CLI User's Guide
Contents
1. Keyboard Key Description Up arrow key Recalls commands from the history buffer beginning with the most recent command Repeat the key sequence to recall successively older commands Down arrow key Returns the most recent commands from the history buffer after recalling commands with the up arrow key Repeating the key sequence will recall successively more recent commands Ctrl A Moves the cursor to the beginning of the command line Ctrl E Moves the cursor to the end of the command line Ctrl Z End Returns back to the Privileged EXEC mode from any configuration mode Backspace key Deletes one character left to the cursor position CLI Command Conventions When entering commands there are certain command entry standards that apply to all commands The following table describes the command conventions Convention Description In a command line square brackets indicates an optional entry In a command line curly brackets indicate a selection of compulsory parameters separated by the character One option must be selected For example flowcontrol auto on off means that for the flowcontrol command either auto on or off must be selected Italic font Indicates a parameter lt Enter gt Indicates an individual key on the keyboard For example lt Enter gt indicates the Enter key Page 22 Ctrl F4 Any combination keys2. Page 246 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide snmp server user The snmp server user Global Configuration mode command configures a new SNMP Version 3 user Use the no form of this command to remove a user Syntax snmp server user username groupname remote engineid string auth md5 password auth sha password auth md5 key md5 des keys auth sha key sha des keys no snmp server user username remote engineia string Parameters e username Specifies the name of the user on the host that connects to the agent Range 1 30 characters groupname Specifies the name of the group to which the user belongs Range 1 30 characters engineid string Specifies the engine ID of the remote SNMP entity to which the user belongs The engine ID is a concatenated hexadecimal string Each byte in the hexadecimal character string is two hexadecimal digits Each byte can be separated by a period or colon Range 5 32 characters auth md5 password Indicates the HMAC MD5 96 authentication level The user should enter a password for authentication and generation of a DES key for privacy Range 1 32 characters auth sha password Indicates the HMAC SHA 96 authentication level The user should enter a password for authentication and generation of a DES key for privacy Range 1 32 characters auth md5 key md5 des keys Indicates the HMAC MD5 96 authentication level The user shoul
3. Symbol Description Time is not authoritative blank Time is authoritative Time is authoritative but SNTP is not synchronized Example The following example displays the time and date from the system clock Console gt show clock 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Console gt show clock detail 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Page 81 Clock Commands Time zone Acronym is PST Offset is UTC 8 Summertime Acronym is PDT Recurring every year Begins at first Sunday of April at 2 00 Ends at last Sunday of October at 2 00 Offset is 60 minutes show sntp configuration The show sntp configuration Privileged EXEC mode command shows the configuration of the Simple Network Time Protocol SNTP Syntax show sntp configuration Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the current SNTP configuration of the device Console show sntp configuration Polling interval 7200 seconds MD5 Authentication keys 8 9 Authentication is required for synchronization Trusted Keys 8 9 Unicast Clients Enabled Unicast Clients Polling Enabled Page 82 Allied Telesis AT 8000S S94 3 0 Comman
4. stack change unit id N Note This command is operational in the AT S94 24 AT S94 24POE AT S94 48 and AT S94 48POE devices The stack change unit id Global Configuration mode command is used to change the Unit ID of a specific unit Syntax stack change unit id unit numberto new unit number Parameters e unit number Specifies the current number of the unit Range 1 6 e new unit number Specifies the new number of the unit Range 1 6 Page 327 System Management Commands Default Configuration The automatically configured unit number is assigned Command Modes Global Configuration mode User Guidelines This command is not relevant to standalone devices The command takes effect only after resetting the device Example This example changes Unit Number 6 to Unit Number 5 The command takes effect only after resetting the device console config console config stack change unit id 6 to 5 show stack N Note This command is operational in the AT S94 24 AT S94 24POE AT S94 48 and AT S94 48POE devices The show stack User EXEC mode command displays information about the status of a stack Syntax show stack unit unif Parameters e unit Specifies the number of the unit Range 1 6 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines This command is not relevant to standalone devices Example The follow
5. Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following examples display autonegotiation information console show interfaces advertise Port Type Neg Operational Link Advertisement Page 108 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide el 00M Copper Enabled e2 00M Copper Enabled e3 00M Copper Enabled e4 00M Copper Enabled e5 00M Copper Enabled 100f 100h 10f 10h e6 00M Copper Enabled e7 00M Copper Enabled e8 00M Copper Enabled S e9 00M Copper Enabled el0 00M Copper Enabled e11 00M Copper Enabled gt e12 00M Copper Enabled el3 00M Copper Enabled el4 00M Copper Enabled el5 00M Copper Enabled el6 00M Copper Enabled gt e17 00M Copper Enabled Ss e18 00M Copper Enabled a el9 00M Copper Enabled aS e20 00M Copper Enabled show interfaces configuration The show interfaces configuration Privileged EXEC mode command displays the configuration for all configured interfaces Syntax show interfaces configuration ethernet interface port channel port channel number Parameters interface Valid Ethernet port Full syntax unit port port channel number Valid port channel number Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this comma
6. Example The following example displays information on all port channels console show interfaces port channel Channel Ports 1 Active 1 el 2 e2 2 Active 2 e2 2 e7 Inactive 3 el 3 Active 3 e3 3 e8 Page 205 Port Monitor Commands Chapter 22 Port Monitor Commands port monitor The port monitor Interface Configuration mode command starts a port monitoring session Use the no form of this command to stop a port monitoring session Syntax port monitor src interface rx tx no port monitor src interface Parameters e src interface Valid Ethernet port Full syntax unit port e rx Monitors received packets only e tx Monitors transmitted packets only Default Configuration Monitors both received and transmitted packets Command Mode Interface Configuration Ethernet mode User Guidelines This command enables traffic on one port to be copied to another port or between the source port src interface and a destination port port being configured The following restrictions apply to ports configured as destination ports The port cannot be already configured as a source port The port cannot be a member in a port channel An IP interface is not configured on the port GVRP is not enabled on the port The port is not a member of a VLAN except for the default VLAN will automatically be removed from the default VLAN The following restrictions apply to ports configured to be
7. no arp p_adadr ethernet interface number vlan vian id port channel port channel number Parameters e ip _addr Valid IP address or IP alias to map to the specified MAC address e hw_addr Valid MAC address to map to the specified IP address or IP alias ethernet interface number Valid Ethernet port vlan vian id Valid VLAN number port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines The software uses ARP cache entries to translate 32 bit IP addresses into 48 bit hardware addresses Because most hosts support dynamic resolution static ARP cache entries do not generally have to be specified Example The following example adds IP address 198 133 219 232 and MAC address 00 00 0c 40 0f bc to the ARP table console config arp 198 133 219 232 00 00 0c 40 0f bc ethernet 1 e6 arp timeout The arp timeout Global Configuration mode command configures how long an entry remains in the ARP cache Use the no form of this command to restore the default configuration Syntax arp timeout seconds Page 138 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide no arp timeout Parameters e seconds Time in seconds that an entry remains in the ARP cache Range 1 40000000 Default Configuration The default timeout is 60000 seconds Command Mode G
8. Community access Type of access read only read write super access Page 256 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide IP Address Management station IP Address Trap Rec Address Targeted Recipient Trap Rec Community Statistics sent with the notification operation Version SNMP version for the sent trap 1 or 2 show snmp engineid The show snmp enginelD Privileged EXEC mode command displays the ID of the local Simple Network Management Protocol SNMP engine Syntax show snmp enginelD Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the SNMP engine ID console show snmp engineID Local SNMP engineID 08009009020C0B099C075878 show snmp views The show snmp views Privileged EXEC mode command displays the configuration of views Syntax show snmp views viewname Parameters e viewname Specifies the name of the view Range 1 30 Default Configuration This command has no default configuration Page 257 Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the configuration of views SNMP Commands console show snmp
9. Default Configuration This command has no default configuration Command Mode Privileged and User EXEC modes User Guidelines There are no user guidelines for this command Example The following example closes an active terminal session console gt exit end The end command ends the current configuration session and returns to the Privileged EXEC mode Syntax end Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode All configuration modes User Guidelines There are no user guidelines for this command Example The following example changes from Global Configuration mode to Privileged EXEC mode console config end console help The help command displays a brief description of the help system Page 339 User Interface Commands Syntax help Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode All command modes User Guidelines There are no user guidelines for this command Example The following example describes the help system console help Help may be requested at any point in a command by entering a question mark If nothing matches the currently entered incomplete command the help list is empty This indicates that for a query at this point there is no command matching the current input I
10. Example The following example configures VLAN number 123 as the native VLAN when Ethernet port 1 e16 is in trunk mode console config interface ethernet 1 e16 console config if switchport trunk native vlan 123 switchport general allowed vian The switchport general allowed vian Interface Configuration mode command adds or removes VLANs from a general port Page 349 VLAN Commands Syntax switchport general allowed vlan add vian list tagged untagged switchport general allowed vlan remove vian list Parameters add vian list Specifies the list of VLAN IDs to be added Separate nonconsecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list Specifies the list of VLAN IDs to be removed Separate nonconsecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs e tagged Indicates that the port transmits tagged packets for the VLANs untagged Indicates that the port transmits untagged packets for the VLANs Default Configuration If the port is added to a VLAN without specifying tagged or untagged the default setting is tagged Command Mode Interface Configuration Ethernet port channel mode User Guidelines This command enables changing the egress rule e g from tagged to untagged without first removing the VLAN from the list Example The following example adds VLANs 2 5 and 6 to the allowed list of Ethern
11. Syntax show bridge address table count vlan v an ethernet interface number port channel port channel number Page 62 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters vlan Specifies a valid VLAN such as VLAN 1 interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the number of addresses present in all VLANs console show bridge address table count This may take some time Capacity 8192 Free 8190 Used 2 Secure 0 Dynamic 2 Static 0 Internal 0 Page 63 Address Table Commands show bridge multicast address table The show bridge multicast address table Privileged EXEC mode command displays the bridge Multicast Address Table information Syntax show bridge multicast address table vlan vian id address mac multicast address p multicast address format ip format mac source p address Parameters vlan id A valid VLAN ID value mac multicast address A valid MAC Multicast address e p multicast address A valid IP Multicast address e p address Source IP address format jo mac Multicast address format Can be ip or mac If the format is unspecified the
12. console config interface vlan 8 console config if bridge multicast address 01 00 5e 02 02 03 add ethernet 1 el 9 2 e2 bridge multicast forbidden address The bridge multicast forbidden address Interface Configuration mode command forbids adding specific Multicast addresses to specific ports Use the no form of this command to return to default Syntax bridge multicast forbidden address mac multicast address ip multicast address add remove ethernet interface list port channel port channel number list no bridge multicast forbidden address mac multicast address ijp multicast address Parameters add Adds ports to the group remove Removes ports from the group mac multicast address A valid MAC Multicast address interface list Separate nonconsecutive Ethernet ports with a comma and no spaces hyphen is used to designate a range of ports port channel number list Separate nonconsecutive valid port channels with a comma and no spaces a hyphen is used to designate a range of port channels Default Configuration No forbidden addresses are defined Command Modes Interface Configuration VLAN mode Page 54 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide User Guidelines Before defining forbidden ports the Multicast group should be registered Example The following example configures MAC address 0100 5e02 0203 to be forbidden on port 2 e9 with
13. show qos The show qos User EXEC mode command displays quality of service QoS for the device Syntax show gos Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode User EXEC mode Page 215 QoS Commands User Guidelines There are no user guidelines for this command Example The following example displays QoS attributes when QoS is disabled on the device console gt show qos Qos disable Trust dscp priority queue out num of queues The priority queue out num of queues Global Configuration mode command configures the number of expedite queues Use the no form of this command to return to the default configuration Syntax priority queue out num of queues number of queues no priority queue out num of queues Parameters e number of queues Specifies the number of expedite queues The expedite queues are the queues with higher indexes Available options 0 and 4 Default Configuration All queues are expediting queues Command Mode Global Configuration mode User Guidelines When the specified number of expedite queues is 0 all queues are assured forwarding WRR When the specified number of expedite queues is 4 all queues are expedited Example The following example configures the number of expedite queues as 0 console config priority queue out num of queues 0 rate limit The rate limit Int
14. 2 2 2 hep ea bee eect cs ela raie E AENEA al a eet ete lode dd 306 SHOW JOGGING NG iii cda di adi is 307 ShOwSYSIOG SCIVEIS ese eae el een Ge eee 308 Chapter 31 TACACS Commands escccseeeeeeeseeeeeeeesseeeeeeseneeeessseeeeeeeseeeeeeaseeneeeenesnenees 310 taACACS SEIVer MOS diia id ted lo 310 TACACS SELVEr KEY iii A A ee 311 tacacs Server Meditacion iodo 311 TACACS SErVEF SOUTE IPod dci do 312 SNOW TACACS ica betel A E E TET E E dees rvbenckepebesaeveeehs 312 Chapter 32 Tunnel Commands ooommccccnnncccccnnnnaccnnnnnnncnn cnn cercar nena cnn renacer 314 MA a deagicdewethasantadenddiedeel ai anneal gabteaubbagecss a 314 tunnel Mode ipoipo cecece hye ee epee ete ES bees ved iti E 314 tunnel isatap Outen cita a a as io a ota Nuns 315 turinel SOUICO ita Pet atin ee een c 316 tunnel isatap query interval oooconncccccnonancncncnnnnanonnnnnnnnnnnncnnnnnnn cnn EIEEE cnn rn AREER EE AEAEE 316 tunnel isatap solicitation interval veias nia ra i 317 tunnel isatap TODUSIMOSS cocino NAS tea ensues Sean duce heed DOE AR DR ab 318 O ete ih ea ate slated anit AEA seach aniee nae 318 Chapter 33 System Management COMMANAS cccccceceeceseeeeeeeeeseeeeeeeeseeeeeenseeneeeeneeeeeees 320 PING sitccescccceg cet aea coda canes cease sdabvonaddneacesadesscaveden desedtoacdianaieoas E ada veravaededsaaodias 320 A 321 Page 10 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide ele a E PEA E E E eer eP ee ere ter ore reer
15. A valid source IP address mask A valid network mask of the source IP address prefix lengih Number of bits that comprise the source IP address prefix The prefix length must be preceded by a forward slash Range 0 32 e service Service type Possible values telnet ssh http https and snmp Default Configuration If no permit rule is defined the default is set to deny Command Mode Management Access list Configuration mode Page 195 Management ACL Commands User Guidelines Rules with Ethernet VLAN and port channel parameters are valid only if an IP address is defined on the appropriate interface The system supports up to 128 management access rules Example The following example permits all ports in the mlist Access List console config management access list mlist console config macl permit deny Management The deny Management Access List Configuration mode command defines a deny rule Syntax deny ethernet interface number vlan vian id port channel port channel number service service deny ip source p address mask mask prefix lengih ethernet interface number vlan vian id port channel port channel number service service Parameters interface number A valid Ethernet port number vlan id A valid VLAN number e port channel number A valid port channel number e p address A valid source IP address mask A val
16. Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Default Configuration GVRP is disabled on all interfaces Command Mode Interface Configuration Ethernet port channel mode User Guidelines An access port does not dynamically join a VLAN because it is always a member in only one VLAN Membership in an untagged VLAN is propagated in the same way as in a tagged VLAN That is the PVID is manually defined as the untagged VLAN VID Example The following example enables GVRP on Ethernet port 1 e6 console config interface ethernet 1 e6 console config if gvrp enable garp timer The garp timer Interface Configuration Ethernet Port channel mode command adjusts the values of the join leave and leave all timers of GARP applications Use the no form of this command to return to the default configuration Syntax garp timer join leave leaveall timer_value no garp timer Parameters join leave leaveall Indicates the type of timer timer_value Timer values in milliseconds in multiples of 10 Range 10 2147483647 Default Configuration Following are the default timer values e Join timer 200 milliseconds Leave timer 600 milliseconds Leavall timer 10000 milliseconds Command Mode Interface configuration Ethernet port channel mode User Guidelines The following relationship must be maintained between the timers Leave time must be greater than or e
17. Default Configuration There is no default configuration for this command Command Mode Exec mode User Guidelines There are no user guidelines for this command Page 50 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example Console show accounting Login Radius 802 1x Disabled Page 51 Address Table Commands Chapter 4 Address Table Commands bridge address The bridge address Interface Configuration VLAN mode command adds a MAC layer station source address to the bridge table Use the no form of this command to delete the MAC address Syntax bridge address mac address ethernet interface port channel port channel number permanent permanent delete on reset delete on reset delete on timeout delete on timeout secure secure no bridge address mac address Parameters mac address A valid MAC address interface A valid Ethernet port port channel number A valid port channel number permanent The address can only be deleted by the no bridge address command e delete on reset The address is deleted after reset e delete on timeout The address is deleted after age out time has expired e secure The address is deleted after the port changes mode to unlock learning no port security command This parameter is only available when the port is in the learning locked mode Default Configuration No static addresses are defined The de
18. Example The following example displays information about inline power console gt show power inline Power On Nominal Power 150 Watt Consumed Power 120 Watts 80 Usage Threshold 95 Traps Enabled Port Powered Device State Priority Status 1 el IP Phone Model A Auto High On 2 el Wireless AP Model Auto Low On Classification w 0 44 12 95 0 44 3 84 Page 211 3 el Power over Ethernet Commands Auto Low Off N A console show power inline ethernet 4 el Port Powered Device 4 el Overload Counter Short Counter Denied Counter Absent Counter Invalid Signature Counter State Status Priority Class Auto On low classl 0 0 0 1 0 The following table describes the significant fields shown in the example Field Description Power The operational status of the inline power sourcing equipment Nominal Power The nominal power of the inline power sourcing equipment in Watts Consumed Power Measured usage power in Watts Usage Threshold The usage threshold expressed in percents for comparing the measured power and initiating an alarm if threshold is exceeded Traps Indicates if inline power traps are enabled Port The Ethernet port number Powered Device Description of the powered device type State Indicates if the port is enabled to provide power Can be Auto or Never Priority The priority of the port from
19. Forbid forwarding all Multicast packets remove Do not forbid forwarding all Multicast packets interface list Separates nonconsecutive Ethernet ports with a comma and no spaces use a hyphen to designate a range of ports port channel number list Separates nonconsecutive port channels with a comma and no spaces use a hyphen to designate a range of port channels Page 56 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Default Configuration This setting is disabled Command Mode Interface Configuration VLAN mode User Guidelines IGMP snooping dynamically discovers Multicast router ports When a Multicast router port is discovered all the Multicast packets are forwarded to it unconditionally This command prevents a port from becoming a Multicast router port Example The following example forbids forwarding all Multicast packets to 1 e1 with VLAN 2 console config interface vlan 2 console config if bridge multicast forbidden forward all add ethernet 1 el bridge aging time The bridge aging time Global Configuration mode command sets the aging time of the Address Table Use the no form of this command to restore the default Syntax bridge aging time seconds no bridge aging time Parameters e seconds Aging time range in seconds indicating how long an entry remains in address table Range 10 630 seconds Default Configuration The default
20. Page 331 Unit Unit Unit Serial 160 174 AT 8000GS 24 AT 8000GS 48 Main Power Supply OK OK 00 03 38 12 00 03 34 44 number System Management Commands Redundant Power Supply System System System System System System console show system unit 2 Description Up Time days hour min sec Contact Name Location MAC Address show system id The show system id Privileged EXEC mode command displays the system identity information Syntax show system id unit unif 24 port 10 100 1000 Ethernet Switch 00 03 38 25 Stack 00 31 07 19513 2 00 Page 332 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters unit unit Unit number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the system information console gt show system id Serial number 8936589782 Unit Serial number 1 8936589782 2 3216523877 show version The show version User EXEC mode command displays system version information Syntax show version unit unit Parameters e unit Specifies the number of the unit Range 1 6 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines
21. Syntax ip http authentication method method2 no ip http authentication Parameters method1 method2 Specify at least one from the following table Keyword Description local Uses the local username database for authentication none Uses no authentication Page 42 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide radius Uses the list of all RADIUS servers for authentication tacacs Uses the list of all TACACS servers for authentication Default Configuration The local user database is checked This has the same effect as the command ip http authentication ocal Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method returns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line Example The following example configures the HTTP authentication Console config ip http authentication radius local ip https authentication The ip https authentication Global Configuration mode command specifies authentication methods for HTTPS server users Use the no form of this command to return to the default configuration Syntax ip https authentication method method2 no ip https authentication Parameters e method1 method2 Specify at leas
22. Syntax show ip ssh Page 295 SSH Commands Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the SSH server configuration console show ip ssh SSH server enabled Port 22 RSA key was generated DSA DSS key was generated SSH Public Key Authentication is enabled Active incoming sessions IP address SSH username Version Cipher Auth Code 12x 165051 John Brown 2 0 3 DES HMAC SHA1 The following table describes significant fields shown above Field Description IP address Client address SSH username User name Version SSH version number Cipher Encryption type 3DES Blowfish RC4 Auth Code Authentication Code HMAC MD5 HMAC SHA1 show crypto key mypubkey The show crypto key mypubkey Privileged EXEC mode command displays the SSH public keys on the device Syntax show crypto key mypubkey rsa dsa Parameters e rsa Indicates the RSA key dsa Indicates the DSA key Page 296 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following ex
23. The autobaud Line Configuration mode command sets the line for automatic baud rate detection autobaud Use the no form of this command to disable automatic baud rate detection Syntax autobaud no autobaud Parameters This command has no arguments or keywords Default Configuration Autobaud is disabled Command Mode Line Configuration console mode User Guidelines This command is available only on the line console To start communication using Autobaud press lt Enter gt twice This configuration applies only to the current session Example The following example enables autobaud console config f line console console config line autobaud Page 156 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide exec timeout The exec timeout Line Configuration mode command sets the interval that the system waits until user input is detected Use the no form of this command to return to the default configuration Syntax exec timeout minutes seconds no exec timeout Parameters e minutes Specifies the number of minutes Range 0 65535 e seconds Specifies additional time intervals in seconds Range 0 59 Default Configuration The default configuration is 10 minutes Command Mode Line Configuration mode User Guidelines To specify no timeout enter the exec timeout 0 command Example The following example configures the interval that the system waits until us
24. Default Configuration 10 seconds Command Mode Global Configuration mode User Guidelines e This command determines the interval of DNS queries before the IP address of the ISATAP router is known When the IP address is known the robustness level that is set by the tunnel isatap robustness global configuration command determines the refresh rate Example The following example configures the interval between DNS Queries for the automatic tunnel router domain to 60 seconds console config tunnel isatap query interval 60 tunnel isatap solicitation interval The tunnel isatap solicitation interval Global Configuration mode command configures the interval between ISATAP router solicitations messages when there is no active ISATAP router Use the no form of this command to return to the default Syntax tunnel isatap solicitation interval seconds no tunnel isatap solicitation interval Parameters e seconds Specifies the number of seconds between ISATAP router solicitations messages Range 10 3600 Default Configuration 10 seconds Command Mode Global Configuration mode User Guidelines e This command determines the interval of Router Solicitation messages when there is no active ISATAP router When there is an active ISATAP router the robustness level that is set by the tunnel isatap robustness global configuration command determines the refresh rate Page 317 Tunnel Commands Example T
25. Default Configuration The default connection number is that of the most recent connection Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following command switches to open Telnet session number 1 console gt resume 1 hostname The hostname Global Configuration mode command specifies or modifies the device host name Use the no form of this command to remove the existing host name Syntax hostname name no hostname Parameters name The host name of the device Range 1 158 characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Page 325 System Management Commands Example The following example specifies the device host name console config hostname stack stack config no hostname console config stack master The stack master Global Configuration mode command enables forcing the selection of a stack master Use the no form of this command to return to the default configuration Syntax stack master unit unit no stack master Parameters unit Unit number of the new master Range 1 2 Default Configuration Disables forcing the selection of a stack master Command Mode Global Configuration mode User Guidelines This command is not relevant to standalone devices
26. Example The following example displays the Multicast configuration for VLAN 1 console show bridge multicast filtering 1 Filtering Enabled VLAN 1 Forward All Port Static Status el Filter e2 Filter e3 Filter e4 Filter e5 Filter e6 Filter el Filter e8 Filter e9 Filter el0 Filter ell Filter e12 Filter Page 67 Address Table Commands show bridge multicast unregistered Use The show bridge multicast unregistered User EXEC mode command displays the unregistered multicast filtering configuration Syntax show bridge multicast unregistered ethernet interface port channel port channel number Parameters e interface Specify the required Ethernet port to display e port channel number Specify the required Port channel number to display Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the Multicast configuration for VLAN 1 console show bridge multicast unregistered Port Unregistered 1 e10 Forward 1 e11 Filter 1 e12 Filter show ports security The show ports security Privileged EXEC mode command displays the port lock status Syntax show ports security ethernet interface port channel port channel number Parameters e interface A valid Ethernet port port channel
27. Example The following example groups port channels 1 2 and 6 to receive the same command console config interface range port channel 1 2 6 channel group The channel group Interface Configuration Ethernet mode command associates a port with a port channel Use the no form of this command to remove a port from a port channel Syntax channel group port channel number no channel group Parameters port channel number Specifies the number of the valid port channel for the current port to join Default Configuration The port is not assigned to a port channel Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example forces port 1 e1 to join port channel 1 console config f interface ethernet 1 el console config 1f channel group 1 mode on 01 Oct 2008 09 47 14 SLINK W Down chl console config 1f show interfaces port channel The show interfaces port channel Privileged EXEC mode command displays port channel information Syntax show interfaces port channel port channel number Page 204 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command
28. FALSE 0 00 00 00 00 00 O G O O 0 a OS LONG PASSIVE AGGREGATABLE FALSE FALSE FALSE FALSE Port Disabled State Detached State No Periodic State FALSE TRUE FALSE UNSELECTED FALSE FALSE FALSE Page 171 show lacp port channel LACP Commands The show lacp port channel Privileged EXEC mode command displays LACP information for a port channel Syntax show lacp port channel port_channel_number Parameters port_channel_number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays LACP information about port channel 1 console show lacp port channel 1 Port Channel 1 Port Type 1000 Ethernet Actor System Priority il MAC Address 00 02 85 0E 1C 00 Admin Key 29 Oper Key 29 Partner System Priority 0 MAC Address 00 00 00 00 00 00 Oper Key 14 Page 172 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Page 173 LLDP Commands Chapter 17 LLDP Commands Ildp enable global The Ildp enable Global Configuration mode command enables the Link Layer Discovery Protocol LLDP Use the no form of this command to disable LLDP Syntax lldp enable no Ildp enable Parameters This command has no parameter settings Default Configuration
29. The name of the user Range 1 20 characters e password The authentication password for the user Range 1 159 characters level The user level Range 1 15 e encrypted Encrypted password entered copied from another device configuration Default Configuration No user is defined Command Mode Global Configuration mode User Guidelines User account can be created without a password A single username can be defined for privilege level 1 and another one for privilege level 15 Default usernames Privilege level 1 username operator password operator Privilege level 15 username manager password friend Example The following example configures user bob with password lee and user level 15 to the system Console config username bob password lee level 15 aaa accounting login The aaa accounting login Global Configuration mode command defines accounting of device management sessions Use the no form of this command to disable accounting Syntax aaa accounting login radius no aaa accounting login Parameters e radius Accounting is performed by a RADIUS server Default Configuration Disabled Page 46 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Global Configuration mode User Guidelines This command enables the recording of device management sessions Telnet serial and Web but not SNMP e Itrecords only users that we
30. To see the SNMP engine ID configuration enter the snmp server enginelD local Global Configuration mode command Example The following example enables SNMPv3 on the device and sets the local engine ID of the device to the default value console config snmp server engineID local default snmp server enable traps The snmp server enable traps Global Configuration mode command enables the device to send SNMP traps Use the no form of this command to disable SNMP traps Syntax snmp server enable traps no snmp server enable traps Parameters This command has no arguments or keywords Default Configuration SNMP traps are enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables SNMP traps console config snmp server enable traps snmp server filter The snmp server filter Global Configuration mode command creates or updates a Simple Network Management Protocol SNMP server filter entry Use the no form of this command to remove the specified SNMP server filter entry Page 249 SNMP Commands Syntax snmp server filter filter name oid tree included excluded no snmp server filter filter name oid tree Parameters e filterrname Specifies the label for the filter record that is being updated or created The name is used to reference the record Range 1 30 characters oid tree Spec
31. aaa accounting login 46 aaa authentication dot1x 372 aaa authentication dot1x default 372 aaa authentication enable 40 aaa authentication login 39 aaa logging 304 abort mst 277 autobaud 156 B back pressure 106 boot system 89 94 bridge address 52 bridge aging time 57 bridge multicast address 53 bridge multicast filtering 52 bridge multicast forbidden address 54 bridge multicast forbidden forward all 56 bridge multicast forward all 55 bridge multicast unregistered 55 channel group 204 clear bridge 58 clear counters 106 107 clear gvrp statistics 121 clear ipv6 neighbors 154 clear lldp rx 182 clear logging 302 clear logging file 303 clear spanning tree detected protocol 270 CLI Command Conventions 22 CLI Command Modes 17 clock set 71 clock source 71 clock summer time 73 clock timezone 72 Index Page 392 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Completion 21 configure 337 Contacting Allied Telesis 16 copy 85 93 162 crypto certificate generate 364 crypto certificate import 367 crypto certificate request 365 crypto key generate dsa 291 crypto key generate rsa 291 crypto key pubkey chain ssh 293 D delete 88 93 deny IPv6 32 deny Management 196 description 102 disable 336 Document Conventions 15 dot1x guest vlan 385 386 dot1x guest vlan enable 389 dot1x guest vlan timeout 389 dot1x max req 377 dot1x port control 373 dot1x radi
32. port storm control broadcast enable 115 port storm control broadcast rate 116 port storm control include multicast IC 115 power inline 208 power inline powered device 208 power inline priority 209 power inline traps enable 210 power inline usage threshold 210 Preface 14 priority queue out num of queues 216 Privileged EXEC Mode 17 Q qos 215 qos cos 221 qos map dscp queue 220 Index Page 396 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide gos trust Global 221 R radius server deadtime 228 radius server host 224 radius server key 225 radius server retransmit 225 radius server source 1p 226 radius server source ipv6 227 radius server timeout 227 rate limit 216 reload 324 325 revision mst 275 rmon alarm 236 rmon collection history 232 rmon event 240 rmon table size 242 S set interface active 107 show mst 276 show arp 140 show authentication methods 44 show bridge address table 61 show bridge address table count 62 64 show bridge address table static 62 show bridge multicast address table 64 show bridge multicast filtering 66 show bridge multicast unregistered 68 show clock 81 show copper ports cable length 200 show copper ports tdr 199 show crypto certificate mycertificate 369 show crypto key mypubkey 296 show crypto key pubkey chain ssh 297 show dot1x 379 show dot1x advanced 391 show dotIx statistics 383 show dot1x users 381 show fiber ports optical tra
33. rere na 176 16 8 9 DHCP Cache TTL Hours Host Total Elapsed Type Addresses AO a er O O Page 145 IPv6 Addressing Commands Chapter 12 IPv6 Addressing Commands ipv6 enable The ipv6 enable Interface Configuration mode command enables IPv6 processing on an interface Use the no form of this command to disable IPv6 processing on an interface Syntax ipv6 enable no autocontfig no ipv6 enable Parameters no autoconfig Enables IPv6 processing on an interface without the stateless address autoconfiguration procedure Default Configuration IPv6 is disabled Command Mode Interface Configuration Ethernet VLAN Port channel mode This command cannot be configured for a range of interfaces range context User Guidelines The ipv6 enable command automatically configures an IPv6 link local unicast address on the interface while also enabling the interface for IPv6 processing The no ipv6 enable command removes the entire IPv6 interface configuration Example The following example enables IPv6 processing on VLAN 1 console config interface vlan 1 console config if ipv6 enable ipv6 address The ipv6 address Interface Configuration mode command sets an IPV6 address Use the no form of this command to remove an IPV6 address from the interface Syntax ipv6 address pv6 address prefix length eui 64 anycast no ipv6 address ijpv6 address prefix length eui 64 Page 14
34. to this threshold and the value at the last sampling interval is less than this threshold a single event is generated Falling Threshold A sampled statistic threshold When the current sampled value is less than or equal to this threshold and the value at the last sampling interval is greater than this threshold a single event is generated Rising Event The event index used when a rising threshold is crossed Page 239 RMON Commands Falling Event The event index used when a falling threshold is crossed Owner The entity that configured this entry rmon event The rmon event Global Configuration mode command configures an event Use the no form of this command to remove an event Syntax rmon event index type community text description text owner name no rmon event index Parameters e index Specifies the event index Range 1 65535 e type Specifies the type of notification generated by the device about this event Possible values none log trap log trap community text If the specified notification type is trap an SNMP trap is sent to the SNMP community specified by this octet string Range 0 127 characters description text Specifies a comment describing this event Range 0 127 characters e name Specifies the name of the person who configured this event If unspecified the name is an empty string Default Configuration This command
35. 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Root ID Priority 32768 Address 00 01 42 97 e0 00 This switch is root for CST and IST master Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Page 289 SSH Commands Chapter 29 SSH Commands ip ssh port The ip ssh port Global Configuration mode command specifies the port to be used by the SSH server Use the no form of this command to return to the default configuration Syntax ip ssh port port number no ip ssh port Parameters port number Port number for use by the SSH server Range 1 65535 Default Configuration The default port number is 22 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the port to be used by the SSH server as 8080 console config ip ssh port 8080 ip ssh server The ip ssh server Global Configuration mode command enables the device to be configured from a SSH server Use the no form of this command to disable this function Syntax ip ssh server no ip ssh server Parameters This command has no arguments or keywords Default Configuration Device configuration from a SSH server is enabled Page 290 Allied Telesis
36. 17 LLDP CommandsS cuisine 174 lap enanle global eine tddi dea dec Ae 174 Ildp enable interface ocidero arai iiei ENE ANEAN ANAA Eea 174 COUT AEAEE ENA O 175 lap hold Multiplier civic a i i e a e e i a i a eta 176 lap renit acla aaiue a i e ea e dat E ede 176 Page 6 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide AAA PP en Win a et a 177 dp opun aoea a a Ea tii baga redes Medi eta 177 lldp Management addresS eisereen non 178 AP AOUICAMONS iii A A A iD 179 A A a i eA ee 179 lldp med network policy global coooonnnccccnnnnnoccccnnnnnoccccnnnnorrcccnnn nn c cnn cnn rn nn 180 lldp med network policy INterface oocoonnncccnnnnnoccccnnnoconcccnnnncorn cn nn nn nc cn nana rc cnn 181 lIdp Med lOCatiOn is coil ta 181 Clear o A ie el a ee a ed nO ee en 182 Show Ildp COnTIQUraTION vimos toda boto petra end 183 show lldp Med configuration sere eee eeteeee eee eene eee eeeeeae eee eeeeaaeeeeeeeaaaeeeeeeeaaaeeeeseeaaaeeeeseeaaeeeeseenaaeeeseeeaaes 184 Show Mp local A A dea N E AAA 185 show ldap MSI iii nthe a niin shee ch eset eee ee ete 187 Chapter 18 Login Banner COMMANGG cccccesseeeeeeeeeeeeeeeeeeeeeeeseeneeeeseeeeeeenseeeeeeenseeeeeees 192 FOCUS AAI Fess oe A di 192 Show login DAM A A A dd 192 Chapter 19 Management ACL COMMANAS cccccmnnncccnnnonnncnnnnnccnnnanancnncnnnnnrrrnnnnrr nan 194 management access list ae cita lata 194 permit Management esrar a cado dad a 195 deny Manage mei
37. 192 168 1 120 bill Telnet 192 168 1 101 console show sessions The show sessions User EXEC mode command lists open Telnet sessions Syntax show sessions Parameters This command has no arguments or keywords Default Configuration There is no default configuration for this command Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Page 330 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example lists open Telnet sessions console gt show sessions Connection Host Address Port Byte a Remote device 172 16 1 1 23 89 2 1726 1 2 172 16 1 2 23 8 The following table describes significant fields shown above Field Description Connection Connection number Host Remote host to which the device is connected through a Telnet session Address IP address of the remote host Port Telnet TCP port number Byte Number of unread bytes for the user to see on the connection show system The show system User EXEC mode command displays system information Syntax show system unit unit Parameters e unit Specifies the number of the unit Range 1 6 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the system information console show system
38. 386 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example forwards frames with source addresses that are not the supplicant address and sends consecutive traps at intervals of 100 seconds console config interface ethernet 1 16 console config if dotlx single host violation forward trap 100 dot1x mac authentication The mac authentication Interface Configuration mode command enables authentication based on the station s MAC address Use the no form of this command to disable MAC authentication Syntax dot1x mac authentication mac only mac and 802 1x no dot1x mac authentication Parameters e mac only Enable authentication based on the station s MAC address only 802 1X frames are ignored e mac and 802 1x Enable 802 1X authentication and MAC address authentication on the interface Default Configuration Disabled Command Mode Interface configuration Ethernet User Guidelines Guest VLAN must be enabled when MAC authentication is enabled Static MAC addresses can t be authorized Do not change authenticated MAC address to static address It is not recommended to delete authenticated MAC addresses Reauthentication must be enabled when working in this mode Example The following example enables authentication based on the station s MAC address console configure console config interface ethernet 1 el console config if dotlx mac authentic
39. AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Global Configuration mode User Guidelines If encryption keys are not generated the SSH server is in standby until the keys are generated To generate SSH server keys use the crypto key generate dsa and crypto key generate rsa Global Configuration mode commands Example The following example enables configuring the device from a SSH server console config ip ssh server crypto key generate dsa The crypto key generate dsa Global Configuration mode command generates DSA key pairs Syntax crypto key generate dsa Parameters This command has no arguments or keywords Default Configuration DSA key pairs do not exist Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs one public DSA key and one private DSA key If the device already has DSA keys a warning and prompt to replace the existing keys with new keys are displayed This command is not saved in the device configuration however the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up on another device DSA keys are saved to the backup master This command may take a considerable period of time to execute Example The following example generates DSA key pairs console config crypto key generate dsa crypto key generate rsa The crypto key generate rsa Global Conf
40. Age 20 sec Forward Delay 15 sec IST Master ID Priority 32768 Address 00 02 4b 29 7a 00 This switch is the IST master Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Interfaces Page 284 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Name el e2 e3 e4 CST Root ID Bridge ID Interfaces Name el e2 e3 e4 CST Root ID Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Prio Nbr 128 2 128 3 128 4 MST 1 Vlans Mapped 10 20 Priority Address Path Cost Root Port Rem hops Priority Address Prio Nbr 128 3 128 4 Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 Priority Address Path Cost Root Port console show spanning tree detail Cost Sts 20000 FWD 20000 FWD 20000 FWD 20000 FWD 24576 00 02 4b 29 89 76 20000 4 1 4 19 32768 00 02 4b 29 7a 00 Cost Sts 20000 FWD 20000 FWD 20000 BLK 20000 FWD 21 4094 32768 00 01 42 97 e0 00 20000 1 1 1 Desg Desg Desg Boun Altn Desg PortFast PortFast P2p Bound RSTP Shared Bound STP P2p P2p P2p Bound RSTP Shared Bound STP P2p P2p Page 285 Hello Time 2 sec Max Age 20 sec IST Master ID Priority 32768 Address 00 02 4b 29 7a 00 This switch is the IST master Hello Time 2 sec Max Age 20 sec
41. Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example enables powered device discovery protocol on port 1 e1 so that power will be supplied to a discovered device console config interface ethernet 1 el console config 1f power inline auto power inline powered device The power inline powered device Interface Configuration Ethernet mode command adds a comment or description of the powered device type to enable the user to remember what is attached to the interface Use the no form of this command to remove the description Syntax power inline powered device pd type no power inline powered device Parameters e pd type Specifies the type of powered device attached to the interface Range 1 24 characters Page 208 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Default Configuration This command has no default configuration Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example configures a description to an IP phone to a powered device connected to Ethernet interface 1 e1 console config interface ethernet 1 el console config if power inline powered device IP phone power inline priority The power inline priority Interface Configuration Ethernet mode command configu
42. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays ACLs applied to the interfaces of a device console show interfaces access lists Interface Input ACL 1 e1 ACL1 2 el ACL3 Page 38 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 3 AAA Commands aaa authentication login The aaa authentication login Global Configuration mode command defines login authentication Use the no form of this command to return to the default configuration Syntax aaa authentication login default ist name method1 methoa2 no aaa authentication login default ist name Parameters default Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in e listname Character string used to name the list of authentication methods activated when a user logs in Range 1 12 characters method1 method2 Specify at least one from the following table Keyword Description enable Uses the enable password for authentication line Uses the line password for authentication local Uses the local username database for authentication none Uses no authentication radius Uses the list of all RADIUS servers for authentication tacacs Uses the list of all TACACS servers for authentication Default Configu
43. Disabled Port id 128 5 Type N A configured auto Designated bridge Priority N A Designated port id N A BPDU sent N A received N A umber of transitions to forwarding state umber of transitions to forwarding state umber of transitions to forwarding state Role N A Port cost 20000 Port Fast N A configured no Address N A Designated path cost N A Role Alternate Port cost 20000 Port Fast No configured no Address 00 30 94 41 62 c8 Designated path cost 20000 BPDU Guard Disabled Role N A Port cost 20000 Port Fast N A configured no Address N A Designated path cost N A Page 283 Spanning Tree Commands console show spanning tree ethernet 1 el Port 1 1 e1 enabled State Forwarding Role Root Port id 128 1 Port cost 20000 Type P2p configured auto RSTP Port Fast No configured no Designated bridge Priority 32768 Address 00 01 42 97 e0 00 Designated port id 128 25 Designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 console show spanning tree mst configuration Name Regionl Revision 1 Instance Vlans mapped State 0 1 9 21 4094 Enabled 1 10 20 Enabled console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Root ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 el1 Hello Time 2 sec Max
44. Global Configuration mode User Guidelines For any DHCP snooping configuration to take effect DHCP snooping must be globally enabled DHCP snooping is not active until snooping on a VLAN is enabled by using the ip dhcp snooping VLAN Global Configuration mode command Example The following example configures globally enabling DHCP snooping console config ip dhcp snooping ip dhcp snooping vian The ip dhcp snooping vlan Global Configuration mode command enables DHCP snooping on a VLAN Use the no form of this command to disable DHCP snooping on a VLAN Syntax ip dhcp snooping vlan vian id no ip dhcp snooping vlan vian id Parameters e vlan id Specify VLAN ID Default Configuration Disabled Page 93 DHCP Snooping Commands Command Mode Global Configuration mode User Guidelines DHCP snooping must be first globally enabled before enabling DHCP snooping on a VLAN Example The following example configures DHCP snooping on a VLAN console config ip dhcp snooping vlan 1 ip dhcp snooping trust The ip dhcp snooping trust Interface Configuration mode command configures a port as trusted for DHCP snooping purposes Use the no form of this command to return to the default setting Syntax ip dhcp snooping trust no ip dhcp snooping trust Parameters This command has no arguments or keywords Default Configuration Interface configuration Ethernet Port channel Command Mode Interfa
45. LLDP is enabled Command Mode Global Configuration mode User Guidelines There are no guidelines for this command Example The following example enables LLDP console config lldp enable Ildp enable interface The Ildp enable Interface Configuration mode command enables LLDP on an interface Use the no form of this command to disable LLDP on an interface Syntax lldp enable rx tx both no lldp enable Parameters e rx Receives only LLDP packets tx Transmits only LLDP packets e both Receives and transmits LLDP packets default Page 174 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Default Configuration Enabled in both modes Command Modes Interface Configuration Ethernet mode User Guidelines LLDP manages LAG ports individually LLDP sends separate advertisements on each port in a LAG LLDP data received through LAG ports is stored individually per port An LLDP operation on a port is not dependent on the STP state of a port This means that LLDP frames are sent and received on blocked ports If a port is controlled by 802 1X LLDP operates only if the port is authorized Examples The following example enables LLDP on an interface console config interface ethernet e5 console config if lldp enable Ildp timer The Ildp timer command Global Configuration mode command specifies how often the system sends LLDP updates U
46. Max hops 20 Number of topology changes 2 last change occurred 2d18h ago Times hold 1 topology change 35 notification 2 hello 2 max age 20 forward delay 15 BPDU sent 2 received 120638 Port 2 1 e2 enabled umber of transitions to forwarding state 1 BPDU sent 2 received 170638 Port 3 1 e3 enabled umber of transitions to forwarding state 1 BPDU sent 2 received 170638 Port 1 1 e1 enabled State Forwarding Role Root Port id 128 1 Port cost 20000 Type P2p configured auto Boundary RSTP Port Fast No configured no Designated bridge Priority 32768 Address 00 01 42 97 e0 00 Designated port id 128 25 Designated path cost 0 umber of transitions to forwarding state 1 State Forwarding Role Designated Port id 128 2 Port cost 20000 Type Shared configured auto Boundary STP Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 2 Designated path cost 20000 State Forwarding Role Designated Port id 128 3 Port cost 20000 Type Shared configured auto Internal Port Fast No configured no Designated bridge Priority 32768 Address 00 02 4b 29 7a 00 Designated port id 128 3 Designated path cost 20000 Spanning Tree Commands Forward Delay 15 sec Forward Delay 15 sec Page 286 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Port 4 1 e4 enabled State Forwarding Port id 128
47. Mode Global Configuration mode User Guidelines The system internally keeps time in UTC so this command is used only for display purposes and when the time is manually set Example The following example sets the timezone to 6 hours difference from UTC Console config clock timezone 6 zone CST Page 72 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide clock summer time The clock summer time Global Configuration mode command configures the system to automatically switch to summer time daylight saving time Use the no form of this command to configure the software not to automatically switch to summer time Syntax clock summer time recurring usa eu week day month hh mm week day month hh mm offset offset zone acronym clock summer time date date month year hh mm date month year hh mm offset offsef zone acronym clock summer time date month date year hh mm month date year hh mm offset offset zone acronym no clock summer time recurring Parameters e recurring Indicates that summer time should start and end on the corresponding specified days every year e date Indicates that summer time should start on the first specific date listed in the command and end on the second specific date in the command usa The summer time rules are the United States rules eu The summer time rules are the European Union rules e week Week of the month Range 1 5
48. Name Capabilities 1 e1 0060 704C 73FE i ts 7800 2 B 1 e2 0060 704C 73FD 1 ts 7800 2 B 1 e4 0060 704C 73FC 9 ts 7900 1 B R 1 e5 0060 704C 73FB i ts 7900 2 W console show lldp neighbors ethernet 1 1 Device ID 0060 704C 73FE Port ID 1 System Name ts 7800 2 Capabilities B System description Port description Management address 172 16 1 1 802 3 MAC PHY Configuration Status Auto negotiation support Supported Auto negotiation status Enabled Auto negotiation Advertised Capabilities 100BASE TX full duplex 1000BASE T full duplex Operational MAU type 1000BaseTFD LLDP MED capabilities Network Policy LLDP MED Device type Endpoint class 2 LLDP MED Network policy Application type Voice lags Unknown policy VLAN ID 0 Layer 2 priority 0 Page 188 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide DSCP 0 Power priority High LLDP MED Inventory Model name TR12 Asset ID 9 Power value 9 6 Watts Hardware revision 2 Firmware revision 2 3 Software revision 2 7 1 Manufacturer name VP LLDP MED Power over Ethernet Device Type Power Device Power source Primary power Serial number LM759846587 The following table describes significant LLDP fields Field Description Port The port number Device ID The configured ID name or MAC address of the neighbor device Port ID The port ID of the neighbor
49. S94 3 0 Command Line Interface User s Guide show dot1x statistics The show dot1x statistics Privileged EXEC mode command displays 802 1X statistics for the specified interface Syntax show dot1x statistics ethernet interface Parameters interface Valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays 802 1X statistics for the specified interface console show dot1x statistics ethernet 1 el EapolFramesRx 11 EapolFramesTx 12 EapolStartFramesRx 12 EapolLogoffFramesRx 1 EapolRespldFramesRx 3 FapolRespFramesRx 6 EapolReqidFramesTx 3 EapolReqFramesTx 6 InvalidEapolFramesRx 0 FapLengthErrorFramesRx 0 LastEapolFrameVersion 1 LastEapolFrameSource 00 08 78 32 98 78 Page 383 802 1x Commands The following table describes the significant fields shown in the display Field Description EapolFramesRx The number of valid EAPOL frames of any type that have been received by this Authenticator EapolFramesTx The number of EAPOL frames of any type that have been transmitted by this Authenticator EapolStartFramesRx The number of EAPOL Start frames that have been received by this Authenticator EapolLogoffFramesRx The number of EAPOL Logoff frames that hav
50. The Privileged EXEC mode gives access to commands that are restricted on User EXEC mode and provides access to the device Configuration mode The Global Configuration mode manages the device configuration on a global level The Interface Configuration mode configures specific interfaces in the device User EXEC Mode In general the User EXEC commands allow the user to perform basic tests and list system information The user level prompt consists of the device host name followed by the angle bracket gt Console gt The default host name is Console unless it has been changed using the hostname command in the Global Configuration mode Privileged EXEC Mode Privileged access is the system default mode and is password protected to prevent unauthorized use because many of the privileged commands set operating system parameters The password is not displayed on the screen and is case sensitive Privileged users enter directly into the Privileged EXEC mode To enter the Privileged EXEC mode from the User EXEC mode perform the following steps 1 At the prompt enter the enable command and press lt Enter gt A password prompt is displayed Page 17 Using the CLI CLI Command Modes 2 Enter the password and press lt Enter gt The password is displayed as The Privileged EXEC mode prompt is displayed The Privileged EXEC mode prompt consists of the device host name followed by Console To ret
51. The following example displays the DHCP option 82 configuration console config show ip dhcp information option Page 163 IP DHCP Relay Chapter 15 IP DHCP Relay ip dhcp relay enable global The ip dhep relay enable Global Configuration command enables Dynamic Host Configuration Protocol DHCP relay features on the router Use the no form of this command to disable the relay agent features Syntax ip dhcp relay enable no ip dhcp relay enable Parameters This command has no arguments or keywords Default Configuration Disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables Dynamic Host Configuration Protocol DHCP relay features on the router console config ip dhcp relay enable ip dhcp relay enable interface The ip dhcp relay enable Interface Configuration command enables Dynamic Host Configuration Protocol DHCP relay features for an interface Use the no form of this command to disable the relay agent features Syntax ip dhcp relay enable no ip dhcp relay enable Parameters This command has no arguments or keywords Default Configuration Dynamic Host Configuration Protocol DHCP relay is enabled Page 164 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Interface Configuration mode VLAN Ethernet Port channel User Guideline
52. The port storm control broadcast rate Interface Configuration Ethernet mode command configures the maximum Broadcast rate Use the no form of this command to return to the default configuration Syntax port storm control broadcast rate rate no port storm control broadcast rate Parameters e rate Maximum kilobits per second of Broadcast and Multicast traffic on a port Range 70 100000 Default Configuration The default storm control Broadcast rate is 3500 Kbits Sec Command Mode Interface Configuration Ethernet mode Page 116 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide User Guidelines Use the port storm control broadcast enable Interface Configuration mode command to enable Broadcast storm control The software displays the actual rate since granularity depends on the requested rate Example The following example configures the maximum storm control Broadcast rate at 900 Kbits Sec console config interface ethernet 1 e5 console config if port storm control broadcast rate 900 show ports storm control The show ports storm control User Privileged EXEC mode command displays the storm control configuration show ports storm control interface Parameters interface A valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelin
53. This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Examples The following examples display dynamic addresses in currently locked ports console show ports security addresses Port Status Learning Current Maximum el Disabled Lock e2 Disabled Lock e3 Enabled Max addresses 0 e4 Port is a member in port channel chl e5 Disabled Lock e6 Enabled Max addresses 0 0 ch1 Enabled Max addresses 0 50 ch2 Enabled Max addresses 0 28 The following example displays dynamic addresses in currently locked port 1 e1 console show ports security addresses ethernet 1 el Port Status Learning Current Maximum 1 e1 Disabled Lock 1 Page 70 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 5 Clock Commands clock set The clock set Privileged EXEC mode command manually sets the system clock To avoid an SNTP conflict this command should only be used if there is no clock source set Syntax clock set hh mm ss day month year or clock set hh mm ss month day year Parameters e hh mm ss Current time in hours military format minutes and seconds hh 0 23 mm 0 59 ss 0 59 e day Current day by date in the month 1 31 month Current month using the first three letters by name Jan Dec e year Current year 2000 2097 Default Configurat
54. USOS il lid lali atte 260 Chapter 28 Spanning Tree COMMANdS ooommcccconncccccnnnnnnncccnnnennnnnnnnc rn 261 SPAMMING TM A aa 261 Spanining tree MO iii A le ange AAA ni 261 Spanning tree forWard tiMe ooooonocccccnnnnocccccnonononcnononanoncnncnnnonnnnn canon cnn nrnnnnn nn Neaera Eun rr ren nr narran rra 262 spanning tree hello tiMe ooocccoonococonononcccnonnnncccnnnnnnnoccno nro cnn cnn cnn nnn cnn cre cnn 263 SPAMMING Tee mar AGS ie dae 263 SPanning tree DIO asii ai rca EE lle ede eens oA in ee ae 264 Spannimg tree disable sinees a a e N ATAA A ete eevee 264 Spanining tree Ostia ti 265 spanning tree port priority oooomcccccnnonccccnnnonencnnnnnnnnccncnnnnne cnn rre 266 Spanning tree pos Mumia Dia a ee Gee ee ee 266 SPANNING tree link typ8 eteeriseen ireen AER e eA E S EE ETA aA RT oe RE RASS 267 spanning tree pathcost method ooooocccccnncocccccnanaccncncnanonncnnnnnnan cnc cnnnnn nn nn cnn nan nn cn nr eee cnn nn nana rn cc cian rncccnnnns 268 spanning tee DU cistitis 268 Spanning tree guard TO bt Dt 269 SA NI A A E A E ae R a 270 clear spanning tree detected protocols oococconoccccconnococcccnonanancccnnncnncnncnnno nn nc cnn nan n cnn cnn cnc naar a nccnnnnnns 270 Spanning tree Mst priority ooooonnccccnononococonnnonnccnnnnnnnnoccno canso cnn nn nnnn cnn nn AA cnn nn Er ERALAR ERRE ANARE EEUE EREDAR 271 Spanning tree mst MAX NOPS ocoomcccccnnnoncccnnnnnonocnnonnnnnncn cnn cnn 271 Spanning tree Mst port pri
55. User Guidelines N A Example The following example specifies the source IP address console config tacacs server source ip 172 16 8 1 show tacacs The show tacacs Privileged EXEC mode command displays configuration and statistical information about a TACACS server Page 312 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Syntax show tacacs ip address Parameters p address Name or IP address of the TACACS server Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays configuration and statistical information about a TACACS server console show tacacs Device Configuration IP address Status Port Single Connection TimeOut Source IP Priority 1712161 1 Connected 49 No Global Global 1 Global values TimeOut 3 Device Configuration Source IP 172 16 8 1 Page 313 Tunnel Commands Chapter 32 Tunnel Commands interface tunnel The interface tunnel Global Configuration mode command enters tunnel interface configuration mode Syntax interface tunnel number Parameters number Tunnel index Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The fol
56. User Guidelines There are no user guidelines for this command Example The following example displays the DSCP port queue map console gt show qos map Dscp queue map dl d2 0 1 2 3 4 5 6 7 8 9 0 01 01 01 01 01 01 01 01 01 01 1 01 01 01 01 01 01 02 02 02 02 2 02 02 02 02 02 02 02 02 02 02 3 02 02 03 03 03 03 03 03 03 03 4 03 03 03 03 03 03 03 03 04 04 5 04 04 04 04 04 04 04 04 04 04 6 04 04 04 04 Page 222 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide The following table describes the significant fields shown above Column Description d1 Decimal Bit 1 of DSCP d2 Decimal Bit 2 of DSCP 01 04 Queue numbers Page 223 Radius Commands Chapter 25 Radius Commands radius server host The radius server host Global Configuration mode command specifies a RADIUS server host Use the no form of this command to delete the specified RADIUS host Syntax radius server host ipv4 address ipv6 address hostname auth port auth port number timeout timeouf retransmit retries deadtime deaatime key key string source pv4 source jpv6 source priority priority usage type no radius server host ipv4 address pv6 address hostname Parameters pv4 address Pv4 address of the RADIUS server host pv6 address Pv6 address of the RADIUS server host e hostname Hostname of the RADIUS server host Range 1 158 characters
57. User Guidelines This command is relevant to FE devices only To control Multicasts storms use the port storm control broadcast enable and port storm control broadcast rate commands Example The following example enables counting Broadcast and Multicast packets on Ethernet port 2 e3 console config interface ethernet 2 e3 console config if port storm control include multicast port storm control broadcast enable The port storm control broadcast enable Interface Configuration Ethernet mode command enables Broadcast storm control Use the no form of this command to disable Broadcast storm control Page 115 Ethernet Configuration Commands Syntax port storm control broadcast enable no port storm control broadcast enable Parameters This command has no arguments or keywords Default Configuration Broadcast storm control is disabled Command Modes Interface Configuration Ethernet mode User Guidelines Use the port storm control broadcast rate Interface Configuration Ethernet mode command to set the maximum allowable Broadcast rate Use the port storm control include multicast Interface Configuration Ethernet mode command to enable counting Multicast packets Examples The following example enables Broadcast storm control on Ethernet port 1 e5 console config interface ethernet 1 e5 console config if port storm control broadcast enable port storm control broadcast rate
58. a dci 384 dotix Quest vVla aii i ienen a a a Le IR 385 dot1x single host ViolatiON ooomoocccnnonncccnnnnnncccccnnnn recorre 386 dotix mac authentication iii i 387 SHOW doriy advant od seriei a a eaa i hace ere eet eer es 387 dot1x guest ulan enable snari ae iea eaaa AAEN A aata ER E AANE A EEAS 389 dotix guestulantMOdU oiean a A aAA EAA Lai 389 dotix radius attributes Vian aie aia ee EEE A ee AN 390 e A A A edoi 392 Page 12 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Page 13 Preface Preface This guide describes how to configure an AT 8000S Series switch with AT S94 V2 0 0 firmware using the command line interface The commands are grouped by topic into the following chapters e Chapter 1 Using the CLI Describe the CLI basic structure and command usage Chapter 2 ACL Commands Define MAC and IP based ACLs and ACL bindings Chapter 3 AAA Commands Define the authentication method lists for servers e Chapter 4 Address Table Commands Register MAC layer Multicast addresses and handles MAC layer secure address to a routed port Chapter 5 Clock Commands Show the configuration or status of the Simple Network Time Protocol SNTP Chapter 6 Configuration and Image File Commands Display the contents of the currently running configuration file specify contents of image files Chapter 7 DHCP Snooping Commands Contains parameters for ena
59. address can be aged out from the FDB table the Interface field can be empty When an ARP entry is associated with an IP interface that is defined on a port or port channel the VLAN field is empty Example The following example displays entries in the ARP table console show arp ARP timeout 80000 Seconds VLAN Interface IP Address HW Address Status VLAN 1 1 e1 10 7 1 102 00 10 B5 04 DB 4B Dynamic VLAN 1 2 e2 10 731135 00 50 22 00 2A A4 Static ip domain lookup The ip domain lookup Global Configuration mode command enables the IP Domain Naming System DNS based host name to address translation Use the no form of this command to disable DNS based host name to address translation Syntax ip domain lookup Page 140 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide no ip domain lookup Parameters This command has no arguments or keywords Default Configuration The default configuration is set to enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables IP Domain Naming System DNS based host name to address translation console config ip domain lookup ip domain name The ip domain name Global Configuration mode command defines a default domain name used by the software to complete unqualified host names names without a dotted decimal domain name Use the no form of
60. and the difference is compared with the thresholds direction Specifies the alarm that may be sent when this entry is first set to valid Possible values are rising rising falling and falling If the first sample after this entry becomes valid is greater than or equal to rthreshold and direction is equal to rising or rising falling a single rising alarm is generated If the first sample after this entry becomes valid is less than or equal to fthreshold and direction is equal to falling or rising falling a single falling alarm is generated name Specifies the name of the person who configured this alarm If unspecified the name is an empty string Default Configuration The type is absolute The startup direction is rising falling Page 236 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the following alarm conditions e Alarm index 1000 e Variable identifier ati Sample interval 360000 seconds e Rising threshold 1000000 e Falling threshold 1000000 e Rising threshold event index 10 e Falling threshold event index 20 console config rmon alarm 1000 ati 360000 1000000 1000000 10 20 show rmon alarm table The show rmon alarm table User EXEC mode command displays the alarms table Syntax show
61. auth port number Port number for authentication requests The host is not used for authentication if the port number is set to 0 Range 0 65535 e timeout Specifies the timeout value in seconds Range 1 30 e retries Specifies the retransmit value Range 1 10 deadtime Length of time in minutes during which a RADIUS server is skipped over by transaction requests Range 0 2000 e key string Specifies the authentication and encryption key for all RADIUS communications between the device and the RADIUS server This key must match the encryption used on the RADIUS daemon To specify an empty string enter Range 0 128 characters e pv4 source Specifies the source IPv4 address to use for communication 0 0 0 0 is interpreted as request to use the IP address of the outgoing IP interface e pv6 source Specifies the source IPv6 address to use for communication 0 0 0 0 is interpreted as request to use the IP address of the outgoing IP interface priority Determines the order in which servers are used where 0 has the highest priority Range 0 65535 e type Specifies the usage type of the server Possible values login dot 1x or all Default Configuration No RADIUS server host is specified The port number for authentication requests is 1812 The usage type is all Command Mode Global Configuration mode User Guidelines To specify multiple hosts multiple radius server host command
62. by the duplex mode of the port and enables Rapid Spanning Tree Protocol RSTP transitions to the forwarding state Use the no form of this command to return to the default configuration Syntax spanning tree link type point to point shared no spamning tree spanning tree link type Parameters point to point Indicates that the port link type is point to point shared Indicates that the port link type is shared Default Configuration The device derives the port link type from the duplex mode A full duplex port is considered a point to point link and a half duplex port is considered a shared link Command Modes Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Page 267 Spanning Tree Commands Example The following example enables shared spanning tree on Ethernet port 1 e5 console config interface ethernet 1 e15 console config if spanning tree link type shared spanning tree pathcost method The spanning tree pathcost method Global Configuration mode command sets the default path cost method Use the no form of this command to return to the default configuration Syntax spanning tree pathcost method long short no spanning tree pathcost method Parameters e long Specifies port path costs with a range of 1 200 000 000 e short Specifies port path costs with a range of 0 65 535 Default Configuration Shor
63. command identifies a specific line for configuration and enters the Line Configuration command mode Syntax line console telnet ssh Parameters e console Console terminal line e telnet Virtual terminal for remote console access Telnet e ssh Virtual terminal for secured remote console access SSH Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the device as a virtual terminal for remote console access console config line telnet console config line speed The speed Line Configuration mode command sets the line baud rate Use the no form of this command to return to the default configuration Syntax speed bps no speed Parameters e bps Baud rate in bits per second bps Possible values are 2400 9600 19200 38400 57600 and 115200 Page 155 Line Commands Default Configuration The default speed is 115200 bps Command Mode Line Configuration console mode User Guidelines This command is available only on the line console The configured speed is applied when Autobaud is disabled This configuration applies only to the current session Example The following example configures the line baud rate to 9600 console config f line console console config line speed 9600 autobaud
64. command to return to default configuration Syntax sntp client poll timer seconds no sntp client poll timer Parameters e seconds Polling interval in seconds Range 60 86400 Default Configuration Polling interval is 1024 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the polling time for the Simple Network Time Protocol SNTP client to 120 seconds Console config sntp client poll timer 120 Page 76 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide sntp broadcast client enable The sntp broadcast client enable Global Configuration mode command enables Simple Network Time Protocol SNTP Broadcast clients Use the no form of this command to disable SNTP Broadcast clients Syntax sntp broadcast client enable no sntp broadcast client enable Parameters This command has no arguments or keywords Default Configuration The SNTP Broadcast client is disabled Command Mode Global Configuration mode User Guidelines Use the sntp client enable Interface Interface Configuration mode command to enable the SNTP client on a specific interface Example The following example enables the SNTP Broadcast clients Console config sntp broadcast client enable sntp anycast client enable The sntp anycast client enable Global Configuration mode command enables SNTP An
65. completed an IPv6 address is in a tentative state and cannot be used for data transfer It is recommended to limit the configured value Example The following example configures the number of consecutive neighbor solicitation messages that are sent on an interface while duplicate address detection is performed on the unicast IPv6 addresses of the interface to 10 console config interface el console config if ipv6 nd dad attempts 10 ipv6 host The ipv6 host Global Configuration mode command defines a static host name to address mapping in the host name cache Use the no form of this command to remove the host name to address mapping Syntax ipv6 host name pv6 address1 ipv6 address 2 ipv6 address4 no ipv6 host name Parameters name Name of the host Range 1 158 characters e pv6 address1 Associated IPv6 address The address is specified in hexadecimal using 16 bit values between colons When the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the usage guidelines for the interface name syntax pv6 address2 4 optional Additional IPv6 addresses that may be associated with the host name Default Configuration No host is defined Page 151 IPv6 Addressing Commands Command Mode Global Configuration mode User Guidelines The IPv6Z address format lt pv6 link local address gt lt interface name gt _ inte
66. config radius server key ati server radius server retransmit The radius server retransmit Global Configuration mode command specifies the number of times the software searches the list of RADIUS server hosts Use the no form of this command to reset the default configuration Syntax radius server retransmit retries Page 225 Radius Commands no radius server retransmit Parameters e retries Specifies the retransmit value Range 1 10 Default Configuration The software searches the list of RADIUS server hosts 3 times Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the number of times the software searches the list of RADIUS server hosts to 5 times console config radius server retransmit 5 radius server source ip The radius server source ip Global Configuration mode command specifies the source IP address used for communication with RADIUS servers Use the no form of this command to return to the default configuration Syntax radius server source ip source no radius source ip source Parameters e source Specifies a valid source IP address Default Configuration The source IP address is the IP address of the outgoing IP interface Command Mode Global Configuration mode User Guidelines N A Page 226 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guid
67. config ipv6 acl permit IPv6 The permit IPv6 Access list Configuration mode command sets conditions to allow a packet to pass a named IPv6 Access List Syntax permit any protocol any source prefix length any destination prefix length dscp number ip precedence number time range time range name permit icmp any source prefix length any destination prefix iength any icmp type any icmp code dscp number ip precedence number permit tcp any source prefix iength any source port any destination prefix length any destination port dscp number ip precedence number flags list of flags time range time range name permit udp any source prefix length any source port any destination prefix length any destination port dscp number ip precedence number time range time range name Page 30 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters destination port Specifies the UDP TCP destination port Range 0 65535 destination prefix lengih The destination IPv6 network or class of networks about which to set permit conditions This argument must be in the form documented in RFC 3513 where the address is specified in hexadecimal using 16 bit values between colons dscp number Matches a differentiated services codepoint value against the traffic class value in the Traffic Class field of each IPv6 packet header Range 0 6
68. configure console config dotlx guest vlan timeout 50 dot1x radius attributes vlan Use The dot1x radius attributes vlan Interface Configuration command enables user based VLAN assignment Use the no form of this command to disable user based VLAN assignmen t Syntax dot1x radius attributes vlan no dot1x radius attributes vlan Parameters This command has no arguments or keywords Default Configuration Disabled Command Mode Interface Configuration Ethernet mode User Guidelines The command configurations allowed only when the port is Forced Authorized Radius attributes are supported only in the multiple sessions mode multiple hosts with authentication When Radius attributes are enabled and the Radius Accept message does not contain as an attribute the supplicant s VLAN then the supplicant is rejected Packets to the supplicant are sent untagged Page 390 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide After successful authentication the port remains as a member in the unauthenticated VLANs and in the Guest VLAN Other static VLAN configurations are not applied on the port If the supplicant VLAN does not exist on the switch the supplicant is rejected Examples The following example enables user based VLAN assignment console config interface ethernet 1 e16 console config if dotlx radius attributes vlan Page 391 Index A aaa accounting dot1x 47
69. e6 console clear gvrp statistics ethernet 1 e6 show gvrp configuration The show gvrp configuration User EXEC mode command displays GVRP configuration information including timer values whether GVRP and dynamic VLAN creation is enabled and which ports are running GVRP Page 121 Syntax show gvrp configuration ethernet interface port channel port channel number Parameters e interface A valid Ethernet port Full syntax unit port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays GVRP configuration information GVRP Commands Console gt show gvrp configuration GVRP Feature is currently enabled on the device Maximum VLANs 255 Timers milliseconds Port s Status Registration Dynamic VLAN Join Leave Leave All Creation el Disabled ormal Enabled 200 600 10000 e2 Disabled ormal Enabled 200 600 10000 e3 Disabled ormal Enabled 200 600 10000 e4 Disabled ormal Enabled 200 600 10000 e5 Disabled ormal Enabled 200 600 10000 e6 Disabled ormal Enabled 200 600 10000 e7 Disabled ormal Enabled 200 600 10000 e8 Disabled ormal Enabled 200 600 10000 e9 Disabled ormal Enabled 200 600 10000 Console gt show gvrp statistics The show gvrp stati
70. estimate of the total number of collisions on this Ethernet segment during this sampling interval rmon alarm The rmon alarm Global Configuration mode command configures alarm conditions Use the no form of this command to remove an alarm Syntax rmon alarm index variable interval rthreshold fthreshold revent fevent type type startup direction owner name no rmon alarm index Parameters e index Specifies the alarm index Range 1 65535 e variable Specifies the object identifier of the variable to be sampled e interval Specifies the interval in seconds during which the data is sampled and compared with rising and falling thresholds Range 1 2147483647 e rihreshold Specifies the rising threshold Range 0 2147483647 e fthreshold Specifies the falling threshold Range 0 2147483647 e revent Specifies the event index used when a rising threshold is crossed Range 1 65535 e fevent Specifies the event index used when a falling threshold is crossed Range 1 65535 e type Specifies the method used for sampling the selected variable and calculating the value to be compared against the thresholds Possible values are absolute and delta If the method is absolute the value of the selected variable is compared directly with the thresholds at the end of the sampling interval If the method is delta the selected variable value of the last sample is subtracted from the current value
71. gt show rmon history 1 other Sample Set 1 Owner Me Interface 1 el Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 Time Dropped Collisions Jan 18 2002 21 57 00 3 0 Jan 18 2002 21 57 30 3 0 The following table describes significant fields shown above Field Description Time Date and Time the entry is recorded Octets The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets Packets The number of packets including bad packets received during this sampling interval Broadcast The number of good packets received during this sampling interval that were directed to the Broadcast address Multicast The number of good packets received during this sampling interval that were directed to a Multicast address This number does not include packets addressed to the Broadcast address Util The best estimate of the mean physical layer network utilization on this interface during this sampling interval in hundredths of a percent CRC Align The number of packets received during this sampling interval that had a length excluding framing bits but including FCS octets between 64 and 1518 octets inclusive but had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Undersize The number of pa
72. level is informational Command Mode Global Configuration mode User Guidelines All the syslog messages are logged to the internal buffer This command limits the messages displayed to the user Example The following example limits syslog messages displayed from an internal buffer based on severity level debugging console config logging buffered debugging logging buffered size The logging buffered size Global Configuration mode command changes the number of syslog messages stored in the internal buffer Use the no form of this command to return to the default configuration Page 301 Syntax logging buffered size number no logging buffered size Parameters Syslog Commands e number Specifies the maximum number of messages stored in the history table Range 20 400 Default Configuration The default number of messages is 200 Command Mode Global Configuration mode User Guidelines This command takes effect only after Reset Example The following example changes the number of syslog messages stored in the internal buffer to 300 console config logging buffered size 300 clear logging The clear logging Privileged EXEC mode command clears messages from the internal logging buffer Syntax clear logging Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User G
73. link local The ipv6 address link local Interface Configuration mode command configures an IPv6 link local address for an interface Use the no form of this command to return to the default link local address on the interface Syntax ipv6 address pv6 address link local no ipv6 address pv6 address link local Parameters e jjpv6 address The IPv6 network address assigned to the interface The address is specified in hexadecimal using 16 bit values between colons Default Configuration IPv6 is enabled on the interface Link local address of the interface is FE80 EUI64 interface MAC address Page 147 IPv6 Addressing Commands Command Mode Interface configuration Ethernet VLAN Port channel Cannot be configured for a range of interfaces range context User Guidelines Using the no ipv6 address link local command removes the manually configured link local IPv6 address from an interface Multiple IPv6 addresses can be configured per interface but only one link local address When the no ipv6 address link local command is used the interface is reconfigured with the standard link local address the same IPv6 link local address that is set automatically when the enable ipv6 command is used The system automatically generates a link local address for an interface when IPv6 processing is enabled on the interface To manually specify a link local address to be used by an interface use the ipv6 address link local command The
74. name parameter can also be used to restrict the access rights of a community string When it is specified An internal security name is generated Page 244 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide The internal security name for SNMPv1 and SNMPv2 security models is mapped to the group name Example The following example defines community access string public to permit administrative access to SNMP protocol at an administrative station with IP address 192 168 1 20 console config snmp server community public su 192 168 1 20 snmp server view The snmp server view Global Configuration mode command creates or updates a Simple Network Management Protocol SNMP server view entry Use the no form of this command to remove a specified SNMP server view entry Syntax snmp server view view name oid tree included excluded no snmp server view view name oid tree Parameters e view name Specifies the label for the view record that is being created or updated The name is used to reference the record Range 1 30 characters oid tree Specifies the object identifier of the ASN 1 subtree to be included or excluded from the view To identify the subtree specify a text string consisting of numbers such as 1 3 6 2 4 or a word such as system Replace a single sub identifier with the asterisk wildcard to specify a subtree family for example 1 3 4 included Indicat
75. number A valid port channel number Default Configuration This command has no default configuration Page 68 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Privileged EXEC mode Mode User Guidelines There are no user guidelines for this command Example The following example displays classes of entries in the port lock status Status Locked Unlocked Locked console show ports security Learning Dynamic Dynamic Disabled Action Maximum Trap Frequency Discard 3 Enable 100 a 28 PA Discard 8 Disable Shutdown The following table describes the fields shown above Field Description Port Port number Status Locked Unlocked Learning Learning mode Action Action on violation Maximum Maximum addresses that can be associated on this port in Static Learning mode or in Dynamic Learning mode Trap Indicates if traps are sent in case of a violation Frequency Minimum time between consecutive traps show ports security addresses The show ports security addresses Privileged EXEC mode command displays the current dynamic addresses in locked po Syntax rts show ports security addresses ethernet interface port channel port channel number Parameter S e interface A valid Ethernet port port channel number A valid port channel number Page 69 Address Table Commands Default Configuration
76. ococcnnnnoccccnnnnnnoncccnnnnonrncnnn eee cnn naar rre 130 ip i mp SNOOpiNg leave tiMe OUt coonooccccnnnnnoccccnononananccnnn nor n cnn naar rc cnn rr 131 show ip IGMP E eee cece eect eee eeeeeee eee eeeeaaeeeeeeeaaaeeeeeeeaaaeeeeeeeaaeeeeseeeaeeeeeesenaeeeeseeeeaees 132 show ip IGMP SNOOPING INterface oo ee eect eee cette eee ee eee atte eee Ra eee nana n cnn rra nn nar rra n nn rre nnnr rra 132 show ip IGMP snooping YPOUPS iieii ie irati eea nE Eini nn iA nn nar rra EEEE TE DAAE E VERRE 134 Chapter 11 IP Addressing COMMANdS ooommcccccnnnncncnnnannccnnnnncnnnnnnncc rre 135 IDAS A A A ATA 135 IP address Ghe peoia anaE asia atole 135 Ip default gateway cian tdi bio 136 SHOW IP INtS TACO ii 137 O NN 138 ap UMEO nia aaa EI 138 EEIE EEEE E e caian a a a 139 SAW i 140 ID COMAIN IOOKUP sucia edad ridad ie 140 A sue E EE EN teas snaeetatnavdedecagadietedaaaceseray s 141 Ename SENO aaa a a ada d a bl 142 A NO 142 plear O 143 clear hostal aria laa 143 SHOW NOSTE zrase a an s 144 Page 5 Chapter 12 IPv6 Addressing COMMANdOS oconcccconccnnncnnnnencnanananannn rra r rra rra 146 MEA AAN 146 feie giela e TTE PAE A EEN E E E E E E O spa 146 ipv6 address link lOCAl ooooomocccnnnnncccconnnnccccnnnaneccncnnnnnecc ENEE AE E E EEA 147 IPVO dOTaUlt a E E h ET EEE E E en Gata od ahi a ee 148 Show IpvG intermface unni ioie a iE OERA TAN ee in ele el elo id 149 IPV6 NA Cad attempt ui EE 150 IPVO O diri ALE ados 151 Jein e Ale a
77. pressed simultaneously on the keyboard Screen Display Indicates system messages and prompts appearing on the console all When a parameter is required to define a range of ports or parameters and all is an option the default for the command is all when no parameters are defined For example the command interface range port channel has the option of either entering a range of channels or selecting all When the command is entered without a parameter it automatically defaults to all Copying and Pasting Text Up to 1000 lines of text i e commands can be copied and pasted into the device NJ Note Itis the user s responsibility to ensure that the text copied into the device consists of legal commands only This feature is dependent on the baud rate of the device N Note The default device baud rate is 115 200 When copying and pasting commands from a configuration file make sure that the following conditions exist e A device Configuration mode has been accessed The commands contain no encrypted data like encrypted passwords or keys Encrypted data cannot be copied and pasted into the device ACL Commands Chapter 2 ACL Commands ip access list The ip access list Global Configuration mode command defines an IPv4 Access List and places the device in IPv4 Access List Configuration mode Use the no form of this command to remove the Access List Syntax ip access list access list
78. previously configured information overwrites the previous configuration e A configured default gateway has a higher precedence over one automatically advertised via router advertisement message Example The following example defines an IPv6 default gateway console config ipv6 default gateway fe80 11 show ipv6 interface The show ipv6 interface Privileged EXEC mode command displays the usability status of configured IPv6 interfaces Syntax show ipv6 interface ethernet nterface number vlan vian id port channel port channel number Parameters ethernet interface number Valid Ethernet port vlan vian id Valid VLAN number port channel number Valid Port channel number Default Configuration Displays all IPv6 interfaces Command Mode Privileged EXEC mode User Guidelines To display IPv6 neighbor discovery cache information use the show ipv6 neighbors command in the Privileged EXEC mode Examples The following examples display the usability status of interfaces configured for IPv6 console show ipv6 interface Interface IP addresses Type VLAN 1 FE80 9C0 876A 130B Dynamic VLAN 17 FE80 9C0 876A 130D Dynamic VLAN 17 2031 0 130F 0 0 9C0 876A 130D 64 Static Page 149 IPv6 Addressing Commands console show ipv6 interface Vlan 15 Ipv6 is disabled console show ipv6 interface Vlan 25 Number of ND DAD attempts 20 IP addresses Type DA
79. reer Pee T cre erree T emer er erent 324 PP aea aara ran or raaa E A A shuctogens sreneveumbaaneveevbs aaa ana aaa ra Eanna 325 MOSUMAING ronio r n a T E T dane ieee 325 Stack MASIA A eet ie an a ee a a ete ets 326 Stack Sloat ae aea shoes aceidheet cae A AE A EA ETEA EE 327 Stack Changed ita AR E RaO TSE EE AE A EER DE PTEE 327 SNOW SAOR aiaa E AA a A A ARARE 328 SHOW USCIS rooie a ea tna tle at tat as 329 SNOW SESSIONS O O 10 sd sc EEA say pbveg Sealhs wish basaashee bess Mees 330 SHOW Sy SM ta 331 SOW SYSUSI ICDs aire 332 SHOW VEFSION nv farsas tamer tanec a de i es A ee 333 Chapter 34 User Interface COMMANGAS ccccseseeceeeeeeeeeeeeeneeeeseeeeeeeeeeeeeseneeeneeeeneseeaaeess 335 doit lt endear pee et eet fra 335 ana Dle meereist neea a i acelin ke E a aier N Eee dee A N i Musee div chanel 336 aale A E NE ESEA NEE PE E T ENTE TO A E rs 336 JOG o E EEA EE A A AA AA T ei 337 COMU POE A E E E TA E E R o N 337 exit Configuration sisihe ia aid 338 MA A A A O PE eee aaa E 338 o PAE A cee eel Paina ave snedl Pe eee tig ued S S en AR ae 339 E E EE O 339 terminal datadum Pico lA eels 340 SNOW ia EEEE T TEE TEA aaa 341 SHOW pPrivilQe maniara Dianine aie A eau AA ai ead ei 342 Chapter 35 VLAN COMMANOS ictericia ie Reet tee 343 Vlad data det A AA AA aa Gendt Aine 343 A eint EEE E A E E TEES 343 Interface Mascara ei ed 344 interface range VIAN iii cd A TEENA EN dd 345 e E A E E E E T 345 SwitChport protected resin o iiie wie A ein ee e
80. rmon alarm table Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the alarms table console gt show rmon alarm table Page 237 T IE E EE R 0 1 CLI 2 Lillo Ls Manager 3 Lo ke 2e la 2 Zole LOSI CLI RMON Commands The following table describes significant fields shown above Field Description Index An index that uniquely identifies the entry OID Monitored variable OID Owner The entity that configured this entry show rmon alarm The show rmon alarm User EXEC mode command displays alarm configuration Syntax show rmon alarm number Parameters e number Specifies the alarm index Range 1 65535 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Page 238 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example displays RMON 1 alarms console gt show rmon alarm 1 Alarm 1 OIDs 8 601212 2a 10 Last sample Value 878128 Interval 30 Sample Type delta Startup Alarm rising Rising Threshold 8700000 Falling Threshold 78 Rising Event 1 Falling Event 1 Owner CLI The following table descr
81. setting is 300 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the bridge aging time to 250 console config bridge aging time 250 Page 57 Address Table Commands clear bridge The clear bridge Privileged EXEC mode command removes any learned entries from the forwarding database Syntax clear bridge Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example clears the bridge tables console clear bridge port security The port security Interface Configuration mode command enables port security on an interface Use the no form of this command to disable port security on an interface Syntax port security forward discard discard shutdown trap seconds no port security Parameters forward Forwards frames with unlearned source addresses but does not learn the address discard Discards frames with unlearned source addresses This is the default if no option is indicated e discard shutdown Discards frames with unlearned source addresses The port is also shut down trap seconds Send SNMP traps and specifies the minimum time between consecutive traps Default Conf
82. source ports The port cannot be already configured as a destination port Example The following example copies traffic on port 1 e8 source port to port 1 e1 destination port console config interface ethernet 1 el console config if port monitor 1 e8 Page 206 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide show ports monitor The show ports monitor User EXEC mode command displays the port monitoring status Syntax show ports monitor Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows how the port monitoring status is displayed Console show ports monitor Source Port Destination Port Type Status 1 el 1 e8 RX TX Active 1 e2 1 e8 RX TX Active 1 e18 1 e8 RX Active Page 207 Power over Ethernet Commands Chapter 23 Power over Ethernet Commands power inline The port inline Interface Configuration Ethernet mode command configures the administrative mode of inline power on an interface Syntax power inline auto never Parameters auto Enables the device discovery protocol ana if found supplies power to the device never Disables the device discovery protocol and stops supplying power to the device Default Configuration The device discovery protocol is enabled
83. specifies the number of minutes Range 1 65535 e seconds Additional time intervals in seconds Range 0 59 Default Configuration The default configuration is the exec timeout set by the ip http exec timeout command Command Mode Global Configuration mode User Guidelines To specify no timeout enter the ip https exec timeout 0 0 command Example The following example configures sets the interval for the system to 1 hour console config ip https exec timeout 60 crypto certificate generate The crypto certificate generate Global Configuration mode command generates a self signed HTTPS certificate Syntax crypto certificate number generate key generate length passphrase stringl en common name ou organization unit or organization loc location st state cu country duration days Page 364 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters number Specifies the certificate number Range 1 2 key generate Regenerate the SSL RSA key e length Specifies the SSL RSA key length Range 512 2048 e string Passphrase used for exporting the certificate in PKCS12 file format If unspecified the certificate is not exportable common name Specifies the fully qualified URL or IP address of the device Range 1 64 If unspecified defaults to the lowest static IPv6 address of the device when the certificate is generated or to
84. the VLAN it is used as the source address of the IGMP snooping querier Command Mode Interface Configuration VLAN mode User Guidelines If an IP address is not configured by this command and no IP address is configured for the IGMP querier VLAN interface the querier is disabled Page 129 IGMP Snooping Commands Example The following example configures the source IP address that the IGMP Snooping querier uses console config interface vlan 2 console config if ip igmp snooping querier address 192 168 1 220 ip igmp snooping querier version The ip igmp snooping querier version Interface Configuration mode command configures the IGMP version of an IGMP querier on a specific VLAN Use the no form of this command to return to default Syntax ip igmp snooping querier version 2 3 no ip igmp snooping querier version Parameters e 2 Specifies that the IGMP version is IGMPv2 e 3 Specifies that the IGMP version is IGMPv3 Default Configuration IGMPv3 Command Mode Interface Configuration VLAN mode User Guidelines If the IGMP querier is configured to IGMPv3 the querier tries to work in IGMPv3 In case the hosts do not support IGMPv3 the querier version is downgraded If the IGMP querier is configured to IGMPv2 the querier tries to work in IGMPv2 It can be downgraded automatically to IGMPv1 but never upgraded automatically to IGMPv3 Example The following example configures the IGMP versio
85. the end of the list That is if there are no matches the packets are denied However before the first ACE is added the list permits all packets Example The following example creates a MAC ACL with permit rules console config mac access list macl acll console config mac al permit 6 6 6 6 6 6 0 0 0 0 0 0 any vlan 6 deny MAC The deny MAC Access List Configuration mode command sets deny conditions for an MAC Access List Page 35 ACL Commands Syntax deny disable port any source source wildcara any destination destination wildcara vlan vian id cos cos cos wildcard ethtype eth type Parameters e disable port Indicates the Ethernet interface is disabled if the condition is matched e source Specifies source MAC address of the packet e source wildcard Specifies wildcard bits to be applied to the source MAC address Use 1s in the bit position to be ignored destination Specifies the MAC address of the host to which the packet is being sent destination wildcard Specifies wildcard bits to be applied to the destination MAC address Use 1s in the bit position to be ignored e vlan id Specifies the VLAN ID of the packet Range 0 4095 e cos Specifies the Class of Service of the packet Range 0 7 e cos wildcard Specifies wildcard bits to be applied to the CoS e eth type Specifies the Ethernet type in hexadecimal format of the packet Ra
86. the list displayed on the website Then select the appropriate menu tab The AT 8000S Series Switch has a limited warranty of two years Go to www alliedtelesis com warranty for the specific terms and conditions of the warranty and for warranty registration Page 16 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 1 Using the CLI Overview This chapter describes how to start using the CLI and the CLI command editing features CLI Command Modes Introduction To assist in configuring the device the Command Line Interface CLI is divided into different command modes Each command mode has its own set of specific commands Entering a question mark at the system prompt console prompt displays a list of commands available for that particular command mode From each mode a specific command is used to navigate from one command mode to another The standard order to access the modes is as follows Privileged EXEC mode Global Configuration mode and Interface Configuration mode After logging into the device the user is automatically in Privileged EXEC command mode unless the user is defined as a User EXEC user The User EXEC mode can be assigned for a user once a user account is created Only a limited subset of commands are available in User EXEC mode This level is reserved for tasks that do not change the configuration To enter the next level the Privileged EXEC mode a password is required
87. the point of view of inline power management Can be Critical High or Low Status Describes the inline power operational status of the port Can be On Off Test Fail Testing Searching or Fault Classification The power consumption range of the powered device Can be 0 44 12 95 0 44 3 84 3 84 6 49 or 6 49 12 95 Overload Counter Counts the number of overload conditions that has been detected Short Counter Counts the number of short conditions that has been detected Denied Counter Counts the number of times power has been denied Absent Counter Counts the number of times power has been removed because powered device dropout was detected Invalid Signature Counter Counts the number of times an invalid signature of a powered device was detected Page 212 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide show power inline power consumption The show power inline power consumption User EXEC mode command displays information about the inline power consumption Syntax show power inline power consumption ethernet interface Parameters interface Valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays displays information about th
88. this command Example console show ip dhcp snooping binding Total number of binding 2 MAC Adreess IP Address Lease sec Type VLAN Interface 00 60 70 4c 73 ff 10 1 8 1 4294967295 snooping 3 1 e21 00 60 70 4c 7f c1 10 1 8 2 4294967295 snooping 3 1 e22 console Page 99 Ethernet Configuration Commands Chapter 8 Ethernet Configuration Commands interface ethernet The interface ethernet Global Configuration mode command enters the interface configuration mode to configure an Ethernet type interface Syntax interface ethernet interface Parameters interface Valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables configuring Ethernet port 5 e18 console config interface ethernet 5 e18 interface range ethernet The interface range ethernet Global Configuration mode command configures multiple Ethernet type interfaces at the same time Syntax interface range ethernet port list all Parameters e port list List of valid ports Where more than one port is listed separate nonconsecutive ports with a comma and no spaces use a hyphen to designate a range of ports and group a list separated by commas in brackets all All Ethernet ports Default Configuration This co
89. this command Example The following example exits the MST configuration mode without saving changes console config spanning tree mst configuration console config mst abort show spanning tree The show spanning tree Privileged EXEC mode command shows spanning tree configuration Syntax show spanning tree ethernet interface number port channel port channel number instance instance ia show spanning tree detail active blockedports instance instance ia show spanning tree mst configuration Parameters detail Display detailed information e active Display active ports only blockedports Display blocked ports only mst configuration Display the MST configuration identifier interface number Ethernet port number port channel number Port channel index instance id ID associated with a spanning tree instance Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Page 278 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Examples The following examples displays spanning tree information console show spanning tree Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 e1 Hello Time 2 sec Max Age 20 sec Br
90. views Name OID Tree Type user view ld dl Included user view EE E dsd Excluded user view bega bo AAA Included show snmp groups The show snmp groups Privileged EXEC mode command displays the configuration of groups Syntax show snmp groups groupname Parameters groupname Specifies the name of the group Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the configuration of views console show snmp groups Name Security Model Level Read Write Views Notify Page 258 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide access tables are available user group V3 priv Default mn Me managers group V3 priv Default Default my managers group V3 priv Default un wn The following table describes significant fields shown above Field Description Name Name of the group Security Model SNMP model in use v1 v2 or v3 Security Level Authentication of a packet with encryption Applicable only to the SNMP v3 security model Views Read Name of the view that enables only viewing the contents of the agent If unspecified all objects except the community table and SNMPv3 user and Write Name of the view that enables entering data and managing the contents of the agent Notify Name of t
91. 0 VLANO0020 1 e3 e4 static 2 VLAN002 static 30 VLAN0030 static 3 VLAN003 static 9 VLANOO1 1 el e2 static 3978 Guest VLAN 1 e17 guest Authorization Required Required Required Required Required Required Required ot Required show vlan internal usage The show vlan internal usage Privileged EXEC mode command displays a list of VLANs used internally by the device Syntax show vlan internal usage Page 356 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays VLANs used internally by the device console show vlan internal usage VLAN Usage IP address Reserved 1007 Eth 1 e21 Active No 1008 Eth 1 e22 Inactive Yes 1009 Eth 1 e23 Active Yes show interfaces switchport The show interfaces switchport Privileged EXEC mode command displays the switchport configuration Syntax show interfaces switchport ethernet interface port channel port channel numben Parameters e interface A valid Ethernet port number port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidel
92. 1 to severity level critical console config logging 10 1 1 1 severity critical logging console The logging console Global Configuration mode command limits messages logged to the console based on severity Use the no form of this command to disable logging to the console Syntax logging console eve no logging console Parameters e level Specifies the severity level of logged messages displayed on the console Possible values emergencies alerts critical errors warnings notices informational debugging Default Configuration The default severity level is informational Page 300 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example limits logging messages displayed on the console to severity level errors console config logging console errors logging buffered The logging buffered Global Configuration mode command limits syslog messages displayed from an internal buffer based on severity Use the no form of this command to cancel using the buffer Syntax logging buffered eve no logging buffered Parameters e level Specifies the severity level of messages logged in the buffer Possible values emergencies alerts critical errors warnings notices informational debugging Default Configuration The default severity
93. 113 irc Internet Relay Chat 194 klogin Kerberos login 543 kshell Kerberos shell 513 Ipd Printer Service 515 nntp Network News Transport 119 Protocol Page 323 Table 3 Ports Table System Management Commands Keyword Description Port number pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 smtp Simple Mail Transport Protocol 25 sunpc Sun Remote Procedure Call 111 syslog Syslog 514 tacacs TAC Access Control System 49 talk Talk 517 telnet Telnet 23 time Time 37 UUCP Unix to Unix Copy Program 540 whois Nicname 43 www World Wide Web 80 reload The reload Privileged EXEC mode command reloads the operating system Syntax reload Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Caution should be exercised when resetting the device to ensure that no other activity is being performed In particular the user should verify that no configuration files are being downloaded at the time of reset Example The following example reloads the operating system console reload This command will reset the whole system and disconnect your current session Do you want to continue y n n Page 324 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide resume Syntax resume connection
94. 20000 gt 1 e5 Enabled 128 5 20000 Page 280 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide console show spanning tree active Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 e1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 el Enabled 128 1 20000 FWD Root No P2p RSTP 1 e2 Enabled 128 2 20000 FWD Desg No Shared STP 1 e3 Enabled 128 4 20000 BLK ALTN No Shared STP console show spanning tree blockedports Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 32768 Address 00 01 42 97 e0 00 Path Cost 20000 Root Port 1 1 e1l Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Page 281 Name 1 e4 Enabled 128 4 19 console show spanning tree detail Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 32768 Address 00 01 42 97 e0 Path Cost 20000 Root Port 1 1 e1l Hello Time 2 sec Max Age 20 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a Hello Time 2 sec Max Age 20 sec Number of topology changes 2 la
95. 3 flags list of flags List of TCP flags that should occur If a flag should be set it is prefixed by If a flag should be unset it is prefixed by Avaiable options are urg ack psh rst syn fin urg ack psh rst syn and fin The flags are concatenated to one string For example fin ack icmp type Specifies an ICMP message type for filtering ICMP packets Enter a number or one of the following values destination unreachable packet too big time exceeded parameter problem echo request echo reply mld query mld report mldv2 report mld done router solicitation router advertisement nd ns nd na Range 0 255 icmp code Specifies an ICMP message code for filtering ICMP packets Range 0 255 ip precedence number Specifies the IP precedence value protocol The name or the number of an IP protocol Available protocol names are icmp tcp and udp Range 0 255 IP Protocol Abbreviated Name Protocol Number Transmission Control Protocol tcp 6 User Datagram Protocol udp 17 Internet Control Message Protocol icmp 58 any IP protocol any 25504 destination port Specifies the UDP TCP destination port Range 1 65535 source port Specifies the UDP TCP source port Range 1 65535 source prefix length The source IPv6 network or class of networks about which to set permit conditions This argument must be in the form documented in RFC 3513 wh
96. 4 Type Shared configured auto Internal Designated bridge Priority 32768 Designated port id 128 2 Guard Root Disabled umber of transitions to forwarding state 1 BPDU sent 2 received 170638 MST 1 Vlans Mapped 10 20 State Forwarding Port id 128 1 Type P2p configured auto Boundary RSTP Designated bridge Priority 32768 Designated port id 128 1 Guard Root Disabled umber of transitions to forwarding state 1 BPDU sent 2 received 120638 Port 2 1 e2 enabled State Forwarding Port id 128 2 Shared Boundary STP Type configured auto Designated bridge Priority 32768 Role Designated 20000 Port Fast No 00 02 4b 29 7a 00 20000 POEL cost configured no Address Designated cost BPDU Guard Disabled topology change 2 Root ID Priority 24576 Address 00 02 4b 29 89 76 Path Cost 20000 Port Cost 4 1 4 Rem hops 19 Bridge ID Priority 32768 Address 00 02 4b 29 7a 00 Times hold 1 hello 2 max age 20 Port 1 1 e1 enabled Number of topology changes 2 last change occurred 1d9h ago notification 2 forward delay 15 Role Boundary Port cost 20000 Port Fast No 00 02 4b 29 7a 00 Designated path cost 20000 configured no Address BPDU Guard Disabled Role Designated 20000 Port Fast No 00 02 4b 29 7a 00 POLt costs configured no Address Page 287 Designated port id 128 2 Guard Root Disabled Number of transiti
97. 400 seconds console config interface ethernet 1 el console config if rmon collection history 1 interval 2400 show rmon collection history The show rmon collection history User EXEC mode command displays the requested RMON history group statistics Syntax show rmon collection history ethernet interface port channel port channel number Parameters interface Valid Ethernet port Full syntax unit port port channel number Valid port channel number Page 232 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays all RMON history group statistics console gt show rmon collection history Index Interface Interval Requested Granted Owner Samples Samples 1 1 el 30 50 50 CLI 2 1 e1 1800 50 50 Manager The following table describes significant fields shown above Field Description Index An index that uniquely identifies the entry Interface The sampled Ethernet interface Interval The interval in seconds between samples Requested Samples The requested number of samples to be saved Granted Samples The granted number of samples to be saved Owner The entity that configured this entry show rmon history The show rmon histo
98. 6 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters e pv6 address The IPv6 network assigned to the interface The address is specified in hexadecimal using 16 bit values between colons prefix lengih The length of the IPv6 prefix A decimal value that indicates how many of the high order contiguous bits of the address comprise the prefix the network portion of the address A slash mark must precede the decimal Range 3 128 64 when the eui 64 parameter is used e eui 64 Specifies to build an interface ID in the low order 64 bits of the IPv6 address based on the interface MAC address anycast Defines the IPv6 address as an anycast address Default Configuration No IPV6 address is defined for the interface Command Mode Interface Configuration Ethernet VLAN Port channel mode Cannot be configured for a range of interfaces range context User Guidelines e Ifthe value specified for the prefix length argument is greater than 64 bits the prefix bits have precedence over the interface ID e Using the no ipv6 address command without arguments removes all manually configured IPv6 addresses from an interface including link local manually configured addresses Example The following example configures an IPv6 address FE80 260 3EFF FE11 6770 for interface e1 console config interface el console config if ipv6 address FE80 260 3EFF FE11 6770 ipv6 address
99. 64 1p https server 362 ip igmp snooping Global 125 ip igmp snooping Interface 125 ip igmp snooping host time out 128 129 130 ip igmp snooping leave time out 131 ip igmp snooping mrouter learn pim dvmrp 126 ip igmp snooping mrouter time out 130 ip internal usage vlan 355 ip ssh port 290 ip ssh pubkey auth 292 ip ssh server 290 ipv6 access list 29 ipv6 address 146 ipv6 address link local 147 ipv6 default gateway 148 ipv6 enable 146 ipv6 host 151 ipv6 nd dad attempts 150 ipv6 neighbor 152 K Keyboard Shortcuts 22 key string 294 L line 155 lldp enable global 174 lldp enable interface 174 lldp hold multiplier 176 lldp management address 178 lldp med enable 179 lldp med location 181 lldp med network policy global 180 lldp med network policy interface 181 lldp notifications 179 lldp optional tlv 177 lldp reinit delay 176 lldp timer 175 lldp tx delay 177 logging 299 logging buffered 301 logging buffered size 301 Page 395 logging console 300 logging file 303 logging on 299 login 337 login authentication 41 login banner 192 M management access class 197 management access list 194 management logging 305 map mac macs group 353 mdix 105 N name 345 name mst 275 negotiation 104 P password 45 Permit 30 permit Management 195 ping 320 port monitor 206 port security 58 port security max 59 port security mode 59 port security routed secure address 60
100. ANN 17 CLELCOMMANA Modesto 17 Introduction nastscs cr eae cee o e o a a O 17 User DATO Mode AAPP N 17 Privileged EXEC Mode ccoo atten dete ieee di aia 17 Global ConfigurationMode oca e Aaa Ti aa 18 Interface Configuration and Specific Configuration MOdE S ccccceseseceeeneeeeeneeeeseeeeeeeeeeeneeeesseeessaeees 19 Starting the O A P A AET A E E 20 EditingiF atures iio 20 Entering Commands i mestr e ses coat aae ee a aa EE Sae aaa a aa aa AEE RA R Aa Eas 20 Terminal Command Bf ET entoces ae o cio a cnn e aio en ara 21 Negating the Effect of Commands ooooocccnccccoccconcconcnonnncnnccnnnnnnn cnn nn nnnn ran c ren n nr narran aran nannnnnninns 21 Command Completion voca A a eee ann 21 Nomenclattre ss oi A eee 22 Keyboard SOM CU iii A ei eee it 22 CLI Command ConVentions disiris tierin ii ceeds ind ide adiga boi Ea au adds 22 Copying and Pasting Tex A a eE E iaar Et 23 Chapter 2 ACL Commands sucias dr 24 IP access Soa ad 24 permira wk ede Gi kin sn 24 A O 27 IPVO ACCOSS AMS dintel lc E E baptuass ceveaudle tl li lcd 29 permi IPvO cota 30 deny Pr ais is dsd ee Sheet Ghee 32 maciaccess tia e o TEA ic taccaameaey 34 permit MAG ccoo ll td a 35 demy MA G aea aa oratorio linoleico aaa a 35 Services aliada E E AA AA A EE 36 CARTON OEE E EAE E E A T 37 show int rlaces acces ll a a a ea aar a a aaa a EE a a a aa aa aE aE Ea 38 Chapter 3 AAA Commands cuina 39 aaa authenticalo mili iia 39 aaa authenticat
101. Address Table Example The following example displays all classes of entries in the bridge forwarding database console show bridge address table Aging time is 300 sec vlan mac address Port Type 1 00 02 3f b4 28 05 el6 dynamic 1 00 07 40 c9 5f 83 ch5 dynamic 1 00 15 77 74 64 40 ch5 dynamic Page 61 Address Table Commands show bridge address table static The show bridge address table static Privileged EXEC mode command displays statically created entries in the bridge forwarding database Syntax show bridge address table static vlan vlan ethernet interface port channel port channel number Parameters vlan Specifies a valid VLAN such as VLAN 1 interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays all static entries in the bridge forwarding database console show bridge address table static Aging time is 300 sec vlan mac address port type 1 00 60 70 4C 73 FF 1 e8 Permanent T 00 60 70 8C 73 FF 1 e8 delete on timeout 200 00 10 0D 48 37 FF 1 e9 delete on reset show bridge address table count The show bridge address table count Privileged EXEC mode command displays the number of addresses present in the Forwarding Database
102. Ap4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTmlxyJltllalGaqchfMqqe0kmfhcoHSwWr yf1FpDOMWOTgDAwIDAQABo41Bo jCCAZ4wEwY JKwY BBAGCNxQCBAY eBABDAEEw CwROPBAQDAgFGMA8GA1UdEWEB wOFMAMBA f 8wHQYDVROOBBYEFAf 4MT 9BRD47 ZVKBAEL9Ggpt 6MIIBNgYDVROfBIIBLTCCASkwgdkKggctggcyGgclsZGFwOi8v LOVByb3h5JTIwU2 9mdHdhcmU1MjBSb2 90JTIwO2VydGlmaWVyLENOPXNicnZ1 355 END CERTIFICATE Issued by www verisign com Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print DC789788 DC88A988 127897BC BB789788 show ip http The show ip http Privileged EXEC mode command displays the HTTP server configuration Syntax show ip http Page 369 Web Server Commands Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the HTTP server configuration console show ip http HTTP server enabled Port 80 show ip https The show ip https Privileged EXEC mode command displays the HTTPS server configuration Syntax show ip https Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the H
103. B00 30480241 00C5E23B 55D6AB22 04AEFIBA A54028A6 9ACC01C5 129D99E4 Fingerprint 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 Page 298 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 30 Syslog Commands logging on The logging on Global Configuration mode command controls error message logging This command sends debug or error messages to a logging process which logs messages to designated locations asynchronously to the process that generated the messages Use the no form of this command to disable the logging process Syntax logging on no logging on Parameters This command has no arguments or keywords Default Configuration Logging is enabled Command Mode Global Configuration mode User Guidelines The logging process controls the distribution of logging messages at various destinations such as the logging buffer logging file or syslog server Logging on and off at these destinations can be individually configured using the logging buffered logging file and logging Global Configuration mode commands However if the logging on command is disabled no messages are sent to these destinations Only the console receives messages Example The following example enables logging error messages console config logging on logging The logging Global Configuration mode command logs messages to a syslog server Use the no form of this command to delete the syslog s
104. CP values Default Configuration QoS trust is set to cos Command Mode Global Configuration mode User Guidelines This command can be used only in QoS basic mode Packets entering a quality of service QoS domain are classified at the edge of the QoS domain When the packets are classified at the edge the switch port within the QoS domain can be configured to one of the trusted states because there is no need to classify the packets at every switch within the domain Use this command to specify whether the port is trusted and which fields of the packet to use to classify traffic When the system is configured with trust DSCP the traffic will be mapped to the queue by the DSCP queue map When the system is configured with trust CoS the traffic will be mapped to the queue by the CoS queue map Example The following example configures the System to basic mode console config qos trust cos qos map dscp queue The qos map dscp queue Global Configuration mode command modifies the DSCP to CoS map Use the no form of this command to return to the default map Syntax qos map dscp queue dscp list to queue id no qos map dscp queue Page 220 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters e dscp list Specifies up to 8 DSCP values separated by a space Range 0 63 e queue id Specifies the queue number to which the DSCP values are mapped Range 1 4 Default Configura
105. CS octets and either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Jabbers The total number of packets received longer than 1518 octets excluding framing bits but including FCS octets and either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error 64 Octets The total number of packets including bad packets received that are 64 octets in length excluding framing bits but including FCS octets 65 to 127 Octets The total number of packets including bad packets received that are between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets 128 to 255 Octets The total number of packets including bad packets received that are between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets 256 to 511 Octets The total number of packets including bad packets received that are between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets 512 to 1023 Octets The total number of packets including bad packets received that are between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets 1024 to 1632 Octets The total number of packets including bad packets rece
106. Commands login_banner The login_banner Privileged EXEC mode command configures the login banner which is a security message that is displayed above the Telnet login prompt prior to login Syntax login_banner banner Parameters e banner Security text message Range 1 159 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example configures the security banner to display ATI before the Telnet login prompt console login_banner ATI Success console show login_banner The show login_banner Privileged EXEC mode command shows the login banner that is displayed before a Telnet login prompt Syntax show login_banner Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Page 192 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the current login banner that is configured to be displayed before a telenet login prompt console show login_banner Login banner is ATI console Page 193 Management ACL Commands Chapter 19 Management ACL Commands management access list The management acces
107. Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the timeout interval to 5 seconds console config radius server timeout 5 radius server deadtime The radius server deadtime Global Configuration mode command improves RADIUS response time when servers are unavailable The command is used to cause the unavailable servers to be skipped Use the no form of this command to return to the default configuration Syntax radius server deadtime deadtime no radius server deadtime Parameters deadtime Length of time in minutes during which a RADIUS server is skipped over by transaction requests Range 0 2000 Default Configuration The deadtime setting is 0 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the deadtime to 10 minutes console config radius server deadtime 10 show radius servers The show radius servers Privileged EXEC mode command displays the RADIUS server settings Page 228 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Syntax show radius servers Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Exampl
108. D State FE80 4 Link Local Duplicated 2031 0 130F 0 0 9C0 876A 130D 64 Static Active console show ipv6 interface Vlan 17 Ipv6 is enabled Number of ND DAD attempts 20 IP addresses Type DAD State FE80 9C0 876A 130D Link Local Active 2031 0 130F 0 0 9C0 876A 130D 64 Static Active ipv6 nd dad attempts The ipv6 nd dad attempts Interface Configuration mode command configures the number of consecutive neighbor solicitation messages that are sent on an interface while duplicate address detection is performed on the Unicast IPv6 addresses of the interface Use the no form of this command to return the number of messages to the default value Syntax ipv6 nd dad attempts attempis number no ipv6 nd dad attempts Parameters attempts number The number of neighbor solicitation messages Configuring a value of 0 disables duplicate address detection processing on the specified interface A value of 1 configures a single transmission without follow up transmissions Range 0 600 Default Configuration Duplicate address detection on Unicast IPv6 addresses with the sending of one neighbor solicitation message is enabled Command Mode Interface configuration Ethernet VLAN Port channel Cannot be configured for a range of interfaces range context Page 150 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide User Guidelines e Duplicate address detection verifies the uniqueness of new Unica
109. Ethernet port or port channel This command enables the user to configure the internal usage VLAN of a port If an internal usage VLAN is not configured and the user wants to configure an IP interface an unused VLAN is selected by the software If the software selected a VLAN for internal use and the user wants to use that VLAN as a static or dynamic VLAN the user should do one of the following Remove the IP interface e Create the VLAN and recreate the IP interface Use this command to explicitly configure a different VLAN as the internal usage VLAN Example The following example reserves an unused VLAN as the internal usage VLAN of ethernet port 1 e8 console config console config interface ethernet 1 e8 console config if ip internal usage vlan Page 355 show vlan The show vlan Privileged EXEC mode command displays VLAN information Syntax show vlan tag vian id name vian name Parameters e vlan id specifies a VLAN ID vlan name Specifies a VLAN name string Range 1 32 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays all VLAN information VLAN Commands console show vlan VLAN Name Ports Type 1 default 1 el e2 2 el e4 other 10 VLANO010 1 e3 e4 dynamic 1 VLANOO1 1 el e2 static 2
110. Every time a command is entered in the CLI it is recorded on an internally managed Command History buffer Commands stored in the buffer are maintained on a First In First Out FIFO basis These commands can be recalled reviewed modified and reissued This buffer is not preserved across device resets Keyword Description Up arrow key Recalls commands in the history buffer beginning with the most recent Ctrl P command Repeats the key sequence to recall successively older commands Down arrow key Returns to more recent commands in the history buffer after recalling commands with the up arrow key Repeating the key sequence will recall successively more recent commands By default the history buffer system is enabled but it can be disabled at any time For information about the command syntax to enable or disable the history buffer see history There is a standard default number of commands that are stored in the buffer The standard number of 10 commands can be increased to 216 By configuring 0 the effect is the same as disabling the history buffer system For information about the command syntax for configuring the command history buffer see history size To display the history buffer see show history Negating the Effect of Commands For many configuration commands the prefix keyword no can be entered to cancel the effect of a command or reset the configuration to the default value This guide describes the neg
111. Example The following example regenerates an HTTPS certificate console config crypto certificate 1 generate key generate crypto certificate request The crypto certificate request Privileged EXEC mode command generates and displays certificate requests for HTTPS Page 365 Web Server Commands Syntax crypto certificate number request cn common name ou organization unit or organization loc location st state cu country Parameters number Specifies the certificate number Range 1 2 common name Specifies the fully qualified URL or IP address of the device Range 1 64 e organization unit Specifies the organization unit or department name Range 1 64 e organization Specifies the organization name Range 1 64 e location Specifies the location or city name Range 1 64 e state Specifies the state or province name Range 1 64 e country Specifies the country name Range 1 2 Default Configuration There is no default configuration for this command Command Mode Privileged EXEC mode User Guidelines Use this command to export a certificate request to a Certification Authority The certificate request is generated in Base64 encoded X 509 format Before generating a certificate request you must first generate a self signed certificate using the crypto certificate generate Global Configuration mode command Be aware that you have to reenter the ce
112. Interface User s Guide Command Mode Interface Configuration VLAN mode User Guidelines An access port cannot be a member in an unauthenticated VLAN The native VLAN of a trunk port cannot be an unauthenticated VLAN For a general port the PVID can be an unauthenticated VLAN although only tagged packets would be accepted in the unauthorized state Example The following example enables access to the VLAN to unauthorized devices console config interface vlan 5 console config 1f ff dotlx auth not req dot1x guest vlan The dot1x guest vlan Interface Configuration mode command defines a guest VLAN Use the no form of this command to return to the default configuration Syntax dot1x guest vlan no dot1x guest vlan Parameters This command has no arguments or keywords Default Configuration No VLAN is defined as a guest VLAN Command Mode Interface Configuration VLAN mode User Guidelines Use the dot1x guest vlan enable Interface Ethernet Configuration mode command to enable unauthorized users on an interface to access the guest VLAN If the guest VLAN is defined and enabled the port automatically joins the guest VLAN when the port is unauthorized and leaves it when the port becomes authorized To be able to join or leave the guest VLAN the port should not be a static member of the guest VLAN Page 385 802 1x Commands Example The following example defines VLAN 2 as a guest VLAN c
113. JO ii ii i 59 port security MAX ici lt a a A A ANA 59 port security routed SECUre addresS oooccccconnnocococonnnconcccnnnano nc cnnn nn c cnn anar rc 60 show bridge address table ooonmoccccnnnnnnnncconnnnococnnnnc arc a a a a a i 61 show bridge address table static oonnocccinnnniniccnnnnncococnnnnncnnccnnnnnnrnn cnn aran n cnn rra nn nn 62 show bridge address table COUNt oooocoonncccccnnnnocccocnnonnonccnnnnnnnn cnn nan nnn nn nana n cnn aran nn nn 62 show bridge multicast address table oococcccccnnincccnnnnnacccccnnnconccnnnnnnnnnnnnnnnnrn cnn nn rro 64 show bridge multicast address table StatiC oocicninnidicidnnnnaccccnnnnnoncccnnnn nena nnnnnnnnn nn nn nnnnnn nn rra 66 show bridge multicast filtering ooononnnininnnnnnnnnnccnnnnnancccnonncncccnnnnnnrn nc cnn nnrrn cnn rana 66 show bridge multicast unregistered oooonoocccccnnnococcccccnnonnnononnnn cnn nonnnn nn nnnnnnnn nn n rra nr 68 Show POMS SOCUIIY Road As 68 show ports security addresses oooococnnnocccinonononcccnonononcnnnnn ano nn eater eee iiia ees eridar iian ieaiai endar iair 69 Chapter 5 Clock CommaliGs 000 ci iaa 71 CIOCK Sbado tas RE 71 CIOCK A el 71 CIOCK tIMOZOMC x bees dee bed ack epee fate id nae eed eget atc ees ari 72 ClOCK summer TMe wise eee eee a dia 73 SNtp aUthSntiCatiOn KeOy cscssecvecdseedeevee sachs ti A AE dadas 74 Snip authenticate it A A ee 75 SIU Trusted kyle bdo A d s 75 sntp client poll tiMer seara lenia ata ie ar A dt 76 sntp broa
114. LAN ID Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines In case the VLAN doesn t exist ghost VLAN only partial list of the commands are available under the interface VLAN context The commands supported for non existant VLANs are 1 IGMP snooping control 2 Bridge Multicast configuration Example In the following example for VLAN 1 the address is 131 108 1 27 and the subnet mask is 255 255 255 0 console config interface vlan 1 console config if ip address 131 108 1 27 255 255 255 0 Page 344 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide interface range vlan The interface range vlan Global Configuration mode command enables simultaneously configuring multiple VLANs Syntax interface range vlan v an range all Parameters e vlan range Specifies a list of VLAN IDs to be added Separate nonconsecutive VLAN IDs with a comma and no spaces a hyphen designates a range of IDs all All existing static VLANs Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each interface in the range If the command returns an error on one of the interfaces an error message is displayed and execution of the command continues on the other interfaces Ex
115. Line Interface User s Guide Chapter 35 VLAN Commands vian database The vlan database Global Configuration mode command enters the VLAN Configuration mode Syntax vlan database Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enters the VLAN database mode console config vlan database console config vlan vlan The vlan VLAN Configuration mode command creates a VLAN Use the no form of this command to delete a VLAN Syntax vlan vian range no vian vian range Parameters vlan range Specifies a list of VLAN IDs to be added Separate nonconsecutive VLAN IDs with a comma and no spaces a hyphen designates a range of IDs Default Configuration This command has no default configuration Page 343 VLAN Commands Command Mode VLAN Configuration mode User Guidelines There are no user guidelines for this command Example The following example VLAN number 1972 is created console config vlan database console config vlan vlan 1972 console config vlan interface vlan The interface vlan Global Configuration mode command enters the Interface Configuration VLAN mode Syntax interface vlan vian id Parameters e vlan id Specifies an existing V
116. Management Software AT S94 CLI User s Guide AT 80005 Series Stackable Gigabit Ethernet Switches Version 3 0 0 45 Allied Telesis 613 001983 Rev A Copyright O 2014 Allied Telesis Inc All rights reserved No part of this publication may be reproduced without prior written permission from Allied Telesis Inc Allied Telesis is a trademark of Allied Telesis Inc Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation Netscape Navigator is a registered trademark of Netscape Communications Corporation All other product names company names logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners Allied Telesis Inc reserves the right to make changes in specifications and other information contained in this document without prior written notice The information provided herein is subject to change without notice In no event shall Allied Telesis Inc be liable for any incidental special indirect or consequential damages whatsoever including but not limited to lost profits arising out of or related to this manual or the information contained herein even if Allied Telesis Inc has been advised of known or should have known the possibility of such damages Table of Contents o A A 14 Intended AUGIeN Ce ees coc ii 15 Document Convention ne ee ia 15 Gontacting Allisd Telesis ciao aaa 16 Chapter 1 Using the Glion gcse li 17 OV CIV O A
117. OritY ooomooccccnnnnocccccnnnconcccnnnnoncnnnnnnnoncnnn naar nn cnc nano nn rc cnn nn r rana naaraana 272 Spanning tr e mst COS dui beta 273 Spanning tree mst CONfigurati0N oooccocccnnocccccnnncancccconnoncnnnnnnanncnnnnnn eae e eee tana eee ented ae eee avin crnnnnn rra 273 INSTANCE Mutant ie atin eee ec eee Sh vee 274 NAME MS ii baii 275 revision Mii A de dade ead ada 275 SHOW ASL aa iaa 276 SI Qa i i he A ele ee a datei 277 EDOM IMSL tr ached dir bir i n paa tddi trates dia 277 SHOW SPAIN dd tas nl 278 Chapter 29 SSH COMMA OS iii 290 A ste Be aie A ee eh et a oar eet at eed 290 Page 9 IA A oe 290 crypto key generate ds iria dr tt 291 cyp key generate ISA can ofi a T Da 291 ID SSN PUBkSY UM a le 292 crypto key pubkey chalin SSP eadera eaaa e eE EEA E AEEA AR AREATA ERATE 293 VEE rara aida 294 A O EA E EE E TA E 294 SHOWD ES pas laa ni at dica ao 295 show crypto key MYpubkey odiis an eE ARAE AEE EREE nn cnc RAA AATE T nn nr r nan nn ner RAATS 296 show crypto key pubkey chain SSh oiiire aniran niani ehna eanna E ERARA EEANN RAEE EE SARRE S ENN 297 Chapter 30 5yS100 COMMANOS 0 asc sth ee tt 299 ITA da eer rere pee 299 Mi A E A A 0d 299 logging Consola ut ira 300 A 301 logga DUETO SIZE coco td At eii E de ke Aue daa dida 301 clear logging ri A AA A ee ela 302 a errr 303 clear logging TS ecc 303 A O A E 304 LESA A alee gol eel an eae ee ta ele ey 304 management loggii sree a dnd ie ad 305 Show logging
118. Payload 50 esp 50 Authentication Header ah 51 ICMP for IPv6 ipv6 icmp 58 EIGRP routing protocol eigrp 88 Open Shortest Path Protocol ospf 89 Protocol Independent Multicast pim 103 Layer Two Tunneling Protocol 12tp 115 ISIS over IPv4 isis 124 any IP protocol any 25504 dscp Indicates matching the dscp number with the packet dscp value ip precedence Indicates matching ip precedence with the packet ip precedence value icmp type Specifies an ICMP message type for filtering ICMP packets Enter a value or one of the following values echo reply destination unreachable source quench redirect alternate host address echo request router advertisement router solicitation time exceeded parameter problem timestamp timestamp reply information request information reply address mask request address mask reply traceroute datagram conversion error mobile host redirect ipv6 where are you ipv6 i am here Page 26 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide mobile registration request mobile registration reply domain name request domain name reply skip and photuris Range 0 255 icmp code Specifies an ICMP message code for filtering ICMP packets ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code Range 0 255 gmp type IGMP packets can be filtered by IGMP message type Enter a number or one of the following values dvmrp h
119. S S94 3 0 Command Line Interface User s Guide Example The following example creates a MAC ACL console config mac access list macl acll console config mac al permit MAC The permit MAC Access List Configuration mode command sets permit conditions for a MAC Access List Syntax permit any source source wildcara any destination destination wildcara vlan vian id cos cos cos wildcard ethtype eth type Parameters e source Source MAC address of the packet e source wildcard Wildcard bits to be applied to the source MAC address Use 1s in the bit position to be ignored destination Destination MAC address of the packet e destination wildcard Specifies wildcard bits to be applied to the destination MAC address Use 1s in bit positions to be ignored vlan id Specifies the ID of the packet VLAN e cos Specifies the Class of Service CoS for the packet Range 0 7 e cos wildcard Specifies wildcard bits to be applied to the CoS e eth type Specifies the Ethernet type in hexadecimal format of the packet Range 0 O5dd fff Default Configuration No MAC ACL is defined Command Mode MAC Access List Configuration mode User Guidelines Enter IP Access List configuration mode by using the MAC access list Global Configuration mode command e After an access control entry ACE is added to an access control list an implied deny any any condition exists at
120. SH server configuration or which SSH public key is manually configured Chapter 30 Syslog Commands Log messages to a syslog server or limit log messages to a syslog server Chapter 31 TACACS Commands Display configuration and statistical information about a Terminal Access Controller Access Control System TACACS server or specify a TACACS host Chapter 32 Tunnel Commands Configure interface tunnel commands e Chapter 33 System Management Commands Display and list system version or Telnet session information Chapter 34 User Interface Commands Display and list system version or Telnet session information Chapter 35 VLAN Commands Enter the Virtual Local Area Network VLAN Configuration mode enable simultaneously configuring multiple VLANs or adds or remove VLANs Chapter 36 Web Server Commands Enable configuring the device from a browser or display the HTTP server configuration Chapter 37 802 1x Commands Specify authentication authorization and accounting AAA methods for use on interfaces running IEEE 802 1x and enable 802 1x globally Intended Audience This guide is intended for network administrators familiar with IT concepts and terminology Document Conventions This document uses the following conventions NJ Note Provides related information or information of special importance Caution Indicates potential damage to hardwa
121. SSH Public Key string Configuration mode command specifies which SSH public key is manually configured Use the no form of this command to remove an SSH public key Syntax user key username rsa dsa no user key username Parameters e username Specifies the username of the remote SSH client Range 1 48 characters e rsa Indicates the RSA key pair e dsa Indicates the DSA key pair Default Configuration No SSH public keys exist Command Mode SSH Public Key string Configuration mode User Guidelines Follow this command with the key string SSH Public Key String Configuration mode command to specify the key Example The following example enables manually configuring an SSH public key for SSH public key chain bob console config crypto key pubkey chain ssh console config pubkey chain user key bob rsa console config pubkey key key string row AAAAB3NzaClyc2EAAAADAQABAAABAOCvTnRwPWl key string The key string SSH Public Key string Configuration mode command manually specifies an SSH public key Syntax key string key string row key string Parameters e row Indicates the SSH public key row by row e key string Specifies the key in UU encoded DER format UU encoded DER format is the same format in the authorized_keys file used by OpenSSH Page 294 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Default Configuration No keys exist Command Mode SSH Pub
122. TTP server configuration console show ip https HTTPS server enabled Port 443 Page 370 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Certificate 1 is active Issued by www verisign com Valid from 8 9 2004 to 8 9 2005 Subject CN router gm com 0 General Motors C Finger print DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by self signed Valid from 8 9 2004 to 8 9 2005 Subject CN router gm com 0 General Motors C Finger print 1873B936 88DC3411 BC8932EF 782134BA US US Page 371 802 1x Commands Chapter 37 802 1x Commands aaa authentication dot1x The aaa authentication dot1x Global Configuration mode command specifies one or more authentication authorization and accounting AAA methods for use on interfaces running IEEE 802 1X Use the no form of this command to return to the default configuration Syntax aaa authentication dot1x default method method2 no aaa authentication dot1x default Parameters method method2 At least one from the following table Keyword Description Radius Uses the list of all RADIUS servers for authentication None Uses no authentication Default Configuration No authentication method is defined Command Mode Global Configuration mode User Guidelines Additional methods of authentication are used only if the previous method returns an error and not if
123. The following algorithm is used to select a unit as the master If only one master enabled unit is in the stack 1 or 2 it becomes the master e Ifa unit configured as a forced master it becomes the master If a forced master unit is removed from a stack and placed in a different stack with another forced master unit both are considered to be forced and the election criteria continue as follows The unit with the longer up time is elected master Units are considered to have the same up time if they were powered up within ten minutes of each other If both forced master units have the same up time Unit 1 is elected Example The following example selects Unit 2 as the stack master console config stack master unit 2 Page 326 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide stack reload N Note This command is operational in the AT S94 24 AT S94 24POE AT S94 48 and AT S94 48POE devices The stack reload Privileged EXEC mode command reloads stack members Syntax stack reload unit unit Parameters unit Number of the unit to be reloaded Range 1 6 Default Configuration All units are reloaded Command Modes Privileged EXEC mode User Guidelines This command is not relevant to standalone devices If no unit is specified all units are reloaded Example The following example reloads Unit 2 of the stack console config stack reload unit 2
124. US Finger print DC789788 DC88A988 127897BC BB789788 Ip https certificate The ip https certificate Global Configuration mode command configures the active certificate for HTTPS Use the no form of this command to return to the default configuration Syntax ip https certificate number no ip https certificate Parameters number Specifies the certificate number Range 1 2 Default Configuration Certificate number 1 Command Mode Global Configuration mode User Guidelines The crypto certificate generate command should be used to generate HTTPS certificates Example The following example configures the active certificate for HTTPS console config ip https certificate 1 Page 368 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide show crypto certificate mycertificate The show crypto certificate mycertificate Privileged EXEC mode command displays the SSH certificates of the device Syntax show crypto certificate mycertificate number Parameters number Specifies the certificate number Range 1 2 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the certificate console show crypto certificate mycertificate 1 eras BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAKE
125. able Anycast clients globally Example The following example enables the SNTP client on Ethernet port 1 e3 Console config interface ethernet 1 e3 Console config if sntp client enable sntp unicast client enable The sntp unicast client enable Global Configuration mode command enables the device to use the Simple Network Time Protocol SNTP to request and accept SNTP traffic from servers Use the no form of this command to disable requesting and accepting SNTP traffic from servers Page 78 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Syntax sntp unicast client enable no sntp unicast client enable Parameters This command has no arguments or keywords Default Configuration The SNTP Unicast client is disabled Command Mode Global Configuration mode User Guidelines Use the sntp server Global Configuration mode command to define SNTP servers Example The following example enables the device to use the Simple Network Time Protocol SNTP to request and accept SNTP traffic from servers Console config sntp unicast client enable sntp unicast client poll The sntp unicast client poll Global Configuration mode command enables polling for the Simple Network Time Protocol SNTP predefined Unicast servers Use the no form of this command to disable the polling for SNTP client Syntax sntp unicast client poll no sntp unicast client poll Parameters This command ha
126. ace User s Guide Chapter 21 Port Channel Commands interface port channel The interface port channel Global Configuration mode command enters the interface configuration mode to configure a specific port channel Syntax interface port channel port channel number Parameters port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Eight aggregated links can be defined with up to eight member ports per port channel The aggregated links valid IDs are 1 8 Example The following example enters the context of port channel number 1 console config interface port channel 1 interface range port channel The interface range port channel Global Configuration mode command enters the interface configuration mode to configure multiple port channels Syntax interface range port channel port channel range all Parameters e port channel range List of valid port channels to add Separate nonconsecutive port channels with a comma and no spaces A hyphen designates a range of port channels all All valid port channels Default Configuration This command has no default configuration Page 203 Port Channel Commands Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each interface in the range
127. ace ethernet 1 e11 queuing Ethernet 1 e11 Strict Priority Cos queue map cos qid 0 2 1 1 2 i Page 218 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide YD Oo A W Ss BP WwW W NH wrr queue Cos map The wrr queue cos map Global Configuration mode command maps Class of Service CoS values to a specific egress queue Use the no form of this command to return to the default configuration Syntax wrr queue cos map queue id cos1 cos8 no wrr queue cos map queue id Parameters e queue id Specifies the queue number to which the CoS values are mapped e cos1 cos8 Specifies CoS values to be mapped to a specific queue Range 0 7 Default Configuration Value VPT Queue 0 2 1 1 2 1 3 2 4 3 5 3 6 4 7 4 Command Mode Global Configuration mode User Guidelines Queue 4 is reserved for stacking Example The following example maps CoS 7 to queue 2 console config wrr queue cos map 2 7 Page 219 QoS Commands qos trust Global The qos trust Global Configuration mode command configures the system to basic mode and the trust state Use the no form to return untrusted state Syntax qos trust cos dscp no qos trust Parameters e cos Classifies ingress packets with the packet CoS values For untagged packets the port default CoS is used e dscp Classifies ingress packets with the packet DS
128. adcast packets FCS Errors Counted received frames that are an integral number of octets in length but do not pass the FCS check Single Collision Frames Counted frames that are involved in a single collision and are subsequently transmitted successfully Page 114 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Late Collisions Number of times that a collision is detected later than one slotTime into the transmission of a packet Oversize Packets Counted frames received that exceed the maximum permitted frame size Internal MAC Rx Errors Counted frames for which reception fails due to an internal MAC sublayer receive error Received Pause Frames Counted MAC Control frames received with an opcode indicating the PAUSE operation Transmitted Pause Frames Counted MAC Control frames transmitted on this interface with an opcode indicating the PAUSE operation port storm control include multicast IC The port storm control include multicast Interface Configuration Ethernet mode command counts Multicast packets in Broadcast storm control Use the no form of this command to disable counting Multicast packets Syntax port storm control include multicast no port storm control include multicast Parameters This command has no arguments or keywords Default Configuration Multicast packets are not counted Command Modes Interface Configuration Ethernet mode
129. agement address 172 16 1 8 802 3 MAC PHY Configuration Status Auto negotiation support Supported Auto negotiation status Enabled Auto negotiation Advertised Capabilities 100BASE TX full duplex 1000BASE T full duplex Operational MAU type 1000BaseTFD LLDP MED capabilities Network Policy Location Identification LLDP MED Device type Network Connectivity LLDP MED Network policy Application type Voice Flags Tagged VLAN VLAN ID 2 Layer 2 priority 0 DSCP 0 LLDP MED Power over Ethernet Device Type Power Sourcing Entity Power source Primary Power Source Power priority High Power value 9 6 Watts LLDP MED Location Coordinates 54 53 c1 f7 51 57 50 ba 5b 97 27 80 00 00 67 01 consolef show lldp local ethernet 1 e2 ILLDP is disabled Page 186 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide show lldp neighbors The show lidp neighbors Privileged EXEC mode command displays information about neighboring devices discovered using LLDP Syntax show lldp neighbors ethernet interface Parameters interface Ethernet interface Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Page 187 LLDP Commands Example The following example displays information about neighboring devices discovered using Link Layer Discovery Protocol LLDP console show lldp neighbors Port Device ID Port ID System
130. agged VLAN whether the specified application type is using a tagged or an untagged VLAN VLAN ID VLAN identifier for the application Layer 2 priority Layer 2 priority to be used for the specified application DSCP DSCP value to be used for the specified application LLDP MED Power Over Ethernet Power type Indicates whether the device is a Power Sourcing Entity PSE or Power Device PD Power Source Indicates the power source being utilized by a PSE or PD device A PSE device advertises its power capability Available values are Primary power source and Backup power source A PD device advertises its power source Available values are Primary power Local power Primary and Local power Power priority Indicates the priority of the PD device A PSE device advertises the power priority configured for the port A PD device advertises the power priority configured for the device Available values are Critical High and Low Power value Indicates the total power in watts required by a PD device from a PSE device or the total power a PSE device is capable of sourcing over a maximum length cable based on its current configuration LLDP MED Location Coordinates Civic address ECS ELIN Displays the raw data of the location information Page 190 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Page 191 Login Banner Commands Chapter 18 Login Banner
131. ample The following example groups VLANs 221 228 and 889 to receive the same command console config interface range vlan 221 228 889 console config if name The name Interface Configuration mode command adds a name to a VLAN Use the no form of this command to remove the VLAN name Syntax name string ho name Parameters e string Unique name to be associated with this VLAN Range 1 32 characters Default Configuration No name is defined Page 345 VLAN Commands Command Mode Interface Configuration VLAN mode Cannot be configured for a range of interfaces range context User Guidelines There are no user guidelines for this command Example The following example gives VLAN number 19 the name Marketing console config interface vlan 19 console config if it name Marketing switchport protected The switchport protected Interface Configuration mode command enables Private VLAN Edge by overriding the FDB decision and sends all Unicast Multicast and Broadcast traffic to an uplink port Use the no form of this command to disable overriding the FDB decision Syntax switchport protected ethernet port port channel port channel number no switchport protected Parameters e port Specifies the uplink Ethernet port port channel number Specifies the uplink port channel Default Configuration Switchport protected is disabled Command Mode Interface Co
132. ample displays the SSH public RSA keys on the device console show crypto key mypubkey rsa RSA key data 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 O4AEFIBA A54028A6 9ACCO1C5 129D99E4 64CAB820 847EDAD9 DFOB4E4C 73A05DD2 BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 D58AD221 B583D7A4 71020301 87685768 Fingerprint Hex 77 C07 19 85 98 19 27 96 C9 CC 83 C5 78 89 F8 86 Fingerprint Bubble Babble yteriuwt jgkljhglk yewiury hdskjfryt gfhkjglk show crypto key pubkey chain ssh The show crypto key pubkey chain ssh Privileged EXEC mode command displays SSH public keys stored on the device Syntax show crypto key pubkey chain ssh username username fingerprint bubble babble hex Parameters e username Specifies the remote SSH client username bubble babble Fingerprint in Bubble Babble format e hex Fingerprint in Hex format Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Page 297 SSH Commands Example The following example displays SSH public keys stored on the device console show crypto key pubkey chain ssh Username Fingerprint bob 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 john 98 F7 6E 28 F2 79 87 C8 18 F8 88 CC F8 89 87 C8 console show crypto key pubkey chain ssh username bob Username bob Key 005C300D 06092A86 4886F70D 01010105 00034
133. an 2 console config 1f ip igmp snooping mrouter learn pim dvmrp Page 127 IGMP Snooping Commands ip igmp snooping host time out The ip igmp snooping host time out Interface Configuration VLAN mode command configures the host time out If an IGMP report for a Multicast group was not received for a host time out period from a specific port this port is deleted from the member list of that Multicast group Use the no form of this command to return to the default configuration Syntax ip igmp snooping host time out time out no ip igmp snooping host time out Parameters time out Host timeout in seconds Range 60 2147483647 Default Configuration The default host time out is 260 seconds Command Mode Interface Configuration VLAN mode User Guidelines The timeout should be at least greater than 2 query_interval max_response_time of the IGMP router Example The following example configures the host timeout to 300 seconds console config interface vlan 2 console config if ip igmp snooping host time out 300 ip igmp snooping querier enable The ip igmp snooping querier enable Interface Configuration mode command enables Internet Group Management Protocol IGMP querier on a specific VLAN Use the no form of this command to disable IGMP querier on a VLAN interface Syntax ip igmp snooping querier enable no ip igmp snooping querier enable Parameters This command has no argume
134. ands Example The following example clears messages from the logging file console clear logging file Clear Logging File y n aaa logging The aaa logging Global Configuration mode command enables logging AAA login events Use the no form of this command to disable logging AAA login events Syntax aaa logging login no aaa logging login Parameters login Indicates logging messages related to successful login events unsuccessful login events and other login related events Default Configuration Logging AAA login events is enabled Command Mode Global Configuration mode User Guidelines Other types of AAA events are not subject to this command Example The following example enables logging messages related to AAA login events console config aaa logging login file system logging The file system logging Global Configuration mode command enables logging file system events Use the no form of this command to disable logging file system events Syntax file system logging copy no file system logging copy file system logging delete rename no file system logging delete rename Page 304 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters e copy Indicates logging messages related to file copy operations e delete rename Indicates logging messages related to file deletion and renaming operations Default Configuration Logging file system events is
135. ange 0 255 igmp type IGMP packets can be filtered by IGMP message type Enter a number or one of the following values host query host report dvmrp pim cisco trace host report v2 host leave v2 host report v3 Range 0 255 destination port Specifies the UDP TCP destination port Range 1 65535 source port Specifies the UDP TCP source port Range 1 65535 flags list of flags List of TCP flags that should occur If a flag should be set it is prefixed by If a flag should be unset it is prefixed by Available options are urg ack psh rst syn fin urg ack psh rst syn and fin The flags are concatenated to a one string For example fin ack Page 25 ACL Commands IP Protocol Abbreviated Name Protocol Number Internet Control Message Protocol icmp 1 Internet Group Management Protocol igmp 2 IP in IP encapsulation Protocol ipinip 4 Transmission Control Protocol tcp 6 Exterior Gateway Protocol egp 8 Interior Gateway Protocol igp 9 User Datagram Protocol udp 17 Host Monitoring Protocol hmp 20 Reliable Data Protocol rdp 27 Inter Domain Policy Routing Protocol idpr 35 Ipv6 protocol ipv6 41 Routing Header for IPv6 ipv6 route 43 Fragment Header for IPv6 ipv6 frag 44 Inter Domain Routing Protocol idrp 45 Reservation Protocol rsvp 46 General Routing Encapsulation gre 47 Encapsulating Security
136. ange 1 4294967295 Default Configuration No servers are defined Command Mode Global Configuration mode User Guidelines Up to 8 SNTP servers can be defined To enable predefined Unicast clients globally use the sntp unicast client enable Global Configuration mode command To enable global polling use the sntp unicast client poll Global Configuration mode command The sntp client poll timer Global Configuration mode command determines polling time The format of an IPv6 address is lt pv6 link local address gt lt interface name gt interface name vlan lt integer gt ch lt integer gt isatap lt integer gt lt physical port name gt integer lt decimal number gt lt integer gt lt decimal number gt decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Product specific Page 80 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example configures the device to accept SNTP traffic from the server on 192 1 1 1 Console config sntp server 192 1 1 1 show clock The show clock User EXEC mode command displays the time and date from the system clock Syntax show clock detail Parameters detail Shows timezone and summertime configuration Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines The symbol that precedes the show clock display indicates the following
137. anning tree mst max hops 10 spanning tree mst port priority The spanning tree mst port priority Interface Configuration mode command configures port priority for the specified MST instance Use the no form of this command to return to the default configuration Syntax spanning tree mst instance id port priority priority no spanning tree mst nstance id port priority Parameters e instance ID ID of the spanning tree instance Range 1 8 e priority The port priority Range 0 240 in multiples of 16 Default Configuration The default port priority for IEEE Multiple Spanning Tree Protocol MSTP is 128 Command Modes Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Page 272 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example configures the port priority of port e1 to 142 console config interface ethernet el console config 1f spanning tree mst 1 port priority 142 spanning tree mst cost The spanning tree mst cost Interface Configuration mode command configures the path cost for multiple spanning tree MST calculations If a loop occurs the spanning tree considers path cost when selecting an interface to put in the forwarding state Use the no form of this command to return to the default configuration Syntax spanning tree mst instance id cost cost no spanning tree ms
138. ation show dot1x advanced The show dot1x advanced privileged EXEC mode command displays 802 1X advanced features for the switch or for the specified interface Page 387 Syntax show dot1x advanced interface Parameters interface Ethernet interface Default Configuration This command has no default configuration Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command Example The following example displays 802 1X advanced features for the switch 802 1x Commands console show dot1x advanced Guest VLAN 3978 Unauthenticated VLANs Interface 91 92 consolef show dotlx advanced ethernet 1 1 Guest VLAN 2 Unauthenticated VLANs Interface Single host parameters Multiple Hosts Guest VLAN Disabled Enabled Enabled Disabled 91 92 Multiple Hosts Guest VLAN Disabled Enabled Enabled Disabled MAC Authentication MAC and 802 1X Disabled MAC Authentication MAC and 802 1X Disabled Page 388 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Violation action Discard Trap Enabled Trap frequency 100 Status Single host locked Violations since last trap 9 dot1x guest vlan enable The dot1x guest vlan enable Interface Configuration mode command enables unauthorized users on the interface access to the Guest VLAN Use the no form of this command to disable access Syntax dot1x gu
139. ation Ethernet mode command attaches an LLDP MED network policy to a port Use the no form of this command to remove LLDP MED network policy from a port Syntax lldp med network policy add remove number no lldp med network policy Parameters number Network policy sequential number Default Configuration No network policy is attached Command Mode Interface Configuration Ethernet mode User Guidelines For each port only one network policy per application voice voice signaling guest voice guest voice signaling softphone voice video conferencing streaming video and video signaling can be defined Example The following example attaches an LLDP MED network policy to a port console config interface ethernet e5 console config lldp med network policy add 1 lidp med location The Ildp med location Interface Configuration mode command configures location information for the LLDP MED for an interface Use the no form of this command to delete location information for an interface Page 181 LLDP Commands Syntax lldp med location coordinate data no lldp med location coordinate lldp med location civic address data no lldp med location civic address lldp med location ecs elin data no lldp med location ecs elin Parameters e coordinate The location is specified as coordinates e civic address The location is specified as civic address e ecs elin The location is spec
140. ation effect for all applicable commands Command Completion If the command entered is incomplete invalid or has missing or invalid parameters then the appropriate error message is displayed This assists in entering the correct command By pressing the lt Tab gt button an incomplete Page 21 Using the CLI Editing Features command is entered If the characters already entered are not enough for the system to identify a single matching command press to display the available commands matching the characters already entered Nomenclature When referring to an Ethernet port in a CLI command the following format is used For an Ethernet port on a standalone device Ethernet_type port_number For an Ethernet port on a stacked device unit_number Ethernet_type port number The Ethernet type is Fast Ethernet indicated by e For example and e3 stands for Fast Ethernet port 3 on a stand alone device whereas 1 e3 stands for Fast Ethernet port 3 on stacking unit 1 The ports may be described on an individual basis or within a range Use format port number port number to specify a set of consecutive ports and port number port number to indicate a set of non consecutive ports For example e1 3 stands for Ethernet ports 1 2 and 3 and el 5 stands for Ethernet ports 1 and 5 Keyboard Shortcuts The CLI has a range of keyboard shortcuts to assist in editing the CLI commands The following table describes the CLI shortcuts
141. ault configuration Command Mode Privileged EXEC mode User Guidelines There are no guidelines for this command Page 184 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example displays the Link Layer Discovery Protocol LLDP Media Endpoint Discovery MED configuration console show lldp med configuration Network policy 1 Application type Voice VLAN ID 2 tagged Layer 2 priority 0 DSCP 0 Port Capabilities Network policy Location POE 1 el Yes Yes Yes Yes 1 e2 Yes Yes Yes Yes 1 e3 Yes No No Yes console show lldp med configuration ethernet 1 1 Port Capabilities Network policy Location POE Network policies 1 2 Location Coordinates 54 53 c1 f7 51 57 50 ba 5b 97 27 80 00 00 67 01 show IIdp local The show Ildp local Privileged EXEC mode command displays the LLDP information advertised from a specific port Syntax show Ildp local ethernet interface Parameters interface Ethernet interface Command Mode Privileged EXEC mode Page 185 LLDP Commands User Guidelines There are no user guidelines for this command Example The following example displays the Link Layer Discovery Protocol LLDP information that is advertised from the Ethernet interface consolef show lldp local ethernet 1 el Device ID 0060 704C 73FF Port ID 1 Capabilities Bridge System Name ts 7800 1 System description Port description an
142. ault setting Syntax name string no name Parameters e string MST configuration name Case sensitive Range 1 32 characters Default Configuration The default name is a bridge ID Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command Example The following example defines the configuration name as region1 console config spanning tree mst configuration console config mst name region 1 revision mst The revision MST configuration command defines the configuration revision number Use the no form of this command to return to the default configuration Syntax revision value no revision Page 275 Spanning Tree Commands Parameters e value Configuration revision number Range 0 65535 Default Configuration The default configuration revision number is 0 Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the configuration revision to 1 console config spanning tree mst configuration console config mst revision 1 show mst The show MST Configuration mode command displays the current or pending MST region configuration Syntax show current pending Parameters e current Indicates the current region configuration pending ndicates the pending region configuration Default Configuration This command has
143. base is accurate Simple Network Time Protocol SNTP is enabled and configured The switch writes binding changes to the binding file only when the switch system clock is synchronized with SNTP Example The following example configures the DHCP snooping binding file console config ip dhcp snooping database ip dhcp snooping database update freq The ip dhcp snooping database update freq Global Configuration mode command configures the update frequency of the DHCP snooping binding file Use the no form of this command to return to default Syntax ip dhcp snooping database update freq seconds no ip dhcp snooping database update freq Page 96 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters e seconds Specify in seconds the update frequency Range 600 86400 Default Configuration 1200 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the update frequency of the DHCP snooping binding file console config ip dhcp snooping database update freq 1500 ip dhcp snooping binding The ip dhcp snooping binding Privileged EXEC mode command configures the DHCP snooping binding database and adds binding entries to the database Use the no form of this command to delete entries from the binding database Syntax ip dhcp snooping binding mac address vlan id ip add
144. bits The format is the MAC address format e host Specifies all 1 s mask e group Specifies the group number Range 1 2147483647 Default Configuration This command has no default configuration Command Mode VLAN Configuration mode User Guidelines There are no user guidelines for this command Example The following example maps a MAC address or a range of MAC addresses to a group of MAC addresses console config vlan database console config vlan map mac 00 08 78 32 98 78 9 macs group 1 interface ethernet e17 show vlan macs group The show vlan macs group privileged EXEC command displays MAC group information Syntax show vlan macs group Page 353 VLAN Commands Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays macs groups information console show vlan macs groups MAC Address Mask Group ID 0060 704C 73FF FFFF FFFF 0000 1 0060 704D 73FF FFFF FFFF 0000 1 switchport forbidden vlan The switchport forbidden vlan Interface Configuration mode command forbids adding specific VLANs to a port Use the no form of this command to return to the default configuration Syntax switchport forbidden vlan add vian list remove vian list Parameters add vian list Sp
145. bling DHCP Snooping on the device Chapter 8 Ethernet Configuration Commands Configure multiple Ethernet type interfaces Chapter 9 GVRP Commands Display the GARP VLAN Registration Protocol GVRP configuration information enable GVRP globally or on an interface Chapter 10 IGMP Snooping Commands Enable the Internet Group Management Protocol IGMP snooping Chapter 11 IP Addressing Commands Define a default gateway set an IP address for interface delete entries from the host Chapter 12 IPv6 Addressing Commands Define addressing commands for the IPv6 protocol Chapter 13 Line Commands Display line parameters enable the command history function or configure the command history buffer size Chapter 14 DHCP Option 82 Commands DHCP with Option 82 attaches authentication messages to the packets sent from the host DHCP passes the configuration information to hosts on a TCP IP network This permits network administrators to limit address allocation authorized hosts Chapter 15 IP DHCP Relay Defines Dynamic Host Configuration Protocol DHCP relay features on the router Chapter 16 LACP Commands Specify LACP system and port priority and display LACP information e Chapter 17 LLDP Commands Define commands for use with LLDP Chapter 18 Login Banner Commands Display login banner commands Chapter 19 Management ACL Commands Define a perm
146. boot system image 1 show running config The show running config Privileged EXEC mode command displays the contents of the currently running configuration file Page 89 Configuration and Image File Commands Syntax show running config Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the contents of the running configuration file console show running config software version 1 1 hostname device interface ethernet 1 el ip address 176 242 100 100 255 255 255 0 duplex full speed 1000 interface ethernet 1 e2 ip address 176 243 100 100 255 255 255 0 duplex full speed 1000 show startup config The show startup config Privileged EXEC mode command displays the contents of the startup configuration file Syntax show startup config Parameters This command has no arguments or keywords Page 90 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the contents of the running configuration file console show startup config software version 1 1 h
147. bove Field Description Octets The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets Packets The total number of packets including bad packets Broadcast packets and Multicast packets received Broadcast The total number of good packets received and directed to the Broadcast address This does not include Multicast packets Multicast The total number of good packets received and directed to a Multicast address This number does not include packets directed to the Broadcast address CRC Align Errors The total number of packets received with a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but with either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Collisions The best estimate of the total number of collisions on this Ethernet segment Undersize Pkts The total number of packets received less than 64 octets long excluding framing bits but including FCS octets and otherwise well formed Oversize Pkts The total number of packets received longer than 1518 octets excluding framing bits but including FCS octets and otherwise well formed Fragments The total number of packets received less than 64 octets in length excluding framing bits but including F
148. cccnnnnanccncnnnnnnecn cnn nnnnc cnn nan cnn crac nne cnn 364 crypto certificate request iii A thet dated A ATAR 365 crypto certificate IMPOMs vei ee A E a ee ea eae eee ele en 367 IP Mips COMIC ALS naa Fh haeeeds see aces REA A ra e deers 368 show crypto certificate MyCertificate 0 0 0 eee eeteee eee eeete ee eee eee ae eee ee ea anes ee ee ta anaes eee eaaaeee anar rra 369 SHOW D TIID ui ceca n be REA OEE AEE stv E E 2 ida iia 369 Show Ip https it ln ee Bl ce ne hy 370 Chapter 37 802 1x CONMANOS iia i 372 ada authentication dot X id dd eee tes 372 dotix system auth Control cit een Ed cae 372 HOLL POMECOMUMOl mirta tiles 373 dot1 x re authentication cii ii ne aiaee A eel deere 374 dot1x timeout re authperiod oo eee cece eeeececeeeeeeeceeeeeeeecaeeesaaaecaeeesaaaaaaaeeeaaaeaaeeeseaaaaaeeeseseeaeaeesneaeenenes 374 doti x re authenticate A ee a i 375 dot1x timeout guet pend cesia a t e e a eea A EE E RER aA 376 dot x timeout Depandans el ed en cee tne eg os rca ee eee 376 COLT XS IN Eh E T E N EEE E E E E EE EEE PEE TE T evetbocbeg coves 377 doti x timeout Supp timeOut a ceil ial eee ee en eee 378 dot1x timeout Server tiMCOUt oe eee een e iaaa araea ea EA naa ae ee eee a ar aei e eE 378 SHOW GOl TX vriecec vetting ave nee elected el endtlo de develo EEA nine Ded casi peas tenella elon 379 EES OE E RE EEE N E Ad ica 381 show dot x statistics siaii eiti A A ee A eel en 383 d tt autho Tog iii tai daa a e eaa aa A aAA T
149. ce port channel port channel number Parameters interface A valid Ethernet port Full syntax unit port port channel number A valid port channel number Default Configuration This command has no default configuration Page 110 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the status of all configured interfaces consolef show interfaces status Port Type Duplex Speed Neg Flow Link Back Mdix Ctrl State Pressure Mode el 00M Copper Down e2 00M Copper Down e3 00M Copper F SF 7 Down os el 00M Copper os a Ar ER Down e5 00M Copper Full 100 Enabled off Up Disabled Auto e6 00M Copper Down e7 00M Copper ra o Down a e8 00M Copper os o a Down a e9 00M Copper Down e10 00M Copper Ss Down ell 00M Copper D Ez Down oS e12 00M Copper aa ra e Down FF e13 00M Copper Down el4 00M Copper St Down e15 00M Copper Fa a ss SR Down gt el6 00M Copper 53 E Down e17 00M Copper a Down el8 00M Copper Down el9 00M Copper gt o Down gt show interfaces description The show interfaces description Privileged EXEC mode command display
150. ce Configuration mode User Guidelines Configure as trusted ports those that are connected to a DHCP server or to other switches or routers Configure as untrusted ports those that are connected to DHCP clients Example The following example configures a port as trusted for DHCP snooping purposes console console configure console config interface ethernet 1 el console config if ip dhcp snooping trust console config if Page 94 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide ip dhcp snooping information option allowed untrusted The ip dhcp snooping information option allowed untrusted Global Configuration mode command configures a switch to accept DHCP packets with option 82 information from an untrusted port Use the no form of this command to configure the switch to drop these packets from an untrusted port Syntax ip dhcp snooping information option allowed untrusted no ip dhcp snooping information option allowed untrusted Parameters This command has no arguments or keywords Default Configuration Discard DHCP packets with option 82 information from an untrusted port Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the switch to accept DHCP packets with option 82 information from an untrusted port console config ip dhcp snooping information option allowed unt
151. ckets received during this sampling interval that were less than 64 octets long excluding framing bits but including FCS octets and were otherwise well formed Oversize The number of packets received during this sampling interval that were longer than 1518 octets excluding framing bits but including FCS octets but were otherwise well formed Fragments The total number of packets received during this sampling interval that were less than 64 octets in length excluding framing bits but including FCS octets had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error It is normal for ether History Fragments to increment because it counts both runts which are normal occurrences due to collisions and noise hits Jabbers The number of packets received during this sampling interval that were longer than 1518 octets excluding framing bits but including FCS octets and had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Page 235 RMON Commands Dropped The total number of events in which packets were dropped by the probe due to lack of resources during this sampling interval This number is not necessarily the number of packets dropped it is just the number of times this condition has been detected Collisions The best
152. conds History 10 Page 160 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide SSH configuration Interactive timeout 10 minutes 10 seconds History 10 Page 161 DHCP Option 82 Commands Chapter 14 DHCP Option 82 Commands ip dhcp information option The ip dhep information option Global Configuration mode command enables Dynamic Host Configuration Protocol DHCP option 82 data insertion Use the no form of this command to disable DHCP option 82 data insertion Syntax ip dhcp information option no ip dhcp information option Parameters This command has no arguments or keywords Default Configuration DHCP option 82 data insertion is enabled Command Mode Global Configuration mode User Guidelines DHCP option 82 is enabled only if DHCP snooping or DHCP relay are enabled Example The following example enables DHCP option 82 data insertion console config ip dhcp information option show ip dhcp information option The show ip dhcp information option EXEC mode command Displays the DHCP option 82 configuration Syntax show ip dhcp information option Parameters This command has no arguments or keywords Default Configuration DHCP option 82 data insertion is enabled Page 162 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command Example
153. copy The copy Privileged EXEC mode command copies files from a source to a destination Syntax copy source url destination url Parameters e source url The source file location URL or reserved keyword of the source file to be copied Range 1 160 characters e destination url The destination file URL or reserved keyword of the destination file Range 1 160 characters The following table displays keywords and URL prefixes Keyword Source or Destination flash Source or destination URL for flash memory It s the default in case a URL is specified without a prefix flash startup config Source is the startup config file in flash memory flash image Source is an image file on flash memory running config Represents the current running configuration file startup config Represents the startup configuration file image If the source file represents the active image file If the destination file represents the non active image file boot Boot file tftp Source or destination URL for a TFTP network server The syntax for this alias is tftp host directory filename The host can be IPv4 address IPv6 address or hostname xmodem Source for the file from a serial connection that uses the Xmodem protocol logging Copy from a syslog file unit member image Image file on one of the units To copy from the master to all units specify in the me
154. ct dE AA dt A daa IDEA 152 Show ipv neighbor S euses pt a ee ee a 153 ClEANIPVE NSIQHDOMS siria adoro becaria 154 Chapter 13 Lime CommandsS oioicoiaona tner 155 OT 155 SPCC har ii aad iat EEE AE EA ae ea hea teat led a 155 AULOD AUG O a hay acahit ay gous Se OT te eaten 156 OXSCHIM O ieee erika 157 lire a TEE EE TEE E ret tet creer rence eceeerecrr err ATE E nce eerie rere ror cerca tries 157 MIST SIZE he teek a tent dan ohgeebln Seeks snptevatbeantions 158 terminal MISTOPY naci aid cido 158 terminal MSTO SIZO octetos 159 A O E ata atin tabs 160 Chapter 14 DHCP Option 82 Commands ccccseseeeeeeseeeeeeneeeeeeeeeeeeeeeesseeeeeeeeeeeeeeeneeeenees 162 ID ChCP INTOrMALION OPTION estra ARA AE EER EEE SERS E E BAERE EREE S 162 Show ip dhcp information OPtiON ooo occccnnnnnnnccnnnnnoccccnnnnnoncccnnn non nc cnn nan cnc E E EA TNR ER 162 Chapter 15 IP DHCP Relay cional ia 164 ip dhcp relay enable global srsti i iiitr e eE E nn rre E AA A 164 ip dhcp relay enable Interface oooonnoccccnnnnncccinnnncocccnnnnnnncncnnn nono no cnn nn nn cnn rra nn anna nn 164 ip dhep relay addroSS reiini id atts 165 SNOW ID OPOP TEAN ica a it di E A 165 Chapter 16 LACP CoOmmands i c oimiomomsriiaci reads 167 lacp system priority ui doo 167 lac POr PROTA EAPO R PAAA ade NE A da ita 168 ACM a1 era E A A AE 169 show laco athenere idad aldeas 170 show lacp port channel cocino e deed oda elder eth dee tens dade revere cent 172 Chapter
155. d Line Interface User s Guide Server Polling Encryption Key 17 6 1 L 8 Enabled 9 176 1 8 179 Disabled Disabled Broadcast Clients Enabled Anycast Clients Enabled Broadcast and Anycast Interfaces 1 el 1 e3 show sntp status The show sntp status Privileged EXEC mode command shows the status of the Simple Network Time Protocol SNTP Syntax show sntp status Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows the status of the SNTP Console show sntp status Clock is synchronized stratum 4 reference is 176 1 1 8 unicast Reference time is AFE2525E 70597B34 00 10 22 438 PDT Jul 5 1993 Unicast servers Server Status Last response Offset Delay mSec mSec 176 1 1 8 Up 19 58 22 289 PDT Feb 19 2002 7 33 117 79 Page 83 Clock Commands 176 1 8 179 Unknown 12 17 17 987 PDT Feb 19 2002 8 98 189 19 Anycast server Server Interface Status Last response Offset Delay mSec mSec 176 1 11 8 VLAN 118 Up 9 53 21 789 PDT Feb 19 2002 Tadg 119 89 Broadcast Interface Interface Last response IES Ph VLAN 119 19 17 59 792 PDT Feb 19 2002 Page 84 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 6 Configuration and Image File Commands
156. d enter a concatenated hexadecimal string of the MD5 key MSB and the privacy key LSB If authentication is only required 16 bytes should be entered if authentication and privacy are required 32 bytes should be entered Each byte in the hexadecimal character string is two hexadecimal digits Each byte can be separated by a period or colon 16 or 32 bytes auth sha key sha des keys Indicates the HMAC SHA 96 authentication level The user should enter a concatenated hexadecimal string of the SHA key MSB and the privacy key LSB If authentication is only required 20 bytes should be entered if authentication and privacy are required 36 bytes should be entered Each byte in the hexadecimal character string is two hexadecimal digits Each byte can be separated by a period or colon 20 or 36 bytes Default Configuration No group entry exists Command Mode Global Configuration mode User Guidelines If auth md5 or auth sha is specified both authentication and privacy are enabled for the user When a show running config Privileged EXEC mode command is entered a line for this user will not be displayed To see if this user has been added to the configuration type the show snmp users Privileged EXEC mode command An SNMP EnginelD has to be defined to add SNMP users to the device Changing or removing the SNMP EnginelD value deletes SNMPv3 users from the device s database The remote engineid designates the remote management stat
157. dcast client enable onnccccnnnninicinononaccccnnnnnoncncnnnnnnrn nc corran cnn rra rra 77 sntp anycast client enable erecode i tE i i i ieda E i lii 77 sntp client enable Interface olearia ea E E E AEE EEEE R A 78 Page 3 Snip Unicast chent nad e a ll E 78 sntp unicast chont polls siet lala 79 SMP SOVET kisii iiras aonana iannis isapa tiea paaa aasduasy iaria basa dins aaria sata dn canina oad ainni ionini 80 SNOW Cloke ad E NS 81 Snow Sni conige raa A EAA EEE S AA AEE E EATE 82 ShOw Sntp Status ura aa Eaa Mareen a aa 83 Chapter 6 Configuration and Image File CommandS coconnccnnincninancnnannnananononancnnnnnn ranas 85 O A NN 85 A AO 87 dela it id lata at rt aia E E 88 DO0t Syste a A a 89 SHOW FUMIMING CONTIG a A A Ea iaa 89 SOOWSTA UPC iv ead eee i eee eee a es le ne 90 SNOW GOO GN a eaa a tees Meead des betetndg evs hadnt ote evens ety aad ee divine feos detev endear aY 91 Chapter 7 DHCP Snooping Commands cccceseeeeeeeeeeeeeeeeeeeeeeeneeeeeeeeeeeeeeeeeneeeeeeseeeeeeenss 93 Rod 22 3 a itea E EE a a eo eee ee 93 Ip dhep snooping Vian iii ir 93 ip dhicp Snooping TUS avion ae ea ade i ede 94 ip dhcp snooping information option allowed UNtrusted ooooccccccnnnccccccnnononannnanonana nano nnnnn conan nnnnn nn nn 95 ip dhep Snooping Verify cinco A dannii A E einer ies 95 IP dhcp SNOOPING database eee cece aerea eee aaea i aeaa aae a pa Ta eaa a at 96 ip dhcp snooping database Update fred oooooccccninniciccno
158. default is mac Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines A MAC address can be displayed in IP format only if it is in the range of 0100 5e00 0000 0100 5e7f ffff Page 64 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Examples The following examples display Multicast MAC address and IP Address Table information console show bridge multicast address table Multicast address table for VLANs in MAC GROUP bridging mode Vian MAC Address Type 1 0100 5e23 8787 static 1 01 00 5e 02 02 03 dynamic 19 01 00 5e 02 02 08 static 19 00 00 5e 02 02 08 dynamic Forbidden ports for multicast addresses Vlan MAC Address Ports 1 01 00 5e 02 02 03 2 8 19 01 00 5e 02 02 08 2 8 1 el 2 e2 1 el e8 1 e9 ell console show bridge multicast address table format ip Multicast address table for VLANs in MAC GROUP bridging mode Vlan IP MAC Address Type ll 0100 9923 8787 static 1 224 239 130 2 2 3 dynamic 19 224 239 130 2 2 8 static 19 224 239 130 2 2 8 dynamic Forbidden ports for multicast addresses Vlan IP MAC Address Ports 1 224 239 130 2 2 3 2 8 19 224 239 130 2 2 8 2 8 l el 2 e2 1 el e8 1 e9 ell Address Table Commands N Note A Multicast MAC address maps to multiple IP addresses as shown above show bridge multicast address table static The show bridge multicast address table static Privil
159. device System name The neighbor device administratively assigned name Capabilities The capabilities discovered on the neighbor device Possible values are B Bridge R Router W WLAN Access Point e T Telephone D DOCSIS cable device H Host e r Repeater e O Other System description The system description of the neighbor device Port description The port description of the neighbor device Management address The management address of the neighbor device Auto negotiation support Specifies if the port supports auto negotiation Auto negotiation status Specifies if auto negotiation is enabled on the port Page 189 LLDP Commands Field Description Auto negotiation Advertised Capabilities The speed duplex flow control capabilities of the port that are advertised by the auto negotiation Operational MAU type Indicates the MAU type of the port LLDP MED Capabilities Defines the sender s LLDP MED capabilities Device type Contains a value that indicates whether the sender is a Network Connectivity Device or Endpoint Device and if an Endpoint the Endpoint Class t which it belongs LLDP MED Network Policy Application type Indicates the primary function of the application defined for this network policy Flags Unknown policy Policy is required by the device but is currently unknown T
160. e Example The following example configures the source IP address used for communication with RADIUS servers to 10 1 1 1 console config radius server source ip 10 1 1 1 radius server source ipv6 The radius server source ipv6 Global Configuration mode command specifies the source IP address used for IPv6 communication with the RADIUS servers Use the no form of this command to return to the default configuration Syntax radius server source ipv6 source no radius server source ipv6 source Parameters e source Specifies a valid source IPv6 address Default Configuration The source IP address is the IP address of the outgoing IP interface Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the source IP address used for IPv6 communication with the RADIUS servers console config radius server source ipv6 3156 98 radius server timeout The radius server timeout Global Configuration mode command sets the interval during which the device waits for a server host to reply Use the no form of this command to return to the default configuration Syntax radius server timeout timeout no radius server timeout Parameters timeout Specifies the timeout value in seconds Range 1 30 Page 227 Radius Commands Default Configuration The timeout value is 3 seconds Command Mode Global
161. e The following example displays RADIUS server settings consolef show radius servers IP address Port Port Acc Time Ret Auth out rans 192 168 1 10 1812 1813 Global Global 1 Global values TimeOut 3 Retransmit 3 Deadtime 0 Source IP 0 0 0 0 DeadTime Source IP Global Global Priority Usage Page 229 Chapter 26 RMON Commands RMON Commands show rmon statistics The show rmon statistics User EXEC mode command displays RMON Ethernet statistics Syntax show rmon statistics ethernet interface number port channel port channel numben Parameters interface number Valid Ethernet port port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays RMON Ethernet statistics for Ethernet port 1 e1 console gt show rmon statistics ethernet 1 el Port 1 el Octets 878128 Packets 978 Broadcast 7 Multicast 1 CRC Align Errors 0 Collisions 0 Undersize Pkts 0 Oversize Pkts 0 Fragments 0 Jabbers 0 64 Octets 98 65 to 127 Octets 0 128 to 255 Octets 0 512 to 1023 Octets 256 to 511 Octets 0 491 1024 to 1632 Octets 389 Page 230 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide The following table describes significant fields shown a
162. e back pressure Syntax back pressure no back pressure Parameters This command has no arguments or keywords Default Configuration Back pressure is enabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example In the following example back pressure is enabled on port 1 e5 console config interface ethernet 1 e5 console config if back pressure system flowcontrol Use system flowcontrol Global Configuration mode to enable flow control on cascade ports Use the no form of this command to disable it Syntax system flowcontrol no system flowcontrol Parameters This command has no arguments or keywords Page 106 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example In the following example enable flow control on cascade ports console config system flowcontrol clear counters The clear counters EXEC mode command clears statistics on an interface Syntax clear counters ethernet ethernet port channel port channel number Parameters ethernet Valid Ethernet port Full syntax unit port port channel number Valid port channel number Default Configuration This command ha
163. e been received by this Authenticator EapolRespldFramesRx The number of EAP Resp ld frames that have been received by this Authenticator EapolRespFramesRx The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator EapolReqldFramesTx The number of EAP Req ld frames that have been transmitted by this Authenticator EapolReqFramesTx The number of EAP Request frames other than Rq ld frames that have been transmitted by this Authenticator InvalidEapolFramesRx The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized EapLengthErrorFramesRx The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid LastEapolFrameVersion The protocol version number carried in the most recently received EAPOL frame LastEapolFrameSource The source MAC address carried in the most recently received EAPOL frame dot1x auth not req The dot1x auth not req Interface Configuration VLAN mode command enables unauthorized devices access to the VLAN Use the no form of this command to disable access to the VLAN Syntax dot1x auth not req no dot1x auth not req Parameters This command has no arguments or keywords Default Configuration Access is enabled Page 384 Allied Telesis AT 8000S S94 3 0 Command Line
164. e description Interface Configuration Ethernet port channel mode command adds a description to an interface Use the no form of this command to remove the description Syntax description string no description Parameters string Comment or a description of the port to enable the user to remember what is attached to the port Range 1 64 characters Default Configuration The interface does not have a description Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example adds a description to Ethernet port 1 e5 console config interface ethernet 1 e5 console config if description RD SW 3 speed The speed Interface Configuration Ethernet port channel mode command configures the speed of a given Ethernet interface when not using auto negotiation Use the no form of this command to restore the default configuration Syntax speed 10 100 1000 no speed Parameters e 10 Forces 10 Mbps operation e 100 Forces 100 Mbps operation e 1000 Forces 1000 Mbps operation Default Configuration Maximum port capability Page 102 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Interface Configuration Ethernet port channel mode User Guidelines The no speed command in a port channel context returns each port in the port channel to its max
165. e from becoming the root port of the device Use the no form of this command to disable root guard on the interface Syntax spanning tree guard root no spanning tree guard root Parameters This command has no arguments or keywords Default Configuration Root guard is disabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines Root guard can be enabled when the device operates in STP RSTP and MSTP When root guard is enabled the port changes to the alternate state if soanning tree calculations selects the port as the root port Example The following example prevents Ethernet port 1 e1 from being the root port of the device console config interface ethernet 1 el console config mst spanning tree guard root Page 269 Spanning Tree Commands spanning tree bpduguard The spanning tree bpduguard Interface Configuration Ethernet port channel mode command shuts down an interface when it receives a bridge protocol data unit BPDU Use the no form of this command to restore the default co Syntax nfiguration spanning tree bpduguard no spanning tree bpduguard Parameters This command has no arguments or keywords Default Configuration The default configuration is set to disabled Command Mode Interface Configuration Ethernet port channel mode User Gu idelines You can enable the command when the spanning tree is enabled useful when the port i
166. e in id 346 SWITCH POMO cti A Ta 347 Switchport access Vian cla ee eg IN Ra bd 348 switchport trunk allowed VIAN eaer eee eeeeaaeeeeeeeeaaeeeeeeeaaeeeeeeeeaaeeeeeeeeaaeeeeeseaaeeeeeeenaaeeesenaees 348 switchport trunk native Vian ici a ities aii eerie 349 switchport general allowed Vl2D ooooonnccccnnnnnonccccnnnnocnncccnnnoncnn conan cnn nro nnnn nn arena rre 349 switchport general Uli dd 350 switchport general ingress filtering diSAble ooonnoncccinnnnnnccnnnnnocccncnnnnccnnnnonnaann cnn cnn n cnn rr nana nn r rra 351 switchport general acceptable frame type tagged Only c ooooocccconcoccccccononcnononanannnnnonann conc n nana n nn rra 351 switchport general Map macs group Vlan ooooocccconnoccccccnnnconnnncnancnnnnncnnno nono nnnnnn nn cnn cnn nn nn nr nnnnn rra r rana nan 352 map mac Mmacs grouper erna add de a is 353 ShoW Vlan Macs QrdU PD core lida A le Laie atieviestionatedanes 353 switchport forbidden lA a AA A ieee 354 pinterna Usage MM taa tudes etna ado 355 Page 11 SNOW VAMO 356 show Vlan InternalUsaJDo c citada eaten 356 show interfaces SWIICOPOT eniris a a a EEE E ET EAE R 357 Chapter 36 Web Server CommandS ommcccconcccccccnnnnancccnnnncnnnnnn cren cerraran 361 TERNURA E E E N EE 361 OHUD Polaca a coi 361 ip http exec timeout meninin naen A do 362 MaRS ARS E E E ETEA O S ESE E ES A SEE EE ESEE 362 Ip HIPS Odia A ee ata 363 Ip Nips exet Timeout ita 364 Crypto certificate generate oomoococcnnnnccccnonnonc
167. e inline power consumption console show power inline power consumption Port Power Limit W Power W Voltagel V Current mA 1 e1 15 4 4 115 50 8 81 2 e2 15 4 4 157 50 7 82 3 e2 15 4 4 021 50 9 79 show power inline version The show power inline version User EXEC mode command displays the power inline microcontroller s software version Syntax show power inline version unit unit Parameters unit Number of the unit running the software Range 1 6 Page 213 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information about inline power console show power inline version Unit Software version 1 15 L2 2 1 12 Power over Ethernet Commands Page 214 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 24 QoS Commands qos The qos Global Configuration mode command enables quality of service QoS on the device Use the no form of this command to disable QoS on the device Syntax qos no qos Parameters This command has no arguments or keywords Default Configuration QoS is disabled on the device Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables QoS on the device console config qos
168. e source Specifies the source IP address to use for the communication 0 0 0 0 indicates a request to use the IP address of the outgoing IP interface priority Determines the order in which the TACACS servers are used where 0 is the highest priority Range 0 65535 Default Configuration No TACACS host is specified If no port number is specified default port number 49 is used If no host specific timeout key string or source value is specified the global value is used If no TACACS server priority is specified default priority O is used Command Mode Global Configuration mode User Guidelines Multiple tacacs server host commands can be used to specify multiple hosts Page 310 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example specifies a TACACS host console config tacacs server host 172 16 1 1 tacacs server key The tacacs server key Global Configuration mode command sets the authentication encryption key used for all TACACS communications between the device and the TACACS daemon Use the no form of this command to disable the key Syntax tacacs server key key string no tacacs server key Parameters e key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encryption used on the TACACS daemon Range 0 128 characters De
169. e state of logging and the syslog messages stored in the internal buffer console show logging Logging is enabled Console Logging Level info Console Messages 223 Dropped Buffer Logging Level info Buffer Messages 20 Logged 6 Displayed 20 Max File Logging Level error File Messages 27 Logged 1089 Dropped SysLog server 192 168 1 101 Port 514 Logging info Messages 216 Dropped 3 messages were not logged Application filtering control Application Event Status AAA Login Enabled File system Copy Enabled File system Delete Rename Enabled Management ACL Deny Enabled Page 306 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide 29 Nov 2007 17 46 02 oe LINK I Up 2 e16 29 Nov 2007 17 46 02 oe LINK I Up Vlan 1 29 Nov 2007 17 45 59 oe LINK W Down 3 e14 29 Nov 2007 17 45 59 oe LINK W Down Vlan 1 29 Nov 2007 17 36 58 SAAA I CONNECT New http connection for user Admin source 192 168 1 96 destination 192 168 1 25 ACCEPTED 29 Nov 2007 17 36 36 SAAA W REJECT New http connection for user manager sourc e 192 168 1 96 destination 192 168 1 25 REJECTED console show logging file The show logging file Privileged EXEC mode command displays the state of logging and the syslog messages stored in the logging file Syntax show logging file Parameters This command has no arguments or keywords Default Configuration This command
170. e telnet session Example The following example specifies the default authentication method for a console Console config line console Console config line login authentication default Page 41 AAA Commands enable authentication The enable authentication Line Configuration mode command specifies the authentication method list when accessing a higher privilege level from a remote telnet or console Use the no form of this command to return to the default configuration specified by the aaa authentication enable command Syntax enable authentication default ist name no enable authentication Parameters default Uses the default list created with the aaa authentication enable command list name Uses the indicated list created with the aaa authentication enable command Default Configuration Uses the default set with the aaa authentication enable command Command Mode Line Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the default authentication method when accessing a higher privilege level from a console Console config line console Console config line enable authentication default ip http authentication The ip http authentication Global Configuration mode command specifies authentication methods for HTTP server users Use the no form of this command to return to the default configuration
171. ecifies the list of VLAN IDs to be added Separate nonconsecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs remove vlan list Specifies the list of VLAN IDs to be removed Separate nonconsecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs Default Configuration All VLANs are allowed Command Mode Interface Configuration Ethernet port channel mode User Guidelines This command can be used to prevent GVRP from automatically making the specified VLANs active on the selected ports Page 354 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example forbids adding VLAN IDs 234 to 256 to Ethernet port 1 e16 console config interface ethernet 1 e16 console config if switchport forbidden vlan add 234 256 ip internal usage vlan The ip internal usage vlan Interface Configuration mode command reserves a VLAN as the internal usage VLAN of an interface Use the no form of this command to return to the default configuration Syntax ip internal usage vlan vian id no ip internal usage vlan Parameters e vlan id Specifies the ID of the internal usage VLAN Default Configuration The software reserves a VLAN as the internal usage VLAN of an interface Command Mode Interface Configuration Ethernet port channel mode User Guidelines An internal usage VLAN is required when an IP interface is configured on an
172. ecurity model e v3 Indicates the SNMP Version 3 security model noauth Indicates no authentication of a packet Applicable only to the SNMP Version 3 security model auth Indicates authentication of a packet without encrypting it Applicable only to the SNMP Version 3 security model e priv Indicates authentication of a packet with encryption Applicable only to the SNMP Version 3 security model e readview Specifies a string that is the name of the view that enables only viewing the contents of the agent If unspecified all objects except for the community table and SNMPv3 user and access tables are available e writeview Specifies a string that is the name of the view that enables entering data and configuring the contents of the agent If unspecified nothing is defined for the write view e notifyview Specifies a string that is the name of the view that enables specifying an inform or a trap If unspecified nothing is defined for the notify view Applicable only to the SNMP Version 3 security model Default Configuration No group entry exists Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example attaches a group called user group to SNMPv3 and assigns to the group the privacy security level and read access rights to a view called user view console config snmp server group user group v3 priv read user view
173. eged EXEC mode command displays statically configured Multicast addresses Syntax show bridge multicast address table static vlan vlan id address mac multicast address Parameters vian id A valid VLAN ID value e mac multicast address A valid MAC Multicast address p multicast address A valid IP Multicast address e p address Source IP address Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines A MAC address can be displayed in IP format only if it s in the range 0100 5e00 0000 through 0100 5e7f ffff Example The following example displays Multicast MAC address and IP Address Table information console show bridge multicast address table static Multicast address table for VLANs in MAC GROUP bridging mode Vian MAC Address Type Ports 1 0100 5e23 8787 static 1l el 2 e2 Forbidden ports for multicast addresses Vlan MAC Address Ports console show bridge multicast filtering The show bridge multicast filtering User EXEC mode command displays Multicast filtering configuration Page 66 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Syntax show bridge multicast filtering vian id Parameters vian id VLAN ID value Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command
174. eighbor discovery cache learned through the IPv6 neighbor discovery process the entry is automatically converted to a static entry Anew static neighbor entry with a global address can only be configured if a manually configured subnet already exists in the device e Use the show ipv6 neighbors command to view static entries in the IPv6 neighbor discovery cache Page 152 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example configures a static entry in the IPv6 neighbor discovery cache console config ipv6 neighbor fe80 33 00 11 22 33 44 55 ethernet e5 show ipv6 neighbors The show ipv6 neighbors Privileged EXEC mode command displays IPv6 neighbor discovery cache information Syntax show ipv6 neighbors static dynamic ipv6 address pv6 address mac address mac address ethernet interface number vlan vlan id port channel number Parameters e static Displays static neighbor discovery cashe entries dynamic Displays dynamic neighbor discovery cashe entries e ipv6 address Displays the neighbor discovery cache information entry of a specific IPv6 address mac address Displays the neighbor discovery cache information entry of a specific MAC address ethernet interface number Displays the neighbor discovery cache information entry of a specific Ethernet port interface vlan vian id Displays the neighbor discovery cache i
175. enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables logging messages related to file copy operations console config file system logging copy management logging The management logging Global Configuration mode command enables logging management Access List ACL events Use the no form of this command to disable logging management Access List events Syntax management logging deny no management logging deny Parameters deny Indicates logging messages related to deny actions of management ACLs Default Configuration Logging management ACL deny events is enabled Command Mode Global Configuration mode User Guidelines Other types of management ACL events are not subject to this command Example The following example enables logging messages related to deny actions of management ACLs console config management logging deny Page 305 Syslog Commands show logging The show logging Privileged EXEC mode command displays the state of logging and the syslog messages stored in the internal buffer Syntax show logging Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays th
176. er Guidelines There are no user guidelines for this command Example The following example displays GVRP statistical information GVRP Commands Console gt show gvrp error statistics GVRP Error Statistics Legend INVPROT Invalid Protocol Id INVALEN INVATYP Invalid Attribute Type INVEVENT INVAVAL Invalid Attribute Value Port INVPROT INVATYP INVAVAL INVALEN INVEVENT Invalid Attribute Length Invalid Event Page 124 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 10 IGMP Snooping Commands N Note In order to enable IGMP snooping the user must enable bridge Multicast filtering ip igmp snooping Global The ip igmp snooping Global Configuration mode command enables Internet Group Management Protocol IGMP snooping Use the no form of this command to disable IGMP snooping Syntax ip igmp snooping no ip igmp snooping Parameters This command has no arguments or keywords Default Configuration IGMP snooping is disabled Command Mode Global Configuration mode User Guidelines IGMP snooping can only be enabled on static VLANs Example The following example enables IGMP snooping console config ip igmp snooping ip igmp snooping Interface The ip igmp snooping Interface Configuration VLAN mode command enables Internet Group Management Protocol IGMP snooping on a specific VLAN Use the no form of this command to disable IGMP s
177. er input is detected to 20 minutes console config line console console config line exec timeout 20 history The history Line Configuration mode command enables the command history function Use the no form of this command to disable the command history function Syntax history no history Parameters This command has no arguments or keywords Default Configuration The command history function is enabled Command Mode Line Configuration mode Page 157 Line Commands User Guidelines This command enables the command history function for a specified line To enable or disable the command history function for the current terminal session use the terminal history user EXEC mode command Example The following example enables the command history function for telnet console config line telnet console config line history history size The history size Line Configuration mode command configures the command history buffer size for a particular line Use the no form of this command to reset the command history buffer size to the default configuration Syntax history size number of commands no history size Parameters number of commands Number of commands that the system records in its history buffer Range 10 247 Default Configuration The default history buffer size is 10 Command Mode Line Configuration mode User Guidelines This command configures the command history buff
178. er location text no snmp server location Parameters text Specifies a string that describes system location information Range 0 160 characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Do not include spaces in the text string or place text that includes spaces inside quotation marks Example The following example defines the device location as New_York console config snmp server location New_York snmp server set The snmp server set Global Configuration mode command defines the SNMP MIB value Syntax snmp server set variable name name value1 name2 value Page 254 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters variable name MIB variable name name value List of name and value pairs In the case of scalar MIBs only a single pair of name values In the case of an entry in a table at least one pair of name and value followed by one or more fields Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Although the CLI can set any required configuration there might be a situation where a SNMP user sets a MIB variable that does not have an equivalent command In order to generate configuration files that support those situations the snmp server set command is used This command is case sensit
179. er size for a particular line To configure the command history buffer size for the current terminal session use the terminal history size User EXEC mode command Example The following example changes the command history buffer size to 100 entries for a particular line console config line history size 100 terminal history The terminal history user EXEC command enables the command history function for the current terminal session Use the no form of this command to disable the command history function Syntax terminal history terminal no history Page 158 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters This command has no arguments or keywords Default Configuration The default configuration for all terminal sessions is defined by the history line configuration command Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example disables the command history function for the current terminal session console terminal no history terminal history size The terminal history size user EXEC command configures the command history buffer size for the current terminal session Use the no form of this command to reset the command history buffer size to the default setting Syntax terminal history size number of commands terminal no history size Parameters number of commands Specifies the n
180. ere the address is specified in hexadecimal using 16 bit values between colons Default Configuration No IPv6 access list is defined Command Mode IPv6 access list configuration Page 31 ACL Commands User Guidelines IPv6 Syntax The 128 bit IPv6 address format is divided into eight groups of four hexadecimal digits Abbreviation of this format is done by replacing a group of zeros with double colons The IPv6 address representation can be further simplified by suppressing the leading zeros All different IPv6 address formats are acceptable for insertion yet for display purposes the system displays the most abbreviated form which replaces groups of zeros with double colons and removes the leading zeros e Pv6 Prefixes While Unicast IPv6 addresses written with their prefix lengths are permitted in practice their prefix lengths are always 64 bits and therefore are not required to be expressed Any prefix that is less than 64 bits is a route or address range that is summarizing a portion of the IPv6 address space For every assignment of an IP address to an interface the system runs the Duplicate Address Detection algorithm to ensure uniqueness An intermediary transition mechanism is required for IPv6 only nodes to communicate with IPv6 nodes over an IPv4 infrastructure The tunneling mechanism implemented is the Intra Site Automatic Tunnel Addressing Protocol ISATAP This protocol treats the IPv4 network as a v
181. erface Configuration mode command limits the rate of the incoming traffic The no form of this command is used to disable rate limiting Syntax rate limit rate no rate limit Page 216 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters e rate Maximum kilobits per second of ingress traffic on a port Range 1 1000000 Default Configuration 1000 Kbits Sec Command Mode Interface Configuration Ethernet mode User Guidelines The command can be enabled on a specific port only if port storm control Broadcast enable interface configuration command is not enabled on that port Example The following example limits the rate of the incoming traffic to 62 Console config 1f rate limit 62 traffic shape The traffic shape Interface Configuration mode command sets a shaper on an egress interface Use the no form of this command to disable the shaper Syntax traffic shape committed rate no traffic shape Parameters committed rate The average traffic rate CIR in bits per second bps Range 64 10000 Default Configuration No shape is defined Command Mode Interface Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures a shaper on port e1 console config if traffic shape 50000 Page 217 QoS Commands show qos interface The show qos interface User EXEC mode c
182. erver with the specified address from the list of syslogs Syntax logging ipv4 address pv6 address hostname port porf severity level facility facility description tex no logging ipv4 adaress ipv6 address hostname Page 299 Syslog Commands Parameters e pv4 address Specifies the IPv4 address of the host to be used as a syslog server e Ipv6 address Specifies the IPv6 address of the host to be used as a syslog server e hostname Specifies the host name of the syslog server Range 1 158 characters e port Specifies the port number for syslog messages Range 1 65535 e level Specifies the severity level of logged messages sent to the syslog servers Possible values emergencies alerts critical errors warnings notices informational and debugging e facility Specifies the facility that is indicated in the message Possible values local0 local1 local2 local3 local4 local5 local 6 local7 e text Syslog server description Range 1 64 characters Default Configuration The default port number is 514 The default logging message level is informational The default facility is local7 Command Mode Global Configuration mode User Guidelines Up to 8 syslog servers can be used If no specific severity level is specified the global values apply to each server Example The following example limits logged messages sent to the syslog server with IP address 10 1 1
183. es for this command Example The following example displays the storm control configuration console show ports storm control Port State Rate Kbits Sec Included 1 e1 Enabled 70 Broadcast Multicast 2 e1 Enabled 100 Broadcast 3 e1 Disabled 100 Broadcast Page 117 GVRP Commands Chapter 9 GVRP Commands gvrp enable Global GARP VLAN Registration Protocol GVRP is an industry standard protocol designed to propagate VLAN information from device to device With GVRP a single device is manually configured with all desired VLANs for the network and all other devices on the network learn these VLANs dynamically The gvrp enable Global Configuration mode command enables GVRP globally Use the no form of this command to disable GVRP on the device Syntax gvrp enable no gvrp enable Parameters This command has no arguments or keywords Default Configuration GVRP is globally disabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables GVRP globally on the device console config gvrp enable gvrp enable Interface The gvrp enable Interface Configuration Ethernet port channel mode command enables GVRP on an interface Use the no form of this command to disable GVRP on an interface Syntax gvrp enable no gvrp enable Parameters This command has no arguments or keywords Page 118
184. es that the view type is included e excluded Indicates that the view type is excluded Default Configuration No view entry exists Command Mode Global Configuration mode User Guidelines This command can be entered multiple times for the same view record The number of views is limited to 64 No check is made to determine that a MIB node corresponds to the starting portion of the OID until the first wildcard Example The following example creates a view that includes all objects in the MIB II system group except for sysServices System 7 and all objects for interface 1 in the MIB II interface group console config snmp server view user view system included console config snmp server view user view system 7 excluded console config snmp server view user view ifEntry 1 included Page 245 SNMP Commands snmp server group The snmp server group Global Configuration mode command configures a new Simple Management Protocol SNMP group or a table that maps SNMP users to SNMP views Use the no form of this command to remove a specified SNMP group Syntax snmp server group groupname v1 v2 v3 noauth auth priv notify notifyview read readview write writeview no snmp server group groupname v1 v2 v3 noauth auth priv Parameters groupname Specifies the name of the group e vi Indicates the SNMP Version 1 security model e v2 Indicates the SNMP Version 2 s
185. est vlan enable no dot1x guest vlan enable Parameters This command has no arguments or keywords Default Configuration Disabled Command Mode Interface Configuration Ethernet mode User Guidelines A device can have only one global guest VLAN The guest VLAN is defined using the dot1x guest vlan Interface VLAN Configuration mode command Example The following example enables unauthorized users on Ethernet port 1 e1 to access the guest VLAN console configure console config interface ethernet 1 el console config 1f f dotlx guest vlan enable dot1x guest vlan timeout The dot1x guest vlan timeout Global Configuration mode command configures the delay from enabling 802 1X or port up to adding the port to the guest VLAN Use the no form of this command to return to default Syntax dot1x guest vlan timeout sec no dot1x guest vlan timeout sec Page 389 802 1x Commands Parameters e sec Specify the timeout in seconds Range 30 180 Default Configuration The guest VLAN is applied immediately Command Mode Global Configuration mode User Guidelines This command is relevant if the guest VLAN is enabled on the port Configuring the timeout adds delay from enabling 802 1X or port up to the time the switch puts the port in the guest VLAN Example The following example configures the delay from enabling 802 1X or port up to adding the port to the guest VLAN to 50 seconds console
186. estination destination wildcara any igmp type dscp number ip precedence number deny tcp disable port any source source wildcara any source port any destination destination wildcara any destination pork dscp number ip precedence number flags list of flags deny udp disable port any source source wildcara any source port any destination destination wildcara any destination pork dscp number ip precedence number Page 27 ACL Commands Parameters disable port The Ethernet interface is disabled if the condition is matched source Source IP address of the packet source wildcard Wildcard bits to be applied to the source IP address Use 1s in the bit position to be ignored destination Packet s destination IP address destination wildcard Wildcard bits to be applied to the destination IP address Use 1s in the bit position to be ignored protocol The name or number of an IP protocol Available protocol names icmp igmp ip tcp egp igp udp hmp rdp idpr idrp rsvp gre esp ah eigrp ospf ipip pim I2tp isis Range 0 255 dscp number Specifies the DSCP value ip precedence number Specifies the IP precedence value icmp type Specifies an ICMP message type for filtering ICMP packets Enter a number or one of the following values echo reply destination unreachable source quench redirect alternate host address echo request router advert
187. estination port dscp number ip precedence number Parameters source Source IP address of the packet source wildcard Wildcard bits to be applied to the source IP address Use 1s in the bit position to be ignored destination Destination IP address of the packet destination wildcard Wildcard bits to be applied to the destination IP address Use 1s in the bit position to be ignored protocol The name or the number of an IP protocol Available protocol names icmp igmp ip tcp egp igp udp hmp rdp idpr idrp rsvp gre esp ah eigrp ospf ipip pim I2tp isis Range 0 255 dscp number Specifies the DSCP value p precedence number Specifies the IP precedence value fragments The set of conditions is applied only to noninitial fragments icmp type Specifies an ICMP message type for filtering ICMP packets Enter a number or one of the following values echo reply destination unreachable source quench redirect alternate host address echo request router advertisement router solicitation time exceeded parameter problem timestamp timestamp reply information request information reply address mask request address mask reply traceroute datagram conversion error mobile host redirect mobile registration request mobile registration reply domain name request domain name reply skip photuris Range 0 255 icmp code Specifies an ICMP message code for filtering ICMP packets R
188. et port 1 e16 console config interface ethernet 1 e16 console config if switchport general allowed vlan add 2 5 6 tagged switchport general pvid The switchport general pvid Interface Configuration mode command configures the PVID when the interface is in general mode Use the no form of this command to return to the default configuration Syntax switchport general pvid vian id no switchport general pvid Parameters vlan id Specifies the PVID Port VLAN ID Default Configuration If the default VLAN is enabled PVID 1 Otherwise PVID 4095 Command Mode Interface Configuration Ethernet port channel mode Page 350 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide User Guidelines There are no user guidelines for this command Example The following example configures the PVID for Ethernet port 1 e16 when the interface is in general mode console config interface ethernet 1 e16 console config 1f switchport general pvid 234 switchport general ingress filtering disable The switchport general ingress filtering disable Interface Configuration mode command disables the ingress filtering of a port Use the no form of this command to enable the ingress filtering of a port Syntax switchport general ingress filtering disable no switchport general ingress filtering disable Parameters This command has no arguments or keywords Default Configuration Ingres
189. f log an entry is made in the log table for each event In the case of trap an SNMP trap is sent to one or more management stations Community If an SNMP trap is to be sent it is sent to the SNMP community specified by this octet string Owner The entity that configured this event Last time sent The time this entry last generated an event If this entry has not generated any events this value is zero show rmon log The show rmon log User EXEC mode command displays the RMON log table Syntax show rmon log event Page 241 Parameters e event Specifies the event index Range 0 65535 Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the RMON log table RMON Commands console gt show rmon log Maximum table size 500 Event Description Time 1 Errors Jan 18 2002 23 48 19 1 Errors Jan 18 2002 23 58 17 2 High Broadcast Jan 18 2002 23 59 48 console gt show rmon log Maximum table size 500 800 after reset Event Description Time 1 Errors Jan 18 2002 23 48 19 1 Errors Jan 18 2002 23 58 17 2 High Broadcast Jan 18 2002 23 59 48 The following table describes the significant fields shown in the display Field Description Event An index that uniquely identifies the event Description A comment describin
190. f the request is within a command enter backspace and erase the entered characters to a point where the request results in a display Help is provided when 1 There is a valid command and a help request is made for entering a parameter or argument e g show All possible parameters or arguments for the entered command are displayed 2 An abbreviated argument is entered and a help request is made for arguments matching the input e g show pr terminal datadump The terminal data dump User EXEC mode command enables dumping all the output of a show command without prompting Use the no form of this command to disable dumping Syntax terminal datadump no terminal datadump Parameters This command has no arguments or keywords Default Configuration Dumping is disabled Page 340 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode User EXEC mode User Guidelines By default a More prompt is displayed when the output contains more lines than can be displayed on the screen Pressing the Enter key displays the next line pressing the Spacebar displays the next screen of output The data dump command enables dumping all output immediately after entering the show command This command is relevant only for the current session Example This example dumps all output immediately after entering a show command console gt terminal datadump show history The show h
191. fault Configuration Empty string Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the authentication encryption key console config tacacs server key ati s tacacs server timeout The tacacs server timeout Global Configuration mode command sets the interval during which the device waits for a TACACS server to reply Use the no form of this command to return to the default configuration Syntax tacacs server timeout timeout no tacacs server timeout Parameters e timeout Specifies the timeout value in seconds Range 1 30 Page 311 TACACS Commands Default Configuration 5 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets the timeout value to 30 console config tacacs server timeout 30 tacacs server source ip The tacacs server source ip Global Configuration mode command configures the source IP address to be used for communication with TACACS servers Use the no form of this command to return to the default configuration Syntax tacacs server source ip source no tacacs server source ip source Parameters e source Specifies the source IP address Default Configuration The source IP address is the address of the outgoing IP interface Command Mode Global Configuration mode
192. fault mode for an added address is permanent Command Mode Interface Configuration VLAN mode User Guidelines Using the no form of the command without specifying a MAC address deletes all static MAC addresses belonging to this VLAN Example The following example adds a permanent static MAC layer station source address 3aa2 64b3 a245 on port 1 e16 to the bridge table console config interface vlan 2 console config if bridge address 3aa2 64b3 a245 ethernet 1 e16 permanent bridge multicast filtering The bridge multicast filtering Global Configuration mode command enables filtering of Multicast addresses Use the no form of this command to disable filtering of Multicast addresses Page 52 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Syntax bridge multicast filtering no bridge multicast filtering Parameters This command has no keywords or arguments Default Configuration Bridge Multicast filtering is disabled All Multicast addresses are flooded to all ports Command Mode Global Configuration mode User Guidelines e If routers exist on the VLAN do not change the unregistered Multicast addresses state to drop on the routers ports e If Multicast routers exist on the VLAN and IGMP snooping isn t enabled use the bridge multicast forward all command to enable forwarding all Multicast packets to the Multicast routers Example The following example enables bridge Multicast
193. ff Command Mode Interface Configuration Ethernet port channel mode User Guidelines Negotiation should be enabled for flow control auto Example In the following example flow control is enabled on port 1 e5 console config interface ethernet 1 e5 console config if flowcontrol on mdix The mdix Interface Configuration Ethernet mode command enables cable crossover on a given interface Use the no form of this command to disable cable crossover Syntax mdix on auto no mdix Parameters on Manual mdix auto Automatic mdi mdix Default Configuration The default setting is on Command Mode Interface Configuration Ethernet mode User Guidelines Auto All possibilities to connect a PC with cross or normal cables are supported and are automatically detected On It is possible to connect to a PC only with a normal cable and to connect to another device only with a cross cable No It is possible to connect to a PC only with a cross cable and to connect to another device only with a normal cable Page 105 Ethernet Configuration Commands Example In the following example automatic crossover is enabled on port 1 e5 console config interface ethernet 1 e5 console config 1f mdix auto back pressure The back pressure Interface Configuration Ethernet port channel mode command enables back pressure on a given interface Use the no form of this command to disabl
194. fig spanning tree mode rstp spanning tree forward time The spanning tree forward time Global Configuration mode command configures the spanning tree bridge forward time which is the amount of time a port remains in the listening and learning states before entering the forwarding state Use the no form of this command to return to the default configuration Syntax spanning tree forward time seconds no spamning tree forward time Parameters e seconds Time in seconds Range 4 30 Default Configuration The default forwarding time for the IEEE Spanning Tree Protocol STP is 15 seconds Command Modes Global Configuration mode User Guidelines When configuring the forwarding time the following relationship should be kept 2 Forward Time 1 gt Max Age Example The following example configures the spanning tree bridge forwarding time to 25 seconds console config spanning tree forward time 25 Page 262 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide spanning tree hello time The spanning tree hello time Global Configuration mode command configures the spanning tree bridge hello time which is how often the device Broadcasts hello messages to other devices Use the no form of this command to return to the default configuration Syntax spanning tree hello time seconds no spamning tree hello time Parameters e seconds Time in seconds Range 1 10 Default Co
195. figuration Command Mode Interface Configuration Ethernet Port Channel mode User Guidelines In advanced mode when an ACL is bound to an interface the port trust mode is set to trust 12 13 and not to 12 Example The following example binds services an ACL to Ethernet interface e2 console config interface ethernet e2 console config 1f service acl input macll show access lists The show access lists Privileged EXEC mode command displays Access Control Lists ACLs configured on the switch Syntax show access lists name Parameters name Name of the ACL Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Page 37 ACL Commands Example The following example displays access lists console show access lists IP access list ACL1 permit ip host 172 30 40 1 any permit rsvp host 172 30 8 8 any show interfaces access lists The show interfaces access lists Privileged EXEC mode command displays access lists applied on interfaces Syntax show interfaces access lists ethernet interface vlan vlan id port channel port channel number Parameters vlan id Specifies the ID of the VLAN interface The full syntax is unit port e port channel number Valid port channel Index Default Configuration This command has no default configuration
196. filtering console config bridge multicast filtering bridge multicast address The bridge multicast address Interface Configuration mode command registers MAC layer Multicast addresses to the bridge table and adds ports statically to the group Use the no form of this command to deregister the address Syntax bridge multicast address mac multicast address Parameters add Adds ports to the group If no option is specified this is the default option remove Removes ports from the group e mac multicast address A valid MAC Multicast address interface list Separate nonconsecutive Ethernet ports with a comma and no spaces a hyphen is used to designate a range of ports port channel number list Separate nonconsecutive port channels with a comma and no spaces a hyphen is used to designate a range of ports Default Configuration No Multicast addresses are defined Page 53 Address Table Commands Command Mode Interface configuration VLAN mode User Guidelines If the command is executed without add or remove the command only registers the group in the bridge database e Static Multicast addresses can only be defined on static VLANs Example The following example registers the MAC address console config interface vlan 8 console config if bridge multicast address 01 00 5e 02 02 03 The following example registers the MAC address and adds ports statically
197. first last day Day of the week Range first three letters by name like sun date Date of the month Range 1 31 month Month Range first three letters by name like Jan e year year no abbreviation Range 2000 2097 hh mm Time in military format in hours and minutes Range hh 0 23 mm 0 59 offset Number of minutes to add during summer time Range 1 1440 acronym The acronym of the time zone to be displayed when summer time is in effect Range Up to 4 characters Default Configuration Summer time is disabled offset Default is 60 minutes acronym If unspecified default to the timezone acronym If the timezone has not been defined the default is GMT Command Mode Global Configuration mode Page 73 Clock Commands User Guidelines In both the date and recurring forms of the command the first part of the command specifies when summer time begins and the second part specifies when it ends All times are relative to the local time zone The start time is relative to standard time The end time is relative to summer time If the starting month is chronologically after the ending month the system assumes that the device is in the southern hemisphere USA rule for daylight savings time Start Second Sunday in March End First Sunday in November Time 2 am local time EU rule for daylight savings time Start Last Sunday in March End La
198. for this command Page 333 System Management Commands Example The following example displays system version information only for demonstration purposes console gt show version Unit SW version Boot version EW version 1 v1 1 0 29 0 1 06 01 00 00 2 vi 1 0029 0 1 06 01 00 00 3 v1 1 0 29 0 1 06 01 00 00 4 v1 1 0 29 0 1 06 01 00 00 5 v1 1 0 29 0 1 06 01 00 00 6 v1 1 0 29 0 1 06 01 00 00 console Page 334 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 34 User Interface Commands do The do command executes an EXEC level command from Global Configuration mode or any configuration submode Syntax do command Parameters command Specifies the EXEC level command to execute Default Configuration This command has no default configuration Command Mode All Configuration modes User Guidelines There are no user guidelines for this command Example The following example executes the show vian Privileged EXEC mode command from Global Configuration mode Console config do show vlan VLAN Name Ports Type Authorization 1 default 1 e1 2 Other Required 2 e1 4 10 VLANO010 1 e3 4 dynamic Required 11 VLAN0011 1 e1 2 static Required 20 VLANO0020 1 e3 4 static Required 21 VLANO021 static Required 30 VLANO030 static Required 31 VLANO031 static Required 91 VLAN0011 1 e1 2 static Not Required 3978 Guest VLAN 1 e17
199. form of this command to restore the default configuration Page 55 Address Table Commands Syntax bridge multicast forward all add remove ethernet interface list port channel port channel number list no bridge multicast forward all Parameters add Force forwarding all Multicast packets remove Do not force forwarding all Multicast packets interface list Separate nonconsecutive Ethernet ports with a comma and no spaces a hyphen is used to designate a range of ports port channel number list Separate nonconsecutive port channels with a comma and no spaces a hyphen is used to designate a range of port channels Default Configuration This setting is disabled Command Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command Example The following example enables all Multicast packets on port 1 e8 to be forwarded console config interface vlan 2 console config if bridge multicast forward all add ethernet 1 e8 bridge multicast forbidden forward all The bridge multicast forbidden forward all Interface Configuration mode command forbids a port to be a Forward all Multicast port Use the no form of this command to return to default Syntax bridge multicast forbidden forward all add remove ethernet interface list port channel port channel number list no bridge multicast forbidden forward all Parameters add
200. from Dynamic Host Configuration Protocol DHCP Syntax clear host dhcp name Page 143 IP Addressing Commands Parameters name Specifies the host entry to be removed Range 1 158 characters Removes all entries Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command deletes the host name to address mapping temporarily until the next renew of the IP address Example The following example deletes all entries from the host name to address mapping console clear host dhcp show hosts The show hosts Privileged EXEC mode command displays the default domain name a list of name server hosts the static and the cached list of host names and addresses Syntax show hosts name Parameters e name Specifies the host name Range 1 158 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays host information console show hosts System name Device Default domain is gm com sales gm com usa sales gm com DHCP Page 144 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Name address lookup is enabled Name servers Preference order 176 16 1 18 176 16 1 19 Configured host name to address mapping Host Addresses
201. g servers console show syslog servers Device Configuration IP address Port Severity 192 180 2 27 514 Informational 192 1802528 514 Warning Facility Description local7 local7 Page 309 TACACS Commands Chapter 31 TACACS Commands tacacs server host The tacacs server host Global Configuration mode command specifies a TACACS host Use the no form of this command to delete the specified name or address Syntax tacacs server host ip address hostname single connection port port number timeout timeout key key string source source priority priority no tacacs server host ip address hostname Parameters p address IP address of the TACACS server e hostname Host name of the TACACS server Range 1 158 characters single connection Indicates a single connection Rather than have the device open and close a TCP connection to the daemon each time it must communicate the single connection option maintains a single open connection between the device and the daemon port number Specifies a server port number Range 0 65535 e timeout Specifies the timeout value in seconds Range 1 30 e key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encryption used on the TACACS daemon To specify an empty string enter Range O 128 characters
202. g this event Time The time this entry was created rmon table size The rmon table size Global Configuration mode command configures the maximum size of RMON tables Use the no form of this command to return to the default configuration Page 242 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Syntax rmon table size history entries log entries no rmon table size history log Parameters e history entries Maximum number of history table entries Range 20 32767 log entries Maximum number of log table entries Range 20 32767 Default Configuration History table size is 270 Log table size is 200 Command Mode Global Configuration mode User Guidelines The configured table size takes effect after the device is rebooted Example The following example configures the maximum RMON history table sizes to 100 entries console config rmon table size history 100 Page 243 SNMP Commands Chapter 27 SNMP Commands snmp server community The snmp server community Global Configuration mode command configures the community access string to permit access to the SNMP protocol Use the no form of this command to remove the specified community string Syntax snmp server community community ro rw su jov4 address ipv6 address view view name snmp server community group community group name ipv4 address ipv6 address no snmp server community comm
203. g tree mst instance id priority Parameters e instance id ID of the spanning tree instance Range 1 8 priority Device priority for the specified spanning tree instance Range 0 61440 in multiples of 4096 Default Configuration The default bridge priority for IEEE Spanning Tree Protocol STP is 32768 Command Mode Global Configuration mode User Guidelines The device with the lowest priority is selected as the root of the spanning tree Example The following example configures the spanning tree priority of instance 1 to 4096 console config spanning tree mst 1 priority 4096 spanning tree mst max hops The spanning tree mst priority Global Configuration mode command configures the number of hops in an MST region before the BDPU is discarded and the port information is aged out Use the no form of this command to return to the default configuration Syntax spanning tree mst max hops hop count Page 271 Spanning Tree Commands no spanning tree mst max hops Parameters hop count Number of hops in an MST region before the BDPU is discarded Range 1 40 Default Configuration The default number of hops is 20 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the maximum number of hops that a packet travels in an MST region before it is discarded to 10 console config sp
204. ge file1 from the TFTP server 172 16 101 101 to a non active image file console copy tftp 172 16 101 101 filel image Accessing file filel on 172 16 101 101 Loading filel from 172 16 101 101 rra eee eee eee Copy took 0 01 11 hh mm ss dir The dir Privileged EXEC mode command displays the list of files on a flash file system Syntax dir Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Page 87 User Guidelines Configuration and Image File Commands There are no user guidelines for this command Example The following example displays the list of files on a flash file system consolef dir Directory of flash File Name image 1 image 2 dhcpsn prv sshkeys prv syslogl sys syslog2 sys directry prv startup config Total size of flash Free size of flash console Permission FlashSize DataSize Modified rw 5242880 4325376 01 Jan 2000 01 07 13 rw 5242880 4325376 01 Jan 2000 09 09 19 131072 gt 01 Jan 2000 01 02 15 Sa 262144 01 Jan 2000 01 02 15 ie 262144 rac 01 Jan 2000 01 03 21 262144 z 01 Jan 2000 01 03 21 S 262144 01 Jan 2000 01 02 15 rw 524288 4 01 Jan 2000 01 06 34 15728640 bytes 3538944 bytes delete The delete Privileged EXEC mode command deletes a file from a flash memory device Syntax delete url Parameters e url T
205. guration console config mst instance 1 add vlan 10 20 console config mst name regionl console config mst revision 1 instance mst The instance MST Configuration mode command maps VLANS to an MST instance Syntax instance instance id add remove vlan vian range Parameters instance ID ID of the MST instance Range 1 7 vlan range VLANs to be added to or removed from the specified MST instance To specify a range of VLANs use a hyphen To specify a series of VLANs use a comma Range 1 4094 Default Configuration VLANs are mapped to the common and internal spanning tree CIST instance instance 0 Command Modes MST Configuration mode User Guidelines All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree CIST instance instance 0 and cannot be unmapped from the CIST Page 274 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide For two or more devices to be in the same MST region they must have the same VLAN mapping the same configuration revision number and the same name Example The following example maps VLANs 10 20 to MST instance 1 console config spanning tree mst configuration console config mst instance 1 add vlan 10 20 name mst The name MST Configuration mode command defines the configuration name Use the no form of this command to return to the def
206. has no arguments or keywords Default Configuration Disabled Command Mode Global Configuration mode User Guidelines Use the crypto certificate generate Global Configuration mode command to generate an HTTPS certificate Example The following example enables configuring the device from a secured browser console config ip https server ip https port The ip https port Global Configuration mode command specifies the TCP port used by the server to configure the device through the Web browser Use the no form of this command to return to the default configuration Syntax ip https port port number no ip https port Parameters port number Port number to be used by the HTTP server Range 1 65535 Default Configuration The default port number is 443 Command Mode Global Configuration mode User Guidelines Specifying 0 as the port number effectively disables HTTP access to the device Page 363 Web Server Commands Example The following example configures the https port number to 100 console config ip https port 100 ip https exec timeout The ip https exec timeout Global Configuration mode command sets the interval for the system wait for user input in https sessions before automatic logoff Use the no form of this command to restore the default configuration Syntax ip https exec timeout minutes seconds no ip https exec timeout Parameters minutes Integer that
207. has no default configuration Command Mode Global Configuration mode User Guidelines If log is specified as the notification type an entry is made in the log table for each event If trap is specified an SNMP trap is sent to one or more management stations Example The following example configures an event identified as index 10 and for which the device generates a notification in the log table console config rmon event 10 log show rmon events The show rmon events User EXEC mode command displays the RMON event table Syntax show rmon events Page 240 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the RMON event table console gt show rmon events Index Description Type Communit y 1 Errors Log 2 High Broadcast Log Trap device CLI Jan 18 2002 23 58 17 Manager Jan 18 2002 23 59 48 The following table describes significant fields shown above Field Description Index An index that uniquely identifies the event Description A comment describing this event Type The type of notification that the device generates about this event Can have the following values none log trap log trap In the case o
208. has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Page 307 Syslog Commands Example The following example displays the logging state and the syslog messages stored in the logging file console show logging file Logging is enabled Console Logging Level info Console Messages 226 Dropped Buffer Logging Level info Buffer Messages 20 Logged 6 Displayed 20 Max File Logging Level error File Messages 27 Logged 1092 Dropped SysLog server 192 168 1 101 Port 514 Logging info Messages 219 Dropped 3 messages were not logged Application filtering control Application Event Status AAA Login Enabled File system Copy Enabled File system Delete Rename Enabled Management ACL Deny Enabled 29 Nov 2007 15 14 32 Box E STCK EXCEP_HNDLR Lost connection with unit 2 reaso n 0x20097 Unit will be rebooted show syslog servers The show syslog servers Privileged EXEC mode command displays the settings of the syslog servers Syntax show syslog servers Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Page 308 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example displays the settings of the syslo
209. he following example configures the interval between ISATAP router solicitations messages to 60 seconds console config tunnel isatap solicitation interval 60 tunnel isatap robustness The tunnel isatap robustness Global Configuration mode command configures the number of DNS Query Router Solicitation refresh messages that the device sends Use the no form of this command to return to default Syntax tunnel isatap robustness number no tunnel isatap robustness Parameters e number Specifies the number of refresh messages Range 1 20 Default Configuration Three times Command Mode Global Configuration mode User Guidelines The DNS query interval after the IP address of the ISATAP router is known is the TTL that is received from the DNS divided by Robustness 1 The router solicitation interval when there is an active ISATAP router is the minimum router lifetime that is received from the ISATAP router divided by Robustness 1 Example The following example configures the number of DNS Query Router Solicitation refresh messages that the device sends to six times console config tunnel isatap robustness 6 show ipv6 tunnel The show ipv6 tunnel Privileged EXEC mode command displays information on the ISATAP tunnel Syntax show ipv6 tunnel Parameters This command has no arguments or keywords Page 318 Allied Telesis AT 8000S S94 3 0 Command Line Interface User
210. he ip host Global Configuration mode command defines static host name to address mapping in the host cache Use the no form of this command to remove the name to address mapping Syntax ip host name address no ip host name Parameters name Specifies the name of the host Range 1 158 characters e address Specifies the associated IP address Page 142 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Default Configuration No host is defined Command Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command Example The following example defines a static host name to address mapping in the host cache console config ip host accounting website com 176 10 23 1 clear host The clear host Privileged EXEC mode command deletes entries from the host name to address cache Syntax clear host name Parameters name Specifies the host entry to be removed Range 1 158 characters Removes all entries Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example deletes all entries from the host name to address cache consolef clear host clear host dhcp The clear host dhcp Privileged EXEC mode command deletes entries from the host name to address mapping received
211. he location URL or reserved keyword of the file to be deleted Range 1 160 characters The following table displays keywords and URL prefixes Keyword Source or Destination flash Source or destination URL for flash memory It s the default in case a URL is specified without a prefix startup config Represents the startup configuration file Page 88 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines sys prv image 1 and image 2 files cannot be deleted Example The following example deletes file test from flash memory console delete flash test Delete flash test confirm boot system The boot system Privileged EXEC mode command specifies the system image that the device loads at startup Syntax boot system unit uni image 1 image 2 Parameters e unit Specifies the unit number e mage 1 Specifies image 1 as the system startup image e mage 2 Specifies image 2 as the system startup image Default Configuration If the unit number is unspecified the default setting is the master unit number Command Mode Privileged EXEC mode User Guidelines Use the show bootvar command to find out which image is the active image Example The following example loads system image 1 at device startup console
212. he source address for packets sent on the tunnel interface If the IPv4 address is changed then the local address of the tunnel interface is also changed ip address pv4 address The IPv4 address to use as the source address for packets sent on the tunnel interface The tunnel interface local address is not changed when the IPv4 address is moved to another interface Default Configuration No source address is defined Command Mode Interface Tunnel Configuration mode User Guidelines e The configured source IPv4 address is used for forming the tunnel interface identifier The interface identifier is set to the eight least significant bytes of the SIP field of the encapsulated IPv6 tunneled packets Example The following example sets the local source tunnel interface IPv4 address console config interface tunnel 1 console config tunnel tunnel source auto tunnel isatap query interval The tunnel isatap query interval Global Configuration mode command configures the interval between DNS Queries before the IP address of the ISATAP router is known for the automatic tunnel router domain name Use the no form of this command to return to default Syntax tunnel isatap query interval seconds Page 316 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide no tunnel isatap query interval Parameters seconds Specifies the number of seconds between DNS Queries Range 10 3600
213. he view that enables specifying an inform or a trap show snmp filters The show snmp filters Privileged EXEC mode command displays the configuration of filters Syntax show snmp filters filtername Parameters e filtername Specifies the name of the filter Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Page 259 SNMP Commands Example The following example displays the configuration of filters console show snmp filters Name OID Tree Type user filter A orale ee Included user filter IE 7 AA E kid Excluded user filter A A ee Included show snmp users The show snmp users Privileged EXEC mode command displays the configuration of users Syntax show snmp users username Parameters e username Specifies the name of the user Range 1 30 Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the configuration of users console show snmp users Name Group name Auth Method Remote John user group md5 John user group md5 08009009020C0B099C075879 Page 260 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 28 Spanning Tree Commands spanning tree The spa
214. hod1 methoa no aaa authentication enable default ist name Parameters default Uses the listed authentication methods that follow this argument as the default list of methods when using higher privilege levels e listname Character string used to name the list of authentication methods activated when using access higher privilege levels Range 1 12 characters method1 method2 Specify at least one from the following table Keyword Description enable Uses the enable password for authentication line Uses the line password for authentication none Uses no authentication radius Uses the list of all RADIUS servers for authentication Uses username Senabx where x is the privilege level tacacs Uses the list of all TACACS servers for authentication Uses username Senabx where x is the privilege level Default Configuration If the default list is not set only the enable password is checked This has the same effect as the command aaa authentication enable default enable On the console the enable password is used if it exists If no password is set the process still succeeds This has the same effect as using the command aaa authentication enable default enable none Page 40 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Global Configuration mode User Guidelines The default and optional list names created wi
215. hold is 95 percent Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the power usage threshold for which alarms are sent to 80 console config power inline usage threshold 80 power inline traps enable The power inline traps enable Global Configuration mode command enables inline power traps Use the no form of this command to disable inline power traps Syntax power inline traps enable unit number no power inline traps enable Parameters e unit number Specifies the current number of the unit Range 1 6 Default Configuration Inline power traps are disabled Command Mode Global Configuration mode Page 210 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide User Guidelines There are no user guidelines for this command Example The following example enables inline power traps to be sent when a power usage threshold is exceeded console config power inline traps enable show power inline The show power inline User EXEC mode command displays the information about inline power Syntax show power inline ethernet interface Parameters interface Valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command
216. horized 1 e5 Force auth Unauthorized Port is down or not present console console show dotlx ethernet 1 el 802 1x is enabled Port Admin Mode Oper Mode 1 el Auto Unauthorized Quiet period 60 Seconds Tx period 30 Seconds Max req 2 Supplicant timeout 30 Seconds Server timeout 30 Seconds Session Time HH MM SS 00 00 00 MAC Address 00 00 00 00 00 00 Authentication Method Remote Reauth Control Enabled Enabled Enabled Enabled Disabled Reauth Control Termination Cause Reauthentication failed Authenticator State Machine State CONNECTING Backend State Machine State IDLE Reauth Period 3600 3600 3600 3600 3600 Reauth Period 802 1x Commands Username Bob John Clark Bill n a Username Page 380 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Authentication success Authentication fails 0 0 The following table describes significant fields shown above Field Description Port The port number Admin mode The port admin mode Possible values Force auth Force unauth Auto Oper mode The port oper mode Possible values Authorized Unauthorized or Down Reauth Control Reauthentication control Reauth Period Reauthentication period Username The username representing the identity of the Supplicant This field shows the username in case the port control is auto If the port is Authorized
217. host Range 1 158 characters Max label size 63 port A decimal TCP port number or one of the keywords from the ports table in the usage guidelines The default is the Telnet port decimal 22 on the host e keyword Can be one or more keywords from the keywords table in the usage guidelines Default Configuration Default packet size is 56 bytes Default number of packets to send is 4 Default timeout value is 2000 milliseconds Command Mode User EXEC mode User Guidelines The Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system specific functions To issue a special Telnet command enter the escape sequence and then a command character The escape sequence is Ctrl shift 6 Table 1 Special Telnet Command Characters Escape Sequence Purpose Mb Break AAG Interrupt Process IP Mh Erase Character EC MO Abort Operation AO AAT Are You There AYT Mu Erase Line EL At any time during an active Telnet session you can list the Telnet commands by pressing the Ctrl shift 6 followed by a question mark at the system prompt A sample of this list follows Note that the Ctrl shift 6 sequence appears as on the screen console gt Ctrl shift 6 Special telnet escape help B sends telnet BREAK C sends telnet IP AK sends telnet EC sends telnet AO sends telnet AYT U sends te
218. ibes the significant fields shown in the display Field Description Alarm Alarm index OID Monitored variable OID Last Sample Value The statistic value during the last sampling period For example if the sample type is delta this value is the difference between the samples at the beginning and end of the period If the sample type is absolute this value is the sampled value at the end of the period Interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds Sample Type The method of sampling the variable and calculating the value compared against the thresholds If the value is absolute the value of the variable is compared directly with the thresholds at the end of the sampling interval If the value is delta the value of the variable at the last sample is subtracted from the current value and the difference compared with the thresholds Startup Alarm The alarm that may be sent when this entry is first set If the first sample is greater than or equal to the rising threshold and startup alarm is equal to rising or rising and falling then a single rising alarm is generated If the first sample is less than or equal to the falling threshold and startup alarm is equal falling or rising and falling then a single falling alarm is generated Rising Threshold A sampled statistic threshold When the current sampled value is greater than or equal
219. id gvrp registration forbid The gvrp registration forbid Interface Configuration Ethernet port channel mode command deregisters all dynamic VLANs on a port and prevents VLAN creation or registration on the port Use the no form of this command to allow dynamic registration of VLANs on a port Syntax gvrp registration forbid Page 120 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide no gvrp registration forbid Default Configuration Dynamic registration of VLANs on the port is allowed Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example forbids dynamic registration of VLANs on Ethernet port 1 e6 console config interface ethernet 1 e6 console config if gvrp registration forbid clear gvrp statistics The clear gvrp statistics Privileged EXEC mode command clears all GVRP statistical information Syntax clear gvrp statistics ethernet ethernet port channel port channel number Parameters ethernet A valid Ethernet port Full syntax unit port e port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example clears all GVRP statistical information on Ethernet port 1
220. id network mask of the source IP address mask prefix length Specifies the number of bits that comprise the source IP address prefix The prefix length must be preceded by a forward slash Range 0 32 e service Service type Possible values telnet ssh http https and snmp Default Configuration This command has no default configuration Command Mode Management Access list Configuration mode User Guidelines Rules with Ethernet VLAN and port channel parameters are valid only if an IP address is defined on the appropriate interface The system supports up to 128 management access rules Page 196 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example denies all ports in the Access List called mlist console config management access list mlist console config macl deny management access class The management access class Global Configuration mode command restricts management connections by defining the active management Access List Use the no form of this command to disable this restriction Syntax management access class console only name no management access class Parameters e console only Indicates that the device can be managed only from the console name Specifies the name of the Access List to be used Range 1 32 characters Default Configuration If no Access List is specified an empty Access List is used Com
221. idge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Interfaces Name State Prio Nbr Cost Sts 1 e1 Enabled 128 1 20000 FWD 1 e2 Enabled 128 2 20000 FWD 1 e3 Disabled 128 3 20000 1 e4 Enabled 128 4 20000 BLK 1 e5 Enabled 128 5 20000 DIS console show spanning tree Spanning tree enabled mode RSTP Default port cost method long Root ID Priority 36864 Address 00 02 4b 29 7a 00 This switch is the root Hello Time 2 sec Max Age 20 sec Interfaces Name State Prio Nbr Cost Sts Forward Delay 15 sec Forward Delay 15 sec Forward Delay 15 sec Role PortFast PortFast Type P2p RSTP Shared STP ae Shared STP Type Page 279 Spanning Tree Commands 1 e1 Enabled T2841 20000 FWD Desg No P2p RSTP 1 e2 Enabled 128 2 20000 FWD Desg No Shared STP 1 e3 Disabled 128 3 20000 1 e4 Enabled 128 4 20000 FWD Desg No Shared STP 1 e5 Enabled 128 5 20000 DIS console show spanning tree Spanning tree disabled BPDU filtering mode RSTP Default port cost method long Root ID Priority N A Address N A Path Cost N A Root Port N A Hello Time N A Max Age N A Forward Delay N A Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio Nbr Cost Sts Role PortFast Type 1 e1 Enabled 128 1 20000 1 e2 Enabled 128 2 20000 E E 1 e3 Disabled 128 3 20000 1 e4 Enabled 128 4
222. ified as ECS ELIN data The data format is as defined in ANSI TIA 1057 Specifies the location as dotted hexadecimal data For coordinated 16 For civic address 6 160 For ECS ELIN 10 25 Default Configuration The location is not configured Command Mode Interface Configuration Ethernet mode User Guidelines There are no guidelines for this command Example The following example configures location information for the LLDP MED for an interface console config lldp med location coordinate data clear lldp rx The clear Ildp rx Privileged EXEC mode command restarts the LLDP RX state machine and clears the neighbors table Syntax clear lldp rx ethernet ethernef Parameters ethernet Ethernet interface Command Mode Privileged EXEC mode Page 182 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide User Guidelines There are no user guidelines for this command Example The following example restarts the LLDP RX state machine and clears the neighbors table console config clear lldp rx ethernet e15 show lldp configuration The show lldp configuration Privileged EXEC mode command displays the LLDP configuration Syntax show lldp configuration ethernet interface Parameters interface Ethernet interface Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example dis
223. ifies the object identifier of the ASN 1 subtree to be included or excluded from the view To identify the subtree specify a text string consisting of numbers such as 1 3 6 2 4 or a word such as system Replace a single subidentifier with the asterisk wildcard to specify a subtree family for example 1 3 4 included Indicates that the filter type is included e excluded Indicates that the filter type is excluded Default Configuration No filter entry exists Command Mode Global Configuration mode User Guidelines This command can be entered multiple times for the same filter record Later lines take precedence when an object identifier is included in two or more lines Example The following example creates a filter that includes all objects in the MIB II system group except for sysServices System 7 and all objects for interface 1 in the MIB II interfaces group console config snmp server filter filter name system included console config snmp server filter filter name system 7 excluded console config snmp server filter filter name ifEntry 1 included snmp server host The snmp server host Global Configuration mode command specifies the recipient of Simple Network Management Protocol Version 1 or Version 2 notifications Use the no form of this command to remove the specified host Syntax snmp server host ov4 address ijpv6 address hostname community string traps informs 1 2 udp
224. igmp snooping groups vlan vlan id ip multicast address ip multicast address ip address ip address Parameters vlan id VLAN ID value p multicast address A valid IP Multicast address p address Source IP address Default Configuration This command has no default configuration Command Mode EXEC mode User Guidelines To see the actual Multicast Address Table use the show bridge multicast address table command Example The following example shows IGMP snooping information on Multicast groups Vlan Group Address Source address Include Ports Exclude ports 1 231 2 2 3 172 16 1 1 1 el 1 231 2 2 3 172 16 1 2 2 e2 19 231 2 2 8 172 16 1 1 1 e9 Lg 231 3262 08 LT 2S ade Z 1 e10 el1 1 e12 19 231 42 2558 172 16 1 3 1 e12 IGMP Reporters that are forbidden statically Vlan Group Address Source address Ports 1 231 22 2 03 172 16 1 1 2 e8 19 231 2 2 8 12 TO Al 2 e8 Page 134 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 11 IP Addressing Commands ip address The ip address Interface Configuration Ethernet VLAN port channel mode command sets an IP address Use the no form of this command to remove an IP address Syntax ip address p address mask prefix length no ip address ip address Parameters e jp address Valid IP address mask Valid network mask of the IP address prefix lengih Specifies the number of bi
225. iguration This setting is disabled Command Mode Interface Configuration Ethernet port channel mode Page 58 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide User Guidelines There are no user guidelines for this command Example The following example forwards all packets from port 1 e1 without learning addresses of packets from unknown sources and sends traps every 100 seconds if a packet with an unknown source address is received console config interface ethernet 1 el console config if port security forward trap 100 port security mode The port security mode Interface Configuration mode command configures the port security mode Use the no form of this command to return to the default configuration Syntax port security mode lock max addresses no port security mode Parameters lock Saves the current dynamic MAC addresses associated with the port and disables learning relearning and aging max addresses Delete the current dynamic MAC addresses associated with the port Learn up to the maximum addresses allowed on the port Relearning and aging are enabled Default Configuration Lock Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example sets port security mode to dynamic for Ethernet interface 1 e7 console config interface ethernet 1 e7
226. iguration mode command generates RSA key pairs Page 291 SSH Commands Syntax crypto key generate rsa Parameters This command has no arguments or keywords Default Configuration RSA key pairs do not exist Command Mode Global Configuration mode User Guidelines RSA keys are generated in pairs one public RSA key and one private RSA key If the device already has RSA keys a warning and prompt to replace the existing keys with new keys are displayed This command is not saved in the device configuration however the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up on another device RSA keys are saved to the backup master This command may take a considerable period of time to execute Example The following example generates RSA key pairs console config crypto key generate rsa ip ssh pubkey auth The ip ssh pubkey auth Global Configuration mode command enables public key authentication for incoming SSH sessions Use the no form of this command to disable this function Syntax ip ssh pubkey auth no ip ssh pubkey auth Parameters This command has no arguments or keywords Default Configuration Public Key authentication for incoming SSH sessions is disabled Command Mode Global Configuration mode User Guidelines AAA authentication is independent Page 292 Allied Telesis AT 8000S S94 3 0 Command Line Interface User
227. ilters 259 show snmp groups 258 show snmp users 260 show snmp views 257 show sntp configuration 82 show sntp status 83 show spanning tree 278 show stack 328 show startup config 90 95 show syslog servers 308 show system 331 show tacacs 312 show users 329 show version 333 show vlan 356 show vlan internal usage 356 show vlan macs group 353 shutdown 101 snmp server community 244 snmp server contact 253 snmp server enable traps 249 snmp server engineID local 248 snmp server filter 249 snmp server group 246 snmp server host 250 snmp server location 254 snmp server set 254 snmp server trap authentication 253 snmp server user 247 snmp server v3 host 252 snmp server view 245 sntp anycast client enable 77 sntp authenticate 75 Page 399 sntp authentication key 74 sntp broadcast client enable 77 sntp client enable Interface 78 sntp client poll timer 76 sntp server 80 sntp trusted key 75 sntp unicast client enable 78 sntp unicast client poll 79 spanning tree 261 spanning tree bpdu 268 spanning tree cost 265 266 spanning tree disable 264 spanning tree forward time 262 spanning tree hello time 263 spanning tree link type 267 spanning tree max age 263 spanning tree mode 261 spanning tree mst configuration 273 spanning tree mst cost 273 spanning tree mst max hops 271 spanning tree mst port priority 272 spanning tree mst priority 271 spanning tree pathcost method 268 spanning tree portfast 266 spanning tree p
228. imum capability Example The following example configures the speed operation of Ethernet port 1 e5 to 100 Mbps operation console config interface ethernet 1 e5 console config if speed 100 This document uses the following conventions to highlight important information N Note The speed setting for SFP ports is dependent on the maximum speed of the port duplex The duplex Interface Configuration Ethernet mode command configures the full half duplex operation of a given Ethernet interface when not using auto negotiation Use the no form of this command to restore the default configuration Syntax duplex half full no duplex Parameters half Forces half duplex operation full Forces full duplex operation Default Configuration The interface is set to full duplex Command Mode Interface Configuration Ethernet mode User Guidelines When configuring a particular duplex mode on the port operating at 10 100 Mbps disable the auto negotiation on that port Half duplex mode can be set only for ports operating at 10 Mbps or 100 Mbps Page 103 Ethernet Configuration Commands Example The following example configures the duplex operation of Ethernet port 1 e5 to full duplex operation console config interface ethernet 1 e5 console config 1f duplex full negotiation The negotiation Interface Configuration Ethernet port channel mode command enables auto neg
229. in VLAN 8 console config interface vlan 8 console config if bridge multicast address 0100 5e02 0203 console config 1f bridge multicast forbidden address 0100 5e02 0203 add ethernet 2 e9 bridge multicast unregistered The bridge multicast unregistered Interface Configuration mode command configures the forwarding state of unregistered multicast addresses Use the no form of this command to return to default Syntax bridge multicast unregistered forwarding filtering no bridge multicast unregistered Parameters e forwarding Forwards unregistered multicast packets filtering Filters unregistered multicast packets See the usage guidelines for cases where the port is a router port Default Configuration Forwarding Command Mode Interface configuration Ethernet Port Channel User Guidelines Do not enable unregistered multicast filtering on ports that are connected to routers since the 224 0 0 x address range is not filtered Note that routers do not necessarily send IGMP reports for the 224 0 0 x range Example The following example configures the forwarding state of unregistered multicast addresses to be forwarded console config interface vlan 8 console config if bridge multicast unregistered forwarding bridge multicast forward all The bridge multicast forward all Interface Configuration VLAN mode command enables forwarding all Multicast packets on a port Use the no
230. ine Interface User s Guide Default Configuration No default gateway is defined Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example defines default gateway 192 168 1 1 console config ip default gateway 192 168 1 1 show ip interface The show ip interface Privileged EXEC mode command displays the usability status of configured IP interfaces Syntax show ip interface ethernet interface number vlan vian id port channel port channel number Parameters interface number Valid Ethernet port vian id Valid VLAN number port channel number Valid Port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example the displays the configured IP interfaces and their types console show ip interface Gateway IP Address Activity status Type 192 168 1 1 Active Static Page 137 IP Addressing Commands IP Address 1 F Type ete an Bahk console arp The arp Global Configuration mode command adds a permanent entry in the Address Resolution Protocol ARP cache Use the no form of this command to remove an entry from the ARP cache Syntax arp p_addr hw_adar ethernet interface number vlan vian id port channel port channel number
231. ines for this command Page 357 Example The following example displays the switchport configuration for Ethernet port 1 e1 VLAN Commands console show interface switchport ethernet 1 el Port 1 el VLAN Membership mode General Operating parameters PVID 1 default Ingress Filtering Enabled Acceptable Frame Type All GVRP status Enabled Protected Enabled Uplink is 1 e9 Port 1 el is member in Vlan Name Egress rule Type 1 default untagged System 8 VLAN008 tagged Dynamic 11 VLANO11 tagged Static 19 IPv6 VLAN untagged Static 72 VLAN0072 untagged Static Static configuration PVID 1 default Ingress Filtering Enabled Acceptable Frame Type All Port 1 el is statically configured to Vlan Name Egress rule 1 default untagged 11 VLANO11 tagged 19 IPv6 VLAN untagged 72 VLAN0072 untagged Forbidden VLANS VLAN Name Page 358 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide 73 out console show interface switchport ethernet 1 e2 Port 1 e2 VLAN Membership mode General Operating parameters PVID 4095 discard vlan Ingress Filtering Enabled Acceptable Frame Type All Port 1 el is member in Vlan Name Egress rule Type 91 IP Telephony tagged Static Static configuration PVID 8 Ingress Filtering Disabled Acceptable Frame Type All Port 1 e2 is statically configured to Vlan Name Egress rule 8 VLAN0072 untagged 91 IP Telepho
232. ing example displays stack status console gt show stack Unit MAC Address Software Master Uplink Downlink Status Page 328 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide 1 10 20 30 40 50 60 v1 1 0 29 2 00 00 00 00 48 05 v1 1 0 29 3 00 00 4 48 01 00 v1 1 0 29 4 00 15 77 37 33 e0 v1 1 0 29 5 00 30 00 00 30 00 v1 1 0 29 6 00 00 4 48 0a 00 v1 1 0 29 Topology is Ring Unit Unit Id After Reset di I 2 2 3 3 4 4 5 5 6 6 console console show stack 1 Unit 1 MAC address 10 20 30 40 50 60 Master Forced Product AT S94 48 Software v1 1 0 29 Uplink unit 6 Downlink unit 2 Status master Active image image2 Selected for next boot image2 Topology is Ring Unit Num After Reset 1 console Forced Enabled Disabled Disabled Disabled Disabled master backup slave slave slave slave show users The show users User EXEC mode command displays information about the active users Syntax show users Page 329 System Management Commands Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information about the active users Console show users Username Protocol Location manager Serial 0 0 0 Admin HTTP 192 168 1 960 Bob Telnet
233. ing the ping ipv6 command to check network connectivity of a directly attached host using its link local address the egress interface must be specified as defined in RFC 4007 Example The following example displays pinging results console gt ping 10 1 1 1 Pinging 10 1 1 1 with 64 bytes of data 64 bytes from 10 1 1 1 icmp_seq 0 time 11 ms 64 bytes from 10 1 1 1 icmp_seq 1 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 2 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 3 time 7 ms 10 1 1 1 PING Statistics 4 packets transmitted 4 packets received 0 packet loss round trip ms min avg max 7 8 11 console gt ping yahoo com Pinging yahoo com 66 218 71 198 with 64 bytes of data 64 bytes from 10 1 1 1 icmp_seq 0 time 11 ms 64 bytes from 10 1 1 1 icmp_seq 1 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 2 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 3 time 7 ms 10 1 1 1 PING Statistics 4 packets transmitted 4 packets received 0 packet loss round trip ms min avg max 7 8 11 telnet The telnet User EXEC mode command logs into a host hat supports Telnet Syntax telnet p address hostname port keyword 1 telnet Page 321 System Management Commands Parameters e p address P address of the destination host An out of band IP address can be specified as described in the usage guidelines Must be a valid IP address hostname Host name of the destination
234. ion This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example sets the system time to 13 32 00 on the 7th March 2002 Consolef clock set 13 32 00 7 Mar 2002 clock source The clock source Global Configuration mode command configures an external time source for the system clock Use no form of this command to disable external time source Syntax clock source sntp no clock source Parameters e sntp SNTP servers Page 71 Clock Commands Default Configuration No external clock source Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures an external time source for the system clock Console config clock source sntp clock timezone The clock timezone Global Configuration mode command sets the time zone for display purposes Use the no form of this command to set the time to the Coordinated Universal Time UTC Syntax clock timezone hours offset minutes minutes offsef zone acronym no clock timezone Parameters e hours offset Hours difference from UTC Range 12 13 e minutes offset Minutes difference from UTC Range 1 59 acronym The acronym of the time zone Range Up to 4 characters Default Configuration Clock set to UTC Command
235. ion and should be defined to enable the device to receive informs Page 247 SNMP Commands Example The following example configures an SNMPv3 user John in group user group console config snmp server user John user group snmp server enginelD local The snmp server enginelD local Global Configuration mode command specifies the Simple Network Management Protocol SNMP enginelD on the local device Use the no form of this command to remove the configured engine ID Syntax snmp server enginelD local engineid string default no snmp server enginelD local Parameters engineid string Specifies a character string that identifies the engine ID Range 5 32 characters default The engine ID is created automatically based on the device MAC address Default Configuration The engine ID is not configured If SNMPv3 is enabled using this command and the default is specified the default engine ID is defined per standard as First 4 octets first bit 1 the rest is IANA Enterprise number 674 e Fifth octet set to 3 to indicate the MAC address that follows Last 6 octets MAC address of the device Command Mode Global Configuration mode User Guidelines To use SNMPV3 you have to specify an engine ID for the device You can specify your own ID or use a default string that is generated using the MAC address of the device If the SNMPv3 engine ID is deleted or the configuration file
236. ion enable cimil ido 40 login authenticati n s caia ana 41 enable authenticatiON re i lidia tds hacias 42 Page 2 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide RA aa A AAA ee chins ia ttleey iy Meee AA ide bempasiane 42 Ip hips authenti cato innata dia 43 show authentication Method oooonocccccnnnnocicinonnoccccnnnnnonnn cnn nn non cnn anno 44 DASS Oi A da lea a a Ne 45 USCINAMEG PAPA OPE o O 45 ada accounting lO OM cria eh leeul ATARE AA AT eet 46 ada ACCOUNIIMIG at 47 SNOW users ACCOUNTS vida dae aah Rea eins aaa RE 49 Enable PASSWOMC ce ih sues earan eA leb bee 49 SHOW ACCOUNTING tiara idad 50 Chapter 4 Address Table Commands cccccesseceeeeeeeeeeeseeeeeeeeseeeeeeeeeeeeseeseeeeeeeensenneeeeees 52 e lo A es diet E AEE PE secretes pasate EA E EE T T ETA 52 bridge multicast filter ing o ooccnnonnnnnnnnnnnnccccnnnnnncccnrnnnnn carr 52 bridge multicast address oci pi yeeie eaan nn 53 bridge multicast forbidden addresS oooonoccccnnnoccccccnononcnnccnononcnnnnnnnoncnncnnnnnnnnccnnnn nn nen cnnnn nn cnc nannnnncnnnnnns 54 bridge multicast Unregistered optanda aaa eea RE anar rr cnn rr 55 bridge multicast forwara all sneis teia iii narrar 55 bridge multicast forbidden forward All ooonooccooninnnncccnnnnaccccconnnconcccnnnnanrccn nana nrrn cnn narrar rr 56 bridge agmg Menaia ai 57 CIS AOAC EEEE EE E L E T AE A EE 58 POM SOCUMILY ia hey A EEEE A EEA EEEE AOT ec 58 POrl SOCUNIty MO
237. ion mode command to generate an HTTPS certificate Specifying 0 as the port number effectively disables HTTP access to the device Example The following example configures the http port number to 100 console config ip http port 100 ip http exec timeout The ip http port Global Configuration mode command configures the exec timeout for HTTPS where the HTTPS timeout was not set Use the no form of this command to return to the default configuration Syntax ip http exec timeout minutes seconds no ip http exec timeout Parameters minutes Integer that specifies the number of minutes e seconds Additional time intervals in seconds Default Configuration The default is 10 minutes Command Mode Global Configuration mode User Guidelines This command also configures the exec timeout for HTTPS in case the HTTPS timeout was not set To specify no timeout enter the ip https exec timeout 0 0 command Example The following example enables configures the exec timeout to 10 minutes and 30 seconds console config ip http exec timeout 10 30 ip https server The ip https server Global Configuration mode command enables configuring the device from a secured browser Use the no form of this command to return to the default configuration Page 362 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Syntax ip https server no ip https server Parameters This command
238. ip dhcp relay DHCP relay is globally enabled DHCP relay is enabled on VLANs 1 2 DHCP relay is enabled on ports 1 1 DHCP relay is enabled on port channels Servers 172 16 1 11 172 16 8 11 Page 166 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 16 LACP Commands lacp system priority The lacp system priority Global Configuration mode command configures the system priority Use the no form of this command to return to the default configuration Syntax lacp system priority value no lacp system priority Parameters e value Specifies system priority value Range 1 65535 Default Configuration The default system priority is 1 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures the system priority to 120 console config lacp system priority 120 Page 167 lacp port priority LACP Commands The lacp port priority Interface Configuration Ethernet mode command configures physical port priority Use the no form of this command to return to the default configuration use the no form of this command Syntax lacp port priority value no lacp port priority Parameters e value Specifies port priority Range 1 65535 Default Configuration The default port priority is 1 Command Mode Interface Configuration Ethernet mode User Guideline
239. irtual IPv6 local link with each IPv4 address mapped to a Link Local IPv6 address Examples The following example sets the conditions to allow a packet to pass an IPv6 Access List acl1 Switch config ipv6 access list acll Switch config ipv6 acl permit tcp 2001 0DB8 0300 0201 64 any any 80 deny IPv6 The deny IPv6 Access list Configuration mode command sets conditions to not allow a packet to pass a named IPv6 Access List Syntax deny disable porf any protocol any source prefix length any destination prefix length dscp number ip precedence number time range time range name deny icmp disable porf any source prefix length any destination prefix length any icmp type any icmp code dscp number ip precedence number time range time range name deny tcp disable port any source prefix length any source porf any destination prefix length any destination port dscp number ip precedence number flags list of flags time range time range name deny udp disable port any source prefix length any source port any destination prefix length any destination port dscp number ip precedence number time range time range name Page 32 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters destination port Specifies the UDP TCP destination port Range 0 65535 destination prefix lengih The destination IPv6 net
240. is erased SNMPv3 cannot be used By default SNMPv1 v2 are enabled on the device SNMPv3 is enabled only by defining the Local Engine ID If you want to specify your own ID you do not have to specify the entire 32 character engine ID if it contains trailing zeros Specify only the portion of the engine ID up to the point where just zeros remain in the value For example to configure an engine ID of 123400000000000000000000 you can specify snmp server enginelD local 1234 Since the engine ID should be unique within an administrative domain the following is recommended For a standalone device use the default keyword to configure the engine ID For a stackable system configure the engine ID and verify its uniqueness Changing the value of the engine ID has the following important side effect A user s password entered on the command line is converted to an MD5 or SHA security digest This digest is based on both the password and the Page 248 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide local engine ID The user s command line password is then destroyed as required by RFC 2274 As a result the security digests of SNMPv3 users become invalid if the local value of the engine ID change and the users will have to be reconfigured You cannot specify an engine ID that consists of all 0x0 all OxF or 0x000000001 The show running config Privileged EXEC mode command does not display the SNMP engine ID configuration
241. isement router solicitation time exceeded parameter problem timestamp timestamp reply information request information reply address mask request address mask reply traceroute datagram conversion error mobile host redirect mobile registration request mobile registration reply domain name request domain name reply skip photuriss Range 0 255 icmp code Specifies an ICMP message code for filtering ICMP packets Range 0 255 igmp type GMP packets can be filtered by IGMP message type Enter a number or one of the following values host query host report dvmrp pim cisco trace host report v2 host leave v2 host report v3 Range 0 255 destination port Specifies the UDP TCP destination port Range 1 65535 source port Specifies the UDP TCP source port Range 1 65535 flags list of flags List of TCP flags that should occur If a flag is intended to be set it is prefixed by Ifa flag should be unset it is prefixed by Available options are urg ack psh rst syn fin urg ack psh rst syn and fin The flags are concatenated to a single string For example fin ack IP Protocol Abbreviated Name Protocol Number Internet Control Message Protocol icmp 1 Internet Group Management Protocol igmp 2 Transmission Control Protocol tcp 6 Exterior Gateway Protocol egp 8 Interior Gateway Protocol igp 9 User Datagram Pr
242. istory User EXEC mode command lists the commands entered in the current session Syntax show history Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode User EXEC mode The buffer includes executed and unexecuted commands Commands are listed from the first to the most recent command The buffer remains unchanged when entering into and returning from configuration modes Example The following example displays all the commands entered while in the current Privileged EXEC mode console show version SW version 3 131 date 23 Jul 2004 time 17 34 19 HW version 1 0 0 console show clock 15 29 03 Jun 17 2004 Page 341 User Interface Commands console show history show version show clock show history 3 commands were logged buffer size is 10 show privilege The show privilege Privileged User EXEC mode command displays the current privilege level Syntax show privilege Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged and User EXEC modes User Guidelines There are no user guidelines for this command Example The following example displays the current privilege level for the Privileged EXEC mode console show privilege Current privilege level is 15 Page 342 Allied Telesis AT 8000S S94 3 0 Command
243. it or deny a rule or configure a management access control list Chapter 20 PHY Diagnostics Commands Display the optical transceiver diagnostics Chapter 21 Port Channel Commands Enter the interface configuration mode to configure a specific or a multiple port channel Chapter 22 Port Monitor Commands Start a port monitoring session or display the port monitoring status Chapter 23 Power over Ethernet Commands Configure and display Power over Ethernet device settings Chapter 24 QoS Commands Enable Quality of Service QoS on the device create policy maps and define traffic classifications Page 14 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 25 Radius Commands Specify the source IP address used for communication with Remote Authentication Dial in User Service RADIUS servers and display the RADIUS server settings Chapter 26 RMON Commands Display the Remote Network Monitoring RMON Ethernet history statistics alarms table and configuration Chapter 27 SNMP Commands Configure the community access string to permit access to the Simple Network Management Protocol SNMP server create or update SNMP server entries and specify SNMP enginelD e Chapter 28 Spanning Tree Commands Configure the spanning tree functionality Chapter 29 SSH Commands Display the Secure Socket Shell SSH public keys on the device S
244. it shows the username of the current user If the port is unauthorized it shows the last user that was authenticated successfully Quiet period The number of seconds that the device remains in the quiet state following a failed authentication exchange for example the client provided an invalid password Tx period The number of seconds that the device waits for a response to an Extensible Authentication Protocol EAP request identity frame from the client before resending the request Max req The maximum number of times that the device sends an Extensible Authentication Protocol EAP request frame assuming that no response is received to the client before restarting the authentication process Supplicant timeout Time in seconds the switch waits for a response to an EAP request frame from the client before resending the request Server timeout Time in seconds the switch waits for a response from the authentication server before resending the request Session Time The amount of time the user is logged in MAC address The supplicant MAC address Authentication Method The authentication method used to establish the session Termination Cause The reason for the session termination State The current value of the Authenticator PAE state machine and of the Backend state machine Authentication success The number of times the state machine received a Success message fr
245. ive Example The following example configures the scalar MIB sysName with the value ati console config snmp server set sysName sysname ati show snmp The show snmp Privileged EXEC mode command displays the SNMP status Syntax show snmp Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Page 255 Example The following example displays the SNMP communications status SNMP Commands console show snmp Community Community String Access public read only private read write private su Community string Traps are enabled Version 1 2 notifications Target Address Type 192 122 173 42 Trap 192 122 173 42 Inform Version 3 notifications Target Address Type 192 122 173 42 Inform System Contact Robert System Location Marketing View name user view Default DefaultSuper Group name user group Authentication trap is enabled Community Username IP address All 172 16 1 1 142 17 LL IP address Version Security Level Filter Name Filter Name TO Sec 15 15 TO Sec 15 Retries Retries The following table describes significant fields shown above Field Description Community string Community access string to permit access to the SNMP protocol
246. ived that are between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets Page 231 RMON Commands rmon collection history The rmon collection history Interface Configuration Ethernet port channel mode command enables a Remote Monitoring RMON MIB history statistics group on an interface Use the no form of this command to remove a specified RMON history statistics group Syntax rmon collection history index owner ownername buckets bucket number interval seconds no rmon collection history index Parameters e index Specifies the statistics group index Range 1 65535 ownername Specifies the RMON statistics group owner name bucket number Number of buckets specified for the RMON collection history group of statistics If unspecified defaults to 50 Range 1 50 seconds Number of seconds in each polling cycle Range 1 3600 Default Configuration RMON statistics group owner name is an empty string Number of buckets specified for the RMON collection history statistics group is 50 Number of seconds in each polling cycle is 1800 Command Mode Interface Configuration Ethernet port channel mode User Guidelines Cannot be configured for a range of interfaces range context Example The following example enables a Remote Monitoring RMON MIB history statistics group on Ethernet port 1 e1 with index number 1 and a polling interval period of 2
247. l Protocol tcp 6 User Datagram Protocol udp 17 Internet Control Message Protocol icmp 58 any IP protocol any 25504 destination port Specifies the UDP TCP destination port Range 1 65535 source port Specifies the UDP TCP source port Range 1 65535 source prefix length The source IPv6 network or class of networks about which to set permit conditions This argument must be in the form documented in RFC 3513 where the address is specified in hexadecimal using 16 bit values between colons time range name Name of the time range that applies to this deny statement Range 1 32 Default Configuration No IPv6 access list is defined Command Mode IPv6 access list configuration Page 33 ACL Commands User Guidelines IPv6 Syntax The 128 bit IPv6 address format is divided into eight groups of four hexadecimal digits Abbreviation of this format is done by replacing a group of zeros with double colons The IPv6 address representation can be further simplified by suppressing the leading zeros All different IPv6 address formats are acceptable for insertion yet for display purposes the system displays the most abbreviated form which replaces groups of zeros with double colons and removes the leading zeros IPv6 Prefixes While Unicast IPv6 addresses written with their prefix lengths are permitted in practice their prefix lengths are always 64 bits and therefore are not required to be expre
248. larger than the specified size specified because the device adds header information Range 56 1472 bytes packet_count Number of packets to send If 0 is entered it pings until stopped Range 0 65535 packets time_out Timeout in milliseconds to wait for each reply Range 50 65535 milliseconds Default Configuration Default packet size is 56 bytes Default number of packets to send is 4 Default timeout value is 2000 milliseconds Command Mode User EXEC mode User Guidelines The hostname must be a fully qualified DNS name A fully qualified DNS name has a period at the end e Press Esc to stop pinging e Following are examples of unsuccessful pinging Destination does not respond If the host does not respond a no answer from host appears in ten seconds Destination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The device found no corresponding entry in the route table The format of an IPv6Z address is lt pv6 link local address gt lt interface name gt interface name vlan lt integer gt ch lt integer gt isatap lt integer gt lt physical port name gt integer lt decimal number gt lt integer gt lt decimal number gt decimal number 0 1 2 3 4 5 6 7 8 9 Page 320 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide physical port name Product specific When us
249. le Page 18 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Interface Configuration and Specific Configuration Modes Interface Configuration mode commands modify specific interface operations The following are the Interface Configuration modes e Line Interface Contains commands to configure the management connections These include commands such as line timeout settings etc The line Global Configuration mode command is used to enter the Line Configuration command mode VLAN Database Contains commands to create a VLAN as a whole The VLAN database Global Configuration mode command is used to enter the VLAN Database Interface Configuration mode Management Access List Contains commands to define management access lists The management access list Global Configuration mode command is used to enter the Management Access List Configuration mode Ethernet Contains commands to manage port configuration The interface ethernet Global Configuration mode command is used to enter the Interface Configuration mode to configure an Ethernet type interface Port Channel Contains commands to configure port channels for example assigning ports to a port channel Most of these commands are the same as the commands in the Ethernet interface mode and are used to manage the member ports as a single entity The interface port channel Global Configuration mode command is used to en
250. leged EXEC mode and logs in with username admin console gt login User Name admin Password console configure The configure Privileged EXEC mode command enters the Global Configuration mode Syntax configure Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Page 337 User Interface Commands Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Global Configuration mode console configure console config exit Configuration The exit command exits any configuration mode to the next highest mode in the CLI mode hierarchy Syntax exit Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode All configuration modes User Guidelines There are no user guidelines for this command Example The following example changes the configuration mode from Interface Configuration mode to Privileged EXEC mode console config if exit console config exit console exit The exit Privileged User EXEC mode command closes an active terminal session by logging off the device Syntax exit Page 338 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters This command has no arguments or keywords
251. lic Key string Configuration mode User Guidelines Use the key string SSH Public Key string Configuration mode command to specify which SSH public key is to be interactively configured next To complete the command you must enter a row with no characters Use the key string row SSH Public Key string Configuration mode command to specify the SSH public key row by row Each row must begin with a key string row command This command is useful for configuration files Example The following example enters public key strings for SSH public key client bob console config crypto key pubkey chain ssh console config pubkey chain user key bob rsa console config pubkey key key string AAAAB3NzaClyc2EAAAADAQABAAABAOCvTnRwPWl A14kpqIw9GBRonZ0Zx3jHKcgKL6rM1Q ZNX ZSkvHG Qus1Z 761LmFT34v7u7ChFAE Vu4GREpSwoQUvV35LqJJk6710U zfwOllg kTwm175QR9gHujS6KwGN2QWXgh3ub8gDjTSq muSn Wd05iDX21TExQWu08licg1k02LYciz Z4TrEU 9FIxwPiVQOjct KBXuR0 juNgSnFYsY OZCKON W9a tnkm1lshRE7Di71 w3f NiOA 6w9044t 6 AINEICBCCA4YcF6zMzaTlwefWwx6f Rmt SnhhqdAtN 4oJfcel 66DqVX1gWmN ZNR4DYDvSzg01DnwCAC8Qh Fingerprint a4 16 46 23 5a 8d 1d b5 37 59 eb 44 13 b9 33 e9 console config crypto key pubkey chain ssh console config pubkey chain user key bob rsa console config pubkey key key string row AAAAB3Nza console config pubkey key key string row Clyc2 show ip ssh The show ip ssh Privileged EXEC mode command displays the SSH server configuration
252. licy Use the no form of this command to remove LLDP MED network policy Syntax lidp med network policy number application vlan id vlan type tagged untagged up priority dscp value no lldp med network policy number Parameters e number Network policy sequential number application The name or the number of the primary function of the application defined for this network policy Available application names are voice voice signaling guest voice guest voice signaling softphone voice video conferencing streaming video and video signaling vlan id VLAN identifier for the application e vlan type Specifies if the application is using a tagged or an untagged VLAN Up priority User Priority Layer 2 priority to be used for the specified application e dscp value DSCP value to be used for the specified application Default Configuration No Network policy is defined Page 180 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Global Configuration mode User Guidelines Use the lldp med network policy Interface Configuration command to attach a network policy to a port Up to 32 network policies can be defined Example The following example defines LLDP MED network policy console config lldp med network policy 1 voice vlan 2 vlan type untagged Ildp med network policy interface The Ildp med network policy Interface Configur
253. lid Ethernet port Full syntax unit port e detailed Displays a detailed diagnostics Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the estimated copper cable length attached to all ports console gt show fiber ports optical transceiver Power Port Temp Voltage Current Output Input TX LOS Fault T el W OK E OK OK OK OK 7 e2 OK OK OK OK OK E OK Page 201 PHY Diagnostics Commands 7 e3 Copper Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power Input Power Measured RX received power Tx Fault Transmitter fault LOS Loss of signal console gt show fiber ports optical transceiver detailed Power Port Temp Voltage Current Output Input TX LOS C Volt mA mWatt mWatt Fault T el 48 SALS 50 1 789 1 789 No No T e2 43 Dis LS 10 1 789 1 789 No No 7 e3 Copper Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power in milliWatts Input Power Measured RX received power milliWatts Tx Fault Transmitter fault LOS Loss of signal Page 202 Allied Telesis AT 8000S S94 3 0 Command Line Interf
254. lnet EL Ctrl shift 6 x suspends the session return to system command prompt AA HO mm AN Page 322 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Several concurrent Telnet sessions can be opened and switched To open a subsequent session the current connection has to be suspended by pressing the escape sequence keys Ctrl shift 6 and x to return to the system command prompt Then open a new connection with the Telnet User EXEC mode command Table 2 Keywords Table Option Description lecho Enables local echo quiet Prevents onscreen display of all messages from the software source interface Specifies the source interface stream Turns on stream processing which enables a raw TCP stream with no Telnet control sequences A stream connection does not process Telnet options and can be appropriate for connections to ports running UNIX to UNIX Copy Program UUCP and other non Telnet protocols Table 3 Ports Table Keyword Description Port number bgp Border Gateway Protocol 179 chargen Character Generator 19 cmd Remote Commands 514 daytime Daytime 13 discard Discard 9 domain Domain Name Service 53 echo Echo 7 exec Exec 512 finger Finger 79 ftp File Transfer Protocol 21 ftp data FTP data connections 20 gopher Gopher 70 hostname NIC Hostname Server 101 ident Ident Protocol
255. lobal Configuration mode User Guidelines It is recommended not to set the timeout value to less than 3600 Example The following example configures the ARP timeout to 12000 seconas console config arp timeout 12000 clear arp cache The clear arp cache Privileged EXEC mode command deletes all dynamic entries from the ARP cache Syntax clear arp cache Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example deletes all dynamic entries from the ARP cache console clear arp cache Page 139 IP Addressing Commands show arp The show arp Privileged EXEC mode command displays entries in the ARP table Syntax show arp ip address p address mac address mac address ethernet interface port channel port channel number Parameters e p address Displays the ARP entry of a specific IP address e mac address Displays the ARP entry of a specific MAC address interface Displays the ARP entry of a specific Ethernet port interface e port channel number Displays the ARP entry of a specific Port channel number interface Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Since the associated interface of a MAC
256. lowing example enters tunnel interface configuration mode to configure tunnel 1 console config interface tunnel 1 console config tunnel tunnel mode ipv6ip The tunnel mode ipv6ip Interface Tunnel Configuration mode command configures an IPv6 transition mechanism global support mode Use the no form of this command to remove the IPv6 transition mechanism Syntax tunnel mode ipv6ip isatap no tunnel mode ipv6ip Parameters isatap Automatic IPv6 over IPv4 ISATAP tunnel is enabled Default Configuration Disabled Page 314 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Interface Tunnel Configuration mode User Guidelines The system can be enabled to an ISATAP tunnel When enabled an automatic tunnel interface is created on each interface that is assigned with an IPv4 address N Note On a specific interface that is port VLAN both native IPv6 and transition mechanisms can coexist The host implementation chooses the egress interface according to the scope of the destination IP address for example ISATAP Native IPv6 Example The following example configures an IPv6 transition mechanism global support mode console config interface tunnel 1 console config tunnel tunnel mode ipv6ip tunnel isatap router The tunnel isatap router Interface Tunnel Configuration mode command configures a global string that represents a specific a
257. ly To start using the CLI perform the following steps 1 Connect the DB9 null modem or cross over cable to the RS 232 serial port of the device to the RS 232 serial port of the terminal or computer running the terminal emulation application N Note The default data rate is 115200 bps a b c d Set the data format to 8 data bits 1 stop bit and no parity Set Flow Control to none Under Properties select VT100 for Emulation mode Select Terminal keys for Function Arrow and Ctrl keys Ensure that the setting is for Terminal keys not Windows keys N Note When using HyperTerminal with Microsoft Windows 2000 ensure that Windows 2000 Service Pack 2 or later is installed With Windows 2000 Service Pack 2 the arrow keys function properly in HyperTerminal s VT100 emulation Go to www microsoft com for information on Windows 2000 service packs 2 Configure the device and enter the necessary commands to complete the required tasks 3 When finished exit the session with the exit command When a different user is required to log onto the system use the login Privileged EXEC mode command This effectively logs off the current user and logs on the new user Editing Features Entering Commands A CLI command is a series of keywords and arguments Keywords identify a command and arguments specify configuration parameters For example in the command show interfaces status ethernet 1 e11 show inte
258. mand Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example configures an Access List called mlist as an active Access List console config management access class mlist show management access list The show management access list Privileged EXEC mode command displays management access lists Syntax show management access list name Parameters e name Specifies the name of a management Access List Range 1 32 characters Default Configuration This command has no default configuration Page 197 Management ACL Commands Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the mlist management Access List console show management access list mlist mlist permit ethernet 1 el permit ethernet 2 e2 Note all other access implicitly denied show management access class The show management access class Privileged EXEC mode command displays the active management Access List Syntax show management access class Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information about the active management Access List console show management access class Manageme
259. mber field unit member boot Boot file on one of the units To copy from the master to all units specify in the member field null Null destination for copies or files A remote file can be copied to null to determine its size backup config Represents the backup configuration file unit member backup config Backup configuration on one of the units Page 85 Configuration and Image File Commands Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Up to five backup configuration files are supported on the device The location of a file system dictates the format of the source or destination URL e The entire copying process may take several minutes and differs from protocol to protocol and from network to network e prvand sys files cannot be copied When the IPv6 address is a Link Local address IPv6 address the outgoing interface name must be specified The format of an IPv6 address is lt pv6 link local address gt lt interface name gt interface name vlan lt integer gt ch lt integer gt isatap lt integer gt lt physical port name gt integer lt decimal number gt lt integer gt lt decimal number gt decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Product specific Understanding Invalid Combinations of Source and Destination Some invalid combinations of
260. ment before resending informs If unspecified the default timeout period is 15 seconds Range 1 300 e retries Specifies the maximum number of times to resend an inform request If unspecified the default maximum number of retries is 3 Range 0 255 Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines e When configuring an SNMPv1 or SNMPv2 notification recipient a notification view for that recipient is automatically generated for all the MIB When configuring an SNMPv1 notification recipient the Inform option cannot be selected If atrap and inform are defined on the same target and an inform was sent the trap is not sent The format of an IPv6Z address is lt pv6 link local address gt lt interface name gt interface name vlan lt integer gt ch lt integer gt isatap lt integer gt lt physical port name gt integer lt decimal number gt lt integer gt lt decimal number gt decimal number 0 1 2 3 4 5 6 7 8 9 Example The following example enables SNMP traps for host 10 1 1 1 with community string management using SNMPv2 console config snmp server host 10 1 1 1 management 2 Page 251 SNMP Commands snmp server v3 host The snmp server v3 host Global Configuration mode command specifies the recipient of Simple Network Management Protocol Version 3 notifications Use the no form of this command
261. mmand has no default configuration Page 100 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each active interface in the range If the command returns an error on one of the active interfaces it does not stop executing commands on other active interfaces Example The following example shows how ports 5 e18 to 5 e20 and 3 e1 to 3 24 are grouped to receive the same command console config interface range ethernet 5 e18 20 3 e1 24 console config if shutdown The shutdown Interface Configuration Ethernet port channel mode command disables an interface Use the no form of this command to restart a disabled interface Syntax shutdown no shutdown Parameters This command has no arguments or keywords Default Configuration The interface is enabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example disables Ethernet port 1 e5 operations console config interface ethernet 1 e5 console config if shutdown The following example restarts the disabled Ethernet port console config interface ethernet 1 e5 console config if no shutdown Page 101 Ethernet Configuration Commands description Th
262. n 230 SHOW FMOM StatiStiCs sata Ra A ads 230 m n collection MSTO tai ida 232 show rmon collection history ak esiosa a re Ear anes eee tana eee nana ATESA AORAKI AE AESSR 232 SHOW TMONM MIST Y tc alla ltda 233 A O OT 236 show rmon alarmatable cali ide tii 237 SHOW PMOM AlaMi o ek Lee A 238 MON Udine atadas 240 SHOW MON events asina naia eaa a a Aena 240 SNOW TOn lOO but 241 AOIB Ele ERTA AEREA A E A A 242 Chapter 27 SNMP Commands siii ti 244 sAMp SErvercoMMUN Y dd 244 Geaa E MI Wild dd 245 SOMP SOIVEF OTOU PD iain nenea ree arana tds 246 SOAMPESOIVO USO EEA ee edeacnoade ded enanesessedcorsanacasnsacavecannecededentacs 247 snmp serverenginelD local ici ii aaa dde 248 Page 8 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide snmp server enable MapStats 249 SNMP SErver TSM oca 249 SNMP SEVER MOSbxiseh siete vcns aces eedeteetata E icietes Gans tein eetateh agaist dat aie adet 250 Snmp serverv3hOSty isc a eee nnn ieee didn a Pe ae ne ee 252 snmp server trap AUTHENTICATION 0 eee eee eee enne eee ee eeae eee eeeeaaeeeeeeeaaeeeeeeeaaaeeeeeeeeaaeeeeeeeaaeeeeeeeaaeeeeeeaees 253 SNMP SEIVEN COMACK eri la decai 253 snhmp server lOCALION nescieira AREA nene 254 SIMPSON Siria riada ii 254 A A rE T thea sae A lesa svi EA TAE A E AIE boty 255 show simp engined e a a aS E EEA AEE EAEE ERRE S S ES 257 SNOW SAMO VIOWS it 257 Show SAMO OUDS cists aE ERRE a as 258 SHOW SHUM ASS a secs sensed faces aida td 259 SHOW SIMP
263. n AA d 196 Management access elas Sr eoan eE nc cnn 197 show management access list nnar eaaa an e AE EAAS T EENET TEE EE ARAE EER 197 show management aCcCess ClaSS ccoonocccccnonccncnccnnncnnnnccnnnnnnnncnnnnnn nn aade EANAN r nan rre 198 Chapter 20 PHY Diagnostics Commands occccomncccccnnnannccnnnnnncnnnnnnncnr oran 199 tostiCOPper parior eseese rita il 199 show copper ponts araara aa ad daa 199 show copper ports cable length ooococonncccccnnnonoccncnnnonncncnnnnnononnnnnnnnnnnnnnnnnn nc n nn AATE NA 200 show fiber ports OptiCal transCeiVer oooononccccnnnnoccccccnnnoncncnnnnonnnnnnnnno cnn nn canon cnn rr ran nn nr 201 Chapter 21 Port Channel Command ccconnmccccnnnnnnnccninnnnnnccannenn nana 203 interface PU i 203 interface range porehanne leiria na ar cnc cnc nn 203 CMANNESI GOUP iaa tds liada 204 show interfaces port ChanMel oooocccconnccccccnononnncccnnnnnnnoncnnn are cnn cnn rre 204 Chapter 22 Port Monitor Command ccomnnnccconnnnncnnccnnannccnnnnncnnnnnnn cnn 206 port MONOT ioe genteel Vedi CA ena dade TOEA ee einen ee 206 SHOW PONS MOMMO hs s csi geen tiveenca a Ii orar pent ed 207 Chapter 23 Power over Ethernet COMMANAS 0 ccccssseccceeeeeeeeeeeeeeeeeseeneeeeneeeneeeeneseeneeess 208 power Mii A A EEA eR eee eae 208 power inline powered deviCe creser aea E EAA AA E a AEE EE 208 power inline priorissa a e e aeaa EA i E diag deen vinbes deters 209 power inline USage threshold ocoocoinnnccccnnnnnocccononanoncccnnnnnn
264. n of an IGMP querier on a specific VLAN console config interface vlan 2 console config if ip igmp snooping querier version 2 ip igmp snooping mrouter time out The ip igmp snooping mrouter time out Interface Configuration VLAN mode command configures the mrouter time out The ip igmp snooping mrouter time out Interface Configuration VLAN mode command is used for setting the aging out time after Multicast device ports are automatically learned Use the no form of this command to return to the default configuration Syntax ip igmp snooping mrouter time out time out Page 130 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide no ip igmp snooping mrouter time out Parameters e time out Multicast device timeout in seconds Range 1 2147483647 Default Configuration The default value is 300 seconds Command Mode Interface Configuration VLAN mode User Guidelines There are no user guidelines for this command Example The following example configures the Multicast device timeout to 200 seconds console config interface vlan 2 console config if ip igmp snooping mrouter time out 200 ip igmp snooping leave time out The ip igmp snooping leave time out Interface Configuration VLAN mode command configures the leave time out If an IGMP report for a Multicast group was not received for a leave time out period after an IGMP Leave was received from a specific port
265. n on the interface and causes the port to transition to the authorized or unauthorized state based on the 802 1X authentication exchange between the port and the client force authorized Disables 802 1X authentication on the interface and causes the port to transition to the authorized state without any authentication exchange required The port resends and receives normal traffic without 802 1 X based authentication of the client force unauthorized Denies all access through this interface by forcing the port to transition to the unauthorized state and ignoring all attempts by the client to authenticate The device cannot provide authentication services to the client through the interface Default Configuration Port is in the force authorized state Command Mode Interface Configuration Ethernet Page 373 802 1x Commands User Guidelines It is recommended to disable spanning tree or to enable spanning tree PortFast mode on 802 1x edge ports ports in auto state that are connected to end stations in order to get immediately to the forwarding state after successful authentication Example The following example enables 802 1X authentication on Ethernet port 1 e16 console config interface ethernet 1 e16 console config if dotlx port control auto dot1x re authentication The dot1x re authentication Interface Configuration mode command enables periodic re authentication of the client Use the no f
266. name no ip access list access list name Parameters e access list name Name of the IPv4 Access List Range 1 32 characters Default Configuration No IPv4 Access List is defined Command Mode Global Configuration mode User Guidelines IPv4 ACLs are defined by a unique name An IPv4 ACL and MAC ACL cannot share the same name Example The following example places the device in IPv4 Access List Configuration mode console config ip access list permit ip The permit IP Access list Configuration mode command sets conditions to allow a packet to pass a named IP Access List Syntax permit any protocol any source source wildcara any destination destination wildcara dscp number ip precedence number fragments permit icmp any source source wildcara any destination destination wildcara any icmp type any icmp code dscp number ip precedence number permit igmp any source source wildcara any destination destination wildcara any igmp type dscp number ip precedence number permit tcp any source source wildcara any source porf any destination destination wildcara any destination port dscp number ip precedence number flags list of flags Page 24 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide permit udp any source source wildcara any source port any destination destination wildcara any d
267. nd Page 109 Ethernet Configuration Commands Example The following example displays the configuration of all configured interfaces console show interfaces configuration Port Type Duplex Speed Neg Flow Link Back Mdix Ctrl State Pressure Mode el 00M Copper Full 100 Enabled off Up Disabled Auto e2 00M Copper Full 100 Enabled off Up Disabled Auto e3 00M Copper Full 100 Enabled Off Up Disabled Auto e4 00M Copper Full 100 Enabled Off Up Disabled Auto e5 00M Copper Full 100 Enabled Off Up Disabled Auto e6 00M Copper Full 100 Enabled Off Up Disabled Auto e7 00M Copper Full 100 Enabled off Up Disabled Auto e8 00M Copper Full 100 Enabled Off Up Disabled Auto e9 00M Copper Full 100 Enabled Off Up Disabled Auto el0 00M Copper Full 100 Enabled Off Up Disabled Auto ell 00M Copper Full 100 Enabled Off Up Disabled Auto el2 00M Copper Full 100 Enabled Off Up Disabled Auto el3 00M Copper Full 100 Enabled Off Up Disabled Auto el4 00M Copper Full 100 Enabled Off Up Disabled Auto el5 00M Copper Full 100 Enabled Off Up Disabled Auto el6 00M Copper Full 100 Enabled Off Up Disabled Auto el7 00M Copper Full 100 Enabled Off Up Disabled Auto el8 00M Copper Full 100 Enabled Off Up Disabled Auto el9 00M Copper Full 100 Enabled Off Up Disabled Auto show interfaces status The show interfaces status Privileged EXEC mode command displays the status of all configured interfaces Syntax show interfaces status ethernet interfa
268. nd Example The following example displays Multicast device interfaces in VLAN 1000 console gt show ip igmp snooping mrouter interface 1000 VLAN Ports show ip igmp snooping interface The show ip igmp snooping interface EXEC mode command shows IGMP snooping configuration Page 132 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Syntax show ip igmp snooping interface vian id Parameters vian id VLAN number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example console show ip igmp snooping interface 1000 IGMP Snooping is globally enabled IGMP Snooping admin Enabled Hosts and routers IGMP version 2 GMP snooping oper mode Enabled snooping querier admin Enabled snooping querier oper Enabled snooping querier address admin snooping querier address oper 172 16 1 1 snooping querier version admin 3 000000 uo Uw Y y y g snooping querier version oper 2 IGMP host timeout is 300 sec IGMP Immediate leave is disabled IGMP leave timeout is 10 sec IGMP mrouter timeout is 300 sec Automatic learning of multicast router ports is enable Page 133 IGMP Snooping Commands show ip igmp snooping groups The show ip igmp snooping groups command displays the Multicast groups that was learned by the IGMP snooping Syntax show ip
269. nd Mode Global Configuration mode User Guidelines Use this command to enter an external certificate signed by Certification Authority to the device To end the session enter an empty line The imported certificate must be based on a certificate request created by the crypto certificate request Privileged EXEC mode command If the public key found in the certificate does not match the device s SSL RSA key the command fails This command is not saved in the device configuration however the certificate imported by this command is saved in the private configuration which is never displayed to the user or backed up to another device Page 367 Web Server Commands Example The following example imports a certificate signed by Certification Authority for HTTPS console config crypto certificate 1 import BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG 9w0BAQEFAANLADBIAkKEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTmlxyJltllalGaqchfMqqe0kmfhcoHSwWr yf1FpDOMWOTgDAwIDAQABo41Bo jCCAZ 4 wEwY JKkwY BBAGCNxQCBAY eBABDAEEw CwROPBAQDAgFGMA8GA1UdEWwEB wOFMAMBA f 8wHQYDVROOBBYEFAf 4MT 9BRD47 ZVKBAEL9Ggpt 6MIIBNgYDVROfBIIBLTCCASkwgdkggctggcyGgclsZGFwOi8v LOVByb3h5JTIwU2 9mdHdhcmU1MjBSb2 90JTIwO2VydGlmaWVyLENOPXNIcnZ1 gt END CERTIFICATE Certificate imported successfully Issued to router gm com Issued by www verisign com Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C
270. nd Mode User EXEC mode User Guidelines The maximum length of the cable for the TDR test is 120 meter Example The following example displays information on the last TDR test performed on all copper ports console gt show copper ports tdr Port Result Length meters Date 1 e1 OK 1 e2 Short 50 13 32 00 23 July 2005 1 e3 Test has not been performed 1 e4 Open 64 13 32 00 23 July 2005 1 e5 Fiber show copper ports cable length The show copper ports cable length User EXEC mode command displays the estimated copper cable length attached to a port Syntax show copper ports cable length interface Parameters interface A valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines The port must be active and working in 100M or 1000M mode Page 200 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example displays the estimated copper cable length attached to all ports console gt show copper ports cable length Port Length meters 1 el lt 50 1 e2 Copper not active 1 e3 110 140 1 e4 Fiber show fiber ports optical transceiver Use The show fiber ports optical transceiver User EXEC mode command displays the optical transceiver diagnostics Syntax show fiber ports optical transceiver interface detailed Parameters inteface A va
271. nfig interface ethernet 1 e16 console config if dotlx max req 6 dot1x timeout supp timeout The dot1x timeout supp timeout Interface Configuration mode command sets the time for the retransmission of an Extensible Authentication Protocol EAP request frame to the client Use the no form of this command to return to the default configuration Syntax dot1x timeout supp timeout seconds no dot1x timeout supp timeout Parameters e seconds Time in seconds that the device waits for a response to an EAP request frame from the client before resending the request Range 1 65535 seconds Default Configuration Default timeout period is 30 seconds Command Mode Interface configuration Ethernet mode User Guidelines The default value of this command should be changed only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Example The following example sets the timeout period before retransmitting an EAP request frame to the client to 3600 seconds console config 1f Ht dotlx timeout supp timeout 3600 dot1x timeout server timeout The dot1x timeout server timeout Interface Configuration mode command sets the time that the device waits for a response from the authentication server Use the no form of this command to return to the default configuration Syntax dot1x timeout server timeout seconds no dot1x timeout ser
272. nfiguration Ethernet port channel mode User Guidelines Private VLAN Edge PVE supports private communication by isolating PVE defined ports and ensuring that all Unicast Broadcast and Multicast traffic from these ports is only forwarded to uplink port s PVE requires only one VLAN on each device but not on every port this reduces the number of VLANs required by the device Private VLANs and the default VLAN function simultaneously in the same device The uplink must be a GE port Page 346 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example This example configures ethernet port 1 e8 as a protected port so that all traffic is sent to its uplink ethernet port 1 e9 console config interface ethernet 1 e8 console config if switchport forbidden vlan add 234 256 console config 1f exit console config interface ethernet 1 e9 console config if switchport protected ethernet 1 el switchport mode The switchport mode Interface Configuration mode command configures the VLAN membership mode of a port Use the no form of this command to return to the default configuration Syntax switchport mode access trunk general no switchport mode Parameters e access Indicates an untagged layer 2 VLAN port trunk Indicates a trunking layer 2 VLAN port e general Indicates a full 802 1q supported VLAN port Default Configuration All ports are in acce
273. nfiguration The default hello time for IEEE Spanning Tree Protocol STP is 2 seconds Command Modes Global Configuration mode User Guidelines When configuring the hello time the following relationship should be kept Max Age gt 2 Hello Time 1 Example The following example configures spanning tree bridge hello time to 5 seconds console config spanning tree hello time 5 spanning tree max age The spanning tree max age Global Configuration mode command configures the spanning tree bridge maximum age Use the no form of this command to return to the default configuration Syntax spanning tree max age seconds no spanning tree max age Parameters e seconds Time in seconds Range 6 40 Default Configuration The default maximum age for IEEE Spanning Tree Protocol STP is 20 seconds Command Modes Global Configuration mode Page 263 Spanning Tree Commands User Guidelines When configuring the maximum age the following relationships should be kept 2 Forward Time 1 gt Max Age Max Age gt 2 Hello Time 1 Example The following example configures the spanning tree bridge maximum age to 10 seconds console config spanning tree max age 10 spanning tree priority The spanning tree priority Global Configuration mode command configures the spanning tree priority of the device The priority value is used to determine which bridge is elected as the root bridge Use
274. nfiguration and the loaded configuration files with the loaded configuration file taking precedence Page 86 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Copying a Configuration File from a Server to the Startup Configuration To copy a configuration file from a network server to the startup configuration file of the device enter copy source url startup config The startup configuration file is replaced by the copied configuration file Storing the Running or Startup Configuration on a Server Use the copy running config destination url command to copy the current configuration file to a network server using TFTP Use the copy startup config destination url command to copy the startup configuration file to a network server Saving the Running Configuration to the Startup Configuration To copy the running configuration to the startup configuration file enter the copy running config startup config command Backing up the Running or Startup Configuration to a Backup Configuration File To copy the running configuration file to a backup configuration file enter the copy running config file command To copy the startup configuration file to a backup configuration file enter the copy startup config file command Before copying from the backup configuration file to the running configuration file make sure that the backup configuration file has not been corrupted Example The following example copies system ima
275. nformation entry of a specific VLAN port channel number Displays the neighbor discovery cache information entry of a specific Port channel number interface Default Configuration This command has no default setting Command Mode Privileged EXEC mode User Guidelines e The associated interface of a MAC address can be aged out from the FDB table so that the Interface field can be empty When an ARP entry is associated with an IP interface that is defined on a port or port channel the VLAN field is empty e The possible neighbor cache states are INCMP Incomplete Address resolution is being performed on the entry Specifically a Neighbor Solicitation has been sent to the solicited node multicast address of the target but the corresponding Neighbor Advertisement has not yet been received REACH Reachable Positive confirmation was received within the last ReachableTime milliseconds that the forward path to the neighbor was functioning properly While REACHABLE no special action takes place as packets are sent STALE More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly While STALE no action takes place until a packet is sent DELAY More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly and a packet was sent
276. nge 0 O5dd fff Default Configuration No MAC Access List is defined Command Mode MAC Access List Configuration mode User Guidelines MAC BPDU packets cannot be denied e This command defines an Access Control Element ACE An ACE can only be removed by deleting the ACL using the no mac access list Global Configuration mode command Alternatively the Web based interface can be used to delete ACEs from an ACL The following user guidelines are relevant to GE devices only Before an Access Control Element ACE is added to an ACL all packets are permitted After an ACE is added an implied deny any any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied If the VLAN ID is specified the policy map cannot be connected to the VLAN interface Example The following example creates a MAC ACL with deny rules console config mac access list macll console config mac acl deny 6 6 6 6 6 6 0 0 0 0 0 0 any service acl The service acl Interface Configuration mode command controls access to an interface Use the no form of this command to remove the access control Page 36 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Syntax service acl input ac name no service acl input Parameters e input Applies the specified ACL to the input interface Default Configuration This command has no default con
277. ning tree path cost for a port Use the no form of this command to return to the default configuration Syntax spanning tree cost cost no spanning tree cost Parameters e cost Path cost of the port Range 1 200 000 000 Default Configuration Default path cost is determined by port speed and path cost method long or short as shown below Interface Long Short Port channel 20 000 4 Gigabit Ethernet 1000 Mbps 20 000 4 Fast Ethernet 100 Mbps 200 000 19 Ethernet 10 Mbps 2 000 000 100 Command Modes Interface Configuration Ethernet port channel mode Page 265 Spanning Tree Commands User Guidelines The path cost method is configured using the spanning tree pathcost method Global Configuration mode command Example The following example configures the spanning tree cost on Ethernet port 1 e15 to 35000 console config interface ethernet 1 e15 console config 1if spanning tree cost 35000 spanning tree port priority The spanning iree port priority Interface Configuration mode command configures port priority Use the no form of this command to return to the default configuration Syntax spanning tree port priority priority no spanning tree port priority Parameters priority The priority of the port Range 0 240 in multiples of 16 Default Configuration The default port priority for IEEE Spanning TreeProtocol STP is 128 Command Modes Interface Config
278. nning tree Global Configuration mode command enables spanning tree functionality Use the no form of this command to disable spanning tree functionality Syntax spanning tree no spanning tree Parameters This command has no arguments or keywords Default Configuration Spanning tree is enabled Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables spanning tree functionality console config spanning tree spanning tree mode The spanning tree mode Global Configuration mode command configures the spanning tree protocol Use the no form of this command to return to the default configuration Syntax spanning tree mode stp rstp mstp no spanning tree mode Parameters e stp Indicates that the Spanning Tree Protocol STP is enabled e rstp Indicates that the Rapid Spanning Tree Protocol RSTP is enabled e mstp Indicates that the Multiple Spanning Tree Protocol RSTP is enabled Page 261 Spanning Tree Commands Default Configuration STP is enabled Command Modes Global Configuration mode User Guidelines In RSTP mode the device uses STP when the neighbor device uses STP In MSTP mode the device uses RSTP when the neighbor device uses RSTP and uses STP when the neighbor device uses STP Example The following example configures the spanning tree protocol to RSTP console con
279. no default configuration Command Mode MST Configuration mode User Guidelines The pending MST region configuration takes effect only after entering the MST configuration mode Example The following example displays a pending MST region configuration console config mst show pending Pending MST configuration Name Regionl Revision 1 Page 276 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Instance Vlans Mapped State 0 1 9 21 4094 Enabled 1 10 20 Enabled exit mst The exit MST Configuration mode command exits the MST configuration mode and applies all configuration changes Syntax exit Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command Example The following example exits the MST configuration mode and saves changes console config spanning tree mst configuration console config mst exit abort mst The abort MST Configuration mode command exits the MST configuration mode without applying the configuration changes Syntax abort Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Page 277 Spanning Tree Commands Command Mode MST Configuration mode User Guidelines There are no user guidelines for
280. nococccncnnnnanoncnnnonono nn nan nnnnn cnn ranma nn aran rra 96 Ip dhep Snooping DINGING iii a e ADA 97 clear ip dhcp snooping database oocoononccccnnnooncccncnononocononnnonocnnnn ccoo cn nn nn nnn cnn nn nnne cnn rre cnn nr nnnne nana 98 ShOWIpP GNCP SMOOPING ica a Ai ins 98 show ip dhcp Snooping DINING orense anaa ae eee eee ade ee eee ade ee rra nn 99 Chapter 8 Ethernet Configuration COMMANGAG cccsseecceeeeeeeesseneeeeeeeeneesenseeeeseneeeeeees 100 Interface SthOrnet x Heziteceevs en hedeens shen ches a led 100 Interface range Sthenelose Ear Rara ETAR KEETA EAA EA AA AE 100 SOU Wi ctas a R a E E R A EE E 101 COSCIIPUOMN O O E 102 o ated A AE EE AAEE EE E i O EA 102 GUPIOX A EE E e AT da de el 103 A a e a n E r EE a E cegets ua eebiaws heeebiieteeety 104 TOWGONIUIO ls oins st ETA EE T ba 104 A 105 pack Pressure 106 system ilowcontro ictericia 106 clear conn els eean O NAE NEA E N EET actin 107 Sor monaco active oia dad datada dla ada 107 Show interfaces adVertiS8 oooooocccononocccnnnoncnccnnnnnnnencncnnnnne cnn nn nnne cnn nan ne narran nn anne anne cnn RARE 108 show interfaces configuracion rate 109 show Interfaces StalUs ascitis a Io AE ERAS Do da sd 110 show interfaces description ima alii 111 Page 4 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Show interfaces cout Scion 112 port storm control include multicast IC ooooonnnnicinnnncinncccnnoncnnnncccnononnnnnrnccnnrrnnn narran 115
281. nooping on a VLAN interface Syntax ip igmp snooping no ip igmp snooping Page 125 IGMP Snooping Commands Parameters This command has no arguments or keywords Default Configuration IGMP snooping is disabled Command Mode Interface Configuration VLAN mode User Guidelines IGMP snooping can only be enabled on static VLANs Example The following example enables IGMP snooping on VLAN 2 console config interface vlan 2 console config if ip igmp snooping ip igmp snooping mrouter learn pim dvmrp The ip igmp snooping mrouter learn pim dvmrp Interface Configuration VLAN mode command enables automatic learning of Multicast device ports in the context of a specific VLAN Use the no form of this command to remove automatic learning of Multicast device ports Syntax ip igmp snooping mrouter learn pim dvmrp no ip igmp snooping mrouter learn pim dvmrp Parameters This command has no arguments or keywords Default Configuration Automatic learning of Multicast device ports is enabled Command Mode Interface Configuration VLAN mode User Guidelines Multicast device ports can be configured statically using the bridge multicast forward all Interface Configuration VLAN mode command Page 126 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example enables automatic learning of Multicast device ports on VLAN 2 console config interface vl
282. nsceiver 201 show gvrp configuration 121 show gvrp error statistics 123 show gvrp statistics 122 Page 397 show history 341 show interfaces advertise 108 show interfaces counters 112 show interfaces description 111 show interfaces port channel 204 show interfaces status 110 show interfaces switchport 357 show 1p dhcp relay 165 show ip dhcp snooping 98 show ip http 369 show ip https 370 show ip igmp snooping groups 134 show ip igmp snooping interface 132 show ip igmp snooping mrouter 132 show ip interface 137 149 show ip ssh 295 show ipv6 interface 149 show ipv6 neighbors 153 show ipv6 tunnel 318 show line 160 show Ildp configuration 183 show Ildp local 185 show Ildp med configuration 184 show Ildp neighbors 187 show logging 306 show logging file 306 show login banner 192 show management access class 198 show management access list 197 show ports security 68 show ports security addresses 69 show ports storm control 117 show power inline 211 show privilege 342 show qos 215 show qos interface 218 show qos map 222 show radius servers 228 show rmon alarm 238 show rmon alarm table 237 show rmon collection history 232 Index Page 398 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide show rmon events 240 show rmon history 233 show rmon log 241 show rmon statistics 230 show running config 89 95 show sessions 330 show snmp 255 show snmp engineID 257 show snmp f
283. nsmissions initiated by value status changes in the LLDP local systems MIB Range 1 8192 seconds Default Configuration The default value is 2 seconds Command Mode Global Configuration mode User Guidelines e It is recommended that the TxDelay be less than 0 25 of the LLDP timer interval Example The following example specifies the delay between successive LLDP frame transmissions initiated by value status changes in the LLDP local systems MIB to 10 seconds console config lldp tx delay 10 lidp optional tlv The lldp optional tlv Interface Configuration mode command specifies which optional TLVs from the basic set should be transmitted Use the no form of this command to revert to the default setting Page 177 LLDP Commands Syntax IIdp optional tlv t v7 t v2 t v5 no Ildp optional tlv Parameters e tlv Specifies the TLV that should be included Available optional TLVs are port desc sys name sys desc sys cap and 802 3 mac phy Default Configuration No optional TLV is transmitted Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example specifies which optional TLV 2 s from the basic set should be transmitted console config interface ethernet e5 console config if lldp optional tlv sys name Ildp management address The Ildp management address Interface Configu
284. nt access class is enabled using access list mlist Page 198 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 20 PHY Diagnostics Commands test copper port tdr The test copper port tdr Privileged EXEC mode command uses Time Domain Reflectometry TDR technology to diagnose the quality and characteristics of a copper cable attached to a port Syntax test copper port tdr interface Parameters interface A valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines The port to be tested should be shut down during the test unless it is a combination port with fiber port active The maximum length of the cable for the TDR test is 120 meter Example The following example results in a report on the cable attached to port 1 e3 console test copper port tdr 1 e3 Cable is open at 64 meters console test copper port tdr 2 e3 Can t perform this test on fiber ports show copper ports tdr The show copper ports tdr User EXEC mode command displays information on the last Time Domain Reflectometry TDR test performed on copper ports Syntax show copper ports tdr interface Parameters interface A valid Ethernet port Full syntax unit port Page 199 PHY Diagnostics Commands Default Configuration This command has no default configuration Comma
285. nticate The dot1x re authenticate Privileged EXEC mode command manually initiates a re authentication of all 802 1X enabled ports or the specified 802 1 X enabled port Syntax dot1x re authenticate ethernet interface Parameters interface Valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example manually initiates a re authentication of 802 1X enabled Ethernet port 1 e16 console dotlx re authenticate ethernet 1 e16 Page 375 802 1x Commands dot1x timeout quiet period The dot1x timeout quiet period Interface Configuration mode command sets the number of seconds that the device remains in the quiet state following a failed authentication exchange for example the client provided an invalid password Use the no form of this command to return to the default configuration Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period Parameters seconds Specifies the time in seconds that the device remains in the quiet state following a failed authentication exchange with the client Range 0 65535 seconds Default Configuration Quiet period is 60 seconds Command Mode Interface Configuration Ethernet mode User Guidelines During the quiet period the device does not accept or initiate authe
286. ntication requests The default value of this command should only be changed to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers To provide a faster response time to the user a smaller number than the default value should be entered Example The following example sets the number of seconds that the device remains in the quiet state following a failed authentication exchange to 3600 console config interface ethernet 1 e16 console config if dotlx timeout quiet period 3600 dot1x timeout tx period The dot1x timeout tx period Interface Configuration mode command sets the number of seconds that the device waits for a response to an Extensible Authentication Protocol EAP request identity frame from the client before resending the request Use the no form of this command to return to the default configuration Syntax dot1x timeout tx period seconds no dot1x timeout tx period Parameters e seconds Specifies the time in seconds that the device waits for a response to an EAP request identity frame from the client before resending the request Range 30 65535 seconds Page 376 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Default Configuration Timeout period is 30 seconds Command Mode Interface Configuration Ethernet mode User Guidelines The default value of this command should be changed
287. nts or keywords Default Configuration Disabled Page 128 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Interface Configuration VLAN mode User Guidelines IGMP snooping querier can be enabled on a VLAN only if IGMP snooping is enabled for that VLAN No more then one switch can be configured as an IGMP Querier for a VLAN When IGMP Snooping Querier is enabled it starts after host time out 2 with no IGMP traffic detected from a Multicast router The IGMP Snooping Querier disables itself if it detects IGMP traffic from a Multicast router It restarts itself after host time out 2 Following are the IGMP Snooping Querier parameters as function of the IGMP Snooping parameters QueryMaxResponseTime host time out 15 e Querylnterval host time out 3 Example The following example configures Internet Group Management Protocol IGMP querier on a specific VLAN console config interface vlan 2 console config if ip igmp snooping querier enable ip igmp snooping querier address The ip igmp snooping querier address Interface Configuration mode command defines the source IP address that the IGMP Snooping querier uses Use the no form of this command to return to default Syntax ip igmp snooping querier address p address no ip igmp snooping querier address Parameters This command has no arguments or keywords Default Configuration If an IP address is configured for
288. ny tagged Forbidden VLANS VLAN Name 13 out Port 2 e19 Static configuration PVID 2922 Ingress Filtering Enabled Page 359 VLAN Commands Acceptable Frame Type Untagged GVRP status Disabled Page 360 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 36 Web Server Commands ip http server The ip http server Global Configuration mode command enables configuring the device from a browser Use the no form of this command to disable this function Syntax ip http server no ip http server Parameters This command has no arguments or keywords Default Configuration HTTP server is enabled Command Mode Global Configuration mode User Guidelines Only a user with access level 15 can use the Web server Example The following example enables configuring the device from a browser console config ip http server ip http port The ip http port Global Configuration mode command specifies the TCP port to be used by the Web browser interface Use the no form of this command to return to the default configuration Syntax ip http port port number no ip http port Parameters port number Port number for use by the HTTP server Range 0 65535 Default Configuration The default port number is 80 Page 361 Web Server Commands Command Mode Global Configuration mode User Guidelines Use the crypto certificate generate Global Configurat
289. om the Authentication Server Authentication fails The number of times the state machine received a Failure message from the Authentication Server show dot1x users The show dot1x users Privileged EXEC mode command displays active 802 1X authenticated users for the device Page 381 Syntax show dot1x users username username Parameters e username Supplicant username Range 1 160 characters Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays 802 1X users 802 1x Commands console show dotlx users Port Username Session Time Auth Method 1 el Bob 1d 03 08 58 Remote 1 e2 John 08 19 17 None console show dot1lx users username Bob Username Bob Port Username Session Time Auth Method 1 el Bob 1d 03 08 58 Remote MAC Address 0008 3b79 8787 0008 3b89 3127 MAC Address 0008 3b79 8787 The following table describes significant fields shown above Field Description Port The port number Username The username representing the identity of the Supplicant Session Time The period of time the Supplicant is connected to the system Authentication Method Authentication method used by the Supplicant to open the session MAC Address MAC address of the Supplicant Page 382 Allied Telesis AT 8000S
290. ommand displays interface QoS information Syntax show qos interface buffers queueing policers shapers rate limit ethernet interface number vlan vian id port channel number queuing show qos interface buffers queueing policers shapers rate limit ethernet interface number vlan vlan id port channel number Parameters buffers Displaying buffer setting for the interface s queues Displays the minimum reserved setting queueing Display the queue s strategy WRR or EF and the weight for WRR queues and the CoS to queue map and the EF priority e policers Display all the policers configured for this interface their setting and the number of policers currently unused shapers Display the shaper of the specified interface and the shaper for the queue on the specified interface e rate limit Display the rate limit configuration interface number Valid Ethernet port number vilan id Valid VLAN ID e number Valid port channel number Default Configuration There is no default configuration for this command Command Mode User EXEC mode User Guidelines If no keyword is specified port QoS information e g DSCP trusted CoS trusted untrusted etc is displayed If no interface is specified QoS information about all interfaces is displayed Example The following example displays QoS information about Ethernet port 1 e11 console gt show qos interf
291. on Command Mode Global Configuration mode User Guidelines The command is relevant for both Unicast and Broadcast Example The following example defines the authentication key for SNTP and grants authentication Console config sntp authentication key 8 md5 ClkKey Console config sntp trusted key 8 Console config sntp authenticate sntp trusted key The sntp trusted key Global Configuration mode command authenticates the identity of a system to which Simple Network Time Protocol SNTP will synchronize Use the no form of this command to disable authentication of the identity of the system Syntax sntp trusted key key number no sntp trusted key key number Parameters key number Key number of authentication key to be trusted Range 1 4294967295 Page 75 Clock Commands Default Configuration No keys are trusted Command Mode Global Configuration mode User Guidelines The command is relevant for both received Unicast and Broadcast If there is at least 1 trusted key then unauthenticated messages will be ignored Example The following example authenticates key 8 Console config sntp authentication key 8 md5 ClkKey Console config sntp trusted key 8 Console config sntp authenticate sntp client poll timer The sntp client poll timer Global Configuration mode command sets the polling time for the Simple Network Time Protocol SNTP client Use the no form of this
292. only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Example The following command sets the number of seconds that the device waits for a response to an EAP request identity frame to 3600 seconds console config f interface ethernet 1 e16 console config if dotlx timeout tx period 3600 dot1x max req The dot1x max req Interface Configuration mode command sets the maximum number of times that the device sends an Extensible Authentication Protocol EAP request identity frame assuming that no response is received to the client before restarting the authentication process Use the no form of this command to return to the default configuration Syntax dot1x max req count no dot1x max req Parameters count Number of times that the device sends an EAP request identity frame before restarting the authentication process Range 1 10 Default Configuration The default number of times is 2 Command Mode Interface Configuration Ethernet mode User Guidelines The default value of this command should be changed only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers Page 377 802 1x Commands Example The following example sets the number of times that the device sends an EAP request identity frame to 6 console co
293. ons to forwarding state 1 BPDU sent 2 received 170638 Port 3 1 e3 disabled State Blocking Port id 128 3 Type Shared configured auto Designated port id 128 78 Guard Root Disabled BPDU sent 2 received 170638 Port 4 1 e4 enabled State Forwarding Port id 128 4 Type Shared configured auto Designated port id 128 2 Guard Root Disabled BPDU sent 2 received 170638 console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Root ID Priority Address Path Cost Root Port Hello Time 2 sec IST Master ID Priority Internal Designated bridge Priority 32768 umber of transitions to forwarding state 1 Internal Designated bridge Priority 32768 umber of transitions to forwarding state 1 Spanning Tree Commands Designated cost 20000 BPDU Guard Disabled Role Alternate Port cost 20000 Port Fast No configured no Address 00 02 4b 29 1a 19 Designated cost 20000 BPDU Guard Disabled Role Designated Port cost 20000 Port Fast No configured no Address 00 02 4b 29 7a 00 Designated cost 20000 BPDU Guard Disabled 32768 00 01 42 97 e0 00 20000 1 1 e1 Max Age 20 sec Forward Delay 15 sec 32768 Page 288 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Address 00 02 4b 19 7a 00 Path Cost 10000 Rem hops 19 Bridge ID Priority 32768 Address
294. onsole console configure console config vlan database console config vlan vlan 2 le console config vlan exit console config interface vlan 2 console config if dotlx guest vlan dot1x single host violation The dot1x single host violation Interface Configuration Ethernet mode command configures the action to be taken when a station whose MAC address is not the supplicant MAC address attempts to access the interface Use the no form of this command to restore defaults Syntax dot1x single host violation forward disgard disgard shutdown trap seconds no port dot1x single host violation Parameters forward Forwards frames with source addresses that are not the supplicant address but does not learn the source addresses e discard Discards frames with source addresses that are not the supplicant address e discard shutdown Discards frames with source addresses that are not the supplicant address The port is also shut down trap seconds Indicates that SNMP traps are sent Specifies the minimum amount of time in seconds between consecutive traps Range 1 1000000 Default Configuration Frames with source addresses that are not the supplicant address are discarded No traps are sent Command Mode Interface Configuration Ethernet mode User Guidelines The command is relevant when multiple hosts is disabled and the user has been successfully authenticated Page
295. orm of this command to return to the default configuration Syntax dot1x re authentication no dot1x re authentication Parameters This command has no arguments or keywords Default Configuration Periodic re authentication is disabled Command Mode Interface Configuration Ethernet User Guidelines There are no user guidelines for this command Example The following example enables periodic re authentication of the client console config interface ethernet 1 e16 console config if dotlx re authentication dot1x timeout re authperiod The dot1x timeout re authperiod Interface Configuration mode command sets the number of seconds between re authentication attempts Use the no form of this command to return to the default configuration Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod Page 374 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters e seconds Number of seconds between re authentication attempts Range 300 4294967295 Default Configuration Re authentication period is 3600 seconds Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example sets the number of seconds between re authentication attempts to 300 console config f interface ethernet 1 e16 console config if dotlx timeout re authperiod 300 dot1x re authe
296. ort priority 266 spanning tree priority 264 speed 102 155 stack change unit id 327 stack master 326 stack reload 327 Starting the CLI 20 switchport access vlan 348 switchport forbidden vlan 354 switchport general acceptable frame type tagged only 351 switchport general allowed vlan 349 switchport general map macs group vlan 352 switchport general pvid 350 switchport mode 347 switchport protected 346 switchport trunk allowed vlan 348 switchport trunk native vlan 349 Index Page 400 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide T tacacs server host 310 tacacs server key 311 tacacs server source ip 312 tacacs server timeout 311 telnet 321 Terminal Command Buffer 21 terminal history 158 terminal history size 159 test copper port tdr 199 traffic shape 217 tunnel isatap query interval 316 tunnel isatap robustness 318 tunnel isatap router 315 tunnel isatap solicitation interval 317 tunnel mode ipv6ip 314 tunnel source 316 U User EXEC Mode 17 user key 294 username 45 V vlan 343 vlan database 343 W wrr queue cos map 219 Page 401
297. ost query host report pim or trace Range 0 255 destination port Specifies the UDP TCP destination port Range 0 65535 e source port Specifies the UDP TCP source port Range 0 65535 e list of flags Specifies a list of TCP flags that can be triggered If a flag is set it is prefixed by If a flag is not set it is prefixed by Possible values urg ack psh rst syn fin urg ack psh rst syn and fin The flags are concatenated into one string For example fin ack Default Configuration No IPv4 ACL is defined Command Mode lp Access list Configuration mode User Guidelines You enter IP Access List configuration mode by using the ip access list Global Configuration mode command Example The following example defines a permit statement for an IP ACL console config ip access list ip acll console config ip al permit rsvp 192 1 1 1 0 0 0 0 any dscp 56 deny IP The deny IP Access List Configuration mode command sets conditions to not allow a packet to pass a named IP Access List Syntax deny disable port any protocol any source source wildcara any destination destination wildcara dscp number ip precedence number deny icmp disable port any source source wildcara any destination destination wildcara any icmp type any icmp code dscp number ip precedence number deny igmp disable port any source source wildcara any d
298. ostname device interface ethernet 1 el ip address 176 242 100 100 255 255 255 0 duplex full speed 1000 interface ethernet 1 e2 ip address 176 243 100 100 255 255 255 0 duplex full speed 1000 show bootvar The show bootvar Privileged EXEC mode command displays the active system image file that is loaded by the device at startup Syntax show bootvar unit unit Parameters e unit Specifies the unit number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode Page 91 User Guidelines There are no user guidelines for this command Example Configuration and Image File Commands The following example displays the active system image file that is loaded by the device at startup console show bootvar Images currently available on the FLASH image 1 image 2 Unit 1 2 active not active selected for next boot Active Image image 1 image image 1 image Selected for next boot Page 92 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 7 DHCP Snooping Commands ip dhcp snooping The ip dhcp snooping Global Configuration mode command globally enables DHCP snooping Use the no form of this command to return to the default setting Syntax ip dhcp snooping no ip dhcp snooping Parameters This command has no arguments or keywords Default Configuration Disabled Command Mode
299. ot be configured for a range of interfaces range context User Guidelines The command enables adding secure MAC addresses to a routed port in port security mode The command is available when the port is a routed port and in port security mode The address is deleted if the port exits the security mode or is not a routed port Page 60 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example adds the MAC layer address 66 66 66 66 66 66 to port 1 e1 console config interface ethernet 1 el console config if port security routed secure address 66 66 66 66 66 66 show bridge address table The show bridge address table Privileged EXEC mode command displays all entries in the bridge forwarding database Syntax show bridge address table vlan vlan ethernet interface port channel port channel number Parameters vlan Specifies a valid VLAN such as VLAN 1 interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines e Internal usage VLANs VLANs that are automatically allocated on ports with a defined Layer 3 interface are presented in the VLAN column by a port number and not by a VLAN ID e Special MAC addresses that were not statically defined or dynamically learned are displayed in the MAC
300. otiation operation for the speed and duplex parameters of a given interface Use the no form of this command to disable auto negotiation Syntax negotiation capability1 capability2 capability5 no negotiation Parameters e capability Specifies the capabilities to advertise Possible values 10h 10f 100h 100f 1000f Default Configuration Auto negotiation is enabled If unspecified the default setting is to enable all capabilities of the port Command Mode Interface Configuration Ethernet port channel mode User Guidelines If capabilities were specified when auto negotiation was previously entered not specifying capabilities when currently entering auto negotiation overrides the previous configuration and enables all capabilities Example The following example enables auto negotiation on Ethernet port 1 e5 console config interface ethernet 1 e5 console config if negotiation flowcontrol The flowcontrol Interface Configuration Ethernet port channel mode command configures flow control on a given interface Use the no form of this command to disable flow control Syntax flowcontrol on off auto no flowcontrol Page 104 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters on Force flow control as enabled e off Force flow control as disabled auto Enable AUTO flow control configuration Default Configuration Flow control is o
301. otocol udp 17 Host Monitoring Protocol hmp 20 Reliable Data Protocol rdp 27 Inter Domain Policy Routing Protocol idpr 35 Ipv6 protocol ipv6 41 Routing Header for IPv6 ipv6 route 43 Fragment Header for IPv6 ipv6 frag 44 Inter Domain Routing Protocol idrp 45 Reservation Protocol rsvp 46 Page 28 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide IP Protocol Abbreviated Name Protocol Number General Routing Encapsulation gre 47 Encapsulating Security Payload 50 esp 50 Authentication Header ah 51 ICMP for IPv6 ipv6 icmp 58 EIGRP routing protocol eigrp 88 Open Shortest Path Protocol ospf 89 Protocol Independent Multicast pim 103 Layer Two Tunneling Protocol 12tp 115 ISIS over IPv4 isis 124 any IP protocol any 25504 Default Configuration No IPv4 Access List is defined Command Mode IP Access list Configuration mode User Guidelines Enter IP Access List configuration mode by using the ip access list Global Configuration mode command After an access control entry ACE is added to an access control list an implied deny any any condition exists at the end of the list That is if there are no matches the packets are denied However before the first ACE is added the list permits all packets Example The following example defines a permit statement for an IP ACL console config ip access list ip acll console config ip al deny rsv
302. oup group vlan vlan id no switchport general map macs group group Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Interface Configuration Ethernet port channel mode User Guidelines MAC based VLAN rules cannot contain overlapping ranges on the same interface The priority between VLAN classification rules is MAC based VLAN Best match between the rules e PVID The interface must be in General Mode to configure a MAC based classification rule Page 352 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example sets a mac based classification rule console config vlan database console config vlan map mac 00 08 78 32 98 78 9 macs group 1 interface ethernet e17 console config vlan exit console config interface ethernet 1 e17 Le console config 1f switchport mode general el console config 1f switchport general map macs group 1 vlan 2 map mac macs group The map mac macs group VLAN Configuration mode command maps a MAC address or a range of MAC addresses to a group of MAC addresses Use the no form of this command to delete a map Syntax map mac mac address prefix mask host macs group group no map mac mac address prefix mask host e mac address Specifies the MAC address to be entered to the group e prefix mask Specifies the Mask
303. p 192 1 1 1 0 0 0 255 any ipv6 access list The ipv6 access list Global Configuration mode command defines an IPv6 Access List and places the device in IPv6 Access List Configuration mode Use the no form of this command to remove the Access List Syntax ipv6 access list access list name no ipv6 access list access list name Parameters access list iname Name of the IPv6 Access List Range 1 32 characters Page 29 ACL Commands Default Configuration No IPv6 access list is defined Command Mode Global configuration User Guidelines An IPv6 ACL has a unique name An IPv6 ACL IPv4 ACL and MAC ACL cannot share the same name e Every IPv6 ACL has implicit permit icmp any any nd ns any permit icmp any any nd na any and deny ipv6 any any statements as its last match conditions The former two match conditions allow for ICMPv6 neighbor discovery The IPv6 neighbor discovery process makes use of the IPv6 network layer service therefore by default IPv6 ACLs implicitly allow IPv6 neighbor discovery packets to be sent and received on an interface In IPv4 the Address Resolution Protocol ARP which is equivalent to the IPv6 neighbor discovery process makes use of a separate data link layer protocol therefore by default IPv4 ACLs implicitly allow ARP packets to be sent and received on an interface Example The following example creates an IPv6 ACL Switch config ipv6 access list acll Switch
304. plays the Link Layer Discovery Protocol LLDP configuration console show lldp configuration State Enabled Timer 30 Seconds Hold multiplier 4 Reinit delay 2 Seconds Tx delay 2 Seconds Port State Optional TLVs Address 1 el RX TX PD SN SD SC 172 6 dee 1 e2 TX PD SN Ple Egs LL 1 e3 Disabled Page 183 The following table describes the significant fields shown in the example LLDP Commands Field Description Timer Specifies how often the software sends LLDP updates Hold multiplier Specifies the amount of time the receiving device should hold an LLDP packet before discarding it Reinit timer Specifies the minimum time an LLDP port waits before reinitializing LLDP transmission Tx delay Specifies the delay between successive LLDP frame transmissions initiated by value status changes in the LLDP local systems MIB Port The port number State The port LLDP state Optional TLVs Optional TLVs that are advertised Possible values are PD Port description SN System name SD System description SC System capabilities Address The management address that is advertised show lldp med configuration The show lldp med configuration Privileged EXEC mode command displays the LLDP MED configuration Syntax show lldp med configuration ethernet interface Parameters interface Ethernet interface Default Configuration This command has no def
305. port port filter filtername timeout seconds retries retries no snmp server host ipv4 address pv6 address hostname traps informs Page 250 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters pv4 address Pv4 address of the host the targeted recipient An out of band IP address can be specified as described in the usage guidelines e pv6 address Pv6 address of the host the targeted recipient When the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the usage guidelines for the interface name syntax e hostname Specifies the name of the host Range 1 158 characters e community string Specifies a password like community string sent with the notification operation Range 1 20 traps Indicates that SNMP traps are sent to this host If unspecified SNMPv2 traps are sent to the host informs Indicates that SNMP informs are sent to this host Not applicable to SNMPv1 e 1 Indicates that SNMPv1 traps will be used 2 Indicates that SNMPv2 traps will be used If port Specifies the UDP port of the host to use If unspecified the default UDP port number is 162 Range 1 65535 filtername Specifies a string that defines the filter for this host If unspecified nothing is filtered Range 1 30 characters e seconds Specifies the number of seconds to wait for an acknowledg
306. port security max The port security max Interface Configuration Ethernet port channel mode command configures the maximum number of addresses that can be learned on the port while the port is in port security mode Use the no form of this command to return to the default configuration Syntax port security max max addr Page 59 Address Table Commands no port security max Parameters max addr Maximum number of addresses that can be learned by the port Range 1 128 Default Configuration The default setting is 1 address Command Mode Interface Configuration Ethernet port channel mode User Guidelines This command is only relevant in dynamic learning modes Example The following example configures the maximum number of addresses that are learned on port 1 e7 before it is locked is set to 20 console config interface ethernet 1 e7 console config 1f port security max 20 port security routed secure address The port security routed secure address Interface Configuration Ethernet port channel mode command adds a MAC layer secure address to a routed port Use the no form of this command to delete a MAC address Syntax port security routed secure address mac address no port security routed secure address mac address Parameters mac address A valid MAC address Default Configuration No addresses are defined Command Mode Interface Configuration Ethernet port channel mode Cann
307. port storm control broadcast enable rirerire ori a AA AEA 115 port storm control broadcast Te iio 116 SHOW ports Storni c oni uc lia 117 Chapter 9GVRPCOMMANOS cui nnmnnn nnmnnn 118 gvrp enable Global niii wi ered ig ae deel eee eg MI ene 118 gyp enable Interaction ited dia interned ahd tedden 118 arp tIMOr i avis Sail ie de ee ine Re end 119 Qvrp Vlan CreatiON fOrDiC eiceta araa aen a ee iR rE E EE a RANE E NeR e eaa 120 gvirp registration forbid nissin ien e eN ARNEE TAATA ieee eae 120 clear gvip StatiSticS Li Pat deat Aiea anes AA 121 Show gvr COMU ON r etai A dee ieee ve nie E 121 SHOW QVIp StatiStlCs ii ev tena eat deeded ies 122 Show vrp error statistiCS icon dd dlee edad eee ales 123 Chapter 10 IGMP Snooping COMMANAS ommcccccnnncncccninanancncnnnnnnnnnnnnc nro 125 ip igmp snooping GlObal coccocinnncconncccnnnonacnnacccononanna no cono nono nn ca narran 125 Ip IMP snooping Interface omore ENNA ENA TNE 125 ip igmp snooping mrouter learn piM dVMTPDooooocccccnnncoccccccnnonnccccnanonnnnnnnnnnnnnnccnnnnnnnncn nana nn cnc cnnnnnncnccnnnnns 126 IP igmp snooping NOSt tIME OUE sssrini at cnn anar rr 128 ip igmp snooping querier enable ocoooonnocccccnnnnoccconnnononcconananon cnn nana n cnn naar rn 128 ip igmp snooping querier address ooooonoccccnnnnnocccinnnnoncccnnnn conc cn nn nan c cnn nn 129 ip igmp snooping QUErier VerSiON ooooocccccnnncoccccncnonannncncn nn n nc cnn nan c cnn rc 130 ip igmp snooping Mrouter tiMe OUt
308. ps Syntax snmp server trap authentication no snmp server trap authentication Parameters This command has no arguments or keywords Default Configuration SNMP failed authentication traps are enabled Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables SNMP failed authentication traps console config snmp server trap authentication snmp server contact The snmp server contact Global Configuration mode command configures the system contact sysContact string Use the no form of this command to remove system contact information Syntax snmp server contact text no snmp server contact Parameters e text Specifies the string that describes system contact information Range 0 160 characters Default Configuration This command has no default configuration Page 253 SNMP Commands Command Mode Global Configuration mode User Guidelines Do not include spaces in the text string or place text that includes spaces inside quotation marks Example The following example configures the system contact point called ATI_Technical_Support console config snmp server contact ATI_Technical_Support snmp server location The snmp server location Global Configuration mode command configures the system location string Use the no form of this command to remove the location string Syntax snmp serv
309. qual to three times the join time Leave all time must be greater than the leave time Page 119 GVRP Commands Set the same GARP timer values on all Layer 2 connected devices If the GARP timers are set differently on Layer 2 connected devices the GARP application will not operate successfully Example The following example sets the leave timer for Ethernet port 1 e6 to 900 milliseconds console config interface ethernet 1 e6 console config if garp timer leave 900 gvrp vian creation forbid The gvrp vlan creation forbid Interface Configuration Ethernet port channel mode command disables dynamic VLAN creation or modification Use the no form of this command to enable dynamic VLAN creation or modification Syntax gvrp vlan creation forbid no gvrp vlan creation forbid Parameters This command has no arguments or keywords Default Configuration Dynamic VLAN creation or modification is enabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines This command forbids dynamic VLAN creation from the interface The creation or modification of dynamic VLAN registration entries as a result of the GVRP exchanges on an interface are restricted only to those VLANs for which static VLAN registration exists Example The following example disables dynamic VLAN creation on Ethernet port 1 e6 console config interface ethernet 1 e6 console config if gvrp vlan creation forb
310. ration The local user database is checked This has the same effect as the command aaa authentication login ist name local N Note On the console login succeeds without any authentication check if the authentication method is not defined Command Mode Global Configuration mode Page 39 AAA Commands User Guidelines The default and optional list names created with the aaa authentication login command are used with the login authentication command e Create a list by entering the aaa authentication login ist name method command for a particular protocol where list name is any character string used to name this list The method argument identifies the list of methods that the authentication algorithm tries in the given sequence The additional methods of authentication are used only if the previous method returns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line Example The following example configures the authentication login Console config aaa authentication login default radius local enable none aaa authentication enable The aaa authentication enable Global Configuration mode command defines authentication method lists for accessing higher privilege levels Use the no form of this command to return to the default configuration Syntax aaa authentication enable default ist name met
311. ration mode command specifies the management address that is advertised from an interface Use the no form of this command to revert to the default setting Syntax lldp management address p address automatic none no management address Parameters p address Specifies the management address to advertise automatic Specifies that the software will automatically choose a management address to advertise This will be the system s currently configured IP address All addresses are advertised both Static and DHCP none Specifies not to advertise any address Default Configuration No IP address is advertised Command Mode Interface Configuration Ethernet mode Page 178 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide User Guidelines Each port can advertise one IP address Only static IP addresses can be advertised If multiple addresses exist they can be advertised for example where an IP is configured on a port and the port is a member in a VLAN configured with IP Example The following example specifies that the management address will be advertised from an interface as 192 168 0 1 console config interface ethernet e5 console config if lldp management address 192 168 0 1 Ildp notifications The Ildp notifications Interface Configuration mode command enables sending LLDP notifications Use the no form of this command to to revert to the default se
312. re identified with a username for example a user logged in with a line password is not recorded e If accounting is activated the device sends a Start Stop messages to a RADIUS server when a user logs in logs out respectively The device uses the configured priorities of the available RADIUS servers to select the RADIUS server to use The following table describes the supported RADIUS accounting Attribute Values when they are sent by the switch Name Start Stop Description User Name 1 Yes Yes The user identity NAS IP Address 4 Yes Yes The switch IP address that is used for the session with the RADIUS server Class 25 Yes Yes An arbitrary value is included in all accounting packets for a specific session Called Station ID 30 Yes Yes The switch IP address that is used for the management session Calling Station ID 31 Yes Yes The user IP address Acct Session ID 44 Yes Yes A unique accounting identifier Acct Authentic 45 Yes Yes Indicates how the supplicant was authenticated Acct Session Time 46 No Yes Indicates how long the user was logged in Acct Terminate Cause 49 No Yes Reports why the session was terminated Example The following example defines the accounting of device management sessions to a RADIUS server Console config aaa accounting login radius aaa accounting dot1x The aaa accounting dot1x Global Configuration mode command defines accoun
313. re or software or loss of data Warning Indicates a risk of personal injury Page 15 Preface Contacting Allied Telesis Contacting Allied Telesis This section provides Allied Telesis contact information for technical support as well as sales or corporate information Online Support Email and Telephone Support Returning Products For Sales or Corporate Information Warranty You can request technical support online by accessing the Allied Telesis Knowledge Base from the following web site www alliedtelesis com support You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions For Technical Support via email or telephone refer to the Allied Telesis web site www alliedtelesis com Select your country from the list displayed on the website Then select the appropriate menu tab Products for return or repair must first be assigned a Return Materials Authorization RMA number A product sent to Allied Telesis without a RMA number will be returned to the sender at the sender s expense To obtain an RMA number contact the Allied Telesis Technical Support group at our web site www alliedtelesis com support Select your country from the list displayed on the website Then select the appropriate menu tab You can contact Allied Telesis for sales or corporate information at our web site www alliedtelesis com Select your country from
314. require that the DHCPDISCOVER message have a specific host name The ip address dhcp hostname host name command is most typically used when the host name is provided by the system administrator If the device is configured to obtain its IP address from a DHCP server it sends a DHCPDISCOVER message to provide information about itself to the DHCP server on the network If the ip address dhcp command is used with or without the optional keyword the DHCP option 12 field host name option is included in the DISCOVER message By default the specified DHCP host name is the globally configured host name of the device However the ip address dhcp hostname host name command can be used to place a different host name in the DHCP option 12 field The no ip address dhcp command deconfigures any IP address that was acquired thus sending a DHCPRELEASE message The IP address is defined only on the management VLAN Example The following example acquires an IP address for VLAN 1 from DHCP console config interface vlan 1 console config if ip address dhcp ip default gateway The ip default gateway Global Configuration mode command defines a default gateway device Use the no form of this command to return to the default configuration Syntax ip default gateway p address no ip default gateway Parameters e jp address Valid IP address of the default gateway Page 136 Allied Telesis AT 8000S S94 3 0 Command L
315. res the inline power management priority of the interface Use the no form of this command to return to the default configuration Syntax power inline priority critical high low no power inline priority Parameters e critical Indicates that operating the powered device is critical high Indicates that operating the powered device has high priority low tndicates that operating the powered device has low priority Default Configuration The default setting is low priority Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example configures the device connected to Ethernet interface 1 e1 as a high priority powered device console config interface ethernet 1 el console config 1f power inline priority high Page 209 Power over Ethernet Commands power inline usage threshold The power inline usage threshold Global Configuration mode command configures the threshold for initiating inline power usage alarms Use the no form of this command to return to the default configuration Syntax power inline usage threshold percentage unit number no power inline usage threshold Parameters percentage Specifies the threshold as a percentage to compare measured power Range 1 99 e unit number Specifies the current number of the unit Range 1 6 Default Configuration The default thres
316. ress ethernet interface port channel port channel number expiry seconds no ip dhcp snooping binding mac address vlan id Parameters e mac address Specify a MAC address e vlan id Specify a VLAN number e jp address Specify an IP address e interface Specify Ethernet port port channel number Specify Port channel number e expiry seconds Specify the interval in seconds after which the binding entry is no longer valid Range 10 4294967295 Default Configuration No static binding exists Command Mode Privileged EXEC User Guidelines After entering this command an entry is added to the DHCP snooping database If DHCP snooping binding file exists the entry is added to that file also Page 97 DHCP Snooping Commands The entry is displayed in the show commands as a DHCP Snooping entry Example The following example configures the DHCP snooping binding database and adds binding entries to the database console ip dhcp snooping binding 0060 704c 73ff 3 10 1 8 1 ethernet 1 e21 clear ip dhcp snooping database The clear ip dhcp snooping database Privileged EXEC mode command clears the DHCP binding database Syntax clear ip dhcp snooping database Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command E
317. rface User s Guide Example The following example creates a management Access List called miist configures management Ethernet interfaces 1 e1 and 2 e9 and makes the new Access List the active list console config management access list mlist console config macl permit ethernet 1 el console config macl permit ethernet 2 e9 console config macl exit console config management access class mlist The following example creates a management Access List called mlist configures all interfaces to be management interfaces except Ethernet interfaces 1 e1 and 2 e9 and makes the new Access List the active list console config management access list mlist console config macl deny ethernet 1 el console config macl deny ethernet 2 e9 console config macl permit console config macl exit console config management access class mlist permit Management The permit Management Access List Configuration mode command defines a permit rule Syntax permit ethernet nterface number vlan vian id port channel port channel number service service permit ip source p address mask mask prefix length ethernet interface number vlan vian id port channel port channel number service service Parameters interface number A valid Ethernet port number vlan id A valid VLAN number port channel number A valid port channel index e jp address
318. rface name vilan lt integer gt ch lt integer gt isatap lt integer gt lt physical port name gt 0 integer lt decimal number gt lt integer gt lt decimal number gt decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example el Example The following example defines a static host name to address mapping in the host name cache console config ipv6 host ABC fe80 11 fe80 22 ipv6 neighbor The ipv6 neighbor Global Configuration mode command configures a static entry in the IPv6 neighbor discovery cache Use the no form of this command to remove a static IPv6 entry from the IPv6 neighbor discovery cache Syntax ipv6 neighbor pv6_addr hw_adar ethernet interface number vlan vian id port channel number no ipv6 neighbor pv6_addr ethernet interface number vlan vian id port channel number Parameters e pv6_addr Valid IPv6 address to map to the specified MAC address e hw_addr Valid MAC address to map to the specified IPv6 address ethernet interface number Valid port number vlan vian id Valid VLAN number port channel number Valid port channel number Default Configuration This command has no default setting Command Mode Global Configuration mode User Guidelines The ipv6 neighbor command is similar to the arp global command Ifan entry for the specified IPv6 address already exists in the n
319. rfaces and status are keywords ethernet is an argument that specifies the interface type and 1 e11 specifies the port Page 20 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username admin password alansmith When working with the CLI the command options are not displayed The command is not selected from a menu but is manually entered To see what commands are available in each mode or within an interface configuration the CLI does provide a method of displaying the available commands the command syntax requirements and in some instances parameters required to complete the command The standard command to request help is There are two instances where help information can be displayed Keyword lookup The character is entered in place of a command A list of all valid commands and corresponding help messages are is displayed e Partial keyword lookup If a command is incomplete and or the character is entered in place of a parameter The matched keyword or parameters for this command are displayed To assist in using the CLI there is an assortment of editing features The following features are described Terminal Command Buffer Command Completion Nomenclature e Keyboard Shortcuts Terminal Command Buffer
320. rn conc naar nn cnn cnn 210 Page 7 power inline taps onale stikar llo blas 210 SHOW POWEN IINE aranna esa a A Ea A little 211 show power inline power CONSUMPRION ooooccccccnnnoconcccconnooncccnnnnonnnnnnnnonnncnnnnnn nn ncr naar nn cnc atann naan nunnan nnna 213 show power Mng VESION ica ado tte 213 Chapter 24 QoS Commands coincida 215 AO 215 SHOW GOS Mirna a adi deed coa 215 priority queue out NUM O QUBUES cccconococcccconoconcncnonnnnnnncnnnoncnnrcnnnnnnnn rra nn nn nn rene nn nn rr nan n nr nr rra nnnarn cane 216 CAME ai AAA AA AAA A A AA A LAA 216 A A ae a a e eaa 217 show qos interface cui A teats eee 218 WIT QUCEUC COS MO D RETEA E ret cdas E ada da E AAA 219 A e cet E Mea nel Meee en aden naa aes lle ea elie nai etede 220 GOS Map USCP QUCUC ir nee ee 220 COS Oi A A E od 221 SROWAOS MA dt id dt Ia ae detest tevervveudoets 222 Chapter 25 Radius COMMAN OS cccseccesseeeeeeeesseeeeeeeseneeeneneneeeesseaeeeseeseneeeeeseeneeeesseneeees 224 radiUS Server MOS A td eee ee 224 TUS OIR A aaa 225 radius Server retransmit sce ii A dare ETATE aia 225 TadiUS SOrver SOULCE IP uaaa aaaea paat aea e ea aa i e a aa eaa a aaa a a TA a a 226 radius server SOUTCO PV ienien iieii aai a EA AE DATE N a 227 FAGIUS SEVEF TIMEGOUE si ed hd aa did A aa aaa 227 radIUS SErVerAEAaCtiMG sourerareriiiarai a i a N idee dee levi ia ii i 228 SHOWS ac 228 Chapter 26 RMON Commands oooocccccnnonccnnnanaccconnnnononcnnnn nn nennnnn cnn nn cnn nr r
321. rtificate fields After receiving the certificate from the Certification Authority use the crypto certificate import Global Configuration mode command to import the certificate into the device This certificate replaces the self signed certificate Page 366 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example generates and displays a certificate request for HTTPS console crypto certificate 1 request BEGIN CERTIFICATE REQUEST MIwTCCASoCAQAwY jJELMAkGA1UEBhMCUFAxCzAJBgNVBAgTAKNDMQswCQYDVQQH EwWRDEMMAoOGA1UEChMDZGxkMQwwCgYDVQQLEWNKbGOQxC zAJBgNVBAMTAmxkMRAw DgKoZIhvcNAQkBFgFsMIGfMAOGCSqGSIb3DQEBAQUAALGNADCBiOKBgOC8ecwQ HdMLO83110fh FOMV Kib6Sz5p 3nUUenbfHp igVPmEM 1nbqTDekb2ymCu6K aKvEbVLF 9F2LmM7VP3DBb9bb43nxkvwW wzDLvW2rsy5NPmH10V1 8Ubx3GyCm oW93BSOFwxwEsP58kf sPYPy 8wwmoNt DwI DAQABoB8wHQYJKoZIhvcNAQkH MRD JEyMwg ICCAgICAICAgIMA0NGCSqGS Ib3DQEBBAUAA4GBAGb8UgIx7rB05m 2 m5ZZPhIw18ARSPXwhVdJexF jonmvcacgjPG8pliRV6LkxryGF2bVU3 jKEipcZa g uNpyTkDt3Z2VU72p3z fa8TF0n3 CN router gm com 0 General Motors C US crypto certificate import The crypto certificate import Global Configuration mode command imports a certificate signed by the Certification Authority for HTTPS Syntax crypto certificate number import Parameters e number Specifies the certificate number Range 1 2 Default Configuration This command has no default configuration Comma
322. rusted ip dhcp snooping verify The ip dhcp snooping verify Global Configuration mode command configures the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address Use the no form of this command to configure the switch to not verify the MAC addresses Syntax ip dhcp snooping verify no ip dhcp snooping verify Parameters This command has no arguments or keywords Default Configuration The switch verifies the source MAC address in a DHCP packet that is received on untrusted ports matches the client hardware address in the packet Command Mode Global configuration Page 95 DHCP Snooping Commands User Guidelines There are no user guidelines for this command Example The following example configures the switch to verify on an untrusted port that the source MAC address ina DHCP packet matches the client hardware address console config ip dhcp snooping verify ip dhcp snooping database The ip dhcp snooping database Global Configuration mode command configures the DHCP snooping binding file Use the no form of this command to delete the binding file Syntax ip dhcp snooping database no ip dhcp snooping database Parameters This command has no arguments or keywords Default Configuration The DHCP snooping binding file is not defined Command Mode Global Configuration mode User Guidelines To ensure that the lease time in the data
323. ry User EXEC mode command displays RMON Ethernet history statistics Syntax show rmon history index throughput errors other period seconds Parameters e index Specifies the requested set of samples Range 1 65535 e throughput Indicates throughput counters e errors Indicates error counters e other Indicates drop and collision counters e seconds Specifies the period of time in seconds Range 0 4294967295 Page 233 RMON Commands Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Examples The following examples displays RMON Ethernet history statistics for index 1 console gt show rmon history 1 throughput Sample Set 1 Owner CLI Interface 1 el Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 Time Octets Packets Broadcast Multicast Util Jan 18 2002 21 57 00 303595962 357568 3289 7287 19 Jan 18 2002 21 57 30 287696304 275686 2789 5878 20 console gt show rmon history 1 errors Sample Set 1 Owner Me Interface 1 el Interval 1800 Requested samples 50 Granted samples 50 Maximum table size 500 800 after reset Time CRC Align Undersize Oversize Fragments Jabbers Jan 18 2002 21 57 00 1 1 0 49 0 Jan 18 2002 21 57 30 1 1 0 27 0 Page 234 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide console
324. s seconds Specifies the number of seconds to wait for an acknowledgment before resending informs If unspecified the default timeout period is 15 seconds Range 1 300 e retries Specifies the maximum number of times to resend an inform request If unspecified the default maximum number of retries is 3 Range 0 255 Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines A user and notification view are not automatically created Use the snmp server user snmp server group and snmp server view Global Configuration mode commands to generate a user group and notify group respectively The format of an IPv6Z address is lt pv6 link local address gt lt interface name gt interface name vlan lt integer gt ch lt integer gt isatap lt integer gt lt physical port name gt integer lt decimal number gt lt integer gt lt decimal number gt decimal number 0 1 2 3 4 5 6 7 8 9 Page 252 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example configures an SNMPv3 host console config snmp server v3 host 192 168 0 20 john noauth snmp server trap authentication The snmp server trap authentication Global Configuration mode command enables the device to send SNMP traps when authentication fails Use the no form of this command to disable SNMP failed authentication tra
325. s DHCP relay must first be globally enabled before enabling DHCP snooping on an interface Example The following example enables Dynamic Host Configuration Protocol DHCP relay features for an interface console config interface ethernet 1 e6 console config if ip dhcp relay enable ip dhcp relay address The ip dhcp relay address Global Configuration mode command makes a DHCP server available for the DHCP relay Use the no form of this command to remove server from the list Syntax ip dhcp relay address ip address no ip dhcp relay address p address Parameters p address DHCP server IP address Up to 8 servers can be defined Default Configuration No server is defined Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example makes a DHCP server available for the DHCP relay console config ip dhcp relay 1 1 1 10 show ip dhcp relay The show ip dhcp relay User EXEC mode command displays the server address on the DHCP relay Syntax show ip dhcp relay Page 165 Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Examples The following example displays the server address on the DHCP relay IP DHCP Relay console gt show
326. s There are no user guidelines for this command Example The following example defines the priority of Ethernet port 1 86 as 247 console config interface ethernet 1 e6 console config if lacp port priority 247 Page 168 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide lacp timeout The lacp timeout Interface Configuration Ethernet mode command assigns an administrative LACP timeout Use the no form of this command to return to the default configuration Syntax lacp timeout long short no lacp timeout Parameters long Specifies the long timeout value short Specifies the short timeout value Default Configuration The default port timeout value is long Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example assigns a long administrative LACP timeout to Ethernet port 1 e6 console config interface ethernet 1 e6 console config if lacp timeout long Page 169 LACP Commands show lacp ethernet The show lacp ethernet Privileged EXEC mode command displays LACP information for Ethernet ports Syntax show lacp ethernet interface parameters statistics protocol state Parameters interface Valid Ethernet port Full syntax unit port e parameters Link aggregation parameter information e statistics Link aggregation statis
327. s Guide Default Configuration This command has no default setting Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays information on the ISATAP tunnel console gt show ipv tunnel Router DNS name ISATAP Router IPv4 address 172 16 1 1 DNS Query interval 10 seconds in DNS Query interval 0 seconds Router Solicitation interval 10 seconds in Router Solicitation interval 0 seconds Robustness 3 Page 319 System Management Commands Chapter 33 System Management Commands ping The ping User EXEC mode command sends ICMP echo request packets to another node on the network Syntax ping ipv4 address hostname size packet_size count packet_count timeout time_ouf ping ipv6 ipv6 address hostname size packet_size count packet_counf timeout time_ouf Parameters e ipv6 Uses IPv6 to check the network connectivity pv4 address Pv4 address to ping An out of band IP address can be specified as described in the usage guidelines e pv6 address Pv6 address to ping When the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the usage guidelines for the interface name syntax hostname Host name to ping Range 1 158 characters packet_size Number of bytes in a packet The actual packet size is eight bytes
328. s Guide Example The following example enables public key authentication for incoming SSH sessions console config ip ssh pubkey auth crypto key pubkey chain ssh The crypto key pubkey chain ssh Global Configuration mode command enters the SSH Public Key chain Configuration mode The mode is used to manually specify other device public keys such as SSH client public keys Syntax crypto key pubkey chain ssh Parameters This command has no arguments or keywords Default Configuration No keys are specified Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enters the SSH Public Key chain Configuration mode and manually configures the RSA key pair for SSH public key chain bob console config crypto key pubkey chain ssh console config pubkey chain user key bob console config pubkey key key string rsa AAAAB3NzaClyc2EAAAADAQABAAABAOCvTnRwPWl Al 4kpqIw9GBRonZQZx jHKcqKL6rM10 ZNX ZSkvHG Qus1Z 761LmFT34v7u7ChFAE Vu4GREpSwoQUvV35LqJJk6710U zfwOllg kTwm175QR9gHujS6KwGN2QWXgh3ub8gDjTSq muSn Wd05iDX21ExQWu08licglk02LYciz ZATrEU 9FJIxwPiVOOJc KBXuRO3juNg5nFYsY OZCKON W9Ia tnkm1shRE7Di71 w3f Ni0A 6w9044t 6 AINEICBCCA4YcF6zMzaTlwefWwx6f Rmt SnhhqdAtN 4oJfcel 66DqVX1gWmN ZNR4DYDvSzg01DnwCAC8Qh Fingerprint a4 16 46 23 5a 8d 1d b5 37 59 eb 44 13 b9 33 e9 Page 293 SSH Commands user key The user key
329. s can be used Page 224 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide If no host specific timeout retries deadtime or key string values are specified global values apply to each RADIUS server host The address type of the source parameter must be the same as the ip address parameter Example The following example specifies a RADIUS server host with IP address 192 168 10 1 authentication request port number 20 and a 20 second timeout period console config radius server host 192 168 10 1 auth port 20 timeout 20 radius server key The radius server key Global Configuration mode command sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon Use the no form of this command to return to the default configuration Syntax radius server key key string no radius server key Parameters e key string Specifies the authentication and encryption key for all RADIUS communications between the device and the RADIUS server This key must match the encryption used on the RADIUS daemon Range 0 128 characters Default Configuration The key string is an empty string Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example defines the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon console
330. s filtering is enabled Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example disables the ingress filtering of a port console config switchport general ingress filtering disable switchport general acceptable frame type tagged only The switchport general acceptable frame type tagged only Interface Configuration mode command discards untagged frames at ingress Use the no form of this command to return to the default configuration Syntax switchport general acceptable frame type tagged only no switchport general acceptable frame type tagged only Parameters This command has no arguments or keywords Page 351 VLAN Commands Default Configuration All frame types are accepted at ingress Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures Ethernet port 1 e16 to discard untagged frames at ingress console config interface ethernet 1 e16 console config 1f switchport general acceptable frame type tagged only switchport general map macs group vlan The switchport general map macs group vlan interface configuration mode command sets a mac based classification rule Use the no form of this command to delete a classification Syntax switchport general map macs gr
331. s in the PortFast mode or disabled Example The following example shuts down an interface when it receives a BPDU consol le config interfac thernet 1 el consol le config if spanning tree bpduguard clear spanning tree detected protocols The clear spanning tree detected protocols Privileged EXEC mode command restarts the protocol migration process forces renegotiation with neighboring devices on all interfaces or on a specified interface Syntax clear spanning tree detected protocols ethernet interface port channel port channel number Parameters e interface A valid Ethernet port port channel number A valid port channel number Default Configuration This command has no default configuration Page 270 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Modes Privileged EXEC mode User Guidelines This feature should be used only when working in RSTP or MSTP mode Example The following example restarts the protocol migration process on Ethernet port 1 e11 console clear spanning tree detected protocols ethernet 1 e11 spanning tree mst priority The spanning tree mst priority Global Configuration mode command configures the device priority for the specified spanning tree instance Use the no form of this command to return to the default configuration Syntax spanning tree mst instance id priority priority no spannin
332. s list Global Configuration mode command configures a management Access List and enters the Management Access list Configuration command mode Use the no form of this command to delete an Access List Syntax management access list name no management access list name Parameters name Access list name Range 1 32 characters Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines Use this command to configure a management Access List The command enters the Access list Configuration mode where permit and deny access rules are defined using the permit Management and deny Management commands If no match criteria are defined the default is deny If you reenter an Access List context the new rules are entered at the end of the Access List Use the management access class command to select the active Access List The active management list cannot be updated or removed Management ACL requires a valid management interface which is a port VLAN or port channel with an IP address or console interface Management ACL only restricts access to the device for management configuration or viewing For IPv6 management traffic that is tunneled in IPv4 packet the management ACLs is applied first on the external IPv4 header rules with service field are ignored and then again on the inner IPv6 header Page 194 Allied Telesis AT 8000S S94 3 0 Command Line Inte
333. s no arguments or keywords Default Configuration Polling is disabled Command Mode Global Configuration mode User Guidelines The sntp client poll timer Global Configuration mode command determines polling time Page 79 Clock Commands Example The following example enables polling for Simple Network Time Protocol SNTP predefined Unicast clients Console config sntp unicast client poll sntp server The sntp server Global Configuration mode command configures the device to use the Simple Network Time Protocol SNTP to request and accept SNTP traffic from a specified server Use the no form of this command to remove a server from the list of SNTP servers Syntax sntp server jov4 address ipv6 address hostname poll key keyia no sntp server ijov4 address ipv6 address hostname Parameters pv4 address Pv4 address of the server An out of band IP address can be specified as described in the usage guidelines e pv6 address Pv6 address of the server An out of band IP address can be specified as described in the usage guidelines When the IPv6 address is a Link Local address IPv6 address the outgoing interface name must be specified Refer to the usage guidelines for the interface name syntax e hostname Hostname of the server Only translation to IPv4 addresses is supported poll Enable polling keyid Authentication key to use when sending packets to this peer R
334. s no default configuration Command Mode User EXEC mode or Privileged EXEC Mode User Guidelines There are no user guidelines for this command Example In the following example the counters for interface 1 e1 are cleared console gt clear counters ethernet 1 el set interface active The set interface active Privileged EXEC mode command reactivates an interface that was shutdown Syntax set interface active ethernet interface port channel port channel numben Page 107 Ethernet Configuration Commands Parameters interface Valid Ethernet port Full syntax unit port port channel number Valid port channel number Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines This command is used to activate interfaces that were configured to be active but were shutdown by the system for some reason e g port security Example The following example reactivates interface 1 e5 consolef set interface active ethernet 1 e5 show interfaces advertise The show interfaces advertise Privileged EXEC mode command displays autonegotiation data Syntax show interfaces advertise ethernet interface port channel port channel number Parameters interface Valid Ethernet port Full syntax unit port e port channel number Valid port channel number Default Configuration This command has no default configuration
335. s the description for all configured interfaces Syntax show interfaces description ethernet interface port channel port channel number Page 111 Parameters interface Valid Ethernet port Full syntax unit port e port channel number A valid port channel number Default Configuration This command has no default configuration Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays descriptions of configured interfaces Ethernet Configuration Commands console show interfaces description Port Description el lab e2 e3 e4 e5 e6 ch1 ch2 show interfaces counters The show interfaces counters User EXEC mode command displays traffic seen by the physical interface Syntax show interfaces counters ethernet interface port channel port channel number Parameters interface A valid Ethernet port Full syntax unit port port channel number A valid port channel number Default Configuration This command has no default configuration Page 112 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Modes User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays traffic seen by the physical interface The following example displays counters for Ethernet port 1 e1 console
336. se the no form of this command to revert to the default setting Syntax lldp timer seconds no lldp timer Parameters seconds Specifies in seconds how often the software sends an LLDP update Range 5 32768 seconds Default Configuration The default value is 30 seconds Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the system to send LLDP updates every 50 seconds console config lldp timer 50 Page 175 LLDP Commands Ildp hold multiplier The lldp hold multiplier Global Configuration mode command specifies the amount of time the receiving device should hold an LLDP packet before discarding it Use the no form of this command to revert to the default setting Syntax lldp hold multiplier number no lldp hold multiplier Parameters e number Specifies the hold time to be sent in the LLDP update packets as a multiple of the timer value Range 2 10 Default Configuration The default configuration is 4 Command Mode Global Configuration mode User Guidelines e The actual time to live value used in LLDP frames can be expressed by the following formula TTL min 65535 LLDP Timer LLDP HoldMultiplier For example if the value of LLDP timer is 30 and the value of the LLDP hold multiplier is 4 then the value 120 is encoded in the TTL field in the LLDP header Example The follo
337. show interfaces counters Port InUcastPkts InMcastPkts InBcastPkts InOctets 1 el 0 0 0 0 1 e2 0 0 0 0 1 e3 0 0 0 0 Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets 1 el 0 0 0 0 1 e2 0 0 0 0 1 e3 0 0 0 0 Ch InUcastPkts InMcastPkts InBcastPkts InOctets chl 0 0 0 0 ch2 0 0 0 0 ch3 0 0 0 0 ch4 0 0 0 0 ch5 0 0 0 0 ch6 0 0 0 0 ch7 0 0 0 0 ch8 0 0 0 0 OutUcastPkts OutMcastPkts OutBcastPkts OutOctets chl 0 0 0 0 ch2 0 0 0 0 ch3 0 0 0 0 ch4 0 0 0 0 ch5 0 0 0 0 ch6 0 0 0 0 Page 113 Ethernet Configuration Commands Single Collision F Late Collisions 0 Oversize Packets console nternal MAC Rx Errors Received Pause Frames Transmitted Pause Frames ch7 0 0 0 0 ch8 0 0 0 0 console console show interfaces counters ethernet 1 el Port InUcastPkts InMcastPkts InBcastPkts InOctets wa oo Be ee o Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets wi A FCS Errors 0 rames 0 0 0 0 0 The following table describes the fields shown in the display Field Description InOctets Counted received octets InUcastPkts Counted received Unicast packets InMcastPkts Counted received Multicast packets InBcastPkts Counted received Broadcast packets OutOctets Counted transmitted octets OutUcastPkts Counted transmitted Unicast packets OutMcastPkts Counted transmitted Multicast packets OutBcastPkts Counted transmitted Bro
338. source and destination exist Specifically you cannot copy if one of the following conditions exist The source file and destination file are the same file xmodem is the destination file The source file can be copied to image boot and null only tftp is the source file and destination file on the same copy The following table describes copy characters Character Description For network transfers indicates that the copy process is taking place Each exclamation point indicates successful transfer of ten packets 512 bytes each For network transfers indicates that the copy process timed out Generally many periods in a row means that the copy process may fail Copying an Image File from a Server to Flash Memory To copy an image file from a server to flash memory use the copy source url image command Copying a Boot File from a Server to Flash Memory To copy a boot file from a server to flash memory enter the copy source url boot command Copying a Configuration File from a Server to the Running Configuration File To load a configuration file from a network server to the running configuration file of the device enter the copy source url running config command The commands in the loaded configuration file are added to those in the running configuration file as if the commands were typed in the command line interface CLI Thus the resulting configuration file is a combination of the previous running co
339. ss mode and belong to the default VLAN whose VID 1 Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines Example The following example configures Ethernet port 1 e16 as an untagged layer 2 VLAN port console config interface ethernet 1 e16 console config if switchport mode access Page 347 VLAN Commands switchport access vlan The switchport access vlan Interface Configuration mode command configures the VLAN ID when the interface is in access mode Use the no form of this command to return to the default configuration Syntax switchport access vlan vian id no switchport access vlan Parameters e vlan id Specifies the ID of the VLAN to which the port is configured Default Configuration All ports belong to VLAN 1 Command Mode Interface configuration Ethernet port channel mode User Guidelines The command automatically removes the port from the previous VLAN and adds it to the new VLAN Example The following example configures a VLAN ID of 23 to the untagged layer 2 VLAN Ethernet port 1 e16 console config interface ethernet 1 e16 console config if switchport access vlan 23 switchport trunk allowed vian The switchport trunk allowed vlan Interface Configuration mode command adds or removes VLANs to or from a trunk port Syntax switchport trunk allowed vlan add vian list remove vian list Parame
340. ssed Any prefix that is less than 64 bits is a route or address range that is summarizing a portion of the IPv6 address space For every assignment of an IP address to an interface the system runs the Duplicate Address Detection algorithm to ensure uniqueness An intermediary transition mechanism is required for IPv6 only nodes to communicate with IPv6 nodes over an IPv4 infrastructure The tunneling mechanism implemented is the Intra Site Automatic Tunnel Addressing Protocol ISATAP This protocol treats the IPv4 network as a virtual IPv6 local link with each IPv4 address mapped to a Link Local IPv6 address Examples The following example sets the conditions to deny a packet to pass an IPv6 Access List acl1 Switch config ipv6 access list acll Switch config ipv6 acl deny tcp 2001 0DB8 0300 0201 64 any any 80 mac access list The mac access list Global Configuration mode command defines a Layer 2 Access List and places the device in MAC Access List Configuration mode Use the no form of this command to remove the Access List Syntax mac access list access list name no mac access list access list name Parameters access list name Name of the MAC Access List Default Configuration No MAC Access List is defined Command Mode Global Configuration mode User Guidelines MAC ACLs are defined by a unique name An IPv4 ACL IPv6 ACL and MAC ACL cannot share the same name Page 34 Allied Telesis AT 8000
341. st IPv6 addresses before the addresses are assigned to interfaces the new addresses remain in a tentative state while duplicate address detection is performed Duplicate address detection uses neighbor solicitation messages to verify the uniqueness of Unicast IPv6 addresses An interface returning to administratively up restarts duplicate address detection for all of the Unicast IPv6 addresses on the interface While duplicate address detection is performed on the link local address of an interface the state for the other IPv6 addresses is still set to TENTATIVE When duplicate address detection is completed on the link local address duplicate address detection is performed on the remaining IPv6 addresses When duplicate address detection identifies a duplicate address the state of the address is set to DUPLICATE and the address is not used If the duplicate address is the link local address of the interface the processing of IPv6 packets is disabled on the interface and an error message is displayed All configuration commands associated with the duplicate address remain as configured while the state of the address is set to DUPLICATE Ifthe link local address for an interface changes duplicate address detection is performed on the new link local address and all of the other IPv6 addresses associated with the interface are regenerated duplicate address detection is performed only on the new link local address Until the DAD process is
342. st Sunday in October e Time 1 00 am 01 00 Example The following example sets summer time starting on the first Sunday in April at 2 am and finishing on the last Sunday in October at 2 am Console config clock summer time recurring first sun apr 2 00 last sun oct 2 00 sntp authentication key The sntp authentication key Global Configuration mode command defines an authentication key for Simple Network Time Protocol SNTP Use the no form of this command to remove the authentication key for SNTP Syntax sntp authentication key number md5 value no sntp authentication key number Parameters number Key number Range 1 4294967295 value Key value Range 1 8 characters Default Configuration No authentication key is defined Command Mode Global Configuration mode User Guidelines Multiple keys can be generated Page 74 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example defines the authentication key for SNTP Console config sntp authentication key 8 md5 ClkKey sntp authenticate The sntp authenticate Global Configuration mode command grants authentication for received Simple Network Time Protocol SNTP traffic from servers Use the no form of this command to disable the feature Syntax sntp authenticate no sntp authenticate Parameters This command has no arguments or keywords Default Configuration No authenticati
343. st change occurred 2d18h ago Times hold 1 topology change 35 notification 2 hello 2 max age 20 forward delay 15 Port 1 1 e1 enabled State Forwarding Role Port id 128 1 Port cost Type P2p configured auto RSTP Designated bridge Priority 32768 Designated port id 128 25 umber of transitions to forwarding state 1 received 120638 BPDU sent 2 Port 2 1 e2 enabled State Forwarding Designated port id 128 2 00 00 Port Fast No Address Designated path cost 0 Role Designated Port Fast No Port id 128 2 Port cost Type Shared configured auto STP Designated bridge Priority 32768 Address Designated path cost 20000 00 01 42 97 e0 00 00 02 4b 29 7a 00 Spanning Tree Commands Shared STP Forward Delay 15 sec Forward Delay 15 sec 20000 configured no 20000 configured no Page 282 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Number of transitions to forwarding state BPDU sent 2 received 170638 Port 3 1 e3 disabled State N A Port id 128 3 Type N A configured auto Designated bridge Priority N A Designated port id N A BPDU sent N A received N A Port 4 1 e4 enabled State Blocking Port id 128 4 Type Shared configured auto STP Designated bridge Priority 28672 Designated port id 128 25 Guard Root Disabled BPDU sent 2 received 120638 Port 5 1 e5 enabled State
344. static Guest Page 335 enable The enable User EXEC mode command enters the Privileged EXEC mode Syntax enable privilege level Parameters privilege level Privilege level to enter the system Range 1 15 Default Configuration The default privilege level is 15 Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Privileged EXEC mode User Interface Commands console gt enable enter password console disable The disable Privileged EXEC mode command returns to the User EXEC mode Syntax disable privilege level Parameters privilege level Privilege level to enter the system Range 1 15 Default Configuration The default privilege level is 1 Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Page 336 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Example The following example returns to Users EXEC mode console disable console gt login The login User EXEC mode command changes a login username Syntax login Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example enters Privi
345. stics User EXEC mode command displays GVRP statistics Page 122 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Syntax show gvrp statistics ethernet interface port channel port channel number Parameters interface A valid Ethernet port Full syntax unit port port channel number A valid port channel number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example shows GVRP statistical information Console gt show gvrp statistics GVRP Statistics Legend EJE Join Empty Received rJIn Join In Received rEmp Empty Received rLIn Leave In Received FLE 3 Leave Empty Received rLA Leave All Received sJE Join Empty Sent sJIn Join In Sent sEmp Empty Sent sLIn Leave In Sent sLE Leave Empty Sent sLA Leave All Sent Port rJE rJln rEmp rLin rLE rLA sJE sJln sEmp sLIn sLE sLA show gvrp error statistics The show gvrp error statistics User EXEC mode command displays GVRP error statistics Syntax show gvrp error statistics ethernet interface port channel port channel number Parameters interface A valid Ethernet port Full syntax unit port port channel number A valid port channel number Page 123 Default Configuration This command has no default configuration Command Mode User EXEC mode Us
346. sts Default Radius Local Line Console_Login Line None Enable Authentication Method Lists Default Radius Enable Console_Enable Enable None Page 44 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Line Login Method List Enable Method List Console Console_Login Console_Enable Telnet Default Default SSH Default Default http Radius Local https Radius Local dotlx Radius password The password Line Configuration mode command specifies a password on a line Use the no form of this command to remove the password Syntax password password encrypted no password Parameters e password Password for this level Range 1 159 characters encrypted Encrypted password to be entered copied from another device configuration Default Configuration No password is defined Command Mode Line Configuration mode User Guidelines If a password is defined as encrypted the required password length is 32 characters Example The following example specifies password secret on a console Console config line console Console config line password secret username The username Global Configuration mode command creates a user account in the local database Use the no form of this command to remove a user name Page 45 AAA Commands Syntax username name password password level level encrypted no username name Parameters name
347. sword Expiry Lockout Aging date Bob 1 120 Jan 21 2005 Admin 15 120 Jan 21 2005 Manager 15 120 Jan 21 2005 z The following table describes significant fields shown above Field Description Username Name of the user Privilege User s privilege level enable password The enable password Global Configuration mode command sets a local password to control access to user and privilege levels Use the no form of this command to remove the password requirement Syntax enable password level level password encrypted Page 49 AAA Commands no enable password level eve Parameters e password Password for this level Range 1 159 characters e level Level for which the password applies If not specified the level is 15 Range 1 15 encrypted Encrypted password entered copied from another device configuration Range 32 characters in hexadecimal Default Configuration No enable password is defined Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example sets a local level 15 password called secret to control access to user and privilege levels Console config enable password secret level 15 show accounting The show accounting Exec mode command displays information about the accounting Syntax show accounting Parameters This command has no arguments or keywords
348. system supports only 64 bits prefix length for link local addresses Example The following example assigns FE80 260 3EFF FE11 6770 as the link local address console config interface el console config if ipv6 address FE80 260 3EFF FE11 6770 link local ipv6 default gateway The ipv6 default gateway Global Configuration mode command defines an IPv6 default gateway Use the no form of this command to remove the default gateway Syntax e ipv6 default gateway pv6 address e no ipv6 default gateway Parameters pv6 address Pv6 address of the next hop that can be used to reach that network When the IPv6 address is a Link Local address IPv6 address the outgoing interface name must be specified Refer to the usage guidelines for the interface name syntax Default Configuration No default gateway is defined Command Mode Global Configuration mode User Guidelines The IPv6Z address format lt ipv6 link local address gt lt interface name gt _ interface name vlan lt integer gt ch lt integer gt isatap lt integer gt lt physical port name gt 0 integer lt decimal number gt lt integer gt lt decimal number gt decimal number 0 1 2 3 4 5 6 7 8 9 Page 148 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide physical port name Designated port number for example el e Configuring a new default gateway without deleting the
349. t instance id cost Parameters e instance ID I D of the spanning tree instance Range 1 7 cost The port path cost Range 1 200 000 000 Default Configuration Default path cost is determined by port speed and path cost method long or short as shown below Interface Long Short Port channel 20 000 4 Gigabit Ethernet 1000 Mbps 20 000 4 Fast Ethernet 100 Mbps 200 000 19 Ethernet 10 Mbps 2 000 000 100 Command Modes Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures the MSTP instance 1 path cost for Ethernet port 1 e9 to 4 console config interface ethernet 1 e9 console config if spanning tree mst 1 cost 4 spanning tree mst configuration The spanning tree mst configuration Global Configuration mode command enables configuring an MST region by entering the Multiple Spanning Tree MST mode Page 273 Spanning Tree Commands Syntax spanning tree mst configuration Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Global Configuration mode User Guidelines All devices in an MST region must have the same VLAN mapping configuration revision number and name Example The following example configures an MST region console config spanning tree mst confi
350. t one from the following table Keyword Source or destination local Uses the local username database for authentication none Uses no authentication radius Uses the list of all RADIUS servers for authentication tacacs Uses the list of all TACACS servers for authentication Default Configuration The local user database is checked This has the same effect as the command ip https authentication ocal Command Mode Global Configuration mode Page 43 AAA Commands User Guidelines The additional methods of authentication are used only if the previous method returns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line Example The following example configures HTTPS authentication Console config ip https authentication radius local show authentication methods The show authentication methods Privileged EXEC mode command displays information about the authentication methods Syntax show authentication methods Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the authentication configuration Console show authentication methods Login Authentication Method Li
351. t path cost method Command Mode Global Configuration mode User Guidelines This command applies to all spanning tree instances on the device The cost is set using the spanning tree cost command Example The following example sets the default path cost method to long console config spanning tree pathcost method long spanning tree bpdu The spanning tree bpdu Global Configuration mode command defines BPDU handling when the spanning tree is disabled globally or on a single interface Use the no form of this command to return to the default configuration Syntax spanning tree bpdu filtering flooding Parameters filtering Filter BPDU packets when the spanning tree is disabled on an interface flooding Flood BPDU packets when the spanning tree is disabled on an interface Page 268 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Default Configuration The default setting is flooding Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example defines BPDU packet flooding when the spanning tree is disabled on an interface console config spanning tree bpdu flooding spanning tree guard root The spanning tree guard root Interface Configuration Ethernet port channel mode command enables root guard on all spanning tree instances on the interface Root guard prevents the interfac
352. ter the Port Channel Interface Configuration mode SSH Public Key chain Contains commands to manually specify other device SSH public keys The crypto key pubkey chain ssh Global Configuration mode command is used to enter the SSH Public Key chain Configuration mode QoS Contains commands related to service definitions The qos Global Configuration mode command is used to enter the QoS services configuration mode MAC Access List Configures conditions required to allow traffic based on MAC addresses The mac access list Global Configuration mode command is used to enter the MAC access list configuration mode Tunnel Mode Configures tunneling specifications in the device The tunnel interface Global Configuration mode command is used to enter the tunneling configuration mode Page 19 Using the CLI Starting the CLI Starting the CLI The device can be managed over a direct connection to the device console RS 232 port or via a Telnet connection The device is managed by entering command keywords and parameters at the prompt Using the device Command Line Interface CLI is very similar to entering commands on a UNIX system If access is via a Telnet connection ensure that the device has a defined IP address corresponding management access is granted and the workstation used to access the device is connected to the device prior to using CLI commands N Note The following steps are for use on the console line on
353. ters e add vian list List of VLAN IDs to be added Separate nonconsecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs e remove vian list List of VLAN IDs to be removed Separate nonconsecutive VLAN IDs with a comma and no spaces A hyphen designates a range of IDs Default Configuration This command has no default configuration Page 348 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example adds VLANs 1 2 5 to 6 to the allowed list of Ethernet port 1 e16 console config interface ethernet 1 e16 console config if switchport trunk allowed vlan add 1 2 5 6 switchport trunk native vlan The switchport trunk native vlan Interface Configuration mode command defines the native VLAN when the interface is in trunk mode Use the no form of this command to return to the default configuration Syntax switchport trunk native vlan vian id no switchport trunk native vian Parameters vlan id Specifies the ID of the native VLAN Default Configuration VID 1 Command Mode Interface Configuration Ethernet port channel mode User Guidelines The command adds the port as a member in the VLAN If the port is already a member in the VLAN not as a native it should be first removed from the VLAN
354. th the RADIUS server NAS Port 5 Yes Yes The switch port from where the supplicant logged in Class 25 Yes Yes An arbitrary value is included in all accounting packets for a specific session Called Station ID 30 Yes Yes The switch MAC address Calling Station ID 31 Yes Yes The supplicant MAC address Acct Session ID 44 Yes Yes A unique accounting identifier Acct Authentic 45 Yes Yes Indicates how the supplicant was authenticated Acct Session Time 46 No Yes Indicates how long the user was logged in Acct Terminate Cause 49 No Yes Reports why the session was terminated Nas Port Type 61 Yes Yes Indicates the supplicant physical port type Example The following example defines the accounting of 802 1x sessions sessions to a RADIUS server Console config aaa accounting dotlx radius Page 48 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide show users accounts The show users accounts Privileged EXEC mode command displays information about the local user database Syntax show users accounts Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the local users configured with access to the system Console show users accounts Username Privilege Password Pas
355. th the aaa authentication enable command are used with the enable authentication command The additional methods of authentication are used only if the previous method returns an error not if it fails To ensure that the authentication succeeds even if all methods return an error specify none as the final method in the command line All aaa authentication enable default requests sent by the device to a RADIUS or TACACS server include the username enabx where x is the requested privilege level Example The following example sets the enable password for authentication when accessing higher privilege levels Console config aaa authentication enable default enable login authentication The login authentication Line Configuration mode command specifies the login authentication method list for a remote telnet or console Use the no form of this command to return to the default configuration specified by the aaa authentication login command Syntax login authentication default ist name no login authentication Parameters e default Uses the default list created with the aaa authentication login command e listname Uses the indicated list created with the aaa authentication login command Default Configuration Uses the default set with the command aaa authentication login Command Mode Line Configuration mode User Guidelines Changing login authentication from default to another value may disconnect th
356. the lowest static IPv4 address of the device if there is no static IPv6 address or to 0 0 0 0 if there is no static IP address organization Specifies the organization name Range 1 64 e organization unit Specifies the organization unit or department name Range 1 64 e location Specifies the location or city name Range 1 64 e state Specifies the state or province name Range 1 64 e country Specifies the country name Range 2 2 e days Specifies number of days certification is valid Range 30 3650 Default Configuration The Certificate and SSL s RSA key pairs do not exist If no certificate number is specified the default certificate number is 1 If no RSA key length is specified the default length is 1024 If no URL or IP address is specified the default common name is the lowest IP address of the device at the time that the certificate is generated If the number of days is not specified the default period of time that the certification is valid is 365 days Command Mode Global Configuration mode User Guidelines The command is not saved in the device configuration however the certificate and keys generated by this command are saved in the private configuration which is never displayed to the user or backed up to another device Use this command to generate a self signed certificate for the device If the RSA keys do not exist parameter key generate must be used
357. the no form of this command to return to the default configuration Syntax spanning tree priority priority no spanning tree priority Parameters e priority Priority of the bridge Range 0 61440 in steps of 4096 Default Configuration The default bridge priority for IEEE Spanning Tree Protocol STP is 32768 Command Modes Global Configuration mode User Guidelines The bridge with the lowest priority is elected as the root bridge Example The following example configures spanning tree priority to 12288 console config spanning tree priority 12288 spanning tree disable The spanning tree disable Interface Configuration mode command disables spanning tree on a specific port Use the no form of this command to enable spanning tree on a port Syntax spanning tree disable no spanning tree disable Page 264 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters This command has no arguments or keywords Default Configuration Spanning tree is enabled on all ports Command Modes Interface Configuration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example disables spanning tree on Ethernet port 1 e5 console config interface ethernet 1 e5 console config if spanning tree disable spanning tree cost The spanning tree cost Interface Configuration mode command configures the span
358. the request for authentication is denied To ensure that authentication succeeds even if all methods return an error specify none as the final method in the command line The RADIUS server must support MD 5 challenge and EAP type frames Example The following example uses the aaa authentication dot1x default command with no authentication console config aaa authentication dotlx default none dot1x system auth control The dot1x system auth control Global Configuration mode command enables 802 1x globally Use the no form of this command to return to the default configuration Syntax dot1x system auth control Page 372 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide no dot1x system auth control Parameters This command has no arguments or keywords Default Configuration 802 1x is disabled globally Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example enables 802 1x globally console config dotlx system auth control dot1x port control The dot1x port control Interface Configuration mode command enables manually controlling the authorization state of the port Use the no form of this command to return to the default configuration Syntax dot1x port control auto force authorized force unauthorized no dot1x port control Parameters auto Enables 802 1X authenticatio
359. this command to remove the default domain name Syntax ip domain name name no ip domain name Parameters e name Specifies the default domain name used to complete unqualified host names Do not include the initial period that separates an unqualified name from the domain name Range 1 158 characters Default Configuration A default domain name is not defined Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Page 141 IP Addressing Commands Example The following example defines default domain name www website com console config ip domain name www website com ip name server The ip name server Global Configuration mode command defines the available name servers Use the no form of this command to remove a name server Syntax ip name server server address server address2 server address8 no ip name server server address1 server address8 Parameters e server address Specifies IP addresses of the name servers Default Configuration No name server addresses are specified Command Mode Global Configuration mode User Guidelines The preference of the servers is determined by the order in which they were entered Up to 8 servers can be defined using one command or using multiple commands Example The following example sets the available name server console config ip name server 176 16 1 18 ip host T
360. this port is deleted from the member list of that Multicast group Use the no form of this command to return to the default configuration Syntax ip igmp snooping leave time out time out immediate leave no ip igmp snooping leave time out Parameters time out Specifies the leave time out in seconds for IGMP queries Range 0 2147483647 e immediate leave Indicates that the port should be immediately removed from the members list after receiving IGMP Leave Default Configuration The default leave time out configuration is 10 seconds Command Mode Interface Configuration VLAN mode User Guidelines The leave timeout should be set greater than the maximum time that a host is allowed to respond to an IGMP query Page 131 IGMP Snooping Commands Use immediate leave only where there is just one host connected to a port Example The following example configures the host leave time out to 60 seconds console config interface vlan 2 console config if ip igmp snooping leave time out 60 show ip igmp snooping mrouter The show ip igmp snooping mrouter User EXEC mode command displays information on dynamically learned Multicast device interfaces Syntax show ip igmp snooping mrouter interface vian ic Parameters vian id VLAN number Default Configuration This command has no default configuration Command Mode User EXEC mode User Guidelines There are no user guidelines for this comma
361. tics information e protocol state Link aggregation protocol state information Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example display LACP information for Ethernet port 1 e1 console show lacp ethernet 1 el Port 1 el LACP parameters Actor system priority 1 system mac addr 00 00 12 34 56 78 port Admin key 30 port Oper key 30 port Oper number 21 port Admin priority 1 port Oper priority 1 port Admin timeout LONG port Oper timeout LONG LACP Activity ACTIVE Aggregation AGGREGATABLE synchronization FALSE collecting FALSE Page 170 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Partner distributing expired system priority system mac addr port Admin key port Oper key port Oper number port Oper priority port Oper timeout LACP Activity Aggregation synchronization collecting distributing expired Port 1 el LACP Statistics LACP PDUs sent LACP PDUs received Port 1 el LACP Protocol State LACP State Machines Receive FSM Mux FSM Periodic Tx FSM Control Variables BEGIN LACP_Enabled Ready_N Selected Port_moved NNT Port_enabled Timer counters periodic tx timer current while timer wait while timer port Admin priority FALSE
362. ting of 802 1x sessions Use the no form of this command to disable 802 1x accounting Syntax aaa accounting dot1x radius no aaa accounting dot1x Page 47 AAA Commands Parameters e radius Accounting is performed by a RADIUS server Default Configuration Disabled Command Mode Global Configuration User Guidelines e This command enables the recording of 802 1x sessions e If accounting is activated the device sends a Start Stop message to a RADIUS server when a user logs in logs out to the network respectively The software sends Start Stop messages for each authenticated supplicant The device uses the configured priorities of the available RADIUS servers to select the RADIUS server to use e Ifa new supplicant replaces an old supplicant even if the port state remains authorized the software sends a Stop message for the old supplicant and a Start message for the new supplicant The software does not send Start Stop messages if the port is force authorized The software does not send Start Stop messages for hosts that are sending traffic on the guest VLAN or on the unauthenticated VLANs e The following table describes the supported RADIUS accounting Attribute Values when they are sent by the switch Name Start Stop Description User Name 1 Yes Yes The user identity NAS IP Address 4 Yes Yes The switch IP address that is used for the session wi
363. tion The following table describes the default map DSCP value Queue ID 00 15 1 16 31 2 32 47 3 48 63 4 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example maps DSCP values 33 40 and 41 to queue 1 console config qos map dscp queue 33 40 41 to 1 qos cos The qos cos Interface Configuration Ethernet port channel mode command defines the default CoS value of a port Use the no form of this command to return to the default configuration Syntax qos cos default cos no qos cos Parameters default cos Specifies the default CoS value of the port Range 0 7 Default Configuration Default CoS value of a port is 0 Command Mode Interface Configuration Ethernet port channel mode Page 221 QoS Commands User Guidelines If the port is trusted the default CoS value of the port is used to assign a CoS value to all untagged packets entering the port Example The following example configures port 1 e15 default CoS value to 3 console config interface ethernet 1 e15 console config if qos cos 3 show qos map The show qos map User EXEC mode command displays all QoS maps Syntax show qos map dscp queue Parameters dscp queue Indicates the DSCP to queue map Default Configuration This command has no default configuration Command Mode User EXEC mode
364. to remove the specified host Syntax snmp server v3 host ipv4 address pv6 address hostname username traps informs noauth auth priv udp port por filter filtername timeout seconds retries retries no snmp server host ipv4 address pv6 address hostname username traps informs Parameters pv4 address Pv4 address of the host the targeted recipient An out of band IP address can be specified as described in the usage guidelines e jjpv6 address Pv6 address of the host the targeted recipient When the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the usage guidelines for the interface name syntax e hostname Specifies the name of the host Range 1 158 characters username Specifies the name of the user to use to generate the notification Range 1 24 e traps Indicates that SNMP traps are sent to this host informs Indicates that SNMP informs are sent to this host noauth Indicates no authentication of a packet auth Indicates authentication of a packet without encrypting it e priv Indicates authentication of a packet with encryption e port Specifies the UDP port of the host to use If unspecified the default UDP port number is 162 Range 1 65535 filtername Specifies a string that defines the filter for this host If unspecified nothing is filtered Range 1 30 character
365. ts that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 8 30 Default Configuration No IP address is defined for interfaces Command Mode Interface Configuration VLAN mode User Guidelines A single IP address can be defined The IP address can be defined only on the Management VLAN Example The following example configures VLAN 1 with IP address 131 108 1 27 and subnet mask 255 255 255 0 console config interface vlan 1 console config if ip address 131 108 1 27 255 255 255 0 ip address dhcp The ip address dhcp Interface Configuration Ethernet VLAN port channel mode command acquires an IP address for an Ethernet interface from the Dynamic Host Configuration Protocol DHCP server Use the no form of this command to deconfigure an acquired IP address Syntax ip address dhcp hostname host name no ip address dhcp Page 135 IP Addressing Commands Parameters e host name Specifies the name of the host to be placed in the DHCP option 12 field This name does not have to be the same as the host name specified in the hostname Global Configuration mode command Range 1 20 characters Default Configuration This command has no default configuration Command Mode Interface Configuration VLAN mode User Guidelines The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol Some DHCP servers
366. tting Syntax lldp notifications enable disable no lldp notifications Parameters This command has no parameter settings Default Configuration LLDP notifications is disabled Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example enables LLDP notifiactions on an interface console config interface ethernet e5 console config if lldp med enable network policy Ildp med enable The Ildp med enable Interface Configuration mode command enables LLDP Media Endpoint Discovery MED on an interface Use the no form of this command to disable LLDP MED on an interface Page 179 LLDP Commands Syntax lldp med enable f v7 tIv3 no lldp med enable Parameters e tlv Specifies the TLV that should be included Available TLVs are network policy location and poe pse The TLV capabilities are always included if LLDP MED is enabled Default Configuration LLDP MED is disabled Command Mode Interface Configuration Ethernet mode User Guidelines There are no user guidelines for this command Example The following example enables LLDP MED on an interface as network policy console config interface ethernet e5 console config if lldp med enable network policy Ildp med network policy global The lldp med network policy Global Configuration mode command defines LLDP MED network po
367. uidelines There are no user guidelines for this command Example The following example clears messages from the internal logging buffer console clear logging Clear logging buffer y n Page 302 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide logging file The logging file Global Configuration mode command limits syslog messages sent to the logging file based on severity Use the no form of this command to cancel using the logging file Syntax logging file leve no logging file Parameters e level Specifies the severity level of syslog messages sent to the logging file Possible values emergencies alerts critical errors warnings notices informational and debugging Default Configuration The default severity level is errors Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example limits syslog messages sent to the logging file based on severity level alerts console config logging file alerts clear logging file The clear logging file Privileged EXEC mode command clears messages from the logging file Syntax clear logging file Parameters This command has no arguments or keywords Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Page 303 Syslog Comm
368. umber of commands the system may record in its command history buffer Range 10 247 Default Configuration The default command history buffer size is 10 Command Mode User EXEC mode User Guidelines The terminal history size user EXEC command configures the size of the command history buffer for the current terminal session Use the history line configuration command to change the default size of the command history buffer The maximum number of commands in all buffers is 256 Page 159 Example Line Commands The following example configures the command history buffer size to 20 commands for the current terminal session console terminal history size 20 show line The show line User EXEC mode command displays line parameters Syntax show line console telnet ssh Parameters e console Console terminal line telnet Virtual terminal for remote console access Telnet e ssh Virtual terminal for secured remote console access SSH Default Configuration If the line is not specified the default value is console Command Mode User EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the line configuration console gt show line Console configuration Interactive timeout Disabled History 10 Baudrate 9600 Databits 8 Parity none Stopbits 1 Telnet configuration Interactive timeout 10 minutes 10 se
369. unity ipv4 address ipv6 address Parameters community Community string that acts like a password and permits access to the SNMP protocol Range 1 20 characters e ro Indicates read only access default e rw Indicates read write access su Indicates SNMP administrator access pv4 address Management station IPv4 address Default is all IP addresses An out of band IP address can be specified as described in the usage guidelines e pv6 address Management station IPv4 address Default is all IP addresses e group name Specifies the name of a previously defined group A group defines the objects available to the community Range 1 30 characters e view name Specifies the name of a previously defined view The view defines the objects available to the community Range 1 30 characters Default Configuration No communities are defined Command Mode Global Configuration mode User Guidelines The view name parameter cannot be specified for su which has access to the whole MIB The view name parameter can be used to restrict the access rights of a community string When it is specified An internal security name is generated The internal security name for SNMPv1 and SNMPv2 security models is mapped to an internal group name The internal group name for SNMPv1 and SNMPv2 security models is mapped to a view name read view and notify view always and for rw for write view also The group
370. uration Ethernet port channel mode User Guidelines There are no user guidelines for this command Example The following example configures the spanning priority on Ethernet port 1 e15 to 96 console config interface ethernet 1 e15 console config if spanning tree port priority 96 spanning tree portfast The spanning tree portfast Interface Configuration mode command enables PortFast mode In PortFast mode the interface is immediately put into the forwarding state upon linkup without waiting for the standard forward time delay Use the no form of this command to disable PortFast mode Syntax spanning tree portfast no spanning tree portfast Page 266 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters This command has no arguments or keywords Default Configuration PortFast mode is disabled Command Modes Interface Configuration Ethernet port channel mode User Guidelines This feature should be used only with interfaces connected to end stations Otherwise an accidental topology loop could cause a data packet loop and disrupt device and network operations Example The following example enables PortFast on Ethernet port 1 e15 console config interface ethernet 1 e15 console config if spanning tree portfast spanning tree link type The spanning tree link type Interface Configuration mode command overrides the default link type setting determined
371. urn from the Privileged EXEC mode to the User EXEC mode use the disable command The following example illustrates how to access the Privileged EXEC mode and return to the User EXEC mode Console gt enable Enter Password Console Console disable Console gt The exit command is used to return from any mode to the previous mode except when returning to the User EXEC mode from the Privileged EXEC mode For example the exit command is used to return from the Interface Configuration mode to the Global Configuration mode Global Configuration Mode Global Configuration mode commands apply to features that affect the system as a whole rather than just a specific interface The configure Privileged EXEC mode command is used to enter the Global Configuration mode To enter the Global Configuration mode perform the following steps 1 At the Privileged EXEC mode prompt enter the configure command and press lt Enter gt The Global Configuration mode prompt is displayed The Global Configuration mode prompt consists of the device host name followed by config and Console config One of the following commands can be used to return from the Global Configuration mode to the Privileged EXEC mode exit end e Ctrl Z The following example illustrates how to access the Global Configuration mode and return to the Privileged EXEC mode Console Console configure Console config exit Conso
372. us attributes vlan 390 dot1x re authenticate 375 dot1x re authentication 374 dot1x single host violation 390 dot1x system auto control 372 dot1x timeout quiet period 376 dot1x timeout re authperiod 374 dot1x timeout server timeout 378 dot1x timeout supp timeout 378 dot1x timeout tx period 376 duplex 103 E Editing Features 20 enable 336 enable authentication 42 end 339 Entering Commands 20 exec timeout 157 exit 338 Page 393 exit Configuration 338 exit mst 277 F file system logging 304 flowcontrol 104 G garp timer 119 Global Configuration Mode 18 gvrp enable Global 118 gvrp enable Interface 118 gvrp registration forbid 120 gvrp vlan creation forbid 120 H help 339 history 157 history size 158 hostname 325 how bootvar 91 I instance mst 274 Intended Audience 15 Interface Configuration Mode 19 interface ethernet 100 interface port channel 203 interface range ethernet 100 interface range port channel 203 interface range vlan 345 interface tunnel 314 interface vlan 344 1p address 135 1p address dhcp 135 1p default gateway 136 148 ip dhcp relay address 165 ip dhcp relay enable global 164 ip dhcp relay enable interface 164 ip http authentication 42 ip http exec timeout 362 ip http port 361 ip http server 361 ip https authentication 43 ip https certificate 368 Index Page 394 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide 1p https port 3
373. utomatic tunnel router domain name Use the no form of this command to remove the string associated with the router domain name and return to the default Syntax tunnel isatap router router_name no tunnel isatap router Parameters e router_name A string representing the router s domain name Default Configuration By default the ISATAP string represents the corresponding automatic tunnel router s domain name Command Mode Interface Tunnel Configuration mode User Guidelines The ipv6 tunnel routers dns command determines the string that the host uses for automatic tunnel router lookup in an IPv4 DNS procedure By default the string ISATAP is used for the corresponding automatic tunnel types e Per tunnel only one string can represent the automatic tunnel router name Using this command overwrites the existing entry Page 315 Tunnel Commands Example The following example configures a global string Dell_Tunnel_Router to represent a specific automatic tunnel router domain name console config interface tunnel 1 console config tunnel tunnel isatap router Dell_Tunnel_Router tunnel source The tunnel source Interface Tunnel Configuration mode command sets the local source tunnel interface IPv4 address Use the no form to delete the tunnel local address Syntax tunnel source auto ip address pv4 address no tunnel source Parameters auto The system minimum Pv4 address is used as t
374. ver timeout Page 378 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Parameters e seconds Time in seconds that the device waits for a response from the authentication server Range 1 65535 seconds Default Configuration The timeout period is 30 seconds Command Mode Interface configuration Ethernet mode User Guidelines The actual timeout can be determined by comparing the dot1x timeout server timeout value and the result of multiplying the radius server retransmit value with the radius server timeout value and selecting the lower of the two values Example The following example sets the time for the retransmission of packets to the authentication server to 3600 seconds console config if dotlx timeout server timeout 3600 show dot1x The show dot1x Privileged EXEC mode command displays the 802 1X status of the device or specified interface Syntax show dot1x ethernet interface Parameters interface Valid Ethernet port Full syntax unit port Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example displays the status of 802 1X enabled Ethernet ports console show dotlx Page 379 802 1x is disabled Port Admin Mode Oper Mode 1 el Auto Authorized 1 e2 Auto Authorized 1 e3 Auto Authorized 1 e4 Auto Aut
375. wing example specifies that the amount of time the receiving device should hold an LLDP packet is 10 before discarding it console config lldp hold multiplier 10 Ildp reinit delay The lldp reinit delay Global Configuration mode command specifies the minimum time an LLDP port waits before reinitializing LLDP transmissions Use the no form of this command to revert to the default setting Syntax lidp reinit delay seconds no Ildp reinit delay Parameters e seconds Specifies the minimum time in seconds an LLDP port waits before reinitializing LLDP transmissions Range 1 10 seconds Default Configuration The default value is 2 seconds Page 176 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example specifies the minimum time an LLDP port waits before reinitializing LLDP transmissions to five seconds console config lldp reinit delay 5 Ildp tx delay The lldp tx delay Global Configuration mode command specifies the delay between successive LLDP frame transmissions initiated by value status changes in the LLDP local systems MIB Use the no form of this command to revert to the default setting Syntax lldp tx delay seconds no lldp tx delay Parameters e seconds Specifies the delay in seconds between successive LLDP frame tra
376. within the last Page 153 IPv6 Addressing Commands DELAY_FIRST_PROBE_TIME seconds If no reachability confirmation is received within DELAY_FIRST_PROBE_TIME seconds of entering the DELAY state a Neighbor Solicitation is sent and the state is changed to PROBE PROBE A reachability confirmation is actively sought by retransmitting Neighbor Solicitations every RetransTimer milliseconds until a reachability confirmation is received Example The following example displays IPv6 neighbor discovery cache information console show ipv6 neighbors dynamic Interface IPv6 address HW address VLAN 1 2031 0 130F 010 B504 DBB4 00 10 B5 04 DB 4B VLAN 1 2031 0 130F 050 2200 2AA4 00 50 22 00 2A A4 clear ipv6 neighbors The clear ipv6 neighbors Privileged EXEC mode command deletes all entries in the IPv6 neighbor discovery cache except static entries Syntax clear ipv6 neighbors Parameters This command has no keywords or arguments Default Configuration This command has no default setting Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command Example The following example deletes all entries in the IPv6 neighbor discovery cache except static entries console gt clear ipv6 neighbors Page 154 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide Chapter 13 Line Commands line The line Global Configuration mode
377. work or class of networks about which to set permit conditions This argument must be in the form documented in RFC 3513 where the address is specified in hexadecimal using 16 bit values between colons disable port The Ethernet interface would be disabled if the condition is matched dscp number Matches a differentiated services codepoint value against the traffic class value in the Traffic Class field of each IPv6 packet header Range 0 63 flags list of flags List of TCP flags that should occur If a flag should be set it is prefixed by If a flag should be unset it is prefixed by Avaiable options are urg ack psh rst syn fin urg ack psh rst syn and fin The flags are concatenated to one string For example fin ack icmp type Specifies an ICMP message type for filtering ICMP packets Enter a number or one of the following values destination unreachable packet too big time exceeded parameter problem echo request echo reply mld query mid report mldv2 report mld done router solicitation router advertisement nd ns nd na Range 0 255 icmp code Specifies an ICMP message code for filtering ICMP packets Range 0 255 ip precedence number Specifies the IP precedence value protocol The name or the number of an IP protocol Available protocol names are icmp tcp and udp Range 0 255 IP Protocol Abbreviated Name Protocol Number Transmission Contro
378. xample The following example clears the DHCP binding database console clear ip dhcp snooping database show ip dhcp snooping The show ip dhcp snooping EXEC mode command displays the DHCP snooping configuration Syntax show ip dhcp snooping ethernet interface port channel port channel number Parameters e interface Specify Ethernet port port channel number Specify Port channel number Default Configuration This command has no default configuration Command Mode EXEC mode Page 98 Allied Telesis AT 8000S S94 3 0 Command Line Interface User s Guide User Guidelines There are no user guidelines for this command Example The following example displays the DHCP snooping configuration show ip dhcp snooping binding The show ip dhcp snooping binding User EXEC mode command displays the DHCP snooping binding database and configuration information for all interfaces on a switch Syntax show ip dhcp snooping binding mac address mac address ip address p address vlan vlan ethernet interface port channel port channel number Parameters e mac address Specify a MAC address e jp address Specify an IP address e vlan id Specify a VLAN number e interface Specify Ethernet port port channel number Specify Port channel number Default Configuration This command has no default configuration Command Mode EXEC User Guidelines There are no user guidelines for
379. ycast client Use the no form of this command to disable the SNTP Anycast client Syntax sntp anycast client enable no sntp anycast client enable Parameters This command has no arguments or keywords Default Configuration The SNTP Anycast client is disabled Command Mode Global Configuration mode Page 77 Clock Commands User Guidelines The sntp client poll timer Global Configuration mode command determines polling time Use the sntp client enable Interface Interface Configuration mode command to enable the SNTP client on a specific interface Example The following example enables SNTP Anycast clients console config sntp anycast client enable sntp client enable Interface The sntp client enable Interface Configuration Ethernet port channel VLAN mode command enables the Simple Network Time Protocol SNTP client on an interface This applies to both receive Broadcast and Anycast updates Use the no form of this command to disable the SNTP client Syntax sntp client enable no sntp client enable Parameters This command has no arguments or keywords Default Configuration The SNTP client is disabled on an interface Command Mode Interface configuration Ethernet port channel VLAN mode User Guidelines Use the sntp broadcast client enable Global Configuration mode command to enable Broadcast clients globally Use the sntp anycast client enable Global Configuration mode command to en
Download Pdf Manuals
Related Search