the latest firmware released after printing of this command reference, manuals, and items that differ, access the following URL and see the information in the WWW server. https://www.yamaha.com/proaudio/ 1.
| Command Reference | How to read the command reference 1.4 Input syntax for commands starting with the word "no" Many commands also have a form in which the command input syntax starts with the word no. If you use a syntax that with begins with the word no, the settings of that command are deleted and returned to the default value, unless explained otherwise.
Command Reference | How to use the commands | 15 Chapter 2 How to use the commands The SWP2 lets you perform command operations in the following two ways. Type of operation Method of operation Description Operation via console • • • Access from a console terminal Access from a TELNET client Access from a SSH client Issue commands one by one to interactively make settings or perform operations.
| Command Reference | How to use the commands 2.1.3 Access from an SSH client You can use an SSH client on a computer to connect to the SSH server of the SWP2 and control it. In order to make settings using SSH, you must first set up a connection environment (IP network) and then make SSH server settings. The IP address settings of the SWP2 are as follows. • • The default IPv4 address setting is ip address dhcp for VLAN #1. To change the IPv4 address, use the ip address command.
Command Reference | How to use the commands | 17 Setting item Content of setting who is using the terminal, and is applied as soon as the command is executed. Setting 2) applies starting with the next session. 2.2 Operation via configuration (config) files A file containing a set of needed commands is called a configuration (config) file. The settings that have been made on the SWP2 can be read as a configuration file by a host on the LAN via TFTP.
| Command Reference | How to use the commands Applicable configuration startup-config (USER mode) Applicable file Remote path Load (GET) Save (PUT) Automatic restart CONFIG file (.txt) reconfig - ✓ ✓ All settings (.zip) - ✓ ✓ reconfig-all When applying (PUT) a CONFIG file, confirm that the target CONFIG and the type of the target file are correct. If an incorrect file is specified, it cannot be reflected correctly. The command syntax used depends on the OS of that host (TFTP client).
Command Reference | How to use the commands | 19 The basic commands related to moving between command input modes are described below. For commands that move from global configuration mode mode to individual configuration mode, refer to "individual configuration mode." • exit command • logout command • enable command • disable command • configure terminal command • end command 2.4.
| Command Reference | How to use the commands individual configuration mode Transition command Prompt LLDP agent mode lldp-agent command SWP2(lldp-agent)# E-mail template mode mail template command SWP2(config-mail)# RADIUS configuration mode radius-server local-profile command SWP2(config-radius)# 2.4.3 Command prompt prefix he command prompt prefix indicates the host name. In the default state, the host name is the model name "SWP2".
Command Reference | How to use the commands | 21 Keyboard operation • Description and notes Ctrl + K Delete from the cursor position until the end of the line Ctrl + U Delete all characters that are being entered Other Keyboard operation Description and notes Ctrl + T Exchange the character at the cursor position with the preceding character. If the cursor is at the end of the line, exchange the preceding character with the character that precedes it.
| Command Reference | How to use the commands Keyboard operation ↑ Ctrl + P ↓ Ctrl + N Description and notes Move backward through command history Move forward through command history 2.6 Commands that start with the word "show" 2.6.1 Modifiers Modifiers send the information produced by the show command through a filter, restricting the content that is shown in the screen and making it easier for you to see the desired information. The SWP2 provides the following three modifiers for the show command.
Command Reference | Configuration | 23 Chapter 3 Configuration 3.1 Manage setting values The SWP2 uses the following configurations to manage its settings. Description User operations that can be performed Running configuration (running-config) Setting values currently used for operation. Managed in RAM. Note Save to startup configuration (in USER mode) Save some functions to backup configuration (in DANTE mode) Startup configuration (startup-config) In USER mode, setting values saved in Flash ROM.
| Command Reference | Configuration Setting position #2 #3 VLAN preset type Down (ON) Up (OFF) A Up (OFF) Down (ON) B Down (ON) Down (ON) C The common setting values and presets are shown first, and then the specific to the presets setting values are shown.
Command Reference | Configuration | 25 Category DNS cliant Traffic control Web GUI • Common setting L2MS L2 switching Traffic control • Default value Spanning tree enabled Proprietary loop detection enabled Behavior enabled QoS enabled QoS DSCP - transmission queue ID conversion table DSCP: 8 → transmission queue: 2 Other than above → transmission queue: 0 Flow control (IEEE 802.
| Command Reference | Configuration • • • • • • Interface L2MS Filter LAG(Static) Port Mode VLAN STP port1.
Command Reference | Configuration | 27 • • • Interface L2MS Filter LAG(static) Port Mode VLAN STP port1.3 Disable - Access 1(default) - port1.4 Disable - Access 1(default) - port1.5 Disable - Access 2 - port1.6 Disable - Access 2 - port1.7 Disable - Access 1(default) - port1.8 Disable - Access 2 - port1.9 Disable port1.10 Disable sa1 Trunk 1(native), 2 ✓ port1.11 Disable port1.
| Command Reference | Configuration • Check TTL : Disable
Command Reference | Maintenance and operation functions | 29 Chapter 4 Maintenance and operation functions 4.1 Passwords 4.1.
| Command Reference | Maintenance and operation functions [Description] Specifies the administrator password needed to enter priviledged EXEC mode. If this command is executed with the "no" syntax, the administrator password is deleted. [Note] If the password was encrypted by the password-encryption command, it is shown in the configuration in the form "enable password 8 password." The user cannot enter the password in this form when making configuration settings from the command line.
Command Reference | Maintenance and operation functions | 31 [Parameter] switch : Allow login by special password Setting value Description enable Allow disable Don't allow [Initial value] force-password enable [Input mode] global configuration mode [Description] Enable login with special password.
| Command Reference | Maintenance and operation functions Single-type alphanumeric characters and " and ' and | and ? and single-byte symbols other than space characters (32characters or less) The first character must be a single-byte alphanumeric character [Initial value] none [Input mode] global configuration mode [Description] Sets user information. A maximum of 32 items of user information can be registered. The following words cannot be registered as user names.
Command Reference | Maintenance and operation functions | 33 Line Own User Status Login time IP address --------------------------------------------------------------------------------------------con 0 user1234 Login 02:15:23 vty 0 * operators1 Login 00:12:59 192.168.100.1 vty 1 abcdefghijklmnopqrstuvwxyzabcdef Login 00:00:50 192.168.100.24 vty 2 Login 00:00:21 192.168.100.10 vty 3 vty 4 vty 5 vty 6 vty 7 http 0 user1234 Login 01:12:25 192.168.100.4 http 1 (noname) Login 00:18:04 192.168.100.
| Command Reference | Maintenance and operation functions SWP2> 4.3 Configuration management 4.3.1 Save running configuration [Syntax] copy running-config startup-config [Input mode] priviledged EXEC mode [Description] Saves the current operating settings (running configuration) as the settings for startup (startup configuration). [Note] The save-destination startup configuration is determined by the unit's DIP switch #1 at the time that the unit is started.
Command Reference | Maintenance and operation functions | 35 • • • • • • Settings related to firmware updating Settings related to SYSLOG Settings related to HTTP server functions Settings related to Telnet server functions Settings related to SSH server functions Settings related to TFTP server functions Saves the settings of certain functions to the backup configuration. If a backup configuration exists when the SWP2 starts in DANTE mode, those settings are restored to the running configuration.
| Command Reference | Maintenance and operation functions interface port1.1 switchport ... ! line con 0 line vty 0 7 ! end SWP2# 4.3.5 Show startup configuration [Syntax] show startup-config [Input mode] priviledged EXEC mode [Description] Shows the startup settings (startup configuration). [Note] The startup configuration that is shown is determined by the unit's DIP switch #1 at the time that the unit is started. [Example] Shows the startup settings (startup configuration) at next startup.
Command Reference | Maintenance and operation functions | 37 interface vlan1 ip address dhcp ! interface vlan2 ! http-server enable http-server language english ! telnet-server enable ! end SWP2# 4.3.7 Erase startup configuration [Syntax] erase startup-config [Input mode] priviledged EXEC mode [Description] Erase the settings used at startup (startup config) and the information associated with them.
| Command Reference | Maintenance and operation functions [Parameter] num : <0-4> Shows the boot history entry of the specified number [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Show the boot information. [Note] This history is cleared when you execute the cold start command or the clear boot list command. [Example] Show the current boot information. SWP2>show boot Running EXEC: SWP2 Rev.2.03.01 (Fri Sep Previous EXEC: SWP2 Rev.2.03.
Command Reference | Maintenance and operation functions | 39 Item Description VID Version ID, 0 if invalid SN Serial number [Example] Show inventory information. SWP2>show inventory NAME : L2 switch DESCR : SWP2 Vendor: Yamaha PID : SWP2 VID : 0000 SN : SMF00000 NAME : DESCR : Vendor: PID : VID : SN : SFP1 10G Base-LR Yamaha YSFP-10G-LR V1.0 Z5H00000YJ NAME : DESCR : Vendor: PID : VID : SN : SFP2 10G Base-LR Yamaha YSFP-10G-LR V1.0 Z5H00001YJ SWP2> 4.5.
| Command Reference | Maintenance and operation functions Configration mode: DANTE VLAN preset: Normal Serial Baudrate: 9600 Boot time: 2018/10/01 06:14:46 +00:00 Current time: 2018/10/01 06:49:23 +00:00 Elapsed time from boot: 0days 00:34:41 SWP2> 4.5.3 Disk usage status [Syntax] show disk-usage [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the usage status of the disk used by the system.
Command Reference | Maintenance and operation functions | 41 • • • • • • • • • • • • • • • • • • • • • • • • • • • • • show interface show frame-counter show vlan brief show spanning-tree mst detail show etherchannel status detail show loop-detect show mac-address-table show l2ms detail show qos queue-counters show ddm status show errdisable show auth status show auth supplicant show error port-led show ip interface brief show ipv6 interface brief show ip route show ip route database show ipv6 route show i
| Command Reference | Maintenance and operation functions month : <1-12> or Jan, Feb, Mar, ... , Dec Month or name of month day : <1-31> Day year : Year (four digits) [Input mode] priviledged EXEC mode [Description] Set the system time. [Example] Set the time to 0 hours 0 minutes 0 seconds on January 1, 2015. SWP2#clock set 00:00:00 Jan 1 2015 4.6.
Command Reference | Maintenance and operation functions | 43 SWP2>show clock Thu Jan 1 00:00:00 JST 2015 4.6.
| Command Reference | Maintenance and operation functions [Description] Attempts to obtain time information from the registered NTP server. This is performed only once when this command is executed. [Example] Obtain time information from the NTP server. SWP2#ntpdate oneshot 4.6.6 Synchronize time from NTP server (update interval) [Syntax] ntpdate interval interval-time no ntpdate interval [Parameter] interval-time : <0-24> Interval (hours) for time synchronization.
Command Reference | Maintenance and operation functions | 45 adjust time : Thu Jan 1 09:00:00 2015 sync server : ntp.nict.jp 4.7 Terminal settings 4.7.1 Move to line mode (console terminal) [Syntax] line con port [Parameter] port : 0 Serial console port number [Initial value] line con 0 [Input mode] global configuration mode [Description] Moves to line mode in order to make console terminal settings. [Note] To return from line mode to global configuration mode, use the exit command.
| Command Reference | Maintenance and operation functions SWP2(config)#line vty 0 SWP2(config-line)# 4.7.3 Set terminal login timeout [Syntax] exec-timeout min [sec] no exec-timeout [Parameter] min : <0-35791> Timeout time (minutes) sec : <0-2147483> Timeout time (seconds) [Initial value] exec-timeout 10 [Input mode] line mode [Description] Sets the time after which automatic logout occurs if there has been no key input from the console terminal or VTY. If sec is omitted, 0 is specified.
Command Reference | Maintenance and operation functions | 47 SWP2>terminal length 100 SWP2> 4.7.5 Set the number of lines displayed per page on the terminal [Syntax] service terminal-length line no service terminal-length [Parameter] line : <0-512> Number of lines displayed per page on the terminal [Initial value] no service terminal-length [Input mode] global configuration mode [Description] Sets the number of lines displayed per page on the terminal.
| Command Reference | Maintenance and operation functions 4.9 SYSLOG 4.9.1 Set log notification destination (SYSLOG server) [Syntax] logging host host no logging host host [Parameter] host : A.B.C.
Command Reference | Maintenance and operation functions | 49 4.9.3 Set log output level (informational) [Syntax] logging trap informational no logging trap informational [Initial value] logging trap informational [Input mode] global configuration mode [Description] Outputs the informational level log to SYSLOG. If this command is executed with the "no" syntax, the log is not output. [Note] This can be output to the console by executing the logging stdout info command.
| Command Reference | Maintenance and operation functions 4.9.6 Back up log [Syntax] save logging [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Saves all logs accumulated in RAM to Flash ROM. Logs are accumulated in RAM, and are periodically backed up automatically to Flash ROM, but you can use this command to back up this data manually. [Example] Back up the log. SWP2#save logging 4.9.
Command Reference | Maintenance and operation functions | 51 4.10 SNMP 4.10.
| Command Reference | Maintenance and operation functions If this command is executed with the "no" syntax, the specified destination hosts are deleted. [Note] Note that if this is specified as an IPv6 link local address, and you add a setting that specifies a different transmitting interface for the same address, the combination of address and transmitting interface is considered to have changed, and all settings of the old combination are deleted.
Command Reference | Maintenance and operation functions | 53 [Example] Enable coldstart trap. SWP2(config)#snmp-server enable trap coldstart Disable traps. SWP2(config)#no snmp-server enable trap 4.10.3 Set system contact [Syntax] snmp-server contact contact no snmp-server contact [Parameter] contact : Name (maximum 255 characters) to register as the system contact [Initial value] no snmp-server contact [Input mode] global configuration mode [Description] Sets the MIB variable sysContact.
| Command Reference | Maintenance and operation functions no snmp-server community community [Parameter] community : Community name (maximum 32 characters) ro_rw : Access restriction Setting value Description ro Read only rw Write allowed [Initial value] none [Input mode] global configuration mode [Description] Sets the SNMP community. Up to 16 communities can be registered. If this is executed with the "no" syntax, the specified community is deleted.
Command Reference | Maintenance and operation functions | 55 The combination of the oid parameter and the type parameter indicates whether the MIB sub-tree following the specified object ID is or is not subject to management. Taking the oid parameter and the type parameter together as one entry, you can specify multiple entries for each MIB view, up to a maximum of 8.
| Command Reference | Maintenance and operation functions Create the user group "users," and grant users belonging to the "users" group read access rights to the "standard" view. SWP2(config)#snmp-server group users auth read standard 4.10.
Command Reference | Maintenance and operation functions | 57 Create "user1" as a user. According to the specified group and the security level prescribed for that group, specify the protocol (SHA) and password (passwd5678) used for authentication and encryption. SWP2(config)#snmp-server user user1 users auth sha passwd5678 4.10.9 Show SNMP community information [Syntax] show snmp community [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows SNMP community information.
| Command Reference | Maintenance and operation functions SWP2#show snmp group SNMP Group information Group Name: admins Security Level: priv Read View: most Write View: most Group Name: users Security Level: auth Read View: standard Write View: standard 4.10.12 Show SNMP user settings [Syntax] show snmp user [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the contents of the SNMP user settings.
Command Reference | Maintenance and operation functions | 59 [Note] If this command is used to disable the system-wide RMON function, the following RMON group operations are disabled. • Ethernet statistical information group • History group • Alarm group • Event group This command can be set using the private MIB ysrmonSetting (1.3.6.1.4.1.1182.3.7.1). [Example] Enable RMON function. SWP2(config)#rmon enable Disable RMON function. SWP2(config)#rmon disable 4.11.
| Command Reference | Maintenance and operation functions [Parameter] index : <1 - 65535> Index of history group (historyControlIndex) buckets : <1 - 65535> Number of history group items to maintain (historyControlBucketsRequested) (if omitted : 50) interval : <1 - 3600> Interval at which to save history group items (seconds) (historyControlInterval) (if omitted : 1800) owner : Name of history group owner (historyControlOwner) Maximum 127 characters (if omitted : RMON_SNMP) [Initial value] no
Command Reference | Maintenance and operation functions | 61 community : Community name (eventCommunity) Maximum 127 characters This can be specified if type is "trap" or "log-trap". description : Description of event (eventDescription) Maximum 127 characters (if omitted : RMON_SNMP) owner : Name of event group owner (eventOwner) Maximum 127 characters (if omitted : RMON_SNMP) [Initial value] none [Input mode] global configuration mode [Description] Enables the RMON event group settings.
| Command Reference | Maintenance and operation functions Setting value Description absolute Compare by absolute value. Directly compare sample value and threshold value delta Compare by relative value.
Command Reference | Maintenance and operation functions | 63 • • Use only rising_threshold • falling_threshold : Same value as rising_threshold • falling_event_index : Same value as rising_event_index • startup : 1 (Use only upper_threshold) Use only falling_threshold • rising_threshold : Same value as falling_threshold • rising_event_index : Same value as falling_event_index • startup : 2 (Use only lower_threshold) If this command is set, it will be possible to acquire the RMON MIB's alarmTable.
| Command Reference | Maintenance and operation functions input packets 7, bytes 600, drop events 0, multicast packets 4 output packets 17, bytes 2091, multicast packets 17 broadcast packets 0 history: history index = 1 data source ifindex = 5001 buckets requested = 50 buckets granted = 50 Interval = 1800 Owner RMON_SNMP event: event Index = 1 Description RMON_SNMP Event type Log Event community name RMON_SNMP Last Time Sent = 00:00:58 Owner RMON_SNMP alarm: alarm Index = 1 alarm status = VALID alarm Int
Command Reference | Maintenance and operation functions | 65 • • Interval at which to save history group items Owner name [Example] SWP2>show rmon history history index = 1 data source ifindex = 5001 buckets requested = 50 buckets granted = 50 Interval = 1800 Owner RMON_SNMP 4.11.9 Show RMON event group status [Syntax] show rmon event [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the settings and status of the RMON event group. The following items are shown.
| Command Reference | Maintenance and operation functions [Example] SWP2>show rmon alarm alarm Index = 1 alarm status = VALID alarm Interval = 15 alarm Type is Absolute alarm Value = 0 alarm Rising Threshold = 10 alarm Rising Event = 1 alarm Falling Threshold = 7 alarm Falling Event = 1 alarm Startup Alarm = 3 alarm Owner is RMON_SNMP 4.11.
Command Reference | Maintenance and operation functions | 67 4.12.2 Show Telnet server settings [Syntax] show telnet-server [Input mode] priviledged EXEC mode [Description] Shows the settings of the Telnet server. The following items are shown. • Telnet server function enabled/disabled status • Listening port number • VLAN interface that is permitted to access the TELNET server • Filter that controls access to the TELNET server [Example] Show the settings of the Telnet server.
| Command Reference | Maintenance and operation functions Setting value info : Description deny "Deny" the condition permit "Permit" the condition Specifies the transmission-source IPv4 address or IPv6 address that is the condition. Setting value Description A.B.C.D Specifies an IPv4 address (A.B.C.D) A.B.C.D/M Specifies an IPv4 address (A.B.C.
Command Reference | Maintenance and operation functions | 69 [Initial value] none [Input mode] priviledged EXEC mode [Description] Connects to the specified host via Telnet. [Example] Connect via Telnet to port number 12345 of the host at IPv4 address 192.168.100.1. SWP2#telnet 192.168.100.1 12345 Connect via Telnet to port number 12345 of the host at IPv6 address fe80::2a0:deff:fe11:2233. SWP2#telnet fe80::2a0:deff:fe11:2233%vlan1 12345 4.13.
| Command Reference | Maintenance and operation functions [Initial value] tftp-server disable [Input mode] global configuration mode [Description] Enables the TFTP server. You can also specify the listening TCP port number. If this command is executed with the "no" syntax, the TFTP server is disabled. [Example] Start the TFTP server with 12345 as the listening port number. SWP2(config)#tftp-server enable 12345 4.14.
Command Reference | Maintenance and operation functions | 71 4.15.1 Start HTTP server and change listening port number [Syntax] http-server enable [port] http-server disable no http-server [Keyword] enable : HTTP server is enabled disable : HTTP server is disabled : <1-65535> [Parameter] port Listening port number of the HTTP server (if omitted: 80) [Initial value] http-server disable [Input mode] global configuration mode [Description] Enables the HTTP server.
| Command Reference | Maintenance and operation functions SWP2(config)#http-server secure enable 8080 4.15.3 Show HTTP server settings [Syntax] show http-server [Input mode] priviledged EXEC mode [Description] Shows the settings of the HTTP server. The following items are shown.
Command Reference | Maintenance and operation functions | 73 [Parameter] action : Specifies the action for the access condition Setting value info : Description deny "Deny" the condition permit "Permit" the condition Specifies the transmission-source IPv4 address or IPv6 address that is the condition. Setting value Description A.B.C.D Specifies an IPv4 address (A.B.C.D) A.B.C.D/M Specifies an IPv4 address (A.B.C.
| Command Reference | Maintenance and operation functions Setting value english Description English [Initial value] http-server language japanese [Input mode] global configuration mode [Description] Sets the Web GUI display language. If this command is executed with the "no" syntax, the setting returns to the default. [Example] Set the Web GUI display language to English. SWP2(config)#http-server language english 4.15.
Command Reference | Maintenance and operation functions | 75 disable : SSH server is disable : <1-65535> [Parameter] port Listening port of the SSH server (if omitted: 22) [Initial value] ssh-server disable [Input mode] global configuration mode [Description] Enables the SSH server. You can also specify the listening TCP port number. In order to enable the SSH server, the host key must be created in advance (ssh-server host key generate).
| Command Reference | Maintenance and operation functions [Parameter] ifname : VLAN interface name [Initial value] none [Input mode] global configuration mode [Description] Sets the VLAN interface that allows access to the SSH server. If this command is executed with the "no" syntax, delete the specified interface. Up to eight instances of this command can be set, and those that are specified earlier take priority for application.
Command Reference | Maintenance and operation functions | 77 If parameters are omitted with the "no" syntax, the all setting are deleted. [Note] If ssh-server enable command is not specified, this command does not function. [Example] Permit access to the SSH server only from 192.168.1.1 and the 192.168.10.0/24 segment. SWP2(config)#ssh-server access permit 192.168.1.1 SWP2(config)#ssh-server access permit 192.168.10.0/24 Deny only access to the SSH server from the segment 192.168.10.0/24.
| Command Reference | Maintenance and operation functions 4.16.7 Show SSH server public key [Syntax] show ssh-server host key [fingerprint] [Keyword] fingerprint : Show key fingerprint [Input mode] priviledged EXEC mode [Description] Shows the public key of the SSH server. If the "fingerprint" keyword is specified, the public key's key length, key fingerprint, and ASCII art are shown. [Note] Both the MD5 and SHA256 key fingerprint hash algorithms are shown. [Example] Show the public key.
Command Reference | Maintenance and operation functions | 79 | | |...* | |*+. | | . | | . + | | | | E | | . B.. | | . oo | +------[MD5]------+ 2048 SHA256:XXXXMkUuEbkJggPD68UoR+gobWPhgu7qqXzE8iUXXXX +---[RSA 2048]----+ |*.==+ | |*o+= . . | |*=o. . S | | * S . . | | + B * o | | = = . . . | | o | | . | |. * * | +----[SHA256]-----+ 4.16.
| Command Reference | Maintenance and operation functions [Initial value] none [Input mode] priviledged EXEC mode [Description] Connects to the specified host via SSH. If user is omitted, access the SSH server using the currently logged-in user name. If user is omitted when logged in as an unnamed user, "root" is used. [Note] The escape character is the tilde (~). The escape character is recognized only if it is input at the beginning of the line.
Command Reference | Maintenance and operation functions | 81 [Parameter] host : Remote host name, IPv4 address (A.B.C.D), or IPv6 address (X:X::X:X) [Input mode] priviledged EXEC mode [Description] Delete the public key of the SSH server that is connected as an SSH client. [Example] Clear the SSH host information. SWP2#clear ssh host 192.168.100.1 4.18 E-mail notification 4.18.
| Command Reference | Maintenance and operation functions [Description] Sets server information used when sending e-mails. [Note] When performing SMTP authentication, the AUTH LOGIN command is used for authentication. For the SSL/TLS version, TLSv1, TLSv1.1 and TLSv1.2 are supported. When setting an IPv6 address as the e-mail server address, encryption using SSL/TLS cannot be used. [Example] Sets the e-mail transmission server to “smtp-server-test.com”.
Command Reference | Maintenance and operation functions | 83 [Description] Configures the settings for e-mail notification of event information for the specified function. [Example] Sets the terminal monitoring function event trigger for e-mail template #1. SWP2(config)#mail notify 1 trigger terminal 4.18.
| Command Reference | Maintenance and operation functions 4.18.6 E-mail transmission source address setting [Syntax] send from address no send from address [Parameter] address : Source e-mail address (256 characters or less, single-byte alphanumeric characters and _ - . @) [Initial value] no send from [Input mode] E-mail template mode [Description] Sets the source e-mail address. [Example] Specifies “sample@test.com” as the source e-mail address for e-mail template #1.
Command Reference | Maintenance and operation functions | 85 [Initial value] no send subject [Input mode] E-mail template mode [Description] Specifies the subject for e-mails that are sent. [Note] The subject shown below will be used if this is not set. • Event notification : Notification from SWP2 • Certificate distribution : Certification publishment • Certificate notification : Certification expiration [Example] Sets the subject to “TestMail” for e-mails sent using e-mail template #1.
| Command Reference | Maintenance and operation functions The RADIUS server client certificate is sent to the e-mail address specified by the “user” command of the RADIUS server function. [Note] Example of e-mail body text used when sending RADIUS server client certificates --------------------------------Certification is published.
Command Reference | Maintenance and operation functions | 87 [Initial value] mail certificate expire-notify 30 [Input mode] RADIUS configuration mode [Description] Specifies the number of days to notify beforehand about expired term of validity for RADIUS server client certificates. Up to three numbers of days for notifications can be specified. [Note] The day is displayed in descending order, regardless of the order in which it was inputted.
| Command Reference | Maintenance and operation functions If this command is executed with the "no" syntax, disable the LLDP function for the entire system. [Note] In order to enable the LLDP function for a port, the following command must be set. Set the set lldp enable command's type (LLDP agent mode) to "txrx", "txonly", or "rxonly" as necessary.
Command Reference | Maintenance and operation functions | 89 [Example] Set the system name to SWITCH1. SWP2(config)#lldp system-name SWITCH1 4.19.4 Create LLDP agent [Syntax] lldp-agent no lldp-agent [Initial value] none [Input mode] interface mode [Description] Create an LLDP agent, and transition to LLDP agent mode. If this command is executed with the "no" syntax, delete the LLDP agent. [Note] When you delete the LLDP agent, the commands specified in LLDP agent mode are also deleted.
| Command Reference | Maintenance and operation functions SWP2(config)#lldp auto-setting enable 4.19.
Command Reference | Maintenance and operation functions | 91 [Example] Set the MAC address as the type of management address for LAN port #1. SWP2(config)#lldp run SWP2(config)#interface port1.1 SWP2(config-if)#lldp-agent SWP2(lldp-agent)#set management-address mac-address 4.19.8 Set basic management TLVs [Syntax] tlv-select basic-mgmt no tlv-select basic-mgmt [Initial value] none [Input mode] LLDP agent mode [Description] Adds basic management TLVs to transmitted frames.
| Command Reference | Maintenance and operation functions SWP2(config)#lldp run SWP2(config)#interface port1.1 SWP2(config-if)#lldp-agent SWP2(lldp-agent)#tlv-select ieee-8021-org-specific 4.19.10 Set IEEE-802.3 TLV [Syntax] tlv-select ieee-8023-org-specific no tlv-select ieee-8023-org-specific [Initial value] none [Input mode] LLDP agent mode [Description] Adds IEEE-802.3 TLVs to transmitted frames. If this command is executed with the "no" syntax, exclude IEEE-802.3 TLVs from transmitted frames.
Command Reference | Maintenance and operation functions | 93 4.19.12 Set LLDP frame transmission interval [Syntax] set timer msg-tx-interval tx_interval no set timer msg-tx-interval [Parameter] tx_interval : <5-3600> LLDP frame transmission interval (seconds) [Initial value] set timer msg-tx-interval 30 [Input mode] LLDP agent mode [Description] Sets LLDP frame transmission interval. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Maintenance and operation functions [Parameter] reinit_delay : <1-10> Time from LLDP frame transmission stop until re-initialization (seconds) [Initial value] set timer reinit-delay 2 [Input mode] LLDP agent mode [Description] Sets the time from when LLDP frame transmission stops until re-initialization occurs. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Maintenance and operation functions | 95 [Initial value] set tx-fast-init 4 [Input mode] LLDP agent mode [Description] Sets the number of LLDP frames transmitted during the high speed transmission period. If this command is executed with the "no" syntax, the setting returns to the default. [Example] Set 2 as the number of LLDP frames transmitted during the high speed transmission period on LAN port #1. SWP2(config)#lldp run SWP2(config)#interface port1.
| Command Reference | Maintenance and operation functions Setting value Description rxonly Set receive-only mode txonly Set transmit-only mode txrx Set transmit and receive [Input mode] global configuration mode [Description] Enables or disables the LLDP function for all LAN/SFP+ port in a single operation. If this setting is enabled, set the transmission and reception mode of the specified LLDP frames. [Note] This command can be executed only for global configuration mode.
Command Reference | Maintenance and operation functions | 97 Total frames received Number of LLDP frames received Total frames received in error Number of LLDP frame reception errors Total frames discarded Number of LLDP frames discarded Total discarded TLVs Number of TLV discarded Total unrecognised TLVs Number of TLVs that could not be recognized For show lldp interface ifname neighbor • Basic management information • Interface Name Received interface name System Name System name System De
| Command Reference | Maintenance and operation functions Power that can be supplied by PSE device (0.
Command Reference | Maintenance and operation functions | 99 Reinitialisation delay : 2 MED Enabled : Y Device Type : NETWORK_CONNECTIVITY LLDP Agent traffic statistics Total frames transmitted : 0 Total entries aged : 0 Total frames received : 0 Total frames received in error : 0 Total frames discarded : 0 Total discarded TLVs : 0 Total unrecognised TLVs : 0 SWP2# 4.19.
| Command Reference | Maintenance and operation functions Network Policy MED Capabilities Dev Type MED Application Type MED Vlan id MED Tag/Untag MED L2 Priority MED DSCP Val MED Location Data Format Latitude Res : 0 Latitude : 0 Longitude Res : 0 Longitude : 0 AT : 0 Altitude Res : 0 Altitude : 0 Datum : 0 LCI length : 0 What : 0 Country Code : 0 CA type : 0 MED Inventory : : : : : : : End Point Class-3 Reserved 0 Untagged 0 0 ECS ELIN SWP2# 4.19.
Command Reference | Maintenance and operation functions | 101 A physical interface inside a logical interface operates according to the setting of this command on the interface inside which it exists. If the physical interface is inside the logical interface, the setting of the physical interface returns to the default. Regardless of the setting of this command, L2MS control frames might not be transmitted or received if any of the following conditions exist.
| Command Reference | Maintenance and operation functions [Note] This command is valid only if L2MS is operating as master. [Example] Enable the snapshot function. SWP2(config)#snapshot enable 4.21.2 Set whether to include terminals in the snapshot comparison [Syntax] snapshot trap terminal [except-wireless] no snapshot trap terminal [Keyword] except-wireless : Information for wirelessly connected terminals is excluded from the snapshot comparison.
Command Reference | Maintenance and operation functions | 103 4.21.4 Delete snapshot [Syntax] snapshot delete [Input mode] priviledged EXEC mode [Description] Deletes the snapshot file. [Example] Delete the snapshot file. SWP2#snapshot delete 4.22 Firmware update 4.22.
| Command Reference | Maintenance and operation functions [Note] You can use the firmware-update url command to change the download source URL. If you execute the firmware-update revision-down enable command, it will be possible to downgrade to an older revision. [Example] Update the firmware using a firmware file located on a web server. SWP2#firmware-update execute Found the new revision firmware Current Revision: Rev.2.03.01 New Revision: Rev.2.03.03 Downloading...
Command Reference | Maintenance and operation functions | 105 4.22.5 Show firmware update function settings [Syntax] show firmware-update [Input mode] priviledged EXEC mode [Description] Shows the current settings of the firmware update function. The following items are shown. • Download source URL • Download timeout duration • Allow revision-down [Example] Show the current settings of the firmware update function. SWP2#show firmware-update url: http://www.rtpro.yamaha.co.jp/firmware/revision-up/swp2.
| Command Reference | Maintenance and operation functions [Initial value] hostname SWP2 [Input mode] global configuration mode [Description] Specifies the host name. The host name specified by this command is used as the command prompt. If SNMP access is possible, this is used as the value of the MIB variable sysName. If this command is executed with the "no" syntax, the setting returns to the default value. [Example] Set the host name as "yamaha." SWP2(config)#hostname yamaha yamaha(config)# 4.23.
Command Reference | Maintenance and operation functions | 107 [Parameter] mode : Default LED mode Setting value Description link-act LINK/ACT mode status STATUS mode vlan VLAN mode off OFF mode [Initial value] led-mode default link-act [Input mode] global configuration mode [Description] Set the default LED mode. When you execute this command, the LEDs are lit in the specified mode.
| Command Reference | Maintenance and operation functions Startup status : Current status : ON ON OFF OFF OFF OFF ON ON 4.23.7 Show port error LED status [Syntax] show error port-led [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the ID of ports that are generating an error, and the following error causes.
Command Reference | Interface control | 109 Chapter 5 Interface control 5.1 Interface basic settings 5.1.1 Set description [Syntax] description line no description [Parameter] line : Single-byte alphanumeric characters and single-byte symbols (80characters or less) Description of the applicable interface [Initial value] no description [Input mode] interface mode [Description] Specifies a description of the applicable interface.
| Command Reference | Interface control [Parameter] type : Speed and duplex mode types Speed and duplex mode types Description auto Auto negotiation 10000-full 10Gbps/Full 1000-full 1000Mbps/Full 100-full 100Mbps/Full 100-half 100Mbps/Half 10-full 10Mbps/Full 10-half 10Mbps/Half [Initial value] speed-duplex auto [Input mode] interface mode [Description] Sets the speed and duplex mode. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Interface control | 111 SWP2(config)#interface port1.1 SWP2(config-if)#mru 9000 5.1.5 Set cross/straight automatic detection [Syntax] mdix auto action no mdix auto [Parameter] type : Cross/straight automatic detection operations Setting value Description enable Enable cross/straight automatic detection disable Disable cross/straight automatic detection [Initial value] mdix auto enable [Input mode] interface mode [Description] Enables cross/straight automatic detection.
| Command Reference | Interface control When this command is used to change the settings, link-down temporarily occurs for the corresponding interface. [Example] Enable EEE for LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#eee enable 5.1.
Command Reference | Interface control | 113 Item Description interface Interface name EEE(efficient-ethernet) Whether EEE is enabled Rx LPI Status Low-power mode status of the receiving unit Tx LPI Status Low-power mode status of the transmitting unit Wake Error Count Error count [Example] Show EEE status of LAN port #1. [If EEE is disabled] SWP2#show eee status interface port1.1 interface:port1.
| Command Reference | Interface control Traffic direction Description transmit Transmitter [Initial value] no mirror interface [Input mode] interface mode [Description] Mirrors the traffic specified by direct, with the applicable interface as the mirror port and ifname as the monitor port. If this command is executed with the "no" syntax, the mirroring setting is deleted. [Note] This command can be specified only for LAN/SFP+ port. Only one interface can be specified as the mirror port.
Command Reference | Interface control | 115 5.1.11 Show interface status [Syntax] show interface [ type [ index ] ] [Parameter] type : Interface type Interface type index : Description port Physical interface vlan VLAN interface sa Static logical interface po LACP logical interface Index number Interface ID Description 1.X Specifies the number printed on the chassis (X). <1-4094> Specify the VLAN ID. <1-96> Speciffy the static logical interface number.
| Command Reference | Interface control Item Description broadcast IP broadcast address *3 (shown only if IP address is set) Switchport mode Mode of the switchport • access : untagged • trunk : tagged Ingress filter Status of ingress filtering • enable : enabled • disable : disabled Acceptable frame types Frame types that can be received • all : All frames are received (regardless of whether they are tagged or untagged) • vlan-tagged only : Only frames with a VLAN tag are received Default Vlan
Command Reference | Interface control | 117 ifIndex 5001, MRU 1522 Speed-Duplex: auto(configured), 1000-full(current) Auto MDI/MDIX: on Vlan info: Switchport mode : access Ingress filter : enable Acceptable frame types : all Default Vlan : 1 Configured Vlans : 1 Interface counter: input packets : 320 bytes : 25875 multicast packets: 301 output packets : 628 bytes : 129895 multicast packets: 628 broadcast packets: 0 drop packets : 0 Show the status of VLAN #1.
| Command Reference | Interface control Item Description • (P) : LACP logical interface ID of associated logical interface Description Description of interface *1 Shown only for physical interface *2 hown only for physical interface and logical interface [Example] Show brief interface status.
Command Reference | Interface control | 119 Item Description Broadcast packets Number of broadcast packets transmitted/received Multicast packets Number of multicast packets transmitted/received Unicast packets Number of unicast packets transmitted/received Undersize packets Number of undersize packets received (packets smaller than 64 octets) Oversize packets Number of oversize packets received (packets larger than 1523 octets*1) Fragments Number of fragment packets received (packs smaller tha
| Command Reference | Interface control Unicast packets TX errors Collisions Drop packets : : : : Received and Transmitted: 64octet packets : 65-127octet packets : 128-255octet packets : 256-511octet packets : 512-1023octet packets : 1024-MAXoctet packets : 0 0 0 0 1 166 7 1 0 0 5.1.
Command Reference | Interface control | 121 Interface -----------port1.11 port1.12 (V) -----------3.37 3.34 Threshold -----------3.62 3.89 Threshold -----------3.46 3.70 Threshold -----------3.13 2.89 Threshold -----------2.97 2.70 Current High Alarm High Warning Low Warning Low Alarm Interface (mA) Threshold Threshold Threshold Threshold ------------ ------------ ------------ ------------ ------------ -----------port1.11 4.0 16.0 15.0 2.0 2.0 port1.12 6.2 17.0 14.0 2.0 1.
| Command Reference | Interface control [Description] Associates the applicable interface with the static logical interface specified by link-id. If this command is executed with the "no" syntax, the applicable interface is dissociated from the static logical interface. [Note] This command can be specified only for LAN/SFP+ port. If a LAN/SFP+ port is associated to a link-id for which a static logical interface does not exist, the static logical interface is newly generated.
Command Reference | Interface control | 123 [Parameter] link-id : <1-127> LACP logical interface number mode : Operation mode mode Description active Operate LACP in active mode. In active mode, it actively sends LACP frames to the other device. passive Operate LACP in passive mode. In passive mode, it sends LACP frames only if LACP frames are received from the other device.
| Command Reference | Interface control Interfaces that make up the LACP logical interface [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] If ifname is omitted, shows the status of the LACP logical interface. The following items are shown for each LACP logical interface that exists.
Command Reference | Interface control | 125 Item Description Ifindex Interface number Timeout Timeout value ("Long"=90 seconds, "Short"=3 seconds) Active LACP operation mode("Active", "Passive") Synchronized Synchronization flag Collecting Collecting flag Distributing Distributing flag Defaulted Defaulted flag Expired Expired flag [Example] Shows the status of LACP logical interface. SWP2#show etherchannel % Lacp Aggregator: po10 % Load balancing: src-dst-mac % Member: port1.1 port1.
| Command Reference | Interface control [Note] If an LACP logical interface is connected to the other device, the system priorities are compared, and control privilege is given to the device with the higher priority. [Example] Set the LACP system priority order to 100. SWP2(config)#lacp system-priority 100 5.2.6 Show LACP system priority [Syntax] show lacp sys-id [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the LACP system priority and the LACP system ID.
Command Reference | Interface control | 127 [Example] Set the LACP timeout of LAN port #1 to short. SWP2(config)#interface port1.1 SWP2(config-if)#lacp timeout short 5.2.8 Clear LACP frame counters [Syntax] clear lacp [link-id] counters [Parameter] link-id : <1-127> LACP logical interface number [Input mode] priviledged EXEC mode [Description] Clears the LACP frame counters. If link-id is omitted, the frame counter of every existing LACP logical interface is cleared.
| Command Reference | Interface control [Parameter] type : Rules to specify the forwarding destination interface type Description dst-ip Destination IPv4/IPv6 address dst-mac Destination MAC address dst-port Destination TCP/UDP port number src-dst-ip Source and destination IPv4/IPv6 address src-dst-mac Source and destination MAC address src-dst-port Source and destination TCP/UDP port number src-ip Source IPv4/IPv6 address src-mac Source MAC address src-port Source TCP/UDP port numb
Command Reference | Interface control | 129 Item Description Aggregator LACP logical interface ID Distinguishing ID on the LACP logical interface Actor LAG The actor's own LACP system ID (priority, MAC address) Admin Key The ID that is the basis of the actor's own LACP key (logical port number) Status Link aggregation status ("Not ready"/"Ready") Partner LAG The partner's LACP system ID (priority, MAC address) Partner Key The ID that is the basis of the partner's LACP key Link count Number
| Command Reference | Interface control Partner Key 0001 Link count 0/ 1 Aggregator po127 ID 4727 Status Not ready Partner LAG 0x8000, 00-a0-de-11-11-11 Partner Key 0001 Link count 0/ 1 SWP2#show etherchannel status detail Aggregator po1 ID 4601 Status Ready Actor LAG 0x8000, 00-a0-de-e0-e0-e0 Admin Key 0001 Partner LAG 0x8000, 00-a0-de-11-11-11 Partner Key 0001 Link count 1/ 1 Link port1.
Command Reference | Interface control | 131 The priority order is evaluated as follows. 1 ) Priority is given to ports with a lower LACP port priority. 2 ) If the LACP port priority is the same, priority is given to the lower interface number. If an SFP+ port is to be given priority, its LACP port priority must be set lower than other ports. [Example] Set the LACP port priority order to 1024. SWP2(config-if)#channel-group 1 mode active SWP2(config-if)#lacp port-priority 1024 5.3 Port authentication 5.3.
| Command Reference | Interface control 5.3.3 Configuring the Web authentication function for the entire system [Syntax] aaa authentication auth-web no aaa authentication auth-web [Initial value] no aaa authentication auth-web [Input mode] global configuration mode [Description] Enables Web authentication for the entire system. If this command is executed with the "no" syntax, Disables Web authentication for the entire system.
Command Reference | Interface control | 133 5.3.5 Set for forwarding control on an unauthenticated port for IEEE 802.1X authentication [Syntax] dot1x control-direction direction no dot1x control-direction [Parameter] direction : Sets the packet forwarding operation for unauthenticated ports Forwarding operation Description both Both send and receive packets are discarded. in Only receive packets are discarded.
| Command Reference | Interface control [Note] This command can be specified only for both LAN/SFP+ port and logical interface. To use this command, you must enable the port authentication function for the applicable interface. (dot1x port-control command) [Example] Set the EAPOL packet transmission count for LAN port #1 to "3". SWP2(config)#interface port1.1 SWP2(config-if)#dot1x max-auth-req 3 5.3.
Command Reference | Interface control | 135 [Input mode] global configuration mode [Description] Changes the format of the user name and password used for authentication during MAC authentication. During MAC authentication, the MAC address of the supplicant is used as a user name and password, and a request is sent to the RADIUS server for authentication. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Interface control Operation mode Description same port will be allowed to communicate without authentication. multi-supplicant This mode allows communication with multiple supplicants for each port. Communication is allowed or denied on a per-supplicant basis. [Initial value] auth host-mode single-host [Input mode] interface mode [Description] Changes the port authentication operation mode for the applicable interface.
Command Reference | Interface control | 137 SWP2(config)#interface port1.1 SWP2(config-if)#auth reauthentication 5.3.12 Set dynamic VLAN [Syntax] auth dynamic-vlan-creation no auth dynamic-vlan-creation [Initial value] no auth dynamic-vlan-creation [Input mode] interface mode [Description] Sets dynamic VLAN for the applicable interface. If this is executed with the "no" syntax, the dynamic VLAN is disabled.
| Command Reference | Interface control [Example] This specifies guest VLAN #10 for LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#auth guest-vlan 10 5.3.
Command Reference | Interface control | 139 [Example] Set the reauthentication period for LAN port #1 to 1200. SWP2(config)#interface port1.1 SWP2(config-if)#auth timeout reauth-period 1200 5.3.
| Command Reference | Interface control [Example] Set the reply wait time from the supplicant of LAN port #1 to 180 seconds. SWP2(config)#interface port1.1 SWP2(config-if)#auth timeout supp-timeout 180 5.3.
Command Reference | Interface control | 141 5.3.19 Set the reply wait time for each RADIUS server [Syntax] radius-server timeout time no radius-server timeout [Parameter] time : <1-1000> Standby time for replying to requests (seconds) [Initial value] radius-server timeout 5 [Input mode] global configuration mode [Description] Sets the reply wait time for each RADIUS server. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Interface control no radius-server key [Parameter] secret : Shared password Single-byte alphanumeric characters, and single-byte symbols other than the characters '?' and spaces (64 characters or less) [Initial value] no radius-server key [Input mode] global configuration mode [Description] Sets the shared password used when communicating with a RADIUS server. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Interface control | 143 [Description] Specifies a desired text string that is sent as the NAS-Identifier attribute to the RADIUS server for port authentication. If this setting is made, it is notified to RADIUS server as the NAS-Identifier attribute. If this setting is deleted, notification is stopped. If this command is executed with the "no" syntax, the setting returns to the default. [Example] Set "Nas-ID-001" as the NAS-Identifier attribute that is sent to the RADIUS server.
| Command Reference | Interface control MAC Authentication WEB Authentication Host mode Dynamic VLAN creation Guest VLAN Reauthentication Reauthentication period MAX request Supplicant timeout Server timeout Quiet period Controlled directions Protocol version Clear-state time : : : : : : : : : : : : : : Disabled (configured:disable) Enabled (configured:enable) Multi-supplicant Disabled Disabled Disabled 3600 sec 2 times 30 sec 30 sec 60 sec In (configured:both) 2 Not configured 5.3.
Command Reference | Interface control | 145 EAPOL Start EAPOL Logoff EAP Response ID EAP Response Invalid EAPOL EAP Length error Last EAPOL version Last EAPOL source Transmitted frames EAP Request ID EAP Request EAP Success EAP Fail RADIUS packets: Received packets Access Request Access Challenge Access Accept Access Reject Transmitted packets Access Request : : : : : : : : : : : : : 1 0 1 9 0 0 1 0011.2233.4455 11 1 9 1 0 : : : : : : : 10 0 9 1 0 10 10 5.3.
| Command Reference | Interface control Deadtime : 0 min Server Host : 192.168.100.102 Authentication Port : 1645 Secret Key : fghij Timeout : 5 sec Retransmit Count : 3 Deadtime : 0 min 5.3.
Command Reference | Interface control | 147 5.3.31 Setting the time for clearing the authentication state (system) [Syntax] auth clear-state time time no auth clear-state time [Parameter] time : <0-23> Time at which the authentication state is cleared [Initial value] no auth clear-state time [Input mode] global configuration mode [Description] Sets the time at which the authentication state for the supplicant is cleared for the entire system.
| Command Reference | Interface control [Parameter] switch : Behavior EAP pass through Setting value Description enable Enable the EAP pass through disable Disable the EAP pass through [Initial value] pass-through eap enable [Input mode] global configuration mode [Description] Enables/disables EAP pass-through, specifying whether EAPOL frames are forwarded. If "disable" is specified, EAP frames are discarded.
Command Reference | Interface control | 149 5.4.2 Register permitted MAC addresses [Syntax] port-security mac-address no port-security mac-address [Initial value] none [Input mode] global configuration mode [Description] Registers MAC addresses that are allowed to communicate on ports for which port security has been enabled. If this command is executed with the "no" syntax, deletes the registered address. [Example] Register MAC address 00:A0:DE:00:00:01 as a permitted address for LAN port #1.
| Command Reference | Interface control [Example] Show the port security information. SWP2#show Port -------port1.1 port1.2 port1.3 port1.4 port1.5 port1.6 port1.7 port1.8 port1.9 port1.10 port-security status Security Action Status Last violation --------- --------- --------- ----------------Enabled Discard Blocking 00a0.de00.
Command Reference | Interface control | 151 5.5.2 Show error detection function information [Syntax] show errdisable [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows information for the error detection function. The following items are shown. • Whether automatic recovery from the errdisable state is enabled or disabled • The interface that is in the errdisable state, and the function that detected the error [Example] Show information for the error detection function.
| Command Reference | Layer 2 functions Chapter 6 Layer 2 functions 6.1 FDB (Forwarding Data Base) 6.1.
Command Reference | Layer 2 functions | 153 SWP2(config)#mac-address-table ageing-time 400 6.1.3 Clear dynamic entry [Syntax] clear clear clear clear mac-address-table mac-address-table mac-address-table mac-address-table dynamic dynamic adress mac-addr dynamic vlan vlan-id dynamic interface ifname [instance inst] [Keyword] address : Specifies the MAC address vlan : Specifies the VLAN ID interface : Specifies the interface instance : Specifies the MST instance : hhhh.hhhh.
| Command Reference | Layer 2 functions ifname : Setting value Description discard Discard Name of LAN/SFP+ port or logical interface Applicable interface vlan-id : <1-4094> Applicable VLAN ID [Initial value] none [Input mode] global configuration mode [Description] Registers a static entry in the MAC address table. If action is specified as "forward," received frames that match the specified MAC address and VLAN ID are forwarded to the specified interface.
Command Reference | Layer 2 functions | 155 1 1 sa1 sa2 1803.731e.8c2b 782b.cbcb.218d forward forward dynamic dynamic 300 300 6.1.
| Command Reference | Layer 2 functions [Keyword] name : Specifies the name of the VLAN state : Specifies the state of the VLAN : <2-4094> [Parameter] vlan-id VLAN ID name : Single-byte alphanumeric characters and single-byte symbols(32characters or less) Name of the VLAN state : Whether frame forwarding is enabled or disabled Setting value Description enable Frames are forwarded disable Frames are not forwarded [Initial value] none [Input mode] VLAN mode [Description] Sets the VLAN
Command Reference | Layer 2 functions | 157 Setting value Description isolated Secondary VLAN (isolated VLAN) [Initial value] none [Input mode] VLAN mode [Description] Uses vlan-id as a private VLAN. If this command is executed with the "no" syntax, the private VLAN setting is deleted, and it is used as a conventional VLAN.
| Command Reference | Layer 2 functions [Description] Specify the association of the secondary VLAN (isolated VLAN, community VLAN) with the primary VLAN of the private VLAN. By specifying "add," specify the association of the vlan-id with the 2nd-vlan-ids. By specifying "remove," remove the association of the vlan-id and the 2nd-vlan-ids. If this command is executed with the "no" syntax, all associations to the primary VLAN are deleted.
Command Reference | Layer 2 functions | 159 [Input mode] interface mode [Description] Sets the VLAN ID that is associated as an access port with the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be set only for a LAN/SFP+ port or logical interface for which the switchport mode access command is set.
| Command Reference | Layer 2 functions 6.2.
Command Reference | Layer 2 functions | 161 [Example] Set LAN port #1 as the trunk port, and associate it to VLAN #2. SWP2(config)#interface port1.1 SWP2(config-if)#switchport mode trunk SWP2(config-if)#switchport trunk allowed vlan add 2 6.2.
| Command Reference | Layer 2 functions Setting value Description promiscuous Promiscuous port host Host port [Initial value] none [Input mode] interface mode [Description] Specifies the private VLAN port type for the applicable interface. If this is executed with the "no" syntax, the setting of the private VLAN specified for the applicable interface is deleted. [Note] This command can be set only for a LAN/SFP+ port for which the switchport mode access command is set.
Command Reference | Layer 2 functions | 163 If the switchport mode private-vlan command is used to set the port type to something other than host port, the setting of this command is deleted. [Example] Specify the following private VLAN for each interface. • LAN port #1 : Primary VLAN #100, Secondary VLAN #101 • LAN port #2 : Primary VLAN #100, Secondary VLAN #102 • LAN port #3 : Primary VLAN #100, Secondary VLAN #103 SWP2(config)# interface port1.
| Command Reference | Layer 2 functions A community VLAN can be associated with multiple promiscuous ports. Multiple promiscuous ports can be specified for one primary VLAN. Since an interface in an isolated VLAN can communicate only with one promiscuous port, only one promiscuous port can be associated with one isolated VLAN. [Example] Make LAN port #1 operate as a promiscuous port, specify primary VLAN #100, and associate the secondary VLANs #101, #102, and #103. SWP2(config)# interface port1.
Command Reference | Layer 2 functions | 165 [Description] Specify the CoS value to use for voice traffic by the connected device. The connected device is notified of the setting via LLDP-MED in the following cases. • Voice VLAN is specified for the corresponding port. • LLDP-MED transmission and reception is possible for the corresponding port. [Example] Set the CoS value to 6 for using LAN port #1 as voice VLAN. SWP2(config)#interface port1.1 SWP2(config-if)#switchport voice cos 6 6.2.
| Command Reference | Layer 2 functions By default, each interface is not associated with a multiple VLAN group. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This cannot be used in conjunction with the private VLAN. Ports that are associated with a link aggregation logical interface must be set to the same multiple VLAN group. The multiple VLAN group is applied only to forwarding between ports.
Command Reference | Layer 2 functions | 167 [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows information for the specified VLAN ID. The following items are shown. Item Description VLAN ID VLAN ID Name Name of the VLAN State VLAN status (whether frames are forwarded) • ACTIVE : forwarded • SUSPEND : not forwarded Member ports Interfaces associated with the VLAN ID • (u) : Access port (untagged port) • (t) : Trunk port (tagged port) [Example] Show all VLAN information.
| Command Reference | Layer 2 functions 6.2.20 Show multiple VLAN group setting information [Syntax] show vlan multiple-vlan [group group-id] [Keyword] group : Show information for specific multiple VLAN groups : <1-256> [Parameter] group-id Multiple VLAN group ID [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the setting status for multiple VLAN groups. If the "group" specification is omitted, all groups that are actually assigned to the interface are shown.
Command Reference | Layer 2 functions | 169 Forward delay time (seconds) [Initial value] spanning-tree forward-time 15 [Input mode] global configuration mode [Description] Sets the forward delay time. If this command is executed with the "no" syntax, the setting returns to the default. [Note] The setting of this command must satisfy the following conditions. 2 x (hello time + 1) <= maximum aging time <= 2 x (forward delay time - 1) The maximum aging time can be set by the spanning-tree max-age command.
| Command Reference | Layer 2 functions Priority value [Initial value] spanning-tree priority 32768 [Input mode] global configuration mode [Description] Sets the bridge priority. Lower numbers have higher priority. If this command is executed with the "no" syntax, the setting returns to the default. [Note] In the case of MSTP, this is the setting for CIST (instance #0). [Example] Set the bridge priority to 4096. SWP2(config)#spanning-tree priority 4096 6.3.
Command Reference | Layer 2 functions | 171 Setting value Description shared Shared link [Initial value] spanning-tree link-type point-to-point [Input mode] interface mode [Description] Sets the link type for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP+ port and logical interface.
| Command Reference | Layer 2 functions 6.3.8 Set interface BPDU guard [Syntax] spanning-tree bpdu-guard guard no spanning-tree bpdu-guard [Parameter] guard : BPDU guard operation Setting value Description enable Enables BPDU guard disable Disables BPDU guard [Initial value] spanning-tree bpdu-guard disable [Input mode] interface mode [Description] Sets BPDU guard for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Layer 2 functions | 173 [Input mode] interface mode [Description] Sets the path cost of the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] In the case of MSTP, this is the setting for CIST (instance #0). This command can be specified only for LAN/SFP+ port and logical interface. It is not possible to specify this command for a LAN/SFP+ port that is associated to a logical interface.
| Command Reference | Layer 2 functions [Description] Sets the edge port of the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP+ port and logical interface. It is not possible to specify this command for a LAN/SFP+ port that is associated to a logical interface.
Command Reference | Layer 2 functions | 175 Item Description Ifindex Interface index number Port Id Interface's port ID Role Role of the interface. This is either Disabled, Designated, Rootport, or Alternate State State of the interface.
| Command Reference | Layer 2 functions % % % % Default: Default: Default: Default: CIST Root Id 8000ac44f2300110 CIST Reg Root Id 8000ac44f2300110 CIST Bridge Id 8000ac44f2300110 6 topology change(s) - last topology change Tue Feb 27 19:52:52 2018 % port1.1: Port Number 905 - Ifindex 5001 - Port Id 0x8389 - Role Designated State Forwarding % port1.1: Designated External Path Cost 0 -Internal Path Cost 0 % port1.1: Configured Path Cost 20000 - Add type Explicit ref count 1 % port1.
Command Reference | Layer 2 functions | 177 % % % % Config Bpdu's received TCN Bpdu's xmitted TCN Bpdu's received Forward Trans Count : : : : 0 2 3 1 % % % % % % % % % % % % % STATUS of Port Timers --------------------Hello Time Configured Hello timer Hello Time Value Forward Delay Timer Forward Delay Timer Value Message Age Timer Message Age Timer Value Topology Change Timer Topology Change Timer Value Hold Timer Hold Timer Value : : : : : : : : : : : 2 ACTIVE 0 INACTIVE 0 INACTIVE 0 INACTIVE 0 INAC
| Command Reference | Layer 2 functions SWP2#clear spanning-tree detected protocols interface port1.1 6.3.15 Move to MST mode [Syntax] spanning-tree mst configuration [Input mode] global configuration mode [Description] Moves to MST mode in order to make MST instance and MST region settings. [Note] To return from MST mode to global configuration mode, use the exit command. To return to priviledged EXEC mode, use the end command. [Example] Move to MST mode.
Command Reference | Layer 2 functions | 179 [Input mode] MST mode [Description] Associates a VLAN with an MST instance. If this command is executed with the "no" syntax, the VLAN association for the MST instance is deleted. If as a result of this deletion, not even one VLAN is associated with the MST instance, the MST instance is deleted. If you specify an MST instance that has not been generated, the MST instance will also be generated.
| Command Reference | Layer 2 functions [Description] Sets the MST region name. If this command is executed with the "no" syntax, the setting returns to the default. [Example] Set the MST region name to "Test1". SWP2(config)#spanning-tree mst configuration SWP2(config-mst)#region Test1 6.3.
Command Reference | Layer 2 functions | 181 6.3.
| Command Reference | Layer 2 functions [Description] Sets the path cost of the applicable interface on an MST instance. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP+ port and logical interface. It is not possible to specify this command for a LAN/SFP+ port that is associated to a logical interface.
Command Reference | Layer 2 functions | 183 [Example] Show MSTP information.
| Command Reference | Layer 2 functions [Keyword] interface : Specifies the interface to show : <1-15> [Parameter] instance-id ID of generated MST interface ifname : Name of LAN/SFP+ port or logical interface Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode, interface mode [Description] Shows information for the specified MST instance. If "interface" is omitted, information is shown for all interfaces that are assigned the specified MST instance.
Command Reference | Layer 2 functions | 185 [Note] The spanning tree function and the loop detection function can be used together on the entire system. In order to enable the loop detection function, the loop detection function must be enabled on the interface in addition to this command. Even if the loop detection function is enabled, the loop detection function does not operate on the following interfaces. • LAN/SFP+ port on which the spanning tree function is operating.
| Command Reference | Layer 2 functions LPD enabled STP enabled - STP - STP STP disabled - - LPD LPD STP enabled - STP LPD STP [Example] Enable the loop detection function of LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#loop-detect enable Disable the loop detection function of LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#loop-detect disable 6.4.
Command Reference | Layer 2 functions | 187 [Example] Reset the loop detection status. SWP2#loop-detect reset 6.4.5 Show loop detection function status [Syntax] show loop-detect [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the settings and status of the loop detection function. The following items are shown.
| Command Reference | Layer 3 functions Chapter 7 Layer 3 functions 7.1 IPv4 address management 7.1.1 Set IPv4 address [Syntax] ip address ip_address/mask [label textline] ip address ip_address netmask [label textline] no ip address [Keyword] label : Set label as IPv4 address : A.B.C.D [Parameter] ip_address IPv4 address mask : <1-31> Number of mask bits netmask : A.B.C.
Command Reference | Layer 3 functions | 189 [Description] Shows the IPv4 address for each interface. The following content is shown. • IPv4 address • If an IPv4 address has been specified by the ip address dhcp command, an "*" is shown added before the displayed IPv4 address. • If the IPv4 address is not specified after setting the ip address dhcp command (such as while searching for the server), then "searching" is shown. • If the ip address command has not been set, the indication "unassigned" is shown.
| Command Reference | Layer 3 functions SWP2(config)#interface vlan100 SWP2(config-if)#ip address dhcp 7.1.4 Show DHCP client status [Syntax] show dhcp lease [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the DHCP client status. The following items are shown.
Command Reference | Layer 3 functions | 191 [Description] For the VLAN interface, enables the Auto IP function which automatically generates the IPv4 link local address (169.254.xxx.xxx/16). The Auto IP function works only if an IPv4 address cannot be obtained from the DHCP server after the ip address dhcp command is specified. The Auto IP function can be enabled for only one VLAN interface. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Layer 3 functions [Description] Adds a static route for IPv4. If this command is executed with the "no" syntax, the specified route is deleted. [Example] Set the default gateway to 192.168.1.1. SWP2(config)#ip route 0.0.0.0/0 192.168.1.1 For the destination 172.16.0.0/16, set the gateway to 192.168.2.1. SWP2(config)#ip route 172.16.0.0 255.255.0.0 192.168.2.1 7.2.2 Show IPv4 Forwarding Information Base [Syntax] show ip route [ip_address[/mask]] [Parameter] ip_address : A.B.C.
Command Reference | Layer 3 functions | 193 SWP2>show ip route database Codes: C - connected, S - static > - selected route, * - FIB route S S S C C *> *> *> *> *> 0.0.0.0/0 [1/0] via 192.168.100.1, vlan1 172.16.0.0/16 [1/0] via 192.168.200.240, vlan100 192.168.1.1/32 [1/0] is directly connected, vlan100 192.168.100.0/24 is directly connected, vlan1 192.168.200.0/24 is directly connected, vlan100 Gateway of last resort is not set 7.2.
| Command Reference | Layer 3 functions 7.3.3 Set static ARP entry [Syntax] arp ip_address mac_address interface no arp ip_address [Parameter] ip_address : A.B.C.D IP address mac_address : HHHH.HHHH.HHHH MAC address interface : portN.M Physical interface name [Initial value] none [Input mode] global configuration mode [Description] Creates a static group ARP entry. If this command is executed with the "no" syntax, the specified entry is deleted.
Command Reference | Layer 3 functions | 195 no ip forwarding [switch] [Parameter] switch : IPv4 packet forwarding settings Setting value Description enable Enable forwarding of IPv4 packets disable Disable forwarding of IPv4 packets [Initial value] ip forwarding disable [Input mode] global configuration mode [Description] Enables or disables forwarding of IPv4 packets. If this is executed with the "no" syntax, the setting returns to the default. 7.4.
| Command Reference | Layer 3 functions timeout : <1-65535> Time to wait for a reply (if omitted: 2) This is ignored if the number of times to execute is specified as "continuous" [Input mode] priviledged EXEC mode [Description] Send ICMP Echo to the specified host, and wait for ICMP Echo Reply. If there is a reply, show it. Show statistical information when the command ends. [Example] Ping the IP address 192.168.100.254 three times with a data size of 120 bytes. SWP2#ping 192.168.100.
Command Reference | Layer 3 functions | 197 Setting value Description disable Disable the IPv6 [Initial value] ipv6 disable [Input mode] interface mode [Description] Enables IPv6 for the VLAN interface and automatically sets the link local address. IPv6 addresses can be assigned to a maximum of 8 VLAN interfaces. If IPv6 is disabled, related settings are also simultaneously deleted. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Layer 3 functions [Initial value] none [Input mode] interface mode [Description] Uses RA to specify an IPv6 address for the VLAN interface. RA can be specified only for the VLAN interface for which the ipv6 enable command has been specified. If the ipv6 address ipv6_address/prefix_len command was executed before executing this command, the setting of the ipv6 address ipv6_address/prefix_len command is automatically deleted.
Command Reference | Layer 3 functions | 199 no ipv6 route ipv6_address/prefix_len [gateway [number]] no ipv6 route ipv6_address/prefix_len [null [number]] [Keyword] null : Discard packet without forwarding it : X:X::X:X [Parameter] ipv6_address IPv6 address Set this to :: (abbreviated 0:0:0:0:0:0:0:0) if specifying the default gateway prefix_len : <1-127> IPv6 prefix Set this to 0 if specifying the default gateway gateway : X:X::X:X IPv6 address of gateway If you specify an IPv6 link local addres
| Command Reference | Layer 3 functions [Note] [Example] Show the entire IPv6 forwarding information base. SWP2>show ipv6 route Codes: C - connected, S - static Timers: Uptime S C S C ::/0 [1/0] via fe80::2a0:deff:fe:1, vlan1, 00:03:08 2001:db8:1::/64 via ::, vlan1, 00:01:10 2001:db8:2::/64 [1/0] via 2001:db8:1::1, vlan1, 00:01:52 fe80::/64 via ::, vlan1, 00:03:08 Show the route used for sending packets that are addressed to 2001:db8:1::2.
Command Reference | Layer 3 functions | 201 7.8 Neighbor cache 7.8.1 Set static neighbor cache entry [Syntax] ipv6 neighbor ipv6_address interface mac_address interface no ipv6 neighbor ipv6_address interface [Parameter] ipv6_address : X:X::X:X IPv6 address interface : vlanN VLAN interface name mac_address : HHHH.HHHH.HHHH MAC address interface : portN.M Physical interface name [Input mode] global configuration mode [Description] Adds a static entry to the neighbor cache.
| Command Reference | Layer 3 functions [Description] Clears the neighbor cache. [Note] [Example] Clear the neighbor cache. SWP2#clear ipv6 neighbors 7.9 IPv6 forwarding control 7.9.
Command Reference | Layer 3 functions | 203 [Parameter] host : Host name, or target IPv6 address (X:X::X:X) Target to which ICMPv6 Echo is sent If you specify an IPv6 link local address, you must also specify the output interface (fe80::X%vlanN format) count datalen : : Number of times to execute (if omitted: 5) Setting value Description <1-2147483647> Execute the specified number of times continuous Execute repeatedly until Ctrl+C is entered <36-18024> Length of ICMP payload (if omitted: 56)
| Command Reference | Layer 3 functions 1 2 3 4 5 6 2001:db8:10::1 (2001:db8:10::1) 0.563 ms 0.412 2001:db8:20::1 (2001:db8:20::1) 0.561 ms 0.485 2001:db8:30::1 (2001:db8:30::1) 0.864 ms 0.693 2001:db8:40::1 (2001:db8:40::1) 0.751 ms 0.783 2001:db8:50::1 (2001:db8:50::1) 7.689 ms 7.527 2001:db8:1::2 (2001:db8:1::2) 33.948 ms 10.413 ms ms ms ms ms ms 0.428 ms 0.476 ms 21.104 ms 0.673 ms 7.168 ms 7.681 ms 7.11 DNS client 7.11.
Command Reference | Layer 3 functions | 205 [Note] If the ip address dhcp command was used to obtain the DNS server list from the DHCP server, the setting of this command takes priority. However if fewer than three items were registered to the DNS server list by this command, up to a total of three items of the DNS server list obtained from the DHCP server are added to the end of this list. [Example] Add the IP addresses 192.168.100.1, 2001:db8::1234, and fe80::2a0:deff:fe11:2233 to the DNS server list.
| Command Reference | Layer 3 functions [Note] If a search domain list is specified by this command, the default domain name specified by the dns-client domain-name command and the default domain name automatically specified by the ip address dhcp command are not used. [Example] Add the domain names "example1.com" and "example2.com" to the search domain list. SWP2(config)#dns-client domain-list example1.com SWP2(config)#dns-client domain-list example2.com 7.11.
Command Reference | IP multicast control | 207 Chapter 8 IP multicast control 8.1 IP multicast basic settings 8.1.
| Command Reference | IP multicast control [Example] Enable IGMP snooping for VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ip igmp snooping enable Disable IGMP snooping for VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ip igmp snooping disable 8.2.
Command Reference | IP multicast control | 209 The multicast router must be connected to the specified LAN/SFP+ port. If an IGMP report is received from the receiver, it is forwarded to the specified LAN/SFP+ port. [Example] Specify LAN port #8 as a connection destination of the multicast router. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ip igmp snooping mrouter interface port1.8 Remove LAN port #8 as a connection destination of the multicast router.
| Command Reference | IP multicast control [Note] This command can be specified only for VLAN interface. Also, this can be specified only if IGMP snooping is enabled. [Example] Set the VLAN #2 query transmission interval to 30 seconds. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ip igmp snooping query-interval 30 Return the VLAN #2 query transmission interval to the default setting.
Command Reference | IP multicast control | 211 IGMP version [Initial value] ip igmp snooping version 3 [Input mode] interface mode [Description] Sets the IGMP version. If this command is executed with the "no" syntax, the IGMP version returns to the default setting (V3). [Note] This command can be specified only for VLAN interface. Also, this can be specified only if IGMP snooping is enabled. If an IGMP packet of a different version than this setting is received, the following action occurs.
| Command Reference | IP multicast control [Parameter] A.B.C.D : Multicast group address ifname : VLAN interface name Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows IGMP group membership information. [Example] Show IGMP group membership information. SWP2#show ip igmp snooping groups IGMP Snooping Group Membership Group source list: (R - Remote, S - Static) Vlan Group/Source Address Interface Reporter Version 1 239.255.255.250 port1.5 192.168.100.
Command Reference | IP multicast control | 213 Number of v2-leaves: 0 Number of v3-reports: 127 Active Ports: port1.5 port1.8 8.2.11 Clear IGMP group membership entries [Syntax] clear ip igmp snooping clear ip igmp snooping group A.B.C.D clear ip igmp snooping interface ifname [Keyword] group : Specifies the multicast group address to be cleared interface : Specifies the VLAN interface to be cleared : Multicast group address [Parameter] A.B.C.
| Command Reference | IP multicast control [Example] Enable MLD snooping for VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ipv6 mld snooping enable Disnable MLD snooping for VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ipv6 mld snooping disable 8.3.
Command Reference | IP multicast control | 215 The multicast router must be connected to the specified LAN/SFP+ port. If an MLD report is received from the receiver, it is forwarded to the specified LAN/SFP+ port. [Example] Specify LAN port #8 as a connection destination of the multicast router. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ipv6 mld snooping mrouter interface port1.8 Remove LAN port #8 as a connection destination of the multicast router.
| Command Reference | IP multicast control [Note] This command can be specified only for VLAN interfaces. Also, this can be specified only if MLD snooping is enabled. [Example] Set the VLAN #2 query transmission interval to 30 seconds. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ipv6 mld snooping query-interval 30 Return the VLAN #2 query transmission interval to the default setting.
Command Reference | IP multicast control | 217 Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the multicast router connection port information that was dynamically learned or statically set. [Example] Show multicast router connection port information for VLAN #2. SWP2#show ipv6 mld snooping mrouter vlan2 VLAN Interface IP-address Expires 2 port1.11(dynamic) fe80::ae44:f2ff:fe30:291 00:01:04 8.3.
| Command Reference | IP multicast control [Parameter] ifname : VLAN interface name Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Show a VLAN interface's MLD-related information. [Example] Show MLD-related information for VLAN #1.
Command Reference | Traffic control | 219 Chapter 9 Traffic control 9.1 ACL 9.1.1 Generate IPv4 access list [Syntax] access-list ipv4-acl-id [seq_num] action protocol src-info [src-port] dst-info [dst-port] [ack] [fin] [psh] [rst] [syn] [urg] no access-list ipv4-acl-id [seq_num] [action protocol src-info [src-port] dst-info [dst-port] [ack] [fin] [psh] [rst] [syn] [urg]] [Keyword] ack : If tcp is specified as the protocol, the ACK flag of the TCP header is specified as a condition.
| Command Reference | Traffic control Setting value src-port : Description A.B.C.D/M Specifies an IPv4 address (A.B.C.D) with subnet mask length (Mbit) host A.B.C.D Specifies a single IPv4 address (A.B.C.D) any Applies to all IPv4 addresses <0-65535> If protocol is specified as tcp or udp, this specifies the transmission source port number <0-65535> that is the condition. This can also be omitted.
Command Reference | Traffic control | 221 SWP2(config)#access-list 1 deny any 192.168.1.0 0.0.0.255 host 172.16.1.1 Delete IPv4 access list #1. SWP2(config)#no access-list 1 9.1.2 Add comment to IPv4 access list [Syntax] access-list ipv4-acl-id description line no access-list ipv4-acl-id description [Parameter] ipv4-acl-id : <1-2000> ID of IPv4 access list to which a comment will be added line : Comment to add.
| Command Reference | Traffic control If the received/transmitted frame matches the conditions in the access list, the action in the access list will be the action (permit, deny) for the corresponding frame. If this command is executed with the "no" syntax, the applied access list is deleted from both LAN/SFP+ port and logical interface. [Note] Only one access list for each direction can be registered for incoming frames (in) and for outgoing frames (out) on the same interface.
Command Reference | Traffic control | 223 To apply the generated access list, use the access-group command of interface mode. If the "no" syntax is used to specify "action" and following, the IPv6 access list that matches all conditions is deleted. If the "no" syntax is used without specifying "action" and following, the IPv6 access list of the matching ID of access list is deleted. [Note] An access list that is applied to LAN/SFP+ port and logical interface cannot be deleted using the "no" syntax.
| Command Reference | Traffic control Setting value Description in Apply to received frames out Apply to transmitted frames [Initial value] none [Input mode] interface mode [Description] Applies an IPv6 access list to both LAN/SFP+ port and logical interface. If the received/transmitted frame matches the conditions in the access list, the action in the access list will be the action (permit, deny) for the corresponding frame.
Command Reference | Traffic control | 225 Setting value dst-info : Description HHHH.HHHH.HHHH WWWW.WWWW.WWWW Specifies the MAC address (HHHH.HHHH.HHHH) with wildcard bits (WWWW.WWWW.WWWW) host HHHH.HHHH.HHHH Specifies an individual MAC address (HHHH.HHHH.HHHH) any Applies to all MAC addresses Specifies the destination MAC address information that is the condition Setting value Description HHHH.HHHH.HHHH WWWW.WWWW.WWWW Specifies the MAC address (HHHH.HHHH.HHHH) with wildcard bits (WWWW.WWWW.
| Command Reference | Traffic control [Initial value] none [Input mode] global configuration mode [Description] Adds a comment (remark) to the already-generated MAC access list. If this is executed with the "no" syntax, the comment is deleted from the MAC access list. [Note] You can use this command to add a comment even after the access list has been applied to LAN/SFP+ port and logical interface. (The last-written comment overwrites the previous one.
Command Reference | Traffic control | 227 9.1.10 Show generated access list [Syntax] show access-list [acl_id] [Parameter] acl-id : <1-2000>, <2001-3000>, <3001-4000> ID of access list [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the registered access list. If acl-id is omitted, all access lists are shown.
| Command Reference | Traffic control SWP2>show Interface Interface Interface access-group port1.1 : IPv4 access group 1 in port1.7 : IPv6 access group 3002 in port1.8 : MAC access group 2001 in 9.1.
Command Reference | Traffic control | 229 9.1.15 Set VLAN access map filter [Syntax] vlan filter access-map-name vlan-id [direction] no vlan filter access-map-name vlan-id [direction] [Parameter] access-map-name : Single-byte alphanumeric characters and single-byte symbols(256 characters or less) Access map name specified by the vlan access-map command vlan-id : <1-4094> VLAN ID set to the "enable" status by the vlan command direction : Specifies the direction of applicable frames.
| Command Reference | Traffic control [Example] Show VLAN access map information. SWP2>show vlan access-map Vlan access-map VAM001 match ipv4 access-list 2 9.1.17 Show VLAN access map filter [Syntax] show vlan filter [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Show VLAN access map filter application information. The following items are shown.
Command Reference | Traffic control | 231 SWP2(config)#qos disable 9.2.2 Set default CoS [Syntax] qos cos value no qos cos [Parameter] value : <0-7> Default CoS value [Initial value] qos cos 0 [Input mode] interface mode [Description] Sets the default CoS of LAN/SFP+ port and logical interface. If this is executed with the "no" syntax, the default value (CoS=0) is specified. The default CoS is used if untagged frames are received when the interface's trust mode is set to CoS.
| Command Reference | Traffic control [Description] Specifies the trust mode of LAN/SFP+ port and logical interface. If this is executed with the "no" syntax, the default value (CoS trust mode) is specified. In the case of "CoS" trust mode, the CoS value of incoming frames is used to determine the egress queue. In the case of "DSCP," the DSCP value of incoming frames is used to determine the egress queue.
Command Reference | Traffic control | 233 [Parameter] ifname : Name of the LAN/SFP+ port or logical interface. If this is omitted, the command applies to all ports. Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows QoS settings for the specified interface. The following content is shown.
| Command Reference | Traffic control Port Trust Mode: DSCP Egress Traffic Shaping: Not Configured Queue Scheduling: Queue0 : SP Queue1 : SP Queue2 : SP Queue3 : SP Queue4 : SP Queue5 : SP Queue6 : SP Queue7 : SP DSCP (Queue): 0(2), 8(0), 16(1), 24(3), 32(4), 40(5), 48(6), 56(7), 1(2), 9(0), 17(1), 25(3), 33(4), 41(5), 49(6), 57(7), 2(2), 10(0), 18(1), 26(3), 34(4), 42(5), 50(6), 58(7), 3(2), 11(0), 19(1), 27(3), 35(4), 43(5), 51(6), 59(7), 4(2), 12(0), 20(1), 28(3), 36(4), 44(5), 52(6), 60(7), 5(
Command Reference | Traffic control | 235 CoS value of conversion source queue-id : <0-7> Egress queue ID corresponding to CoS value [Initial value] See [Note] [Input mode] global configuration mode [Description] Specifies the values of the CoS - egress queue ID conversion table that is used to determine the egress queue. If this is executed with the "no" syntax, the egress queue ID for the specified CoS value is returned to the default setting.
| Command Reference | Traffic control The DSCP - egress queue ID conversion table is used when the trust mode is set to DSCP. [Note] In order to execute this command, QoS must be enabled. The following table shows the default settings of the DSCP - egress queue ID conversion table. DSCP value Egress queue 0-7 2 8-15 0 16-23 1 24-31 3 32-39 4 40-47 5 48-55 6 56-63 7 [Example] Assign egress queue #4 to DSCP value "0.
Command Reference | Traffic control | 237 9.2.10 Specify egress queue of frames transmitted from the switch itself [Syntax] qos queue sent-from-cpu queue-id no qos queue sent-from-cpu [Parameter] queue-id : <0-7> Egress queue ID [Initial value] qos queue sent-from-cpu 7 [Input mode] global configuration mode [Description] Specifies the egress queue for the storage destination of frames sent to each LAN/SFP+ port from the switch itself (CPU).
| Command Reference | Traffic control SWP2(config)#class-map class1 SWP2(config-cmap)# 9.2.12 Associate class map [Syntax] class name no class name [Parameter] name : Class map name [Input mode] policy map mode [Description] Associates a class map to a policy map. When the class map association succeeds, move to policy map class mode. In policy map class mode, you can make the following settings for each traffic class.
Command Reference | Traffic control | 239 IPv4 access list ID : <2001 - 3000> MAC access list ID : <3001 - 4000> IPv6 access list ID [Input mode] class map mode [Description] Uses the access list as the conditions to classify the traffic class. If the received frame matches the conditions in the access list, the action in the access list will be the action (permit, deny) for the traffic class. If this is executed with the "no" syntax, the condition settings of the access list are deleted.
| Command Reference | Traffic control [Input mode] class map mode [Description] Uses the value of the IP header's TOS precedence field as a condition to classify the traffic class. If this is executed with the "no" syntax, the classification conditions using TOS precedence are deleted. The setting can be repeated up to the maximum number (eight) of registrations. [Note] In order to execute this command, QoS must be enabled.
Command Reference | Traffic control | 241 Setting value Description 0xXXXX Hexadecimal expression of type value any All frame [Input mode] class map mode [Description] Uses the Ethernet frame's type value and the presence of a VLAN tag as the conditions to classify the traffic class. If this command is executed with the "no" syntax, deletes conditional settings based on the Ethernet frame's type value and the presence of a VLAN tag.
| Command Reference | Traffic control Ending VLAN ID value used as classification condition. The range from the specified starting value to the ending value can be a maximum of 30. [Input mode] class map mode [Description] Uses the VLAN ID as the condition to classify the traffic class. To delete the classification condition, use the no match vlan command. This can be used in conjunction with the setting of the match vlan command.
Command Reference | Traffic control | 243 9.2.21 Generate policy map for received frames [Syntax] policy-map name no policy-map name [Parameter] name : Name of policy map (maximum 32 characters; uppercase and lowercase are distinguished) [Input mode] global configuration mode [Description] Generates a policy map. The policy map combines the following processing for received frames, for each traffic class.
| Command Reference | Traffic control [Description] Applies the policy map to the corresponding LAN/SFP+ port and logical interface. If this is executed with the "no" syntax, the policy map is deleted from the LAN/SFP+ port and logical interface. [Note] In order to execute this command, QoS must be enabled. If a policy map has already been applied to the LAN/SFP+ port and logical interface, an error occurs.
Command Reference | Traffic control | 245 Pre-marking cannot be used in conjunction with the set egress queue function. [Example] Make the following settings for received frames of LAN port #1 • Permit traffic from the 10.1.0.0 network • Change the classified traffic class to the CoS value "2" [Traffic class definition] SWP2(config)#access-list 1 permit any 10.1.0.0 0.0.255.
| Command Reference | Traffic control 9.2.25 Set pre-marking (DSCP) [Syntax] set ip-dscp value no set dscp [Parameter] value : <0 - 63> DSCP value specified by pre-marking [Input mode] policy map class mode [Description] Changes the DSCP value of the classified traffic class to the specified DSCP value. In addition, reassign the egress queue according to the egress queue ID table that corresponds to the trust mode.
Command Reference | Traffic control | 247 [Parameter] CIR : <1 - 102300000> Traffic rate (kbps) CBS : <11 - 2097120> Burst size of conformant token bucket (kbyte) EBS : <11 - 2097120> Burst size of excess token bucket (kbyte) action : Operation for packets categorized by bandwidth class Setting value Operation transmit Forward drop Discard remark Remarking (CoS/TOS/DSCP) [Input mode] policy map class mode [Description] Specifies individual policers (single rate) for the categorized traffi
| Command Reference | Traffic control 9.2.27 Set individual policers (twin rate) [Syntax] police twin-rate CIR PIR CBS PBS yellow-action action red-action action no police [Keyword] twin-rate : Use twin rate policers : <1 - 102300000> [Parameter] CIR Traffic rate (kbps) PIR : <1 - 102300000> Peak traffic rate (kbps). A value less than CIR cannot be specified.
Command Reference | Traffic control | 249 SWP2(config-cmap)#match access-group 1 SWP2(config-cmap)#exit [Policy settings] SWP2(config)#policy-map policy1 SWP2(config-pmap)#class class1 SWP2(config-pmap-c)#police twin-rate 48 96 12 12 yellow-action remark red-action drop SWP2(config-pmap-c)#remark-map yellow ip-dscp 10 SWP2(config-pmap-c)#exit SWP2(config-pmap)#exit SWP2(config)#interface port1.1 SWP2(config-if)#service-policy input policy1 9.2.
| Command Reference | Traffic control PHB DSCP value RFC Class Selector 0, 8, 16, 24, 32, 40, 48, 56 2474 Assured Forwarding 10, 12, 14, 18, 20, 22, 26, 28, 30, 34, 36, 2597 38 Expedited Forwarding(EF) 46 2598 [Example] Make the following settings for received frames of LAN port #1@ • Permit traffic from the 10.1.0.
Command Reference | Traffic control | 251 9.2.
| Command Reference | Traffic control no police [Keyword] twin-rate : Use twin rate policers : <1 - 102300000> [Parameter] CIR Traffic rate (kbps) PIR : <1 - 102300000> Peak traffic rate (kbps). A value less than CIR cannot be specified.
Command Reference | Traffic control | 253 [Parameter] color : Bandwidth class to remark Setting value type : Description yellow Make remarking settings for bandwidth class Yellow red Make remarking settings for bandwidth class Red Type of remarking Setting value value : Description cos CoS remarking ip-precedence TOS precedence remarking ip-dscp DSCP remarking <0 - 7> CoS or TOS precedence remarking value : <0 - 63> DSCP remarking value [Input mode] aggregate policer mode [Description
| Command Reference | Traffic control 9.2.33 Show aggregate policers [Syntax] show aggregate-police [name] [Parameter] name : Aggregate policer name. If this is omitted, the command applies to all aggregate policers. [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the contents of an aggregate policer. The contents shown are the same as in the police section shown by the show classmap command. [Note] In order to execute this command, QoS must be enabled.
Command Reference | Traffic control | 255 SWP2(config)#policy-map policy1 SWP2(config-pmap)#class class1 SWP2(config-pmap-c)#police-aggregate AGP-01 SWP2(config-pmap-c)#exit SWP2(config-pmap)#class class2 SWP2(config-pmap-c)#police-aggregate AGP-01 SWP2(config-pmap-c)#exit SWP2(config-pmap)#exit SWP2(config)#interface port1.1 SWP2(config-if)#service-policy input policy1 9.2.
| Command Reference | Traffic control [Input mode] priviledged EXEC mode [Description] Clears the metering totals for all policers (individual policers / aggregate policers) on the specified LAN/SFP+ port or logical interface. [Note] In order to execute this command, QoS must be enabled. [Example] Clear the metering totals for LAN port #1. SWP2#clear qos metering-counter port1.1 9.2.
Command Reference | Traffic control | 257 [Parameter] value : <0 - 63> DSCP value corresponding to egress queue [Input mode] policy map class mode [Description] Assigns an egress queue to the classified traffic class. Use the DSCP value to specify the egress queue; the egress queue that is assigned is based on the "DSCP-egress queue ID conversion table." If this is executed with the "no" syntax, the specification of egress queue based on traffic class is removed.
| Command Reference | Traffic control Item Description - Match ethertype (Ethernet Type) - Match vlan (VLAN ID) - Match vlan-range (VLAN ID) - Match CoS (CoS value) - Match IP precedence (TOS precedence) - Match IP DSCP (DSCP value) Set Pre-marking setting, egress queue setting - Set CoS (Pre-marking setting : CoS value) - Set IP precedence (Pre-marking setting : TOS precedence) - Set IP DSCP (Pre-marking setting : DSCP value) - Set CoS-Queue (Specify egress queue : CoS - Set IP-DSCP-Queue (Specify e
Command Reference | Traffic control | 259 average rate (48 Kbits/sec) burst size (12 KBytes) excess burst size (12 KBytes) yellow-action (Remark [DSCP:10]) red-action (Drop) 9.2.40 Show map status [Syntax] show qos map-status type [name] [Parameter] type : Type of map to show Setting value name : Description policy Show policy map status information class Show class map status information The name of the policy map (or class map) to show.
| Command Reference | Traffic control SWP2#show qos map-status class class1 class1 status policy-map association : policy1 (Detached) edit/erase : Disable attach limitation CoS trust mode : Enable DSCP trust mode : Enable Port-Priority trust mode : Disable 9.2.
Command Reference | Traffic control | 261 [Parameter] CIR : <18-1000000> Traffic rate (kbps). Since rounding occurs, the value actually applied to the input value might be less (see [Note]) BC : <4-16000> Burst size (kbyte). Specified in 4-kbyte units. [Initial value] no traffic-shape rate [Input mode] interface mode [Description] Specifies shaping for the port. If this is executed with the "no" syntax, the port shaping setting is disabled. [Note] In order to execute this command, QoS must be enabled.
| Command Reference | Traffic control [Description] Specifies shaping for the egress queue of the port. If this is executed with the "no" syntax, the egress queue shaping setting is disabled. [Note] In order to execute this command, QoS must be enabled. Since rounding occurs on the traffic rate, the value actually applied to the input value might be less. Input value Traffic rate granularity (kbps) 18 - 23476 17.
Command Reference | Traffic control | 263 [Parameter] type : Flow control operation Setting value Description auto Enable flow control auto negotiation both Enable transmission/reception of Pause frames disable Disable flow control [Initial value] flowcontrol disable [Input mode] interface mode [Description] Enables flow control for the LAN/SFP+ port (IEEE 802.3x PAUSE frames send/receive). If this command is executed with the "no" syntax, flow control is disabled.
| Command Reference | Traffic control --------port1.1 ----------Both ------- ------4337 0 Show flow control information for all ports. SWP2#show flowcontrol System flow-control: Enable Port FlowControl ------------------port1.1 Both port1.2 Disable port1.3 Both port1.4 Disable port1.5 Disable port1.6 Disable port1.7 Disable port1.8 Disable RxPause TxPause ------- ------4337 0 0 1732 - 9.4 Storm control 9.4.1 Set storm control [Syntax] storm-control type [type..
Command Reference | Traffic control | 265 Interface to show [Initial value] none [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the upper limit value for frame reception. If the interface name is omitted, all interfaces are shown. [Example] Show the setting status of all interfaces. SWP2#show storm-control Port BcastLevel McastLevel port1.1 30.00% 30.00% port1.2 20.00% 20.00% port1.3 100.00% 100.00% port1.4 100.00% 100.00% port1.5 50.00% 50.00% port1.6 100.00% 100.00% port1.
| Command Reference | Application Chapter 10 Application 10.1 Local RADIUS server 10.1.
Command Reference | Application | 267 10.1.3 Generate a route certificate authority [Syntax] crypto pki generate ca [ca-name] no crypto pki generate ca [Parameter] ca-name : Certificate authority name Characters that can be inputted for the certificate authority name • Within 3–32 characters • Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces • Cannot specify “DEFAULT” [Initial value] none [Input mode] global configuration mode [Description] Generates a route
| Command Reference | Application Setting value Description pap PAP authentication method peap PEAP authentication method eap-md5 EAP-MD5 authentication method eap-tls EAP-TLS authentication method eap-ttls EAP-TTLS authentication method [Initial value] authentication pap peap eap-md5 eap-tls eap-ttls [Input mode] RADIUS configuration mode [Description] Specifies the authentication method used for the local RADIUS server.
Command Reference | Application | 269 [Input mode] RADIUS configuration mode [Description] Adds a RADIUS client (NAS) to the RADIUS client list. The maximum number of registered entries is 100. If this command is executed with the "no" syntax, the specified RADIUS client setting is deleted. [Note] RADIUS client (NAS) information configured using this command will not display in running-config or startup-config.
| Command Reference | Application mac-address : hhhh.hhhh.hhhh (h is hexadecimal) MAC address for terminal (user) to authenticate ssid : SSID connection point (32 characters or less, single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces ) name : User name (32 characters or less, single-byte alphanumeric characters and symbols other than the characters " ? and spaces mail-address : Mail address (256 characters or less, single-byte alphanumeric character
Command Reference | Application | 271 10.1.8 Reauthentication interval setting [Syntax] reauth interval time no reauth interval [Parameter] time : <3600,43200,86400,604800> Reauthentication interval (no. of seconds) [Initial value] reauth interval 3600 [Input mode] RADIUS configuration mode [Description] Sets the reauthentication interval that is notified to the RADIUS client (NAS). The RADIUS client (NAS) determines whether the reauthentication interval will be used.
| Command Reference | Application Authentication method Characters that can be inputted EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric characters and symbols other than the characters \ [ ] / : * | < > " ? and spaces [Input mode] priviledged EXEC mode [Description] This issues client certificates to users for which the EAP-TLS certification method is specified.
Command Reference | Application | 273 10.1.
| Command Reference | Application Authentication method Characters that can be inputted: EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric characters and symbols other than the characters \ [ ] / : * | < > " ? and spaces [Input mode] priviledged EXEC mode [Description] Sends client certificates to each user via e-mail attachment.
Command Reference | Application | 275 10.1.15 Show authenticated user information [Syntax] show radius-server local user [detail userid] [Keyword] detail : Show detailed information for the specified user : User ID [Parameter] userid (within 3–32 characters; cannot specify “DEFAULT”) Authentication method Characters that can be inputted EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric char
| Command Reference | Application Issuance status Contents done Client certificate issuance completed, or not issued processing Now issuing client certificate aborted Issuance of client certificate aborted by executing “certificate abort” or other command [Example] Shows the issuance status for client certificates. SWP2#show radius-server local certificate status certificate process: done. 10.1.
Command Reference | Application | 277 Reason for revocation Contents revoked Manual revocation expired Revocation due to expired term of validity [Example] Displays the list of revoked client certificates.
| Command Reference | Index Index A aaa authentication auth-mac 131 aaa authentication auth-web 132 aaa authentication dot1x 131 access-group (IPv4) 221 access-group (IPv6) 223 access-group (MAC) 226 access-list (IPv4) 219 access-list (IPv6) 222 access-list (MAC) 224 access-list description (IPv4) 221 access-list description (IPv6) 223 access-list description (MAC) 225 aggregate-police 250 arp 194 arp-ageing-timeout 194 auth clear-state time (global configuration mode) 147 auth clear-state time (interf
Command Reference | Index | 279 ip igmp snooping querier 209 ip igmp snooping query-interval 209 ip igmp snooping version 210 ip route 191 ipv6 196 ipv6 address 197 ipv6 address autoconfig 197 ipv6 forwarding 202 ipv6 mld snooping 213 ipv6 mld snooping fast-leave 214 ipv6 mld snooping mrouter interface 214 ipv6 mld snooping querier 215 ipv6 mld snooping query-interval 215 ipv6 mld snooping version 216 ipv6 neighbor 201 ipv6 route 198 L l2-unknown-mcast 207 l2ms filter enable 100 lacp port-priority 130 lacp
| Command Reference | Index S save logging 50 send from 84 send notify wait-time 85 send server 83 send subject 84 send to 84 service terminal-length 47 service-policy 243 set cos 244 set cos-queue 256 set ip-dscp 246 set ip-dscp-queue 256 set ip-precedence 245 set lldp 90 set management-address-tlv 90 set msg-tx-hold 94 set timer msg-fast-tx 93 set timer msg-tx-interval 93 set timer reinit-delay 93 set too-many-neighbors limit 95 set tx-fast-init 94 sfp-monitor rx-power 121 show access-group 227 show
Command Reference | Index | 281 snmp-server community 53 snmp-server contact 53 snmp-server enable trap 52 snmp-server group 55 snmp-server host 51 snmp-server location 53 snmp-server user 56 snmp-server view 54 spanning-tree 170 spanning-tree bpdu-filter 171 spanning-tree bpdu-guard 172 spanning-tree edgeport 173 spanning-tree forward-time 168 spanning-tree instance 180 spanning-tree instance path-cost 181 spanning-tree instance priority 181 spanning-tree link-type 170 spanning-tree max-age 169 spanning-tr
