Force10 Networks S2410s User's Manual
Contents
1. E 95 SHOW E oct ba ee Laie MOORS nee dab ded bas Ae Lae Reka quine d ded 96 SODID SOIVB icc cS a eiir PX RSE MER ES ERASERS ATES EEE Seek aa RE ga s 97 Sp Sb Ver Comm WIW oa sa ov eed Wd EARS a Rd xA PV ERASE INES EOE OSE vv d ud 97 Ho SHO Server COSI NE as 2 dea was RR ERE P E NUE EAE EV RQRI RR NAE QA RARE Ad MS 97 snmp server community ipaddr iius su es hFSHR AREER HE RRR Y RR RR DOR RE GE aN 98 snimp se rver community DINGS 1 duebeladea dead dedu dace esu dedo Mrd pa uoa dub dde abad 98 SOHO GBFVOF CODIIBDIDE MOGO 2422025050 ra e ada SESSA Dade qan aNE Rea d uA Pda 98 BHIDD SEIVET COMMIGINY TO 5 24 64 605 REIR REIR RARE EG EE REG dv edd 99 ri wralccn anmcecuiI f KC 99 snmp server enable traps bcaststorm 000 cc eee 99 SFTOS Command Reference for the S2410 Version 2 4 1 0 7 shmp server enable traps linikmode 2 2h4 40eeedeave Ra ERA ERRRCERPEG V EEYXSEE 100 snmp sarver enable trans multiusers 2a ee eee eee oa DARDS RR ee 100 snmp server enable traps stpmode 0002 cc teeta 101 snmp server enable fap violation 1245420406 bed bed da eh dee 4 pear eee RAMS ew Ped ad as 101 snimp sarvef Kaps IAA ie acr pe quaquor does ad gqur desse PpaQeexEagquscdibwsS esp 101 SWRA oed ps ene Oe She Ed d RRR pat d aider AES dard a pin dob dores 102 BUNS IGA das Siotaiers LARD A Ead Pumas dd quaa bare deus di qM 102 BED OI a2 3 3 eai qur ated ma qr d vd da ear d dp arbe a ga vd nee au 102 BED IRSE NOSIS 12 spatio IJ eEE2. 0 Total MAC Addresses available 16384 Figure 14 Example of Output from the show mac addr table count Command S50 TAC 8 show mac addr table vlan 1 Mac Address Interface Status 00 01 E8 D5 A2 19 3 1 Management Figure 15 Example of Output from the show mac addr table vlan Command show mac address table Depending on selected display parameters displays various Multicast Forwarding Database MFDB information including GMRP or IGMP Snooping entries in the table Version 2 3 Deprecated The keyword traplogs in the command show logging provides the information that had been available through this command show logging traplogs Displays the SNMP trap log maintained by the switch show logging Displays a combination of the system log and event log buffered log show logging buffered Displays buffered logging the System log show logging hosts Displays configured logging hosts syslog servers System Management Commands show network show network Command History Related Commands Version 2 3 Deprecated The keyword managementethernet in the command show interface provides the information that had been available through this command show interface Displays information about the management address of the switch managementethernet show running config Syntax Mode This command is used to display capture the current setting of different p
3. Note Trap log information is not retained across a switch reset Note Traps are replicated in the System log denoted by the TRAPMGR Component name and traputil c as the file name System Log User Account Commands clear pass Syntax Mode Commands in this chapter manage user accounts The commands are are comprised of two functional groups Show commands display switch settings statistics and other information e Configuration commands configure features and options of the switch For every configuration command there is a show command that displays the configuration setting The user account commands are clear pass on page 157 disconnect on page 158 e show loginsession on page 158 e show users on page 158 e username passwd on page 159 e users snmpv3 accessmode on page 160 e users snmpv3 authentication on page 160 e users snmpv3 encryption on page 160 Note For related commands see the chapter Security Commands on page 163 This command resets all user passwords to the factory defaults without powering off the switch You are prompted to confirm that the password reset should proceed clear pass Privileged Exec SFTOS Command Reference for the S2410 Version 2 4 1 0 157 disconnect disconnect Syntax Mode This command closes the designated remote session or all sessions disconnect sessionID all Privileged Exec show loginsession Syntax Mode ID
4. SFTOS Command Reference for the S2410 Version 2 4 1 0 Edition 2 April 2008 Copyright 2008 Force10 Networks All rights reserved Printed in the USA April 2008 Force10 Networks reserves the right to change modify revise this publication without notice Trademarks Force10 Networks and E Series are registered trademarks of Force10 Networks Inc Force10 the Force10 logo E1200 E600 E600i E300 EtherScale TeraScale FTOS and SFTOS are trademarks of Force10 Networks Inc All other brand and product names are registered trademarks or trademarks of their respective holders Statement of Conditions In the interest of improving internal design operational function and or reliability Force10 Networks reserves the right to make changes to products described in this document without notice Force10 Networks does not assume any liability that may occur due to the use or application of the product s described herein USA Federal Communications Commission FCC Statement This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC rules These limits are designated to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy If it is not installed and used in accordance to the instructions it may cause harmful interference to radio communi
5. The chapter describes the following commands e show spanning tree on page 260 e show spanning tree interface on page 261 e show spanning tree mst detailed on page 262 e show spanning tree mst port detailed on page 262 e show spanning tree mst port summary on page 264 e show spanning tree mst summary on page 264 e show spanning tree summary on page 265 e show spanning tree vlan on page 265 e spanning tree on page 265 e spanning tree bpdumigrationcheck on page 266 e spanning tree configuration name on page 266 e spanning tree configuration revision on page 266 e spanning tree edgeport on page 267 e spanning tree forceversion on page 267 e spanning tree forward time on page 268 e spanning tree hello time on page 268 SFTOS Command Reference for the S2410 Version 2 4 1 0 259 show spanning tree e spanning tree max age on page 269 e spanning tree max hops on page 269 e spanning tree mst on page 269 nospanning tree mst on page 270 e spanning tree mst instance on page 271 e spanning tree mst priority on page 271 e spanning tree mst vlan on page 272 e spanning tree port mode enable on page 272 e spanning tree port mode enable all on page 273 show spanning tree This command displays spanning tree settings for the common and internal spanning tree when the optional parameter brief is not included in the command The following details are displayed Syntax show spanning tree brief Mode Privileged Exec
6. description User entered description of the selected interface show interfaces cos queue The class of service queue configuration for the specified interface show port The configuration and status of the specified interface or of all interfaces show port channel The configuration and status of the specified LAG or of all LAGs show logging Related Commands Note See the various versions of the show logging command in the Syslog chapter System Log on page 149 show logging Displays a combination of the system log and event log buffered log show logging buffered Displays buffered logging the System log show logging hosts Displays configured logging hosts syslog servers show logging traplogs Displays trap summaries number of traps since last reset and last view and trap details show mac addr table 78 Syntax This command displays the forwarding database entries If the command is entered with no parameter the entire table is displayed the same as entering the optional all parameter Alternatively you can enter a MAC address to display the table entry for that address and all entries following it show mac addr table macaddr all interface unit slot port vlan VLAN ID count System Management Commands show mac addr table parameters andar OPTIONAL Enter a 6 byte Mac address all OPTIONAL Enter all to get results for all interfaces interface unit slot port OPT
7. lees 256 Most MFDB Entries Since Last Reset 0 G rrent Entri S co exe a8 dhe ake a EUR ecg eater ees 0 Figure 26 Command Example show mac address table stats show mac address table Displays the Multicast Forwarding Database MFDB multicast information show monitor session 116 This command displays the port monitoring information for the system System Configuration Commands Syntax Mode Example Field Descriptions Related Commands show port Syntax Mode Command History show port show monitor session 1 Privileged Exec Forcel0 show monitor session 1 Admin Mode Mirrored Port Probe Port Session ID 1 Enable 2 0 26 Figure 27 Command Example show monitor session 1 Session ID In all released versions of SFTOS the session is always 1 Admin Mode Indicates whether the Port Mirroring feature is enabled or disabled The possible values are Enable and Disable Probe Port unit slot port The unit slot port configured as the probe port destination port for mirroring If this value has not been configured Not Configured will be displayed Mirrored Port unit slot port The unit slot port configured as the monitored port source port mirrored port If this value has not been configured Not Configured will be displayed monitor session Adds a mirrored port source port or probe port destination port to a session identified with the ses
8. Command Syntax Command Mode Purpose show port all Privileged Exec Displays the ports in unit slot port format and the following data for each port Type Indicates if the port is a special type of port Admin Mode Selects the Port Control Administration State Physical Mode Selects the desired port speed and duplex mode Physical Status Indicates the port speed and duplex mode Link Status Indicates whether the link is up or down Link Trap Determines whether or not to send a trap when link status changes LACP Mode Displays whether LACP is enabled or disabled on this port User Account Management To configure switch administrator accounts use the following commands Command Syntax Command Mode Purpose show users Privileged Exec Displays all of the users that are allowed to access the switch Access Mode Shows whether the user is able to change parameters on the switch Read Write or is only able to view them Read Only As a factory default the admin user has Read Write access There can only be one Read Write user and up to five Read Only users show loginsession Privileged Exec Displays all of the login session information no username user Global Config This command adds a new user account if space permits along with passwd password the user s password The user name and password can each be up to eight alphanumeric characters in length To remove a user use the no username user command
9. Index Symbols deny permit 288 Numerics 10 100 Ethernet port 3 79 802 3ad 28 802 3x flow control 200 A Access Control Lists ACLs 287 accessing DHCP Pool Config mode 209 ACL wildcard masks 287 ACLs 287 addport 249 Address Aging Timeout 114 areaid 41 ARP aging 204 214 audience 22 authentication login 169 Authentication traps 101 B Backspace 43 bandwidth division 276 b node Broadcast 210 Boot Menu Options 33 bootfile 204 bpdumigrationcheck spanning tree 266 bridge aging time 106 broadcasts broadcast storm recovery mode 200 Bulk Configuration see interface range 108 bulk configuration 108 C class command 49 Class Map Mode 49 classofservice dot1p mapping 276 classofservice dot1pmapping 285 classofservice trust 277 clear commands clear config 138 clear pass 157 clear traplog 139 clear vlan 121 clear config 38 138 clear counters 138 clear dot1x statistics 170 clear igmpsnooping 139 clear ip dhcp binding 204 clear ip dhcp conflict 205 clear ip dhcp server statistics 204 clear pass 157 clear port channel 139 clear radius statistics 170 clear traplog 139 clear vian 121 CLI Command Line Interface 31 CLI banner 141 client identifier 205 client name 205 Command Line Interface CLI 31 Command Modes Using 44 Command Syntax Conventions 39 config commands config arp agetime 204 214 config lags adminmode 251 252 config lags create 251 config lags deleteport 251 config
10. To delete or change a password remove and reenter the user with the new password write memory Privileged Exec or copy system running config nvram startup config This will save passwords and all other changes to the device If you do not save the configuration all configurations are lost when a power cycle is performed on the switch or when the switch is reset For copy command syntax see copy on page 139 logout User Exec and Privileged Exec Logs the user out of the switch 34 Quick Start Note Keywords and parameters that are shown within braces in syntax statements gt must be entered in the CLI Keywords and parameters that are shown separated by a bar in syntax statements require you to choose one Parameters in italics are variables for which you substitute a value see Command Syntax Conventions on page 39 Management IP Address In addition to logging into the CLI to view and manage network parameters you can use the following methods Simple Network Management Protocol SNMP SSH Telnet SFTOS Web User Interface Web UD through a Web browser See Using the Web User Interface on page 51 Each of these methods require that you first use the CLI through the console port to configure a management IP address subnet mask and default gateway The 2410 actually provides the ability to configure two management IP addresses An IP address that accesses the Ethernet Management port an
11. CodeStorVol gt Filesystem size 20022272 Bytes used 131040 Bytes free 19891232 Forcel0 log2 bin 131040 slogO0 txt 0 ologO0 txt 0 mrt log 0 More or q uit ES Figure 7 Example of dir nvram Command Output Change the text that appears as part of the CLI prompt hostname hostname hostname Enter the desired text for the prompt up to 64 alphanumeric characters Force10 S50 For example the User Exec prompt appears as Force10 S50 Global Config Version 2 3 Modified Moved from Privileged Exec mode to Global Config mode Version 2 2 Replaced set prompt command SFTOS Command Reference for the S2410 Version 2 4 1 0 57 interface managementethernet interface managementethernet Syntax Mode Command History Usage Information Related Commands This command invokes the Interface ManagementEthernet mode uses the Config if ma prompt where you can set up a management IP interface For details on management interfaces see the Management chapter of the SFTOS Configuration Guide interface managementethernet Global Config Version 2 3 Introduced This command provides access to the following network configuration command groups Table 4 Interface ManagementEthernet Mode Command Families ip Configure network parameters of the switch mac address Configure MAC Address mac type Select the locally admin
12. Displays the rules defined for the MAC access list specified by name mac access list extended rename This command changes the name of an existing MAC ACL The name parameter is the name of an existing MAC ACL The newname parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list This command fails if a MAC ACL by the name newname already exists Syntax mac access list extended rename name newname Parameters name The ACL name assigned during the creation of the ACL by using the mac access list extended command newname Case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list The string may include alphabetic numeric dash dot or underscore characters only The string must start with a letter Mode Global Config Related Commands deny permit Creates a new rule for the MAC access list selected by the mac access list extended command interface range Defines an interface range and accesses the Interface Range mode mac access group port channel In the Interface Port Channel Config mode attaches a MAC ACL to the selected port channel mac access group Attaches a specific MAC Access Control List ACL identified by name to an interface in the ingress direction mac access list extended Creates a MAC Access Control List ACL show mac access lists Displays the rules defined for t
13. This section provides a detailed explanation of the QoS CoS commands classofservice dotlp mapping on page 276 classofservice trust on page 277 cos queue max bandwidth on page 277 cos queue min bandwidth on page 278 cos queue random detect on page 278 cos queue strict on page 279 random detect exponential weighting constant on page 279 random detect queue parms on page 280 show classofservice dotlp mapping on page 281 show classofservice trust on page 281 show interfaces cos queue on page 282 show interfaces random detect on page 282 show interfaces tail drop threshold on page 283 tail drop queue parms on page 284 traffic shape on page 285 SFTOS Command Reference for the S2410 Version 2 4 1 0 275 classofservice dot1p mapping By default SFTOS 2 4 1 configures all egress queues in weighted round robin mode with equal minimum bandwidths This means that no egress queue will be given priority over any other To change this in weighted round robin mode use the cos queue min bandwidth command to assign minimum bandwidths to each queue You should then see queue 3 get the appropriate share of the bandwidth Alternatively use the cos queue strict command to force strict priority mode which will give egress queue 3 absolute priority over all other queues By default bandwidth is divided into 28 slices we get 28 by adding 1 through 7 representing seven priority queues and then it is allocated so that the highest priority que
14. gmrp Display GMRP interface information gvrp Display GARP VLAN Registration Protocol parameters hardware Display vital product data igmpsnooping Display IGMP Snooping information interface Display summary statistics for a specific port or for the entire switch interfaces Display Interfaces Information ip Display IP information logging Display logging and eventlog parameters More or q uit Forcel0 show terminal Command not found Incomplete command Use to list commands Forcel0 show terminal length Display terminal length Forcel0 show terminal length cr Press Enter to execute the command Figure4 Partial Keyword Example Using Command Modes The CLI of SFTOS follows the industry convention of mode based access to functionality grouping all of the CLI commands in appropriate modes according to the nature of the commands In other words each of the command modes supports specific related SFTOS software commands You specify through CLI commands which mode you want to access and then in that mode you enter commands that are specific to that mode For example if you want to configure a VLAN you would first enter the Interface VLAN mode by entering the command interface vlan vlanid at a prompt in the Global Config mode 44 Using the Command Line Interface The following command mode tree diagram provides an overview of the names of the modes and how they relate to each other The
15. interface range Defines an interface range and accesses the Interface Range mode dot1x port control all 172 This command sets the authentication mode to be used on all ports The control mode may be one of the following Security Commands dot1x re authenticate Force unauthorized The authenticator PAE unconditionally sets the controlled port to unauthorized Force authorized The authenticator PAE unconditionally sets the controlled port to authorized Auto The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant authenticator and the authentication server Syntax dotIx port control all force unauthorized force authorized auto no dot1x port control all sets the authentication mode to be used on all ports to auto Default auto Mode Global Config dot1x re authenticate This command begins the re authentication sequence on the specified port This command is only valid if the control mode for the specified port is auto If the control mode is not auto an error will be returned Syntax dotlx re authenticate unit slot port Mode Global Config Command History Version 2 3 Modified Moved from Privileged Exec mode to Global Config mode dot1x re authentication This command enables re authentication of the supplicant for the specified port The no version of this command disables re authentication of the supplicant for
16. show terminal length Displays the number of lines set by terminal length show tech support Use show tech support non paged for uninterrupted output This command is used to discover the routes that packets actually take when traveling to their destination through the network on a hop by hop basis traceroute ipaddr port ipaddr should be a valid IP address The optional port parameter is the UDP port used as the destination of packets sent as part of the traceroute This port should be an unused port on the destination system It should be a valid decimal integer in the range of 0 zero to 65535 The default value is 33434 Privileged Exec SFTOS Command Reference for the S2410 Version 2 4 1 0 145 write write Syntax Mode Related Commands The functionality of this command is the same as for the copy system running config nvram startup config command to save the running configuration to NVRAM which would be used while the system is re booted the next time The write command defaults to write memory write memory Privileged Exec copy Uploads and downloads to from the switch Configuration Scripting 146 Configuration scripting enables you to generate text formatted script files representing the current configuration These configuration script files can be uploaded to a PC and edited downloaded to the system and applied to the system Configuration scripts can be applied to one or more switch
17. 28 Note The Untested and Unsupported Features and Commands section of the Release Notes contains the most current information on available features The SFTOS 2 4 1 software provides the following features through a limited version no stacking of its Layer 2 Package also called the Switching Package e BootP RFC951 1542 e BootP DHCP Relay and Server RFC 2131 e Host Requirements RFC 1122 e UDP RFC 768 e IP RFC 791 e ICMP RFC 792 e TCP RFC 793 e STP Spanning Tree Protocol IEEE 802 1D e Rapid Spanning Tree IEEE 802 1w e MSTP IEEE 802 1s e 10 GigE IEEE 802 3ae e 1000 Base T IEEE 802 3ab e Flow Control IEEE 802 3x Link Aggregation IEEE 802 3ad e 16k MAC Address Table e Jumbo Frame Support QoS e Four Queues per Port e EEE 802 1P Compliance e Per Port Rate Limiting e Per Queue Rate Limiting e Strict Priority and Weighted Round Robin Scheduling e Weighted Random Early Detect Congestion Control e Wirespeed ACLs L2 L3 L4 e ACL Entries L2 VLAN e EEE 802 1q Support e Port based VLANs e Frame Extensions IEEE 802 3ac e Protocol based VLANs e GVRP GARP GMRP SFTOS Overview Multicast Protocols IGMP Snooping Layer 2 Multicast Forwarding Security and Packet Control Features Ingress Rate Limiting Login Access Control RADIUS IEEE 802 1x SSH2 Server Support Port Mirroring Access Profiles on Routing Protocols DOS Protection MAC
18. Parameters show users Syntax Mode Parameters 158 This command displays current telnet and serial port connections to the switch It also displays SSH sessions show loginsession Privileged Exec Login Session ID User Name The name the user will use to login using the serial port or Telnet A new user may be added to the switch by entering a name in a blank entry The user name may be up to 8 characters and is not case sensitive The Read Write user admin is the only factory default Connection From IP address of the telnet client machine or EIA 232 for the serial port connection Idle Time Time this session has been idle Session Time Total time this session has been connected Session Type Source of connection serial port Telnet etc This command displays the configured user names and their settings This command is only available for users with Read Write privileges show users Privileged Exec User Name The name the user will use to login using the serial port Telnet or Web A new user may be added to the switch by entering a name in a blank entry The user name may be up to eight characters and is not case sensitive The Read Write user admin is the only factory default User Account Commands username passwd User Access Mode Shows whether the operator is able to change parameters on the switch Read Write or is only able to view them Read Only As a factory default the a
19. Syntax 108 This command groups a set of individual interfaces a range of interfaces or more than one range of interfaces to which subsequent configuration commands can be applied bulk configuration interface range ethernet range range port channel range range vlan range range System Configuration Commands interface range Parameters ethernet Enter the keyword ethernet and one or more ports separated by hyphens range range and commas in this form ethernet unit slot port port unit slot port port Spaces are not allowed around commas or hyphens Example ethernet 1 0 1 1 0 10 1 0 40 1 0 45 port channel Enter the keyword port channel and one or more port channel numbers range range Separated by commas or grouped in a range in this form port channel 0 1 1 0 1 4 Spaces are not allowed around commas or hyphens You can enter up to six comma separated ranges vlan Enter the keyword vlan and one or more VLAN numbers from 1 to 3965 range range separated by commas or grouped in a range in this form vlan 10 33 50 Spaces are not allowed around commas or hyphens You can enter up to six comma separated ranges Defaults This command has no default behavior or values Mode Global Config Command History Version 2 3 Introduced Usage When creating an interface range interfaces appear in the order they are entered they are not Information sorted The command verifies that i
20. Syntax Mode This command displays information about the users assigned to the specified authentication login list If the login is assigned to non configured users the user default will appear in the user column show authentication users istname Privileged Exec User This field displays the user assigned to the specified authentication login list Component This field displays the component User or 802 1x for which the authentication login list is assigned This command displays a summary of the global dot1x configuration summary information of the dot1x configuration for a specified port or all ports the detailed dot1x configuration for a specified port and the dot1x statistics for a specified port depending on the keywords used show dot1x summary unit slot port all detail unit slot port statistics unit slot port Privileged Exec If none of the optional parameters are used the global dot1x configuration summary is displayed Administrative mode Indicates whether authentication control on the switch is enabled or disabled Security Commands show dot1x If the optional parameter summary unit slot port all is used the dot1x configuration for the specified port or all ports are displayed Port The interface whose configuration is displayed Control Mode The configured control mode for this port Possible values are force unauthorized force authorized auto Operating Con
21. The number of accounting timeouts to this server Unknown Types The number of RADIUS packets of unknown types which were received from this server on the accounting port Packets Dropped The number of RADIUS packets received from this server on the accounting port and dropped for some other reason show radius statistics authentication 186 Syntax Mode This command is used to display the statistics for RADIUS or configured server To show the configured RADIUS server statistic the IP Address specified must match that of a previously configured RADIUS server On execution the following fields are displayed show radius statistics P address Privileged Exec If the IP address is not specified then only the Invalid Server Address field is displayed Otherwise all the following listed fields are displayed Invalid Server Addresses The number of RADIUS Access Response packets received from unknown addresses Server IP Address IP address of the server Security Commands show radius statistics authentication Round Trip Time The time interval in hundredths of a second between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS authentication server Access Requests The number of RADIUS Access Request packets sent to this server This number does not include retransmissions Access Retransmission The number of RADIUS Access Requ
22. e Show commands display settings statistics and other information For every configuration command there is a show command that displays the configuration setting This chapter describes the following commands e sntp broadcast client poll interval sntpclient mode on page 216 e sntpclient port on page 216 e sntp unicast client poll interval on page 217 e sntp unicast client poll timeout on page 217 e sntp unicast client poll retry on page 217 e sntp server on page 218 e show sntp on page 218 e show sntp client on page 219 e show sntp server on page 220 sntp broadcast client poll interval Syntax Default Mode This command sets the poll interval for SNTP broadcast clients in seconds as a power of two where poll interval can be a value from 6 to 16 sntp broadcast client poll interval poll interval Use the no sntp broadcast client poll interval version of this command to reset the poll interval for SNTP broadcast client back to its default value 6 Global Config SFTOS Command Reference for the S2410 Version 2 4 1 0 215 sntp client mode sntp client mode Syntax Parameters Default Mode This command enables the Simple Network Time Protocol SNTP client and optionally sets the mode to either broadcast or unicast sntp client mode broadcast unicast Use the no sntp client mode command to disable SNTP client mode broadcast SNTP operates in the same manner as multicast mode bu
23. 164 Security Commands Syntax Default Mode Command History Related Commands port security max static port security max dynamic maxvalue no port security max dynamic 600 Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Added Interface Range mode interface range Defines an interface range and accesses the Interface Range mode port security max static Syntax Default Mode Command History Related Commands This command sets the maximum number of statically locked MAC addresses allowed on a specific port The no version of this command resets the maximum of statically locked MAC addresses allowed on a specific port to its default value port security max static maxvalue no port security max static 20 Interface Config Interface Range which is indicated by the conf if range interface ft prompt such as conf if range vlan 10 20 Version 2 3 Added Interface Range mode interface range Defines an interface range and accesses the Interface Range mode port security mac address Syntax This command adds a MAC address to the list of statically locked MAC addresses The vid is the VLAN ID The no version of this command removes a MAC address from the list of statically locked MAC addresses port security mac address mac address vid SFTOS Command Reference for the S2410
24. LAG The no version of this command disables the selected LAG no port channel enable Interface Config Interface Range Port Channel Range which is indicated by the conf if range interface prompt such as conf if range po 1 1 1 2 The no shutdown command provides the same functionality within both the Interface Config and Port Channel Range modes for the selected LAG s Version 2 3 Replaced adminmode with enable interface Accesses the Interface Config mode for the selected LAG shutdown Enables or disables the selected LAG port channel linktrap Syntax 252 This command enables link trap notifications for the LAG port channel The no version of this command disables link trap notifications for the LAG no port channel linktrap unit slot port all LAG Port Channel Commands port channel name P arameters unit slot Enter the logical ID of a configured LAG slot port format such as 1 4 port all Enter all to select all configured LAGs Default enabled Mode Global Config port channel name This command renames a LAG port channel or all LAGs Syntax port channel name unit slot port all name Parameter z een unit slot Enter the logical ID of a configured LAG slot port format such as 1 4 port all Enter all to select all configured LAGs name Enter an alphanumeric string up to 15 characters This name replaces the user entered name that wa
25. Parameters Mode Command History Usage Information 60 This command sets the IP gateway of the switch The management IP address configured with the ip address above and the gateway must be on the same subnet management route default gateway gateway Valid IP address Use no management route default to remove the gateway Global Config Version 2 3 Introduced Replaces the network parms command for the gateway part of the management address Use this command along with the ip address command to configure the management address of the switch Execute the interface managementethernet command from Global Config mode to access the ip address command as shown in the following example Note The IP Address and the gateway must be on the same subnet System Management Commands mtu Example s50 1 Config management route default 10 10 1 254 UN s50 1 Config ftinterface managementethernet Config if ma sip address 10 10 1 251 255 255 255 0 Config if ma fexit s50 1 Config ip http server enable s50 1 Config exit s50 1 s50 1 show interface managementethernet LP AGGPSSS cbs ks cs perme Oe Re Os RU 10 10 1 151 Subnet Mask RR vm ee we FERAE REGAT 25952992990 Detault Gateway e eee NE EEEE 10 10 1 254 Burned In MAC AddfOSB x m mmm RR ROS EORR 00 01 E8 D5 A0 39 Locally Administered MAC Address 00200200200200200 MAG Address TyDpeu dos uyn dew erie e soe ns
26. T indicates that the port is tagged U indicates untagged Ports E for Ethernet followed by the port numbers unit slot port in the VLAN The output of the show vlan brief command is shown in the following example Example Forcel0 show vlan brief VLAN Name MAC Aging IP Address A abc 1800 unassigned 2 egf 1800 unassigned 3 sss 1800 unassigned 5 1800 unassigned 12 1800 unassigned 13 1800 unassigned Figure 32 Output of the show vlan brief Command Description of the fields in the Show vlan brief report VLAN VLAN ID Name Assigned VLAN name MAC Aging Displayed in seconds IP Address IP Address assigned to the VLAN Usage For the show vlan id vian id command the output is shown in the following example Information Example Forcel0 show vlan id 1 Codes Default VLAN G GVRP VLANs NUM Status Q Ports A Inactive U Gi 0 8 11 Figure 33 Output of the show vlan id Command Description of the fields in the show vlan id report NUM VLAN ID Status A VLAN is active only if the VLAN contains interfaces and those interfaces are operationally up Q T tagged or U untagged information Ports Speed whether it is 10G 1G or fast Ethernet interface and port number unit slot port show vlan port Display 802 1Q port parameters Syntax show vlan port unit slot port all 130 System Configuration Commands Parameters Mode Command History Example tagged Syntax M
27. The DVMRP OSPF and PIM traps are not supported in the Layer 2 image gt show trapflags Privileged Exec Table 17 Fields of show trapflags Command Report Field Description Authentication Flag May be enabled or disabled The factory default is enabled Indicates whether authentication failure traps will be sent Link Up Down Flag May be enabled or disabled The factory default is enabled Indicates whether link status traps will be sent Multiple Users Flag May be enabled or disabled The factory default is enabled Indicates whether a trap will be sent when the same user ID is logged into the switch more than once at the same time either via telnet or serial port Spanning Tree Flag May be enabled or disabled The factory default is enabled Indicates whether spanning tree traps will be sent DVMRP Traps May be enabled or disabled The factory default is disabled Indicates whether DVMRP traps will be sent OSPF Traps May be enabled or disabled The factory default is disabled Indicates whether OSPF traps will be sent PIM Traps May be enabled or disabled The factory default is disabled Indicates whether PIM traps will be sent System Management Commands snmp server snmp server This command sets the name and the physical location of the switch and the organization responsible for the network The range for name location and contact is from 1 to 31 alphanu
28. disabled Global Config Version 2 3 Changed from set gvrp interfacemode revised syntax gvrp interfacemode enable Syntax Default Mode Command History 228 This command enables GVRP GARP VLAN Registration Protocol for a specific port gvrp interfacemode enable Use no gvrp interfacemode enable to disable GVRP GARP VLAN Registration Protocol for a specific port If GVRP is disabled Join Time Leave Time and Leave All Time have no effect disabled Interface Config Version 2 3 Changed from set gvrp interfacemode GARP GVRP and GMRP Commands gvrp interfacemode enable all gvrp interfacemode enable all This command enables GVRP GARP VLAN Registration Protocol for all ports Syntax set gvrp interfacemode enable all Use no set gvrp interfacemode enable all to disable GVRP for all ports If GVRP is disabled Join Time Leave Time and Leave All Time have no effect Default disabled Mode Global Config Command History Version 2 3 Changed from set gvrp interfacemode all set gvrp adminmode Command History Version 2 3 Changed to gvrp adminmode enable set gvrp interfacemode This command enables GVRP GARP VLAN Registration Protocol for a specific port Mode Interface Config Command History Version 2 3 Changed to gvrp interfacemode enable set gvrp interfacemode all Command History Version 2 3 Changed to gvrp interfacemode enable all show gvrp confi
29. e show dotlx on page 176 e show dotlx users on page 179 e show users authentication on page 179 e users defaultlogin on page 180 e users login on page 180 authentication login Syntax This command creates an authentication login list To authenticate a user the authentication methods in the user s login will be attempted in the order specified by the list until an authentication attempt succeeds or fails Note The default login list included with the default configuration can not be changed authentication login istname method method2 method3 no authentication login istname The istname is up to 15 alphanumeric characters and is not case sensitive Up to 10 authentication login lists can be configured on the switch When a list is created the authentication method local is set as the first method by default When the optional parameters method and optionally method2 and method3 are used an ordered list of the methods specified in those parameters is set in the authentication login list If the authentication login list does not exist a new authentication login list is first created and then the authentication methods are set in the list The maximum number of authentication login methods is three The possible method values are local radius tacacs and reject The local keyword indicates that the user s locally stored ID and password are used for authentication The radius keyword indicates t
30. gt gt Double VLAN Tunneling Usage The following screen capture shows the use of the three ways of using the command Information without the interface keyword and with the keyword followed by a port number or all Example f s2410 gt show dotlg tunnel N lt cr gt Press Enter to execute the command interface Enter interface S2410 gt show dotlqg tunnel nterfaces Enabled for DVLAN Tunneling None 850 8 gt show dotlq tunnel interface 1 0 1 nterface Mode EtherType 0 1 Disable 802 10 850 8 gt show dotlq tunnel interface all nterface Mode EtherType 0 1 Disable 802 10 0 2 Disable 802 10 0 3 Disable 802 10 0 4 Disable 802 10 0 5 Disable 802 10 0 6 Disable 802 10 0 7 Disable 802 10 0 8 Disable 802 10 0 9 Disable 802 10 0 10 Disable 802 10 Cole d i SFTOS Command Reference for the S2410 Version 2 4 1 0 223 show dvlan tunnel Related dvlan tunnel ethertype Commands Configures the etherType for all vlan stack Double VLAN tagging interfaces on the system mode dot1q tunnel Enable Double VLAN Tunneling on the specified interface mode dvlan tunnel same as above show dvlan tunnel This command displays whether an interface is enabled for Double VLAN Tunneling along with the system configured etherType and detailed information about Double VLAN Tunneling for the specified interface or a list of interfaces and their tunneling status
31. isssusssas aot A dtaa inaa EERIE ERRARE EREA 264 show spanning tree mst summary 6 ehh hh 264 show spanning ree SUMMAY cn oi cane kiceee ewe UE CDI DEOR quede tu Rd eae ed Ded 265 SHOW spaning rea VAN occcenkduee GS nude esaeedddder dao eRe dees agSe ed des des 265 SHAME assente eq T RRARBIN dE T RP Ea dori qubdaceE be d adera Ed deca dba be tendon 265 spanning tree bpdumigrationcheck is iua ados REED deca Roe dea RR e eus 266 spanning tree configuration name siiis hh hh hn 266 spanning tree configuration revision 2c hh rn 266 spaning tee S DEDUIT 24564455800 REP RReZSRECQUERRESTEQNIM RE EAGITe ORR 6064 267 spanning tree forceversion 0 0c sehr hh ha 267 spanning ree TORNEO TNS SL uud eacus bE Qe qb QUE ae Ropa acad eg RR CC Ma dede dica ead 268 spanning DEB OON INE eu dad e e ORE ERR RU EE d ed CARERS da EROR OLE Ro a RR EUR 4 268 spanning ree ARNG 665544 Pee RELAY REY SOROS ES DRE TESTS Id XN ERE Od ORO RR X 269 SPAN Hee Ma TODS oti kiten aska eke biomed h dow k eee hes A E 269 spanning NEE MG aM M CD a ded soot gu Pees h REPERA RARE ATERRAT EEKE 269 HO RPANMIGTER INS uoce vende REd be pren i aia Lae wat ee eke iba ba aed 270 spanning ree mel ASISNICE ond bg pus eae PREWUARGESEEKq EROS CERES SoS SERS ESLER ES OARS 271 SFTOS Command Reference for the S2410 Version 2 4 1 0 15 spanning troe DIEI POOH cu scpaedd 2 hee haben e terta taptir eRe eee qe dea AE seeder 271 Spann Nee MEVA TTC athe ene ERRADA
32. show vlan Displays information about VLANS either detailed information for a specific VLAN or summary information for all configured VLANs show port Displays port information for a selected port or for all ports vlan port tagging all Command History Related Commands This command sets the tagging behavior for all interfaces in a VLAN to enabled Version 2 3 Deprecated show vlan Displays information about VLANS either detailed information for a specific VLAN or summary information for all configured VLANs show port Displays port information for a selected port or for all ports tagged Add a tagged port to the selected VLAN vlan port untagging all Mode Command History Related Commands This command sets the tagging behavior for all interfaces in a VLAN to disabled so that traffic is transmitted as untagged frames Global Config Version 2 3 Deprecated show vlan Displays information about VLANS either detailed information for a specific VLAN or summary information for all configured VLANs show port Displays port information for a selected port or for all ports untagged Adds a Layer 2 interface to the selected VLAN as an untagged interface SFTOS Command Reference for the S2410 Version 2 4 1 0 135 vlan protocol group vlan protocol group This command adds a protocol based VLAN group to the system The groupname is a character string of 1 to 16 characters When it is cr
33. spanning tree Set the spanning tree operational mode speed Sets the speed and duplex setting for the interface traffic shape Configure the maximum transmission bandwidth limit vlan Configure VLAN parameters s50 1 conf if range et 1 0 10 1 0 11 mode dvlan tunnel Configure double VLAN tunneling for a specific port dotlq tunnel Configure double VLAN tunneling for a specific port s50 1 conf if range et 1 0 10 1 0 11 4mode dvlan tunnel cr Press Enter to execute the command s50 1 conf if range et 1 0 10 1 0 11 4mode dvlan tunnel s50 1 conf if range et 1 0 10 1 0 11 4vlan acceptframe Configure how to handle tagged untagged frames received ingressfilter Enable Disable application of Ingress Filtering Rules participation Configure how ports participate in a specific VLAN priority Configure the priority for untagged frames pvid Configure the VLAN id for a specific port tagging Configure tagging for a specific VLAN port pes Configure untagging for a specific VLAN port E Figure 24 Commands Available in Ethernet Range Mode SFTOS in contrast to FTOS does not allow spaces around commas or hyphens in the range statement The following example shows an incorrect range statement followed by the associated error message 110 System Configuration Commands interface range Example Forcel0 config interface range vlan 10 20 Warning Non existing ports not configured are ignored by interfac
34. such as conf if range vlan 10 20 Command History Version 2 3 Interface Range mode added Related show dot1x Display data on the dot1x configuration for a specified port or all ports Commands dot1x user This command adds the specified user to the list of users with access to the specified port or all ports The user parameter must be a configured user The no version of this command removes the user from the list of users with access to the specified port or all ports Syntax dotIx user user unit slot port all Mode Global Config Related show dot1x users Display 802 1x port security user information for locally configured users Commands show authentication This command displays the ordered authentication methods for all authentication login lists SFTOS Command Reference for the S2410 Version 2 4 1 0 175 show authentication users Syntax Mode Related Commands show authentication Privileged Exec Authentication Login List This displays the authentication login listname Method 1 This displays the first method in the specified authentication login list if any Method 2 This displays the second method in the specified authentication login list if any Method 3 This displays the third method in the specified authentication login list if any authentication login Define authentication login lists show authentication users show dot1x 176 Syntax Mode
35. summary information 256 user assigned name 256 lease 209 leave time 226 227 Line Config mode 47 49 lineconfig command 47 link aggregate group LAG 249 Link Aggregation IEEE 802 3ad 28 link aggregations See LAGs link traps interface 103 LAG 252 logging buffered 149 logging buffered wrap 150 logging cli command 150 logging console 151 logging host 151 logging host remove 152 logging persistent 152 logging port 152 logging syslog 153 logical slot port 42 logout 34 143 logout commands 143 M Mac Access List Config mode 48 290 mac access group 292 mac access list extended 290 mac access list extended command 48 mac access list extended rename 291 MAC ACLs 4 MAC address 207 MAC Database Commands 106 mac access list extended command 49 macaddr 41 mac address managment VLAN 59 mac type managment VLAN 59 makestatic 124 management commands 88 management route default 36 60 mask 207 max hops spanning tree 269 maximum Jumbo Frame size 4 maximum LAG ports 4 Maximum MAC ACL rules 4 Maximum number of ACLs 4 maximum number of LAGs 4 Microsoft client identifier 205 mirrored port 112 117 m node mixed 210 mode Ethernet Range 47 Port Channel 47 VLAN Range 47 mode access 47 mode dvlan tunnel 222 Mode based Topology 45 modes 47 48 monitor session 112 monitor session 1 mode 113 monitored port 117 mtu 61 mtu VLAN 125 multicast 231 Multicast Forwarding Database 231 multicast packets 231 Multi Lin
36. 0 11 Figure 51 Example of show port channel brief Command Output Static Capability This field displays whether or not the device has static capability enabled For each LAG the following information is displayed Logical Interface The field displays the logical ID of the LAG Port Channel Name This field displays the user assigned name of the LAG Link State This field indicates whether the link is up or down Mbr Ports This field lists the ports that are members of this LAG in s ot port notation Active Ports This field lists the ports that are actively participating in this LAG The example in Figure 51 shows two LAGs with system assigned IDs of 1 1 and 1 2 show port channel 256 Syntax Mode This command displays an overview of all port channels LAGs on the switch show port channel LAG D all Privileged Exec LAG ID VNalid unit slot and port number separated by forward slashes Lag Name The name of this port channel LAG You may enter any string of up to 15 alphanumeric characters Link State Indicates whether the Link is up or down LAG Port Channel Commands show port channel summary Admin Mode May be enabled or disabled The factory default is enabled Link Trap Mode This object determines whether or not to send a trap when link status changes The factory default is enabled STP Mode The Spanning Tree Protocol Administrative Mode associated with the port or port chann
37. 1 retry Mode Global Config sntp server This command configures an SNTP server connection with a maximum of three Syntax sntp server ipaddress priority version portid Parameters ipaddress Specify either the IPv4 address of the server or a DNS hostname If DNS then that hostname should be resolved into an IP address each time a SNTP request is sent to it priority Optionally specify the priority of this server entry in determining the sequence of servers to which SNTP requests will be sent The client continues sending requests to different servers until a successful response is received or all servers are exhausted A server entry with a priority of 1 is queried before a server with a priority of 2 and then a server with a priority of 3 If more than one server has the same priority then the requesting order follows the lexicographical ordering of the entries in this table Allowed range is 1 to 3 Default value is 1 version If priority is specified optionally identify the NTP version running on the server Allowed range is 1 to 4 Default value is 4 portid The the port ID a value of 1 65535 Use the no sntp server remove ipaddress command to delete the server from the list of SNTP servers Mode Global Config show sntp This command is used to display SNTP settings and status Syntax show sntp Mode Privileged Exec Example Forcel0 show sntp Last Update Time AUG 20 09 04 15 2006 Last Unica
38. 117 show port all 34 show port protocol 119 show port channel 256 300 Index show port channel brief 255 show port channel summary 257 show port security 166 show port security dynamic 167 show port security static 168 show port security violation 168 show radius 184 show radius accounting statistics 185 show radius statistics authentication 186 show running config 81 show serial 92 show serviceport 37 82 show serviceport command 36 show snmpcommunity 95 show snmptrap 95 show sntp 218 show snip client 219 show sntp server 220 show spanning tree 260 show spanning tree interface 261 show spanning tree mst detailed 262 show spanning tree mst port detailed 262 show spanning tree mst port summary 264 show spanning tree mst summary 264 show spanning tree summary 265 show spanning tree vlan 265 show storm control 199 show sysinfo 83 222 285 286 show tacacs 191 show tech support 86 show telnet 90 show terminal 144 show terminal length 144 show trapflags 96 show users 34 158 show users authentication 179 show version 84 show vlan 129 show vlan port 130 137 shutdown 119 257 shutdown all 119 Simple Network Time Protocol SNTP commands 215 single connection 191 slot port format 3 SMLT 249 SNMP system management commands 94 snmp trap link status 103 snmp trap link status all 103 SNMP trap summary and trap details 156 SNMP v3 access privileges 160 snmp server 97 snmp ser
39. 1522 octets excluding framing bits but including FCS octets and were otherwise well formed Packets Received Successfully Total The total number of packets received that were without errors Unicast Packets Received The number of subnetwork unicast packets delivered to a higher layer protocol Multicast Packets Received The total number of good packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The total number of good packets received that were directed to the broadcast address Note that this does not include multicast packets Packets Received with MAC Errors Total The total number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Jabbers Received Fragments Undersize Received The total number of packets received that were longer than 1518 octets excluding framing bits but including FCS octets and had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Note that this definition of jabber is different than the definition in IEEE 802 3 section 8 2 1 5 10BASE5 and section 10 3 1 4 10BASE2 These documents define jabber as the condition where any packet exceeds 20 ms The allowed range to detect jabber is betwe
40. 2 When the Login panel is displayed enter the appropriate User Name and Pass word The User Name and associated password are the same ones used for the ter minal interface Click on the Login button The navigation tree is displayed in Frame 2 and the System Description Menu is displayed in Frame 3 Using the Web User Interface 3 Make your selection by clicking on the appropriate item in the navigation tree in Frame 2 Command Buttons The following command buttons are used throughout the Web UI panels Save Implements and saves the changes you just made Some settings may require you to reset the system in order for them to take effect Refresh The Refresh button that appears next to the Apply button in Web interface panels refreshes the data on the panel Submit Send the updated configuration to the switch Configuration changes take effect immediately These changes will not be retained across a power cycle unless a save is performed The Web UI also has an optional switch navigation icon Port status indicator green up Click arrow to view back of switch Click arrow on back of switch to return Stack member unit Click up arrow to view number indicator TEIEEIIUTICITIIIIITICLIIII Te A previous switch ETSI 1 A down arrow gets 2n next switch in stack Click on body for floating nested menus like those in Navigation pane Open full stack view Click to view the whole stack Th
41. 250 deny permit 288 Deprecated Commands 4 description 122 destination MAC 4 destination port 112 device configuration commands 115 116 227 234 DHCP client 205 DHCP Pool Config 205 DHCP Pool Config mode 47 DHCP Pool Config mode accessing 209 DHCP Pool Configuration Mode 49 DHCP Server 203 DiffServ 4 dir 56 disconnect 158 dns server 206 document conventions 39 domain name 206 dotix defaultlogin 170 dotix initialize 171 dot1x login 171 dot1x max req 171 dot1x port control 172 dot1x port control all 172 dot1x re authenticate 173 dot1x re authentication 173 dot1x system auth control 174 dot1x timeout 174 dot1x user 175 Double VLAN tagging 221 Double VLAN Tunneling Web UI panel 221 223 224 downloading 33 drop precedence 280 dvlan tunnel etherType 221 Dynamic Host Configuration Protocol DHCP 203 E edge port STP 267 egress rate shaping 285 enable 107 enable command 47 enable passwd 142 encapsulation VLAN 123 EtherChannel 249 Ethernet Management port 3 79 Ethernet Range 109 Ethernet Range mode 47 Ethernet trunk 249 Exit 43 F flow control 200 forwarding database differences between the terminal and Web interfaces 51 frame acceptance mode 133 134 G GARP commands 225 GARP Multicast Registration Protocol GMRP 231 General Attribute Registration Protocol GARP 225 Global Config mode 47 48 gmrp adminmode 231 GMRP commands 225 gmrp interfacemode all 232 GVRP enabling or d
42. 62 ROW DEUM ie os 4 oo ude daa adeee ieee a iid queda dd ar ue dua d da owed 62 DEVO DIDIDUDE dioses quay pde hon dy P Qe ec uad dee x RS Qe eps E adm ads d d 62 POOH Los 4a 524 apex E OEC E RO Deos HO OSES FREE PRES pac o Re KNEE D ALLS 63 i es s OTT 63 BSOFWCODOH DIOLOGOI ooosssessduesc eR ecEOHRECRORRGRRORORERRORAORGR ROR ROGO ORR RARE RO Role 64 SHOW AID SW osa gea qq REGERE Re RE PO E qi EE donde ao AERO ERLE 64 SH HAMM oop canon ance asas eed ERA d EHI A OQ oes a PET E ES qd Ee 65 Contents SKOWE 2c12ccheapatadedes dtbciegeetladdetaeeie_astbaaedys 4602088 h 008088 65 SHOW merac DIDOIBOE casia e ines Wee Fane db dea debe daa ie ae ad 67 show interface managementethernet 002 ccc ees 5 show MENACE SUNCOM aoacs yep be ERO ARR Se pace GR V Rd PERCRESR S USE E RE VOX 76 STOW TO COS Laadesaadqqs R QQsescemaqQQsSsesqqER mQdadqeqmnq QS ADDONS TASS Ad qNT 77 SHOW JOQOD oussuesce seme kt RR REOR RCRHE RESO R ERE RR RES Rol eb DOR RR E Ro able 78 SHOVE mc go TRUE ciel i ice debe ed ee ode ea deese abd sud MB RN d qd a peg abs d 78 SHOW ISON cad d sou e Tea q RE qe E REOR STasEDEmUSFaaqQuE suas a vb ad 80 Show NOWE vasis Queritur 4k eG d E VO qe XAR PERRA REPE NER ERG E Ce EE 81 oou POON ious eek d qu bp a qd ele pt bd d quoc tuDpo lid d Gui ba pedis Gere expli ae 81 Show SOrvicapOlt icu cumsan e ETHERS THRASH RE REO RO A EORR RR Eo aah e E e d Red 82 SHOW RO heats eos gx ERICRRR Rer RIqe E Resa EPA GGG prPEPICRES eR Epp EJ 83 c
43. ARAE A 272 spanning tree port mode enable 1 eee 272 spanning iree port mode enable all licis esae aga ka RE RA 273 Chapter 17 Quality of Service QoS Commands 000 cece eee eee 275 Wiese Ol Semice Cos CORImalids uada cadre ERRARE URGE Ee REP Edda TPPAd 275 CIBSROIPSOI WOO dolp MapN 64 264 40494 OU ERR KG RECO PERRO A SERRE RR RE RR UR OR ERS 276 Dan ICD VUE ico peer ee adip eh ebb quic Ewa d a dq ee ee ame were Kb duced we 277 cos queue max bandwidth a5 565555 e455 seus eus ey EEE RR ROCA OSE OE ws 277 COS GUB DONE asses ea Rd pte RI XV RR On eae Rav eer aU bee eee 278 CDS qued TANDOORI cane A PR TAVEPCREPPRRAYQ e seek RACE e RE e dd 278 COS QUOBD BIOL i aeuo aa SRLS eee RR RGUUD A ESSE KGGdu e RE RARE WR qu duet edad aedi 279 random detect exponential weighting constant silere 279 random delect queue parmS iieeceeprdioderiweera ee ee eee Babee ae den ade eeaeeee 280 SHOW classofservice dotip Mapping isses grace ERO X aee ER e X ERxdruRa 281 SOOO NEMO NUI axuquaes bd ewaqtabidedeeseei B edges ded mque d qid e ud 281 Show interfaces CoS QUOUO oo co see ee eee eee x RR WERE vau aus vds 282 Show interfaces random detect 24 4 545d ede eds Ades REEMA wR ERE Hd RAE bed eA EES 282 show interfaces tai drop threshold cass cceaae es adees cae ene banner eee eee ea hee vanee 283 tail drop qUOUG DaITIS 24h c bc eH ed SHR ET ARERR HEGRE ERATE OEE ES X OCA EORR GOR HO 284 DEDOS 41st bia heuer E E E eed qb dabe
44. Configuration Bridge Protocol Data Unit BPDU transmission indicating if a topology change is in progress for this port Hello Time The hello time in use for this port Edge Port The configured value indicating if this port is an edge port Edge Port Status The derived value of the edge port status True if operating as an edge port false otherwise Point To Point MAC Status Derived value indicating if this port is part of a point to point link CST Regional Root The regional root identifier in use for this port CST Port Cost The configured path cost for this port SFTOS Command Reference for the S2410 Version 2 4 1 0 263 show spanning tree mst port summary show spanning tree mst port summary This command displays the settings of one or all ports within the specified multiple spanning tree instance The parameter mstid indicates a particular MST instance The parameter unit slot port all indicates the desired switch port or all ports If 0 defined as the default CIST ID is passed as the mstid then the status summary is displayed for one or all ports within the common and internal spanning tree Syntax show spanning tree mst port summary mstid unit slot port all Mode Privileged Exec and User Exec Unit Slot Port Valid unit slot and port number separated by forward slashes Type Currently not used STP State The forwarding state of the port in the specified spanning tree instance Port Role The
45. Description Broadcast Packets Transmitted Transmit Packets Discarded The total number of packets that higher level protocols requested be transmitted to the Broadcast address including those that were discarded or not sent The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol A possible reason for discarding a packet could be to free up buffer space Most Address Entries Ever Used The highest number of Forwarding Database Address Table entries that have been learned by this switch since the most recent reboot Address Entries Currently in Use The number of Learned and static entries in the Forwarding Database Address Table for this switch Maximum VLAN Entries The maximum number of Virtual LANs VLANs allowed on this switch Most VLAN Entries Ever Used The largest number of VLANs that have been active on this switch since the last reboot Static VLAN Entries The number of presently active VLAN entries on this switch that have been created statically Dynamic VLAN Entries The number of presently active VLAN entries on this switch that have been created by GVRP registration VLAN Deletes The number of VLANs on this switch that have been created and then deleted since the last reboot Time Since Counters Last Cleared The elapsed time in days hours minutes and secon
46. E E E do pl E E E deer 158 SHOW oO EOS aara Ernane ea rrara 158 ROW HODIE 2 ose sped EHH HE Rd eE E E E A 158 Beno Pa E crpe Tehes E dude dar hhh EE ques abend 159 users OUO BCCSSEMOUS ce pc odr SPRA chee Xd E ERR Re Gee REINIE IERRA AES ASRS 160 users SINTDVO authenticatioN 42408074 20a Rae e ERE e dr E eC ERI P Oa eb betta 160 users SUM ONU Sou peas dedu aexacssqaqadaddaeu dd edd du Xd uii dp ded E 160 Chapter 9 DECOY COImmODUM iocouesesh SeOrERE PED re sIESTERERAqe CER SPPERRTAERRRSEPPE 163 Pon Secun COMMONS P D EBRTT 163 Wriplomesntelohn NGS 66a dece aci apos acide acr dos eor dldod th Nain adi di dade ous delude dad 164 DOR SOLD addas me d apu Rd e ES aqv ies ve wd vete tg ad d acc RE d qu 164 port abcuntv maxssdqvasimi reres rra boda E kw PR AER dco Rc ER do EERO 164 DUI SOC UTI MXS hte peck quibos Seu E Eod qan e ape sd Miedo aks Geb Pur pp Genie 165 port security mac address iiis eue sums sem ead E RES RE OO eh E Ra aio 165 Contents port security mac address move 6 tte 166 Snow PON NODI assa agad tat eeo arden Bade quad aiu q aqq tae bad ed qubd d qua 166 Show port security OVNAING ssuuos s 945 kae Rak x der XR OR CE E RR XR RR RR X RR KORR E RC wa 167 SHOW por S0QuHy SIGAN euogielie 424 45 dea ew Y Rida Ry xiv 4d d dre 168 show DO SOLO volalo esso aea wa aerae xa deed doe GP XR Aca TERA ded ad RA 168 Port Based Network Access Control IEEE 802 1X lloeesllseeseeselleelelel 168 BUENO SH
47. ERE EAR EE E banner txt Data TYPES i a E ero Ne hic or ES e E S Cli Banner Are you sure you want to start y n y CLI Banner file transfer operation completed successfully Forcel0 S50 exit Forcel0 S50 gt logout FORCE10 s Login Banner Unauthorized access is punishable by law User Ne Figure 36 Using the copy command to Download the CLI Banner copy clibanner Downloads the CLI banner text file to the switch write Saves the running configuration to NVRAM duplicating the functionality of copy system running config nvram startup config enable passwd 142 This command changes the Privileged Exec password commonly called the enable password which is not set when SFTOS boots for the first time First type the command then press Enter System Configuration Commands Syntax Parameters Mode Command History logout Syntax Mode Related Commands quit Syntax Mode Related Commands logout enable passwd password password Enter a text string up to 32 characters long as the clear text password Global Config Version 2 3 Modified Moved from Privileged Exec mode to Global Config mode Close the current Telnet connection or reset the current serial connection Note Save configuration changes before logging out logout Privileged Exec quit Close the current Telnet connection or reset the current serial connection This command dupli
48. Figure 29 Figure 30 Figure 31 Figure 32 Figure 33 Figure 34 List of Figures Force10 Networks iSupport Website l lllsle ees 24 Example of Accessing the Boot Menu with the reload Command Pipe mauus dade Example of Configuring the Ethernet Management Port 0000005 37 Partal Keyword Example as i cux ks ed ki ante RASA hae Sa dedo Bote dg ded cc ui Rok acd 44 CLI Mode Diagram lulu TO TTET TETE TESTY eer 46 Switch Navigation Icon in Web Ul issslsesseee III 53 Example of dir nvram Command Output nck ea ee ee aca 57 Example of Configuring Management Address aaan 61 Output of the show interfaces unit slot port Command 20000 eae 66 Example of show interface ethernet switchport Output re 68 Example of show interface ethernet unit slot port Output inincetis ee RR m 69 Output of the show interfaces description Command 0000 eee eee 78 Example of Output from the show mac addr table all Command ere i Example of Output from the show mac addr table count Command 80 Example of Output from the show mac addr table vlan Command 80 Using the show running config command 0 00 eee eee 82 show serviceport Command Output 0000 eee eee eee 83 lineconfig Command Example TIT gon edd TETON TEPE T TIE configure Command Example soc uesuuee Rie dorate REX EX EUREN
49. Getting Started chapter of the book SFTOS Command Reference Guide show terminal length Syntax Mode Command History Related Commands 144 This command displays how many lines are currently in one page of show command output as configured by the terminal length command show terminal length Privileged Exec and User Exec Version 2 3 Introduced terminal length Sets the number of lines displayed on the terminal without pausing System Configuration Commands terminal length terminal length Syntax Parameters Defaults Mode Command History Usage Information Related Commands traceroute Syntax Mode Configure the number of lines to be displayed on the terminal screen in one page of output of show commands terminal length number of lines number of lines Enter the number of lines that you want the output to display before pausing Entering zero 0 will cause the terminal to display without pausing Range 0 5 to 512 1 4 cannot be set Default 24 lines 24 lines Use Exec or Privileged Exec Version 2 3 Introduced This is a session based command The CLI presents 24 lines per page of show command output as a default unless the user uses this command to change the number of lines At the end of each page the user can press q for quit to stop the output and return to the command line or any other key to see the next page of the display
50. Information Example force 0 show vlan N Codes Default VLAN G GVRP VLANs E Ethernet interface Vlan Id Status Q Ports 1 Inactive U amp 1 071 1 0 2 1 0 3 l1 0 4 1 0 5 L1 0 6 amp L 0 7 l 0 8 L O 9 L 0 10 1 0 11 1 0 12 1 0 13 1 0 1 1 0 15 1 0 16 1 0 17 1 0 18 1 0 19 1 0 20 1 0 2 1 0 22 1 0 23 1 0 24 1 0 25 1 0 26 1 0 27 1 0 2 1 0 29 1 0 30 1 0 31 1 0 32 1 0 33 1 0 34 1 0 3 1 0 36 1 0 37 1 0 38 1 0 39 1 0 40 1 0 41 1 0 4 1 0 43 1 0 44 1 0 45 1 0 46 1 0 47 1 0 48 1 0 4 1 0 50 2 0 1 2 0 2 2 0 3 2 0 4 2 0 5 2 0 6 2 0 77 2 0 8 2 0 9 2 0 10 2 0 11 2 0 12 2 0 1 2 0 14 2 0 15 2 0 16 2 0 17 2 0 18 2 0 19 2 0 2 2 0 21 2 0 22 2 0 23 2 0 24 2 0 25 2 0 26 2 0 2 2 0 28 2 0 29 2 0 30 2 0 31 2 0 32 2 0 33 2 0 3 2 0 35 2 0 36 2 0 37 2 0 38 2 0 39 2 0 40 2 0 4 2 0 42 2 0 43 2 0 44 2 0 45 2 0 46 2 0 47 2 0 4 2 0 49 2 0 50 3 0 1 3 0 2 3 0 3 3 0 4 3 0 5 3 0 6 3 0 7 3 0 8 3 0 9 3 0 10 3 0 11 3 0 12 3 0 13 3 0 14 3 0 15 3 0 16 3 0 17 3 0 18 3 0 19 3 0 20 3 0 21 3 0 22 3 0 23 3 0 24 3 0 25 3 0 26 o PN UO O0 HP O00 P2 4 OU More or q uit loutput deleted Figure 31 Output of the show vlan Command Description of the fields in the show vlan report Vlan Id VLAN ID Status Active or Inactive A VLAN is active only if the VLAN contains interfaces and those interfaces are operationally up SFTOS Command Reference for the S2410 Version 2 4 1 0 129 show vlan port Q
51. Interface Range mode the selected range of ports deleteport unit slot port Interface Config Interface Range specifically Ethernet Range which is indicated by the conf if range et interfaces prompt such as conf if range et 1 0 10 1 0 11 Version 2 3 Interface Range mode added Display the configured LAG names and their IDs The interface number is specified in logical slot port format which displays one 1 as the slot number the port number is a sequential integer based on existing LAG numbers when the new LAG is created Before adding ports to the newly defined LAG use this command to determine the logical ID that identifies the LAG to use when associating a port with it show port channel LAG Port Channel Commands deleteport global config deleteport global config This command deletes all configured ports from the LAG port channel Syntax deleteport unit slot port all Mode Global Config Related Commands show port channel Display the configured LAG names and their IDs The interface number is specified in logical slot port format which displays one 1 as the slot number the port number is a sequential integer based on existing LAG numbers when the new LAG is created Before adding ports to the newly defined LAG use this command to determine the logical ID that identifies the LAG to use when associating a port with it port channel This command creates a new LAG po
52. Odeon be XX Cod api wg dca Eod 231 SE ODE ERUIT ssas ki aren ETAk decr Th Bd qa tuis qu Rod ob dde wd 232 gmrp interfacemode enable all 0 00 0c ehh hh 232 sot gimp IOIGRTRDODIDEE sirsrisssrreid rtada tetti AODA ES RP C qp qnd qUpA E Pod vos 233 Sel GI imernacemode SY ssstisesied dd RR Wax Ed E Cada AREE DERE ERU auk 293 show gimp COMNOUTADON iussus shed RR RR ERR RACER OROROAOR E dox ag Hebd deere ee de 233 show macaddress table OUND osre edb es mea beds ke de de tah reker up ded cec i hae 234 Chapter 14 IGMP Snooping Commands 2 ois ccce cesses cvsceiasivics seccvacetewioniveanes 235 igmp enable nteace 2 cases awe cuu Roe AHHH KEES ACER R GORGE Rn ENAKA 236 HO ena HORAN doo doe FECERO PROC RG PEST EERE ORES P EIU IEEE FERRER SES 236 Igpdast Idave DIDIOHBOB ooeoesca4 X RUPEE Ad RA RERREZG REFERS RC UR NR 237 igmp groupmembership interval interface 22s Zar igmp interlacemode enable all o 46 eiae ep dea aula sd kb M ea dba dead usa n de dud 238 INO DEKOS PONDE soa 2d ed CER OUR E o RUE Seagate EE OP REA E Oh RUPEE Qa RPG Rd du 238 nap mertexpirotime NRIEITIOB Loos cabin dees E Rd Adee Eee Edw wk Ee dE E E EE 239 Omp mrouter TORIO Lusbequaucc veiba e up eee eheee ke pedi d dece eto babes 240 igmp mrouter interface enable 11 ehh hh hh 240 s INO onaco ccc nparecantrode ea aia a de dup dor V dude E a 241 up IO TBUBTOHIE Logan dta ird ee mara ed n Bad a aa ul dad P m ando de ws mad d 241 sel iomp ASHICaVe vuosxise Reg RA EES
53. Pool Name The name of the configured pool Pool Type The pool type Lease Time The lease expiration time of the IP Address assigned to the client DNS Servers The list of DNS servers available to the DHCP client Default Routers The list of the default routers available to the DHCP client The following additional field is displayed for Dynamic pool type Network The network number and the mask for the DHCP address pool The following additional fields are displayed for Manual pool type Client Name The name of a DHCP client Client Identifier The unique identifier of a DHCP client Hardware Address The hardware address of a DHCP client Hardware Address Type The protocol of the hardware platform Host The IP address and the mask for a manual binding to a DHCP client SFTOS Command Reference for the S2410 Version 2 4 1 0 213 show ip dhcp server statistics show ip dhcp server statistics Syntax Mode This command displays DHCP server statistics show ip dhcp server statistics Privileged Exec and User Exec Address Pool The number of configured address pools in the DHCP server Automatic Bindings The number of IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database Manual Bindings The number of IP addresses that have been manually mapped to the MAC addresses of hosts that are found in the DHCP database Expired Bindings The numbe
54. Prompt Exit or Access Previous Mode Mac Access List In the Global Config mode hostname Mac Access List To exit to the Global Config mode enter Config enter the mac access list Config the exit command To return to the User extended command Exec mode enter Ctrl Z TACACS Config In the Global Config mode hostname Tacacs To exit to the Global Config mode enter enter the tacacs server the exit command To return to the User host ip address Exec mode enter Ctrl Z command Mode based Command Hierarchy 48 As introduced above the CLI is divided into various modes Commands in a particular mode are not available until the operator switches to that mode with the exception of the User Exec mode commands The User Exec mode commands may also be executed in the Privileged Exec mode The commands available to the operator at any point in time depend upon the mode Entering a question mark at the CLI prompt displays a list of the available commands along with descriptions of the commands The CLI provides the following modes User Exec Mode When the operator logs into the CLI the User Exec mode is the initial mode The User Exec mode contains a limited set of commands Command Prompt hostname Note The hostname here is a placeholder for the prompt that you create using the hostname command See hostname on page 57 Privileged Exec Mode To have access to the full suite of commands you must enter t
55. Rad dQuAASSEAGGqqaMASERVdp A ARERAGQURASQRAWRERA 183 rais Sever DONSBPY ege aep ted dado rRrqee d dee 3 Ret ed dor bp a quieta oe ees 183 radus GEMETIORANSO ausdduee qaad asa dc Rs Qd E UR SEQQ ceca RR ie ad ac CR did 183 radius server INIGOU iis goed 4 RR ROSES SEE HERS HE GHEE EGERER GRE REG Pd RR RARE aOR 184 SHOW PAGS cic dadwte ea wdc ener sheds a GG eb e ee edP ad dig bd abet ses 184 SHOW radius accountng SIaNSUDS os cc br pad od OR FAR SSS HER A TERE Baw RUNS BALE SERRE 185 show radius statistics authentication isses nnn 186 TACAC OF COMMAS 1 iSc i acatarg aco fao ch ha A eae Ba cd dae hy a eat pac B UR UR 187 IBOBES OVO NOM Lieu dado e d epo ROEREERUR EROR OR Ur UD RUD dibs eae DADO CO EE 188 In gCE DEVE NEW lt u rrF e LOK Pee eS FLEES FORESEES PRG E RQECIT RE NE REP dw EE RE 188 CSCS SOUL TEON oie rahi Que SERA a R dede las bol ded GA Tb BE b e quado ded 189 KEY aoolaesscodoegek4su AR GCRGORGHROGRE ORGOR AREE EEE R EHE SSPE RRM OR REOR AXCACAHE Gre OTR aed 189 SFTOS Command Reference for the S2410 Version 2 4 1 0 11 POE 190 WHEY E NEET ei MUS rdi ata ad have tale d bdo dU iq ME aede datis qd Bie ded bud 190 GIONS COMMOCHON ocosseeesenscsueresbeR RR REESE RE RECEA Edd aed d xcd eq Eam ER RES 191 BHOW THCHCD 5 4 245 Vie kN URL PERRA REN PERRA Ped ed edt Rd did wed dd 191 GODU iiasesadsW ews Eq QS ad QE RE Dd edP pud ads Sa gqq aA ed qud 191 Secure SHINGO COII
56. SFTOS Overview The SFTOS software loaded in every S Series switch has two purposes e Assist attached hardware in switching frames based on Layer 2 3 or 4 information contained in the frames e Provide a complete device management portfolio to the network administrator Switch Management Options SFTOS 2 4 1 on the 2410 provides the network administrator with a choice of management methods e VT100 interface You can access the SFTOS command line interface CLD through either the console port on the switch or through a management IP address configured on the dedicated Ethernet Management port and or the management VLAN This book focuses on the syntax of the commands that you use in the CLI Note When configuring a device by use of a configuration file the maximum number of configuration file command lines is 2000 Simple Network Management Protocol SNMP Force10 Networks provides Force10 Management System FTMS a graphical network management software product that provides a global view of your complete Force10 network FTMS includes Node Manager which not only provides GUI based device management it also includes the ability to execute CLI commands either individually from Node Manager or by having Node Manager open a Telnet window to the device e SFTOS Web User Interface Web UI See Chapter 4 Using the Web User Interface SFTOS Command Reference for the S2410 Version 2 4 1 0 27 SFTOS 2 4 1 Features
57. Syntax no monitor session 1 Default enabled Mode Global Config show forwardingdb agetime This command displays the timeout for address aging Syntax show forwardingdb agetime Mode Privileged Exec Example ForcelO0 show forwardingdb agetime Address Aging Timeout 300 Forcel0 Figure 25 Example of show forwardingdb agetime Command Output Command 7 ore F History Version 2 3 Modified Removed parameters and statements relating to IVL show mac address table This command displays the Multicast Forwarding Database MFDB statistics Syntax show mac address table gmrp igmpsnooping multicast stats gmrp Display GMRP entries in the MFDB table 114 System Configuration Commands Mode Field Descriptions Related Commands show mac address table multicast igmpsnooping Display IGMP Snooping entries in the MFDB table multicast Display Multicast Forwarding Database Table information stats Display MFDB statistics Privileged Exec Total Entries This displays the total number of entries that can possibly be in the Multicast Forwarding Database table Most MFDB Entries Ever Used This displays the largest number of entries that have been present in the Multicast Forwarding Database table This value is also known as the MFDB high water mark Current Entries This displays the current number of entries in the Multicast Forwarding Database table show mac address table Displays Multicast
58. This command performs the same function as show dot1q tunnel Syntax show dvlan tunnel interface unit slot port all Parameters interface unit slot port all Enter the interface keyword followed by either a specific address in the form of unit slot port or enter the word all Unit Slot Port Valid unit slot and port number separated by forward slashes Mode Privileged Exec and User Exec Web User Double VLAN Tunneling Summary This S50 Web Interface panel has similar functionality Interface Access it in the node tree through System gt gt Port gt gt Double VLAN Tunneling Related dvlan tunnel ethertype Commands mode dot1q tunnel Configures the etherType for all vlan stack Double VLAN tagging interfaces on the system Enable Double VLAN Tunneling on the specified interface mode dvlan tunnel same as above 224 VLAN Stack Commands GARP GVRP and GMRP Commands This chapter provides a detailed explanation of the General Attribute Registration Protocol GARP commands including GVRP and GMRP commands The commands are divided into two functional groups Show commands display switch settings statistics and other information e Configuration commands configure features and options of the switch For every configuration command there is a show command that displays the configuration setting The sections in this chapter are e GARP Commands on page 225 e GARP VLAN
59. a TACACS key for the TACACS server tacacs server timeout Specify a global timeout value for all TACACS hosts single connection Configure the client to maintain a single open connection with the TACACS server port Specify a server port number for a particular TACACS host timeout Specify the timeout value for a particular TACACS host key Specify the authentication and encryption key for all communications between the client and the particular TACACS server priority Specify the priority value for a particular TACACS server show tacacs Display settings for all or a particular TACACS server tacacs server key Configure a key for communication between a TACACS server and client Syntax tacacs server key key To delete a key use the no tacacs server key key 188 Security Commands Parameters Default Command Modes tacacs server timeout key Enter a text string up to 127 characters long as the clear text password Leading spaces are ignored Not configured CONFIGURATION Usage The key configured with this command must match the key configured on the TACACS Information daemon Related tacacs server host Identify a TACACS server Commands key Specify the authentication and encryption key for all communications between the client and a particular TACACS server tacacs server timeout Specify a global timeout value for all TACACS hosts Syntax tacacs server timeout timeout To rest
60. a number that corresponds to the desired existing multiple spanning tree instance to be removed spanning tree mst instance mstid no spanning tree mst instance mstid Global Config spanning tree mst priority This command sets the bridge priority for a specific multiple spanning tree instance The instance mstid is a number that corresponds to the desired existing multiple spanning tree instance The priority value is a number within a range of 0 to 61440 in increments of 4096 If 0 defined as the default CIST ID is passed as the mstid then this command sets the Bridge Priority parameter to a new value for the common and internal spanning tree The bridge priority value again is a number within a range of 0 to 61440 The twelve least significant bits will be masked according to the 802 1s specification This will cause the priority to be rounded down to the next lower valid priority The no version of this command sets the bridge priority for a specific multiple spanning tree instance to the default value in other words 32768 The instance mstid is a number that corresponds to the desired existing multiple spanning tree instance SFTOS Command Reference for the S2410 Version 2 4 1 0 271 spanning tree mst vlan Syntax Default Mode Command History Related Commands If O defined as the default CIST ID is passed as the mstid then this command sets the Bridge Priority parameter for the common and internal spanning tre
61. appears is when you have entered an invalid input parameter in the command The marker shows where in the com mand the first character of invalid input was detected After all the mandatory parameters are entered any additional parameters entered are treated as optional parameters If any of the parameters are not recognized a syntax error message will be displayed After the command is successfully parsed and validated the control of execution goes to the corresponding CLI callback function For mandatory parameters the command tree extends until the mandatory param eters make the leaf of the branch The callback function is only invoked when all the mandatory parameters are provided For optional parameters the command tree extends till the mandatory parameters and the optional parameters make the leaf of the branch However the callback function is associated with the node where the mandatory parameters are fetched The callback function then takes care of the optional parameters Once the control has reached the callback function the callback function has complete information about the parameters entered Using the Command Line Interface Using the Web User Interface This chapter covers the following topics e Configuring for Web Access on page 52 e Web Page Layout on page 52 e Starting the Web User Interface on page 52 e Command Buttons on page 53 This chapter is a brief introduction to the SFTOS Web User Inter
62. are for use with Force10 Networks equipment only do not use Force10 Networks AC Power cords with any unauthorized hardware FAm Ie Miu Te LCd3 V sd BSRI KEY hk SER Cd BRI KEY hi SU DAP Oo RMS SUTEA ETEA N Ecc ok t A Amf AME NeBRI KEY hE SAL thm 38 1 BEY hEBALZUSRE UL Feedback on Documentation Send email to techpubs forcei10networks com New Features This preface describes SFTOS 2 4 1 by contrasting it to SFTOS 2 3 1 9 Major Changes Most of the differences in SFTOS 2 4 1 reflect the fact that SFTOS 2 4 1 is dedicated to supporting the S2410 models of the S Series Layer 2 only The 2410 is limited to Layer 2 functionality and therefore Layer 3 commands are not in the CLI such as those for the OSPF and RIP protocols Stacking Port ID format Because the 2410 does not support stacking SFTOS version 2 4 1 does not need to address ports in the unit slot port format common to other versions of SFTOS Instead ports are identified simply in slot port format Physical ports have IDs with the slot always designated by 0 for example 0 10 for port 10 Logical ports VLAN and LAG are identified with a 1 in the slot portion of the ID such as 1 4 for LAG 4 Note however that some pre existing example screenshots continue to show the unit slot port format Ethernet Management port The 52410 switch has an Ethernet Management port labeled 70 100 Ethernet on the switch faceplate that is dedicated to managing the
63. based Port Security Management Telnet RFC 854 SSHv2 TFTP RFC 783 Syslog SNMP vl1 v2c RMON Groups HTML based Management SNTP HTTPS SSL SFTOS Command Reference for the S2410 Version 2 4 1 0 29 30 SFTOS Overview Quick Start This chapter summarizes the procedures to start and operate the switch For more detail see the Getting Started chapter in the SFTOS Configuration Guide and the rest of that guide or the 2410 Quick Reference This chapter covers the following topics e Starting the Switch e Using the Boot Menu on page 32 e System Info and System Setup on page 33 e Physical Port Data on page 34 e User Account Management on page 34 e Management IP Address on page 35 e Uploading from the Switch through XMODEM on page 37 e Downloading to the Switch through XMODEM on page 37 e Downloading from a TFTP Server on page 38 e Using Factory Defaults on page 38 Starting the Switch You can access the Command Line Interface CLI of SFTOS S Series Force10 Operating System the switch management software in the 52410 locally or from a remote workstation For remote access see Management IP Address on page 35 Connect the power cord to turn the power on 2 From a console connection allow the S2410 to load the software until the following options are presented as shown in Figure 2 Select an option If no selection in 2 seconds then operational code will start 1 Start operational cod
64. channel enable interlace ico oh baa eel eee eRe Lae wR hee ikh 252 port channel Inklrap isses cess uma ss Err HE RD SDEES EE 3 R ORE Go ARR EORR ee 252 pore anne ORB 24 050 qr pra ac b Eo E E E RD ep RAO T N TE oe Rss 253 port coannel SIGUCCAURUNAY aq Aa bd ad Vae ERU SUR EE REPAUS au eeeageeseuGtsadarsades 293 pon lacpmode g2 45 508 sR eee gs PEG RA RA GUERRE ORG HX SE Se PREG AREKE eee ERR ES 253 pon lacpmode enable al heb Sc bk cian te Seg ads a dece ee Bd gr ion ns asses SE Rabid ie da des rose die ied 254 pon Joc BODY HOUR ascecasusxeaqqtus aea d adgeNSQsN E quA GSD vaa a qu Esq 254 port lacplimeout IDIBIHTHDBI au osea ka rere d dopeX ROGO ere er debe dae ead ees 255 show DO Cee DUI equadsdirdeueddaa d RE qd eue qu ce qeu Sq rd quM ud qud i d ud d 255 show por channgl oaas coo ees REE SPE EERE SPOOL LEAS HSE qe xd E ERE See E REDS 256 show port chadgiel GUITITISIV i s44 24042544146 RCA eed 24 se REEL dee EER REOR NE ER 257 BUHIDORN osxids Gacdeers gor roort ig tad aes oo0Ges paa Rar NUD Sohang deb DIORA 257 Chapter 16 Spanning Tree STP Commands 200s e eee ee eee eee eee eee 259 show Spanning Geb iius cessus sed d RHEE RACER ROR REE RRR RO GR E d ROO Ree a eden 260 show spanning tree interface iocus eet k states wap ah RU RR REOR Ra es A dd dran Ta et od 261 show spanning tree mst detailed illlsileeilleee hn 262 show spanning tree mst port detailed 0000 c ec eh 262 show spanning iree msi port Summary
65. common and internal spanning tree instance If the cost token is specified this command sets the path cost for this port within a multiple spanning tree instance or the common and internal spanning tree instance depending on the mstid parameter to the default value in other words a pathcost value based on the Link Speed If the external cost token is specified this command sets the external path cost for this port for mst 0 instance to the default value in other words a pathcost value based on the Link Speed Spanning Tree STP Commands Syntax Mode spanning tree mst instance If the port priority token is specified this command sets the priority for this port within a specific multiple spanning tree instance or the common and internal spanning tree instance depending on the mstid parameter to the default value in other words 128 no spanning tree mst mstid cost port priority Interface Config spanning tree mst instance Syntax Mode This command adds a multiple spanning tree instance to the switch The instance mstid is a number within a range of 1 to 4094 that corresponds to the new instance ID to be added The maximum number of multiple instances supported by SFTOS is 4 The no version of this command removes a multiple spanning tree instance from the switch and reallocates all VLANS allocated to the deleted instance to the common and internal spanning tree The instance mstid is
66. configure S50 Config lineconfig S50 Line Figure 18 lineconfig Command Example Related configure Accesses the Global Config mode which is the mode in which you can Commands 9 9 y execute this lineconfig command serial baudrate This command specifies the communication rate of the terminal interface The supported rates are 1200 2400 4800 9600 19200 38400 57600 115200 Syntax serial baudrate 1200 2400 4800 9600 19200 38400 57600 115200 SFTOS Command Reference for the S2410 Version 2 4 1 0 91 serial timeout Default Mode The no serial baudrate command sets the communication rate of the terminal interface to the 9600 default 9600 Line Config serial timeout Syntax Default Mode show serial Syntax Mode Example 92 This command specifies the maximum connect time in minutes without console activity serial timeout 0 760 A value of 0 means no console timeout The range is 0 to 160 minutes The no serial timeout command sets the maximum connect time in minutes without console activity to the 5 minute default 5 Line Config This command displays serial communication settings for the switch show serial Privileged Exec and User Exec Forcel0 S50 show serial Serial Port Login Timeout minutes 20 Baud Rate DDS egeo oth aue RASEDE R SCR eT actus 9600 Character Size Oi Cas wii ey oe 6S ee Ses 6 Pass 8 Erow Cont eel
67. duration ip ssh timeout 760 The time is a decimal value from 1 to 160 The no ip ssh timeout version of this command sets the SSH connection session timeout value in minutes to the default 5 minutes Global Config Version 2 3 Changed from sshcon timeoutand moved from Privileged Exec mode to Global Config show ip ssh This command displays the SSH settings This command displays the SSH settings show ip ssh Privileged Exec Report fields Administrative Mode This field indicates whether the administrative mode of SSH is enabled or disabled Protocol Levels The protocol level may have the values of version 1 version 2 or both versions 1 and version 2 Connections This field specifies the current SSH connections Security Commands sshcon maxsessions SSH Sessions Currently Active Max SSH Sessions Allowed SSH Timeout SSH login timeout configured by ip ssh timeout command sshcon maxsessions Command History Version 2 3 Replaced by ip ssh maxsessions sshcon timeout Command History Version 2 3 Replaced by ip ssh timeout Hypertext Transfer Protocol HTTP Commands The commands in this section are e ip http javamode enable on page 196 e ip http secure port on page 196 e ip http secure protocol on page 196 e ip http secure server enable on page 197 e ip http server enable on page 197 e show ip http on page 198 This section provides a detailed explanatio
68. enable Syntax Default Mode Command History 240 This command configures a selected interface as a multicast router interface When configured as a multicast router interface the interface is treated as a multicast router interface in all VLANs no igmp mrouter interface enable The no version of this command disables the status of the interface as a statically configured multicast router interface disable Interface Config Version 2 3 Revised from set igmp mrouter interface IGMP Snooping Commands Related Commands set igmp interface igmp enable interface Enables IGMP Snooping on a selected interface set igmp interface Command History Related Commands Version 2 3 Revised to igmp interface igmp enable interface Enables IGMP Snooping on a selected interface set igmp system Command History Related Commands Version 2 3 Changed to igmp enable global igmp enable global Enables IGMP Snooping on the system igmp enable interface Enables IGMP Snooping on a selected interface set igmp fast leave Command History Related Commands Version 2 3 Revised to igmp fast leave igmp fast leave interface Enables or disables IGMP Snooping fast leave admin mode on a selected interface igmp enable global Enables IGMP Snooping on the system set igmp groupmembership interval global Syntax This command
69. exit to the Global Config mode enter the exit command To return to the User Exec mode enter Cirl Z Interface Config In the Global Config mode hostname Interface if To exit to the Global Config mode enter enter the interface range range command conf if range range where range consists of the specified interface range For example for VLANs 100 200 the prompt is hostname conf if range vl 100 200 enter the interface number the exit command To return to the User command Exec mode enter Ctrl Z Interface Range In the Global Config mode hostname To exit to the Global Config mode enter the exit command To return to the User Exec mode enter Ctrl Z The Ethernet Range mode Port Channel mode and VLAN Range mode are the three child modes of the Interface Range mode The exit command returns you to the Interface Range mode Interface VLAN In the Global Config mode enter the command interface vlan vlanid hostname conf if vl vlan id To exit to the Global Config mode enter the exit command or press Ctrl Z to switch to the User Exec mode Line Config Mode In the Global Config mode enter the lineconfig command hostname line To exit to the Global Config mode enter the exit command To return to the User Exec mode enter Ctrl Z SFTOS Command Reference for the S2410 Version 2 4 1 0 47 Table 3 Command Modes Command Mode Mode Access Method
70. ia pele eh abf eec m EUR 212 SOM Ch MON TOTISET ATTIE TTIE TENTIT T ETET ITTI TETTEIT 212 show ip dhep giobal CONMOUTANON 264 2254 45 Ib REIP ER ER GEI RE aE RIPE CE RA 213 show ip dhep pool configuration MT 213 show ip dhcp server statistics aaaaaan nananana es 214 SHOW PDOP CONE Lex kA eee da XE ee eea kL eee PCT C EYE Aa 214 Chapter 11 ONTP COMMA See EP 215 snip broadcast chent poll mierval suseacekeiieees asa ROG PG RG GRE RA RRAQERAGQAAE ORE 215 SHI OGNI MOTE 420205 he Nac ERO X CORRER RO PR ERU aC doa eer Rp dade bts 216 SR Cle NM ds cns E bu Ede bbe d i eai ul add ibi eee sa bed darsi dederas 216 snip unicast client poll interval sis ces0 cease koe eed XE ak y ee ee R E R 217 snip unicast chent DOTHIRIOOUT sssrsirsrrisrredprerisrie tirida kin dpri area OER 217 snip unicas Dent POTOUY s Lu iex asp ERFVRRRREGUGXQUADEBDIEAGGAGAdQQIRAZQGA der Goons 217 D gero lu M ETUR 218 SION SIN osa quiae aic quis dd cadis cade dab au ed diva adiu dU cadis ced ee app dod dal 218 SHOW SIND GUO CC 219 show SUD SRIVES Lose kbesbiepRRREA ERG eiwRRES Rd DEVE ES OAS ORES HOO EE RE 220 Chapter 12 VLAN Stack GomMMaNdS isic ccc kecee Gorse seed ciesseetesteeeestacestaeeees 221 ice I Ng iip on cdirbbues MOtenebnad eta peasy diarimea kia tiidetnng ss 221 MOOS doltg IURDOl uuo casse WX REPRE RAE RRHE EEE RRL ERE Re eee ee aca ded 222 IO HS O aei a d db nsu iol ddl Sod kad ao died peel 222 SOON ROMO Liu ed VOS ARRSNad ERA RenPLpgGnaeicRLeqcA
71. in this guide contain a description of the fields in their reports and in some cases with examples This document includes information on the protocols and features found in SFTOS Background on networking protocols is included primarily to describe the capabilities of SFTOS For more complete information on protocols refer to other documentation and IETF RFCs SFTOS Command Reference for the S2410 Version 2 4 1 0 21 Audience This guide assumes you are knowledgeable in Layer 2 and Layer 3 networking technologies that you have an understanding of the SFTOS software base and have read the appropriate specification for the relevant switch platform This document is primarily for system administrators configuring and operating a system using SFTOS software It is intended to provide an understanding of the configuration options of SFTOS software In addition software engineers who will be integrating SFTOS software into their router or switch product can benefit from a description of the configuration options How to Use this Guide 22 This guide is structured so that you can look up not only command syntax but also how commands are related Related commands are generally grouped together and in addition some command statements contain links to descriptions of related commands While you can infer a lot about the use of a command from its syntax statement you are better served to see if the SFTOS Configuration Guide Versio
72. including bad packets received that were between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets Packets Received 128 255 Octets The total number of packets including bad packets received that were between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets Packets Received 256 511 Octets The total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets Packets Received 512 1023 Octets The total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets Packets Received 1024 1518 Octets 70 The total number of packets including bad packets received that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets System Management Commands show interface ethernet Table 8 Fields in Output of show interface ethernet unit slot port Command continued Field Description Packets Received 1519 1522 Octets Packets Received gt 1522 Octets The total number of packets including bad packets received that were between 1519 and 1522 octets in length inclusive excluding framing bits but including FCS octets The total number of packets received that were longer than
73. interface managementethernet on page 58 ip address management on page 58 mac address on page 59 mac type on page 59 management route default on page 60 mtu on page 61 network mac address on page 62 network mac type on page 62 network parms on page 62 SFTOS Command Reference for the S2410 Version 2 4 1 0 55 dir dir 56 Syntax Default Mode Command History e network protocol on page 62 e protocol on page 63 e serviceport ip on page 63 e serviceport protocol on page 64 e show arp switch on page 64 e show hardware on page 65 e show interface on page 65 show interface ethernet on page 67 show interface managementethernet on page 75 e show interface switchport on page 76 show interfaces on page 77 show logging on page 78 e show mac addr table on page 78 show msglog on page 80 e show network on page 81 e show running config on page 81 show serviceport on page 82 e show sysinfo on page 83 e show version on page 84 e show tech support on page 86 This command displays the directory structure and files stored in NVRAM dir nvram none Privileged Exec Version 2 3 Introduced System Management Commands Example hostname Syntax Parameters Default Mode Command History hostname Force10 dir nvram RamDiskVol filesystem gt sslt rnd 1024 dhcpsLeases cfg 85088 startup config 6392 Filesystem size 4179968 Bytes used 92504 Bytes free 4087464
74. interval Syntax Usage Default Mode This command sets the poll interval for SNTP unicast clients in seconds as a power of two where poll interval can be a value from 6 to 16 sntp unicast client poll interval poll interval Use the no sntp unicast client poll interval command to reset the poll interval for SNTP unicast clients to its default You can also set the poll interval for an SNTP client with the sntp client port command 6 Global Config sntp unicast client poll timeout Syntax Default Mode This command sets the number of seconds to wait for an SNTP response when the client is configured in unicast mode sntp unicast client poll timeout poll timeout The poll timeout range is 1 to 30 seconds Use the no sntp unicast client poll timeout command to reset the poll timeout for SNTP unicast clients to its default value 5 seconds Global Config sntp unicast client poll retry Syntax This command sets the number of times to retry a request to an SNTP server after the first time out before attempting to use the next configured server when configured in unicast mode sntp unicast client poll retry poll retry The poll retry for SNTP unicast clients is an integer from 0 to 10 retries Use the no sntp unicast client poll retry version of this command to reset the poll retry for SNTP unicast clients to its default value SFTOS Command Reference for the S2410 Version 2 4 1 0 217 sntp server Default
75. is derived using the bridge priority and the base MAC address of the bridge Regional Root Path Cost Path cost to the common spanning tree Regional Root Associated FIDs List of forwarding database identifiers currently associated with this instance Associated VLANs List of VLAN IDs currently associated with this instance When the brief optional parameter is included this command displays spanning tree settings for the bridge In this case the following details are displayed Bridge Priority Specifies the bridge priority for the spanning tree Bridge Identifier The bridge identifier for the selected instance Bridge Max Age Specifies the bridge maximum age for the spanning tree Hello Time Configured value of the parameter for the common spanning tree Bridge Forwarding Delay Specifies the time spent in Listening and Learning mode before forwarding packets Bridge Forwarding Delay must be greater or equal to Bridge Max Age 2 1 The time range is from 4 seconds to 30 seconds The default value is 15 Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units BPDUs show spanning tree interface This command displays the settings and parameters for a specific switch port within the common and internal spanning tree The unit slot port is the desired switch port The following details are displayed on execution of the command Syntax show spanning tree inte
76. machine on the specified port to determine when to send an EAPOL EAP Request Identity frame to the supplicant The value is expressed in seconds and will be in the range of 1 and 65535 Supplicant Timeout The timer used by the authenticator state machine on this port to timeout the supplicant The value is expressed in seconds and will be in the range of 1 and 65535 Server Timeout The timer used by the authenticator on this port to timeout the authentication server The value is expressed in seconds and will be in the range of 1 and 65535 Maximum Requests The maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request Identity before timing out the supplicant The value will be in the range of 1 and 10 Reauthentication Period The timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place The value is expressed in seconds and will be in the range of 1 and 65535 Reauthentication Enabled lIndicates if reauthentication is enabled on this port Possible values are True or False Key Transmission Enabled Indicates if the key is transmitted to the supplicant for the specified port Possible values are True or False Control Direction Indicates the control direction for the specified port or ports Possible values are both or in SFTOS Command Reference for the S2410 Version 2 4 1 0 177 show dot1x 178 Ex
77. mcrtexpiretime global Sets the Multicast router present expiration time globally show igmpsnooping Displays IGMP Snooping status information IGMP Snooping Commands set igmp mrouter set igmp mrouter Command History Related Commands Version 2 3 Revised to igmp mrouter igmp enable interface Enables IGMP Snooping on a selected interface igmp mrouter interface Configures a selected interface as a multicast router interface show igmpsnooping Syntax Parameters Mode Command History Report Fields This command displays IGMP Snooping information Configured information is displayed whether or not IGMP Snooping is enabled show igmpsnooping unit slot port 1 3965 unit slot port OPTIONAL Display ports on which Multicast Routers are detected Enter interface in unit slot port format 1 3965 OPTIONAL Display VLANS for the specified interface on which Multicast Routers are detected Privileged Exec Version 2 3 Modified 71 3965 option added VLAN ID When no parameter is specified the response contains the following fields Admin Mode Enabled or Disabled Interfaces Enabled for IGMP Snooping This is the list of interfaces on which IGMP Snooping is enabled Multicast Control Frame Count This displays the number of multicast control frames that are processed by the CPU Vlans enabled for IGMP snooping When the optional argument unit slot port is used the res
78. name snmp server community ipaddr ipaddr name Use no snmp server community ipaddr name to reset a client IP address for an SNMP community to 0 0 0 0 The name is the applicable community name 0 0 0 0 Global Config snmp server community ipmask Syntax Default Mode This command sets a client IP mask for an SNMP community The address is the associated community SNMP packet sending address and is used along with the client IP address value to denote a range of IP addresses from which SNMP clients may use that community to access the device A value of 255 255 255 255 will allow access from only one station and will use that machine s IP address for the client IP Address A value of 0 0 0 0 will allow access from any IP address The name is the applicable community name snmp server community ipmask ipmask name Use no snmp server community ipmask name to reset a client IP mask for an SNMP community to 0 0 0 0 The name is the applicable community name The community name may be up to 16 alphanumeric characters 0 0 0 0 Global Config snmp server community mode 98 This command activates an SNMP community If a community is enabled an SNMP manager associated with this community manages the switch according to its access right If the community is disabled no SNMP requests using this community are accepted In this case the SNMP manager associated with this community cannot manage the switch until the System Management C
79. new operational code using XMODEM Download a new version of SFTOS from an external folder through Xmodem running on the console 5 Display operational code vital product data Lists SFTOS version and installed modules 6 Update Boot Code not active 7 Delete operational code Remove the installed version of SFTOS You might do this if you need to remove a corrupted image or if the NVRAM is too full to download a new version of SFTOS 8 Reset the system This is the same as power cycling 9 Restore Configuration to factory defaults delete config files Replace the startup config with the default config For details on other Xmodem options see Uploading from the Switch through XMODEM on page 37 and Downloading to the Switch through XMODEM on page 37 In general for more information on options related to the Boot menu options see the section Managing Configuration and Software Files in the SFTOS Configuration Guide System Info and System Setup To get information on the software version use the show hardware command Command Syntax show hardware Command Mode Purpose Privileged Exec Displays the serial number software version the device contains burned in MAC address and other device information SFTOS Command Reference for the S2410 Version 2 4 1 0 33 Physical Port Data To get information on the physical port use the show port all command
80. on this port will transmit an EAPOL EAP Request Identity frame before timing out the supplicant SFTOS Command Reference for the S2410 Version 2 4 1 0 171 dot1x port control Default Mode Command History Related Commands 2 Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Interface Range mode added interface range Defines an interface range and accesses the Interface Range mode dot1x port control Syntax Default Mode Command History Related Commands This command sets the authentication mode to be used on the specified port The control mode may be one of the following Force unauthorized The authenticator PAE unconditionally sets the controlled port to unauthorized Force authorized The authenticator PAE unconditionally sets the controlled port to authorized Auto The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant authenticator and the authentication server dot1x port control force unauthorized force authorized auto Use no dot1x port control to set the authentication mode to be used on the specified port to auto auto Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Interface Range mode added
81. other words 20 spanning tree max age 6 40 no spanning tree max age 20 Global Config spanning tree max hops Syntax Default Mode This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree The max hops value is in a range of 1 to 127 The no version of this command sets the Bridge Max Hops parameter for the common and internal spanning tree to the default value spanning tree max hops 1 127 no spanning tree max hops 20 Global Config spanning tree mst This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in the common and internal spanning tree If the mstid parameter corresponds to an existing multiple spanning tree instance then the configurations are done for that multiple spanning tree instance If however 0 defined as the default CIST ID is passed as the mstid then the configurations are performed for the common and internal spanning tree instance SFTOS Command Reference for the S2410 Version 2 4 1 0 269 no spanning tree mst Syntax Default Mode Related Commands If the cost token is specified this command sets the path cost for this port within a multiple spanning tree instance or the common and internal spanning tree instance depending on the mstid parameter The pathcost can be specified as a number in the range of 1 to 200000000 or auto If auto is specified the pathcost value wi
82. prompt such as conf if range vlan 10 20 Interface VLAN Version 2 3 Modified Revised from set igmp mcrtexpiretime Added Interface Range mode and Interface VLAN mode SFTOS Command Reference for the S2410 Version 2 4 1 0 239 igmp mrouter interface Related Commands igmp enable interface Enables IGMP Snooping on a selected interface set igmp mcrtexpiretime sets the Multicast router present expiration time for all routers global interface range Defines an interface range and accesses the Interface Range mode show igmpsnooping Displays IGMP Snooping status information show igmpsnooping Displays IGMP Snooping status information igmp mrouter interface Syntax Mode Command History Related Commands This command configures the VLAN ID vlanid that has the multicast router mode enabled no igmp mrouter vianid The no version of this command disables multicast router mode for a particular VLAN ID vlanid Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Modified Revised from set igmp mrouter Added Interface Range mode igmp enable interface Enables IGMP Snooping on a selected interface interface range Defines an interface range and accesses the Interface Range mode interface Identifies an interface and enters the Interface Config mode igmp mrouter interface
83. received by this authenticator EAPOL Logoff Frames Received The number of EAPOL logoff frames that have been received by this authenticator Last EAPOL Frame Version The protocol version number carried in the most recently received EAPOL frame Last EAPOL Frame Source The source MAC address carried in the most recently received EAPOL frame EAP Response ld Frames Received The number of EAP response identity frames that have been received by this authenticator EAP Response Frames Received The number of valid EAP response frames other than resp id frames that have been received by this authenticator EAP Request ld Frames Transmitted The number of EAP request identity frames that have been transmitted by this authenticator EAP Request Frames Transmitted The number of EAP request frames other than request identity frames that have been transmitted by this authenticator Invalid EAPOL Frames Received The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized EAP Length Error Frames Received The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized Security Commands show dot1x users show dot1x users This command displays 802 1x port security user information for locally configured users Syntax show dotlx users unit slot port Mode Privileged Exec Example ForcelO0 show dotlx
84. role of the specified port within the spanning tree show spanning tree mst summary This command displays summary information about all multiple spanning tree instances in the switch On execution the following details are displayed Syntax show spanning tree mst summary Mode Privileged Exec and User Exec MST Instance ID List List of multiple spanning trees IDs currently configured For each MSTID Associated FIDs List of forwarding database identifiers associated with this instance Associated VLANs List of VLAN IDs associated with this instance 264 Spanning Tree STP Commands show spanning tree summary show spanning tree summary This command displays spanning tree settings and parameters for the switch The following details are displayed on execution of the command Syntax show spanning tree summary Mode Privileged Exec and User Exec Spanning Tree Adminmode Enabled or disabled Spanning Tree Version Version of 802 1 currently supported IEEE 802 1s IEEE 802 1w or IEEE 802 1D based upon the Force Protocol Version parameter Configuration Name ldentifier used to identify the configuration currently being used Configuration Revision Level lIdentifier used to identify the configuration currently being used Configuration Digest Key lIdentifier used to identify the configuration currently being used MST Instances List of all multiple spanning tree instances configured on the switch show spanning
85. sets the IGMP Group Membership Interval time globally The group membership interval time is the amount of time in seconds that a switch will wait for a report from a particular group before deleting the interface from the entry set igmp groupmembership interval 2 3600 SFTOS Command Reference for the S2410 Version 2 4 1 0 241 set igmp groupmembership interval interface Default Mode Related Commands The variable must be greater than the IGMPv3 maximum response time value The range is 2 to 3600 seconds The no igmp groupmembership interval command sets the IGMP v3 group membership interval time globally to the default value 260 seconds Global Config igmp groupmembership interval interface Sets the IGMP Group Membership Interval time on a particular interface igmp enable interface Enables IGMP Snooping on a selected interface igmp enable global Enables IGMP Snooping on the system set igmp groupmembership interval interface Command History Related Commands Version 2 3 Revised to igmp groupmembership interval interface level igmp groupmembership interval interface Sets the IGMP Group Membership Interval time on a particular interface igmp enable interface Enables IGMP Snooping on a selected interface igmp enable global Enables IGMP Snooping on the system set igmp interface Command History Related Commands Version 2 3 Revised to igmp
86. switch To configure that port SFTOS 2 4 1 includes a new set of serviceport commands See System Management Commands on page 55 You also have the option of managing the switch through the console port and management VLAN which are common to all S Series switches Speed commands All ports in the S2410 are fixed at 10GB except the Ethernet Management port which is set to auto negotiate so the speed and auto negotiation commandis in other versions of SFTOS are not included See System Configuration Commands on page 105 Other Changes SFTOS 2 4 1 contains some other differences in comparison to SFTOS 2 3 1 9 CXA cable configuration The CX4 ports in the 52410 are auto configuring to match signal strength to the cable length so the CX4 pre emphasis commands in other versions of SFTOS are not needed and are not available SFTOS Command Reference for the S2410 Version 2 4 1 0 3 The maximum number of LAGs is 12 with a maximum of 12 ports in a LAG vs 32 LAGs with a maximum of eight members each in SFTOS 2 3 1 See Chapter 15 LAG Port Channel Commands on page 249 Maximum Jumbo Frame size increased from 9216 to 10240 IGMP Snooping The current S2410 hardware does not support IGMP Snooping so the commands in the IGMP Snooping chapter appear in the CLI but do not function ACLs CoS and QoS IP ACLs are not available The CoS traffic class range is four See the commands using the trafficclass parameter in Chapt
87. to a blank string Mode Interface VLAN SFTOS Command Reference for the S2410 Version 2 4 1 0 125 network mgmt_vlan Command History Version 2 3 Modified Changed from vlan name to name and mode changed from VLAN database to Interface VLAN Removed ID range variable Peiteng how vlan Displays information about VLANs either detailed information for ifi Commands show vla splays information abou S either detailed information for a specific VLAN or summary information for all configured VLANs show port Displays port information for a selected port or for all ports network mgmt vlan Command f Fa 5 EE z History Version 2 3 Deprecated The functionality is available in the vlan participation command Related interface managementethernet Invokes ManagementEthernet mode the Config if ma prompt Commands at which the user can set the network parameters of the switch including using the vlan participation command vlan participation Assigns the management VLAN management participation VLAN Configure how ports participate in a specific VLAN Mode Interface VLAN Command History Version 2 3 Introduced but deprecated in favor of the tagged command Related Tagged Sets tagging to enabled for ific interface in the selected VLAN Command agge ets tagging to enabled for a specific interface e selecte priority VLAN Configure the priority for untagged frames Mode I
88. to save them now y n n Configuration Not Saved Are you sure you want to reload the stack y n y Reloading all switches Forcel0 Boot Code Version 01 00 26 06 03 2005 Select an option If no selection in 2 seconds then operational code will start 1 Start operational code 2 Start Boot Menu Select 1 2 2 Boot Menu Version 01 00 26 06 03 2005 Options available Start operational code Change baud rate Retrieve event log using XMODEM 64KB Load new operational code using XMODEM Display operational code vital product data Update Boot Code Delete operational code AANA 01 CO F2 n2 Reset the system 9 Restore Configuration to factory defaults delete config files id Menu Figure 2 Example of Accessing the Boot Menu with the reload Command Quick Start 2 At the Boot Menu prompt press the number and Enter of the option that you want The options are Table 1 Boot Menu Options Boot Menu Options Details 1 Start operational code Start SFTOS the same option as presented in the two option startup menu 2 Change baud rate Invoke a menu that offers console speed settings from 9600 to 115kb 3 Retrieve event log using XMODEM 64KB Upload a text file of the event log to an external folder through Xmodem running on the console After selecting this option you are given the chance to cancel the transfer by typing Ctrl x several times 4 Load
89. users 0 1 Users admin Figure 41 Example of Output from the show dot1x users Command User Users configured locally to have access to the specified port Related dot1x user Add the specified user to the list of users with access to the specified port or all ports Commands show users authentication This command displays all user and all authentication login information It also displays the authentication login list assigned to the default user Syntax show users authentication Mode Privileged Exec Example Forcel0 show users authentication Authentication Login Lists User System Login 802 1x admin defaultList defaultList default tacConfig defaultList Figure 42 Example Output from the show users authentication Command User This field lists every user that has an authentication login list assigned System Login This field displays the authentication login list assigned to the user for system login 802 1x Port Security This field displays the authentication login list assigned to the user for 802 1x port security SFTOS Command Reference for the S2410 Version 2 4 1 0 179 users defaultlogin users defaultlogin users login Syntax Mode Syntax Mode This command assigns the authentication login list to use for non configured users when attempting to log in to the system This setting is overridden by the authentication login list assigned to a specific user if the user is configured locally If this
90. valid IP address made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid Mask is the IP subnet mask for the specified address pool The prefix length is an integer from 0 to 32 The no version of this command removes the subnet number and mask Syntax network networknumber mask prefixlength no network Default none Mode DHCP Pool Config netbios name server This command configures Windows Internet Naming Service WINS name servers that are available to DHCP clients WINS name servers map NetBIOS names to IP addresses on TCP IP networks One IP address is required although one can specify up to eight addresses in one command line Servers are listed in order of preference address is the most preferred server address2 is the next most preferred server and so on Syntax no netbios name server address address2 address8 Default none Mode DHCP Pool Config netbios node type The command configures the NetBIOS node type for Microsoft Dynamic Host Configuration Protocol DHCP clients The type variable specifies the NetBIOS node type Valid types are b node Broadcast e p node Peer to peer e m node Mixed 210 DHCP Server Commands next server option Syntax Default Mode Syntax Default Mode Syntax next server e h node Hybrid recommended The no version of this command removes the NetBIOS node type netbios node type type none DHCP Pool Confi
91. value is not configured users will be authenticated using local authentication only users defaultlogin istname Global Config This command assigns the specified authentication login list to the specified user for system login The user must be a configured user and the listname must be a configured login list If the user is assigned a login list that requires remote authentication all user access from all CLI Web and Telnet sessions will be blocked until authentication is complete Note that the login list associated with the admin user cannot be changed to prevent accidental lockout from the switch users login user listname Global Config RADIUS Commands 180 This section contains the following commands for the Remote Authentication Dial In User Service RADIUS one method for validating administration access to the switch radius accounting mode on page 181 e radius server host on page 181 e radius server key on page 182 e radius server msgauth on page 183 e radius server primary on page 183 e radius server retransmit on page 183 e radius server timeout on page 184 e show radius on page 184 e show radius accounting statistics on page 185 e show radius statistics authentication on page 186 Security Commands radius accounting mode radius accounting mode Syntax Default Mode This command is used to enable the RADIUS accounting function The no version of this command is used to set the R
92. 0 142 Sample Output from the show logging Command 0000 cece eee 153 Sample Output from the show logging Command 0 00 cece eee 155 Example of show port security all Command Output 00 00 eee 167 Example of Output from the show dot1x detail Command 0 0005 178 Example of Output from the show dot1x users Command 0000 eee 179 Example Output from the show users authentication Command 179 show radius accounting Command Example 00000 eee eee eee 185 show radius accounting statistics IP address Command Example 185 Example of show ip http Command Output 000 cece eee ee 198 Command Example show storm control 000 0c eee eee eee 199 Show snip Command Example suadeat mah d dm XU eau dieuaheadeaes 218 show snip client Command Example sucio RR RR RR RE n 219 show sntp server Command Example lsllsllele lesse 220 show gvrp configuration Command Output Example 0 00 cee eee 230 Example of show port channel brief Command Output 00 0c eee 255 List of Tables Table 1 Boot Menu CODUOUS uuo sas o secs cdh needa dda OR REX d ASIE RXA Vp RR Ya d RP Es 33 Table 2 Network Address Syntax PRSE xd dd rer TODO MOREM m Table 3 Command Modos ccs d uszxxped sexi XAR RR RXXEGGG ORES Reed SER pes 47 Table 4 Interface ManagementEthernet Mode Command Families ss
93. 1 2 and 2 Global Config Version 2 3 Modified Moved from Privileged Exec mode to Global Config mode ip ssh server enable Syntax Default Mode Command History Related Commands Enable SSH The no version of this command disables SSH Note This command requires keys certificates to be generated offline before the service will start See s50 secure management paf at log in required https www forcelOnetworks com csportal20 KnowledgeBase Documentation aspx ip ssh server enable no ip ssh server enable disabled Global Config Version 2 3 Modified Moved from Privileged Exec mode to Global Config mode ip telnet server enable Enable disable Telnet services ip http secure server Enable disable HTTPS services enable SFTOS Command Reference for the S2410 Version 2 4 1 0 193 ip ssh timeout ip ssh timeout show ip ssh 194 Syntax Default Mode Command History Related Commands Syntax Mode This command sets the SSH connection session timeout value in minutes A session is active as long as the session has been idle for the value set Changing the timeout value for active sessions does not become effective until the session is reaccessed Any keystroke will also activate the new timeout duration Changing the timeout value for active sessions does not become effective until the session is reaccessed Any keystroke will also activate the new timeout
94. 2410 hardware limitations broadcast storm recovery counters are not incremented show storm control This command displays switch configuration information Syntax show storm control unit slot port all Mode Privileged Exec Broadcast Storm Recovery Mode May be enabled or disabled The factory default is disabled 802 3x Flow Control Mode May be enabled or disabled The factory default is disabled force10 50 show storm control A 802 32 Flow Control Mode 939 Disable Example Forcel0 S50 show storm control 1 0 1 Bcast Bcast Mcast Mcast Ucast Ucast Intf Mode Level Mode Level Mode Level 1 0 1 Disable 5 Disable 5 Disable 5 Forcel0 S50 show storm control all lt cr gt Press enter to execute the command Forcel0 S50 show storm control all Beast Beast Mcast Mcast Ucast Ucast Intf Mode Level Mode Level Mode Level 1 0 1 Disable 5 Disable 5 Disable 5 1 0 2 Disable 5 Disable 5 Disable 5 1 0 3 Disable 5 Disable 5 Disable 5 1 0 4 Disable 5 Disable 5 Disable 5 1 0 5 Disable 5 Disable 5 Disable 5 1 0 6 Disable 5 Disable 5 Disable 5 1 0 7 Disable 5 Disable 5 Disable 5 1 0 8 Disable 5 Disable 5 Disable 5 1 0 9 Disable 5 Disable 5 5 Figure 46 Command Example show storm control SFTOS Command Reference for the S2410 Version 2 4 1 0 199 storm control broadcast Related Commands storm control broadcast Configure storm control show interface ethernet The report generated by the show in
95. 37 ingress filtering 133 134 jointime 225 leave all time 227 leave time 226 making static 124 participation in 133 134 resetting parameters 121 tagging 131 132 135 137 WwW Web connections displaying 158 Web interface command buttons 53 configuring for Web access 52 panel 52 starting 52 Web UI S50 switch navigation icon 53 weighted random early discard WRED 278 wildcard masks ACL 287 Windows Internet Naming Service WINS 210 WINS 210 WRED weighted random early discard 278 282 WRED average queue depth calculation 279 WRED parameters 280 write 146 write memory 146 X Xmodem options 33 SFTOS Command Reference for the S2410 Version 2 4 1 0 303 304 Index
96. 47 128 0 9 47 128 255 The default value is 0 0 0 0 Access Mode The access level for this community string Status The status of this community access entry show snmptrap Syntax Mode This command displays SNMP trap receivers Trap messages are sent across a network to an SNMP Network Manager These messages alert the manager to events occurring within the switch or on the network Six trap receivers are simultaneously supported show snmptrap Privileged Exec SFTOS Command Reference for the S2410 Version 2 4 1 0 95 show trapflags Table 16 Fields of show snmptrap Command Report Field Description SNMP Trap Name The community string of the SNMP trap packet sent to the trap manager This may be up to 16 alphanumeric characters This string is case sensitive IP Address The IP address to receive SNMP traps from this device Enter four numbers between 0 and 255 separated by periods Status Indicates the receiver s status enabled or disabled show trapflags 96 Syntax Mode This command displays trap conditions Configure which traps the switch should generate by enabling or disabling the trap condition If a trap condition is enabled and the condition is detected the switch s SNMP agent sends the trap to all enabled trap receivers The switch does not have to be reset to implement the changes Cold start traps are always generated and cannot be disabled Note
97. 52 port channel name 253 port channel staticcapability 253 portfast 267 ports administrative mode 119 257 deleting from LAGs 251 frame acceptance mode 133 134 GVRP 228 229 information 117 ingress filtering 133 134 link traps 103 tagging 131 132 135 137 VLAN IDs 134 137 port security 164 port security mac address 165 port security mac address move 166 port security max dynamic 164 port security max static 165 pre emphasis commands 3 priority 190 priority TACACS 190 priority VLAN 126 Privileged Exec Mode 48 Privileged Exec mode 47 probe port 112 Products and Services Liability 23 prompt Interface VLAN mode 124 protocol management VLAN 63 Protocol Data Units See PDUs protocol group 127 protocol vlan group 127 protocol vlan group all 128 pvid VLAN 128 Q QinQ 221 QoS ACLs 28 QoS DiffServ 4 queue drop precedence levels 280 Quick Reference 23 quit 143 R radius accounting mode 181 radius server host 181 radius server key 182 radius server msgauth 183 radius server primary 183 radius server retransmit 183 radius server timeout 184 random detect exponential weighting constant 279 random detect queue parms 280 range configuration 108 Range Port Channel 252 257 rate shaping 285 Refresh button 53 Related Documents 23 release notes 23 reload 38 144 remotecon maxsessions 91 reset system command 144 RFC 1700 205 Router Config OSPF Mode 49 Router Config RIP Mode 49 router ospf command 49
98. 6 configure on page 106 enable on page 107 e interface on page 108 interface range on page 108 e monitor session on page 112 e monitor session 1 mode on page 113 no monitor on page 113 no monitor session 1 on page 114 e show forwardingdb agetime on page 114 e show mac address table on page 114 SFTOS Command Reference for the S2410 Version 2 4 1 0 105 bridge aging time show mac address table multicast on page 115 e show mac address table stats on page 116 show monitor session on page 116 e show port on page 117 e show port protocol on page 119 e shutdown Interface on page 119 e shutdown all on page 119 MAC Database To configure and view information about the MAC databases see the following commands in Commands this section e bridge aging time on page 106 e show forwardingdb agetime on page 114 e show mac address table multicast on page 115 e show mac address table stats on page 116 bridge aging time This command configures the forwarding database address aging timeout in seconds Syntax bridge aging time seconds The command no bridge aging time sets the forwarding database address aging timeout to the default of 300 seconds Parameters seconds In place of seconds enter a number between 10 and 1 000 000 to indicate the number of seconds before the timeout Default 300 Mode Global Config Command History Version 2 3 Modified Removed parameters and statements relating to IVL confi
99. 65535 with 1812 being the default value SFTOS Command Reference for the S2410 Version 2 4 1 0 181 radius server key Mode Related Commands If the acct keyword is used the command configures the IP address to use for the RADIUS accounting server Only a single accounting server can be configured If an accounting server is currently configured it must be removed from the configuration using the no form of the command before this command succeeds If the optional port parameter is used the command will configure the UDP port to use to connect to the RADIUS accounting server The IP address specified must match that of a previously configured accounting server If a port is already configured for the accounting server then the new port will replace the previously configured value The port must be a value in the range 1 65535 with 1813 being the default value The no version of this command is used to remove the configured RADIUS authentication server or the RADIUS accounting server If the auth keyword is used the previously configured RADIUS authentication server is removed from the configuration Similarly if the acct keyword is used the previously configured RADIUS accounting server is removed from the configuration The ipaddr parameter must match the IP address of the previously configured RADIUS authentication accounting server Global Config authentication login Define an authentication login list show radius
100. 94 44 f43 94444448944 ATE ee eee Disable Stop BItBieeiao e ete ae he a e E c n 1 DAES en USE bar Car gee Sa uae er ERO shes asics none System Management Commands show serial Table 14 Fields of show serial Command Output Field Description Serial Port Login Timeout minutes Specifies the time in minutes of inactivity on a serial port connection after which the switch will close the connection Any numeric value between 0 and 160 is allowed the factory default is 5 A value of 0 disables the timeout Baud Rate The default baud rate at which the serial port will try to connect The available values are 1200 2400 4800 9600 19200 38400 57600 and 115200 baud bps The factory default is 9600 Character Size The number of bits in a character The number of bits is always 8 Flow Control Whether hardware flow control is enabled or disabled It is always disabled Stop Bits The number of stop bits per character The number of stop bits is always 1 Parity The parity method used on the serial port The parity method is always None SFTOS Command Reference for the S2410 Version 2 4 1 0 93 show serial SNMP Management Commands 94 This section describes the SNMP system management commands supported by SFTOS show snmpcommunity on page 95 e show snmptrap on page 95 e show trapflags on page 96 e snmp server on page 97 e snmp server community on page 97 no
101. AC Addresses Static Limit Maximum statically allocated MAC Addresses Violation Trap Mode Whether violation traps are enabled Security Commands show port security dynamic Example Force10 ie show port security all Admin Intf Mode 0 1 Disabled 0 2 Disabled 0 3 Disabled 0 4 Disabled 0 5 Disabled 0 6 Disabled FO 7 Disabled 0 8 Disabled 0 9 Disabled 0 10 Disabled 0 11 Disabled 0 12 Disabled 0 13 Disabled 0 14 Disabled 0 15 Disabled 0 16 Disabled 0 17 Disabled 0 18 Disabled More or q uit loutput deleted Forcel04 Dynamic Static Violation Limit Limit Trap Mode 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled 600 20 Disabled E Figure 39 Example of show port security all Command Output Related show port security dynamic Displays the dynamically locked MAC addresses for port Commands show port security static Displays the statically locked MAC addresses for port show port security violation Displays the source MAC address of the last packet that was discarded on a locked port show port security dynamic This command displays the dynamically locked MAC addresses for port Syntax show port security dynam
102. ADIUS accounting function to the default value i e the RADIUS accounting function is disabled radius accounting mode disabled Global Config radius server host Syntax Parameters Usage Configure the RADIUS authentication and accounting server connections radius server host auth acct ipaddr port no radius server host auth acct ipaddr auth Use this keyword if you want to configure a connection to a RADIUS authentication server See Usage below acct Use this keyword if you want to configure a connection to a RADIUS accounting server See Usage below ip addr Enter the IP address in dotted decimal format of the server host port Optional Configure the UDP port number to use to connect to the configured RADIUS server See Usage below If the auth keyword is used the command configures the IP address to use to connect to a RADIUS authentication server Up to 3 servers can be configured per RADIUS client If the maximum number of configured servers is reached the command will fail until one of the servers is removed by executing the no form of the command If the optional port parameter is used with the auth keyword the command will configure the UDP port number to use to connect to the configured RADIUS authentication server In order to configure the UDP port number the IP address must match that of a previously configured RADIUS authentication server The port number must lie between 1
103. Boot Menu on page 32 Enter y at the prompt that asks if you want to reset the system Choose to reset the switch or cold boot the switch both work effectively 38 Quick Start Using the Command Line Interface The SFTOS command line interface CLI is one of the three major ways to manage the 2410 and is the most complete The SFTOS Web User Interface Web UI is discussed in Chapter 4 Using the Web User Interface and SNMP is addressed in SNMP Management Commands on page 94 in the Management chapter This chapter covers the following topics e Command Syntax Conventions on page 39 e Keyboard Shortcuts on page 43 e Obtaining Help at the Command Line on page 43 e Using Command Modes on page 44 e Mode based Topology on page 45 e Mode based Command Hierarchy on page 48 Flow of CLI Operation on page 50 Command Syntax Conventions This guide uses the following conventions to describe command syntax Convention Description keyword Keywords are in bold and must be entered in the CLI as listed parameter Parameters variables are in italics and require a number or word to be entered in the CLI The CLI online help shows parameters in brackets parameter X Keywords and parameters that are shown within braces in syntax statements must be entered in the CLI X Keywords and parameters that are shown within brackets in syntax statements are optional x y Keywords and parameters that are shown
104. CLs are unapplied to the port all CPU MA table entries associated with that port will be flushed from the table If ACLs are unapplied and port security is not enabled on the port the hardware is configured to no longer trap frames from that port to the CPU e ACLs take precedence over port based security configuration See Implementation Notes on page 164 in the Security Commands chapter for details denylpermit This command creates a new rule for the selected MAC access list Each rule is appended to the list of configured rules for the list Note that an implicit deny all MAC rule always terminates the access list Syntax deny permit srcmac srcmacmask any dstmac dstmacmask any bpdu ethertypekey 0x0600 OxFFFF vlan eq 0 4095 range 0 4095 0 4095 cos 0 7 secondary vlan eq 0 4095 range 0 4095 0 4095 secondary cos 0 7 assign queue queue id_0 6 redirect s ot port Parameter F zn amen deny permit The rule may either deny or permit traffic according to the specified classification fields srcmac Note In SFTOS 2 4 1 only the source MAC is supported srcmacmask The source srcmac srcmacmask any and destination dstmac any dstmac dstmacmask any bpdu MAC value and mask pairs must be specified dstmacmask each of which may be substituted using the keyword any to indicate a match any bpdu on any value in that field See the Usage section below The bpdu keyword may be s
105. CM 1813 Gecset COnfdOgured ver RR ERRAT emer MhepeEet chepekel eher eke NoForcel0 Figure 43 show radius accounting Command Example Table 19 show radius accounting Command Example Fields Field Description RADIUS Accounting Mode Enabled or disabled IP Address The configured IP address of the RADIUS accounting server Port The port in use by the RADIUS accounting server Secret Configured Yes or No If the optional keyword statistics P address is included the statistics for the configured RADIUS accounting server are displayed The IP address parameter must match that of a previously configured RADIUS accounting server The following information regarding the statistics of the RADIUS accounting server is displayed 50 TAC 5 show radius accounting accounting statistics 1 1 1 1 E RADIUS Accounting Server IP Address tatsi Round Trip Tania 4c ee e exta XO a CACX Sa RS 0 00 REGUCS Ss ores du cv mpl tete eater ete ae RARUS RUE UE SONGS X08 Rom 0 Retuansm es goa X RARO REG c ee 0 ReSpOHnSeS iia eb Ene rel ice cava cane Je CN LR RC RUE eC RR SARNA 0 Madltformed ResponsSesS ceelelegWue urn RR PUE E ES 0 Bad Ath nt Gators 2494345445445 449 6 9 Ves Ve SS 0 Pending Requests os e acr eae NC X ON a Rc 0 proc c4 M T 0 Unknown ypSQsasseu e uer AA rA RM RM ae aki a Mela e ee 0 Packets DrOpped 12344 3e ce ca Erare Rr a EEEE Rr Len SC veces 0 amp P Fig
106. Display RADIUS servers users defaultlogin Assign the authentication login list to use for non configured users when attempting to log in to the system radius server key Syntax Mode 182 Configure the shared secret between the RADIUS client and the RADIUS accounting authentication server radius server key auth acct ipaddr Depending on whether the auth or acct keyword is used the shared secret will be configured for the RADIUS authentication or RADIUS accounting server The IP address provided must match a previously configured server When this command is executed the secret will be prompted The secret must be an alphanumeric value not exceeding 20 characters Global Config Security Commands radius server msgauth radius server msgauth This command enables the message authenticator attribute for a specified server Syntax radius server msgauth ipaddr Mode Global Config radius server primary This command is used to configure the primary RADIUS authentication server for this RADIUS client The primary server is the one that is used by default for handling RADIUS requests The remaining configured servers are only used if the primary server cannot be reached A maximum of three servers can be configured on each client Only one of these servers can be configured as the primary If a primary server is already configured prior to this command being executed the server specified by the IP address specified u
107. E coe ks 148 BoHpl Valldal iuuseusessuusetuREA ERRORES RU AR ROREM RARE ERTS ERR RR RR REOR RES 148 Chapter 7 System Log sca cs insir prisa i suL NAR seeds eeenessneeneeneesaneeivene ni 149 JOIN TAMIA bit coer a kia E sistema end d quebec aol dera E Eu E ISO delegatis 149 logging buffered WIAD issus cues cesa siniri TES RET RETEA BEER ET SERA 150 POSIT CONE asse TE FC pH E e E E ER E E HEnE 150 COI CONSE M ME AnA Eaa ear AETA REAREA 151 JOGO MOST Lust aues Er E d Kad a d d uv xad xq Rm dE ad dd 151 logging DUST POCONOS uid quie eedptpbne quie expe PU Ur est eu id aparece Ind deal aereis 152 IDODng Rast PONG oos vaaquacpc amd emu ha RE Ra P EAS ESSQRME M FEQQE REUS EGRE 152 POG DOES ican de oerere ach bor dors qot deediet ded a d p qp Ib and o pd Reuter d dip 152 I SONT NI cede di 4 odebsd bd V dee dca Ped uiti dd eel ed 2 iR dra aid 152 logging Syslog cecsssssu uacua RE ORG RC EGO RR KA S RR EERE ER RARE RR AGE Gad dex d Ka dd 153 show TONG lt 5 BERS 2EK ORE RI PERO A RE RR REN A TEES RI MEG UE NM EU EP 153 show ogongo DUBIO caa adusRRRZEQECRQU RRPrREG 3RAREPNAGQAGAdGQERAJIMNSPRRAdQRE 154 show logging NOSIS iius ccc rth dete RHODE RARE RRS RR ORG SO Rod GC eol Sede 156 SOW OI ERIN OS addu d ce oh Be ae ga ce ae ee dnd Gon doa sb RGA iU a c eed ee Boe 156 Chapter 8 User Account Commands ocesssosbscueevabes wrdeysnaueesens sneckverveseses 157 cte P O O O Im t957 oi nea a a usce booa ad
108. Forwarding Database MFDB information multicast show mac address table stats Displays Multicast Forwarding Database MFDB statistics show mac address table gmrp Displays GARP Multicast Registration Protocol GMRP entries in the MFDB table show mac address table Displays IGMP Snooping entries in the MFDB table igmpsnooping show mac adar table Displays forwarding database entries show mac address table multicast Syntax Mode This command displays the Multicast Forwarding Database MFDB information If the command is entered with no parameter the entire table is displayed This is the same as entering the optional all parameter The user can display the table entry for one MAC Address by specifying the MAC address as an optional parameter show mac address table multicast macaddr 1 3965 For 1 3965 you have the option of entering a valid VLAN ID Privileged Exec MAC Address A multicast MAC address for which the switch has forwarding and or filtering information The format is two digit hexadecimal numbers that are separated by colons for example 01 23 45 67 89 AB In a system the MAC address will be displayed as a MAC address and VLAN ID combination of 8 bytes Type This displays the type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Component The component that is responsible for this entr
109. IONAL To show MAC addresses on a particular interface enter the keyword interface followed by the interface unit slot and port This can be a physical or logical interface vlan VLAN_ID OPTIONAL To show MAC addresses on a particular interface enter the keyword vlan followed by the VLAN_ID count OPTIONAL Display Multicast Forwarding Database MFDB count Mode Privileged Exec Example S50 TAC 8 show mac addr table all Mac Address Interface IfIndex Status 00 01 00 01 00 00 00 37 0 1 1 Learned 00 01 00 03 00 00 00 03 0 2 2 Learned 00 01 00 D0 55 87 CD 2E 3 1 25 Management 00 01 00 01 E8 07 10 18 1 1 26 Learned Figure 13 Example of Output from the show mac addr table all Command Field Mac Address A unicast MAC address for which the switch has forwarding and or filtering information Descriptions The format is 6 or 8 two digit hexadecimal numbers that are separated by colons for example 01 23 45 67 89 AB In an IVL system the MAC address is displayed as 8 bytes Note IVL Independent VLAN Learning allows unicast address to port mappings to gt be created based on a MAC address in conjunction with a VLAN ID In an IVL system the MAC address is displayed as 8 bytes Interface The Unit Slot Port at which this address was learned Note The 3 1 in the Interface column references the Ethernet Management port See Figure 13 and Figure 15 If Index This object indicates the Iflndex of t
110. Interface Range mode added SFTOS Command Reference for the S2410 Version 2 4 1 0 285 show classofservice dot1 pmapping show classofservice dot1pmapping Syntax Mode This command displays the current 802 1p priority mapping to internal traffic classes for all or specific interfaces show classofservice dot pmapping unit slot port Privileged Exec and User Exec vlan port priority all Syntax Mode vlan priority Syntax Default Mode 286 This command configures the port priority assigned for untagged packets for all ports presently plugged into the device The range for the priority is 0 6 Any subsequent per port configuration will override this configuration setting vlan port priority all priority Global Config This command configures the default 802 1p port priority assigned for untagged packets for a specific interface The range for the priority is 0 6 vlan priority priority 0 Interface Config Quality of Service QoS Commands ACL Commands This chapter covers the following commands denylpermit on page 288 mac access list extended on page 290 mac access list extended rename on page 291 mac access group on page 292 show mac access lists on page 292 Note SFTOS 2 4 1 does not support IP based ACL commands An Access Control List ACL ensures that only authorized users and types of traffic to have access to specific resources while blocking unwarranted attemp
111. M TARGET TAG MIB SNMP Research Inc F100S POWER ETHERNET MIB F10OS Power Ethernet Extensions MIB POWER ETHERNET MIB Power Ethernet MIB LAG MIB The Link Aggregation module for managing IEEE 802 3ad RFC 1213 RFC1213 MIB Management Information Base for Network Management of TCP IP based internets MIB II RFC 1493 BRIDGE MIB Definitions of Managed Objects for Bridges dot1d RFC 2674 P BRIDGE MIB The Bridge MIB Extension module for managing Priority and Multicast Filtering defined by IEEE 802 1D 1998 RFC 2674 Q BRIDGE MIB RFC 2737 ENTITY MIB The VLAN Bridge MIB module for managing Virtual Bridged Local Area Networks Entity MIB Version 2 SFTOS Command Reference for the S2410 Version 2 4 1 0 85 show tech support Table 13 Fields in Output of show version Command continued Headings Explanation RFC 2863 IF MIB The Interfaces Group MIB using SMIv2 RFC 3635 Etherlike MIB Definitions of Managed Objects for the Ethernet like Interface Types F100S SWITCHING MIB F100S Switching Layer 2 F100S INVENTORY MIB F100S Unit and Slot configuration F100S PORTSECURITY PRIVATE MIB Port Security MIB IEEE8021 PAE MIB Port Access Entity module for managing IEEE 802 1X F10OS RADIUS AUTH CLIENT MIB F10OS Radius MIB RADIUS ACC CLIENT MIB RADIUS Accounting Client MIB RADIUS AUTH CLIENT MIB RADIUS Aut
112. N 1 6 ke adanthar d aped dede edt dg ay WA Dep ase c dox ae boa 3 her Changes PM 3 EE At GUM ibe at aud Roda hk cn aod demos ha ec at ache al Sha ee qal 4 del CoD PECTORE 5 Do WII 2r eer nm 21 ObjecliVes lile xs ena PRG Ad rH eds TENE eae ewes eed dee TTE 21 PRINS uL sd dy dta rye dcos dedo dede do EC PER HUP ER ERU E dr ae dee Qu 22 Howto Use ihis Wida ua dte dox aeuo ds RR Ab eeu ACAD deos fae eden utar o da dra dd 22 Related Documents and Sources of Additional Information 2 0 000 cece eee eee 23 Products and Services Liability 254 4244 c085 54844 ooo are sead CRX RES R3 CR OEE eT Sd dob dores 23 Contact Information TTET ETTET TIAE pem sarees eure hanes eee aeons ee Documentation Feedback issues cence eere eRe eS Ree ew ER REGRESS Ree eee ee 24 THE Iouppoit Websile via bs ce Gad ee dn dee Raed ad EROR EKG hE EAE R RE dS 24 Chapter 1 c ee CIO S eC Tr dices cote ssersedestets bee dense seeseneeseses 27 Switch Management Options TER EEES PRU bad pitis Ed TT Tm TEES ui BPs ZA T PRUE dad xci e I cabe E oae ER Ok PRO HORE ROO E WERE d 28 Chapter 2 sop e rm 31 Starting the Switch TU TORT T TET TENE TIRET TERI TROC TOU TEES Using the Boot Menu ius suce dass s Reden sur A E Cd dax cs qnan e dra edes eRe dede d 32 Cece nro and System Gell iua iuda wes eek ee OL ad Reed acd 33 Physical Port Data TERT DEP dide qd ee rere TIC NUR T DUET 34 Use
113. NN d 138 Cem Cote c erae aaaea aaa 138 clear pont channel ouee cass RARE HSS ERE SEPA SSR RACER ROS GR ACA C E Roa a E Ra Rd d 139 EDS DOE duit cic enh kh bee eae aeneum BS dude appel oue Quit eaolele L8 duibceupa aod 139 DOR OIDSRODDIIO s ses Super WE RagqueR a dE Xd RARE EG GqQU BRE LEUR dEP ES 139 2 PCT 2 RRR 139 DODU POND EGRET sce E E adeat eub qa ded dab divisa eed oaks Re dadu qu dite edi un 141 enable nass ae ee ee er ky Enr AE RU RA RR ROCA RR KR d xa ed ka RU GR a ded 142 DOUT ao Fgh MRSS See OR Edo bd cio dede Od ead eR o ee ee dor ee ewes 143 UU AEE E AA NT ETTE rO TUTUP 143 poo P HOM 144 FOIE oz E T ENEE A E ce dud cadat dq dea qb eed dM Ora den eet heeds 144 SHOW CODO BRUN a ou da ibrbsa p QeqdeeduaddaeunbcegP Cad bep d es qaB qs qa 144 tora TION es sic perRCRERE PIC EAPNCOIEAUR NE ERGGY qe REP REEICPEEEES ET ORR 145 PACING Sit FR EEUU TETTE oka eek E T 145 WHE 146 SFTOS Command Reference for the S2410 Version 2 4 1 0 9 GConiguraden SENDING 22k soceiveeranckss eodhe daaay SASS CREE Pads RRepb dd ao gi i 146 SOM SOO adque Xie dqud kate adu ad d xbaedqud quu quiaqu d adc seda s dd ad qued 147 510450777 EMT 147 BOUE AE oux Sd HER SIE REAR eee IR E Bd IQ OPI Db Fed e dq d ds 147 MINE SHOW Ap se canoes FANE PARA RESAEZ SISASBROSCdSQIO RE RSRG PARA EE RSUS TD AT
114. Note IP addresses in the SNMP trap receiver table must be unique If you make multiple entries using the same IP address the first entry is retained and processed All duplicate entries are ignored snmptrap ipaddr name ipaddrold ipaddrnew Global Config snmptrap mode Syntax Mode 102 This command activates or deactivates an SNMP trap Enabled trap receivers are active able to receive traps Disabled trap receivers are inactive not able to receive traps no snmptrap mode name ipaddr The no version of this command deactivates an SNMP trap Disabled trap receivers are inactive not able to receive traps Global Config System Management Commands snmp trap link status snmp trap link status This command enables link status traps by interface Syntax no snmp trap link status The no version of this command disables link status traps by interface Note This command is valid only when the Link Up Down Flag is enabled See snmp server enable traps linkmode command Mode Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Command f History Version 2 3 Added Interface Range mode Related interface range Defines an interface range and accesses the Interface Range mode Commands interface Identifies an interface and enters the Interface Config mode snmp trap link status all This command enables link statu
115. ON oid anu dica Reb d racine uus ern ce dodenus ahaa aar sd a Ud ed dd 169 Giga 204 0 0 MP SETE ETT ESTETISTE TEEST TTT TENTE TTTS 170 Coar Tad US ST TOS Fos avn IRR WEE MOORE GE FORE EIR dE dd RN eR 170 BO C DOT iiec cope enue td caer ok Seance ek det Gc uf int cee kh d quarc 170 COUR MRAZE MEER rrr 171 DOLIO e sped ird E PRR HOCPR a UR PER a LR op Ope do qe Ca dee PE ed due Ree z usPSU RUPEE 171 COIS DON COHN AENEID MEME PRE SENSE EE a E 172 BOIS DUE N TE I TES S E T S I T E T T 172 do Pe BUNCE METTRE 173 e ppPraTlg ipe seesi rerea ntet A ER EE RRE E 173 MOT SVR CON duc oe be eee dora hee eased badge dd ig dd dla qid be d d aded 174 slg Tor M PRECII 174 PO USET PT c ET 175 shaw OTIO 2a sccGeks daar aceidcdear ig nA DaO AA IEn ER eR teens 175 show authentication USCS eee 176 GOD TA vais ch pci aca dein dC dg M cba dob bg a 4 CR RES ae Rae Aa ee 176 Ce OO Rs cn AK C E C CP T TPETETT 179 show USES BINRERDOSIO 4 Ris ER OGHER KP ed X Ade AG XR RR CR RA EC RV EORR RUE 179 BOIS OAH L1 capuc odiosa d c whee bold qi stay bolted aee tbe die EOT 180 USCIS NOON 180 RADIUS Commands uiua Rant ot eC OR doe ee Rd C RO OR e ea 180 Pagus BCEOUNNNG MOCO o 550s eda na Peer aaea d espe p resbussadqledRe te eA 181 Hans server BOB 65 308 eA DURER GORERO X qu OA Ko RR Y A d ERR ER ORE CER REP NO REE d 181 PSUS Soe Rey Lidotorppehd quac eui qu bua d daturi d abu aae qq cede 182 radius err MQN serosa rris
116. P Mode lIndicates the GVRP administrative mode for the port It may be enabled or disabled If this parameter is disabled Join Time Leave Time and Leave All Time have no effect The factory default is disabled GARP GVRP and GMRP Commands gmrp adminmode GARP Multicast Registration Protocol GMRP Commands This section provides details on GMRP commands The commands in this sections are gmrp adminmode on page 231 set gmrp adminmode on page 232 gmrp interfacemode enable all on page 232 set gmrp interfacemode all on page 233 show gmrp configuration on page 233 show mac address table gmrp on page 234 GARP Multicast Registration Protocol GMRP GMRP propagates group membership throughout a network GMRP allows end stations and SFTOS Switching devices to issue and revoke declarations relating to group membership De registration updates the Multicast Forwarding Database multicast packets only forwarded through ports with a GMRP registration GMRP is disabled by default user must enable GMRP for the switch and then for individual ports GMREP is part of the SFTOS Switching package and Interacts with the Spanning Tree Protocol GARP and the Multicast Forwarding Database Requires Independent VLAN Learning There is an instance of GMRP for each VLAN MAC addresses are qualified by the 2 byte VLAN ID SFTOS GMRP complies with IEEE 802 1D Clause 10 GMRP port configuration and status table from RFC 2674 SFTOS
117. RERR Ra bad ed Kar ebd daa ea du ER eS 47 pag DON FORI 2 oie he oh ee ie eee eR aie quels quide FPEM Aner aman ded 119 SIODIDOWO lence sos tbh nando RRaq PUR her GC da RIS ded saaen Adee sa dpa dees aa 119 SAME cia dU E le RC eed Rede Pde tae qo E ado A EHE ddp db a o ena 119 Virtual LAN VLAN CODE EMO inc aeger d ats dee dide dca qe dde p aod aite dl ol 120 dea o REDEEM 121 DESEE ee EE doped ipods ie edi tad wk t qos ee e pd iiia p edd 122 Cusco og ERIT CCP OS SIPAT IIRS aI EAA RSN ERASOTE 123 Menace 0 P rrM nms 123 ISO sakes chee ena do bead ee eee ass aita a dicha Rees de aerate 124 VLAN aia wg de ada eidem vd adn ud adv de UR DER Rea ace D REF qp E E add 125 PANOLAN ois ee Che EA pp edd REC PP RR POE I IK EE ERE ER PE RN EE 125 nWo M WIAD oeer iiaee S dude ae e hee AETA alee eke 126 participatiort VLAN iiio esses sk s uore wx qox her IPES ROXCROD REOR ORE ROREM E OR RE RI E RC Rd 126 Contents POOKY IVAN dcos ke dk aed ek PRET ER EERERAWR RS lt RENEHRRA ARTEL OER 126 aao a Ea CONG EEUE T E E drap oa aon ceras dio ab bna cb A ae do dia Re he aS ae OR 127 protocol WAN QroUD iussisse cease ware ka EG GR CR CR de EROR EE RR ach Gd X RR EEE GR Rr de dd 127 protocol weh HOUR oh ob eda Jae e REL ORE RY A REA Bd ced d acr e dco ee b a ed 128 pO P LAM sappi anses Ror RTS nS bx REPE IESU QURPxI RS AREE CE IRI Pd awe 128 Lana 7 C U O 129 SHOE VION DON Vau ed edes ded bep peewee Adee ene ica bai e
118. RJ 45 Ethernet port dedicated to managing the switch See Configuring the Ethernet Management Port on page 36 An IP address that accesses the management VLAN running on a configurable set of the other physical ports See the following procedure Helpful Hint After configuring the network parameters execute write memory so that the configuration changes are not lost Alternatively you can execute copy system running config nvram startup config if you love to type SFTOS Command Reference for the S2410 Version 2 4 1 0 35 Configuring the Management VLAN IP Address To configure the management VLAN IP address use the following commands Command Syntax show interface Command Mode Privileged Exec Purpose Displays the Network Configurations managementethernet IP Address IP Address of the interface Default IP is 0 0 0 0 Subnet Mask IP Subnet Mask for the interface Default is 0 0 0 0 Default Gateway The default Gateway for this interface Default value is 0 0 0 0 Burned in MAC Address The Burned in MAC Address used for in band connectivity Locally Administered MAC Address Can be configured to allow a locally administered MAC address MAC Address Type Specifies which MAC address should be used for in band connectivity Network Configurations Protocol Current Indicates which network protocol is being used Default is none Management VLAN Id Specifies VLAN id Web Mode Indicates whether HTTP Web is en
119. Registration Protocol GVRP Commands on page 228 e GARP Multicast Registration Protocol GMRP Commands on page 231 GARP Commands The commands in this sections are e set garp timer join on page 225 e set garp timer leave on page 226 e set garp timer leaveall on page 227 e show garp on page 227 set garp timer join This command sets the GVRP join time per port and per GARP Join time is the interval between the transmission of GARP Protocol Data Units PDUs registering or re registering membership for a VLAN or multicast group SFTOS Command Reference for the S2410 Version 2 4 1 0 225 set garp timer leave Syntax Default Mode Command History Related Commands This command has an effect only when GVRP is enabled The time is from 10 to 100 centiseconds the value 20 centiseconds is 0 2 seconds set garp timer join 70 700 no set garp timer join The no version of this command sets the GVRP join time per port and per GARP to 20 centiseconds 0 2 seconds This command has an effect only when GVRP is enabled 20 centiseconds Interface Config Global Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Interface Range mode added interface range Defines an interface range and accesses the Interface Range mode set garp timer leave Syntax Default Mode Command History Related Commands 226 This co
120. S qo co PM P ILE 84 show tech suppalt ii uss ck oe eave ERS xk ux RADE ERG ADE A RGGG REVERSE RR Ead d 86 van participation managemen sc cck se saaoeedh edo es doe dece RE arces ebd 87 Tonei Command scaicanccadtedacds E ddp Xd ER RE EU RIaabe S rd RASAZGRAEPQS GARS ERPTE Ss 87 ID Told MACSO 2 adora dg Ee HORE er EEUU aet pago dabdoper a poteet ob eer es 88 PONCHO ict ket Oh abe ee ae eles qd irure dicar edald d 88 ip telnet server enable lt couscous ss Roose REE RESO ERR STEREOS ACER RE Oe ee RC ended 89 SESSION 1G ae 2 GRA NSS RS AEREN VERRE ASIN PRX d Pix CIERRE REEL EUR d 89 SESH OOU 2 acc des deeds nsan ERRAT Read pad bUEdQuCAAGxZdquaadqaeddgsa 89 SHOW TOMO xcs 2b ge EGOS RR RR de eh Sma Seed ded aa dh ea RT 90 IOI diua ee ag 6 irapa Baba MR ea ae te Ree a ee keh db dq bud Means doa dr aod aede do a 90 EnO ONINO MEN CC c 90 lolnelcon MarS OSON essari rekna ODE VAR RR HE E RO EAR KE E AR eS 91 GBHA T IBS ganadur Soaps dise Bolus d ed PR and quod aua i b oua d Capui R dc esa etum dci 91 Dn 91 Gans AUS acsadepace xa e ROoRA GER Ger E e rd gore ao qc ope E deb de dario ge dd 91 Sonal WHOM Loss 4sswETRUP aT E PERA ME eRKAPSE Fa ESTEE qam uu QUUM FR E S Edd 92 SHOW SENN M OO ISTIS 92 SNMP Management Commands iius cuuaa daas eee dex ded ee ee Re eee 94 SHOW smin Omn Ls 44 Saxa APRS Aw OR Re dORasObRSAARS FTATORSARER GOOD AADORR C dQaaa 95 SHOW SMO Sorc res
121. T Bridge Port that is enabled is assigned a Port Role for each spanning tree Port Path Cost Configured value of the Internal Port Path Cost parameter Designated Root The Identifier of the designated root for this port Designated Port Cost Path Cost offered to the LAN by the Designated Port Designated Bridge Bridge Identifier of the bridge with the Designated Port Designated Port Identifier Port on the Designated Bridge that offers the lowest cost to the LAN If 0 defined as the default CIST ID is passed as the mstid then this command displays the settings and parameters for a specific switch port within the common and internal spanning tree The unit slot port is the desired switch port In this case the following are displayed Port Identifier The port identifier for this port within the CST Port Priority The priority of the port within the CST Port Forwarding State The forwarding state of the port within the CST Port Role The role of the specified interface within the CST Port Path Cost The configured path cost for the specified interface Designated Root ldentifier of the designated root for this port within the CST Designated Port Cost Path Cost offered to the LAN by the Designated Port Designated Bridge The bridge containing the designated port Designated Port Identifier Port on the Designated Bridge that offers the lowest cost to the LAN Topology Change Acknowledgement Value of flag in next
122. TISINIG oues seu bee so km HE hes RR dex arce d Reo ded oer 192 In So MO Oe ONE Loe eae Gs ane Reiss Seeds Ree qudd aui dad ted ad 192 Ecc DOG PPP re T IET ETT IEEE ETTE EPITET TT 193 iD ssh serve GHAI seris rekr FORE w TES A ORO RYE RN EATE TREIER 193 Ss MeO E T E E E a E S A ETT 194 GROW ID SEN P m 194 SSDOOH HRCRDRSGIUIB Lateeaak pAGUHRKE RA GU ER BORGER ARDS e qypAX dde ded Pia E qn 195 SHOOT IDEM ad beans Qd S ad Ee EE CEs GREE RAGE SS PNE dU Qe ena de qe we pde 4 195 Hypertext Transfer Protocol HTTP Commands 000 cece eee ees 195 D n SUE DII serki uites pa did aad E a qua dades f Ri rade eo d ddr e ection Saks 196 WV SoC DON Pro 196 p RD SEO e e cag deere b Ra hana tQ bed RP eX te doge Padre ge grae 196 ip hip SOC SOU rable aua qued deae takrar EA ds RO RN RE da ER dea eed da d S ER 197 ip hilp server enable sas cso ei coe es boo ee eee E ru ERRARE ORE RUORWARORUR RE GR d a du E RES 197 SHOW 0 HU LoRRREWOIR OF REO IURI RU Up ORAE doe PERRA RES EROR REE ROR 198 Broadcast Storm Control Commands 00 0c eect es 199 show Slorm CODIFOl iu as rei OPS m idit ERR RU R ROO ACCRUE KORR RR ORES RR ER CR Rd 199 SI HCOBPOLDAORUUEST oi sede es hae ns dale hee cR qq ee da M E ud ed i ddr 200 SU HEDCDIIOI TOWO oeart rrsan era RE RT xem SE TAZ ESPERE REE Pd qs 200 Chapter 10 DHCP Server COMMANGS 2 is sts cbs cea desi ee sade sie staee nse ee rsewiesneernse s 203 III bcs coda E P
123. User Exec mode at the top of the tree is the mode you enter when you access the CLI Mode based Topology As detailed above the CLI is built on a mode concept where related commands are grouped together within modes that you access with particular mode access commands The mode access commands are listed in Table 3 on page 47 Access to the modes is depicted in a tree format in Figure 5 Note Except for the Interface Range mode or its child modes Ethernet Range mode Port Channel mode and VLAN Range mode and the TACACS Config mode the diagram shows modes that are in the Layer 2 Package of SFTOS or the Layer 3 Package of SFTOS Those in the Layer 3 Package include the various Router modes SFTOS Command Reference for the S2410 Version 2 4 1 0 45 The User Exec commands are elso eccessible in the Privileged Exec mode r Retum to the User Exec prompt Figure 5 CLI Mode Diagram mode with the command interface vlan vlanid Note Some modes listed in Table 3 are unavailable in SFTOS 2 4 1 including the Stacking mode and Layer 3 protocol modes such as OSPF and RIP Note In Release 2 4 1 you access the Interface VLAN mode from the Global Config Access to all commands beyond the User Exec mode can be restricted through the enable password which you set with the enable passwd command See enable passwd on page 142 Using the Command Line Interface The following table shows the rela
124. Version 2 4 1 0 165 port security mac address move Mode Command History Related Commands no port security mac address mac address vid Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Added Interface Range mode interface range Defines an interface range and accesses the Interface Range mode port security mac address move Syntax Mode Command History Related Commands This command converts dynamically locked MAC addresses to statically locked addresses port security mac address move Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Added Interface Range mode interface range Defines an interface range and accesses the Interface Range mode show port security Syntax Mode 166 This command displays the port security settings for a particular interface or for the entire system show port security unit slot port all Privileged Exec When no parameter is entered the one report field is Port Security Administration Mode Port locking mode for the entire system When either the unit slot port or all parameter is entered the report fields are Intf Port number unit slot port Interface Admin Mode Port locking mode for the Interface Dynamic Limit Maximum dynamically allocated M
125. Xa d 107 enable Command Example cuu casus aeuaa edax CR weeded b oa eed ion d 107 Commands Available in Ethernet Range Mode TI TI Edu TT Bulk Configuration Warning Message sss 111 single Range Bulk GConfiguratlglt iuo eae sse acr deo nek ck pa dk Roc oen 111 Multiple Range Bulk Configuration for Gigabit Ethernet 0 5 111 Example of show forwardingdb agetime Command Output 114 Command Example show mac address table stats es RE RESRORER ASSES 2 4S 116 Command Example show monitor session 1 0 00 117 show port all Command Output Example 0000 e eee eee 118 show interfaces description Command Example TIE iso Searing eres lee Using the interface vlan Command 00 e eee eens 124 Output of the show vlan Command 000 cece ee eens 129 Output of the show vlan brief Command 0 0000 eens 130 Output of the show vlan id Command 00 cece tenes 130 Output of the show vlan port Command Te TOREM Sd TORY TO TN SFTOS Command Reference for the S2410 Version 2 4 1 0 17 18 Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Figure 50 Figure 51 Using the copy command to Upload the Event Log 0 0c eee eee 141 Using the copy command to Download the CLI Banner 00000
126. a VLAN The ID is a valid VLAN identification number and the interface is a valid interface number Mode Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 SFTOS Command Reference for the S2410 Version 2 4 1 0 133 vlan participation all Command 7 History Version 2 3 Deprecated Related e C vlan participation In the Interface ManagementEthernet mode this command assigns the ommands management management VLAN of the switch vlan participation all This command configures the degree of participation for all interfaces in a VLAN The ID is a valid VLAN identification number Mode Global Config Command E History Version 2 3 Deprecated Related Commands tagged Configure a tagged interface in the selected VLAN untagged Configure an untagged interface in the selected VLAN vlan port acceptframe This command sets the frame acceptance mode for all interfaces Mode Global Config Command History Version 2 3 Deprecated vlan port ingressfilter all This command enables ingress filtering for all ports Mode Global Config Command History Version 2 3 Deprecated vlan port pvid all This command changes the VLAN ID for all interfaces 134 System Configuration Commands Mode Command History Related Commands vlan port tagging all Global Config Version 2 3 Deprecated
127. a fa d ac rap tod a pde ded 45 Mode based Command Hierarchy 000 cece tenets 48 ao Or CU ICR uo s pon ot deaodedecardeddads Keegy Rae Ade ERE ER OR ba dSd FORE 50 Chapter 4 Using the Web User Interfagp iuiluuieaasnasanuuu rh nee seedws ceneeaeeadees 51 CGoniguning TOT MCCUE ucc 1 Pie te Lee eR ah Meee eee E kee leui cod D Web Page Layout cese skates hx ters see Rx RR 9 ox 9x ER 9m RR Rd RR RR RR RR ne x 52 Saring ma Wey User MERCE a ck se acd deli ded dci rg dcd do lode uel B cui e e tC orabat 52 WOME SUMO eR CREE TEE 53 Chapter 5 System Management Commands seeeseeeeeeeeeeeeeer eene 55 General System Management and Information Commands 0 00 0c eee ences 55 o ee eae eee eee eee Tee ee ee ee eer ee re eer eee eT ee ee reer re ee tee 56 ug PCM oF interface mansgementelhemel coc ceded i za uaa kd Redes nh dad AEE CHEESE DRE RES 58 ID address Managemen osscacesesgbun nee deed ARENAS ber aesesobne sae NISS 58 e eA oogperasd4 p te dc e ba RR e Rd rag dE P t4 qu agn ba deeb rd qd 59 MAC UDO bch d ik UR deca ic de dois RASA CRED Dee iba de e Rd OR abd 59 management route COTA oiccuesuueetasernusRRbRacERaakue a d EORR AR RR RR RS WR E ER 60 IN zrioiz4kkk4s dE eR RAO RAV PRREEERATZVERRRC4IGR44S PR er eR de RESO SEES REE CORE GS 61 nello Mae ONU ESSE sone seit gas eng bia bush books adee sees VESRs ag ERr dee ES VUE 62 nehvork mac lyDO cis 55 bc Foie PRS ESEDSERPRIOREHOEEESEERPS HERES S EARRAS RRS
128. abled Java Mode Indicates whether java mode is enabled interface Global Config Invokes the Config if ma prompt at which you can execute the ip managementethernet address command ip address ipaddr netmask Interface Config Configure the management IP address and subnet mask IP Address range from 0 0 0 0 to 255 255 255 255 Subnet Mask range from 0 0 0 0 to 255 255 255 255 management route default gateway Global Config Set the default gateway Gateway Address range from 0 0 0 0 to 255 255 255 255 For details on command syntax for the commands listed above see General System Management and Information Commands on page 55 Configuring the Ethernet Management Port To configure the IP address of the Ethernet Management port use the following commands Command Syntax Command Mode Purpose serviceport protocol Global Config Specify the network configuration protocol to be used Bootp or none bootp dhcp DHCP for configuring access to the Ethernet Management port Alternatively leave the default at none and then manually configure the IP information serviceport ip ipaddr Global Config Manually configure the IP address IP subnet mask and default IP netmask gateway gateway of the Ethernet Management port service port show serviceport Privileged Exec Verify the Ethernet Management port configuration 36 Quick Start Example of Configuring the Ethernet Management Por
129. add change or delete communities The switch does not have to be reset for changes to take effect The SNMP agent of the switch complies with SNMP Version 1 for more about the SNMP specification see the SNMP RFCs The SNMP agent sends traps through TCP IP to an external SNMP manager based on the SNMP configuration the trap receiver and other SNMP community parameters show snmpcommunity Privileged Exec Table 15 Fields of show snmpcommunity Command Output Field Description SNMP Community The community string to which this entry grants access A valid entry is a Name case sensitive alphanumeric string of up to 16 characters Each row of this table must contain a unique community name Client IP Address An IP address or portion thereof from which this device will accept SNMP packets with the associated community The requesting entity s IP address is ANDed with the Subnet Mask before being compared to the IP Address Note that if the Subnet Mask is set to 0 0 0 0 an IP Address of 0 0 0 0 matches all IP addresses The default value is 0 0 0 0 Client IP Mask A mask to be ANDed with the requesting entity s IP address before comparison with IP Address If the result matches with IP Address then the address is an authenticated IP address For example if the IP Address 9 47 128 0 and the corresponding Subnet Mask 255 255 255 0 a range of incoming IP addresses would match i e the incoming IP Address could equal 9
130. age 91 e telnetcon timeout on page 90 ip telnet maxsessions Syntax Default Mode Command History This command specifies the maximum number of Telnet connection sessions that can be established ip telnet maxsessions 0 5 A value of 0 indicates that no Telnet connection can be established The range is 0 to 5 The command no telnet maxsessions sets the maximum number of Telnet connection sessions that can be established to the default value Global Config Version 2 3 Changed from telnetcon maxsessions and moved from Privileged Exec mode to Global Config ip telnet timeout Syntax Default Mode 88 This command sets the Telnet connection session timeout value in minutes A session is active as long as the session has been idle for the value set Note Changing the timeout value for active sessions does not become effective until the session is reaccessed Any keystroke will also activate the new timeout duration ip telnet timeout 7 760 The time is a decimal value from 1to 160 The no ip telnet timeout command sets the Telnet connection session timeout value in minutes to the default 5 minutes Global Config System Management Commands ip telnet server enable Command History Version 2 3 Changed from telnetcon timeout and moved from Privileged Exec mode to Global Config ip telnet server enable Enable or disable Telnet services Syntax no telnet server enable Mo
131. agement Commands 157 User Exec Mode 48 User Exec mode 47 user new 159 username 34 159 users adding 34 159 displaying 158 passwords 34 142 157 159 users defaultlogin 180 users login 180 users snmpv3 accessmode 160 users snmpv3 authentication 160 users snmpv3 encryption 160 Using Command Modes 44 V vlan 132 vlan acceptframe 133 vlan acceptframe command 4 vlan commands Global Config 134 136 vlan ingressfilter 133 vlan ingressfilter command 4 VLAN Mode 50 VLAN mode 47 vlan name See name vlan participation interface 133 vlan participation management 87 vlan participation all 134 vlan participation all command 4 vlan port acceptframe all 134 vlan port acceptframe command 4 vlan port ingressfilter all 134 vlan port ingressfilter all command 4 vlan port priority all 286 vlan port pvid all 134 vlan port pvid all command 4 vlan port tagging all 135 vlan port tagging all command 4 vlan port untagging all 135 vlan port untagging all command 4 vlan priority 286 vlan protocol group 137 vlan protocol group add protocol 136 vlan protocol group remove 136 vlan pvid 137 vlan pvid command 4 VLAN Range 109 302 Index VLAN Range mode 47 vlan tagging 137 vlan tagging command 4 VLAN tunneling 221 vlan untagging 137 vlan untagging command 4 VLANs adding 108 changing the name of 125 deleting 108 123 details 77 129 280 282 284 frame acceptance mode 133 134 GVRP 228 229 IDs 134 1
132. al Config mode Security Commands ip http secure server enable ip http secure server enable Syntax Default Mode Command History This command is used to enable the secure socket layer for secure HTTP The no version of this command is used to disable the secure socket layer for secure HTTP Note This command requires keys certificates to be generated offline before the service will start See s50 secure management pdf at log in required https www force1 Onetworks com csportal20 KnowledgeBase Documentation aspx no ip http secure server enable disabled Global Config Modified Moved from Privileged Exec mode to Global Config mode and added enable to the command Version 2 3 ip http server enable Syntax Default Mode Command History Related Commands This command enables access to the switch through the Web User Interface Web UI of SFTOS When access is enabled the user can log in to the switch from the Web UI no ip http server enable Use no ip http server enable to disable access to the switch through the Web UI When access is disabled the user cannot login to the switch s Web server Disabling the Web UI takes effect immediately All interfaces are affected enabled Global Config Modified Moved from Privileged Exec mode to Global Config mode and added enable to the command Version 2 3 ip address management Configures the IP address of the management inte
133. ample Forcel0 show dotlx detail 0 1 TA ION Peers dta os Dac dk 4 de o s E Ar E uat hae hae sur d 1 0 1 Protocol Versione anene qa ACORN MERE ate ee a Ha di PAR Capabilities cide wos epg a Yo dea CA CR CR A CR CRCA HOA Authenticator Authenhticator PAR Staters inienn s teen xk 4n ERR ER Initialize Backend Authentication State Initialize QULOL Peviod yy he wa ELS CX CRX CRCX ROC ha 60 Transmuit RSLS A yee nal eeclesie eret oh ao s Nos ros goi 30 Suppildeant v dgmeoubs45 30 5 30 4 det derer iere ceder irte 30 Server Tameout SO08T 4 aed SERA R3 RR ACA CR CELA ed 30 Maximum RequestSu oie lec udesenetevethete lee oe 9 CERTI TREE 2 R eauthent ication Periods yia dasa eR eS 3600 Roauthemnmticatiorn Enabled i oi eo s x XY xe FALSE Key Transmission Enabled wie ese tld wg be 3 SA FALSE CORUEOl DIr SELON actetuer EE IRI mer Eee MTM eMe cheb obese both J Figure 40 Example of Output from the show dot1x detail Command If the optional parameter statistics unit slot port is used the dot1x statistics for the specified port are displayed Port The interface whose statistics are displayed EAPOL Frames Received The number of valid EAPOL frames of any type that have been received by this authenticator EAPOL Frames Transmitted The number of EAPOL frames of any type that have been transmitted by this authenticator EAPOL Start Frames Received The number of EAPOL start frames that have been
134. ample Output from the show logging Command SFTOS Command Reference for the S2410 Version 2 4 1 0 153 show logging buffered Fields in the report include Logging Client Local Port The port on the collector relay to which syslog messages are sent CLI Command Logging The mode for logging CLI commands whether enabled or disabled Console Logging The mode for console logging whether enabled or disabled Console Logging Severity Filter The minimum event severity to display to the console Buffered Logging The mode for buffered logging whether enabled or disabled Syslog Logging The mode for logging to configured syslog hosts whether enabled or disabled If set to disabled logging stops to all syslog hosts Log Messages Received The number of messages received by the log process This includes messages that are dropped or ignored Log Messages Dropped The number of messages that could not be processed Log Messages Relayed Log Messages Ignored Event Log Table consisting of these columns File Line TaskID Code and d h m s File The file in which the event originated Line The line number of the event Task Id The task ID of the event Code The event code d h m s The time this event occurred in days hours minutes and seconds since system boot Note Event log information is retained across a switch reset gt show logging buffered 154 Syntax Mode This command displays
135. and User Exec Bridge Priority Specifies the bridge priority for the spanning tree Bridge Identifier The bridge identifier for the selected instance Time Since Topology Change The time in seconds since the topology last changed Topology Change Count Number of times the topology has changed Topology Change in progress Boolean value of the Topology Change parameter for the switch indicating if a topology change is in progress on any port assigned to the common and internal spanning tree Designated Root The bridge identifier of the root bridge It is derived from the bridge priority and the base MAC address of the bridge Root Path Cost Value of the Root Path Cost parameter for the common and internal spanning tree Root Port Identifier Port to access the Designated Root Bridge Max Age Specifies the bridge maximum age for the spanning tree Bridge Forwarding Delay Specifies the time spent in Listening and Learning mode before forwarding packets Bridge Forwarding Delay must be greater or equal to Bridge Max Age 2 1 The time range is from 4 seconds to 30 seconds The default value is 15 Hello Time Configured value of the parameter for common spanning tree 260 Spanning Tree STP Commands show spanning tree interface Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units BPDUs CST Regional Root Bridge Identifier of the common spanning tree regional root It
136. ands The commands in this section are e ip ssh maxsessions on page 192 e ip ssh protocol on page 193 e ip ssh server enable on page 193 e ip ssh timeout on page 194 e show ip ssh on page 194 e sshcon maxsessions on page 195 e sshcon timeout on page 195 This section provides a detailed explanation of the SSH commands The commands are of two functional types e Configuration commands are used to configure features and options of the switch For every configuration command there is a show command that will display the configuration setting e Show commands are used to display switch settings statistics and other information ip ssh maxsessions This command specifies the maximum number of SSH connection sessions that can be established A value of O indicates that no SSH connection can be established The range is from 0 to 5 Syntax ip ssh maxsessions 0 5 The command no ip ssh maxsessions sets the maximum number of SSH connection sessions that can be established to the default value Default 5 Mode Global Config Command History Version 2 3 Changed from sshcon maxsessions and moved from Privileged Exec mode to Global Config mode 192 Security Commands ip ssh protocol ip ssh protocol Syntax Default Mode Command History This command is used to set or remove protocol levels or versions for SSH Either SSH1 1 SSH2 2 or both SSH 1 and SSH 2 1 and 2 can be set ip ssh protocol
137. ange vlan 10 20 Version 2 3 Deprecated tagged Adds the designated interface to the selected VLAN as a tagged interface untagged Adds the designated interface to the selected VLAN as an untagged interface This command sets tagging to enabled for the selected interface in a specified VLAN If tagging is enabled traffic is transmitted as tagged frames Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Deprecated tagged Sets tagging to enabled for a specified interface in the selected VLAN untagged Adds a Layer 2 interface to the selected VLAN as an untagged interface vlan untagging Mode Command History Related Commands This command sets tagging to disabled for the selected interface in a specified VLAN Interface Config Version 2 3 Deprecated untagged Adds a Layer 2 interface to the selected VLAN as an untagged interface SFTOS Command Reference for the S2410 Version 2 4 1 0 137 clear config System Utility Commands This section describes system utilities The commands are divided into two functional groups e Show commands display switch settings statistics and other information e Configuration commands configure features and options of the switch For every configuration command there is a show command that displays the configuration setting System utility
138. aracters in length Note If a user is authorized for authentication or encryption is enabled the password must be at least eight alohanumeric characters in length Default no password Mode Global Config Usage The username and password are not case sensitive Information Six user names can be defined SFTOS Command Reference for the S2410 Version 2 4 1 0 159 users snmpv3 accessmode users snmpv3 accessmode Default Syntax Mode This command specifies the SNMP v3 access privileges for the specified login user The valid accessmode values are readonly or readwrite The username is the login user name for which the specified access mode applies The default is readwrite for admin user readonly for all other users The no version of this command sets the snmpv3 access privileges for the specified login user as readwrite for the admin user readonly for all other users The username is the login user name for which the specified access mode will apply admin readwrite other readonly no users snmpv3 accessmode username readonly readwrite Global Config users snmpv3 authentication Default Syntax Mode This command specifies the authentication protocol to be used for the specified login user The valid authentication protocols are none md5 or sha If md5 or sha are specified the user login password is also used as the snmpv3 authentication password and therefore must be at lea
139. ated Commands This command sets the Link Aggregation Control Protocol LACP timeout on the selected port The no version of this command removes the Link Aggregation Control Protocol LACP timeout on the selected port no port lacptimeout short long short long Enter short to select the short timeout setting 3 seconds for the selected ports Enter long to select the long timeout setting 90 seconds for the selected ports Interface Config Interface Range Version 2 3 Added Interface Range mode interface Accesses the Interface Config mode for the selected interface interface range Defines an interface range and accesses the Interface Range mode port lacptimeout global Set the Link Aggregation Control Protocol LACP timeout on ports show port channel brief This command displays the static capability of all port channels LAGs on the device as well as a summary of individual port channels SFTOS Command Reference for the S2410 Version 2 4 1 0 255 show port channel Syntax Mode Example show port channel brief Privileged Exec and User Exec Force10 S2410 show port channel brief k Static Capability Disabled Logical Interface Port Channel Name Link State Mbr Ports Active Ports 1 1 lagl Up 0 16 0 16 0 17 0 17 0 18 0 19 0 18 0 20 0 21 0 19 0 22 0 23 0 20 0 8 0 9 0 5 0 21 0 12 0 22 0 23 0 8 0 9 0 5 0 12 1 2 lag2 Up 0 10 0 11 0 10
140. ationally active If it is not the port acts as a normal port and participates in all normal operation with respect to transmitting traffic no monitor session 1 mode The no version of this command sets the monitor session port monitoring mode to disabled disabled Global Config monitor session Adds a mirrored port source port or mirroring port destination port to a session identified with the session ID of 1 no monitor Removes the destination port and all source ports from the mirroring configuration show monitor session Shows the mirroring configuration This command removes all the source ports and a destination port and restores the default value for mirroring session mode for all the configured sessions This is a stand alone no command This command does not have a normal form enabled no monitor Global Config SFTOS Command Reference for the S2410 Version 2 4 1 0 113 no monitor session 1 no monitor session 1 This command removes all the source ports and a destination port of the mirroring session and restore the default value for mirroring session mode The 1 or session id parameter is an integer value used to identify the session In the current version of the software the session id parameter is always 1 This is a stand alone no command This command does not have a normal form This command can be issued without regard for the session status enabled or disabled
141. aximum threshold value Command History Version 2 4 1 Introduced Related random detect Set the decay exponent used by the WRED average queue depth Commands exponential weighting constant calculation for the interface show interfaces random detect Display the WRED configuration for each supported drop precedence level of each queue for the specified interface 280 Quality of Service QoS Commands show classofservice dot1p mapping show classofservice dot1p mapping Syntax Mode Report Fields Example Related Commands This command displays the current Dot1p 802 1p priority mapping to internal traffic classes for a specific interface show classofservice dotl p mapping unit slot port The unit slot port parameter is optional If specified the 802 1p mapping table of the interface is displayed If omitted the most recent global configuration settings are displayed Privileged Exec The following information is repeated for each user priority User Priority The 802 1p user priority value Traffic Class The traffic class internal queue identifier to which the user priority value is mapped Force10 show classofservice dotlp mapping 1 0 1 ON User Priority Traffic Class 0 1 1 0 2 0 3 1 4 2 5 2 6 3 7 3 Example of Output from the show mac addr table count Command classofservice Maps an 802 1p priority to an internal traffic class dot1p mapping show classofservice
142. ays inventory information for the switch show hardware Privileged Exec Table5 Fields in the Output of the show hardware Command Field Description Switch Description Text used to identify the product name of this switch Vendor ID Number used to identify the manufacturer of the device Plant ID Country Code Date Code Month and year of manufacture of the switch Serial Number The unique box serial number for this switch Part Number Revision Manufacturing part number Catalog Number The catalog number of the switch Burned in MAC Address Universally assigned network address Software Version The version of the SFTOS software currently running on the switch expressed as base release version revision Additional Packages The software modules that are incorporated into this version of SFTOS show interface This command displays a summary of statistics for a specific port show interface unit slot port SFTOS Command Reference for the S2410 Version 2 4 1 0 65 show interface 66 Mode Web User Interface Usage Information Example Enter the port number of a particular port to query where unit is the stack member slot is always 0 zero and port is the port number Privileged Exec Inventory Information panel accessed from the System node The show interface command accepts other keywords besides unit slot port See those sy
143. ber of outbound packets that could not be transmitted because of errors Collision Frames The number of packet collisions Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this switch were last cleared System Management Commands Related Commands show interface ethernet ip address management Configures the IP address of the management interface show interface ethernet Displays detailed statistics for a specific port or for all CPU traffic based upon the argument show interface switchport Displays a summary of statistics on Layer 2 interfaces show interface Displays information about the management interface to the switch managementethernet show interface ethernet Syntax Parameters Mode Usage Information This command displays detailed statistics for a specific port or for all CPU traffic based upon the argument show interface ethernet switchport unit slot port 1 3965 switchport The display parameters for when switchport is entered are shown below the list for unit slot port unit slot port Valid unit slot and port number separated by forward slashes The display parameters are shown below 1 3965 VLAN ID Privileged Exec This command displays distinctly different reports depending on the entered parameter Figure 10 on page 68 shows an example of the show interface ethernet report when the ke
144. buffered logging the System log show logging buffered Privileged Exec Fields in the report include Buffered In Memory Logging tThe current state of the in memory log System Log show logging hosts Buffered Logging Wrapping Behavior The behavior of the in memory log when faced with a log full situation On when wrapping is enabled Off when not Buffered Log Count The count of valid entries in the buffered log The System log messages follow the summary statistics Related logging buffered Enables logging of the System Log to RAM and any Commands other enabled destination including the console and any enabled syslog server logging cli command Displays CLI activity in the log Example Forcel0 show logging buffered Buffered In Memory Logging enabled Buffered Logging Wrapping Behavior On Buffered Log Count 122085 6 JAN 04 10 23 54 0 0 0 0 1 UNKN 237531112 filter cfg c 1148 121958 filterIntfChangeCallback Received an interface event callback while not in EXECUTE state 6 JAN 04 10 23 54 0 0 0 0 1 UNKN 237531112 filter cfg c 1148 21959 filterIntfChangeCallback Received an interface event callback while not in EXECUTE state 6 JAN 04 10 23 54 0 0 0 0 1 UNKN 237531112 filter cfg c 1148 21960 filterIntfChangeCallback Received an interface event callback while not in EXECUTE state 6 JAN 04 10 23 54 0 0 0 0 1 UNKN 237531112 filter cfg c 1148 21961 filterIntfChang
145. buffered wrap Syntax Default Mode This command enables wrapping of in memory logging when full capacity is reached Otherwise when full capacity is reached logging stops logging buffered wrap Use no logging buffered wrap to disable wrapping of in memory logging and to configure logging to stop when full capacity is reached wrap Privileged Exec logging cli command Syntax Default Mode 150 This command enables logging to the System Log of all Command Line Interface CLI commands issued on the system no logging cli command enabled Privileged Exec System Log logging console logging console This command enables logging of System log messages to the console Syntax logging console severitylevel The severitylevel value is specified through one of the following keywords or the keyword s representative integer as shown here emergency 0 alert 1 critical 2 error 3 warning 4 notice 5 informational 6 debug 7 Note that the severity level set here does not change the severity level set for the System log messages saved in RAM Use no logging console to disable logging to the console Default disabled severity critical Mode Global Config logging host This command configures mirroring of System log messages to a syslog server Up to eight server hosts can be configured Also use this command to modify the port or logging severity level to a configured host identified by i
146. cates the functionality of the logout command closing the current Telnet connection or resetting the current serial connection Note Save configuration changes before logging out quit Privileged Exec logout Close the current Telnet connection or reset the current serial connection SFTOS Command Reference for the S2410 Version 2 4 1 0 143 ping ping Syntax Mode reload Syntax Mode Usage Information This command checks if another computer is on the network and listens for connections To use this command configure the switch for network in band connection The source and target devices must have the ping utility enabled and running on top of TCP IP The switch can be pinged from any IP workstation with which the switch is connected through the default VLAN VLAN 1 as long as there is a physical path between the switch and the workstation The terminal interface sends three pings to the target station ping ipaddr Privileged Exec and User Exec This command resets the switch without powering it off Reset means that all network connections are terminated and the boot code executes The switch uses the stored configuration to initialize the switch You are prompted to confirm that the reset should proceed A successful reset is indicated by the LEDs on the switch reload Privileged Exec For a sample of the output from the reload command see the section Upgrading the Software Image in the
147. cations Operation of this equipment in a residential area is likely to cause harmful interference in which case users will be required to take whatever measures necessary to correct the interference at their own expense Properly shielded and grounded cables and connectors must be used in order to meet FCC emission limits Force10 Networks is not responsible for any radio or television interference caused by using other than recommended cables and connectors or by unauthorized changes or modifications in the equipment Unauthorized changes or modification could void the user s authority to operate the equipment This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 this device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation Canadian Department of Communication Statement The digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications Attention Le present appareil numerique n emet pas de perturbations radioelectriques depassant les normes applicables aux appareils numeriques de la Class A prescrites dans le Reglement sur les interferences radioelectriques etabli par le ministere des Communications du Canada European Union EMC Directive Conformance Statement Thi
148. ce level for this queue from 1 to p The specific pvalue is platform dependent Tail Drop Threshold The tail drop queue threshold value for this drop precedence level expressed in sixteenths of the overall device queue size e g 0 16 1 16 2 16 16 16 This is a configured value Version 2 4 1 Introduced Set the decay exponent used by the WRED average queue depth calculation for the interface random detect queue parms sets the tail drop threshold parameter for each drop precedence level supported by a queue four queues in SFTOS 2 4 1 tail drop queue parms tail drop queue parms Syntax Parameters Mode Command History Related Commands 284 This command sets the tail drop threshold parameter for each drop precedence level supported by a queue four queues in SFTOS 2 4 1 The no form of this command restores the default values for the queue tail drop threshold parameters no tail drop queue parms queue id 1 queue id 2 queue id n threshold 0 16 0 16 0 16 queue id 1 queue id 2 Enter a queue ID from 0 to 3 Enter from one ID up to four queue id n Range 0 to 3 threshold 0 16 0 16 Enter the keyword threshold followed by the desired threshold for 0 16 the specified queues Range 1 to 16 Global Config and Interface Config Version 2 4 1 Introduced Display the tail drop threshold configuration for each supported drop precedence level of each queue for
149. commands in this section are clear config clear config on page 138 clear counters on page 138 clear igmpsnooping on page 139 clear port channel on page 139 clear traplog on page 139 copy on page 139 copy clibanner on page 141 enable passwd on page 142 logout on page 143 ping on page 144 reload on page 144 show terminal length on page 144 terminal length on page 145 traceroute on page 145 write on page 146 This command resets the configuration to the factory defaults without powering off the switch The switch is automatically reset when this command is processed You are prompted to confirm that the reset should proceed Syntax clear config Mode Privileged Exec clear counters This command clears the stats for a specified unit slot port or for all the ports or for the entire switch based upon the argument 138 System Configuration Commands Syntax clear counters unit slot port all Mode Privileged Exec clear port channel This command clears all port channels LAGs Syntax clear port channel Mode Privileged Exec clear traplog This command clears the trap log Syntax clear traplog Mode Privileged Exec clear igmpsnooping clear port channel This command clears the tables managed by the IGMP Snooping function and will attempt to delete these entries from the Multicast Forwarding Database Syntax clear igmpsnooping Mode Privileged Exec copy This command has options that enab
150. configuring access to the Ethernet Management port serviceport protocol none bootp dhcp If you modify this value the change is effective immediately Use the bootp keyword to require the switch to periodically send requests to a Bootstrap Protocol BootP server for an IP address for the port or use dhcp to call a DHCP server until a response is received The none keyword indicates that the Ethernet Management port should be manually configured with IP information none Global Config Version 2 4 1 Introduced serviceport ip Set the IP subnet mask and IP gateway of the Ethernet Management port show serviceport Display the IP configuration and MAC address of the Ethernet Management port show arp switch Syntax Mode Usage 64 This command displays connectivity between the switch and other devices The Address Resolution Protocol ARP cache identifies the MAC addresses of the IP stations communicating with the switch show arp switch Privileged Exec Report fields include System Management Commands show hardware MAC Address A unicast MAC address for which the switch has forwarding and or filtering information The format is 6 two digit hexadecimal numbers that are separated by colons for example 01 23 45 67 89 AB IP Address The IP address assigned to each interface unit slot port VNalid unit slot and port number separated by forward slashes show hardware This command displ
151. ction below redirect Optional The redirect parameter redirects traffic matching this rule to the specified egress port The redirected packet carries the same MAC address as it would have if it had not been redirected the MAC address of the next hop defined in the routing table Basically it looks like a mirrored packet on the redirect port See the Usage section below Note The no form of this command is not supported as the rules within an ACL group cannot be deleted individually Rather the entire ACL group must be deleted and re specified Usage A rule may either deny or permit traffic according to the specified classification fields At a minimum the source and destination MAC value must be specified each of which may be substituted using the keyword any to indicate a match on any value in that field The remaining command parameters are all optional but the most frequently used parameters appear in the same relative order as shown in the command format The srcmacmask variable uses a wildcard called an inverted mask In an inverted mask a zero in a bit in the mask means exact match required A one in a mask bit means match anything here For example To deny all traffic from MAC address 00 00 00 00 03 02 the mask is 00 00 00 00 00 00 To deny all traffic from 00 00 00 00 03 xx the mask is 00 00 00 00 00 ff The Ethertype ethertypekey may be specified as either a keyword or a four digit hexad
152. d If tagging is disabled traffic is transmitted as untagged frames Interface VLAN Version 2 3 Introduced SFTOS Command Reference for the S2410 Version 2 4 1 0 131 untagged Usage Information Related Commands untagged Syntax Mode Command History Usage Information Related Commands vlan Command History 132 The tagged command includes the functionality of the participation include command and the acceptframe vlanOnly command For details see the VLAN chapter in the SFTOS Configuration Guide show vlan Displays information about VLANS either detailed information for a specific VLAN or summary information for all configured VLANs show port Displays port information for a selected port or for all ports interface vlan Creates a VLAN or selects an already created VLAN This command adds a Layer 2 interface to the selected VLAN as an untagged interface no untagged unit slot port The unit slot port is a valid interface belonging to the VLAN To remove an untagged interface from a VLAN use the no untagged unit slot port command Interface VLAN Version 2 3 Introduced The untagged command includes the functionality of these commands participation include pvid and acceptframe untagged For details see the VLAN chapter in the SFTOS Configuration Guide show vlan Displays information about VLANS either detailed information for a specific VLAN or su
153. d hpSQ eR E REP ERICAERES IP E P PER Bd RE RR 103 somo Tap MUCIUS QI a5 oh Bo Gre OPE ACER REE Reo Queda pd CAN e RELA OR EAT OS 103 amp nimplrap SHINDVETSION 65 ci5 50s 5 Sd Sd d ER ET RDRSA TORI ET ROR GR RO GEST REET CR ARR 103 Chapter 6 System Configuration Commands 0 cece eee eee eee 105 System Configuration Comtmmalide Luo cunas oru ee d Oa de ood Cu Rd 105 poge ao NI NE sissors tanton adbas Sones sehdedbeees sone QE MARRE RE Vm 106 ra ur E PO 106 DEB o sodes d pda equ qa qd dd Sap dida dod ud ad dea E bara ug dui rare Wald 107 uc Me PELLIT 108 TUE RUE a ee ee ee ee eee ete en MERE PEG PER COERREN RPeCERE RAN pu RE ER 108 JUOD SESSION Lex iu req c oes ad Goes dc cds ENG ode RENS Gerad Ac Sdgdqes 112 monitor SESSION T mode iuo 25d ds ska se Fax CERRO GC KG e RET RAG RUE OER ES 113 POTN Sdneqe dado qd eap aca Eo a Ee aad dtd aca da MUR rd Mun aka nca dea BR d UR 113 D OO SESSION T iuga aaro duco b XE o dome d dde arius dpa Vor ed dora aiia dcl aoa 114 show orwardingadb gel fil isssexiees kg eR d RE ped RRAG SEI HES REESE ER Rd dowd 114 show TC AORN OCS TEDID auupieauaoeedpetob de qe bud dns Geop ptos d ade id abe dod a ne iU lei 114 show mac adaress table multicast ciiin HP show mac address table stals isis sedie s see y Ra ER RXOERO HAY risi renere 116 shaw PICHON SEBSIDIT Lu sad x S Pros koe d waa a oer ha b aa dul dee QUE OR OR EAS 116 SHOW pU 282 ek ae es hake REED Er A
154. d Interface VLAN and Interface Range modes dapes interf ran Defin n interf ran nd the Interf Range mod Commands erface range efines an interface range and accesses the Interface Range mode mac access group port In the Interface Port Channel Config mode attaches a MAC ACL to channel the selected port channel mac access list extended Creates a MAC Access Control List ACL identified by name consisting of classification fields defined for the Layer 2 header of an Ethernet frame show mac access lists Displays the rules defined for the MAC access list specified by name show mac access lists This command displays the rules defined for all MAC ACLs or that specified by name Syntax show mac access lists name Mode Privileged Exec 292 ACL Commands Field Descriptions Field Descriptions Related Commands show mac access lists When the command is used with the name option the report displays details for the identified MAC access list in the following fields Rule Number The ordered rule number identifier defined within the ACL Action Displays the action associated with each rule The possible values are Permit or Deny Match all TRUE OR FALSE Source MAC Address Displays the source MAC address for this rule Source MAC Mask Displays the source MAC mask for this rule Destination MAC Address Displays the destination MAC address for this rule Destination MAC Mask Displays the destination MAC mask fo
155. d logical or physical interface Commands interface vlan Creates a new VLAN and accesses the Interface VLAN mode for it or selects an existing VLAN and accesses the Interface VLAN mode for it port channel SFTOS Command Reference for the S2410 Version 2 4 1 0 111 monitor session monitor session Syntax Parameters Default Mode Usage Information Related Commands 112 This command adds a mirrored port source port or probe port destination port to a session identified with the session ID of 1 In all released versions of SFTOS the session is always 1 no monitor session 1 destination interface unit slot port source interface unit slot port mode destination interface Specify the probe port target port The probe port can be a VLAN unit slot port member only if you first add the port to a VLAN and then configure it as a probe port source interface unit Specify the source interface mirrored port The port can be a part of slot port any VLAN mode Enable disable the port mirroring session See monitor session 1 mode on page 113 To remove the destination port use no monitor session 1 destination interface To remove a source port use no monitor session 1 source interface unit slot port In other words removing the source interface requires specifying the port to be removed but removing the destination port does not require specifying the destination port since there can b
156. ddress is applied frames with that source address will be permitted Logically then if a port that does not have port security enabled has an ACL applied and then port security is enabled the ACL takes precedence and port security is ignored as above In either case if all ACLs are removed from the port port security will become active if it is still configured as such When port security is disabled on a port after having been enabled all MAC table entries associated with that port are flushed This command enables port locking at the system level Global Config or port level Interface Config The no version of this command disables port locking at the system level Global Config or port level Interface Config Syntax no port security Default Disabled Modes Global Config and Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Comm and Version 2 3 Added Interface VLAN and Interface Range modes History Related interface Identifies an interface and enters the Interface Config mode Commands interface range Defines an interface range and accesses the Interface Range mode port security max dynamic This command sets the maximum of dynamically locked MAC addresses allowed on a specific port The no version of this command resets the maximum of dynamically locked MAC addresses allowed on a specific port to its default value
157. de Global Config Command History Version 2 3 Modified Moved from Privileged Exec mode to Global Config mode Rel PRA ip ssh server enable Enable disable SSH services session limit This command specifies the maximum number of simultaneous outbound telnet sessions A value of 0 indicates that no outbound telnet session can be established Syntax session limit 0 5 Use no session limit to set the maximum number of simultaneous outbound telnet sessions to the default value Default 5 Mode Line Config session timeout This command sets the outbound Telnet session timeout value Syntax no session timeout 7 760 The timeout value unit of time is minutes SFTOS Command Reference for the S2410 Version 2 4 1 0 89 show telnet show telnet telnet Default Mode Syntax Modes Syntax Modes The no version of this command sets the outbound Telnet session timeout value to the default 1 minute Line Config This command displays the current outbound telnet settings show telnet Privileged Exec and User Exec Outbound Telnet Login Timeout in minutes Indicates the number of minutes an outbound telnet session is allowed to remain inactive before being logged off A value of 0 which is the default results in no timeout Maximum Number of Outbound Telnet Sessions Indicates the number of simultaneous outbound telnet connections allowed Allow New Outbound Telnet Sessions Indicates
158. ding FTOS Version 6 2 1 3 Release Field Alerts More My Open RMA Force10 TCP Timestamp Security p A Advisory There are no pending RMAs for you at this time Forcei0 ICMP Attacks against TCP Advisor Hot Topics FAQs Mismatched Chassis Type on M Redundant RPM Force10 Service and Support Guide Incorrect LC EE3 RPM DIMM size icc LU DUE A Technical Tip Restricting VTY Access Force10 TCP Security Advisory Technical Tip Adjusting MTU and Configuring Jumbo Frames Settings Figure 1 Force10 Networks iSupport Website The i Support website www forcelO0networks com support contains five tabs e Home Summary of open cases RMA management and field notices as shown above Service Request Case management Software Center Software downloads bug fixes and bug tracking tool About This Guide e Documents User documentation FAQs field notices technical tips and white papers e Support Programs Information on the complete suite of Force10 support and professional support services For more on using the iSupport website and accessing services see the Force10 Service and Support Guide available on the Home tab as displayed above You can also contact the Force10 Technical Assistance Center TAC by email or phone For details click the Contact Support link on the Support page of http www forcel0networks com SFTOS Command Reference for the S2410 Version 2 4 1 0 25 26 About This Guide
159. dmin user has Read Write access There can only be one Read Write user and up to five Read Only users SNMPv3 Access Mode This field displays the SNMPv3 Access Mode If the value is set to ReadWrite the SNMPv3 user will be able to set and retrieve parameters on the system If the value is set to ReadOnly the SNMPv3 user will only be able to retrieve parameter information The SNMPv3 access mode may be different than the CLI and Web access mode SNMPv3 Authentication This field displays the authentication protocol to be used for the specified login user SNMPv3 Encryption This field displays the encryption protocol to be used for the specified login user username passwd This command adds a new user account if space permits along with the user s password This command replaces the users name and users passwd commands which have been removed from SFTOS Syntax username user passwd password To remove a user use the no username user command To delete or change a password remove and reenter the user with the new password Note The admin user account cannot be deleted Parameters user Enter a string to represent the new user s name The name can be up to eight characters in length The name can be comprised of alphanumeric characters as well as the dash and underscore _ password password Enter the keyword password followed by a new password which cannot be more than eight alphanumeric ch
160. ds The no cos queue max bandwidth command restores the default for each queue s maximum bandwidth value Global Config Version 2 4 1 Introduced cos queue min bandwidth Specify the minimum transmission bandwidth guarantee for each interface queue traffic shape Specify the maximum transmission bandwidth limit for the interface as a whole min bandwidth This command specifies the minimum transmission bandwidth guarantee for each interface queue The total number of queues supported per interface is platform specific four in the 2410 cos queue min bandwidth bw 0 bw 3 The no cos queue min bandwidth command restores the default for each queue s minimum bandwidth value Global Config Version 2 4 1 Modified Removed Interface Config mode cos queue max bandwidth Specify the maximum transmission bandwidth guarantee for each interface queue cos queue random detect Syntax Modes 278 This command activates weighted random early discard WRED for each specified queue up to four in the 2410 no cos queue random detect queue id queue id queue id queue id The no version of this command disables WRED thereby restoring the default tail drop operation for the specified queue s Global Config Quality of Service QoS Commands Usage Command History Related Commands cos queue strict Specific WRED parameters are configured using the random detect queue parms and
161. ds since the statistics for this switch were last cleared Example 2 orce10 show interface ethernet 1 0 1 TYDGQ c ue e v pre erede nr ee ee MIAA REE Normal Admin Modeese2n 5eseseeveevgnsenv emo v SS bad wees Enable Physicals MO Sis sr ae E ater indy oh steDelsustene etse owe a Auto Physical OBA S66 acne RUM INO SA RMD NICE Up Speed eee CEOS SESE EE X Xd X GO NU EN SOS Oe SES 1 Gig PINE Se AR USEY gna e poenis usum deu eene reti eU alten elise lone Up IAG AAAG S ea v d ew yaa eren mn em EUNTEM 0001 E8D5 A0F8 Total Packets Received Octets ee 15508603844 Packets Received gt 1522 Octets lees 0 Packets RX and TX 64 OCtetS4 l4 SRI 0 Packets RX and TX 65 127 Octets 216200946 Packets RX and IX 128 255 Octets e e oe 2441 More Figure 11 Example of show interface ethernet unit slot port Output truncated SFTOS Command Reference for the S2410 Version 2 4 1 0 69 show interface ethernet The show interface ethernet display fields when the argument is unit slot port are as follows Table 8 Fields in Output of show interface ethernet unit slot port Command Field Description Packets Received Type Indicates current type of use of the port such as PC Mbr to indicate port channel member Mirror to indicate source port for port mirroring Probe to indicate destination port for mirroring and most commo
162. e 2 Start Boot Menu Select 1 2 3 If you want to access the Boot menu quickly press 2 and Enter See Using the Boot Menu on page 32 Otherwise wait until SFTOS finishes loading and the User prompt appears If the Unit prompt appears first wait The device initial state is called the default mode 4 Type the word admin in the login area Do not enter a password because there is no password in the default mode SFTOS Command Reference for the S2410 Version 2 4 1 0 31 5 Press ENTER two times The prompt of the User Exec mode of the CLI is displayed 6 Enter enable to switch to the Privileged Exec mode You can run all show commands from this mode while some show commands do not run from User Exec mode Enter configure to access the Global Config mode to enter configuration commands 8 Enter exit if you need to return to any previous mode Using the Boot Menu 32 The Boot menu is part of the boot code system software that loads before SFTOS and is separate from SFTOS After you plug the switch in to power or after you execute the reload CLI command the boot code displays the following options as shown in Figure 2 Select an option If no selection in 2 seconds then operational code will start 1 Start operational code 2 Start Boot Menu Select 1 2 1 Press 2 and Enter quickly to access the Boot menu Force10 reload N Management switch has unsaved changes Would you like
163. e Syntax Default Mode This command is used to specify the number in a range from 2 10 of packets a DHCP server sends to a pool address as part of a ping operation Setting the number of ping packets to 0 is the same as no ip dhcp ping packets and will prevent the server from pinging pool addresses ip dhcp ping packets 0 2 10 Use no ip dhcp ping packets to prevent the server from pinging pool addresses and will set the number of packets to 0 2 Global Config This command configures a DHCP address pool name on a DHCP server and enters DHCP Pool Config mode ip dhcp pool name The no version of this command removes the DHCP address pool The name should be a previously configured pool name none Global Config Mode This command configures the duration of the lease for an IP address that is assigned from a DHCP server to a DHCP client The overall lease time should be between 1 86400 minutes If infinite is specified lease is set for 60 days Days is an integer from 0 to 59 Hours is an integer from 0 to 1439 Minutes is an integer from 0 to 86399 The no version of this command restores the default value of the lease time for DHCP Server lease days hours minutes infinite 1 day DHCP Pool Config SFTOS Command Reference for the S2410 Version 2 4 1 0 209 network network This command is used to configure the subnet number and mask for a DHCP address pool on the server Network number is a
164. e DHCP Pool Config SFTOS Command Reference for the S2410 Version 2 4 1 0 207 ip dhcp bootp automatic ip dhcp bootp automatic Syntax Default Mode This command enables the allocation of the addresses to the bootp client The addresses are from the automatic address pool The no version of this command disables the allocation of the addresses to the bootp client The address are from the automatic address pool ip dhcp bootp automatic disable Global Config ip dhcp conflict logging Syntax Default Mode This command enables conflict logging on DHCP server The no version of this command disables conflict logging on DHCP server ip dhcp conflict logging enabled Global Config ip dhcp excluded address Syntax Default Mode 208 This command specifies the IP addresses that a DHCP server should not assign to DHCP clients Low address and high address are valid IP addresses each made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid ip dhcp excluded address owaddress highaddress The no version of this command removes the excluded IP addresses for a DHCP client Low address and high address are valid IP addresses each made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid none Global Config DHCP Server Commands ip dhcp ping packets ip dhcp ping packets Syntax Default Mode ip dhcp pool Syntax Default Mode leas
165. e command name e The keywords local and burnedin are in curly braces and separated by a veritcal bar to indicate that you must one If instead of curly braces brackets were used a keyword would be optional Command Parameters e Parameters are order dependent e Parameters are displayed in this document in italic font which must be replaced with a name or number e To use spaces as part of a name parameter enclose it in double quotes For example the expression System Name with Spaces forces the system to accept the spaces e Parameters may be mandatory values optional values choices or a combination 40 Using the Command Line Interface Words in italics also sometimes shown in brackets lt parameter gt indicate that a mandatory parameter must be entered in place of the brackets and text inside them parameter square brackets indicate that an optional parameter may be entered in place of the brackets and text inside them choicel choice2 pipe indicates that only one of the parameters should be entered parameter curly braces indicate that a parameter must be chosen from the list of choices No Form of a Command No is a specific form of an existing command and does not represent a new or distinct command Only the configuration commands are available in the no form The behavior and the support details of the no form is captured as part of the mapping sheets Almost every conf
166. e for SNTP clients SFTOS Command Reference for the S2410 Version 2 4 1 0 219 show snip server show sntp server This command is used to display SNTP server settings and configured servers Syntax show sntp server Mode Privileged Exec forcel0 show sntp server N Server IP Address Example Server Type unknown Server Stratum 0 Server Reference Id Server Mode Reserved Server Maximum Entries 3 Server Current Entries 0 No SNTP Servers exist aaa J Figure 49 show sntp server Command Example Field Server IP Address IP address of configured SNTP server Descriptions Server Type Address type of server Server Stratum Claimed stratum of the server for the last received valid packet Server Reference ID Reference clock identifier of the server for the last received valid packet Server Mode SNTP server mode Server Max Entries Total number of SNTP Servers allowed Server Current Entries Total number of SNTP configured For each configured server IP Address IP Address of configured SNTP Server Address Type Address Type of configured SNTP server Priority IP priority type of the configured server Version SNTP version number of the server The protocol version used to query the server in unicast mode Port Server port number Last Attempt Time Last server attempt time for the specified server Last Attempt Status L ast server attempt status for the server Total Unicast Reque
167. e of LeaveAllTime to 1 5 LeaveAllTime Permissible values are 200 to 6000 centiseconds 2 to 60 seconds The factory default is 1000 centiseconds 10 seconds The finest granularity of specification is 1 centisecond 0 01 seconds Port GMRP Mode lIndicates the GMRP administrative mode for the port It may be enabled or disabled If this parameter is disabled Join Time Leave Time and Leave All Time have no effect The factory default is disabled Port GVRP Mode Indicates the GVRP administrative mode for the port It may be enabled or disabled If this parameter is disabled Join Time Leave Time and Leave All Time have no effect The factory default is disabled show mac address table gmrp This command displays the GARP Multicast Registration Protocol GMRP entries in the Multicast Forwarding Database MFDB table Syntax show mac address table gmrp Mode Privileged Exec Mac Address A unicast MAC address for which the switch has forwarding and or filtering information The format is 6 or 8 two digit hexadecimal numbers that are separated by colons for example 01 23 45 67 89 AB In a system the MAC address will be displayed as 8 bytes Type This displays the type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Description The text description of this multicast table entry Interfaces The list of interfaces tha
168. e only one destination port None Global Config Note the restrictions described above on using mirrored and probe ports in VLANs Furthermore if either port is ina VLAN then the other port must also be in the same VLAN Remove an existing source or destination port before replacing it with another For more on configuring port monitoring port mirroring see the Port Mirroring chapter of the SFTOS Configuration Guide monitor session 1 mode Sets the monitor session port monitoring mode to enabled no monitor Removes the destination port and all source ports from the mirroring configuration show monitor session Shows the mirroring configuration System Configuration Commands monitor session 1 mode monitor session 1 mode Syntax Default Mode Related Commands no monitor Default Syntax Mode This command sets the monitor session port monitoring mode to enabled The probe and monitored ports must be configured before port monitoring can be enabled When enabled the probe port monitors all traffic received and transmitted on the physical monitored port It is not necessary to disable port monitoring before modifying the probe and monitored ports A session is operationally active if and only if both a destination port and at least one source port is configured If neither is true the session is inactive A port configured as a destination port acts as a mirroring port when the session is oper
169. e protocols associated with This chapter particular group IDs tagged Configure tagging for a specific VLAN This chapter untagged port Virtual LAN VLAN commands in this section are clear vlan on page 121 e description on page 122 e encapsulation VLAN on page 123 interface vlan on page 123 e makestatic on page 124 e mtu VLAN on page 125 e name VLAN on page 125 network mgmt vlan on page 126 System Configuration Commands clear vlan Syntax Default clear vlan participation VLAN on page 126 priority VLAN on page 126 protocol group on page 127 protocol vlan group on page 127 protocol vlan group all on page 128 pvid VLAN on page 128 show vlan on page 129 show vlan port on page 130 tagged on page 131 untagged on page 132 vlan on page 132 vlan acceptframe on page 133 vlan database on page 133 vlan ingressfilter on page 133 vlan participation interface on page 133 vlan participation all on page 134 vlan port acceptframe on page 134 vlan port ingressfilter all on page 134 vlan port pvid all on page 134 vlan port tagging all on page 135 vlan protocol group on page 136 vlan protocol group add protocol on page 136 vlan protocol group remove on page 136 vlan pvid on page 137 vlan tagging on page 137 Note For information on commands related to the management VLAN see General System Management and Information Commands on page 55 most specifically interface manageme
170. e range conf if range vlan 10 20 Figure 22 Bulk Configuration Warning Message Figure 23 is an example of a correctly formatted single range bulk configuration Example Forcel0 config interface range ethernet 5 0 1 5 0 23 Forcel0 config if range no shutdown Forcel0 config if range Figure 23 Single Range Bulk Configuration Figure 24 shows how to use commas to add different interface types to the range enabling all Gigabit Ethernet interfaces in the range 5 1 to 5 23 and both 10 Gigabit Ethernet interfaces 1 0 49 and 1 0 50 Example Forcel0 config interface range ethernet 5 0 1 23 1 0 49 1 0 50 Forcel0 config if range no shutdown Forcel0 config if range Figure 24 Multiple Range Bulk Configuration for Gigabit Ethernet Use the show running config command to view the VLAN and port channel interfaces VLAN or port channel interfaces that are not displayed in the show running config command cannot be used with the bulk configuration feature of the interface range command Note that you can only modify not create virtual interfaces ethernet port channel VLAN using the interface range command Note If a range has VLAN physical and port channel interfaces only commands related to physical interfaces can be bulk configured To configure commands specific to VLAN or port channel only those respective interfaces should be configured in a particular range Related interface Accesses the Interface Config mode for a designate
171. e stack view opens in a separate window Figure 6 Switch Navigation Icon in Web UI To enable the icon execute the command ip http javamode enable from Global Config mode Alternatively you can use the Network Connectivity Configuration panel Traverse the Navigation tree left side of page in this sequence System gt gt Configuration gt gt Network Connectivity Configuration For details see the Web User Interface chapter in the SFTOS Configuration Guide SFTOS Command Reference for the S2410 Version 2 4 1 0 53 54 Using the Web User Interface System Management Commands The commands in this chapter either manage the switch in general configure management interfaces or show current management settings For every configuration command there is a show command that displays the configuration setting This chapter contains the following major sections General System Management and Information Commands Telnet Commands on page 87 Serial Commands on page 91 SNMP Management Commands on page 94 copy command see System Configuration Commands on page 105 Note For information on system configuration and utility commands such as the gt For information on configuring and accessing the SFTOS Web User Interface Web Ul see Using the Web User Interface on page 51 General System Management and Information Commands This section describes the following commands dir on page 56 hostname on page 57
172. e to the default value in other words 32768 spanning tree mst priority mstid 0 61440 no spanning tree mst priority mstid 32768 Global Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Added Interface Range mode interface Identifies an interface and enters the Interface Config mode interface range Defines an interface range and accesses the Interface Range mode spanning tree mst vlan Syntax Mode This command adds an association between a multiple spanning tree instance and a VLAN The VLAN will no longer be associated with the common and internal spanning tree The instance mstid is a number that corresponds to the desired existing multiple spanning tree instance The vlanid corresponds to an existing VLAN ID The no version of this command removes an association between a multiple spanning tree instance and a VLAN The VLAN will again be associated with the common and internal spanning tree The instance mstid is a number that corresponds to the desired existing multiple spanning tree instance The vianid corresponds to an existing VLAN ID spanning tree mst vlan mstid vlanid no spanning tree mst vlan mstid vlanid Global Config spanning tree port mode enable 272 This command sets the Administrative Switch Port State for this port to enabled The no version of this command sets the Administrative Switch Port State f
173. eCallback Received an interface event callback while not in EXECUTE state 6 JAN 04 10 23 54 0 0 0 0 1 UNKN 237531112 filter cfg c 1148 21962 filterIntfChangeCallback Received an interface event callback while not in EXECUTE state 6 JAN 04 10 23 54 0 0 0 0 1 UNKN 237531112 filter cfg c 1148 21963 filterIntfChangeCallback Received an interface event callback while not in EXECUTE state 6 JAN 04 10 23 54 0 0 0 0 1 UNKN 237531112 filter cfg c 1148 21964 filterIntfChangeCallback Received an interface event callback while not in EXECUTE state 6 JAN 04 10 23 54 0 0 0 0 1 UNKN 237531112 filter cfg c 1148 121965 filterIntfChangeCallback Received an interface event callback while not in EXECUTE state 6 JAN 04 10 23 54 0 0 0 0 1 UNKN 237531112 filter cfg c 1148 21966 filterIntfChangeCallback Received an interface event callback while not in EXECUTE state More or q uit P Figure 38 Sample Output from the show logging Command show logging hosts This command displays configured logging hosts Syntax show logging hosts unit The unit variable is the host index Mode Privileged Exec SFTOS Command Reference for the S2410 Version 2 4 1 0 155 show logging traplogs Fields in the report include Index An integer from 1 to 8 used for removing the associated syslog host IP Address IP Address of the configured sys
174. eGR EAEGG e GG HERE ETS MER SORT RES 241 set igmp groupmembership interval global 0 0 cee ees 241 set igmp groupmembership interval interface 22e 242 n IND IDEE Laustbea paite ERA doped a boe Qr EO dq ge do Peqop X deba 242 sel iomp IIOHSCEROUO BE acsoaacesaaquesd dece a a adea aca doa cde na Ra e ede ea edd 242 set igmp maxresponse global l sell ieleeleleese hh hh hun 243 set Imp maxresponse interfaca ocd peas deb eed baw bee eee HAS Na RETIRER ERTAE EA 243 set gmp mcrtexpiretme global Jia sss suu cab eae oeen bbe de ORDSRR RT HOR RAGES BORA 244 set igmp mcrtexpiretime interface sls 244 SHON toss wis prow Rowe dees qe diua dq pcd UE ardore aM d eres 245 SHOW O P NOOP uoxadqdetesdboANPUTas usqagxVe uy epberbwpdsaQspgesaledasa 245 show igmpsnooping TSSEIORVE 4445650546 455 2444 89 GG RR PERO REER C RRRRORESG EC ENG a 246 show igmpsnooping mrouter interface 2056 i bok ow KATA eu RRR REED A ARR RA RE Rod 246 show mac adaress table igmpsnooping ssieeie hh hn 247 Contents Chapter 15 LAG Port Channel Commands e ccceuuuiieR ru rtr ant o heres aes 249 ior Mte NEN T P xn 249 deleteport interface config 02 cc hh hh hh hh 250 WEIN Igi ans DOE iuda d bed iecamqed ede nsa Melee se dbo Risque qiu qaaa d 251 PORO uas adag Saa deca d RR ed e map d dad niet qae soos ecd de 251 port channel enable ali global sese edgkevisqwektePtirea RebpEed I amp d t d d rp RO A Ed 251 port
175. eated the protocol group will be assigned a unique number that will be used to identify the group in subsequent commands Syntax vlan protocol group groupname Mode Global Config vlan protocol group add protocol This command adds the protocol to the protocol based VLAN identified by groupid A group may have more than one protocol associated with it Each interface and protocol combination can only be associated with one group If adding a protocol to a group causes any conflicts with interfaces currently associated with the group this command will fail and the protocol will not be added to the group The possible values for protocol are ip arp and ipx The no version of this command removes the protocol from this protocol based VLAN group that is identified by this groupid The possible values for protocol are ip arp and ipx Syntax no vlan protocol group add protocol groupid protocol Default None Mode Global Config vlan protocol group remove This command removes the protocol based VLAN group that is identified by this groupid Syntax vlan protocol group remove groupid Mode Global Config 136 System Configuration Commands vian pvid Mode Command History Related Commands vlan tagging Mode Command History Related Commands vlan pvid This command changes the VLAN ID per interface Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if r
176. eceived Multiple Spanning Tree Protocol Bridge Protocol Data Units received Dot1x Statistics EAPOL Frames Received The number of valid EAPOL frames of any type that have been received by this authenticator EAPOL Frames Transmitted The number of EAPOL frames of any type that have been transmitted by this authenticator Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this port were last cleared ip address management Configures the IP address of the management interface show interface Displays a summary of statistics for a specific port or a count of all CPU traffic based upon the argument show interface switchport Displays a summary of statistics on Layer 2 interfaces System Management Commands show interface managementethernet show interface managementethernet Syntax Mode Command History Usage Information This command displays information about the management address of the switch show interface managementethernet Privileged Exec Version 2 3 Modified Added the keyword managementethernet to show interface to provide the information that had been available through the show network command The display parameters of the show interface command when the keyword is managementethernet are as follows Table 9 Fields in Output of show interface managementethernet command Field De
177. ecimal value from 0x0600 OxFFFF The currently supported ethertypekey values are appletalk arp ibmsna ipv4 ipv6 ipx mplsmcast mplsucast netbios novell pppoe and rarp Each of these translates into its equivalent Ethertype value s as shown in Table 23 Table 23 Ethertype Keyword and 4 digit Hexadecimal Value Ethertype Keyword Corresponding Value appletalk 0x809B arp 0x0806 ibmsna 0x80D5 ipv4 0x0800 ipv6 0x86DD ipx 0x8037 mplsmcast 0x8848 mplsucast 0x8847 netbios 0x8191 SFTOS Command Reference for the S2410 Version 2 4 1 0 289 mac access list extended Mode Related Commands Table 23 Ethertype Keyword and 4 digit Hexadecimal Value continued Ethertype Keyword Corresponding Value novell 0x8137 0x8138 pppoe 0x8863 0x8864 rarp 0x8035 The assign queue and redirect parameters are only valid for a permit rule Mac Access List Config interface range Identify an interface range and access the Interface Range mode mac access group port channel In the Interface Port Channel Config mode attach a MAC ACL to the selected port channel mac access group Attach a specific MAC Access Control List ACL identified by name to an interface in the ingress direction mac access list extended Create a MAC ACL show mac access lists Display the rules defined for the MAC access list specified by name mac access lis
178. el LAG The possible values are Disable Spanning tree is disabled for this port Enable Spanning tree is enabled for this port Mbr Ports A listing of the ports that are members of this port channel LAG in unit slot port notation There can be a maximum of eight ports assigned to a given port channel LAG Port Soeed Speed of the port channel port Type This field displays the status designating whether a particular port channel LAG is statically or dynamically maintained Static The port channel is statically maintained Dynamic The port channel is dynamically maintained Active Ports This field lists the ports that are actively participating in the port channel LAG show port channel summary Syntax Mode Display the static capability of all LAGs on the device as well as a summary of individual LAGs show port channel Privileged Exec Static Capability whether the device has static capability enabled port channel LAG Summary Lag Name The name of the lag Link State Indicates whether the Link is up or down Mbr Ports A listing of the ports that are members of this lag in slot port notation Active Ports A listing of ports that are actively participating in the LAG SFTOS Command Reference for the S2410 Version 2 4 1 0 257 shutdown shutdown This command disables the selected LAG port channel The no version of this command enables the selected LAG Syntax no shutdo
179. en 20 ms and 150 ms The total number of packets received that were less than 64 octets in length excluding framing bits but including FCS octets Alignment Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with a non integral number of octets Rx FCS Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets Overruns Received Packets not forwarded The total number of frames discarded as this port was overloaded with incoming packets and could not keep up with the inflow Total A count of valid frames received which were discarded i e filtered by the forwarding process SFTOS Command Reference for the S2410 Version 2 4 1 0 71 show interface ethernet Table 8 Fields in Output of show interface ethernet unit slot port Command continued Field Description Local Traffic Frames The total number of frames dropped in the forwarding process because the destination address was located off of this port 802 3x Pause Frames Received A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation This counter does not increm
180. enable interface igmp enable interface Syntax Default Mode Command History Related Commands This command enables IGMP Snooping on a selected interface If an interface that has IGMP Snooping enabled is enabled for routing or is enlisted as a member of a LAG port channel IGMP Snooping functionality will be disabled on that interface IGMP Snooping functionality will subsequently be re enabled if routing is disabled or LAG membership is removed from that interface no igmp enable disabled Interface Config Interface VLAN Version 2 3 Revised from set igmp Added Interface VLAN mode igmp enable global This command enables IGMP Snooping on the system show igmpsnooping X Displays IGMP Snooping status igmp enable global Syntax Default Mode Command History Related Commands 236 This command enables IGMP Snooping on the system The default value is disabled Note The IGMP application supports the following Global configuration or per interface configuration Per VLAN configuration is unsupported in the IGMP Snooping application Validation of the IP header checksum as well as the IGMP header checksum and discarding of the frame upon checksum error Maintenance of the forwarding table entries based on the MAC address versus the IP address Flooding of unregistered multicast data packets to all ports in the VLAN no igmp enable disabled Global Confi
181. ent when the interface is operating in half duplex mode Unacceptable Frame Type The number of frames discarded from this port due to being an unacceptable frame type VLAN Membership Mismatch The number of frames discarded on this port due to ingress filtering VLAN Viable Discards The number of frames discarded on this port when a lookup on a particular VLAN occurs while that entry in the VLAN table is being modified or if the VLAN has not been configured Multicast Tree Viable Discards Reserved Address Discards The number of frames discarded when a lookup in the multicast tree for a VLAN occurs while that tree is being modified The number of frames discarded that are destined to an IEEE 802 1 reserved address and are not supported by the system Broadcast Storm Recovery The number of frames discarded that are destined for FF FF FF FF FF FF when Broadcast Storm Recovery is enabled CFI Discards The number of frames discarded that have CFI bit set and the addresses in RIF are in non canonical format Upstream Threshold The number of frames discarded due to lack of cell descriptors available for that packet s priority level Packets Transmitted Octets Total Bytes The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets This object can be used as a reasonable estimate of ethernet utilization I
182. entisecond 0 01 seconds Leave Timer Specifies the period of time to wait after receiving an unregister request for an attribute before deleting the attribute Current attributes are a VLAN or multicast group This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service There is an instance of this timer on a per Port per GARP participant basis Permissible values are 20 to 600 centiseconds 0 2 to 6 0 seconds The factory default is 60 centiseconds 0 6 seconds The finest granularity of specification is 1 centisecond 0 01 seconds LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are generated A LeaveAll PDU indicates that all registrations will shortly be deregistered Participants will need to rejoin in order to maintain registration There is an instance of this timer on a per Port per GARP participant basis The Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1 5 LeaveAllTime Permissible values are 200 to 6000 centiseconds 2 to 60 seconds The factory default is 1000 centiseconds 10 seconds The finest granularity of specification is 1 centisecond 0 01 seconds Port GMRP Mode lIndicates the GMRP administrative mode for the port It may be enabled or disabled If this parameter is disabled Join Time Leave Time and Leave All Time have no effect The factory default is disabled Port GVR
183. er 17 Quality of Service QoS Commands on page 275 QoS DiffServ is not supported The ip dscp parameter of the classofservice trust command is not supported See classofservice trust on page 277 Maximum number of ACLs increased from 100 to 1024 Maximum MAC ACL rules per ACL increased from 8 to 64 Only MAC ACLs with a source MAC are supported cannot configure with a destination MAC Deprecated Commands In SFTOS 2 4 1 the following VLAN commands in the Global Config and Interface Config modes exist in the CLI but are deprecated They appear in the CLI but do not work correctly in some situations and will be removed in the next release vlan acceptframe vlan ingressfilter vlan participation all vlan port acceptframe vlan port ingressfilter all vlan port pvid all vlan port tagging all vlan port untagging all vlan pvid vlan tagging vlan untagging Note To configure VLANs use the interface vlan command Global Config mode to access the commands in VLAN mode See Virtual LAN VLAN Commands on page 120 no port lacpmode enable Interface Config mode and no port lacpmode enable all Global Config mode These commands create configuration elements that do not survive a reload Instead use no port channel staticcapability Global Config mode See port channel staticcapability on page 253 New Features Contents loda ois oc PrUUT 3 DX MA
184. ersion 2 3 Introduced Replaces the network protocol command management route default Sets the IP gateway of the switch interface managementethernet Invokes the Config if ma prompt serviceport ip Syntax Mode Command History This command configures the IP address of the Ethernet Management port service port serviceport ip ipaddr netmask gateway For ipaddr designate an IP address of the Ethernet Management port This is the IP address that you would enter in your Web browser to access that port through the SFTOS Web User Interface The default is 0 0 0 0 For netmask designate a 4 digit dotted decimal number that represents the subnet mask of the Ethernet Management port IP address The value for gateway is the gateway IP address to the Ethernet Management port IP address The default is 0 0 0 0 Enter no serviceport ip address to remove the IP address configuration Global Config mode Version 2 4 1 Introduced SFTOS Command Reference for the S2410 Version 2 4 1 0 63 serviceport protocol Related Commands serviceport protocol Set the network configuration protocol to be used for configuring access to the Ethernet Management port show serviceport Display the IP configuration and MAC address of the Ethernet Management port serviceport protocol Syntax Default Mode Command History Related Commands This command specifies the network configuration protocol to be used for
185. es logging to any configured syslog server Use no logging syslog to disable syslog logging Syntax logging syslog Default disabled localO Mode Global Config show logging logging syslog This command displays a combination of the system log and event log buffered log Syntax show logging Mode Privileged Exec Example Log Messages Log Messages Log Messages Log Messages EVENT ERROR EVENT ERROR EVENT ERROR EVENT ERROR EVENT EVENT EVENT EVENT EVENT EVENT EVENT EVENT EVENT EVENT EN Event Log File bootos Force10 show logging Logging Client Local Port CLI Command Logging Console Logging Console Logging Severity Filter Buffered Logging Syslog Logging Received Dropped Relayed Ignored C unitmgr c bootos C unitmgr c bootos C unitmgr c bootos C unitmgr c bootos bootos bootos bootos bootos bootos bootos bootos bootos bootos ForcelO 4 Qo 100 000 000 514 disabled disabled alert enabled disabled 0 5 0 0 0 Line TaskID 434 3325 434 3325 434 3325 430 3325 430 430 430 430 430 430 430 430 430 430 CO QOOOOOOOOOoOoooocococcocco T 3 j Code AAAAAAAA 00000000 AAAAAAAA 00000000 AAAAAAAA 00000000 AAAAAAAA 00000000 a 5 3 n CcOOOoOOoocooooococouocooonaeooo COOOOOOOoOOooooococcotM moococ OOooooooooonPo o o Figure 37 S
186. es with no minor modifications Use the show running config command to capture the running configuration into a script Use the copy command See copy on page 139 to transfer the configuration script to from the switch Note The file extension must be scr A maximum of ten scripts are allowed on the switch The combined size of all script files on the switch shall not exceed 500 KB Configuration script files are not distributed across the stack and only live in the unit that is the master unit at the time of the file download The commands in this section are e script apply on page 147 e script delete on page 147 e script list on page 147 e script show on page 148 e script validate on page 148 System Configuration Commands script apply script apply This command applies the commands in the configuration script to the switch The apply command backs up the running configuration and then starts applying the commands in the script file Application of the commands stops at the first failure of a command The scriptname parameter is the name of the script to be applied Syntax script apply scriptname Mode Privileged Exec script delete This command deletes a specified script where the scriptname parameter is the name of the script to be deleted The all option deletes all the scripts present on the switch Syntax script delete scriptname all Parameters scriptname File name of configuration script wi
187. esignated for forwarding Fwd and filtering Flt Related show mac address table Depending on selected display parameters displays various Commands Multicast Forwarding Database MFDB information show mac addr table Displays forwarding database entries SFTOS Command Reference for the S2410 Version 2 4 1 0 247 show mac address table igmpsnooping 248 IGMP Snooping Commands LAG Port Channel Commands This section provides syntax details of the Link Aggregation Group LAG commands 802 3ad also called port channel port trunking and other terms The commands in this chapter are addport addport deleteport interface config on page 250 deleteport global config on page 251 port channel on page 251 port channel enable all global on page 251 port channel enable interface on page 252 port channel linktrap on page 252 port channel name on page 253 port channel staticcapability on page 253 port lacpmode on page 253 port lacpmode enable all on page 254 port lacptimeout global on page 254 port lacptimeout interface on page 255 show port channel brief on page 255 show port channel on page 256 show port channel summary on page 257 shutdown on page 257 In Interface Config mode for a selected port this command adds the port to the designated LAG port channel Note The addport command is also available in Interface Config mode for a selected LAG but the command is non functional in t
188. est packets retransmitted to this RADIUS authentication server Access Accepts The number of RADIUS Access Accept packets including both valid and invalid packets which were received from this server Access Rejects The number of RADIUS Access Reject packets including both valid and invalid packets which were received from this server Access Challenges The number of RADIUS Access Challenge packets including both valid and invalid packets which were received from this server Malformed Access Responses The number of malformed RADIUS Access Response packets received from this server Malformed packets include packets with an invalid length Bad authenticators or signature attributes or unknown types are not included as malformed access responses Bad Authenticators The number of RADIUS Access Response packets containing invalid authenticators or signature attributes received from this server Pending Requests The number of RADIUS Access Request packets destined for this server that have not yet timed out or received a response Timeouts The number of authentication timeouts to this server Unknown Types The number of RADIUS packets of unknown types which were received from this server on the authentication port Packets Dropped The number of RADIUS packets received from this server on the authentication port and dropped for some other reason TACACS Commands SFTOS supports Terminal Access Controller Access Co
189. etion Exit go to next lower command prompt Obtaining Help at the Command Line As soon as you are in a command mode there are several ways to access help e To obtain a list of keywords at any command mode do the following Enter a at the prompt or after a keyword There must always be a space before the e To obtain a list of keywords with a brief functional description do the following Enter help at the prompt e To obtain a list of available options do the following Type a keyword followed by a space and a SFTOS Command Reference for the S2410 Version 2 4 1 0 43 e Type a partial keyword followed by a A display of keywords beginning with the partial keyword is listed Figure 4 illustrates the results of entering to get a list of possible keywords f Foxce10 show 758 access lists Display Access List information arp Display Address Resolution Protocol cache authentication Display ordered methods for authentication lists bootpdhcprelay Display the value of BOOTP DHCP relay parameters class map Display DiffServ Class information classofservice Display class of service information diffserv Display DiffServ information dotiq tunnel Display double VLAN Tunneling configuration dot1x Display dotix information dvlan tunnel Display double VLAN Tunneling configuration forwardingdb Display Forwarding Database aging time garp Display Generic Attribute Registration Protocol information
190. eue Prioritization llle 276 Table 23 Ethertype Keyword and 4 digit Hexadecimal Value 20000000e 289 SFTOS Command Reference for the S2410 Version 2 4 1 0 19 20 About This Guide Objectives This guide describes configuration commands for SFTOS 2 4 software which is dedicated to the 2410 models of the S Series line of switches The commands can be accessed from the SFTOS Command Line Interface CLI accessed through the console port or through a Telnet connection and from the Node Manager component of Force10 Networks Management System FTMS This chapter covers the following topics e Objectives e Audience on page 22 How to Use this Guide on page 22 e Related Documents and Sources of Additional Information on page 23 e Products and Services Liability on page 23 e Contact Information on page 23 e Documentation Feedback on page 24 e The iSupport Website on page 24 Note Please note that BGP and bandwidth allocation are not supported in this release but may appear in the command output examples in this document This document is intended as a reference guide for users of the SFTOS CLI commands primarily for syntax information for constructing command input at the CLI Also in some cases screenshot examples are provided Commands that generate reports are called show commands because they all begin with the keyword show The syntax statements for those commands
191. exadecimal format In some systems such as Microsoft DHCP clients the client identifier is required instead of hardware addresses The unique identifier is a concatenation of the media type and the MAC address For example the Microsoft client identifier for Ethernet address c819 2488 f177 is 01c8 1924 88f1 77 where 01 represents the Ethernet media type Refer to the Address Resolution Protocol Parameters section of RFC 1700 Assigned Numbers for a list of media type codes The no version of this command deletes the client identifier no client identifier uniqueidentifier None DHCP Pool Config This command specifies the name for a DHCP client The name is a string consisting of standard ASCII characters The no version of this command removes the client name client name name no client name None DHCP Pool Config SFTOS Command Reference for the S2410 Version 2 4 1 0 205 default router default router This command specifies the default router list for a DHCP client address1 address2 address8 are valid IP addresses each made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid The no version of this command removes the default router list Syntax default router address address2 address amp no default router Default None Mode DHCP Pool Config dns server This command specifies the IP servers available to a DHCP client Address parameters are valid IP addresses each made up o
192. f four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid The no version of this command removes the DNS Server list Syntax dns server address address2 address8 no dns server Default none Mode DHCP Pool Config domain name This command specifies the domain name for a DHCP client The domain specifies the domain name string of the client The no version of this command removes the domain name Syntax domain name domain Default none Mode DHCP Pool Config 206 DHCP Server Commands hardware address hardware address This command specifies the hardware address of a DHCP client The hardware address is the MAC address of the hardware platform of the client consisting of 6 bytes in dotted hexadecimal format The type indicates the protocol of the hardware platform It is 1 for 10 MB Ethernet and 6 for IEEE 802 The no version of this command removes the hardware address of the DHCP client Syntax no hardware address hardware address type Default ethernet Mode DHCP Pool Config host This command specifies the IP address and network mask for a manual binding to a DHCP client Address and Mask are valid IP addresses each made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid The prefix length is an integer from 0 to 32 The no version of this command removes the IP address of the DHCP client Syntax host address mask prefix length no host Default none Mod
193. f frames that exceeded the max permitted frame size This counter has a max increment rate of 815 counts per sec at 10 Mb s Underrun Errors The total number of frames discarded because the transmit FIFO buffer became empty during frame transmission Transmit Discards Total Discards The sum of single collision frames discarded multiple collision frames discarded and excessive frames discarded Single Collision Frames A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision Multiple Collision Frames A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by more than one collision Excessive Collisions A count of frames for which transmission on a particular interface fails due to excessive collisions Port Membership The number of frames discarded on egress for this port due to egress filtering being enabled SFTOS Command Reference for the S2410 Version 2 4 1 0 73 show interface ethernet 74 Related Commands Table 8 Fields in Output of show interface ethernet unit slot port Command continued Field Description VLAN Viable Discards Protocol Statistics The number of frames discarded on this port when a lookup on a particular VLAN occurs while that entry in the VLAN table is being modified or if the VLAN has
194. f greater precision is desired the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval Packets Transmitted 64 Octets The total number of packets including bad packets received that were 64 octets in length excluding framing bits but including FCS octets Packets Transmitted 65 127 Octets The total number of packets including bad packets received that were between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets Packets Transmitted 128 255 Octets The total number of packets including bad packets received that were between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets Packets Transmitted 256 511 Octets The total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets Packets Transmitted 512 1023 Octets 72 The total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets System Management Commands show interface ethernet Table 8 Fields in Output of show interface ethernet unit slot port Command continued Packets Transmitted 1519 1522 Field Description Packets Transmitted 1024 1518 The total number of packets including bad packets received Octets tha
195. face Web UT enabling you to manage your switch through a Web browser and Internet connection To access the switch the Web browser must support HTML version 4 0 or later HTTP version 1 1 or later e JavaScript version 1 2 or later This chapter explains how to set up the switch for the Web UI accessing the Web UI and a brief introduction to the organization of the Web UI For details see the Getting Started and Web User Interface chapters in the SFTOS Configuration Guide along with sample Web UI screenshots in the other chapters of that book Also some command syntax statements in this book are followed by a field called Web User Interface that displays the equivalent panel in the Web UI It is important to note that there are equivalent functions in the Web UI to the terminal interface that is there are usually the same menus to accomplish a task For example when you log in there is a Main Menu with the same functions available and so on To terminate the Web login session close the browser There are several differences between the Web UI and terminal interfaces For example on the Web UI the entire forwarding database can be displayed and the terminal interface only displays 10 entries starting at specified addresses SFTOS Command Reference for the S2410 Version 2 4 1 0 51 Configuring for Web Access To enable Web browser access to the switch 1 Configure the switch for in band connectivity See Manage
196. g Version 2 3 Changed from set igmp system igmp enable interface This command enables IGMP Snooping on a selected interface show igmpsnooping Displays IGMP Snooping status IGMP Snooping Commands igmp fast leave interface igmp fast leave interface Syntax Default Mode Command History Related Commands This command enables or disables IGMP Snooping fast leave admin mode on a selected interface Enabling fast leave allows the switch to immediately remove the Layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC based general queries to the interface Fast leave admin mode should be enabled only on VLANs where only one host is connected to each Layer 2 LAN port to prevent the inadverdent dropping of the other hosts that were connected to the same Layer 2 LAN port but were still interested in receiving multicast traffic directed to that group Also fast leave processing is supported only with IGMP v 2 hosts no igmp fast leave The no version of this command disables IGMP Snooping fast leave admin mode on a selected interface disable Interface Config Interface VLAN Version 2 3 Revised from set igmp fast leave igmp enable global Enables IGMP Snooping on the system show igmpsnooping Displays IGMP Snooping status information igmp groupmembership interval interface Syntax Defa
197. g This command configures the next server in the boot process of a DHCP client Address is the IP address of the next server in the boot process which is typically a Trivial File Transfer Protocol TFTP server The no version of this command removes the boot server list next server address no next server If the next server command is not used to configure a boot server list the DHCP Server uses inbound interface helper addresses as boot servers DHCP Pool Config The command configures DHCP Server options Code specifies the DHCP option code Ascii string specifies an NVT ASCII character string ASCII character strings that contain white space must be delimited by quotation marks Hex string specifies hexadecimal data in hexadecimal character strings is two hexadecimal digits each byte can be separated by a period colon or white space Example a3 4 22 0c a3 4f 22 0c a34 220c 9fed The address specifies an IP address The no version of this command removes the options option code ascii string hex string string2 string8 l ip address address2 address8 SFTOS Command Reference for the S2410 Version 2 4 1 0 211 service dhcp Default Mode service dhcp Syntax Default Mode no option code none DHCP Pool Config This command enables the DHCP server and relay agent features on the router The no version of this command disables the DHCP server and relay agent features service dhcp d
198. g Interface Range which is indicated by the conf if range interface ft prompt such as conf if range vlan 10 20 Interface VLAN Version 2 3 Modified Revised from set igmp maxresponse Added Interface Range mode and Interface VLAN mode igmp enable interface Enables IGMP Snooping on a selected interface interface range Defines an interface range and accesses the Interface Range mode interface Identifies an interface and enters the Interface Config mode interface vlan Identifies a VLAN and enters the Interface VLAN mode set igmp maxresponse Sets the IGMP maximum response time globally global show igmpsnooping Displays IGMP Snooping status information igmp mcrtexpiretime interface Syntax Default Mode Command History This command sets the Multicast router present expiration time on a particular interface no igmp mcrtexpiretime 0 3600 The variable is the amount of time in seconds that a switch will wait for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached The range is 0 to 3600 seconds A value of 0 indicates an infinite timeout i e no expiration The no igmp mcrtexpiretime command sets the Multicast Router Present Expiration time on the interface to 0 A value of 0 indicates an infinite timeout i e no expiration 0 Interface Config Interface Range which is indicated by the conf if range interface
199. gin list to use for non configured users for 802 1x port security This setting is over ridden by the authentication login list assigned to a specific user if the user is configured locally If this value is not configured users will be authenticated using local authentication only 170 Security Commands Syntax Mode dot1x initialize dot1x defaultlogin istname Global Config dot1x initialize Syntax Mode Command History dot1x login Syntax Mode This command begins the initialization sequence on the specified port This command is only valid if the control mode for the specified port is auto If the control mode is not auto an error will be returned dot1x initialize unit slot port Global Config Version 2 3 Modified Moved from Privileged Exec mode to Global Config mode This command assigns the specified authentication login list to the specified user for 802 1x port security The user parameter must be a configured user and the listname parameter must be a configured authentication login list dot1x login user listname Global Config dot1x max req Syntax This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request Identity frame before timing out the supplicant dotlx max req count The count value must be in the range 1 10 The no version of this command sets the maximum number of times the authenticator state machine
200. guration This command displays Generic Attributes Registration Protocol GARP information for one or all interfaces Syntax show gvrp configuration unit slot port all Mode Privileged Exec and User Exec SFTOS Command Reference for the S2410 Version 2 4 1 0 229 show gvrp configuration Example Interface 230 oxce10_850 Show gvrp configuration 0 1 Join Leave LeaveAll Port Interface Timer Timer Timer GVRP Mode centisecs centisecs centisecs 0 1 20 60 1000 Disabled Forcel0 S50 show gvrp configuration all Join Leave LeaveAll Port Interface Timer Timer Timer GVRP Mode centisecs centisecs centisecs 0 1 20 60 1000 Disabled 0 2 20 60 1000 Disabled 0 3 20 60 1000 Disabled 0 4 20 60 1000 Disabled 0 5 20 60 1000 Disabled 0 6 20 60 1000 Disabled 0 7 20 60 1000 Disabled 0 8 20 60 1000 Disabled 0 9 20 60 1000 Disabled 0 10 20 60 1000 Disabled Figure 50 show gvrp configuration Command Output Example Valid unit slot and port number separated by forward slashes Join Timer Specifies the interval between the transmission of GARP PDUs registering or re registering membership for an attribute Current attributes are a VLAN or multicast group There is an instance of this timer on a per Port per GARP participant basis Permissible values are 10 to 100 centiseconds 0 1 to 1 0 seconds The factory default is 20 centiseconds 0 2 seconds The finest granularity of specification is 1 c
201. gure This command enables the user to enter the Global Config mode from the Privileged Exec mode 106 System Configuration Commands Syntax Command Modes Usage Information Example Related Commands enable Syntax Defaults Mode Usage Information Example enable configure Privileged Exec Users executing this command enter the Global Config mode which provides access to many commands within that mode Also this mode is a gateway to all other more protocol specific modes except the VLAN mode For details on modes see Chapter 3 Using the Command Line Interface on page 39 S50 configure S50 Config Figure 19 configure Command Example enable The enable command accesses the Privileged Exec mode This command accesses the Privileged Exec mode from the User Exec mode If the enable password is set you must enter the password to gain access to the Privileged Exec mode Note In a stack only the management unit stack manager provides access to CLI commands Other member units display the prompt Unit unit number enable none User Exec Users who execute this command enter the Privileged Exec mode gaining access to the commands available in this mode as well as being able to directly access the Global Config mode and the VLAN mode After accessing the Global Config mode users can access all modes to which the Global Config mode provides a gateway To protect against
202. hat context SFTOS Command Reference for the S2410 Version 2 4 1 0 249 deleteport interface config Syntax Mode Command History Related Commands In Ethernet Range mode Interface Range mode for the selected range of physical ports this command adds the selected ports to the designated LAG addport unit slot port Specify the LAG ID in its logical slot port format e g 1 4 Interface Config Interface Range specifically Ethernet Range which is indicated by the conf if range et interfaces prompt such as conf if range et 1 0 10 1 0 11 Version 2 3 Added Interface Range mode interface range Defines an interface range and accesses the Interface Range mode deleteport interface config Deletes the selected port from the designated LAG or in Interface Range mode the selected range of ports Display the configured LAG names and their IDs The interface number is specified in logical slot port format which displays one 1 as the slot number the port number is a sequential integer based on existing LAG numbers when the new LAG is created Before adding ports to the newly defined LAG use this command to determine the logical ID that identifies the LAG to use when associating a port with it show port channel deleteport interface config Syntax Mode Command History Related Commands 250 This command deletes the selected port from the LAG port channel or in
203. hat the user s ID and password will be authenticated using a RADIUS server e The tacacs keyword indicates that the user s ID and password will be authenticated using a TACACS server The reject keyword indicates the user is never authenticated SFTOS Command Reference for the S2410 Version 2 4 1 0 169 clear dot1x statistics The no version of this command deletes the specified authentication login list The attempt to delete fails if any of the following conditions are true e The login list name is invalid or does not match an existing authentication login list e The specified authentication login list is assigned to any user or to the non configured user for any component The login list is the default login list included with the default configuration and was not created using authentication login The default login list cannot be deleted Mode Global Config Related radius server host Configure the RADIUS authentication and accounting server Commands tacacs server host Specify a TACACS server host show authentication clear dot1x statistics This command resets the 802 1x statistics for the specified port or for all ports Syntax clear dot1x statistics unit slot port all Mode Privileged Exec clear radius statistics This command is used to clear all RADIUS statistics Syntax clear radius statistics Mode Privileged Exec dot1x defaultlogin This command assigns the authentication lo
204. he Privileged Exec mode The Privileged Exec mode requires password authentication In Privileged Exec mode you can issue any User Exec mode command or enter the Global Config mode Command Prompt hostname Global Config Mode This mode permits you to make general modifications to the running configuration From the Global Configuration mode you can enter all of the configuration specific modes listed below Command Prompt hostname Config it From the Global Config mode you may enter the following configuration modes Interface Config Mode Many features are enabled for a particular interface The Interface commands enable or modify the operation of an interface Using the Command Line Interface In this mode a physical port is set up for a specific logical connection operation The Interface Config mode provides access to the router interface configuration commands Command Prompt hostname Interface The resulting prompt sequence for the interface configuration command entered in the Global Configuration mode is shown here hostname Config interface 1 hostname Interface 1 DHCP Pool Config Mode Use the ip dhcp pool pool name command to access the DHCP Pool Config The mode is used for configuring the switch as a DHCP server Line Config Mode Use this mode to configure the console interface You may configure the interface from the directly connected console or the virtual terminal used with Telnet Command Prompt ho
205. he MAC access list specified by name SFTOS Command Reference for the S2410 Version 2 4 1 0 291 mac access group Mac access group This command attaches a specific MAC Access Control List ACL identified by name to an interface in the ingress direction This command when used in Interface Config mode only affects a single interface whereas the Global Config mode setting is applied to all interfaces Syntax mac access group name 1 4294967295 in The no mac access group name command removes the MAC ACL identified by name from the interface in the ingress direction DOISITISIERS name The name must be the name of an existing MAC ACL 1 4294967295 OPTIONAL Enter a sequence number that indicates the order of this ACL relative to other ACLs already assigned to this port channel A lower sequence number indicates higher precedence order If the selected number is already in use for this port channel this ACL replaces the currently attached ACL using that sequence number If you do not specify a number with this command a number that is one greater than the highest sequence number currently in use for this port channel is used for this ACL in The in parameter is required SFTOS supports only the ingress direction Modes Global Config Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Command History Version 2 3 Adde
206. he interface table entry associated with this port In the S2410 If Index values are Headings Explanation Physical ports 1 through 24 24 ports Ethernet Management port labelled 70 25 100 Ethernet also called service port LAGs port channels 26 to 37 12 possible LAGs Status The status of this entry The meanings of the values are SFTOS Command Reference for the S2410 Version 2 4 1 0 79 show msglog show msglog 80 Example 2 Example 3 Related Commands Command History Related Commands Static The value of the corresponding instance was added by the system or a user when a static MAC filter was defined It cannot be relearned Learned The value of the corresponding instance was learned by observing the source MAC addresses of incoming traffic and is currently in use Management The value of the corresponding instance system MAC address is also the value of an existing instance of dot1dStaticAddress It is identified with interface 0 1 and is currently used when enabling VLANs for routing GMRP Learned The value of the corresponding was learned via GMRP and applies to Multicast Other The value of the corresponding instance does not fall into one of the other categories Forcel0 show mac addr table count Dynamic Address COUNE ss sss ese eee ee ee ee eee AY E 0 Static Address User defined count lees 0 Total MAC Addresses in use
207. hentication Client MIB F100S MGMT SECURITY MIB F10OS Private MIB for Management Security F100S QOS MIB F10OS Flex QOS Support F100S QOS ACL MIB F100S Flex QOS ACL RFC 3289 DIFFSERV DSCP TC Management Information Base for the Textual Conventions used in DIFFSERV MIB RFC 3289 DIFFSERV MIB Management Information Base for the Differentiated Services Architecture F100S QOS DIFFSERV EXTENSIONS MIB F10OS Flex QOS DiffServ Private MIBs definitions F100S QOS DIFFSERV PRIVATE MIB F10OS Flex QOS DiffServ Private MIBs definitions Co n show hardware Inventory information for the switch show sysinfo Switch information show tech support This command displays the output of the commands show hardware show logging show port all show running config and show version The output for each is separated by a header as exemplified here show version The output fields are displayed in Fields in Output of show version Command on page 84 show hardware Syntax show tech support Mode Privileged Exec 86 System Management Commands Related Commands vian participation management show hardware Inventory information for the switch show logging Trap log maintained by the switch and event log containing error messages from the system show port Port information show runn
208. i d Roin Bia ad E ee dai er quc E 285 Differentiated Services DiffServ Commands 000 00 eee eens 285 Provisioning IEEE S02 1p Commands cesis RE Rabe Shep Ohh se aeaey sees eveses ieee s 285 classolservice OL TUHREDDIUO 1 54 quip is Ed docta webs quede Reb de pov ide dud ER 285 show classofservice dotpmapping 0 ccc hh 286 Wan POTION GN osse ac t ebd qo dore d eR ER Se eR ac obe epar dor aen 286 MANION doe dice eO DEO de ORE HORRORE TTET ol HERONS e Rond lb es 286 Chapter 18 AGL CORIIEINOUR coser U E RSPROGEDRSOREUARENERIRFEROS EBERSERER PME SENSE 287 implemematon NOUIS uadacex exe da REX oy dialer dado 3H ACRAS AURORA o EROR ER 288 UOI TOO au sua d Thee E dedi dera d EEE E ee detras ated qup quit dis un 288 mac access list extended o4 4544550 obi suse ku wx ka x aux e d ESE EEE ES au rds 290 mac access list extended rename 0 ee eee teens 291 mac access OUD ores ssni RARE ADH EME ORORERSAG EERE SAGE ERAS EERE EERRE YESS 292 show mac access ele so cc cid eas cusa RRS ERRORS REG RR E EERE ETERS ORO RR GR ORES 292 Index ee ee eee Teer rr ST Terr Tree errr rrr Terr Ter Tey er rrr Ter eye err Tr 295 Contents Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 23 Figure 24 Figure 25 Figure 26 Figure 27 Figure 28
209. ibanner option downloads the CLI banner text file to the switch Local URLs can be specified using tftp or xmodem The CLI banner is configurable text that you can have displayed when the CLI user logs in to the switch The file SFTOS Command Reference for the S2410 Version 2 4 1 0 141 enable passwd Syntax Parameters Default Mode Example Related Commands cannot be created on the switch Instead create the banner file using a text editor put it on your TFTP server and then download it to the switch copy tftp tftp_server_ip_address filepath nvram clibanner Reversing the sequence of the command parameters uploads the text file from the switch copy nvram clibanner tftp tftp_server_ip_address filepath The no clibanner command removes the CLI banner tftp server ip address Enter the URL of the TFTP server in IP address format XXX XXX XXX XXX filepath Enter the path on the TFTP server and the filename in this format path filename f the file resides in the root directory then you can simply enter the filename The path and filename can be no more than 31 characters each The file size cannot be larger than 2K none Privileged Exec copy tftp 192 168 77 52 banner txt nvram clibanner E jufefoi PUTET TFTP Set TRIP Server LE u amp ei kacRE ME era E OUS y e ORUR CRUS yr 9 RU 9c 192 168 77 52 TRIP Path siaonaonsesce egeo e ae ale ace el ee RC aceragrecenaarecene ace 27 TETP al 9 01 hee n e ere
210. ic unit slot port Mode Privileged Exec The one report field is MAC Address MAC address of the dynamically locked MAC SFTOS Command Reference for the S2410 Version 2 4 1 0 167 show port security static show port security static Syntax Mode This command displays the statically locked MAC addresses for port show port security static unit slot port Privileged Exec The one report field is MAC Address MAC Address of statically locked MAC show port security violation Syntax Mode This command displays the source MAC address of the last packet that was discarded on a locked port show port security violation unit slot port Privileged Exec The one report field is MAC Address MAC Address of discarded packet on locked port Port Based Network Access Control IEEE 802 1X 168 This section contains the following commands authentication login on page 169 clear dot1x statistics on page 170 clear radius statistics on page 170 dot1x defaultlogin on page 170 dot1x initialize on page 171 dot1x login on page 171 dot1x max req on page 171 dot1x port control on page 172 dot1x port control all on page 172 dot1x re authenticate on page 173 dot1x re authentication on page 173 dot1x system auth control on page 174 Security Commands authentication login e dotlx timeout on page 174 e dotlx user on page 175 e show authentication on page 175 e show authentication users on page 176
211. ig if ma prompt within the Global Config mode Version 2 3 Introduced Replaces the network parms command for the IP address and subnet mask components of the management address management route default Sets the IP gateway of the switch interface managementethernet Invokes the Config if ma prompt show interface Displays a summary of statistics for a specific port including the management port or a count of all CPU traffic based upon the argument mac address Syntax Default Mode Command History Related Commands mac type Syntax Configure the MAC address to be used for the management VLAN mac address mac address None Interface ManagementEthernet Version 2 3 Introduced Replaces the network mac address command management route default Sets the IP gateway of the switch interface managementethernet Invokes the Interface ManagementEthernet mode the Config if ma prompt Configure the MAC address to be used for the management VLAN mac type local burnedin SFTOS Command Reference for the S2410 Version 2 4 1 0 59 management route default Default Mode Command History Related Commands None Interface ManagementEthernet Version 2 3 Introduced Replaces the network mac type command interface managementethernet Invokes the Interface ManagementEthernet mode the Config if ma prompt management route default Syntax
212. iguration command has a no form In general use the no form to reverse the action of a command or reset a value to the default For example the no shutdown command reverses the shutdown of an interface Use the command without the keyword no to re enable a disabled feature or to enable a feature that is disabled by default Values ipaddr This parameter is a valid IP address Presently the IP address can be entered in these formats a 32 bits a b 8 24 bits e a b c 8 8 16 bits e a b c d 8 8 8 8 In addition to these formats decimal hexadecimal and octal formats are supported through the following input formats where n is any valid hexadecimal octal or decimal number e Oxn CLI assumes hexadecimal format On CLI assumes octal format with leading zeros n CLI assumes decimal format macaddr The MAC address format is six hexadecimal numbers separated by colons for example 00 06 29 32 81 40 areaid Area IDs may be entered in dotted decimal notation for example 0 0 0 1 An area ID of 0 0 0 0 is reserved for the backbone Area IDs have the same form as IP addresses but are distinct from IP addresses The IP network number of the sub netted network may be used for the area ID routerid The value of router id must be entered in 4 digit dotted decimal notation for example 0 0 0 1 A router ID of 0 0 0 0 is invalid SFTOS Command Reference for the S2410 Version 2 4 1 0 41 unit s
213. ing config Updated configuration maintained by the switch show version Details of the software hardware present on the system vian participation management Syntax Mode Default Command History Related Commands This command assigns the management VLAN of the switch no vlan participation vian_id The value for vlan id is the VLAN that you want to use for the management interface By default VLAN 1 is used Interface ManagementEthernet Uses the Config if ma prompt accessed by interface managementethernet VLAN 1 default management VLAN all enabled ports are on VLAN 1 by default so all ports are capable by default of being management ports Version 2 3 Introduced Replaces the network mgmt vlan command management route default Sets the IP gateway of the switch interface managementethernet Invokes the Interface ManagementEthernet mode the Config if ma prompt show interface Displays a summary of statistics for a specific port including the management port or a count of all CPU traffic based upon the argument Telnet Commands This section describes the following SFTOS Telnet commands e ip telnet maxsessions on page 88 e ip telnet timeout on page 88 e session limit on page 89 e session timeout on page 89 e show telnet on page 90 telnet on page 90 SFTOS Command Reference for the S2410 Version 2 4 1 0 87 ip telnet maxsessions e telnetcon maxsessions on p
214. interface vlan Creates a VLAN assigns it an ID and then enters the Interface VLAN mode interface vian Syntax Default Mode Command History This command creates a new VLAN if the identified VLAN ID does not already exist or else the command selects an existing VLAN Then in either case the command invokes the Interface VLAN mode in which you have access to VLAN configuration commands for the specified VLAN interface vlan vianid The vianid is a valid VLAN identification number ID 1 is reserved for the default VLAN VLAN range is 2 3965 The no version of this command deletes an existing VLAN None Global Config Version 2 3 Introduced Replaces vian database and vlan commands SFTOS Command Reference for the S2410 Version 2 4 1 0 123 makestatic Usage After using this command to access the Interface VLAN mode the prompt for the Interface Information VT AN mode is conf if vl vlan id 4 you can configure the selected VLAN You can also make configuration changes to a VLAN in the Interface Range mode see interface range on page 108 and the Interface Config mode see interface on page 108 For details on modes see Chapter 3 Using the Command Line Interface on page 39 Example force10 config E Forcel0 Config interface vlan 5 Forcel0 Conf if vl 5 4 description Add Description to the interface encapsulation Configure interface link layer encapsulation type exit To exit from
215. iod quiet period tx period supp timeout server timeout reauth period Sets the value in seconds of the timer used by the authenticator state machine on this port to determine when re authentication of the supplicant takes place The reauth period must be a value in the range 1 65535 quiet period Sets the value in seconds of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant The quiet period must be a value in the range 0 65535 Security Commands dot1x user tx period Sets the value in seconds of the timer used by the authenticator state machine on this port to determine when to send an EAPOL EAP Request Identity frame to the supplicant The quiet period must be a value in the range 1 65535 supp timeout Sets the value in seconds of the timer used by the authenticator state machine on this port to timeout the supplicant The supp timeout must be a value in the range 1 65535 server timeout Sets the value in seconds of the timer used by the authenticator state machine on this port to timeout the authentication server The supp timeout must be a value in the range 1 65535 Default reauth period 3600 seconds quiet period 60 seconds tx period 30 seconds supp timeout 30 seconds server timeout 30 seconds Mode Interface Config Interface Range which is indicated by the conf if range interface prompt
216. ion Identifier Name for use in identifying the configuration that this switch is currently using The name is a string of at most 32 characters The no version of this command resets the Configuration Identifier Name to its default no spanning tree configuration name name The base MAC address displayed using hexadecimal notation as specified in IEEE 802 standard Global Config spanning tree configuration revision 266 This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using The Configuration Identifier Revision Level is a number in the range of 0 to 65535 Spanning Tree STP Commands Syntax Default Mode spanning tree edgeport The no version of this command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value in other words 0 spanning tree configuration revision 0 65535 0 Global Config Spanning tree edgeport Syntax Mode Command History Related Commands This command specifies that this port is an edge port portfast within the common and internal spanning tree This will allow this port to transition to forwarding state without delay The no version of this command specifies that this port is not an Edge Port within the common and internal spanning tree no spanning tree edgeport Interface Config Interface Range
217. isabled Global Config show ip dhcp binding Syntax Mode 212 This command displays address bindings for the specific IP address on the DHCP server If no IP address is specified the bindings corresponding to all the addresses are displayed show ip dhcp binding address Privileged Exec and User Exec IP address The IP address of the client Hardware Address The MAC Address or the client identifier Lease expiration The lease expiration time of the IP Address assigned to the client Type The manner in which IP Address was assigned to the client DHCP Server Commands show ip dhcp global configuration show ip dhcp global configuration This command displays address bindings for the specific IP address on the DHCP server If no IP address is specified the bindings corresponding to all the addresses are displayed Syntax show ip dhcp global configuration Mode Privileged Exec and User Exec Service DHCP The field to display the status of dhcp protocol Number of Ping Packets The maximum number of Ping Packets that will be sent to verify that an ip address id not already assigned Excluded Address The ranges of IP addresses that a DHCP server should not assign to DHCP clients show ip dhcp pool configuration This command displays pool configuration If all is specified configuration for all the pools is displayed Syntax show ip dhcp pool configuration name all Mode Privileged Exec and User Exec
218. isabling 228 229 join time 225 leave time 226 gvrp adminmode enable 228 GVRP command 225 gvrp interfacemode enable 228 H hardware installation guide 23 hardware address 207 h node hybrid 211 host 207 hostname 57 hostname setting 57 How to Use This Document 22 296 Index HTML 51 HTTP 51 l IEEE 802 1Q 133 134 IflIndex 79 igmp enable 236 igmp enable interface 236 igmp fast leave interface 237 igmp groupmembership interval 237 igmp igmp maxresponse interface 243 igmp interfacemode enable all 238 igmp maxresponse 239 igmp mcrtexpiretime 239 igmp mrouter 240 igmp mrouter interface enable 240 IGMP Snooping 4 in band connectivity 52 ingress filtering 133 134 Installing the 2410 System 23 interface 108 interface access Interface Config mode 108 interface command 47 49 Interface Config Mode 48 Interface Config mode 47 interface managementethernet 36 58 interface range 108 Interface Range mode command addport 250 classofservice dot1p mapping 276 classofservice dot1pmapping 285 classofservice trust 277 deleteport 250 dot1x max req 172 dot1x port control 172 dot1x re authentication 173 dotix timeout 175 dvlan tunnel ethertype 221 igmp groupmembership interval 238 igmp maxresponse 239 igmp mcrtexpiretime 239 igmp mrouter 240 ip rip send version 137 mac access group 292 no port security max dynamic 165 port lacpmode 254 port security 164 port security mac address 166 port security mac addre
219. istered or burnedin MAC address vlan Configure the Management VLAN ID of the switch protocol Select DHCP BootP or None as the network config protocol ip address management Configures the IP address of the management interface mac address Configure the MAC address of the management interface mac type Configure the MAC type of the management interface management route default Set the IP gateway of the switch protocol Set the network protocol of the management interface show interface Display a summary of statistics for a specific port including the management port or a count of all CPU traffic based upon the argument ip http server enable Enable access to the switch through the Web User Interface Web Ul of SFTOS vlan participation management Set the VLAN ID of the management interface ip address management Syntax 58 This command configures the IP address of the management interface ip address ipaddr subnetmask System Management Commands Mode Command History Related Commands mac address The value for ipaddr is the IP Address of the management interface This is the IP address that you would enter in your Web browser to access the SFTOS Web User Interface The value for subnetmask is a 4 digit dotted decimal number which represents the subnet mask of the interface Enter no ip address to remove the IP Address and subnet mask Conf
220. k Trunking MLT 249 N name VLAN 125 NetBIOS mapping 210 NetBIOS node type 210 netbios name server 210 netbios node type 210 network 210 network configuration commands 88 Network Connectivity Configuration panel 53 network mac address 62 network mac type 62 network mgmt vlan 126 network mgmt_vlan See vlan participation network parms 62 network protocol 62 next server 211 NIC bonding 249 NIC teaming 249 no monitor 113 no monitor session 1 114 no spanning tree mst 270 Node Manager 21 number of LAGs 4 O objectives 21 option 211 P participation VLAN 126 passwords changing user 159 resetting all 142 157 298 Index setting user 34 159 user 159 patents 23 PDUs 225 227 ping 144 p node peer to peer 210 Policy Class Mode 49 policy map command 49 Policy Map Mode 49 port for TACACS 190 port channel 249 Port Channel mode 47 Port Channel Range 109 252 257 Port ID format 3 port lacpmode 253 port lacpmode enable all 254 port lacpmode enable all command 4 port lacpmode enable command 4 port lacpmode lacptimeout global 254 port lacpmode lacptimeout interface 255 port mirroring 112 116 port mode spanning tree 273 port monitoring 116 port teaming 249 port trunking 249 port based security 288 port channel 251 port channel adminmode global 251 port channel adminmode interface 252 port channel enable interface 252 port channel enable all global 251 port channel linktrap 2
221. lags linktrap 252 config lags name 253 config loginsession 158 config port admin mode 119 257 config port linktrap 103 config switchconfig broadcast 200 config switchconfig flowcontrol 200 config users add 34 159 config users passwd 34 159 config vlan add 108 config vlan delete 108 123 config vlan garp gvarp 228 config vlan garp jointime 225 config vlan garp leavealltime 227 config vlan garp leavetime 226 config vlan interface acceptframe 133 134 config vlan makestatic 124 config vlan name 125 config vlan participation 133 134 config vlan ports gvrp 228 229 config vlan ports ingressfilter 133 134 config vlan ports pvid 134 137 config vlan ports tagging 131 132 135 137 Config Interface Vlan mode 50 config users delete 159 config users passwd 159 SFTOS Command Reference for the S2410 Version 2 4 1 0 295 config vlan ports ingressfilter 134 135 configuration guide 23 configuration reset 138 Configuration Scripting 146 configure 106 configure command 47 configuring a range 108 Contact and Patents Information 23 control characters 43 copy 37 38 139 copy clibanner 141 copy system 34 Copyright 2 CoS Queue Prioritization 276 cos queue max bandwidth 277 cos queue min bandwidth 278 cos queue random detect 278 cos queue strict 279 Ctrl characters 43 CX4 cable configuration 3 CX4 pre emphasis commands 3 D Default Gateway 37 Delete 43 deleteport global config 251 deleteport interface config
222. le you to upload or download files to or from the switch Local URLs can be specified using TFTP or Xmodem The following files can be specified as the source file for uploading from the switch SFTOS Command Reference for the S2410 Version 2 4 1 0 139 copy 140 e Event log also called the error log or the persistent log nvram errorlog e Buffered message log also called the System log nvram log startup configuration nvram startup config traplog nvram traplog e See also copy clibanner Specify a URL for the destination in this form copy nvram clibanner tftp tftp server ip address path filename copy nvram errorlog tftp tftp server ip address path filename copy nvram log tftp tftp server ip address path filename copy nvram traplog tftp tftp server ip address path filename copy nvram script scriptname tftp tftp server ip address path filename copy nvram startup config tftp tftp server ip address path filename The copy command can also be used to download the following files HTTP secure server certificates sslpem root sslpem server sslpem dhweak or sslpem dhstrong SSH key files sshkey rsa sshkey rsa2 or sshkey dsa e SFTOS system software system image e startup configuration startup config Download the startup configuration or code image by specifying the TFTP source as a URL and the destination as either nvram startup config or system image respectively The co
223. limitations Default filtering behavior is not supported Static entries are not coordinated gmrp adminmode This command enables GARP Multicast Registration Protocol GMRP on the system The default value is disable Syntax gmrp adminmode enable SFTOS Command Reference for the S2410 Version 2 4 1 0 231 set gmrp adminmode Use no gmrp adminmode enable to disable GARP Multicast Registration Protocol GMRP on the system Mode Global Config Command History Version 2 3 Changed from set gmrp adminmode Modified syntax and moved to Global Config mode from Privileged Exec mode set gmrp adminmode Command History Version 2 3 Changed to gmrp adminmode gmrp interfacemode enable all This command enables GARP Multicast Registration Protocol on all interfaces If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port channel LAG GARP functionality will be disabled on that interface GARP functionality will subsequently be re enabled if routing is disabled and port channel LAG membership is removed from an interface that has GARP enabled Syntax gmrp interfacemode enable all Use no gmrp interfacemode enable all to disable GARP Multicast Registration Protocol on all interfaces Default disabled Mode Global Config Command History Version 2 3 Changed from set gmrp interfacemode all revised syntax 232 GARP GVRP and GMRP Commands set g
224. ll be set based on Link Speed If the external cost token is specified this command sets the external path cost for MST instance 0 in other words CIST instance The external pathcost can be specified as a number in the range of 1 to 200000000 or auto If auto is specified the external pathcost value will be set based on Link Speed If the port priority token is specified this command sets the priority for this port within a specific multiple spanning tree instance or the common and internal spanning tree instance depending on the mstid parameter The port priority value is a number in the range of 0 to 240 in increments of 16 spanning tree mst mstid cost 1 200000000 auto port priority 0 240 no spanning tree mst cost auto external cost auto port priorty 128 Interface Config interface Identifies an interface and enters the Interface Config mode interface range Defines an interface range and accesses the Interface Range mode no spanning tree mst 270 This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in the common and internal spanning tree to the respective default values If the mstid parameter corresponds to an existing multiple spanning tree instance then the configurations are done for that multiple spanning tree instance If however 0 defined as the default CIST ID is passed as the mstid then the configurations are performed for the
225. ll to set how frequently Leave All PDUs are generated per port to 1000 centiseconds 10 seconds Note This command has an effect only when GVRP is enabled 1000 Interface Config Interface Range which is indicated by the conf if range interface ft prompt such as conf if range vlan 10 20 Version 2 3 Interface Range mode added interface range Defines an interface range and accesses the Interface Range mode This command displays Generic Attributes Registration Protocol GARP information show garp Privileged Exec and User Exec GMRP Admin Mode This displays the administrative mode of GARP Multicast Registration Protocol GMRP for the system GVRP Admin Mode This displays the administrative mode of GARP VLAN Registration Protocol GVRP for the system SFTOS Command Reference for the S2410 Version 2 4 1 0 227 gvrp adminmode enable GARP VLAN Registration Protocol GVRP Commands This section provides a detailed explanation of the GVRP commands e gvrp adminmode enable on page 228 e gvrp interfacemode enable on page 228 e gvrp interfacemode enable all on page 229 e set gvrp adminmode on page 229 e set gvrp interfacemode on page 229 e set gvrp interfacemode all on page 229 e show gvrp configuration on page 229 gvrp adminmode enable Syntax Default Mode Command History This command enables GVRP globally gvrp adminmode enable Use no gvrp adminmode enable to disable GVRP
226. log host Severity The minimum severity to log to the specified address Port Server Port Number This is the port on the local host from which syslog messages are sent Status The state of logging to configured syslog hosts If the status is Active logging occurs if Disable no logging occurs show logging traplogs 156 Syntax Mode Command History This command displays the SNMP trap summary number of traps since last reset and last view and trap details show logging traplogs Privileged Exec Version 2 3 Modified Replaces the show msglog command with the use of the keyword traplogs displaying the message log maintained by the switch including system trace information Fields in the report include Number of Traps since last reset The number of traps that have occurred since the last reset of this device Number of Traps since log last displayed The number of traps that have occurred since the traps were last displayed Getting the traps by any method terminal interface display Web display upload file from Switch etc will result in this counter being cleared to O Log The sequence number of this trap System Up Time The relative time since the last reboot of the switch at which this trap occurred Trap The relevant information of this trap The log messages appear after the summary statistics The table consists of three columns Log sequential number System Up Time and Trap
227. lot port Valid slot and port number separated by forward slashes For example 0 1 represents slot number 0 and port number 1 logical unit slot port Logical unit slot and port number This is applicable in the case of a link aggregation group LAG also called a port channel The operator can use the logical unit slot port to configure the LAG character strings Use double quotation marks to identify character strings for example System Name with Spaces An empty string is not valid Addresses Network addresses are used to define a link to a remote host workstation or network Network addresses are shown using the following syntax Table 2 Network Address Syntax Address Type Format Range ipaddr 192 165 11 110 0 0 0 0 to 255 255 255 255 decimal macaddr A7 C9 89 DD A9 B3 hexadecimal digit pairs Double quotation marks such as System Name with Spaces set off user defined strings If the operator wishes to use spaces as part of a name parameter then it must be enclosed in double quotation marks Empty strings are not valid user defined strings Command completion finishes spelling the command when enough letters of a command are entered to uniquely identify the command word The command may be executed by pressing ENTER command abbreviation or the command word may be completed by pressing the Tab key or Spacebar command completion The value Err designates that the requested value
228. ly Administered address The factory default is to use the burned in MAC address Management VLAN ID Specifies the management VLAN ID Network Configuration Protocol Current Indicates which network protocol is being used The options are bootp dhcp none Web Mode Enable or Disable SFTOS Command Reference for the S2410 Version 2 4 1 0 75 show interface switchport Related Commands ip address management Configures the IP address of the management VLAN show interface Displays detailed statistics for a specific port or for all CPU traffic based upon the argument show interface switchport Displays a summary of statistics on Layer 2 interfaces show interface ethernet Displays detailed statistics for a specific ethernet port or for all CPU traffic based upon the argument show serviceport Displays the configuration of the Ethernet Management port show interface switchport Syntax Mode Usage Information 76 This command displays a summary of statistics on Layer 2 interfaces show interface switchport Privileged Exec The display parameters of show interface when the argument is switchport are as follows Table 10 Fields in Output of show interface switchport Command Field Description Packets Received Without Error The total number of packets including broadcast packets and multicast packets received by the processor Broadca
229. mand Reference for the S2410 Version 2 4 1 0 161 users snmpv3 encryption 162 User Account Commands Security Commands This chapter provides a detailed explanation of the security commands available in the SFTOS software presented in the following sections Port Security Commands Port Based Network Access Control IEEE 802 1X on page 168 RADIUS Commands on page 180 TACACS Commands on page 187 Secure Shell SSH Commands on page 192 Hypertext Transfer Protocol HTTP Commands on page 195 Broadcast Storm Control Commands on page 199 Note Related chapters include e User Account Commands on page 157 e ACL Commands on page 287 Port Security Commands This section contains the following commands port security on page 164 port security max dynamic on page 164 port security max static on page 165 port security mac address on page 165 port security mac address move on page 166 show port security on page 166 show port security on page 166 show port security dynamic on page 167 show port security static on page 168 show port security violation on page 168 SFTOS Command Reference for the S2410 Version 2 4 1 0 163 port security Implementation Notes port security If port security is enabled on a port and then an ACL is applied to the port the ACL is given precedence and port security is ignored For example if port security is applied and then an ACL with a permit rule for a particular source a
230. mand creates a text based startup config file gt tftp_server_ip_address Enter the URL of the TFTP server in IPv4 address format XXXXXX XXX XXX path filename Enter the path on the TFTP server and the filename If the file resides in the root directory then you can simply enter the filename The path and filename can be no more than 31 characters each The file size cannot be larger than 2K None Privileged Exec Version 2 3 Modified Modified functionality of Copy system running config nvram startup config and copy tftp tftp server ip address path filename nvram startup config copy clibanner Downloads the CLI banner text file to the switch write Saves the running configuration to NVRAM duplicating the functionality of copy system running config nvram startup config Force10 S50 copy nvram errorlog tftp 10 10 10 10 errorLog b MS x PCT TEL TFTP Set TRIP Server LlE amp cassxokm RE tanir ec 9 Sow n eR pr rwr s 10 10 10 10 TETE BSbDSse45s5390591 591 599595995 GU P OC RR RU ene ae TETP FILENAMES oases oe as ER RR we we we eee eR EE EEE errorLog Dato LYS srra AEA E PUE eee eusyere artes wary Error Log Management access will be blocked for the duration of the transfer Are you sure you want to start y n y File transfer operation completed successfully X F Figure 35 Using the copy command to Upload the Event Log copy clibanner This version of the copy command with the cl
231. mands The prompt sequence is hostname Config mac access list extended name hostname Config mac access list SFTOS Command Reference for the S2410 Version 2 4 1 0 49 TACACS Config Mode Use this mode to configure the connection parameters to a TACACS user authentication server VLAN Mode formally called the Interface Vlan Config mode or more simply the Interface Vlan mode This mode groups all the commands pertaining to VLANs Command Prompt hostname conf if vl vlan id Note Before Release 2 3 the VLAN mode was accessed from the Privileged Exec gt mode With Release 2 3 the mode is accessed from the Global Config mode by entering the command interface vlan vlanid Flow of CLI Operation 50 1 You log into the CLI session and enter the User Exec mode In the User Exec mode the hostname gt prompt is displayed on the screen The parsing process is initiated whenever you type a command and press ENTER The command tree is searched for the command of interest If the com mand is not found the output message indicates where the offending entry begins For instance the Privileged Exec mode has the command show arp brief If you 6699 attempt to execute the command but you enter an extra p in arpp then the 6699 output message displays the marker under the extra p followed by 2 21nvalid input detected at marker Another typical case when an error message
232. me Name used to identify the switch System Location Text used to identify the location of the switch May be up to 31 alpha numeric characters The factory default is blank System Contact Text used to identify a contact person for this switch May be up to 31 alpha numeric characters The factory default is blank System ObjectlD The base object ID for the switch s enterprise MIB System Up Time The time in days hours and minutes since the last switch reboot MIBs Supported A list of MIBs supported by this agent show version This command displays version details of the software hardware present on the system which would be used for trouble shooting This command provides the details shown with the show hardware and show sysinfo commands along with Interface information the u boot version number and the system image file version Syntax show version Mode Privileged Exec Table 13 Fields in Output of show version Command Headings Explanation Switch Description Text used to identify the product name of this switch Vendor ID Number used to identify the manufacturer of the device Plant ID Country Code Date Code Month and year of manufacture of the device Serial Number Part Number The unique box serial number for this switch Manufacturing part number Revision Catalog Number 84 System Management Commands sh
233. ment IP Address on page 35 2 Enable HTTP Web access to the switch with either the ip http server enable command or ip http secure server enable for details see Hypertext Transfer Protocol HTTP Commands on page 195 Web Page Layout An SFTOS Web UI panel consists of three frames Frame 1 across the top displays a banner graphic of the switch Frame 2 at the bottom left displays a hierarchical tree view The tree consists of a combination of folders subfolders and configuration and status HTML pages You can think of the folders and subfolders as branches and the configuration and status HTML pages as leafs Only the selection of a leaf not a folder or subfolder will cause Frame 2 to display a new HTML page A folder or subfolder has no corresponding Frame 3 HTML page Frame 3 the bottom right frame displays the currently selected panel displaying either the device configuration status or the user configurable information that you have selected from the tree view of Frame 2 or both You can resize each of these frames There are no fixed sized frames Also if you enable the Java functionality the frame displays the navigable switch graphic shown in Figure 6 on page 53 Starting the Web User Interface 52 Note You must configure the IP address of the switch before using the Web interface Follow these steps to bring up the switch Web UI 1 Enter the IP address of the switch in the Web browser address field
234. ments are available on the Documents tab of iSupport the Force10 Networks support website http www force 1Onetworks com support SFTOS Command Reference for the S2410 Version 2 4 1 SFTOS Configuration Guide for the 2410 Version 2 4 1 S Series and SFTOS Release Notes S2410 Quick Reference also included as a printed booklet with the system Installing the 52410 System MIBs files S Series Tech Tips and FAQ Except for the Tech Tips and FAQ documents all of the documents listed above are also on the 2410 CD ROM Training slides are also on the CD ROM Currently access to user documentation on iSupport is available without a customer account However in the future if you need to request an account for access you can do so through that website Products and Services Liability References in this publication to Force10 products programs or services do not imply that Force10 intends to make these available in all countries in which Force10 operates Any reference to a Force10 product program or service is not intended to state or imply that only Force10 s product program or service may be used Any functionally equivalent product program or service that does not infringe on any of Force10 s intellectual property rights may be used instead of the Force10 product program or service Evaluation and verification of operation in conjunction with other products except those expressly designated by Force10 are the user s respo
235. meric characters Syntax snmp server sysname name location loc contact con Default None Mode Global Config snmp server community This command adds and names a new SNMP community A community name is a name associated with the switch and with a set of SNMP managers that manage it with a specified privileged level The length of name can be up to 16 case sensitive characters Note Community names in the SNMP community table must be unique When making gt multiple entries using the same community name the first entry is kept and processed and all duplicate entries are ignored Syntax snmp server community name Default None Mode Global Config no snmp server community Syntax Mode This command removes the specified community name from the SNMP community table no snmp server community name Global Config SFTOS Command Reference for the S2410 Version 2 4 1 0 97 snmp server community ipaddr snmp server community ipaddr Syntax Default Mode This command sets a client IP address for an SNMP community The address is the associated community SNMP packet sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients may use that community to access the device A value of 0 0 0 0 allows access from any IP address Otherwise this value is ANDed with the mask to determine the range of allowed client IP addresses The name is the applicable community
236. mmand can also be used to the save the running configuration to NVRAM by specifying the source as system running config and the destination as nvram startup config The following commands download to the switch source specified first copy tftp tftp server ip address path filename nvram clibanner copy tftp tftp server ip address path filename nvram script copy tftp tftp server ip address path filename nvram sslpem root copy tftp tftp server ip address path filename nvram sslpem server copy tftp tftp server ip address path filename nvram sslpem dhweak copy tftp tftp server ip address path filename nvram sslpem dhstrong copy tftp tftp server ip address path filename nvram sshkey rsal copy tftp tftp server ip address path filename nvram sshkey rsa2 copy tftp tftp server ip address path filename nvram sshkey dsa copy tftp tftp server ip address path filename nvram startup config copy tftp tftp server ip address path filename system image Note You can use the command copy tftp tftp server ip address path filename nvram startup config to copy either a binary file or a text file to the startup config file The result is a text file System Configuration Commands Parameters Default Mode Command History Related Commands Example copy clibanner The following command copies from the switch system memory to flash memory copy system running config nvram startup config Note This com
237. mmand enables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port no snmp server enable trap violation The no version of this command disables the sending of new violation traps Disabled Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Added Interface Range mode interface range Defines an interface range and accesses the Interface Range mode interface Identifies an interface and enters the Interface Config mode snmp server traps enable Syntax Default Mode This command enables the Authentication traps no snmp server traps enable The no version of this command disables the Authentication traps enabled Global Config SFTOS Command Reference for the S2410 Version 2 4 1 0 101 snmptrap Command History snmptrap Syntax Mode Version 2 3 Corrected from snmp server enable traps This command adds an SNMP trap receiver name and trap receiver IP address The maximum name length is 16 case sensitive alphanumeric characters no snmptrap name ipaddr The no version of this command deletes the specified trap receiver from the community Global Config snmptrap ipaddr Syntax Mode This command assigns an IP address to a specified community name The maximum name length is 16 case sensitive alphanumeric characters
238. mmand sets the GVRP leave time per port Leave time is the time to wait after receiving an unregister request for a VLAN or a multicast group before deleting the VLAN entry This can be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service time is 20 to 600 centiseconds The value 60 centiseconds is 0 6 seconds set garp timer leave 20 600 Use no set garp timer leave to set the GVRP leave time per port to 60 centiseconds 0 6 seconds 60 Note This command has an effect only when GVRP is enabled Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Interface Range mode added interface range Defines an interface range and accesses the Interface Range mode GARP GVRP and GMRP Commands set garp timer leaveall set garp timer leaveall Syntax Default Mode Command History Related Commands show garp Syntax Mode This command sets how frequently Leave All PDUs are generated per port A Leave All PDU indicates that all registrations will be unregistered Participants would need to rejoin in order to maintain registration The value applies per port and per GARP participation The time may range from 200 to 6000 centiseconds The value 1000 centiseconds is 10 seconds set garp timer leaveall 200 6000 Use no set garp timer leavea
239. mmary information for all configured VLANs show port Displays port information for a selected port or for all ports tagged Sets tagging to enabled for a specified interface in the selected VLAN Version 2 3 Modified Replaced by interface vlan System Configuration Commands vlan acceptframe vlan acceptframe This command sets the frame acceptance mode per interface Mode Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Command History Version 2 3 Deprecated Related tagged Adds the designated interface to the selected VLAN as a tagged interface Commands untagged Adds the designated interface to the selected VLAN as an untagged interface vlan database Command History Version 2 3 Modified Replaced by interface vlan vlan ingressfilter This command enables ingress filtering If ingress filtering is disabled frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN Command 2 History Version 2 3 Deprecated Related tagged Adds the designated interface to the selected VLAN as a tagged interface Commands untagged Adds the designated interface to the selected VLAN as an untagged interface vlan participation interface This command configures the degree of participation for a specific interface in
240. mrouter interface enable igmp mrouter interface enable Enables IGMP Snooping on a selected interface igmp enable global Enables IGMP Snooping set igmp interfacemode all Command History 242 Version 2 3 Changed to igmp interfacemode enable all IGMP Snooping Commands set igmp maxresponse global Rel 3 z Ode igmp interfacemode enable all Sets the IGMP Group Membership Interval time on a particular interface igmp enable interface Enables IGMP Snooping on a selected interface set igmp maxresponse global This command sets the IGMP maximum response time on the system Syntax no set igmp maxresponse 3599 The variable is the amount of time in seconds that a switch will wait after sending a query on an interface because it did not receive a report for a particular group in that interface This value must be less than the IGMP Query Interval time value The range is 1 to 3599 seconds The no set igmp maxresponse command sets the IGMP Maximum Response time on the system to 10 seconds Default 10 Mode Global Config Related Commands igmp enable interface Enables IGMP Snooping on a selected interface show igmpsnooping Displays IGMP Snooping status information set igmp maxresponse interface Command History Version 2 3 Revised to Igmp maxresponse nelle igmp maxresponse Sets the IGMP Maximum Response time on a particular interface Commands gmp p
241. mrp interfacemode set gmrp interfacemode Default Syntax Mode This command enables GARP Multicast Registration Protocol on a selected interface If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port channel LAG GARP functionality will be disabled on that interface GARP functionality will subsequently be re enabled if routing is disabled and port channel LAG membership is removed from an interface that has GARP enabled disabled set gmrp interfacemode Use no set gmrp interfacemode to disable GARP Multicast Registration Protocol on a selected interface If an interface that has GARP enabled is enabled for routing or is enlisted as a member of a port channel LAG GARP functionality will be disabled on that interface GARP functionality will subsequently be re enabled if routing is disabled and port channel LAG membership is removed from an interface that has GARP enabled Interface Config set gmrp interfacemode all Command History Version 2 3 Changed to gmrp interfacemode all show gmrp configuration Syntax Mode This command displays Generic Attributes Registration Protocol GARP information for one or all interfaces show gmrp configuration unit slot port allj Privileged Exec and User Exec Interface This displays the unit slot port of the interface that is described in this row of the table Join Timer Specifies the interval between the transmis
242. n 2 4 uses the command because you can learn more about the context of its use Regarding RFCs and MIBs management information base files supported on the S2410 switch syntax statements in this guide and related instructions in the SFTOS Configuration Guide cite the relevant RFCs Also an appendix in that guide contains a list of the RFCs and MIBs This guide is structured in this sequence e New Features on page 3 is a quick way to access new and changed commands e Chapter 1 SFTOS Overview briefly introduces the S Series hardware and SFTOS software e Chapter 2 Quick Start is an introduction to how to start and configure the 2410 using SFTOS software e Information on how this guide presents the CLI modes syntax conventions and terminology is in Chapter 3 Using the Command Line Interface on page 39 e The SFTOS Web User Interface Web UI is introduced in Chapter 4 Using the Web User Interface e The CLI command syntax statements begin in Chapter 5 System Management Commands Chapters 6 through 11 describe commands that manage the system while the later chapters describe commands specific to particular networking protocols Beginning with Version 2 3 the CLI syntax statements that are new or changed include a Command History table About This Guide Related Documents and Sources of Additional Information The following documents provide information on using the 52410 switch and SFTOS 2 4 software All of the docu
243. n of the HTTP commands The commands are divided into the following groups e Configuration commands are used to configure features and options of the switch For every configuration command there is a show command that will display the configuration setting e Show commands are used to display switch settings statistics and other information SFTOS Command Reference for the S2410 Version 2 4 1 0 195 ip http javamode enable ip http javamode enable Syntax Default Mode Command History Enable Java mode for the Web interface to SFTOS ip http javamode enable Use no ip http javamode enable to disable Java mode disabled Global Config Version 2 3 Modified Moved from Privileged Exec mode to Global Config mode ip http secure port Syntax Default Mode Command History This command is used to set the SSLT port ip http secure port portid The no ip http secure port command resets the SSLT port to the default value The portid value can be from 1 to 65535 443 Global Config Version 2 3 Modified Moved from Privileged Exec mode to Global Config mode ip http secure protocol Syntax Default Mode Command History 196 This command is used to set protocol levels versions The protocol level can be set to TLS1 SSL3 or to both TLS1 and SSL3 ip http secure protocol SSL3 TLS1 SSL3 and TLSI Global Config Version 2 3 Modified Moved from Privileged Exec mode to Glob
244. nable 10G Full Down Enable Enable Disable 0 16 PC Mbr Enable 10G Full 10G Ful Up Enable Enable Disable 0 17 PC Mbor Enable 10G Full 10G Ful Up Enable Enable Disable 0 18 PC Mbr Enable 10G Full 0G Ful Up Enable Enable Disable 0 19 PC Mbr Enable 10G Full 10G Ful Up Enable Enable Disable 0 20 PC Mbr Enable 10G Full 10G Ful Up Enable Enable Disable 0 21 PC Mbr Enable 10G Full 10G Ful Up Enable Enable Disable 0 22 PC Mbr Enable 10G Full 10G Ful Up Enable Enable Disable 0 23 PC Mbr Enable 10G Full 0G Ful Up Enable Enable Disable 0 24 Disable 10G Fu Down Enable Enable Disable AI Enable Up Enable N A Enable 1 2 Enable Up Enable N A Enable Forcel0 S2410 Figure 28 show port all Command Output Example Interface Valid unit slot and port number separated by forward slashes This field only displays in the show port all report Note Port IDs 1 1 and 1 2 in Figure 28 are LAGs Type lf not blank this field indicates that this port is a special type of port The possible values are Mon Indicates a monitoring port Look at the Port Monitoring screens to find out more information PC Mbr Indicates a member of a LAG port channel Probe Indicates a probe port Admin Mode The port administration state The port must be enabled in order for it to be allowed into the network It is either enabled or disabled The default is enabled Physical Mode The desired port speed and duplex mode In the S2410 all ports are set to auto negotiate
245. nge Count Number of times the topology has changed for this multiple spanning tree instance Topology Change in Progress Value of the Topology Change parameter for the multiple spanning tree instance Designated Root ldentifier of the Regional Root for this multiple spanning tree instance Root Path Cost Path Cost to the Designated Root for this multiple spanning tree instance Root Port Identifier Port to access the Designated Root for this multiple spanning tree instance Associated FIDs List of forwarding database identifiers associated with this instance Associated VLANs List of VLAN IDs associated with this instance show spanning tree mst port detailed 262 Syntax This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance The instance mstid is a number that corresponds to the desired existing multiple spanning tree instance The unit slot port is the desired switch port show spanning tree mst port detailed mstid unit slot port Spanning Tree STP Commands show spanning tree mst port detailed Mode Privileged Exec and User Exec MST Instance ID The ID of the MST instance Port Identifier The port identifier for the specified port within the spanning tree Port Priority The priority for a particular port within the selected MST instance Port Forwarding State Current spanning tree state of this port Port Role Each MS
246. nicast packets delivered to a higher layer protocol Multicast Packets Received The total number of packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include multicast packets Receive Packets Discarded The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol A possible reason for discarding a packet could be to free up buffer space Octets Transmitted The total number of octets transmitted out of the interface including framing characters Packets Transmitted without Errors The total number of packets transmitted out of the interface Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a Multicast address including those that were discarded or not sent 68 System Management Commands show interface ethernet Table 7 Fields in Output of show interface ethernet switchport Command continued Field
247. nk SOBDUSa 4 a REA REOR ERROREM EN A C GO XR RR OR E Up Figure 17 show serviceport Command Output Table 11 Fields in Output of show serviceport command Field Description IP Address The IP address of the Ethernet Management port The default value is 0 0 0 0 Subnet Mask The IP subnet mask for the Ethernet Management port The default value is 0 0 0 0 Default Gateway The default gateway for the Ethernet Management port The default value is 0 0 0 0 ServPort Configured Protocol Indicates if the IP configuration of the Ethernet Management Current port should be manually entered or if it should be configured through DHCP or Bootp The default value is none manually configured Burned In MAC Address The MAC address of the Ethernet Management port Link Status Ethernet Management port link up or down Related i Commands serviceport ip Configures the IP configuration of the Ethernet Management port serviceport protocol Set the network configuration protocol to be used for configuring access to the Ethernet Management port show interface Displays the configuration of the management VLAN managementethernet show sysinfo This command displays switch information Syntax show sysinfo SFTOS Command Reference for the S2410 Version 2 4 1 0 83 show version Mode Privileged Exec Table 12 Fields in Output of show sysinfo Command Field Description Switch Description Text used to identify this switch System Na
248. nly Normal Admin Mode Whether the port is administratively enabled or disabled Physical Mode Whether the port is physically up or down Physical Status Whether the port is physically connected or disconnected Speed The port speed setting Link Status Whether the link is up or down MAC Address MAC address of the port Total Packets Received Octets The total number of octets of data received by the processor excluding framing bits but including FCS octets Octets Received The total number of octets of data including those in bad packets received on the network excluding framing bits but including Frame Check Sequence FCS octets This object can be used as a reasonable estimate of ethernet utilization If greater precision is desired the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval The result of this equation is the value Utilization which is the percent utilization of the ethernet segment on a scale of 0 to 100 percent Packets Received lt 64 Octets The total number of packets including bad packets received that were lt 64 octets in length excluding framing bits but including FCS octets Packets Received 64 Octets The total number of packets including bad packets received that were 64 octets in length excluding framing bits but including FCS octets Packets Received 65 127 Octets The total number of packets
249. nnel The no version of this command is used to disable Double VLAN Tunneling on the specified interface By default Double VLAN Tunneling is disabled mode dvlan tunnel disabled Interface Config Double VLAN Tunneling By default all ports become core ports To configure a particular port as an access port enable DVLAN tagging in Interface Config mode for that port with this command VLAN Stack Commands show dot1q tunnel Related show dot1q tunnel Displays information about Double VLAN Tunneling for a specified Commands interface or for all interfaces show dvlan tunnel same as above show dot1q tunnel This command displays whether an interface is enabled for Double VLAN Tunneling along with the system configured etherType and detailed information about Double VLAN Tunneling for the specified interface or a list of interfaces and their tunneling status This command performs the same function as show dvlan tunnel Syntax show dotlq tunnel interface unit slot port all Parameters interface unit slot Enter the interface keyword followed by either a specific address in port all the form of unit slot port or enter the word all Unit Slot Port Valid unit slot and port number separated by forward slashes Mode Privileged Exec and User Exec Web User Double VLAN Tunneling Summary This S50 Web Interface panel has similar functionality Interface Access it in the node tree through System gt gt Port
250. nning tree to the default value in other words 15 no spanning tree forward time 4 30 15 Global Config spanning tree hello time Syntax Default Mode Command History Related Commands 268 This command sets the Admin Hello Time parameter to a new value for the common and internal spanning tree spanning tree hello time 7 70 The hellotime value is in whole seconds within a range of 1 to 10 with the value being less than or equal to Bridge Max Age 2 1 The no spanning tree hello time command sets the admin Hello Time parameter for the common and internal spanning tree to the default value 2 Interface Config Interface Range which is indicated by the conf if range interface ft prompt such as conf if range vlan 10 20 Version 2 3 Added Interface Range mode interface Identifies an interface and enters the Interface Config mode interface range Defines an interface range and accesses the Interface Range mode Spanning Tree STP Commands spanning tree max age spanning tree max age Syntax Default Mode This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree The max age value is in seconds within a range of 6 to 40 with the value being less than or equal to 2 times Bridge Forward Delay 1 The no version of this command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value in
251. not been configured BPDU s received The count of BPDUs Bridge Protocol Data Units received in the spanning tree layer BPDU s Transmitted The count of BPDUs Bridge Protocol Data Units transmitted from the spanning tree layer 802 3x Pause Frames Received A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation This counter does not increment when the interface is operating in half duplex mode GVRP PDU s Received The count of GVRP PDUs received in the GARP layer GVRP PDU s Transmitted The count of GVRP PDUs transmitted from the GARP layer GVRP Failed Registrations The number of times attempted GVRP registrations could not be completed GMRP PDU s received The count of GMRP PDU s received in the GARP layer GMRP PDU s Transmitted The count of GMRP PDU s transmitted from the GARP layer GMRP Failed Registrations The number of times attempted GMRP registrations could not be completed STP BPDUs Transmitted Spanning Tree Protocol Bridge Protocol Data Units sent STP BPDUs Received Spanning Tree Protocol Bridge Protocol Data Units received RST BPDUs Transmitted Rapid Spanning Tree Protocol Bridge Protocol Data Units sent RSTP BPDUs Received MSTP BPDUs Transmitted Rapid Spanning Tree Protocol Bridge Protocol Data Units received Multiple Spanning Tree Protocol Bridge Protocol Data Units sent MSTP BPDUs R
252. nsibility Contact Information For technical support see The iSupport Website on page 24 For other questions contact Force10 using the following address Force10 Networks Inc 350 Holger Way San Jose CA 95134 USA SFTOS Command Reference for the S2410 Version 2 4 1 0 23 Documentation Feedback Feedback on Documentation Send email to techpubs forcei0networks com If appropriate for the issue please include the following information with your comments Document name e Document part number from the front cover e Page number e Software release version from the front cover The iSupport Website Access to some sections of the iSupport website do not require a password to access However if a section does require a password you can request one at the website 1 On the Force10 Networks website home page www forcelOnetworks com click the Support link as highlighted at the top of Figure 1 2 Click the Account Request link 3 Fill out the User Account Request form and click Send 4 Click Login and then enter the userid and password that you received by email LOGOUT SEARCH CONTACT HOME SUPPORT FORCEQCO Pasos SERVICE REQUEST SOFTWARE CENTER DOCUMENTS PROGRAME ISUPPORT Draviam Paramasivan Customer Support Force10 EDS My Open Cases Announcements Case THS n Priority Created On i Close Bug Track is Now Available 07026 test pl ignore P4 05 28 2005 Pen
253. ntax statements following this one Figure 9 shows an example of the show interface report when the argument is unit slot port Table 6 contains an explanation of the report fields Forcel0 show interface 1 0 2 Packets Received Without Error 0 Packets Received With ErrOriisa RR RR RR 0 Broadcast Packets Received ees 0 Packets Transmitted Without Errors 579 Transmit Packet BErCPOUSssi4 3539394cex6c t s innt RR 0 Collisicn LLANES ee settee ge alee ee week Cea E E EE 0 Time Since Counters Last Cleared cele e ns 0 day 0 hr 18 min 58 sec Figure 9 Output of the show interfaces unit slot port Command The display parameters of the show interface command when the argument is unit slot Dort are as follows Table 6 Fields in Output of show interface unit slot port Command Field Description Packets Received Without Error The total number of packets including broadcast packets and multicast packets received on the interface Packets Received With Error The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Broadcast Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include multicast packets Packets Transmitted Without Error The total number of packets transmitted out of the interface Transmit Packet Errors The num
254. nterface 1 0 1 description 1 0 1 is access port S50 Interface 1 0 1 exit S50 Config interface 1 0 30 S50 Interface 1 0 30 description management port in vlan 30 S50 Interface 1 0 30 exit S50 Config exit S50 show interfaces description 1 0 1 Interface 1 0 1 IfIndex 1 Description 1 0 1 is access port MAC Address 00 01 E8 D5 BA CO Bit Offset Val 1 S50 show interfaces description 1 0 30 Interface 1 0 30 Iflndex 9 30 Description management port in vlan 30 MAC Address 00 01 E8 D5 BA CO Bit Offset Val 30 S50 Figure 29 show interfaces description Command Example Related n 7 Commands interface vlan Creates a VLAN assigns it an ID and then enters the Interface VLAN mode 122 System Configuration Commands encapsulation VLAN show interfaces Displays information including the description about a selected interface show running config Display capture the current setting of different protocol packages supported on the switch encapsulation VLAN Syntax Default Mode Command History Related Commands This command configures the link layer encapsulation type for the packet within the VLAN Acceptable encapsulation types are Ethernet and SNAP encapsulation ethernet snap ethernet Interface VLAN Restrictions Routed frames are always Ethernet encapsulated when a frame is routed to a VLAN Version 2 3 Introduced
255. nterface VLAN Command History Version 2 3 Introduced Related aml Sets tagging to enabled for ific interface in the selected VLAN Commands agge ets tagging to enabled Tor a Specilic errace e selecte 126 System Configuration Commands protocol group protocol group Syntax Default Mode Command History Related Commands This command attaches a group ID to the selected VLAN A group can only be associated with one VLAN at a time However the VLAN association can be changed The referenced VLAN should be created prior to the creation of the protocol based VLAN except when GVRP is expected to create the VLAN no protocol group groupid The no version of this command removes the group ID from this VLAN None Interface VLAN Version 2 3 Modified Removed vlanid parameter and changed mode from VLAN database to Interface VLAN interface vlan Configure a VLAN and enter Interface VLAN mode show vlan Displays information about VLANS either detailed information for a specific VLAN or summary information for all configured VLANs show port Displays port information for a selected port or for all ports protocol vlan group Syntax Default Mode This command adds the physical unit slot port interface to the protocol based VLAN identified by groupid A group may have more than one interface associated with it Each interface and protocol combination can only be associated with one gro
256. nterfaces are present physical or configured logical Important things to remember e Bulk configuration is created if at least one interface is valid e Automatically excludes non existing interfaces from the bulk configuration and generates a warning message Figure 22 e The resulting interface range prompt includes interface types with slot port information for valid interfaces for example conf if range et 1 0 10 1 0 11 The prompt allows for a maximum of 32 characters If the bulk configuration exceeds 32 characters it is represented by an ellipsis e Ifthe interface range prompt has multiple port ranges the smaller port range is excluded from the prompt Figure 22 e If overlapping port ranges are specified the port range is extended to the smallest start port and the biggest end port Figure 23 Executing the interface range command puts you in the Interface Range mode more specifically in one of three versions of it Ethernet Range Port Channel Range or VLAN Range Here you can execute commands that modify the selected set of interfaces These commands have the same effect as they do when they are used within the Interface VLAN or Interface Config modes see interface on page 108 LAG Port Channel Commands on page 249 and interface vlan on page 123 The command families available from the Ethernet Range prompt are displayed in the following CLI example Figure 21 on page 110 The commands available fr
257. ntethernet on page 58 in the Management chapter For general instructions on configuring the management VLAN see the Management chapter in the SFTOS Configuration Guide For other VLAN information in the SFTOS Configuration Guide see the Creating VLANS section of the Getting Started chapter the chapters on the Web UI STP IEEE 802 1Q VLANs VLAN Stack commands GARP and GVRP IGMP Snooping This command resets VLAN configuration parameters to the factory defaults clear vlan disabled SFTOS Command Reference for the S2410 Version 2 4 1 0 121 description Mode Privileged Exec Related Commands show vlan Displays information about VLANs either detailed information for a specific VLAN or summary information for all configured VLANs show port Displays port information for a selected port or for all ports description Enter a description for the selected interface port or VLAN Syntax no description description The description allows spaces if you surround the statement with single or double quotes Default none Mode Interface VLAN Interface Config Command History Version 2 3 Introduced Usage The following example shows the use of both single quotes and double quotes in entering a Information description for a port The example also shows the resulting descriptions presented in show interfaces description commands Example 650 conf N S50 Config interface 1 0 1 S50 I
258. ntrol System TACACS as another method for administrator login authentication This section contains these commands e tacacs server host on page 188 e tacacs server key on page 188 e tacacs server timeout on page 189 e key on page 189 e port on page 190 priority on page 190 e single connection on page 191 show tacacs on page 191 timeout on page 191 SFTOS Command Reference for the S2410 Version 2 4 1 0 187 tacacs server host tacacs server host Configure a TACACS server and enter into TACACS Configuration mode Syntax tacacs server host ip address To remove a TACACS server host use the no tacacs server host hostname ip address command Parameters ip address Enter the IP address in dotted decimal format of the TACACS server host Default Not configured Mode CONFIGURATION Usage In CONFIGURATION mode you can set several global values for all TACACS servers as Information listed below Successful use of the tacacs server host command to identify a particular host puts you into the TACACS configuration mode for that particular host In that mode you can override global and default settings of those parameters In that TACACS configuration mode you can also use the following commands for the particular TACACS host key port priority single connection and timeout Related authentication login Specify the login authentication method Commands tacacs server key Configure
259. oaheod eee se Burned In Network Configuration Protocol Current None Management VLAN ID sran aua xw ibs ce certs bie tay wee ists sis AU 1 WED MOA io ieee bees ETER Enable Jav Modes se ss sraa ansaa E E RR RR RRR RRR de Disable S P Figure8 Example of Configuring Management Address Rel umm eateg interface managementethernet Invokes the Config if ma prompt where you can set up a Commands management IP interface the ip address command see next ip address management Configures the IP address of the management interface show interface Displays a summary of statistics for a specific port including the management port or a count of all CPU traffic based upon the argument mtu This command sets the maximum transmission unit MTU size in bytes for physical and LAG port channel interfaces Syntax no mtu 1518 10240 For the standard implementation the range of the MTU size is a valid integer between 1518 10240 The no mtu command sets the default maximum transmission unit MTU size in bytes for the interface Default 1518 Note 10 Gigabit ports use a chipset that does not automatically allow for the length of a tag For 10 Gigabit ports the default setting of 1518 means 1518 untagged or tagged The maximum is 10240 bytes Mode Interface Config SFTOS Command Reference for the S2410 Version 2 4 1 0 61 net
260. ode Command History tagged unit slot port Enter interface in unit slot port format for retrieving information about the associated interface all Enter all for retrieving information about all interfaces Privileged Exec Version 2 1 Introduced force10 50 show vlan port 1 0 1 OR Port Acceptable Ingress Default Interface VLAN ID Frame Types Filtering GVRP Priority 1 0 1 1 Admit All Enable Disable 0 Probecbed POPE ccskasctovnvoscsose yey aeo rk iim SU Sror909 Sra ar eres as False Forcel0 S50 show vlan port all Port Acceptable Ingress Default nterface VLAN ID Frame Types Filtering GVRP Priority POI 1 Admit All Enable Disable 0 0 2 1 Admit All Enable Disable 0 0 3 1 Admit All Enable Disable 0 0 4 1 Admit All Enable Disable 0 0 5 1 Admit All Enable Disable 0 0 6 1 Admit All Enable Disable 0 PO 1 Admit All Enable Disable 0 0 8 1 Admit All Enable Disable 0 0 9 1 Admit All Enable Disable 0 0 10 1 Admit All Enable Disable 0 FO TI d Admit All Enable Disable 0 NC Teone output truncated E Figure 34 Output of the show vlan port Command This command sets tagging to enabled for a specific port or range of ports in the selected VLAN If tagging is enabled traffic is transmitted as tagged frames tagged unit slot port The unit slot port is a valid interface belonging to the VLAN To remove tagging from the interface use the no tagged command not untagge
261. om the VLAN SFTOS Command Reference for the S2410 Version 2 4 1 0 109 interface range Range and Port Channel Range prompts within that mode are displayed in the Link Aggregation chapter LAGs in the SFTOS Command Reference Example 1550 1 conf if range et 1 0 10 1 0 11 e addport Add this port to a port channel auto negotiate Enables Disables automatic negotiation on a port classofservice Configure Class of Service parameters cos queue Configure the Cos Queue Parameters deleteport Delete this port from a port channel description Add Description to the interface dotlix Configure Dotix interface commands exit To exit from the mode gmrp Set GARP Multicast Registration Protocol parameters gvrp Set GARP VLAN Registration Protocol parameters igmp Enable Disable IGMP Snooping on a selected interface ip Configure IP parameters mac Configure MAC Access List group parameters mode Configure the double VLAN tunnel mode for this interface mtu Sets the default MTU size port Configure a physical port port channel Enable Disable the port channel s administrative mode port security Enable Disable Port MAC Locking Security for interface protocol Configure the Protocol Based VLAN parameters service policy Configure DiffServ Service More or q uit set Configure switch options and settings shutdown Enable Disable a port snmp Configure SNMP options snmp server Enable Disable SNMP violation traps interface
262. ommand Reference for the S2410 Version 2 4 1 0 279 random detect queue parms random detect queue parms This command sets the WRED parameters for each drop precedence level supported by a queue The actual number of queue drop precedence levels is platform specific S2410 has four Use the no form of this command to restore the default values for the queue WRED parameters Syntax no random detect queue parms queue id 1 queue id 2 queue id n min thresh 0 16 0 16 0 16 max thresh 0 16 0 16 0 16 drop prob scale 0 15 0 15 0 15 Parameters queue id 1 queue id 2 Enter a queue ID from 0 to 3 Enter from one ID up to four queue id n Range 0 to 3 min thresh 0 16 0 16 Enter the keyword min thresh followed by the desired minimum 0 16 threshold value for each associated queue first threshold value is associated with queue 1 etc Range 1 to 16 max thresh 0 16 0 16 Enter the keyword max thresh followed by the desired maximum 0 16 threshold value for each associated queue Range 1 to 16 drop prob scale 0 15 Enter the keyword drop prob scale followed by the desired 0 15 0 15 value for each associated queue See Usage below Range 1 to 15 Mode Global Config Usage The drop prob scale value is the WRED weighted random early discard drop probability scale factor expressed as an integer This value S specifies that one out of every 2 S packets are dropped by WRED when the average queue length reaches its m
263. ommands snmp server community ro status is changed back to Enable The no version of this command deactivates an SNMP community If the community is disabled no SNMP requests using this community are accepted In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable Syntax no snmp server community mode name Default Enable Mode Global Config snmp server community ro This command restricts access to switch information The access mode is read only also called public Syntax snmp server community ro name Mode Global Config snmp server community rw This command restricts access to switch information The access mode is read write also called private Syntax snmp server community rw name Mode Global Config snmp server enable traps bcaststorm This command enables the sending of Broadcast Storm traps Syntax no snmp server enable traps bcaststorm The no version of this command disables the sending of Broadcast Storm traps Default enabled SFTOS Command Reference for the S2410 Version 2 4 1 0 99 snmp server enable traps linkmode Mode Command History Related Commands Global Config Version 2 3 Introduced Note The CLI indicates successful execution of this command and the show trapflags report shows successful execution of the command but this trap is not currently supported storm control broadcas
264. on This can lead to high priority and or network control traffic loss Note This command only applies to full duplex mode ports gt Default disabled Mode Global Config SFTOS Command Reference for the S2410 Version 2 4 1 0 201 storm control flowcontrol 202 Security Commands DHCP Server Commands These commands configure the Dynamic Host Configuration Protocol DHCP Server parameters and address pools The following commands are covered in this chapter e bootfile on page 204 e clear ip dhcp binding on page 204 clear ip dhcp server statistics on page 204 clear ip dhcp conflict on page 205 client identifier on page 205 e client name on page 205 e default router on page 206 e dns server on page 206 e domain name on page 206 e hardware address on page 207 e host on page 207 e ip dhcp bootp automatic on page 208 e ip dhcp conflict logging on page 208 e ip dhcp excluded address on page 208 e ip dhcp ping packets on page 209 e ip dhcp pool on page 209 lease on page 209 e network on page 210 e netbios name server on page 210 e netbios node type on page 210 e next server on page 211 option on page 211 e service dhcp on page 212 e show ip dhcp binding on page 212 e show ip dhcp global configuration on page 213 e show ip dhcp pool configuration on page 213 e show ip dhcp server statistics on page 214 e show ip dhcp conflict on page 214 SFTOS Command Reference for
265. or all CPU traffic based upon the argument show interface Displays information about the management interface managementethernet show interface ethernet Displays detailed statistics for a specific ethernet port or for all CPU traffic based upon the argument show interfaces Syntax Parameters Mode Command History This command displays information about a selected interface or VLAN show interfaces description unit slot port 1 3965 cos queue unit slot port description unit slot port OPTIONAL Enter the keyword description followed by a 1 3965 VLAN ID to display information for that VLAN or to report on a particular interface identify the interface in the form unit slot port cos queue unit slot port OPTIONAL For details on this option see show interfaces cos queue on page 282 Privileged Exec Version 2 3 Modified Added description unit slot port parameter SFTOS Command Reference for the S2410 Version 2 4 1 0 77 show logging Usage Information Example Related Commands The following example shows sample output of the show interfaces description command with an interface specified in the unit slot port form Forcel0 show interfaces description 1 0 1 Interface 1 0 1 lflndex se TE 1 Description 1 0 1 is access port MAC Address 00 01 E8 D5 BA CO Bit Offset Val 1 Figure 12 Output of the show interfaces description Command
266. or this port to disabled Spanning Tree STP Commands spanning tree port mode enable all Syntax no spanning tree port mode enable Default disabled Mode Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Command History Version 2 3 Modified Added enable keyword Added Interface Range and Interface VLAN modes Related interface Identifies an interface and enters the Interface Config mode Commands interface range Defines an interface range and accesses the Interface Range mode spanning tree port mode enable all This command sets the Administrative Switch Port State for all ports to enabled The no version of this command sets the Administrative Switch Port State for all ports to disabled Syntax no spanning tree port mode enable all Default disabled Mode Global Config Command History Version 2 3 Modified Added enable keyword SFTOS Command Reference for the S2410 Version 2 4 1 0 273 spanning tree port mode enable all 274 Spanning Tree STP Commands Quality of Service QoS Commands This chapter provides a detailed explanation of available Quality of Service QoS commands The chapter is divided into the following sections Class of Service CoS Commands Differentiated Services DiffServ Commands on page 285 Provisioning IEEE 802 1p Commands on page 285 Class of Service CoS Commands
267. ore the default enter no tacacs server timeout Parameters timeout Range 1 to 30 seconds Default 5 seconds Mode Global Config Related tacacs server host Identify a TACACS server Commands timeout Specify the timeout value for a particular TACACS server Specify the authentication and encryption key for all communications between the client and the particular TACACS server This key must match the key configured on the server Syntax key key string Parameters key string Range 1 to 128 characters SFTOS Command Reference for the S2410 Version 2 4 1 0 189 port Default Command Mode Related Commands port Syntax Parameters Default Command Mode priority Syntax Parameters Default Command Mode Related Commands 190 If unspecified the key string defaults to the global value TACACS Configuration Identify a TACACS server Specify the authentication and encryption key at a global level for communications between the client and TACACS servers tacacs server host tacacs server key Specify a server port number for a particular TACACS host port port number port number Range zero 0 to 65535 If unspecified the port number defaults to 49 TACACS Configuration tacacs server host Identify a TACACS server Use the priority command to determine the order in which the servers will be used with 0 being the highest priority priority priority priority Range ze
268. ormation igmp interfacemode enable all Syntax Default Mode Command History Related Commands This command enables IGMP Snooping on all interfaces If an interface that has IGMP Snooping enabled is enlisted as a member of a LAG port channel IGMP Snooping functionality will be disabled on that interface IGMP Snooping functionality will be subsequently re enabled if LAG membership is removed from that interface no igmp interfacemode enable all The no version of this command disables IGMP Snooping on all interfaces disabled Global Config Version 2 3 Changed from set igmp interfacemode all igmp enable interface This command enables IGMP Snooping on a selected interface show igmpsnooping Displays IGMP Snooping status igmp maxresponse 238 This command sets the IGMP maximum response time on a selected port or VLAN The Maximum Response time is the amount of time in seconds that a switch will wait after sending a query on an interface because it did not receive a report for a particular group in that interface IGMP Snooping Commands Syntax Default Mode Command History Related Commands igmp mcrtexpiretime interface igmp maxresponse 1 3599 The variable must be less than the IGMP query interval time value The range is 1 to 3599 seconds The no igmp maxresponse command sets the IGMP Maximum Response time on the interface to the default value 10 seconds Interface Confi
269. ow version Table 13 Fields in Output of show version Command continued Headings Explanation Burned in MAC Address Universally assigned network address Software Version The release version revision number of the code currently running on the switch Additional Packages This displays the additional packages that are incorporated into this system such as SFTOS Multicast 10 100 Ethernet 802 3 interface s Gig Ethernet 802 3 interface s 10Gig Ethernet 802 3 interface s Virtual Ethernet 802 3 interface s System Name System Location System Contact System Object ID System Up Time MIBs Supported RFC 1907 SNMPv2 MIB The MIB module for SNMP v2 entities RFC 2819 RMON MIB Remote Network Monitoring Management Information Base FORCE10 REF MIB Force10 Reference MIB SNMP COMMUNITY MIB This MIB module defines objects to help support coexistence between SNMPv1 SNMPv2 and SNMPv3 SNMP FRAMEWORK MIB The SNMP Management Architecture MIB SNMP MPD MIB The MIB for Message Processing and Dispatching SNMP NOTIFICATION MIB The Notification MIB Module SNMP TARGET MIB The Target MIB Module SNMP USER BASED SM MIB The management information definitions for the SNMP User based Security Model SNMP VIEW BASED ACM MIB The management information definitions for the View based Access Control Model for SNMP US
270. ownload datatype to be an image filename system image or a configuration file nvram startup config nvram startup config If you are using HyperTerminal specify which file is to be sent system image to the switch The switch will restart automatically after the code has been downloaded SFTOS Command Reference for the S2410 Version 2 4 1 0 37 Downloading from a TFTP Server 1 Before starting a TFTP server download configure the management IP address of the switch see Management IP Address on page 35 2 To download from a TFTP server use the following command Command Syntax Command Mode Purpose copy tftp ip address Privileged Exec Set the destination download datatype nvram startup config For the SFTOS software image use system image system image For a configuration file use nvram startup config See copy on page 139 The URL is specified as tftp ipAddr filepath where filepath includes the filename such as S2410 2410software bin Using Factory Defaults To load factory defaults use either of the following commands Command Syntax Command Mode Purpose clear config Privileged Exec Enter y at the prompt that asks if you want to clear all the configurations made to the switch reload or cold boot of the switch Privileged Exec Alternatively use this command to restart the system and access the Boot menu where you can select an option to load factory defaults See Using the
271. p p igmp enable interface Enables IGMP Snooping on a selected interface SFTOS Command Reference for the S2410 Version 2 4 1 0 243 set igmp mcrtexpiretime global set igmp mcrtexpiretime global Syntax Default Mode Related Commands This command sets the Multicast router present expiration time for all routers no set igmp mcrtexpiretime 0 3600 The variable is the amount of time in seconds that a switch will wait for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached The range is 0 to 3600 seconds A value of 0 indicates an infinite timeout i e no expiration The no igmp mcrtexpiretime command sets the Multicast Router Present Expiration time on the interface to 0 A value of 0 indicates an infinite timeout i e no expiration 0 Global Config igmp enable interface Enables IGMP Snooping on a selected interface igmp mcrtexpiretime Sets the Multicast router present expiration time on a selected interface interface show igmpsnooping Displays IGMP Snooping status information set igmp mcrtexpiretime interface Command History Related Commands 244 Version 2 3 Revised to igmp mcrtexpiretime igmp enable interface Enables IGMP Snooping on a selected interface igmp mcrtexpiretime interface Sets the Multicast router present expiration time on a selected interface set igmp
272. pecified for the destination MAC value mask pair indicating a well known BPDU MAC value of 01 80 c2 xx xx xx hex where xx indicates a don t care ethertypekey Optional The Ethertype ethertypekey may be specified as either a keyword or a four digit hexadecimal value from 0x0600 to OxFFFF The currently supported ethertypekey keyword values are appletalk arp ibmsna ipv4 ipv6 ipx mplsmcast mplsucast netbios novell pppoe rarp Each of these translates into its equivalent Ethertype value s See the Usage section below vlan eq Optional To specify a filter on a VLAN enter vlan eq followed by the VLAN 0 4095 range ID Or for a VLAN range use vlan range followed by the lowest VLAN ID 0 4095 0 4095 and then the highest VLAN ID in the range cos 0 7 Optional Use the cos keyword to specify a filter based on the Class of Service value the only tag in a single tagged packet or the first or outer 802 1Q tag of a double VLAN tagged packet The value may be from 0 to 7 288 ACL Commands deny permit secondary vlan Optional As above for the vlan keyword secondary cos Optional As above for the COS keyword assign queue Optional The assign queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule The allowed queue id value is 0 n 1 where n is the number of user configurable queues available for the hardware platform See the Usage se
273. played If omitted the most recent global configuration settings are displayed Privileged Exec Interface This displays the slot port of the interface If displaying the global configuration this output line is replaced with a Global Config indication The following information is repeated for each queue on the interface Queue IdQueue identification number An interface supports n queues numbered 0 to n 1 The number n is platform dependent and corresponds to the number of supported queues traffic classes The following information is repeated for each drop precedence level defined for the preceding Queue ID Drop Precedence Level The drop precedence level for this queue from 1 to p The specific pvalue is platform dependent WRED Minimum Threshold The WRED minimum threshold value for this drop precedence level expressed in sixteenths of the overall device queue size e g 0 16 1 16 2 16 16 16 This is a configured value WRED Maximum Threshold The WRED maximum threshold value for this drop precedence level expressed in sixteenths of the overall device queue size e g 0 16 1 16 2 16 16 16 This is a configured value WRED Drop Probability Scale The WRED drop probability scale factor expressed as an integer This value S specifies that one out of every 2 S packets are dropped by WRED when the average queue length reaches its maximum threshold value This is a configured value Ve
274. ponse is as follows IGMP Snooping Admin Mode This indicates whether or not IGMP Snooping is active on the interface Fast Leave Mode Disable or Enabled Group Membership Interval This is the amount of time a switch will wait for a report for a particular group on a particular interface before it sends a query on that interface This value may be configured SFTOS Command Reference for the S2410 Version 2 4 1 0 245 show igmpsnooping fast leave Max Response Time This displays the amount of time the switch will wait after sending a query on an interface because it did not receive a report for a particular group on that interface This value may be configured Multicast Router Present Expiration Time lf a query is not received on an interface within this amount of time the interface is removed from the list of interfaces with multicast routers attached This value may be configured When the optional argument 7 3965 is used the response is the same as for unit slot port except that one more report field is added Vlan ID This echoes the number of the VLAN specified in the parameter show igmpsnooping fast leave Command History Version 2 3 Deprecated Use show igmpsnooping to display whether or not IGMP Snooping is enabled on the designated interface show igmpsnooping mrouter interface Syntax Parameters Mode Report Fields 246 This command displays information about statically configured ports
275. r wha beeneaeeed agen 204 coa ONO OOH A rm 204 clear ip dhcp server statistics 2 ss ee ee RR Re ee 204 DOS I CON cite dobd d quud cate nde be etek ob Que ee 5 eater ent 205 EEUU Ginn hus aoe eaters egonns bes esGens Guu euenesseheseeeassaegues 205 55 17 7 M EE EE E 205 Me Oe ea tte scel ed ded ba bab a eek eee eee rade eben adit ecd aid 206 a IC M S UTI 206 suo or UU 206 hardwar HOUSSE LLosrqadb P E aC ER RARE sou ETE QD GENERAR aq RE Bd eT 207 POR Lzzidsscsqhmo RR G GO GR SC REURd a Edo durer EPR unio GE TOT EE dg ER SER PEEQG dg 207 IPSO DOO BUT 4rd loea deed daba sed A aequ sd ic d del dd bea ESOR 208 POPC OUI aeoaadgdurb eq d o d RON Fa ER RM E ec E RP E RE RE RAS d 208 ID One SXCIIOBU GUI ENE Lou pea COE EGO ROUGE E RO HERR ODER EO HECHO ER ER ER EN 208 ID BAG DIN DOOR weiter lada peaks hak Quoc aps Grp etapa SoM dabo estu pol bal Goi ex GpEC Ed dolla ee isd 209 Pan DOO T 209 Contents inc MARNE Pha dee ee Resch ee a SOE EAS nae De eee 210 nolbios name SOFVOF scare asses RoHS RETR ERODES EEE RRR SRE ee RC e den 210 HelbDS OU DVDS a2 wea Ke Sas deor RASS IC Ro Oe d BN we X CR E Oh qe d are 210 Hex SBIWVEF 2oxsduabetresbROA QEDERAQEAqSZMEEEASAKRR O VRAT EAT ATR SQ RC RE EE 211 ODUOM sirar irkit rA EENE EEE eX d GR EHTEL EPPS SERIE QR E Rd PET ETRE qa FUROR Eee 211 SOOO We tite dore dedii bob edad aed abe du ivit gd
276. r Account Management asso cR wx e3rCRa Rr ROC Rd ree dor o Row oboe Cog 34 ubinam lvicr Mm 35 Configuring the Management VLAN IP Address 00 00 cece eee eee eee 36 Configuring the Ethernet Management Port 6 00 e eee eee 36 Uploading from the Switch through XMODEM TET TS TETY TT 37 Downloading to the Switch through XMODEM lsessele e 37 Downloading Trama TTE a aie lg dd desc ac sal Dr aci eto ari ae A a 38 Using Facer CEUS ausit qid Ib quede rae p bare dde dq Jor PR DE qua OO SFTOS Command Reference for the S2410 Version 2 4 1 0 5 Chapter 3 Using the Command Line Interface 00 0 0 cee eee eee eee 39 Command suniax Convenios i ica ke das ie eee ee ek ee dd 39 Camna FOAL TP RTT 40 COMTAN FAES 1 512 23 iagi de deb BCR a Ri D i cC Ud b cio Re ail ashe en Da a 40 Elo Fon er ac CORSO cian ea qaam dee qd E POCO Dd POP do eique ede ed da 41 VOS 2364 0G PEPHYRRERXACEXQU E ERE OL GREE ES SS NRI LI QE CN Le CPU Rp Rs 41 PEE EGS bi hd Gane ede be RA EE dee ae Sati ee te Rad 42 Cun tuin oct ect ceea Cae KE RRE AREAL REESE AMET REE RE REE CERRO RRL TERR RRR Y 42 Keyboard SPORUS 4a cake asinge seed pCA ee red seat wesh estate Had eee ilo abdo obere 43 Obtaining Help at ihe Command LING 2c xd ense area durar RET Aem ade Ru EAR dH 43 Using Command Modes uuxepeosepxekERa 3 mem x x hber m pax ud RE Eee E EAE XR EA d 44 WR TAR TOO usos raiat Bede p snd obi dd eo iene dose le
277. r of expired leases Malformed Bindings The number of truncated or corrupted messages that were received by the DHCP server Messages Received DHCPREQUEST The number of DHCPREQUEST messages that were received by the server DHCPDECLINE The number of DHCPDECLINE messages that were received by the server DHCPRELEASE The number of DHCPRELEASE messages that were received by the server DHCPINFORM The number of DHCPINFORM messages that were received by the server Messages Sent DHCPOFFER The number of DHCPOFFER messages that were sent by the server DHCPACK The number of DHCPPACK messages that were sent by the server DHCPNACK The number of DHCPNACK messages that were sent by the server show ip dhcp conflict 214 Syntax Mode This command displays address conflicts logged by the DHCP Server If no IP address is specified all the conflicting addresses are displayed show ip dhcp conflict ip address Privileged Exec and User Exec IP address The IP address of the host as recorded on the DHCP server Detection Method The manner in which the IP address of the hosts were found on the DHCP Server Detection time The time when the conflict was found DHCP Server Commands SNTP Commands This section provides a detailed explanation of the Simple Network Time Protocol SNTP commands The commands are comprised of two functional groups e Configuration Commands configure features and options of the switch
278. r this rule Ethertype Displays the Ethertype keyword or custom value for this rule VLAN ID Displays the VLAN identifier value or range for this rule COS Displays the COS 802 1p value for this rule Secondary VLAN ID Displays the Secondary VLAN identifier value or range for this rule Secondary COS Displays the Secondary COS 802 1p value for this rule Assign Queue Displays the queue identifier to which packets matching this rule are assigned Redirect Interface Displays the unit slot port to which packets matching this rule are forwarded When the command is used without the name option the report displays a summary of all defined MAC access lists in the system in the following fields Name The name of the MAC access list Number of Rules The number of user configured rules defined for this ACL This does not include the implicit deny all rule defined at the end of every MAC ACL Interfaces The list of interfaces unit slot port to which the MAC ACL is attached in a given direction Direction Denotes the direction in which the MAC ACL is attached to the set of interfaces listed The only current possible value is Inbound mac access list extended Creates a MAC Access Control List ACL identified by name consisting of classification fields defined for the Layer 2 header of an Ethernet frame SFTOS Command Reference for the S2410 Version 2 4 1 0 293 show mac access lists 294 ACL Commands
279. random detect exponential weighting constant commands Version 2 4 1 Modified Removed Interface Config mode random detect Set the decay exponent used by the WRED average queue depth exponential weighting constant calculation for the interface random detect queue parms Set the WRED parameters for each drop precedence level supported by a queue show interfaces random detect Display the WRED configuration for each supported drop precedence level of each queue for the specified interface cos queue strict Syntax Modes This command activates the strict priority scheduler mode for each specified queue up to four in the S2410 no cos queue strict queue id queue id queue id queue id The no version of this command restores the default weighted scheduler mode for each specified queue Global Config random detect exponential weighting constant Syntax Mode Command History Related Commands Set the decay exponent used by the WRED average queue depth calculation for the interface no random detect random detect exponential weighting constant 1 15 Global Config Version 2 4 1 Introduced random detect queue parms Set the WRED parameters for each drop precedence level supported by a queue show interfaces random detect Display the WRED configuration for each supported drop precedence level of each queue for the specified interface SFTOS C
280. rdiexkadd gsedidrsdqes 223 SO A I E E E E T Roe eee edv ad al pq do Sgen 224 Chapter 13 GARP GVRP and GMRP Commands eeseseeeeeeeee nnn 225 GARP DeImmsris resio eap RA PAXX AP ERS Sms eXqde Rea prGdbdu Ed du Rubeus 225 Bet garp timer ION iuusseesecues kem 4 REGE RORXURRRRHERRG AR HRGcRAGHA KG REG RR PERRA E EHS S 225 SO OS PE IOS so pea de bbe Pes edhe eee dees qud Edu dad Ree a E 226 Bel Ga Tier ieaVOal Me i oe NG Reet rc RTT 227 SHOW GE 64 0505 E A A E A AAAA ATTLEE TT 227 GARP VLAN Registration Protocol GVRP Commands n se sasaaa aaa aaea 228 gup admimode enable wpe cc poe de eee ee RRO HERE EESE ETIA PIESEK ee TA 228 SFTOS Command Reference for the S2410 Version 2 4 1 0 13 gymp interlacemode enable 2454 saw doe Rex dud EROR A ee PR HR ke eee eee beeen 228 OVID ntemecemodo enable all cusa sede ages dora ER RE RR RR RON a eR CR RE 229 Set OVID adminmode ca5 see 45S se EEG RR PRX RE RA RAO ORO RA a e ARE WX Ede ROC E ERRORS 229 selowD BIBTSOBIDOBN coe siepe REPRE bide Re od O9 o Ced Boos dares Each ace o d 229 set grp interfacemode all iocos hens RR AREE REQQLARBRPNTIANARGRAEWERNERRCHRREFTPERR 229 show OVS configUrallOri 5555554554859 44 505 ind RR REOR AXE ERROR RC RR OR RR SERRE SE 229 GARP Multicast Registration Protocol GMRP Commands 00000e eee eeeee 231 GARP Multicast Registration Protocol GMRP 00 cece eee eee eee 231 DIC OCIO o 2 2 be OR FEED HERST OLAS PERO E E UV P
281. rface Enable the secure socket layer for secure HTTP Displays the HTTP settings for the switch ip http secure server enable show ip http SFTOS Command Reference for the S2410 Version 2 4 1 0 197 show ip http show ip http 198 Syntax Mode Example This command displays the HTTP settings for the switch show ip http Privileged Exec The report fields are HTTP Mode Unsecure This field indicates whether basic HTTP is enabled or disabled on the switch HTTP Mode Secure This field indicates whether the administrative mode of secure HTTP HTTPS is enabled or disabled on the switch Java Mode This field indicates whether Java mode is enabled or disabled on the switch Secure Port This field specifies the port configured for SSLT Secure Protocol Level The protocol level may have the values of SSL3 TSL 1 or both SSL3 and TSL 1 m show ip http Java Mode Disabled HTTP Mode Unsecure Disabled HTTP Mode Secure Disabled Secure Port 443 Secure Protocol Level s TLS1 SSL3 Forcel0 MS E Figure 45 Example of show ip http Command Output Security Commands show storm control Broadcast Storm Control Commands This section contains the following commands e show storm control e storm control broadcast on page 200 e storm control flowcontrol on page 200 Note This feature works on the 10G ports of the S2410 but because of 8
282. rface unit slot port Mode Privileged Exec and User Exec Port mode Enabled or disabled Port Up Time Since Counters Last Cleared Time since port was reset displayed in days hours minutes and seconds Hello Time Configured value of the parameter for common spanning tree STP BPDUs Transmitted Spanning Tree Protocol Bridge Protocol Data Units sent STP BPDUs Received Spanning Tree Protocol Bridge Protocol Data Units received RST BPDUs Transmitted Rapid Spanning Tree Protocol Bridge Protocol Data Units sent SFTOS Command Reference for the S2410 Version 2 4 1 0 261 show spanning tree mst detailed RST BPDUs Received Rapid Spanning Tree Protocol Bridge Protocol Data Units received MSTP BPDUs Transmitted Multiple Spanning Tree Protocol Bridge Protocol Data Units sent MSTP BPDUs Received Multiple Spanning Tree Protocol Bridge Protocol Data Units received show spanning tree mst detailed Syntax Mode This command displays settings and parameters for the specified multiple spanning tree instance The instance mstid is a number that corresponds to the desired existing multiple spanning tree instance ID The following details are displayed show spanning tree mst detailed mstid Privileged Exec and User Exec MST Instance ID The ID of the MST being created MST Bridge Priority The bridge priority for the MST instance selected Time Since Topology Change The time since the topology changed Topology Cha
283. ro 0 to 65535 If unspecified the priority defaults to 0 TACACS Configuration tacacs server host Identify a TACACS server Security Commands single connection single connection Syntax Default Command Mode Related Commands show tacacs Syntax Parameters Command Mode Related Commands timeout Syntax Parameters Default Command Mode Related Commands Configure the client to maintain a single open connection with the TACACS server no single connection Use multiple connections In other words the client will use a separate connection for each authentication session TACACS Configuration tacacs server host Identify a TACACS server Display configuration and status for a particular TACACS server show tacacs ip address ip address IP address of the server host in dotted decimal format Privileged Exec tacacs server host Identify a TACACS server Specify the timeout value for a particular TACACS host timeout timeout timeout Range 1 to 30 seconds If no timeout value is specified the global value is used TACACS Configuration Identify a TACACS server Specify the authentication and encryption key for all communications between the client and the particular TACACS server tacacs server host tacacs server timeout SFTOS Command Reference for the S2410 Version 2 4 1 0 191 ip ssh maxsessions Secure Shell SSH Comm
284. rol broadcast 200 storm control flowcontrol 200 Subnet Mask 37 switch 199 configuring for in band connectivity 52 configuring for Web access 52 inventory 114 116 119 169 227 229 233 234 SFTOS Command Reference for the S2410 Version 2 4 1 0 301 resetting 144 statistics related 201 commands 66 68 70 75 77 switch navigation icon in Web UI 53 syntax conventions 39 syslog servers 78 80 system information and statistics commands 201 commands 97 system utilities 138 144 System Utility Commands 138 T Tab 43 TACACS key 189 port 190 priority 190 show tacacs 191 single connection 191 timeout 191 TACACS Config mode 45 48 50 tacacs server host 188 tacacs server host ip address command 48 tacacs server key 188 tacacs server timeout 189 tagged 131 tagging 131 132 135 137 tail drop queue parms 284 Tech Tips and FAQ S Series 23 telnet 90 enable or disable 89 sessions closing 143 158 sessions displaying 158 telnetcon maxsessions 91 telnetcon maxsessions See ip telnet maxsessions telnetcon timeout See ip telnet timeout terminal length 144 145 terminal length command 144 timeout 191 timeouts ARP 204 214 timeouts ARP 204 205 Topology Mode based 45 traceroute 145 traffic shape 285 trap log clearing 139 trapflags OSPF 94 TRAPMGR 156 traputil c 156 trunks See LAGs type 207 U unique identifier for a DHCP client 205 unit slot port format 3 untagged 131 132 uploading 33 User Account Man
285. rotocol packages supported on the switch This command displays captures only commands with settings configurations with values that differ from the default value The output is displayed in script format which can be used to configure another switch with the same configuration When a script name is provided the output is redirected to a configuration script The option all will also enable the display capture of all commands with settings configurations that include values that are the same as the default values If the optional lt scriptname gt is provided with a file name extension of scr the output will be redirected to a script file show running config all scriptname Privileged Exec If static capability is enabled port channel staticcapability the device has static capability enabled SFTOS Command Reference for the S2410 Version 2 4 1 0 81 show serviceport Example Usage Information Related Commands f S50 TAc 5 show running config all PR Current Configuration hostname S50 TAC 5 no set gmrp adminmode no set gvrp adminmode telnetcon timeout 5 telnetcon maxsessions 5 ip telnet server enable network protocol none network parms 172 17 1 222 255 255 255 0 172 17 1 254 network mac type burnedin network mgmt vlan 1 no network javamode vlan database set igmp groupmembership interval 1 260 set igmp maxresponse 1 10 al igmp mcrtrexpiretime 1 0 J Figure 16 Using the show r
286. router rip command 49 routerid 41 RSMLT 249 S Save button 53 script apply 147 script delete 147 script list 147 SFTOS Command Reference for the S2410 Version 2 4 1 0 299 script show 148 script validate 148 serial baudrate 91 serial timeout 92 service dhcp 212 service port 79 serviceport commands 3 serviceport ip 37 63 serviceport protocol 64 session limit 89 sessions closing 143 158 displaying 158 session timeout 89 set garp timer join 225 set garp timer leave 226 set garp timer leaveall 227 set gmrp adminmode 232 set gmrp interfacemode 233 set gmrp interfacemode all 233 set gvrp adminmode 229 set gvrp interfacemode 229 set gvrp interfacemode all 229 set igmp interface 241 set igmp system 241 set igmp fast leave 241 set igmp groupmembership interval global 241 set igmp groupmembership interval interface 242 set igmp interface 242 set igmp interfacemode all 242 set igmp maxresponse global 243 244 set igmp mcrtexpiretime interface 244 set igmp mrouter 245 set prompt 57 setting the hostname 57 SFTOS CLI 31 SFTOS Command Reference 23 SFTOS Configuration Guide 23 show accounting 185 show arp switch 64 show authentication 175 show authentication users 176 show classofservice dot1p mapping 281 show classofservice dot1pmapping 286 show classofservice trust 281 show commands show inventory 114 116 119 169 227 229 233 234 show lags summary 256 show loginsession 158 show port 117 show stats
287. rsion 2 4 1 Introduced random detect Set the decay exponent used by the WRED average queue depth exponential weighting constant calculation for the interface random detect queue parms Set the decay exponent used by the WRED average queue depth calculation for the interface show interfaces tail drop threshold Syntax This command displays the tail drop threshold configuration for each supported drop precedence level of each queue for the specified interface show interfaces tail drop threshold sl ot port The slot port parameter is optional If specified the tail drop configuration of the interface is displayed If omitted the most recent global configuration settings are displayed SFTOS Command Reference for the S2410 Version 2 4 1 0 283 tail drop queue parms Mode Report Fields Command History Related Commands Privileged Exec Interface This displays the slot port of the interface If displaying the global configuration this output line is replaced with a Global Config indication The following information is repeated for each queue on the interface Queue IdQueue identification number An interface supports n queues numbered 0 to n 1 The number n is platform dependent and corresponds to the number of supported queues traffic classes The following information is repeated for each drop precedence level defined for the preceding Queue ID Drop Precedence Level The drop preceden
288. rsion of this command removes all interfaces from this protocol based VLAN group that is identified by this groupid Syntax no protocol vlan group all groupid Default None Mode Global Config pvid VLAN Configure the VLAN ID for a specific port Mode Interface VLAN Command History Version 2 3 Introduced but deprecated in favor of the tagged command bib ntagged Sets tagging to disabled for ific port or range of ports in the selected VLAN Commands untagge ets tagging to disabled for a specific port or range of ports e selecte 128 System Configuration Commands show vlan show vlan This command displays information about VLANs either detailed information for a specific VLAN or summary information for all configured VLANs The ID is a valid VLAN identification number Syntax show vlan brief id vianid name port Parameters brief OPTIONAL Enter the keyword brief to display summary information for all configured VLANs id vlanid OPTIONAL Enter the keyword id followed in place of vlanid by the desired VLAN number to display detailed information for the selected VLAN Range 1 to 3965 name OPTIONAL Enter the keyword name to display the names of configured VLANs Mode Privileged Exec and User Exec Command History Version 2 3 Modified Changed parameters to include show vlan brief Usage For the show vlan command without parameters the output is shown in Figure 31
289. rt channel and generates a logical unit slot port for it Syntax no port channel name The name field is an alphanumeric string that allows the dash character Use no port channel unit slot port slot port format to delete the designated LAG Mode Global Config Related Commands port channel name Rename a designated LAG or enter one name for all configured LAGs show port channel Display the configured LAG names and their IDs The interface number is specified in logical slot port format which displays one 1 as the slot number the port number is a sequential integer based on existing LAG numbers when the new LAG is created Before adding ports to the newly defined LAG use this command to determine the logical ID that identifies the LAG to use when associating a port with it addport Add a port to a LAG Ports added to a LAG must be physical ports not other LAGs SFTOS Command Reference for the S2410 Version 2 4 1 0 251 port channel enable all global port channel enable all global Syntax Mode Command History This command enables the administrative mode for all LAGs port channels The no version of this command disables all LAGs no port channel enable all Global Config Version 2 3 Replaced adminmode with enable port channel enable interface Syntax Mode Usage Command History Related Commands This command enables the selected port channel
290. rt channel staticcapability Added Interface VLAN and Interface Range modes Version 2 4 Version 2 3 port channel staticcapability Enables static LAGs port channels on the device port lacomode enable all Syntax Mode Command History Related Commands This command enables Link Aggregation Control Protocol LACP on all ports The no version of this command disables Link Aggregation Control Protocol LACP on all ports no port lacpmode enable all Global Config Version 2 4 Deprecated Use no port channel staticcapability Version 2 3 Revised from no port lacpmode all port channel staticcapability Enables static LAGs port channels on the device port lacptimeout global 254 This command sets the Link Aggregation Control Protocol LACP timeout on all ports LAG Port Channel Commands Syntax Parameters Mode Related Commands port lacptimeout interface The no version of this command removes the Link Aggregation Control Protocol LACP timeout on all ports no port lacptimeout short all long all short all Enter short all to select the short timeout setting 3 seconds for all ports long all Enter long all to select the long timeout setting 90 seconds for all ports Global Config port lacptimeout interface Set the LACP timeout on the selected port s port lacptimeout interface Syntax Parameters Mode Command History Rel
291. s 58 Table 5 Fields in the Output of the show hardware Command TET 65 Table 6 Fields in Output of show interface unit slot port Command 0 0085 66 Table 7 Fields in Output of show interface ethernet switchport Command 68 Table 8 Fields in Output of show interface ethernet unit slot port Command 70 Table 9 Fields in Output of show interface managementethernet command 75 Table 10 Fields in Output of show interface switchport Command lsslseslssus 76 Table 11 Fields in Output of show serviceport command lslllllelle lees 83 Table 12 Fields in Output of show sysinfo Command llllllsllllesllllesnn 84 Table 13 Fields in Output of show version Command brad baud TOC TEEN ss 84 Table 14 Fields of show serial Command Output 0 000 cee eee ee 93 Table 15 Fields of show snmpcommunity Command Output 2 002 0c eee eee 95 Table 16 Fields of show snmptrap Command Report 00 020 ee eee eee eee 96 Table 17 Fields of show trapflags Command Report 00 0c cece eee eee 96 Table 18 Commands in the Interface VLAN Mode EG IRA ARS TUM TIE Pr TTE Table 19 show radius accounting Command Example Fields Lulu 185 Table 20 show radius accounting Command Example Fields sese 186 Table 21 Broadcast Storm Recovery Thresholds UT TIR T Table 22 Default CoS Qu
292. s associated with the selected LAG when it was created Or if all was entered instead of the LAG ID the entered name replaces the names of all configured LAGs Mode Global Config Related Commands addport Add a port to a LAG Ports added to a LAG must be physical ports not other LAGs port channel Create or delete a LAG show port channel Display the configured LAG names and their IDs The interface number is specified in logical slot port format which displays one 1 as the slot number the port number is a sequential integer based on existing LAG numbers when the new LAG is created Before adding ports to the newly defined LAG use this command to determine the logical ID to identify the LAG when associating a port with it port channel staticcapability Enable Disable static capability for all LAGs port channels Syntax no port channel staticcapability Default disabled SFTOS Command Reference for the S2410 Version 2 4 1 0 253 port lacpmode Mode Global Config port lacomode Syntax Default Mode Command History Related Commands This command enables Link Aggregation Control Protocol LACP on a port The no version of this command disables Link Aggregation Control Protocol LACP on a port no port lacpmode disabled Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Deprecated Use no po
293. s product is in conformity with the protection requirements of EU Council Directive 89 336 EEC on the approximation of the laws of the Member States relating to electromagnetic compatibility Force 10 Networks can not accept responsibility for any failure to satisfy the protection requirements resulting from a non recommended modification of this product including the fitting of non Force10 option cards This product has been tested and found to comply with the limits for Class A Information Technology Equipment according to CISPR 22 European Standard EN 55022 The limits for Class A equipment were derived for commercial and industrial environments to provide reasonable protection against interference with licensed communication equipment Warning This device is a Class A product In a domestic environment this device can cause radio interference in which case the user may be required to take appropriate measures VCCI Compliance for Class A Equipment Japan TORE TESEELIEIEE SETTE E EI EAR USER VCCI 03E CZ2472AAT SRISIEXEIE C 4 TORE amp RERA CHATS C ER iu spedicddccs6Uut3d 0s Bm 5389 2 x 9 IB SBEDBKENSCEPHVEF This is Class A product based on the standard of the Voluntary Control Council For Interference by Information Technology Equipment VCCI If this equipment is used in a domestic environment radio disturbance may arise When such trouble occurs the user may be required to take corrective actions A Danger AC Power cords
294. s traps for all interfaces Syntax no snmp trap link status all The no version of this command disables link status traps for all interfaces Note This command is valid only when the Link Up Down Flag is enabled See snmp server enable traps linkmode Mode Global Config snmptrap snmpversion This command selects between SNMP version 1 and version 2 traps to be sent for the selected SNMP trap name Syntax snmptrap snmpversion name ipaddr snmpv1 snmpv2 Mode Global Config SFTOS Command Reference for the S2410 Version 2 4 1 0 103 snmptrap snmpversion 104 System Management Commands System Configuration Commands This chapter provides a detailed explanation of the system configuration commands in the following major sections e System Configuration Commands e Virtual LAN VLAN Commands on page 120 e System Utility Commands on page 138 e Configuration Scripting on page 146 Note For Link Aggregation Group LAG also called port channel commands see Chapter 15 LAG Port Channel Commands on page 249 User access commands are in Chapter 8 User Account Commands on page 157 A related chapter is Security Commands on page 163 Broadcast storm control commands are in the Broadcast Storm Control Commands on page 199 in Chapter 8 User Account Commands on page 157 System Configuration Commands This section describes the following system configuration commands e bridge aging time on page 10
295. scription IP Address The IP address of the interface The factory default value is 0 0 0 0 Subnet Mask The IP subnet mask for this interface The factory default value is 0 0 0 0 Default Gateway The default gateway for this IP interface The factory default value is 0 0 0 0 Burned In MAC Address The burned in MAC address used for in band connectivity Java Mode Enable or Disable Specifies if the switch should allow access to the Java applet in the header frame Enabled means the applet can be viewed The factory default is disabled Locally Administered MAC Address If desired a locally administered MAC address can be configured for in band connectivity To take effect MAC Address Type must be set to Locally Administered Enter the address as twelve hexadecimal digits 6 bytes with a colon between each byte Bit 1 of byte 0 must be set to a 1 and bit 0 to a 0 i e byte 0 should have the following mask xxxx xx10 The MAC address used by this bridge when it must be referred to in a unique fashion It is recommended that this be the numerically smallest MAC address of all ports that belong to this bridge However it is only required to be unique When concatenated with dot1dStpPriority a unique Bridgeldentifier is formed which is used in the Spanning Tree Protocol MAC Address Type Specifies which MAC address should be used for in band connectivity The choices are the burned in or the Local
296. sed in this command will become the new primary server The IP address must match that of a previously configured RADIUS authentication server Syntax radius server primary ipaddr Mode Global Config radius server retransmit This command sets the maximum number of times a request packet is re transmitted when no response is received from the RADIUS server The retries value is an integer in the range of 1 to 15 The no version of this command sets the maximum number of times a request packet is re transmitted when no response is received from the RADIUS server to the default value ie 10 Syntax radius server retransmit retries no radius server retransmit Default 10 Mode Global Config SFTOS Command Reference for the S2410 Version 2 4 1 0 183 radius server timeout radius server timeout show radius 184 Syntax Default Mode Syntax Mode This command sets the timeout value in seconds after which a request must be retransmitted to the RADIUS server if no response is received The timeout value is an integer in the range of 1 to 30 radius server timeout seconds The no radius server timeout command sets the timeout value to the default value after which a request must be retransmitted to the RADIUS server if no response is received 6 Global Config This command is used to display the various RADIUS configuration items for the switch as well as the configured RADIUS servers show radius
297. separated by a bar in syntax statements require you to choose one SFTOS Command Reference for the S2410 Version 2 4 1 0 39 The following conventions apply to the command name e The command name is displayed in bold font It must be entered exactly as shown e When you have entered enough letters of a command name to uniquely identify the command you can press the space bar or Tab key to cause the system to complete the word For more keyboard shortcuts speedkeys see Keyboard Shortcuts on page 43 Command Format Some commands such as show inventory or clear vlan do not require parameters Other commands have parameters for which you must supply a value Parameters are positional you must enter the values in the correct order Optional parameters follow required parameters For example snmp server location oc snmp server location is the command name e loc isa parameter a placeholder for a required value ip address ipaddr subnetmask ip address is the command name ipaddr and subnetmask are two required parameters placeholders for two required values mtrace sourceipaddr destination group e mtrace is the command name e Ssourceipaddr is a required parameter e The parameters destination and group are in brackets to indicate that they are optional parameters and being in separate brackets indicates that they are not mutually exclusive mac type local burnedin e mactype is th
298. servers Privileged Exec If the optional keyword servers is not included the following RADIUS configuration items will be displayed Primary Server IP Address Indicates the configured server currently in use for authentication Number of configured servers The configured IP address of the authentication server Max number of retransmits The configured value of the maximum number of times a request packet is retransmitted Timeout Duration The configured timeout value in seconds for request re transmissions Accounting Mode Yes or No If the optional keyword servers is included the following information regarding configured RADIUS servers is displayed IP Address IP Address of the configured RADIUS server Port The port in use by this server Type Primary or secondary Secret Configured Yes No Security Commands show radius accounting statistics show radius accounting statistics Syntax Mode Example Example This command is used to display the configured RADIUS accounting mode accounting server and the statistics for the configured accounting server show radius accounting statistics P address Privileged Exec If the optional keyword statistics P address is not included then only the accounting mode and the RADIUS accounting server details are displayed as listed here S50 TAC 5 show radius accounting RADIUS Accounting Modsa 3 RR Sete REOR Disable IP Addres EE EE 1 1 1 1 onc PM P
299. show igmpsnooping mrouter interface unit slot port vlan 1 3965 unit slot port Display ports on which Multicast Routers are detected Enter interface in unit slot port format vlan 1 3965 Display VLANS for the specified interface on which Multicast Routers are detected Privileged Exec unit slot port the port on which multicast router information is being displayed Multicast Router Attached This indicates whether or not multicast router is statically enabled on the interface VLAN ID The list of VLANs of which the interface is a member IGMP Snooping Commands show mac address table igmpsnooping show mac address table igmpsnooping This command displays the IGMP Snooping entries in the Multicast Forwarding Database MFDB table Syntax show mac address table igmpsnooping Mode Privileged Exec Report Fields Mac Address A multicast MAC address for which the switch has forwarding and or filtering information The format is two digit hexadecimal numbers that are separated by colons for example 01 23 45 67 89 AB In a system the MAC address will be displayed as a MAC address and VLAN ID combination of 8 bytes Type This displays the type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Description The text description of this multicast table entry Interfaces The list of interfaces that are d
300. si bp desi icu o d eee us 130 Cg M MP C ee ee er eee eee Le a eee er ee ee re rT ee ee er Te ee ere er 131 U O O arer Tarr eee ee ee ee ee ee eee ER IN EP ee ee eee E GP dd qi 132 MET cid cited AT ek Sign uda asa count Gu aues lia EET E E ae i es Neqoe leu td 132 U uPcer cnrnp 133 E E T T TE E E T E E E E E E Pa E RO ERA 133 CeL E T ur cT E ET TAT TETT TEETE TT 133 vian participation interface oie soo Roky ee SESE EEE OEE SHEE ESL oe bees 133 ae pesci P HEC TEE 134 Wall pon SCCRONIGING P TTTEEUTOURUITTUUTTTTSTT 134 Wa PO IIOFGSSINTOF AN orbacaced arco gees ER Yo dae er E sb eh PH JUR erg d eq 134 VET BOE DIUI SIT ace tis tide s qid ume quida cantu qdidetu Quia qid ed adea d quad dea Sd wu d 134 van port tagging all 3350 oi GEOR RE Ra Ga EES REHEARSE ACA GN RURCR OR ROGO RS ERAGE Ra d dd 135 UT DOT unao O AY rarr REC ARR OPER AIRES OI REN EERE EO NA PER RAE EER RAS 125 van OUO NOUT 4 dee sss par tss SAS heR ORES aE ArT SERA PROS SST peebbesqcdqs 136 wan protocol group add DrOlOOOI iius ses sos sunk HELE TOL SERRE PRES REPRE 136 va protocol group TOV Sas oc ae sia tee doa dd adio sq R M NW ee eats dace ud MR des 3 136 VH MM 2545 o 4b 4d aque GRAS E ene equ wed a ESOS due adu ESER ma vo vd qub db d 137 WAT SAO ET bea AEEA AT ESNE RE do A A A Week ded P ed ond TTT 137 VA OI ETE E E E S E T d quo E E E S E OT 137 System Ulty Commahd d g iuuenem smeden gem em mars eR rm dona ean gab omn SR d e os 138 Cem CO
301. sion ID of 1 monitor session 1 mode Sets the monitor session port monitoring mode to enabled This command displays port information for a selected port or for all ports The Port Summary panel of the Web User Interface displays the same information show port unit slot port all Privileged Exec Modified Revised to include VLAN interface IDs in the Interface column of the report Version 2 3 SFTOS Command Reference for the S2410 Version 2 4 1 0 117 show port 118 Example Force10 S2410 show port all N p F Admin Physical Physical Link Link LAC Flow Interface Type Mode Mode Status Status Trap Mode Mode 0 1 Enable 10G Full Down Enable Enable Disable 0 2 Enable 10G Full Down Enable Enable Disable 0 3 Enable 10G Full Down Enable Enable Disable 0 4 Enable 10G Full Down Enable Enable Disable 0 5 PC Mbr Enable 10G Full 10G Ful Up Enable Enable Disable 0 6 Enable 10G Full 10G Ful Up Enable Enable Disable 0 7 Enable 10G Full 10G Ful Up Enable Enable Disable 0 8 PC Mbr Enable 10G Full 10G Ful Up Enable Enable Disable 0 9 PC Mbr Enable 10G Full 10G Ful Up Enable Enable Disable 0 10 PC Mbr Enable 10G Full Down Enable Enable Disable 0 11 PC Mbr Enable 10G Full 10G Full Up Enable Enable Disable 0 12 PC Mbr Enable 10G Full 10G Full Up Enable Enable Disable 0 13 Disable 10G Full Down Enable Enable Disable 0 14 Enable 10G Full Down Enable Enable Disable 0 15 E
302. sion of GARP PDUs registering or re registering membership for an attribute Current attributes are a VLAN or multicast group There is an instance of this timer on a per Port per GARP participant basis Permissible values are 10 to 100 centiseconds 0 1 to 1 0 seconds The factory default is 20 centiseconds 0 2 seconds The finest granularity of specification is 1 centisecond 0 01 seconds SFTOS Command Reference for the S2410 Version 2 4 1 0 233 show mac address table gmrp Leave Timer Specifies the period of time to wait after receiving an unregister request for an attribute before deleting the attribute Current attributes are a VLAN or multicast group This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service There is an instance of this timer on a per Port per GARP participant basis Permissible values are 20 to 600 centiseconds 0 2 to 6 0 seconds The factory default is 60 centiseconds 0 6 seconds The finest granularity of specification is 1 centisecond 0 01 seconds LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are generated A LeaveAll PDU indicates that all registrations will shortly be deregistered Participants will need to rejoin in order to maintain registration There is an instance of this timer on a per Port per GARP participant basis The Leave All Period Timer is set to a random value in the rang
303. snmp server community on page 97 e snmp server community ipaddr on page 98 e snmp server community ipmask on page 98 e snmp server community mode on page 98 e snmp server community ro on page 99 snmp server community rw on page 90 e snmp server enable traps bcaststorm on page 99 e snmp server enable traps linkmode on page 100 e snmp server enable traps multiusers on page 100 e snmp server enable traps stpmode on page 101 e snmp server enable trap violation on page 101 e snmp server traps enable on page 101 e snmptrap on page 102 e snmptrap ipaddr on page 102 e snmptrap mode on page 102 e snmp trap link status on page 103 e snmp trap link status all on page 103 e snmptrap snmpversion on page 103 Note The Layer 3 Routing Package of SFTOS also contains these SNMP traps In Global Config mode no ip dvmrp trapflags Sets the DVMRP Distance Vector Multicast Routing Protocol traps flag disabled by default See the Multicast chapter no ip pim trapflags Sets the PIM traps flag disabled by default See the PIM chapter In Router OSPF Config mode no trapflags Sets the OSPF traps flag See the OSPF chapter enabled by default For information on configuring SNMP see the Management chapter in the SFTOS Configuration Guide System Management Commands show snmpcommunity show snmpcommunity Syntax Mode This command displays SNMP community information Six communities are supported You can
304. sofservice trust Syntax Modes Command History Related Commands cos queue Syntax This command sets the class of service trust mode of an interface to Dotlp 802 1p The ip precedence and ip dscp options for IP Precedence and IP DSCP packet markings are not available in SFTOS 2 4 1 classofservice trust dot p The no classofservice trust command sets the interface mode to untrusted Global Config Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Interface Range mode added interface range Defines an interface range and accesses the Interface Range mode max bandwidth This command specifies the maximum transmission bandwidth limit for each interface queue Also known as rate shaping this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded The total number of queues supported per interface is platform specific four queues in the S2410 no cos queue max bandwidth bw 0 bw 3 For the variable bw represents bandwidth and the suffix number represents one of the four S2410 queues For example enter 40 3 for a maximum bandwidth of 40 in queue 3 SFTOS Command Reference for the S2410 Version 2 4 1 0 277 cos queue min bandwidth Modes Command History Related Commands cos queue Syntax Modes Command History Related Comman
305. speed and duplex mode Physical Status Indicates the port speed and duplex mode Link Status Indicates whether the Link is up or down Link Trap lndicates whether or not to send a trap when link status changes The default is enabled LACP Mode Displays whether LACP is enabled or disabled on this port Flow Mode Displays whetherflow control is enabled or disabled System Configuration Commands show port protocol show port protocol Syntax Mode This command displays the protocol based VLAN information for either the entire system or for the indicated group show port protocol groupid Privileged Exec Group Name This field displays the group name of an entry in the protocol based VLAN table Group ID This field displays the group identifier of the protocol group Protocol s This field indicates the type of protocol s for this group VLAN This field indicates the VLAN associated with this protocol group Interface s This field lists the unit slot port interface s that are associated with this protocol group shutdown Interface Syntax Default Mode Command History Related Commands shutdown all This command disables a port The no version of this command enables a port no shutdown enabled Interface Config Interface Range which is indicated by the conf if range interface ft prompt such as conf if range vlan 10 20 Version 2 3 Added Interface Range mode in
306. splays the unit slot port of the interface If displaying the global configuration this output line is replaced with a Global Configuration indication Interface Shaping Rate The maximum transmission bandwidth limit for the interface as a whole It is independent of any per queue maximum bandwidth value s in effect for the interface The following information is repeated for each queue on the interface Queue ID Queue identification number An interface supports n queues numbered 0 to n 1 The specific n value is platform dependent Min Bandwidth The minimum transmission bandwidth guarantee for the queue expressed as a percentage A value of 0 means bandwidth is not guaranteed and the queue operates using best effort Scheduler Type Indicates whether this queue is scheduled for transmission using a strict priority or a weighted scheme Queue Management Type The queue depth management technique used for all queues on this interface show interfaces random detect This command displays the weighted random early discard WRED configuration for each supported drop precedence level of each queue for the specified interface 282 Quality of Service QoS Commands Syntax Mode Report Fields Command History Related Commands show interfaces tail drop threshold show interfaces random detect s ot port The slot port parameter is optional If specified the class of service WRED configuration of the interface is dis
307. ss move 166 port security max static 165 protocol vlan group 127 shutdown 119 252 257 snmp trap link status 103 snmp server enable trap violation 101 spanning tree edgeport 267 spanning tree hello time 268 spanning tree mst priority 272 spanning tree port mode enable 273 vlan acceptframe 133 vlan ingressfilter 133 vlan pvid 137 interface vlan 44 46 123 interface vlan command 47 124 Interface VLAN mode 120 123 Internet See Web interface inventory 114 116 119 169 227 229 233 234 inverted mask 289 IP ACLs 4 ip address 36 ip address management 58 ip dhcp bootp automatic 208 ip dhcp conflict logging 208 ip dhcp excluded address 208 ip dhcp ping packets 209 ip dhcp pool 209 ip dhcp pool command 47 ip dvmrp trapflags 94 ip http javamode enable 53 196 ip http secure port 196 ip http secure protocol 196 ip http secure server enable 197 ip http server enable 197 ip pim trapflags 94 ip ssh maxsessions 192 ip ssh protocol 193 ip ssh server enable 193 ip ssh timeout 194 ip telnet maxsessions 88 ip telnet server enable 89 ip telnet timeout 88 ipaddr 41 iSupport 23 J JavaScript TM 51 join time 225 Jumbo Frame size 4 K key 189 key tacacs server 188 Keyboard Shortcuts 43 L LAG 802 3ad 249 LAGs configuring 251 SFTOS Command Reference for the S2410 Version 2 4 1 0 297 deleting ports from 251 enabling or disabling 251 252 link traps 252 logical ID 256 name 253
308. st Attempt Time AUG 20 09 04 15 2006 Last Attempt Status Success Broadcast Count 0 Forcel0 Figure 47 show sntp Command Example 218 SNTP Commands show sntp client Field Last Update Time Time of last clock update Descriptions Last Attempt Time Time of last transmit query in unicast mode Last Attempt Status Status of the last SNTP request in unicast mode or unsolicited message in broadcast mode Broadcast Count Current number of unsolicited broadcast messages that have been received and processed by the SNTP client since last reboot Multicast Count Current number of unsolicited multicast messages that have been received and processed by the SNTP client since last reboot show sntp client This command is used to display SNTP client settings Syntax show sntp client Mode Privileged Exec Example Forcel04 show sntp client Client Supported Modes unicast broadcast SNTP Version 4 Port 123 Client Mode disabled Forcel0 Figure 48 show snip client Command Example Field Client Supported Modes Supported SNTP Modes broadcast and or unicast Descriptions SNTP Version The highest SNTP version the client supports Port SNTP Client Port Client Mode Configured SNTP Client Mode Poll Interval lf enabled the poll interval value for SNTP clients in seconds as a power of two Poll Timeout If enabled the poll timeout value in seconds for SNTP clients Poll Retry lf enabled the poll retry valu
309. st Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include multicast packets Packets Received With Error The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Packets Transmitted Without Error The total number of packets transmitted out of the interface Broadcast Packets Transmitted The total number of packets that higher level protocols requested to be transmitted to the Broadcast address including those that were discarded or not sent Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors Address Entries Currently In Use The total number of Forwarding Database Address Table entries now active on the switch including learned and static entries System Management Commands Related Commands show interfaces Table 10 Fields in Output of show interface switchport Command Field Description VLAN Entries Currently In Use The number of VLAN entries presently occupying the VLAN table Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this switch were last cleared ip address management Configures the IP address of the management interface show interface Displays detailed statistics for a specific port or f
310. st eight characters in length The username is the login user name associated with the authentication protocol The no version of this command sets the authentication protocol to be used for the specified login user to none The username is the login user name for which the specified authentication protocol will be used no authentication users snmpv3 authentication username none md5 sha users snmpv3 authentication username Global Config users snmpv3 encryption 160 This command specifies the encryption protocol to be used for the specified login user The valid encryption protocols are des or none User Account Commands users snmpv3 encryption If des is specified the required key may be specified on the command line The key may be up to 16 characters long If the des protocol is specified but a key is not provided the user will be prompted for the key When using the des protocol the user login password is also used as the snmpv3 encryption password and therefore must be at least eight characters in length If none is specified a key must not be provided The username is the login user name associated with the specified encryption The no version of this command sets the encryption protocol to none The username is the login user name for which the specified encryption protocol will be used Default no encryption Syntax no users snmpv3 encryption username none des key Mode Global Config SFTOS Com
311. stname Line Policy Map Mode Use the policy map lt policy name gt command to access the QoS policy map configuration mode to configure the QoS policy map The prompt sequence is hostname Config policy map lt policy name gt hostname Config policy map Policy Class Mode Use the class lt class name gt command to access the QoS policy classmap mode to attach remove a diffserv class to a policy and to configure the QoS policy class The prompt sequence is hostname Config policy map class lt class name gt hostname Config policy classmap Class Map Mode This mode consists of class creation deletion and matching commands The class match commands specify Layer 2 Layer 3 and general match criteria Use the class map class map name commands to access the QoS class map configuration mode to configure QoS class maps The prompt sequence is hostname Config class map lt class map name gt hostname Config class map Router OSPF Config Mode In this mode you can access the router OSPF configuration commands The prompt sequence is hostname Config router ospf hostname Config router Router RIP Config Mode In this mode you can access the router RIP configuration commands The prompt sequence is hostname Config router rip hostname Config router MAC Access List Config Mode Use the MAC Access List Config mode to create a MAC access List and to enter the mode containing mac access list configuration com
312. sts Number of requests to the server Failed Unicast Requests Number of failed requests from server 220 SNTP Commands VLAN Stack Commands VLAN Stack commands also called Double VLAN tagging QinQ and VLAN tunneling With this feature you can stack VLANs into one tunnel and switch them through the network The commands in this chapter in order are e dvlan tunnel ethertype on page 221 e mode dotlq tunnel on page 222 e mode dvlan tunnel on page 222 e show dotlq tunnel on page 223 e show dvlan tunnel on page 224 dvlan tunnel ethertype Syntax Default Mode Command History Web User Interface Related Commands This command configures the etherType for all VLAN Stack interfaces on the system dvlan tunnel ethertype 802 1Q vman custom 0 655535 The etherType may have the values of 802 1Q vman or custom For custom the value of the etherType must be set to a number from 0 to 65535 The no version of this command sets the etherType for the specified interface to the default vman Global Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Interface Range mode added Double VLAN Tunneling The Double VLAN Tunneling panel is the SFTOS Web Interface panel with similar functionality Access it in the node tree through System gt gt Port gt gt Double VLAN Tunneling interface range Defines an in
313. switch detailed 66 68 70 75 77 show switchconfig 199 show tacacs 191 show terminal 144 show users 158 show vlan detailed 77 129 280 282 284 show dot1q tunnel 223 show dot1x 176 show dot1x detail 178 show dot1x users 179 show dvlan tunnel 224 show forwardingdb agetime 114 show garp 227 show gmrp configuration 233 show gvrp configuration 229 show hardware 33 65 show igmpsnooping 245 show igmpsnooping fast leave 246 show igmpsnooping mrouter interface 246 show interface 65 75 76 show interface ethernet 67 show interface managementethernet 36 show interfaces 77 show interfaces cos queue 282 show interfaces description 78 show interfaces random detect 282 show interfaces tail drop threshold 283 show inventory 194 show ip dhcp binding 212 show ip dhcp conflict 214 show ip dhcp global configuration 213 show ip dhcp pool configuration 213 show ip dhcp server statistics 214 show ip http 198 show logging 78 153 show logging buffered 154 show logging hosts 155 show logging persistent 154 show logging traplogs 156 show loginsession 34 158 161 show mac access lists 202 show mac address table 114 show mac address table gmrp 234 show mac address table igmpsnooping 247 show mac address table multicast 115 116 show mac address table stats 116 show mac addr table 78 show mac addr table all 79 80 show mac addr table count 80 281 show mac addr table vlan 80 show monitor session 116 show msglog 80 show network 81 show port
314. t f Forcelo 2410 Config serviceport ip 10 11 197 177 255 255 0 0 10 11 197 190 N Forcel0 S2410 Config exit Forcel0 S2410 show serviceport IB S AddftesSS el Sew RRRERUDLRES OR E n PUR Fue EU e Foe e IRR lO TT T97 1747 Subneb Mask ez e eT OEE RTENE ERE mcm Hoh Tes E 255 255 0 0 Default Gateways ais si 64 OSA I rap es l0 l1I1 19U 190 ServPort Configured Protocol Current None Burned In MAC AddEGSS A RR I cs Im lw IR SIUS 00 01 E8 99 99 9A Forcel0 S2410 Figure 3 Example of Configuring the Ethernet Management Port Uploading from the Switch through XMODEM To copy to a PC through the console port with XMODEM use the following command Command Syntax Command Mode Purpose copy nvram startup config Privileged Exec The options file types are nvram errorlog nvram log config configuration file nvram traplog xmodem errorlog error Event log filepath filename log System log system trace system trace traplog trap log This starts the upload and also displays the mode of uploading and the type of upload it is and confirms the upload is taking place If you are using HyperTerminal specify which file is to be sent to the switch Downloading to the Switch through XMODEM To download through the console port from a PC use the following command Command Syntax Command Mode Purpose copy xmodem filepath Privileged Exec Sets the destination d
315. t Enable broadcast storm recovery mode show storm control Display switch configuration information snmp server enable traps linkmode Syntax Default Mode This command enables Link Up Down traps for the entire switch When enabled link traps are sent only if the Link Trap flag setting associated with the port is enabled see snmp trap link status command no snmp server enable traps linkmode The no version of this command disables Link Up Down traps for the entire switch enabled Global Config snmp server enable traps multiusers Syntax Default Mode 100 This command enables Multiple User traps When the traps are enabled a Multiple User Trap is sent when a user logs in to the terminal interface EIA 232 or telnet and there is an existing terminal interface session no snmp server enable traps multiusers The no version of this command disables Multiple User traps enabled Global Config System Management Commands snmp server enable traps stpmode snmp server enable traps stpmode Syntax Default Mode This command enables the sending of new root traps and topology change notification traps no snmp server enable traps stpmode The no version of this command disables the sending of new root traps and topology change notification traps enabled Global Config snmp server enable trap violation Syntax Default Mode Command History Related Commands This co
316. t are designated for forwarding Fwd and filtering Flt 234 GARP GVRP and GMRP Commands IGMP Snooping Commands Note The current S2410 hardware does not support IGMP Snooping so the commands in this chapter appear in the CLI but do not function This chapter provides a detailed explanation of the following IGMP Snooping commands igmp enable interface on page 236 igmp enable global on page 236 igmp fast leave interface on page 237 igmp groupmembership interval interface on page 237 igmp interfacemode enable all on page 238 igmp maxresponse on page 238 igmp mcrtexpiretime interface on page 239 igmp mrouter interface on page 240 igmp mrouter interface enable on page 240 set igmp interface on page 241 set igmp system on page 241 set igmp fast leave on page 241 set igmp groupmembership interval global on page 241 set igmp groupmembership interval interface on page 242 set igmp interface on page 242 set igmp interfacemode all on page 242 set igmp maxresponse global on page 243 set igmp maxresponse interface on page 243 set igmp mcrtexpiretime global on page 244 set igmp mcrtexpiretime interface on page 244 set igmp mrouter on page 245 show igmpsnooping on page 245 show igmpsnooping fast leave on page 246 show igmpsnooping mrouter interface on page 246 show mac address table igmpsnooping on page 247 SFTOS Command Reference for the S2410 Version 2 4 1 0 235 igmp
317. t extended Syntax Parameters Mode Related Commands 290 This command creates a MAC Access Control List ACL identified by name consisting of classification fields defined for the Layer 2 header of an Ethernet frame Note The CLI mode is changed to Mac Access List Config prompt is hostname gt Mac Access List Config when this command is successfully executed If a MAC ACL by this name already exists this command simply invokes the mode The no version of this command deletes a MAC ACL identified by name from the system mac access list extended name name Case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list The string may include alphabetic numeric dash dot or underscore characters only The string must start with a letter Global Config deny permit Creates a new rule for the MAC access list selected by the mac interface range access list extended command Defines an interface range and accesses the Interface Range mode ACL Commands mac access list extended rename mac access group port channel In the Interface Port Channel Config mode attaches a MAC ACL to the selected port channel mac access group Attaches a specific MAC Access Control List ACL identified by name to an interface in the ingress direction mac access list extended rename Changes the name of an existing MAC ACL show mac access lists
318. t uses a local broadcast address instead of a multicast address The broadcast address has a single subnet scope while a multicast address has Internet wide scope unicast SNTP operates in a point to point fashion A unicast client sends a request to a designated server at its unicast address and expects a reply from which it can determine the time and optionally the round trip delay and local clock offset relative to the server Disabled No SNTP requests are sent from the client nor are any received SNTP messages processed Global Config sntp client port Syntax Parameters Default Usage Mode 216 This command sets the SNTP client port ID to a value from 1 65535 sntp client port portid poll interval portid Specify the local UDP port to listen for responses broadcasts The allowed range is 1 to 65535 Default value is 123 poll interval Optionally set the poll interval for the client in seconds as a power of two in the range from 6 to 10 Default value is 6 This setting is true for both unicast and broadcast poll requests Broadcasts received prior to the expiry of this interval are discarded Use the no sntp client port command to reset the SNTP client port to its default values 123 You can also set the poll interval for a unicast client with the sntp unicast client poll interval command Global Config SNTP Commands sntp unicast client poll interval sntp unicast client poll
319. t were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received Octets that were between 1519 and 1522 octets in length inclusive excluding framing bits but including FCS octets Max Info The maximum size of the Info non MAC field that this port will receive or transmit Packets Transmitted Successfully Total Unicast Packets Transmitted The number of frames that have been transmitted by this port to its segment The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a Multicast address including those that were discarded or not sent Broadcast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to the Broadcast address including those that were discarded or not sent Transmit Errors Total Errors The sum of Single Multiple and Excessive Collisions Tx FCS Errors The total number of packets transmitted that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets Oversized The total number o
320. terface ethernet command contains broadcast storm statistics snmp server enable traps bcaststorm Enable the sending of Broadcast Storm traps storm control broadcast Syntax Default Mode Related Commands This command enables broadcast storm recovery mode If the mode is enabled broadcast storm recovery with high and low thresholds is implemented The threshold implementation follows a percentage pattern If the broadcast traffic on any Ethernet port exceeds the high threshold percentage as represented in Table 21 of the link speed the switch discards the broadcast traffic until the traffic returns to the low threshold percentage or less The full implementation is depicted in the table below Table 21 Broadcast Storm Recovery Thresholds Link Speed High Low 10M 20 10 100M 5 2 1000M 5 2 no storm control broadcast disabled Global Config show storm control Shows the storm control configuration show interface ethernet Shows broadcast storm statistics storm control flowcontrol Syntax 200 This command enables 802 3x flow control for the switch no storm control flowcontrol Security Commands storm control flowcontrol The no version of this command disables 802 3x flow control for the switch Note 802 3x flow control works by pausing a port when the port becomes oversubscribed and dropping all traffic for small bursts of time during the congestion conditi
321. terface range Defines an interface range and accesses the Interface Range mode interface Identifies an interface and enters the Interface Config mode This command disables all ports The no version of this command enables all ports SFTOS Command Reference for the S2410 Version 2 4 1 0 119 shutdown all Syntax Default Mode no shutdown all enabled Global Config Virtual LAN VLAN Commands 120 In SFTOS 2 4 1 the interface vlan command is the starting point for VLAN configuration Executing the command creates a new VLAN and invokes the Interface VLAN mode where all VLAN configuration commands reside for the specified VLAN You execute this interface vlan command see interface vlan on page 123 from the Global Config mode Table 18 Commands in the Interface VLAN Mode Command Command Family Location of Commands Description Command Syntex Description description Add a description to the VLAN This chapter encapsulation Configure interface link layer This chapter VLAN encapsulation type exit Leave the mode help Display help for various special keys igmp Configure IGMP Snooping parameters IGMP Snooping Commands on for the VLAN page 235 ip Configure IP parameters makestatic Change the VLAN type from Dynamic to This chapter Static mtu VLAN Set the default MTU size This chapter name VLAN Configure an optional VLAN name This chapter protocol Configure th
322. terface range and accesses the Interface Range mode show dot1q tunnel Displays the configured etherType and other information about Double VLAN Tunneling for a specified interface or for all interfaces show dvlan tunnel same as above SFTOS Command Reference for the S2410 Version 2 4 1 0 221 mode dot1q tunnel mode dot1q tunnel Syntax Default Mode Web User Interface Usage Information Related Commands This command is used to enable Double VLAN Tunneling on the specified interface By default Double VLAN Tunneling is disabled This command performs the same function as mode dvlan tunnel The no version of this command is used to disable Double VLAN Tunneling on the specified interface By default Double VLAN Tunneling is disabled mode dotl q tunnel disabled Interface Config Double VLAN Tunneling By default all ports become core ports To configure a particular port as an access port enable DVLAN tagging in Interface Config mode for that port with this command show dotiq tunnel Displays information about Double VLAN Tunneling for a specified interface or for all interfaces show dvlan tunnel same as above mode dvlan tunnel Syntax Default Mode Web User Interface Usage Information 222 This command is used to enable Double VLAN Tunneling on the specified interface By default Double VLAN Tunneling is disabled This command performs the same function as mode dotl q tu
323. th extension all Deletes all configuration script files from the switch Mode Privileged Exec script list This command lists all scripts present on the switch as well as the total number of files present Syntax script list Mode Privileged Exec Report Elements Configuration Script Name Size Bytes SFTOS Command Reference for the S2410 Version 2 4 1 0 147 script show script show This command displays the contents of a script file The parameter scriptname is the name of the script file Syntax script show scriptname Mode Privileged Exec The format of display is Line no Line contents script validate This command validates a configuration script file by parsing each line in the script file where scriptname is the name of the script to be validated The validation will stop at the first failure of a command Syntax script validate scriptname Mode Privileged Exec 148 System Configuration Commands System Log This chapter provides a detailed explanation of the following Syslog commands logging buffered on page 149 logging buffered wrap on page 150 logging cli command on page 150 logging console on page 151 logging host on page 151 logging host reconfigure on page 152 logging host remove on page 152 logging persistent on page 152 logging port on page 152 logging syslog on page 153 e show logging on page 153 e show logging buffered on page 154 e sho
324. the S2410 Version 2 4 1 0 203 bootfile boottile Syntax Default Mode The command specifies the name of the default boot image for a DHCP client The filename specifies the boot image file The no version of this command deletes the boot image name bootfile filename no bootfile none DHCP Pool Config Clear ip dhcp binding Syntax Default Mode This command deletes an automatic address binding from the DHCP server database If is specified the bindings corresponding to all the addresses are deleted address is a valid IP address made up of four decimal bytes ranging from 0 to 255 IP address 0 0 0 0 is invalid clear ip dhcp binding address none Privileged Exec clear ip dhcp server statistics Syntax Mode 204 This command clears DHCP server statistics counters clear ip dhcp server statistics Privileged Exec DHCP Server Commands clear ip dhcp conflict clear ip dhcp conflict Syntax Default Mode The command is used to clear an address conflict from the DHCP Server database The server detects conflicts using a ping DHCP server clears all conflicts If the asterisk character is used as the address parameter clear ip dhcp conflict address none Privileged Exec client identifier Syntax Default Mode client name Syntax Default Mode This command specifies the unique identifier for a DHCP client The unique identifier is a valid notation in h
325. the mode help Display help for various special keys igmp Configure IGMP Snooping parameters for the Vlan ip Configure IP parameters mtu Sets the default MTU size protocol Configure the Protocols associated with particular Group Ids makestatic Change the VLAN type from Dynamic to Static name Configure an optional VLAN Name participation Configure how ports participate in a specific VLAN priority Configure the priority for untagged frames pvid Configure the VLAN id for a specific port tagged Configure tagging for a specific VLAN port untagged Configure untagging for a specific VLAN port Forcel0 Conf if vl 5 4exit Forcel0 Config exit Forcel0 show vlan brief VLAN ID VLAN Name MAC Aging IP Address al Default 300 unassigned 5 300 unassigned ees Figure 30 Using the interface vlan Command Related interface Accesses the Interface Config mode for a designated logical or physical Commands interface interface range Groups a set of individual interfaces a range of interfaces or more than one range of interfaces to which subsequent configuration commands can be applied bulk configuration show vlan Displays information about VLANS either detailed information for a specific VLAN or summary information for all configured VLANs show port Displays port information for a selected port or for all ports makestatic This command changes a dynamically created VLAN one that is created by GVRP registration to a sta
326. the specified port Syntax dotlx re authentication Default disabled Mode Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 SFTOS Command Reference for the S2410 Version 2 4 1 0 173 dot1x system auth control Command History Related Commands Version 2 3 Interface Range mode added interface range Defines an interface range and accesses the Interface Range mode dot1x system auth control Syntax Default Mode This command is used to enable the dot1x authentication support on the switch By default the authentication support is disabled While disabled the dot1x configuration is retained and can be changed but is not activated The no version of this command is used to disable the dot1x authentication support on the switch dot1x system auth control disabled Global Config dot1x timeout 174 Syntax Parameters This command sets the value in seconds of the timer used by the authenticator state machine on this port Depending on the keyword used and the value in seconds passed various timeout configurable parameters are set dot1x timeout reauth period seconds quiet period seconds tx period seconds supp timeout seconds server timeout seconds The no version of this command sets the value in seconds of the specified timer to the its default value no dot1x timeout reauth per
327. the specified interface show interfaces tail drop threshold Quality of Service QoS Commands traffic shape Syntax Parameters Modes Usage Information traffic shape This command specifies the maximum transmission bandwidth limit for the interface as a whole Also known as rate shaping this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded traffic shape bw bw Enter the shaping bandwidth percentage from 0 to 100 in increments of 5 Use the no traffic shape command to restore the default interface shaping rate value Global Config This command is only for egress output rate shaping Differentiated Services DiffServ Commands DiffServ commands are not included in SFTOS 2 4 1 Provisioning IEEE 802 1p Commands The commands described in this section are e classofservice dotl pmapping on page 285 e show classofservice dotl pmapping on page 286 e vlan port priority all on page 286 e vlan priority on page 286 classofservice dot1pmapping Syntax Mode Command History This command maps an 802 1p priority to an internal traffic class for a device when in Global Config mode The number of available traffic classes may vary with the platform Userpriority and trafficclass can both be in the range from 0 6 classofservice dotl pmapping userpriority trafficclass Global Config or Interface Config Interface Range Version 2 3
328. tic VLAN one that is permanently configured and defined The ID is a valid VLAN identification number VLAN range is 2 3965 Syntax makestatic 2 3965 124 System Configuration Commands mtu VLAN Mode Interface VLAN Command z History Version 2 3 Changed from vlan makestatic to makestatic and moved to Interface VLAN mode Related how vlan Displays information about VLANs either detailed information for ifi Commands sno a splays ormation adou S either aetalle ormation tor a Specitc VLAN or summary information for all configured VLANs show port Displays port information for a selected port or for all ports mtu VLAN This command sets the MTU Maximum Transmission Unit of the selected VLAN Syntax no mtu 576 1500 Default 1500 Mode Interface VLAN Command z History Version 2 3 Introduced Related how vl Displays information about VLANs either detailed information f ifi Commands snow vian Isplays intormation abou S either aetailea inrormation tor a Specitic VLAN or summary information for all configured VLANs show port Displays port information for a selected port or for all ports name VLAN This command changes the name of a VLAN Syntax no name newname The newname is an alphanumeric string of up to 32 characters The no version of this command sets the name of a VLAN to a blank string Default The name for VLAN ID 1 is always Default The name for other VLANs is defaulted
329. tionship of the command mode names to the prompts visible in the mode and the exit method from that mode The first three rows in the table are organized in the sequence in which you would access the child modes Beyond the Global Config mode the modes are either accessed from the Global Config mode or from the mode listed in the row above The hostname in the Prompt column is a placeholder for the prompt name that you create using the hostname command For example if you use Speedy the User Exec prompt is Speedy gt the Privileged Exec prompt is Speedy and the Global Config prompt is Speedy Config For details see Figure 5 on page 46 and Mode based Command Hierarchy on page 48 Table3 Command Modes enter the enable command Command Mode Mode Access Method Prompt Exit or Access Previous Mode User Exec This is the first level of hostname Enter logout or quit access Perform basic tasks and list system information Privileged Exec In the User Exec mode hostname tt To exit to the User Exec mode enter exit or press Ctrl Z To close the session enter logout or quit Global Config In the Privileged Exec mode enter the configure command hostname Config To exit to the Privileged Exec mode enter the exit command or press Ctrl Z to switch to the User Exec mode DHCP Pool Config In the Global Config mode enter the ip dhcp pool pool name command hostname Config dhcp pool To
330. tree vlan This command displays the association between a VLAN and a multiple spanning tree instance The vlanid corresponds to an existing VLAN ID Syntax show spanning tree vlan vianid Mode Privileged Exec and User Exec VLAN Identifier The VLANs associated with the selected MST instance Associated Instance ldentifier for the associated multiple spanning tree instance or CST if associated with the common and internal spanning tree spanning tree This command sets the spanning tree operational mode to enabled The no version of this command sets the spanning tree operational mode to disabled While disabled the spanning tree configuration is retained and can be changed but is not activated Syntax no spanning tree SFTOS Command Reference for the S2410 Version 2 4 1 0 265 spanning tree bpdumigrationcheck Default Mode disabled Global Config spanning tree bpdumigrationcheck Syntax Mode Command History This command enables BPDU migration check on a given interface by using unit slot port or all interfaces by using the all keyword The no version of this command disables BPDU migration check on all interfaces or the designated interface no spanning tree bpdumigrationcheck unit slot port all Global Config Version 2 3 Modified Moved from Privileged Exec mode to Global Config mode spanning tree configuration name Syntax Default Mode This command sets the Configurat
331. trol Mode The control mode under which this port is operating Possible values are authorized unauthorized Reauthentication Enabled lIndicates whether re authentication is enabled on this port Key Transmission Enabled Indicates if the key is transmitted to the supplicant for the specified port If the optional parameter detail unit slot port is used the detailed dot1x configuration for the specified port are displayed Port The interface whose configuration is displayed Protocol Version The protocol version associated with this port The only possible value is 1 corresponding to the first version of the dot1x specification PAE Capabilities The port access entity PAE functionality of this port Possible values are Authenticator or Supplicant Authenticator PAE State Current state of the authenticator PAE state machine Possible values are Initialize Disconnected Connecting Authenticating Authenticated Aborting Held ForceAuthorized and ForceUnauthorized Backend Authentication State Current state of the backend authentication state machine Possible values are Request Response Success Fail Timeout Idle and Initialize Quiet Period The timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant The value is expressed in seconds and will be in the range 0 and 65535 Transmit Period The timer used by the authenticator state
332. trust Syntax Mode This command displays the current trust mode setting for a specific interface The unit slot port parameter is optional and is only valid on platforms that support independent per port class of service mappings If specified the port trust mode of the interface is displayed If omitted the port trust mode of each interface in the system is shown If the platform does not support independent per port class of service mappings the output represents the system wide port trust mode used for all interfaces show classofservice trust unit slot port Privileged Exec SFTOS Command Reference for the S2410 Version 2 4 1 0 281 show interfaces cos queue Report Fields Non IP Traffic Class The traffic class used for non IP traffic This is only displayed when the COS trust mode is set to either trust ip dscp or trust ip precedence Untrusted Traffic Class The traffic class used for all untrusted traffic This is only displayed when the COS trust mode is set to untrusted show interfaces cos queue This command displays the class of service queue configuration for the specified interface Syntax show interfaces cos queue unit slot port The unit slot port parameter is optional and if specified the class of service queue configuration of the interface is displayed If omitted the most recent global configuration settings are displayed Mode Privileged Exec Report Fields Interface This di
333. ts IP address Syntax logging host ipaddress port severitylevel The severitylevel value is specified as either an integer from 0 to 7 or symbolically through one of the following keywords emergency 0 alert 1 critical 2 error 3 warning 4 notice 5 informational 6 debug 7 Note that the severity level set here does not change the severity level set for the System log messages saved in RAM Default Port 514 Level critical Mode Global Config Related logging buffered Enables logging of the System Log to RAM and any other Commands enabled destination including the console and any enabled syslog server show logging hosts SFTOS Command Reference for the S2410 Version 2 4 1 0 151 logging host reconfigure logging host reconfigure Syntax Mode Command History This command enables you to revise the IP address of a configured syslog host logging host reconfigure host id hostaddress Use show logging hosts to learn association of host id with hostaddress Global Config Version 2 3 Introduced logging host remove Syntax Mode This command removes the identified host logging host remove host id Use show logging hosts to learn association of host id with hostaddress Global Config logging persistent Command History logging port Command History 152 Version 2 3 Removed Version 2 3 Removed System Log logging syslog This command enabl
334. ts to reach network resources The following conditions pertain to ACLs in SFTOS Maximum of 1064 ACLs each with a maximum of 64 rules ACL configuration for IP packet fragments is not supported The maximum number of rules per ACL translates into the number of hardware classifier entries used when an ACL is attached to an interface Increasing these values in the SFTOS software increases the RAM and NVSTORE usage Wildcard masking for ACLs operates differently from a subnet mask A wildcard mask is in essence the inverse of a subnet mask With a subnet mask the mask has ones 1 s in the bit positions that are used for the network address and has zeros 0 s for the bit positions that are not used In contrast a wildcard mask has 0 s in a bit position that must be checked A 1 in a bit position of the ACL mask indicates the corresponding bit can be ignored For details on using ACL commands see the Access Control chapter in the SFTOS Configuration Guide ACLs factor into quality of service For more on quality of service QoS see Quality of Service QoS Commands on page 275 SFTOS Command Reference for the S2410 Version 2 4 1 0 287 deny permit Implementation Notes e Ifthe CPU MA table This MAC address table is separate from the software MAC address table is filled so that the ACL logic cannot create another MA table entry all frames from that source address will be dropped e Ifthe ACL rules are changed or A
335. ue gets the most bandwidth When you use a CoS command to assign a priority queue you set the priority from 0 to 6 highest priority Note Honoring 802 1p bits is enabled by default 802 1p honoring can be disabled with no classofservice trust in either Global Config and Interface Config modes Table 22 Default CoS Queue Prioritization Fraction of Total Queue Bandwidth 0 1 28 3 57 2 28 7 14 3 28 10 71 4 28 14 28 i 5 28 17 86 6 28 21 43 7 28 25 Oo c1 RI WI po classofservice dot1p mapping 276 Syntax Modes This command maps an 802 1p priority to an internal traffic class classofservice dotlp mapping userpriority trafficclass The userpriority range is 0 7 The trafficclass range is 0 3 The no form of this command is not supported Global Config Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Quality of Service QoS Commands Command History Related Commands classofservice trust Version 2 3 Interface Range mode added classofservice Maps an 802 1p priority to an internal traffic class dotipmapping interface range Defines an interface range and accesses the Interface Range mode show classofservice Displays the current Dot1p 802 1p priority mapping to internal traffic dotip mapping classes for a specific interface clas
336. ult This command sets the IGMP Group Membership Interval time on a particular interface The group membership interval time is the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface before deleting the interface from the entry igmp groupmembership interval 2 3600 The variable must be greater than the IGMPv3 maximum response time value The range is 2 to 3600 seconds The no igmp groupmembership interval command sets the IGMP v3 group membership interval time on the interface to the default value 260 seconds SFTOS Command Reference for the S2410 Version 2 4 1 0 237 igmp interfacemode enable all Mode Command History Related Commands Interface Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Interface VLAN Modified Revised from set igmp groupmembership interval Added Interface Range mode Version 2 3 Enables IGMP Snooping on a selected interface Sets the IGMP Group Membership Interval time globally igmp enable interface set igmp groupmembership interval global interface range Defines an interface range and accesses the Interface Range mode interface Identifies an interface and enters the Interface Config mode igmp maxresponse Sets the IGMP Maximum Response time on a selected interface show igmpsnooping Displays IGMP Snooping status inf
337. unauthorized access use the command enable passwd to configure a password for the command S50 enable Password S50 4 Figure 20 enable Command Example SFTOS Command Reference for the S2410 Version 2 4 1 0 107 interface Related Commands interface Syntax Default Mode Related Commands enable passwd Configure a password for the enable command configure Use this command to access the Global Config mode from the Exec Privilege mode This command accesses the Interface Config mode for a designated logical or physical interface The Interface Config mode provides access to configuration commands for the specified interface interface unit slot port The unit slot portis a valid physical or logical port number Physical ports are numbered 0 1 through 0 50 In contrast logical port numbers contain a number in the slot position and are defined by the system The number in the slot position is a 1 when you create a LAG port channel The no version of this command deletes the selected logical port None Global Config interface range Groups a set of individual interfaces a range of interfaces or more than one range of interfaces to which subsequent configuration commands can be applied bulk configuration interface vlan Creates a new VLAN and accesses the Interface VLAN mode for it or selects an existing VLAN and accesses the Interface VLAN mode for it interface range
338. unning config command Note This sample of the output is just a small part of the many thousands of lines generated when the all option is used Starting with Release 2 3 show running config startup config provides the user the opportunity to capture the running config data to the startup config file as a text file If a startup config file is already present the system will prompt the user to overwrite it script apply Applies the commands in the designated script to the switch script delete Deletes a specified script script list Lists all scripts present on the switch as well as the total number of files present script show Displays the contents of a designated script file script validate Validates a designated configuration script file show serviceport Syntax Mode Command History 82 This command displays information about the management address of the Ethernet Management port show serviceport Privileged Exec Version 2 4 1 Introduced System Management Commands show sysinfo Example Forcel0 S2410 show serviceport IP AGGres Sa 44450555460449443086444504 5000400455 10 11 197 177 Subnet Mask sss cess o o o o o rp rab e i i o o ww ws 255 255 0 0 Default Gateway errei ireo ter RR ERE RAE ER RE IO II L97 190 ServPort Configured Protocol Current None Burned In MAC AddresS o Rr rhv 00 01 E8 99 99 9A Li
339. up If adding an interface to a group causes any conflicts with protocols currently associated with the group this command will fail and the interface s will not be added to the group The referenced VLAN should be created prior to the creation of the protocol based VLAN except when GVRP is expected to create the VLAN The no version of this command removes the interface from this protocol based VLAN group that is identified by this groupid no protocol vlan group groupid None Global Config Interface Range which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 SFTOS Command Reference for the S2410 Version 2 4 1 0 127 protocol vlan group all Command 2 History Version 2 3 Added Interface Range mode Related interface range Defines an interface range and accesses the Interface Range mode Commands protocol vlan group all This command adds all physical interfaces to the protocol based VLAN identified by groupid group may have more than one interface associated with it Each interface and protocol combination can only be associated with one group If adding an interface to a group causes any conflicts with protocols currently associated with the group this command will fail and the interface s will not be added to the group The referenced VLAN should be created prior to the creation of the protocol based VLAN except when GVRP is expected to create the VLAN The no ve
340. ure 44 show radius accounting statistics IP address Command Example SFTOS Command Reference for the S2410 Version 2 4 1 0 185 show radius statistics authentication Table 20 show radius accounting Command Example Fields Field Description RADIUS Accounting Server IP Address IP Address of the configured RADIUS accounting server Round Trip Time The time interval in hundredths of a second between the most recent Accounting Response and the Accounting Request that matched it from the RADIUS accounting server Requests The number of RADIUS Accounting Request packets sent to this accounting server This number does not include retransmissions Retransmissions The number of RADIUS Accounting Request packets retransmitted to this RADIUS accounting server Responses The number of RADIUS packets received on the accounting port from this server Malformed Responses The number of malformed RADIUS Accounting Response packets received from this server Malformed packets include packets with an invalid length Bad authenticators and unknown types are not included as malformed accounting responses Bad Authenticators The number of RADIUS Accounting Response packets containing invalid authenticators received from this accounting server Pending Requests The number of RADIUS Accounting Request packets sent to this server that have not yet timed out or received a response Timeouts
341. ver community 97 snmp server community ipaddr 98 snmp server community ipmask 98 snmp server community mode 98 snmp server community ro 99 snmp server community rw 99 snmp server enable trap violation 101 snmp server enable traps bcaststorm 99 snmp server enable traps linkmode 100 snmp server enable traps multiusers 100 snmp server enable traps stpmode 101 snmp server traps enable 101 snmptrap 102 snmptrap ipaddr 102 snmptrap mode 102 snmptrap snmpversion 103 sntp broadcast client poll interval 215 sntp client mode 216 sntp client port 216 SNTP Commands 215 sntp server 218 sntp unicast client poll interval 217 sntp unicast client poll retry 217 sntp unicast client poll timeout 217 source port 112 117 spanning tree 265 spanning tree bpdumigrationcheck 266 spanning tree configuration name 266 spanning tree configuration revision 266 spanning tree edgeport 267 spanning tree forceversion 267 spanning tree forward time 268 spanning tree hello time 268 spanning tree max age 269 spanning tree max hops 269 spanning tree mst 269 spanning tree mst instance 271 spanning tree mst priority 271 spanning tree mst vlan 272 spanning tree port mode enable 272 spanning tree port mode enable all 273 special characters 43 speed commands 3 speedkeys 43 SSH enable disable 193 sshcon maxsessions See ip ssh maxsessions sshcon timeout See ip ssh timeout statistics switch related 201 commands 66 68 70 75 77 status HTML pages 52 storm cont
342. w logging hosts on page 155 e show logging traplogs on page 156 The commands are of two types e Configuration commands configure features and options of the device For every configuration command there is a show command that displays the configuration setting Show commands display settings statistics and other information logging buffered This command enables logging of the System Log to RAM and any other enabled destination including the console and any enabled syslog server Syntax logging buffered severitylevel The severitylevel value is specified through one of the following keywords or the keyword s representative integer as shown here emergency 0 alert 1 critical 2 error 3 warning 4 notice 5 informational 6 debug 7 SFTOS Command Reference for the S2410 Version 2 4 1 0 149 logging buffered wrap Default Mode Related Commands Use no logging buffered to disable logging to the in memory log disabled critical Global Config logging buffered wrap Enables wrapping of in memory logging when full capacity is reached logging cli command Enables logging to the System Log of all Command Line Interface CLI commands issued on the system logging console Enables logging of System log messages to the console logging host Configures mirroring of System log messages to a syslog server show logging buffered Displays buffered logging the System log logging
343. was not internally accessible This should never happen and indicates that there is a case in the software that is not handled correctly The value of designates that the value is unknown Annotations The CLI allows the user to type single line annotations at the command prompt for use when writing test or configuration scripts and for better readability The exclamation point character flags the beginning of a comment The comment flag character can begin a word anywhere on the command line and all input following this character is ignored Any command line that begins with the character is recognized as a comment line and ignored by the parser Using the Command Line Interface Keyboard Shortcuts The following key combinations speedkeys special characters speed up use of the CLI Backspace delete previous character Ctrl A go to beginning of line Ctrl B go backward one character Ctr1 D delete current character Ctrl E go to end of line Ctrl F go forward one character Ctrl H display command history or retrieve a command Ctrl I complete a keyword Ctrl K delete to end of line Ctrl N go to next line in history buffer Ctrl P go to previous line in history buffer Ctrl T transpose previous character Ctrl U X delete to beginning of line Ctrl W delete previous word Ctrl Z return to root command prompt Delete key delete next character Tab key or space bar command line compl
344. whether outbound telnet sessions will be allowed This command establishes a new outbound Telnet connection to a remote host The host value must be a valid IP address Valid values for port should be a valid decimal integer in the range of 0 to 65535 where the default value is 23 If debug is used the current telnet options enabled is displayed The optional line parameter sets the outbound telnet operational mode as linemode where by default the operational mode is character mode The noecho option disables local echo telnet host port debug line noecho Privileged Exec and User Exec telnetcon timeout Command 90 History Version 2 3 Modified Changed to ip telnet timeout System Management Commands telnetcon maxsessions telnetcon maxsessions Command History Version 2 3 Modified Changed to ip telnet maxsessions Serial Commands This section describes the following SFTOS system management commands pertaining to console port connections serial connections EIA 232 e lineconfig on page 91 serial baudrate on page 91 serial timeout on page 92 e show serial on page 92 lineconfig This command accesses the Line Config mode from the Global Config mode Syntax lineconfig Mode Global Config Usage Users executing this command enter the Line Config mode Information For details on modes see Chapter 3 Using the Command Line Interface on page 39 Example S50
345. which is indicated by the conf if range interface prompt such as conf if range vlan 10 20 Version 2 3 Added Interface Range mode interface Identifies an interface and enters the Interface Config mode interface range Defines an interface range and accesses the Interface Range mode Spanning tree forceversion This command sets the Force Protocol Version parameter to a new value The Force Protocol Version can be one of the following e 802 1d STP BPDUs are transmitted rather than MST BPDUs IEEE 802 1D functionality supported e 802 1w RST BPDUs are transmitted rather than MST BPDUS IEEE 802 1 w functionality supported e 802 1s MST BPDUs are transmitted IEEE 802 1s functionality supported The no version of this command sets the Force Protocol Version parameter to the default value in other words 802 1s SFTOS Command Reference for the S2410 Version 2 4 1 0 267 spanning tree forward time Syntax Default Mode no spanning tree forceversion 802 1d 802 1 w 802 1s 802 1s Global Config spanning tree forward time Syntax Default Mode This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree The forward time value is in seconds within a range of 4 to 30 with the value being greater than or equal to Bridge Max Age 2 1 The no version of this command sets the Bridge Forward Delay parameter for the common and internal spa
346. wn Default disabled Mode Interface Config Interface Range Port Channel Range which is indicated by the conf if range interface prompt such as conf if range po 1 1 1 2 Related Commands interface Defines an interface range and accesses the Interface Range mode interface range Identifies an interface and enters the Interface Config mode port channel enable all global Enables disables all LAGs shutdown Interface Enables disables the selected port 258 LAG Port Channel Commands Spanning Tree STP Commands This chapter provides a detailed explanation of the Spanning Tree commands The commands are divided into two functional groups Show commands display switch settings statistics and other information e Configuration commands configure features and options of the switch For every configuration command there is a show command that displays the configuration setting IEEE 802 1D mode is available To change to the legacy IEEE 802 1D mode set the STP operational mode to disabled then enable the IEEE 802 1D mode With the IEEE 802 1D mode operationally enabled the rapid configuration and multiple instances features are not available If the rapid configuration and multiple instances capabilities are required use the IEEE 802 1s mode which is compatible with the legacy IEEE 802 1D standard Note The SFTOS software platform STP default mode is IEEE 802 1s but the legacy gt
347. work mac address network mac address This command is replaced by the mac address command in Version 2 3 Mode Privileged Exec Command History Version 2 3 Introduced Replaced by the mac address command network mac type This command is replaced by the mac type command in Version 2 3 Mode Privileged Exec Command Version 2 3 Introduced Replaced by the mac type command History network parms Command History Version 2 3 Deprecated Replaced in part by management route default for the gateway part of the management address Replaced in part by interface managementethernet and ip address management network protocol This command is replaced by the protocol command in Version 2 3 Mode Privileged Exec Command History Version 2 3 Introduced Replaces the protocol command 62 System Management Commands protocol Syntax Default Mode Command History Related Commands protocol This command specifies the network configuration protocol to be used for the management VLAN protocol none bootp dhcp If you modify this value the change is effective immediately The bootp keyword indicates that the switch periodically sends requests to a Bootstrap Protocol BootP server or a DHCP server until a response is received The none keyword indicates that the switch should be manually configured with IP information none Interface ManagementEthernet V
348. y in the Multicast Forwarding Database Possible values are IGMP Snooping GMRP and Static Filtering SFTOS Command Reference for the S2410 Version 2 4 1 0 115 show mac address table stats Related Commands Description The text description of this multicast table entry Interfaces The list of interfaces that are designated for forwarding Fwd and filtering Flt Forwarding Interfaces The resultant forwarding list is derived from combining all the component s forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces show mac address table Displays Multicast Forwarding Database MFDB statistics show mac address table stats Displays Multicast Forwarding Database MFDB statistics show mac address table stats Syntax Mode Example Related Commands This command displays Multicast Forwarding Database MFDB statistics show mac address table stats Privileged Exec Report Fields Max MFDB Table Entries Displays the total number of entries that can possibly be in the Multicast Forwarding Database table Most MFDB Entries Ever Since Last Reset Displays the largest number of entries that have been present in the Multicast Forwarding Database table This value is also known as the MFDB high water mark Current Entries Displays the current number of entries in the MFDB Forcel0 show mac address table stats Max MFDB Table Entries
349. yword switchport is added Table 7 on page 68 contains an explanation of the report fields Figure 11 shows an example of the show interface ethernet report when the argument is unit slot port Table 8 contains an explanation of the report fields SFTOS Command Reference for the S2410 Version 2 4 1 0 67 show interface ethernet Example 1 Forcel0 Total Packets Received Octets Unicast Packets Received Multicast Packets Received Broadcast Packets Received Receive Packets Discarded Octets Transmitted s ees Unicast Packets Transmitted Multicast Packets Transmitted Broadcast Packets Transmitted Transmit Packets Discarded Most Address Entries Ever Used Address Entries Currently in Use Maximum VLAN Entries Most VLAN Entries Ever Used Static VLAN Entries Dynamic VLAN Entries VLAN Deletes Time Since Counters Last Cleared show interface ethernet switchport Packets Transmitted Without Errors 40648140 324 307772 pacc test TTI y Figure 10 Example of show interface ethernet switchport Output The display fields of show interface ethernet when the keyword switchport is added are as follows Table 7 Fields in Output of show interface ethernet switchport Command Field Description Total Packets Received Octets The total number of octets of data received by the processor excluding framing bits but including FCS octets Unicast Packets Received The number of subnetwork u
Download Pdf Manuals
Related Search